===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/plus33.html,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- www/plus33.html	2003/03/30 20:23:35	1.4
+++ www/plus33.html	2003/04/13 16:19:11	1.5
@@ -57,7 +57,9 @@
 <ul>
 <li>3.3 release branch created.
 <!-- ^ 20030326 -->
-<li>Update <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sendmail&amp;sektion=8">sendmail(8)</a> to 8.12.9, fixing an address parsing buffer overflow that may be remotely exploitable.
+<li><font color="#e00000"><strong>SECURITY FIX: A buffer overflow in the address parsing in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sendmail&amp;sektion=8">sendmail(8)</a> may allow an attacker to gain root privileges.</strong></font><br>
+    <a href="errata32.html#sendmail2">A source code patch is available</a>.<br>
+    <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
 <li>Fix the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp-server&amp;sektion=8">sftp-server(8)</a> race fix so that renames of symlinks and directories work again.
 <!-- ^ 20030325 -->
 <li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lpr&amp;sektion=1">lpr(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lprm&amp;sektion=1">lprm(1)</a> do a better fake setuid(daemon), so that files to be printed no longer need to be world-readable.
@@ -99,7 +101,8 @@
 <li>An RFC 2553 compliance tweak to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getaddrinfo&amp;sektion=3">getaddrinfo(3)</a>.
 <li>Change <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=perl&amp;sektion=1">perl(1)</a>'s config hints file to reflect the promotion of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=setreuid&amp;sektion=2">setre[ug]id(2)</a> to real system calls.
 <li>Some (v)sprintf -> (v)snprintf in libcurses and libcurses++.
-<li>Bump <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&amp;sektion=1">ssh(1)</a> version to 3.6.
+<li>Bump <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&amp;sektion=1">ssh(1)</a> version to 3.6.<br>
+    <a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
 <!-- ^ 20030317 -->
 <li>Fix a bad string length when checking options to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=login_passwd&amp;sektion=8">login_passwd(8)</a>.
 <li>Add a nicely free license to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=hack&amp;sektion=6">hack(6)</a>.
@@ -1172,7 +1175,7 @@
 <hr>
 <a href="index.html"><img height=24 width=24 src="back.gif" border=0 alt="OpenBSD"></a> 
 <a href="mailto:www@openbsd.org">www@openbsd.org</a>
-<br><small>$OpenBSD: plus33.html,v 1.4 2003/03/30 20:23:35 deraadt Exp $</small>
+<br><small>$OpenBSD: plus33.html,v 1.5 2003/04/13 16:19:11 deraadt Exp $</small>
 
 </body>
 </html>