===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata27.html,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -r1.15 -r1.16
--- www/errata27.html 2001/03/19 16:38:22 1.15
+++ www/errata27.html 2001/03/22 10:43:35 1.16
@@ -48,12 +48,14 @@
- 040: SECURITY FIX: Mar 18, 2001
-The readline library shipped with OpenBSD allows history files creation with
-a permissive umask. This can lead to the leakage of sensitive information
-in applications that use passwords and the like during user interaction
-(one such application is mysql). Additionally, if the HOME environment
-variable is not set, the current working directory is used; this patch
-disables the history file if HOME is not set.
+The readline library shipped with OpenBSD allows history files creation
+with a permissive
+umask(2).
+This can lead to the leakage of sensitive information in applications
+that use passwords and the like during user interaction (one such
+application is mysql). Additionally, if the HOME environment variable
+is not set, the current working directory is used; this patch disables
+the history file if HOME is not set.
A source code patch exists which remedies the problem.
@@ -502,7 +504,7 @@
www@openbsd.org
-
$OpenBSD: errata27.html,v 1.15 2001/03/19 16:38:22 jason Exp $
+
$OpenBSD: errata27.html,v 1.16 2001/03/22 10:43:35 horacio Exp $