Aria upstream has released 1.6.2 version fixing one security issue. From
aria2-1.6.2 Release Notes:
This release fixes segmentation fault error if URI to download
contains printf format string and logging is enabled.
* Fixed the bug that causes segmentation fault if
req->getCurrentUrl() contains printf format string such as %d. The
statement that causes this bug is useless and removed.
This issue does not affect the version of aria2 package, as scheduled to
be included into Fedora 13 release (aria2-1.6.2-1.fc13 is already updated).
This issue affects the version of aria2 package, as scheduled to
be included into Fedora 12 release (current aria2-1.6.1-1.fc12 version
is still vulnerable, please fix).
This issue does NOT affect the versions of the aria2 package, as shipped
with Fedora releases of 10 and 11 (aria2-1.3.1-2.fc10 aria2-1.3.1-1.fc11).
Ouch. Didn't realize this was a security issue. Build completed and tag request filed.
Tagged as a post beta update for Fedora 12. Thank you very much.
This is CVE-2009-3617.