===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/plus48.html,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- www/plus48.html 2011/02/13 15:05:34 1.10
+++ www/plus48.html 2011/03/11 20:49:30 1.11
@@ -67,6 +67,18 @@
+
+- RELIABILITY FIX: the sis(4) driver may hand over stale ring descriptors to the hardware if the compiler decides to re-order stores or if the hardware does store-reordering.
+A source code patch is available.
+[Applied to stable]
+ - SECURITY FIX: PF rules specifying address ranges (e.g. "10.1.1.1 - 10.1.1.5") were not correctly handled on little-endian systems (alpha, amd64, arm, i386, mips64el, vax). Other address types (bare addresses "10.1.1.1" and prefixes "10.1.1.1/30") are not affected.
+A source code patch is available.
+[Applied to stable]
+
+ - SECURITY FIX: An incorrectly formatted ClientHello handshake message could cause OpenSSL to parse past the end of the message. An attacker could use this flaw to trigger an invalid memory access, causing a crash of an application linked to OpenSSL. As well, certain applications may expose the contents of parsed OCSP extensions, specifically the OCSP nonce extension.
+Applications are only affected if they act as a server and call SSL_CTX_set_tlsext_status_cb on the server's SSL_CTX. It is believed that nothing in the base OS uses this. Apache httpd started using this in v2.3.3; this is newer than the version in ports.
+A source code patch is available.
+[Applied to stable]
- RELIABILITY FIX: sp_protocol in RTM_DELETE messages could contain garbage values leading to routing socket users that restrict the AF (such as ospfd) not seeing any of the RTM_DELETE messages.
A source code patch is available.
@@ -880,7 +892,7 @@
www@openbsd.org
-
$OpenBSD: plus48.html,v 1.10 2011/02/13 15:05:34 jj Exp $
+
$OpenBSD: plus48.html,v 1.11 2011/03/11 20:49:30 jj Exp $