Topic: security@punbb.org bounces, and 2x XSS flaws

This is frustrating... try to e-mail security@punbb.org and find that it bounces:

This is an automatically generated Delivery Status Notification

Delivery to the following recipient failed permanently:

    security@punbb.org

  ----- Original message -----

Received: by 10.35.107.20 with SMTP id j20mr7307212pym;
       Mon, 24 Jul 2006 03:21:27 -0700 (PDT)
Received: by 10.35.67.13 with HTTP; Mon, 24 Jul 2006 03:21:27 -0700 (PDT)

...

If it was a serious hole, I'd probably either sit on it or e-mail someone directly, but here goes:

-----------------------------------------------
Message removed.
-----------------------------------------------

2

Re: security@punbb.org bounces, and 2x XSS flaws

Thanks for the report and sorry you had trouble with the email.

I've copied the content of your post to the admins/mods private forum so Rickard can take a look at it.

Re: security@punbb.org bounces, and 2x XSS flaws

Is there an e-mail address I can respond to apart from security@ if I find more flaws? (Or anyone else reading this)

Re: security@punbb.org bounces, and 2x XSS flaws

replace security with rickard, that should work

Re: security@punbb.org bounces, and 2x XSS flaws

kaneda: I'm sorry about the bounced e-mails. I will have a look at your report ASAP.

It appears all my mail is bouncing. Good thing is, I just got this:

"Gmail for punbb.org beta tester invitation"

Bad thing is, my broadband at home is down.

"Programming is like sex: one mistake and you have to support it for the rest of your life."