Hi Bastien, El 13/04/25 a las 16:15, rouca@debian.org escribió: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > - ------------------------------------------------------------------------- > Debian LTS Advisory DLA-4124-1 debian-lts@lists.debian.org > https://www.debian.org/lts/security/ Bastien Roucariès > April 13, 2025 https://wiki.debian.org/LTS > - ------------------------------------------------------------------------- > > Package : twitter-bootstrap3 > Version : 3.4.1+dfsg-2+deb11u1 > CVE ID : CVE-2024-6484 CVE-2024-6485 > Debian Bug : 1084060 > > Bootstrap (formerly Twitter Bootstrap), a free and open-source CSS framework, > was affected by XSS vulnerabilities. > > If you use bootstrap through a module bundler, you may need to rebuild your > application. > > For Debian 11 bullseye, these problems have been fixed in version > 3.4.1+dfsg-2+deb11u1. [snip] Thanks a lot for handling these updates. You mentioned that this (and twitter-bootstrap4's DLA 4125-1) would require rebuilding some reverse dependencies. Do you already have a list of the affected reverse dependencies? For next time, I guess it would be useful to include the rebuilt packages in the same DLA, as we have made a couple of times with golang packages. Thanks! -- Santiago
Attachment:
signature.asc
Description: PGP signature