https://bugzilla.redhat.com/show_bug.cgi?id=1166041 Vasyl Kaigorodov <vkaigoro@xxxxxxxxxx> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=moderate,public=2010 |impact=moderate,public=2010 |0903,reported=20141120,sour |0903,reported=20141120,sour |ce=internet,cvss2=4.3/AV:N/ |ce=internet,cvss2=4.3/AV:N/ |AC:M/Au:N/C:N/I:P/A:N,fedor |AC:M/Au:N/C:N/I:P/A:N,fedor |a-all/asterisk-gui=affected |a-all/asterisk-gui=affected |,fedora-all/beacon=affected |,fedora-all/beacon=affected |,fedora-all/blender=affecte |,fedora-all/blender=affecte |d,fedora-all/bodhi=affected |d,fedora-all/bodhi=affected |,fedora-all/cacti=affected, |,fedora-all/cacti=affected, |fedora-all/calibre=affected |fedora-all/calibre=affected |,fedora-all/cinnamon=affect |,fedora-all/cinnamon=notaff |ed,fedora-all/ckeditor=affe |ected,fedora-all/ckeditor=a |cted,fedora-all/cobbler=aff |ffected,fedora-all/cobbler= |ected,fedora-all/couchdb=af |affected,fedora-all/couchdb |fected,fedora-all/cumin=aff |=affected,fedora-all/cumin= |ected,fedora-all/django-typ |affected,fedora-all/django- |epad=affected,fedora-all/dl |typepad=affected,fedora-all |=affected,fedora-all/dokuwi |/dl=affected,fedora-all/dok |ki=affected,fedora-all/drup |uwiki=affected,fedora-all/d |al6=affected,fedora-all/dru |rupal6=affected,fedora-all/ |pal7=affected,fedora-all/dr |drupal7=affected,fedora-all |upal7-jquery_update=affecte |/drupal7-jquery_update=affe |d,fedora-all/fish=affected, |cted,fedora-all/fish=affect |fedora-all/fityk=affected,f |ed,fedora-all/fityk=affecte |edora-all/freeipa=affected, |d,fedora-all/freeipa=affect |fedora-all/gallery3=affecte |ed,fedora-all/gallery3=affe |d,fedora-all/global=affecte |cted,fedora-all/global=affe |d,fedora-all/graphite-web=a |cted,fedora-all/graphite-we |ffected,fedora-all/hotot=af |b=affected,fedora-all/hotot |fected,fedora-all/ikiwiki=a |=affected,fedora-all/ikiwik |ffected,fedora-all/libgda=a |i=affected,fedora-all/libgd |ffected,fedora-all/mediawik |a=affected,fedora-all/media |i=affected,fedora-all/mojom |wiki=affected,fedora-all/mo |ojo=affected,fedora-all/nod |jomojo=affected,fedora-all/ |ejs-should=affected,fedora- |nodejs-should=affected,fedo |all/OpenLP=affected,fedora- |ra-all/OpenLP=affected,fedo |all/openslides=affected,fed |ra-all/openslides=affected, |ora-all/openteacher=affecte |fedora-all/openteacher=affe |d,fedora-all/orbited=affect |cted,fedora-all/orbited=aff |ed,fedora-all/perl-Mojolici |ected,fedora-all/perl-Mojol |ous=affected,fedora-all/php |icious=affected,fedora-all/ |PgAdmin=affected,fedora-all |phpPgAdmin=affected,fedora- |/python-backlash=affected,f |all/python-backlash=affecte |edora-all/python-django=aff |d,fedora-all/python-django= |ected,fedora-all/python-dja |affected,fedora-all/python- |ngo-debug-toolbar=affected, |django-debug-toolbar=affect |fedora-all/python-django-ty |ed,fedora-all/python-django |pepadapp=affected,fedora-al |-typepadapp=affected,fedora |l/python-django14=affected, |-all/python-django14=affect |fedora-all/python-django15= |ed,fedora-all/python-django |affected,fedora-all/python- |15=affected,fedora-all/pyth |flask-debugtoolbar=affected |on-flask-debugtoolbar=affec |,fedora-all/python-pebl=aff |ted,fedora-all/python-pebl= |ected,fedora-all/python-sph |affected,fedora-all/python- |inx=affected,fedora-all/pyt |sphinx=affected,fedora-all/ |hon-tw-jquery=affected,fedo |python-tw-jquery=affected,f |ra-all/python-tw2-jqplugins |edora-all/python-tw2-jqplug |-flot=affected,fedora-all/p |ins-flot=affected,fedora-al |ython-tw2-jquery=affected,f |l/python-tw2-jquery=affecte |edora-all/python-werkzeug=a |d,fedora-all/python-werkzeu |ffected,fedora-all/python-X |g=affected,fedora-all/pytho |Static-jQuery=affected,fedo |n-XStatic-jQuery=affected,f |ra-all/python-backlash=affe |edora-all/python-backlash=a |cted,fedora-all/python-djan |ffected,fedora-all/python-d |go=affected,fedora-all/pyth |jango=affected,fedora-all/p |on-sphinx=affected,fedora-a |ython-sphinx=affected,fedor |ll/python-werkzeug=affected |a-all/python-werkzeug=affec |,fedora-all/roundup=affecte |ted,fedora-all/roundup=affe |d,fedora-all/rubygem-jquery |cted,fedora-all/rubygem-jqu |-rails=affected,fedora-all/ |ery-rails=affected,fedora-a |sagemath=affected,fedora-al |ll/sagemath=affected,fedora |l/sparkleshare=affected,fed |-all/sparkleshare=affected, |ora-all/spyder=affected,fed |fedora-all/spyder=affected, |ora-all/StarCluster=affecte |fedora-all/StarCluster=affe |d,fedora-all/sticky-notes=a |cted,fedora-all/sticky-note |ffected,fedora-all/sugar-he |s=affected,fedora-all/sugar |lp=affected,fedora-all/varn |-help=affected,fedora-all/v |ish-agent=affected,fedora-a |arnish-agent=affected,fedor |ll/webacula=affected,fedora |a-all/webacula=affected,fed |-all/wesnoth=affected,fedor |ora-all/wesnoth=affected,fe |a-all/why3=affected,fedora- |dora-all/why3=affected,fedo |all/wordpress=affected,fedo |ra-all/wordpress=affected,f |ra-all/yelp-xsl=affected,fe |edora-all/yelp-xsl=affected |dora-all/zabbix=affected,ep |,fedora-all/zabbix=affected |el-all/drupal7-jquery_updat |,epel-all/drupal7-jquery_up |e=affected,epel-all/python- |date=affected,epel-all/pyth |tw-jquery=affected,epel-all |on-tw-jquery=affected,epel- |/python-tw2-jquery=affected |all/python-tw2-jquery=affec |,epel-all/python-XStatic-jq |ted,epel-all/python-XStatic |uery-ui=affected,openshift- |-jquery-ui=affected,openshi |1/drupal6-jquery_ui-lib=new |ft-1/drupal6-jquery_ui-lib= |,openshift-1/ruby193-rubyge |new,openshift-1/ruby193-rub |m-jquery-rails=new,openshif |ygem-jquery-rails=new,opens |t-enterprise-1/ruby193-ruby |hift-enterprise-1/ruby193-r |gem-jquery-rails=new,opensh |ubygem-jquery-rails=new,ope |ift-enterprise-2/ruby193-ru |nshift-enterprise-2/ruby193 |bygem-jquery-rails=new,rhsc |-rubygem-jquery-rails=new,r |l-1.2/ror40-rubygem-jquery- |hscl-1.2/ror40-rubygem-jque |rails=new,rhscl-1.2/ruby193 |ry-rails=new,rhscl-1.2/ruby |-rubygem-jquery-rails=new,r |193-rubygem-jquery-rails=ne |hn_satellite_6/ruby193-ruby |w,rhn_satellite_6/ruby193-r |gem-jquery-ui-rails=new,sam |ubygem-jquery-ui-rails=new, |-1/ruby193-rubygem-jquery-r |sam-1/ruby193-rubygem-jquer |ails=new,cfme-5/ruby193-rub |y-rails=new,cfme-5/ruby193- |ygem-jquery-rails=new,opens |rubygem-jquery-rails=new,op |tack-4/ruby193-rubygem-jque |enstack-4/ruby193-rubygem-j |ry-rails=new,openstack-fore |query-rails=new,openstack-f |man/ruby193-rubygem-jquery- |oreman/ruby193-rubygem-jque |ui-rails=new,rhel-6/ipa=new |ry-ui-rails=new,rhel-6/ipa= |,rhel-6/python-sphinx=new,r |new,rhel-6/python-sphinx=ne |hel-7/ipa=new,rhel-7/python |w,rhel-7/ipa=new,rhel-7/pyt |-sphinx=new,rhel-7/yelp-xsl |hon-sphinx=new,rhel-7/yelp- |=new |xsl=new --- Comment #2 from Vasyl Kaigorodov <vkaigoro@xxxxxxxxxx> --- (In reply to leigh scott from comment #1) > I fail to see how this affects cinnamon as it doesn't use jQuery.ui.dialog > > $ repoquery -q --whatprovides */jquery.ui.dialog.js > mediawiki-0:1.23.6-1.fc20.noarch > sagemath-notebook-0:5.12-1.fc20.x86_64 > mediawiki-0:1.21.2-2.fc20.noarch > python-XStatic-jquery-ui-0:1.10.4.1-1.fc20.noarch > sagemath-notebook-0:6.1.1-5.fc20.x86_64 > drupal7-jquery_update-0:2.3-2.fc20.noarch > drupal7-jquery_update-0:2.4-1.fc20.noarch You're right, the "affected" list contains all the packages that have "jquery.js" embedded. I'd not rely on repoquery too much here, since jQuery.ui.dialog.js might be renamed, or embedded in jquery.js. Anyways - files/usr/lib/cinnamon-settings/data/spices/jquery.js in cinnamon does not contain vulnerable code, marked as "notaffected". -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=4UupTLnau1&a=cc_unsubscribe -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl perl-devel mailing list perl-devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/perl-devel
