===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata.html,v
retrieving revision 1.326
retrieving revision 1.327
diff -c -r1.326 -r1.327
*** www/errata.html 2001/05/30 03:32:16 1.326
--- www/errata.html 2001/05/30 22:15:13 1.327
***************
*** 47,59 ****
All architectures
- 001: SECURITY FIX: May 29, 2001
The signal handlers in sendmail(8) contain code that is unsafe in the
context of a signal handler. This leads to potentially serious
race conditions. At the moment this is a theoretical attack only
and can only be exploited on the local host (if at all).
! A source code patch exists which remedies the problem by updating sendmail to version 8.11.4.
--- 47,69 ----
All architectures
+
+ - 002: SECURITY FIX: May 30, 2001
+ Programs using the fts(3)
+ routines (such as rm, find, and most programs that take a -R
+ flag) can be tricked into changing into the wrong directory if the
+ parent dir is changed out from underneath it. This is similar to
+ the old fts bug but happens when popping out of directories, as
+ opposed to descending into them.
+ A source code patch exists which remedies the problem.
+
- 001: SECURITY FIX: May 29, 2001
The signal handlers in sendmail(8) contain code that is unsafe in the
context of a signal handler. This leads to potentially serious
race conditions. At the moment this is a theoretical attack only
and can only be exploited on the local host (if at all).
! A source code patch exists which remedies the problem by updating sendmail to version 8.11.4.
***************
*** 143,149 ****
www@openbsd.org
!
$OpenBSD: errata.html,v 1.326 2001/05/30 03:32:16 millert Exp $