CVSROOT: /cvs
Module name: www
Changes by: [email protected] 2014/04/12 11:39:58
Modified files:
. : errata53.html errata54.html errata55.html
security.html
Log message:
errata for 5.3 - 5.5.
In truth, this bug goes back about EIGHT YEARS. The feature it depends
on is optional on sockets, so it appears OpenBSD's httpd (apache 1) may
avoid it, but other web server and client software are not.
A use-after-free race condition in OpenSSL's read buffer may permit an attacker
to inject data from one connection into another.
