===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata44.html,v
retrieving revision 1.39
retrieving revision 1.40
diff -u -r1.39 -r1.40
--- www/errata44.html	2014/03/31 03:12:47	1.39
+++ www/errata44.html	2014/03/31 16:02:48	1.40
@@ -77,7 +77,8 @@
 
 <ul>
 <li><a name="016_getsockopt"></a>
-<font color="#009000"><strong>016: RELIABILITY FIX: October 28, 2009</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>016: RELIABILITY FIX: October 28, 2009</strong></font>
+&nbsp; <i>All architectures</i><br>
 getsockopt(2) with any of IP_AUTH_LEVEL, IP_ESP_TRANS_LEVEL, IP_ESP_NETWORK_LEVEL,
 IP_IPCOMP_LEVEL will crash the system.
 <br>
@@ -86,7 +87,8 @@
 <p>
 
 <li><a name="015_xmm"></a>
-<font color="#009000"><strong>015: RELIABILITY FIX: October 05, 2009</strong></font> &nbsp; <i>i386 only</i><br>
+<font color="#009000"><strong>015: RELIABILITY FIX: October 05, 2009</strong></font>
+&nbsp; <i>i386 only</i><br>
 XMM exceptions are not correctly handled resulting in a kernel panic.
 <br>
 <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/4.4/i386/015_xmm.patch">
@@ -94,7 +96,8 @@
 <p>
 
 <li><a name="014_bind"></a>
-<font color="#009000"><strong>014: RELIABILITY FIX: July 29, 2009</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>014: RELIABILITY FIX: July 29, 2009</strong></font>
+&nbsp; <i>All architectures</i><br>
 A vulnerability has been found in BIND's named server
 (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0696">CVE-2009-0696</a>).
 An attacker could crash a server with a specially crafted dynamic update message to a
@@ -105,7 +108,8 @@
 <p>
 
 <li><a name="013_pf"></a>
-<font color="#009000"><strong>013: RELIABILITY FIX: April 11, 2009</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>013: RELIABILITY FIX: April 11, 2009</strong></font>
+&nbsp; <i>All architectures</i><br>
 When pf attempts to perform translation on a specially crafted IP datagram,
 a null pointer dereference will occur, resulting in a kernel panic.
 In certain configurations this may be triggered by a remote attacker.
@@ -125,7 +129,8 @@
 <p>
 
 <li><a name="012_openssl"></a>
-<font color="#009000"><strong>012: RELIABILITY FIX: April 8, 2009</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>012: RELIABILITY FIX: April 8, 2009</strong></font>
+&nbsp; <i>All architectures</i><br>
 The OpenSSL ASN.1 handling code could be forced to perform invalid memory
 accesses through the use of certain invalid strings
 (<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0590">CVE-2009-0590</a>)
@@ -142,7 +147,8 @@
 <p>
 
 <li><a name="011_sudo"></a>
-<font color="#009000"><strong>011: SECURITY FIX: February 22, 2009</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>011: SECURITY FIX: February 22, 2009</strong></font>
+&nbsp; <i>All architectures</i><br>
 sudo(8) may allow a user listed in the sudoers file to run a command
 as a different user than their access rule specifies when a Unix
 group is used in the RunAs portion of the rule.  The bug only manifests
@@ -154,7 +160,8 @@
 <p>
 
 <li><a name="010_bgpd"></a>
-<font color="#009000"><strong>010: RELIABILITY FIX: February 18, 2009</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>010: RELIABILITY FIX: February 18, 2009</strong></font>
+&nbsp; <i>All architectures</i><br>
 bgpd(8) did not correctly prepend its own AS to very long AS paths, causing
 the process to terminate because of the resulting corrupt path.
 <br>
@@ -163,7 +170,8 @@
 <p>
 
 <li><a name="009_bgpd"></a>
-<font color="#009000"><strong>009: RELIABILITY FIX: January 30, 2009</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>009: RELIABILITY FIX: January 30, 2009</strong></font>
+&nbsp; <i>All architectures</i><br>
 Upon reception of an invalid update with 4-byte AS attributes, bgpd -
 adhering to the RFCs - closed the session to the neighbor.
 This error in the specification allowed 3rd parties to close remote BGP
@@ -175,7 +183,8 @@
 <p>
 
 <li><a name="008_bind"></a>
-<font color="#009000"><strong>008: SECURITY FIX: January 14, 2009</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>008: SECURITY FIX: January 14, 2009</strong></font>
+&nbsp; <i>All architectures</i><br>
 named(8) did not correctly check the return value of a DSA verification
 function, potentially allowing bypass of verification of DNSSEC DSA
 signatures.
@@ -186,7 +195,8 @@
 <p>
 
 <li><a name="007_openssl"></a>
-<font color="#009000"><strong>007: SECURITY FIX: January 9, 2009</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>007: SECURITY FIX: January 9, 2009</strong></font>
+&nbsp; <i>All architectures</i><br>
 The OpenSSL libraries did not correctly check the return value from
 certain verification functions, allowing validation to be bypassed and
 permitting a remote attacker to conduct a "man in the middle attack"
@@ -199,7 +209,8 @@
 <p>
 
 <li><a name="006_dhcpd"></a>
-<font color="#009000"><strong>006: RELIABILITY FIX: November 19, 2008</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>006: RELIABILITY FIX: November 19, 2008</strong></font>
+&nbsp; <i>All architectures</i><br>
 Due to changes in the options handling this caused problems with some
 DHCP clients such as Solaris/OpenSolaris and some embedded routers not
 accepting DHCP offers.
@@ -209,7 +220,8 @@
 <p>
 
 <li><a name="005_pglistalloc"></a>
-<font color="#009000"><strong>005: RELIABILITY FIX: November 7, 2008</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>005: RELIABILITY FIX: November 7, 2008</strong></font>
+&nbsp; <i>All architectures</i><br>
 A software bug could cause memory allocation to cause a kernel panic
 accessing an array out of its bounds, when physical memory is exhausted.
 <br>
@@ -218,7 +230,8 @@
 <p>
 
 <li><a name="004_httpd"></a>
-<font color="#009000"><strong>004: RELIABILITY FIX: November 6, 2008</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>004: RELIABILITY FIX: November 6, 2008</strong></font>
+&nbsp; <i>All architectures</i><br>
 Fix
 <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=httpd&sektion=8">httpd(8)</a>'s
 mod_proxy module which is broken on 64-bit architectures. Due to the bug this
@@ -230,7 +243,8 @@
 <p>
 
 <li><a name="003_tcpinput"></a>
-<font color="#009000"><strong>003: RELIABILITY FIX: November 6, 2008</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>003: RELIABILITY FIX: November 6, 2008</strong></font>
+&nbsp; <i>All architectures</i><br>
 Fix the IPv4 TCP/IP stack's TIME_WAIT socket recycling. Due to the bug this
 can result in TCP connections between two IPs being reset instead of accepted
 if being received on a socket in the TIME_WAIT state.
@@ -240,7 +254,8 @@
 <p>
 
 <li><a name="002_vr"></a>
-<font color="#009000"><strong>002: RELIABILITY FIX: November 2, 2008</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>002: RELIABILITY FIX: November 2, 2008</strong></font>
+&nbsp; <i>All architectures</i><br>
 Due to a bug in the vr(4) driver it is possible for a system using the vr(4)
 driver to panic under heavy load if the RX path runs out of mbufs.
 <br>
@@ -249,7 +264,8 @@
 <p>
 
 <li><a name="001_ndp"></a>
-<font color="#009000"><strong>001: SECURITY FIX: November 2, 2008</strong></font> &nbsp; <i>All architectures</i><br>
+<font color="#009000"><strong>001: SECURITY FIX: November 2, 2008</strong></font>
+&nbsp; <i>All architectures</i><br>
 The Neighbor Discovery Protocol (ndp) did not correctly verify neighbor
 solicitation requests maybe allowing a nearby attacker to intercept traffic.
 The attacker must have IPv6 connectivity to the same router as their target for