=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/errata55.html,v retrieving revision 1.30 retrieving revision 1.31 diff -c -r1.30 -r1.31 *** www/errata55.html 2015/01/13 19:47:25 1.30 --- www/errata55.html 2015/02/14 04:36:51 1.31 *************** *** 83,89 ****

001: RELIABILITY FIX: March 15, 2014 All architectures
Memory corruption happens during --- 83,89 ----
- 001: RELIABILITY FIX: March 15, 2014 All architectures
  Memory corruption happens during *************** *** 93,99 **** A source code patch exists which remedies this problem.
  !
- 002: SECURITY FIX: April 8, 2014 All architectures
  Missing bounds checking in OpenSSL's implementation of the TLS/DTLS --- 93,99 ---- A source code patch exists which remedies this problem.
  !
- 002: SECURITY FIX: April 8, 2014 All architectures
  Missing bounds checking in OpenSSL's implementation of the TLS/DTLS *************** *** 103,109 **** A source code patch exists which remedies this problem.
  !
- 003: SECURITY FIX: April 9, 2014 All architectures
  Missing hostname check for HTTPS connections in the --- 103,109 ---- A source code patch exists which remedies this problem.
  !
- 003: SECURITY FIX: April 9, 2014 All architectures
  Missing hostname check for HTTPS connections in the *************** *** 114,120 **** A source code patch exists which remedies this problem.
  !
- 004: SECURITY FIX: April 12, 2014 All architectures
  A use-after-free race condition in OpenSSL's read buffer may permit an attacker --- 114,120 ---- A source code patch exists which remedies this problem.
  !
- 004: SECURITY FIX: April 12, 2014 All architectures
  A use-after-free race condition in OpenSSL's read buffer may permit an attacker *************** *** 124,130 **** A source code patch exists which remedies this problem.
  !
- 005: RELIABILITY FIX: May 1, 2014 All architectures
  An attacker can trigger generation of an SSL alert which could cause --- 124,130 ---- A source code patch exists which remedies this problem.
  !
- 005: RELIABILITY FIX: May 1, 2014 All architectures
  An attacker can trigger generation of an SSL alert which could cause *************** *** 134,140 **** A source code patch exists which remedies this problem.
  !
- 006: SECURITY FIX: May 24, 2014 All architectures with X server
  X Font Service Protocol & Font metadata file handling issues in libXfont --- 134,140 ---- A source code patch exists which remedies this problem.
  !
- 006: SECURITY FIX: May 24, 2014 All architectures with X server
  X Font Service Protocol & Font metadata file handling issues in libXfont *************** *** 149,155 **** A source code patch exists which remedies this problem.
  !
- 007: SECURITY FIX: June 5, 2014 All architectures
  Sendmail was not properly closing file descriptions before executing programs. --- 149,155 ---- A source code patch exists which remedies this problem.
  !
- 007: SECURITY FIX: June 5, 2014 All architectures
  Sendmail was not properly closing file descriptions before executing programs. *************** *** 160,166 **** A source code patch exists which remedies this problem.
  !
- 008: SECURITY FIX: June 6, 2014 All architectures
  This patch contains a number of SSL library fixes. --- 160,166 ---- A source code patch exists which remedies this problem.
  !
- 008: SECURITY FIX: June 6, 2014 All architectures
  This patch contains a number of SSL library fixes. *************** *** 169,175 **** A source code patch exists which remedies this problem.
  !
- 009: RELIABILITY FIX: July 30, 2014 All architectures
  Packets with illegal DHCP options can lead to memory exhaustion of --- 169,175 ---- A source code patch exists which remedies this problem.
  !
- 009: RELIABILITY FIX: July 30, 2014 All architectures
  Packets with illegal DHCP options can lead to memory exhaustion of *************** *** 181,187 **** A source code patch exists which remedies this problem.
  !
- 010: SECURITY FIX: August 9, 2014 All architectures
  This patch contains a number of SSL library fixes. --- 181,187 ---- A source code patch exists which remedies this problem.
  !
- 010: SECURITY FIX: August 9, 2014 All architectures
  This patch contains a number of SSL library fixes. *************** *** 190,196 **** A source code patch exists which remedies this problem.
