-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4204-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès June 01, 2025 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : twitter-bootstrap3 Version : 3.4.1+dfsg-2+deb11u2 CVE ID : CVE-2025-1647 Debian Bug : 1105899 twitter-bootstrap3 a popular front end framework was affected by a vulnerability. A cross-site scripting (XSS) vulnerability has been identified within the Bootstrap 3 Popover component and Bootstrap 3 Tooltip component, which allows unsanitized HTML to be used. If you use bootstrap through a module bundler, you may need to rebuild your application. For Debian 11 bullseye, this problem has been fixed in version 3.4.1+dfsg-2+deb11u2. We recommend that you upgrade your twitter-bootstrap3 packages. For the detailed security status of twitter-bootstrap3 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/twitter-bootstrap3 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmg8H+AACgkQADoaLapB CF/guQ/6AulY+8LRU3BV+k1pJmTYvGsC0lRRWtsCABkdwxjBrVr5GrP3mSxcqyYR +GsrLbK0MoJfM/6FYWa07UTn/4+w10ql1JdTR4WqyPPtZnUqWgq5cpvR0vNi0bOE r1gHQU99upydLe8lcz7Xp9uDtCmOPJb7Nf89Xtx1krHuRkaYM7EVNp9ws87WPBKr OUxLmJXcLrSLIYzXaoQcJ3kV6ydENybZByn/h5QqL2HdhBzlh0lvhReufRgsHtGo whryhLm18JjfImhqJZrvKSUZiZ8/FJ1A6+THTg6x3lexTS1aQCkmFznpEQjnJnAz 5Vr5pK++6o9mfcPdGbKvoLi/BhDyJucF0hf6jhgYWFpMiasMYt86BWHkdEwzUm0c mK8f5nUZpVup/GUAtxRTMQnbmzT97m/qfOQ1YwGHwx9pVtTflRR6rH4yYzq5GgBY YUUti8CKb7GK/ssGp9+4ceD9HVmReOkBwlAcQNMWtStugVGEYfv20jFJ5w9icYiL 9Pj4SBf/EnPgFuhs+AYeHrprCc+H6f/g5fuu7Vmg0X5pHFfBPUeiuKTtKtr9R2mj FCFpWEH7DSXUiC0KF3gUiyYE2/PChpLzJd9Via43ClairSKH0VAqlnQzPr1wCSBH 1S7CyMgV8gfT36sEFDhEXpcT1ETlWXBnah9BGMFUt/MqBO1TuKE= =Og5X -----END PGP SIGNATURE-----
