-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 10 Apr 2025 23:47:00 +0200 Source: twitter-bootstrap3 Architecture: source Version: 3.4.1+dfsg-4 Distribution: unstable Urgency: medium Maintainer: Debian Javascript Maintainers <pkg-javascript-devel@lists.alioth.debian.org> Changed-By: Bastien Roucariès <rouca@debian.org> Closes: 1084060 Changes: twitter-bootstrap3 (3.4.1+dfsg-4) unstable; urgency=medium . * Team upload * Fix CVE-2024-6485: A security vulnerability has been discovered in bootstrap that could enable Cross-Site Scripting (XSS) attacks. The vulnerability is associated with the data-loading-text attribute within the button plugin. This vulnerability can be exploited by injecting malicious JavaScript code into the attribute, which would then be executed when the button's loading state is triggered. (Closes: #1084060) * Fix CVE-2024-6484: A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an <a> tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser. (Closes: #1084060) Checksums-Sha1: 650067765f4c061b4dce67b84c8c542ceb0dae4d 2271 twitter-bootstrap3_3.4.1+dfsg-4.dsc 0c1b1b026a103e470bb29f0d54445e44d2ab8f49 2011336 twitter-bootstrap3_3.4.1+dfsg.orig.tar.xz d7f58f390e6305902810fb4a09be21caba2ad892 54968 twitter-bootstrap3_3.4.1+dfsg-4.debian.tar.xz 0e1e59b681cae129e7699fa4db0bbe3ae9bbeac9 7712 twitter-bootstrap3_3.4.1+dfsg-4_amd64.buildinfo Checksums-Sha256: 06e387c9dcebadc4420daf00a6164646f723c6c248d96f41cdf9c954ff7dad89 2271 twitter-bootstrap3_3.4.1+dfsg-4.dsc 9eb17937c62ff1133779bdca0b2ee62bfc3a8fc3348aef3b197e6020c9ce3528 2011336 twitter-bootstrap3_3.4.1+dfsg.orig.tar.xz abe4cc5ba5dc939a958c38f01b97f845eb824fdcad7bde098f832a37bd447f5d 54968 twitter-bootstrap3_3.4.1+dfsg-4.debian.tar.xz b6482d2a6bb1d6aaef878b913ef787b32f43bf61233475ef025de7d15c348ab3 7712 twitter-bootstrap3_3.4.1+dfsg-4_amd64.buildinfo Files: e5567c5a66d0a663ffa5cfc71099f05c 2271 javascript optional twitter-bootstrap3_3.4.1+dfsg-4.dsc 504ddae4ecdda987cbe48168d176ab41 2011336 javascript optional twitter-bootstrap3_3.4.1+dfsg.orig.tar.xz 510f8fb5061d9c42af8a978a8b858dce 54968 javascript optional twitter-bootstrap3_3.4.1+dfsg-4.debian.tar.xz 8e66f1ab2bcdeaf6612f8bf958589d10 7712 javascript optional twitter-bootstrap3_3.4.1+dfsg-4_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmf7fCIACgkQADoaLapB CF936A/9FCyUNgyYjDQJMPBF2gz46UDQ/3zydoAZnhx9e21aZQuP1A/+c4J9iCVr UTFpiedwegyQ5X+zlAjNzhGRYW7J42eQVHBMYlgpZ8xEdyLcT2eygDRKk3PV0jn5 ncqY6jKNW+5B2eVzsobTi4Y3PQymXh35uaMwrTMWUgK6vh2ILAg8Lp3+4/Z6SRN9 dD2oL9MhgjqtXGXX6D27EsDk4I76Xdfttsk76x6ilkIN+IIJtFr5B5rZpmMeo+v5 v3LRRasvnU40orZFo1yigFY86UVa8q8VeEgp8nHjh0dN2B5g1RTyuvvvs4OTvAXV PLA2LUH0DLRsDQPs3HP7MDEcR48TOJDkQ+7afitJux3nXnOzB1GGDmZjwfj56Ljv yzzE1GPb9VtHLDyc95CD5CGW82PAJBObKOP8TDYy1g5Vcls3rNLs9VMBua15OqP7 VnXJVqbQxlmtB4+xIviiOOWbpEDfG9EZa84HTzUN/kNvHgLTBBrWkGI4486Pf4Kz YO3hGWZxy9ZAJhyArjCgT9E1LPe1R9j3qfQCDIqV7VJN7SN+HTtnYUrmyS347Ge3 3YD50iGKjlMKGc0s7AT7Cg2NQlz6Qi/k+9Ct+9JwzcTy8iQgoFhbCsc9Sd1+CDUR 0t1jgQkD8Ge5t83Z3NgZp6sAdzKI1E33ttGzypJbC+qNMHgaK8k= =enWZ -----END PGP SIGNATURE-----
