|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-1: CVE-2019-3500: aria2: metadata and potential password leaks via --log= | ||
|---|---|---|---|
| Product: | [openSUSE] openSUSE Distribution | Reporter: | Alexander Bergmann <abergmann> |
| Component: | Basesystem | Assignee: | Martin Pluskal <mpluskal> |
| Status: | RESOLVED FIXED | QA Contact: | Security Team bot <security-team> |
| Severity: | Minor | ||
| Priority: | P4 - Low | CC: | astieger |
| Version: | Leap 15.0 | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| URL: | https://smash.suse.de/issue/221964/ | ||
| Whiteboard: | |||
| Found By: | Security Response Team | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
|
Description
Alexander Bergmann
2019-01-02 12:29:07 UTC
This is an autogenerated message for OBS integration: This bug (1120488) was mentioned in https://build.opensuse.org/request/show/664102 Factory / aria2 https://build.opensuse.org/request/show/664104 15.0+42.3+Backports:SLE-15 / aria2 The Leap 42.3 portion does not build due to it requiring a newer version of libuv: nothing provides pkgconfig(libuv) >= 1.13 1.6.1 is shipped there, this bump in not binary compatible. The spec change drops the libuv conditional. Consider a submission with only aria2-CVE-2019-3500.patch added, see https://build.opensuse.org/request/show/664450 This is an autogenerated message for OBS integration: This bug (1120488) was mentioned in https://build.opensuse.org/request/show/664452 15.0+42.3+Backports:SLE-15 / aria2 done openSUSE-SU-2019:0050-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1120488 CVE References: CVE-2019-3500 Sources used: openSUSE Leap 42.3 (src): aria2-1.24.0-4.4.1 openSUSE Leap 15.0 (src): aria2-1.33.1-lp150.2.4.1 openSUSE Backports SLE-15 (src): aria2-1.33.1-bp150.3.7.1 |