Hello, My name is David Shaw, and I am a security engineer with Redspin, Inc.
While browsing debian.org today, I noticed that some of the fields were not correctly sanitized, leading to a cross-site scripting vulnerability. The URL to verify this vulnerability (with an XSS popup) is: http://bugs.debian.org/cgi-bin/pkgreport.cgi?tag=%27%27;exclude=subject%3A%22%3E%3Cscript%3Ealert%28%27xss%27%29%3B%3C%2Fscript%3E If this was not the correct email address to send this, I apologize and would like to request the correct address. Thank you, David Shaw
