Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits: 6acf0f36 by Chris Lamb at 2019-01-11T09:15:26Z Triage CVE-2018-20679 in busybox for jessie LTS. - - - - - 516bc45d by Chris Lamb at 2019-01-11T09:16:19Z Triage CVE-2018-20677, CVE-2018-20676 and CVE-2016-10735 in twitter-bootstrap3 for jessie LTS. - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -908,6 +908,7 @@ CVE-2018-20680 (Frog CMS 0.9.5 has XSS in the admin/?/page/edit/1 body field. .. CVE-2018-20679 (An issue was discovered in BusyBox before 1.30.0. An out of bounds read ...) - busybox <unfixed> (low; bug #918846) [stretch] - busybox <no-dsa> (Minor issue) + [jessie] - busybox <no-dsa> (Minor issue) NOTE: https://bugs.busybox.net/show_bug.cgi?id=11506 NOTE: https://git.busybox.net/busybox/commit/?id=6d3b4bb24da9a07c263f3c1acf8df85382ff562c NOTE: When fixing this issue make sure to not open CVE-2019-5747 by only @@ -957,6 +958,7 @@ CVE-2019-5721 (In Wireshark 2.4.0 to 2.4.11, the ENIP dissector could crash. Thi CVE-2018-20677 (In Bootstrap before 3.4.0, XSS is possible in the affix configuration ...) - twitter-bootstrap3 3.4.0+dfsg-1 [stretch] - twitter-bootstrap3 <no-dsa> (Minor issue) + [jessie] - twitter-bootstrap3 <no-dsa> (Minor issue) NOTE: https://github.com/twbs/bootstrap/issues/27045 NOTE: https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906 NOTE: https://github.com/twbs/bootstrap/issues/27915#issuecomment-452196628 @@ -965,6 +967,7 @@ CVE-2018-20677 (In Bootstrap before 3.4.0, XSS is possible in the affix configur CVE-2018-20676 (In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport ...) - twitter-bootstrap3 3.4.0+dfsg-1 [stretch] - twitter-bootstrap3 <no-dsa> (Minor issue) + [jessie] - twitter-bootstrap3 <no-dsa> (Minor issue) NOTE: https://github.com/twbs/bootstrap/issues/27044 NOTE: https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906 NOTE: https://github.com/twbs/bootstrap/issues/27915#issuecomment-452196628 @@ -978,6 +981,7 @@ CVE-2016-10735 (In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, - twitter-bootstrap4 <not-affected> (Fixed before initial upload to Debian) - twitter-bootstrap3 3.4.0+dfsg-1 [stretch] - twitter-bootstrap3 <no-dsa> (Minor issue) + [jessie] - twitter-bootstrap3 <no-dsa> (Minor issue) NOTE: https://github.com/twbs/bootstrap/commit/bcad4bcb5f5a9ef079b2883a48a698b35261e083 (v4.0.0-beta.2) NOTE: https://github.com/twbs/bootstrap/commit/29f9237f735b90dbc89e003db0c62dec2db0b308 (v3.4.0) NOTE: https://github.com/twbs/bootstrap/commit/13bf8aeae3db71e28af69782328c22215795c169 (v3.4.0) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/9b5b7f80c823a4b7166c2f8861058561a5f0098f...516bc45df1555bf8ebb0094775e17c752926462e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/9b5b7f80c823a4b7166c2f8861058561a5f0098f...516bc45df1555bf8ebb0094775e17c752926462e You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits