diff --git a/2016/1xxx/CVE-2016-1683.json b/2016/1xxx/CVE-2016-1683.json index 67ad50b51e9..08026eb1404 100644 --- a/2016/1xxx/CVE-2016-1683.json +++ b/2016/1xxx/CVE-2016-1683.json @@ -181,6 +181,11 @@ "name": "https://support.apple.com/HT206899", "refsource": "CONFIRM", "url": "https://support.apple.com/HT206899" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-320d5295fc", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/" } ] } diff --git a/2016/1xxx/CVE-2016-1684.json b/2016/1xxx/CVE-2016-1684.json index 364a6aa01fb..0c8a2492e10 100644 --- a/2016/1xxx/CVE-2016-1684.json +++ b/2016/1xxx/CVE-2016-1684.json @@ -176,6 +176,11 @@ "name": "https://support.apple.com/HT206899", "refsource": "CONFIRM", "url": "https://support.apple.com/HT206899" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-320d5295fc", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/" } ] } diff --git a/2016/1xxx/CVE-2016-1841.json b/2016/1xxx/CVE-2016-1841.json index 1b5bac2d4af..b8a9eb7768e 100644 --- a/2016/1xxx/CVE-2016-1841.json +++ b/2016/1xxx/CVE-2016-1841.json @@ -101,6 +101,11 @@ "name": "APPLE-SA-2016-05-16-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2016/May/msg00001.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-320d5295fc", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/" } ] } diff --git a/2016/4xxx/CVE-2016-4607.json b/2016/4xxx/CVE-2016-4607.json index 028b94ca9fd..5c527f740f1 100644 --- a/2016/4xxx/CVE-2016-4607.json +++ b/2016/4xxx/CVE-2016-4607.json @@ -116,6 +116,11 @@ "name": "https://support.apple.com/HT206899", "refsource": "CONFIRM", "url": "https://support.apple.com/HT206899" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-320d5295fc", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/" } ] } diff --git a/2016/4xxx/CVE-2016-4608.json b/2016/4xxx/CVE-2016-4608.json index 7f7dbebc95c..bf20e5f4ef7 100644 --- a/2016/4xxx/CVE-2016-4608.json +++ b/2016/4xxx/CVE-2016-4608.json @@ -116,6 +116,11 @@ "name": "https://support.apple.com/HT206899", "refsource": "CONFIRM", "url": "https://support.apple.com/HT206899" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-320d5295fc", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/" } ] } diff --git a/2016/4xxx/CVE-2016-4609.json b/2016/4xxx/CVE-2016-4609.json index 633af7e2bf8..b71872a7f38 100644 --- a/2016/4xxx/CVE-2016-4609.json +++ b/2016/4xxx/CVE-2016-4609.json @@ -116,6 +116,11 @@ "name": "https://support.apple.com/HT206899", "refsource": "CONFIRM", "url": "https://support.apple.com/HT206899" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-320d5295fc", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/" } ] } diff --git a/2016/4xxx/CVE-2016-4610.json b/2016/4xxx/CVE-2016-4610.json index 241e63e3561..f4230cb6d6d 100644 --- a/2016/4xxx/CVE-2016-4610.json +++ b/2016/4xxx/CVE-2016-4610.json @@ -116,6 +116,11 @@ "name": "https://support.apple.com/HT206899", "refsource": "CONFIRM", "url": "https://support.apple.com/HT206899" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-320d5295fc", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/" } ] } diff --git a/2016/4xxx/CVE-2016-4738.json b/2016/4xxx/CVE-2016-4738.json index 802196f9ec7..6429f06d2b1 100644 --- a/2016/4xxx/CVE-2016-4738.json +++ b/2016/4xxx/CVE-2016-4738.json @@ -106,6 +106,11 @@ "name": "https://support.apple.com/HT207143", "refsource": "CONFIRM", "url": "https://support.apple.com/HT207143" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-320d5295fc", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/" } ] } diff --git a/2017/8xxx/CVE-2017-8329.json b/2017/8xxx/CVE-2017-8329.json index c167f1bdc48..f53b9807824 100644 --- a/2017/8xxx/CVE-2017-8329.json +++ b/2017/8xxx/CVE-2017-8329.