Debian Aria2 vulnerabilities

CVE-2019-3500 [HIGH] CVE-2019-3500: aria2 - aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authenticati... aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Authentication username and password in a file, which might allow local users to obtain sensitive information by reading this file. Scope: local bookworm: resolved (fixed in 1.34.0-4) bullseye: resolved (fixed in 1.34.0-4) forky: resolved (fixed in 1.34.0-4) sid: resolved (fixed in 1.34.0-4) trixie: res

CVE-2010-1512 [MEDIUM] CVE-2010-1512: aria2 - Directory traversal vulnerability in aria2 before 1.9.3 allows remote attackers ... Directory traversal vulnerability in aria2 before 1.9.3 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file. Scope: local bookworm: resolved (fixed in 1.9.3-1) bullseye: resolved (fixed in 1.9.3-1) forky: resolved (fixed in 1.9.3-1) sid: resolved (fixed in 1.9.3-1) trixie: resol

CVE-2009-3617 [HIGH] CVE-2009-3617: aria2 - Format string vulnerability in the AbstractCommand::onAbort function in src/Abst... Format string vulnerability in the AbstractCommand::onAbort function in src/AbstractCommand.cc in aria2 before 1.6.2, when logging is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a download URI. NOTE: some of these details are obtained from third party information. Scope: loca

CVE-2009-3575 [CRITICAL] CVE-2009-3575: aria2 - Buffer overflow in DHTRoutingTableDeserializer.cc in aria2 0.15.3, 1.2.0, and ot... Buffer overflow in DHTRoutingTableDeserializer.cc in aria2 0.15.3, 1.2.0, and other versions allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors. Scope: local bookworm: resolved (fixed in 1.2.0-1) bullseye: resolved (fixed in 1.2.0-1) forky: resolved (fixed in 1.2.0-1) sid: resolved (fixed in 1.2.0-1)