[Pkg-javascript-devel] Bug#907414: twitter-bootstrap3: CVE-2018-14040 CVE-2018-14041 CVE-2018-14042
Antoine Beaupre
anarcat at debian.org
Mon Aug 27 19:29:09 BST 2018
Package: twitter-bootstrap3
X-Debbugs-CC: team at security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for twitter-bootstrap3.
CVE-2018-14040[0]:
| In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent
| attribute.
CVE-2018-14041[1]:
| In Bootstrap before 4.1.2, XSS is possible in the data-target property
| of scrollspy.
CVE-2018-14042[2]:
| In Bootstrap before 4.1.2, XSS is possible in the data-container
| property of tooltip.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-14040
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14040
[1] https://security-tracker.debian.org/tracker/CVE-2018-14041
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14041
[2] https://security-tracker.debian.org/tracker/CVE-2018-14042
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14042
Please adjust the affected versions in the BTS as needed.
--
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-javascript-devel/attachments/20180827/b6088a8b/attachment.sig>
More information about the Pkg-javascript-devel
mailing list