https://bugzilla.redhat.com/show_bug.cgi?id=1166064 Bug ID: 1166064 Summary: CVE-2012-6662 jquery-ui: XSS vulnerability in default content in Tooltip widget Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team@xxxxxxxxxx Reporter: vkaigoro@xxxxxxxxxx CC: abaron@xxxxxxxxxx, abokovoy@xxxxxxxxxx, andrew@xxxxxxxxxxxxx, andrewniemants@xxxxxxxxx, aortega@xxxxxxxxxx, apatters@xxxxxxxxxx, apevec@xxxxxxxxxx, athmanem@xxxxxxxxx, ayoung@xxxxxxxxxx, bazanluis20@xxxxxxxxx, bkabrda@xxxxxxxxxx, bkearney@xxxxxxxxxx, bleanhar@xxxxxxxxxx, brett.lentz@xxxxxxxxx, bruno@xxxxxxxx, casper@xxxxxxxxxxxxxxxxxx, cbillett@xxxxxxxxxx, ccoleman@xxxxxxxxxx, chat-to-me@xxxxxxxxx, chkr@xxxxxxxxxxx, chrisw@xxxxxxxxxx, comzeradd@xxxxxxxxxxxxxxxxx, cpelland@xxxxxxxxxx, croberts@xxxxxxxxxx, dajohnso@xxxxxxxxxx, dallan@xxxxxxxxxx, dan@xxxxxxxx, david.r@xxxxxxxxxxxxxx, dclarizi@xxxxxxxxxx, devrim@xxxxxxxxxx, dmcphers@xxxxxxxxxx, dridi.boukelmoune@xxxxxxxxx, echevemaster@xxxxxxxxx, emmanuel@xxxxxxxxx, erlang@xxxxxxxxxxxxxxxxxxxxxxx, extras-orphan@xxxxxxxxxxxxxxxxx, fabio@xxxxxxxxx, fdc@xxxxxxxxx, fedora@xxxxxxxxxxxxxxxxx, frankly3d@xxxxxxxxx, gbailey@xxxxxxxxx, gkotton@xxxxxxxxxx, gmccullo@xxxxxxxxxx, herrold@xxxxxxxxxxxx, hhorak@xxxxxxxxxx, hobbes1069@xxxxxxxxx, home@xxxxxxxxxxxxxxx, i@xxxxxxxx, i@xxxxxxxxxx, ian@xxxxxxxxxxxxx, iarnell@xxxxxxxxx, ipa-maint@xxxxxxxxxx, ivaxer@xxxxxxxxx, jamielinux@xxxxxxxxxxxxxxxxx, jaswinder@xxxxxxxxxx, jdetiber@xxxxxxxxxx, jdornak@xxxxxxxxxx, jhardy@xxxxxxxxxx, jialiu@xxxxxxxxxx, jimi@xxxxxxxx, jkeck@xxxxxxxxxx, jmlich@xxxxxxxxxx, jochen@xxxxxxxxxxxxxxx, joelsmith@xxxxxxxxxx, jokajak@xxxxxxxxxxxxxxxxx, jokerman@xxxxxxxxxx, jonathansteffan@xxxxxxxxx, jorton@xxxxxxxxxx, jprause@xxxxxxxxxx, jrafanie@xxxxxxxxxx, jsmith.fedora@xxxxxxxxx, jstribny@xxxxxxxxxx, jvlcek@xxxxxxxxxx, karlthered@xxxxxxxxx, katello-bugs@xxxxxxxxxx, kevin@xxxxxxxxx, kseifried@xxxxxxxxxx, ktdreyer@xxxxxxxxxxxx, kwizart@xxxxxxxxx, leigh123linux@xxxxxxxxxxxxxx, lemenkov@xxxxxxxxx, lhh@xxxxxxxxxx, limburgher@xxxxxxxxx, lmacken@xxxxxxxxxx, lmeyer@xxxxxxxxxx, loganjerry@xxxxxxxxx, lpeer@xxxxxxxxxx, luto@xxxxxxx, markmc@xxxxxxxxxx, matt@xxxxxxxxxxx, mbarnes@xxxxxxxxxx, mburns@xxxxxxxxxx, mcepl@xxxxxxxxxx