Overview

File ant-CVE-2020-1945-2.patch of Package ant.26115

From 926f339ea30362bec8e53bf5924ce803938163b7 Mon Sep 17 00:00:00 2001
From: Stefan Bodewig <bodewig@apache.org>
Date: Sun, 10 May 2020 15:07:05 +0200
Subject: [PATCH] recommend using ant.tmpdir

---
 manual/running.html | 7 +++++++
 1 file changed, 7 insertions(+)

Index: apache-ant-1.9.4/manual/running.html
===================================================================
--- apache-ant-1.9.4.orig/manual/running.html
+++ apache-ant-1.9.4/manual/running.html
@@ -545,6 +545,13 @@ on the platform and the JVM implementati
   use <code>java.io.tmpdir</code> unless they have been adapted to the
   changed API of Ant 1.9.15.</p>
 
+<p><b>Security Note:</b> Using the default temporary directory
+specified by <code>java.io.tmpdir</code> can result in the leakage of
+sensitive information or possibly allow an attacker to execute
+arbitrary code. This is especially true in multi-user environments. It
+is recommended that <code>ant.tmpdir</code> be set to a directory
+owned by the user running Ant with 0700 permissions.</p>
+
 <h2><a name="cygwin">Cygwin Users</a></h2>
 <p>The Unix launch script that come with Ant works correctly with Cygwin. You
 should not have any problems launching Ant from the Cygwin shell. It is
openSUSE Build Service is sponsored by
Places