===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata.html,v
retrieving revision 1.508
retrieving revision 1.509
diff -c -r1.508 -r1.509
*** www/errata.html 2004/08/30 01:35:39 1.508
--- www/errata.html 2004/09/10 18:30:45 1.509
***************
*** 56,61 ****
--- 56,72 ----
All architectures
+ -
+ 018: SECURITY FIX: September 10, 2004
+ httpd(8)
+ 's mod_rewrite module can be made to write one zero byte in an arbitrary memory
+ position outside of a char array, causing a DoS or possibly buffer overflows.
+ This would require enabling dbm for mod_rewrite and making use of a malicious
+ dbm file.
+
+
+ A source code patch exists which remedies this problem.
+
-
017: RELIABILITY FIX: August 29, 2004
Due to incorrect error handling in zlib an attacker could potentially cause a Denial
***************
*** 347,353 ****
www@openbsd.org
!
$OpenBSD: errata.html,v 1.508 2004/08/30 01:35:39 brad Exp $