===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata.html,v
retrieving revision 1.278
retrieving revision 1.279
diff -c -r1.278 -r1.279
*** www/errata.html	2000/10/11 02:10:22	1.278
--- www/errata.html	2000/10/18 20:39:24	1.279
***************
*** 44,49 ****
--- 44,59 ----
  <a name=all></a>
  <li><h3><font color=#e00000>All architectures</font></h3>
  <ul>
+ <a name=httpd></a>
+ <li><font color=#009000><strong>031: SECURITY FIX: Oct 18, 2000</strong></font><br>
+ Apache has several bugs in <tt>mod_rewrite</tt> and <tt>mod_vhost_alias</tt> 
+ that could cause arbirtary files accessible to the www user on the server 
+ to be exposed under certain configurations when these modules are used.
+ (These modules are not active by default).
+ <br>
+ <a href=ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/031_httpd.patch>
+ A source code patch exists which remedies this problem.</a>
+ <p>
  <a name=telnetd></a>
  <li><font color=#009000><strong>030: SECURITY FIX: Oct 10, 2000</strong></font><br>
  The telnet daemon does not strip out the TERMINFO, TERMINFO_DIRS, TERMPATH
***************
*** 422,428 ****
  
  <a href=index.html><img height=24 width=24 src=back.gif border=0 alt=OpenBSD></a> 
  <a href=mailto:www@openbsd.org>www@openbsd.org</a>
! <br><small>$OpenBSD: errata.html,v 1.278 2000/10/11 02:10:22 ericj Exp $</small>
  
  </body>
  </html>
--- 432,438 ----
  
  <a href=index.html><img height=24 width=24 src=back.gif border=0 alt=OpenBSD></a> 
  <a href=mailto:www@openbsd.org>www@openbsd.org</a>
! <br><small>$OpenBSD: errata.html,v 1.279 2000/10/18 20:39:24 beck Exp $</small>
  
  </body>
  </html>