===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/68.html,v
retrieving revision 1.40
retrieving revision 1.41
diff -c -r1.40 -r1.41
*** www/68.html	2020/10/04 21:44:53	1.40
--- www/68.html	2020/10/04 22:12:48	1.41
***************
*** 328,348 ****
      <li>Rewrote the entropy enqueue ring to collect damage asynchronously and adapted the dequeue to mix a selection of "best" ring entries, exponentially backing off the dequeue timeout, to compensate rapidly for weak seeding in unidentifiable conditions and ensure quality to arc4random() calls early in boot.
      <li>Enabled PAN (Privileged Access Never) on arm64 CPUs supporting it.
      <li>Skipped scanning file systems which are both nodev and nosuid for SUID, SGID and device files with <a href="https://man.openbsd.org/security">security(8)</a>.
! 
! 
!     <li>The following security bugs were addressed:
!       <ul>
! 	<li>Fixed two out-of-bounds array accesses in ioctl code pathways in
! 		<a href="https://man.openbsd.org/wscons">wscons(4)</a>.
! 	<li>Fixed information leak in semctl SEM_GET.
! 	<li>Prevented root from freezing the UTC clock with <a href="https://man.openbsd.org/settimeofday">settimeofday(2)</a> at securelevel 2.
! 	<li>Fixed performance problems relating to tty subsystem abuse.<!-- tty.c,v 1.158 2020/07/14 14:33:03 deraadt -->
! 	<li>Fixed heap corruption in the X input method client in libX11.
! 	<li>Fixed potential information leak via X server pixel data uninitialized memory.
! 	<li>Fixed a race condition for isoc devices during device close.
! 	<li>Fixed an integer overflow in libX11 which could lead to a double free.
! 	<li>Corrected multiple input validation deficits in X server extensions.
!       </ul>
    </ul>
  
  <li>Routing daemons and other userland network improvements:
--- 328,343 ----
      <li>Rewrote the entropy enqueue ring to collect damage asynchronously and adapted the dequeue to mix a selection of "best" ring entries, exponentially backing off the dequeue timeout, to compensate rapidly for weak seeding in unidentifiable conditions and ensure quality to arc4random() calls early in boot.
      <li>Enabled PAN (Privileged Access Never) on arm64 CPUs supporting it.
      <li>Skipped scanning file systems which are both nodev and nosuid for SUID, SGID and device files with <a href="https://man.openbsd.org/security">security(8)</a>.
!     <li>Fixed two out-of-bounds array accesses in ioctl code pathways in
! 	<a href="https://man.openbsd.org/wscons">wscons(4)</a>.
!     <li>Fixed information leak in semctl SEM_GET.
!     <li>Prevented root from freezing the UTC clock with <a href="https://man.openbsd.org/settimeofday">settimeofday(2)</a> at securelevel 2.
!     <li>Fixed performance problems relating to tty subsystem abuse.<!-- tty.c,v 1.158 2020/07/14 14:33:03 deraadt -->
!     <li>Fixed heap corruption in the X input method client in libX11.
!     <li>Fixed potential information leak via X server pixel data uninitialized memory.
!     <li>Fixed a race condition for isoc devices during device close.
!     <li>Fixed an integer overflow in libX11 which could lead to a double free.
!     <li>Corrected multiple input validation deficits in X server extensions.
    </ul>
  
  <li>Routing daemons and other userland network improvements: