===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/plus33.html,v
retrieving revision 1.4
retrieving revision 1.5
diff -c -r1.4 -r1.5
*** www/plus33.html	2003/03/30 20:23:35	1.4
--- www/plus33.html	2003/04/13 16:19:11	1.5
***************
*** 57,63 ****
  <ul>
  <li>3.3 release branch created.
  <!-- ^ 20030326 -->
! <li>Update <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sendmail&amp;sektion=8">sendmail(8)</a> to 8.12.9, fixing an address parsing buffer overflow that may be remotely exploitable.
  <li>Fix the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp-server&amp;sektion=8">sftp-server(8)</a> race fix so that renames of symlinks and directories work again.
  <!-- ^ 20030325 -->
  <li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lpr&amp;sektion=1">lpr(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lprm&amp;sektion=1">lprm(1)</a> do a better fake setuid(daemon), so that files to be printed no longer need to be world-readable.
--- 57,65 ----
  <ul>
  <li>3.3 release branch created.
  <!-- ^ 20030326 -->
! <li><font color="#e00000"><strong>SECURITY FIX: A buffer overflow in the address parsing in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sendmail&amp;sektion=8">sendmail(8)</a> may allow an attacker to gain root privileges.</strong></font><br>
!     <a href="errata32.html#sendmail2">A source code patch is available</a>.<br>
!     <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
  <li>Fix the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp-server&amp;sektion=8">sftp-server(8)</a> race fix so that renames of symlinks and directories work again.
  <!-- ^ 20030325 -->
  <li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lpr&amp;sektion=1">lpr(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lprm&amp;sektion=1">lprm(1)</a> do a better fake setuid(daemon), so that files to be printed no longer need to be world-readable.
***************
*** 99,105 ****
  <li>An RFC 2553 compliance tweak to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getaddrinfo&amp;sektion=3">getaddrinfo(3)</a>.
  <li>Change <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=perl&amp;sektion=1">perl(1)</a>'s config hints file to reflect the promotion of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=setreuid&amp;sektion=2">setre[ug]id(2)</a> to real system calls.
  <li>Some (v)sprintf -> (v)snprintf in libcurses and libcurses++.
! <li>Bump <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&amp;sektion=1">ssh(1)</a> version to 3.6.
  <!-- ^ 20030317 -->
  <li>Fix a bad string length when checking options to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=login_passwd&amp;sektion=8">login_passwd(8)</a>.
  <li>Add a nicely free license to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=hack&amp;sektion=6">hack(6)</a>.
--- 101,108 ----
  <li>An RFC 2553 compliance tweak to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getaddrinfo&amp;sektion=3">getaddrinfo(3)</a>.
  <li>Change <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=perl&amp;sektion=1">perl(1)</a>'s config hints file to reflect the promotion of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=setreuid&amp;sektion=2">setre[ug]id(2)</a> to real system calls.
  <li>Some (v)sprintf -> (v)snprintf in libcurses and libcurses++.
! <li>Bump <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&amp;sektion=1">ssh(1)</a> version to 3.6.<br>
!     <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
  <!-- ^ 20030317 -->
  <li>Fix a bad string length when checking options to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=login_passwd&amp;sektion=8">login_passwd(8)</a>.
  <li>Add a nicely free license to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=hack&amp;sektion=6">hack(6)</a>.
***************
*** 1172,1178 ****
  <hr>
  <a href="index.html"><img height=24 width=24 src="back.gif" border=0 alt="OpenBSD"></a> 
  <a href="mailto:www@openbsd.org">www@openbsd.org</a>
! <br><small>$OpenBSD: plus33.html,v 1.4 2003/03/30 20:23:35 deraadt Exp $</small>
  
  </body>
  </html>
--- 1175,1181 ----
  <hr>
  <a href="index.html"><img height=24 width=24 src="back.gif" border=0 alt="OpenBSD"></a> 
  <a href="mailto:www@openbsd.org">www@openbsd.org</a>
! <br><small>$OpenBSD: plus33.html,v 1.5 2003/04/13 16:19:11 deraadt Exp $</small>
  
  </body>
  </html>