Apache has issued an advisory on May 13: https://www.openwall.com/lists/oss-security/2020/05/13/1 The issue is mitigated in 1.10.8. Mageia 7 is also affected.
Status comment: (none) => Fixed upstream in 1.10.8Whiteboard: (none) => MGA7TOO
Advisory: Ant from mageia 7 is affected by a security issue, CVE-2020-1945 This update upgrades ant to version 1.10.8 to fix this. References: rpms: ant-1.10.8-1.mga7 ant-lib-1.10.8-1.mga7 ant-jmf-1.10.8-1.mga7 ant-swing-1.10.8-1.mga7 ant-antlr-1.10.8-1.mga7 ant-apache-bsf-1.10.8-1.mga7 ant-apache-resolver-1.10.8-1.mga7 ant-commons-logging-1.10.8-1.mga7 ant-commons-net-1.10.8-1.mga7 ant-apache-bcel-1.10.8-1.mga7 ant-apache-log4j-1.10.8-1.mga7 ant-apache-oro-1.10.8-1.mga7 ant-apache-regexp-1.10.8-1.mga7 ant-apache-xalan2-1.10.8-1.mga7 ant-imageio-1.10.8-1.mga7 ant-javamail-1.10.8-1.mga7 ant-jdepend-1.10.8-1.mga7 ant-jsch-1.10.8-1.mga7 ant-junit-1.10.8-1.mga7 ant-junit5-1.10.8-1.mga7 ant-testutil-1.10.8-1.mga7 ant-xz-1.10.8-1.mga7 ant-manual-1.10.8-1.mga7 ant-javadoc-1.10.8-1.mga7 From: ant-1.10.8-1.mga7
Version: Cauldron => 7Whiteboard: MGA7TOO => (none)Status comment: Fixed upstream in 1.10.8 => (none)CC: (none) => mageiaAssignee: java => qa-bugs
Advisory: ======================== Updated ant packages fix security vulnerability: Apache Ant uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process (CVE-2020-1945). The ant package has been updated to version 1.10.8 to fix this issue and other bugs. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1945 https://ant.apache.org/security.html https://ant.apache.org/antnews.html
MGA7-64 Plasma on Lenovo B50 No installation issues. This is java developers stuff, so OK at clean install, unless someone else wants to have a go at it.
Whiteboard: (none) => MGA7-64-OKCC: (none) => herman.viaene
Over my pay grade, that's for sure. Validating. Advisory in Comment 2.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0237.html
Status: NEW => RESOLVEDResolution: (none) => FIXED