===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/security.html,v
retrieving revision 1.75
retrieving revision 1.76
diff -c -r1.75 -r1.76
*** www/security.html 1998/11/11 16:45:50 1.75
--- www/security.html 1998/11/11 22:40:11 1.76
***************
*** 128,150 ****
OpenBSD 2.2 advisories listed below are fixed in OpenBSD 2.3.
! - Aug 1, 1998: chpass(1) has a file descriptor
leak which creates a race condition that allows an attacker to
modify /etc/master.passwd (patch included).
!
- Jul 2, 1998: setuid and setgid processes
should not be executed with fd slots 0, 1, or 2 free.
(patch included).
!
- June 6, 1998: Further problems with the X
libraries (patches included).
!
- June 4, 1998: on non-Intel i386 machines, any user
can use pctr(4) to crash the machine.
!
- May 17, 1998: kill(2) of setuid/setgid target
processes too permissive (4th revision patch included).
!
- May 11, 1998: mmap() permits partial bypassing
of immutable and append-only file flags. (patch included).
!
- May 1, 1998: Buffer overflow in xterm and Xaw
(CERT advisory VB-98.04) (patch included).
!
- May 5, 1998: Incorrect handling of IPSEC packets
if IPSEC is enabled (patch included).
--- 128,150 ----
OpenBSD 2.2 advisories listed below are fixed in OpenBSD 2.3.
! - Aug 1, 1998: chpass(1) has a file descriptor
leak which creates a race condition that allows an attacker to
modify /etc/master.passwd (patch included).
!
- Jul 2, 1998: setuid and setgid processes
should not be executed with fd slots 0, 1, or 2 free.
(patch included).
!
- June 6, 1998: Further problems with the X
libraries (patches included).
!
- June 4, 1998: on non-Intel i386 machines, any user
can use pctr(4) to crash the machine.
!
- May 17, 1998: kill(2) of setuid/setgid target
processes too permissive (4th revision patch included).
!
- May 11, 1998: mmap() permits partial bypassing
of immutable and append-only file flags. (patch included).
!
- May 1, 1998: Buffer overflow in xterm and Xaw
(CERT advisory VB-98.04) (patch included).
!
- May 5, 1998: Incorrect handling of IPSEC packets
if IPSEC is enabled (patch included).
***************
*** 256,262 ****
www@openbsd.org
! $OpenBSD: security.html,v 1.75 1998/11/11 16:45:50 deraadt Exp $