===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata27.html,v
retrieving revision 1.12
retrieving revision 1.13
diff -c -r1.12 -r1.13
*** www/errata27.html 2001/02/22 14:45:12 1.12
--- www/errata27.html 2001/03/18 18:18:46 1.13
***************
*** 46,51 ****
--- 46,63 ----
All architectures
+
+ - 040: SECURITY FIX: Mar 18, 2001<
+ br>
+ The readline library shipped with OpenBSD allows history files creation with
+ a permissive umask. This can lead to the leakage of sensitive information
+ in applications that use passwords and the like during user interaction
+ (one such application is mysql). Additionally, if the HOME environment
+ variable is not set, the current working directory is used; this patch
+ disables the history file if HOME is not set.
+ A source code patch exists which remedies the problem.
+
- 039: SECURITY FIX: Feb 22, 2001
There is a buffer overflow in
***************
*** 491,497 ****
www@openbsd.org
!
$OpenBSD: errata27.html,v 1.12 2001/02/22 14:45:12 millert Exp $