Debian Patches
Status for twitter-bootstrap4/4.6.2+dfsg-1
Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
---|---|---|---|---|---|---|
do-not-update-copyright-year.diff | Avoi updating copyright year during build This fixes reproducible debci | Xavier Guimard <yadd@debian.org> | not-needed | 2020-10-10 | ||
dont-check-for-caniuse-lite-update.patch | don't check for node-canuise-lite update | Pirate Praveen <praveen@onenetbeyond.org> | not-needed | debian | 2021-07-30 | |
0003-CVE-2024-6531.patch | CVE-2024-6531 An anchor element (<a>), when used for carousel navigation with a data-slide attribute, can contain an href attribute value that is not subject to proper content sanitization. Improper extraction of the intended target carousel’s #id from the href attribute can lead to use cases where the click event’s preventDefault() is not applied and the href is evaluated and executed. As a result, restrictions are not applied to the data that is evaluated, which can lead to potential XSS vulnerabilities. return false in case of error that will avoid the XSS attack, and avoid further treatment by the handler. |
=?utf-8?q?Bastien_Roucari=C3=A8s?= <rouca@debian.org> | yes | debian upstream | 2025-04-13 |
All known versions for source package 'twitter-bootstrap4'
- 4.6.2+dfsg-1 (sid, trixie)
- 4.6.1+dfsg1-4+deb12u1 (bookworm)
- 4.5.2+dfsg1-8~deb11u2 (bullseye-security)
- 4.5.2+dfsg1-8~deb11u1 (bullseye)