Advisories ยป MGASA-2014-0559

Updated couchdb packages fix CVE-2010-5312

Publication date: 31 Dec 2014
Modification date: 31 Dec 2014
Type: security
Affected Mageia releases : 4
CVE: CVE-2010-5312

Description

Updated couchdb packages fix security vulnerability:

Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog
widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary
web script or HTML via the title option (CVE-2010-5312).

The embedded copy of jQuery UI in couchdb has been updated to version 1.10.4
to fix this issue.
                

References

SRPMS

4/core