Accepted aria2 0.14.0-1+lenny2 (source amd64)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 16 May 2010 09:53:44 +0200
Source: aria2
Binary: aria2
Architecture: source amd64
Version: 0.14.0-1+lenny2
Distribution: stable-security
Urgency: high
Maintainer: Patrick Ruckstuhl <patrick@tario.org>
Changed-By: Patrick Ruckstuhl <patrick@tario.org>
Description:
aria2 - High speed download utility
Changes:
aria2 (0.14.0-1+lenny2) stable-security; urgency=high
.
* Security upload.
* src/FilesMetalinkParserState.cc, src/MetalinkParserController.cc
src/Util.cc, src/Util.h
+ Fixed directory traversal during the download of a metalink file.
Many thanks to Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com> for patch.
CVE-2010-1512
Checksums-Sha1:
1724ab8bc29980108bd030489de3d3f8d5c63398 1102 aria2_0.14.0-1+lenny2.dsc
a55fea8cfab9497bbd0ba589239a5ec08cd596ef 21863 aria2_0.14.0-1+lenny2.diff.gz
4fc9cd8aa9085b693d94520d64c8f54b8c30b872 1092380 aria2_0.14.0-1+lenny2_amd64.deb
Checksums-Sha256:
2319753adb38d8a4c950e526c6d9ecc82b935d138ff6f7a907ec1fda75f407bf 1102 aria2_0.14.0-1+lenny2.dsc
5d9dafa9c4aa4238d39b27dd9ee77a4d8a07331b268f507acbeb640bee193fea 21863 aria2_0.14.0-1+lenny2.diff.gz
e022f9f56fa5cc36f89f560e157f2afb562e23ea6ff6545b215cc660d5c94c99 1092380 aria2_0.14.0-1+lenny2_amd64.deb
Files:
66f40f6d5908ed4caef208b258eb7617 1102 net optional aria2_0.14.0-1+lenny2.dsc
b2b9fec5b9a7eccd68f12ad29804cb9c 21863 net optional aria2_0.14.0-1+lenny2.diff.gz
97206956e1358720fced7b3487727730 1092380 net optional aria2_0.14.0-1+lenny2_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkvwK58ACgkQoRg/jtECjI0LNQCeKF0lqIIX/KC1Dq2jBZSvM1tj
06IAn3MSjPJQF/hm8AQPcMTVKBUya8cC
=Hi7G
-----END PGP SIGNATURE-----
Accepted:
aria2_0.14.0-1+lenny2.diff.gz
to main/a/aria2/aria2_0.14.0-1+lenny2.diff.gz
aria2_0.14.0-1+lenny2.dsc
to main/a/aria2/aria2_0.14.0-1+lenny2.dsc
aria2_0.14.0-1+lenny2_amd64.deb
to main/a/aria2/aria2_0.14.0-1+lenny2_amd64.deb
Reply to: