|
|
Subscribe / Log in / New account

Debian alert DLA-4124-1 (twitter-bootstrap3)



From:
              rouca@debian.org


To:
              <debian-lts-announce@lists.debian.org>


Subject:
              [SECURITY] [DLA 4124-1] twitter-bootstrap3 security update


Date:
              Sun, 13 Apr 2025 16:15:41 +0200


Message-ID:
              <18fbb88326927189baac6da9d478079d@debian.org>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4124-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                   Bastien Roucariès
April 13, 2025                                https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : twitter-bootstrap3
Version        : 3.4.1+dfsg-2+deb11u1
CVE ID         : CVE-2024-6484 CVE-2024-6485
Debian Bug     : 1084060

Bootstrap (formerly Twitter Bootstrap), a free and open-source CSS framework,
was affected by XSS vulnerabilities.

If you use bootstrap through a module bundler, you may need to rebuild your
application.

For Debian 11 bullseye, these problems have been fixed in version
3.4.1+dfsg-2+deb11u1.

We recommend that you upgrade your twitter-bootstrap3 packages.

For the detailed security status of twitter-bootstrap3 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/twitter-bootstrap3

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmf7xw0ACgkQADoaLapB
CF+F/g/8CaMpchv9eTx6x9UXu7te0do6xCMeNCPD1Rn/WOOS/dJ9eyCSggZuZLZX
H/3jWWW2+uD6JHydMk8q0fY3YJlwoZ09iGRGs/+8E0N59FZMMvVd88K4AnWQLpgU
/sjLdA7ewo8vv14fDNk3pydmKvhgaxBlVGfgR5zY+ttCYQlYrAu3RYxsXs8odItz
E09Y1jRGOS0nwV2Ug5vZWNJ7U/MNhfekDmjVrur3KFKsWji07rtn4Xo+tZyYOWP0
i+b4moYbOlu8g/N8Q4xmqDbxrtaZaLn14DmOBayuI4sk1Hn6LPAwIwITFGdWWZ2B
RXBNOG+tug8ZIYbLqCWM5KuL8BywOFrkWkDA/hfVq69ok2TzAi2TLXVw+KLNYXKe
9d9hgMsEZh4TCQCVBsdy/XIqpK2nCx+RW1j8d5kYE/AvjnRbPKiZcJaD+xyxKHJA
HbcPt8ZbIFRC6HSVBlAJELtaNaGixw7NNeWidPJ1x1gNtG/v8QzErXT3A5qNSFnX
Ml8CCgnmAIpEGgBQI6Y2QAehGg0G+lpuy5PAYOYbdZm/4VvKQicMI2ZSbUaNeRqj
kPKP1BPzzQqptB+VU3hTV1cxrsGGyTAYLIfBCm05d3xROFBdYoJ+SKtsrEsQnt9p
WcTXacXGTOOselmL13eGffJtGDzHiQiUIR6ptj8ixlmYG00c6zM=
=bsCn
-----END PGP SIGNATURE-----
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds