Debian: New roundup packages fix cross-site scripting vulnerability
LinuxSecurity.com: Roundup, an issue tracking system, fails to properly escape HTML input, allowing an attacker to inject client-side code (typically JavaScript) into a document that may be viewed in the victim's browser
