CVE-2018-10886

NameCVE-2018-10886
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-1431-1, DSA-4255-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
ant (PTS)buster1.10.5-2fixed
bullseye1.10.9-4fixed
bookworm1.10.13-1fixed
sid, trixie1.10.14-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
antsourcejessie1.9.4-3+deb8u1DLA-1431-1
antsourcestretch1.9.9-1+deb9u1DSA-4255-1
antsource(unstable)1.10.4-1

Notes

Fixed upstream in 1.9.12 and 1.10.4
https://github.com/apache/ant/commit/e56e54565804991c62ec76dad385d2bdda8972a7
https://github.com/apache/ant/commit/1a2b1e37e3616991588f21efa89c474dd6ff83ff
https://github.com/apache/ant/commit/f72406d53cfb3b3425cc9d000eea421a0e05d8fe
https://github.com/apache/ant/commit/857095da5153fd18504b46f276d84f1e76a66970
https://bugzilla.redhat.com/show_bug.cgi?id=1584407
The CVE was rejected, as it was assigned by Red Hat's CNA but is out of
scope of the assigning CNA. The rejection was not due to technical invalid
issue but because it was assigned by a CNA which did not cover the scope
for ant. Would fall under Apache CNA instead.

Search for package or bug name: Reporting problems