Ubuntu
ant package

Change logs for ant source package in Xenial

Xenial (16.04)
Change log

ant (1.9.6-1ubuntu1.1) xenial-security; urgency=medium

  * SECURITY UPDATE: Fix ZipSlip vulnerability
    - debian/patches/CVE-2018-10886-1.patch: don't extract entires outside of
      the destination directory in
      src/main/org/apache/tools/ant/taskdefs/Expand.java,
      src/tests/antunit/taskdefs/unzip-test.xml
    - debian/patches/CVE-2018-10886-2.patch: Update the manual
      manual/Tasks/unzip.html
    - debian/patches/CVE-2018-10886-3.patch: Small update to the manual entry
      manual/Tasks/unzip.html
    - debian/patches/CVE-2018-10886-4.patch: Change stripAbsolutePathSpec's
      default value
      manual/Tasks/unzip.html
      src/main/org/apache/tools/ant/taskdefs/Expand.java
    - debian/patches/CVE-2018-10886-5.patch: add additional isLeadingPath
      method that resolves symlinks
      src/main/org/apache/tools/ant/util/FileUtils.java
      src/tests/junit/org/apache/tools/ant/util/FileUtilsTest.java
    - debian/patches/CVE-2018-10886-6.patch: take symlinks into account when
      expanding archives and checking entries
      src/main/org/apache/tools/ant/taskdefs/Expand.java
    - CVE-2018-10886

 -- Mike Salvatore <email address hidden>  Fri, 20 Jul 2018 13:55:37 -0400

ant (1.9.6-1ubuntu1) wily; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - Revert back to using libgnumail-java to avoid inclusion of Maven
      in Ubuntu main.

ant (1.9.6-1) unstable; urgency=medium

  * New upstream release
  * Removed the unused gjdoc task

ant (1.9.5-1) unstable; urgency=medium

  * New upstream release
    - Refreshed the patches
  * Improved the build reproducibility by using the date from the changelog
    in version.txt
  * Moved the package to Git

 -- James Page <email address hidden>  Wed, 08 Jul 2015 15:58:06 +0100

Ubuntuant package

Change logs for ant source package in Xenial

Ubuntu
ant package