===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/security.html,v
retrieving revision 1.300
retrieving revision 1.301
diff -c -r1.300 -r1.301
*** www/security.html	2004/10/23 20:34:08	1.300
--- www/security.html	2004/10/29 17:22:17	1.301
***************
*** 54,60 ****
  <a href="#32">3.2</a>,
  <a href="#33">3.3</a>,
  <a href="#34">3.4</a>,
! <a href="#35">3.5</a>.
  </td>
  </tr>
  </table>
--- 54,61 ----
  <a href="#32">3.2</a>,
  <a href="#33">3.3</a>,
  <a href="#34">3.4</a>,
! <a href="#35">3.5</a>,
! <a href="#36">3.6</a>.
  </td>
  </tr>
  </table>
***************
*** 219,224 ****
--- 220,237 ----
  <li><h3><font color="#e00000">Advisories</font></h3><p>
  
  <li>
+ <a name="36"></a>
+ 
+ <h3><font color="#e00000">OpenBSD 3.6 Security Advisories</font></h3>
+ These are the OpenBSD 3.6 advisories -- all these problems are solved 
+ in <a href=anoncvs.html>OpenBSD current</a> and the
+ <a href=stable.html>patch branch</a>.
+ 
+ <p>
+ There are no security advisories for OpenBSD 3.6 at the moment.
+ 
+ <p>
+ <li>
  <a name="35"></a>
  
  <h3><font color="#e00000">OpenBSD 3.5 Security Advisories</font></h3>
***************
*** 228,279 ****
  
  <p>
  <ul>
! <li><a href="errata.html#radius">Sep 20, 2004:
  	Radius-based authentication is vulnerable to spoofed replies.</a>
! <li><a href="errata.html#xpm">Sep 16, 2004:
  	The Xpm library has vulnerabilities when parsing malicious images.</a>
! <li><a href="errata.html#httpd2"> Sep 10, 2004:
  	httpd(8)'s mod_rewrite module can be made to write one zero byte in
  	an arbitrary memory position outside of a char array, causing a DoS
  	or possibly buffer overflows.</a>
! <li><a href="errata.html#httpd"> Jun 12, 2004:
  	Multiple vulnerabilities have been found in httpd(8) / mod_ssl.</a>
! <li><a href="errata.html#isakmpd"> Jun 10, 2004:
  	isakmpd(8) still has issues with unauthorized SA deletion,
  	an attacker can delete IPsec tunnels at will.</a>
! <li><a href="errata.html#cvs3"> Jun 9, 2004:
  	Multiple remote vulnerabilities have been found in the cvs(1)
  	server which can be used by CVS clients to crash or execute
  	arbitrary code on the server.</a>
! <li><a href="errata.html#kerberos"> May 30, 2004:
  	kdc(8) performs inadequate checking of request fields, leading
  	to the possibility of principal impersonation from other
  	Kerberos realms if they	are trusted with a cross-realm trust.</a>
! <li><a href="errata.html#xdm"> May 26, 2004:
  	xdm(1) ignores the requestPort resource and creates a 
          listening socket regardless of the setting in xdm-config.</a>
! <li><a href="errata.html#cvs2"> May 20, 2004:
  	A buffer overflow in the cvs(1) server has been found,
  	which can be used by CVS clients to execute arbitrary code on
  	the server.</a>
! <li><a href="errata.html#procfs"> May 13, 2004:
  	Integer overflow problems were found in procfs, allowing
  	reading of arbitrary kernel memory.</a>
! <li><a href="errata.html#cvs"> May 5, 2004:
  	Pathname validation problems have been found in cvs(1),
  	allowing clients and servers access to files outside the
  	repository or local CVS tree.</a>
  </ul>
  
  <p>
  <li>
  <a name="34"></a>
  
  <h3><font color="#e00000">OpenBSD 3.4 Security Advisories</font></h3>
  These are the OpenBSD 3.4 advisories -- all these problems are solved 
! in <a href="anoncvs.html">OpenBSD current</a> and the
! <a href="stable.html">patch branch</a>.
! 
  <p>
  <ul>
  <li><a href="errata34.html#xpm">Sep 16, 2004:
--- 241,297 ----
  
