===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata.html,v
retrieving revision 1.205
retrieving revision 1.206
diff -u -r1.205 -r1.206
--- www/errata.html	1999/11/17 15:08:39	1.205
+++ www/errata.html	1999/12/03 00:34:25	1.206
@@ -36,6 +36,31 @@
 <a name=all></a>
 <li><h3><font color=#e00000>All architectures</font></h3>
 <ul>
+<a name=sslUSA></a>
+<li><font color=#009000><strong>SECURITY FIX: Dec 2, 1999</strong></font><br>
+A buffer overflow in the RSAREF code included in the
+USA version of the libssl package (called <strong>sslUSA</strong>, is
+possibly exploitable in httpd, ssh, or isakmpd, if SSL/RSA features
+are enabled or used.<br>
+<strong>NOTE: International users using the ssl26 package are not affected.</strong>
+<p>
+To check what package you are using, use
+<pre>
+<b>#</b> pkg_info sslUSA26
+</pre>
+The patched library says:<br>
+"ssl26.1 USA-only non-commercial crypto libs incl. SSL & RSA"
+<p>
+Non-commercial USA users who installed the ssl package before December 2
+should upgrade their <strong>sslUSA26</strong> package using:<br>
+<pre>
+<b>#</b> pkg_delete sslUSA26
+<b>#</b> pkg_add -v sslUSA26.tar.gz
+</pre>
+Using the new <strong>sslUSA26.tar.gz</strong> files which have been placed
+on the FTP mirrors.<br>
+<a href=advisories/sslUSA>For more information, see the advisory</a>.
+<p>
 <a name=fortran></a>
 <li><font color=#009000><strong>FUNCTIONALITY ADDITION: Nov 14, 1999</strong></font><br>
 Fortran doesn't work right.  The file /usr/include/g2c.h is missing in the
@@ -179,7 +204,7 @@
 
 <a href=index.html><img height=24 width=24 src=back.gif border=0 alt=OpenBSD></a> 
 <a href=mailto:www@openbsd.org>www@openbsd.org</a>
-<br><small>$OpenBSD: errata.html,v 1.205 1999/11/17 15:08:39 deraadt Exp $</small>
+<br><small>$OpenBSD: errata.html,v 1.206 1999/12/03 00:34:25 deraadt Exp $</small>
 
 </body>
 </html>