https://bugzilla.redhat.com/show_bug.cgi?id=1166064
Bug ID: 1166064
Summary: CVE-2012-6662 jquery-ui: XSS vulnerability in default
content in Tooltip widget
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-t...@redhat.com
Reporter: vkaig...@redhat.com
CC: aba...@redhat.com, aboko...@redhat.com,
and...@topdog.za.net, andrewniema...@gmail.com,
aort...@redhat.com, apatt...@redhat.com,
ape...@redhat.com, athma...@gmail.com,
ayo...@redhat.com, bazanlui...@gmail.com,
bkab...@redhat.com, bkear...@redhat.com,
blean...@redhat.com, brett.le...@gmail.com,
br...@wolff.to, cas...@casperlefantom.net,
cbill...@redhat.com, ccole...@redhat.com,
chat-to...@raveit.de, c...@plauener.de,
chr...@redhat.com, comzer...@fedoraproject.org,
cpell...@redhat.com, crobe...@redhat.com,
dajoh...@redhat.com, dal...@redhat.com, d...@danny.cz,
davi...@ultracar.co.uk, dclar...@redhat.com,
dev...@gunduz.org, dmcph...@redhat.com,
dridi.boukelmo...@gmail.com, echevemas...@gmail.com,
emman...@seyman.fr, erl...@lists.fedoraproject.org,
extras-orp...@fedoraproject.org, fa...@locati.cc,
f...@fcami.net, fed...@famillecollet.com,
frankl...@gmail.com, gbai...@lxpro.com,
gkot...@redhat.com, gmccu...@redhat.com,
herr...@owlriver.com, hho...@redhat.com,
hobbes1...@gmail.com, h...@trarbentley.net,
i...@cicku.me, i...@stingr.net, i...@ianweller.org,
iarn...@gmail.com, ipa-ma...@redhat.com,
iva...@gmail.com, jamieli...@fedoraproject.org,
jaswin...@kernel.org, jdeti...@redhat.com,
jdor...@redhat.com, jha...@redhat.com,
jia...@redhat.com, j...@sngx.net, jk...@redhat.com,
jml...@redhat.com, joc...@herr-schmitt.de,
joelsm...@redhat.com, joka...@fedoraproject.org,
joker...@redhat.com, jonathanstef...@gmail.com,
jor...@redhat.com, jpra...@redhat.com,
jrafa...@redhat.com, jsmith.fed...@gmail.com,
jstri...@redhat.com, jvl...@redhat.com,
karlthe...@gmail.com, katello-b...@redhat.com,
ke...@scrye.com, kseifr...@redhat.com,
ktdre...@ktdreyer.com, kwiz...@gmail.com,
leigh123li...@googlemail.com, lemen...@gmail.com,
l...@redhat.com, limburg...@gmail.com,
lmac...@redhat.com, lme...@redhat.com,
loganje...@gmail.com, lp...@redhat.com, l...@mit.edu,
mar...@redhat.com, m...@cs.wisc.edu,
mbar...@redhat.com, mbu...@redhat.com,
mc...@redhat.com, mcla...@redhat.com,
methe...@gmail.com, mhron...@redhat.com,
mic...@michel-slm.name, m...@cchtml.com,
miketwebs...@gmail.com, mko...@redhat.com,
mmasl...@redhat.com, mmcco...@redhat.com,
mmcc...@redhat.com, mmcgr...@redhat.com,
mru...@redhat.com, nelso...@red-tux.net,
nonamed...@gmail.com, nus...@fedoraproject.org,
obare...@redhat.com, oli...@linux-kernel.at,
or...@cora.nwra.com,
paulo.cesar.pereira.de.andr...@gmail.com,
pa...@zhukoff.net, perl-devel@lists.fedoraproject.org,
peter.bo...@gmail.com, phalli...@excelsiorsystems.net,
pmy...@redhat.com, prais...@redhat.com,
pro...@gmail.com, puiterw...@redhat.com,
pvikt...@redhat.com, pvobo...@redhat.com,
python-ma...@redhat.com, rb...@redhat.com,
rbry...@redhat.com, rcrit...@redhat.com,
rel...@redhat.com, rhos-ma...@redhat.com,
rnova...@redhat.com, robinlee.s...@gmail.com,
satya.komarag...@gmail.com, scle...@redhat.com,
sc...@foolishpride.org, sdod...@sdodson.com,
shawn.iwin...@gmail.com, smparr...@gmail.com,
sso...@redhat.com, sticks...@gmail.com, s...@lank.es,
tadej.ja...@tadej.hicsalta.si,
tchollingswo...@gmail.com, thomas.mosc...@gmx.de,
tho...@redhat.com, tim4...@gmail.com, t...@redhat.com,
tmc...@redhat.com, tomc...@redhat.com,
vanmeeuwen+fed...@kolabsys.com, volke...@gmx.at,
vondr...@redhat.com, von...@gmail.com,
woj...@gmail.com, wtog...@gmail.com,
xleca...@redhat.com, yey...@redhat.com,
yohangratero...@gmail.com, zbys...@in.waw.pl
jQuery UI 1.10.0 release fixes XSS issue [1] in jQuery Tooltip widget.
From [1]:
...
WIDGETS
Tooltip
Fixed: XSS vulnerability in default content. (#8861, f285440)
...
The issue was initially reported in [2], and then actually fixed in [3] by
commit [4].
[1]: http://jqueryui.com/changelog/1.10.0/
[2]: http://bugs.jqueryui.com/ticket/8859
[3]: http://bugs.jqueryui.com/ticket/8861
[4]:
https://github.com/jquery/jquery-ui/commit/f2854408cce7e4b7fc6bf8676761904af9c96bde
--
Note: whiteboard lists quite some packages, which are known to have jQuery
embedded.
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug
https://bugzilla.redhat.com/token.cgi?t=nLGeAqRwc8&a=cc_unsubscribe
--
Fedora Extras Perl SIG
http://www.fedoraproject.org/wiki/Extras/SIGs/Perl
perl-devel mailing list
perl-devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/perl-devel
