===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata.html,v
retrieving revision 1.433
retrieving revision 1.434
diff -c -r1.433 -r1.434
*** www/errata.html 2003/03/04 13:03:43 1.433
--- www/errata.html 2003/03/05 19:58:18 1.434
***************
*** 53,58 ****
--- 53,70 ----
All architectures
+
+ - 010: SECURITY FIX: March 5, 2003
+ A fix for an
+ lprm(1)
+ bug made in 1996 contains an error that could lead to privilege escalation.
+ For OpenBSD 3.2 the impact is limited since
+ lprm(1)
+ is setuid daemon, not setuid root.
+
+ A
+ source code patch exists which remedies the problem.
+
- 009: SECURITY FIX: March 3, 2003
A buffer overflow in the envelope comments processing in
***************
*** 218,224 ****
www@openbsd.org
!
$OpenBSD: errata.html,v 1.433 2003/03/04 13:03:43 nick Exp $