problem to translate DSA 125 in french
Hello,
We have an ongoing effort to keep all DSA translated to french. But we have
a problem with the DSA125:
Yuji Takahashi discovered a bug in analog which allows a cross-site
scripting type attack. It is easy for an attacker to insert arbitrary
strings into any web server logfile. If these strings are then analysed by
analog, they can appear in the report. By this means an attacker can
introduce arbitrary Javascript code, for example, into an analog report
produced by someone else and read by a third person. Analog already
attempted to encode unsafe characters to avoid this type of attack, but
the conversion was incomplete.
What is a cross-site scripting type attack ?
If there is some french speaking people on this list, could you propose a
translation ? If not, could you explain in english what kind of attack it is?
Thanks for all, Mt.
PS: keep us in CC, since we are not on the ML.
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: