Sylvain Beucler pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f88f1e25 by Sylvain Beucler at 2025-04-17T17:09:43+02:00
twitter-boostrap: reference patches shipped in recent updates
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -81386,7 +81386,7 @@ CVE-2024-6531 (A vulnerability has been identified in
Bootstrap that exposes use
- twitter-bootstrap3 <not-affected> (Only affects 4.x)
NOTE: https://www.herodevs.com/vulnerability-directory/cve-2024-6531
NOTE: related to CVE-2024-6484/twitter-bootstrap3
- NOTE: Fixed by
https://salsa.debian.org/js-team/twitter-bootstrap4/-/blob/1925007041cf88bde02af23c9507ad9e7426e362/debian/patches/0003-CVE-2024-6531.patch
+ NOTE: Non-official patch:
https://salsa.debian.org/js-team/twitter-bootstrap4/-/blob/1925007041cf88bde02af23c9507ad9e7426e362/debian/patches/0003-CVE-2024-6531.patch
CVE-2024-6528 (CWE-79: Improper Neutralization of Input During Web Page
Generation (' ...)
NOT-FOR-US: Schneider Electric
CVE-2024-6485 (A security vulnerability has been discovered in bootstrap that
could e ...)
@@ -81395,12 +81395,14 @@ CVE-2024-6485 (A security vulnerability has been
discovered in bootstrap that co
- twitter-bootstrap3 3.4.1+dfsg-4 (bug #1084060)
[bookworm] - twitter-bootstrap3 <postponed> (Minor issue, revisit when
fixed upstream)
NOTE: https://www.herodevs.com/vulnerability-directory/cve-2024-6485
+ NOTE: Non-official patch:
https://github.com/entreprise7pro/bootstrap/commit/769c032fd93d6f2c07599e096a736c5d09c041cf
CVE-2024-6484 (A vulnerability has been identified in Bootstrap that exposes
users to ...)
{DLA-4124-1}
- twitter-bootstrap4 <not-affected> (Only affects 3.x)
- twitter-bootstrap3 3.4.1+dfsg-4 (bug #1084060)
[bookworm] - twitter-bootstrap3 <postponed> (Minor issue, revisit when
fixed upstream)
NOTE: https://www.herodevs.com/vulnerability-directory/cve-2024-6484
+ NOTE: Non-official patch:
https://github.com/odinserj/bootstrap/commit/0ea568be7ff0c1f72a693f5d782277a9e9872077
CVE-2024-6407 (CWE-200: Information Exposure vulnerability exists that could
cause di ...)
NOT-FOR-US: Schneider Electric
CVE-2024-6035 (A Stored Cross-Site Scripting (XSS) vulnerability exists in
gaizhenbia ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f88f1e25f0f2fdd1b1a0234712433ea83aba9418
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f88f1e25f0f2fdd1b1a0234712433ea83aba9418
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
