An update for python-XStatic-jquery-ui is now available for openEuler-20.03-LTS-SP3 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2022-1693 Final 1.0 1.0 2022-06-02 Initial 2022-06-02 2022-06-02 openEuler SA Tool V1.0 2022-06-02 python-XStatic-jquery-ui security update An update for python-XStatic-jquery-ui is now available for openEuler-20.03-LTS-SP3. jquery-ui javascript library packaged for setuptools (easy_install) / pip. This package is intended to be used by **any** project that needs these files. It intentionally does **not** provide any extra code except some metadata **nor** has any extra requirements. You MAY use some minimal support code from the XStatic base package, if you like. You can find more info about the xstatic packaging way in the package `XStatic`. Security Fix(es): jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources.(CVE-2021-41183) An update for python-XStatic-jquery-ui is now available for openEuler-20.03-LTS-SP3. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium python-XStatic-jquery-ui https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1693 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-41183 https://nvd.nist.gov/vuln/detail/CVE-2021-41183 openEuler-20.03-LTS-SP3 python3-XStatic-jquery-ui-1.12.1.1-2.oe1.noarch.rpm python-XStatic-jquery-ui-help-1.12.1.1-2.oe1.noarch.rpm python-XStatic-jquery-ui-1.12.1.1-2.oe1.src.rpm jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources. 2022-06-02 CVE-2021-41183 openEuler-20.03-LTS-SP3 Medium 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N python-XStatic-jquery-ui security update 2022-06-02 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1693