Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0c674f3e by Salvatore Bonaccorso at 2025-08-01T21:33:09+02:00
Two CVEs originally for Bootstrap rejected
In the end the were not security issues in Bootstrap. Bootstrap’s
JavaScript is not intended to sanitize unsafe or intentionally dangerous
HTML. As such, the reported behavior fell outside the scope of
Bootstrap’s security model, and the associated CVE has been rescinded.
- - - - -
2 changed files:
- data/CVE/list
- data/DLA/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -113648,14 +113648,8 @@ CVE-2024-6679 (A vulnerability classified as
critical has been found in witmy my
NOT-FOR-US: witmy my-springsecurity-plus
CVE-2024-6643
REJECTED
-CVE-2024-6531 (A vulnerability has been identified in Bootstrap that exposes
users to ...)
- {DLA-4125-1}
- - twitter-bootstrap4 4.6.1+dfsg1-5 (bug #1084059)
- [bookworm] - twitter-bootstrap4 4.6.1+dfsg1-4+deb12u1
- - twitter-bootstrap3 <not-affected> (Only affects 4.x)
- NOTE: https://www.herodevs.com/vulnerability-directory/cve-2024-6531
- NOTE: related to CVE-2024-6484/twitter-bootstrap3
- NOTE: Non-official patch:
https://salsa.debian.org/js-team/twitter-bootstrap4/-/blob/1925007041cf88bde02af23c9507ad9e7426e362/debian/patches/0003-CVE-2024-6531.patch
+CVE-2024-6531
+ REJECTED
CVE-2024-6528 (CWE-79: Improper Neutralization of Input During Web Page
Generation (' ...)
NOT-FOR-US: Schneider Electric
CVE-2024-6485 (A security vulnerability has been discovered in bootstrap that
could e ...)
@@ -113665,13 +113659,8 @@ CVE-2024-6485 (A security vulnerability has been
discovered in bootstrap that co
[bookworm] - twitter-bootstrap3 3.4.1+dfsg-3+deb12u1
NOTE: https://www.herodevs.com/vulnerability-directory/cve-2024-6485
NOTE: Non-official patch:
https://github.com/entreprise7pro/bootstrap/commit/769c032fd93d6f2c07599e096a736c5d09c041cf
-CVE-2024-6484 (A vulnerability has been identified in Bootstrap that exposes
users to ...)
- {DLA-4124-1}
- - twitter-bootstrap4 <not-affected> (Only affects 3.x)
- - twitter-bootstrap3 3.4.1+dfsg-4 (bug #1084060)
- [bookworm] - twitter-bootstrap3 3.4.1+dfsg-3+deb12u1
- NOTE: https://www.herodevs.com/vulnerability-directory/cve-2024-6484
- NOTE: Non-official patch:
https://github.com/odinserj/bootstrap/commit/0ea568be7ff0c1f72a693f5d782277a9e9872077
+CVE-2024-6484
+ REJECTED
CVE-2024-6407 (CWE-200: Information Exposure vulnerability exists that could
cause di ...)
NOT-FOR-US: Schneider Electric
CVE-2024-6035 (A Stored Cross-Site Scripting (XSS) vulnerability exists in
gaizhenbia ...)
=====================================
data/DLA/list
=====================================
@@ -408,10 +408,9 @@
{CVE-2024-56326 CVE-2025-27516}
[bullseye] - jinja2 2.11.3-1+deb11u3
[13 Apr 2025] DLA-4125-1 twitter-bootstrap4 - security update
- {CVE-2024-6531}
[bullseye] - twitter-bootstrap4 4.5.2+dfsg1-8~deb11u2
[13 Apr 2025] DLA-4124-1 twitter-bootstrap3 - security update
- {CVE-2024-6484 CVE-2024-6485}
+ {CVE-2024-6485}
[bullseye] - twitter-bootstrap3 3.4.1+dfsg-2+deb11u1
[12 Apr 2025] DLA-4123-1 wpa - security update
{CVE-2022-23303 CVE-2022-23304 CVE-2022-37660}
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0c674f3ec3ddbcf4f161964e8fa41b81cb9190dc
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0c674f3ec3ddbcf4f161964e8fa41b81cb9190dc
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
