[Pkg-javascript-devel] Bug#601604: libjs-yui: JS injection vulnerability in YUI 2.4.0 through YUI 2.8.1.
Tomasz Muras
nexor1984 at gmail.com
Wed Oct 27 18:32:26 UTC 2010
Package: libjs-yui
Version: 2.8.1-1
Severity: important
As per http://yuilibrary.com/support/2.8.2 :
A security-related defect was introduced in the YUI 2 Flash component
infrastructure beginning with the YUI 2.4.0 release. This defect allows
JavaScript injection exploits to be created against domains that host
affected YUI .swf files. YUI 2.8.2 corrects this problem; patches are
also provided here for all affected releases from 2.4.0 through 2.8.1.
The package contains following files that are affected:
59c6e2c9ae7de87f11dd3db3336de8b6
/usr/share/javascript/yui/charts/assets/charts.swf
eeb5aa24c17afae286845bedb142da28
/usr/share/javascript/yui/uploader/assets/uploader.swf
f619420748b08a2d453c049ef190e2f3
/usr/share/javascript/yui/swfstore/swfstore.swf
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-trunk-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
libjs-yui depends on no packages.
Versions of packages libjs-yui recommends:
ii javascript-common 7 Base support for javascript
librar
libjs-yui suggests no packages.
-- no debconf information
More information about the Pkg-javascript-devel
mailing list