possible wrong date in 4a0b334d-8d8d-11d9-afa0-003048705d5a
Xin LI
delphij at frontfree.net
Mon Mar 7 15:34:07 GMT 2005
在 2005-03-07一的 22:41 +0800,Kang Liu写道:
> Hi,
> The discovery date of 4a0b334d-8d8d-11d9-afa0-003048705d5a might be
> wrong. I've told delphij (the submitter of that entry), while he said that
> date came from the original source. But, as we all know, 2005 is not leap
> year, actually there is no Feb 29th 2005...I think it could be better if we
> change it to Feb 28th 2005.
Thanks for noticing this. I'm aware of the issue, but it is the
official version claims Feb 29th:
http://216.127.76.78/~neosecur/index.php?pagina=advisories&id=8
And my letter has been bounced before I have decided to commit it as-is.
I'm inclined in keeping it there until some of us can *actually* contact
the author to confirm the discovery date. Replacing an official (while
it appears to be wrong) date with a guessed value (we will never know if
it is or is not wrong, and I personally infer it should be March 1st) is
more or less pointless.
BTW. What's your opinion about the fix? Without having a correct
filtering of user input, one can launch XSS attacks which poses users in
danger.
Cheers,
--
Xin LI <delphij delphij net> http://www.delphij.net/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc:
=?UTF-8?Q?=E8=BF=99=E6=98=AF=E4=BF=A1=E4=BB=B6=E7=9A=84=E6=95=B0?=
=?UTF-8?Q?=E5=AD=97=E7=AD=BE=E5=90=8D=E9=83=A8?= =?UTF-8?Q?=E5=88=86?=
Url : http://lists.freebsd.org/pipermail/freebsd-vuxml/attachments/20050307/a44bfb94/attachment.bin
More information about the freebsd-vuxml
mailing list