#2122 closed defect (fixed)

Update jQuery to address CVE-2011-4969

Reported by: ChosenOne Owned by:
Priority: normal Milestone: 1.10.1
Component: packaging Version: 1.10.0
Keywords: jquery d3 security Cc:
Launchpad Bug:

Description

See http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4969 A pull request referencing this file will issued in github.

The severity is unknown, as I have not reviewed tahoe's use of jQuery at all.

Change History (9)

comment:1 Changed at 2013-11-30T13:41:52Z by ChosenOne

comment:2 Changed at 2013-12-01T12:34:31Z by daira

The actual problem is what the anonymous commenter at http://bugs.jquery.com/ticket/9521#comment:26 says: $ is too overloaded.

comment:3 Changed at 2013-12-07T04:12:04Z by daira

  • Component changed from unknown to packaging
  • Keywords jquery d3 security added

comment:4 Changed at 2013-12-07T04:12:34Z by daira

  • Keywords review-needed added
  • Owner daira deleted

comment:5 Changed at 2014-03-29T20:21:34Z by daira

See also #2208.

comment:6 Changed at 2014-04-15T00:00:11Z by daira

Fixing #2208 might incidentally fix this. However we haven't actually decided to upgrade our embedded jQuery in order to fix that ticket.

comment:7 Changed at 2014-04-15T00:00:42Z by zooko

Discussion about patching Debian's version of jQuery for this vuln: http://lists.alioth.debian.org/pipermail/pkg-javascript-devel/2013-February/004825.html

comment:9 Changed at 2014-05-05T21:11:29Z by daira

  • Keywords review-needed removed
  • Milestone changed from undecided to 1.11.0
  • Resolution set to fixed
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.