===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/plus33.html,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- www/plus33.html 2003/03/30 20:23:35 1.4
+++ www/plus33.html 2003/04/13 16:19:11 1.5
@@ -57,7 +57,9 @@
- 3.3 release branch created.
-
- Update sendmail(8) to 8.12.9, fixing an address parsing buffer overflow that may be remotely exploitable.
+
- SECURITY FIX: A buffer overflow in the address parsing in sendmail(8) may allow an attacker to gain root privileges.
+ A source code patch is available.
+ [Applied to stable]
- Fix the sftp-server(8) race fix so that renames of symlinks and directories work again.
- Have lpr(1) and lprm(1) do a better fake setuid(daemon), so that files to be printed no longer need to be world-readable.
@@ -99,7 +101,8 @@
- An RFC 2553 compliance tweak to getaddrinfo(3).
- Change perl(1)'s config hints file to reflect the promotion of setre[ug]id(2) to real system calls.
- Some (v)sprintf -> (v)snprintf in libcurses and libcurses++.
-
- Bump ssh(1) version to 3.6.
+
- Bump ssh(1) version to 3.6.
+ [Applied to stable]
- Fix a bad string length when checking options to login_passwd(8).
- Add a nicely free license to hack(6).
@@ -1172,7 +1175,7 @@
www@openbsd.org
-
$OpenBSD: plus33.html,v 1.4 2003/03/30 20:23:35 deraadt Exp $
+
$OpenBSD: plus33.html,v 1.5 2003/04/13 16:19:11 deraadt Exp $