UbuntuUpdates.org

Package "ant"

Name: ant

Description:

Java based build tool like make
Latest version: 1.9.6-1ubuntu1.1
Release: xenial (16.04)
Level: updates
Repository: universe
Homepage: http://ant.apache.org

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "ant"

All arch deb package
APT INSTALL

Other versions of "ant" in Xenial

Repository Area Version
base universe 1.9.6-1ubuntu1
security universe 1.9.6-1ubuntu1.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.9.6-1ubuntu1.1 2018-07-24 21:06:38 UTC

  ant (1.9.6-1ubuntu1.1) xenial-security; urgency=medium

  * SECURITY UPDATE: Fix ZipSlip vulnerability
    - debian/patches/CVE-2018-10886-1.patch: don't extract entires outside of
      the destination directory in
      src/main/org/apache/tools/ant/taskdefs/Expand.java,
      src/tests/antunit/taskdefs/unzip-test.xml
    - debian/patches/CVE-2018-10886-2.patch: Update the manual
      manual/Tasks/unzip.html
    - debian/patches/CVE-2018-10886-3.patch: Small update to the manual entry
      manual/Tasks/unzip.html
    - debian/patches/CVE-2018-10886-4.patch: Change stripAbsolutePathSpec's
      default value
      manual/Tasks/unzip.html
      src/main/org/apache/tools/ant/taskdefs/Expand.java
    - debian/patches/CVE-2018-10886-5.patch: add additional isLeadingPath
      method that resolves symlinks
      src/main/org/apache/tools/ant/util/FileUtils.java
      src/tests/junit/org/apache/tools/ant/util/FileUtilsTest.java
    - debian/patches/CVE-2018-10886-6.patch: take symlinks into account when
      expanding archives and checking entries
      src/main/org/apache/tools/ant/taskdefs/Expand.java
    - CVE-2018-10886

 -- Mike Salvatore <email address hidden> Fri, 20 Jul 2018 13:55:37 -0400
CVE-2018-10886 ant before version 1.9.12 unzip and untar targets allows the extraction of files outside the target directory. A crafted zip or tar file submitted to


About   -   Send Feedback to @ubuntu_updates