[Git][security-tracker-team/security-tracker][master] Correctly track CVE-2018-14041/twitter-bootstrap3
Salvatore Bonaccorso
carnil at debian.org
Thu Jan 10 21:18:52 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
1ece7962 by Salvatore Bonaccorso at 2019-01-10T21:17:30Z
Correctly track CVE-2018-14041/twitter-bootstrap3
The issue was fixed in the 4.1.x series in 4.1.2 but CVE-2018-14041.
Cf.
https://github.com/twbs/bootstrap/issues/27915#issuecomment-452196628
and ff.
- - - - -
2 changed files:
- data/CVE/list
- data/next-point-update.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -29577,9 +29577,7 @@ CVE-2018-14042 (In Bootstrap before 4.1.2, XSS is possible in the data-container
NOTE: https://github.com/twbs/bootstrap/commit/2a5ba23ce8f041f3548317acc992ed8a736b609d
CVE-2018-14041 (In Bootstrap before 4.1.2, XSS is possible in the data-target property ...)
- twitter-bootstrap <not-affected> (Vulnerable code not present)
- - twitter-bootstrap3 3.4.0+dfsg-1 (low; bug #907414)
- [stretch] - twitter-bootstrap3 <no-dsa> (Minor issue)
- [jessie] - twitter-bootstrap3 <not-affected> (Vulnerable code not present)
+ - twitter-bootstrap3 <not-affected> (Vulnerable code not present)
NOTE: https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/
NOTE: https://github.com/twbs/bootstrap/issues/26423
NOTE: https://github.com/twbs/bootstrap/issues/26627
=====================================
data/next-point-update.txt
=====================================
@@ -124,7 +124,5 @@ CVE-2018-11237
[stretch] - glibc 2.24-11+deb9u4
CVE-2018-14040
[stretch] - twitter-bootstrap3 3.3.7+dfsg-3+deb9u1
-CVE-2018-14041
- [stretch] - twitter-bootstrap3 3.3.7+dfsg-3+deb9u1
CVE-2018-14042
[stretch] - twitter-bootstrap3 3.3.7+dfsg-3+deb9u1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1ece7962ca26b7b9e6d2441b2a734c378cff84b4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1ece7962ca26b7b9e6d2441b2a734c378cff84b4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190110/27bbbbf0/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list