[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 258-1] jqueryui security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : jqueryui
Version        : 1.8.dfsg-3+deb6u1
CVE ID         : CVE-2010-5312

Shadowman131 discovered that jqueryui, a JavaScript UI library for
dynamic web applications, failed to properly sanitize its "title"
option. This would allow a remote attacker to inject arbitrary code
through cross-site scripting.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJVkaqYXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHip4P/iR3JrxI/IqR7lN/eny4zXW6
DHwT+vDXcQ9OAw2XB3EjbeaXuqXGG5YM013K7UyaH5pL2VnaxWNoVw5O4m8lo22M
1RgqHcswAh3Kw5lYEpT5hZV5PFizWuqJIxhC1ojADI145nwRGCuODe1SAuAicgVd
BD+QdjOfUTO08mprHx8gRVlDdovrlG3/XqPz3pcUW8X2O72qO3Isl+1RI3OtOhWA
ecilqO8WOZmcWQxE4nue3lQqf73z1vHwta5uymkqfEG56Jy0SGqTiPua09KW/uug
V1nEc+6IvwezINWcEVfPZKkvne+dFpQWQKZ/jiEePHIwCQzTgS43T1EFUlkEqqyo
Gw1yornF/r4KRd3+x3jlVtyHvn+YIHTrJ16m+/w1PexG47AkIsFzqtWKTpYTMLBk
9EZCY2o0pzIIW6E4l7PcueRtO4dJWX+m55LlifP9kvMMBcJA8FQUclbAQ77ORRTL
h5IqIiywPiLiOdbGQKc/x57MHmHGnCwUB6a4ZcDHMD4St6/Ui5ade5eDPCvTcquR
Q0owEcXYOaAtY0wCmXDhikvGekxlG9sMPU3YHKzlJNts2DyDmhZ7Fu/F/WWiSN3Z
ddtnVKBzL3XMGWYvIPLxP7U0eNApHmbatx5wSanyWl6XPHCP7J1ZDH/a4xbfOkd7
xFkNDcwFMphvPC5r5RW/
=kgDu
-----END PGP SIGNATURE-----


Reply to: