Candidate: CVE-2012-5650
PublicDate: 2014-03-18 17:02:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5650
 http://seclists.org/fulldisclosure/2013/Jan/80
Description:
 Cross-site scripting (XSS) vulnerability in the Futon UI in Apache CouchDB
 before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote
 attackers to inject arbitrary web script or HTML via unspecified parameters
 to the browser-based test suite.
Ubuntu-Description: 
Notes: 
 jdstrand> Workaround is to disable the Futon interface (see full-disclosure
  information)
Bugs: 
Priority: low
Discovered-by:
Assigned-to: 
CVSS: 

Patches_couchdb:
 upstream: https://github.com/apache/couchdb/commit/6cc84db91037d707f37832cdb2873bff31533c1b
upstream_couchdb: released (1.0.4, 1.2.0-5)
hardy_couchdb: DNE
lucid_couchdb: ignored (reached end-of-life)
oneiric_couchdb: ignored (reached end-of-life)
precise_couchdb: ignored (reached end-of-life)
precise/esm_couchdb: DNE (precise was needed)
quantal_couchdb: ignored (reached end-of-life)
raring_couchdb: not-affected (1.2.0-5ubuntu1)
saucy_couchdb: not-affected (1.2.0-5ubuntu1)
trusty_couchdb: not-affected (1.2.0-5ubuntu1)
trusty/esm_couchdb: DNE (trusty was not-affected [1.2.0-5ubuntu1])
utopic_couchdb: not-affected (1.2.0-5ubuntu1)
vivid_couchdb: not-affected (1.2.0-5ubuntu1)
vivid/stable-phone-overlay_couchdb: DNE
vivid/ubuntu-core_couchdb: DNE
wily_couchdb: not-affected (1.2.0-5ubuntu1)
xenial_couchdb: not-affected (1.2.0-5ubuntu1)
yakkety_couchdb: not-affected (1.2.0-5ubuntu1)
zesty_couchdb: not-affected (1.2.0-5ubuntu1)
devel_couchdb: not-affected (1.2.0-5ubuntu1)