https://bugzilla.redhat.com/show_bug.cgi?id=1584407
--- Comment #13 from Salvatore Bonaccorso carnil@debian.org --- The fixes as released in 1.10.4 and 1.9.12 were incomplete, there was a respective followup with
https://github.com/apache/ant/commit/6a41d62cb9ab4e640b72cb4de42a6c211dea645... https://github.com/apache/ant/commit/5a8c37b271677587046bfd0fea18c1675d5a630...
I requested a CVE for the incomplete fix to CVE-2018-10886.
java-sig-commits@lists.fedoraproject.org