===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/plus33.html,v
retrieving revision 1.4
retrieving revision 1.5
diff -c -r1.4 -r1.5
*** www/plus33.html 2003/03/30 20:23:35 1.4
--- www/plus33.html 2003/04/13 16:19:11 1.5
***************
*** 57,63 ****
- 3.3 release branch created.
!
- Update sendmail(8) to 8.12.9, fixing an address parsing buffer overflow that may be remotely exploitable.
- Fix the sftp-server(8) race fix so that renames of symlinks and directories work again.
- Have lpr(1) and lprm(1) do a better fake setuid(daemon), so that files to be printed no longer need to be world-readable.
--- 57,65 ----
- 3.3 release branch created.
!
- SECURITY FIX: A buffer overflow in the address parsing in sendmail(8) may allow an attacker to gain root privileges.
! A source code patch is available.
! [Applied to stable]
- Fix the sftp-server(8) race fix so that renames of symlinks and directories work again.
- Have lpr(1) and lprm(1) do a better fake setuid(daemon), so that files to be printed no longer need to be world-readable.
***************
*** 99,105 ****
- An RFC 2553 compliance tweak to getaddrinfo(3).
- Change perl(1)'s config hints file to reflect the promotion of setre[ug]id(2) to real system calls.
- Some (v)sprintf -> (v)snprintf in libcurses and libcurses++.
!
- Bump ssh(1) version to 3.6.
- Fix a bad string length when checking options to login_passwd(8).
- Add a nicely free license to hack(6).
--- 101,108 ----
- An RFC 2553 compliance tweak to getaddrinfo(3).
- Change perl(1)'s config hints file to reflect the promotion of setre[ug]id(2) to real system calls.
- Some (v)sprintf -> (v)snprintf in libcurses and libcurses++.
!
- Bump ssh(1) version to 3.6.
! [Applied to stable]
- Fix a bad string length when checking options to login_passwd(8).
- Add a nicely free license to hack(6).
***************
*** 1172,1178 ****
www@openbsd.org
!
$OpenBSD: plus33.html,v 1.4 2003/03/30 20:23:35 deraadt Exp $