Apache has issued an advisory on May 13:
The issue is mitigated in 1.10.8.
Mageia 7 is also affected.
Fixed upstream in 1.10.8Whiteboard:
Ant from mageia 7 is affected by a security issue, CVE-2020-1945
This update upgrades ant to version 1.10.8 to fix this.
Fixed upstream in 1.10.8 =>
Updated ant packages fix security vulnerability:
Apache Ant uses the default temporary directory identified by the Java system
property java.io.tmpdir for several tasks and may thus leak sensitive
information. The fixcrlf and replaceregexp tasks also copy files from the
temporary directory back into the build tree allowing an attacker to inject
modified source files into the build process (CVE-2020-1945).
The ant package has been updated to version 1.10.8 to fix this issue and other
MGA7-64 Plasma on Lenovo B50
No installation issues.
This is java developers stuff, so OK at clean install, unless someone else wants to have a go at it.
Over my pay grade, that's for sure.
Validating. Advisory in Comment 2.
An update for this issue has been pushed to the Mageia Updates repository.