Fri Oct 3 10:48:10 2008 UTC ()

Ticket 1967.


(jdc)

diff -r1.1.2.33 -r1.1.2.34 src/doc/CHANGES-3.0.4

--- src/doc/Attic/CHANGES-3.0.4 2008/10/03 09:22:15	1.1.2.33
+++ src/doc/Attic/CHANGES-3.0.4 2008/10/03 10:48:10	1.1.2.34

 @@ -1,14 +1,14 @@
-#	$NetBSD: CHANGES-3.0.4,v 1.1.2.33 2008/10/03 09:22:15 jdc Exp $
+#	$NetBSD: CHANGES-3.0.4,v 1.1.2.34 2008/10/03 10:48:10 jdc Exp $
 A complete list of changes from the NetBSD 3.0.3 release to the NetBSD 3.0.4
 release:
 File						Revision(s)
 ----						--------
 doc/README.files				patch
 gnu/usr.bin/groff/tmac/mdoc.local		patch
 sys/sys/param.h					patch
 	Welcome to NetBSD 3.0.3_PATCH.
 sys/dev/ic/pcdisplay_subr.c			1.33 via patch
 @@ -1170,13 +1170,22 @@ libexec/ftpd/version.h				patch
 	Don't split large commands into multiple commands; just fail on them.
 	This prevents CSRF-like attacks, when a web browser is used to access
 	an ftp server.
 	Reported by Maksymilian Arciemowicz <cxib@securityreason.com>.
 	Fix mostly derived from OpenBSD, written by
 	Moritz Jodeit <moritz@OpenBSD.org>
 	[lukem, ticket #1964]
 sys/netinet6/icmp6.c				1.150
 	Fix for CVE-2008-3530 from matt@
 	Implement improved checking for MTU values on ICMP 'Packet Too Big
 	Messages'
 	[adrianp, ticket #1966]
 src/sys/netinet6/in6.c				1.141 via patch
 src/sys/netinet6/in6_var.h			1.59 via patch
 src/sys/netinet6/nd6_nbr.c			1.89-1.90 via patch
 	If a neighbor solictation isn't from the unspecified address,
 	make sure that the source address matches one of the interfaces
 	address prefixes.  Fixes CVE-2008-2476/VU#472363.
 	[adrianp, ticket #1967]