ant 1.10.3-1ubuntu0.1 source package in Ubuntu

Changelog

ant (1.10.3-1ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Fix ZipSlip vulnerability
    - debian/patches/CVE-2018-10886-1.patch: don't extract entires outside of
      the destination directory in
      src/main/org/apache/tools/ant/taskdefs/Expand.java,
      src/tests/antunit/taskdefs/unzip-test.xml
    - debian/patches/CVE-2018-10886-2.patch: Update the manual
      manual/Tasks/unzip.html
    - debian/patches/CVE-2018-10886-3.patch: Small update to the manual entry
      manual/Tasks/unzip.html
    - debian/patches/CVE-2018-10886-4.patch: Change stripAbsolutePathSpec's
      default value
      manual/Tasks/unzip.html
      src/main/org/apache/tools/ant/taskdefs/Expand.java
    - debian/patches/CVE-2018-10886-5.patch: add additional isLeadingPath
      method that resolves symlinks
      src/main/org/apache/tools/ant/util/FileUtils.java
      src/tests/junit/org/apache/tools/ant/util/FileUtilsTest.java
    - debian/patches/CVE-2018-10886-6.patch: take symlinks into account when
      expanding archives and checking entries
      src/main/org/apache/tools/ant/taskdefs/Expand.java
    - CVE-2018-10886

 -- Mike Salvatore <email address hidden>  Thu, 19 Jul 2018 14:24:04 -0400

Upload details

Uploaded by:
Mike Salvatore
Uploaded to:
Bionic
Original maintainer:
Ubuntu Developers
Architectures:
all
Section:
java
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Builds

Bionic: [FULLYBUILT] amd64

Downloads

File Size SHA-256 Checksum
ant_1.10.3.orig.tar.xz 3.1 MiB 596d74a48dad467ba45ba03c8dec39fa20900d7735ca1beaade8532e140bf6b8
ant_1.10.3-1ubuntu0.1.debian.tar.xz 22.6 KiB 238f3528f1ed4c4c45f83cdfd619bc7e58ee0e96c4b818cfc469ce7c232e233b
ant_1.10.3-1ubuntu0.1.dsc 2.5 KiB fe87a61510c44868153ff52e5be951e0da1eb15d7807a92c9701fec219856596

View changes file

Binary packages built by this source

ant: Java based build tool like make

 Apache Ant is a Java library and command-line tool whose mission is to drive
 processes described in build files as targets and extension points dependent
 upon each other. The main known usage of Ant is the build of Java applications.
 Ant supplies a number of built-in tasks allowing to compile, assemble, test
 and run Java applications. Ant can also be used effectively to build non Java
 applications, for instance C or C++ applications. More generally, Ant can be
 used to pilot any type of process which can be described in terms of targets
 and tasks.
 .
 This package contains the scripts and the core tasks libraries.

ant-doc: Java based build tool like make - API documentation and manual

 Apache Ant is a Java library and command-line tool whose mission is to drive
 processes described in build files as targets and extension points dependent
 upon each other. The main known usage of Ant is the build of Java applications.
 Ant supplies a number of built-in tasks allowing to compile, assemble, test
 and run Java applications. Ant can also be used effectively to build non Java
 applications, for instance C or C++ applications. More generally, Ant can be
 used to pilot any type of process which can be described in terms of targets
 and tasks.
 .
 This package contains the manual of ant as well as the API documentation.

ant-optional: Java based build tool like make - optional libraries

 Apache Ant is a Java library and command-line tool whose mission is to drive
 processes described in build files as targets and extension points dependent
 upon each other. The main known usage of Ant is the build of Java applications.
 Ant supplies a number of built-in tasks allowing to compile, assemble, test
 and run Java applications. Ant can also be used effectively to build non Java
 applications, for instance C or C++ applications. More generally, Ant can be
 used to pilot any type of process which can be described in terms of targets
 and tasks.
 .
 This package contains the optional tasks libraries.