[Pkg-javascript-devel] twitter-bootstrap4_4.6.1+dfsg1-5_source.changes ACCEPTED into unstable
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Sun Apr 13 13:56:38 BST 2025
Thank you for your contribution to Debian.
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 13 Apr 2025 13:42:02 +0200
Source: twitter-bootstrap4
Architecture: source
Version: 4.6.1+dfsg1-5
Distribution: unstable
Urgency: high
Maintainer: Debian Javascript Maintainers <pkg-javascript-devel at lists.alioth.debian.org>
Changed-By: Bastien Roucariès <rouca at debian.org>
Closes: 1084059
Changes:
twitter-bootstrap4 (4.6.1+dfsg1-5) unstable; urgency=high
.
* Team upload
* Fix CVE-2024-6531 (XSS vulnerability):
An anchor element (<a>), when used for carousel navigation
with a data-slide attribute, can contain an href attribute
value that is not subject to proper content sanitization.
Improper extraction of the intended target carousel’s
#id from the href attribute can lead to use cases where
the click event’s preventDefault()
is not applied and the href is evaluated and executed.
As a result, restrictions are not applied to the data
that is evaluated, which can lead to potential
XSS vulnerabilities.
(Closes: #1084059)
Checksums-Sha1:
5b21196eef482f1cae1d2e2500a233b265f0e6b2 2348 twitter-bootstrap4_4.6.1+dfsg1-5.dsc
e98a1a8175e6450e984d87a197e3afc1aa8716f2 2329588 twitter-bootstrap4_4.6.1+dfsg1.orig.tar.xz
a41320d5ad422f6442c4458a9c12533d7657e7b1 19664 twitter-bootstrap4_4.6.1+dfsg1-5.debian.tar.xz
c6d2b14c256114b58cd78c4c5a90619ba92374c5 16875 twitter-bootstrap4_4.6.1+dfsg1-5_amd64.buildinfo
Checksums-Sha256:
a6ca11e32fe9b62882c19d02b367e35d99c518513e0d1f425eff5e6628db4521 2348 twitter-bootstrap4_4.6.1+dfsg1-5.dsc
a2fdd5c181d592deb7ea7b1676188978cc60ebf182d1e6c4d6c712e0c6eb8a54 2329588 twitter-bootstrap4_4.6.1+dfsg1.orig.tar.xz
7f6195374333238bc26ba7e920034a00bbb7f1df0b277eb14304fae1f22dd301 19664 twitter-bootstrap4_4.6.1+dfsg1-5.debian.tar.xz
e4c70398ebad4dfd471d4ef74ad3839746be5fd4f06e9848c4384eec0eb7b84c 16875 twitter-bootstrap4_4.6.1+dfsg1-5_amd64.buildinfo
Files:
4cd7b6b3c7094985b588d34e2f04748c 2348 javascript optional twitter-bootstrap4_4.6.1+dfsg1-5.dsc
d0b7793db9e3976ce87f34dda946affa 2329588 javascript optional twitter-bootstrap4_4.6.1+dfsg1.orig.tar.xz
3e5b7991a926d50f7b7e4506a4e11f45 19664 javascript optional twitter-bootstrap4_4.6.1+dfsg1-5.debian.tar.xz
43e1274c702300f7785ecc44da367bcd 16875 javascript optional twitter-bootstrap4_4.6.1+dfsg1-5_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmf7rz8ACgkQADoaLapB
CF8KKRAAh1vJAxcO9KZ727bJH0dFGFJ2uNYcna/TkmhezErwSJehjdPOWZVegzu1
nfo4nxKDU7a3jC4Qi9xy1F/jXsNhWqZQngMp12qodiRL6LfUGlDaxgSpy3088CpO
7HFD/x8l2ZD/2q4KO+GwDC7WFDcACOIYmZEjz0Q/24T8qSTddsUj9TbJid5v/ag8
pOwTLxGJRBoFUz+Iv2Zt+Sper0f955PWOnf75t9Oxc3JJQ2tfcMwSwQg6G4j5P2f
1sGJvBrOJ3p2Y/36hi+etjmC3YwiVQXhPRjpC4sbMX8K6SfTuwuviWxd9sGy6iKX
JbavYjjIhkBSc3o8hQYahPcmT185onii9zR1CDM5fDuqxyCQyzClEw37bKzOqmU/
BusjssXkIxwMtqgiOfOKrNs8inHSvBIhJwxRf+YWoHe6TjMK5dvU3Qt0bXudApOo
aq/5LP3a7inl9ivx8RX/8Vb1szPJ4U6ZNrXGOWdX6h7yIHmTB9HdPvX17HPccsbo
6jPtzaH3U2jTZ4dR6reXzQQPzoWFbHEYa/KyPSblWw0X/tDv5f7EyOKrwVDQv5u3
J9ps/IxDQ7vOEm7OIzo2q5tQVv+71Y3v3FqX7DZLjNI29gnsQJ/WKJUb4FcoDM6B
sh9xEaKtrUxIEAZwcxpCQ2v4kcrib8gtKDBPS+ibcfHiiHm1Oc4=
=lj50
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-javascript-devel/attachments/20250413/99a33126/attachment.sig>
More information about the Pkg-javascript-devel
mailing list