-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 10 Apr 2025 23:47:00 +0200 Source: twitter-bootstrap3 Binary: fonts-glyphicons-halflings libjs-bootstrap Architecture: all Version: 3.4.1+dfsg-3+deb12u1 Distribution: bookworm Urgency: medium Maintainer: all / amd64 / i386 Build Daemon (x86-conova-01) Changed-By: Bastien Roucariès Description: fonts-glyphicons-halflings - icons made for smaller graphic libjs-bootstrap - HTML, CSS and JS framework Closes: 1084060 Changes: twitter-bootstrap3 (3.4.1+dfsg-3+deb12u1) bookworm; urgency=medium . * Team upload * Fix CVE-2024-6485: A security vulnerability has been discovered in bootstrap that could enable Cross-Site Scripting (XSS) attacks. The vulnerability is associated with the data-loading-text attribute within the button plugin. This vulnerability can be exploited by injecting malicious JavaScript code into the attribute, which would then be executed when the button's loading state is triggered. (Closes: #1084060) * Fix CVE-2024-6484: A vulnerability has been identified in Bootstrap that exposes users to Cross-Site Scripting (XSS) attacks. The issue is present in the carousel component, where the data-slide and data-slide-to attributes can be exploited through the href attribute of an tag due to inadequate sanitization. This vulnerability could potentially enable attackers to execute arbitrary JavaScript within the victim's browser. (Closes: #1084060) Checksums-Sha1: 2db40033e4525dbecf106cea5a908180d799d0c6 162640 fonts-glyphicons-halflings_1.009~3.4.1+dfsg-3+deb12u1_all.deb 214ecd1d26368fbbec22b1a38500473c9ad7e43a 172256 libjs-bootstrap_3.4.1+dfsg-3+deb12u1_all.deb 9b45e1a8a0e7004aa4b4db24d5e1aefceb566a21 7580 twitter-bootstrap3_3.4.1+dfsg-3+deb12u1_all-buildd.buildinfo Checksums-Sha256: f0aa7068ef004414c9da5c48a6fa153d934895cc92b88f8608651464e359d423 162640 fonts-glyphicons-halflings_1.009~3.4.1+dfsg-3+deb12u1_all.deb d92fad055ac1db576686a20b447e4109439a04489f22a506dca3f75cbd4d718f 172256 libjs-bootstrap_3.4.1+dfsg-3+deb12u1_all.deb 98b7c6199e17e53c430d029569a9aa908a97f298fddd080245eacd6a51f3eb86 7580 twitter-bootstrap3_3.4.1+dfsg-3+deb12u1_all-buildd.buildinfo Files: 56c3aa313d2ca7bd0d19aa21bfbcb824 162640 javascript optional fonts-glyphicons-halflings_1.009~3.4.1+dfsg-3+deb12u1_all.deb 0365823641794f4e664c17e6824a485a 172256 javascript optional libjs-bootstrap_3.4.1+dfsg-3+deb12u1_all.deb cd50c7843a4b6be2a432108b8ab10caf 7580 javascript optional twitter-bootstrap3_3.4.1+dfsg-3+deb12u1_all-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEaPzFtKPtF0JrKPV5iZlfn74WV6kFAmgfjUsACgkQiZlfn74W V6lIExAArYEALEuKAv2QFae+vraaH7bNBwCAbw+WxgakmduQ/1fiy8WBpgdtjbWX NJfEMi1Sq21qQG+lRp/7BxrC5papGrmeYjyezwNIwaZxqsI87cjBu9EJ6vg2qZYn FV4eDt9kMFFMybZkQHPgW7XULnfgYAcNxccwuQkl88M7upi7/Etuz4DQcBG/gdgo w/7CyldbtznYRIE3WEaqVYx9eew+fvuCj+h0H68oK3JHOeWaVSiUaPWGEnddlYhz 8SSmPiZ5rjyFHm5UaNbqUiI6IosG5KRXhGTAsByUzD+vV/UvTHSEW2dU5/hAtYiG Sln5gMWcOHPK5+asxkZB+LedPDt6hrhBDH1+uYERFyNFXqcUn18+dIiwRjKuqguX z7IHesl3/Kc3GfxFTo5E1fBXo6XgaHYlBzDpJj0aC9dFYb9/4c88fKOkfjF5u4M2 eoCf1dMLV5Ao8jkyrucfLHPLqnZxf53y9MnU2RTeo/7joSr5r+rm5fx4JSY+Ubf4 cVIiplAOKf047mFSTFbcdS9sLgQXL22lAkfYlmpkKs7+J/5yv97JZBg9ABW5Lg8r M6XtL3f1D495eddiu8r8d4cF55UYoI4Uin7DFbRruS9mcHc0KXYrEebGZAytGzbM 27VFlVDAxs/fAY8CVX1CDUdxZPFf3OCeuQXAbu1GRE5jp+JgIPA= =5JSZ -----END PGP SIGNATURE-----