===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata65.html,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -r1.25 -r1.26
--- www/errata65.html	2020/01/28 21:30:52	1.25
+++ www/errata65.html	2020/02/24 16:27:53	1.26
@@ -412,6 +412,18 @@
 A source code patch exists which remedies this problem.</a>
 <p>
 
+<li id="p031_smtpd_envelope">
+<strong>031: SECURITY FIX: February 24, 2020</strong>
+&nbsp; <i>All architectures</i>
+<br>
+An out of bounds read in smtpd allows an attacker to inject arbitrary
+commands into the envelope file which are then executed as root.
+Separately, missing privilege revocation in smtpctl allows arbitrary
+commands to be run with the _smtpq group.
+<br>
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/6.5/common/031_smtpd_envelope.patch.sig">
+A source code patch exists which remedies this problem.</a>
+<p>
 </ul>
 
 <hr>