===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/plus.html,v
retrieving revision 1.860
retrieving revision 1.861
diff -c -r1.860 -r1.861
*** www/plus.html	2003/02/22 23:59:25	1.860
--- www/plus.html	2003/02/25 01:56:00	1.861
***************
*** 54,59 ****
--- 54,62 ----
  <p>
  
  <ul>
+ <li><font color="#e00000"><strong>SECURITY FIX: February 25, 2003: <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a> leaks file inode numbers via ETag header as well as child PIDs in multipart MIME boundary generation. This could lead, for example, to NFS exploitation because it uses inode numbers as part of the file handle.</strong></font><br>
+     <a href="errata.html#httpd">A source code patch is available</a>.<br>
+     <a href="stable.html"><font color=#00b000>[Applied to stable]</font></a>
  <li>Fix a null deref triggered by <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ipcomp&sektion=4">ipcomp(4)</a>.
  <!-- ^ 20030220 -->
  <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pfctl&sektion=8">pfctl(8)</a> rejects non-existent interfaces in rules using dynamic interface syntax.
***************
*** 908,914 ****
  <hr>
  <a href="index.html"><img height=24 width=24 src="back.gif" border=0 alt="OpenBSD"></a> 
  <a href="mailto:www@openbsd.org">www@openbsd.org</a>
! <br><small>$OpenBSD: plus.html,v 1.860 2003/02/22 23:59:25 deraadt Exp $</small>
  
  </body>
  </html>
--- 911,917 ----
  <hr>
  <a href="index.html"><img height=24 width=24 src="back.gif" border=0 alt="OpenBSD"></a> 
  <a href="mailto:www@openbsd.org">www@openbsd.org</a>
! <br><small>$OpenBSD: plus.html,v 1.861 2003/02/25 01:56:00 margarida Exp $</small>
  
  </body>
  </html>