twitter-bootstrap3 upstream fix

Salvatore Bonaccorso Thu, 10 Jan 2019 13:31:23 -0800

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
85d8d052 by Salvatore Bonaccorso at 2019-01-10T21:28:08Z
Add tag information for CVE-2018-20677/twitter-bootstrap3 upstream fix

- - - - -
dfee1504 by Salvatore Bonaccorso at 2019-01-10T21:28:39Z
Add CVE-2018-20676/twitter-bootstrap3 (specific to 3.x series)

- - - - -
bde9ba7e by Salvatore Bonaccorso at 2019-01-10T21:29:12Z
Clarify commits for CVE-2018-14042

- - - - -
7e9a5213 by Salvatore Bonaccorso at 2019-01-10T21:29:31Z
Reference fix for CVE-2018-14041

- - - - -
696ae8a2 by Salvatore Bonaccorso at 2019-01-10T21:29:49Z
Update commit references for CVE-2018-14040

- - - - -
5d7b5a82 by Salvatore Bonaccorso at 2019-01-10T21:30:12Z
Track fix for CVE-2018-20676/twitter-bootstrap3 via stretch-pu update

- - - - -


2 changed files:

- data/CVE/list
- data/next-point-update.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -867,9 +867,15 @@ CVE-2018-20677 (In Bootstrap before 3.4.0, XSS is possible 
in the affix configur
        NOTE: 
https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906
        NOTE: 
https://github.com/twbs/bootstrap/issues/27915#issuecomment-452196628
        NOTE: https://github.com/twbs/bootstrap/pull/27047
-       NOTE: 
https://github.com/twbs/bootstrap/commit/2a5ba23ce8f041f3548317acc992ed8a736b609d
+       NOTE: 
https://github.com/twbs/bootstrap/commit/2a5ba23ce8f041f3548317acc992ed8a736b609d
 (v3.4.0)
 CVE-2018-20676 (In Bootstrap before 3.4.0, XSS is possible in the tooltip 
data-viewport ...)
-       TODO: check
+       - twitter-bootstrap3 3.4.0+dfsg-1
+       [stretch] - twitter-bootstrap3 <no-dsa> (Minor issue)
+       NOTE: https://github.com/twbs/bootstrap/issues/27044
+       NOTE: 
https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906
+       NOTE: 
https://github.com/twbs/bootstrap/issues/27915#issuecomment-452196628
+       NOTE: https://github.com/twbs/bootstrap/pull/27047
+       NOTE: 
https://github.com/twbs/bootstrap/commit/2a5ba23ce8f041f3548317acc992ed8a736b609d
 (v3.4.0)
 CVE-2018-20675 (D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before 
...)
        NOT-FOR-US: D-Link
 CVE-2018-20674 (D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before 
...)
@@ -29580,7 +29586,8 @@ CVE-2018-14042 (In Bootstrap before 4.1.2, XSS is 
possible in the data-container
        NOTE: https://github.com/twbs/bootstrap/pull/26630
        NOTE: 
https://github.com/twbs/bootstrap/pull/26630/commits/efca80bb5bb34546a2e7a9488b89f71457d2ad92
        NOTE: https://snyk.io/vuln/npm:bootstrap:20180529
-       NOTE: 
https://github.com/twbs/bootstrap/commit/2a5ba23ce8f041f3548317acc992ed8a736b609d
+       NOTE: 
https://github.com/twbs/bootstrap/commit/2d90d369bbc2bd2647620246c55cec8c4705e3d0
 (v4.1.2)
+       NOTE: 
https://github.com/twbs/bootstrap/commit/2a5ba23ce8f041f3548317acc992ed8a736b609d
 (v3.4.0)
 CVE-2018-14041 (In Bootstrap before 4.1.2, XSS is possible in the data-target 
property ...)
        - twitter-bootstrap <not-affected> (Vulnerable code not present)
        - twitter-bootstrap3 <not-affected> (Vulnerable code not present)
@@ -29591,6 +29598,7 @@ CVE-2018-14041 (In Bootstrap before 4.1.2, XSS is 
possible in the data-target pr
        NOTE: 
https://github.com/twbs/bootstrap/pull/26630/commits/3229efc0811df29765c1d0a949c85362378b0628
        NOTE: https://snyk.io/vuln/npm:bootstrap:20160627
        NOTE: https://snyk.io/vuln/npm:bootstrap:20180529
+       NOTE: 
https://github.com/twbs/bootstrap/commit/cc61edfa8af7b5ec9d4888c59bf94377e499b78b
 (v4.1.2)
 CVE-2018-14040 (In Bootstrap before 4.1.2, XSS is possible in the collapse 
data-parent ...)
        {DLA-1479-1}
        - twitter-bootstrap <not-affected> (Vulnerable code not present)
@@ -29602,7 +29610,8 @@ CVE-2018-14040 (In Bootstrap before 4.1.2, XSS is 
possible in the collapse data-
        NOTE: https://github.com/twbs/bootstrap/pull/26630
        NOTE: 
https://github.com/twbs/bootstrap/pull/26630/commits/3ba186313e9e651bbd52a6a3a0305891dee0a621
        NOTE: https://snyk.io/vuln/npm:bootstrap:20180529
-       NOTE: 
https://github.com/twbs/bootstrap/commit/2a5ba23ce8f041f3548317acc992ed8a736b609d
+       NOTE: 
https://github.com/twbs/bootstrap/commit/149096016f70fd815540d62c0989fd99cdc809e0
 (v4.1.2)
+       NOTE: 
https://github.com/twbs/bootstrap/commit/2a5ba23ce8f041f3548317acc992ed8a736b609d
 (v3.4.0)
 CVE-2018-14039
        RESERVED
 CVE-2018-14038


=====================================
data/next-point-update.txt
=====================================
@@ -126,5 +126,7 @@ CVE-2018-14040
        [stretch] - twitter-bootstrap3 3.3.7+dfsg-3+deb9u1
 CVE-2018-14042
        [stretch] - twitter-bootstrap3 3.3.7+dfsg-3+deb9u1
+CVE-2018-20676
+       [stretch] - twitter-bootstrap3 3.3.7+dfsg-3+deb9u1
 CVE-2018-20677
        [stretch] - twitter-bootstrap3 3.3.7+dfsg-3+deb9u1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/ed2ce94e78778badbefd7852f1357a563527eb8b...5d7b5a82c01960e5996d460cfc88024964417e67

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/ed2ce94e78778badbefd7852f1357a563527eb8b...5d7b5a82c01960e5996d460cfc88024964417e67
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 6 commits: Add tag information for CVE-2018-20677/twitter-bootstrap3 upstream fix

Reply via email to