XSS in gallery, what's the status?

[Martin Lohmeier]

Hi,

this week I noticed that gallery contain an XSS [1] that is still
unfixed in sarge. I was reported in August 2005 (!). The maintainer
mentioned that he forwarded a patch to the security team.

So my question is: what's blocking the security update?

bye, Martin

[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=325285
-- 

Powered by Debian GNU / Linux



signature.asc
Description: OpenPGP digital signature

Re: Bad press related to (missing) Debian security

[Martin Lohmeier]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Carl-Eric Menzel wrote:
> Does anybody know what the actual problem is, i.e. why there are no
> updates?
> 
> Carl-Eric
> 
> 

Hi,

problem: http://www.infodrom.org/~joey/log/?200506142140

In the discussion on the heise.de article people mentioned [1] the
security "team" (Martin Schulze) has been at LinuxTag and so he had no
time to get s.d.o working --> not enough active member in the security team.

by, Martin

[1]
http://www.heise.de/security/news/foren/go.shtml?read=1&msg_id=8278429&forum_id=80872

- --

Powered by Debian GNU / Linux
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCwBLaOvJj+wS6JuIRAsZfAKCr9I3rZFlBaMpEwyDwfKx/5zluPgCeIOwU
yFaIN8GQKSSzjn9GNJLnLqA=
=tqc0
-END PGP SIGNATURE-


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]