===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/security.html,v
retrieving revision 1.234
retrieving revision 1.235
diff -u -r1.234 -r1.235
--- www/security.html	2003/02/23 00:20:51	1.234
+++ www/security.html	2003/02/23 17:21:50	1.235
@@ -224,7 +224,6 @@
 </ul>
 
 <p>
-
 <li>
 <a name=31></a>
 
@@ -235,6 +234,11 @@
 
 <p>
 <ul>
+<li><a href=errata31.html#ssl2>February 23, 2003:
+	In ssl(8) an information leak can occur via timing by performing
+	a MAC computation even if incorrect block cipher padding has 
+	been found, this is a countermeasure. Also, check for negative
+	sizes, in allocation routines.</a>
 <li><a href=errata31.html#cvs>January 20, 2003:
 	A double free exists in cvs(1) that could lead to privilege
 	escalation for cvs configurations where the cvs command is
@@ -305,8 +309,17 @@
         in the sshd_config file.</a>
 </ul>
 
+</dl>
 <p>
+OpenBSD 3.0 and earlier releases are not supported anymore. The following
+paragraphs only list advisories issued while they were maintained; these
+releases are likely to be affected by the advisories for more recent releases.
+<br>
 
+<p>
+<dl>
+
+<p>
 <li>
 <a name=30></a>
 
@@ -414,15 +427,8 @@
 	A security hole that may allow an attacker to partially authenticate
 	if -- and only if -- the administrator has enabled KerberosV.</a>
 </ul>
-</dl>
-<p>
-OpenBSD 2.9 and earlier releases are not supported anymore. The following
-paragraphs only list advisories issued while they were maintained; these
-releases are likely to be affected by the advisories for more recent releases.
-<br>
 
 <p>
-<dl>
 <li>
 <a name=29></a>
 
@@ -699,7 +705,6 @@
 
 <p>
 <li>
-
 <a name=25></a>
 
 <h3><font color=#e00000>OpenBSD 2.5 Security Advisories</font></h3>
@@ -736,6 +741,7 @@
 <p>
 <li>
 <a name=24></a>
+
 <h3><font color=#e00000>OpenBSD 2.4 Security Advisories</font></h3>
 These are the OpenBSD 2.4 advisories -- all these problems are solved 
 in <a href=anoncvs.html>OpenBSD current</a>.  Obviously, all the
@@ -780,6 +786,7 @@
 <p>
 <li>
 <a name=23></a>
+
 <h3><font color=#e00000>OpenBSD 2.3 Security Advisories</font></h3>
 These are the OpenBSD 2.3 advisories -- all these problems are solved 
 in <a href=anoncvs.html>OpenBSD current</a>.  Obviously, all the
@@ -815,6 +822,7 @@
 <p>
 <li>
 <a name=22></a>
+
 <h3><font color=#e00000>OpenBSD 2.2 Security Advisories</font></h3>
 These are the OpenBSD 2.2 advisories.  All these problems are solved
 in <a href=23.html>OpenBSD 2.3</a>.  Some of these problems
@@ -849,6 +857,7 @@
 <p>
 <li>
 <a name=21></a>
+
 <h3><font color=#e00000>OpenBSD 2.1 Security Advisories</font></h3>
 These are the OpenBSD 2.1 advisories.  All these problems are solved
 in <a href=22.html>OpenBSD 2.2</a>.  Some of these problems still
@@ -870,6 +879,7 @@
 <p>
 <li>
 <a name=20></a>
+
 <h3><font color=#e00000>OpenBSD 2.0 Security Advisories</font></h3>
 These are the OpenBSD 2.0 advisories.  All these problems are solved
 in <a href=21.html>OpenBSD 2.1</a>.  Some of these problems still
@@ -994,7 +1004,7 @@
 <a href=index.html><img height=24 width=24 src=back.gif border=0 alt=OpenBSD></a>
 <a href=mailto:www@openbsd.org>www@openbsd.org</a>
 <br>
-<small>$OpenBSD: security.html,v 1.234 2003/02/23 00:20:51 margarida Exp $</small>
+<small>$OpenBSD: security.html,v 1.235 2003/02/23 17:21:50 miod Exp $</small>
 
 </body>
 </html>