[Git][security-tracker-team/security-tracker][master] Add references for CVE-2018-1404{0,1,2}/twitter-bootstrap3 issues
Salvatore Bonaccorso
carnil at debian.org
Fri Jan 4 09:52:35 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e4b36394 by Salvatore Bonaccorso at 2019-01-04T09:51:01Z
Add references for CVE-2018-1404{0,1,2}/twitter-bootstrap3 issues
CVE-2018-14041 got explicitly fixed in the 3.4.0 version upstream, cf.
as well as further reference https://snyk.io/vuln/npm:bootstrap:20160627
..
CVE-2018-14040 and CVE-2018-14042 are mentioning only the 4.x series and
we need to actually investigate if it affects src:twitter-bootsrap3 as
well up to the version in unstable.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -27146,9 +27146,10 @@ CVE-2018-14042 (In Bootstrap before 4.1.2, XSS is possible in the data-container
NOTE: https://github.com/twbs/bootstrap/issues/26628
NOTE: https://github.com/twbs/bootstrap/pull/26630
NOTE: https://github.com/twbs/bootstrap/pull/26630/commits/efca80bb5bb34546a2e7a9488b89f71457d2ad92
+ NOTE: https://snyk.io/vuln/npm:bootstrap:20180529
CVE-2018-14041 (In Bootstrap before 4.1.2, XSS is possible in the data-target property ...)
- twitter-bootstrap <not-affected> (Vulnerable code not present)
- - twitter-bootstrap3 <unfixed> (low; bug #907414)
+ - twitter-bootstrap3 3.4.0+dfsg-1 (low; bug #907414)
[stretch] - twitter-bootstrap3 <no-dsa> (Minor issue)
[jessie] - twitter-bootstrap3 <not-affected> (Vulnerable code not present)
NOTE: https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/
@@ -27156,6 +27157,8 @@ CVE-2018-14041 (In Bootstrap before 4.1.2, XSS is possible in the data-target pr
NOTE: https://github.com/twbs/bootstrap/issues/26627
NOTE: https://github.com/twbs/bootstrap/pull/26630
NOTE: https://github.com/twbs/bootstrap/pull/26630/commits/3229efc0811df29765c1d0a949c85362378b0628
+ NOTE: https://snyk.io/vuln/npm:bootstrap:20160627
+ NOTE: https://snyk.io/vuln/npm:bootstrap:20180529
CVE-2018-14040 (In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent ...)
{DLA-1479-1}
- twitter-bootstrap <not-affected> (Vulnerable code not present)
@@ -27166,6 +27169,7 @@ CVE-2018-14040 (In Bootstrap before 4.1.2, XSS is possible in the collapse data-
NOTE: https://github.com/twbs/bootstrap/issues/26625
NOTE: https://github.com/twbs/bootstrap/pull/26630
NOTE: https://github.com/twbs/bootstrap/pull/26630/commits/3ba186313e9e651bbd52a6a3a0305891dee0a621
+ NOTE: https://snyk.io/vuln/npm:bootstrap:20180529
CVE-2018-14039
RESERVED
CVE-2018-14038
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e4b36394ba6dcd3d21e3bcc5b570f0a3b102357d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/e4b36394ba6dcd3d21e3bcc5b570f0a3b102357d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190104/896d4bc7/attachment.html>
More information about the debian-security-tracker-commits
mailing list