Re: Bug#703290: davical: possible code insertion or XSS

To: Thijs Kinkhorst <thijs@debian.org>
Cc: Christoph Anton Mitterer <calestyo@scientia.net>, <andrew@morphoss.com>, Moritz Muehlenhoff <jmm@debian.org>, <703290@bugs.debian.org>, <debian-release@lists.debian.org>
Subject: Re: Bug#703290: davical: possible code insertion or XSS
From: Jonathan Wiltshire <jmw@debian.org>
Date: Tue, 19 Mar 2013 10:20:02 +0000
Message-id: <[🔎] 792b24808a9bcc6ff42f9a912ed76999@hogwarts.powdarrmonkey.net>
In-reply-to: <[🔎] 6b5527658cc070ce38c49e6d0282f5b8.squirrel@aphrodite.kinkhorst.nl>
References: <20130318021015.8362.19999.reportbug@heisenberg.scientia.net> <1363588989.22279.25.camel@narbon.home.mcmillan.net.nz> <[🔎] 20130318174627.GA796@inutil.org> <[🔎] 1363641637.22279.110.camel@narbon.home.mcmillan.net.nz> <[🔎] 1363653461.5360.11.camel@fermat.scientia.net> <[🔎] 6b5527658cc070ce38c49e6d0282f5b8.squirrel@aphrodite.kinkhorst.nl>

On 2013-03-19 07:40, Thijs Kinkhorst wrote:

On Tue, March 19, 2013 01:37, Christoph Anton Mitterer wrote:
severity 703290 important
stop

On Tue, 2013-03-19 at 10:20 +1300, Andrew McMillan wrote:
Is there any way to do an XSS exploit in 12 characters? If not,then I
don't think this is 'grave'.
Unless someone from the security or release team complains I've setthe
severity to important.
Agreed that it's not grave until we have a concrete vulnerability athand.The code could/should definitely be more robust, but there's not yetan
acute issue.


Is it fair to apply this line of reasoning to #703294 also?


--
Jonathan Wiltshire                                      jmw@debian.org
Debian Developer                         http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51

<directhex> i have six years of solaris sysadmin experience, from
            8->10. i am well qualified to say it is made from bonghits
			layered on top of bonghits

Reply to:

Follow-Ups:
- Re: Bug#703290: davical: possible code insertion or XSS
  - From: "Thijs Kinkhorst" <thijs@debian.org>

References:
- Re: Bug#703290: davical: possible code insertion or XSS
  - From: Moritz Muehlenhoff <jmm@debian.org>
- Re: Bug#703290: davical: possible code insertion or XSS
  - From: Andrew McMillan <andrew@morphoss.com>
- Re: Bug#703290: davical: possible code insertion or XSS
  - From: Christoph Anton Mitterer <calestyo@scientia.net>
- Re: Bug#703290: davical: possible code insertion or XSS
  - From: "Thijs Kinkhorst" <thijs@debian.org>

Prev by Date: Bug#703378: unblock: hsqldb/1.8.0.10+dfsg-1
Next by Date: Re: Bug#703290: davical: possible code insertion or XSS
Previous by thread: Re: Bug#703290: davical: possible code insertion or XSS
Next by thread: Re: Bug#703290: davical: possible code insertion or XSS
Index(es):
- Date
- Thread