ant

Link	package \| bugs open \| bugs closed \| Wiki \| GitHub \| web search
Description	Java based build tool
Version	1.10.15-1 [extra]

Resolved

Group	Affected	Fixed	Severity	Status	Ticket
AVG-2151	1.10.10-1	1.10.11-1	Low	Fixed
AVG-1312	1.10.8-1	1.10.9-1	Medium	Fixed
AVG-1159	1.10.7-1	1.10.8-1	Medium	Fixed

Issue	Group	Severity	Remote	Type	Description
CVE-2021-36374	AVG-2151	Low	No	Denial of service	When reading a specially crafted ZIP archive, or a derived format, Apache Ant before version 1.10.11 can be made to allocate large amounts of memory that...
CVE-2021-36373	AVG-2151	Low	No	Denial of service	When reading a specially crafted TAR archive, Apache Ant before version 1.10.11 can be made to allocate large amounts of memory that finally leads to an out...
CVE-2020-11979	AVG-1312	Medium	No	Arbitrary code execution	As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access...
CVE-2020-1945	AVG-1159	Medium	No	Arbitrary command execution	Apache Ant uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive...

Advisories

Date	Advisory	Group	Severity	Type
20 Jul 2021	ASA-202107-43	AVG-2151	Low	denial of service
05 Dec 2020	ASA-202012-5	AVG-1312	Medium	arbitrary code execution
20 May 2020	ASA-202005-15	AVG-1159	Medium	arbitrary command execution