Your message dated Sat, 10 May 2025 17:17:11 +0000
with message-id <e1udnp1-00dcoq...@fasolo.debian.org>
and subject line Bug#1084060: fixed in twitter-bootstrap3 3.4.1+dfsg-3+deb12u1
has caused the Debian Bug report #1084060,
regarding twitter-bootstrap3: CVE-2024-6484 CVE-2024-6485
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1084060: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1084060
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: twitter-bootstrap3
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for twitter-bootstrap3.
CVE-2024-6484[0]:
| A vulnerability has been identified in Bootstrap that exposes users
| to Cross-Site Scripting (XSS) attacks. The issue is present in the
| carousel component, where the data-slide and data-slide-to
| attributes can be exploited through the href attribute of an <a> tag
| due to inadequate sanitization. This vulnerability could potentially
| enable attackers to execute arbitrary JavaScript within the victim's
| browser.
https://www.herodevs.com/vulnerability-directory/cve-2024-6484
CVE-2024-6485[1]:
| A security vulnerability has been discovered in bootstrap that could
| enable Cross-Site Scripting (XSS) attacks. The vulnerability is
| associated with the data-loading-text attribute within the button
| plugin. This vulnerability can be exploited by injecting malicious
| JavaScript code into the attribute, which would then be executed
| when the button's loading state is triggered.
https://www.herodevs.com/vulnerability-directory/cve-2024-6485
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-6484
https://www.cve.org/CVERecord?id=CVE-2024-6484
[1] https://security-tracker.debian.org/tracker/CVE-2024-6485
https://www.cve.org/CVERecord?id=CVE-2024-6485
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: twitter-bootstrap3
Source-Version: 3.4.1+dfsg-3+deb12u1
Done: Bastien Roucariès <ro...@debian.org>
We believe that the bug you reported is fixed in the latest version of
twitter-bootstrap3, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1084...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bastien Roucariès <ro...@debian.org> (supplier of updated twitter-bootstrap3
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 10 Apr 2025 23:47:00 +0200
Source: twitter-bootstrap3
Architecture: source
Version: 3.4.1+dfsg-3+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: Debian Javascript Maintainers
<pkg-javascript-de...@lists.alioth.debian.org>
Changed-By: Bastien Roucariès <ro...@debian.org>
Closes: 1084060
Changes:
twitter-bootstrap3 (3.4.1+dfsg-3+deb12u1) bookworm; urgency=medium
.
* Team upload
* Fix CVE-2024-6485:
A security vulnerability has been discovered in bootstrap
that could enable Cross-Site Scripting (XSS) attacks.
The vulnerability is associated with the data-loading-text
attribute within the button plugin.
This vulnerability can be exploited by injecting malicious
JavaScript code into the attribute, which would then be
executed when the button's loading state is triggered.
(Closes: #1084060)
* Fix CVE-2024-6484:
A vulnerability has been identified in Bootstrap that
exposes users to Cross-Site Scripting (XSS) attacks.
The issue is present in the carousel component, where the
data-slide and data-slide-to attributes can be exploited
through the href attribute of an <a> tag due to inadequate
sanitization. This vulnerability could potentially enable
attackers to execute arbitrary JavaScript within
the victim's browser.
(Closes: #1084060)
Checksums-Sha1:
d2c2e31ed4e22ba8f4ce5642db0c2497e6740419 2303
twitter-bootstrap3_3.4.1+dfsg-3+deb12u1.dsc
0c1b1b026a103e470bb29f0d54445e44d2ab8f49 2011336
twitter-bootstrap3_3.4.1+dfsg.orig.tar.xz
25bee3360adf0ae50a5ca79f69e8b366e9dadf78 54992
twitter-bootstrap3_3.4.1+dfsg-3+deb12u1.debian.tar.xz
c733544fb0edc8af38b46a5edbe534c139a10265 7878
twitter-bootstrap3_3.4.1+dfsg-3+deb12u1_amd64.buildinfo
Checksums-Sha256:
343dc4557c440413a930737dcf45f12d3384fcd01745b8b1730ca594c0ed298c 2303
twitter-bootstrap3_3.4.1+dfsg-3+deb12u1.dsc
9eb17937c62ff1133779bdca0b2ee62bfc3a8fc3348aef3b197e6020c9ce3528 2011336
twitter-bootstrap3_3.4.1+dfsg.orig.tar.xz
e09f90ab9cf7c878f0f727ad13f4cb0ef4759b9d175f625077822c559b5ac6b8 54992
twitter-bootstrap3_3.4.1+dfsg-3+deb12u1.debian.tar.xz
6135ac805e50f4dea5004bc4cb7f12bafbfe422eeb36b51b1f150e30c6125bdd 7878
twitter-bootstrap3_3.4.1+dfsg-3+deb12u1_amd64.buildinfo
Files:
4595c09ea7abb8ec36adce98dbed2981 2303 javascript optional
twitter-bootstrap3_3.4.1+dfsg-3+deb12u1.dsc
504ddae4ecdda987cbe48168d176ab41 2011336 javascript optional
twitter-bootstrap3_3.4.1+dfsg.orig.tar.xz
78b3d8ec6ba5f64bc4e5cda9b3a93fb0 54992 javascript optional
twitter-bootstrap3_3.4.1+dfsg-3+deb12u1.debian.tar.xz
94191e916e6b4f1465c499a4cffdad06 7878 javascript optional
twitter-bootstrap3_3.4.1+dfsg-3+deb12u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmgfeCEACgkQADoaLapB
CF+23RAAmiMBQozhSjrRSgGLpaiDqAEpDunMpmkRF23lM+RFEU50WVrrOThgMfyh
zAWwFL4oOr6wliHa/48QfS4MMG3zfn9WmMmp5ZAyJr14zR9uv8YtgHRnOq0UsUzn
34+8UzpAXW2/Ci7ECJ3sIjuAxMSmA7qIhCWP746Z3kx9MG5DkAQX1Ku/G5eKTOcS
237ISVCyuHnf/p2aG4gkq4Tk3ciLp6dLyOLUI8pqhptWdbHDy0tVKsi6JEEioQzq
c5YQyxAIR62aAIWAtoWBD7h6PHq+7uWST489oFTkfFe4u6Q+tBjcRBJtsvgYXEcq
vDugx+55Bqy3vcYEH2KRMRQoi+cwWoDWfAd9u0G0TdHXvWcP8wCQPYH7WuBvykrk
gIFXCAnPJkhbiRhFfy51ZxZbYvtvzEdFPaSL26dHHVAsFia4DvNE0+/Yca0iXpWV
f7zFbA2tcGsx6bwDyssDKjF+ztMg+wEc6JWloKVYL5+HoiWAJWVHX//TlJIlZVkY
b5mimQ02t+nsL8C+6JZhsxWsEGrb+VKOgsFo8IQTtl0vWhHyrL+F7qplb4JJ+Hoi
NKLpKn1u3kMS6+QGrbjiAo8n3dL6junBTdJH5lcWWxw+YpA655oUUW+5nlAWZALL
ZjBptmrBr7uo5I/FEcqo1DnhcYkJZyi6jde0yVY9JdKP9RVjmiM=
=da69
-----END PGP SIGNATURE-----
pgptoqLXcukb5.pgp
Description: PGP signature
--- End Message ---
--
Pkg-javascript-devel mailing list
Pkg-javascript-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
