Format: 1.8 Date: Fri, 20 Jul 2018 13:55:37 -0400 Source: ant Binary: ant ant-gcj ant-optional ant-optional-gcj ant-doc Architecture: arm64 Version: 1.9.6-1ubuntu1.1 Distribution: xenial Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Mike Salvatore Description: ant - Java based build tool like make ant-doc - Java based build tool like make - API documentation and manual ant-gcj - Java based build tool like make (GCJ) ant-optional - Java based build tool like make - optional libraries ant-optional-gcj - Java based build tool like make - optional libraries (GCJ) Changes: ant (1.9.6-1ubuntu1.1) xenial-security; urgency=medium . * SECURITY UPDATE: Fix ZipSlip vulnerability - debian/patches/CVE-2018-10886-1.patch: don't extract entires outside of the destination directory in src/main/org/apache/tools/ant/taskdefs/Expand.java, src/tests/antunit/taskdefs/unzip-test.xml - debian/patches/CVE-2018-10886-2.patch: Update the manual manual/Tasks/unzip.html - debian/patches/CVE-2018-10886-3.patch: Small update to the manual entry manual/Tasks/unzip.html - debian/patches/CVE-2018-10886-4.patch: Change stripAbsolutePathSpec's default value manual/Tasks/unzip.html src/main/org/apache/tools/ant/taskdefs/Expand.java - debian/patches/CVE-2018-10886-5.patch: add additional isLeadingPath method that resolves symlinks src/main/org/apache/tools/ant/util/FileUtils.java src/tests/junit/org/apache/tools/ant/util/FileUtilsTest.java - debian/patches/CVE-2018-10886-6.patch: take symlinks into account when expanding archives and checking entries src/main/org/apache/tools/ant/taskdefs/Expand.java - CVE-2018-10886 Checksums-Sha1: 795697db40eeb1177795e71bac9e192f7e2b8af3 2895774 ant-gcj-dbgsym_1.9.6-1ubuntu1.1_arm64.ddeb 2bf2a6b910993b668cb544aacb87f75fca5eda4e 1477822 ant-gcj_1.9.6-1ubuntu1.1_arm64.deb c6ff5e66a532da3c75158f13bee79c42bc100f93 467970 ant-optional-gcj-dbgsym_1.9.6-1ubuntu1.1_arm64.ddeb e8aa763bbfabe13f2edf1b4ebd3158c47605a2f8 278366 ant-optional-gcj_1.9.6-1ubuntu1.1_arm64.deb Checksums-Sha256: 6da21b89703fb9adb495b5268f576fedb204de5132638d505427e07c7d500902 2895774 ant-gcj-dbgsym_1.9.6-1ubuntu1.1_arm64.ddeb cad6627bfa44a8e6090a7385e68892d8babf44a62bf859cc01d7d7ae421a04ea 1477822 ant-gcj_1.9.6-1ubuntu1.1_arm64.deb 4ecd09357c4f4571799bc2829d5d373683af814bbbdf7abfba4f58d74a9e9559 467970 ant-optional-gcj-dbgsym_1.9.6-1ubuntu1.1_arm64.ddeb d9e9ca0b68a8ca42be74364680748d7782953b971cf7dda42938cb2de70e1e1b 278366 ant-optional-gcj_1.9.6-1ubuntu1.1_arm64.deb Files: 2380e3607d54f8a23522075cf45bfa50 2895774 java extra ant-gcj-dbgsym_1.9.6-1ubuntu1.1_arm64.ddeb d5253ad40c7e8c98ad78ce90be86b623 1477822 java optional ant-gcj_1.9.6-1ubuntu1.1_arm64.deb 16da9722e9c975b8b31498e40b32c28e 467970 java extra ant-optional-gcj-dbgsym_1.9.6-1ubuntu1.1_arm64.ddeb a4f8e391102d545ece2a023b1152cd93 278366 java optional ant-optional-gcj_1.9.6-1ubuntu1.1_arm64.deb Original-Maintainer: Debian Java Maintainers