Package: www.debian.org Severity: normal
As can be seen in http://slashdot.org/comments.pl?sid=102006&cid=8695895 the redirect.pl script on cgi.debian.org can be abused. Note that it didn't work in galeon, but I expect this will be different for people using Windows. Perhaps some sort of referrer check is in order? -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.4 Locale: LANG=C, LC_CTYPE=en_US
