===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/60.html,v
retrieving revision 1.3
retrieving revision 1.4
diff -c -r1.3 -r1.4
*** www/60.html	2016/07/21 09:57:48	1.3
--- www/60.html	2016/07/21 10:40:51	1.4
***************
*** 162,176 ****
        </ul>
      </ul>
  <p>
! <li>LibreSSL X.X.X
      <ul>
      <li>User-visible features:
        <ul>
!       <li>...
        </ul>
      <li>Code improvements:
        <ul>
!       <li>...
        </ul>
      </ul>
  <p>
--- 162,215 ----
        </ul>
      </ul>
  <p>
! <li>LibreSSL 2.4.2
      <ul>
      <li>User-visible features:
        <ul>
!       <li>Fixed some broken manpage links in the install target.
!       <li><tt>cert.pem</tt> has been reorganized and synced with Mozilla's
!           certificate store.
!       <li>Reliability fix, correcting an error when parsing certain ASN.1
!           elements over 16k in size.
!       <li>Implemented the IETF <i>ChaCha20-Poly1305</i> cipher suites.
!       <li>Fixed password prompts from
!           <a href="http://man.openbsd.org/?query=openssl">openssl(1)</a>
!           to properly handle ^C.
        </ul>
      <li>Code improvements:
        <ul>
!       <li>Fixed an <i>nginx</i> compatibility issue by adding an
!           '<tt>install_sw</tt>' build target.
!       <li>Changed default
!           <a href="http://man.openbsd.org/?query=EVP_AEAD_CTX_init">EVP_aead_chacha20_poly1305(3)</a>
!           implementation to the IETF version, which is now the default.
!       <li>Reworked error handling in <tt>libtls</tt> so that configuration
!           errors are more visible.
!       <li>Added missing error handling around
!           <a href="http://man.openbsd.org/?query=bn_dump">bn_wexpand(3)</a>
!           calls.
!       <li>Added
!           <a href="http://man.openbsd.org/?query=bzero">explicit_bzero(3)</a>
!           calls for freed ASN.1 objects.
!       <li>Fixed <tt>X509_*set_object</tt> functions to return 0 on allocation
!           failure.
!       <li>Deprecated internal use of
!           <a href="http://man.openbsd.org/?query=EVP_EncryptInit">EVP_[Cipher|Encrypt|Decrypt]_Final</a>.
!       <li>Fixed a problem that prevents the DSA signing algorithm from running
!           in constant time even if the flag <tt>BN_FLG_CONSTTIME</tt> is set. 
!       <li>Fixed several issues in the OCSP code that could result in the
!           incorrect generation and parsing of OCSP requests. This remediates
!           a lack of error checking on time parsing in these functions, and
!           ensures that only <tt>GENERALIZEDTIME</tt> formats are accepted for
!           OCSP, as per <i>RFC 6960</i>.
!       </ul>
!     <li>The following CVEs had been fixed:
!       <ul>
!       <li><tt>CVE-2016-2105</tt>&#8212;EVP_EncodeUpdate overflow.
!       <li><tt>CVE-2016-2106</tt>&#8212;EVP_EncryptUpdate overflow.
!       <li><tt>CVE-2016-2107</tt>&#8212;padding oracle in AES-NI CBC MAC check.
!       <li><tt>CVE-2016-2108</tt>&#8212;memory corruption in the ASN.1 encoder.
!       <li><tt>CVE-2016-2109</tt>&#8212;ASN.1 BIO excessive memory allocation.
        </ul>
      </ul>
  <p>