MGASA-2020-0237

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2020-0237.html

Import Source

https://advisories.mageia.org/MGASA-2020-0237.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2020-0237

Related

CVE-2020-1945

Published

2020-05-27T18:17:37Z

Modified

2020-05-27T14:57:07Z

Summary

Updated ant packages fix security vulnerability

Details

Updated ant packages fix security vulnerability:

Apache Ant uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process (CVE-2020-1945).

The ant package has been updated to version 1.10.8 to fix this issue and other bugs.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:7 / ant

Package

Name: ant
Purl: pkg:rpm/mageia/ant?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.10.8-1.mga7

Ecosystem specific

{
    "section": "core"
}