ant_1.9.9-1+deb9u1_source.changes ACCEPTED into proposed-updates->stable-new

Debian FTP Masters ftpmaster at ftp-master.debian.org
Tue Jul 24 21:45:11 BST 2018 

Mapping stable-security to proposed-updates.

Accepted:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 22 Jul 2018 09:28:08 +0200
Source: ant
Binary: ant ant-gcj ant-optional ant-optional-gcj ant-doc
Architecture: source
Version: 1.9.9-1+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>
Changed-By: Salvatore Bonaccorso <carnil at debian.org>
Description:
 ant        - Java based build tool like make
 ant-doc    - Java based build tool like make - API documentation and manual
 ant-gcj    - Java based build tool like make (GCJ)
 ant-optional - Java based build tool like make - optional libraries
 ant-optional-gcj - Java based build tool like make - optional libraries (GCJ)
Changes:
 ant (1.9.9-1+deb9u1) stretch-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * arbitrary file write vulnerability and arbitrary code execution using a
     specially crafted zip file (CVE-2018-10886)
     + unzip and friends could monitor where they write more closely
     + forgot to update the manual
     + and forgot two words
     + change stripAbsolutePathSpec's default
     + add additional isLeadingPath method that resolves symlinks
     + take symlinks into account when expanding archives and
       checking entries
   * Add NEWS.Debian file to document possibly breaking changes
   * Adjust versions to Debian version for the CVE-2018-10886 changes in
     documentation.
Checksums-Sha1:
 da6ce13192d99f3df96e3c1a1e34cff70b8e34d0 2758 ant_1.9.9-1+deb9u1.dsc
 0bd865455b7cfc8e3c74bf41b5734445d7aebb34 3218780 ant_1.9.9.orig.tar.xz
 2c58603eb7ec223c8b256b8d4bd9019f1f85b9ee 21264 ant_1.9.9-1+deb9u1.debian.tar.xz
 804c5b7afd95a38082ca249ea4eb99f63866d423 6181 ant_1.9.9-1+deb9u1_source.buildinfo
Checksums-Sha256:
 50fc5fc2e13186210e118d63c7d783053b83e4fa261b5fd269fa3e2ad26646b6 2758 ant_1.9.9-1+deb9u1.dsc
 bde0fb4ebb98272dd07a31757c818d91b4b987dc28e9e9b68217a7425ee05f04 3218780 ant_1.9.9.orig.tar.xz
 95ae1248cfb0d0bba454edc39090f783a4cf34407e5498b2a4cc589c432da4e6 21264 ant_1.9.9-1+deb9u1.debian.tar.xz
 983219013e57044467c3a6117e73b29733079d9d8946fdf2eac3f4de0d8136b3 6181 ant_1.9.9-1+deb9u1_source.buildinfo
Files:
 ed7d7ab7b734a2c8cf061a8918eee0ed 2758 java optional ant_1.9.9-1+deb9u1.dsc
 963c17f7fee5c30b0a6583edfb85dff9 3218780 java optional ant_1.9.9.orig.tar.xz
 df5e2ce86cacd03f8fbf8e3042d432cf 21264 java optional ant_1.9.9-1+deb9u1.debian.tar.xz
 a6a89b06c4d996b2c87b06a408851321 6181 java optional ant_1.9.9-1+deb9u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAltUQYNfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89Eh4YP+gLH4f18duJvJKEu4wbDuFRb2uGWrHUs
9/S31l6x7/UGIQQm5jBzAOEdx7/CKgWGr5L7XLXSYhlhvBTQM4cBMFBEjRopi7oo
kszmTHepkqd8IhCBwSFFIFqaPKXbeYZ8Y+seigymntIfg+qAqRbD5EtGKsRdk1xt
aJK8ZnvYdhpDvYsRtlgtqSSnCgGakv75xAFr5VxdiLowviYk+oIwEVGty2vDHOpl
fcOCV1wnkDQsKM27NayUgdA/Jg5ab+gAKJmixSSh4baUwlKdWJaB+aQhQ6QWNP0L
pH0HbbEa8VVnm1afmQ2AzNDKgWG3MDId5GlUO4m3U/phYuGbuID2e2oVrH6mB0yz
XXUUqp7hErB9AGsxw55vRyCjsFgAb1w3GsiEKgQ5zHO/n2LPTB3d+AeK6VhiSlPn
+aHi/Z68nuHNHjInfzXAL9yHDsQdAFQGP2yLCw7jAlv3y5apvn8m0+8CztKTcgs4
NVgDhKTAyal84L38yQG+BqqXFCawkjYbq5Wa55SMHkol/Ncs3/fD/+JlOpGubtGX
abgvYXb+ZJdHtXp6KqwVC/A4qa/vNOqWh6cXOSRCiliU2tSrznKiJvzXMEE3Q7ug
KuybGuhNrd2UZy20apE/F3m0vBzuSYmeLjob+0kLUNJ5IKXdEWAzQQGPiqQKN9r3
XZUnB/8hoRhr
=Gorv
-----END PGP SIGNATURE-----


Thank you for your contribution to Debian.

More information about the pkg-java-maintainers mailing list