[ubuntu/plucky-proposed] twitter-bootstrap4 4.6.1+dfsg1-5 (Accepted)
Jeremy Bícha
jeremy.bicha at canonical.com
Mon Apr 14 09:18:34 UTC 2025
twitter-bootstrap4 (4.6.1+dfsg1-5) unstable; urgency=high
* Team upload
* Fix CVE-2024-6531 (XSS vulnerability):
An anchor element (<a>), when used for carousel navigation
with a data-slide attribute, can contain an href attribute
value that is not subject to proper content sanitization.
Improper extraction of the intended target carousel’s
#id from the href attribute can lead to use cases where
the click event’s preventDefault()
is not applied and the href is evaluated and executed.
As a result, restrictions are not applied to the data
that is evaluated, which can lead to potential
XSS vulnerabilities.
(Closes: #1084059)
Date: 2025-04-13 16:52:02.201336+00:00
Signed-By: Jeremy Bícha <jeremy.bicha at canonical.com>
https://launchpad.net/ubuntu/+source/twitter-bootstrap4/4.6.1+dfsg1-5
-------------- next part --------------
Sorry, changesfile not available.
More information about the plucky-changes
mailing list