[SECURITY] [DLA 2873-1] aria2 security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2873-1] aria2 security update
From: Adrian Bunk <bunk@debian.org>
Date: Fri, 31 Dec 2021 00:50:03 +0200
Message-id: <[🔎] 20211230225003.GA15782@localhost>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2873-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Adrian Bunk
December 31, 2021                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : aria2
Version        : 1.30.0-2+deb9u1
CVE ID         : CVE-2019-3500
Debian Bug     : 918058

In the download utility aria2, --log was leaking HTTP user credentials 
in local log file.

For Debian 9 stretch, this problem has been fixed in version
1.30.0-2+deb9u1.

We recommend that you upgrade your aria2 packages.

For the detailed security status of aria2 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/aria2

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmHON5sACgkQiNJCh6LY
mLGcIQ//XnKdaUg3sADTTp+2yGSw5hsB4nzoQfM8YN4NU8NbCky1xxZ5ZoQciw7K
vE65ULgJ7hiWBR/GEDMJdmAhwyHewsOWDojotYdNqLpf3gQy7t1sAyx4zkN+Fvqp
jS2J/xSlqRgNPf5mYqUS5Rg5IhRI96QKTtUvwWWpYXbC5Z3Rd4eHfxpU2BzCmizI
LSbjNiTDIwp+e54mnZNxhEHHDzzMAMUQ6UWi2fs2j1enXhhche4cJOvqs2MstF3U
yZLnVNqaq7E5v4OcTtQxTqDZ2lt0rZLpfBpdBC1N0nUtrwcGBOlNpnP/huzAygHJ
stnmIHhFmwMOwXi8dSaIfDUk8YkYEZi08PMCUm+B3w0CyzsjRnKdVL28oRmFevTC
hgdkWIQYrVf/aRIMdPKJLkQaqZVglDjTWXZFRJXwUEWYzlLhQrAXpdQsq7Sqg6vJ
wV1eoHBpuFvfu0+JLfGSJCPngj4POYjT0Fqul5sdvlQHT0BW5AAPNrJnd53KAlAK
tArQ3yFiMRww6yLJBd6LUCmzlzU2BIzgn0bLyIXvwj7JFF9e9iCcaS8kb6y9SJAl
b54YTsqaNlNkTLcgpOnojpxlsTH2HoAAuR8pm2zJaex262mYUNmbYQoF0cD3F7Uf
r/aBaPVxDe0iOgRmM0o/Bd5PtLwqNbQ35FsuHElVaFjqbzuhLcU=
=kGn2
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2872-1] agg security update
Previous by thread: [SECURITY] [DLA 2872-1] agg security update
Index(es):
- Date
- Thread