Re: XSS in paste 1.7.1-1 and 1.7.3.1-1

To: debian-release@lists.debian.org
Subject: Re: XSS in paste 1.7.1-1 and 1.7.3.1-1
From: Piotr Ożarowski <piotr@debian.org>
Date: Tue, 3 Aug 2010 00:33:54 +0200
Message-id: <[🔎] 20100802223354.GK20968@piotro.eu>
In-reply-to: <[🔎] a6207a0c0e722af1800230d51cedeb36.squirrel@adsl.funkybadger.org>
References: <20100625222534.GA3730@piotro.eu> <[🔎] 20100802204800.GJ20968@piotro.eu> <[🔎] a6207a0c0e722af1800230d51cedeb36.squirrel@adsl.funkybadger.org>

[Adam D. Barratt, 2010-08-03]
> Have you discussed with the security team whether this is something they
> believe a DSA should be issued for?

I backported the patch for Debian (stable and unbstable) few hours after
upstream released new version (didn't know about the issue before) and
mailed security team few hours later. They suggested to contact release
team instead.
-- 
Piotr Ożarowski                         Debian GNU/Linux Developer
www.ozarowski.pl          www.griffith.cc           www.debian.org
GPG Fingerprint: 1D2F A898 58DA AF62 1786 2DF7 AEF6 F1A2 A745 7645

Reply to:

Follow-Ups:
- Re: XSS in paste 1.7.1-1 and 1.7.3.1-1
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

References:
- Re: XSS in paste 1.7.1-1 and 1.7.3.1-1
  - From: Piotr Ożarowski <piotr@debian.org>
- Re: XSS in paste 1.7.1-1 and 1.7.3.1-1
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Prev by Date: Bug#589689: transition to libjack-jackd2-0 breaks many packages
Next by Date: Bug#589689: transition to libjack-jackd2-0 breaks many packages
Previous by thread: Re: XSS in paste 1.7.1-1 and 1.7.3.1-1
Next by thread: Re: XSS in paste 1.7.1-1 and 1.7.3.1-1
Index(es):
- Date
- Thread