-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 13 Apr 2025 13:42:02 +0200
Source: twitter-bootstrap4
Architecture: source
Version: 4.6.1+dfsg1-5
Distribution: unstable
Urgency: high
Maintainer: Debian Javascript Maintainers <pkg-javascript-devel@lists.alioth.debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Closes: 1084059
Changes:
twitter-bootstrap4 (4.6.1+dfsg1-5) unstable; urgency=high
.
* Team upload
* Fix CVE-2024-6531 (XSS vulnerability):
An anchor element (<a>), when used for carousel navigation
with a data-slide attribute, can contain an href attribute
value that is not subject to proper content sanitization.
Improper extraction of the intended target carousel’s
#id from the href attribute can lead to use cases where
the click event’s preventDefault()
is not applied and the href is evaluated and executed.
As a result, restrictions are not applied to the data
that is evaluated, which can lead to potential
XSS vulnerabilities.
(Closes: #1084059)
Checksums-Sha1:
5b21196eef482f1cae1d2e2500a233b265f0e6b2 2348 twitter-bootstrap4_4.6.1+dfsg1-5.dsc
e98a1a8175e6450e984d87a197e3afc1aa8716f2 2329588 twitter-bootstrap4_4.6.1+dfsg1.orig.tar.xz
a41320d5ad422f6442c4458a9c12533d7657e7b1 19664 twitter-bootstrap4_4.6.1+dfsg1-5.debian.tar.xz
c6d2b14c256114b58cd78c4c5a90619ba92374c5 16875 twitter-bootstrap4_4.6.1+dfsg1-5_amd64.buildinfo
Checksums-Sha256:
a6ca11e32fe9b62882c19d02b367e35d99c518513e0d1f425eff5e6628db4521 2348 twitter-bootstrap4_4.6.1+dfsg1-5.dsc
a2fdd5c181d592deb7ea7b1676188978cc60ebf182d1e6c4d6c712e0c6eb8a54 2329588 twitter-bootstrap4_4.6.1+dfsg1.orig.tar.xz
7f6195374333238bc26ba7e920034a00bbb7f1df0b277eb14304fae1f22dd301 19664 twitter-bootstrap4_4.6.1+dfsg1-5.debian.tar.xz
e4c70398ebad4dfd471d4ef74ad3839746be5fd4f06e9848c4384eec0eb7b84c 16875 twitter-bootstrap4_4.6.1+dfsg1-5_amd64.buildinfo
Files:
4cd7b6b3c7094985b588d34e2f04748c 2348 javascript optional twitter-bootstrap4_4.6.1+dfsg1-5.dsc
d0b7793db9e3976ce87f34dda946affa 2329588 javascript optional twitter-bootstrap4_4.6.1+dfsg1.orig.tar.xz
3e5b7991a926d50f7b7e4506a4e11f45 19664 javascript optional twitter-bootstrap4_4.6.1+dfsg1-5.debian.tar.xz
43e1274c702300f7785ecc44da367bcd 16875 javascript optional twitter-bootstrap4_4.6.1+dfsg1-5_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmf7rz8ACgkQADoaLapB CF8KKRAAh1vJAxcO9KZ727bJH0dFGFJ2uNYcna/TkmhezErwSJehjdPOWZVegzu1 nfo4nxKDU7a3jC4Qi9xy1F/jXsNhWqZQngMp12qodiRL6LfUGlDaxgSpy3088CpO 7HFD/x8l2ZD/2q4KO+GwDC7WFDcACOIYmZEjz0Q/24T8qSTddsUj9TbJid5v/ag8 pOwTLxGJRBoFUz+Iv2Zt+Sper0f955PWOnf75t9Oxc3JJQ2tfcMwSwQg6G4j5P2f 1sGJvBrOJ3p2Y/36hi+etjmC3YwiVQXhPRjpC4sbMX8K6SfTuwuviWxd9sGy6iKX JbavYjjIhkBSc3o8hQYahPcmT185onii9zR1CDM5fDuqxyCQyzClEw37bKzOqmU/ BusjssXkIxwMtqgiOfOKrNs8inHSvBIhJwxRf+YWoHe6TjMK5dvU3Qt0bXudApOo aq/5LP3a7inl9ivx8RX/8Vb1szPJ4U6ZNrXGOWdX6h7yIHmTB9HdPvX17HPccsbo 6jPtzaH3U2jTZ4dR6reXzQQPzoWFbHEYa/KyPSblWw0X/tDv5f7EyOKrwVDQv5u3 J9ps/IxDQ7vOEm7OIzo2q5tQVv+71Y3v3FqX7DZLjNI29gnsQJ/WKJUb4FcoDM6B sh9xEaKtrUxIEAZwcxpCQ2v4kcrib8gtKDBPS+ibcfHiiHm1Oc4=
=lj50
-----END PGP SIGNATURE-----


--==============A87359896575689319=Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----

iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCZ/u0hgAKCRCb9qggYcy5 IaEFAP0XqabU7vK94v+PveKchgn9QFboLQVp2lSr7jDhus3VjgEAt9eTCfePcthh JN1BL+tbHPqbq4Q+PaIS7MzTQb5PQAk=RWdb
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)