Re: Bug#703290: davical: possible code insertion or XSS

To: "Christoph Anton Mitterer" <calestyo@scientia.net>
Cc: andrew@morphoss.com, "Moritz Muehlenhoff" <jmm@debian.org>, 703290@bugs.debian.org, debian-release@lists.debian.org
Subject: Re: Bug#703290: davical: possible code insertion or XSS
From: "Thijs Kinkhorst" <thijs@debian.org>
Date: Tue, 19 Mar 2013 08:40:17 +0100
Message-id: <[🔎] 6b5527658cc070ce38c49e6d0282f5b8.squirrel@aphrodite.kinkhorst.nl>
In-reply-to: <[🔎] 1363653461.5360.11.camel@fermat.scientia.net>
References: <20130318021015.8362.19999.reportbug@heisenberg.scientia.net> <1363588989.22279.25.camel@narbon.home.mcmillan.net.nz> <[🔎] 20130318174627.GA796@inutil.org> <[🔎] 1363641637.22279.110.camel@narbon.home.mcmillan.net.nz> <[🔎] 1363653461.5360.11.camel@fermat.scientia.net>

On Tue, March 19, 2013 01:37, Christoph Anton Mitterer wrote:
> severity 703290 important
> stop
>
> On Tue, 2013-03-19 at 10:20 +1300, Andrew McMillan wrote:
>> Is there any way to do an XSS exploit in 12 characters?  If not, then I
>> don't think this is 'grave'.
> Unless someone from the security or release team complains I've set the
> severity to important.

Agreed that it's not grave until we have a concrete vulnerability at hand.
The code could/should definitely be more robust, but there's not yet an
acute issue.


Cheers,
Thijs

Reply to:

Follow-Ups:
- Re: Bug#703290: davical: possible code insertion or XSS
  - From: Jonathan Wiltshire <jmw@debian.org>

References:
- Re: Bug#703290: davical: possible code insertion or XSS
  - From: Moritz Muehlenhoff <jmm@debian.org>
- Re: Bug#703290: davical: possible code insertion or XSS
  - From: Andrew McMillan <andrew@morphoss.com>
- Re: Bug#703290: davical: possible code insertion or XSS
  - From: Christoph Anton Mitterer <calestyo@scientia.net>

Prev by Date: Bug#703391: Reduced debdiff
Next by Date: Bug#703409: unblock: ruby-actionpack-2.3/2.3.14-5, ruby-actionpack-3.2/3.2.6-6, ruby-activerecord-2.3/2.3.14-6, ruby-activerecord-3.2/3.2.6-5, ruby-activesupport-2.3/2.3.14-7, ruby-activesupport-3.2/3.2.6-6
Previous by thread: Re: Bug#703290: davical: possible code insertion or XSS
Next by thread: Re: Bug#703290: davical: possible code insertion or XSS
Index(es):
- Date
- Thread