UbuntuUpdates.org

Package "ant"

Name: ant

Description:

Java based build tool like make

Latest version: 1.10.3-1ubuntu0.1
Release: bionic (18.04)
Level: updates
Repository: universe
Homepage: http://ant.apache.org

Links

Save this URL for the latest version of "ant": https://www.ubuntuupdates.org/ant


Download "ant"


Other versions of "ant" in Bionic

Repository Area Version
base universe 1.10.3-1
security universe 1.10.3-1ubuntu0.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.10.3-1ubuntu0.1 2018-07-24 21:06:38 UTC

  ant (1.10.3-1ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Fix ZipSlip vulnerability
    - debian/patches/CVE-2018-10886-1.patch: don't extract entires outside of
      the destination directory in
      src/main/org/apache/tools/ant/taskdefs/Expand.java,
      src/tests/antunit/taskdefs/unzip-test.xml
    - debian/patches/CVE-2018-10886-2.patch: Update the manual
      manual/Tasks/unzip.html
    - debian/patches/CVE-2018-10886-3.patch: Small update to the manual entry
      manual/Tasks/unzip.html
    - debian/patches/CVE-2018-10886-4.patch: Change stripAbsolutePathSpec's
      default value
      manual/Tasks/unzip.html
      src/main/org/apache/tools/ant/taskdefs/Expand.java
    - debian/patches/CVE-2018-10886-5.patch: add additional isLeadingPath
      method that resolves symlinks
      src/main/org/apache/tools/ant/util/FileUtils.java
      src/tests/junit/org/apache/tools/ant/util/FileUtilsTest.java
    - debian/patches/CVE-2018-10886-6.patch: take symlinks into account when
      expanding archives and checking entries
      src/main/org/apache/tools/ant/taskdefs/Expand.java
    - CVE-2018-10886

 -- Mike Salvatore <email address hidden> Thu, 19 Jul 2018 14:24:04 -0400

CVE-2018-10886 ant before version 1.9.12 unzip and untar targets allows the extraction of files outside the target directory. A crafted zip or tar file submitted to



About   -   Send Feedback to @ubuntu_updates