version 1.333, 2006/10/30 21:11:21 |
version 1.334, 2006/11/04 03:02:28 |
|
|
<a href="#36">3.6</a>, |
<a href="#36">3.6</a>, |
<a href="#37">3.7</a>, |
<a href="#37">3.7</a>, |
<a href="#38">3.8</a>, |
<a href="#38">3.8</a>, |
<a href="#39">3.9</a>. |
<a href="#39">3.9</a>, |
|
<a href="#40">4.0</a>. |
</td> |
</td> |
</tr> |
</tr> |
</table> |
</table> |
|
|
outlining <a href=crypto.html>what we have done with cryptography</a>.</p> |
outlining <a href=crypto.html>what we have done with cryptography</a>.</p> |
|
|
<li><h3><font color="#e00000">Advisories</font></h3><p> |
<li><h3><font color="#e00000">Advisories</font></h3><p> |
|
|
|
<li> |
|
<a name="40"></a> |
|
|
|
<h3><font color="#e00000">OpenBSD 4.0 Security Advisories</font></h3> |
|
These are the OpenBSD 4.0 advisories -- all these problems are solved |
|
in <a href=anoncvs.html>OpenBSD current</a> and the |
|
<a href=stable.html>patch branch</a>. |
|
|
|
<p> |
|
<ul> |
|
<li><a href="errata.html#systrace">Oct 7, 2006: |
|
Fix for an integer overflow in systrace(4)'s STRIOCREPLACE support, |
|
found by Chris Evans.</a> |
|
<li><a href="errata.html#openssl">Oct 7, 2006: |
|
Several problems have been found in OpenSSL.</a> |
|
<li><a href="errata.html#httpd">Oct 7, 2006: |
|
httpd(8) does not sanitize the Expect header from an HTTP request |
|
when it is reflected back in an error message, which might allow |
|
cross-site scripting (XSS) style attacks.</a> |
|
</ul> |
|
|
<li> |
<li> |
<a name="39"></a> |
<a name="39"></a> |