Package name
couchdb
Date
2013-04-08
Advisory ID
MDVSA-2013:067
Affected versions
MBS1 x86_64

Problem description

Updated couchdb packages fix security vulnerabilities:

A security flaw was found in the way Apache CouchDB, a
distributed,fault- tolerant and schema-free document-oriented
database accessible via a RESTful HTTP/JSON API, processed certain
JSON callback. A remote attacker could provide a specially-crafted
JSON callback that, when processed could lead to arbitrary JSON code
execution via Adobe Flash (CVE-2012-5649).

A DOM based cross-site scripting (XSS) flaw was found in the
way browser- based test suite of Apache CouchDB, a distributed,
fault-tolerant and schema-free document-oriented database accessible
via a RESTful HTTP/JSON API, processed certain query parameters. A
remote attacker could provide a specially-crafted web page that,
when accessed could lead to arbitrary web script or HTML execution
in the context of a CouchDB user session (CVE-2012-5650).

Updated packages

MBS1 x86_64

 3f0ba92ca060b25d74ae60e0a2342c0f  mbs1/x86_64/couchdb-1.2.1-1.mbs1.x86_64.rpm
 9b9d7695b5d17db8cd5b8ba069082584  mbs1/x86_64/couchdb-bin-1.2.1-1.mbs1.x86_64.rpm 
 89310a1386e74172d39eab4910d20c4f  mbs1/SRPMS/couchdb-1.2.1-1.mbs1.src.rpm

References