UbuntuUpdates.org

Package "ant-doc"

Name: ant-doc

Description:

Java based build tool like make - API documentation and manual

Latest version: 1.9.3-2ubuntu0.1
Release: trusty (14.04)
Level: updates
Repository: main
Head package: ant
Homepage: http://ant.apache.org

Links


Download "ant-doc"


Other versions of "ant-doc" in Trusty

Repository Area Version
base main 1.9.3-2build1
security main 1.9.3-2ubuntu0.1

Changelog

Version: 1.9.3-2ubuntu0.1 2018-07-24 19:06:43 UTC

  ant (1.9.3-2ubuntu0.1) trusty-security; urgency=medium

  * SECURITY UPDATE: Fix ZipSlip vulnerability
    - debian/patches/CVE-2018-10886-1.patch: don't extract entires outside of
      the destination directory in
      src/main/org/apache/tools/ant/taskdefs/Expand.java,
      src/tests/antunit/taskdefs/unzip-test.xml
    - debian/patches/CVE-2018-10886-2.patch: Update the manual
      manual/Tasks/unzip.html
    - debian/patches/CVE-2018-10886-3.patch: Small update to the manual entry
      manual/Tasks/unzip.html
    - debian/patches/CVE-2018-10886-4.patch: Change stripAbsolutePathSpec's
      default value
      manual/Tasks/unzip.html
      src/main/org/apache/tools/ant/taskdefs/Expand.java
    - debian/patches/CVE-2018-10886-5.patch: add additional isLeadingPath
      method that resolves symlinks
      src/main/org/apache/tools/ant/util/FileUtils.java
      src/tests/junit/org/apache/tools/ant/util/FileUtilsTest.java
    - debian/patches/CVE-2018-10886-6.patch: take symlinks into account when
      expanding archives and checking entries
      src/main/org/apache/tools/ant/taskdefs/Expand.java
    - CVE-2018-10886

 -- Mike Salvatore <email address hidden> Mon, 23 Jul 2018 09:07:56 -0400

CVE-2018-10886 ant before version 1.9.12 unzip and untar targets allows the extraction of files outside the target directory. A crafted zip or tar file submitted to



About   -   Send Feedback to @ubuntu_updates