Updated couchdb packages fix CVE-2010-5312
Publication date: 31 Dec 2014Modification date: 31 Dec 2014
Type: security
Affected Mageia releases : 4
CVE: CVE-2010-5312
Description
Updated couchdb packages fix security vulnerability: Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option (CVE-2010-5312). The embedded copy of jQuery UI in couchdb has been updated to version 1.10.4 to fix this issue.
References
SRPMS
4/core
- couchdb-1.4.0-2.5.mga4