Hi David, owner@bugs.debian.org is the right address for such reports. On Mittwoch, 6. Januar 2010, David Shaw wrote: > Hello, > > My name is David Shaw, and I am a security engineer with Redspin, Inc. > > While browsing debian.org today, I noticed that some of the fields were not > correctly sanitized, leading to a cross-site scripting vulnerability. > > The URL to verify this vulnerability (with an XSS popup) is: > > http://bugs.debian.org/cgi-bin/pkgreport.cgi?tag=%27%27;exclude=subject%3A% >22%3E%3Cscript%3Ealert%28%27xss%27%29%3B%3C%2Fscript%3E > > If this was not the correct email address to send this, I apologize and > would like to request the correct address. > > Thank you, > > David Shaw Thank you too :-) Holger
Attachment:
signature.asc
Description: This is a digitally signed message part.