diff options
author | Adrian Bunk <bunk@debian.org> | 2021-12-31 00:20:26 +0200 |
---|---|---|
committer | Adrian Bunk <bunk@debian.org> | 2021-12-31 00:20:26 +0200 |
commit | e31833054c64c3d5ccc10479f5f5167144416c8e (patch) | |
tree | 438881b320a00a53448911984274ef5ccf8da651 | |
parent | f63919cc030357a4ec8e205785cba7d3e87ec54d (diff) |
Reserve DLA-2873-1 for aria2
-rw-r--r-- | data/CVE/list | 1 | ||||
-rw-r--r-- | data/DLA/list | 3 | ||||
-rw-r--r-- | data/dla-needed.txt | 2 |
3 files changed, 3 insertions, 3 deletions
diff --git a/data/CVE/list b/data/CVE/list index 48dc7a2162..3fcd7c56e2 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -196960,7 +196960,6 @@ CVE-2018-20655 (When receiving calls using WhatsApp for iOS, a missing size chec CVE-2019-3500 (aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Au ...) {DLA-1636-1} - aria2 1.34.0-4 (low; bug #918058) - [stretch] - aria2 <no-dsa> (Minor issue) NOTE: https://github.com/aria2/aria2/issues/1329 NOTE: Masking of all authorization and cookie header fields (but not userinfo in URL): NOTE: https://github.com/aria2/aria2/commit/37368130ca7de5491a75fd18a20c5c5cc641824a diff --git a/data/DLA/list b/data/DLA/list index add58d3af1..b93def3c32 100644 --- a/data/DLA/list +++ b/data/DLA/list @@ -1,3 +1,6 @@ +[31 Dec 2021] DLA-2873-1 aria2 - security update + {CVE-2019-3500} + [stretch] - aria2 1.30.0-2+deb9u1 [31 Dec 2021] DLA-2872-1 agg - security update {CVE-2019-6245} [stretch] - agg 2.5+dfsg1-11+deb9u1 diff --git a/data/dla-needed.txt b/data/dla-needed.txt index 735acad262..6ced0c4cd5 100644 --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -24,8 +24,6 @@ apng2gif NOTE: 20211229: CVE-2017-6960 was fixed in DLAs for wheezy and jessie NOTE: 20211229: but is unfixed in stretch, plus 2 additional CVEs (bunk) -- -aria2 (Adrian Bunk) --- condor (Anton) NOTE: 20211216: full details embargoed NOTE: 20211227: the fix is out and now available; cf: |