Your message dated Sun, 01 Jun 2025 09:04:37 +0000
with message-id <e1ulecp-003p8y...@fasolo.debian.org>
and subject line Bug#1105899: fixed in twitter-bootstrap3 3.4.1+dfsg-5
has caused the Debian Bug report #1105899,
regarding twitter-bootstrap3: CVE-2025-1647
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1105899: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1105899
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: twitter-bootstrap3
Version: 3.4.1+dfsg-4
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi,
The following vulnerability was published for twitter-bootstrap3.
CVE-2025-1647[0]:
| Improper Neutralization of Input During Web Page Generation (XSS or
| 'Cross-site Scripting') vulnerability in Bootstrap allows Cross-Site
| Scripting (XSS).This issue affects Bootstrap: from 3.4.1 before
| 4.0.0.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-1647
https://www.cve.org/CVERecord?id=CVE-2025-1647
[1] https://www.herodevs.com/vulnerability-directory/cve-2025-1647
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: twitter-bootstrap3
Source-Version: 3.4.1+dfsg-5
Done: Bastien Roucariès <ro...@debian.org>
We believe that the bug you reported is fixed in the latest version of
twitter-bootstrap3, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1105...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bastien Roucariès <ro...@debian.org> (supplier of updated twitter-bootstrap3
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 30 May 2025 18:17:56 +0200
Source: twitter-bootstrap3
Architecture: source
Version: 3.4.1+dfsg-5
Distribution: unstable
Urgency: medium
Maintainer: Debian Javascript Maintainers
<pkg-javascript-de...@lists.alioth.debian.org>
Changed-By: Bastien Roucariès <ro...@debian.org>
Closes: 1105899
Changes:
twitter-bootstrap3 (3.4.1+dfsg-5) unstable; urgency=medium
.
* Team upload
* Fix CVE-2025-1647 (Closes: #1105899)
Improper Neutralization of Input During Web Page
Generation (XSS or 'Cross-site Scripting') vulnerability
in Bootstrap allows Cross-Site Scripting (XSS)
DOM-based cross-site scripting (XSS) via DOM clobbering
occurs when an attacker manipulates the Document Object Model
(DOM) to overwrite or "clobber" an existing DOM object,
leading to the execution of malicious scripts, particularly
document.implementation variable.
Checksums-Sha1:
da92956ad204fa74ba2b8714f70b95bb226e21e6 2271
twitter-bootstrap3_3.4.1+dfsg-5.dsc
0c1b1b026a103e470bb29f0d54445e44d2ab8f49 2011336
twitter-bootstrap3_3.4.1+dfsg.orig.tar.xz
2c43ec293cb942b34bc1423ce0842e2e34a04b8e 55744
twitter-bootstrap3_3.4.1+dfsg-5.debian.tar.xz
756937e26650c123b17d55f8ced4723fa21ba0cb 7714
twitter-bootstrap3_3.4.1+dfsg-5_amd64.buildinfo
Checksums-Sha256:
e3599b03f2ea175e4254bf8d632be2ece19392e2f10e2652b575664920c8ab09 2271
twitter-bootstrap3_3.4.1+dfsg-5.dsc
9eb17937c62ff1133779bdca0b2ee62bfc3a8fc3348aef3b197e6020c9ce3528 2011336
twitter-bootstrap3_3.4.1+dfsg.orig.tar.xz
993feb03d1203fedb0b998160bb16187c43079ed1e8587b473edbd144eeaf914 55744
twitter-bootstrap3_3.4.1+dfsg-5.debian.tar.xz
dc5512b462c5fe2e209cdd9e7bafa16bd7b9cee6391031a2d3a4a8219efe2c97 7714
twitter-bootstrap3_3.4.1+dfsg-5_amd64.buildinfo
Files:
cae8e83ae417799b31e1b4a64aae0da1 2271 javascript optional
twitter-bootstrap3_3.4.1+dfsg-5.dsc
504ddae4ecdda987cbe48168d176ab41 2011336 javascript optional
twitter-bootstrap3_3.4.1+dfsg.orig.tar.xz
cff4d414db93e3a8bd4a5b5da3115859 55744 javascript optional
twitter-bootstrap3_3.4.1+dfsg-5.debian.tar.xz
da3e265a5ce09451b900263aae8b36b8 7714 javascript optional
twitter-bootstrap3_3.4.1+dfsg-5_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmg8FKoACgkQADoaLapB
CF8q/g//eBaf8Wn8njSFwCnLGSsMsGgl572ygGoPL8amtywhR4HWjlleEceSenc8
iEd2seJft8YLeqUCsAzOq5KTbseN/QdpMCWL62HC+UO+SWEBp2JOgDG6CTyO1HYT
XebDCuKsVUS4MwquBkMtOsUgGDsZvlXKFibpPR/rhhOxqjE7jyJg+xWYtj1R0UPF
75xv3ck7HmNrkqwjRWqa98MnXQ7C4GP8j+ZOdLYZw3TOS352jwNzZKOviQbpMHd8
67JlzhrnsNUCEGsBlOC/kecmuuElRj/IVjhLgHHoLo4LEcN+vNar+vqKcMUfu0cS
WksGG2cT0txIlEUlW8F31odlC4d9z8XosWDuHZvzCfmJe0Kul69sR8R4Idl5soA6
21kyNcFFbmEjGv+eK7RBHmoRPvsHPeuVtfT2POmrCvJBgW472luORKvfh3FdV8Oi
sK2Fg/bslr5+epNm0UphnOBKNuW1VYj5zah3+HgMn/xUhBPHL4z0pVf5CE27BEIn
ePz4fai/a8uq4AmO46iUGkkZwoY6vBREJoRGsBG5Ge/0Ew+jCXPTgwPbrqw/fCYM
DXiv5esPShosjuwmjU68Sn83R55wdjcergBtw+hRCZEs6TzPCSjbxdbLPxZk+ntF
KkfpoqCaQZF6OHGxK9E+JJtP1DaVbqm5DAs18b/sicfxhUl2czE=
=0AqX
-----END PGP SIGNATURE-----
pgpPsLw1N99YL.pgp
Description: PGP signature
--- End Message ---
