New release note: SA-02:27.

Modified release note: Add appropriate cross-reference to SA-02:26, now that it's been issued.
author: bmah <bmah@FreeBSD.org> 2002-05-29 18:27:14 +0000
committer: bmah <bmah@FreeBSD.org> 2002-05-29 18:27:14 +0000
commit: 3788470deeca4c7f91b797819fc93c76b097ffa6 (patch)
tree: cd7c96bc10c77dd8462c001db2b762e40a53a9a6 /release
parent: 4a16a3c518fd875bb91df9dcb57266d3293888e7 (diff)
download: FreeBSD-src-3788470deeca4c7f91b797819fc93c76b097ffa6.zip
FreeBSD-src-3788470deeca4c7f91b797819fc93c76b097ffa6.tar.gz
2 files changed, 24 insertions, 2 deletions
diff --git a/release/doc/en_US.ISO8859-1/relnotes/article.sgml b/release/doc/en_US.ISO8859-1/relnotes/article.sgml
index 103fe60..bae992c 100644
--- a/release/doc/en_US.ISO8859-1/relnotes/article.sgml
+++ b/release/doc/en_US.ISO8859-1/relnotes/article.sgml
@@ -1788,7 +1788,18 @@ options HZ=1000 # not compulsory but strongly recommended</programlisting>
       cache (<quote>syncache</quote>), which could allow a remote
       attacker to deny access to a service when accept filters
       (see &man.accept.filter.9;) were in use.  This bug has been 
-      fixed. &merged;</para>
+      fixed; for more information, see security advisory <ulink
+      url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:26.accept.asc">FreeBSD-SA-02:26</ulink>.
+      &merged;</para>
+
+    <para>Due to a bug in &man.rc.8;'s use of shell globbing, users
+      may be able to remove the contents of arbitrary files if
+      <filename>/tmp/.X11-unix</filename> does not exist and the
+      system can be made to reboot.  This bug has been corrected (see
+      security advisory <ulink
+      url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:27.rc.asc">FreeBSD-SA-02:27</ulink>).
+      &merged;</para>
+
   </sect2>
 
   <sect2 id="userland">
diff --git a/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml b/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml
index 103fe60..bae992c 100644
--- a/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml
+++ b/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml
@@ -1788,7 +1788,18 @@ options HZ=1000 # not compulsory but strongly recommended</programlisting>
       cache (<quote>syncache</quote>), which could allow a remote
       attacker to deny access to a service when accept filters
       (see &man.accept.filter.9;) were in use.  This bug has been 
-      fixed. &merged;</para>
+      fixed; for more information, see security advisory <ulink
+      url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:26.accept.asc">FreeBSD-SA-02:26</ulink>.
+      &merged;</para>
+
+    <para>Due to a bug in &man.rc.8;'s use of shell globbing, users
+      may be able to remove the contents of arbitrary files if
+      <filename>/tmp/.X11-unix</filename> does not exist and the
+      system can be made to reboot.  This bug has been corrected (see
+      security advisory <ulink
+      url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:27.rc.asc">FreeBSD-SA-02:27</ulink>).
+      &merged;</para>
+
   </sect2>
 
   <sect2 id="userland">
author	bmah <bmah@FreeBSD.org>	2002-05-29 18:27:14 +0000
committer	bmah <bmah@FreeBSD.org>	2002-05-29 18:27:14 +0000
commit	3788470deeca4c7f91b797819fc93c76b097ffa6 (patch)
tree	cd7c96bc10c77dd8462c001db2b762e40a53a9a6 /release
parent	4a16a3c518fd875bb91df9dcb57266d3293888e7 (diff)
download	FreeBSD-src-3788470deeca4c7f91b797819fc93c76b097ffa6.zip FreeBSD-src-3788470deeca4c7f91b797819fc93c76b097ffa6.tar.gz