[Bug 547318] New: aria2c 1.6.2 is out fixing security issues in 1.5.x and 1.6.x
http://bugzilla.novell.com/show_bug.cgi?id=547318 Summary: aria2c 1.6.2 is out fixing security issues in 1.5.x and 1.6.x Classification: openSUSE Product: openSUSE 11.2 Version: Factory Platform: x86-64 OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: jnelson-suse@jamponi.net QAContact: qa@suse.de Found By: --- User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.9.0.14) Gecko/2009090900 SUSE/3.0.14-0.1.2 Firefox/3.0.14 The most recent version of aria2c available for 11.2 (as yet) appears to 1.5.2 1.6.2 is out which improves the security of aria2c and fixes a bunch of bugs. Please upgrade aria2c to 1.6.2 for factory. Also, a security issue in earlier versions of aria2c could cause a DOS or the execution of malicious code - please make sure that 11.1 is also updated to an appropriate version. Thanks! This is especially important since zypper relies on aria2c for its downloads, thus a vulnerability or security issues effects nearly every user! Reproducible: Always Steps to Reproduce: 1. 2. 3. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=547318 User meissner@novell.com added comment http://bugzilla.novell.com/show_bug.cgi?id=547318#c1 Marcus Meissner <meissner@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |security-team@suse.de AssignedTo|security-team@suse.de |poeml@novell.com --- Comment #1 from Marcus Meissner <meissner@novell.com> 2009-10-15 10:08:35 MDT --- you can submit aria2 to factory too btw. if you want to. i think this is CVE-2009-3575, a fix is in 11.1 already and will be piushed soon -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=547318 User lnussel@novell.com added comment http://bugzilla.novell.com/show_bug.cgi?id=547318#c2 --- Comment #2 from Ludwig Nussel <lnussel@novell.com> 2009-10-19 03:34:34 MDT --- CVE-2009-3617 for the printf problems -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=547318 Peter Poeml <poeml@cmdline.net> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|poeml@novell.com |security-team@suse.de -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=547318 Ludwig Nussel <lnussel@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|aria2c 1.6.2 is out fixing |VUL-0: aria2c 1.6.2 is out |security issues in 1.5.x |fixing security issues in |and 1.6.x |1.5.x and 1.6.x -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=547318 User lnussel@novell.com added comment http://bugzilla.novell.com/show_bug.cgi?id=547318#c3 --- Comment #3 from Ludwig Nussel <lnussel@novell.com> 2009-11-02 06:31:02 MST --- I've applied the trivial patch and sr'd to 11.2 and Factory. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=547318 User lnussel@novell.com added comment http://bugzilla.novell.com/show_bug.cgi?id=547318#c4 Ludwig Nussel <lnussel@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED --- Comment #4 from Ludwig Nussel <lnussel@novell.com> 2009-11-03 00:32:46 MST --- accepted in 11.2 -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=547318 http://bugzilla.novell.com/show_bug.cgi?id=547318#c5 --- Comment #5 from Bernhard Wiedemann <bwiedemann@suse.com> --- This is an autogenerated message for OBS integration: This bug (547318) was mentioned in https://build.opensuse.org/request/show/23562 Factory / aria2 -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com