Bug#240675: www.debian.org: redirect.pl wide open and fools people

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#240675: www.debian.org: redirect.pl wide open and fools people
From: Bart Schuller <schuller@debian.org>
Date: Sun, 28 Mar 2004 19:05:30 +0200
Message-id: <[🔎] 20040328170530.F04E37FCBE@localhost>
Reply-to: Bart Schuller <schuller@debian.org>, 240675@bugs.debian.org

Package: www.debian.org
Severity: normal


As can be seen in http://slashdot.org/comments.pl?sid=102006&cid=8695895
the redirect.pl script on cgi.debian.org can be abused. Note that it
didn't work in galeon, but I expect this will be different for people
using Windows.

Perhaps some sort of referrer check is in order?

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.4
Locale: LANG=C, LC_CTYPE=en_US

Reply to:

Follow-Ups:
- Bug#240675: www.debian.org: redirect.pl wide open and fools people
  - From: Frank Lichtenheld <djpig@debian.org>
- Bug#240675: marked as done (www.debian.org: redirect.pl wide open and fools people)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Problem with mirrors of stable .jigdo files
Next by Date: Ralph Gnaedig/WELTBILD/DE ist außer Haus.
Previous by thread: Re: WWW-master problem
Next by thread: Bug#240675: www.debian.org: redirect.pl wide open and fools people
Index(es):
- Date
- Thread