|Description||** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: this candidate is not about any specific product, protocol, or design, that falls into the scope of the assigning CNA. Notes: None.|
|Source||CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)|
Vulnerable and fixed packages
The table below lists information on source packages.
|ant (PTS)||stretch (security), stretch||1.9.9-1+deb9u1||fixed|
The information below is based on the following data on fixed versions.
|Package||Type||Release||Fixed Version||Urgency||Origin||Debian Bugs|
Fixed upstream in 1.9.12 and 1.10.4
The CVE was rejected, as it was assigned by Red Hat's CNA but is out of
scope of the assigning CNA. The rejection was not due to technical invalid
issue but because it was assigned by a CNA which did not cover the scope
for ant. Would fall under Apache CNA instead.