Summary: | <net-misc/aria2-1.34.0-r1: metadata and potential password leaks | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | D'juan McDonald (domhnall) <flopwiki> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | dev-zero, glsamaker, mgorny |
Priority: | Low | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/aria2/aria2/issues/1329 | ||
Whiteboard: | C4 [noglsa cve] | ||
Package list: |
net-misc/aria2-1.34.0-r1
|
Runtime testing required: | No |
Description
D'juan McDonald (domhnall)
2019-01-05 17:41:04 UTC
*** Bug 679482 has been marked as a duplicate of this bug. *** The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e0e0415382f55c1c392facd407a21555b6b55c8c commit e0e0415382f55c1c392facd407a21555b6b55c8c Author: Michał Górny <mgorny@gentoo.org> AuthorDate: 2019-04-05 17:13:34 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2019-04-05 17:13:45 +0000 net-misc/aria2: Backport the fix for CVE-2019-3500 Backport fix for potential password leakage in logs (CVE-2019-3500). Ideally this would be a fresh snapshot but autoreconf fails on aria2 git. Bug: https://bugs.gentoo.org/674622 Signed-off-by: Michał Górny <mgorny@gentoo.org> net-misc/aria2/aria2-1.34.0-r1.ebuild | 155 +++++++++++++++++++++ .../aria2/files/aria2-1.34.0-mask-headers.patch | 46 ++++++ 2 files changed, 201 insertions(+) @maintainer(s), please let us know when you are ready to stabilize. Let's go for it. amd64 stable x86 stable Tree is clean |