Fedora has issued an advisory today (July 3): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/64OG345SY4HCX24PNWXYEJKFRMM2YT6C/ Mageia 5 and Mageia 6 are also affected.
Whiteboard: (none) => MGA6TOO
The issue was not fixed upstream in 1.9.12 and 1.10.4 as Ubuntu's CVE page suggested: https://bugzilla.redhat.com/show_bug.cgi?id=1584407#c13 Follow-up fixes upstream are linked in the comment above. Ubuntu has issued an advisory for this today (July 24): https://usn.ubuntu.com/3721-1/ They used the CVE-2018-10886 that RedHat assigned, but that CVE was withdrawn as RedHat was not the proper CNA to assign a CVE for Apache Ant.
openSUSE has issued an advisory for this on September 27: https://lists.opensuse.org/opensuse-updates/2018-09/msg00154.html
ant-1.10.5-3.mga7 synced with Fedora 29 in Cauldron by David Geiger fixes this.
Version: Cauldron => 6Whiteboard: MGA6TOO => (none)
Mageia 6 is EOL.
Status: NEW => RESOLVEDCC: (none) => mramboResolution: (none) => OLD