On Fri, Dec 16, 2011 at 11:58:31AM +0000, Gerrit Pape wrote: > On Tue, Dec 13, 2011 at 06:01:52PM +0100, Moritz Muehlenhoff wrote: > > On Sun, Dec 19, 2010 at 03:10:46AM +0100, non customers wrote: > > > Subject: ftpcopy: ftpls cross-site scripting when generating HTML listing
> > > The ftpls command has a cross-site scripting (XSS) security bug when > > > generating HTML listings: > > > > Gerrit, what's the status? This bug hasn't seen any action since a year. > > Hi Moritz, I completely forgot this report, sorry. I'll try to take a > look within the next days, due to christmas maybe next weeks. Hi, I contacted upstream but didn't get a response. I'm about to remove the html-output feature from ftpls with an upcoming upload, and think about removing the package from Debian because of dead upstream eventually. Regards, Gerrit. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
