===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata35.html,v
retrieving revision 1.49
retrieving revision 1.50
diff -u -r1.49 -r1.50
--- www/errata35.html	2014/03/31 04:11:40	1.49
+++ www/errata35.html	2014/03/31 16:02:48	1.50
@@ -78,7 +78,8 @@
 
 <ul>
 <li><a name="cvs4"></a>
-<font color="#009000"><strong>033: SECURITY FIX: April 28, 2005</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>033: SECURITY FIX: April 28, 2005</strong></font>
+&nbsp; <i>All architectures</i><br>
 Fix a buffer overflow, memory leaks, and NULL pointer dereference in
 <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvs&sektion=1">cvs(1)</a>
 . None of these issues are known to be exploitable.
@@ -90,7 +91,8 @@
 <p>
 
 <li><a name="tcp2"></a>
-<font color="#009000"><strong>032: RELIABILITY FIX: April 4, 2005</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>032: RELIABILITY FIX: April 4, 2005</strong></font>
+&nbsp; <i>All architectures</i><br>
 Handle an edge condition in
 <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcp&sektion=4">tcp(4)</a>
 timestamps.
@@ -100,7 +102,8 @@
 <p>
 
 <li><a name="telnet"></a>
-<font color="#009000"><strong>031: SECURITY FIX: March 30, 2005</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>031: SECURITY FIX: March 30, 2005</strong></font>
+&nbsp; <i>All architectures</i><br>
 Due to buffer overflows in
 <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=telnet&amp;apropos=0&amp;sektion=1&amp;manpath=OpenBSD+Current&amp;arch=i386&amp;format=html">telnet(1)</a>
 , a malicious server or man-in-the-middle attack could allow execution of
@@ -113,7 +116,8 @@
 <p>
 
 <li><a name="sack"></a>
-<font color="#009000"><strong>030: RELIABILITY FIX: March 30, 2005</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>030: RELIABILITY FIX: March 30, 2005</strong></font>
+&nbsp; <i>All architectures</i><br>
 Bugs in the
 <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcp&amp;apropos=0&amp;sektion=4&amp;manpath=OpenBSD+Current&amp;arch=i386&amp;format=html">tcp(4)</a>
 stack can lead to memory exhaustion or processing of TCP segments with
@@ -124,7 +128,8 @@
 <p>
 
 <li><a name="copy"></a>
-<font color="#009000"><strong>029: SECURITY FIX: March 16, 2005</strong></font> &nbsp; <i>amd64 only</i><br>
+<font color="#009000"><strong>029: SECURITY FIX: March 16, 2005</strong></font>
+&nbsp; <i>amd64 only</i><br>
 More stringent checking should be done in the
 <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=copy&amp;apropos=0&amp;sektion=9&amp;manpath=OpenBSD+Current&amp;arch=i386&amp;format=html">copy(9)</a>
 functions to prevent their misuse.
@@ -134,7 +139,8 @@
 <p>
 
 <li><a name="locore"></a>
-<font color="#009000"><strong>028: SECURITY FIX: February 28, 2005</strong></font> &nbsp; <i>i386 only</i><br>
+<font color="#009000"><strong>028: SECURITY FIX: February 28, 2005</strong></font>
+&nbsp; <i>i386 only</i><br>
 More stringent checking should be done in the
 <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=copy&amp;apropos=0&amp;sektion=9&amp;manpath=OpenBSD+Current&amp;arch=i386&amp;format=html">copy(9)</a>
 functions to prevent their misuse.
@@ -144,7 +150,8 @@
 <p>
 
 <li><a name="rtt"></a>
-<font color="#009000"><strong>027: RELIABILITY FIX: January 11, 2005</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>027: RELIABILITY FIX: January 11, 2005</strong></font>
+&nbsp; <i>All architectures</i><br>
 A bug in the
 <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=tcp&amp;apropos=0&amp;sektion=4&amp;manpath=OpenBSD+Current&amp;arch=i386&amp;format=html">tcp(4)</a>
 stack allows an invalid argument to be used in calculating the TCP
@@ -156,7 +163,8 @@
 <p>
 
 <li><a name="httpd3"></a>
-<font color="#009000"><strong>026: SECURITY FIX: January 12, 2005</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>026: SECURITY FIX: January 12, 2005</strong></font>
+&nbsp; <i>All architectures</i><br>
 <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&apropos=0&sektion=8&manpath=OpenBSD+Current&arch=i386&format=html">httpd(8)</a>
 's mod_include module fails to properly validate the length of
 user supplied tag strings prior to copying them to a local buffer,
@@ -170,7 +178,8 @@
 <p>
 
 <li><a name="getcwd"></a>
-<font color="#009000"><strong>025: RELIABILITY FIX: January 6, 2005</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>025: RELIABILITY FIX: January 6, 2005</strong></font>
+&nbsp; <i>All architectures</i><br>
 The
 <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=getcwd&amp;apropos=0&amp;sektion=3&amp;manpath=OpenBSD+Current&amp;arch=i386&amp;format=html">getcwd(3)</a>
 library function contains a memory management error, which causes failure
@@ -181,7 +190,8 @@
 <p>
 
 <li><a name="pfkey"></a>
-<font color="#009000"><strong>024: SECURITY FIX: December 14, 2004</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>024: SECURITY FIX: December 14, 2004</strong></font>
+&nbsp; <i>All architectures</i><br>
 On systems running
 <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&amp;apropos=0&amp;sektion=8&amp;manpath=OpenBSD+Current&amp;arch=i386&amp;format=html">isakmpd(8)</a>
 it is possible for a local user to cause kernel memory corruption
@@ -193,7 +203,8 @@
 A source code patch exists which remedies this problem.</a>
 <p>
 <li><a name="lynx"></a>
-<font color="#009000"><strong>023: RELIABILITY FIX: November 10, 2004</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>023: RELIABILITY FIX: November 10, 2004</strong></font>
+&nbsp; <i>All architectures</i><br>
 Due to a bug in
 <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=lynx&amp;apropos=0&amp;sektion=1&amp;manpath=OpenBSD+Current&amp;arch=i386&amp;format=html">lynx(1)</a>
 it is possible for pages such as
@@ -206,7 +217,8 @@
 A source code patch exists which remedies this problem.</a>
 <p>
 <li><a name="pppd"></a>
-<font color="#009000"><strong>022: RELIABILITY FIX: November 10, 2004</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>022: RELIABILITY FIX: November 10, 2004</strong></font>
+&nbsp; <i>All architectures</i><br>
 <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=pppd&amp;apropos=0&amp;sektion=8&amp;manpath=OpenBSD+Current&amp;arch=i386&amp;format=html">pppd(8)</a>
 contains a bug that allows an attacker to crash his own connection, but it cannot
 be used to deny service to other users.
@@ -215,7 +227,8 @@
 A source code patch exists which remedies this problem.</a>
 <p>
 <li><a name="bind"></a>
-<font color="#009000"><strong>021: RELIABILITY FIX: November 10, 2004</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>021: RELIABILITY FIX: November 10, 2004</strong></font>
+&nbsp; <i>All architectures</i><br>
 BIND contains a bug which results in BIND trying to contact nameservers via IPv6, even in
 cases where IPv6 connectivity is non-existent. This results in unnecessary timeouts and
 thus slow DNS queries.
@@ -224,7 +237,8 @@
 A source code patch exists which remedies this problem.</a>
 <p>
 <li><a name="radius"></a>
-<font color="#009000"><strong>020: SECURITY FIX: September 20, 2004</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>020: SECURITY FIX: September 20, 2004</strong></font>
+&nbsp; <i>All architectures</i><br>
 Eilko Bos reported that radius authentication, as implemented by
 <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=login_radius&amp;apropos=0&amp;sektion=8&amp;manpath=OpenBSD+Current&amp;arch=i386&amp;format=html">login_radius(8)</a>,
 was not checking the shared secret used for replies sent by the radius server.
@@ -235,7 +249,8 @@
 A source code patch exists which remedies this problem.</a>
 <p>
 <li><a name="xpm"></a>
-<font color="#009000"><strong>019: SECURITY FIX: September 16, 2004</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>019: SECURITY FIX: September 16, 2004</strong></font>
+&nbsp; <i>All architectures</i><br>
 Chris Evans reported several flaws (stack and integer overflows) in the
 <a href="http://www.inria.fr/koala/lehors/xpm.html">Xpm</a>
 library code that parses image files
@@ -248,7 +263,8 @@
 A source code patch exists which remedies this problem.</a>
 <p>
 <li><a name="httpd2"></a>
-<font color="#009000"><strong>018: SECURITY FIX: September 10, 2004</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>018: SECURITY FIX: September 10, 2004</strong></font>
+&nbsp; <i>All architectures</i><br>
 <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&amp;apropos=0&amp;sektion=8&amp;manpath=OpenBSD+Current&amp;arch=i386&amp;format=html">httpd(8)</a>
