[Bug 1166064] New: CVE-2012-6662 jquery-ui: XSS vulnerability in default content in Tooltip widget

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



https://bugzilla.redhat.com/show_bug.cgi?id=1166064

            Bug ID: 1166064
           Summary: CVE-2012-6662 jquery-ui: XSS vulnerability in default
                    content in Tooltip widget
           Product: Security Response
         Component: vulnerability
          Keywords: Security
          Severity: medium
          Priority: medium
          Assignee: security-response-team@xxxxxxxxxx
          Reporter: vkaigoro@xxxxxxxxxx
                CC: abaron@xxxxxxxxxx, abokovoy@xxxxxxxxxx,
                    andrew@xxxxxxxxxxxxx, andrewniemants@xxxxxxxxx,
                    aortega@xxxxxxxxxx, apatters@xxxxxxxxxx,
                    apevec@xxxxxxxxxx, athmanem@xxxxxxxxx,
                    ayoung@xxxxxxxxxx, bazanluis20@xxxxxxxxx,
                    bkabrda@xxxxxxxxxx, bkearney@xxxxxxxxxx,
                    bleanhar@xxxxxxxxxx, brett.lentz@xxxxxxxxx,
                    bruno@xxxxxxxx, casper@xxxxxxxxxxxxxxxxxx,
                    cbillett@xxxxxxxxxx, ccoleman@xxxxxxxxxx,
                    chat-to-me@xxxxxxxxx, chkr@xxxxxxxxxxx,
                    chrisw@xxxxxxxxxx, comzeradd@xxxxxxxxxxxxxxxxx,
                    cpelland@xxxxxxxxxx, croberts@xxxxxxxxxx,
                    dajohnso@xxxxxxxxxx, dallan@xxxxxxxxxx, dan@xxxxxxxx,
                    david.r@xxxxxxxxxxxxxx, dclarizi@xxxxxxxxxx,
                    devrim@xxxxxxxxxx, dmcphers@xxxxxxxxxx,
                    dridi.boukelmoune@xxxxxxxxx, echevemaster@xxxxxxxxx,
                    emmanuel@xxxxxxxxx, erlang@xxxxxxxxxxxxxxxxxxxxxxx,
                    extras-orphan@xxxxxxxxxxxxxxxxx, fabio@xxxxxxxxx,
                    fdc@xxxxxxxxx, fedora@xxxxxxxxxxxxxxxxx,
                    frankly3d@xxxxxxxxx, gbailey@xxxxxxxxx,
                    gkotton@xxxxxxxxxx, gmccullo@xxxxxxxxxx,
                    herrold@xxxxxxxxxxxx, hhorak@xxxxxxxxxx,
                    hobbes1069@xxxxxxxxx, home@xxxxxxxxxxxxxxx,
                    i@xxxxxxxx, i@xxxxxxxxxx, ian@xxxxxxxxxxxxx,
                    iarnell@xxxxxxxxx, ipa-maint@xxxxxxxxxx,
                    ivaxer@xxxxxxxxx, jamielinux@xxxxxxxxxxxxxxxxx,
                    jaswinder@xxxxxxxxxx, jdetiber@xxxxxxxxxx,
                    jdornak@xxxxxxxxxx, jhardy@xxxxxxxxxx,
                    jialiu@xxxxxxxxxx, jimi@xxxxxxxx, jkeck@xxxxxxxxxx,
                    jmlich@xxxxxxxxxx, jochen@xxxxxxxxxxxxxxx,
                    joelsmith@xxxxxxxxxx, jokajak@xxxxxxxxxxxxxxxxx,
                    jokerman@xxxxxxxxxx, jonathansteffan@xxxxxxxxx,
                    jorton@xxxxxxxxxx, jprause@xxxxxxxxxx,
                    jrafanie@xxxxxxxxxx, jsmith.fedora@xxxxxxxxx,
                    jstribny@xxxxxxxxxx, jvlcek@xxxxxxxxxx,
                    karlthered@xxxxxxxxx, katello-bugs@xxxxxxxxxx,
                    kevin@xxxxxxxxx, kseifried@xxxxxxxxxx,
                    ktdreyer@xxxxxxxxxxxx, kwizart@xxxxxxxxx,
                    leigh123linux@xxxxxxxxxxxxxx, lemenkov@xxxxxxxxx,
                    lhh@xxxxxxxxxx, limburgher@xxxxxxxxx,
                    lmacken@xxxxxxxxxx, lmeyer@xxxxxxxxxx,
                    loganjerry@xxxxxxxxx, lpeer@xxxxxxxxxx, luto@xxxxxxx,
