===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata39.html,v
retrieving revision 1.43
retrieving revision 1.44
diff -u -r1.43 -r1.44
--- www/errata39.html	2014/03/31 03:12:47	1.43
+++ www/errata39.html	2014/03/31 16:02:48	1.44
@@ -79,14 +79,16 @@
 <ul>
 
 <li><a name="023_altivec"></a>
-<font color="#009000"><strong>023: STABILITY FIX: April 26, 2007</strong></font> &nbsp; <i>PowerPC</i><br>
+<font color="#009000"><strong>023: STABILITY FIX: April 26, 2007</strong></font>
+&nbsp; <i>PowerPC</i><br>
 An unhandled AltiVec assist exception can cause a kernel panic.<br>
 <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.9/macppc/023_altivec.patch">
 A source code patch exists which remedies this problem.</a>
 <p>
 
 <li><a name="022_route6"></a>
-<font color="#009000"><strong>022: SECURITY FIX: April 23, 2007</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>022: SECURITY FIX: April 23, 2007</strong></font>
+&nbsp; <i>All architectures</i><br>
 IPv6 type 0 route headers can be used to mount a DoS attack against
 hosts and networks.  This is a design flaw in IPv6 and not a bug in
 OpenBSD.<br>
@@ -95,7 +97,8 @@
 <p>
 
 <li><a name="021_xorg"></a>
-<font color="#009000"><strong>021: SECURITY FIX: April 4, 2007</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>021: SECURITY FIX: April 4, 2007</strong></font>
+&nbsp; <i>All architectures</i><br>
 Multiple vulnerabilities have been discovered in X.Org.<br>
 XC-MISC extension ProcXCMiscGetXIDList memory corruption vulnerability,
 BDFFont parsing integer overflow vulnerability,
@@ -112,7 +115,8 @@
 <p>
 
 <li><a name="m_dup1"></a>
-<font color="#009000"><strong>020: SECURITY FIX: March 7, 2007</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>020: SECURITY FIX: March 7, 2007</strong></font>
+&nbsp; <i>All architectures</i><br>
 <strong>2nd revision, March 17, 2007</strong><br>
 Incorrect mbuf handling for ICMP6 packets.<br>
 Using
@@ -126,7 +130,8 @@
 <p>
 
 <li><a name="timezone"></a>
-<font color="#009000"><strong>019: INTEROPERABILITY FIX: February 4, 2007</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>019: INTEROPERABILITY FIX: February 4, 2007</strong></font>
+&nbsp; <i>All architectures</i><br>
 A US daylight saving time rules change takes effect in 2007.
 <br>
 <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/3.9/common/019_timezone.patch">
@@ -134,7 +139,8 @@
 <p>
 
 <li><a name="icmp6"></a>
-<font color="#009000"><strong>018: RELIABILITY FIX: January 16, 2007</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>018: RELIABILITY FIX: January 16, 2007</strong></font>
+&nbsp; <i>All architectures</i><br>
 Under some circumstances, processing an ICMP6 echo request would cause
 the kernel to enter an infinite loop.
 <br>
@@ -158,7 +164,8 @@
 <p>
 
 <li><a name="ldso"></a>
-<font color="#009000"><strong>016: SECURITY FIX: November 19, 2006</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>016: SECURITY FIX: November 19, 2006</strong></font>
+&nbsp; <i>All architectures</i><br>
 The ELF
 <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ld.so&amp;sektion=1">ld.so(1)</a>
 fails to properly sanitize the environment. There is a potential localhost security
@@ -170,7 +177,8 @@
 <p>
 
 <li><a name="ssh"></a>
-<font color="#009000"><strong>015: SECURITY FIX: October 12, 2006</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>015: SECURITY FIX: October 12, 2006</strong></font>
+&nbsp; <i>All architectures</i><br>
 Fix 2 security bugs found in OpenSSH. A pre-authentication denial of service (found
 by Tavis Ormandy) that would cause
 <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&amp;sektion=8">sshd(8)</a>
@@ -185,7 +193,8 @@
 <p>
 
 <li><a name="systrace"></a>
-<font color="#009000"><strong>014: SECURITY FIX: October 7, 2006</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>014: SECURITY FIX: October 7, 2006</strong></font>
+&nbsp; <i>All architectures</i><br>
 Fix for an integer overflow in
 <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&amp;sektion=4">systrace(4)</a>'s
 STRIOCREPLACE support, found by
@@ -197,7 +206,8 @@
 <p>
 
 <li><a name="openssl2"></a>
-<font color="#009000"><strong>013: SECURITY FIX: October 7, 2006</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>013: SECURITY FIX: October 7, 2006</strong></font>
+&nbsp; <i>All architectures</i><br>
 Several problems have been found in OpenSSL. While parsing certain invalid ASN.1
 structures an error condition is mishandled, possibly resulting in an infinite
 loop. A buffer overflow exists in the SSL_get_shared_ciphers function. A NULL
@@ -214,7 +224,8 @@
 <p>
 