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-8329", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of setting a name for the wireless network. These values are stored by the device in NVRAM (Non-volatile RAM). It seems that the POST parameters passed in this request to set up names on the device do not have a string length check on them. This allows an attacker to send a large payload in the \"mssid_1\" POST parameter. The device also allows a user to view the name of the Wifi Network set by the user. While processing this request, the device calls a function at address 0x00412CE4 (routerSummary) in the binary \"webServer\" located in Almond folder, which retrieves the value set earlier by \"mssid_1\" parameter as SSID2 and this value then results in overflowing the stack set up for this function and allows an attacker to control $ra register value on the stack which allows an attacker to control the device by executing a payload of an attacker's choice. If the firmware version AL-R096 is dissected using binwalk tool, we obtain a cpio-root archive which contains the filesystem set up on the device that contains all the binaries. The binary \"goahead\" is the one that has the vulnerable function that receives the values sent by the POST request. If we open this binary in IDA-pro we will notice that this follows a MIPS little endian format. The function sub_00420F38 in IDA pro is identified to be receiving the values sent in the POST parameter \"mssid_1\" at address 0x0042BA00 and then sets in the NVRAM at address 0x0042C314. The value is later retrieved in the function at address 0x00412EAC and this results in overflowing the buffer as the function copies the value directly on the stack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "BUGTRAQ", + "name": "20190609 Newly releases IoT security issues", + "url": "https://seclists.org/bugtraq/2019/Jun/8" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/153227/Securifi-Almond-2015-Buffer-Overflow-Command-Injection-XSS-CSRF.html", + "url": "http://packetstormsecurity.com/files/153227/Securifi-Almond-2015-Buffer-Overflow-Command-Injection-XSS-CSRF.html" + }, + { + "refsource": "MISC", + "name": "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Securifi_Almond_plus_sec_issues.pdf", + "url": "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Securifi_Almond_plus_sec_issues.pdf" } ] } diff --git a/2017/8xxx/CVE-2017-8331.json b/2017/8xxx/CVE-2017-8331.json index 818371c67bd..f7b76859445 100644 --- a/2017/8xxx/CVE-2017-8331.json +++ b/2017/8xxx/CVE-2017-8331.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-8331", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of adding new port forwarding rules to the device. It seems that the POST parameters passed in this request to set up routes on the device can be set in such a way that would result in passing commands to a \"system\" API in the function and thus result in command injection on the device. If the firmware version AL-R096 is dissected using binwalk tool, we obtain a cpio-root archive which contains the filesystem set up on the device that contains all the binaries. The binary \"goahead\" is the one that has the vulnerable function that recieves the values sent by the POST request. If we open this binary in IDA-pro we will notice that this follows a MIPS little endian format. The function sub_43C280in IDA pro is identified to be receiving the values sent in the POST request and the value set in POST parameter \"ip_address\" is extracted at address 0x0043C2F0. The POST parameter \"ipaddress\" is concatenated at address 0x0043C958 and this is passed to a \"system\" function at address 0x00437284. This allows an attacker to provide the payload of his/her choice and finally take control of the device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "BUGTRAQ", + "name": "20190609 Newly releases IoT security issues", + "url": "https://seclists.org/bugtraq/2019/Jun/8" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/153227/Securifi-Almond-2015-Buffer-Overflow-Command-Injection-XSS-CSRF.html", + "url": "http://packetstormsecurity.com/files/153227/Securifi-Almond-2015-Buffer-Overflow-Command-Injection-XSS-CSRF.html" + }, + { + "refsource": "MISC", + "name": "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Securifi_Almond_plus_sec_issues.pdf", + "url": "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Securifi_Almond_plus_sec_issues.pdf" } ] } diff --git a/2017/8xxx/CVE-2017-8333.json b/2017/8xxx/CVE-2017-8333.json index 70804fc7314..2fc95d70f40 100644 --- a/2017/8xxx/CVE-2017-8333.json +++ b/2017/8xxx/CVE-2017-8333.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-8333", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of adding new routes to the device. It seems that the POST parameters passed in this request to set up routes on the device can be set in such a way that would result in passing commands to a \"popen\" API in the function and thus result in command injection on the device. If the firmware version AL-R096 is dissected using binwalk tool, we obtain a cpio-root archive which contains the filesystem set up on the device that contains all the binaries. The binary \"goahead\" is the one that has the vulnerable function that receives the values sent by the POST request. If we open this binary in IDA-pro we will notice that this follows a MIPS little endian format. The function sub_00420F38 in IDA pro is identified to be receiving the values sent in the POST request and the value set in POST parameter \"dest\" is extracted at address 0x00420FC4. The POST parameter \"dest is concatenated in a route add command and this is passed to a \"popen\" function at address 0x00421220. This allows an attacker to provide the payload of his/her choice and finally take control of the device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "BUGTRAQ", + "name": "20190609 Newly releases IoT security issues", + "url": "https://seclists.org/bugtraq/2019/Jun/8" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/153227/Securifi-Almond-2015-Buffer-Overflow-Command-Injection-XSS-CSRF.html", + "url": "http://packetstormsecurity.com/files/153227/Securifi-Almond-2015-Buffer-Overflow-Command-Injection-XSS-CSRF.html" + }, + { + "refsource": "MISC", + "name": "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Securifi_Almond_plus_sec_issues.pdf", + "url": "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Securifi_Almond_plus_sec_issues.pdf" } ] } diff --git a/2019/10xxx/CVE-2019-10871.json b/2019/10xxx/CVE-2019-10871.json index 78108f4e833..d2d7c645fca 100644 --- a/2019/10xxx/CVE-2019-10871.json +++ b/2019/10xxx/CVE-2019-10871.json @@ -61,6 +61,11 @@ "refsource": "BID", "name": "107862", "url": "http://www.securityfocus.com/bid/107862" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-cb2bff6d48", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7MAWV24KRXTFODLVT46RXI27XIQFX2QR/" } ] } diff --git a/2019/10xxx/CVE-2019-10872.json b/2019/10xxx/CVE-2019-10872.json index 33657270710..1a41e665ea8 100644 --- a/2019/10xxx/CVE-2019-10872.json +++ b/2019/10xxx/CVE-2019-10872.json @@ -66,6 +66,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190606 [SECURITY] [DLA 1815-1] poppler security update", "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00002.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-cb2bff6d48", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7MAWV24KRXTFODLVT46RXI27XIQFX2QR/" } ] } diff --git a/2019/10xxx/CVE-2019-10873.json b/2019/10xxx/CVE-2019-10873.json index 682de84e7a1..01d7b8de471 100644 --- a/2019/10xxx/CVE-2019-10873.json +++ b/2019/10xxx/CVE-2019-10873.json @@ -61,6 +61,11 @@ "refsource": "BID", "name": "107862", "url": "http://www.securityfocus.com/bid/107862" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-cb2bff6d48", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7MAWV24KRXTFODLVT46RXI27XIQFX2QR/" } ] } diff --git a/2019/11xxx/CVE-2019-11068.json b/2019/11xxx/CVE-2019-11068.json index 25e58771e74..6b6ece1031b 100644 --- a/2019/11xxx/CVE-2019-11068.json +++ b/2019/11xxx/CVE-2019-11068.json @@ -106,6 +106,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-e21c77ffae", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36TEYN37XCCKN2XUMRTBBW67BPNMSW4K/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-320d5295fc", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SK4YNISS22MJY22YX5I6V2U63QZAUEHA/" } ] } diff --git a/2019/11xxx/CVE-2019-11407.json b/2019/11xxx/CVE-2019-11407.json index d120ff09511..ee277e7949e 100644 --- a/2019/11xxx/CVE-2019-11407.json +++ b/2019/11xxx/CVE-2019-11407.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "app/operator_panel/index_inc.php in the Operator Panel module in FreePBX 4.4.3 suffers from an information disclosure vulnerability due to excessive debug information, which allows authenticated administrative attackers to obtain credentials and other sensitive information." + "value": "app/operator_panel/index_inc.php in the Operator Panel module in FusionPBX 4.4.3 suffers from an information disclosure vulnerability due to excessive debug information, which allows authenticated administrative attackers to obtain credentials and other sensitive information." } ] }, diff --git a/2019/11xxx/CVE-2019-11409.json b/2019/11xxx/CVE-2019-11409.json index 3f670182ee2..eeb84a64e90 100644 --- a/2019/11xxx/CVE-2019-11409.json +++ b/2019/11xxx/CVE-2019-11409.