*** This bug is a security vulnerability *** Public security bug reported:
Binary package hint: roundup References: DSA-1554-1 (http://www.debian.org/security/2008/dsa-1554) QuotingDSA-1554-1: "Roundup, an issue tracking system, fails to properly escape HTML input, allowing an attacker to inject client-side code (typically JavaScript) into a document that may be viewed in the victim's browser." Quoting CVE-2008-1474: "Multiple unspecified vulnerabilities in Roundup before 1.4.4 have unknown impact and attack vectors, some of which may be related to cross-site scripting (XSS)." ** Affects: roundup (Ubuntu) Importance: Undecided Status: New ** Affects: roundup (Debian) Importance: Unknown Status: Fix Released ** Visibility changed to: Public ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-1474 ** Bug watch added: Debian Bug tracker #472643 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=472643 ** Also affects: roundup (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=472643 Importance: Unknown Status: Unknown -- [roundup] [CVE-2008-1474] cross-site scripting vulnerability https://bugs.launchpad.net/bugs/227276 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs