===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/plus.html,v
retrieving revision 1.860
retrieving revision 1.861
diff -c -r1.860 -r1.861
*** www/plus.html 2003/02/22 23:59:25 1.860
--- www/plus.html 2003/02/25 01:56:00 1.861
***************
*** 54,59 ****
--- 54,62 ----
+ - SECURITY FIX: February 25, 2003: httpd(8) leaks file inode numbers via ETag header as well as child PIDs in multipart MIME boundary generation. This could lead, for example, to NFS exploitation because it uses inode numbers as part of the file handle.
+ A source code patch is available.
+ [Applied to stable]
- Fix a null deref triggered by ipcomp(4).
- pfctl(8) rejects non-existent interfaces in rules using dynamic interface syntax.
***************
*** 908,914 ****
www@openbsd.org
!
$OpenBSD: plus.html,v 1.860 2003/02/22 23:59:25 deraadt Exp $