twitter-bootstrap3 (3.4.1+dfsg-2+deb11u2build0.22.04.1) jammy-security; urgency=medium
* fake sync from Debian
-- Nishit Majithia <nishit.majithia@canonical.com> Wed, 04 Jun 2025 21:10:54 +0530
twitter-bootstrap3 (3.4.1+dfsg-2+deb11u2) bullseye-security; urgency=medium
* Team upload
* Fix CVE-2025-1647 (Closes: #1105899)
Improper Neutralization of Input During Web Page
Generation (XSS or 'Cross-site Scripting') vulnerability
in Bootstrap allows Cross-Site Scripting (XSS)
DOM-based cross-site scripting (XSS) via DOM clobbering
occurs when an attacker manipulates the Document Object Model
(DOM) to overwrite or "clobber" an existing DOM object,
leading to the execution of malicious scripts, particularly
document.implementation variable.
-- Bastien Roucariès <rouca@debian.org> Fri, 30 May 2025 18:17:56 +0200
twitter-bootstrap3 (3.4.1+dfsg-2+deb11u1) bullseye-security; urgency=medium
* Team upload
* Fix CVE-2024-6485:
A security vulnerability has been discovered in bootstrap
that could enable Cross-Site Scripting (XSS) attacks.
The vulnerability is associated with the data-loading-text
attribute within the button plugin.
This vulnerability can be exploited by injecting malicious
JavaScript code into the attribute, which would then be
executed when the button's loading state is triggered.
(Closes: #1084060)
* Fix CVE-2024-6484:
A vulnerability has been identified in Bootstrap that
exposes users to Cross-Site Scripting (XSS) attacks.
The issue is present in the carousel component, where the
data-slide and data-slide-to attributes can be exploited
through the href attribute of an <a> tag due to inadequate
sanitization. This vulnerability could potentially enable
attackers to execute arbitrary JavaScript within
the victim's browser.
(Closes: #1084060)
-- Bastien Roucariès <rouca@debian.org> Thu, 10 Apr 2025 23:47:00 +0200
twitter-bootstrap3 (3.4.1+dfsg-2) unstable; urgency=medium
[ Xavier Guimard ]
* Replace Jonas Smedegaard by myself to uploaders. Thanks for your work!
(Closes: #918197)
* Apply multi-arch hints (foreign) (Closes: #923518)
[ Debian Janitor ]
* Set debhelper-compat version in Build-Depends.
* Update renamed lintian tag names in lintian overrides.
* Remove obsolete fields Contact, Name from debian/upstream/metadata
(already present in machine-readable debian/copyright).
* Update standards version to 4.5.0, no changes needed.
[ Xavier Guimard ]
* Replace build-dependency to node-uglify by uglifyjs (Closes: #979961)
* Bump debhelper compatibility level to 13
* Declare compliance with policy 4.5.1
* Add "Rules-Requires-Root: no"
* Modernize debian/watch
-- Xavier Guimard <yadd@debian.org> Tue, 12 Jan 2021 12:16:16 +0100
twitter-bootstrap3 (3.4.1+dfsg-1) unstable; urgency=medium
* Team upload
* Exclude .gitignore from upstream archive
* New upstream version 3.4.1+dfsg. Fixes CVE-2019-8331
* Update debian/copyright
-- Xavier Guimard <yadd@debian.org> Fri, 22 Feb 2019 10:25:16 +0100
twitter-bootstrap3 (3.4.0+dfsg-4) unstable; urgency=medium
* Generate README.txt and README.html from README.md.
Build-depend on pandoc.
* Enable autopkgtest.
* Fix have libjs-bootstrap depend on fonts-glyphicons-halflings
(not bogus fonts-glyhicons-halflings).
* Add patch 2001 to fix privacy issues in documentation.
-- Jonas Smedegaard <dr@jones.dk> Tue, 22 Jan 2019 00:06:11 +0100
twitter-bootstrap3 (3.4.0+dfsg-3) unstable; urgency=medium
* Update rules: Revert preparation of fonts,
and instead omit installing them in debhelper hint.
-- Jonas Smedegaard <dr@jones.dk> Mon, 21 Jan 2019 22:34:34 +0100
twitter-bootstrap3 (3.4.0+dfsg-2) experimental; urgency=medium
* Update copyright info:
+ Fix add Files section for fonts,
and clarify licensing of main code and documentation.
+ Fix update Files section for customizer.js,
add clarify its current licensing.
* Wrap and sort control file.
* Use dpkg snippet to resolve version string.
* Fix add binary package fonts-glyphicons-halflings.
* Add myself as uploader.
-- Jonas Smedegaard <dr@jones.dk> Mon, 21 Jan 2019 17:13:09 +0100
twitter-bootstrap3 (3.4.0+dfsg-1) unstable; urgency=medium
* Team upload
[ Antonio Terceiro ]
* debian/rules: use UTC dates to avoid unreproducibility across timezones
during new year's eve/day.
[ Jelmer Vernooij ]
* Use secure copyright file specification URI.
[ Xavier Guimard ]
* New upstream version 3.4.0+dfsg (Closes: #907414)
* Bump debhelper compatibility level to 12
* Declare compliance with policy 4.3.0
* Update VCS URLs
* Update debian/copyright
* Update lintian overrides
* Change section to javascript
* Add upstream/metadata
* Update upstream changelog
* Remove get-orig-source target in debian/rules
* Update links to https
-- Xavier Guimard <yadd@debian.org> Fri, 04 Jan 2019 07:27:13 +0100
twitter-bootstrap3 (3.3.7+dfsg-2) unstable; urgency=medium
* Team upload
* debian/upstream/changelog: update with changelog entries for 3.3.7
* debian/rules: produce reproducible copyright message in
dist/js/bootstrap3.js (Closes: #834988)
-- Antonio Terceiro <terceiro@debian.org> Mon, 24 Oct 2016 10:45:58 -0200
# For older changelog entries, run 'apt-get changelog fonts-glyphicons-halflings'
Generated by dwww version 1.14 on Thu Aug 14 19:36:50 CEST 2025.