Reserve DLA-2873-1 for aria2

3 files changed, 3 insertions, 3 deletions

diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index e718c05ccc..a24c68cbee 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -46260,7 +46260,6 @@ CVE-2019-3501 (The OUGC Awards plugin before 1.8.19 for MyBB allows XSS via a cr
 CVE-2019-3500 (aria2c in aria2 1.33.1, when --log is used, can store an HTTP Basic Au ...)
 	{DLA-1636-1}
 	- aria2 1.34.0-4 (low; bug #918058)
-	[stretch] - aria2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/aria2/aria2/issues/1329
 	NOTE: Masking of all authorization and cookie header fields (but not userinfo in URL):
 	NOTE: https://github.com/aria2/aria2/commit/37368130ca7de5491a75fd18a20c5c5cc641824a
diff --git a/data/DLA/list b/data/DLA/list
index add58d3af1..b93def3c32 100644
--- a/data/DLA/list
+++ b/data/DLA/list
@@ -1,3 +1,6 @@
+[31 Dec 2021] DLA-2873-1 aria2 - security update
+	{CVE-2019-3500}
+	[stretch] - aria2 1.30.0-2+deb9u1
 [31 Dec 2021] DLA-2872-1 agg - security update
 	{CVE-2019-6245}
 	[stretch] - agg 2.5+dfsg1-11+deb9u1
diff --git a/data/dla-needed.txt b/data/dla-needed.txt
index 735acad262..6ced0c4cd5 100644
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -24,8 +24,6 @@ apng2gif
   NOTE: 20211229: CVE-2017-6960 was fixed in DLAs for wheezy and jessie
   NOTE: 20211229: but is unfixed in stretch, plus 2 additional CVEs (bunk)
 --
-aria2 (Adrian Bunk)
---
 condor (Anton)
   NOTE: 20211216: full details embargoed
   NOTE: 20211227: the fix is out and now available; cf: