Package: bugs.debian.org Severity: critical Tags: security Justification: root security hole
On http://bugs.debian.org/cgi-bin/pkgreport.cgi it is easy possible to inject javascript and html tags: http://bugs.debian.org/cgi-bin/pkgreport.cgi?which=src&data=%3Cscript%20type=%22text/javascript%22%20/%3Ealert(%22this%20is%20very%20bad%22)%3C/script%3E -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.12-bigbad Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=UTF-8) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]