 's mod_rewrite module can be made to write one zero byte in an arbitrary memory
 position outside of a char array, causing a DoS or possibly buffer overflows.
@@ -259,7 +275,8 @@
 A source code patch exists which remedies this problem.</a>
 <p>
 <li><a name="libz"></a>
-<font color="#009000"><strong>017: RELIABILITY FIX: August 29, 2004</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>017: RELIABILITY FIX: August 29, 2004</strong></font>
+&nbsp; <i>All architectures</i><br>
 Due to incorrect error handling in zlib an attacker could potentially cause a Denial
 of Service attack.
 <a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0797">CAN-2004-0797</a>
@@ -269,7 +286,8 @@
 A source code patch exists which remedies this problem.</a>
 <p>
 <li><a name="bridge"></a>
-<font color="#009000"><strong>016: RELIABILITY FIX: August 26, 2004</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>016: RELIABILITY FIX: August 26, 2004</strong></font>
+&nbsp; <i>All architectures</i><br>
 As
 <a href="http://marc.info/?l=bugtraq&amp;m=109345131508824&amp;w=2">reported</a>
 by Vafa Izadinia
@@ -280,7 +298,8 @@
 A source code patch exists which remedies this problem.</a>
 <p>
 <li><a name="icmp"></a>
-<font color="#009000"><strong>015: RELIABILITY FIX: August 25, 2004</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>015: RELIABILITY FIX: August 25, 2004</strong></font>
+&nbsp; <i>All architectures</i><br>
 Improved verification of ICMP errors in order to minimize the impact of ICMP attacks
 against TCP.
 <br>
@@ -290,7 +309,8 @@
 A source code patch exists which remedies this problem.</a>
 <p>
 <li><a name="rnd"></a>
-<font color="#009000"><strong>014: RELIABILITY FIX: July 25, 2004</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>014: RELIABILITY FIX: July 25, 2004</strong></font>
+&nbsp; <i>All architectures</i><br>
 Under a certain network load the kernel can run out of stack space.  This was
 encountered in an environment using CARP on a VLAN interface.  This issue initially
 manifested itself as a FPU related crash on boot up.
@@ -299,7 +319,8 @@
 A source code patch exists which remedies this problem.</a>
 <p>
 <li><a name="httpd"></a>
-<font color="#009000"><strong>013: SECURITY FIX: June 12, 2004</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>013: SECURITY FIX: June 12, 2004</strong></font>
+&nbsp; <i>All architectures</i><br>
 Multiple vulnerabilities have been found in
 <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&amp;apropos=0&amp;sektion=8&amp;manpath=OpenBSD+Current&amp;arch=i386&amp;format=html">httpd(8)</a>
 / mod_ssl.
@@ -312,7 +333,8 @@
 A source code patch exists which remedies this problem.</a>
 <p>
 <li><a name="isakmpd"></a>
-<font color="#009000"><strong>012: SECURITY FIX: June 10, 2004</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>012: SECURITY FIX: June 10, 2004</strong></font>
+&nbsp; <i>All architectures</i><br>
 As
 <a href="http://seclists.org/lists/fulldisclosure/2004/Jun/0191.html">disclosed</a>
 by Thomas Walpuski
@@ -324,7 +346,8 @@
 A source code patch exists which remedies this problem.</a>
 <p>
 <li><a name="cvs3"></a>
-<font color="#009000"><strong>011: SECURITY FIX: June 9, 2004</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>011: SECURITY FIX: June 9, 2004</strong></font>
+&nbsp; <i>All architectures</i><br>
 Multiple remote vulnerabilities have been found in the
 <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvs&amp;apropos=0&amp;sektion=1&amp;manpath=OpenBSD+Current&amp;arch=i386&amp;format=html">cvs(1)</a>
 server that allow an attacker to crash the server or possibly execute arbitrary
@@ -334,7 +357,8 @@
 A source code patch exists which remedies this problem.</a>
 <p>
 <li><a name="fifofs"></a>
-<font color="#009000"><strong>010: RELIABILITY FIX: June 9, 2004</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>010: RELIABILITY FIX: June 9, 2004</strong></font>
+&nbsp; <i>All architectures</i><br>
 A FIFO bug was introduced in OpenBSD 3.5 that occurs when a FIFO is opened in
 non-blocking mode for writing when there are no processes reading the FIFO.
 One program affected by this is the <a href="http://www.qmail.org/">qmail</a>
@@ -344,7 +368,8 @@
 A source code patch exists which remedies this problem.</a>
