> Am Samstag, den 01.11.2008, 17:47 +0100 schrieb Moritz Naumann: > > I know it's not your domain, but I'd like to point out that another XSS > > and some other issue (which may range from info disclosure to DoS) has > > been around on buildd.debian.org for a long time, first reported in Aug > > 2007, with reminders sent in June this year, and still unfixed.
> > Since, so far, there has apparently not been enough need to fix it, > > here's these URLs on a public mailing list now. > > http://buildd.debian.org/build.php?pkg=%3Cscript%3Ealert(0)%3C/script%3E > > http://buildd.debian.org/build.php?&pkg=at&arch=%3Cscript%3Ealert(0)%3C/script%3E > > Let me know if you need any help fixing these. I would welcome help in fixing these, yes. What do you need, the build.php file? (It also requires a wp.php file, I can send that one as well). Also, Moritz, I'm very sorry your repeated mails about these issues in buildd.debian.org went unanswered for so long. I (and a bunch of other people) just joined the team responsible for it this month, and I found about this bug just by pure chance. Thanks! * Gerfried Fuchs [Wed, 05 Nov 2008 17:25:55 +0100]: > Hmm, I'm not too sure if there is a (pseudo) package that this bug > could get cloned to for that, best thing propably would be to open a > ticket in RT.debian.org about it, but I'm not too sure in which queue? > Maybe someone else knows where to address this best these days ... There should exist a buildd.debian.org pseudo-package soon, see #504613. I'll clone it when I see it's been created, or feel free to do so yourself. Thanks, -- Adeodato Simó dato at net.com.org.es Debian Developer adeodato at debian.org Listening to: Pedro Guerra - Pasaba por aquí -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
