On 2019-03-15, Peter J. Philipp <p...@centroid.eu> wrote: > Hi all, > > I have been notified by a wonderful security researcher that my site was > vulnerable to XSS attacks. The first one was on software I wrote, and the > second one was on software I got from OpenBSD ports. Not sure if I should > be writing this to the ports mailing list though. > > I have written Marc Espie with a patch that I produced for cvsweb, but > haven't heard from him in 11 hours so I want to get this out to everyone.
Yes, it should go to the ports mailing list. Check the "maintainer" line in "pkg_info cvsweb". I don't know why you would send it to espie@.