Directory traversal vulnerability in aria2 before 1.9.3 allows remote
attackers to create arbitrary files via directory traversal sequences
in the name attribute of a file element in a metalink file.
Can 1.9.3 go stable?
Arches, please test and mark stable:
Target keywords : "amd64 x86"
BTW: If the security team asks if something can go stable, adding arches is a valid reply, as it makes the process of security bug handling faster. :)
x86 stable, all archs done
GLSA request filed.
vulnerable versions removed.
GLSA 201101-04, thanks everyone.