===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata66.html,v
retrieving revision 1.14
retrieving revision 1.15
diff -c -r1.14 -r1.15
*** www/errata66.html	2020/02/16 20:04:44	1.14
--- www/errata66.html	2020/02/24 16:27:53	1.15
***************
*** 305,311 ****
  A source code patch exists which remedies this problem.</a>
  <p>
  
! 
  
  </ul>
  
--- 305,322 ----
  A source code patch exists which remedies this problem.</a>
  <p>
  
! <li id="p021_smtpd_envelope">
! <strong>021: SECURITY FIX: February 24, 2020</strong>
! &nbsp; <i>All architectures</i>
! <br>
! An out of bounds read in smtpd allows an attacker to inject arbitrary
! commands into the envelope file which are then executed as root.
! Separately, missing privilege revocation in smtpctl allows arbitrary
! commands to be run with the _smtpq group.
! <br>
! <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/6.6/common/021_smtpd_envelope.patch.sig">
! A source code patch exists which remedies this problem.</a>
! <p>
  
  </ul>