www/security.html - diff

Return to security.html CVS log

Up to [local] / www

version 1.329, 2006/09/09 03:04:22

version 1.330, 2006/10/07 18:07:36

Line 232

<p>

<ul>

<li><a href="errata.html#systrace">Oct 7, 2006:

Fix for an integer overflow in systrace's STRIOCREPLACE support,

found by Chris Evans.</a>

<li><a href="errata.html#openssl2">Oct 7, 2006:

Several problems have been found in OpenSSL.</a>

<li><a href="errata.html#httpd2">Oct 7, 2006:

httpd(8) does not sanitize the Expect header from an HTTP request

when it is reflected back in an error message, which might allow

cross-site scripting (XSS) style attacks.</a>

<li><a href="errata.html#openssl">Sep 8, 2006:

Due to incorrect PKCS#1 v1.5 padding validation in OpenSSL, it is

possible for an attacker to construct an invalid signature which

Line 276

Line 285

<p>

<ul>

<li><a href="errata38.html#systrace">Oct 7, 2006: