-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 13 Apr 2025 13:42:02 +0200
Source: twitter-bootstrap4
Binary: libjs-bootstrap4
Architecture: all
Version: 4.6.1+dfsg1-4+deb12u1
Distribution: bookworm
Urgency: high
Maintainer: all Build Daemon (x86-csail-02) <buildd_all-x86-csail-02@buildd.debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Description:
 libjs-bootstrap4 - HTML, CSS and JS framework
Closes: 1084059
Changes:
 twitter-bootstrap4 (4.6.1+dfsg1-4+deb12u1) bookworm; urgency=high
 .
   * Team upload
   * Fix CVE-2024-6531 (XSS vulnerability):
     An anchor element (<a>), when used for carousel navigation
     with a data-slide attribute, can contain an href attribute
     value that is not subject to proper content sanitization.
     Improper extraction of the intended target carousel’s
     #id from the href attribute can lead to use cases where
     the click event’s preventDefault()
     is not applied and the href is evaluated and executed.
     As a result, restrictions are not applied to the data
     that is evaluated, which can lead to potential
     XSS vulnerabilities.
     (Closes: #1084059)
Checksums-Sha1:
 00ea3884a07021f473a8c8ca45f9e52d18ad8b76 518312 libjs-bootstrap4_4.6.1+dfsg1-4+deb12u1_all.deb
 2585f28a2021065e8007ed8a578440278d718fb0 17028 twitter-bootstrap4_4.6.1+dfsg1-4+deb12u1_all-buildd.buildinfo
Checksums-Sha256:
 975b5761281c694676757aa48c5f9a5e4d093c8d661b885221eaccce811bc58b 518312 libjs-bootstrap4_4.6.1+dfsg1-4+deb12u1_all.deb
 e6eacf9e22ab5d00431e8801e1fdc3dbf73c838ff7baca73b9304a1fb2b9c396 17028 twitter-bootstrap4_4.6.1+dfsg1-4+deb12u1_all-buildd.buildinfo
Files:
 2c73f98910990f2e0f9e1090e8df400e 518312 javascript optional libjs-bootstrap4_4.6.1+dfsg1-4+deb12u1_all.deb
 b36744ca8c6ec8eb162f4ab1c3e4e401 17028 javascript optional twitter-bootstrap4_4.6.1+dfsg1-4+deb12u1_all-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEELusn8jY95Sf7obGlx30Wh8LXl/YFAmgfjYgACgkQx30Wh8LX
l/Z3GxAAk7uPA+yDmFWmhbY3xDlz7WJs5VRb2hb0qL2c9tuH2xuvZsf3cwSpwPzI
Hjs/rEVvOpeeCVTh2dS9avcWKLfTcysM2toIPn5YjnyoY2gOtcl1/uP95vC5h6Wq
nZwUoMqIZ6Hbjaa52DUK8hJkeofMtDNvvOS1+pDVBE78jrh8PtaIaTphdVhfNz9T
BR7GQR5YayDbhhjkbaO2EVzMpLVp1JIh1sB2m5V+7OHngmunlr/kv2eQy0T7XsS0
Og8jDCywpfsuXghspmCJgGRyzX/QZ/P3ffnpzTeBlgBbtrD9kxJwhhkxgRFw1waQ
AGESnvT99WOsnKPzpZ4jt7AdRCyDp/cyhnoIdpB9mE2RSGIQFhK3REXudttfKUAW
iu/3OSnDgdxJ2rkcb3YJJ7eYYxk8LqX/dL2O90YCqe16a4ibnG6LD8UVASviIQ78
Fw+v4h/es9qUDpK261F6vCXkGwnc8AP2Plki9d/QZ2pPQNmbCPCmwaH2pxUL+Pnz
y61mv5H+mzgihqsZsDUpt+KZM5XDkNAgCJgXwIERYZr1RfcouVbhC5F2LaFEMdy6
k206WCzntXK4V12b+du2riSBCIo2gt7Hu8XxOibnOIKWkzG9GR/iv0KEErQzJJhN
HpjkNKcsh117LbV6lQ8rpw8jLI9fgVKdWizx3f3mm2XpDCtpnwo=
=lGFf
-----END PGP SIGNATURE-----