===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata56.html,v
retrieving revision 1.30
retrieving revision 1.31
diff -u -r1.30 -r1.31
--- www/errata56.html 2015/05/11 11:18:29 1.30
+++ www/errata56.html 2015/06/11 18:10:53 1.31
@@ -358,8 +358,32 @@
tar without -P would permit extraction of paths with ".." components
there was a buffer overflow in the handling of pax extension headers
-
+A source code patch exists which remedies this problem.
+
+
+
+025: RELIABILITY FIX: June 11, 2015
+ All architectures
+Fix multiple reliability issues in smtpd:
+
+- a local user can cause smtpd to fail by writing an invalid imsg to control socket.
+
- a local user can prevent smtpd from serving new requests by exhausting descriptors.
+
+
+A source code patch exists which remedies this problem.
+
+
+
+026: SECURITY FIX: June 11, 2015
+ All architectures
+Fix several defects from OpenSSL:
+
+- CVE-2015-1788 - Malformed ECParameters causes infinite loop
+
- CVE-2015-1789 - Exploitable out-of-bounds read in X509_cmp_time
+
- CVE-2015-1792 - CMS verify infinite loop with unknown hash function
+
+
A source code patch exists which remedies this problem.