[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #28134 [Internal Services/Service - trac]: upgrade jQuery File Upload to 9.22.1 (CVE-2018-9206)

To: undisclosed-recipients: ;
Subject: [tor-bugs] #28134 [Internal Services/Service - trac]: upgrade jQuery File Upload to 9.22.1 (CVE-2018-9206)
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Mon, 22 Oct 2018 03:23:35 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 21 Oct 2018 23:23:44 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#28134: upgrade jQuery File Upload to 9.22.1 (CVE-2018-9206)
--------------------------------------------------+-----------------
     Reporter:  traumschule                       |      Owner:  qbi
         Type:  defect                            |     Status:  new
     Priority:  Immediate                         |  Milestone:
    Component:  Internal Services/Service - trac  |    Version:
     Severity:  Normal                            |   Keywords:
Actual Points:                                    |  Parent ID:
       Points:                                    |   Reviewer:
      Sponsor:                                    |
--------------------------------------------------+-----------------
 https://seclists.org/oss-sec/2018/q4/54
 http://www.vapidlabs.com/advisory.php?v=204

 https://www.zdnet.com/article/zero-day-in-popular-jquery-plugin-actively-
 exploited-for-at-least-three-years
 > The vulnerability received the CVE-2018-9206 identifier earlier this
 month, a good starting point to get more people paying attention.
 > All jQuery File Upload versions before 9.22.1 are vulnerable. Since the
 vulnerability affected the code for handling file uploads for PHP apps,
 other server-side implementations should be considered safe.

 (is this better placed in services or sysadmin maybe?)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28134>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #28134 [Internal Services/Service - trac]: upgrade jQuery File Upload to 9.22.1 (CVE-2018-9206)
  - From: Tor Bug Tracker & Wiki

Prev by Author: [tor-bugs] #28152 [Applications/GetTor]: Gettor code refactor with Python Twisted
Next by Author: Re: [tor-bugs] #28025 [Core Tor/Torflow]: unintended consequence of geographically distributed bandwidth servers: higher vote instability
Previous by thread: Re: [tor-bugs] #27201 [Core Tor/Tor]: rust/protover doesn't forbid version zero
Next by thread: Re: [tor-bugs] #28134 [Internal Services/Service - trac]: upgrade jQuery File Upload to 9.22.1 (CVE-2018-9206)
Index(es):
- Author
- Thread