Re: XSS vulnerability on bugs.debian.org

To: debian-www@lists.debian.org
Subject: Re: XSS vulnerability on bugs.debian.org
From: Don Armstrong <don@debian.org>
Date: Mon, 12 Nov 2007 21:54:00 -0800
Message-id: <[🔎] 20071113055400.GE25418@volo.donarmstrong.com>
Mail-followup-to: debian-www@lists.debian.org
In-reply-to: <[🔎] 20071113024806.GJ8207@rzlab.ucr.edu>
References: <[🔎] 20071113012901.4A2AA7B7C4@ws5-10.us4.outblaze.com> <[🔎] 20071113024806.GJ8207@rzlab.ucr.edu>

On Mon, 12 Nov 2007, Don Armstrong wrote:
> On Tue, 13 Nov 2007, T-Ping T-Ping wrote:
> > I saw that someone named Fugitif had found an XSS vulnerability on
> > bugs.debian.org that is still unpatched.
> > Here is an example XSS for this bug:
> > http://bugs.debian.org/cgi-bin/pkgreport.cgi?pkg=";><script>alert("XSS")</script>
> 
> Ah; one of them slipped through. I'll deal with this shortly.

This is resolved now.
 

Don Armstrong

-- 
[T]he question of whether Machines Can Think, [...] is about as
relevant as the question of whether Submarines Can Swim.
 -- Edsger W. Dijkstra "The threats to computing science"

http://www.donarmstrong.com              http://rzlab.ucr.edu

Reply to:

References:
- XSS vulnerability on bugs.debian.org
  - From: "T-Ping T-Ping" <tping@bsdmail.org>
- Re: XSS vulnerability on bugs.debian.org
  - From: Don Armstrong <don@debian.org>

Prev by Date: Re: XSS vulnerability on bugs.debian.org
Next by Date: Re: download problems
Previous by thread: Re: XSS vulnerability on bugs.debian.org
Next by thread: bad file
Index(es):
- Date
- Thread