Package: twitter-bootstrap3

Package: twitter-bootstrap3 / 3.4.1+dfsg-6

Package	Version	Patches format
twitter-bootstrap3	3.4.1+dfsg-6	3.0 (quilt)

Patch	File delta	Description
2001_privacy.patch \| (download)	README.md \| 7 0 + 7 - 0 ! 1 file changed, 7 deletions(-)	avoid privacy breach in documentation
0002 CVE 2024 6484.patch \| (download)	js/carousel.js \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	cve-2024-6484 Fix this vulnerability by checking before calling if the target is a carousel and disabling further event calling if not
0003 CVE 2024 6485.patch \| (download)	js/button.js \| 11 10 + 1 - 0 ! 1 file changed, 10 insertions(+), 1 deletion(-)	cve-2024-6485 Sanitize data[state] avoiding thus XSS
CVE 2025 1647.patch \| (download)	js/tooltip.js \| 22 14 + 8 - 0 ! 1 file changed, 14 insertions(+), 8 deletions(-)	cve-2025-1647 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Bootstrap allows Cross-Site Scripting (XSS) DOM-based cross-site scripting (XSS) via DOM clobbering occurs when an attacker manipulates the Document Object Model (DOM) to overwrite or "clobber" an existing DOM object, leading to the execution of malicious scripts. document.implementation should be tested against well known type Use DOMParser if possible (supported since 2015) in order to create a DoS in case of document.implementation overriden. bug: https://www.herodevs.com/vulnerability-directory/cve-2025-1647 bug-freexian-security: https://deb.freexian.com/extended-lts/tracker/CVE-2025-1647

Patch	File delta	Description
2001_privacy.patch \| (download)	README.md \| 7 0 + 7 - 0 ! 1 file changed, 7 deletions(-)	avoid privacy breach in documentation
0002 CVE 2024 6484.patch \| (download)	js/carousel.js \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	cve-2024-6484 Fix this vulnerability by checking before calling if the target is a carousel and disabling further event calling if not
0003 CVE 2024 6485.patch \| (download)	js/button.js \| 11 10 + 1 - 0 ! 1 file changed, 10 insertions(+), 1 deletion(-)	cve-2024-6485 Sanitize data[state] avoiding thus XSS
CVE 2025 1647.patch \| (download)	js/tooltip.js \| 22 14 + 8 - 0 ! 1 file changed, 14 insertions(+), 8 deletions(-)	cve-2025-1647 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Bootstrap allows Cross-Site Scripting (XSS) DOM-based cross-site scripting (XSS) via DOM clobbering occurs when an attacker manipulates the Document Object Model (DOM) to overwrite or "clobber" an existing DOM object, leading to the execution of malicious scripts. document.implementation should be tested against well known type Use DOMParser if possible (supported since 2015) in order to create a DoS in case of document.implementation overriden. bug: https://www.herodevs.com/vulnerability-directory/cve-2025-1647 bug-freexian-security: https://deb.freexian.com/extended-lts/tracker/CVE-2025-1647