===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/security.html,v
retrieving revision 1.234
retrieving revision 1.235
diff -c -r1.234 -r1.235
*** www/security.html	2003/02/23 00:20:51	1.234
--- www/security.html	2003/02/23 17:21:50	1.235
***************
*** 224,230 ****
  </ul>
  
  <p>
- 
  <li>
  <a name=31></a>
  
--- 224,229 ----
***************
*** 235,240 ****
--- 234,244 ----
  
  <p>
  <ul>
+ <li><a href=errata31.html#ssl2>February 23, 2003:
+ 	In ssl(8) an information leak can occur via timing by performing
+ 	a MAC computation even if incorrect block cipher padding has 
+ 	been found, this is a countermeasure. Also, check for negative
+ 	sizes, in allocation routines.</a>
  <li><a href=errata31.html#cvs>January 20, 2003:
  	A double free exists in cvs(1) that could lead to privilege
  	escalation for cvs configurations where the cvs command is
***************
*** 305,312 ****
--- 309,325 ----
          in the sshd_config file.</a>
  </ul>
  
+ </dl>
  <p>
+ OpenBSD 3.0 and earlier releases are not supported anymore. The following
+ paragraphs only list advisories issued while they were maintained; these
+ releases are likely to be affected by the advisories for more recent releases.
+ <br>
  
+ <p>
+ <dl>
+ 
+ <p>
  <li>
  <a name=30></a>
  
***************
*** 414,428 ****
  	A security hole that may allow an attacker to partially authenticate
  	if -- and only if -- the administrator has enabled KerberosV.</a>
  </ul>
- </dl>
- <p>
- OpenBSD 2.9 and earlier releases are not supported anymore. The following
- paragraphs only list advisories issued while they were maintained; these
- releases are likely to be affected by the advisories for more recent releases.
- <br>
  
  <p>
- <dl>
  <li>
  <a name=29></a>
  
--- 427,434 ----
***************
*** 699,705 ****
  
  <p>
  <li>
- 
  <a name=25></a>
  
  <h3><font color=#e00000>OpenBSD 2.5 Security Advisories</font></h3>
--- 705,710 ----
***************
*** 736,741 ****
--- 741,747 ----
  <p>
  <li>
  <a name=24></a>
+ 
  <h3><font color=#e00000>OpenBSD 2.4 Security Advisories</font></h3>
  These are the OpenBSD 2.4 advisories -- all these problems are solved 
  in <a href=anoncvs.html>OpenBSD current</a>.  Obviously, all the
***************
*** 780,785 ****
--- 786,792 ----
  <p>
  <li>
  <a name=23></a>
+ 
  <h3><font color=#e00000>OpenBSD 2.3 Security Advisories</font></h3>
  These are the OpenBSD 2.3 advisories -- all these problems are solved 
  in <a href=anoncvs.html>OpenBSD current</a>.  Obviously, all the
***************
*** 815,820 ****
--- 822,828 ----
  <p>
  <li>
  <a name=22></a>
+ 
  <h3><font color=#e00000>OpenBSD 2.2 Security Advisories</font></h3>
  These are the OpenBSD 2.2 advisories.  All these problems are solved
  in <a href=23.html>OpenBSD 2.3</a>.  Some of these problems
***************
*** 849,854 ****
--- 857,863 ----
  <p>
  <li>
  <a name=21></a>
+ 
  <h3><font color=#e00000>OpenBSD 2.1 Security Advisories</font></h3>
  These are the OpenBSD 2.1 advisories.  All these problems are solved
  in <a href=22.html>OpenBSD 2.2</a>.  Some of these problems still
***************
*** 870,875 ****
--- 879,885 ----
  <p>
  <li>
  <a name=20></a>
+ 
  <h3><font color=#e00000>OpenBSD 2.0 Security Advisories</font></h3>
  These are the OpenBSD 2.0 advisories.  All these problems are solved
  in <a href=21.html>OpenBSD 2.1</a>.  Some of these problems still
***************
*** 994,1000 ****
  <a href=index.html><img height=24 width=24 src=back.gif border=0 alt=OpenBSD></a>
  <a href=mailto:www@openbsd.org>www@openbsd.org</a>
  <br>
! <small>$OpenBSD: security.html,v 1.234 2003/02/23 00:20:51 margarida Exp $</small>
  
  </body>
  </html>
--- 1004,1010 ----
  <a href=index.html><img height=24 width=24 src=back.gif border=0 alt=OpenBSD></a>
  <a href=mailto:www@openbsd.org>www@openbsd.org</a>
  <br>
! <small>$OpenBSD: security.html,v 1.235 2003/02/23 17:21:50 miod Exp $</small>
  
  </body>
  </html>