===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata.html,v
retrieving revision 1.424
retrieving revision 1.425
diff -c -r1.424 -r1.425
*** www/errata.html 2002/11/16 18:25:07 1.424
--- www/errata.html 2003/01/21 03:47:10 1.425
***************
*** 53,58 ****
--- 53,70 ----
All architectures
+
+ - 006: SECURITY FIX: January 20, 2003
+ A double free in
+ cvs(1)
+ could allow an attacker to execute code with the privileges of the
+ user running cvs. This is only an issue when the cvs command is
+ being run on a user's behalf as a different user. This means that,
+ in most cases, the issue only exists for cvs configurations that use
+ the pserver client/server connection method.
+ A
+ source code patch exists which remedies the problem.
+
- 005: SECURITY FIX: November 14, 2002
A buffer overflow in
***************
*** 184,190 ****
www@openbsd.org
!
$OpenBSD: errata.html,v 1.424 2002/11/16 18:25:07 millert Exp $