Debian Patches

Status for twitter-bootstrap4/4.6.2+dfsg-1

Patch Description Author Forwarded Bugs Origin Last update
do-not-update-copyright-year.diff Avoi updating copyright year during build This fixes reproducible debci Xavier Guimard <yadd@debian.org> not-needed 2020-10-10
dont-check-for-caniuse-lite-update.patch don't check for node-canuise-lite update Pirate Praveen <praveen@onenetbeyond.org> not-needed debian 2021-07-30
0003-CVE-2024-6531.patch CVE-2024-6531
An anchor element (<a>), when used for carousel navigation with a data-slide attribute,
can contain an href attribute value that is not subject to proper content sanitization.
Improper extraction of the intended target carousel’s #id from the href attribute
can lead to use cases where the click event’s preventDefault()
is not applied and the href is evaluated and executed.
As a result, restrictions are not applied to the data that is evaluated, which
can lead to potential XSS vulnerabilities.

return false in case of error that will avoid the XSS attack, and avoid further
treatment by the handler.
=?utf-8?q?Bastien_Roucari=C3=A8s?= <rouca@debian.org> yes debian upstream 2025-04-13

All known versions for source package 'twitter-bootstrap4'

Links