X-Git-Url: https://git.wh0rd.org/?p=dump.git;a=blobdiff_plain;f=CHANGES;h=ccd47e0bd51bc6c0535bd7fcd01071cd662406b6;hp=ff87fc871662f79168f53e5b25d7f2697c6297f4;hb=d86089d1dfe8565a3cf6f9d6e2fe96d29d6ab5f1;hpb=4ae23b5c243fdfc6f986d2a300459b424239e930

diff --git a/CHANGES b/CHANGES
index ff87fc8..ccd47e0 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,4 +1,16 @@
-$Id: CHANGES,v 1.191 2002/07/30 14:12:38 stelian Exp $
+$Id: CHANGES,v 1.192 2002/08/01 10:23:26 stelian Exp $
+
+Changes between versions 0.4b31 and 0.4b32 (released ?????????????)
+===================================================================
+
+1.	Changed dump to use fcntl(F_SETLK) style locking instead
+	of flock() when locking the dumpdates file. With the old 
+	locking scheme, a local user having read rights on the 
+	dumpdates file could be able to do a Denial of Service attack
+	on dump. In order to lock the dumpdates file with the new
+	scheme, the user would need to have write access on the file.
+	Thanks to Richard Johnson <Richard.Johnson3@ey.com> for 
+	reporting the bug (originally a bugtraq post).
 
 Changes between versions 0.4b30 and 0.4b31 (released July 30, 2002)
 ===================================================================