===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata23.html,v
retrieving revision 1.63
retrieving revision 1.64
diff -u -r1.63 -r1.64
--- www/errata23.html	2014/03/31 04:11:40	1.63
+++ www/errata23.html	2014/03/31 16:02:48	1.64
@@ -77,7 +77,8 @@
 
 <ul>
 <li><a name="bootpd"></a>
-<font color="#009000"><strong>SECURITY FIX</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>SECURITY FIX</strong></font>
+&nbsp; <i>All architectures</i><br>
 A remotely exploitable problem exists in bootpd(8).  bootpd is disabled
 by default, but some people may actually be using it.
 <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/bootpd.patch">
@@ -85,13 +86,15 @@
 This is the second version of the patch.
 <p>
 <li><a name="tcpfix"></a>
-<font color="#009000"><strong>SECURITY FIX</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>SECURITY FIX</strong></font>
+&nbsp; <i>All architectures</i><br>
 A remote machine lockup problem exists in the TCP decoding code.
 <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/tcpfix.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
 <li><a name="atapi"></a>
-<font color="#009000"><strong>HARDWARE SUPPORT</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>HARDWARE SUPPORT</strong></font>
+&nbsp; <i>All architectures</i><br>
 Some ATAPI cdroms which do not support the full mandatory command set,
 (e.g. ATAPI_READ_CD_CAPACITY) do not work with the acd(4) driver.
 A patch is
@@ -99,33 +102,38 @@
 available here.</a>
 <p>
 <li><a name="chpass"></a>
-<font color="#009000"><strong>SECURITY FIX</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>SECURITY FIX</strong></font>
+&nbsp; <i>All architectures</i><br>
 Chpass(1) has a file descriptor leak which allows an
 attacker to modify /etc/master.passwd.
 <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/chpass.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
 <li><a name="resid"></a>
-<font color="#009000"><strong>RELIABILITY FIX</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>RELIABILITY FIX</strong></font>
+&nbsp; <i>All architectures</i><br>
 Calling readv(2) with iov_len &lt; 0 or &gt; INT_MAX would result in a
 kernel panic.  This is the third revision of this patch.
 <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/resid.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
 <li><a name="inetd"></a>
-<font color="#009000"><strong>SECURITY FIX</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>SECURITY FIX</strong></font>
+&nbsp; <i>All architectures</i><br>
 Inetd had a file descriptor leak.  A patch is
 <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/inetd.patch">
 available here.</a>
 <p>
 <li><a name="unionfs"></a>
-<font color="#009000"><strong>BUG FIX</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>BUG FIX</strong></font>
+&nbsp; <i>All architectures</i><br>
 As shipped, unionfs had some serious problems.
 <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/unionfs.patch">
 A patch is available to solve this</a>.
 <p>
 <li><a name="fdalloc"></a>
-<font color="#009000"><strong>SECURITY FIX</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>SECURITY FIX</strong></font>
+&nbsp; <i>All architectures</i><br>
 Some non-allocated file descriptors have implied uses according to
 system libraries, and hence setuid and setgid processes should not
 be executed with these descriptors unallocated.  A patch which forces
@@ -135,7 +143,8 @@
 available here.</a>
 <p>
 <li><a name="resolver"></a>
-<font color="#009000"><strong>SECURITY FIX</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>SECURITY FIX</strong></font>
+&nbsp; <i>All architectures</i><br>
 A benign looking buffer overflow in the resolver routines was re-introduced
 accidentally.  The previously fixed behaviour is more correct.  A patch
 to fix this is
@@ -143,7 +152,8 @@
 available here.</a>
 <p>
 <li><a name="xlib"></a>
-<font color="#009000"><strong>SECURITY FIX</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>SECURITY FIX</strong></font>
+&nbsp; <i>All architectures</i><br>
 Vulnerabilities have been found in the X11, Xt, Xaw and Xmu
 libraries. These affect xterm and all other setuid-root programs that
 use these libraries. The problems are associated with buffer overflows
@@ -158,7 +168,8 @@
 OpenBSD 2.3 X11 tree, is available now.
 <p>
 <li><a name="kill"></a>
-<font color="#009000"><strong>SECURITY FIX</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>SECURITY FIX</strong></font>
+&nbsp; <i>All architectures</i><br>
 The kill(2) system call previously would permit a large set of signals to
 be delivered to setuid or setgid processes.  If such processes were using
 those signals in dubious ways, this could have resulted in security
@@ -168,7 +179,8 @@
 available.</a>
 <p>
 <li><a name="immutable"></a>
-<font color="#009000"><strong>SECURITY FIX</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>SECURITY FIX</strong></font>
+&nbsp; <i>All architectures</i><br>
 A possible new security problem exists if you rely on securelevels and
 immutable or append-only files or character devices.  The fix does not
 permit mmap'ing of immutable or append-only files which are otherwise
@@ -178,7 +190,8 @@
 A source code patch exists which remedies this problem.</a>
 <p>
 <li><a name="ipsec"></a>
-<font color="#009000"><strong>SECURITY FIX</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>SECURITY FIX</strong></font>
+&nbsp; <i>All architectures</i><br>
 If IPSEC communication is attempted by starting photurisd(8) (which is
 disabled by default), a system crash may be evoked from remote if
 an attacker uses some classes of invalid packets.
@@ -186,7 +199,8 @@
 A source code patch exists which remedies this problem.</a>
 <p>
 <a name="xterm-xaw"></a>
-<li><font color="#009000"><strong>SECURITY FIX</strong></font> &nbsp; <i>All architectures</i><br>
+<li><font color="#009000"><strong>SECURITY FIX</strong></font>
+&nbsp; <i>All architectures</i><br>
 As stated in CERT advisory VB-98.04, there are buffer
 overrun problems in <strong>xterm</strong> related to the input-Method,
 preeditType, and *Keymap resources. Additional buffer overruns exist in