Antoine Beaupré pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
6d61552a by Antoine Beaupré at 2018-08-27T18:47:47Z
bug created for twitter-bootstrap3
- - - - -
2a6bb31c by Antoine Beaupré at 2018-08-27T18:47:48Z
Reserve DLA-1479-1 for twitter-bootstrap3
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -4528,7 +4528,7 @@ CVE-2018-14043 (mstdlib (aka the M Standard Library for
C) 1.2.0 has incorrect f
NOT-FOR-US: mstdlib
CVE-2018-14042 (In Bootstrap before 4.1.2, XSS is possible in the
data-container ...)
- twitter-bootstrap <unfixed>
- - twitter-bootstrap3 <unfixed>
+ - twitter-bootstrap3 <unfixed> (bug #907414)
[jessie] - twitter-bootstrap <not-affected> (Vulnerable code not
present)
[jessie] - twitter-bootstrap3 <not-affected> (Vulnerable code not
present)
NOTE: https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/
@@ -4538,7 +4538,7 @@ CVE-2018-14042 (In Bootstrap before 4.1.2, XSS is
possible in the data-container
NOTE:
https://github.com/twbs/bootstrap/pull/26630/commits/efca80bb5bb34546a2e7a9488b89f71457d2ad92
CVE-2018-14041 (In Bootstrap before 4.1.2, XSS is possible in the data-target
property ...)
- twitter-bootstrap <unfixed>
- - twitter-bootstrap3 <unfixed>
+ - twitter-bootstrap3 <unfixed> (bug #907414)
[jessie] - twitter-bootstrap <not-affected> (Vulnerable code not
present)
[jessie] - twitter-bootstrap3 <not-affected> (Vulnerable code not
present)
NOTE: https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/
@@ -4548,7 +4548,7 @@ CVE-2018-14041 (In Bootstrap before 4.1.2, XSS is
possible in the data-target pr
NOTE:
https://github.com/twbs/bootstrap/pull/26630/commits/3229efc0811df29765c1d0a949c85362378b0628
CVE-2018-14040 (In Bootstrap before 4.1.2, XSS is possible in the collapse
data-parent ...)
- twitter-bootstrap <unfixed>
- - twitter-bootstrap3 <unfixed>
+ - twitter-bootstrap3 <unfixed> (bug #907414)
[jessie] - twitter-bootstrap <not-affected> (Vulnerable code not
present)
NOTE: https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/
NOTE: https://github.com/twbs/bootstrap/issues/26423
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[27 Aug 2018] DLA-1479-1 twitter-bootstrap3 - security update
+ {CVE-2018-14040}
+ [jessie] - twitter-bootstrap3 3.2.0+dfsg-1+deb7u1
[26 Aug 2018] DLA-1478-1 libextractor - security update
{CVE-2018-14346 CVE-2018-14347}
[jessie] - libextractor 1:1.3-2+deb8u2
=====================================
data/dla-needed.txt
=====================================
@@ -122,8 +122,5 @@ tomcat8 (Roberto C. Sánchez)
twig (Abhijith PA)
NOTE: 20180824:
https://mobile.twitter.com/jameel_nabbo/status/1032593354704515072?s=20
--
-twitter-bootstrap3 (Antoine Beaupre)
- NOTE: See debian-lts post:
https://lists.debian.org/debian-lts/2018/08/msg00010.html
---
xen (Emilio Pozuelo)
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/ca9a91c92de775e6f23e0244870dde3c201e8476...2a6bb31cdd3538f0bcfdee5cc0c3786ce3d9c590
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/ca9a91c92de775e6f23e0244870dde3c201e8476...2a6bb31cdd3538f0bcfdee5cc0c3786ce3d9c590
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
