Antoine Beaupré pushed to branch master at Debian Security Tracker / security-tracker
Commits: 6d61552a by Antoine Beaupré at 2018-08-27T18:47:47Z bug created for twitter-bootstrap3 - - - - - 2a6bb31c by Antoine Beaupré at 2018-08-27T18:47:48Z Reserve DLA-1479-1 for twitter-bootstrap3 - - - - - 3 changed files: - data/CVE/list - data/DLA/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -4528,7 +4528,7 @@ CVE-2018-14043 (mstdlib (aka the M Standard Library for C) 1.2.0 has incorrect f NOT-FOR-US: mstdlib CVE-2018-14042 (In Bootstrap before 4.1.2, XSS is possible in the data-container ...) - twitter-bootstrap <unfixed> - - twitter-bootstrap3 <unfixed> + - twitter-bootstrap3 <unfixed> (bug #907414) [jessie] - twitter-bootstrap <not-affected> (Vulnerable code not present) [jessie] - twitter-bootstrap3 <not-affected> (Vulnerable code not present) NOTE: https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/ @@ -4538,7 +4538,7 @@ CVE-2018-14042 (In Bootstrap before 4.1.2, XSS is possible in the data-container NOTE: https://github.com/twbs/bootstrap/pull/26630/commits/efca80bb5bb34546a2e7a9488b89f71457d2ad92 CVE-2018-14041 (In Bootstrap before 4.1.2, XSS is possible in the data-target property ...) - twitter-bootstrap <unfixed> - - twitter-bootstrap3 <unfixed> + - twitter-bootstrap3 <unfixed> (bug #907414) [jessie] - twitter-bootstrap <not-affected> (Vulnerable code not present) [jessie] - twitter-bootstrap3 <not-affected> (Vulnerable code not present) NOTE: https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/ @@ -4548,7 +4548,7 @@ CVE-2018-14041 (In Bootstrap before 4.1.2, XSS is possible in the data-target pr NOTE: https://github.com/twbs/bootstrap/pull/26630/commits/3229efc0811df29765c1d0a949c85362378b0628 CVE-2018-14040 (In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent ...) - twitter-bootstrap <unfixed> - - twitter-bootstrap3 <unfixed> + - twitter-bootstrap3 <unfixed> (bug #907414) [jessie] - twitter-bootstrap <not-affected> (Vulnerable code not present) NOTE: https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/ NOTE: https://github.com/twbs/bootstrap/issues/26423 ===================================== data/DLA/list ===================================== @@ -1,3 +1,6 @@ +[27 Aug 2018] DLA-1479-1 twitter-bootstrap3 - security update + {CVE-2018-14040} + [jessie] - twitter-bootstrap3 3.2.0+dfsg-1+deb7u1 [26 Aug 2018] DLA-1478-1 libextractor - security update {CVE-2018-14346 CVE-2018-14347} [jessie] - libextractor 1:1.3-2+deb8u2 ===================================== data/dla-needed.txt ===================================== @@ -122,8 +122,5 @@ tomcat8 (Roberto C. Sánchez) twig (Abhijith PA) NOTE: 20180824: https://mobile.twitter.com/jameel_nabbo/status/1032593354704515072?s=20 -- -twitter-bootstrap3 (Antoine Beaupre) - NOTE: See debian-lts post: https://lists.debian.org/debian-lts/2018/08/msg00010.html --- xen (Emilio Pozuelo) -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/ca9a91c92de775e6f23e0244870dde3c201e8476...2a6bb31cdd3538f0bcfdee5cc0c3786ce3d9c590 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/ca9a91c92de775e6f23e0244870dde3c201e8476...2a6bb31cdd3538f0bcfdee5cc0c3786ce3d9c590 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits