[Pkg-javascript-devel] twitter-bootstrap3_3.4.1+dfsg-4_source.changes ACCEPTED into unstable
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Sun Apr 13 10:46:26 BST 2025
Thank you for your contribution to Debian.
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 10 Apr 2025 23:47:00 +0200
Source: twitter-bootstrap3
Architecture: source
Version: 3.4.1+dfsg-4
Distribution: unstable
Urgency: medium
Maintainer: Debian Javascript Maintainers <pkg-javascript-devel at lists.alioth.debian.org>
Changed-By: Bastien Roucariès <rouca at debian.org>
Closes: 1084060
Changes:
twitter-bootstrap3 (3.4.1+dfsg-4) unstable; urgency=medium
.
* Team upload
* Fix CVE-2024-6485:
A security vulnerability has been discovered in bootstrap
that could enable Cross-Site Scripting (XSS) attacks.
The vulnerability is associated with the data-loading-text
attribute within the button plugin.
This vulnerability can be exploited by injecting malicious
JavaScript code into the attribute, which would then be
executed when the button's loading state is triggered.
(Closes: #1084060)
* Fix CVE-2024-6484:
A vulnerability has been identified in Bootstrap that
exposes users to Cross-Site Scripting (XSS) attacks.
The issue is present in the carousel component, where the
data-slide and data-slide-to attributes can be exploited
through the href attribute of an <a> tag due to inadequate
sanitization. This vulnerability could potentially enable
attackers to execute arbitrary JavaScript within
the victim's browser.
(Closes: #1084060)
Checksums-Sha1:
650067765f4c061b4dce67b84c8c542ceb0dae4d 2271 twitter-bootstrap3_3.4.1+dfsg-4.dsc
0c1b1b026a103e470bb29f0d54445e44d2ab8f49 2011336 twitter-bootstrap3_3.4.1+dfsg.orig.tar.xz
d7f58f390e6305902810fb4a09be21caba2ad892 54968 twitter-bootstrap3_3.4.1+dfsg-4.debian.tar.xz
0e1e59b681cae129e7699fa4db0bbe3ae9bbeac9 7712 twitter-bootstrap3_3.4.1+dfsg-4_amd64.buildinfo
Checksums-Sha256:
06e387c9dcebadc4420daf00a6164646f723c6c248d96f41cdf9c954ff7dad89 2271 twitter-bootstrap3_3.4.1+dfsg-4.dsc
9eb17937c62ff1133779bdca0b2ee62bfc3a8fc3348aef3b197e6020c9ce3528 2011336 twitter-bootstrap3_3.4.1+dfsg.orig.tar.xz
abe4cc5ba5dc939a958c38f01b97f845eb824fdcad7bde098f832a37bd447f5d 54968 twitter-bootstrap3_3.4.1+dfsg-4.debian.tar.xz
b6482d2a6bb1d6aaef878b913ef787b32f43bf61233475ef025de7d15c348ab3 7712 twitter-bootstrap3_3.4.1+dfsg-4_amd64.buildinfo
Files:
e5567c5a66d0a663ffa5cfc71099f05c 2271 javascript optional twitter-bootstrap3_3.4.1+dfsg-4.dsc
504ddae4ecdda987cbe48168d176ab41 2011336 javascript optional twitter-bootstrap3_3.4.1+dfsg.orig.tar.xz
510f8fb5061d9c42af8a978a8b858dce 54968 javascript optional twitter-bootstrap3_3.4.1+dfsg-4.debian.tar.xz
8e66f1ab2bcdeaf6612f8bf958589d10 7712 javascript optional twitter-bootstrap3_3.4.1+dfsg-4_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmf7fCIACgkQADoaLapB
CF936A/9FCyUNgyYjDQJMPBF2gz46UDQ/3zydoAZnhx9e21aZQuP1A/+c4J9iCVr
UTFpiedwegyQ5X+zlAjNzhGRYW7J42eQVHBMYlgpZ8xEdyLcT2eygDRKk3PV0jn5
ncqY6jKNW+5B2eVzsobTi4Y3PQymXh35uaMwrTMWUgK6vh2ILAg8Lp3+4/Z6SRN9
dD2oL9MhgjqtXGXX6D27EsDk4I76Xdfttsk76x6ilkIN+IIJtFr5B5rZpmMeo+v5
v3LRRasvnU40orZFo1yigFY86UVa8q8VeEgp8nHjh0dN2B5g1RTyuvvvs4OTvAXV
PLA2LUH0DLRsDQPs3HP7MDEcR48TOJDkQ+7afitJux3nXnOzB1GGDmZjwfj56Ljv
yzzE1GPb9VtHLDyc95CD5CGW82PAJBObKOP8TDYy1g5Vcls3rNLs9VMBua15OqP7
VnXJVqbQxlmtB4+xIviiOOWbpEDfG9EZa84HTzUN/kNvHgLTBBrWkGI4486Pf4Kz
YO3hGWZxy9ZAJhyArjCgT9E1LPe1R9j3qfQCDIqV7VJN7SN+HTtnYUrmyS347Ge3
3YD50iGKjlMKGc0s7AT7Cg2NQlz6Qi/k+9Ct+9JwzcTy8iQgoFhbCsc9Sd1+CDUR
0t1jgQkD8Ge5t83Z3NgZp6sAdzKI1E33ttGzypJbC+qNMHgaK8k=
=enWZ
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-javascript-devel/attachments/20250413/4e4635f9/attachment.sig>
More information about the Pkg-javascript-devel
mailing list