021: RZSZ SNOOPING: Jan 31, 2000
! The rzsz port was removed from the ports collection, as it collects and
! sends user information to a designated email address, effectively spying on
! you. It is recommended that you remove this package if you installed
! it.
!
018: SECURITY FIX: Jan 20, 2000
! Systems running with procfs enabled and mounted are vulnerable
! to having the stderr output of setuid processes directed onto
! a pre-seeked descriptor onto the stack in their own procfs memory.
! Note that procfs is not mounted by default in OpenBSD.
!
! A source code patch exists, which remedies this problem.
!
009: DRIVER IMPROVEMENTS: Dec 4, 1999
! Various improvements have been made to the IDE/ATAPI subsystem since
! the 2.6 release shipped.
! Some of these improvements make some recalcitrant devices work much better.
!
! Revision 1 of this jumbo source code patch exists.
!
!
!
016: SECURITY FIX: Dec 2, 1999
! A buffer overflow in the RSAREF code included in the
! USA version of the libssl package (called sslUSA, is
! possibly exploitable in isakmpd if SSL/RSA features
! are enabled or used.
! OpenSSH and httpd (with -DSSL) are not
! vulnerable.
! NOTE: International users using the ssl26 package are not affected.
!
! Using the new sslUSA26.tar.gz files which have been placed
! on the FTP mirrors.
! For more information, see the advisory.
! NOTE: this problem turned out to not be unexploitable in OpenSSH.
!
005: FUNCTIONALITY ADDITION: Nov 11, 1999
! Various OpenSSH improvements have been made since the 2.6 release shipped.
! To resolve the various (non-security related) features which users may want,
! we are making a jumbo patch available. This is now at VERSION FOUR.
!
! Revision 4 of this jumbo source code patch exists.
! NOTE: /etc/sshd_config and /etc/ssh_config may need changes.
!