subject:"Bug#598743\: hypermail\: XSS vulnerability"

Bug#598743: hypermail: XSS vulnerability

2010-11-05 Thread Alexander Reichle-Schmehl

Hi! * Kevin Fernandez ke...@findhost.org [101001 18:17]: Package: hypermail Version: 2.2.0.dfsg-2 Severity: grave Tags: security Justification: user security hole Given that: * The package hasn't actually a high popcon rating * It has a security related bug open for over a month * A new

Bug#598743: hypermail: XSS vulnerability

2010-10-01 Thread Kevin Fernandez

Package: hypermail Version: 2.2.0.dfsg-2 Severity: grave Tags: security Justification: user security hole Hypermail has a cross-site scripting vulnerability in the way it indexes mails. Eg: send a mail with this From address: iframe src=//debian.org em...@debian.org All the pages indexing this