[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: Add CVE-2012-6708/jquery

Fri, 19 Jan 2018 01:42:10 -0800 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
bba8a0e0 by Salvatore Bonaccorso at 2018-01-19T10:40:10+01:00
Add CVE-2012-6708/jquery

- - - - -
0da19d3f by Salvatore Bonaccorso at 2018-01-19T10:40:28+01:00
Cleanup trailing whitespaces

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -36,7 +36,10 @@ CVE-2016-10707 (jQuery before 3.0.0 is vulnerable to Denial 
of Service (DoS) due
 CVE-2015-9251 (jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) 
attacks ...)
        TODO: check
 CVE-2012-6708 (jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) 
...)
-       TODO: check
+       - jquery 1.11.3+dfsg-1
+       NOTE: https://bugs.jquery.com/ticket/11290
+       NOTE: 
https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d
+       NOTE: https://snyk.io/vuln/npm:jquery:20120206
 CVE-2018-5776 [XSS vulnerability in MediaElement]
        - wordpress <unfixed> (bug #887596)
        NOTE: 
https://wordpress.org/news/2018/01/wordpress-4-9-2-security-and-maintenance-release/
@@ -7641,7 +7644,7 @@ CVE-2018-2694 (Vulnerability in the Oracle VM VirtualBox 
component of Oracle ...
 CVE-2018-2693 (Vulnerability in the Oracle VM VirtualBox component of Oracle 
...)
        - virtualbox-guest-additions-iso 5.2.6-1
        [jessie] - virtualbox-guest-additions-iso <no-dsa> (Non-free not 
supported)
-       [wheezy] - virtualbox-guest-additions-iso <no-dsa> (Non-free not 
supported)     
+       [wheezy] - virtualbox-guest-additions-iso <no-dsa> (Non-free not 
supported)
        NOTE: 
http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
 CVE-2018-2692 (Vulnerability in the Oracle Financial Services Asset Liability 
...)
        NOT-FOR-US: Oracle



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/895e749b3fc7ba8c28f4bede5a27687cac8f6609...0da19d3fdad37079f2ba292c0d488aba2a1cbeb8

---
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/895e749b3fc7ba8c28f4bede5a27687cac8f6609...0da19d3fdad37079f2ba292c0d488aba2a1cbeb8
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to