[Git][security-tracker-team/security-tracker][master] triage for bootstrap in jessie, probably same for all suites
Antoine Beaupré
anarcat at debian.org
Mon Aug 27 17:17:44 BST 2018
Antoine Beaupré pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e3610c7c by Antoine Beaupré at 2018-08-27T16:16:52Z
triage for bootstrap in jessie, probably same for all suites
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -4529,6 +4529,8 @@ CVE-2018-14043 (mstdlib (aka the M Standard Library for C) 1.2.0 has incorrect f
CVE-2018-14042 (In Bootstrap before 4.1.2, XSS is possible in the data-container ...)
- twitter-bootstrap <unfixed>
- twitter-bootstrap3 <unfixed>
+ [jessie] - twitter-bootstrap <not-affected> (Vulnerable code not present)
+ [jessie] - twitter-bootstrap3 <not-affected> (Vulnerable code not present)
NOTE: https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/
NOTE: https://github.com/twbs/bootstrap/issues/26423
NOTE: https://github.com/twbs/bootstrap/issues/26628
@@ -4537,6 +4539,8 @@ CVE-2018-14042 (In Bootstrap before 4.1.2, XSS is possible in the data-container
CVE-2018-14041 (In Bootstrap before 4.1.2, XSS is possible in the data-target property ...)
- twitter-bootstrap <unfixed>
- twitter-bootstrap3 <unfixed>
+ [jessie] - twitter-bootstrap <not-affected> (Vulnerable code not present)
+ [jessie] - twitter-bootstrap3 <not-affected> (Vulnerable code not present)
NOTE: https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/
NOTE: https://github.com/twbs/bootstrap/issues/26423
NOTE: https://github.com/twbs/bootstrap/issues/26627
@@ -4545,6 +4549,7 @@ CVE-2018-14041 (In Bootstrap before 4.1.2, XSS is possible in the data-target pr
CVE-2018-14040 (In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent ...)
- twitter-bootstrap <unfixed>
- twitter-bootstrap3 <unfixed>
+ [jessie] - twitter-bootstrap <not-affected> (Vulnerable code not present)
NOTE: https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/
NOTE: https://github.com/twbs/bootstrap/issues/26423
NOTE: https://github.com/twbs/bootstrap/issues/26625
=====================================
data/dla-needed.txt
=====================================
@@ -120,9 +120,6 @@ tomcat8 (Roberto C. Sánchez)
twig (Abhijith PA)
NOTE: 20180824: https://mobile.twitter.com/jameel_nabbo/status/1032593354704515072?s=20
--
-twitter-bootstrap (Antoine Beaupre)
- NOTE: See debian-lts post: https://lists.debian.org/debian-lts/2018/08/msg00010.html
---
twitter-bootstrap3 (Antoine Beaupre)
NOTE: See debian-lts post: https://lists.debian.org/debian-lts/2018/08/msg00010.html
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e3610c7c4b4620bf70249a0ce1e9a11b30289c7c
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e3610c7c4b4620bf70249a0ce1e9a11b30289c7c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180827/6c7452a2/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list