Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-lts-changes@lists.debian.org> , <dispatch@tracker.debian.org>
Subject: Accepted twitter-bootstrap4 4.5.2+dfsg1-8~deb11u2 (source) into oldstable-security
Date: Sun, 13 Apr 2025 13:30:24 +0000
Signed by: Bastien ROUCARIÈS <rouca@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 13 Apr 2025 14:56:23 +0200
Source: twitter-bootstrap4
Architecture: source
Version: 4.5.2+dfsg1-8~deb11u2
Distribution: bullseye-security
Urgency: medium
Maintainer: Debian Javascript Maintainers <pkg-javascript-devel@lists.alioth.debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Closes: 1084059
Changes:
 twitter-bootstrap4 (4.5.2+dfsg1-8~deb11u2) bullseye-security; urgency=medium
 .
   * Team upload
   * Fix CVE-2024-6531 (XSS vulnerability):
     An anchor element (<a>), when used for carousel navigation
     with a data-slide attribute, can contain an href attribute
     value that is not subject to proper content sanitization.
     Improper extraction of the intended target carousel’s
     #id from the href attribute can lead to use cases where
     the click event’s preventDefault()
     is not applied and the href is evaluated and executed.
     As a result, restrictions are not applied to the data
     that is evaluated, which can lead to potential
     XSS vulnerabilities.
     (Closes: #1084059)
Checksums-Sha1:
 80a314f928d5ad678aa045063473f26e50b726a6 2385 twitter-bootstrap4_4.5.2+dfsg1-8~deb11u2.dsc
 76bc53a34dd4dd52a84476aeba5dc5cadd6faef6 2339292 twitter-bootstrap4_4.5.2+dfsg1.orig.tar.xz
 c8705a777405afff682ccd53b5f9bf71e2bc177f 19888 twitter-bootstrap4_4.5.2+dfsg1-8~deb11u2.debian.tar.xz
 ea087ad3aa1943751fecbc71278caff79248775b 12638 twitter-bootstrap4_4.5.2+dfsg1-8~deb11u2_amd64.buildinfo
Checksums-Sha256:
 74c88adea61dc2915824acfad2146d05dec12b9b76e734dba5bf309235ee1d59 2385 twitter-bootstrap4_4.5.2+dfsg1-8~deb11u2.dsc
 66723c5934751db702553656c47417612a663351c994781fb46fe176b33a855b 2339292 twitter-bootstrap4_4.5.2+dfsg1.orig.tar.xz
 4cf42af7b34f0b00f3a951e2b85b3548d423e626ac9387ace000f332780a3bbf 19888 twitter-bootstrap4_4.5.2+dfsg1-8~deb11u2.debian.tar.xz
 53f5641cf5b15b64b256520c12d948ac1127333640cd71ea15d91d79486be724 12638 twitter-bootstrap4_4.5.2+dfsg1-8~deb11u2_amd64.buildinfo
Files:
 d8063ab4e4237847fb89ef2e023cf348 2385 javascript optional twitter-bootstrap4_4.5.2+dfsg1-8~deb11u2.dsc
 a38aefea6f3b192ff8c59d3ea5a376d4 2339292 javascript optional twitter-bootstrap4_4.5.2+dfsg1.orig.tar.xz
 212e50ddc2181cc5d11da5bfe14ac4c7 19888 javascript optional twitter-bootstrap4_4.5.2+dfsg1-8~deb11u2.debian.tar.xz
 99a00b5f5de6d3cbfa7809d139930b4b 12638 javascript optional twitter-bootstrap4_4.5.2+dfsg1-8~deb11u2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmf7trMACgkQADoaLapB
CF9S5A/+KKL+jKEKe4KJFOMPOZUvDfXTBtlFA1uJBODS0lLlXo7YxE9edP0o5agD
zgmOvC0QxJ4+FHyndBS5bHdYTn7wxQz3gwRB3gVz3QYAcuWsARwj+HHsXVSB/kbr
Uw6507Vi+Pbgyqg6y6oG8bf/vSn7ffDzFDM8DDTCB+qYgPpksgFxoD+erZPvp5da
pYhaM2JmdqQERRobwDkgbcSO4469VNKPZjjLiKwxMVjVXZOqsbPM+4r0tv6NJia6
/1eoge8G9NJldU41aXa5GnP3oJ4PnQLHsGLY+IUulooxXrA9V8igebhRtdKRLtIh
QJT/yAxSn+TP4OD9CX9JFBCd4P9GGPxxaV8dEXV462+rHctnvVpEubto3cjbJa2O
iQRnaL+4b8FqN1Kk+Rvqv0B2vkKp1MX8fvi1rlUtih8nhBuNnGk47rbkNCNd3poK
zELoZNmujjfEqqXMJbX07As1scw3XWjmyMvZtcNVDyrWiKd65SfevsbUgHOalCbL
BhmcvBb1cSCNUeeBzMAnf0sLra/tRcRVvNGUNgY54ChPh4wL1gZrfCQoWTPBWAV/
hGbHSw7f3j9EPUzMup3viyRfhxQx/7MFAK9AXWvf6iN5S5vEWXlJtCmHAwTXSSHi
SsBqTLh+K61DG+hOagjeu8wEmaIxBMyGH5L14KUVDxWypMJNgLQ=
=elrq
-----END PGP SIGNATURE-----

News for package twitter-bootstrap4