Hi, I'm curious:
"jQuery versions 1.6.3 and higher provide protection against common forms of this problem; thus, the vulnerability is mitigated if your site has upgraded to a recent version of jQuery" does that mean the drupal-7 package *could* now use the libjs-jquery package instead of an embedded copy? The libjs-jquery/1.7.2 package seems it was already immune to this issue. (Proof of concept at http://ma.la/jquery_xss/ - save it locally and you can swap out the jquery.js to test other versions). Regards, -- Steven Chamberlain ste...@pyro.eu.org -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
