===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/plus.html,v
retrieving revision 1.1133
retrieving revision 1.1134
diff -u -r1.1133 -r1.1134
--- www/plus.html	2009/02/01 14:22:21	1.1133
+++ www/plus.html	2009/02/01 15:12:21	1.1134
@@ -179,7 +179,9 @@
 <!-- 2009/01/14 -->
 <li>Removed support for krb4 '.' instance separator in the libc authentication code.
 <li>Add "ESMTP" to the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=smtpd&sektion=8&format=html">smtpd(8)</a> banner now that it does support some extensions.
-<li>Fix DNSSEC signature validation error in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=named&sektion=8&format=html">named(8)</a>.
+<li><font color="#e00000"><strong>SECURITY FIX: DNSSEC signature validation error in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=named&sektion=8&format=html">named(8)</a>.</strong></font><br>
+<a href="errata44.html#008_bind">A source code patch is available</a>.<br>
+<a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
 <li>Re-enabled PIE support for powerpc platforms.
 <li>Enable <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vdsk&sektion=4&format=html">vdsk(4)</a> on sparc64 RAMDISK kernels.
 <li>Added <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=uaudio&sektion=4&format=html">uaudio(4)</a> support to sgi GENERIC kernels.
@@ -208,6 +210,9 @@
 <li>Added multicast support to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vnet&sektion=4&format=html">vnet(4)</a>.
 <!-- 2009/01/09 -->
 <li>Make sure to enable support for RFC2546 TLS extensions to allow for multihomed TLS servers.
+<li><font color="#e00000"><strong>SECURITY FIX: OpenSSL libraries did not correctly check the return value from certain verification functions.</strong></font><br>
+<a href="errata44.html#007_openssl">A source code patch is available</a>.<br>
+<a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
 <li>Updated OpenSSL to 0.9.8j.
 <!-- 2009/01/08 -->
 <li>Add support for SDHC cards in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sdmmc&sektion=4&format=html">sdmmc(4)</a>.
@@ -263,7 +268,9 @@
 <li>Plug some memory leakage in the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ypldap&sektion=8&format=html">ypldap(8)</a> parser.
 <li>Make <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=cdio&sektion=1&format=html">cdio(1)</a> work with <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=aucat&sektion=1&format=html">aucat(1)</a> regardless of the buffer size used.
 <!-- 2008/12/27 -->
-<li>Add workaround for problem in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bgpd&sektion=8&format=html">bgpd(8)</a> when invalid AS4_PATHs are passed over multiple hops.
+<li><font color="#e00000"><strong>RELIABILITY FIX: Reception of an invalid update with 4-byte AS attributes allows a third party to close remote BGP sessions.</strong></font><br>
+<a href="errata44.html#009_bgpd">A source code patch is available</a>.<br>
+<a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
 <li>Added <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ifb&sektion=4&format=html">ifb(4)</a> to sparc64 GENERIC kernels.
 <li>Use hardware acceleration for scrolling in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ifb&sektion=4&format=html">ifb(4)</a> on sparc64, avoids overlay artifacts.
 <!-- 2008/12/26 -->
@@ -470,6 +477,9 @@
 <li>Make the kernel fork code allocate required space for systrace early so we are sure the activation code wont sleep in sensitive places.
 <li>Major overhaul of <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=wpi&sektion=4&format=html">wpi(4)</a> to bring in HW CCMP encryption/decryption among other things. Requires new wpi-firmware.
 <!-- 2008/11/07 -->
+<li><font color="#e00000"><strong>RELIABILITY FIX: Problems with DH0_DHCP_OPTIONS_OVERLOAD in <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=dhcpd&sektion=8&format=html">dhcpd(8)</a>.</strong></font><br>
+<a href="errata44.html#006_dhcpd">A source code patch is available</a>.<br>
+<a href="stable.html"><font color="#00b000">[Applied to stable]</font></a>
 <li>Add malloc and bucket views to <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=systat&sektion=1&format=html">systat(1)</a>.
 <li>Added new <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sysctl&sektion=8&format=html">sysctl(8)</a> ddb.trigger to take the OS into the <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ddb&sektion=4&format=html">ddb(4)</a> debugger if ddb.console=1 and the write comes from the actual console tty.
 <li>Fixes for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=trunk&sektion=4&format=html">trunk(4)</a> LACP code to help it work with Catalyst 3500s.
@@ -952,7 +962,7 @@
 <hr>
 <a href="index.html"><img height=24 width=24 src="back.gif" border=0 alt="OpenBSD"></a>
 <a href="mailto:www@openbsd.org">www@openbsd.org</a>
-<br><small>$OpenBSD: plus.html,v 1.1133 2009/02/01 14:22:21 jj Exp $</small>
+<br><small>$OpenBSD: plus.html,v 1.1134 2009/02/01 15:12:21 jj Exp $</small>
 
 </body>
 </html>