 <li><a name="httpd2"></a>
-<font color="#009000"><strong>012: SECURITY FIX: October 7, 2006</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>012: SECURITY FIX: October 7, 2006</strong></font>
+&nbsp; <i>All architectures</i><br>
 <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&amp;sektion=8">httpd(8)</a>
 does not sanitize the Expect header from an HTTP request when it is
 reflected back in an error message, which might allow cross-site scripting (XSS)
@@ -226,7 +237,8 @@
 <p>
 
 <li><a name="openssl"></a>
-<font color="#009000"><strong>011: SECURITY FIX: September 8, 2006</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>011: SECURITY FIX: September 8, 2006</strong></font>
+&nbsp; <i>All architectures</i><br>
 Due to incorrect PKCS#1 v1.5 padding validation in OpenSSL, it is possible for
 an attacker to construct an invalid signature which OpenSSL would accept as a
 valid PKCS#1 v1.5 signature.
@@ -237,7 +249,8 @@
 <p>
 
 <li><a name="bind"></a>
-<font color="#009000"><strong>010: SECURITY FIX: September 8, 2006</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>010: SECURITY FIX: September 8, 2006</strong></font>
+&nbsp; <i>All architectures</i><br>
 Two Denial of Service issues have been found with BIND.
 An attacker who can perform recursive lookups on a DNS server and is able
 to send a sufficiently large number of recursive queries, or is able to
@@ -253,7 +266,8 @@
 <p>
 
 <li><a name="sppp"></a>
-<font color="#009000"><strong>009: SECURITY FIX: September 2, 2006</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>009: SECURITY FIX: September 2, 2006</strong></font>
+&nbsp; <i>All architectures</i><br>
 Due to the failure to correctly validate LCP configuration option lengths,
 it is possible for an attacker to send LCP packets via an
 <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sppp&amp;sektion=4">sppp(4)</a>
@@ -265,7 +279,8 @@
 <p>
 
 <li><a name="isakmpd"></a>
-<font color="#009000"><strong>008: SECURITY FIX: August 25, 2006</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>008: SECURITY FIX: August 25, 2006</strong></font>
+&nbsp; <i>All architectures</i><br>
 A problem in
 <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&amp;sektion=8">isakmpd(8)</a>
 caused IPsec to run partly without replay protection. If
@@ -279,7 +294,8 @@
 <p>
 
 <li><a name="sem"></a>
-<font color="#009000"><strong>007: SECURITY FIX: August 25, 2006</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>007: SECURITY FIX: August 25, 2006</strong></font>
+&nbsp; <i>All architectures</i><br>
 It is possible to cause the kernel to panic when more than the default number of
 sempahores have been allocated.
 <br>
@@ -288,7 +304,8 @@
 <p>
 
 <li><a name="dhcpd"></a>
-<font color="#009000"><strong>006: SECURITY FIX: August 25, 2006</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>006: SECURITY FIX: August 25, 2006</strong></font>
+&nbsp; <i>All architectures</i><br>
 Due to an off-by-one error in
 <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcpd&amp;sektion=8">dhcpd(8)</a>,
 it is possible to cause
@@ -301,7 +318,8 @@
 <p>
 
 <li><a name="sendmail3"></a>
-<font color="#009000"><strong>005: SECURITY FIX: August 25, 2006</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>005: SECURITY FIX: August 25, 2006</strong></font>
+&nbsp; <i>All architectures</i><br>
 A potential denial of service problem has been found in sendmail. A message
 with really long header lines could trigger a use-after-free bug causing
 sendmail to crash.
@@ -311,7 +329,8 @@
 <p>
 
 <li><a name="httpd"></a>
-<font color="#009000"><strong>004: SECURITY FIX: July 30, 2006</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>004: SECURITY FIX: July 30, 2006</strong></font>
+&nbsp; <i>All architectures</i><br>
 <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&amp;sektion=8">httpd(8)</a>'s
 mod_rewrite has a potentially exploitable off-by-one buffer overflow.
 The buffer overflow may result in a vulnerability which, in combination
@@ -324,7 +343,8 @@
 <p>
 
 <li><a name="sendmail2"></a>
-<font color="#009000"><strong>003: SECURITY FIX: June 15, 2006</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>003: SECURITY FIX: June 15, 2006</strong></font>
+&nbsp; <i>All architectures</i><br>
 A potential denial of service problem has been found in sendmail. A malformed MIME
 message could trigger excessive recursion which will lead to stack exhaustion.
 This denial of service attack only affects delivery of mail from the queue and
@@ -337,7 +357,8 @@
 <p>
 
 <li><a name="xorg"></a>
-<font color="#009000"><strong>002: SECURITY FIX: May 2, 2006</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>002: SECURITY FIX: May 2, 2006</strong></font>
+&nbsp; <i>All architectures</i><br>
 A security vulnerability has been found in the X.Org server --
 <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1526">CVE-2006-1526</a>.
 Clients authorized to connect to the X server are able to crash it and to execute
@@ -348,7 +369,8 @@
 <p>
 
 <li><a name="sendmail"></a>
-<font color="#009000"><strong>001: SECURITY FIX: March 25, 2006</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>001: SECURITY FIX: March 25, 2006</strong></font>
+&nbsp; <i>All architectures</i><br>
 A race condition has been reported to exist in the handling by sendmail of
 asynchronous signals. A remote attacker may be able to execute arbitrary code with the
 privileges of the user running sendmail, typically root. This is the second revision of