-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi,
I just realized there's a cross site scripting issue on bugs.debian.org, which you migth like to fix. http://bugs.debian.org/cgi-bin/pkgreport.cgi?src=%22%3E%3Cscript%3Ealert(%27Oops.%27)%3C/script%3E%3Cx%20y=%22 I know it's not your domain, but I'd like to point out that another XSS and some other issue (which may range from info disclosure to DoS) has been around on buildd.debian.org for a long time, first reported in Aug 2007, with reminders sent in June this year, and still unfixed. Since, so far, there has apparently not been enough need to fix it, here's these URLs on a public mailing list now. http://buildd.debian.org/build.php?pkg=%3Cscript%3Ealert(0)%3C/script%3E http://buildd.debian.org/build.php?&pkg=at&arch=%3Cscript%3Ealert(0)%3C/script%3E Let me know if you need any help fixing these. Moritz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEAREKAAYFAkkMiBkACgkQn6GkvSd/BgwH8QCeLP2fTuY5m0Sg+Z8O+87hV68z up0AmgJ0mWfQy8X5ljBiEU8ObTrWhLmb =TEhi -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
