ant-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bode...@apache.org
Subject svn commit: r1341864 - /ant/site/ant/production/security.html
Date Wed, 23 May 2012 13:56:14 GMT
Author: bodewig
Date: Wed May 23 13:56:14 2012
New Revision: 1341864

URL: http://svn.apache.org/viewvc?rev=1341864&view=rev
Log:
forgot page

Added:
    ant/site/ant/production/security.html   (with props)

Added: ant/site/ant/production/security.html
URL: http://svn.apache.org/viewvc/ant/site/ant/production/security.html?rev=1341864&view=auto
==============================================================================
--- ant/site/ant/production/security.html (added)
+++ ant/site/ant/production/security.html Wed May 23 13:56:14 2012
@@ -0,0 +1,305 @@
+
+
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<!--
+   Licensed to the Apache Software Foundation (ASF) under one or more
+   contributor license agreements.  See the NOTICE file distributed with
+   this work for additional information regarding copyright ownership.
+   The ASF licenses this file to You under the Apache License, Version 2.0
+   (the "License"); you may not use this file except in compliance with
+   the License.  You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+-->
+        <html lang="en">
+    <!-- GENERATED FILE, DO NOT EDIT, EDIT THE XML FILE IN xdocs INSTEAD! -->
+    <head>
+      <META http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+        <title>Apache Ant - Apache Ant Security Reports</title>
+        <link type="text/css" href="./page.css" rel="stylesheet">
+        </head>
+
+    <body>
+      <p class="navpath">
+        <script src="./breadcrumbs.js" language="JavaScript" type="text/javascript"></script>
+      </p>
+
+      <div class="logobar">
+        <table width="100%" border="0" cellspacing="0" cellpadding="0">
+          <tr>
+            <td align="left"><img border="0" alt="Apache Ant site" src="./images/group-logo.gif"></td>
+            <td align="center" width="100%"><img alt="Apache Ant logo" border="0"
src="./images/project-logo.gif"></td>
+            <td align="right">
+              <form target="_blank" onsubmit="q.value = query.value + ' site:ant.apache.org'"
action="http://www.google.com/search" method="get">
+                <table summary="search" border="0" cellspacing="0" cellpadding="0" bgcolor="#4C6C8F">
+                  <tr>
+                    <td colspan="3"><img height="10" width="1" alt="" src="./images/spacer.gif"></td>
+                  </tr>
+                  <tr>
+                    <td><img height="1" width="1" alt="" src="./images/spacer.gif"></td>
+                    <td nowrap="nowrap" class="searchcaption">
+                      <input name="q" type="hidden">
+                      <input size="15" id="query" type="text">
+                      <img height="1" width="5" alt="" src="./images/spacer.gif">
+                      <input name="Search" value="Search" type="submit">
+                      <br>
+                      the Apache Ant site
+                    </td>
+                    <td><img height="1" width="1" alt="" src="./images/spacer.gif"></td>
+                  </tr>
+                  <tr>
+                    <td><img alt="" border="0" height="10" width="9" src="./images/search-left.gif"></td>
+                    <td><img height="1" width="1" alt="" src="./images/spacer.gif"></td>
+                    <td><img alt="" border="0" height="10" width="9" src="./images/search-right.gif"></td>
+                  </tr>
+                </table>
+              </form>
+            </td>
+          </tr>
+        </table>
+      </div>
+
+                  <div class="tab">
+              <table summary="tab bar" border="0" cellpadding="0" cellspacing="0">
+                <tr>
+                                  <td width="8"><img alt="" height="5" width="8"
src="./images/spacer.gif"></td><td valign="bottom">
+                      <table summary="selected tab" style="height: 1.5em" border="0" cellpadding="0"
cellspacing="0">
+                        <tr>
+                        <td valign="top" width="5" bgcolor="#4C6C8F"><img height="5"
width="5" alt="" src="./images/tabSel-left.gif"></td><td valign="middle" bgcolor="#4C6C8F"><font
color="#ffffff" size="2" face="Arial, Helvetica, Sans-serif"><b>Home</b></font></td><td
valign="top" width="5" bgcolor="#4C6C8F"><img height="5" width="5" alt="" src="./images/tabSel-right.gif"></td>
+                        </tr>
+                      </table>
+                    </td>
+                                    <td width="5"><img alt="" height="8" width="8"
src="./images/spacer.gif"></td><td valign="bottom">
+                      <table summary="non selected tab" style="height: 1.4em" border="0"
cellpadding="0" cellspacing="0">
+                        <tr>
+                          <td valign="top" width="5" bgcolor="#B2C4E0"><img height="5"
width="5" alt="" src="./images/tab-left.gif"></td><td valign="middle" bgcolor="#B2C4E0"><a
href="./projects/index.html"><font size="2" face="Arial, Helvetica, Sans-serif">Projects</font></a></td><td
valign="top" width="5" bgcolor="#B2C4E0"><img height="5" width="5" alt="" src="./images/tab-right.gif"></td>
+                        </tr>
+                      </table>
+                    </td>
+                            </tr>
+              </table>
+            </div>
+
+      <div class="bluebar"></div>
+                    
+  <div class="menucontainer">
+    <div class="menu">
+      <ul>
+              <li class="menuheader">Apache Ant
+          <ul>
+                            <li>
+                                    <a href="./index.html">Welcome</a>
+                                </li>
+                            <li>
+                                    <a href="http://www.apache.org/licenses/LICENSE-2.0.html">License</a>
+                                </li>
+                            <li>
+                                    <a href="./antnews.html">News</a>
+                                </li>
+                            <li>
+                                    <a href="./security.html">Security Reports</a>
+                                </li>
+                      </ul>
+        </li>
+              <li class="menuheader">Documentation
+          <ul>
+                            <li>
+                                    <a href="./manual/index.html">Manual</a>
+                                </li>
+                            <li>
+                                    <a href="./projects.html">Related Projects</a>
+                                </li>
+                            <li>
+                                    <a href="./external.html">External Tools and Tasks</a>
+                                </li>
+                            <li>
+                                    <a href="./resources.html">Resources</a>
+                                </li>
+                            <li>
+                                    <a href="./faq.html">Frequently Asked Questions</a>
+                                </li>
+                            <li>
+                                    <a href="http://wiki.apache.org/ant/FrontPage">Wiki</a>
+                                </li>
+                            <li>
+                                    <a href="./problems.html">Having Problems?</a>
+                                </li>
+                      </ul>
+        </li>
+              <li class="menuheader">Download
+          <ul>
+                            <li>
+                                    <a href="http://ant.apache.org/bindownload.cgi">Binary
Distributions</a>
+                                </li>
+                            <li>
+                                    <a href="http://ant.apache.org/srcdownload.cgi">Source
Distributions</a>
+                                </li>
+                            <li>
+                                    <a href="http://ant.apache.org/manualdownload.cgi">Ant
Manual</a>
+                                </li>
+                      </ul>
+        </li>
+              <li class="menuheader">Contributing
+          <ul>
+                            <li>
+                                    <a href="./mail.html">Mailing Lists</a>
+                                </li>
+                            <li>
+                                    <a href="./svn.html">Subversion Repositories</a>
+                                </li>
+                            <li>
+                                    <a href="./nightlies.html">Nightly+Continuous Builds</a>
+                                </li>
+                            <li>
+                                    <a href="./bugs.html">Bug Database</a>
+                                </li>
+                            <li>
+                                    <a href="http://www.apache.org/security/">Security</a>
+                                </li>
+                      </ul>
+        </li>
+              <li class="menuheader">Sponsorship
+          <ul>
+                            <li>
+                                    <a href="http://www.apache.org/foundation/thanks.html">Thanks</a>
+                                </li>
+                            <li>
+                                    <a href="http://www.apache.org/foundation/sponsorship.html">Sponsorship</a>
+                                </li>
+                      </ul>
+        </li>
+              <li class="menuheader">Project Management
+          <ul>
+                            <li>
+                                    <a href="./contributors.html">Contributors</a>
+                                </li>
+                            <li>
+                                    <a href="./mission.html">Apache Ant Mission</a>
+                                </li>
+                            <li>
+                                    <a href="./bylaws.html">Project Bylaws</a>
+                                </li>
+                            <li>
+                                    <a href="./legal.html">Legal</a>
+                                </li>
+                      </ul>
+        </li>
+            </ul>
+    </div>
+    <center>
+    <a href="http://www.apache.org/events/current-event.html"><img border="0" title="ApacheCon"
alt="ApacheCon - logo" src="http://www.apache.org/events/current-event-125x125.png" style="width:
125px;height: 125px;"></a>
+    </center>
+    <img style="float: left" height="10" width="10" border="0" alt="" src="./images/menu-left.gif">
+    <img style="float: right" height="10" width="10" border="0" alt="" src="./images/menu-right.gif">
+  </div>
+      <div class="lightbluebar">&nbsp;</div>
+  <div class="main">
+  <div class="content">
+    <h1 class="title">Apache Ant Security Reports</h1>
+            <h3 class="section">
