===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata.html,v
retrieving revision 1.326
retrieving revision 1.327
diff -u -r1.326 -r1.327
--- www/errata.html 2001/05/30 03:32:16 1.326
+++ www/errata.html 2001/05/30 22:15:13 1.327
@@ -47,13 +47,23 @@
All architectures
+
+- 002: SECURITY FIX: May 30, 2001
+Programs using the fts(3)
+routines (such as rm, find, and most programs that take a -R
+flag) can be tricked into changing into the wrong directory if the
+parent dir is changed out from underneath it. This is similar to
+the old fts bug but happens when popping out of directories, as
+opposed to descending into them.
+A source code patch exists which remedies the problem.
+
- 001: SECURITY FIX: May 29, 2001
The signal handlers in sendmail(8) contain code that is unsafe in the
context of a signal handler. This leads to potentially serious
race conditions. At the moment this is a theoretical attack only
and can only be exploited on the local host (if at all).
-A source code patch exists which remedies the problem by updating sendmail to version 8.11.4.
+A source code patch exists which remedies the problem by updating sendmail to version 8.11.4.
@@ -143,7 +153,7 @@
www@openbsd.org
-
$OpenBSD: errata.html,v 1.326 2001/05/30 03:32:16 millert Exp $
+
$OpenBSD: errata.html,v 1.327 2001/05/30 22:15:13 millert Exp $