===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata27.html,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- www/errata27.html 2001/02/22 14:45:12 1.12
+++ www/errata27.html 2001/03/18 18:18:46 1.13
@@ -46,6 +46,18 @@
All architectures
+
+- 040: SECURITY FIX: Mar 18, 2001<
+br>
+The readline library shipped with OpenBSD allows history files creation with
+a permissive umask. This can lead to the leakage of sensitive information
+in applications that use passwords and the like during user interaction
+(one such application is mysql). Additionally, if the HOME environment
+variable is not set, the current working directory is used; this patch
+disables the history file if HOME is not set.
+A source code patch exists which remedies the problem.
+
- 039: SECURITY FIX: Feb 22, 2001
There is a buffer overflow in
@@ -491,7 +503,7 @@
www@openbsd.org
-
$OpenBSD: errata27.html,v 1.12 2001/02/22 14:45:12 millert Exp $
+
$OpenBSD: errata27.html,v 1.13 2001/03/18 18:18:46 millert Exp $