Your message dated Fri, 04 Jan 2019 07:07:40 +0000 with message-id <e1gfja0-000bmu...@fasolo.debian.org> and subject line Bug#907414: fixed in twitter-bootstrap3 3.4.0+dfsg-1 has caused the Debian Bug report #907414, regarding twitter-bootstrap3: CVE-2018-14040 CVE-2018-14041 CVE-2018-14042 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 907414: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=907414 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: twitter-bootstrap3 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for twitter-bootstrap3. CVE-2018-14040[0]: | In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent | attribute. CVE-2018-14041[1]: | In Bootstrap before 4.1.2, XSS is possible in the data-target property | of scrollspy. CVE-2018-14042[2]: | In Bootstrap before 4.1.2, XSS is possible in the data-container | property of tooltip. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-14040 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14040 [1] https://security-tracker.debian.org/tracker/CVE-2018-14041 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14041 [2] https://security-tracker.debian.org/tracker/CVE-2018-14042 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14042 Please adjust the affected versions in the BTS as needed. --
signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---Source: twitter-bootstrap3 Source-Version: 3.4.0+dfsg-1 We believe that the bug you reported is fixed in the latest version of twitter-bootstrap3, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 907...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Xavier Guimard <y...@debian.org> (supplier of updated twitter-bootstrap3 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 04 Jan 2019 07:27:13 +0100 Source: twitter-bootstrap3 Binary: libjs-bootstrap Architecture: source Version: 3.4.0+dfsg-1 Distribution: unstable Urgency: medium Maintainer: Debian Javascript Maintainers <pkg-javascript-de...@lists.alioth.debian.org> Changed-By: Xavier Guimard <y...@debian.org> Closes: 907414 Description: libjs-bootstrap - HTML, CSS and JS framework Changes: twitter-bootstrap3 (3.4.0+dfsg-1) unstable; urgency=medium . * Team upload . [ Antonio Terceiro ] * debian/rules: use UTC dates to avoid unreproducibility across timezones during new year's eve/day. . [ Jelmer Vernooij ] * Use secure copyright file specification URI. . [ Xavier Guimard ] * New upstream version 3.4.0+dfsg (Closes: #907414) * Bump debhelper compatibility level to 12 * Declare compliance with policy 4.3.0 * Update VCS URLs * Update debian/copyright * Update lintian overrides * Change section to javascript * Add upstream/metadata * Update upstream changelog * Remove get-orig-source target in debian/rules * Update links to https Checksums-Sha1: 98ef552a000746a54511b2f42c2811a9d1d58c50 2122 twitter-bootstrap3_3.4.0+dfsg-1.dsc 6e154d7cd9051c3f98327040c11d8b641611552b 2007872 twitter-bootstrap3_3.4.0+dfsg.orig.tar.xz 1dc8a8e7fd9d57e9bd19964d6d8f5a14593f6178 51620 twitter-bootstrap3_3.4.0+dfsg-1.debian.tar.xz Checksums-Sha256: f7407320a5a2080200a15d89d455d7525a331bfed72b349bfffdf456e689ab5b 2122 twitter-bootstrap3_3.4.0+dfsg-1.dsc 738555a9d39e62ceef37ff7d04f0971d643e8e7f5384f4884ee0ee0c5771c1b2 2007872 twitter-bootstrap3_3.4.0+dfsg.orig.tar.xz 57331bd3a8577ca37adabca671d0d2f39a981977a2e507d62d0ba5446e10af33 51620 twitter-bootstrap3_3.4.0+dfsg-1.debian.tar.xz Files: d2fd9ee3fe99328d100a99a92b024d22 2122 javascript optional twitter-bootstrap3_3.4.0+dfsg-1.dsc b195d03c0357e9aeb141d186c6a5021e 2007872 javascript optional twitter-bootstrap3_3.4.0+dfsg.orig.tar.xz 561ae91f473c6671064a60304304a9d1 51620 javascript optional twitter-bootstrap3_3.4.0+dfsg-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQJEBAEBCgAuFiEEAN/li4tVV3nRAF7J9tdMp8mZ7ukFAlwvAM4QHHlhZGRAZGVi aWFuLm9yZwAKCRD210ynyZnu6cgUD/94+5vS0exS7CrqPlC6xPvG/O7D9lnzEPIy 10rVtnUrjzzzjnXXs7xb/qnOUPKY0REmKk/caYrnYQlBOgR5XLf1SJvBk1YaehAk +/4f71SxKtmtRZ8pruTMog0hFyebyecro3Thl2SNWNoI6vEvLUy9Aaooz7TZb+Nb gcL6ob1QAHMWI8mIYhmGmym/L0+gekgbjsFfXEvdUGXaf25jWRzD6puf7ryVH6AF LkSoxRzKkFmSlzDist8A0HifuuQziV8HynRKllanqDLGfk1h4XhuuPxASbkVXDFG oEtdOTIReADErVU+Wi6WmCowbVQzJFJ7+U7cUoLtIodBkNX1sIjLlCXhgfPYDWib dUdBdtXVIzjnAee7aq70R+p2y5AbBR2wNvgRgs9Wmw+SixlSSRDBoiJx6bkgZn+l Genc56JPZSNZuDQc3uivSF1oBCn0uERZASzQDP4f5B8xJ+lQ6S9yZ4mk4m5pQk/E tN457V4TG98+NtnLA0VD0MnksLRN6Lu3A8E3WxgVz54dt1aEBt4BdKGpFaC5R3h4 +kMMdqvy3iKCgBKgoqLxcGpiohRH31t/PyVmcdT3/aT6yG2ONVuPueOvsM+CQv5y LFowYbIaqUVBt9mc2cjJIl5lU7eDhJmkUTpRFhBCuBpDrt/eBQWNlZ9tjlOLMPBO 4vDSajXRhw== =f35m -----END PGP SIGNATURE-----
--- End Message ---
-- Pkg-javascript-devel mailing list Pkg-javascript-devel@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
