Bug#281655: info2www: Cross-site scripting vulnerability

2005-01-30 Thread Uwe Hermann
Hi, On Sun, Jan 23, 2005 at 08:28:47PM -0500, Justin Pryzby wrote: > On Sun, Jan 23, 2005 at 05:42:04PM -0500, pryzbyj wrote: > > tags 281655 patch > > thanks > > > > I've included a 2-line patch which implements some output > > sanitization. I can't find any other instance where this is a > > p

Bug#281655: info2www: Cross-site scripting vulnerability

2005-01-23 Thread Justin Pryzby
On Sun, Jan 23, 2005 at 05:42:04PM -0500, pryzbyj wrote: > tags 281655 patch > thanks > > I've included a 2-line patch which implements some output > sanitization. I can't find any other instance where this is a > problem, but don't take my word for it; I haven't followed the code > *that* closel

Bug#281655: info2www: Cross-site scripting vulnerability

2005-01-23 Thread Justin Pryzby
tags 281655 patch thanks I've included a 2-line patch which implements some output sanitization. I can't find any other instance where this is a problem, but don't take my word for it; I haven't followed the code *that* closely. Since info filenames/titles can be named anything (which is a Good

Processed: Re: Bug#281655: info2www: Cross-site scripting vulnerability

2005-01-23 Thread Debian Bug Tracking System
Processing commands for [EMAIL PROTECTED]: > tags 281655 patch Bug#281655: info2www: Cross-site scripting vulnerability Tags were: security Tags added: patch > thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (adminis

Bug#281655: info2www: Cross-site scripting vulnerability

2005-01-23 Thread Justin Pryzby
On Sun, Jan 23, 2005 at 05:12:15PM +0100, Uwe Hermann wrote: > Hi, > > sorry, the mail about this bug somehow got lost in my inbox... > > (CC to debian-devel, any help with this issue is welcome) > > > On Wed, Nov 17, 2004 at 03:45:55AM +0100, Nicolas Gregoire wrote: > > Package: info2www > > V

Bug#281655: info2www: Cross-site scripting vulnerability

2005-01-23 Thread Justin Pryzby
On Sun, Jan 23, 2005 at 05:12:15PM +0100, Uwe Hermann wrote: > Hi, > > sorry, the mail about this bug somehow got lost in my inbox... > > (CC to debian-devel, any help with this issue is welcome) > > > On Wed, Nov 17, 2004 at 03:45:55AM +0100, Nicolas Gregoire wrote: > > Package: info2www > > V

Bug#281655: info2www: Cross-site scripting vulnerability

2005-01-23 Thread Uwe Hermann
Hi, sorry, the mail about this bug somehow got lost in my inbox... (CC to debian-devel, any help with this issue is welcome) On Wed, Nov 17, 2004 at 03:45:55AM +0100, Nicolas Gregoire wrote: > Package: info2www > Version: 1.2.2.9-22 > Severity: normal > Tags: security > > There's a XSS vulnera