[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: lynx-dev FWD: www.infilsec.com - Bugs: lynx tempfile predictable
From: |
Klaus Weide |
Subject: |
Re: lynx-dev FWD: www.infilsec.com - Bugs: lynx tempfile predictable |
Date: |
Fri, 1 Jan 1999 12:01:11 -0600 (CST) |
On Fri, 1 Jan 1999, Philip Webb wrote:
> 981231 Leonid Pauzner wrote:
> >> Subject: Infilsec - Bugs: lynx tempfile predictable
> >> X-URL: http://www.infilsec.com/cgi-infilsec/if?action=generate&key=00059
> > Why not avoiding symlinks at /tmp/ or this was fixed long ago?
>
> this was cured for 2-8 , ie by 980301.
>
> >> Infilsec
> >> lynx tempfile predictable
> >> Record Created: Wed Dec 30 16:25:49 1998
> >> Last Modified: Wed Dec 30 16:25:49 1998
> >> all versions of Lynx (tested on 2.7.1, Linux)
>
> NB: it would be very irresponsible of Infilsec to advertise a bug
> without making certain they were using the latest version of the software
> (subjunctive mood intentional).
The dates are broken. "Record Created" and "Last Modified"
actually always show the current time. That gives the false
impression that all these bug reports are new, when in fact
they may be years old.
I submitted a change via their "Modify Vulnerability" link; supposedly
"This will be reviewed before admission to the database"; we'll see
whether anybody is at home.
Klaus