021: RZSZ SNOOPING: Jan 31, 2000
-The rzsz port was removed from the ports collection, as it collects and
-sends user information to a designated email address, effectively spying on
-you. It is recommended that you remove this package if you installed
-it.
-
018: SECURITY FIX: Jan 20, 2000
-Systems running with procfs enabled and mounted are vulnerable
-to having the stderr output of setuid processes directed onto
-a pre-seeked descriptor onto the stack in their own procfs memory.
-Note that procfs is not mounted by default in OpenBSD.
-
-A source code patch exists, which remedies this problem.
-
009: DRIVER IMPROVEMENTS: Dec 4, 1999
-Various improvements have been made to the IDE/ATAPI subsystem since
-the 2.6 release shipped.
-Some of these improvements make some recalcitrant devices work much better.
-
-Revision 1 of this jumbo source code patch exists.
-
-
-
016: SECURITY FIX: Dec 2, 1999
-A buffer overflow in the RSAREF code included in the
-USA version of the libssl package (called sslUSA, is
-possibly exploitable in isakmpd if SSL/RSA features
-are enabled or used.
-OpenSSH and httpd (with -DSSL) are not
-vulnerable.
-NOTE: International users using the ssl26 package are not affected.
-
-Using the new sslUSA26.tar.gz files which have been placed
-on the FTP mirrors.
-For more information, see the advisory.
-NOTE: this problem turned out to not be unexploitable in OpenSSH.
-
005: FUNCTIONALITY ADDITION: Nov 11, 1999
-Various OpenSSH improvements have been made since the 2.6 release shipped.
-To resolve the various (non-security related) features which users may want,
-we are making a jumbo patch available. This is now at VERSION FOUR.
-
-Revision 4 of this jumbo source code patch exists.
-NOTE: /etc/sshd_config and /etc/ssh_config may need changes.
-