=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/errata.html,v retrieving revision 1.428 retrieving revision 1.429 diff -c -r1.428 -r1.429 *** www/errata.html 2003/02/23 00:14:38 1.428 --- www/errata.html 2003/02/23 20:21:41 1.429 *************** *** 57,63 ****

007: SECURITY FIX: February 22, 2003
In ssl(8) an information leak can occur via timing by performing a MAC computation ! even if incorrrect block cipher padding has been found, this is a countermeasure. Also, check for negative sizes in memory allocation routines. A source code patch exists which fixes these two issues.

--- 57,64 ----

007: SECURITY FIX: February 22, 2003
In ssl(8) an information leak can occur via timing by performing a MAC computation ! even if incorrrect block cipher padding has been found, this is a ! countermeasure. Also, check for negative sizes in memory allocation routines.
A source code patch exists which fixes these two issues.

*************** *** 69,75 **** user running cvs. This is only an issue when the cvs command is being run on a user's behalf as a different user. This means that, in most cases, the issue only exists for cvs configurations that use ! the pserver client/server connection method. A source code patch exists which remedies the problem.

--- 70,76 ---- user running cvs. This is only an issue when the cvs command is being run on a user's behalf as a different user. This means that, in most cases, the issue only exists for cvs configurations that use ! the pserver client/server connection method.
A source code patch exists which remedies the problem.

*************** *** 204,210 ****

www@openbsd.org !
$OpenBSD: errata.html,v 1.428 2003/02/23 00:14:38 margarida Exp $ --- 205,211 ----

www@openbsd.org !
$OpenBSD: errata.html,v 1.429 2003/02/23 20:21:41 brad Exp $