On Mon, 12 Nov 2007, Don Armstrong wrote: > On Tue, 13 Nov 2007, T-Ping T-Ping wrote: > > I saw that someone named Fugitif had found an XSS vulnerability on > > bugs.debian.org that is still unpatched. > > Here is an example XSS for this bug: > > http://bugs.debian.org/cgi-bin/pkgreport.cgi?pkg="><script>alert("XSS")</script> > > Ah; one of them slipped through. I'll deal with this shortly.
This is resolved now. Don Armstrong -- [T]he question of whether Machines Can Think, [...] is about as relevant as the question of whether Submarines Can Swim. -- Edsger W. Dijkstra "The threats to computing science" http://www.donarmstrong.com http://rzlab.ucr.edu -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]