===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/errata60.html,v
retrieving revision 1.7
retrieving revision 1.8
diff -c -r1.7 -r1.8
*** www/errata60.html	2016/09/17 21:37:44	1.7
--- www/errata60.html	2016/09/22 18:57:02	1.8
***************
*** 155,160 ****
--- 155,195 ----
  A source code patch exists which remedies this problem.</a>
  <p>
  
+ <li id="007_libcrypto">
+ <font color="#009000">
+ <strong>007: RELIABILITY FIX: September 22, 2016</strong></font>
+ &nbsp; <i>All architectures</i>
+ <br>
+ Revert change that cleans up the EVP cipher context in EVP_EncryptFinal()
+ and EVP_DecryptFinal(). Some software relies on the previous behaviour.
+ <br>
+ <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/6.0/common/007_libcrypto.patch.sig">
+ A source code patch exists which remedies this problem.</a>
+ <p>
+ 
+ <li id="008_libssl">
+ <font color="#009000">
+ <strong>008: RELIABILITY FIX: September 22, 2016</strong></font>
+ &nbsp; <i>All architectures</i>
+ <br>
+ Avoid unbounded memory growth in libssl, which can be triggered by a TLS
+ client repeatedly renegotiating and sending OCSP Status Request TLS extensions.
+ <br>
+ <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/6.0/common/008_libssl.patch.sig">
+ A source code patch exists which remedies this problem.</a>
+ <p>
+ 
+ <li id="009_libssl">
+ <font color="#009000">
+ <strong>009: SECURITY FIX: September 22, 2016</strong></font>
+ &nbsp; <i>All architectures</i>
+ <br>
+ Avoid falling back to a weak digest for (EC)DH when using SNI with libssl.
+ <br>
+ <a href="http://ftp.openbsd.org/pub/OpenBSD/patches/6.0/common/009_libssl.patch.sig">
+ A source code patch exists which remedies this problem.</a>
+ <p>
+ 
  </ul>
  
  <hr>