1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
Candidate: CVE-2012-5649
PublicDate: 2014-05-23
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5649
http://seclists.org/fulldisclosure/2013/Jan/82
Description:
Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1
allows remote attackers to execute arbitrary code via a JSONP callback,
related to Adobe Flash.
Ubuntu-Description:
Notes:
jdstrand> JSONP is disabled by default on Ubuntu 11.10 and later
jdstrand> it isn't clear why the patch fixes the issue. Could apply patch to
disable jsonp by default
jdstrand> supported use of couchdb is not used in this manner on Ubuntu 10.04
LTS
Bugs:
Priority: low
Discovered-by:
Assigned-to:
Patches_couchdb:
upstream: https://github.com/apache/couchdb/commit/f5be496314b4c436eb5f4d540a25f887202c94bd
upstream_couchdb: released (1.0.4, 1.2.0-5)
hardy_couchdb: DNE
lucid_couchdb: ignored
oneiric_couchdb: ignored
precise_couchdb: ignored
quantal_couchdb: ignored
devel_couchdb: not-affected (1.2.0-5ubuntu1)
|