NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

package/bootstrap: security bump to version 4.3.1

Browse Source 
- Fix CVE-2018-14042: In Bootstrap before 4.1.2, XSS is possible in the
  data-container property of tooltip.
- Fix an XSS vulnerability (CVE-2019-8331) in our tooltip and popover
  plugins by implementing a new HTML sanitizer
- Update indentation of hash file (two spaces)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
Fabrice Fontaine 2020-02-13 19:00:51 +01:00 committed by Peter Korsgaard
parent b656b4ecfc
commit bc31029617
2 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
package/bootstrap/bootstrap.hash
View File

@ -1,3 +1,3 @@
# Locally computed:
sha256 75c0325fd82e29cf524e28d8be7716c216cc507ba85b087ab36868209236aa01 bootstrap-4.1.0-dist.zip
sha256 0ce7fbe215cdf921ed87d00a374404681d5d24898589a7fe60e068d09289b4ba css/bootstrap.css
sha256 888ffd30b7e192381e2f6a948ca04669fdcc2ccc2ba016de00d38c8e30793323 bootstrap-4.3.1-dist.zip
sha256 35fbb6dc3891aacaf1ffa07abec2344fdbc454aab533a2a03bcf93577eb7837b css/bootstrap.css

3
package/bootstrap/bootstrap.mk
View File

@ -4,7 +4,7 @@
#
################################################################################
BOOTSTRAP_VERSION = 4.1.0
BOOTSTRAP_VERSION = 4.3.1
BOOTSTRAP_SITE = https://github.com/twbs/bootstrap/releases/download/v$(BOOTSTRAP_VERSION)
BOOTSTRAP_SOURCE = bootstrap-$(BOOTSTRAP_VERSION)-dist.zip
BOOTSTRAP_LICENSE = MIT
@ -12,6 +12,7 @@ BOOTSTRAP_LICENSE_FILES = css/bootstrap.css
define BOOTSTRAP_EXTRACT_CMDS
$(UNZIP) $(BOOTSTRAP_DL_DIR)/$(BOOTSTRAP_SOURCE) -d $(@D)
mv $(@D)/bootstrap-$(BOOTSTRAP_VERSION)-dist/* $(@D)
endef
define BOOTSTRAP_INSTALL_TARGET_CMDS