MGASA-2021-0173

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2021-0173.html

Import Source

https://advisories.mageia.org/MGASA-2021-0173.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2021-0173

Related

CVE-2020-11979

Published

2021-04-03T13:16:06Z

Modified

2021-04-03T12:20:45Z

Summary

Updated ant packages fix security vulnerability

Details

Updated ant packages fix security vulnerability:

As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process(CVE-2020-11979).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:7 / ant

Package

Name: ant
Purl: pkg:rpm/mageia/ant?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.10.9-1.mga7

Ecosystem specific

{
    "section": "core"
}