| Name | CVE-2020-1945 |
| Description | Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default tempora ... |
| Source | CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| Debian Bugs | 960630 |
Vulnerable and fixed packages
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|
| ant (PTS) | bullseye | 1.10.9-4 | fixed |
| bookworm | 1.10.13-1 | fixed |
| trixie | 1.10.15-1 | fixed |
| forky, sid | 1.10.17-1 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|
| ant | source | (unstable) | 1.10.8-1 | low | | 960630 |
Notes
[buster] - ant <no-dsa> (Minor issue)
[stretch] - ant <no-dsa> (Minor issue)
[jessie] - ant <no-dsa> (Minor issue)
https://www.openwall.com/lists/oss-security/2020/05/13/1
https://github.com/apache/ant/commit/9c1f4d905da59bf446570ac28df5b68a37281f35 (1.9.15)
https://github.com/apache/ant/commit/926f339ea30362bec8e53bf5924ce803938163b7 (1.9.15)
https://github.com/apache/ant/commit/d591851ae3921172bb825b5a5344afa3de0e28ca (10.8)
https://github.com/apache/ant/commit/9c1f4d905da59bf446570ac28df5b68a37281f35 (10.8)
https://github.com/apache/ant/commit/041b058c7bf10a94d56db3ca9dba38cf90ab9943 (10.8)
https://github.com/apache/ant/commit/a8645a151bc706259fb1789ef587d05482d98612 (10.8)
https://github.com/apache/ant/commit/926f339ea30362bec8e53bf5924ce803938163b7 (10.8)
Adressing CVE-2020-1945 introduces a new issue CVE-2020-11979.