===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata36.html,v
retrieving revision 1.61
retrieving revision 1.62
diff -u -r1.61 -r1.62
--- www/errata36.html	2019/05/27 22:55:19	1.61
+++ www/errata36.html	2019/05/28 16:32:42	1.62
@@ -85,125 +85,112 @@
 
 <ul>
 
-<li id="libz2">
-<strong>020: SECURITY FIX: July 21, 2005</strong>
+<li id="st">
+<strong>001: RELIABILITY FIX: November 10, 2004</strong>
 &nbsp; <i>All architectures</i><br>
-A buffer overflow has been found in
-<a href="https://man.openbsd.org/OpenBSD-3.6/compress.3">compress(3)</a>
-which may be exploitable.<br>
-Please note that this fixes a different buffer overflow than the <a href="#libz">previous</a> zlib patch.
+Fix detection of tape blocksize during device open. Corrects problem with
+<a href="https://man.openbsd.org/OpenBSD-3.6/restore.8">restore(8)</a>.
 <br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/020_libz.patch">
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/001_st.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
 
-<li id="libz">
-<strong>019: SECURITY FIX: July 6, 2005</strong>
+<li id="bind">
+<strong>002: RELIABILITY FIX: November 10, 2004</strong>
 &nbsp; <i>All architectures</i><br>
-A buffer overflow has been found in
-<a href="https://man.openbsd.org/OpenBSD-3.6/compress.3">compress(3)</a>
-which may be exploitable.
+BIND contains a bug which results in BIND trying to contact nameservers via IPv6, even in
+cases where IPv6 connectivity is non-existent. This results in unnecessary timeouts and
+thus slow DNS queries.
 <br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/019_libz.patch">
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/002_bind.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
 
-<li id="sudo">
-<strong>018: SECURITY FIX: June 20, 2005</strong>
+<li id="pppd">
+<strong>003: RELIABILITY FIX: November 10, 2004</strong>
 &nbsp; <i>All architectures</i><br>
-Due to a race condition in its command pathname handling, a user with
-<a href="https://man.openbsd.org/OpenBSD-3.6/sudo.8">sudo(8)</a>
-privileges may be able to run arbitrary commands if the user's entry
-is followed by an entry that grants <code>sudo ALL</code> privileges to
-another user.
+<a href="https://man.openbsd.org/OpenBSD-3.6/pppd.8">pppd(8)</a>
+contains a bug that allows an attacker to crash his own connection, but it cannot
+be used to deny service to other users.
 <br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/018_sudo.patch">
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/003_pppd.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
 
-<li id="getsockopt">
-<strong>017: RELIABILITY FIX: June 15, 2005</strong>
+<li id="lynx">
+<strong>004: RELIABILITY FIX: November 10, 2004</strong>
 &nbsp; <i>All architectures</i><br>
-As discovered by Stefan Miltchev calling
-<a href="https://man.openbsd.org/OpenBSD-3.6/getsockopt.2">getsockopt(2)</a>
-to get
-<a href="https://man.openbsd.org/OpenBSD-3.6/ipsec.4">ipsec(4)</a>
-credentials for a socket can result in a kernel panic.
+Due to a bug in
+<a href="https://man.openbsd.org/OpenBSD-3.6/lynx.1">lynx(1)</a>
+it is possible for pages such as
+<a href="http://lcamtuf.coredump.cx/mangleme/gallery/lynx_die1.html">this</a>
+to cause
+<a href="https://man.openbsd.org/OpenBSD-3.6/lynx.1">lynx(1)</a>
+to exhaust memory and then crash when parsing such pages.
 <br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/017_getsockopt.patch">
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/004_lynx.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
 
-<li id="cvs">
-<strong>016: SECURITY FIX: April 28, 2005</strong>
+<li id="isakmpd">
+<strong>005: RELIABILITY FIX: November 21, 2004</strong>
 &nbsp; <i>All architectures</i><br>
-Fix a buffer overflow, memory leaks, and NULL pointer dereference in
-<a href="https://man.openbsd.org/OpenBSD-3.6/cvs.1">cvs(1)</a>
-. None of these issues are known to be exploitable.
-<a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0753">CAN-2005-0753</a>
-.
+Wrong calculation of NAT-D payloads may cause interoperability problems between
+<a href="https://man.openbsd.org/OpenBSD-3.6/isakmpd.8">isakmpd(8)</a>
+and other ISAKMP/IKE implementations.
 <br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/016_cvs.patch">
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/005_isakmpd.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
 
