Sicherheit: Cross-Site Scripting in Mojarra JSF
Aktuelle Meldungen Distributionen
Name: Cross-Site Scripting in Mojarra JSF
ID: FEDORA-2016-d6c87eb4af
Distribution: Fedora
Plattformen: Fedora 25
Datum: So, 9. Oktober 2016, 12:53
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5855
Applikationen: Mojarra JSF


Name        : mojarra
Product : Fedora 25
Version : 2.2.13
Release : 1.fc25
URL : http://javaserverfaces.java.net
Summary : JSF Reference Implementation
Description :
JvaServer(TM) Faces technology simplifies building user interfaces for
JavaServer applications. Developers of various skill levels can quickly build
web applications by: assembling reusable UI components in a page; connecting
these components to an application data source; and wiring client-generated
events to server-side event handlers.

Update Information:

update to 2.2.13. fix CVE-2013-5855 rhbz#1087182,1065139

[ 1 ] Bug #1065139 - CVE-2013-5855 Mojarra JSF: XSS due to insufficient
escaping of user-supplied content in outputText tags and EL expressions

This update can be installed with the "yum" update program. Use
su -c 'yum update mojarra' at the command line.
For more information, refer to "Managing Software with yum",
available at https://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Pro-Linux @Facebook
Neue Nachrichten