Package: nm.debian.org Severity: normal Tags: security The GPG key signing coordination utility does not seem to attamept to validate user inputs. As a result, it is possible to create a new signing offer or requestaccount and fill in some HTML or script code which may
* steal other https://nm.debian.org users' credentials * render the utility unusable because of broken HTML or javascript code which replaces the page by another one -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
