Antoine Beaupré · Antoine Beaupré · 2a6bb31c · 2a6bb31c · 2a6bb31c
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -4528,7 +4528,7 @@ CVE-2018-14043 (mstdlib (aka the M Standard Library for C) 1.2.0 has incorrect f
 	NOT-FOR-US: mstdlib
 CVE-2018-14042 (In Bootstrap before 4.1.2, XSS is possible in the data-container ...)
 	- twitter-bootstrap <unfixed>
-	- twitter-bootstrap3 <unfixed>
+	- twitter-bootstrap3 <unfixed> (bug #907414)
 	[jessie] - twitter-bootstrap <not-affected> (Vulnerable code not present)
 	[jessie] - twitter-bootstrap3 <not-affected> (Vulnerable code not present)
 	NOTE: https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/
@@ -4538,7 +4538,7 @@ CVE-2018-14042 (In Bootstrap before 4.1.2, XSS is possible in the data-container
 	NOTE: https://github.com/twbs/bootstrap/pull/26630/commits/efca80bb5bb34546a2e7a9488b89f71457d2ad92
 CVE-2018-14041 (In Bootstrap before 4.1.2, XSS is possible in the data-target property ...)
 	- twitter-bootstrap <unfixed>
-	- twitter-bootstrap3 <unfixed>
+	- twitter-bootstrap3 <unfixed> (bug #907414)
 	[jessie] - twitter-bootstrap <not-affected> (Vulnerable code not present)
 	[jessie] - twitter-bootstrap3 <not-affected> (Vulnerable code not present)
 	NOTE: https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/
@@ -4548,7 +4548,7 @@ CVE-2018-14041 (In Bootstrap before 4.1.2, XSS is possible in the data-target pr
 	NOTE: https://github.com/twbs/bootstrap/pull/26630/commits/3229efc0811df29765c1d0a949c85362378b0628
 CVE-2018-14040 (In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent ...)
 	- twitter-bootstrap <unfixed>
-	- twitter-bootstrap3 <unfixed>
+	- twitter-bootstrap3 <unfixed> (bug #907414)
 	[jessie] - twitter-bootstrap <not-affected> (Vulnerable code not present)
 	NOTE: https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2/
 	NOTE: https://github.com/twbs/bootstrap/issues/26423
--- a/data/DLA/list
+++ b/data/DLA/list
+[27 Aug 2018] DLA-1479-1 twitter-bootstrap3 - security update
+	{CVE-2018-14040}
+	[jessie] - twitter-bootstrap3 3.2.0+dfsg-1+deb7u1
 [26 Aug 2018] DLA-1478-1 libextractor - security update
 	{CVE-2018-14346 CVE-2018-14347}
 	[jessie] - libextractor 1:1.3-2+deb8u2

--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -122,8 +122,5 @@ tomcat8 (Roberto C. Sánchez)
 twig (Abhijith PA)
  NOTE: 20180824: https://mobile.twitter.com/jameel_nabbo/status/1032593354704515072?s=20
 --
-twitter-bootstrap3 (Antoine Beaupre)
-  NOTE: See debian-lts post: https://lists.debian.org/debian-lts/2018/08/msg00010.html
--
 xen (Emilio Pozuelo)
 --