Opened at 2013-11-30T13:39:14Z
Closed at 2014-05-05T21:11:29Z
#2122 closed defect (fixed)
Update jQuery to address CVE-2011-4969
| Reported by: | ChosenOne | Owned by: | |
|---|---|---|---|
| Priority: | normal | Milestone: | 1.10.1 |
| Component: | packaging | Version: | 1.10.0 |
| Keywords: | jquery d3 security | Cc: | |
| Launchpad Bug: |
Description
See http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4969 A pull request referencing this file will issued in github.
The severity is unknown, as I have not reviewed tahoe's use of jQuery at all.
Change History (9)
comment:1 Changed at 2013-11-30T13:41:52Z by ChosenOne
comment:2 Changed at 2013-12-01T12:34:31Z by daira
The actual problem is what the anonymous commenter at http://bugs.jquery.com/ticket/9521#comment:26 says: $ is too overloaded.
comment:3 Changed at 2013-12-07T04:12:04Z by daira
- Component changed from unknown to packaging
- Keywords jquery d3 security added
comment:4 Changed at 2013-12-07T04:12:34Z by daira
- Keywords review-needed added
- Owner daira deleted
comment:5 Changed at 2014-03-29T20:21:34Z by daira
See also #2208.
comment:6 Changed at 2014-04-15T00:00:11Z by daira
Fixing #2208 might incidentally fix this. However we haven't actually decided to upgrade our embedded jQuery in order to fix that ticket.
comment:7 Changed at 2014-04-15T00:00:42Z by zooko
Discussion about patching Debian's version of jQuery for this vuln: http://lists.alioth.debian.org/pipermail/pkg-javascript-devel/2013-February/004825.html
comment:8 Changed at 2014-05-05T21:10:49Z by daira
comment:9 Changed at 2014-05-05T21:11:29Z by daira
- Keywords review-needed removed
- Milestone changed from undecided to 1.11.0
- Resolution set to fixed
- Status changed from new to closed
Note: See
TracTickets for help on using
tickets.
The pull request on github is https://github.com/tahoe-lafs/tahoe-lafs/pull/71.