← Back to branch summary

~ubuntu-security/ubuntu-cve-tracker/master

« back to all changes in this revision

Viewing changes to active/CVE-2013-2022

  • Committer: Steve Beattie
  • Date: 2019-02-19 06:18:27 UTC
  • Revision ID: sbeattie@ubuntu.com-20190219061827-oh57fzcfc1u9dlfk
The ubuntu-cve-tracker project has been converted to git.

Please use 'git clone https://git.launchpad.net/ubuntu-cve-tracker' to
get the converted tree.

Show diffs side-by-side

added added

removed removed

Lines of Context:
active/CVE-2013-2022
1
 
Candidate: CVE-2013-2022
2
 
PublicDate: 2013-08-17
3
 
References:
4
 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2022
5
 
 http://www.openwall.com/lists/oss-security/2013/04/29
6
 
 http://www.jplayer.org/2.3.0/release-notes/
7
 
Description:
8
 
 Multiple cross-site scripting (XSS) vulnerabilities in
9
 
 actionscript/Jplayer.as in the Flash SWF component (jplayer.swf) in jPlayer
10
 
 before 2.2.23 allow remote attackers to inject arbitrary web script or HTML
11
 
 via the (1) jQuery or (2) id parameters, a different vulnerability than
12
 
 CVE-2013-1942 and CVE-2013-2023, as demonstrated by using the alert
13
 
 function in the jQuery parameter.  NOTE: these are the same parameters as
14
 
 CVE-2013-1942, but the fix for CVE-2013-1942 uses a blacklist for the
15
 
 jQuery parameter.
16
 
Ubuntu-Description:
17
 
Notes:
18
 
 sarnold> probably duplicate of CVE-2013-1942
19
 
Bugs:
20
 
Priority: medium
21
 
Discovered-by: Malte Batram
22
 
Assigned-to:
23
 
 
24
 
Patches_jplayer:
25
 
 upstream: https://github.com/happyworm/jPlayer/commit/e8ca190f7f972a6a421cb95f09e138720e40ed6d
26
 
upstream_jplayer: released (2.2.20, 2.3.0)
27
 
hardy_jplayer: DNE
28
 
lucid_jplayer: DNE
29
 
oneiric_jplayer: ignored (reached end-of-life)
30
 
precise_jplayer: ignored (reached end-of-life)
31
 
precise/esm_jplayer: DNE (precise was needed)
32
 
quantal_jplayer: ignored (reached end-of-life)
33
 
raring_jplayer: ignored (reached end-of-life)
34
 
saucy_jplayer: ignored (reached end-of-life)
35
 
trusty_jplayer: needed
36
 
utopic_jplayer: ignored (reached end-of-life)
37
 
vivid_jplayer: ignored (reached end-of-life)
38
 
vivid/stable-phone-overlay_jplayer: DNE
39
 
vivid/ubuntu-core_jplayer: DNE
40
 
wily_jplayer: ignored (reached end-of-life)
41
 
xenial_jplayer: needed
42
 
yakkety_jplayer: ignored (reached end-of-life)
43
 
zesty_jplayer: ignored (reached end-of-life)
44
 
artful_jplayer: needed
45
 
bionic_jplayer: needed
46
 
devel_jplayer: needed