===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/security.html,v
retrieving revision 1.123
retrieving revision 1.124
diff -u -r1.123 -r1.124
--- www/security.html	2000/01/20 17:49:33	1.123
+++ www/security.html	2000/05/23 20:58:20	1.124
@@ -35,6 +35,7 @@
 <p>
 </td>
 <td valign="top">
+<a href="#27">For 2.7 security advisories</a>.<br>
 <a href="#26">For 2.6 security advisories</a>.<br>
 <a href="#25">For 2.5 security advisories</a>.<br>
 <a href="#24">For 2.4 security advisories</a>.<br>
@@ -180,6 +181,20 @@
 <dl>
 
 <li>
+<a name=27></a>
+
+<h3><font color=#e00000>OpenBSD 2.7 Security Advisories</font></h3>
+These are the OpenBSD 2.7 advisories -- all these problems are solved 
+in <a href=anoncvs.html>OpenBSD current</a>.  Obviously, all the
+OpenBSD 2.6 advisories listed below are fixed in OpenBSD 2.7.
+
+<p>
+<ul>
+<li>No 2.7 security advisories yet.
+</ul>
+
+<p>
+<li>
 <a name=26></a>
 
 <h3><font color=#e00000>OpenBSD 2.6 Security Advisories</font></h3>
@@ -201,7 +216,9 @@
 	A buffer overflow in the RSAREF code included in the
 	USA version of libssl, is possibly exploitable in
 	httpd, ssh, or isakmpd, if SSL/RSA features are enabled.
-	(patch included).</a>
+	(patch included).<br></a>
+	<strong>Update:</strong> Turns out that this was not exploitable
+	in any of the software included in OpenBSD 2.6.
 <li><a href=errata.html#sendmail>Dec 4, 1999:
 	Sendmail permitted any user to cause a aliases file wrap,
 	thus exposing the system to a race where the aliases file
@@ -495,7 +512,7 @@
 <a href=index.html><img height=24 width=24 src=back.gif border=0 alt=OpenBSD></a>
 <a href=mailto:www@openbsd.org>www@openbsd.org</a>
 <br>
-<small>$OpenBSD: security.html,v 1.123 2000/01/20 17:49:33 deraadt Exp $</small>
+<small>$OpenBSD: security.html,v 1.124 2000/05/23 20:58:20 deraadt Exp $</small>
 
 </body>
 </html>