[Pkg-javascript-devel] twitter-bootstrap4_4.6.1+dfsg1-4+deb12u1_source.changes ACCEPTED into proposed-updates
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Sat May 10 18:17:11 BST 2025
Thank you for your contribution to Debian.
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 13 Apr 2025 13:42:02 +0200
Source: twitter-bootstrap4
Architecture: source
Version: 4.6.1+dfsg1-4+deb12u1
Distribution: bookworm
Urgency: high
Maintainer: Debian Javascript Maintainers <pkg-javascript-devel at lists.alioth.debian.org>
Changed-By: Bastien Roucariès <rouca at debian.org>
Closes: 1084059
Changes:
twitter-bootstrap4 (4.6.1+dfsg1-4+deb12u1) bookworm; urgency=high
.
* Team upload
* Fix CVE-2024-6531 (XSS vulnerability):
An anchor element (<a>), when used for carousel navigation
with a data-slide attribute, can contain an href attribute
value that is not subject to proper content sanitization.
Improper extraction of the intended target carousel’s
#id from the href attribute can lead to use cases where
the click event’s preventDefault()
is not applied and the href is evaluated and executed.
As a result, restrictions are not applied to the data
that is evaluated, which can lead to potential
XSS vulnerabilities.
(Closes: #1084059)
Checksums-Sha1:
f43b2ce6d4a5de6433ea3a35269fe7ab6eeb68fa 2380 twitter-bootstrap4_4.6.1+dfsg1-4+deb12u1.dsc
e98a1a8175e6450e984d87a197e3afc1aa8716f2 2329588 twitter-bootstrap4_4.6.1+dfsg1.orig.tar.xz
f12c73346cde14a18c778d5835f181e74b92cefd 19672 twitter-bootstrap4_4.6.1+dfsg1-4+deb12u1.debian.tar.xz
064cc57c991ce4d062d4e495d2520a29ecb8fc1c 17329 twitter-bootstrap4_4.6.1+dfsg1-4+deb12u1_amd64.buildinfo
Checksums-Sha256:
725b0f3ac95a87e69b3fe3d4c043ace8f6d0014987e227aaabbf7ddba3e74a43 2380 twitter-bootstrap4_4.6.1+dfsg1-4+deb12u1.dsc
a2fdd5c181d592deb7ea7b1676188978cc60ebf182d1e6c4d6c712e0c6eb8a54 2329588 twitter-bootstrap4_4.6.1+dfsg1.orig.tar.xz
4453c6055268a3e94c836dce62c02561b0eb032ef8d11351a44ed1d34aba82ae 19672 twitter-bootstrap4_4.6.1+dfsg1-4+deb12u1.debian.tar.xz
011310609c1f578f47171eb00e4728e4564ecded3da1431b5cecdfe64cbbde33 17329 twitter-bootstrap4_4.6.1+dfsg1-4+deb12u1_amd64.buildinfo
Files:
9e60f3f9f7f9f2d982f32ff0440aeaf0 2380 javascript optional twitter-bootstrap4_4.6.1+dfsg1-4+deb12u1.dsc
d0b7793db9e3976ce87f34dda946affa 2329588 javascript optional twitter-bootstrap4_4.6.1+dfsg1.orig.tar.xz
cf73c18fed085535fc30958db2c3cbb6 19672 javascript optional twitter-bootstrap4_4.6.1+dfsg1-4+deb12u1.debian.tar.xz
f7bb803f3f5e21a1bd13fbbb0bff0219 17329 javascript optional twitter-bootstrap4_4.6.1+dfsg1-4+deb12u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmgfd9IACgkQADoaLapB
CF++1BAAqheasCgQUd4+RwYCLmn88lT9mCl3SrYiyINczxFmuGbFxmx2yO36Sw4S
hEWPlQMcC0Gxpk5vwGN+0AnPSr3lufUOG8Q2BzRoA6gJ/3nwnSDbT7Lt72+OPYJn
RmpIG6tGsVhjM4SwwW6BSpaCQ+QH8c87bktUC8PTytaLxotGSwDEXwafc8XwrWZK
yLw6FQWawRcOlhoIvHtIvTZ8dP7nC5NP4RxAbNRT9qqP4/PtCfqC3WZh/q/ApzJ5
VyqLrqh3wCu5N9QN7WiryjRyJzqptRDE6TFzVyPheeoP6xf5YWo3vJ5esqEnqspN
Ta1WiWA9OR06kQtV4Ad53oJJmQIENQkZ+alKBFITtEcwU1mhE9uo4l3dQxSQBRNQ
YTX/L4IFzEOkuguP0vrrH3s/NrEhIYndMly/OySe08QA3AiGZbVSgll2CrQ181Md
tcLwGmaYRDjK6EoB/Vo12h2Y1Y2+NX97/XTwPJGvw9Es1wAxuVM3PgEM0K4zRYp1
wZ7ymbpTfGgIOee+5s9WjVni55+k8qUvFQggZIfLPWcN5qVsMVADhrFedzwJskCq
oRwYVdYXUC5Hd509uwIHDVWO1gP2FNJb0mIzzM3RtD+q9q7dV0Mh27gYn/3fUn4b
xs/fY5lqcaBabZ2U6Hl5nR8vASi7dEQRI4I1O5n+UIabeHzXTks=
=zLSJ
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-javascript-devel/attachments/20250510/ceb14e28/attachment.sig>
More information about the Pkg-javascript-devel
mailing list