[Git][security-tracker-team/security-tracker][master] 2 commits: Add CVE-2018-20677/twitter-boostrap3 (specific to 3.x series)

Thu, 10 Jan 2019 13:24:09 -0800 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
8cedc4f2 by Salvatore Bonaccorso at 2019-01-10T21:22:13Z
Add CVE-2018-20677/twitter-boostrap3 (specific to 3.x series)

- - - - -
ed2ce94e by Salvatore Bonaccorso at 2019-01-10T21:23:22Z
Add CVE-2018-20677 for proposed twitter-bootstrap3 stretch-pu

- - - - -


2 changed files:

- data/CVE/list
- data/next-point-update.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -861,7 +861,13 @@ CVE-2019-5721 (In Wireshark 2.4.0 to 2.4.11, the ENIP 
dissector could crash. Thi
        NOTE: Fix for 2.4.x was a cherry pick of:
        NOTE: 
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=177962a5b4a05759b40fb6fc07a4a6eec306a9bf
 (2.5.1)
 CVE-2018-20677 (In Bootstrap before 3.4.0, XSS is possible in the affix 
configuration ...)
-       TODO: check
+       - twitter-bootstrap3 3.4.0+dfsg-1
+       [stretch] - twitter-bootstrap3 <no-dsa> (Minor issue)
+       NOTE: https://github.com/twbs/bootstrap/issues/27045
+       NOTE: 
https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906
+       NOTE: 
https://github.com/twbs/bootstrap/issues/27915#issuecomment-452196628
+       NOTE: https://github.com/twbs/bootstrap/pull/27047
+       NOTE: 
https://github.com/twbs/bootstrap/commit/2a5ba23ce8f041f3548317acc992ed8a736b609d
 CVE-2018-20676 (In Bootstrap before 3.4.0, XSS is possible in the tooltip 
data-viewport ...)
        TODO: check
 CVE-2018-20675 (D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before 
...)


=====================================
data/next-point-update.txt
=====================================
@@ -126,3 +126,5 @@ CVE-2018-14040
        [stretch] - twitter-bootstrap3 3.3.7+dfsg-3+deb9u1
 CVE-2018-14042
        [stretch] - twitter-bootstrap3 3.3.7+dfsg-3+deb9u1
+CVE-2018-20677
+       [stretch] - twitter-bootstrap3 3.3.7+dfsg-3+deb9u1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/1ece7962ca26b7b9e6d2441b2a734c378cff84b4...ed2ce94e78778badbefd7852f1357a563527eb8b

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/1ece7962ca26b7b9e6d2441b2a734c378cff84b4...ed2ce94e78778badbefd7852f1357a563527eb8b
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to