  <p>
  <ul>
! <li><a href="errata35.html#radius">Sep 20, 2004:
  	Radius-based authentication is vulnerable to spoofed replies.</a>
! <li><a href="errata35.html#xpm">Sep 16, 2004:
  	The Xpm library has vulnerabilities when parsing malicious images.</a>
! <li><a href="errata35.html#httpd2"> Sep 10, 2004:
  	httpd(8)'s mod_rewrite module can be made to write one zero byte in
  	an arbitrary memory position outside of a char array, causing a DoS
  	or possibly buffer overflows.</a>
! <li><a href="errata35.html#httpd"> Jun 12, 2004:
  	Multiple vulnerabilities have been found in httpd(8) / mod_ssl.</a>
! <li><a href="errata35.html#isakmpd"> Jun 10, 2004:
  	isakmpd(8) still has issues with unauthorized SA deletion,
  	an attacker can delete IPsec tunnels at will.</a>
! <li><a href="errata35.html#cvs3"> Jun 9, 2004:
  	Multiple remote vulnerabilities have been found in the cvs(1)
  	server which can be used by CVS clients to crash or execute
  	arbitrary code on the server.</a>
! <li><a href="errata35.html#kerberos"> May 30, 2004:
  	kdc(8) performs inadequate checking of request fields, leading
  	to the possibility of principal impersonation from other
  	Kerberos realms if they	are trusted with a cross-realm trust.</a>
! <li><a href="errata35.html#xdm"> May 26, 2004:
  	xdm(1) ignores the requestPort resource and creates a 
          listening socket regardless of the setting in xdm-config.</a>
! <li><a href="errata35.html#cvs2"> May 20, 2004:
  	A buffer overflow in the cvs(1) server has been found,
  	which can be used by CVS clients to execute arbitrary code on
  	the server.</a>
! <li><a href="errata35.html#procfs"> May 13, 2004:
  	Integer overflow problems were found in procfs, allowing
  	reading of arbitrary kernel memory.</a>
! <li><a href="errata35.html#cvs"> May 5, 2004:
  	Pathname validation problems have been found in cvs(1),
  	allowing clients and servers access to files outside the
  	repository or local CVS tree.</a>
  </ul>
  
  <p>
+ OpenBSD 3.4 and earlier releases are not supported anymore. The following
+ paragraphs only list advisories issued while they were maintained; these
+ releases are likely to be affected by the advisories for more recent releases.
+ <br>
+ 
  <li>
  <a name="34"></a>
  
  <h3><font color="#e00000">OpenBSD 3.4 Security Advisories</font></h3>
  These are the OpenBSD 3.4 advisories -- all these problems are solved 
! in <a href="anoncvs.html">OpenBSD current</a>. The
! <a href="stable.html">patch branch</a> for 3.4 is no longer being maintained,
! you should update your machine.
  <p>
  <ul>
  <li><a href="errata34.html#xpm">Sep 16, 2004:
***************
*** 335,346 ****
  	applications linked with ssl(3).</a>
  </ul>
  
- <p>
- OpenBSD 3.3 and earlier releases are not supported anymore. The following
- paragraphs only list advisories issued while they were maintained; these
- releases are likely to be affected by the advisories for more recent releases.
- <br>
- 
  <li>
  <a name="33"></a>
  
--- 353,358 ----
***************
*** 1276,1282 ****
  <a href="index.html"><img height=24 width=24 src="back.gif" border=0 alt="OpenBSD"></a>
  <a href="mailto:www@openbsd.org">www@openbsd.org</a>
  <br>
! <small>$OpenBSD: security.html,v 1.300 2004/10/23 20:34:08 deraadt Exp $</small>
  
  </body>
  </html>
--- 1288,1294 ----
  <a href="index.html"><img height=24 width=24 src="back.gif" border=0 alt="OpenBSD"></a>
  <a href="mailto:www@openbsd.org">www@openbsd.org</a>
  <br>
! <small>$OpenBSD: security.html,v 1.301 2004/10/29 17:22:17 miod Exp $</small>
  
  </body>
  </html>