Salvatore Bonaccorso · Salvatore Bonaccorso · Salvatore Bonaccorso · Salvatore Bonaccorso · Salvatore Bonaccorso · Salvatore Bonaccorso
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -867,9 +867,15 @@ CVE-2018-20677 (In Bootstrap before 3.4.0, XSS is possible in the affix configur
 	NOTE: https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906
 	NOTE: https://github.com/twbs/bootstrap/issues/27915#issuecomment-452196628
 	NOTE: https://github.com/twbs/bootstrap/pull/27047
-	NOTE: https://github.com/twbs/bootstrap/commit/2a5ba23ce8f041f3548317acc992ed8a736b609d
+	NOTE: https://github.com/twbs/bootstrap/commit/2a5ba23ce8f041f3548317acc992ed8a736b609d (v3.4.0)
 CVE-2018-20676 (In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport ...)
-	TODO: check
+	- twitter-bootstrap3 3.4.0+dfsg-1
+	[stretch] - twitter-bootstrap3 <no-dsa> (Minor issue)
+	NOTE: https://github.com/twbs/bootstrap/issues/27044
+	NOTE: https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906
+	NOTE: https://github.com/twbs/bootstrap/issues/27915#issuecomment-452196628
+	NOTE: https://github.com/twbs/bootstrap/pull/27047
+	NOTE: https://github.com/twbs/bootstrap/commit/2a5ba23ce8f041f3548317acc992ed8a736b609d (v3.4.0)
 CVE-2018-20675 (D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before ...)
 	NOT-FOR-US: D-Link
 CVE-2018-20674 (D-Link DIR-822 C1 before v3.11B01Beta, DIR-822-US C1 before ...)
@@ -29580,7 +29586,8 @@ CVE-2018-14042 (In Bootstrap before 4.1.2, XSS is possible in the data-container
 	NOTE: https://github.com/twbs/bootstrap/pull/26630
 	NOTE: https://github.com/twbs/bootstrap/pull/26630/commits/efca80bb5bb34546a2e7a9488b89f71457d2ad92
 	NOTE: https://snyk.io/vuln/npm:bootstrap:20180529
-	NOTE: https://github.com/twbs/bootstrap/commit/2a5ba23ce8f041f3548317acc992ed8a736b609d
+	NOTE: https://github.com/twbs/bootstrap/commit/2d90d369bbc2bd2647620246c55cec8c4705e3d0 (v4.1.2)
+	NOTE: https://github.com/twbs/bootstrap/commit/2a5ba23ce8f041f3548317acc992ed8a736b609d (v3.4.0)
 CVE-2018-14041 (In Bootstrap before 4.1.2, XSS is possible in the data-target property ...)
 	- twitter-bootstrap <not-affected> (Vulnerable code not present)
 	- twitter-bootstrap3 <not-affected> (Vulnerable code not present)
@@ -29591,6 +29598,7 @@ CVE-2018-14041 (In Bootstrap before 4.1.2, XSS is possible in the data-target pr
 	NOTE: https://github.com/twbs/bootstrap/pull/26630/commits/3229efc0811df29765c1d0a949c85362378b0628
 	NOTE: https://snyk.io/vuln/npm:bootstrap:20160627
 	NOTE: https://snyk.io/vuln/npm:bootstrap:20180529
+	NOTE: https://github.com/twbs/bootstrap/commit/cc61edfa8af7b5ec9d4888c59bf94377e499b78b (v4.1.2)
 CVE-2018-14040 (In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent ...)
 	{DLA-1479-1}
 	- twitter-bootstrap <not-affected> (Vulnerable code not present)
@@ -29602,7 +29610,8 @@ CVE-2018-14040 (In Bootstrap before 4.1.2, XSS is possible in the collapse data-
 	NOTE: https://github.com/twbs/bootstrap/pull/26630
 	NOTE: https://github.com/twbs/bootstrap/pull/26630/commits/3ba186313e9e651bbd52a6a3a0305891dee0a621
 	NOTE: https://snyk.io/vuln/npm:bootstrap:20180529
-	NOTE: https://github.com/twbs/bootstrap/commit/2a5ba23ce8f041f3548317acc992ed8a736b609d
+	NOTE: https://github.com/twbs/bootstrap/commit/149096016f70fd815540d62c0989fd99cdc809e0 (v4.1.2)
+	NOTE: https://github.com/twbs/bootstrap/commit/2a5ba23ce8f041f3548317acc992ed8a736b609d (v3.4.0)
 CVE-2018-14039
 	RESERVED
 CVE-2018-14038
--- a/data/next-point-update.txt
+++ b/data/next-point-update.txt
@@ -126,5 +126,7 @@ CVE-2018-14040
 	[stretch] - twitter-bootstrap3 3.3.7+dfsg-3+deb9u1
 CVE-2018-14042
 	[stretch] - twitter-bootstrap3 3.3.7+dfsg-3+deb9u1
+CVE-2018-20676
+	[stretch] - twitter-bootstrap3 3.3.7+dfsg-3+deb9u1
 CVE-2018-20677
 	[stretch] - twitter-bootstrap3 3.3.7+dfsg-3+deb9u1