From ${URL} : A cross-site scripting vulnerability via openid_identifier was reported in the Debian BTS at [1]. Upstream fix is at [2]. Could a CVE be assigned to this issue? [1] https://bugs.debian.org/781483 [2] http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=18dfba868fe2fb9c64706b2123eb0b3a3ce66a77 @maintainer(s): since the package or the affected version has never been marked as stable, we don't need to stabilize it. After the bump, please remove the affected versions from the tree.
Fixed in versions ikiwiki/3.20150329, ikiwiki/3.20141016.2, ikiwiki/3.20120629.2
fixed with Version bump to 3.20160905 https://github.com/gentoo/gentoo/commit/cf6ce29f81b854d58acbafa1749f1621f09c432c
stabilzation happened in another bug
@maintainer, please clean the vulnerable versions from the tree.
cleaned affected version
(In reply to Alice Ferrazzi from comment #5) > cleaned affected version Thanks, again!