Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 1ece7962 by Salvatore Bonaccorso at 2019-01-10T21:17:30Z Correctly track CVE-2018-14041/twitter-bootstrap3 The issue was fixed in the 4.1.x series in 4.1.2 but CVE-2018-14041. Cf. https://github.com/twbs/bootstrap/issues/27915#issuecomment-452196628 and ff. - - - - - 2 changed files: - data/CVE/list - data/next-point-update.txt Changes: ===================================== data/CVE/list ===================================== @@ -29577,9 +29577,7 @@ CVE-2018-14042 (In Bootstrap before 4.1.2, XSS is possible in the data-container NOTE: https://github.com/twbs/bootstrap/commit/2a5ba23ce8f041f3548317acc992ed8a736b609d CVE-2018-14041 (In Bootstrap before 4.1.2, XSS is possible in the data-target property ...) - twitter-bootstrap <not-affected> (Vulnerable code not present) - - twitter-bootstrap3 3.4.0+dfsg-1 (low; bug #907414) - [stretch] - twitter-bootstrap3 <no-dsa> (Minor issue) - [jessie] - twitter-bootstrap3 <not-affected> (Vulnerable code not present) + - twitter-bootstrap3 <not-affected> (Vulnerable code not present) NOTE: https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/ NOTE: https://github.com/twbs/bootstrap/issues/26423 NOTE: https://github.com/twbs/bootstrap/issues/26627 ===================================== data/next-point-update.txt ===================================== @@ -124,7 +124,5 @@ CVE-2018-11237 [stretch] - glibc 2.24-11+deb9u4 CVE-2018-14040 [stretch] - twitter-bootstrap3 3.3.7+dfsg-3+deb9u1 -CVE-2018-14041 - [stretch] - twitter-bootstrap3 3.3.7+dfsg-3+deb9u1 CVE-2018-14042 [stretch] - twitter-bootstrap3 3.3.7+dfsg-3+deb9u1 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1ece7962ca26b7b9e6d2441b2a734c378cff84b4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1ece7962ca26b7b9e6d2441b2a734c378cff84b4 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits