Publishing details

Published on 2018-07-24
Copied from ubuntu xenial in PPA for Ubuntu Security Proposed by Ubuntu Archive Robot

Changelog

ant (1.9.6-1ubuntu1.1) xenial-security; urgency=medium

  * SECURITY UPDATE: Fix ZipSlip vulnerability
    - debian/patches/CVE-2018-10886-1.patch: don't extract entires outside of
      the destination directory in
      src/main/org/apache/tools/ant/taskdefs/Expand.java,
      src/tests/antunit/taskdefs/unzip-test.xml
    - debian/patches/CVE-2018-10886-2.patch: Update the manual
      manual/Tasks/unzip.html
    - debian/patches/CVE-2018-10886-3.patch: Small update to the manual entry
      manual/Tasks/unzip.html
    - debian/patches/CVE-2018-10886-4.patch: Change stripAbsolutePathSpec's
      default value
      manual/Tasks/unzip.html
      src/main/org/apache/tools/ant/taskdefs/Expand.java
    - debian/patches/CVE-2018-10886-5.patch: add additional isLeadingPath
      method that resolves symlinks
      src/main/org/apache/tools/ant/util/FileUtils.java
      src/tests/junit/org/apache/tools/ant/util/FileUtilsTest.java
    - debian/patches/CVE-2018-10886-6.patch: take symlinks into account when
      expanding archives and checking entries
      src/main/org/apache/tools/ant/taskdefs/Expand.java
    - CVE-2018-10886

 -- Mike Salvatore <email address hidden>  Fri, 20 Jul 2018 13:55:37 -0400

Available diffs

diff from 1.9.6-1ubuntu1 (in Ubuntu) to 1.9.6-1ubuntu1.1 (4.4 KiB)

Builds

Built packages

ant Java based build tool like make

ant-doc Java based build tool like make - API documentation and manual

ant-gcj Java based build tool like make (GCJ)

ant-gcj-dbgsym debug symbols for package ant-gcj

ant-optional Java based build tool like make - optional libraries

ant-optional-gcj Java based build tool like make - optional libraries (GCJ)

ant-optional-gcj-dbgsym debug symbols for package ant-optional-gcj

Package files

ant-doc_1.9.6-1ubuntu1.1_all.deb (1.9 MiB)
ant-gcj-dbgsym_1.9.6-1ubuntu1.1_amd64.ddeb (2.6 MiB)
ant-gcj-dbgsym_1.9.6-1ubuntu1.1_arm64.ddeb (2.8 MiB)
ant-gcj-dbgsym_1.9.6-1ubuntu1.1_armhf.ddeb (2.6 MiB)
ant-gcj-dbgsym_1.9.6-1ubuntu1.1_i386.ddeb (2.2 MiB)
ant-gcj-dbgsym_1.9.6-1ubuntu1.1_powerpc.ddeb (2.5 MiB)
ant-gcj-dbgsym_1.9.6-1ubuntu1.1_ppc64el.ddeb (2.7 MiB)
ant-gcj-dbgsym_1.9.6-1ubuntu1.1_s390x.ddeb (2.6 MiB)
ant-gcj_1.9.6-1ubuntu1.1_amd64.deb (1.6 MiB)
ant-gcj_1.9.6-1ubuntu1.1_arm64.deb (1.4 MiB)
ant-gcj_1.9.6-1ubuntu1.1_armhf.deb (1.2 MiB)
ant-gcj_1.9.6-1ubuntu1.1_i386.deb (1.4 MiB)
ant-gcj_1.9.6-1ubuntu1.1_powerpc.deb (1.3 MiB)
ant-gcj_1.9.6-1ubuntu1.1_ppc64el.deb (1.6 MiB)
ant-gcj_1.9.6-1ubuntu1.1_s390x.deb (1.5 MiB)
ant-optional-gcj-dbgsym_1.9.6-1ubuntu1.1_amd64.ddeb (425.0 KiB)
ant-optional-gcj-dbgsym_1.9.6-1ubuntu1.1_arm64.ddeb (457.0 KiB)
ant-optional-gcj-dbgsym_1.9.6-1ubuntu1.1_armhf.ddeb (441.9 KiB)
ant-optional-gcj-dbgsym_1.9.6-1ubuntu1.1_i386.ddeb (358.3 KiB)
ant-optional-gcj-dbgsym_1.9.6-1ubuntu1.1_powerpc.ddeb (395.9 KiB)
ant-optional-gcj-dbgsym_1.9.6-1ubuntu1.1_ppc64el.ddeb (422.6 KiB)
ant-optional-gcj-dbgsym_1.9.6-1ubuntu1.1_s390x.ddeb (418.6 KiB)
ant-optional-gcj_1.9.6-1ubuntu1.1_amd64.deb (305.3 KiB)
ant-optional-gcj_1.9.6-1ubuntu1.1_arm64.deb (271.8 KiB)
ant-optional-gcj_1.9.6-1ubuntu1.1_armhf.deb (239.0 KiB)
ant-optional-gcj_1.9.6-1ubuntu1.1_i386.deb (270.0 KiB)
ant-optional-gcj_1.9.6-1ubuntu1.1_powerpc.deb (252.1 KiB)
ant-optional-gcj_1.9.6-1ubuntu1.1_ppc64el.deb (302.1 KiB)
ant-optional-gcj_1.9.6-1ubuntu1.1_s390x.deb (291.1 KiB)
ant-optional_1.9.6-1ubuntu1.1_all.deb (307.6 KiB)
ant_1.9.6-1ubuntu1.1.debian.tar.xz (20.1 KiB)
ant_1.9.6-1ubuntu1.1.dsc (2.6 KiB)
ant_1.9.6-1ubuntu1.1_all.deb (1.8 MiB)
ant_1.9.6.orig.tar.xz (3.1 MiB)