Hi!
* Kevin Fernandez [101001 18:17]:
> Package: hypermail
> Version: 2.2.0.dfsg-2
> Severity: grave
> Tags: security
> Justification: user security hole
Given that:
* The package hasn't actually a high popcon rating
* It has a security related bug open for over a month
* A new upstream version
Package: hypermail
Version: 2.2.0.dfsg-2
Severity: grave
Tags: security
Justification: user security hole
Hypermail has a cross-site scripting vulnerability in the way it
indexes mails.
Eg: send a mail with this From address:
"" em...@debian.org
All the pages indexing this email will have the ifr
2 matches
Mail list logo
