Debian Linux Security Advisory 2414-2 - It was discovered that the last security update for F*X, DSA-2414-1, introduced a regression. Updated packages are now available to address this problem.
163b9eaa211f872e647739bda275ef73dadabe562d1e45464ced23724f4d2944
Debian Linux Security Advisory 2414-1 - Nicola Fioravanti discovered that F*X, a web service for transferring very large files, is not properly sanitizing input parameters of the "fup" script. An attacker can use this flaw to conduct reflected cross-site scripting attacks via various script parameters.
2938802a44ca1e1baecc82705eb3ef6ad4cb947b1f8eec1a8fbd2bb27992c43b