Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 320975 (CVE-2010-1512) - net-misc/aria2: directory traversal (CVE-2010-1512)
Summary: net-misc/aria2: directory traversal (CVE-2010-1512)
Alias: CVE-2010-1512
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Security
Whiteboard: B2 [glsa]
Depends on:
Reported: 2010-05-21 22:40 UTC by Stefan Behte (RETIRED)
Modified: 2011-01-15 21:49 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Behte (RETIRED) gentoo-dev Security 2010-05-21 22:40:33 UTC
CVE-2010-1512 (
  Directory traversal vulnerability in aria2 before 1.9.3 allows remote
  attackers to create arbitrary files via directory traversal sequences
  in the name attribute of a file element in a metalink file.
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2010-05-21 22:41:41 UTC
Can 1.9.3 go stable?
Comment 2 Tiziano Müller (RETIRED) gentoo-dev 2010-05-22 05:24:48 UTC
Comment 3 Stefan Behte (RETIRED) gentoo-dev Security 2010-05-22 11:00:08 UTC
Arches, please test and mark stable:

Target keywords : "amd64 x86"

BTW: If the security team asks if something can go stable, adding arches is a valid reply, as it makes the process of security bug handling faster. :)
Comment 4 Peter Volkov (RETIRED) gentoo-dev 2010-05-22 18:25:38 UTC
amd64 stable.
Comment 5 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2010-05-23 14:23:49 UTC
x86 stable, all archs done
Comment 6 Stefan Behte (RETIRED) gentoo-dev Security 2010-05-23 20:17:06 UTC
GLSA request filed.
Comment 7 Tiziano Müller (RETIRED) gentoo-dev 2010-06-05 05:41:27 UTC
vulnerable versions removed.
Comment 8 Tiziano Müller (RETIRED) gentoo-dev 2010-08-30 05:25:04 UTC
Comment 9 Tobias Heinlein (RETIRED) gentoo-dev 2011-01-15 21:49:00 UTC
GLSA 201101-04, thanks everyone.