===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata37.html,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- www/errata37.html 2006/01/14 18:02:36 1.8
+++ www/errata37.html 2006/02/12 10:25:39 1.9
@@ -74,6 +74,20 @@
+-
+011: SECURITY FIX: February 12, 2006 all architecture
+Josh Bressers has reported a weakness in OpenSSH caused due to the insecure use of the
+system(3)
+function in
+scp(1)
+when performing copy operations using filenames that are supplied by the user from the command line.
+This can be exploited to execute shell commands with privileges of the user running
+scp(1).
+
+
+A source code patch exists which remedies this problem.
+
+
-
010: RELIABILITY FIX: January 13, 2006 i386 architecture
Constrain
@@ -215,7 +229,7 @@
www@openbsd.org
-
$OpenBSD: errata37.html,v 1.8 2006/01/14 18:02:36 steven Exp $
+
$OpenBSD: errata37.html,v 1.9 2006/02/12 10:25:39 brad Exp $