Re: XSS vulnerability on bugs.debian.org

2007-11-12 Thread Don Armstrong
On Mon, 12 Nov 2007, Don Armstrong wrote: > On Tue, 13 Nov 2007, T-Ping T-Ping wrote: > > I saw that someone named Fugitif had found an XSS vulnerability on > > bugs.debian.org that is still unpatched. > > Here is an example XSS for this bug: > > http://bugs.debian.org/cgi-bin/pkgreport.cgi?pkg=";>

Re: XSS vulnerability on bugs.debian.org

2007-11-12 Thread Don Armstrong
On Tue, 13 Nov 2007, T-Ping T-Ping wrote: > I saw that someone named Fugitif had found an XSS vulnerability on > bugs.debian.org that is still unpatched. > Here is an example XSS for this bug: > http://bugs.debian.org/cgi-bin/pkgreport.cgi?pkg=";>alert("XSS") Ah; one of them slipped through. I'll

XSS vulnerability on bugs.debian.org

2007-11-12 Thread T-Ping T-Ping
I saw that someone named Fugitif had found an XSS vulnerability on bugs.debian.org that is still unpatched. Here is an example XSS for this bug: http://bugs.debian.org/cgi-bin/pkgreport.cgi?pkg=";>alert("XSS") -- ___ Get your free email from http://bsdm

Re: Bug in MoinMoin on http://wiki.debian.org/

2007-11-12 Thread Franklin PIAT
Hi, I'm afraid a disturbance in the force is occurring again ;) As far I can see, this happened twice. https://rt.debian.org/Ticket/Display.html?id=168 Franklin On Mon, 2007-11-12 at 23:38 +0100, Holger Levsen wrote: > Hi, > > On Sunday 11 November 2007 23:42, Jonas Stein wrote: > > http:/

download problems

2007-11-12 Thread Guilherme B. Campagnoli
Dear Administrator I'm trying to download the DVD iso image from the following Debian website but I'm getting only error messages or the file size is 300M after downloaded. http://cdimage.debian.org/debian-cd/4.0_r1/i386/iso-dvd/ Can you please verify if the files debian-40r1-i386-DVD-X.iso

Re: Info on this site

2007-11-12 Thread Holger Levsen
Hi, On Sunday 11 November 2007 12:01, [EMAIL PROTECTED] wrote: > > > This concerns only end-users of unstable, and to a lesser extent > > of testing. > > Sure, but surely there is a middle way between sending out a > > message with > > "critical priority" and not communication the issue to our use

Bug#450841: www.debian.org: packages.debian.org should show current maintainer

2007-11-12 Thread Holger Levsen
Hi, On Sunday 11 November 2007 16:49, Ben Hutchings wrote: > http://packages.debian.org/oldstable/ion3 shows the maintainers of > ion3 as listed in the package in oldstable. While this is consistent, > it is not really useful information. The current maintainer should be > shown, as on packages.

Re: Bug in MoinMoin on http://wiki.debian.org/

2007-11-12 Thread Holger Levsen
Hi, On Sunday 11 November 2007 23:42, Jonas Stein wrote: > http://wiki.debian.org/Aktuelle%c3%84nderungen Works now and here. It seems it was just a disturbance in the force, but thanks for reporting anyway! :) regards, Holger pgp0knFcjncLG.pgp Description: PGP signature

Bug in MoinMoin on http://wiki.debian.org/ (idem)

2007-11-12 Thread Salokine Terata
Hi, Same error like Jonas Stein (but on french page) Now it's Ok, but someone can make a diagnostic ? Best regards Salokine. -- Message transmis -- Sujet : error on http://wiki.debian.org Date : dimanche 11 novembre 2007 De : Salokine Terata <[EMAIL PROTECTED]> À : [EMAIL P