===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/plus.html,v
retrieving revision 1.463
retrieving revision 1.464
diff -u -r1.463 -r1.464
--- www/plus.html	1999/08/31 03:29:13	1.463
+++ www/plus.html	1999/08/31 11:43:40	1.464
@@ -53,11 +53,11 @@
 <p>
 <h3><font color=#0000e0>We are working on OpenBSD-current.</font></h3><p>
 <ul>
-<li>In cron(8), run sendmail as the user, not as root.
+<li>Start amd(8) in /etc/amd.
 <li>Fix buf overflow in amd(8).
 <li>Support AAA-131CF card in ahc(4) driver.
 <li>Check SACK hole validity better, and do sequence space arithmetic better.
-<li>Make sure argv[] is NULL terminated in cron's fake popen().
+<li><font color=#e00000><strong>SECURITY ISSUE: In cron(8), make sure argv[] is NULL terminated in the fake popen() and run sendmail as the user, not as root. <a href=errata.html#cron>A patch is available</a></strong></font>.
 <li>Some fixes to newsyslog(8).
 <li>Disable SACK for now; some issues remain.
 <li>Buffer overflow fixes in from(1).
@@ -445,7 +445,7 @@
 <hr>
 <a href="index.html"><img height=24 width=24 src=back.gif border=0 alt=OpenBSD></a> 
 <a href=mailto:www@openbsd.org>www@openbsd.org</a>
-<br><small>$OpenBSD: plus.html,v 1.463 1999/08/31 03:29:13 deraadt Exp $</small>
+<br><small>$OpenBSD: plus.html,v 1.464 1999/08/31 11:43:40 deraadt Exp $</small>
 
 </body>
 </html>