severity 500873 important thanks On Thu, October 2, 2008 11:25, Gerfried Fuchs wrote: > Not in itself, but it might be the case in connection with some plugin > extensions that enable comments or web editing (none of them are shipped in > Debian). I'm sorry to have wrongly put it as medium into the security > tracker in the first place which was clearly wrong. I guess even low might > be too high of an option, but we finally figured out a way that it's > possible to inject a / into the output that enables it to inject arbitrary > data.
Of course fixing it in Lenny is very preferable but I think in this case the severity should be 'important'. Adjusting as such. Thijs -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]