Several cross-site scripting vulnerabilities have been discovered in
flyspray, a lightweight bug tracking system, which allows attackers to
insert arbitrary script code into the index page.
The old stable distribution (woody) does not contain flyspray.
For the stable distribution (sarge) this problem has been fixed in
version 0.9.7-2.1.
For the testing (etch) and unstable distribution (sid) this problem has
been fixed in version 0.9.8-5.
We recommend that you upgrade your flyspray package.