, mclasen@xxxxxxxxxx, metherid@xxxxxxxxx, mhroncok@xxxxxxxxxx, michel@xxxxxxxxxxxxxxx, mike@xxxxxxxxxx, miketwebster@xxxxxxxxx, mkosek@xxxxxxxxxx, mmaslano@xxxxxxxxxx, mmccomas@xxxxxxxxxx, mmccune@xxxxxxxxxx, mmcgrath@xxxxxxxxxx, mrunge@xxxxxxxxxx, nelsonab@xxxxxxxxxxx, nonamedotc@xxxxxxxxx, nushio@xxxxxxxxxxxxxxxxx, obarenbo@xxxxxxxxxx, oliver@xxxxxxxxxxxxxxx, orion@xxxxxxxxxxxxx, paulo.cesar.pereira.de.andrade@xxxxxxxxx, pavel@xxxxxxxxxxx, perl-devel@xxxxxxxxxxxxxxxxxxxxxxx, peter.borsa@xxxxxxxxx, phalliday@xxxxxxxxxxxxxxxxxxxx, pmyers@xxxxxxxxxx, praiskup@xxxxxxxxxx, promac@xxxxxxxxx, puiterwijk@xxxxxxxxxx, pviktori@xxxxxxxxxx, pvoborni@xxxxxxxxxx, python-maint@xxxxxxxxxx, rbean@xxxxxxxxxx, rbryant@xxxxxxxxxx, rcritten@xxxxxxxxxx, relrod@xxxxxxxxxx, rhos-maint@xxxxxxxxxx, rnovacek@xxxxxxxxxx, robinlee.sysu@xxxxxxxxx, satya.komaragiri@xxxxxxxxx, sclewis@xxxxxxxxxx, scott@xxxxxxxxxxxxxxxx, sdodson@xxxxxxxxxxx, shawn.iwinski@xxxxxxxxx, smparrish@xxxxxxxxx, ssorce@xxxxxxxxxx, stickster@xxxxxxxxx, sven@xxxxxxx, tadej.janez@xxxxxxxxxxxxxxxxx, tchollingsworth@xxxxxxxxx, thomas.moschny@xxxxxx, thozza@xxxxxxxxxx, tim4dev@xxxxxxxxx, tjay@xxxxxxxxxx, tmckay@xxxxxxxxxx, tomckay@xxxxxxxxxx, vanmeeuwen+fedora@xxxxxxxxxxxx, volker27@xxxxxx, vondruch@xxxxxxxxxx, vonsch@xxxxxxxxx, wojdyr@xxxxxxxxx, wtogami@xxxxxxxxx, xlecauch@xxxxxxxxxx, yeylon@xxxxxxxxxx, yohangraterol92@xxxxxxxxx, zbyszek@xxxxxxxxx jQuery UI 1.10.0 release fixes XSS issue [1] in jQuery Tooltip widget. >From [1]: ... WIDGETS Tooltip Fixed: XSS vulnerability in default content. (#8861, f285440) ... The issue was initially reported in [2], and then actually fixed in [3] by commit [4]. [1]: http://jqueryui.com/changelog/1.10.0/ [2]: http://bugs.jqueryui.com/ticket/8859 [3]: http://bugs.jqueryui.com/ticket/8861 [4]: https://github.com/jquery/jquery-ui/commit/f2854408cce7e4b7fc6bf8676761904af9c96bde -- Note: whiteboard lists quite some packages, which are known to have jQuery embedded. -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=nLGeAqRwc8&a=cc_unsubscribe -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl perl-devel mailing list perl-devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/perl-devel