===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata.html,v
retrieving revision 1.430
retrieving revision 1.431
diff -u -r1.430 -r1.431
--- www/errata.html 2003/02/25 01:31:30 1.430
+++ www/errata.html 2003/03/03 17:29:34 1.431
@@ -53,9 +53,17 @@
All architectures
+
+- 009: SECURITY FIX: March 3, 2003
+A buffer overflow in the envelope comments processing in
+sendmail(8)
+may allow an attacker to gain root privileges.
+A
+source code patch exists which remedies the problem..
+
- 008: SECURITY FIX: February 25, 2003
-httpd(8) leaks file inode numbers via ETag header as well as child PIDs in multipart MIME boundary generation. This could lead, for example, to NFS exploitation because it uses inode numbers as part of the file handle.
+httpd(8) leaks file inode numbers via ETag header as well as child PIDs in multipart MIME boundary generation. This could lead, for example, to NFS exploitation because it uses inode numbers as part of the file handle.
A source code patch exists which fixes these two issues.
@@ -210,7 +218,7 @@
www@openbsd.org
-
$OpenBSD: errata.html,v 1.430 2003/02/25 01:31:30 margarida Exp $
+
$OpenBSD: errata.html,v 1.431 2003/03/03 17:29:34 miod Exp $