===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata39.html,v
retrieving revision 1.63
retrieving revision 1.64
diff -u -r1.63 -r1.64
--- www/errata39.html	2017/03/28 04:04:52	1.63
+++ www/errata39.html	2017/03/28 06:41:18	1.64
@@ -83,7 +83,7 @@
 
 <ul>
 
-<li id="023_altivec">
+<li id="p023_altivec">
 <font color="#009000"><strong>023: STABILITY FIX: April 26, 2007</strong></font>
 &nbsp; <i>PowerPC</i><br>
 An unhandled AltiVec assist exception can cause a kernel panic.<br>
@@ -91,7 +91,7 @@
 A source code patch exists which remedies this problem.</a>
 <p>
 
-<li id="022_route6">
+<li id="p022_route6">
 <font color="#009000"><strong>022: SECURITY FIX: April 23, 2007</strong></font>
 &nbsp; <i>All architectures</i><br>
 IPv6 type 0 route headers can be used to mount a DoS attack against
@@ -101,7 +101,7 @@
 A source code patch exists which remedies this problem.</a>
 <p>
 
-<li id="021_xorg">
+<li id="p021_xorg">
 <font color="#009000"><strong>021: SECURITY FIX: April 4, 2007</strong></font>
 &nbsp; <i>All architectures</i><br>
 Multiple vulnerabilities have been discovered in X.Org.<br>
@@ -125,7 +125,7 @@
 <strong>2nd revision, March 17, 2007</strong><br>
 Incorrect mbuf handling for ICMP6 packets.<br>
 Using
-<a href="http://man.openbsd.org/?query=pf&sektion=4">pf(4)</a>
+<a href="http://man.openbsd.org/OpenBSD-3.9/pf.4">pf(4)</a>
 to avoid the problem packets is an effective workaround until the patch
 can be installed.<br>
 Use "block in inet6" in /etc/pf.conf
@@ -157,7 +157,7 @@
 <font color="#009000"><strong>017: SECURITY FIX: January 3, 2007</strong></font>
 &nbsp; <i>i386 only</i><br>
 Insufficient validation in
-<a href="http://man.openbsd.org/?query=vga&amp;sektion=4">vga(4)</a>
+<a href="http://man.openbsd.org/OpenBSD-3.9/vga.4">vga(4)</a>
 may allow an attacker to gain root privileges if the kernel is compiled with
 <tt>option PCIAGP</tt>
 and the actual device is not an AGP device.
@@ -172,7 +172,7 @@
 <font color="#009000"><strong>016: SECURITY FIX: November 19, 2006</strong></font>
 &nbsp; <i>All architectures</i><br>
 The ELF
-<a href="http://man.openbsd.org/?query=ld.so&amp;sektion=1">ld.so(1)</a>
+<a href="http://man.openbsd.org/OpenBSD-3.9/ld.so.1">ld.so(1)</a>
 fails to properly sanitize the environment. There is a potential localhost security
 problem in cases we have not found yet.  This patch applies to all ELF-based
 systems (m68k, m88k, and vax are a.out-based systems).
@@ -186,7 +186,7 @@
 &nbsp; <i>All architectures</i><br>
 Fix 2 security bugs found in OpenSSH. A pre-authentication denial of service (found
 by Tavis Ormandy) that would cause
-<a href="http://man.openbsd.org/?query=sshd&amp;sektion=8">sshd(8)</a>
+<a href="http://man.openbsd.org/OpenBSD-3.9/sshd.8">sshd(8)</a>
 to spin until the login grace time expired.
 An unsafe signal handler (found by Mark Dowd) that is vulnerable to a race condition
 that could be exploited to perform a pre-authentication denial of service.
@@ -201,7 +201,7 @@
 <font color="#009000"><strong>014: SECURITY FIX: October 7, 2006</strong></font>
 &nbsp; <i>All architectures</i><br>
 Fix for an integer overflow in
-<a href="http://man.openbsd.org/?query=systrace&amp;sektion=4">systrace(4)</a>'s
+<a href="http://man.openbsd.org/OpenBSD-3.9/systrace.4">systrace(4)</a>'s
 STRIOCREPLACE support, found by
 Chris Evans. This could be exploited for DoS, limited kmem reads or local
 privilege escalation.
@@ -231,7 +231,7 @@
 <li id="httpd2">
 <font color="#009000"><strong>012: SECURITY FIX: October 7, 2006</strong></font>
 &nbsp; <i>All architectures</i><br>
-<a href="http://man.openbsd.org/?query=httpd&amp;sektion=8">httpd(8)</a>
+<a href="http://man.openbsd.org/OpenBSD-3.9/httpd.8">httpd(8)</a>
 does not sanitize the Expect header from an HTTP request when it is
 reflected back in an error message, which might allow cross-site scripting (XSS)
 style attacks.
@@ -275,7 +275,7 @@
 &nbsp; <i>All architectures</i><br>
 Due to the failure to correctly validate LCP configuration option lengths,
 it is possible for an attacker to send LCP packets via an
-<a href="http://man.openbsd.org/?query=sppp&amp;sektion=4">sppp(4)</a>
+<a href="http://man.openbsd.org/OpenBSD-3.9/sppp.4">sppp(4)</a>
 connection causing the kernel to panic.
 <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4304">CVE-2006-4304</a>
 <br>
@@ -287,9 +287,9 @@
 <font color="#009000"><strong>008: SECURITY FIX: August 25, 2006</strong></font>
 &nbsp; <i>All architectures</i><br>
 A problem in
-<a href="http://man.openbsd.org/?query=isakmpd&amp;sektion=8">isakmpd(8)</a>
+<a href="http://man.openbsd.org/OpenBSD-3.9/isakmpd.8">isakmpd(8)</a>
 caused IPsec to run partly without replay protection. If
-<a href="http://man.openbsd.org/?query=isakmpd&amp;sektion=8">isakmpd(8)</a>
+<a href="http://man.openbsd.org/OpenBSD-3.9/isakmpd.8">isakmpd(8)</a>
 was acting as responder during SA negotiation, SA's with a replay window of size 0 were created.
 An attacker could reinject sniffed IPsec packets, which will be accepted without checking the
 replay counter.
@@ -312,9 +312,9 @@
 <font color="#009000"><strong>006: SECURITY FIX: August 25, 2006</strong></font>
 &nbsp; <i>All architectures</i><br>
 Due to an off-by-one error in
-<a href="http://man.openbsd.org/?query=dhcpd&amp;sektion=8">dhcpd(8)</a>,
+<a href="http://man.openbsd.org/OpenBSD-3.9/dhcpd.8">dhcpd(8)</a>,
 it is possible to cause
-<a href="http://man.openbsd.org/?query=dhcpd&amp;sektion=8">dhcpd(8)</a>
+<a href="http://man.openbsd.org/OpenBSD-3.9/dhcpd.8">dhcpd(8)</a>
 to exit by sending a DHCPDISCOVER packet with a 32-byte client identifier option.
 <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3122">CVE-2006-3122</a>
 <br>
@@ -336,7 +336,7 @@
 <li id="httpd">
 <font color="#009000"><strong>004: SECURITY FIX: July 30, 2006</strong></font>
 &nbsp; <i>All architectures</i><br>
-<a href="http://man.openbsd.org/?query=httpd&amp;sektion=8">httpd(8)</a>'s
+<a href="http://man.openbsd.org/OpenBSD-3.9/httpd.8">httpd(8)</a>'s
 mod_rewrite has a potentially exploitable off-by-one buffer overflow.
 The buffer overflow may result in a vulnerability which, in combination
 with certain types of Rewrite rules in the web server configuration files,