Accepted aria2 0.14.0-1+lenny1 (source i386)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 24 Dec 2009 23:45:29 +0530
Source: aria2
Binary: aria2
Architecture: source i386
Version: 0.14.0-1+lenny1
Distribution: stable-security
Urgency: high
Maintainer: Patrick Ruckstuhl <patrick@tario.org>
Changed-By: Kartik Mistry <kartik@debian.org>
Description:
aria2 - High speed download utility
Closes: 551070
Changes:
aria2 (0.14.0-1+lenny1) stable-security; urgency=high
.
* Security upload.
* src/DHTRoutingTableDeserializer.cc, src/array_fun.h:
+ Fixed buffer overflow which allows remote attackers to cause a denial of
service (crash) and possibly execute arbitrary code via unknown vectors.
Many thanks to Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com> for patch and
Steffen Joeris <steffen.joeris@skolelinux.de> for help.
CVE-2009-3575 (Closes: #551070)
Checksums-Sha1:
4ff6071484ac87c9277759a63885dd7c2a3fb6a7 1102 aria2_0.14.0-1+lenny1.dsc
f035f89f1611526a63b8ed7039b294100e7518ad 1343630 aria2_0.14.0.orig.tar.gz
4c4d913827f42a3d5136d1d0a99645a17458fed0 20698 aria2_0.14.0-1+lenny1.diff.gz
5caf46e1c473fcf259952ee744c5f3239c92bfe7 1059854 aria2_0.14.0-1+lenny1_i386.deb
Checksums-Sha256:
a6806218afb1643d9117da40ce69984a2978b1f255c6ad7f2e34b56109203f9f 1102 aria2_0.14.0-1+lenny1.dsc
876cd357c0e475600d27d190048c49652bdd4d3372644bc719b54b069acc9928 1343630 aria2_0.14.0.orig.tar.gz
eaac27d9ed9dc5cfd0c15241355593693339f3bb3fddd8e7e80c449584c6319d 20698 aria2_0.14.0-1+lenny1.diff.gz
4430e9958166cdccccc312e3d9bec5d4bc2b753c9d5a9f5e9d410cc4f7c2a5a3 1059854 aria2_0.14.0-1+lenny1_i386.deb
Files:
eec49435dff989725e33c563b196460a 1102 net optional aria2_0.14.0-1+lenny1.dsc
ae853240ee88e373a138021613e28cb1 1343630 net optional aria2_0.14.0.orig.tar.gz
849ab814910b27bcceb43f70289deecf 20698 net optional aria2_0.14.0-1+lenny1.diff.gz
231c131054416daf24647fbe0f3253d3 1059854 net optional aria2_0.14.0-1+lenny1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAks3Tm4ACgkQ62zWxYk/rQd2wgCglN5fZgUn1cT64tUXn6Bjw6CU
854AoMb4LdlHH3zRLRi809Y+2yotVqFl
=VPnH
-----END PGP SIGNATURE-----
Accepted:
aria2_0.14.0-1+lenny1.diff.gz
to main/a/aria2/aria2_0.14.0-1+lenny1.diff.gz
aria2_0.14.0-1+lenny1.dsc
to main/a/aria2/aria2_0.14.0-1+lenny1.dsc
aria2_0.14.0-1+lenny1_i386.deb
to main/a/aria2/aria2_0.14.0-1+lenny1_i386.deb
Reply to: