===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/security.html,v
retrieving revision 1.292
retrieving revision 1.293
diff -u -r1.292 -r1.293
--- www/security.html 2004/06/11 03:48:57 1.292
+++ www/security.html 2004/06/12 23:43:14 1.293
@@ -225,31 +225,33 @@
+- Jun 12, 2004:
+ Multiple vulnerabilites have been found in httpd(8) / mod_ssl.
- Jun 10, 2004:
isakmpd(8) still has issues with unauthorized SA deletion,
- an attacker can delete IPsec tunnels at will..
+ an attacker can delete IPsec tunnels at will.
- Jun 9, 2004:
Multiple remote vulnerabilities have been found in the cvs(1)
server which can be used by CVS clients to crash or execute
- arbitrary code on the server.
+ arbitrary code on the server.
- May 30, 2004:
kdc(8) performs inadequate checking of request fields, leading
to the possibility of principal impersonation from other
Kerberos realms if they are trusted with a cross-realm trust.
- May 26, 2004:
xdm(1) ignores the requestPort resource and creates a
- listening socket regardless of the setting in xdm-config.
+ listening socket regardless of the setting in xdm-config.
- May 20, 2004:
A buffer overflow in the cvs(1) server has been found,
which can be used by CVS clients to execute arbitrary code on
- the server.
+ the server.
- May 13, 2004:
Integer overflow problems were found in procfs, allowing
- reading of arbitrary kernel memory.
+ reading of arbitrary kernel memory.
- May 5, 2004:
Pathname validation problems have been found in cvs(1),
allowing clients and servers access to files outside the
- repository or local CVS tree.
+ repository or local CVS tree.
@@ -263,13 +265,15 @@
+- Jun 12, 2004:
+ Multiple vulnerabilites have been found in httpd(8) / mod_ssl.
- Jun 10, 2004:
isakmpd(8) still has issues with unauthorized SA deletion,
- an attacker can delete IPsec tunnels at will..
+ an attacker can delete IPsec tunnels at will.
- Jun 9, 2004:
Multiple remote vulnerabilities have been found in the cvs(1)
server which can be used by CVS clients to crash or execute
- arbitrary code on the server.
+ arbitrary code on the server.
- May 30, 2004:
kdc(8) performs inadequate checking of request fields, leading
to the possibility of principal impersonation from other
@@ -1258,7 +1262,7 @@
www@openbsd.org
-$OpenBSD: security.html,v 1.292 2004/06/11 03:48:57 brad Exp $
+$OpenBSD: security.html,v 1.293 2004/06/12 23:43:14 brad Exp $