[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1431-1] ant security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : ant
Version        : 1.9.4-3+deb8u1
CVE ID         : CVE-2018-10886


unzip and untar target tasks in ant allows the extraction of files
outside the target directory. A crafted zip or tar file submitted to
an Ant build could create or overwrite arbitrary files with the
privileges of the user running Ant.

For Debian 8 "Jessie", these problems have been fixed in version
1.9.4-3+deb8u1.

We recommend that you upgrade your ant packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAltQG5kACgkQhj1N8u2c
KO9j3Q//bHem595fFr/ea/cAakJlA3uo3hSJdiXjAZVBaJ+fY9LJKX+CR9c+MqOp
4mkN2OlAlmPlcshWs39YhVlMt7slSUZbHtbnfeh/6oArgKs2pxSAh6D+tLXIAoal
hWanudoDBxeZPQ1bbUVEaYYR34S0sYq92IIRZmh02Slp6ZUu1jTDDyOZit375wR+
NLyWX5x5+EImI4oJkE+nER/JcOtrHB+L4oqHOS8vFy2DXeS9wGmQksk0RvkIpeQS
EQaZ+rE3vadM9ZGuGFgsXCVptayQBmCnbBnwf2harKkPNyqXD+ylUjr/1rWayjz/
zMM+o8r5PNKuefDa8E80KZFavql7WtHGiwiJvAv43JszvvPgWTF6mFtckugmxbWk
Yc7p2xdi2pvDFoDM1+fyeD1zu+MUR/vsnj3g7OMz0/0TC4fZS/Chcg4dXvwgxGG4
WbJIb+Wm7EBgiU/pTmifmlhx1iFli7K5y2i03q3pp7/kxf9AvmnzHsinGCgNojSb
f1xLG6oDSCq08WiZozpq0+X5GUdn8H4gB5lBEaoKbtSpW4uWBnJWUZG/cI6YeOss
D1YKfYnMGdNXq1rWAFVGSmEgS9erUaZzFsrryd2Nnko54uLCGeFN5Ktj4vtXqnbL
Rs9Fmjb8qFk7bBxhgS+Chifo5D5R9bh9aHa6K2WZl7RwOlUWy2w=
=o2Og
-----END PGP SIGNATURE-----


Reply to: