CVE-2018-10886

NameCVE-2018-10886
Description** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: this candidate is not about any specific product, protocol, or design, that falls into the scope of the assigning CNA. Notes: None.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-1431-1, DSA-4255-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
ant (PTS)jessie1.9.4-3vulnerable
jessie (security)1.9.4-3+deb8u2fixed
stretch1.9.9-1vulnerable
stretch (security)1.9.9-1+deb9u1fixed
buster, sid1.10.5-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
antsource(unstable)1.10.4-1
antsourcejessie1.9.4-3+deb8u1DLA-1431-1
antsourcestretch1.9.9-1+deb9u1DSA-4255-1

Notes

Fixed upstream in 1.9.12 and 1.10.4
https://github.com/apache/ant/commit/e56e54565804991c62ec76dad385d2bdda8972a7
https://github.com/apache/ant/commit/1a2b1e37e3616991588f21efa89c474dd6ff83ff
https://github.com/apache/ant/commit/f72406d53cfb3b3425cc9d000eea421a0e05d8fe
https://github.com/apache/ant/commit/857095da5153fd18504b46f276d84f1e76a66970
https://bugzilla.redhat.com/show_bug.cgi?id=1584407
The CVE will be rejected, as it was assigned by Red Hat's CNA but is out of
scope of the assigning CNA.

Search for package or bug name: Reporting problems