Candidate: CVE-2012-5649
PublicDate: 2014-05-23 14:55:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5649
 http://seclists.org/fulldisclosure/2013/Jan/82
Description:
 Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1
 allows remote attackers to execute arbitrary code via a JSONP callback,
 related to Adobe Flash.
Ubuntu-Description: 
Notes: 
 jdstrand> JSONP is disabled by default on Ubuntu 11.10 and later
 jdstrand> it isn't clear why the patch fixes the issue. Could apply patch to
  disable jsonp by default
 jdstrand> supported use of couchdb is not used in this manner on Ubuntu 10.04
  LTS
Bugs: 
Priority: low
Discovered-by:
Assigned-to: 
CVSS: 

Patches_couchdb:
 upstream: https://github.com/apache/couchdb/commit/f5be496314b4c436eb5f4d540a25f887202c94bd
upstream_couchdb: released (1.0.4, 1.2.0-5)
hardy_couchdb: DNE
lucid_couchdb: ignored
oneiric_couchdb: ignored
precise_couchdb: ignored
quantal_couchdb: ignored
devel_couchdb: not-affected (1.2.0-5ubuntu1)