===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/plus.html,v
retrieving revision 1.886
retrieving revision 1.887
diff -u -r1.886 -r1.887
--- www/plus.html	2003/09/10 15:52:47	1.886
+++ www/plus.html	2003/09/15 21:51:02	1.887
@@ -52,12 +52,14 @@
 
 <p>
 <h3><font color="#0000e0">We are working on OpenBSD-current.</font></h3><p>
-The following list sums up (almost) all the changes made up to September 9.
+The following list sums up (almost) all the changes made up to September 10.
 <p>
 
 <ul>
 <!-- ^ 20030910 -->
-<li>Fix the bounds check (and a potential int overflow) when setting <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&amp;sektion=3">sysctl(3)</a> values kern.seminfo.{semmns,semmsl}.
+<li><font color="#e00000"><strong>SECURITY FIX: Root may be able to reduce the security level by taking advantage of an integer overflow when the semaphore limits are made very large.</strong></font><br>
+    <a href="errata.html#sysvsem">A source code patch is available</a>.<br>
+    <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
 <li>Pass -a to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=fgrep&amp;sektion=1">fgrep(1)</a> in Texinfo to make sure info files don't get treated as binary.
 <li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=grep&amp;sektion=1">grep(1)</a> check for the correct error value from <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=mmap&amp;sektion=2">mmap(2)</a>, fixing a crash.
 <!-- ^ 20030909 -->
@@ -1352,7 +1354,7 @@
 <hr>
 <a href="index.html"><img height=24 width=24 src="back.gif" border=0 alt="OpenBSD"></a> 
 <a href="mailto:www@openbsd.org">www@openbsd.org</a>
-<br><small>$OpenBSD: plus.html,v 1.886 2003/09/10 15:52:47 deraadt Exp $</small>
+<br><small>$OpenBSD: plus.html,v 1.887 2003/09/15 21:51:02 deraadt Exp $</small>
 
 </body>
 </html>