-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 10 Apr 2025 23:47:00 +0200 Source: twitter-bootstrap3 Architecture: source Version: 3.4.1+dfsg-2+deb11u1 Distribution: bullseye-security Urgency: medium Maintainer: Debian Javascript Maintainers <pkg-javascript-devel@lists.alioth.debian.org> Changed-By: Bastien Roucariès <rouca@debian.org> Closes: 1084060 Changes: twitter-bootstrap3 (3.4.1+dfsg-2+deb11u1) bullseye-security; urgency=medium . * Team upload * Fix CVE-2024-6485: A security vulnerability has been discovered in bootstrap that could enable Cross-Site Scripting (XSS) attacks. The vulnerability is associated with the data-loading-text attribute within the button plugin. This vulnerability can be exploited by injecting malicious JavaScript code into the attribute, which would then be executed when the button's loading state is triggered. (Closes: #1084060) * Fix CVE-2024-6484: A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an <a> tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser. (Closes: #1084060) Checksums-Sha1: 4b648e1e89b35e15e4d3d2ee623ad35378755a20 2313 twitter-bootstrap3_3.4.1+dfsg-2+deb11u1.dsc 0c1b1b026a103e470bb29f0d54445e44d2ab8f49 2011336 twitter-bootstrap3_3.4.1+dfsg.orig.tar.xz 37826705bf573814c3fbc5154a9dc149411bc5d1 54888 twitter-bootstrap3_3.4.1+dfsg-2+deb11u1.debian.tar.xz eaf4c93eb71355a93c7d038075cd0947d2776a78 7788 twitter-bootstrap3_3.4.1+dfsg-2+deb11u1_amd64.buildinfo Checksums-Sha256: 92730cb7c039f1f8918a6a36cd30bdca42e57bb32c123de90b297c313a3ec431 2313 twitter-bootstrap3_3.4.1+dfsg-2+deb11u1.dsc 9eb17937c62ff1133779bdca0b2ee62bfc3a8fc3348aef3b197e6020c9ce3528 2011336 twitter-bootstrap3_3.4.1+dfsg.orig.tar.xz ad7430e35ca3dbbb01fb2c62cc1957752cce8b806f28e9da4bb636ee3048fcc6 54888 twitter-bootstrap3_3.4.1+dfsg-2+deb11u1.debian.tar.xz f350f70bfdf4d6c277997ad6034a9f7f645fd495d6e0fcc15b3a5d055fe7173b 7788 twitter-bootstrap3_3.4.1+dfsg-2+deb11u1_amd64.buildinfo Files: 372e76db08a41fb8bf9cd6097ecc524f 2313 javascript optional twitter-bootstrap3_3.4.1+dfsg-2+deb11u1.dsc 504ddae4ecdda987cbe48168d176ab41 2011336 javascript optional twitter-bootstrap3_3.4.1+dfsg.orig.tar.xz 683f92d01b1e74f08546ca8fa62e5341 54888 javascript optional twitter-bootstrap3_3.4.1+dfsg-2+deb11u1.debian.tar.xz 1638a2a1ea62d96f78ca0ddfc8b9a10e 7788 javascript optional twitter-bootstrap3_3.4.1+dfsg-2+deb11u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmf7g0YACgkQADoaLapB CF+DGRAAj9aj9ogkM9nC9vT1AdQBo8WxkFHulQbMQMKVoLRc/eJM8WTIRsMbw8w8 dEFwFRaC+vQy0c+I3d61ZSGwJa99hDsGpclQzhiofWuAjefs7aE8brJAFCNwyY8Y vjvV+80Kowy3dXbNnAXeeyJz88fJJYrllepj/n5RzwQI7vd6o4YVdPdEcLdFfW9D kRdCo5Hn4vOfkhwjavSk3ETCv32BKEzCIqhcjI/jATkOYIp0Ko6p4DLWQ4tAsNHl kyPnVu41kTSuzzsS0WzLyefaWmBb+9AIFAFuW4YTws1REsm0xRzq3tNhlZeExpTh 0S1UZqUP2G157F3TgENSbL9CehrKmbzgAB9NGyis568XkOvW2SF/E8G59C9fg9rO 5/YOwsxqmODwIDBD/CCUPyO4a3cs0FEtH6vpHsZlTYXgJRVtXCvSGCJwjnr5pxX7 47rc4U+F1SDh4hLUr2Is2TNCtO6P1JnYnSI5EMwWKSfueBSyNruFJ38KOh6jhLpJ dOI97rQ/qhNUcGo7qcKuQ0sOvyMFzl2apHPZgT98Ys+DHOzLq5zJV7l539Z+4w5D AKZYq5RxWCdsmnzLwcDOhZOAbkTxvEszmZTd5iWNipkII4V4+HUNUgpiMPjq5Hx9 cGKAtc9kJjiehgW3IGwKOSxE4BoBazeQ0IMt32TuRo7jDuGbYIs= =U7Y1 -----END PGP SIGNATURE-----
