-$Id: CHANGES,v 1.191 2002/07/30 14:12:38 stelian Exp $
+$Id: CHANGES,v 1.192 2002/08/01 10:23:26 stelian Exp $
+
+Changes between versions 0.4b31 and 0.4b32 (released ?????????????)
+===================================================================
+
+1. Changed dump to use fcntl(F_SETLK) style locking instead
+ of flock() when locking the dumpdates file. With the old
+ locking scheme, a local user having read rights on the
+ dumpdates file could be able to do a Denial of Service attack
+ on dump. In order to lock the dumpdates file with the new
+ scheme, the user would need to have write access on the file.
+ Thanks to Richard Johnson <Richard.Johnson3@ey.com> for
+ reporting the bug (originally a bugtraq post).
Changes between versions 0.4b30 and 0.4b31 (released July 30, 2002)
===================================================================