29257 – ant new security issues CVE-2021-3637[34]

Bug 29257 - ant new security issues CVE-2021-3637[34]

Summary: ant new security issues CVE-2021-3637[34]

Status:	NEW

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	RPM Packages (show other bugs)
Version:	Cauldron
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	Java Stack Maintainers
QA Contact:

URL:
Whiteboard:	MGA8TOO
Keywords:

Depends on:
Blocks:

Reported:	2021-07-14 16:19 CEST by David Walser
Modified:	2022-05-02 20:00 CEST (History)
CC List:	0 users

See Also:
Source RPM:	ant-1.10.9-1.mga8.src.rpm
CVE:
Status comment:	Fixed upstream in 1.10.11

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2021-07-14 16:19:09 CEST

Apache has issued advisories on July 13:
https://www.openwall.com/lists/oss-security/2021/07/13/5
https://www.openwall.com/lists/oss-security/2021/07/13/6

See also:
https://ant.apache.org/security.html

The issues are fixed upstream in 1.10.11.

Mageia 8 is also affected.

David Walser 2021-07-14 16:19:28 CEST

Status comment: (none) => Fixed upstream in 1.10.11
Whiteboard: (none) => MGA8TOO

Comment 1 David Walser 2022-05-02 20:00:08 CEST

openSUSE has issued an advisory for this on April 27:
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OXY7DJ3ZRXW5ELKGQV46EF2S2IYSY5P7/

Note You need to log in before you can comment on or make changes to this bug.