[Git][security-tracker-team/security-tracker][master] Add CVE-2018-10735/twitter-bootstrap* issue

Salvatore Bonaccorso carnil at debian.org
Thu Jan 10 21:37:16 GMT 2019 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f917f464 by Salvatore Bonaccorso at 2019-01-10T21:36:15Z
Add CVE-2018-10735/twitter-bootstrap* issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -881,7 +881,17 @@ CVE-2018-20675 (D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before ...)
 CVE-2018-20674 (D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before ...)
 	NOT-FOR-US: D-Link
 CVE-2016-10735 (In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is ...)
-	TODO: check
+	- twitter-bootstrap4 <not-affected> (Fixed before initial upload to Debian)
+	- twitter-bootstrap3 3.4.0+dfsg-1
+	[stretch] - twitter-bootstrap3 <no-dsa> (Minor issue)
+	NOTE: https://github.com/twbs/bootstrap/commit/bcad4bcb5f5a9ef079b2883a48a698b35261e083 (v4.0.0-beta.2)
+	NOTE: https://github.com/twbs/bootstrap/commit/29f9237f735b90dbc89e003db0c62dec2db0b308 (v3.4.0)
+	NOTE: https://github.com/twbs/bootstrap/commit/13bf8aeae3db71e28af69782328c22215795c169 (v3.4.0)
+	NOTE: https://github.com/twbs/bootstrap/issues/20184
+	NOTE: hhtps://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906
+	NOTE: https://github.com/twbs/bootstrap/pull/23679
+	NOTE: https://github.com/twbs/bootstrap/pull/23687
+	NOTE: https://github.com/twbs/bootstrap/pull/26460
 CVE-2019-5720 (includes/db/class.reflines_db.inc in FrontAccounting 2.4.6 contains a ...)
 	- frontaccounting <removed>
 CVE-2019-5719 (In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the ISAKMP dissector ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f917f464b038fc56ae1f02d0b68d51c5d93b0e4f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f917f464b038fc56ae1f02d0b68d51c5d93b0e4f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190110/666002a1/attachment.html>

More information about the debian-security-tracker-commits mailing list