X-Git-Url: https://git.wh0rd.org/?p=dump.git;a=blobdiff_plain;f=CHANGES;h=ccd47e0bd51bc6c0535bd7fcd01071cd662406b6;hp=0527157976483f0942c5d208a09830794e0f631a;hb=d86089d1dfe8565a3cf6f9d6e2fe96d29d6ab5f1;hpb=4095abc031a4b91bd6d056ff2b6cf9e7cd568afc

diff --git a/CHANGES b/CHANGES
index 0527157..ccd47e0 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,4 +1,23 @@
-$Id: CHANGES,v 1.189 2002/07/25 09:56:47 stelian Exp $
+$Id: CHANGES,v 1.192 2002/08/01 10:23:26 stelian Exp $
+
+Changes between versions 0.4b31 and 0.4b32 (released ?????????????)
+===================================================================
+
+1.	Changed dump to use fcntl(F_SETLK) style locking instead
+	of flock() when locking the dumpdates file. With the old 
+	locking scheme, a local user having read rights on the 
+	dumpdates file could be able to do a Denial of Service attack
+	on dump. In order to lock the dumpdates file with the new
+	scheme, the user would need to have write access on the file.
+	Thanks to Richard Johnson <Richard.Johnson3@ey.com> for 
+	reporting the bug (originally a bugtraq post).
+
+Changes between versions 0.4b30 and 0.4b31 (released July 30, 2002)
+===================================================================
+
+1.	Fixed rmt open flags transmission (GNU's symbolic syntax over
+	rmt) which I broke in 0.4b29. Thanks to Eros Albertazzi
+	<eros@lamel.bo.cnr.it> for reporting the bug.
 
 Changes between versions 0.4b29 and 0.4b30 (released July 25, 2002)
 ===================================================================