 <p>
 <li><a name="kerberos"></a>
-<font color="#00900"><strong>009: SECURITY FIX: May 30, 2004</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#00900"><strong>009: SECURITY FIX: May 30, 2004</strong></font>
+&nbsp; <i>All architectures</i><br>
 A flaw in the Kerberos V
 <ahref="http://www.openbsd.org/cgi-bin/man.cgi?query=kdc">kdc(8)</a>
 server could result in the administrator of a Kerberos realm having
@@ -358,7 +383,8 @@
 A source code patch exists which remedies this problem.</a>
 <p>
 <li><a name="xdm"></a>
-<font color="#00900"><strong>008: SECURITY FIX: May 26, 2004</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#00900"><strong>008: SECURITY FIX: May 26, 2004</strong></font>
+&nbsp; <i>All architectures</i><br>
 With the introduction of IPv6 code in
 <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=xdm&amp;apropos=0&amp;sektion=0&amp;manpath=OpenBSD+Current&amp;arch=i386&amp;format=html">xdm(1)</a>,
 one test on the 'requestPort' resource was deleted by accident. This
@@ -371,7 +397,8 @@
 A source code patch exists which remedies this problem.</a>
 <p>
 <li><a name="cvs2"></a>
-<font color="#009000"><strong>007: SECURITY FIX: May 20, 2004</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>007: SECURITY FIX: May 20, 2004</strong></font>
+&nbsp; <i>All architectures</i><br>
 A heap overflow in the
 <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvs&amp;apropos=0&amp;sektion=1&amp;manpath=OpenBSD+Current&amp;arch=i386&amp;format=html">cvs(1)</a>
 server has been discovered that can be exploited by clients sending
@@ -382,21 +409,24 @@
 A source code patch exists which remedies this problem.</a>
 <p>
 <li><a name="procfs"></a>
-<font color="#009000"><strong>006: SECURITY FIX: May 13, 2004</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>006: SECURITY FIX: May 13, 2004</strong></font>
+&nbsp; <i>All architectures</i><br>
 Check for integer overflow in procfs.  Use of procfs is not recommended.
 <br>
 <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/006_procfs.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
 <li><a name="tcp"></a>
-<font color="#009000"><strong>005: RELIABILITY FIX: May 6, 2004</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>005: RELIABILITY FIX: May 6, 2004</strong></font>
+&nbsp; <i>All architectures</i><br>
 Reply to in-window SYN with a rate-limited ACK.
 <br>
 <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/005_tcp.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
 <li><a name="scsi"></a>
-<font color="#009000"><strong>004: RELIABILITY FIX: May 5, 2004</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>004: RELIABILITY FIX: May 5, 2004</strong></font>
+&nbsp; <i>All architectures</i><br>
 Restore the ability to negotiate tags/wide/sync with some SCSI controllers ( i.e.
 <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=siop&amp;apropos=0&amp;sektion=4&amp;manpath=OpenBSD+Current&amp;arch=i386&amp;format=html">siop(4)</a>,
 <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=trm&amp;apropos=0&amp;sektion=4&amp;manpath=OpenBSD+Current&amp;arch=i386&amp;format=html">trm(4)</a>,
@@ -407,7 +437,8 @@
 A source code patch exists which remedies this problem.</a>
 <p>
 <li><a name="gdt"></a>
-<font color="#009000"><strong>003: RELIABILITY FIX: May 5, 2004</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>003: RELIABILITY FIX: May 5, 2004</strong></font>
+&nbsp; <i>All architectures</i><br>
 Under load "recent model"
 <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=gdt&amp;apropos=0&amp;sektion=4&amp;manpath=OpenBSD+Current&amp;arch=i386&amp;format=html">gdt(4)</a>
 controllers will lock up.
@@ -416,7 +447,8 @@
 A source code patch exists which remedies this problem.</a>
 <p>
 <li><a name="cvs"></a>
-<font color="#009000"><strong>002: SECURITY FIX: May 5, 2004</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>002: SECURITY FIX: May 5, 2004</strong></font>
+&nbsp; <i>All architectures</i><br>
 Pathname validation problems have been found in
 <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvs&amp;apropos=0&amp;sektion=1&amp;manpath=OpenBSD+Current&amp;arch=i386&amp;format=html">cvs(1)</a>,
 allowing malicious clients to create files outside the repository, allowing