-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2873-1 debian-...@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk December 31, 2021 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : aria2 Version : 1.30.0-2+deb9u1 CVE ID : CVE-2019-3500 Debian Bug : 918058 In the download utility aria2, --log was leaking HTTP user credentials in local log file. For Debian 9 stretch, this problem has been fixed in version 1.30.0-2+deb9u1. We recommend that you upgrade your aria2 packages. For the detailed security status of aria2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/aria2 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmHON5sACgkQiNJCh6LY mLGcIQ//XnKdaUg3sADTTp+2yGSw5hsB4nzoQfM8YN4NU8NbCky1xxZ5ZoQciw7K vE65ULgJ7hiWBR/GEDMJdmAhwyHewsOWDojotYdNqLpf3gQy7t1sAyx4zkN+Fvqp jS2J/xSlqRgNPf5mYqUS5Rg5IhRI96QKTtUvwWWpYXbC5Z3Rd4eHfxpU2BzCmizI LSbjNiTDIwp+e54mnZNxhEHHDzzMAMUQ6UWi2fs2j1enXhhche4cJOvqs2MstF3U yZLnVNqaq7E5v4OcTtQxTqDZ2lt0rZLpfBpdBC1N0nUtrwcGBOlNpnP/huzAygHJ stnmIHhFmwMOwXi8dSaIfDUk8YkYEZi08PMCUm+B3w0CyzsjRnKdVL28oRmFevTC hgdkWIQYrVf/aRIMdPKJLkQaqZVglDjTWXZFRJXwUEWYzlLhQrAXpdQsq7Sqg6vJ wV1eoHBpuFvfu0+JLfGSJCPngj4POYjT0Fqul5sdvlQHT0BW5AAPNrJnd53KAlAK tArQ3yFiMRww6yLJBd6LUCmzlzU2BIzgn0bLyIXvwj7JFF9e9iCcaS8kb6y9SJAl b54YTsqaNlNkTLcgpOnojpxlsTH2HoAAuR8pm2zJaex262mYUNmbYQoF0cD3F7Uf r/aBaPVxDe0iOgRmM0o/Bd5PtLwqNbQ35FsuHElVaFjqbzuhLcU= =kGn2 -----END PGP SIGNATURE-----