Bug#960630: ant: CVE-2020-1945
Emmanuel Bourg
ebourg at apache.org
Sun May 17 22:45:08 BST 2020
Ant 1.10.8 adds a convenience property to change the temporary
directory. It was already possible to change it in prior versions with:
ANT_OPTS=-Djava.io.tmpdir=~/temp ant jar
Now it's possible to use:
ant jar -Dant.tmpdir=~/temp
Or by setting the ant.tmpdir property inside the Ant build.xml file.
Since it requires an action from the user and the issue is already
avoidable I'm tempted to think a backport to stable isn't important.
Emmanuel Bourg
More information about the pkg-java-maintainers
mailing list