Bug#853189: tracker.debian.org: Ecnoding issue / Code injection through Maintainer field (and probably others)

Christophe Siraut: > Niels Thykier wrote: >> * tracker.d.o does *not* import excuses.yaml but update_excuses.html >>(as far as I am informed at least) > > True. > > Here is a patch for tracker to parse YAML instead of HTML. > > Cheers, > Christophe > Hi Christophe, Thanks for looking int

Bug#853189: tracker.debian.org: Ecnoding issue / Code injection through Maintainer field (and probably others)

Niels Thykier wrote: > * tracker.d.o does *not* import excuses.yaml but update_excuses.html >(as far as I am informed at least) True. Here is a patch for tracker to parse YAML instead of HTML. Cheers, Christophe >From 04692b5c65124b930a94f668cd2b409269d186c5 Mon Sep 17 00:00:00 2001 From: C