===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/plus48.html,v
retrieving revision 1.10
retrieving revision 1.11
diff -c -r1.10 -r1.11
*** www/plus48.html 2011/02/13 15:05:34 1.10
--- www/plus48.html 2011/03/11 20:49:30 1.11
***************
*** 67,72 ****
--- 67,84 ----
+
+ - RELIABILITY FIX: the sis(4) driver may hand over stale ring descriptors to the hardware if the compiler decides to re-order stores or if the hardware does store-reordering.
+ A source code patch is available.
+ [Applied to stable]
+ - SECURITY FIX: PF rules specifying address ranges (e.g. "10.1.1.1 - 10.1.1.5") were not correctly handled on little-endian systems (alpha, amd64, arm, i386, mips64el, vax). Other address types (bare addresses "10.1.1.1" and prefixes "10.1.1.1/30") are not affected.
+ A source code patch is available.
+ [Applied to stable]
+
+ - SECURITY FIX: An incorrectly formatted ClientHello handshake message could cause OpenSSL to parse past the end of the message. An attacker could use this flaw to trigger an invalid memory access, causing a crash of an application linked to OpenSSL. As well, certain applications may expose the contents of parsed OCSP extensions, specifically the OCSP nonce extension.
+ Applications are only affected if they act as a server and call SSL_CTX_set_tlsext_status_cb on the server's SSL_CTX. It is believed that nothing in the base OS uses this. Apache httpd started using this in v2.3.3; this is newer than the version in ports.
+ A source code patch is available.
+ [Applied to stable]
- RELIABILITY FIX: sp_protocol in RTM_DELETE messages could contain garbage values leading to routing socket users that restrict the AF (such as ospfd) not seeing any of the RTM_DELETE messages.
A source code patch is available.
***************
*** 880,886 ****
www@openbsd.org
!
$OpenBSD: plus48.html,v 1.10 2011/02/13 15:05:34 jj Exp $