[Pkg-javascript-devel] twitter-bootstrap3_3.4.1+dfsg-3+deb12u1_source.changes ACCEPTED into proposed-updates->stable-new
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Sat May 10 17:05:35 BST 2025
Thank you for your contribution to Debian.
Mapping bookworm to stable.
Mapping stable to proposed-updates.
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 10 Apr 2025 23:47:00 +0200
Source: twitter-bootstrap3
Architecture: source
Version: 3.4.1+dfsg-3+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: Debian Javascript Maintainers <pkg-javascript-devel at lists.alioth.debian.org>
Changed-By: Bastien Roucariès <rouca at debian.org>
Closes: 1084060
Changes:
twitter-bootstrap3 (3.4.1+dfsg-3+deb12u1) bookworm; urgency=medium
.
* Team upload
* Fix CVE-2024-6485:
A security vulnerability has been discovered in bootstrap
that could enable Cross-Site Scripting (XSS) attacks.
The vulnerability is associated with the data-loading-text
attribute within the button plugin.
This vulnerability can be exploited by injecting malicious
JavaScript code into the attribute, which would then be
executed when the button's loading state is triggered.
(Closes: #1084060)
* Fix CVE-2024-6484:
A vulnerability has been identified in Bootstrap that
exposes users to Cross-Site Scripting (XSS) attacks.
The issue is present in the carousel component, where the
data-slide and data-slide-to attributes can be exploited
through the href attribute of an <a> tag due to inadequate
sanitization. This vulnerability could potentially enable
attackers to execute arbitrary JavaScript within
the victim's browser.
(Closes: #1084060)
Checksums-Sha1:
d2c2e31ed4e22ba8f4ce5642db0c2497e6740419 2303 twitter-bootstrap3_3.4.1+dfsg-3+deb12u1.dsc
0c1b1b026a103e470bb29f0d54445e44d2ab8f49 2011336 twitter-bootstrap3_3.4.1+dfsg.orig.tar.xz
25bee3360adf0ae50a5ca79f69e8b366e9dadf78 54992 twitter-bootstrap3_3.4.1+dfsg-3+deb12u1.debian.tar.xz
c733544fb0edc8af38b46a5edbe534c139a10265 7878 twitter-bootstrap3_3.4.1+dfsg-3+deb12u1_amd64.buildinfo
Checksums-Sha256:
343dc4557c440413a930737dcf45f12d3384fcd01745b8b1730ca594c0ed298c 2303 twitter-bootstrap3_3.4.1+dfsg-3+deb12u1.dsc
9eb17937c62ff1133779bdca0b2ee62bfc3a8fc3348aef3b197e6020c9ce3528 2011336 twitter-bootstrap3_3.4.1+dfsg.orig.tar.xz
e09f90ab9cf7c878f0f727ad13f4cb0ef4759b9d175f625077822c559b5ac6b8 54992 twitter-bootstrap3_3.4.1+dfsg-3+deb12u1.debian.tar.xz
6135ac805e50f4dea5004bc4cb7f12bafbfe422eeb36b51b1f150e30c6125bdd 7878 twitter-bootstrap3_3.4.1+dfsg-3+deb12u1_amd64.buildinfo
Files:
4595c09ea7abb8ec36adce98dbed2981 2303 javascript optional twitter-bootstrap3_3.4.1+dfsg-3+deb12u1.dsc
504ddae4ecdda987cbe48168d176ab41 2011336 javascript optional twitter-bootstrap3_3.4.1+dfsg.orig.tar.xz
78b3d8ec6ba5f64bc4e5cda9b3a93fb0 54992 javascript optional twitter-bootstrap3_3.4.1+dfsg-3+deb12u1.debian.tar.xz
94191e916e6b4f1465c499a4cffdad06 7878 javascript optional twitter-bootstrap3_3.4.1+dfsg-3+deb12u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmgfeCEACgkQADoaLapB
CF+23RAAmiMBQozhSjrRSgGLpaiDqAEpDunMpmkRF23lM+RFEU50WVrrOThgMfyh
zAWwFL4oOr6wliHa/48QfS4MMG3zfn9WmMmp5ZAyJr14zR9uv8YtgHRnOq0UsUzn
34+8UzpAXW2/Ci7ECJ3sIjuAxMSmA7qIhCWP746Z3kx9MG5DkAQX1Ku/G5eKTOcS
237ISVCyuHnf/p2aG4gkq4Tk3ciLp6dLyOLUI8pqhptWdbHDy0tVKsi6JEEioQzq
c5YQyxAIR62aAIWAtoWBD7h6PHq+7uWST489oFTkfFe4u6Q+tBjcRBJtsvgYXEcq
vDugx+55Bqy3vcYEH2KRMRQoi+cwWoDWfAd9u0G0TdHXvWcP8wCQPYH7WuBvykrk
gIFXCAnPJkhbiRhFfy51ZxZbYvtvzEdFPaSL26dHHVAsFia4DvNE0+/Yca0iXpWV
f7zFbA2tcGsx6bwDyssDKjF+ztMg+wEc6JWloKVYL5+HoiWAJWVHX//TlJIlZVkY
b5mimQ02t+nsL8C+6JZhsxWsEGrb+VKOgsFo8IQTtl0vWhHyrL+F7qplb4JJ+Hoi
NKLpKn1u3kMS6+QGrbjiAo8n3dL6junBTdJH5lcWWxw+YpA655oUUW+5nlAWZALL
ZjBptmrBr7uo5I/FEcqo1DnhcYkJZyi6jde0yVY9JdKP9RVjmiM=
=da69
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-javascript-devel/attachments/20250510/ed0d74b7/attachment.sig>
More information about the Pkg-javascript-devel
mailing list