===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/68.html,v
retrieving revision 1.89
retrieving revision 1.90
diff -c -r1.89 -r1.90
*** www/68.html	2021/10/08 16:31:36	1.89
--- www/68.html	2023/04/09 07:14:45	1.90
***************
*** 550,556 ****
      <li>Bug Fixes
      <ul>
  	<li>Fix an off-by-one in the CBC padding removal.
! 	<li>Enforce in the TLSv1.3 server that that ClientHello messages after a HelloRetryRequest match the original ClientHello as per RFC 8446 section 4.1.2
  	<li>Avoid calling freezero with a negative size if a server sends a malformed plaintext of all zeroes.
  	<li>Correct use of sockaddr_storage instead of sockaddr in openssl(1) s_client, which could lead to using 14 bytes of stack garbage instead of an IPv6 address in DTLS mode.
  	<li>Fix a longstanding bug in <a href="https://man.openbsd.org/PEM_X509_INFO_read_bio">PEM_X509_INFO_read_bio(3)</a> that could cause use-after-free and double-free issues in calling programs.
--- 550,556 ----
      <li>Bug Fixes
      <ul>
  	<li>Fix an off-by-one in the CBC padding removal.
! 	<li>Enforce in the TLSv1.3 server that ClientHello messages after a HelloRetryRequest match the original ClientHello as per RFC 8446 section 4.1.2
  	<li>Avoid calling freezero with a negative size if a server sends a malformed plaintext of all zeroes.
  	<li>Correct use of sockaddr_storage instead of sockaddr in openssl(1) s_client, which could lead to using 14 bytes of stack garbage instead of an IPv6 address in DTLS mode.
  	<li>Fix a longstanding bug in <a href="https://man.openbsd.org/PEM_X509_INFO_read_bio">PEM_X509_INFO_read_bio(3)</a> that could cause use-after-free and double-free issues in calling programs.