Package: twitter-bootstrap4 / 4.6.2+dfsg-1
Metadata
Package | Version | Patches format |
---|---|---|
twitter-bootstrap4 | 4.6.2+dfsg-1 | 3.0 (quilt) |
Patch series
view the series filePatch | File delta | Description |
---|---|---|
do not update copyright year.diff | (download) |
build/banner.js |
2 1 + 1 - 0 ! |
avoi updating copyright year during build This fixes reproducible debci |
dont check for caniuse lite update.patch | (download) |
.babelrc.js |
3 2 + 1 - 0 ! |
don't check for node-canuise-lite update |
0003 CVE 2024 6531.patch | (download) |
js/src/carousel.js |
4 2 + 2 - 0 ! |
cve-2024-6531 MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit An anchor element (<a>), when used for carousel navigation with a data-slide attribute, can contain an href attribute value that is not subject to proper content sanitization. Improper extraction of the intended target carousels #id from the href attribute can lead to use cases where the click events preventDefault() is not applied and the href is evaluated and executed. As a result, restrictions are not applied to the data that is evaluated, which can lead to potential XSS vulnerabilities. return false in case of error that will avoid the XSS attack, and avoid further treatment by the handler. bug: https://www.herodevs.com/vulnerability-directory/cve-2024-6531 bug-debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1084059 bug-debian-security: https://security-tracker.debian.org/tracker/CVE-2024-6531 |
1