Comment 3 for bug 1979917

I did not find any CVE reports when searching for "fancyindex", so I assume there is no report on it. I stumbled across this issue on a discussion online when a user complained about a file with &not in the filename didn't appear correctly on a public archive.