https://bugzilla.redhat.com/show_bug.cgi?id=1166041 Vasyl Kaigorodov <vkaigoro@xxxxxxxxxx> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=moderate,public=2010 |impact=moderate,public=2010 |0903,reported=20141120,sour |0903,reported=20141120,sour |ce=internet,cvss2=4.3/AV:N/ |ce=internet,cvss2=4.3/AV:N/ |AC:M/Au:N/C:N/I:P/A:N,fedor |AC:M/Au:N/C:N/I:P/A:N,fedor |a-all/asterisk-gui=affected |a-all/asterisk-gui=affected |,fedora-all/beacon=affected |,fedora-all/beacon=affected |,fedora-all/blender=affecte |,fedora-all/blender=affecte |d,fedora-all/bodhi=affected |d,fedora-all/bodhi=affected |,fedora-all/cacti=affected, |,fedora-all/cacti=affected, |fedora-all/calibre=affected |fedora-all/calibre=affected |,fedora-all/cinnamon=notaff |,fedora-all/cinnamon=notaff |ected,fedora-all/ckeditor=a |ected,fedora-all/ckeditor=a |ffected,fedora-all/cobbler= |ffected,fedora-all/cobbler= |affected,fedora-all/couchdb |affected,fedora-all/couchdb |=affected,fedora-all/cumin= |=affected,fedora-all/cumin= |affected,fedora-all/django- |affected,fedora-all/django- |typepad=affected,fedora-all |typepad=affected,fedora-all |/dl=affected,fedora-all/dok |/dl=affected,fedora-all/dok |uwiki=affected,fedora-all/d |uwiki=affected,fedora-all/d |rupal6=affected,fedora-all/ |rupal6=affected,fedora-all/ |drupal7=affected,fedora-all |drupal7=affected,fedora-all |/drupal7-jquery_update=affe |/drupal7-jquery_update=affe |cted,fedora-all/fish=affect |cted,fedora-all/fish=affect |ed,fedora-all/fityk=notaffe |ed,fedora-all/fityk=notaffe |cted,fedora-all/freeipa=aff |cted,fedora-all/freeipa=aff |ected,fedora-all/gallery3=a |ected,fedora-all/gallery3=a |ffected,fedora-all/global=a |ffected,fedora-all/global=a |ffected,fedora-all/graphite |ffected,fedora-all/graphite |-web=affected,fedora-all/ho |-web=affected,fedora-all/ho |tot=affected,fedora-all/iki |tot=affected,fedora-all/iki |wiki=affected,fedora-all/li |wiki=affected,fedora-all/li |bgda=affected,fedora-all/me |bgda=affected,fedora-all/me |diawiki=affected,fedora-all |diawiki=affected,fedora-all |/mojomojo=affected,fedora-a |/mojomojo=affected,fedora-a |ll/nodejs-should=affected,f |ll/nodejs-should=affected,f |edora-all/OpenLP=affected,f |edora-all/OpenLP=affected,f |edora-all/openslides=affect |edora-all/openslides=affect |ed,fedora-all/openteacher=a |ed,fedora-all/openteacher=a |ffected,fedora-all/orbited= |ffected,fedora-all/orbited= |affected,fedora-all/perl-Mo |affected,fedora-all/perl-Mo |jolicious=affected,fedora-a |jolicious=affected,fedora-a |ll/phpPgAdmin=affected,fedo |ll/phpPgAdmin=affected,fedo |ra-all/python-backlash=affe |ra-all/python-backlash=affe |cted,fedora-all/python-djan |cted,fedora-all/python-djan |go=affected,fedora-all/pyth |go=affected,fedora-all/pyth |on-django-debug-toolbar=aff |on-django-debug-toolbar=aff |ected,fedora-all/python-dja |ected,fedora-all/python-dja |ngo-typepadapp=affected,fed |ngo-typepadapp=affected,fed |ora-all/python-django14=aff |ora-all/python-django14=aff |ected,fedora-all/python-dja |ected,fedora-all/python-dja |ngo15=affected,fedora-all/p |ngo15=affected,fedora-all/p |ython-flask-debugtoolbar=af |ython-flask-debugtoolbar=af |fected,fedora-all/python-pe |fected,fedora-all/python-pe |bl=affected,fedora-all/pyth |bl=affected,fedora-all/pyth |on-sphinx=affected,fedora-a |on-sphinx=affected,fedora-a |ll/python-tw-jquery=affecte |ll/python-tw-jquery=affecte |d,fedora-all/python-tw2-jqp |d,fedora-all/python-tw2-jqp |lugins-flot=affected,fedora |lugins-flot=affected,fedora |-all/python-tw2-jquery=affe |-all/python-tw2-jquery=affe |cted,fedora-all/python-werk |cted,fedora-all/python-werk |zeug=affected,fedora-all/py |zeug=affected,fedora-all/py |thon-XStatic-jQuery=affecte |thon-XStatic-jQuery=affecte |d,fedora-all/python-backlas |d,fedora-all/python-backlas |h=affected,fedora-all/pytho |h=affected,fedora-all/pytho |n-django=affected,fedora-al |n-django=affected,fedora-al |l/python-sphinx=affected,fe |l/python-sphinx=affected,fe |dora-all/python-werkzeug=af |dora-all/python-werkzeug=af |fected,fedora-all/roundup=a |fected,fedora-all/roundup=a |ffected,fedora-all/rubygem- |ffected,fedora-all/rubygem- |jquery-rails=affected,fedor |jquery-rails=affected,fedor |a-all/sagemath=affected,fed |a-all/sagemath=affected,fed |ora-all/sparkleshare=affect |ora-all/sparkleshare=affect |ed,fedora-all/spyder=affect |ed,fedora-all/spyder=affect |ed,fedora-all/StarCluster=a |ed,fedora-all/StarCluster=a |ffected,fedora-all/sticky-n |ffected,fedora-all/sticky-n |otes=affected,fedora-all/su |otes=notaffected,fedora-all |gar-help=affected,fedora-al |/sugar-help=affected,fedora |l/varnish-agent=affected,fe |-all/varnish-agent=affected |dora-all/webacula=affected, |,fedora-all/webacula=affect |fedora-all/wesnoth=affected |ed,fedora-all/wesnoth=affec |,fedora-all/why3=affected,f |ted,fedora-all/why3=affecte |edora-all/wordpress=affecte |d,fedora-all/wordpress=affe |d,fedora-all/yelp-xsl=affec |cted,fedora-all/yelp-xsl=af |ted,fedora-all/zabbix=affec |fected,fedora-all/zabbix=af |ted,epel-all/drupal7-jquery |fected,epel-all/drupal7-jqu |_update=affected,epel-all/p |ery_update=affected,epel-al |ython-tw-jquery=affected,ep |l/python-tw-jquery=affected |el-all/python-tw2-jquery=af |,epel-all/python-tw2-jquery |fected,epel-all/python-XSta |=affected,epel-all/python-X |tic-jquery-ui=affected,open |Static-jquery-ui=affected,o |shift-1/drupal6-jquery_ui-l |penshift-1/drupal6-jquery_u |ib=new,openshift-1/ruby193- |i-lib=new,openshift-1/ruby1 |rubygem-jquery-rails=new,op |93-rubygem-jquery-rails=new |enshift-enterprise-1/ruby19 |,openshift-enterprise-1/rub |3-rubygem-jquery-rails=new, |y193-rubygem-jquery-rails=n |openshift-enterprise-2/ruby |ew,openshift-enterprise-2/r |193-rubygem-jquery-rails=ne |uby193-rubygem-jquery-rails |w,rhscl-1.2/ror40-rubygem-j |=new,rhscl-1.2/ror40-rubyge |query-rails=new,rhscl-1.2/r |m-jquery-rails=new,rhscl-1. |uby193-rubygem-jquery-rails |2/ruby193-rubygem-jquery-ra |=new,rhn_satellite_6/ruby19 |ils=new,rhn_satellite_6/rub |3-rubygem-jquery-ui-rails=n |y193-rubygem-jquery-ui-rail |ew,sam-1/ruby193-rubygem-jq |s=new,sam-1/ruby193-rubygem |uery-rails=new,cfme-5/ruby1 |-jquery-rails=new,cfme-5/ru |93-rubygem-jquery-rails=new |by193-rubygem-jquery-rails= |,openstack-4/ruby193-rubyge |new,openstack-4/ruby193-rub |m-jquery-rails=new,openstac |ygem-jquery-rails=new,opens |k-foreman/ruby193-rubygem-j |tack-foreman/ruby193-rubyge |query-ui-rails=new,rhel-6/i |m-jquery-ui-rails=new,rhel- |pa=affected,rhel-6/python-s |6/ipa=affected,rhel-6/pytho |phinx=new,rhel-7/ipa=affect |n-sphinx=new,rhel-7/ipa=aff |ed,rhel-7/python-sphinx=new |ected,rhel-7/python-sphinx= |,rhel-7/yelp-xsl=new |new,rhel-7/yelp-xsl=new --- Comment #10 from Vasyl Kaigorodov <vkaigoro@xxxxxxxxxx> --- (In reply to Orion Poplawski from comment #7) > What version of jquery was this issue introduced in? cobbler bundles jquery > ui 1.8.18 and I'm not seeing the patched code in it, although it's hard for > me to search in the minimized js. All versions of jQUery UI prior to 1.10.0 are affected. (In reply to Athmane Madjoudj from comment #6) > Does this affected only packages with bundled jquery ui, or jquery in > general. > > For example: sticky-notes has jquery (min) and jquery.cookie but not jquery > ui (or code from it), does that make it vulnerable to this issue. It affects packages which are using bundled jQuery UI version < 1.10.0 If a package is not using jQuery UI - it's not affected. -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=Z8Buk5xEax&a=cc_unsubscribe -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl perl-devel mailing list perl-devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/perl-devel
