Bug#402911: no control on md5sum when accessing to pdo dowload url
It seems that there is now a bit of control : the md5sum indicated in
the URL must be well-formed (good length and only hexadecimal digits).
But the problem remains that no control on the md5sum itself is done.
You can direct someone on this page with any (well-formed) invalid
md5sum. e.g.
<http://packages.debian.org/cgi-bin/download.pl?arch=i386&file=pool%2Fmain%2Fd%2Fdietlibc%2Fdietlibc_0.30-4_i386.deb&md5sum=8b4192d23b18e2b6aa9204fc0ba65ead&arch=i386&type=main>
<http://packages.debian.org/cgi-bin/download.pl?arch=i386&file=pool%2Fmain%2Fd%2Fdietlibc%2Fdietlibc_0.30-4_i386.deb&md5sum=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa&arch=i386&type=main>
et caetera.
Reply to: