Debian Linux Security Advisory 2047-1 – A vulnerability was discovered in aria2, a download client. The “name” attribute of the “file” element of metalink files is not properly sanitised before using it to download files. If a user is tricked into downloading from a specially crafted metalink file, this can be exploited to download files to directories outside of the intended download directory.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/89657/dsa-2047-1.txt
Source: https://packetstormsecurity.com/files/89657/Debian-Linux-Security-Advisory-2047-1.html