Publishing details
-
Published
-
Copied from
ubuntu trusty in
Private PPA for Ubuntu Security Team
by Mike Salvatore
Changelog
ant (1.9.3-2ubuntu0.1) trusty-security; urgency=medium
* SECURITY UPDATE: Fix ZipSlip vulnerability
- debian/patches/CVE-2018-10886-1.patch: don't extract entires outside of
the destination directory in
src/main/org/apache/tools/ant/taskdefs/Expand.java,
src/tests/antunit/taskdefs/unzip-test.xml
- debian/patches/CVE-2018-10886-2.patch: Update the manual
manual/Tasks/unzip.html
- debian/patches/CVE-2018-10886-3.patch: Small update to the manual entry
manual/Tasks/unzip.html
- debian/patches/CVE-2018-10886-4.patch: Change stripAbsolutePathSpec's
default value
manual/Tasks/unzip.html
src/main/org/apache/tools/ant/taskdefs/Expand.java
- debian/patches/CVE-2018-10886-5.patch: add additional isLeadingPath
method that resolves symlinks
src/main/org/apache/tools/ant/util/FileUtils.java
src/tests/junit/org/apache/tools/ant/util/FileUtilsTest.java
- debian/patches/CVE-2018-10886-6.patch: take symlinks into account when
expanding archives and checking entries
src/main/org/apache/tools/ant/taskdefs/Expand.java
- CVE-2018-10886
-- Mike Salvatore <email address hidden> Mon, 23 Jul 2018 09:07:56 -0400
Builds
Built packages
-
ant
Java based build tool like make
-
ant-doc
Java based build tool like make - API documentation and manual
-
ant-gcj
Java based build tool like make (GCJ)
-
ant-gcj-dbgsym
debug symbols for package ant-gcj
-
ant-optional
Java based build tool like make - optional libraries
-
ant-optional-gcj
Java based build tool like make - optional libraries (GCJ)
-
ant-optional-gcj-dbgsym
debug symbols for package ant-optional-gcj
Package files