Accepted twitter-bootstrap3 3.4.1+dfsg-2+deb11u1 (source) into oldstable-security

[Debian FTP Masters <ftpmaster@ftp-master.debian.org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 10 Apr 2025 23:47:00 +0200
Source: twitter-bootstrap3
Architecture: source
Version: 3.4.1+dfsg-2+deb11u1
Distribution: bullseye-security
Urgency: medium
Maintainer: Debian Javascript Maintainers <pkg-javascript-devel@lists.alioth.debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Closes: 1084060
Changes:
 twitter-bootstrap3 (3.4.1+dfsg-2+deb11u1) bullseye-security; urgency=medium
 .
   * Team upload
   * Fix CVE-2024-6485:
     A security vulnerability has been discovered in bootstrap
     that could enable Cross-Site Scripting (XSS) attacks.
     The vulnerability is associated with the data-loading-text
     attribute within the button plugin.
     This vulnerability can be exploited by injecting malicious
     JavaScript code into the attribute, which would then be
     executed when the button's loading state is triggered.
     (Closes: #1084060)
   * Fix CVE-2024-6484:
     A vulnerability has been identified in Bootstrap that
     exposes users to Cross-Site Scripting (XSS) attacks.
     The issue is present in the carousel component, where the
     data-slide and data-slide-to attributes can be exploited
     through the href attribute of an <a> tag due to inadequate
     sanitization. This vulnerability could potentially enable
     attackers to execute arbitrary JavaScript within
     the victim's browser.
     (Closes: #1084060)
Checksums-Sha1:
 4b648e1e89b35e15e4d3d2ee623ad35378755a20 2313 twitter-bootstrap3_3.4.1+dfsg-2+deb11u1.dsc
 0c1b1b026a103e470bb29f0d54445e44d2ab8f49 2011336 twitter-bootstrap3_3.4.1+dfsg.orig.tar.xz
 37826705bf573814c3fbc5154a9dc149411bc5d1 54888 twitter-bootstrap3_3.4.1+dfsg-2+deb11u1.debian.tar.xz
 eaf4c93eb71355a93c7d038075cd0947d2776a78 7788 twitter-bootstrap3_3.4.1+dfsg-2+deb11u1_amd64.buildinfo
Checksums-Sha256:
 92730cb7c039f1f8918a6a36cd30bdca42e57bb32c123de90b297c313a3ec431 2313 twitter-bootstrap3_3.4.1+dfsg-2+deb11u1.dsc
 9eb17937c62ff1133779bdca0b2ee62bfc3a8fc3348aef3b197e6020c9ce3528 2011336 twitter-bootstrap3_3.4.1+dfsg.orig.tar.xz
 ad7430e35ca3dbbb01fb2c62cc1957752cce8b806f28e9da4bb636ee3048fcc6 54888 twitter-bootstrap3_3.4.1+dfsg-2+deb11u1.debian.tar.xz
 f350f70bfdf4d6c277997ad6034a9f7f645fd495d6e0fcc15b3a5d055fe7173b 7788 twitter-bootstrap3_3.4.1+dfsg-2+deb11u1_amd64.buildinfo
Files:
 372e76db08a41fb8bf9cd6097ecc524f 2313 javascript optional twitter-bootstrap3_3.4.1+dfsg-2+deb11u1.dsc
 504ddae4ecdda987cbe48168d176ab41 2011336 javascript optional twitter-bootstrap3_3.4.1+dfsg.orig.tar.xz
 683f92d01b1e74f08546ca8fa62e5341 54888 javascript optional twitter-bootstrap3_3.4.1+dfsg-2+deb11u1.debian.tar.xz
 1638a2a1ea62d96f78ca0ddfc8b9a10e 7788 javascript optional twitter-bootstrap3_3.4.1+dfsg-2+deb11u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmf7g0YACgkQADoaLapB
CF+DGRAAj9aj9ogkM9nC9vT1AdQBo8WxkFHulQbMQMKVoLRc/eJM8WTIRsMbw8w8
dEFwFRaC+vQy0c+I3d61ZSGwJa99hDsGpclQzhiofWuAjefs7aE8brJAFCNwyY8Y
vjvV+80Kowy3dXbNnAXeeyJz88fJJYrllepj/n5RzwQI7vd6o4YVdPdEcLdFfW9D
kRdCo5Hn4vOfkhwjavSk3ETCv32BKEzCIqhcjI/jATkOYIp0Ko6p4DLWQ4tAsNHl
kyPnVu41kTSuzzsS0WzLyefaWmBb+9AIFAFuW4YTws1REsm0xRzq3tNhlZeExpTh
0S1UZqUP2G157F3TgENSbL9CehrKmbzgAB9NGyis568XkOvW2SF/E8G59C9fg9rO
5/YOwsxqmODwIDBD/CCUPyO4a3cs0FEtH6vpHsZlTYXgJRVtXCvSGCJwjnr5pxX7
47rc4U+F1SDh4hLUr2Is2TNCtO6P1JnYnSI5EMwWKSfueBSyNruFJ38KOh6jhLpJ
dOI97rQ/qhNUcGo7qcKuQ0sOvyMFzl2apHPZgT98Ys+DHOzLq5zJV7l539Z+4w5D
AKZYq5RxWCdsmnzLwcDOhZOAbkTxvEszmZTd5iWNipkII4V4+HUNUgpiMPjq5Hx9
cGKAtc9kJjiehgW3IGwKOSxE4BoBazeQ0IMt32TuRo7jDuGbYIs=
=U7Y1
-----END PGP SIGNATURE-----

Attachment: pgpPb5Ec8KUCU.pgp
Description: PGP signature