Control: forwarded 699482 http://bugs.jquery.com/ticket/9521
Hi Luciano On Thu, Jan 31, 2013 at 10:50:44PM +0100, Luciano Bello wrote: > Package: jquery > Severity: important > Tags: security squeeze > Justification: user security hole > > Hi there, > It's 2011 calling :) > The CVE-2011-4969 for this issue: > http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/ > I'm not sure if squeeze (1.4.2-2) is affected. Any way to check it? It looks a bit 'complicated' situation[0], and upstream applied the following commit[1]. Attached is also the debdiff, but I'm not confortable to it right now as it's untested. [0]: http://bugs.jquery.com/ticket/9521 [1]: https://github.com/jquery/jquery/commit/749dbad981f040bd65cbb50c10e9aa6e44bd26ff Regards, Salvatore
diff -u jquery-1.4.2/debian/changelog jquery-1.4.2/debian/changelog --- jquery-1.4.2/debian/changelog +++ jquery-1.4.2/debian/changelog @@ -1,3 +1,11 @@ +jquery (1.4.2-2+squeeze1) stable-security; urgency=high + + * Non-maintainer upload. + * [SECURITY] CVE-2011-4969: Fix XSS via $(location.hash) and $(#<tag>). See + http://bugs.jquery.com/ticket/9521. (Closes: #699482) + + -- Salvatore Bonaccorso <[email protected]> Sat, 09 Feb 2013 16:21:59 +0100 + jquery (1.4.2-2) unstable; urgency=low * Setting debhelper version to >= 7.0.50~ only in patch2: unchanged: --- jquery-1.4.2.orig/src/core.js +++ jquery-1.4.2/src/core.js @@ -17,8 +17,8 @@ rootjQuery, // A simple way to check for HTML strings or ID strings - // (both of which we optimize for) - quickExpr = /^[^<]*(<[\w\W]+>)[^>]*$|^#([\w-]+)$/, + // Prioritize #id over <tag> to avoid XSS via location.hash (#9521) + quickExpr = /^(?:[^#<]*(<[\w\W]+>)[^>]*$|#([\w\-]*)$)/, // Is it a simple selector isSimple = /^.[^:#\[\.,]*$/,
_______________________________________________ Pkg-javascript-devel mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel
