"Fixed: - User input not escaped when a bad template name is supplied (thanks Benjamin Pollack)" http://roundup.svn.sourceforge.net/viewvc/roundup?view=revision&revision=4486
Stabilize www-apps/roundup-1.4.14.
x86 stable
sparc stable
amd64 done
Marked ppc stable.
XSS in a webapp -> closing noglsa.
CVE-2010-2491 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2491): Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the template argument to the /issue program.