Hi, On Mon, August 2, 2010 16:48, Piotr Ożarowski wrote: > Could someone take a look at paste in stable-proposed-updates?
I thought I'd mailed you after spotting the package in p-u; it would appear I was mistaken - sorry about that. > (sorry for not sending this mail to -release earlier, I was convinced > that uploading to stable/stable-proposed-updated is enough now, I > probably misread one of the mails on -release) Sending an e-mail is definitely preferred; doing so before uploading rather than vice versa even more so. >> what it fixes: >> URLs like "http://foo.pl/-->%0D<script>alert('xss')</script>" >> will no longer generate error pages where JavaScript can be executed Have you discussed with the security team whether this is something they believe a DSA should be issued for? Regards, Adam -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
