ant (1.9.6-1ubuntu1.1) xenial-security; urgency=medium
* SECURITY UPDATE: Fix ZipSlip vulnerability
- debian/patches/CVE-2018-10886-1.patch: don't extract entires outside of
the destination directory in
src/main/org/apache/tools/ant/taskdefs/Expand.java,
src/tests/antunit/taskdefs/unzip-test.xml
- debian/patches/CVE-2018-10886-2.patch: Update the manual
manual/Tasks/unzip.html
- debian/patches/CVE-2018-10886-3.patch: Small update to the manual entry
manual/Tasks/unzip.html
- debian/patches/CVE-2018-10886-4.patch: Change stripAbsolutePathSpec's
default value
manual/Tasks/unzip.html
src/main/org/apache/tools/ant/taskdefs/Expand.java
- debian/patches/CVE-2018-10886-5.patch: add additional isLeadingPath
method that resolves symlinks
src/main/org/apache/tools/ant/util/FileUtils.java
src/tests/junit/org/apache/tools/ant/util/FileUtilsTest.java
- debian/patches/CVE-2018-10886-6.patch: take symlinks into account when
expanding archives and checking entries
src/main/org/apache/tools/ant/taskdefs/Expand.java
- CVE-2018-10886
Date: 2018-07-24 15:15:12.684553+00:00
Changed-By: Mike Salvatore <mike.salvat...@canonical.com>
https://launchpad.net/ubuntu/+source/ant/1.9.6-1ubuntu1.1
Sorry, changesfile not available.
--
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/xenial-changes