-<li id="tcp">
-<strong>015: RELIABILITY FIX: April 4, 2005</strong>
+<li id="xl">
+<strong>006: RELIABILITY FIX: November 21, 2004</strong>
 &nbsp; <i>All architectures</i><br>
-Handle an edge condition in
-<a href="https://man.openbsd.org/OpenBSD-3.6/tcp.4">tcp(4)</a>
-timestamps.
+Fix for transmit side breakage on macppc and mbuf leaks with
+<a href="https://man.openbsd.org/OpenBSD-3.6/xl.4">xl(4)</a>.
 <br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/015_tcp.patch">
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/006_xl.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
 
-<li id="telnet">
-<strong>014: SECURITY FIX: March 30, 2005</strong>
+<li id="pfkey">
+<strong>007: SECURITY FIX: December 14, 2004</strong>
 &nbsp; <i>All architectures</i><br>
-Due to buffer overflows in
-<a href="https://man.openbsd.org/OpenBSD-3.6/telnet.1">telnet(1)</a>,
-a malicious server or man-in-the-middle attack could allow execution of
-arbitrary code with the privileges of the user invoking
-<a href="https://man.openbsd.org/OpenBSD-3.6/telnet.1">telnet(1)</a>.
-Noone should use telnet anymore.  Please use
-<a href="https://man.openbsd.org/OpenBSD-3.6/ssh.1">ssh(1)</a>.
+On systems running
+<a href="https://man.openbsd.org/OpenBSD-3.6/isakmpd.8">isakmpd(8)</a>
+it is possible for a local user to cause kernel memory corruption
+and system panic by setting
+<a href="https://man.openbsd.org/OpenBSD-3.6/ipsec.4">ipsec(4)</a>
+credentials on a socket.
 <br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/014_telnet.patch">
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/007_pfkey.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
 
-<li id="sack">
-<strong>013: RELIABILITY FIX: March 30, 2005</strong>
+<li id="getcwd">
+<strong>008: RELIABILITY FIX: January 6, 2005</strong>
 &nbsp; <i>All architectures</i><br>
-Bugs in the
-<a href="https://man.openbsd.org/OpenBSD-3.6/tcp.4">tcp(4)</a>
-stack can lead to memory exhaustion or processing of TCP segments with
-invalid SACK options and cause a system crash.
+The
+<a href="https://man.openbsd.org/OpenBSD-3.6/getcwd.3">getcwd(3)</a>
+library function contains a memory management error, which causes failure
+to retrieve the current working directory if the path is very long.
 <br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/013_sack.patch">
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/008_getcwd.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
 
-<li id="copy">
-<strong>012: SECURITY FIX: March 16, 2005</strong>
-&nbsp; <i>amd64 only</i><br>
-More stringent checking should be done in the
-<a href="https://man.openbsd.org/OpenBSD-3.6/copy.9">copy(9)</a>
-functions to prevent their misuse.
+<li id="httpd">
+<strong>009: SECURITY FIX: January 12, 2005</strong>
+&nbsp; <i>All architectures</i><br>
+<a href="https://man.openbsd.org/OpenBSD-3.6/httpd.8">httpd(8)</a>
+'s mod_include module fails to properly validate the length of
+user supplied tag strings prior to copying them to a local buffer,
+causing a buffer overflow.
 <br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.6/amd64/012_copy.patch">
-A source code patch exists which remedies this problem.</a>
-<p>
-
-<li id="locore">
-<strong>011: SECURITY FIX: February 28, 2005</strong>
-&nbsp; <i>i386 only</i><br>
-More stringent checking should be done in the
-<a href="https://man.openbsd.org/OpenBSD-3.6/copy.9">copy(9)</a>
-functions to prevent their misuse.
+This would require enabling the XBitHack directive or server-side
+includes and making use of a malicious document.
 <br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.6/i386/011_locore.patch">
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/009_httpd.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
 
