Format: 1.8
Date: Fri, 20 Jul 2018 13:55:37 -0400
Source: ant
Binary: ant ant-gcj ant-optional ant-optional-gcj ant-doc
Architecture: armhf
Version: 1.9.6-1ubuntu1.1
Distribution: xenial
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@bos02-arm64-019.buildd>
Changed-By: Mike Salvatore <mike.salvatore@canonical.com>
Description:
 ant        - Java based build tool like make
 ant-doc    - Java based build tool like make - API documentation and manual
 ant-gcj    - Java based build tool like make (GCJ)
 ant-optional - Java based build tool like make - optional libraries
 ant-optional-gcj - Java based build tool like make - optional libraries (GCJ)
Changes:
 ant (1.9.6-1ubuntu1.1) xenial-security; urgency=medium
 .
   * SECURITY UPDATE: Fix ZipSlip vulnerability
     - debian/patches/CVE-2018-10886-1.patch: don't extract entires outside of
       the destination directory in
       src/main/org/apache/tools/ant/taskdefs/Expand.java,
       src/tests/antunit/taskdefs/unzip-test.xml
     - debian/patches/CVE-2018-10886-2.patch: Update the manual
       manual/Tasks/unzip.html
     - debian/patches/CVE-2018-10886-3.patch: Small update to the manual entry
       manual/Tasks/unzip.html
     - debian/patches/CVE-2018-10886-4.patch: Change stripAbsolutePathSpec's
       default value
       manual/Tasks/unzip.html
       src/main/org/apache/tools/ant/taskdefs/Expand.java
     - debian/patches/CVE-2018-10886-5.patch: add additional isLeadingPath
       method that resolves symlinks
       src/main/org/apache/tools/ant/util/FileUtils.java
       src/tests/junit/org/apache/tools/ant/util/FileUtilsTest.java
     - debian/patches/CVE-2018-10886-6.patch: take symlinks into account when
       expanding archives and checking entries
       src/main/org/apache/tools/ant/taskdefs/Expand.java
     - CVE-2018-10886
Checksums-Sha1:
 8cb9a25b795ca75585cd1412978dbcf54fef3a88 2724952 ant-gcj-dbgsym_1.9.6-1ubuntu1.1_armhf.ddeb
 942e4b043bc4419ce23d0bf3fd1dbb360b9bfa62 1254676 ant-gcj_1.9.6-1ubuntu1.1_armhf.deb
 f7356128c384c6eadbcc33329992d7ded95314a2 452546 ant-optional-gcj-dbgsym_1.9.6-1ubuntu1.1_armhf.ddeb
 ad8f56633d3780a196dbdf1563ec389720ce8fab 244748 ant-optional-gcj_1.9.6-1ubuntu1.1_armhf.deb
Checksums-Sha256:
 af291f94ac49a9192561b445ec39cb4e5e7e743dcedd0bf1552f106943165975 2724952 ant-gcj-dbgsym_1.9.6-1ubuntu1.1_armhf.ddeb
 825e16ee4d5cc44796aade8fefc8d3e97c6341f452468bd68bc935171eddbcc4 1254676 ant-gcj_1.9.6-1ubuntu1.1_armhf.deb
 c3cc704cd2470a2a71820cee04948ddd8daef0a2ae813f6c1fb268caf41f33d8 452546 ant-optional-gcj-dbgsym_1.9.6-1ubuntu1.1_armhf.ddeb
 d7586ef3c3c1caf1531f2fea7ea7cf67da46efed6a5e9023cb0b552410bf9aea 244748 ant-optional-gcj_1.9.6-1ubuntu1.1_armhf.deb
Files:
 e4a5e43ba7bd282db64a55e4768d5476 2724952 java extra ant-gcj-dbgsym_1.9.6-1ubuntu1.1_armhf.ddeb
 c906a88e0b9f9e33fd522eae0e6d3d2b 1254676 java optional ant-gcj_1.9.6-1ubuntu1.1_armhf.deb
 bb7401592b65cdf4899ebe7da6a01fb9 452546 java extra ant-optional-gcj-dbgsym_1.9.6-1ubuntu1.1_armhf.ddeb
 7f6df7d312b9e8dc4015ae12290e3e99 244748 java optional ant-optional-gcj_1.9.6-1ubuntu1.1_armhf.deb
Original-Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>