[Bug 1120488] New: VUL-1: CVE-2019-3500: aria2: metadata and potential password leaks via --log=
http://bugzilla.opensuse.org/show_bug.cgi?id=1120488 Bug ID: 1120488 Summary: VUL-1: CVE-2019-3500: aria2: metadata and potential password leaks via --log= Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.0 Hardware: Other URL: https://smash.suse.de/issue/221964/ OS: Other Status: NEW Severity: Minor Priority: P5 - None Component: Basesystem Assignee: mpluskal@suse.com Reporter: abergmann@suse.com QA Contact: security-team@suse.de Found By: Security Response Team Blocker: --- CVE-2019-3500 aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file. References: https://github.com/aria2/aria2/issues/1329 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3500 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1120488 http://bugzilla.opensuse.org/show_bug.cgi?id=1120488#c2 Andreas Stieger <astieger@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |astieger@suse.com --- Comment #2 from Andreas Stieger <astieger@suse.com> --- The Leap 42.3 portion does not build due to it requiring a newer version of libuv: nothing provides pkgconfig(libuv) >= 1.13 1.6.1 is shipped there, this bump in not binary compatible. The spec change drops the libuv conditional. Consider a submission with only aria2-CVE-2019-3500.patch added, see https://build.opensuse.org/request/show/664450 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1120488 http://bugzilla.opensuse.org/show_bug.cgi?id=1120488#c4 Andreas Stieger <astieger@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|IN_PROGRESS |RESOLVED Resolution|--- |FIXED --- Comment #4 from Andreas Stieger <astieger@suse.com> --- done -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com