twitter-bootstrap3 (3.3.7+dfsg-2+deb9u3~deb8u1) jessie-security; urgency=medium

  * ELTS Team upload
  * Backport from stretch-security
  * Fix CVE-2024-6485:
    A security vulnerability has been discovered in bootstrap
    that could enable Cross-Site Scripting (XSS) attacks.
    The vulnerability is associated with the data-loading-text
    attribute within the button plugin.
    This vulnerability can be exploited by injecting malicious
    JavaScript code into the attribute, which would then be
    executed when the button's loading state is triggered.
    (Closes: #1084060)
  * Fix CVE-2024-6484:
    A vulnerability has been identified in Bootstrap that
    exposes users to Cross-Site Scripting (XSS) attacks.
    The issue is present in the carousel component, where the
    data-slide and data-slide-to attributes can be exploited
    through the href attribute of an <a> tag due to inadequate
    sanitization. This vulnerability could potentially enable
    attackers to execute arbitrary JavaScript within
    the victim's browser.
    (Closes: #1084060)
  * Fix CVE-2019-8331: XSS in tooltip or popover
  * Fix CVE-2018-20677: XSS in the affix configuration target property.
  * Fix CVE-2018-20676: XSS in the tooltip data-viewport attribute.
  * Fix CVE-2018-20677: XSS in the data-target attribute

 -- Bastien Roucariès <rouca@debian.org>  Sun, 13 Apr 2025 16:03:11 +0200

twitter-bootstrap3 (3.3.7+dfsg-2+deb9u3) stretch-security; urgency=medium

  * ELTS Team upload
  * Fix CVE-2024-6485:
    A security vulnerability has been discovered in bootstrap
    that could enable Cross-Site Scripting (XSS) attacks.
    The vulnerability is associated with the data-loading-text
    attribute within the button plugin.
    This vulnerability can be exploited by injecting malicious
    JavaScript code into the attribute, which would then be
    executed when the button's loading state is triggered.
    (Closes: #1084060)
  * Fix CVE-2024-6484:
    A vulnerability has been identified in Bootstrap that
    exposes users to Cross-Site Scripting (XSS) attacks.
    The issue is present in the carousel component, where the
    data-slide and data-slide-to attributes can be exploited
    through the href attribute of an <a> tag due to inadequate
    sanitization. This vulnerability could potentially enable
    attackers to execute arbitrary JavaScript within
    the victim's browser.
    (Closes: #1084060)

 -- Bastien Roucariès <rouca@debian.org>  Sun, 13 Apr 2025 15:30:44 +0200

twitter-bootstrap3 (3.3.7+dfsg-2+deb9u2) stretch; urgency=medium

  * Add patch to fix CVE-2019-8331: XSS in tooltip or popover

 -- Xavier Guimard <yadd@debian.org>  Thu, 21 Feb 2019 21:45:23 +0100

twitter-bootstrap3 (3.3.7+dfsg-2+deb9u1) stretch; urgency=high

  * Team upload.
  * Fix multiples vulnerabilities (Closes: #907414):
    - CVE-2018-14040: XSS is possible in the collapse data-parent
    - CVE-2018-14041: XSS is possible in the data-target property
    - CVE-2018-14042: XSS is possible in the data-container
  * Update debian/copyright

 -- Xavier Guimard <yadd@debian.org>  Mon, 04 Feb 2019 22:25:25 +0100

twitter-bootstrap3 (3.3.7+dfsg-2~bpo8+1) jessie-backports; urgency=medium

  * Rebuild for jessie-backports.

 -- Andreas Tille <tille@debian.org>  Tue, 07 Mar 2017 10:50:20 +0100

twitter-bootstrap3 (3.3.7+dfsg-2) unstable; urgency=medium

  * Team upload
  * debian/upstream/changelog: update with changelog entries for 3.3.7
  * debian/rules: produce reproducible copyright message in
    dist/js/bootstrap3.js (Closes: #834988)

 -- Antonio Terceiro <terceiro@debian.org>  Mon, 24 Oct 2016 10:45:58 -0200

twitter-bootstrap3 (3.3.7+dfsg-1) unstable; urgency=medium

  * Team upload
  * New upstream version 3.3.7+dfsg
    - Adds compatibility with jQuery 3
  * debian/rules: update the jQuery version check
  * Bump Standards-Version to 3.9.8; no changes needed
  * Switch Git* URL's to https

 -- Antonio Terceiro <terceiro@debian.org>  Sat, 22 Oct 2016 20:20:37 -0200

twitter-bootstrap3 (3.3.6+dfsg-1) unstable; urgency=medium

  * Track version 3
  * Drop unsuitable images

 -- David Prévot <taffit@debian.org>  Sat, 19 Dec 2015 10:54:42 -0400

twitter-bootstrap3 (3.3.5+dfsg-2) unstable; urgency=medium

  * Add node-source-map to build-dependencies.
    Thanks to Jonas Smedegaard (Closes: #802527)

 -- David Prévot <taffit@debian.org>  Fri, 23 Oct 2015 13:11:28 -0400

twitter-bootstrap3 (3.3.5+dfsg-1) unstable; urgency=medium

  [ XhmikosR ]
  * Fix license header

 -- David Prévot <taffit@debian.org>  Sat, 20 Jun 2015 16:35:10 -0400

twitter-bootstrap3 (3.3.4+dfsg-2) unstable; urgency=medium

  * Upload to unstable since Jessie has been released

 -- David Prévot <taffit@debian.org>  Sun, 17 May 2015 09:06:25 -0400

twitter-bootstrap3 (3.3.4+dfsg-1) experimental; urgency=medium

  * Update copyright

 -- David Prévot <taffit@debian.org>  Thu, 19 Mar 2015 16:56:48 -0400

twitter-bootstrap3 (3.3.2+dfsg-1) experimental; urgency=medium

  * Update copyright

 -- David Prévot <taffit@debian.org>  Thu, 29 Jan 2015 19:22:15 -0400

twitter-bootstrap3 (3.3.1+dfsg-1) experimental; urgency=medium

  * Upload to experimental to respect the freeze

  [ Mark Otto ]
  * bump version to v3.3.1

  [ David Prévot ]
  * Use repacksuffix feature of uscan
  * Update copyright
  * Add upstream changelog
  * Bump standards version to 3.9.6
  * Update rules

 -- David Prévot <taffit@debian.org>  Fri, 12 Dec 2014 23:01:18 -0400

twitter-bootstrap3 (3.2.0+dfsg-1) unstable; urgency=medium

  * Restart packaging for twitter-bootstrap3 (Closes: #722935)
  * Do not install documentation
  * Provide less files, as suggested in #731750

 -- David Prévot <taffit@debian.org>  Sun, 14 Sep 2014 15:14:28 -0400

twitter-bootstrap (2.0.2+dfsg-4) unstable; urgency=low

  * QA upload.
  * debian/patches/build-with-node-1.4.2.patch: Add patch from upstream
    git to build with node 1.4.2 (Closes: #718072)
  * Updating to Standards version 3.9.4
  * Update copyright file to clarify license
  * Include a watchfile
  * Don't duplicate "Section"-field in libjs-twitter-bootstrap
  * Don't use obsolete Apache2 conf.d directory
  * Add a doc-base file for the documentation package

 -- Andreas Moog <amoog@ubuntu.com>  Sat, 10 Aug 2013 18:57:51 +0000

twitter-bootstrap (2.0.2+dfsg-3) unstable; urgency=low

  * QA upload
  * The package has been orphaned. Set maintainer to Debian QA Group.
  * Use nodejs command instead of the obsolete node command to build the
    documentation. (Closes: #707522)

 -- Markus Koschany <apo@gambaru.de>  Sat, 08 Jun 2013 23:09:56 +0200

twitter-bootstrap (2.0.2+dfsg-2) unstable; urgency=low

  * Switching to xz compression.
  * Updating GPL boilerplate in copyright file.
  * Sorting fields in proper order in copyright file.
  * Removing useless additional license file.
  * Adding missing continuation line in copyright file.
  * Removing obsoleted copyright symbols in copyright file.

 -- Daniel Baumann <daniel.baumann@progress-technologies.net>  Sat, 30 Jun 2012 15:48:58 +0200

twitter-bootstrap (2.0.2+dfsg-1) unstable; urgency=low

  * Merging upstream version 2.0.2+dfsg.
  * Rediffing dfsg.patch.
  * Rediffing build.patch.
  * Making build-depends on less.js versioned.
  * Updating to debhelper version 9.
  * Updating to standards version 3.9.3.
  * Updating copyright file machine-readable format version 1.0.

 -- Daniel Baumann <daniel.baumann@progress-technologies.net>  Tue, 20 Mar 2012 12:20:34 +0100

twitter-bootstrap (2.0+dfsg-1) unstable; urgency=low

  * Merging upstream version 2.0+dfsg.
  * Updating rules for version 2.0.
  * Updating copyright file for version 2.0.
  * Removing date.patch, not required anymore.
  * Updating local copy of html5shiv.
  * Adding node-uglify to build-depends.
  * Adding zip to build-depends.
  * Adding patch to avoid trying to copy not included jquery.js file.
  * Adding patch to avoid removing files after build.
  * Updating debhelper files for new fs layout.
  * Using uppercase spelling of html in package descriptions.
  * Adding todo file.
  * Dropping usage of javascript-common and using more suitable
    /twitter-bootstrap and /bootstrap configurations without loosing
    javascript-common compatiblity.
  * Also compressing local css file.

 -- Daniel Baumann <daniel.baumann@progress-technologies.net>  Sat, 11 Feb 2012 09:40:17 +0100

twitter-bootstrap (1.4+dfsg-2) unstable; urgency=low

  * Adding provides twitter-bootstrap and twitter-bootstrap-docs to
    libjs-t-b and libjs-t-b-d respectively.
  * Adding local copy of html5shiv, version 20120101.
  * Adding local copy of google-code-prettify, version 20110601.
  * Installing compressed variants of all javascript files.
  * Adding recommends to libjs-jquery and libjs-jquery-tablesorter.

 -- Daniel Baumann <daniel.baumann@progress-technologies.net>  Sat, 07 Jan 2012 23:06:55 +0100

twitter-bootstrap (1.4+dfsg-1) unstable; urgency=low

  * Initial release (Closes: #647864).
  * Rebuild upstream tarball without browser and twitter icons
    and google-code-prettify.

 -- Daniel Baumann <daniel.baumann@progress-technologies.net>  Wed, 28 Dec 2011 08:10:28 +0100
