-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2022-22d8ba36d0 2022-11-21 00:50:50.116621 --------------------------------------------------------------------------------
Name : js-jquery-ui Product : Fedora 35 Version : 1.13.2 Release : 1.fc35 URL : https://jqueryui.com/ Summary : jQuery user interface Description : A curated set of user interface interactions, effects, widgets, and themes built on top of the jQuery JavaScript Library.
-------------------------------------------------------------------------------- Update Information:
A flaw was found in the jquery-UI package. Affected versions of this package are vulnerable to Cross-site scripting (XSS) attack via the initialization of a check-box-radio widget on an input tag enclosed within a label, leading to the parent label contents being considered as the input label. -------------------------------------------------------------------------------- ChangeLog:
* Fri Nov 11 2022 Mattias Ellert mattias.ellert@physics.uu.se - 1.13.2-1 - Update to version 1.13.2 * Thu Jul 21 2022 Fedora Release Engineering releng@fedoraproject.org - 1.13.0-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild * Mon Jul 18 2022 Mattias Ellert mattias.ellert@physics.uu.se - 1.13.0-3 - Change CSS minifier from yuicompressor to rcssmin on Fedora * Thu Jan 20 2022 Fedora Release Engineering releng@fedoraproject.org - 1.13.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2110708 - CVE-2022-31160 js-jquery-ui: jqueryui: CVE-2022-31160 [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2110708 --------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-22d8ba36d0' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------
package-announce@lists.fedoraproject.org