filezilla - Debian Package Tracker (original) (raw)

Problems while searching for a new upstream versionhigh

uscan had problems while searching for a new upstream version:

In debian/watch no matching files for watch source https://download.filezilla-project.org/client/

Created: 2025-11-26 Last update: 2026-06-17 09:03

lintian reports 1 warning normal

Lintian reports 1 warning about this package. You should make the package lintian clean getting rid of them.

Created: 2026-03-09 Last update: 2026-03-09 05:30

AppStream hints: 1 warning for filezilla normal

AppStream found metadata issues for packages:

• filezilla:1 warning

You should get rid of them to provide more metadata about this software.

Created: 2024-01-27 Last update: 2025-11-15 13:34

1 low-priority security issue in bookwormlow

There is 1 open security issue in bookworm.

1 issue left for the package maintainer to handle:

• CVE-2024-31497:(needs triaging) In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant. The required set of signed messages may be publicly readable because they are stored in a public Git service that supports use of SSH for commit signing, and the signatures were made by Pageant through an agent-forwarding mechanism. In other words, an adversary may already have enough signature information to compromise a victim's private key, even if there is no further use of vulnerable PuTTY versions. After a key compromise, an adversary may be able to conduct supply-chain attacks on software maintained in Git. A second, independent scenario is that the adversary is an operator of an SSH server to which the victim authenticates (for remote login or file copy), even though this server is not fully trusted by the victim, and the victim uses the same private key for SSH connections to other services operated by other entities. Here, the rogue server operator (who would otherwise have no way to determine the victim's private key) can derive the victim's private key, and then use it for unauthorized access to those other services. If the other services include Git services, then again it may be possible to conduct supply-chain attacks on software maintained in Git. This also affects, for example, FileZilla before 3.67.0, WinSCP before 6.3.3, TortoiseGit before 2.15.0.1, and TortoiseSVN through 1.14.6.

You can find information about how to handle this issue in the security team's documentation.

Created: 2024-12-30 Last update: 2026-04-28 19:02

debian/patches: 1 patch to forward upstreamlow

Among the 2 debian patchesavailable in version 3.69.6-2 of the package, we noticed the following issues:

• 1 patch where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2023-02-26 Last update: 2026-03-09 07:00

Issues found with some translationslow

Automatic checks made by the Debian l10n team found some issues with the translations contained in this package. You should check thel10n status reportfor more information.

Issues can be things such as missing translations, problematic translated strings, outdated PO files, unknown languages, etc.

Created: 2026-02-16 Last update: 2026-02-16 10:55

Standards version of the package is outdated.wishlist

The package should be updated to follow the last version of Debian Policy(Standards-Version 4.7.4 instead of4.7.3).

Created: 2026-03-31 Last update: 2026-03-31 15:01