CVE-2020-11979 - As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions - CVEs Blog

As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process.

Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11979

Reference (s):

FEDORA:FEDORA-2020-2640aa4e19
URL: https://lists.fedoraproject.org/archives/list/[email protected]/message/U3NRQQ7ECII4ZNGW7GBC225LVYMPQEKB/
FEDORA:FEDORA-2020-3ce0f55bc5
URL: https://lists.fedoraproject.org/archives/list/[email protected]/message/DYBRN5C2RW7JRY75IB7Q7ZVKZCHWAQWS/
FEDORA:FEDORA-2020-92b1d001b3

CVE-2020-11979 – As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions

Something Fresh

CVE-2004-1715 - Directory traversal vulnerability in MIMEsweeper for Web before 5.0.4 all

CVE-2020-27216 - In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 1

CVE-2020-27212 - STMicroelectronics STM32L4 devices through 2020-10-19 have incorrect acce

What People Reading

CVE-2004-1715 - Directory traversal vulnerability in MIMEsweeper for Web before 5.0.4 all

CVE-2020-26212 - GLPI stands for Gestionnaire Libre de Parc Informatique and it is a Free

CVE-2020-27212 - STMicroelectronics STM32L4 devices through 2020-10-19 have incorrect acce

CVE-2015-0320 - Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and

CVE-2015-0353 - Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.

Categories

Partners

Just add here your partners image or promo text