===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata.html,v
retrieving revision 1.399
retrieving revision 1.400
diff -c -r1.399 -r1.400
*** www/errata.html 2002/06/26 11:01:06 1.399
--- www/errata.html 2002/06/26 19:07:53 1.400
***************
*** 49,54 ****
--- 49,60 ----
All architectures
+
+ - 008: SECURITY FIX: June 26, 2002
+ A buffer overflow can occur in the .htaccess parsing code in mod_ssl httpd
+ module, leading to possible remote crash.
+ A source code patch exists which remedies the problem.
+
- 007: SECURITY FIX: June 25, 2002
A potential buffer overflow in the DNS resolver has been found.
***************
*** 56,68 ****
- 006: SECURITY FIX: June 24, 2002
! An (as yet) undisclosed bug exists in OpenSSH, which a patch is not forthcoming
! for yet -- no patch exists yet!
! However, upgrading to OpenSSH 3.3
! with the UsePrivilegeSeparation option enabled will block this
! problem.
! All users are advised to update immediately, and keep an eye out for
! an upcoming OpenSSH 3.4 release on Monday containing a real fix.
- 005: SECURITY FIX: June 19, 2002
--- 62,73 ----
- 006: SECURITY FIX: June 24, 2002
! All versions of OpenSSH's sshd between 2.9.9 and 3.3 contain an input validation
! error that can result in an integer overflow and privilege escalation.
! This problem is fixed in OpenSSH
! 3.4, and a patch for the vulnerable releases is available as part of the
! security advisory.
!
- 005: SECURITY FIX: June 19, 2002
***************
*** 185,191 ****
www@openbsd.org
!
$OpenBSD: errata.html,v 1.399 2002/06/26 11:01:06 espie Exp $