Package: bugs.debian.org the Bug reassigned from package 'foo' to 'bar'. message uses a defective href of https://bugs.debian.org/cgi-bin/%3Ca%20href=%22pkgreport.cgi?package=foo%22%3Efoo%3C/a%3E for the foo link. Looks like one sprinkling too many of magick HTML dust.
Live example here: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=554538#6 I don't think XSS is possible, though. br, -- Robert Bihlmeyer -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
