-013: SECURITY FIX: February 16, 2011
+013: SECURITY FIX: February 16, 2011Little-endian architectures
PF rules specifying address ranges (e.g. "10.1.1.1 - 10.1.1.5") were
not correctly handled on little-endian systems (alpha, amd64, arm, i386,
@@ -99,7 +97,7 @@
-012: SECURITY FIX: February 11, 2011
+012: SECURITY FIX: February 11, 2011All architectures
An incorrectly formatted ClientHello handshake message could cause
OpenSSL to parse past the end of the message. An attacker could use this flaw
@@ -117,7 +115,7 @@
-011: RELIABILITY FIX: January 13, 2011
+011: RELIABILITY FIX: January 13, 2011All architectures
sp_protocol in RTM_DELETE messages could contain garbage values
leading to routing socket users that restrict the AF (such as ospfd)
@@ -128,7 +126,7 @@
-010: RELIABILITY FIX: December 20, 2010
+010: RELIABILITY FIX: December 20, 2010All architectures
Bring CBC oracle attack countermeasures to hardware crypto accelerator land.
This fixes aes-ni, via xcrypt and various drivers
@@ -145,7 +143,7 @@
-009: SECURITY FIX: December 17, 2010
+009: SECURITY FIX: December 17, 2010All architectures
Insufficent initialization of the pf rule structure in the ioctl
handler may allow userland to modify kernel memory. By default root
@@ -156,7 +154,7 @@
-008: RELIABILITY FIX: November 17, 2010
+008: RELIABILITY FIX: November 17, 2010All architectures
Fix a flaw in the OpenSSL TLS server extension code parsing which could lead to
a buffer overflow. This affects OpenSSL based TLS servers which are multi-threaded
@@ -168,7 +166,7 @@
-007: RELIABILITY FIX: September 14, 2010
+007: RELIABILITY FIX: September 14, 2010All architectures
Avoid calling scsi_done() more than once in gdt(4). Fixes a kernel panic triggered by syncing disks during shut down.
Clear the ITSDONE flag before issuing commands to the SCSI adapter. Fixes handling of retried SCSI commands.
@@ -178,7 +176,7 @@
-006: RELIABILITY FIX: July 8, 2010
+006: RELIABILITY FIX: July 8, 2010All architectures
Restore an unusual XS_SENSE semantic. Fixes dump(8)/restore(8) problems seen on certain tape drives.
@@ -187,7 +185,7 @@
-005: RELIABILITY FIX: May 14, 2010
+005: RELIABILITY FIX: May 14, 2010All architectures
Incorrectly initialized state updates can cause pfsync update storms.
@@ -196,7 +194,7 @@
-004: SECURITY FIX: April 23, 2010
+004: SECURITY FIX: April 23, 2010All architectures
The combination of pfsync and IPSEC may crash the kernel.
@@ -204,7 +202,7 @@
-001: RELIABILITY FIX: March 31, 2010
+001: RELIABILITY FIX: March 31, 2010All architectures
When decrypting packets, the internal decryption functions were not
paranoid enough in checking for underruns, which could potentially
@@ -242,6 +240,3 @@