===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata.html,v
retrieving revision 1.574
retrieving revision 1.575
diff -c -r1.574 -r1.575
*** www/errata.html 2006/11/04 03:02:28 1.574
--- www/errata.html 2006/11/04 21:28:18 1.575
***************
*** 76,82 ****
-
! 003: SECURITY FIX: October 7, 2006 All architectures
Fix for an integer overflow in
systrace(4)'s
STRIOCREPLACE support, found by
--- 76,82 ----
-
! 003: SECURITY FIX: November 4, 2006 All architectures
Fix for an integer overflow in
systrace(4)'s
STRIOCREPLACE support, found by
***************
*** 88,94 ****
-
! 002: SECURITY FIX: October 7, 2006 All architectures
Several problems have been found in OpenSSL. While parsing certain invalid ASN.1
structures an error condition is mishandled, possibly resulting in an infinite
loop. A buffer overflow exists in the SSL_get_shared_ciphers function. A NULL
--- 88,94 ----
-
! 002: SECURITY FIX: November 4, 2006 All architectures
Several problems have been found in OpenSSL. While parsing certain invalid ASN.1
structures an error condition is mishandled, possibly resulting in an infinite
loop. A buffer overflow exists in the SSL_get_shared_ciphers function. A NULL
***************
*** 106,112 ****
-
! 001: SECURITY FIX: October 7, 2006 All architectures
httpd(8)
does not sanitize the Expect header from an HTTP request when it is
reflected back in an error message, which might allow cross-site scripting (XSS)
--- 106,112 ----
-
! 001: SECURITY FIX: November 4, 2006 All architectures
httpd(8)
does not sanitize the Expect header from an HTTP request when it is
reflected back in an error message, which might allow cross-site scripting (XSS)
***************
*** 150,156 ****
www@openbsd.org
!
$OpenBSD: errata.html,v 1.574 2006/11/04 03:02:28 brad Exp $