===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata.html,v
retrieving revision 1.574
retrieving revision 1.575
diff -c -r1.574 -r1.575
*** www/errata.html	2006/11/04 03:02:28	1.574
--- www/errata.html	2006/11/04 21:28:18	1.575
***************
*** 76,82 ****
  <ul>
  
  <li><a name="systrace"></a>
! <font color="#009000"><strong>003: SECURITY FIX: October 7, 2006</strong></font> &nbsp; <i>All architectures</i><br>
  Fix for an integer overflow in
  <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&amp;sektion=4">systrace(4)</a>'s
  STRIOCREPLACE support, found by
--- 76,82 ----
  <ul>
  
  <li><a name="systrace"></a>
! <font color="#009000"><strong>003: SECURITY FIX: November 4, 2006</strong></font> &nbsp; <i>All architectures</i><br>
  Fix for an integer overflow in
  <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&amp;sektion=4">systrace(4)</a>'s
  STRIOCREPLACE support, found by
***************
*** 88,94 ****
  <p>
  
  <li><a name="openssl2"></a>
! <font color="#009000"><strong>002: SECURITY FIX: October 7, 2006</strong></font> &nbsp; <i>All architectures</i><br>
  Several problems have been found in OpenSSL. While parsing certain invalid ASN.1
  structures an error condition is mishandled, possibly resulting in an infinite
  loop. A buffer overflow exists in the SSL_get_shared_ciphers function. A NULL
--- 88,94 ----
  <p>
  
  <li><a name="openssl2"></a>
! <font color="#009000"><strong>002: SECURITY FIX: November 4, 2006</strong></font> &nbsp; <i>All architectures</i><br>
  Several problems have been found in OpenSSL. While parsing certain invalid ASN.1
  structures an error condition is mishandled, possibly resulting in an infinite
  loop. A buffer overflow exists in the SSL_get_shared_ciphers function. A NULL
***************
*** 106,112 ****
  <p>
  
  <li><a name="httpd"></a>
! <font color="#009000"><strong>001: SECURITY FIX: October 7, 2006</strong></font> &nbsp; <i>All architectures</i><br>
  <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&amp;sektion=8">httpd(8)</a>
  does not sanitize the Expect header from an HTTP request when it is
  reflected back in an error message, which might allow cross-site scripting (XSS)
--- 106,112 ----
  <p>
  
  <li><a name="httpd"></a>
! <font color="#009000"><strong>001: SECURITY FIX: November 4, 2006</strong></font> &nbsp; <i>All architectures</i><br>
  <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&amp;sektion=8">httpd(8)</a>
  does not sanitize the Expect header from an HTTP request when it is
  reflected back in an error message, which might allow cross-site scripting (XSS)
***************
*** 150,156 ****
  <hr>
  <a href=index.html><img height=24 width=24 src=back.gif border=0 alt=OpenBSD></a> 
  <a href="mailto:www@openbsd.org">www@openbsd.org</a>
! <br><small>$OpenBSD: errata.html,v 1.574 2006/11/04 03:02:28 brad Exp $</small>
  
  </body>
  </html>
--- 150,156 ----
  <hr>
  <a href=index.html><img height=24 width=24 src=back.gif border=0 alt=OpenBSD></a> 
  <a href="mailto:www@openbsd.org">www@openbsd.org</a>
! <br><small>$OpenBSD: errata.html,v 1.575 2006/11/04 21:28:18 deraadt Exp $</small>
  
  </body>
  </html>