Bug 1166041 (CVE-2010-5312)
| Summary: | CVE-2010-5312 jquery-ui: XSS vulnerability in jQuery.ui.dialog title option | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Vasyl Kaigorodov <vkaigoro> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED WONTFIX | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | abaron, abokovoy, aboyko, ahenning, andrewniemants, andrew, aortega, apatters, apevec, athmanem, ayoung, bazanluis20, bkabrda, bkearney, bleanhar, brett.lentz, bruno, cbillett, ccoleman, chkr, chrisw, comzeradd, contribs, cpelland, croberts, dajohnso, dallan, dclarizi, devrim, dmcphers, dridi.boukelmoune, echevemaster, erlang, extras-orphan, gkotton, gmccullo, gwync, herrold, hhorak, hobbes1069, iarnell, i, ipa-maint, i, jaswinder, jdetiber, jdornak, jhardy, jialiu, jimi, jkeck, jochen, joelsmith, jokajak, jokerman, jonathansteffan, jorton, jprause, jrafanie, jrusnack, jsmith.fedora, jstribny, jvlcek, karlthered, katello-bugs, kevin, kseifried, ktdreyer, lemenkov, lhh, lmacken, lmeyer, loganjerry, lpeer, markmc, matt, mburns, mcepl, mclasen, metherid, mhroncok, michel, mike, mkosek, mmaslano, mmccomas, mmccune, mmcgrath, mrunge, msaulnier, nelsonab, nonamedotc, nushio, obarenbo, oliver, orion, paulo.cesar.pereira.de.andrade, perl-devel, peter.borsa, phalliday, promac, pskopek, puiterwijk, pvoborni, python-maint, rbean, rbryant, rcritten, relrod, rhos-maint, rnovacek, robinlee.sysu, satya.komaragiri, sclewis, scott, sdodson, sguilhen, smparrish, ssorce, stickster, sven, sysoutfran, tchollingsworth, thomas.moschny, thozza, tjay, tmckay, tomckay, vanmeeuwen+fedora, vdanen, volker27, vondruch, vonsch, wtogami, xlecauch, yeylon, yohangraterol92, zbyszek |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | jQuery UI 1.10.0 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2015-10-06 05:56:02 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1166099, 1166103, 1166111, 1166229, 1166241, 1166242, 1166758, 1166759, 1166760, 1166761, 1166762, 1166764, 1166765, 1166766, 1166767, 1166768, 1166769, 1166770, 1166771, 1166772, 1166773, 1166774, 1166775, 1166776, 1166777, 1166778, 1166779, 1166780, 1166781, 1166782, 1166784, 1166785, 1166786, 1166787, 1166788, 1166789, 1166790, 1166791, 1166792, 1166793, 1166794, 1166795, 1166796, 1166797, 1166798, 1166799, 1166800, 1166801, 1166802, 1166803, 1166804, 1166805, 1166806, 1166807, 1166809, 1166810, 1166812, 1166813, 1166814, 1166815, 1166816, 1166817, 1166818, 1166819, 1166820, 1166821, 1166822, 1166823, 1166824, 1166825, 1166826, 1166827, 1166828, 1166829 | ||
| Bug Blocks: | 1162456, 2014197 | ||
|
Description
Vasyl Kaigorodov
2014-11-20 10:30:32 UTC
I fail to see how this affects cinnamon as it doesn't use jQuery.ui.dialog $ repoquery -q --whatprovides */jquery.ui.dialog.js mediawiki-0:1.23.6-1.fc20.noarch sagemath-notebook-0:5.12-1.fc20.x86_64 mediawiki-0:1.21.2-2.fc20.noarch python-XStatic-jquery-ui-0:1.10.4.1-1.fc20.noarch sagemath-notebook-0:6.1.1-5.fc20.x86_64 drupal7-jquery_update-0:2.3-2.fc20.noarch drupal7-jquery_update-0:2.4-1.fc20.noarch (In reply to leigh scott from comment #1) > I fail to see how this affects cinnamon as it doesn't use jQuery.ui.dialog > > $ repoquery -q --whatprovides */jquery.ui.dialog.js > mediawiki-0:1.23.6-1.fc20.noarch > sagemath-notebook-0:5.12-1.fc20.x86_64 > mediawiki-0:1.21.2-2.fc20.noarch > python-XStatic-jquery-ui-0:1.10.4.1-1.fc20.noarch > sagemath-notebook-0:6.1.1-5.fc20.x86_64 > drupal7-jquery_update-0:2.3-2.fc20.noarch > drupal7-jquery_update-0:2.4-1.fc20.noarch You're right, the "affected" list contains all the packages that have "jquery.js" embedded. I'd