                    markmc@xxxxxxxxxx, matt@xxxxxxxxxxx,
                    mbarnes@xxxxxxxxxx, mburns@xxxxxxxxxx,
                    mcepl@xxxxxxxxxx, mclasen@xxxxxxxxxx,
                    metherid@xxxxxxxxx, mhroncok@xxxxxxxxxx,
                    michel@xxxxxxxxxxxxxxx, mike@xxxxxxxxxx,
                    miketwebster@xxxxxxxxx, mkosek@xxxxxxxxxx,
                    mmaslano@xxxxxxxxxx, mmccomas@xxxxxxxxxx,
                    mmccune@xxxxxxxxxx, mmcgrath@xxxxxxxxxx,
                    mrunge@xxxxxxxxxx, nelsonab@xxxxxxxxxxx,
                    nonamedotc@xxxxxxxxx, nushio@xxxxxxxxxxxxxxxxx,
                    obarenbo@xxxxxxxxxx, oliver@xxxxxxxxxxxxxxx,
                    orion@xxxxxxxxxxxxx,
                    paulo.cesar.pereira.de.andrade@xxxxxxxxx,
                    pavel@xxxxxxxxxxx, perl-devel@xxxxxxxxxxxxxxxxxxxxxxx,
                    peter.borsa@xxxxxxxxx, phalliday@xxxxxxxxxxxxxxxxxxxx,
                    pmyers@xxxxxxxxxx, praiskup@xxxxxxxxxx,
                    promac@xxxxxxxxx, puiterwijk@xxxxxxxxxx,
                    pviktori@xxxxxxxxxx, pvoborni@xxxxxxxxxx,
                    python-maint@xxxxxxxxxx, rbean@xxxxxxxxxx,
                    rbryant@xxxxxxxxxx, rcritten@xxxxxxxxxx,
                    relrod@xxxxxxxxxx, rhos-maint@xxxxxxxxxx,
                    rnovacek@xxxxxxxxxx, robinlee.sysu@xxxxxxxxx,
                    satya.komaragiri@xxxxxxxxx, sclewis@xxxxxxxxxx,
                    scott@xxxxxxxxxxxxxxxx, sdodson@xxxxxxxxxxx,
                    shawn.iwinski@xxxxxxxxx, smparrish@xxxxxxxxx,
                    ssorce@xxxxxxxxxx, stickster@xxxxxxxxx, sven@xxxxxxx,
                    tadej.janez@xxxxxxxxxxxxxxxxx,
                    tchollingsworth@xxxxxxxxx, thomas.moschny@xxxxxx,
                    thozza@xxxxxxxxxx, tim4dev@xxxxxxxxx, tjay@xxxxxxxxxx,
                    tmckay@xxxxxxxxxx, tomckay@xxxxxxxxxx,
                    vanmeeuwen+fedora@xxxxxxxxxxxx, volker27@xxxxxx,
                    vondruch@xxxxxxxxxx, vonsch@xxxxxxxxx,
                    wojdyr@xxxxxxxxx, wtogami@xxxxxxxxx,
                    xlecauch@xxxxxxxxxx, yeylon@xxxxxxxxxx,
                    yohangraterol92@xxxxxxxxx, zbyszek@xxxxxxxxx



jQuery UI 1.10.0 release fixes XSS issue [1] in jQuery Tooltip widget.
>From [1]:
...
WIDGETS
Tooltip
Fixed: XSS vulnerability in default content. (#8861, f285440)
...

The issue was initially reported in [2], and then actually fixed in [3] by
commit [4].

[1]: http://jqueryui.com/changelog/1.10.0/
[2]: http://bugs.jqueryui.com/ticket/8859
[3]: http://bugs.jqueryui.com/ticket/8861
[4]:
https://github.com/jquery/jquery-ui/commit/f2854408cce7e4b7fc6bf8676761904af9c96bde

--
Note: whiteboard lists quite some packages, which are known to have jQuery
embedded.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=nLGeAqRwc8&a=cc_unsubscribe
--
Fedora Extras Perl SIG
http://www.fedoraproject.org/wiki/Extras/SIGs/Perl
perl-devel mailing list
perl-devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/perl-devel





[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Legacy Announce]     [Fedora PHP Devel]     [Kernel Devel]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite Information]
  Powered by Linux