[Git][security-tracker-team/security-tracker][master] twitter-boostrap: reference patches shipped in recent updates

Thu Apr 17 16:10:46 BST 2025


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f88f1e25 by Sylvain Beucler at 2025-04-17T17:09:43+02:00
twitter-boostrap: reference patches shipped in recent updates

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -81386,7 +81386,7 @@ CVE-2024-6531 (A vulnerability has been identified in Bootstrap that exposes use
 	- twitter-bootstrap3 <not-affected> (Only affects 4.x)
 	NOTE: https://www.herodevs.com/vulnerability-directory/cve-2024-6531
 	NOTE: related to CVE-2024-6484/twitter-bootstrap3
-	NOTE: Fixed by https://salsa.debian.org/js-team/twitter-bootstrap4/-/blob/1925007041cf88bde02af23c9507ad9e7426e362/debian/patches/0003-CVE-2024-6531.patch
+	NOTE: Non-official patch: https://salsa.debian.org/js-team/twitter-bootstrap4/-/blob/1925007041cf88bde02af23c9507ad9e7426e362/debian/patches/0003-CVE-2024-6531.patch
 CVE-2024-6528 (CWE-79: Improper Neutralization of Input During Web Page Generation (' ...)
 	NOT-FOR-US: Schneider Electric
 CVE-2024-6485 (A security vulnerability has been discovered in bootstrap that could e ...)
@@ -81395,12 +81395,14 @@ CVE-2024-6485 (A security vulnerability has been discovered in bootstrap that co
 	- twitter-bootstrap3 3.4.1+dfsg-4 (bug #1084060)
 	[bookworm] - twitter-bootstrap3 <postponed> (Minor issue, revisit when fixed upstream)
 	NOTE: https://www.herodevs.com/vulnerability-directory/cve-2024-6485
+	NOTE: Non-official patch: https://github.com/entreprise7pro/bootstrap/commit/769c032fd93d6f2c07599e096a736c5d09c041cf
 CVE-2024-6484 (A vulnerability has been identified in Bootstrap that exposes users to ...)
 	{DLA-4124-1}
 	- twitter-bootstrap4 <not-affected> (Only affects 3.x)
 	- twitter-bootstrap3 3.4.1+dfsg-4 (bug #1084060)
 	[bookworm] - twitter-bootstrap3 <postponed> (Minor issue, revisit when fixed upstream)
 	NOTE: https://www.herodevs.com/vulnerability-directory/cve-2024-6484
+	NOTE: Non-official patch: https://github.com/odinserj/bootstrap/commit/0ea568be7ff0c1f72a693f5d782277a9e9872077
 CVE-2024-6407 (CWE-200: Information Exposure vulnerability exists that could cause di ...)
 	NOT-FOR-US: Schneider Electric
 CVE-2024-6035 (A Stored Cross-Site Scripting (XSS) vulnerability exists in gaizhenbia ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f88f1e25f0f2fdd1b1a0234712433ea83aba9418

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f88f1e25f0f2fdd1b1a0234712433ea83aba9418
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250417/9458fafe/attachment.htm>
