[Pkg-javascript-devel] Bug#1102923: bookworm-pu: package twitter-bootstrap3/3.4.1+dfsg-3+deb12u1
Bastien Roucaries
rouca at debian.org
Sun Apr 13 10:08:23 BST 2025
Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: twitter-bootstrap3 at packages.debian.org
Control: affects -1 + src:twitter-bootstrap3
User: release.debian.org at packages.debian.org
Usertags: pu
[ Reason ]
XSS security problems
[ Impact ]
Vulnerability to XSS attack
[ Tests ]
No but tested manually using POC.
[ Risks ]
Low
[ Checklist ]
[X] *all* changes are documented in the d/changelog
[X] I reviewed all changes and I approve them
[X] attach debdiff against the package in (old)stable
[X] the issue is verified as fixed in unstable
[ Changes ]
CVE-2024-6485/CVE-2024-6484
[ Other info ]
May need a rebuild of static linked (webpacked/rollup...) package.
But need first to get in bookworm.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: u1.debdiff
Type: text/x-patch
Size: 5595 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-javascript-devel/attachments/20250413/eb0482d2/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <http://alioth-lists.debian.net/pipermail/pkg-javascript-devel/attachments/20250413/eb0482d2/attachment.sig>
More information about the Pkg-javascript-devel
mailing list