[Git][security-tracker-team/security-tracker][master] 2 commits: Triage CVE-2018-20679 in busybox for jessie LTS.
Chris Lamb
lamby at debian.org
Fri Jan 11 09:17:23 GMT 2019
Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6acf0f36 by Chris Lamb at 2019-01-11T09:15:26Z
Triage CVE-2018-20679 in busybox for jessie LTS.
- - - - -
516bc45d by Chris Lamb at 2019-01-11T09:16:19Z
Triage CVE-2018-20677, CVE-2018-20676 and CVE-2016-10735 in twitter-bootstrap3 for jessie LTS.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -908,6 +908,7 @@ CVE-2018-20680 (Frog CMS 0.9.5 has XSS in the admin/?/page/edit/1 body field. ..
CVE-2018-20679 (An issue was discovered in BusyBox before 1.30.0. An out of bounds read ...)
- busybox <unfixed> (low; bug #918846)
[stretch] - busybox <no-dsa> (Minor issue)
+ [jessie] - busybox <no-dsa> (Minor issue)
NOTE: https://bugs.busybox.net/show_bug.cgi?id=11506
NOTE: https://git.busybox.net/busybox/commit/?id=6d3b4bb24da9a07c263f3c1acf8df85382ff562c
NOTE: When fixing this issue make sure to not open CVE-2019-5747 by only
@@ -957,6 +958,7 @@ CVE-2019-5721 (In Wireshark 2.4.0 to 2.4.11, the ENIP dissector could crash. Thi
CVE-2018-20677 (In Bootstrap before 3.4.0, XSS is possible in the affix configuration ...)
- twitter-bootstrap3 3.4.0+dfsg-1
[stretch] - twitter-bootstrap3 <no-dsa> (Minor issue)
+ [jessie] - twitter-bootstrap3 <no-dsa> (Minor issue)
NOTE: https://github.com/twbs/bootstrap/issues/27045
NOTE: https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906
NOTE: https://github.com/twbs/bootstrap/issues/27915#issuecomment-452196628
@@ -965,6 +967,7 @@ CVE-2018-20677 (In Bootstrap before 3.4.0, XSS is possible in the affix configur
CVE-2018-20676 (In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport ...)
- twitter-bootstrap3 3.4.0+dfsg-1
[stretch] - twitter-bootstrap3 <no-dsa> (Minor issue)
+ [jessie] - twitter-bootstrap3 <no-dsa> (Minor issue)
NOTE: https://github.com/twbs/bootstrap/issues/27044
NOTE: https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906
NOTE: https://github.com/twbs/bootstrap/issues/27915#issuecomment-452196628
@@ -978,6 +981,7 @@ CVE-2016-10735 (In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2,
- twitter-bootstrap4 <not-affected> (Fixed before initial upload to Debian)
- twitter-bootstrap3 3.4.0+dfsg-1
[stretch] - twitter-bootstrap3 <no-dsa> (Minor issue)
+ [jessie] - twitter-bootstrap3 <no-dsa> (Minor issue)
NOTE: https://github.com/twbs/bootstrap/commit/bcad4bcb5f5a9ef079b2883a48a698b35261e083 (v4.0.0-beta.2)
NOTE: https://github.com/twbs/bootstrap/commit/29f9237f735b90dbc89e003db0c62dec2db0b308 (v3.4.0)
NOTE: https://github.com/twbs/bootstrap/commit/13bf8aeae3db71e28af69782328c22215795c169 (v3.4.0)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/9b5b7f80c823a4b7166c2f8861058561a5f0098f...516bc45df1555bf8ebb0094775e17c752926462e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/9b5b7f80c823a4b7166c2f8861058561a5f0098f...516bc45df1555bf8ebb0094775e17c752926462e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190111/62bc304d/attachment.html>
More information about the debian-security-tracker-commits
mailing list