Security update for ant
This update for ant fixes the following issues:
Security issue fixed:
- CVE-2018-10886: Fixed a path traversal vulnerability in malformed zip file paths, which allowed arbitrary file writes and could potentially lead to code execution (bsc#1100053).
Non-security issues fixed:
- Add rhino to the ant-apache-bsf optional tasks (bsc#1134001).
- Remove jakarta-commons-logging dependencies (bsc#1133997).
- Use apache-commons-logging in optional tasks
This update was imported from the SUSE:SLE-15:Update update project.
-
Submitted by
Pedro Monreal Gonzalez (pmonrealgonzalez)
Fixed bugs
bnc#1100053
VUL-0: CVE-2018-10886: ant: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file
bnc#1134001
ant-apache-bsf - Optional apache bsf tasks for ant is incorrect
bnc#1133997
Incorrect package ant-commons-logging - Optional commons logging tasks for ant
