[Git][security-tracker-team/security-tracker][master] 2 commits: Triage CVE-2018-20679 in busybox for jessie LTS.

[Chris Lamb]

Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6acf0f36 by Chris Lamb at 2019-01-11T09:15:26Z
Triage CVE-2018-20679 in busybox for jessie LTS.

- - - - -
516bc45d by Chris Lamb at 2019-01-11T09:16:19Z
Triage CVE-2018-20677, CVE-2018-20676 and CVE-2016-10735 in twitter-bootstrap3 
for jessie LTS.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -908,6 +908,7 @@ CVE-2018-20680 (Frog CMS 0.9.5 has XSS in the 
admin/?/page/edit/1 body field. ..
 CVE-2018-20679 (An issue was discovered in BusyBox before 1.30.0. An out of 
bounds read ...)
        - busybox <unfixed> (low; bug #918846)
        [stretch] - busybox <no-dsa> (Minor issue)
+       [jessie] - busybox <no-dsa> (Minor issue)
        NOTE: https://bugs.busybox.net/show_bug.cgi?id=11506
        NOTE: 
https://git.busybox.net/busybox/commit/?id=6d3b4bb24da9a07c263f3c1acf8df85382ff562c
        NOTE: When fixing this issue make sure to not open CVE-2019-5747 by only
@@ -957,6 +958,7 @@ CVE-2019-5721 (In Wireshark 2.4.0 to 2.4.11, the ENIP 
dissector could crash. Thi
 CVE-2018-20677 (In Bootstrap before 3.4.0, XSS is possible in the affix 
configuration ...)
        - twitter-bootstrap3 3.4.0+dfsg-1
        [stretch] - twitter-bootstrap3 <no-dsa> (Minor issue)
+       [jessie] - twitter-bootstrap3 <no-dsa> (Minor issue)
        NOTE: https://github.com/twbs/bootstrap/issues/27045
        NOTE: 
https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906
        NOTE: 
https://github.com/twbs/bootstrap/issues/27915#issuecomment-452196628
@@ -965,6 +967,7 @@ CVE-2018-20677 (In Bootstrap before 3.4.0, XSS is possible 
in the affix configur
 CVE-2018-20676 (In Bootstrap before 3.4.0, XSS is possible in the tooltip 
data-viewport ...)
        - twitter-bootstrap3 3.4.0+dfsg-1
        [stretch] - twitter-bootstrap3 <no-dsa> (Minor issue)
+       [jessie] - twitter-bootstrap3 <no-dsa> (Minor issue)
        NOTE: https://github.com/twbs/bootstrap/issues/27044
        NOTE: 
https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906
        NOTE: 
https://github.com/twbs/bootstrap/issues/27915#issuecomment-452196628
@@ -978,6 +981,7 @@ CVE-2016-10735 (In Bootstrap 3.x before 3.4.0 and 4.x-beta 
before 4.0.0-beta.2,
        - twitter-bootstrap4 <not-affected> (Fixed before initial upload to 
Debian)
        - twitter-bootstrap3 3.4.0+dfsg-1
        [stretch] - twitter-bootstrap3 <no-dsa> (Minor issue)
+       [jessie] - twitter-bootstrap3 <no-dsa> (Minor issue)
        NOTE: 
https://github.com/twbs/bootstrap/commit/bcad4bcb5f5a9ef079b2883a48a698b35261e083
 (v4.0.0-beta.2)
        NOTE: 
https://github.com/twbs/bootstrap/commit/29f9237f735b90dbc89e003db0c62dec2db0b308
 (v3.4.0)
        NOTE: 
https://github.com/twbs/bootstrap/commit/13bf8aeae3db71e28af69782328c22215795c169
 (v3.4.0)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/9b5b7f80c823a4b7166c2f8861058561a5f0098f...516bc45df1555bf8ebb0094775e17c752926462e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/9b5b7f80c823a4b7166c2f8861058561a5f0098f...516bc45df1555bf8ebb0094775e17c752926462e
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits