===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/60.html,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -r1.21 -r1.22
--- www/60.html 2016/07/22 20:33:22 1.21
+++ www/60.html 2016/07/22 21:24:11 1.22
@@ -120,7 +120,7 @@
- W^X is now strictly enforced by default;
a program can only violate it if the executable is marked with
- PT_OPENBSD_WXNEEDED and its is located on a filesystem
+ PT_OPENBSD_WXNEEDED and it is located on a filesystem
mounted with the wxallowed
mount(8) option.
- The setjmp(3)
@@ -129,8 +129,8 @@
- sigreturn(2)
can now only be used by the kernel-provided signal trampoline,
with a cookie to detect attempts to reuse it.
-
- To deter code reuse exploits, in rc(8),
- re-link libc.so on startup, placing the objects in a random order.
+
- To deter code reuse exploits, rc(8)
+ re-links libc.so on startup, placing the objects in a random order.
- In the getpwnam(3)
family of functions, stop opening the shadow database by default.
- Allow tcpdump(8)
@@ -326,7 +326,7 @@
ensures that only GENERALIZEDTIME formats are accepted for
OCSP, as per RFC 6960.
- The following CVEs had been fixed:
+ The following CVEs have been fixed:
- CVE-2016-2105—EVP_EncodeUpdate overflow.
- CVE-2016-2106—EVP_EncryptUpdate overflow.