===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata22.html,v
retrieving revision 1.72
retrieving revision 1.73
diff -u -r1.72 -r1.73
--- www/errata22.html	2014/03/31 04:11:40	1.72
+++ www/errata22.html	2014/03/31 16:02:48	1.73
@@ -76,7 +76,8 @@
 
 <ul>
 <li><a name="ipsec"></a>
-<font color="#009000"><strong>SECURITY FIX</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>SECURITY FIX</strong></font>
+&nbsp; <i>All architectures</i><br>
 If IPSEC communication is attempted by starting photurisd(8) (which is
 disabled by default), a system crash may be evoked from remote if
 an attacker uses some classes of invalid packets.
@@ -84,7 +85,8 @@
 A source code patch exists which remedies this problem.</a>
 <p>
 <li><a name="xterm-xaw"></a>
-<font color="#009000"><strong>SECURITY FIX</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>SECURITY FIX</strong></font>
+&nbsp; <i>All architectures</i><br>
 As stated in CERT advisory VB-98.04, there are buffer
 overrun problems in <strong>xterm</strong> related to the input-Method,
 preeditType, and *Keymap resources. Additional buffer overruns exist in
@@ -99,7 +101,8 @@
 We provide a version of this patch file specifically for the OpenBSD 2.2 tree</a>.
 <p>
 <li><a name="rmjob"></a>
-<font color="#009000"><strong>SECURITY FIX</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>SECURITY FIX</strong></font>
+&nbsp; <i>All architectures</i><br>
 An exploitable buffer mismanagement exists in a subroutine used by
 lprm and lpd.  The problem is exploitable by users on a particular
 machine if there is an entry in <strong>/etc/printcap</strong> which
@@ -108,21 +111,24 @@
 A patch is available which corrects this behaviour</a>.
 <p>
 <li><a name="uucpd"></a>
-<font color="#009000"><strong>SECURITY FIX</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>SECURITY FIX</strong></font>
+&nbsp; <i>All architectures</i><br>
 A DNS-based vulnerability exists when uucpd is used.  By default uucpd
 is not enabled in the OpenBSD releases, but some sites may have enabled it.
 <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/uucpd.patch">
 A patch is available which corrects this behaviour</a>.
 <p>
 <li><a name="named"></a>
-<font color="#009000"><strong>SECURITY FIX</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>SECURITY FIX</strong></font>
+&nbsp; <i>All architectures</i><br>
 A vulnerability exists when (and only when) /etc/named.conf has the
 <strong>fake-iquery</strong> option enabled.
 <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/named.patch">
 A patch is available which corrects this behaviour</a>.
 <p>
 <li><a name="ping"></a>
-<font color="#009000"><strong>SECURITY FIX</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>SECURITY FIX</strong></font>
+&nbsp; <i>All architectures</i><br>
 A vulnerability exists in ping(8); if the -R option is used to record
 routes, an attacker can spoof a reply packet that will overflow inside
 ping.  Preliminary investigation makes it look the worst attack
@@ -143,7 +149,8 @@
 A kernel patch is provided</a>.
 <p>
 <li><a name="ruserok"></a>
-<font color="#009000"><strong>SECURITY FIX</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>SECURITY FIX</strong></font>
+&nbsp; <i>All architectures</i><br>
 A combination localhost+remote host security problem exists if a
 local user running a setuid binary causes a non-existent root .rhosts
 file to be created via a symbolic link with a specific kind of corefile,
@@ -186,7 +193,8 @@
 A kernel patch is available which corrects this behaviour (this is
 revision 3 of this patch)</a>.
 <p>
-<li><font color="#009000"><strong>BUILD PROCESS FIX</strong></font> &nbsp; <i>All architectures</i><br>
+<li><font color="#009000"><strong>BUILD PROCESS FIX</strong></font>
+&nbsp; <i>All architectures</i><br>
 Building an object tree from a read-only source tree (such as off a CDROM)
 may fail under certain circumstances (e.g. when creating a symlink on sparc
 whose target name is exactly 33 characters).  As a workaround you have to
@@ -196,14 +204,16 @@
 A replacement source file exists</a>.
 <p>
 <li><a name="mountd"></a>
-<font color="#009000"><strong>SECURITY FIX</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>SECURITY FIX</strong></font>
+&nbsp; <i>All architectures</i><br>
 If a line in /etc/exports which contains hostnames results in an empty
 list because none of the supplied hostnames is known, mountd(8) will
 accidentally export the filesystem to the world.
 <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/mountd.patch">
 A patch is available which corrects this behaviour</a>.
 <p>
-<li><font color="#009000"><strong>RELIABILITY FIX</strong></font> &nbsp; <i>All architectures</i><br>
+<li><font color="#009000"><strong>RELIABILITY FIX</strong></font>
+&nbsp; <i>All architectures</i><br>
 Setting the MSG_EOR flag on a tcp packet in the send(2) family of
 system calls could cause a kernel panic.
 <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.2/common/send.patch">