CVE-2026-8367:
aria2c accepts a server certificate with incorrect Extended Key Usage (EKU). If the attackers compromise a certificate (with the associated private key) issued for a different purpose, they may be able to reuse it for TLS server authentication.
CVE-2026-8367:
aria2c accepts a server certificate with incorrect Extended Key Usage (EKU). If the attackers compromise a certificate (with the associated private key) issued for a different purpose, they may be able to reuse it for TLS server authentication.
CVE-2026-8367:
aria2c accepts a server certificate with incorrect Extended Key Usage (EKU). If the attackers compromise a certificate (with the associated private key) issued for a different purpose, they may be able to reuse it for TLS server authentication.
CVE-2026-8367:
aria2c accepts a server certificate with incorrect Extended Key Usage (EKU). If the attackers compromise a certificate (with the associated private key) issued for a different purpose, they may be able to reuse it for TLS server authentication.
CVE-2026-8367:
aria2c accepts a server certificate with incorrect Extended Key Usage (EKU). If the attackers compromise a certificate (with the associated private key) issued for a different purpose, they may be able to reuse it for TLS server authentication.
Standards version of the package is outdated.
wishlist
The package should be updated to follow the last version of Debian Policy
(Standards-Version 4.7.4 instead of
4.7.2).
![[bug history graph]](https://qa.debian.org/data/bts/graphs/a/aria2.png){kind=link}