===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata66.html,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- www/errata66.html 2020/02/16 20:04:44 1.14
+++ www/errata66.html 2020/02/24 16:27:53 1.15
@@ -305,7 +305,18 @@
A source code patch exists which remedies this problem.
-
+
+021: SECURITY FIX: February 24, 2020
+ All architectures
+
+An out of bounds read in smtpd allows an attacker to inject arbitrary
+commands into the envelope file which are then executed as root.
+Separately, missing privilege revocation in smtpctl allows arbitrary
+commands to be run with the _smtpq group.
+
+
+A source code patch exists which remedies this problem.
+