@@ -220,112 +207,125 @@
 A source code patch exists which remedies this problem.</a>
 <p>
 
-<li id="httpd">
-<strong>009: SECURITY FIX: January 12, 2005</strong>
-&nbsp; <i>All architectures</i><br>
-<a href="https://man.openbsd.org/OpenBSD-3.6/httpd.8">httpd(8)</a>
-'s mod_include module fails to properly validate the length of
-user supplied tag strings prior to copying them to a local buffer,
-causing a buffer overflow.
+<li id="locore">
+<strong>011: SECURITY FIX: February 28, 2005</strong>
+&nbsp; <i>i386 only</i><br>
+More stringent checking should be done in the
+<a href="https://man.openbsd.org/OpenBSD-3.6/copy.9">copy(9)</a>
+functions to prevent their misuse.
 <br>
-This would require enabling the XBitHack directive or server-side
-includes and making use of a malicious document.
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.6/i386/011_locore.patch">
+A source code patch exists which remedies this problem.</a>
+<p>
+
+<li id="copy">
+<strong>012: SECURITY FIX: March 16, 2005</strong>
+&nbsp; <i>amd64 only</i><br>
+More stringent checking should be done in the
+<a href="https://man.openbsd.org/OpenBSD-3.6/copy.9">copy(9)</a>
+functions to prevent their misuse.
 <br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/009_httpd.patch">
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.6/amd64/012_copy.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
 
-<li id="getcwd">
-<strong>008: RELIABILITY FIX: January 6, 2005</strong>
+<li id="sack">
+<strong>013: RELIABILITY FIX: March 30, 2005</strong>
 &nbsp; <i>All architectures</i><br>
-The
-<a href="https://man.openbsd.org/OpenBSD-3.6/getcwd.3">getcwd(3)</a>
-library function contains a memory management error, which causes failure
-to retrieve the current working directory if the path is very long.
+Bugs in the
+<a href="https://man.openbsd.org/OpenBSD-3.6/tcp.4">tcp(4)</a>
+stack can lead to memory exhaustion or processing of TCP segments with
+invalid SACK options and cause a system crash.
 <br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/008_getcwd.patch">
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/013_sack.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
 
-<li id="pfkey">
-<strong>007: SECURITY FIX: December 14, 2004</strong>
+<li id="telnet">
+<strong>014: SECURITY FIX: March 30, 2005</strong>
 &nbsp; <i>All architectures</i><br>
-On systems running
-<a href="https://man.openbsd.org/OpenBSD-3.6/isakmpd.8">isakmpd(8)</a>
-it is possible for a local user to cause kernel memory corruption
-and system panic by setting
-<a href="https://man.openbsd.org/OpenBSD-3.6/ipsec.4">ipsec(4)</a>
-credentials on a socket.
+Due to buffer overflows in
+<a href="https://man.openbsd.org/OpenBSD-3.6/telnet.1">telnet(1)</a>,
+a malicious server or man-in-the-middle attack could allow execution of
+arbitrary code with the privileges of the user invoking
+<a href="https://man.openbsd.org/OpenBSD-3.6/telnet.1">telnet(1)</a>.
+Noone should use telnet anymore.  Please use
+<a href="https://man.openbsd.org/OpenBSD-3.6/ssh.1">ssh(1)</a>.
 <br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/007_pfkey.patch">
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/014_telnet.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
 
-<li id="xl">
-<strong>006: RELIABILITY FIX: November 21, 2004</strong>
+<li id="tcp">
+<strong>015: RELIABILITY FIX: April 4, 2005</strong>
 &nbsp; <i>All architectures</i><br>
-Fix for transmit side breakage on macppc and mbuf leaks with
-<a href="https://man.openbsd.org/OpenBSD-3.6/xl.4">xl(4)</a>.
+Handle an edge condition in
+<a href="https://man.openbsd.org/OpenBSD-3.6/tcp.4">tcp(4)</a>
+timestamps.
 <br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/006_xl.patch">
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/015_tcp.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
 
-<li id="isakmpd">
-<strong>005: RELIABILITY FIX: November 21, 2004</strong>
+<li id="cvs">
+<strong>016: SECURITY FIX: April 28, 2005</strong>
 &nbsp; <i>All architectures</i><br>
-Wrong calculation of NAT-D payloads may cause interoperability problems between
-<a href="https://man.openbsd.org/OpenBSD-3.6/isakmpd.8">isakmpd(8)</a>
-and other ISAKMP/IKE implementations.
+Fix a buffer overflow, memory leaks, and NULL pointer dereference in
+<a href="https://man.openbsd.org/OpenBSD-3.6/cvs.1">cvs(1)</a>
+. None of these issues are known to be exploitable.
+<a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0753">CAN-2005-0753</a>
+.
 <br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/005_isakmpd.patch">
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/016_cvs.patch">
 A source code patch exists which remedies this problem.</a>
-
 <p>
-<li id="lynx">
-<strong>004: RELIABILITY FIX: November 10, 2004</strong>
+
+<li id="getsockopt">
+<strong>017: RELIABILITY FIX: June 15, 2005</strong>
 &nbsp; <i>All architectures</i><br>
-Due to a bug in
-<a href="https://man.openbsd.org/OpenBSD-3.6/lynx.1">lynx(1)</a>
-it is possible for pages such as
-<a href="http://lcamtuf.coredump.cx/mangleme/gallery/lynx_die1.html">this</a>
-to cause
-<a href="https://man.openbsd.org/OpenBSD-3.6/lynx.1">lynx(1)</a>
-to exhaust memory and then crash when parsing such pages.
+As discovered by Stefan Miltchev calling
+<a href="https://man.openbsd.org/OpenBSD-3.6/getsockopt.2">getsockopt(2)</a>
+to get
+<a href="https://man.openbsd.org/OpenBSD-3.6/ipsec.4">ipsec(4)</a>
+credentials for a socket can result in a kernel panic.
 <br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/004_lynx.patch">
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/017_getsockopt.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
 
-<li id="pppd">
-<strong>003: RELIABILITY FIX: November 10, 2004</strong>
+<li id="sudo">
+<strong>018: SECURITY FIX: June 20, 2005</strong>
 &nbsp; <i>All architectures</i><br>
-<a href="https://man.openbsd.org/OpenBSD-3.6/pppd.8">pppd(8)</a>
-contains a bug that allows an attacker to crash his own connection, but it cannot
-be used to deny service to other users.
+Due to a race condition in its command pathname handling, a user with
+<a href="https://man.openbsd.org/OpenBSD-3.6/sudo.8">sudo(8)</a>
+privileges may be able to run arbitrary commands if the user's entry
+is followed by an entry that grants <code>sudo ALL</code> privileges to
+another user.
 <br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/003_pppd.patch">
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/018_sudo.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
 
-<li id="bind">
-<strong>002: RELIABILITY FIX: November 10, 2004</strong>
+<li id="libz">
+<strong>019: SECURITY FIX: July 6, 2005</strong>
 &nbsp; <i>All architectures</i><br>
-BIND contains a bug which results in BIND trying to contact nameservers via IPv6, even in
-cases where IPv6 connectivity is non-existent. This results in unnecessary timeouts and
-thus slow DNS queries.
+A buffer overflow has been found in
+<a href="https://man.openbsd.org/OpenBSD-3.6/compress.3">compress(3)</a>
+which may be exploitable.
 <br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/002_bind.patch">
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/019_libz.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
 
-<li id="st">
-<strong>001: RELIABILITY FIX: November 10, 2004</strong>
+<li id="libz2">
+<strong>020: SECURITY FIX: July 21, 2005</strong>
 &nbsp; <i>All architectures</i><br>
-Fix detection of tape blocksize during device open. Corrects problem with
-<a href="https://man.openbsd.org/OpenBSD-3.6/restore.8">restore(8)</a>.
+A buffer overflow has been found in
+<a href="https://man.openbsd.org/OpenBSD-3.6/compress.3">compress(3)</a>
+which may be exploitable.<br>
+Please note that this fixes a different buffer overflow than the <a href="#libz">previous</a> zlib patch.
 <br>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/001_st.patch">
+<a href="https://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/020_libz.patch">
 A source code patch exists which remedies this problem.</a>
 <p>