[SECURITY] [DLA 4125-1] twitter-bootstrap4 security update

To: <debian-lts-announce@lists.debian.org>
Subject: [SECURITY] [DLA 4125-1] twitter-bootstrap4 security update
From: rouca@debian.org
Date: Sun, 13 Apr 2025 16:51:09 +0200
Message-id: <[🔎] 62a7510062746d81a3b01d0be681d18a@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4125-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                   Bastien RoucariÃ¨s
April 13, 2025                                https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : twitter-bootstrap4
Version        : 4.5.2+dfsg1-8~deb11u2
CVE ID         : CVE-2024-6531
Debian Bug     : 1084059

Bootstrap (formerly Twitter Bootstrap), a free and open-source CSS framework,
was affected by a XSS vulnerability in the carousel component.

If you use bootstrap through a module bundler, you may need to rebuild your
application.

For Debian 11 bullseye, this problem has been fixed in version
4.5.2+dfsg1-8~deb11u2.

We recommend that you upgrade your twitter-bootstrap4 packages.

For the detailed security status of twitter-bootstrap4 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/twitter-bootstrap4

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmf7z1wACgkQADoaLapB
CF+dQw/+L+9ylVtYiSQoKUiqw+VgQZ49pa3tjWm4Pt+GyvlW3WYMKoDqxWx4BChG
Ib/E2e+6t8z3OslxrbTMaBVQj1ouhgh8USAxL5eHBIXtG5itGSTLpXLKsOnqHde0
RcEH4tPWoG2upnc9FQZoOhWqfVDPX9n6pa/QkTF/jUueN9k397iO7tWNe4rFlg2x
59630+1FoIL0lK2vQR8vy7668xdbI3EC+Hvu7jT104e6cAohAyUijz4/T2lfJX6t
lK/vuD4TtEUvpvVLXvm58AU6VzKjJW0xrkBeHxOwqEoY09iMzaAO/c6O2Y7927U1
NxqCKIaqSw4orEtPr+qC7tyXfkKKVAWYWBwGkOggvIE99QdR+GNYJnHiQ7iw/ZDV
QZAt93xMEhtd+NGaYuUnhWuJEp+lCLPD6X05lqh6lxxqFprxZCD+MfBlw84fbUSN
GNm0XKlkW7V10M59FTMkqj8oRkehqPJ1Oti3Q3k1MJBR4YnAYqREah2aFZCC7Vj9
6CN9d7Cdvo4wlAiVP+Q//vpu9tYkKw0tAfqFpme5tYvq0EqpjWi3qMTdwgZRFMFz
X/kpby+xL9/DEcROcpfNvs7auEiDY3njU6BYX5oqjLHt54H0UrB9Uql1GN0GbW3D
AgNArhn31w57q6njK3XtyhwnmpBd3Bu/hjyoeemQ63m5zHatTX4=
=W8Wr
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 4124-1] twitter-bootstrap3 security update
Next by Date: [SECURITY] [DLA 4126-1] jinja2 security update
Previous by thread: [SECURITY] [DLA 4124-1] twitter-bootstrap3 security update
Next by thread: [SECURITY] [DLA 4126-1] jinja2 security update
Index(es):
- Date
- Thread