[Git][security-tracker-team/security-tracker][master] Add tracking information for CVE-2018-1404{0,2}/twitter-bootstrap3

Salvatore Bonaccorso carnil at debian.org
Fri Jan 4 14:48:53 GMT 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9693990a by Salvatore Bonaccorso at 2019-01-04T14:47:42Z
Add tracking information for CVE-2018-1404{0,2}/twitter-bootstrap3

Thanks: Xavier Guimard

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -27143,7 +27143,7 @@ CVE-2018-14043 (mstdlib (aka the M Standard Library for C) 1.2.0 has incorrect f
 	NOT-FOR-US: mstdlib
 CVE-2018-14042 (In Bootstrap before 4.1.2, XSS is possible in the data-container ...)
 	- twitter-bootstrap <not-affected> (Vulnerable code not present)
-	- twitter-bootstrap3 <unfixed> (low; bug #907414)
+	- twitter-bootstrap3 3.4.0+dfsg-1 (low; bug #907414)
 	[stretch] - twitter-bootstrap3 <no-dsa> (Minor issue)
 	[jessie] - twitter-bootstrap3 <not-affected> (Vulnerable code not present)
 	NOTE: https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/
@@ -27152,6 +27152,7 @@ CVE-2018-14042 (In Bootstrap before 4.1.2, XSS is possible in the data-container
 	NOTE: https://github.com/twbs/bootstrap/pull/26630
 	NOTE: https://github.com/twbs/bootstrap/pull/26630/commits/efca80bb5bb34546a2e7a9488b89f71457d2ad92
 	NOTE: https://snyk.io/vuln/npm:bootstrap:20180529
+	NOTE: https://github.com/twbs/bootstrap/commit/2a5ba23ce8f041f3548317acc992ed8a736b609d
 CVE-2018-14041 (In Bootstrap before 4.1.2, XSS is possible in the data-target property ...)
 	- twitter-bootstrap <not-affected> (Vulnerable code not present)
 	- twitter-bootstrap3 3.4.0+dfsg-1 (low; bug #907414)
@@ -27167,7 +27168,7 @@ CVE-2018-14041 (In Bootstrap before 4.1.2, XSS is possible in the data-target pr
 CVE-2018-14040 (In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent ...)
 	{DLA-1479-1}
 	- twitter-bootstrap <not-affected> (Vulnerable code not present)
-	- twitter-bootstrap3 <unfixed> (low; bug #907414)
+	- twitter-bootstrap3 3.4.0+dfsg-1 (low; bug #907414)
 	[stretch] - twitter-bootstrap3 <no-dsa> (Minor issue)
 	NOTE: https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/
 	NOTE: https://github.com/twbs/bootstrap/issues/26423
@@ -27175,6 +27176,7 @@ CVE-2018-14040 (In Bootstrap before 4.1.2, XSS is possible in the collapse data-
 	NOTE: https://github.com/twbs/bootstrap/pull/26630
 	NOTE: https://github.com/twbs/bootstrap/pull/26630/commits/3ba186313e9e651bbd52a6a3a0305891dee0a621
 	NOTE: https://snyk.io/vuln/npm:bootstrap:20180529
+	NOTE: https://github.com/twbs/bootstrap/commit/2a5ba23ce8f041f3548317acc992ed8a736b609d
 CVE-2018-14039
 	RESERVED
 CVE-2018-14038



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9693990a5a74a32c1585e51a801e4e7648a31821

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9693990a5a74a32c1585e51a801e4e7648a31821
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190104/46d1b963/attachment.html>


More information about the debian-security-tracker-commits mailing list