+      <a name="Reporting New Security Problems with Apache Ant"></a>
+      Reporting New Security Problems with Apache Ant
+    </h3>
+                        <p>The Apache Software Foundation takes a very active stance
+        in eliminating security problems and denial of service attacks
+        against its products.</p>
+                                <p>We strongly encourage folks to report such problems
to our
+        private security mailing list first, before disclosing them in
+        a public forum.</p>
+                                <p>Please note that the security mailing list should
only be
+        used for reporting undisclosed security vulnerabilities and
+        managing the process of fixing such vulnerabilities. We cannot
+        accept regular bug reports or other queries at this
+        address. All mail sent to this address that does not relate to
+        an undisclosed security problem in our source code will be
+        ignored.</p>
+                                <p>If you need to report a bug that isn't an undisclosed
+        security vulnerability, please use the <a href="bugs.html">bug reporting page</a>.</p>
+                                <p>Questions about:</p>
+                                <ul>
+          <li>if a vulnerability applies to your particular application</li>
+          <li>obtaining further information on a published vulnerability</li>
+          <li>availability of patches and/or new releases</li>
+        </ul>
+                                <p>should be addressed to the users mailing list. Please
see
+        the <a href="mail.html">mailing lists page</a> for
+        details of how to subscribe.</p>
+                                <p>The private security mailing address is: <a href="mailto:security@apache.org">security@apache.org</a></p>
+                        <h3 class="section">
+      <a name="Apache Ant Security Vulnerabilities"></a>
+      Apache Ant Security Vulnerabilities
+    </h3>
+                        <p>This page lists all security vulnerabilities fixed in
+        released versions of Apache Ant. Each vulnerability is given a
+        security impact rating by the development team - please note
+        that this rating may vary from platform to platform. We also
+        list the versions of Ant the flaw is known to affect, and
+        where a flaw has not been verified list the version with a
+        question mark.</p>
+                                <p>Please note that binary patches are never provided.
If you
+        need to apply a source code patch, use the building
+        instructions for the Ant version that you are using.</p>
+                                <p>If you need help on building Ant or other help on
following
+        the instructions to mitigate the known vulnerabilities listed
+        here, please send your questions to the public <a href="mail.html">Ant Users
mailing list</a>.</p>
+                                <p>If you have encountered an unlisted security vulnerability
+        or other unexpected behaviour that has security impact, or if
+        the descriptions here are incomplete, please report them
+        privately to the Apache Security Team. Thank you.</p>
+                                      <h4 class="subsection">
+        <a name="Fixed in Apache Ant 1.8.4"></a>
+        Fixed in Apache Ant 1.8.4
+      </h4>
+                        <p><b>Low: Denial of Service</b> <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2098">CVE-2012-2098</a></p>
+                                <p>The bzip2 compressing streams in Apache Ant internally
+          use sorting algorithms with unacceptable worst-case
+          performance on very repetitive inputs.  A specially crafted
+          input to Ants' <code>&lt;bzip2&gt;</code> task can be used
+          to make the process spend a very long time while using up
+          all available processing time effectively leading to a
+          denial of service.</p>
+                                <p>This was fixed in revisions
+          <a href="http://svn.apache.org/viewvc?view=revision&amp;revision=1340895">1340895</a>
and
+          <a href="http://svn.apache.org/viewvc?view=revision&amp;revision=1340990">1340990</a>.</p>
+                                <p>This was first reported to the Security Team on
12 April
+          2012 and made public on TODO.</p>
+                                <p>Affects: 1.5 - 1.8.3</p>
+                                            <h3 class="section">
+      <a name="Errors and Ommissions"></a>
+      Errors and Ommissions
+    </h3>
+                        <p>Please report any errors or omissions to <a href="mail.html">the
dev mailing list</a>.</p>
+                
+    </div>
+  </div>
+
+        <p class="copyright">
+      Apache Ant, Apache Ivy, Ant, Ivy, Apache, the Apache feather logo, and the Apache Ant
project logos are trademarks of The Apache Software Foundation.
+        <script type="text/javascript" language="JavaScript"><!--
+                document.write(" - "+"Last Published: " + document.lastModified);
+              //  -->
+        </script>
+      </p>
+    </body>
+  </html>
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+

Propchange: ant/site/ant/production/security.html
------------------------------------------------------------------------------
    svn:eol-style = native



Mime
View raw message