===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata66.html,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- www/errata66.html	2020/02/16 20:04:44	1.14
+++ www/errata66.html	2020/02/24 16:27:53	1.15
@@ -305,7 +305,18 @@
 A source code patch exists which remedies this problem.</a>
 <p>
 
-
+<li id="p021_smtpd_envelope">
+<strong>021: SECURITY FIX: February 24, 2020</strong>
+&nbsp; <i>All architectures</i>
+<br>
+An out of bounds read in smtpd allows an attacker to inject arbitrary
+commands into the envelope file which are then executed as root.
+Separately, missing privilege revocation in smtpctl allows arbitrary
+commands to be run with the _smtpq group.
+<br>
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/6.6/common/021_smtpd_envelope.patch.sig">
+A source code patch exists which remedies this problem.</a>
+<p>
 
 </ul>