Format: 1.8
Date: Mon, 23 Jul 2018 09:07:56 -0400
Source: ant
Binary: ant ant-gcj ant-optional ant-optional-gcj ant-doc
Architecture: powerpc
Version: 1.9.3-2ubuntu0.1
Distribution: trusty
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@bos02-powerpc-008.buildd>
Changed-By: Mike Salvatore <mike.salvatore@canonical.com>
Description: 
 ant        - Java based build tool like make
 ant-doc    - Java based build tool like make - API documentation and manual
 ant-gcj    - Java based build tool like make (GCJ)
 ant-optional - Java based build tool like make - optional libraries
 ant-optional-gcj - Java based build tool like make - optional libraries (GCJ)
Changes: 
 ant (1.9.3-2ubuntu0.1) trusty-security; urgency=medium
 .
   * SECURITY UPDATE: Fix ZipSlip vulnerability
     - debian/patches/CVE-2018-10886-1.patch: don't extract entires outside of
       the destination directory in
       src/main/org/apache/tools/ant/taskdefs/Expand.java,
       src/tests/antunit/taskdefs/unzip-test.xml
     - debian/patches/CVE-2018-10886-2.patch: Update the manual
       manual/Tasks/unzip.html
     - debian/patches/CVE-2018-10886-3.patch: Small update to the manual entry
       manual/Tasks/unzip.html
     - debian/patches/CVE-2018-10886-4.patch: Change stripAbsolutePathSpec's
       default value
       manual/Tasks/unzip.html
       src/main/org/apache/tools/ant/taskdefs/Expand.java
     - debian/patches/CVE-2018-10886-5.patch: add additional isLeadingPath
       method that resolves symlinks
       src/main/org/apache/tools/ant/util/FileUtils.java
       src/tests/junit/org/apache/tools/ant/util/FileUtilsTest.java
     - debian/patches/CVE-2018-10886-6.patch: take symlinks into account when
       expanding archives and checking entries
       src/main/org/apache/tools/ant/taskdefs/Expand.java
     - CVE-2018-10886
Checksums-Sha1: 
 434f746a12b70445f683c19601a4089fbb7f5750 1332814 ant-gcj_1.9.3-2ubuntu0.1_powerpc.deb
 07be159efe43705d3e8c3493c9d5e4384539e454 2581668 ant-gcj-dbgsym_1.9.3-2ubuntu0.1_powerpc.ddeb
 d8f97bb01bc4d36d2587588959d25b393589d81e 248222 ant-optional-gcj_1.9.3-2ubuntu0.1_powerpc.deb
 1e8ab3528aaa0f86f00e86f09c530b79b4dcdbca 391446 ant-optional-gcj-dbgsym_1.9.3-2ubuntu0.1_powerpc.ddeb
Checksums-Sha256: 
 d56a920b5b8883c791acb565dc7cf9c3d0c03ff748c254bea0415c0e30cef816 1332814 ant-gcj_1.9.3-2ubuntu0.1_powerpc.deb
 283a9f61f978dcf55c74597f4dee1a9ea30b8832ba36a00e78c15ccda5ec9dbe 2581668 ant-gcj-dbgsym_1.9.3-2ubuntu0.1_powerpc.ddeb
 dca5d65c5e844c79ab7b5aafaf46c82e203634c96589e493a027f98f79131e62 248222 ant-optional-gcj_1.9.3-2ubuntu0.1_powerpc.deb
 048d707f0d484b9576841c0204fec0f94b0fa296725e6f1b16d5b5f59dd456ea 391446 ant-optional-gcj-dbgsym_1.9.3-2ubuntu0.1_powerpc.ddeb
Files: 
 cd3260171b3333e17f24535f6ad1d638 1332814 java optional ant-gcj_1.9.3-2ubuntu0.1_powerpc.deb
 d6dc789b5682993df0432efd70a12956 2581668 java extra ant-gcj-dbgsym_1.9.3-2ubuntu0.1_powerpc.ddeb
 16abad66e5a51bfa48a8af5a7ea96848 248222 java optional ant-optional-gcj_1.9.3-2ubuntu0.1_powerpc.deb
 40f2bd0abf7bb09eb95fd1391f1f2221 391446 java extra ant-optional-gcj-dbgsym_1.9.3-2ubuntu0.1_powerpc.ddeb
Original-Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>