https://bugzilla.redhat.com/show_bug.cgi?id=1166041
Bug ID: 1166041
Summary: CVE-2010-5312 jquery-ui: XSS vulnerability in
jQuery.ui.dialog title option
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: vkaigoro(a)redhat.com
CC: abaron(a)redhat.com, abokovoy(a)redhat.com,
andrew(a)topdog.za.net, andrewniemants(a)gmail.com,
aortega(a)redhat.com, apatters(a)redhat.com,
apevec(a)redhat.com, athmanem(a)gmail.com,
ayoung(a)redhat.com, bazanluis20(a)gmail.com,
bkabrda(a)redhat.com, bkearney(a)redhat.com,
bleanhar(a)redhat.com, brett.lentz(a)gmail.com,
bruno(a)wolff.to, casper(a)casperlefantom.net,
cbillett(a)redhat.com, ccoleman(a)redhat.com,
chat-to-me(a)raveit.de, chkr(a)plauener.de,
chrisw(a)redhat.com, comzeradd(a)fedoraproject.org,
cpelland(a)redhat.com, croberts(a)redhat.com,
dajohnso(a)redhat.com, dallan(a)redhat.com, dan(a)danny.cz,
david.r(a)ultracar.co.uk, dclarizi(a)redhat.com,
devrim(a)gunduz.org, dmcphers(a)redhat.com,
dridi.boukelmoune(a)gmail.com, echevemaster(a)gmail.com,
emmanuel(a)seyman.fr, erlang(a)lists.fedoraproject.org,
extras-orphan(a)fedoraproject.org, fabio(a)locati.cc,
fdc(a)fcami.net, fedora(a)famillecollet.com,
frankly3d(a)gmail.com, gbailey(a)lxpro.com,
gkotton(a)redhat.com, gmccullo(a)redhat.com,
herrold(a)owlriver.com, hhorak(a)redhat.com,
hobbes1069(a)gmail.com, home(a)trarbentley.net,
i(a)cicku.me, i(a)stingr.net, ian(a)ianweller.org,
iarnell(a)gmail.com, ipa-maint(a)redhat.com,
ivaxer(a)gmail.com, jamielinux(a)fedoraproject.org,
jaswinder(a)kernel.org, jdetiber(a)redhat.com,
jdornak(a)redhat.com, jhardy(a)redhat.com,
jialiu(a)redhat.com, jimi(a)sngx.net, jkeck(a)redhat.com,
jmlich(a)redhat.com, jochen(a)herr-schmitt.de,
joelsmith(a)redhat.com, jokajak(a)fedoraproject.org,
jokerman(a)redhat.com, jonathansteffan(a)gmail.com,
jorton(a)redhat.com, jprause(a)redhat.com,
jrafanie(a)redhat.com, jsmith.fedora(a)gmail.com,
jstribny(a)redhat.com, jvlcek(a)redhat.com,
karlthered(a)gmail.com, katello-bugs(a)redhat.com,
kevin(a)scrye.com, kseifried(a)redhat.com,
ktdreyer(a)ktdreyer.com, kwizart(a)gmail.com,
leigh123linux(a)googlemail.com, lemenkov(a)gmail.com,
lhh(a)redhat.com, limburgher(a)gmail.com,
lmacken(a)redhat.com, lmeyer(a)redhat.com,
loganjerry(a)gmail.com, lpeer(a)redhat.com, luto(a)mit.edu,
markmc(a)redhat.com, matt(a)cs.wisc.edu,
mbarnes(a)redhat.com, mburns(a)redhat.com,
mcepl(a)redhat.com, mclasen(a)redhat.com,
metherid(a)gmail.com, mhroncok(a)redhat.com,
michel(a)michel-slm.name, mike(a)cchtml.com,
miketwebster(a)gmail.com, mkosek(a)redhat.com,
mmaslano(a)redhat.com, mmccomas(a)redhat.com,
mmccune(a)redhat.com, mmcgrath(a)redhat.com,
mrunge(a)redhat.com, nelsonab(a)red-tux.net,
nonamedotc(a)gmail.com, nushio(a)fedoraproject.org,
obarenbo(a)redhat.com, oliver(a)linux-kernel.at,
orion(a)cora.nwra.com,
paulo.cesar.pereira.de.andrade(a)gmail.com,
pavel(a)zhukoff.net, perl-devel(a)lists.fedoraproject.org,
peter.borsa(a)gmail.com, phalliday(a)excelsiorsystems.net,
pmyers(a)redhat.com, praiskup(a)redhat.com,
promac(a)gmail.com, puiterwijk(a)redhat.com,
pviktori(a)redhat.com, pvoborni(a)redhat.com,
python-maint(a)redhat.com, rbean(a)redhat.com,
rbryant(a)redhat.com, rcritten(a)redhat.com,
relrod(a)redhat.com, rhos-maint(a)redhat.com,
rnovacek(a)redhat.com, robinlee.sysu(a)gmail.com,
satya.komaragiri(a)gmail.com, sclewis(a)redhat.com,
scott(a)foolishpride.org, sdodson(a)sdodson.com,
shawn.iwinski(a)gmail.com, smparrish(a)gmail.com,
ssorce(a)redhat.com, stickster(a)gmail.com, sven(a)lank.es,
tadej.janez(a)tadej.hicsalta.si,
tchollingsworth(a)gmail.com, thomas.moschny(a)gmx.de,
thozza(a)redhat.com, tim4dev(a)gmail.com, tjay(a)redhat.com,
tmckay(a)redhat.com, tomckay(a)redhat.com,
vanmeeuwen+fedora(a)kolabsys.com, volker27(a)gmx.at,
vondruch(a)redhat.com, vonsch(a)gmail.com,
wojdyr(a)gmail.com, wtogami(a)gmail.com,
xlecauch(a)redhat.com, yeylon(a)redhat.com,
yohangraterol92(a)gmail.com, zbyszek(a)in.waw.pl
jQuery UI 1.10.0 release fixes XSS issue [1] in jQuery.ui.dialog title option.
From [1]:
...
WIDGETS
Dialog
Fixed: Title XSS Vulnerability. (#6016, 7e9060c)
...
Upstream commit that fixes this:
https://github.com/jquery/jquery-ui/commit/7e9060c109b928769a664dbcc2c17b...
More info can be found in the upstream bugtracker [2].
[1]:
http://jqueryui.com/changelog/1.10.0/
[2]:
http://bugs.jqueryui.com/ticket/6016
--
Note: whiteboard lists quite some packages, which are known to have jQuery
embedded.
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug
https://bugzilla.redhat.com/token.cgi?t=j1lcnw4yn1&a=cc_unsubscribe