not rely on repoquery too much here, since jQuery.ui.dialog.js might be renamed, or embedded in jquery.js. Anyways - files/usr/lib/cinnamon-settings/data/spices/jquery.js in cinnamon does not contain vulnerable code, marked as "notaffected". Created freeipa tracking bugs for this issue: Affects: fedora-all [bug 1166229] Does this affected only packages with bundled jquery ui, or jquery in general. For example: sticky-notes has jquery (min) and jquery.cookie but not jquery ui (or code from it), does that make it vulnerable to this issue. What version of jquery was this issue introduced in? cobbler bundles jquery ui 1.8.18 and I'm not seeing the patched code in it, although it's hard for me to search in the minimized js. Why did you add my email address again? I do not maintain or co-maintain any package which use jquery ui. And cinnamon isn't affected. (In reply to Wolfgang Ulbrich from comment #8) > Why did you add my email address again? > I do not maintain or co-maintain any package which use jquery ui. > And cinnamon isn't affected. Sorry for the noise, Wolfgang. It's another issue, and another bug which is treated separately - I'm marking cinnamon as "notaffected" here as well. (In reply to Orion Poplawski from comment #7) > What version of jquery was this issue introduced in? cobbler bundles jquery > ui 1.8.18 and I'm not seeing the patched code in it, although it's hard for > me to search in the minimized js. All versions of jQUery UI prior to 1.10.0 are affected. (In reply to Athmane Madjoudj from comment #6) > Does this affected only packages with bundled jquery ui, or jquery in > general. > > For example: sticky-notes has jquery (min) and jquery.cookie but not jquery > ui (or code from it), does that make it vulnerable to this issue. It affects packages which are using bundled jQuery UI version < 1.10.0 If a package is not using jQuery UI - it's not affected. Created nodejs-should tracking bugs for this issue: Affects: fedora-all [bug 1166784] Created openslides tracking bugs for this issue: Affects: fedora-all [bug 1166785] Created python-django-debug-toolbar tracking bugs for this issue: Affects: fedora-all [bug 1166792] Created dokuwiki tracking bugs for this issue: Affects: fedora-all [bug 1166770] Created fish tracking bugs for this issue: Affects: fedora-all [bug 1166774] Created global tracking bugs for this issue: Affects: fedora-all [bug 1166776] Created yelp-xsl tracking bugs for this issue: Affects: fedora-all [bug 1166822] Created why3 tracking bugs for this issue: Affects: fedora-all [bug 1166820] Created mojomojo tracking bugs for this issue: Affects: fedora-all [bug 1166782] Created mediawiki tracking bugs for this issue: Affects: fedora-all [bug 1166781] Created python-pebl tracking bugs for this issue: Affects: fedora-all [bug 1166797] Created cobbler tracking bugs for this issue: Affects: fedora-all [bug 1166766] Created python-XStatic-jquery-ui tracking bugs for this issue: Affects: epel-all [bug 1166827] Created drupal7-jquery_update tracking bugs for this issue: Affects: fedora-all [bug 1166773] Affects: epel-all [bug 1166824] Created python-tw2-jqplugins-flot tracking bugs for this issue: Affects: fedora-all [bug 1166800] Created python-sphinx tracking bugs for this issue: Affects: fedora-all [bug 1166798] Affects: fedora-all [bug 1166806] Created couchdb tracking bugs for this issue: Affects: fedora-all [bug 1166767] Created calibre tracking bugs for this issue: Affects: fedora-all [bug 1166764] Created phpPgAdmin tracking bugs for this issue: Affects: fedora-all [bug 1166789] Created StarCluster tracking bugs for this issue: Affects: fedora-all [bug 1166815] Created sugar-help tracking bugs for this issue: Affects: fedora-all [bug 1166816] Created python-werkzeug tracking bugs for this issue: Affects: fedora-all [bug 1166802] Affects: fedora-all [bug 1166807] Created orbited tracking bugs for this issue: Affects: fedora-all [bug 1166787] Created gallery3 tracking bugs for this issue: Affects: fedora-all [bug 1166775] Created python-django14 tracking bugs for this issue: Affects: fedora-all [bug 1166794] Created python-django15 tracking bugs for this issue: Affects: fedora-all [bug 1166795] Created python-tw2-jquery tracking bugs for this issue: Affects: fedora-all [bug 1166801] Affects: epel-all [bug 1166826] Created wordpress tracking bugs for this issue: Affects: fedora-all [bug 1166821] Created varnish-agent tracking bugs for this issue: Affects: fedora-all [bug 1166817] Created hotot tracking bugs for this issue: Affects: fedora-all [bug 1166778] Created python-django tracking bugs for this issue: Affects: fedora-all [bug 1166791] Affects: fedora-all [bug 1166805] Created sagemath tracking bugs for this issue: Affects: fedora-all [bug 1166812] Created python-XStatic-jQuery tracking bugs for this issue: Affects: fedora-all [bug 1166803] Created sparkleshare tracking bugs for this issue: Affects: fedora-all [bug 1166813] Created wesnoth tracking bugs for this issue: Affects: fedora-all [bug 1166819] Created webacula tracking bugs for this issue: Affects: fedora-all [bug 1166818] Created libgda tracking bugs for this issue: Affects: fedora-all [bug 1166780] Created python-tw-jquery tracking bugs for this issue: Affects: fedora-all [bug 1166799] Affects: epel-all [bug 1166825] Created openteacher tracking bugs for this issue: Affects: fedora-all [bug 1166786] Created ikiwiki tracking bugs for this issue: Affects: fedora-all [bug 1166779] Created graphite-web tracking bugs for this issue: Affects: fedora-all [bug 1166777] Created roundup tracking bugs for this issue: Affects: fedora-all [bug 1166809] Created python-backlash tracking bugs for this issue: Affects: fedora-all [bug 1166790] Affects: fedora-all [bug 1166804] Created perl-Mojolicious tracking bugs for this issue: Affects: fedora-all [bug 1166788] Created ckeditor tracking bugs for this issue: Affects: fedora-all [bug 1166765] Created python-django-typepadapp tracking bugs for this issue: Affects: fedora-all [bug 1166793] Created cumin tracking bugs for this issue: Affects: fedora-all [bug 1166768] Created zabbix tracking bugs for this issue: Affects: fedora-all [bug 1166823] Created rubygem-jquery-rails tracking bugs for this issue: Affects: fedora-all [bug 1166810] Created drupal7 tracking bugs for this issue: Affects: fedora-all [bug 1166772] Created drupal6 tracking bugs for this issue: Affects: fedora-all [bug 1166771] Created spyder tracking bugs for this issue: Affects: fedora-all [bug 1166814] Created python-flask-debugtoolbar tracking bugs for this issue: Affects: fedora-all [bug 1166796] Created django-typepad tracking bugs for this issue: Affects: fedora-all [bug 1166769] couchdb-1.6.1-4.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report. couchdb-1.6.1-4.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report. Deleting duplicate fedora-all/python-werkzeug=, fedora-all/python-sphinx=, fedora-all/python-django= from whiteboard. This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2015:0442 https://rhn.redhat.com/errata/RHSA-2015-0442.html This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2015:1462 https://rhn.redhat.com/errata/RHSA-2015-1462.html |