-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sun, 16 May 2010 09:53:44 +0200 Source: aria2 Binary: aria2 Architecture: source amd64 Version: 0.14.0-1+lenny2 Distribution: stable-security Urgency: high Maintainer: Patrick Ruckstuhl <patrick@tario.org> Changed-By: Patrick Ruckstuhl <patrick@tario.org> Description: aria2 - High speed download utility Changes: aria2 (0.14.0-1+lenny2) stable-security; urgency=high . * Security upload. * src/FilesMetalinkParserState.cc, src/MetalinkParserController.cc src/Util.cc, src/Util.h + Fixed directory traversal during the download of a metalink file. Many thanks to Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com> for patch. CVE-2010-1512 Checksums-Sha1: 1724ab8bc29980108bd030489de3d3f8d5c63398 1102 aria2_0.14.0-1+lenny2.dsc a55fea8cfab9497bbd0ba589239a5ec08cd596ef 21863 aria2_0.14.0-1+lenny2.diff.gz 4fc9cd8aa9085b693d94520d64c8f54b8c30b872 1092380 aria2_0.14.0-1+lenny2_amd64.deb Checksums-Sha256: 2319753adb38d8a4c950e526c6d9ecc82b935d138ff6f7a907ec1fda75f407bf 1102 aria2_0.14.0-1+lenny2.dsc 5d9dafa9c4aa4238d39b27dd9ee77a4d8a07331b268f507acbeb640bee193fea 21863 aria2_0.14.0-1+lenny2.diff.gz e022f9f56fa5cc36f89f560e157f2afb562e23ea6ff6545b215cc660d5c94c99 1092380 aria2_0.14.0-1+lenny2_amd64.deb Files: 66f40f6d5908ed4caef208b258eb7617 1102 net optional aria2_0.14.0-1+lenny2.dsc b2b9fec5b9a7eccd68f12ad29804cb9c 21863 net optional aria2_0.14.0-1+lenny2.diff.gz 97206956e1358720fced7b3487727730 1092380 net optional aria2_0.14.0-1+lenny2_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAkvwK58ACgkQoRg/jtECjI0LNQCeKF0lqIIX/KC1Dq2jBZSvM1tj 06IAn3MSjPJQF/hm8AQPcMTVKBUya8cC =Hi7G -----END PGP SIGNATURE----- Accepted: aria2_0.14.0-1+lenny2.diff.gz to main/a/aria2/aria2_0.14.0-1+lenny2.diff.gz aria2_0.14.0-1+lenny2.dsc to main/a/aria2/aria2_0.14.0-1+lenny2.dsc aria2_0.14.0-1+lenny2_amd64.deb to main/a/aria2/aria2_0.14.0-1+lenny2_amd64.deb