=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/errata.html,v retrieving revision 1.524 retrieving revision 1.525 diff -c -r1.524 -r1.525 *** www/errata.html 2005/01/12 06:36:53 1.524 --- www/errata.html 2005/01/12 15:08:02 1.525 *************** *** 58,64 ****

All architectures

! 010: RELIABILITY FIX: January 10, 2005
A bug in the tcp(4) stack allows an invalid argument to be used in calculating the TCP --- 58,64 ----
All architectures
- ! 010: RELIABILITY FIX: January 11, 2005
  A bug in the tcp(4) stack allows an invalid argument to be used in calculating the TCP *************** *** 69,74 **** --- 69,88 ---- A source code patch exists which remedies this problem.
  
  +
- + 009: SECURITY FIX: January 12, 2005
  + httpd(8) + 's mod_include module fails to properly validate the length of + user supplied tag strings prior to copying them to a local buffer, + causing a buffer overflow. +
  + This would require enabling the XBitHack directive or server-side + includes and making use of a malicious document. +
  + + A source code patch exists which remedies this problem.
  +
  +
- 008: RELIABILITY FIX: January 6, 2005
  The *************** *** 263,269 ****
  www@openbsd.org !
  $OpenBSD: errata.html,v 1.524 2005/01/12 06:36:53 mcbride Exp $ --- 277,283 ----
  www@openbsd.org !
  $OpenBSD: errata.html,v 1.525 2005/01/12 15:08:02 brad Exp $