[Git][security-tracker-team/security-tracker][master] new twitter-bootstrap3 issue

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri May 16 14:02:49 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f8812ba0 by Moritz Muehlenhoff at 2025-05-16T15:02:30+02:00
new twitter-bootstrap3 issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -13,7 +13,6 @@ CVE-2025-XXXX [Buffer overflow in syntax highlighting of evaluated expressions]
 	NOTE: https://weechat.org/doc/weechat/security/WSA-2025-5/
 	NOTE: Introduced with: https://github.com/weechat/weechat/commit/87f74e9f9544a7e3b7e4ffd0acc40841b8eb79e8 (v4.2.0)
 	NOTE: Fixed by: https://github.com/weechat/weechat/commit/334f88ae2c5f221e63b163a3c3ad4c98e437be35 (v4.6.3)
-
 CVE-2025-XXXX [Buffer overflow in parsing of date/time]
 	- weechat <unfixed> (bug #1104554)
 	NOTE: https://weechat.org/doc/weechat/security/WSA-2025-4/
@@ -566,7 +565,7 @@ CVE-2025-4476 [libsoup: Null pointer dereference in libsoup may lead to Denial O
 	NOTE: https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/457
 	NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libsoup/-/commit/e64c221f9c7d09b48b610c5626b3b8c400f0907c
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2366513
-	TODO: check if affects as well ibsoup2.4
+	TODO: check if affects as well libsoup2.4
 CVE-2025-4123
 	- grafana <removed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2364632
@@ -715,7 +714,9 @@ CVE-2025-2527 (Mattermost versions 10.5.x <= 10.5.2, 9.11.x <= 9.11.11 failed to
 CVE-2025-26481 (Dell PowerScale OneFS, versions 9.4.0.0 through 9.9.0.0, contains an u ...)
 	NOT-FOR-US: Dell / EMC
 CVE-2025-1647 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
-	TODO: check
+	- twitter-bootstrap4 <not-affected> (Only affects 3.x)
+	- twitter-bootstrap3 <unfixed>
+	NOTE: https://www.herodevs.com/vulnerability-directory/cve-2025-1647
 CVE-2024-56006 (Missing Authorization vulnerability in Automattic Jetpack Debug Tools. ...)
 	NOT-FOR-US: WordPress plugin or theme
 CVE-2024-52880 (An issue was discovered in Insyde InsydeH2O kernel 5.2 before version  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f8812ba07b3587e068c6d5a3ce3f69341f1ee281

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f8812ba07b3587e068c6d5a3ce3f69341f1ee281
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250516/77e8a5c5/attachment.htm>

More information about the debian-security-tracker-commits mailing list