PublicDateAtUSN: 2013-01-30
Candidate: CVE-2011-4969
PublicDate: 2013-03-08 22:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4969
 http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/
 http://www.openwall.com/lists/oss-security/2013/01/30
 https://ubuntu.com/security/notices/USN-1722-1
Description:
 Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using
 location.hash to select elements, allows remote attackers to inject
 arbitrary web script or HTML via a crafted tag.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.jquery.com/ticket/9521
Priority: medium
Discovered-by:
Assigned-to: mdeslaur
CVSS: 

Patches_jquery:
 upstream: https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9
upstream_jquery: released (1.6.3)
hardy_jquery: DNE
lucid_jquery: released (1.3.3-2ubuntu1.2)
oneiric_jquery: released (1.6.2-1ubuntu2.2)
precise_jquery: not-affected (1.7.1-1ubuntu1)
quantal_jquery: not-affected (1.7.2+debian-1ubuntu1)
devel_jquery: not-affected (1.7.2+debian-1ubuntu1)