=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/plus48.html,v retrieving revision 1.8 retrieving revision 1.9 diff -c -r1.8 -r1.9 *** www/plus48.html 2010/11/27 19:51:44 1.8 --- www/plus48.html 2011/01/13 19:44:22 1.9 *************** *** 67,72 **** --- 67,79 ----

RELIABILITY FIX: Bring CBC oracle attack countermeasures to hardware crypto accelerator land. This fixes aes-ni, via xcrypt and various drivers: glxsb(4), hifn(4), safe(4) and ubsec(4).
+ A source code patch is available.
+ [Applied to stable] +
SECURITY FIX: Insufficent initialization of the pf rule structure in the ioctl handler may allow userland to modify kernel memory. By default root privileges are needed to add or modify pf rules.
+ A source code patch is available.
+ [Applied to stable]
RELIABILITY FIX: Fix a flaw in the OpenSSL TLS server extension code parsing which could lead to a buffer overflow. This affects OpenSSL based TLS servers which are multi-threaded and use OpenSSL's internal caching mechanism. Servers that are multi-process and/or disable internal session caching are not affected.
A source code patch is available.
*************** *** 869,875 ****
www@openbsd.org !
$OpenBSD: plus48.html,v 1.8 2010/11/27 19:51:44 jj Exp $ --- 876,882 ----
www@openbsd.org !
$OpenBSD: plus48.html,v 1.9 2011/01/13 19:44:22 jj Exp $