  !
- 011: SECURITY FIX: October 1, 2014 All architectures
  nginx can reuse cached SSL sessions in unrelated contexts, allowing virtual --- 190,196 ---- A source code patch exists which remedies this problem.
  !
- 011: SECURITY FIX: October 1, 2014 All architectures
  nginx can reuse cached SSL sessions in unrelated contexts, allowing virtual *************** *** 201,207 **** A source code patch exists which remedies this problem.
  !
- 012: RELIABILITY FIX: October 20, 2014 All architectures
  Two remotely triggerable memory leaks in OpenSSL can lead to a denial of --- 201,207 ---- A source code patch exists which remedies this problem.
  !
- 012: RELIABILITY FIX: October 20, 2014 All architectures
  Two remotely triggerable memory leaks in OpenSSL can lead to a denial of *************** *** 211,217 **** A source code patch exists which remedies this problem.
  !
- 013: RELIABILITY FIX: October 20, 2014 All architectures
  Executable headers with an unaligned address will trigger a kernel panic. --- 211,217 ---- A source code patch exists which remedies this problem.
  !
- 013: RELIABILITY FIX: October 20, 2014 All architectures
  Executable headers with an unaligned address will trigger a kernel panic. *************** *** 220,226 **** A source code patch exists which remedies this problem.
  !
- 014: RELIABILITY FIX: November 17, 2014 All architectures
  A PF rule using an IPv4 address --- 220,226 ---- A source code patch exists which remedies this problem.
  !
- 014: RELIABILITY FIX: November 17, 2014 All architectures
  A PF rule using an IPv4 address *************** *** 232,238 **** A source code patch exists which remedies this problem.
  !
- 015: RELIABILITY FIX: November 17, 2014 All architectures
  Querying an invalid hostname with gethostbyname(3) could cause a NULL deref. --- 232,238 ---- A source code patch exists which remedies this problem.
  !
- 015: RELIABILITY FIX: November 17, 2014 All architectures
  Querying an invalid hostname with gethostbyname(3) could cause a NULL deref. *************** *** 241,247 **** A source code patch exists which remedies this problem.
  !
- 016: RELIABILITY FIX: December 5, 2014 All architectures
  Several bugs were fixed that allowed a crash from remote when an active pipex --- 241,247 ---- A source code patch exists which remedies this problem.
  !
- 016: RELIABILITY FIX: December 5, 2014 All architectures
  Several bugs were fixed that allowed a crash from remote when an active pipex *************** *** 251,257 **** A source code patch exists which remedies this problem.
  !
- 017: RELIABILITY FIX: December 5, 2014 All architectures
  An incorrect memcpy call would result in corrupted MAC addresses when --- 251,257 ---- A source code patch exists which remedies this problem.
  !
- 017: RELIABILITY FIX: December 5, 2014 All architectures
  An incorrect memcpy call would result in corrupted MAC addresses when *************** *** 261,267 **** A source code patch exists which remedies this problem.
  !
- 018: RELIABILITY FIX: December 9, 2014 All architectures
  Several bugs in virtio(4) can lead to hangs with virtio devices, --- 261,267 ---- A source code patch exists which remedies this problem.
  !
- 018: RELIABILITY FIX: December 9, 2014 All architectures
  Several bugs in virtio(4) can lead to hangs with virtio devices, *************** *** 271,277 **** A source code patch exists which remedies this problem.
  !
- 019: SECURITY FIX: December 9, 2014 All architectures
  One year after Ilja van Sprundel discovered and reported a large number --- 271,277 ---- A source code patch exists which remedies this problem.
  !
- 019: SECURITY FIX: December 9, 2014 All architectures
  One year after Ilja van Sprundel discovered and reported a large number *************** *** 284,290 **** A source code patch exists which remedies this problem.
  !
- 020: SECURITY FIX: January 13, 2015 All architectures
  Fix CVE-2014-6272 in libevent 1.4 event buffer handling. OpenBSD --- 284,290 ---- A source code patch exists which remedies this problem.
  !
- 020: SECURITY FIX: January 13, 2015 All architectures
  Fix CVE-2014-6272 in libevent 1.4 event buffer handling. OpenBSD