Rewrite SA-05:01.telnet entry based on nectar's original commit

message, which is more accurate and less clunky than my version.
svn path=/head/; revision=144400
2024-10-20 15:24:25 +00:00 · 2005-03-31 16:02:12 +00:00 · 2005-03-31 16:02:12 +00:00 · 028a54daba · 2020-12-20 02:59:44 +00:00
parent a6cb7db8cb
commit 028a54daba
2 changed files with 10 additions and 8 deletions
--- a/release/doc/en_US.ISO8859-1/relnotes/article.sgml
+++ b/release/doc/en_US.ISO8859-1/relnotes/article.sgml
@ -128,10 +128,11 @@
      <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:17.procfs.asc">FreeBSD-SA-04:17.procfs</ulink>.
      &merged;</para>

-    <para>A buffer overflow in the TELNET client program, which could
-      allow an attacker to cause the execution of arbitrary code with
-      the privileges of the user invoking &man.telnet.1;, has been
-      fixed.  More information can be found in security advisory
+    <para>Two buffer overflows in the TELNET client program have been
+      corrected.  They could have allowed a malicious TELNET server or
+      an active network attacker to cause &man.telnet.1; to execute
+      arbitrary code with the privileges of the user running it.
+      More information can be found in security advisory
      <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:01.telnet.asc">FreeBSD-SA-05:01.telnet</ulink>.
      &merged;</para>

--- a/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml
+++ b/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml
@ -128,10 +128,11 @@
      <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:17.procfs.asc">FreeBSD-SA-04:17.procfs</ulink>.
      &merged;</para>

-    <para>A buffer overflow in the TELNET client program, which could
-      allow an attacker to cause the execution of arbitrary code with
-      the privileges of the user invoking &man.telnet.1;, has been
-      fixed.  More information can be found in security advisory
+    <para>Two buffer overflows in the TELNET client program have been
+      corrected.  They could have allowed a malicious TELNET server or
+      an active network attacker to cause &man.telnet.1; to execute
+      arbitrary code with the privileges of the user running it.
+      More information can be found in security advisory
      <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:01.telnet.asc">FreeBSD-SA-05:01.telnet</ulink>.
      &merged;</para>