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "app/operator_panel/exec.php in the Operator Panel module in FreePBX 4.4.3 suffers from a command injection vulnerability due to a lack of input validation that allows authenticated non-administrative attackers to execute commands on the host. This can further lead to remote code execution when combined with an XSS vulnerability also present in the FusionPBX Operator Panel module." + "value": "app/operator_panel/exec.php in the Operator Panel module in FusionPBX 4.4.3 suffers from a command injection vulnerability due to a lack of input validation that allows authenticated non-administrative attackers to execute commands on the host. This can further lead to remote code execution when combined with an XSS vulnerability also present in the FusionPBX Operator Panel module." } ] }, diff --git a/2019/11xxx/CVE-2019-11410.json b/2019/11xxx/CVE-2019-11410.json index 665b37d6c4c..7cf8bddd426 100644 --- a/2019/11xxx/CVE-2019-11410.json +++ b/2019/11xxx/CVE-2019-11410.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "app/backup/index.php in the Backup Module in FreePBX 4.4.3 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated administrative attackers to execute commands on the host." + "value": "app/backup/index.php in the Backup Module in FusionPBX 4.4.3 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated administrative attackers to execute commands on the host." } ] }, diff --git a/2019/12xxx/CVE-2019-12250.json b/2019/12xxx/CVE-2019-12250.json index 839f98759f5..4331327291b 100644 --- a/2019/12xxx/CVE-2019-12250.json +++ b/2019/12xxx/CVE-2019-12250.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "IdentityServer IdentityServer4 through 2.4 has stored XSS via the httpContext to the host/Extensions/RequestLoggerMiddleware.cs LogForErrorContext method, which can be triggered by viewing a log." + "value": "** DISPUTED ** IdentityServer IdentityServer4 through 2.4 has stored XSS via the httpContext to the host/Extensions/RequestLoggerMiddleware.cs LogForErrorContext method, which can be triggered by viewing a log. NOTE: the software maintainer disputes that this is a vulnerability because the request logger is not part of IdentityServer but only our development test host." } ] }, diff --git a/2019/12xxx/CVE-2019-12293.json b/2019/12xxx/CVE-2019-12293.json index a306a9aae29..7a249399f25 100644 --- a/2019/12xxx/CVE-2019-12293.json +++ b/2019/12xxx/CVE-2019-12293.json @@ -66,6 +66,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190606 [SECURITY] [DLA 1815-1] poppler security update", "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00002.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-cb2bff6d48", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7MAWV24KRXTFODLVT46RXI27XIQFX2QR/" } ] } diff --git a/2019/12xxx/CVE-2019-12749.json b/2019/12xxx/CVE-2019-12749.json index 109cf30b856..b69e71aa288 100644 --- a/2019/12xxx/CVE-2019-12749.json +++ b/2019/12xxx/CVE-2019-12749.json @@ -91,6 +91,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190614 [SECURITY] [DLA 1818-1] dbus security update", "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00005.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-d5ded5326b", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V2CQF37O73VH2JDVX2ILX2KD2KLXLQOU/" } ] } diff --git a/2019/12xxx/CVE-2019-12876.json b/2019/12xxx/CVE-2019-12876.json new file mode 100644 index 00000000000..201fd6d8a8e --- /dev/null +++ b/2019/12xxx/CVE-2019-12876.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-12876", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6690.json b/2019/6xxx/CVE-2019-6690.json index 479036b0e74..d2eb1a79ec0 100644 --- a/2019/6xxx/CVE-2019-6690.json +++ b/2019/6xxx/CVE-2019-6690.json @@ -96,6 +96,11 @@ "refsource": "UBUNTU", "name": "USN-3964-1", "url": "https://usn.ubuntu.com/3964-1/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-06f5bbdaf5", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W6KYZMN2PWXY4ENZVJUVTGFBVYEVY7II/" } ] }