[SECURITY] [DLA 4204-1] twitter-bootstrap3 security update

To: <debian-lts-announce@lists.debian.org>
Subject: [SECURITY] [DLA 4204-1] twitter-bootstrap3 security update
From: rouca@debian.org
Date: Sun, 1 Jun 2025 11:39:44 +0200
Message-id: <[🔎] aaf088baa9a26a28a4fac056a01bc726@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4204-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                   Bastien RoucariÃ¨s
June 01, 2025                                 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : twitter-bootstrap3
Version        : 3.4.1+dfsg-2+deb11u2
CVE ID         : CVE-2025-1647
Debian Bug     : 1105899

twitter-bootstrap3 a popular front end framework was affected
by a vulnerability.

A cross-site scripting (XSS) vulnerability
has been identified within the Bootstrap 3 Popover component and
Bootstrap 3 Tooltip component, which allows unsanitized HTML to be used.

If you use bootstrap through a module bundler, you may need to rebuild your
application.

For Debian 11 bullseye, this problem has been fixed in version
3.4.1+dfsg-2+deb11u2.

We recommend that you upgrade your twitter-bootstrap3 packages.

For the detailed security status of twitter-bootstrap3 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/twitter-bootstrap3

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmg8H+AACgkQADoaLapB
CF/guQ/6AulY+8LRU3BV+k1pJmTYvGsC0lRRWtsCABkdwxjBrVr5GrP3mSxcqyYR
+GsrLbK0MoJfM/6FYWa07UTn/4+w10ql1JdTR4WqyPPtZnUqWgq5cpvR0vNi0bOE
r1gHQU99upydLe8lcz7Xp9uDtCmOPJb7Nf89Xtx1krHuRkaYM7EVNp9ws87WPBKr
OUxLmJXcLrSLIYzXaoQcJ3kV6ydENybZByn/h5QqL2HdhBzlh0lvhReufRgsHtGo
whryhLm18JjfImhqJZrvKSUZiZ8/FJ1A6+THTg6x3lexTS1aQCkmFznpEQjnJnAz
5Vr5pK++6o9mfcPdGbKvoLi/BhDyJucF0hf6jhgYWFpMiasMYt86BWHkdEwzUm0c
mK8f5nUZpVup/GUAtxRTMQnbmzT97m/qfOQ1YwGHwx9pVtTflRR6rH4yYzq5GgBY
YUUti8CKb7GK/ssGp9+4ceD9HVmReOkBwlAcQNMWtStugVGEYfv20jFJ5w9icYiL
9Pj4SBf/EnPgFuhs+AYeHrprCc+H6f/g5fuu7Vmg0X5pHFfBPUeiuKTtKtr9R2mj
FCFpWEH7DSXUiC0KF3gUiyYE2/PChpLzJd9Via43ClairSKH0VAqlnQzPr1wCSBH
1S7CyMgV8gfT36sEFDhEXpcT1ETlWXBnah9BGMFUt/MqBO1TuKE=
=Og5X
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 4203-1] kitty security update
Next by Date: [SECURITY] [DLA 4205-1] libreoffice security update
Previous by thread: [SECURITY] [DLA 4203-1] kitty security update
Next by thread: [SECURITY] [DLA 4205-1] libreoffice security update
Index(es):
- Date
- Thread