Package: yui Severity: grave Tags: security Hi, the following vulnerabilities were published for yui.
CVE-2012-5883[0]: | Cross-site scripting (XSS) vulnerability in the Flash component | infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x | and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and | 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web | script or HTML via vectors related to swfstore.swf, a similar issue to | CVE-2010-4209. CVE-2012-5882[1]: | Cross-site scripting (XSS) vulnerability in the Flash component | infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to | inject arbitrary web script or HTML via vectors related to | uploader.swf, a similar issue to CVE-2010-4208. CVE-2012-5881[2]: | Cross-site scripting (XSS) vulnerability in the Flash component | infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to | inject arbitrary web script or HTML via vectors related to charts.swf, | a similar issue to CVE-2010-4207. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5883 http://security-tracker.debian.org/tracker/CVE-2012-5883 [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5882 http://security-tracker.debian.org/tracker/CVE-2012-5882 [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5881 http://security-tracker.debian.org/tracker/CVE-2012-5881 http://yuilibrary.com/support/20121030-vulnerability/ Kind regards Nico -- Nico Golde - http://www.ngolde.de - [email protected] - GPG: 0xA0A0AAAA
pgpYvCJMeGmEF.pgp
Description: PGP signature
_______________________________________________ Pkg-javascript-devel mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel
