Debian Patches
Status for twitter-bootstrap3/3.4.1+dfsg-6
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 2001_privacy.patch | Avoid privacy breach in documentation | Jonas Smedegaard <dr@jones.dk> | no | 2019-01-21 | ||
| 0002-CVE-2024-6484.patch | CVE-2024-6484 Fix this vulnerability by checking before calling if the target is a carousel and disabling further event calling if not |
=?utf-8?q?Bastien_Roucari=C3=A8s?= <rouca@debian.org> | yes | debian upstream | backport, https://github.com/odinserj/bootstrap/commit/0ea568be7ff0c1f72a693f5d782277a9e9872077 | 2025-04-10 |
| 0003-CVE-2024-6485.patch | CVE-2024-6485 Sanitize data[state] avoiding thus XSS |
=?utf-8?q?Bastien_Roucari=C3=A8s?= <rouca@debian.org> | yes | debian upstream | backport, https://github.com/entreprise7pro/bootstrap/commit/769c032fd93d6f2c07599e096a736c5d09c041cf | 2025-04-10 |
| CVE-2025-1647.patch | CVE-2025-1647 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Bootstrap allows Cross-Site Scripting (XSS) DOM-based cross-site scripting (XSS) via DOM clobbering occurs when an attacker manipulates the Document Object Model (DOM) to overwrite or "clobber" an existing DOM object, leading to the execution of malicious scripts. document.implementation should be tested against well known type Use DOMParser if possible (supported since 2015) in order to create a DoS in case of document.implementation overriden. |
=?utf-8?q?Bastien_Roucari=C3=A8s?= <rouca@debian.org> | yes | upstream | 2025-05-30 |
All known versions for source package 'twitter-bootstrap3'
- 3.4.1+dfsg-6 (trixie, sid)
- 3.4.1+dfsg-3+deb12u1 (bookworm)
- 3.4.1+dfsg-2+deb11u2 (bullseye-security)
- 3.4.1+dfsg-2 (bullseye)