===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata65.html,v
retrieving revision 1.25
retrieving revision 1.26
diff -c -r1.25 -r1.26
*** www/errata65.html	2020/01/28 21:30:52	1.25
--- www/errata65.html	2020/02/24 16:27:53	1.26
***************
*** 412,417 ****
--- 412,429 ----
  A source code patch exists which remedies this problem.</a>
  <p>
  
+ <li id="p031_smtpd_envelope">
+ <strong>031: SECURITY FIX: February 24, 2020</strong>
+ &nbsp; <i>All architectures</i>
+ <br>
+ An out of bounds read in smtpd allows an attacker to inject arbitrary
+ commands into the envelope file which are then executed as root.
+ Separately, missing privilege revocation in smtpctl allows arbitrary
+ commands to be run with the _smtpq group.
+ <br>
+ <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/6.5/common/031_smtpd_envelope.patch.sig">
+ A source code patch exists which remedies this problem.</a>
+ <p>
  </ul>
  
  <hr>