[Git][security-tracker-team/security-tracker][master] 2 commits: bug created for twitter-bootstrap3

[Antoine Beaupré]

Antoine Beaupré pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6d61552a by Antoine Beaupré at 2018-08-27T18:47:47Z
bug created for twitter-bootstrap3

- - - - -
2a6bb31c by Antoine Beaupré at 2018-08-27T18:47:48Z
Reserve DLA-1479-1 for twitter-bootstrap3

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -4528,7 +4528,7 @@ CVE-2018-14043 (mstdlib (aka the M Standard Library for C) 1.2.0 has incorrect f
 	NOT-FOR-US: mstdlib
 CVE-2018-14042 (In Bootstrap before 4.1.2, XSS is possible in the data-container ...)
 	- twitter-bootstrap <unfixed>
-	- twitter-bootstrap3 <unfixed>
+	- twitter-bootstrap3 <unfixed> (bug #907414)
 	[jessie] - twitter-bootstrap <not-affected> (Vulnerable code not present)
 	[jessie] - twitter-bootstrap3 <not-affected> (Vulnerable code not present)
 	NOTE: https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/
@@ -4538,7 +4538,7 @@ CVE-2018-14042 (In Bootstrap before 4.1.2, XSS is possible in the data-container
 	NOTE: https://github.com/twbs/bootstrap/pull/26630/commits/efca80bb5bb34546a2e7a9488b89f71457d2ad92
 CVE-2018-14041 (In Bootstrap before 4.1.2, XSS is possible in the data-target property ...)
 	- twitter-bootstrap <unfixed>
-	- twitter-bootstrap3 <unfixed>
+	- twitter-bootstrap3 <unfixed> (bug #907414)
 	[jessie] - twitter-bootstrap <not-affected> (Vulnerable code not present)
 	[jessie] - twitter-bootstrap3 <not-affected> (Vulnerable code not present)
 	NOTE: https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/
@@ -4548,7 +4548,7 @@ CVE-2018-14041 (In Bootstrap before 4.1.2, XSS is possible in the data-target pr
 	NOTE: https://github.com/twbs/bootstrap/pull/26630/commits/3229efc0811df29765c1d0a949c85362378b0628
 CVE-2018-14040 (In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent ...)
 	- twitter-bootstrap <unfixed>
-	- twitter-bootstrap3 <unfixed>
+	- twitter-bootstrap3 <unfixed> (bug #907414)
 	[jessie] - twitter-bootstrap <not-affected> (Vulnerable code not present)
 	NOTE: https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/
 	NOTE: https://github.com/twbs/bootstrap/issues/26423


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[27 Aug 2018] DLA-1479-1 twitter-bootstrap3 - security update
+	{CVE-2018-14040}
+	[jessie] - twitter-bootstrap3 3.2.0+dfsg-1+deb7u1
 [26 Aug 2018] DLA-1478-1 libextractor - security update
 	{CVE-2018-14346 CVE-2018-14347}
 	[jessie] - libextractor 1:1.3-2+deb8u2


=====================================
data/dla-needed.txt
=====================================
@@ -122,8 +122,5 @@ tomcat8 (Roberto C. Sánchez)
 twig (Abhijith PA)
   NOTE: 20180824: https://mobile.twitter.com/jameel_nabbo/status/1032593354704515072?s=20
 --
-twitter-bootstrap3 (Antoine Beaupre)
-  NOTE: See debian-lts post: https://lists.debian.org/debian-lts/2018/08/msg00010.html
---
 xen (Emilio Pozuelo)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/ca9a91c92de775e6f23e0244870dde3c201e8476...2a6bb31cdd3538f0bcfdee5cc0c3786ce3d9c590

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/ca9a91c92de775e6f23e0244870dde3c201e8476...2a6bb31cdd3538f0bcfdee5cc0c3786ce3d9c590
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180827/b85b8836/attachment-0001.html>