Module Name: src
Committed By: bouyer
Date: Tue May 17 12:11:08 UTC 2022
Modified Files:
src/doc [netbsd-9]: CHANGES-9.3
Log Message:
Ticket 1455
To generate a diff of this commit:
cvs rdiff -u -r1.1.2.93 -r1.1.2.94 src/doc/CHANGES-9.3
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/doc/CHANGES-9.3
diff -u src/doc/CHANGES-9.3:1.1.2.93 src/doc/CHANGES-9.3:1.1.2.94
--- src/doc/CHANGES-9.3:1.1.2.93 Tue May 17 10:30:22 2022
+++ src/doc/CHANGES-9.3 Tue May 17 12:11:08 2022
@@ -1,4 +1,4 @@
-# $NetBSD: CHANGES-9.3,v 1.1.2.93 2022/05/17 10:30:22 bouyer Exp $
+# $NetBSD: CHANGES-9.3,v 1.1.2.94 2022/05/17 12:11:08 bouyer Exp $
A complete list of changes from the NetBSD 9.2 release to the NetBSD 9.3
release:
@@ -1653,3 +1653,14 @@ share/man/man4/mfi.4 1.13
- Improve debug printf()s.
- KNF. Remove extra semicolon. Whitespace fixes.
[msaitoh, ticket #1454]
+
+libexec/mail.local/mail.local.c 1.29
+
+ fix local privilege escalation due to a race condition
+
+ NetBSD-SA2016-006 included an incomplete fix for CVE-2016-6253,
+ a local privilege escalation vulnerability in mail.local(8).
+
+ Thanks to Jan Schaumann for bringing this to our attention.
+ [kre, ticket #1455]
+
