From ${URL} : It was found that the osm plugin for ikiwiki uses htmlscrubber (if enabled) to sanitize some parameters. Even when it is enabled, it was found that it still does not correctly escape some fields. In particular, the "name" parameter is included verbatim, breaking involuntarily javascript when the name contains a single quote/apostrophe ('). Due to this, javascript code injection might become trivial. References: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731797 @maintainer(s): since the package has never been marked as stable, we don't need to stabilize it. After the bump, please remove the affected versions from the tree.
As from comment in: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731797 The bug is believed to be fixed in last version: 3.20140125
Ebuild added to the tree. Clean up old ebuild in a few days.
Maintainer(s), Thank you for cleanup! No GLSA needed as there are no stable versions.