data/CVE/list

@@ -861,7 +861,13 @@ CVE-2019-5721 (In Wireshark 2.4.0 to 2.4.11, the ENIP dissector could crash. Thi
 	NOTE: Fix for 2.4.x was a cherry pick of:
 	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=177962a5b4a05759b40fb6fc07a4a6eec306a9bf (2.5.1)
 CVE-2018-20677 (In Bootstrap before 3.4.0, XSS is possible in the affix configuration ...)
-	TODO: check
+	- twitter-bootstrap3 3.4.0+dfsg-1
+	[stretch] - twitter-bootstrap3 <no-dsa> (Minor issue)
+	NOTE: https://github.com/twbs/bootstrap/issues/27045
+	NOTE: https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906
+	NOTE: https://github.com/twbs/bootstrap/issues/27915#issuecomment-452196628
+	NOTE: https://github.com/twbs/bootstrap/pull/27047
+	NOTE: https://github.com/twbs/bootstrap/commit/2a5ba23ce8f041f3548317acc992ed8a736b609d
 CVE-2018-20676 (In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport ...)
 	TODO: check
 CVE-2018-20675 (D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before ...)

data/next-point-update.txt

@@ -126,3 +126,5 @@ CVE-2018-14040
 	[stretch] - twitter-bootstrap3 3.3.7+dfsg-3+deb9u1
 CVE-2018-14042
 	[stretch] - twitter-bootstrap3 3.3.7+dfsg-3+deb9u1
+CVE-2018-20677
+	[stretch] - twitter-bootstrap3 3.3.7+dfsg-3+deb9u1