Return to plus33.html CVS log | Up to [local] / www |
version 1.4, 2003/03/30 20:23:35 | version 1.5, 2003/04/13 16:19:11 | ||
---|---|---|---|
|
|
||
<ul> | <ul> | ||
<li>3.3 release branch created. | <li>3.3 release branch created. | ||
<!-- ^ 20030326 --> | <!-- ^ 20030326 --> | ||
<li>Update <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sendmail&sektion=8">sendmail(8)</a> to 8.12.9, fixing an address parsing buffer overflow that may be remotely exploitable. | <li><font color="#e00000"><strong>SECURITY FIX: A buffer overflow in the address parsing in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sendmail&sektion=8">sendmail(8)</a> may allow an attacker to gain root privileges.</strong></font><br> | ||
<a href="errata32.html#sendmail2">A source code patch is available</a>.<br> | |||
<a href="stable.html"><font color="#00b000">[Applied to stable]</font></a> | |||
<li>Fix the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp-server&sektion=8">sftp-server(8)</a> race fix so that renames of symlinks and directories work again. | <li>Fix the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp-server&sektion=8">sftp-server(8)</a> race fix so that renames of symlinks and directories work again. | ||
<!-- ^ 20030325 --> | <!-- ^ 20030325 --> | ||
<li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lpr&sektion=1">lpr(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lprm&sektion=1">lprm(1)</a> do a better fake setuid(daemon), so that files to be printed no longer need to be world-readable. | <li>Have <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lpr&sektion=1">lpr(1)</a> and <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lprm&sektion=1">lprm(1)</a> do a better fake setuid(daemon), so that files to be printed no longer need to be world-readable. | ||
|
|
||
<li>An RFC 2553 compliance tweak to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getaddrinfo&sektion=3">getaddrinfo(3)</a>. | <li>An RFC 2553 compliance tweak to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getaddrinfo&sektion=3">getaddrinfo(3)</a>. | ||
<li>Change <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=perl&sektion=1">perl(1)</a>'s config hints file to reflect the promotion of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=setreuid&sektion=2">setre[ug]id(2)</a> to real system calls. | <li>Change <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=perl&sektion=1">perl(1)</a>'s config hints file to reflect the promotion of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=setreuid&sektion=2">setre[ug]id(2)</a> to real system calls. | ||
<li>Some (v)sprintf -> (v)snprintf in libcurses and libcurses++. | <li>Some (v)sprintf -> (v)snprintf in libcurses and libcurses++. | ||
<li>Bump <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> version to 3.6. | <li>Bump <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> version to 3.6.<br> | ||
<a href="stable.html"><font color="#00b000">[Applied to stable]</font></a> | |||
<!-- ^ 20030317 --> | <!-- ^ 20030317 --> | ||
<li>Fix a bad string length when checking options to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=login_passwd&sektion=8">login_passwd(8)</a>. | <li>Fix a bad string length when checking options to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=login_passwd&sektion=8">login_passwd(8)</a>. | ||
<li>Add a nicely free license to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=hack&sektion=6">hack(6)</a>. | <li>Add a nicely free license to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=hack&sektion=6">hack(6)</a>. |