=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/plus48.html,v retrieving revision 1.10 retrieving revision 1.11 diff -c -r1.10 -r1.11 *** www/plus48.html 2011/02/13 15:05:34 1.10 --- www/plus48.html 2011/03/11 20:49:30 1.11 *************** *** 67,72 **** --- 67,84 ----

RELIABILITY FIX: the sis(4) driver may hand over stale ring descriptors to the hardware if the compiler decides to re-order stores or if the hardware does store-reordering.
+ A source code patch is available.
+ [Applied to stable] +
SECURITY FIX: PF rules specifying address ranges (e.g. "10.1.1.1 - 10.1.1.5") were not correctly handled on little-endian systems (alpha, amd64, arm, i386, mips64el, vax). Other address types (bare addresses "10.1.1.1" and prefixes "10.1.1.1/30") are not affected.
+ A source code patch is available.
+ [Applied to stable] + +
SECURITY FIX: An incorrectly formatted ClientHello handshake message could cause OpenSSL to parse past the end of the message. An attacker could use this flaw to trigger an invalid memory access, causing a crash of an application linked to OpenSSL. As well, certain applications may expose the contents of parsed OCSP extensions, specifically the OCSP nonce extension.
+ Applications are only affected if they act as a server and call SSL_CTX_set_tlsext_status_cb on the server's SSL_CTX. It is believed that nothing in the base OS uses this. Apache httpd started using this in v2.3.3; this is newer than the version in ports.
+ A source code patch is available.
+ [Applied to stable]
RELIABILITY FIX: sp_protocol in RTM_DELETE messages could contain garbage values leading to routing socket users that restrict the AF (such as ospfd) not seeing any of the RTM_DELETE messages.
A source code patch is available.
*************** *** 880,886 ****
www@openbsd.org !
$OpenBSD: plus48.html,v 1.10 2011/02/13 15:05:34 jj Exp $ --- 892,898 ----
www@openbsd.org !
$OpenBSD: plus48.html,v 1.11 2011/03/11 20:49:30 jj Exp $