Bug#402631: Still gets data by arguments.

To: 402631@bugs.debian.org
Subject: Bug#402631: Still gets data by arguments.
From: "Bernhard R. Link" <brlink@debian.org>
Date: Tue, 12 Dec 2006 12:29:36 +0100
Message-id: <[🔎] 20061212112936.GA6441@pcpool00.mathematik.uni-freiburg.de>
Reply-to: "Bernhard R. Link" <brlink@debian.org>, 402631@bugs.debian.org

While the arguments (especially file) are now checked to not allow
dangerous stuff, one can still make it to show an arbitrary md5sum.
Though the security impact is mostly limited to people posting
links which make funny things show up on a Debian website (or
very stupid users), it would still be better to fix that:
I'd suggest to not show the md5sum here (it's anyway that low
on a long page, that one seldom looks down there), and just add it
on the package page after Package Size and Installed Size.

Hochachtungsvoll,
	Bernhard R. Link

Reply to:

Prev by Date: Who's using Debian?
Next by Date: debian
Previous by thread: Re: download.pl lets arbitrary stuff through
Next by thread: debian
Index(es):
- Date
- Thread