The following Fedora EPEL 7 Security updates need testing:
Age URL
2
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-4d30ee90cd
nginx-1.20.1-10.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
js-jquery-ui-1.13.2-1.el7
Details about builds:
================================================================================
js-jquery-ui-1.13.2-1.el7 (FEDORA-EPEL-2022-a06d5c7af1)
jQuery user interface
--------------------------------------------------------------------------------
Update Information:
A flaw was found in the jquery-UI package. Affected versions of this package are
vulnerable to Cross-site scripting (XSS) attack via the initialization of a
check-box-radio widget on an input tag enclosed within a label, leading to the
parent label contents being considered as the input label.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 11 2022 Mattias Ellert <mattias.ellert(a)physics.uu.se> - 1.13.2-1
- Update to version 1.13.2
* Thu Jul 21 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.13.0-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Mon Jul 18 2022 Mattias Ellert <mattias.ellert(a)physics.uu.se> - 1.13.0-3
- Change CSS minifier from yuicompressor to rcssmin on Fedora
* Thu Jan 20 2022 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.13.0-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2110706 - CVE-2022-31160 js-jquery-ui: jqueryui: CVE-2022-31160 [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2110706
--------------------------------------------------------------------------------