Advisories » MGASA-2014-0559

Updated couchdb packages fix CVE-2010-5312

Publication date: 31 Dec 2014
Modification date: 31 Dec 2014
Type: security
Affected Mageia releases : 4
CVE: CVE-2010-5312

Description

Updated couchdb packages fix security vulnerability:

Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog
widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary
web script or HTML via the title option (CVE-2010-5312).

The embedded copy of jQuery UI in couchdb has been updated to version 1.10.4
to fix this issue.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=14788
• https://lists.fedoraproject.org/pipermail/package-announce/2014-December/145767.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5312

SRPMS

4/core

• couchdb-1.4.0-2.5.mga4