Format: 1.8 Date: Fri, 20 Jul 2018 13:55:37 -0400 Source: ant Binary: ant ant-gcj ant-optional ant-optional-gcj ant-doc Architecture: all amd64 Version: 1.9.6-1ubuntu1.1 Distribution: xenial Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Mike Salvatore Description: ant - Java based build tool like make ant-doc - Java based build tool like make - API documentation and manual ant-gcj - Java based build tool like make (GCJ) ant-optional - Java based build tool like make - optional libraries ant-optional-gcj - Java based build tool like make - optional libraries (GCJ) Changes: ant (1.9.6-1ubuntu1.1) xenial-security; urgency=medium . * SECURITY UPDATE: Fix ZipSlip vulnerability - debian/patches/CVE-2018-10886-1.patch: don't extract entires outside of the destination directory in src/main/org/apache/tools/ant/taskdefs/Expand.java, src/tests/antunit/taskdefs/unzip-test.xml - debian/patches/CVE-2018-10886-2.patch: Update the manual manual/Tasks/unzip.html - debian/patches/CVE-2018-10886-3.patch: Small update to the manual entry manual/Tasks/unzip.html - debian/patches/CVE-2018-10886-4.patch: Change stripAbsolutePathSpec's default value manual/Tasks/unzip.html src/main/org/apache/tools/ant/taskdefs/Expand.java - debian/patches/CVE-2018-10886-5.patch: add additional isLeadingPath method that resolves symlinks src/main/org/apache/tools/ant/util/FileUtils.java src/tests/junit/org/apache/tools/ant/util/FileUtilsTest.java - debian/patches/CVE-2018-10886-6.patch: take symlinks into account when expanding archives and checking entries src/main/org/apache/tools/ant/taskdefs/Expand.java - CVE-2018-10886 Checksums-Sha1: 916d340c088ee6627c605ae0b23c073db0eefb94 1956034 ant-doc_1.9.6-1ubuntu1.1_all.deb 41ecb7316c72b94ae2d302df49ca18c31557bcd1 2759652 ant-gcj-dbgsym_1.9.6-1ubuntu1.1_amd64.ddeb 4de23ffc601217d58a2787d6dca6fa28bebaa322 1678562 ant-gcj_1.9.6-1ubuntu1.1_amd64.deb f047fbbd15a566fb69f6ca96a2a97d5c0491ea8d 435192 ant-optional-gcj-dbgsym_1.9.6-1ubuntu1.1_amd64.ddeb 7c484bdd4babc6f0cd94941cbbf166f41720e07f 312602 ant-optional-gcj_1.9.6-1ubuntu1.1_amd64.deb 6eda873cf8c3dc3ca572af9e9381d5fc92ff867a 315006 ant-optional_1.9.6-1ubuntu1.1_all.deb fc29fd6f9081cfbec158c8b972c9c31c48f33ee8 1899196 ant_1.9.6-1ubuntu1.1_all.deb Checksums-Sha256: e4aed06001f3aa0961ebd54a2b3f84040cb2a005d6bbc5dba3464b69e1ce82ae 1956034 ant-doc_1.9.6-1ubuntu1.1_all.deb 627064ec2fe7091eb90dde6cd8dc9802e325c2c86ad32f4a16676e7069ccb37f 2759652 ant-gcj-dbgsym_1.9.6-1ubuntu1.1_amd64.ddeb 589b20dfa9a56672edcd2419c0ca9795c8ceb49d814363899421c6427dadb463 1678562 ant-gcj_1.9.6-1ubuntu1.1_amd64.deb 8958b405290be9c69359392204c9fe005c6d9c35bb6835cda509d1cc6e2f0fd0 435192 ant-optional-gcj-dbgsym_1.9.6-1ubuntu1.1_amd64.ddeb aa847be802b9a6d2f0032fed4ecdb48d6e638ee1aed0bd8955801aebe9c771cb 312602 ant-optional-gcj_1.9.6-1ubuntu1.1_amd64.deb 0b1c2521cb894c72bd6cde6963d9685a32822e21ce37015f5d41aa76fa09e577 315006 ant-optional_1.9.6-1ubuntu1.1_all.deb 2a01ea336b54b166744b3a08d85fc97dba14a7b18f36c4aab14985dbef933ea7 1899196 ant_1.9.6-1ubuntu1.1_all.deb Files: 74b69184ed94011d4413f182a6199146 1956034 doc optional ant-doc_1.9.6-1ubuntu1.1_all.deb a9cd04e9e84a1242f7ae6f0d0a1c1668 2759652 java extra ant-gcj-dbgsym_1.9.6-1ubuntu1.1_amd64.ddeb 5d95d146f0485eefbe04f26275cd7f3e 1678562 java optional ant-gcj_1.9.6-1ubuntu1.1_amd64.deb 4bb1769d0f10c36981bcc4f1f01d28c9 435192 java extra ant-optional-gcj-dbgsym_1.9.6-1ubuntu1.1_amd64.ddeb 91a901e1268f17756fc6537c8fe643d1 312602 java optional ant-optional-gcj_1.9.6-1ubuntu1.1_amd64.deb fbfd0609520b341b2f45de50445404dd 315006 java optional ant-optional_1.9.6-1ubuntu1.1_all.deb c8d6defc47e993909bf3e6b18785eb9f 1899196 java optional ant_1.9.6-1ubuntu1.1_all.deb Original-Maintainer: Debian Java Maintainers