| Package | twitter-bootstrap3 |
|---|---|
| Version | 3.3.7+dfsg-2+deb9u3 (stretch), 3.4.1+dfsg-1+deb10u1 (buster) |
| Related CVEs | CVE-2024-6484 CVE-2024-6485 |
Bootstrap (formerly Twitter Bootstrap), a free and open-source CSS framework, was affected by multiple XSS vulnerabilities.
If you use bootstrap through a module bundler, you may need to rebuild your application.
For Debian 10 buster, these problems have been fixed in version 3.4.1+dfsg-1+deb10u1.
For Debian 9 stretch, these problems have been fixed in version 3.3.7+dfsg-2+deb9u3.
We recommend that you upgrade your twitter-bootstrap3 packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.