===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata59.html,v
retrieving revision 1.24
retrieving revision 1.25
diff -u -r1.24 -r1.25
--- www/errata59.html	2016/09/17 14:53:50	1.24
+++ www/errata59.html	2016/09/22 18:57:02	1.25
@@ -359,6 +359,29 @@
 A source code patch exists which remedies this problem.</a>
 <p>
 
+<li id="027_libssl">
+<font color="#009000">
+<strong>027: RELIABILITY FIX: September 22, 2016</strong></font>
+&nbsp; <i>All architectures</i>
+<br>
+Avoid unbounded memory growth in libssl, which can be triggered by a TLS
+client repeatedly renegotiating and sending OCSP Status Request TLS extensions.
+<br>
+<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.9/common/027_libssl.patch.sig">
+A source code patch exists which remedies this problem.</a>
+<p>
+
+<li id="028_libssl">
+<font color="#009000">
+<strong>028: SECURITY FIX: September 22, 2016</strong></font>
+&nbsp; <i>All architectures</i>
+<br>
+Avoid falling back to a weak digest for (EC)DH when using SNI with libssl.
+<br>
+<a href="http://ftp.openbsd.org/pub/OpenBSD/patches/5.9/common/028_libssl.patch.sig">
+A source code patch exists which remedies this problem.</a>
+<p>
+
 </ul>
 
 <hr>