On Tue, Sep 18, 2007 at 08:23:48PM +0200, Moritz Naumann wrote: > there's an XSS issue in the updated p.d.o: > > http://packages.debian.org/content%3D0%3Bjavascript%3Aalert%280%29%3E/http-equiv%3Drefresh/%3Cmeta > > The '0' which is output could be replaced by encoded text or arbitrary > javascript instructions.
Thanks for your report. I have indentified the issue and will try to deploy the fix ASAP. Gruesse, -- Frank Lichtenheld <[EMAIL PROTECTED]> www: http://www.djpig.de/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
