[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] 2 commits: Add CVE-2012-6708/jquery

Fri Jan 19 09:41:05 UTC 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bba8a0e0 by Salvatore Bonaccorso at 2018-01-19T10:40:10+01:00
Add CVE-2012-6708/jquery

- - - - -
0da19d3f by Salvatore Bonaccorso at 2018-01-19T10:40:28+01:00
Cleanup trailing whitespaces

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================

--- a/data/CVE/list
+++ b/data/CVE/list
@@ -36,7 +36,10 @@ CVE-2016-10707 (jQuery before 3.0.0 is vulnerable to Denial of Service (DoS) due
 CVE-2015-9251 (jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks ...)
 	TODO: check
 CVE-2012-6708 (jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) ...)
-	TODO: check
+	- jquery 1.11.3+dfsg-1
+	NOTE: https://bugs.jquery.com/ticket/11290
+	NOTE: https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d
+	NOTE: https://snyk.io/vuln/npm:jquery:20120206
 CVE-2018-5776 [XSS vulnerability in MediaElement]
 	- wordpress <unfixed> (bug #887596)
 	NOTE: https://wordpress.org/news/2018/01/wordpress-4-9-2-security-and-maintenance-release/
@@ -7641,7 +7644,7 @@ CVE-2018-2694 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...
 CVE-2018-2693 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
 	- virtualbox-guest-additions-iso 5.2.6-1
 	[jessie] - virtualbox-guest-additions-iso <no-dsa> (Non-free not supported)
-	[wheezy] - virtualbox-guest-additions-iso <no-dsa> (Non-free not supported)	
+	[wheezy] - virtualbox-guest-additions-iso <no-dsa> (Non-free not supported)
 	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
 CVE-2018-2692 (Vulnerability in the Oracle Financial Services Asset Liability ...)
 	NOT-FOR-US: Oracle



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/895e749b3fc7ba8c28f4bede5a27687cac8f6609...0da19d3fdad37079f2ba292c0d488aba2a1cbeb8

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/895e749b3fc7ba8c28f4bede5a27687cac8f6609...0da19d3fdad37079f2ba292c0d488aba2a1cbeb8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180119/6407377f/attachment.html>
