[Bug 1166064] New: CVE-2012-6662 jquery-ui: XSS vulnerability in default content in Tooltip widget
bugzilla at redhat.com
bugzilla at redhat.com
Thu Nov 20 11:06:08 UTC 2014
https://bugzilla.redhat.com/show_bug.cgi?id=1166064
Bug ID: 1166064
Summary: CVE-2012-6662 jquery-ui: XSS vulnerability in default
content in Tooltip widget
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team at redhat.com
Reporter: vkaigoro at redhat.com
CC: abaron at redhat.com, abokovoy at redhat.com,
andrew at topdog.za.net, andrewniemants at gmail.com,
aortega at redhat.com, apatters at redhat.com,
apevec at redhat.com, athmanem at gmail.com,
ayoung at redhat.com, bazanluis20 at gmail.com,
bkabrda at redhat.com, bkearney at redhat.com,
bleanhar at redhat.com, brett.lentz at gmail.com,
bruno at wolff.to, casper at casperlefantom.net,
cbillett at redhat.com, ccoleman at redhat.com,
chat-to-me at raveit.de, chkr at plauener.de,
chrisw at redhat.com, comzeradd at fedoraproject.org,
cpelland at redhat.com, croberts at redhat.com,
dajohnso at redhat.com, dallan at redhat.com, dan at danny.cz,
david.r at ultracar.co.uk, dclarizi at redhat.com,
devrim at gunduz.org, dmcphers at redhat.com,
dridi.boukelmoune at gmail.com, echevemaster at gmail.com,
emmanuel at seyman.fr, erlang at lists.fedoraproject.org,
extras-orphan at fedoraproject.org, fabio at locati.cc,
fdc at fcami.net, fedora at famillecollet.com,
frankly3d at gmail.com, gbailey at lxpro.com,
gkotton at redhat.com, gmccullo at redhat.com,
herrold at owlriver.com, hhorak at redhat.com,
hobbes1069 at gmail.com, home at trarbentley.net,
i at cicku.me, i at stingr.net, ian at ianweller.org,
iarnell at gmail.com, ipa-maint at redhat.com,
ivaxer at gmail.com, jamielinux at fedoraproject.org,
jaswinder at kernel.org, jdetiber at redhat.com,
jdornak at redhat.com, jhardy at redhat.com,
jialiu at redhat.com, jimi at sngx.net, jkeck at redhat.com,
jmlich at redhat.com, jochen at herr-schmitt.de,
joelsmith at redhat.com, jokajak at fedoraproject.org,
jokerman at redhat.com, jonathansteffan at gmail.com,
jorton at redhat.com, jprause at redhat.com,
jrafanie at redhat.com, jsmith.fedora at gmail.com,
jstribny at redhat.com, jvlcek at redhat.com,
karlthered at gmail.com, katello-bugs at redhat.com,
kevin at scrye.com, kseifried at redhat.com,
ktdreyer at ktdreyer.com, kwizart at gmail.com,
leigh123linux at googlemail.com, lemenkov at gmail.com,
lhh at redhat.com, limburgher at gmail.com,
lmacken at redhat.com, lmeyer at redhat.com,
loganjerry at gmail.com, lpeer at redhat.com, luto at mit.edu,
markmc at redhat.com, matt at cs.wisc.edu,
mbarnes at redhat.com, mburns at redhat.com,
mcepl at redhat.com, mclasen at redhat.com,
metherid at gmail.com, mhroncok at redhat.com,
michel at michel-slm.name, mike at cchtml.com,
miketwebster at gmail.com, mkosek at redhat.com,
mmaslano at redhat.com, mmccomas at redhat.com,
mmccune at redhat.com, mmcgrath at redhat.com,
mrunge at redhat.com, nelsonab at red-tux.net,
nonamedotc at gmail.com, nushio at fedoraproject.org,
obarenbo at redhat.com, oliver at linux-kernel.at,
orion at cora.nwra.com,
paulo.cesar.pereira.de.andrade at gmail.com,
pavel at zhukoff.net, perl-devel at lists.fedoraproject.org,
peter.borsa at gmail.com, phalliday at excelsiorsystems.net,
pmyers at redhat.com, praiskup at redhat.com,
promac at gmail.com, puiterwijk at redhat.com,
pviktori at redhat.com, pvoborni at redhat.com,
python-maint at redhat.com, rbean at redhat.com,
rbryant at redhat.com, rcritten at redhat.com,
relrod at redhat.com, rhos-maint at redhat.com,
rnovacek at redhat.com, robinlee.sysu at gmail.com,
satya.komaragiri at gmail.com, sclewis at redhat.com,
scott at foolishpride.org, sdodson at sdodson.com,
shawn.iwinski at gmail.com, smparrish at gmail.com,
ssorce at redhat.com, stickster at gmail.com, sven at lank.es,
tadej.janez at tadej.hicsalta.si,
tchollingsworth at gmail.com, thomas.moschny at gmx.de,
thozza at redhat.com, tim4dev at gmail.com, tjay at redhat.com,
tmckay at redhat.com, tomckay at redhat.com,
vanmeeuwen+fedora at kolabsys.com, volker27 at gmx.at,
vondruch at redhat.com, vonsch at gmail.com,
wojdyr at gmail.com, wtogami at gmail.com,
xlecauch at redhat.com, yeylon at redhat.com,
yohangraterol92 at gmail.com, zbyszek at in.waw.pl
jQuery UI 1.10.0 release fixes XSS issue [1] in jQuery Tooltip widget.
>From [1]:
...
WIDGETS
Tooltip
Fixed: XSS vulnerability in default content. (#8861, f285440)
...
The issue was initially reported in [2], and then actually fixed in [3] by
commit [4].
[1]: http://jqueryui.com/changelog/1.10.0/
[2]: http://bugs.jqueryui.com/ticket/8859
[3]: http://bugs.jqueryui.com/ticket/8861
[4]:
https://github.com/jquery/jquery-ui/commit/f2854408cce7e4b7fc6bf8676761904af9c96bde
--
Note: whiteboard lists quite some packages, which are known to have jQuery
embedded.
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=nLGeAqRwc8&a=cc_unsubscribe
More information about the perl-devel
mailing list