diff --git a/release/doc/en_US.ISO8859-1/relnotes/article.sgml b/release/doc/en_US.ISO8859-1/relnotes/article.sgml index 8e5559485e33..8e1aee37d868 100644 --- a/release/doc/en_US.ISO8859-1/relnotes/article.sgml +++ b/release/doc/en_US.ISO8859-1/relnotes/article.sgml @@ -807,6 +807,13 @@ variable limits the amount of memory that can be consumed by IPv4 packet fragments, which defends against some denial of service attacks. + + A vulnerability in the &man.fts.3; routines (used by + applications for recursively traversing a filesystem) could + allow a program to operate on files outside the intended directory + hierarchy. This bug has been fixed (see security advisory + FreeBSD-SA-01:40). &merged; + Userland Changes diff --git a/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml b/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml index 8e5559485e33..8e1aee37d868 100644 --- a/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml +++ b/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml @@ -807,6 +807,13 @@ variable limits the amount of memory that can be consumed by IPv4 packet fragments, which defends against some denial of service attacks. + + A vulnerability in the &man.fts.3; routines (used by + applications for recursively traversing a filesystem) could + allow a program to operate on files outside the intended directory + hierarchy. This bug has been fixed (see security advisory + FreeBSD-SA-01:40). &merged; + Userland Changes diff --git a/release/doc/en_US.ISO_8859-1/relnotes/common/new.sgml b/release/doc/en_US.ISO_8859-1/relnotes/common/new.sgml index 8e5559485e33..8e1aee37d868 100644 --- a/release/doc/en_US.ISO_8859-1/relnotes/common/new.sgml +++ b/release/doc/en_US.ISO_8859-1/relnotes/common/new.sgml @@ -807,6 +807,13 @@ variable limits the amount of memory that can be consumed by IPv4 packet fragments, which defends against some denial of service attacks. + + A vulnerability in the &man.fts.3; routines (used by + applications for recursively traversing a filesystem) could + allow a program to operate on files outside the intended directory + hierarchy. This bug has been fixed (see security advisory + FreeBSD-SA-01:40). &merged; + Userland Changes