Bug#132592: marked as done (qa.debian.org: Wrong number of RC bugs reported for woody)
Your message dated Sun, 10 Feb 2002 17:28:59 +0100 with message-id <[EMAIL PROTECTED]> and subject line Bug#132592: qa.debian.org: Wrong number of RC bugs reported for woody has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -- Received: (at maintonly) by bugs.debian.org; 6 Feb 2002 13:21:52 + >From [EMAIL PROTECTED] Wed Feb 06 07:21:52 2002 Return-path: <[EMAIL PROTECTED]> Received: from hamilton.tfy.utu.fi [130.232.104.24] by master.debian.org with esmtp (Exim 3.12 1 (Debian)) id 16YS1I-0007aU-00; Wed, 06 Feb 2002 07:21:52 -0600 Received: from juhaj by hamilton.tfy.utu.fi with local (Exim 3.34 #1 (Debian)) id 16YS0n-0002Qz-00; Wed, 06 Feb 2002 15:21:21 +0200 From: "Juha Jäykkä" <[EMAIL PROTECTED]> To: Debian Bug Tracking System <[EMAIL PROTECTED]> Subject: qa.debian.org: Wrong number of RC bugs reported for woody X-Reportbug-Version: 1.42 X-Mailer: reportbug 1.42 Date: Wed, 06 Feb 2002 15:21:20 +0200 Message-Id: <[EMAIL PROTECTED]> Sender: =?iso-8859-1?Q?Juha_J=E4ykk=E4?= <[EMAIL PROTECTED]> Delivered-To: [EMAIL PROTECTED] Package: qa.debian.org Version: N/A; reported 2002-02-06 Severity: minor base.debian.net and standard.debian.net incorrectly include bugs marked sid or pending on the line "Release Critical (RC) bugs: 17." -- System Information Debian Release: 3.0 Architecture: i386 Kernel: Linux hamilton 2.4.12 #1 Mon Dec 3 14:09:29 EET 2001 i686 Locale: LANG=C, [EMAIL PROTECTED] --- Received: (at 132592-done) by bugs.debian.org; 10 Feb 2002 16:29:02 + >From [EMAIL PROTECTED] Sun Feb 10 10:29:02 2002 Return-path: <[EMAIL PROTECTED]> Received: from luonnotar.infodrom.org [195.124.48.78] by master.debian.org with esmtp (Exim 3.12 1 (Debian)) id 16Zwqb-0003LZ-00; Sun, 10 Feb 2002 10:29:02 -0600 Received: from nautilus.noreply.org (unknown [138.232.34.77]) by luonnotar.infodrom.org (Postfix) with ESMTP id 0282E366A46; Sun, 10 Feb 2002 17:29:01 +0100 (CET) Received: by nautilus.noreply.org (Postfix, from userid 10) id 9F232357C4; Sun, 10 Feb 2002 17:29:00 +0100 (CET) Received: by fisch.cyrius.com (Postfix, from userid 1000) id 4B72723B29; Sun, 10 Feb 2002 17:28:59 +0100 (CET) Date: Sun, 10 Feb 2002 17:28:59 +0100 From: Martin Michlmayr <[EMAIL PROTECTED]> To: Juha =?iso-8859-1?B?SuR5a2vk?= <[EMAIL PROTECTED]>, [EMAIL PROTECTED] Subject: Re: Bug#132592: qa.debian.org: Wrong number of RC bugs reported for woody Message-ID: <[EMAIL PROTECTED]> References: <[EMAIL PROTECTED]> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <[EMAIL PROTECTED]> User-Agent: Mutt/1.3.22i Delivered-To: [EMAIL PROTECTED] * Juha Jäykkä <[EMAIL PROTECTED]> [20020206 15:21]: > base.debian.net and standard.debian.net incorrectly include bugs > marked sid or pending on the line "Release Critical (RC) bugs: 17." It now says: Release Critical (RC) bugs: 25 (12). -- Martin Michlmayr [EMAIL PROTECTED]
Bug-Squashing Party #7 on February 15-17
As aj said, it's Huntin' Season. The seventh Bug-Squashing Party for woody will take place on the third weekend of February: Friday 15th to Sunday 17th. Our goal is to get the release-critical bug count down to a level we can actually release by concentrating on diagnosing and fixing as many of woody's showstoppers as we can. If you want to see a quicker release, the most valuable thing you can do right now is to look through the lists of bugs against the base system and packages installed in standard configurations. These are the packages we can't do without, and they must be fixed. The lists are here: http://base.debian.net/ http://standard.debian.net/ It would help if developers and interested users both could spend time looking through these and the list of all release-critical bugs (http://bugs.debian.org/release-critical/). Diagnose the problem, construct and test a fix, and send a patch to the bug tracking system. If a patch has been available for some time, a non-maintainer upload may be necessary. Read this: http://lists.debian.org/debian-devel-announce-0201/msg00014.html We have hundreds of developers reading this, and many more interested people who would like to see Debian 3.0 getting out the door. There are 423 bugs in the way. While people should be fixing problems whenever they can, the point of dedicating time to a bug-squashing party is to help those people to use their skills where they're most needed, and to ensure that we duplicate as little work as possible. The bug-squashing party will be co-ordinated in the #debian-bugs IRC channel on the OpenProjects network (IRC server irc.debian.org). There will be people around throughout to offer advice and to review and upload patches. Please help fix bugs! -- Colin Watson [EMAIL PROTECTED] pgp6ct8QWgkoK.pgp Description: PGP signature
Bug#133329: base.debian.net Pages Needs HTML Escaping
Package: qa.debian.org Version: N/A Severity: grave Tag: security Take a look at: http://base.debian.net/index.pmz?name=perl using Mozilla (and perhaps other browsers). Scroll down to bug #126608. According to the BTS, the title of the bug should be: perl-5.005: $_ gets modified by m// inside for(shift) inside &sub($1) Doing a View Source on that page shows that the "&sub($1)" is escaped as "&sub($1)" as you'd want it to be. But on the base.debian.net page for Perl, it doesn't escape the ampersand, with the result that Mozilla displays the is-a-proper-subset-of symbol (confirmed by REC-html40): So the code behind those Web pages isn't escaping HTML characters. Taking a further look for occurrences of < or >, on that same page I see bug #65096: perl-5.005-base: HANDLE->blocking doesn't work which doesn't have the > converted to > like it should (though Mozilla does display it correctly). Again, the linked-to BTS page does the right thing. I've tagged this as a security bug because it could be used as a vector to get malicious script code to people's browsers by a suitably-crafted Subject: line in a bug report. Or, to be more precise, I don't know that it *couldn't* be used in such a fashion. Please reprioritize as desired. Jason B. -- Kindness has converted more sinners than zeal, eloquence, or learning. -- Frederick W. Faber, British theologian
