diff --git a/website/data/security/advisories.toml b/website/data/security/advisories.toml
index 18fcab9bf1..45d0ba9cb2 100644
--- a/website/data/security/advisories.toml
+++ b/website/data/security/advisories.toml
@@ -1,2839 +1,2855 @@
# Sort advisories by year, month and day
# $FreeBSD$
+[[advisories]]
+name = "FreeBSD-SA-26:09.pf"
+date = "2026-03-26"
+
+[[advisories]]
+name = "FreeBSD-SA-26:08.rpcsec_gss"
+date = "2026-03-26"
+
+[[advisories]]
+name = "FreeBSD-SA-26:07.nvmf"
+date = "2026-03-26"
+
+[[advisories]]
+name = "FreeBSD-SA-26:06.tcp"
+date = "2026-03-26"
+
[[advisories]]
name = "FreeBSD-SA-26:05.route"
date = "2026-02-24"
[[advisories]]
name = "FreeBSD-SA-26:04.jail"
date = "2026-02-24"
[[advisories]]
name = "FreeBSD-SA-26:03.blocklistd"
date = "2026-02-10"
[[advisories]]
name = "FreeBSD-SA-26:02.jail"
date = "2026-01-27"
[[advisories]]
name = "FreeBSD-SA-26:01.openssl"
date = "2026-01-27"
[[advisories]]
name = "FreeBSD-SA-25:12.rtsold"
date = "2025-12-16"
[[advisories]]
name = "FreeBSD-SA-25:11.ipfw"
date = "2025-12-16"
[[advisories]]
name = "FreeBSD-SA-25:10.unbound"
date = "2025-11-26"
[[advisories]]
name = "FreeBSD-SA-25:09.netinet"
date = "2025-10-22"
[[advisories]]
name = "FreeBSD-SA-25:08.openssl"
date = "2025-09-30"
[[advisories]]
name = "FreeBSD-SA-25:07.libarchive"
date = "2025-08-08"
[[advisories]]
name = "FreeBSD-SA-25:06.xz"
date = "2025-07-02"
[[advisories]]
name = "FreeBSD-SA-25:05.openssh"
date = "2025-02-21"
[[advisories]]
name = "FreeBSD-SA-25:04.ktrace"
date = "2025-01-29"
[[advisories]]
name = "FreeBSD-SA-25:03.etcupdate"
date = "2025-01-29"
[[advisories]]
name = "FreeBSD-SA-25:02.fs"
date = "2025-01-29"
[[advisories]]
name = "FreeBSD-SA-25:01.openssh"
date = "2025-01-29"
[[advisories]]
name = "FreeBSD-SA-24:19.fetch"
date = "2024-10-29"
[[advisories]]
name = "FreeBSD-SA-24:18.ctl"
date = "2024-10-29"
[[advisories]]
name = "FreeBSD-SA-24:17.bhyve"
date = "2024-10-29"
[[advisories]]
name = "FreeBSD-SA-24:16.libnv"
date = "2024-09-19"
[[advisories]]
name = "FreeBSD-SA-24:15.bhyve"
date = "2024-09-19"
[[advisories]]
name = "FreeBSD-SA-24:14.umtx"
date = "2024-09-04"
[[advisories]]
name = "FreeBSD-SA-24:13.openssl"
date = "2024-09-04"
[[advisories]]
name = "FreeBSD-SA-24:12.bhyve"
date = "2024-09-04"
[[advisories]]
name = "FreeBSD-SA-24:11.ctl"
date = "2024-09-04"
[[advisories]]
name = "FreeBSD-SA-24:10.bhyve"
date = "2024-09-04"
[[advisories]]
name = "FreeBSD-SA-24:09.libnv"
date = "2024-09-04"
[[advisories]]
name = "FreeBSD-SA-24:08.openssh"
date = "2024-08-07"
[[advisories]]
name = "FreeBSD-SA-24:07.nfsclient"
date = "2024-08-07"
[[advisories]]
name = "FreeBSD-SA-24:06.ktrace"
date = "2024-08-07"
[[advisories]]
name = "FreeBSD-SA-24:05.pf"
date = "2024-08-07"
[[advisories]]
name = "FreeBSD-SA-24:04.openssh"
date = "2024-07-01"
[[advisories]]
name = "FreeBSD-SA-24:03.unbound"
date = "2024-03-28"
[[advisories]]
name = "FreeBSD-SA-24:02.tty"
date = "2024-02-14"
[[advisories]]
name = "FreeBSD-SA-24:01.bhyveload"
date = "2024-02-14"
[[advisories]]
name = "FreeBSD-SA-23:19.openssh"
date = "2023-12-19"
[[advisories]]
name = "FreeBSD-SA-23:18.nfsclient"
date = "2023-12-12"
[[advisories]]
name = "FreeBSD-SA-23:17.pf"
date = "2023-12-05"
[[advisories]]
name = "FreeBSD-SA-23:16.cap_net"
date = "2023-11-08"
[[advisories]]
name = "FreeBSD-SA-23:15.stdio"
date = "2023-11-08"
[[advisories]]
name = "FreeBSD-SA-23:14.smccc"
date = "2023-10-03"
[[advisories]]
name = "FreeBSD-SA-23:13.capsicum"
date = "2023-10-03"
[[advisories]]
name = "FreeBSD-SA-23:12.msdosfs"
date = "2023-10-03"
[[advisories]]
name = "FreeBSD-SA-23:11.wifi"
date = "2023-09-06"
[[advisories]]
name = "FreeBSD-SA-23:10.pf"
date = "2023-09-06"
[[advisories]]
name = "FreeBSD-SA-23:09.pam_krb5"
date = "2023-08-01"
[[advisories]]
name = "FreeBSD-SA-23:08.ssh"
date = "2023-08-01"
[[advisories]]
name = "FreeBSD-SA-23:07.bhyve"
date = "2023-08-01"
[[advisories]]
name = "FreeBSD-SA-23:06.ipv6"
date = "2023-08-01"
[[advisories]]
name = "FreeBSD-SA-23:05.openssh"
date = "2023-06-21"
[[advisories]]
name = "FreeBSD-SA-23:04.pam_krb5"
date = "2023-06-21"
[[advisories]]
name = "FreeBSD-SA-23:03.openssl"
date = "2023-02-16"
[[advisories]]
name = "FreeBSD-SA-23:02.openssh"
date = "2023-02-16"
[[advisories]]
name = "FreeBSD-SA-23:01.geli"
date = "2023-02-08"
[[advisories]]
name = "FreeBSD-SA-22:15.ping"
date = "2022-11-29"
[[advisories]]
name = "FreeBSD-SA-22:14.heimdal"
date = "2022-11-15"
[[advisories]]
name = "FreeBSD-SA-22:13.zlib"
date = "2022-08-30"
[[advisories]]
name = "FreeBSD-SA-22:12.lib9p"
date = "2022-08-09"
[[advisories]]
name = "FreeBSD-SA-22:11.vm"
date = "2022-08-09"
[[advisories]]
name = "FreeBSD-SA-22:10.aio"
date = "2022-08-09"
[[advisories]]
name = "FreeBSD-SA-22:09.elf"
date = "2022-08-09"
[[advisories]]
name = "FreeBSD-SA-22:08.zlib"
date = "2022-04-06"
[[advisories]]
name = "FreeBSD-SA-22:07.wifi_meshid"
date = "2022-04-06"
[[advisories]]
name = "FreeBSD-SA-22:06.ioctl"
date = "2022-04-06"
[[advisories]]
name = "FreeBSD-SA-22:05.bhyve"
date = "2022-04-06"
[[advisories]]
name = "FreeBSD-SA-22:04.netmap"
date = "2022-04-06"
[[advisories]]
name = "FreeBSD-SA-22:03.openssl"
date = "2022-03-15"
[[advisories]]
name = "FreeBSD-SA-22:02.wifi"
date = "2022-03-15"
[[advisories]]
name = "FreeBSD-SA-22:01.vt"
date = "2022-01-11"
[[advisories]]
name = "FreeBSD-SA-21:17.openssl"
date = "2021-08-24"
[[advisories]]
name = "FreeBSD-SA-21:16.openssl"
date = "2021-08-24"
[[advisories]]
name = "FreeBSD-SA-21:15.libfetch"
date = "2021-08-24"
[[advisories]]
name = "FreeBSD-SA-21:14.ggatec"
date = "2021-08-24"
[[advisories]]
name = "FreeBSD-SA-21:13.bhyve"
date = "2021-08-24"
[[advisories]]
name = "FreeBSD-SA-21:12.libradius"
date = "2021-05-26"
[[advisories]]
name = "FreeBSD-SA-21:11.smap"
date = "2021-05-26"
[[advisories]]
name = "FreeBSD-SA-21:10.jail_mount"
date = "2021-04-06"
[[advisories]]
name = "FreeBSD-SA-21:09.accept_filter"
date = "2021-04-06"
[[advisories]]
name = "FreeBSD-SA-21:08.vm"
date = "2021-04-06"
[[advisories]]
name = "FreeBSD-SA-21:07.openssl"
date = "2021-03-25"
[[advisories]]
name = "FreeBSD-SA-21:06.xen"
date = "2021-02-24"
[[advisories]]
name = "FreeBSD-SA-21:05.jail_chdir"
date = "2021-02-24"
[[advisories]]
name = "FreeBSD-SA-21:04.jail_remove"
date = "2021-02-24"
[[advisories]]
name = "FreeBSD-SA-21:03.pam_login_access"
date = "2021-02-24"
[[advisories]]
name = "FreeBSD-SA-21:02.xenoom"
date = "2021-01-29"
[[advisories]]
name = "FreeBSD-SA-21:01.fsdisclosure"
date = "2021-01-29"
[[advisories]]
name = "FreeBSD-SA-20:33.openssl"
date = "2020-12-08"
[[advisories]]
name = "FreeBSD-SA-20:32.rtsold"
date = "2020-12-01"
[[advisories]]
name = "FreeBSD-SA-20:31.icmp6"
date = "2020-12-01"
[[advisories]]
name = "FreeBSD-SA-20:30.ftpd"
date = "2020-09-15"
[[advisories]]
name = "FreeBSD-SA-20:29.bhyve_svm"
date = "2020-09-15"
[[advisories]]
name = "FreeBSD-SA-20:28.bhyve_vmcs"
date = "2020-09-15"
[[advisories]]
name = "FreeBSD-SA-20:27.ure"
date = "2020-09-15"
[[advisories]]
name = "FreeBSD-SA-20:26.dhclient"
date = "2020-09-02"
[[advisories]]
name = "FreeBSD-SA-20:25.sctp"
date = "2020-09-02"
[[advisories]]
name = "FreeBSD-SA-20:24.ipv6"
date = "2020-09-02"
[[advisories]]
name = "FreeBSD-SA-20:23.sendmsg"
date = "2020-08-05"
[[advisories]]
name = "FreeBSD-SA-20:22.sqlite"
date = "2020-08-05"
[[advisories]]
name = "FreeBSD-SA-20:21.usb_net"
date = "2020-08-05"
[[advisories]]
name = "FreeBSD-SA-20:20.ipv6"
date = "2020-07-08"
[[advisories]]
name = "FreeBSD-SA-20:19.unbound"
date = "2020-07-08"
[[advisories]]
name = "FreeBSD-SA-20:18.posix_spawnp"
date = "2020-07-08"
[[advisories]]
name = "FreeBSD-SA-20:17.usb"
date = "2020-06-09"
[[advisories]]
name = "FreeBSD-SA-20:16.cryptodev"
date = "2020-05-12"
[[advisories]]
name = "FreeBSD-SA-20:15.cryptodev"
date = "2020-05-12"
[[advisories]]
name = "FreeBSD-SA-20:14.sctp"
date = "2020-05-12"
[[advisories]]
name = "FreeBSD-SA-20:13.libalias"
date = "2020-05-12"
[[advisories]]
name = "FreeBSD-SA-20:12.libalias"
date = "2020-05-12"
[[advisories]]
name = "FreeBSD-SA-20:11.openssl"
date = "2020-04-21"
[[advisories]]
name = "FreeBSD-SA-20:10.ipfw"
date = "2020-04-21"
[[advisories]]
name = "FreeBSD-SA-20:09.ntp"
date = "2020-03-19"
[[advisories]]
name = "FreeBSD-SA-20:08.jail"
date = "2020-03-19"
[[advisories]]
name = "FreeBSD-SA-20:07.epair"
date = "2020-03-19"
[[advisories]]
name = "FreeBSD-SA-20:06.if_ixl_ioctl"
date = "2020-03-19"
[[advisories]]
name = "FreeBSD-SA-20:05.if_oce_ioctl"
date = "2020-03-19"
[[advisories]]
name = "FreeBSD-SA-20:04.tcp"
date = "2020-03-19"
[[advisories]]
name = "FreeBSD-SA-20:03.thrmisc"
date = "2020-01-28"
[[advisories]]
name = "FreeBSD-SA-20:02.ipsec"
date = "2020-01-28"
[[advisories]]
name = "FreeBSD-SA-20:01.libfetch"
date = "2020-01-28"
[[advisories]]
name = "FreeBSD-SA-19:26.mcu"
date = "2019-11-12"
[[advisories]]
name = "FreeBSD-SA-19:25.mcepsc"
date = "2019-11-12"
[[advisories]]
name = "FreeBSD-SA-19:24.mqueuefs"
date = "2019-08-20"
[[advisories]]
name = "FreeBSD-SA-19:23.midi"
date = "2019-08-20"
[[advisories]]
name = "FreeBSD-SA-19:22.mbuf"
date = "2019-08-20"
[[advisories]]
name = "FreeBSD-SA-19:21.bhyve"
date = "2019-08-06"
[[advisories]]
name = "FreeBSD-SA-19:20.bsnmp"
date = "2019-08-06"
[[advisories]]
name = "FreeBSD-SA-19:19.mldv2"
date = "2019-08-06"
[[advisories]]
name = "FreeBSD-SA-19:18.bzip2"
date = "2019-08-06"
[[advisories]]
name = "FreeBSD-SA-19:17.fd"
date = "2019-07-24"
[[advisories]]
name = "FreeBSD-SA-19:16.bhyve"
date = "2019-07-24"
[[advisories]]
name = "FreeBSD-SA-19:15.mqueuefs"
date = "2019-07-24"
[[advisories]]
name = "FreeBSD-SA-19:14.freebsd32"
date = "2019-07-24"
[[advisories]]
name = "FreeBSD-SA-19:13.pts"
date = "2019-07-24"
[[advisories]]
name = "FreeBSD-SA-19:12.telnet"
date = "2019-07-24"
[[advisories]]
name = "FreeBSD-SA-19:11.cd_ioctl"
date = "2019-07-02"
[[advisories]]
name = "FreeBSD-SA-19:10.ufs"
date = "2019-07-02"
[[advisories]]
name = "FreeBSD-SA-19:09.iconv"
date = "2019-07-02"
[[advisories]]
name = "FreeBSD-SA-19:08.rack"
date = "2019-06-19"
[[advisories]]
name = "FreeBSD-SA-19:07.mds"
date = "2019-05-14"
[[advisories]]
name = "FreeBSD-SA-19:06.pf"
date = "2019-05-14"
[[advisories]]
name = "FreeBSD-SA-19:05.pf"
date = "2019-05-14"
[[advisories]]
name = "FreeBSD-SA-19:04.ntp"
date = "2019-05-14"
[[advisories]]
name = "FreeBSD-SA-19:03.wpa"
date = "2019-05-14"
[[advisories]]
name = "FreeBSD-SA-19:02.fd"
date = "2019-02-05"
[[advisories]]
name = "FreeBSD-SA-19:01.syscall"
date = "2019-02-05"
[[advisories]]
name = "FreeBSD-SA-18:15.bootpd"
date = "2018-12-19"
[[advisories]]
name = "FreeBSD-SA-18:14.bhyve"
date = "2018-12-04"
[[advisories]]
name = "FreeBSD-SA-18:13.nfs"
date = "2018-11-27"
[[advisories]]
name = "FreeBSD-SA-18:12.elf"
date = "2018-09-12"
[[advisories]]
name = "FreeBSD-SA-18:11.hostapd"
date = "2018-08-14"
[[advisories]]
name = "FreeBSD-SA-18:10.ip"
date = "2018-08-14"
[[advisories]]
name = "FreeBSD-SA-18:09.l1tf"
date = "2018-08-14"
[[advisories]]
name = "FreeBSD-SA-18:08.tcp"
date = "2018-08-06"
[[advisories]]
name = "FreeBSD-SA-18:07.lazyfpu"
date = "2018-06-21"
[[advisories]]
name = "FreeBSD-SA-18:06.debugreg"
date = "2018-05-08"
[[advisories]]
name = "FreeBSD-SA-18:05.ipsec"
date = "2018-04-04"
[[advisories]]
name = "FreeBSD-SA-18:04.vt"
date = "2018-04-04"
[[advisories]]
name = "FreeBSD-SA-18:03.speculative_execution"
date = "2018-03-14"
[[advisories]]
name = "FreeBSD-SA-18:02.ntp"
date = "2018-03-07"
[[advisories]]
name = "FreeBSD-SA-18:01.ipsec"
date = "2018-03-07"
[[advisories]]
name = "FreeBSD-SA-17:12.openssl"
date = "2017-12-09"
[[advisories]]
name = "FreeBSD-SA-17:11.openssl"
date = "2017-11-29"
[[advisories]]
name = "FreeBSD-SA-17:10.kldstat"
date = "2017-11-15"
[[advisories]]
name = "FreeBSD-SA-17:09.shm"
date = "2017-11-15"
[[advisories]]
name = "FreeBSD-SA-17:08.ptrace"
date = "2017-11-15"
[[advisories]]
name = "FreeBSD-SA-17:07.wpa"
date = "2017-10-17"
[[advisories]]
name = "FreeBSD-SA-17:06.openssh"
date = "2017-08-10"
[[advisories]]
name = "FreeBSD-SA-17:05.heimdal"
date = "2017-07-12"
[[advisories]]
name = "FreeBSD-SA-17:04.ipfilter"
date = "2017-04-27"
[[advisories]]
name = "FreeBSD-SA-17:03.ntp"
date = "2017-04-12"
[[advisories]]
name = "FreeBSD-SA-17:02.openssl"
date = "2017-02-23"
[[advisories]]
name = "FreeBSD-SA-17:01.openssh"
date = "2017-01-11"
[[advisories]]
name = "FreeBSD-SA-16:39.ntp"
date = "2016-12-22"
[[advisories]]
name = "FreeBSD-SA-16:38.bhyve"
date = "2016-12-06"
[[advisories]]
name = "FreeBSD-SA-16:37.libc"
date = "2016-12-06"
[[advisories]]
name = "FreeBSD-SA-16:36.telnetd"
date = "2016-12-06"
[[advisories]]
name = "FreeBSD-SA-16:35.openssl"
date = "2016-11-02"
[[advisories]]
name = "FreeBSD-SA-16:34.bind"
date = "2016-11-02"
[[advisories]]
name = "FreeBSD-SA-16:33.openssh"
date = "2016-11-02"
[[advisories]]
name = "FreeBSD-SA-16:32.bhyve"
date = "2016-10-25"
[[advisories]]
name = "FreeBSD-SA-16:31.libarchive"
date = "2016-10-10"
[[advisories]]
name = "FreeBSD-SA-16:30.portsnap"
date = "2016-10-10"
[[advisories]]
name = "FreeBSD-SA-16:29.bspatch"
date = "2016-10-10"
[[advisories]]
name = "FreeBSD-SA-16:28.bind"
date = "2016-10-10"
[[advisories]]
name = "FreeBSD-SA-16:27.openssl"
date = "2016-10-10"
[[advisories]]
name = "FreeBSD-SA-16:26.openssl"
date = "2016-09-23"
[[advisories]]
name = "FreeBSD-SA-16:25.bspatch"
date = "2016-07-25"
[[advisories]]
name = "FreeBSD-SA-16:24.ntp"
date = "2016-06-04"
[[advisories]]
name = "FreeBSD-SA-16:23.libarchive"
date = "2016-05-31"
[[advisories]]
name = "FreeBSD-SA-16:22.libarchive"
date = "2016-05-31"
[[advisories]]
name = "FreeBSD-SA-16:21.43bsd"
date = "2016-05-31"
[[advisories]]
name = "FreeBSD-SA-16:20.linux"
date = "2016-05-31"
[[advisories]]
name = "FreeBSD-SA-16:19.sendmsg"
date = "2016-05-17"
[[advisories]]
name = "FreeBSD-SA-16:18.atkbd"
date = "2016-05-17"
[[advisories]]
name = "FreeBSD-SA-16:17.openssl"
date = "2016-05-04"
[[advisories]]
name = "FreeBSD-SA-16:16.ntp"
date = "2016-04-29"
[[advisories]]
name = "FreeBSD-SA-16:15.sysarch"
date = "2016-03-16"
[[advisories]]
name = "FreeBSD-SA-16:14.openssh"
date = "2016-03-16"
[[advisories]]
name = "FreeBSD-SA-16:13.bind"
date = "2016-03-10"
[[advisories]]
name = "FreeBSD-SA-16:12.openssl"
date = "2016-03-10"
[[advisories]]
name = "FreeBSD-SA-16:11.openssl"
date = "2016-01-30"
[[advisories]]
name = "FreeBSD-SA-16:10.linux"
date = "2016-01-27"
[[advisories]]
name = "FreeBSD-SA-16:09.ntp"
date = "2016-01-27"
[[advisories]]
name = "FreeBSD-SA-16:08.bind"
date = "2016-01-27"
[[advisories]]
name = "FreeBSD-SA-16:07.openssh"
date = "2016-01-14"
[[advisories]]
name = "FreeBSD-SA-16:06.bsnmpd"
date = "2016-01-14"
[[advisories]]
name = "FreeBSD-SA-16:05.tcp"
date = "2016-01-14"
[[advisories]]
name = "FreeBSD-SA-16:04.linux"
date = "2016-01-14"
[[advisories]]
name = "FreeBSD-SA-16:03.linux"
date = "2016-01-14"
[[advisories]]
name = "FreeBSD-SA-16:02.ntp"
date = "2016-01-14"
[[advisories]]
name = "FreeBSD-SA-16:01.sctp"
date = "2016-01-14"
[[advisories]]
name = "FreeBSD-SA-15:27.bind"
date = "2015-12-16"
[[advisories]]
name = "FreeBSD-SA-15:26.openssl"
date = "2015-12-06"
[[advisories]]
name = "FreeBSD-SA-15:25.ntp"
date = "2015-10-26"
[[advisories]]
name = "FreeBSD-SA-15:24.rpcbind"
date = "2015-09-29"
[[advisories]]
name = "FreeBSD-SA-15:23.bind"
date = "2015-09-02"
[[advisories]]
name = "FreeBSD-SA-15:22.openssh"
date = "2015-08-25"
[[advisories]]
name = "FreeBSD-SA-15:21.amd64"
date = "2015-08-25"
[[advisories]]
name = "FreeBSD-SA-15:20.expat"
date = "2015-08-18"
[[advisories]]
name = "FreeBSD-SA-15:19.routed"
date = "2015-08-05"
[[advisories]]
name = "FreeBSD-SA-15:18.bsdpatch"
date = "2015-08-05"
[[advisories]]
name = "FreeBSD-SA-15:17.bind"
date = "2015-07-28"
[[advisories]]
name = "FreeBSD-SA-15:16.openssh"
date = "2015-07-28"
[[advisories]]
name = "FreeBSD-SA-15:15.tcp"
date = "2015-07-28"
[[advisories]]
name = "FreeBSD-SA-15:14.bsdpatch"
date = "2015-07-28"
[[advisories]]
name = "FreeBSD-SA-15:13.tcp"
date = "2015-07-21"
[[advisories]]
name = "FreeBSD-SA-15:12.openssl"
date = "2015-07-09"
[[advisories]]
name = "FreeBSD-SA-15:11.bind"
date = "2015-07-07"
[[advisories]]
name = "FreeBSD-SA-15:10.openssl"
date = "2015-06-12"
[[advisories]]
name = "FreeBSD-SA-15:09.ipv6"
date = "2015-04-07"
[[advisories]]
name = "FreeBSD-SA-15:08.bsdinstall"
date = "2015-04-07"
[[advisories]]
name = "FreeBSD-SA-15:07.ntp"
date = "2015-04-07"
[[advisories]]
name = "FreeBSD-SA-15:06.openssl"
date = "2015-03-19"
[[advisories]]
name = "FreeBSD-SA-15:05.bind"
date = "2015-02-25"
[[advisories]]
name = "FreeBSD-SA-15:04.igmp"
date = "2015-02-25"
[[advisories]]
name = "FreeBSD-SA-15:03.sctp"
date = "2015-01-27"
[[advisories]]
name = "FreeBSD-SA-15:02.kmem"
date = "2015-01-27"
[[advisories]]
name = "FreeBSD-SA-15:01.openssl"
date = "2015-01-14"
[[advisories]]
name = "FreeBSD-SA-14:31.ntp"
date = "2014-12-23"
[[advisories]]
name = "FreeBSD-SA-14:30.unbound"
date = "2014-12-17"
[[advisories]]
name = "FreeBSD-SA-14:29.bind"
date = "2014-12-10"
[[advisories]]
name = "FreeBSD-SA-14:28.file"
date = "2014-12-10"
[[advisories]]
name = "FreeBSD-SA-14:27.stdio"
date = "2014-12-10"
[[advisories]]
name = "FreeBSD-SA-14:26.ftp"
date = "2014-11-04"
[[advisories]]
name = "FreeBSD-SA-14:25.setlogin"
date = "2014-11-04"
[[advisories]]
name = "FreeBSD-SA-14:24.sshd"
date = "2014-11-04"
[[advisories]]
name = "FreeBSD-SA-14:23.openssl"
date = "2014-10-21"
[[advisories]]
name = "FreeBSD-SA-14:22.namei"
date = "2014-10-21"
[[advisories]]
name = "FreeBSD-SA-14:21.routed"
date = "2014-10-21"
[[advisories]]
name = "FreeBSD-SA-14:20.rtsold"
date = "2014-10-21"
[[advisories]]
name = "FreeBSD-SA-14:19.tcp"
date = "2014-09-16"
[[advisories]]
name = "FreeBSD-SA-14:18.openssl"
date = "2014-09-09"
[[advisories]]
name = "FreeBSD-SA-14:17.kmem"
date = "2014-07-08"
[[advisories]]
name = "FreeBSD-SA-14:16.file"
date = "2014-06-24"
[[advisories]]
name = "FreeBSD-SA-14:15.iconv"
date = "2014-06-24"
[[advisories]]
name = "FreeBSD-SA-14:14.openssl"
date = "2014-06-05"
[[advisories]]
name = "FreeBSD-SA-14:13.pam"
date = "2014-06-03"
[[advisories]]
name = "FreeBSD-SA-14:12.ktrace"
date = "2014-06-03"
[[advisories]]
name = "FreeBSD-SA-14:11.sendmail"
date = "2014-06-03"
[[advisories]]
name = "FreeBSD-SA-14:10.openssl"
date = "2014-05-13"
[[advisories]]
name = "FreeBSD-SA-14:09.openssl"
date = "2014-04-30"
[[advisories]]
name = "FreeBSD-SA-14:08.tcp"
date = "2014-04-30"
[[advisories]]
name = "FreeBSD-SA-14:07.devfs"
date = "2014-04-30"
[[advisories]]
name = "FreeBSD-SA-14:06.openssl"
date = "2014-04-08"
[[advisories]]
name = "FreeBSD-SA-14:05.nfsserver"
date = "2014-04-08"
[[advisories]]
name = "FreeBSD-SA-14:04.bind"
date = "2014-01-14"
[[advisories]]
name = "FreeBSD-SA-14:03.openssl"
date = "2014-01-14"
[[advisories]]
name = "FreeBSD-SA-14:02.ntpd"
date = "2014-01-14"
[[advisories]]
name = "FreeBSD-SA-14:01.bsnmpd"
date = "2014-01-14"
[[advisories]]
name = "FreeBSD-SA-13:14.openssh"
date = "2013-11-19"
[[advisories]]
name = "FreeBSD-SA-13:13.nullfs"
date = "2013-09-10"
[[advisories]]
name = "FreeBSD-SA-13:12.ifioctl"
date = "2013-09-10"
[[advisories]]
name = "FreeBSD-SA-13:11.sendfile"
date = "2013-09-10"
[[advisories]]
name = "FreeBSD-SA-13:10.sctp"
date = "2013-08-22"
[[advisories]]
name = "FreeBSD-SA-13:09.ip_multicast"
date = "2013-08-22"
[[advisories]]
name = "FreeBSD-SA-13:08.nfsserver"
date = "2013-07-26"
[[advisories]]
name = "FreeBSD-SA-13:07.bind"
date = "2013-07-26"
[[advisories]]
name = "FreeBSD-SA-13:06.mmap"
date = "2013-06-18"
[[advisories]]
name = "FreeBSD-SA-13:05.nfsserver"
date = "2013-04-29"
[[advisories]]
name = "FreeBSD-SA-13:04.bind"
date = "2013-04-02"
[[advisories]]
name = "FreeBSD-SA-13:03.openssl"
date = "2013-04-02"
[[advisories]]
name = "FreeBSD-SA-13:02.libc"
date = "2013-02-19"
[[advisories]]
name = "FreeBSD-SA-13:01.bind"
date = "2013-02-19"
[[advisories]]
name = "FreeBSD-SA-12:08.linux"
date = "2012-11-22"
[[advisories]]
name = "FreeBSD-SA-12:07.hostapd"
date = "2012-11-22"
[[advisories]]
name = "FreeBSD-SA-12:06.bind"
date = "2012-11-22"
[[advisories]]
name = "FreeBSD-SA-12:05.bind"
date = "2012-08-06"
[[advisories]]
name = "FreeBSD-SA-12:04.sysret"
date = "2012-06-12"
[[advisories]]
name = "FreeBSD-SA-12:03.bind"
date = "2012-06-12"
[[advisories]]
name = "FreeBSD-SA-12:02.crypt"
date = "2012-05-30"
[[advisories]]
name = "FreeBSD-SA-12:01.openssl"
date = "2012-05-30"
[[advisories]]
name = "FreeBSD-SA-11:10.pam"
date = "2011-12-23"
[[advisories]]
name = "FreeBSD-SA-11:09.pam_ssh"
date = "2011-12-23"
[[advisories]]
name = "FreeBSD-SA-11:08.telnetd"
date = "2011-12-23"
[[advisories]]
name = "FreeBSD-SA-11:07.chroot"
date = "2011-12-23"
[[advisories]]
name = "FreeBSD-SA-11:06.bind"
date = "2011-12-23"
[[advisories]]
name = "FreeBSD-SA-11:05.unix"
date = "2011-09-28"
[[advisories]]
name = "FreeBSD-SA-11:04.compress"
date = "2011-09-28"
[[advisories]]
name = "FreeBSD-SA-11:03.bind"
date = "2011-09-28"
[[advisories]]
name = "FreeBSD-SA-11:02.bind"
date = "2011-05-28"
[[advisories]]
name = "FreeBSD-SA-11:01.mountd"
date = "2011-04-20"
[[advisories]]
name = "FreeBSD-SA-10:10.openssl"
date = "2010-11-29"
[[advisories]]
name = "FreeBSD-SA-10:09.pseudofs"
date = "2010-11-10"
[[advisories]]
name = "FreeBSD-SA-10:08.bzip2"
date = "2010-09-20"
[[advisories]]
name = "FreeBSD-SA-10:07.mbuf"
date = "2010-07-13"
[[advisories]]
name = "FreeBSD-SA-10:06.nfsclient"
date = "2010-05-27"
[[advisories]]
name = "FreeBSD-SA-10:05.opie"
date = "2010-05-27"
[[advisories]]
name = "FreeBSD-SA-10:04.jail"
date = "2010-05-27"
[[advisories]]
name = "FreeBSD-SA-10:03.zfs"
date = "2010-01-06"
[[advisories]]
name = "FreeBSD-SA-10:02.ntpd"
date = "2010-01-06"
[[advisories]]
name = "FreeBSD-SA-10:01.bind"
date = "2010-01-06"
[[advisories]]
name = "FreeBSD-SA-09:17.freebsd-update"
date = "2009-12-03"
[[advisories]]
name = "FreeBSD-SA-09:16.rtld"
date = "2009-12-03"
[[advisories]]
name = "FreeBSD-SA-09:15.ssl"
date = "2009-12-03"
[[advisories]]
name = "FreeBSD-SA-09:14.devfs"
date = "2009-10-02"
[[advisories]]
name = "FreeBSD-SA-09:13.pipe"
date = "2009-10-02"
[[advisories]]
name = "FreeBSD-SA-09:12.bind"
date = "2009-07-29"
[[advisories]]
name = "FreeBSD-SA-09:11.ntpd"
date = "2009-06-10"
[[advisories]]
name = "FreeBSD-SA-09:10.ipv6"
date = "2009-06-10"
[[advisories]]
name = "FreeBSD-SA-09:09.pipe"
date = "2009-06-10"
[[advisories]]
name = "FreeBSD-SA-09:08.openssl"
date = "2009-04-22"
[[advisories]]
name = "FreeBSD-SA-09:07.libc"
date = "2009-04-22"
[[advisories]]
name = "FreeBSD-SA-09:06.ktimer"
date = "2009-03-23"
[[advisories]]
name = "FreeBSD-SA-09:05.telnetd"
date = "2009-02-16"
[[advisories]]
name = "FreeBSD-SA-09:04.bind"
date = "2009-01-13"
[[advisories]]
name = "FreeBSD-SA-09:03.ntpd"
date = "2009-01-13"
[[advisories]]
name = "FreeBSD-SA-09:02.openssl"
date = "2009-01-07"
[[advisories]]
name = "FreeBSD-SA-09:01.lukemftpd"
date = "2009-01-07"
[[advisories]]
name = "FreeBSD-SA-08:13.protosw"
date = "2008-12-23"
[[advisories]]
name = "FreeBSD-SA-08:12.ftpd"
date = "2008-12-23"
[[advisories]]
name = "FreeBSD-SA-08:11.arc4random"
date = "2008-11-24"
[[advisories]]
name = "FreeBSD-SA-08:10.nd6"
date = "2008-10-02"
[[advisories]]
name = "FreeBSD-SA-08:09.icmp6"
date = "2008-09-03"
[[advisories]]
name = "FreeBSD-SA-08:08.nmount"
date = "2008-09-03"
[[advisories]]
name = "FreeBSD-SA-08:07.amd64"
date = "2008-09-03"
[[advisories]]
name = "FreeBSD-SA-08:06.bind"
date = "2008-07-13"
[[advisories]]
name = "FreeBSD-SA-08:05.openssh"
date = "2008-04-17"
[[advisories]]
name = "FreeBSD-SA-08:04.ipsec"
date = "2008-02-14"
[[advisories]]
name = "FreeBSD-SA-08:03.sendfile"
date = "2008-02-14"
[[advisories]]
name = "FreeBSD-SA-08:02.libc"
date = "2008-01-14"
[[advisories]]
name = "FreeBSD-SA-08:01.pty"
date = "2008-01-14"
[[advisories]]
name = "FreeBSD-SA-07:10.gtar"
date = "2007-11-29"
[[advisories]]
name = "FreeBSD-SA-07:09.random"
date = "2007-11-29"
[[advisories]]
name = "FreeBSD-SA-07:08.openssl"
date = "2007-10-03"
[[advisories]]
name = "FreeBSD-SA-07:07.bind"
date = "2007-08-01"
[[advisories]]
name = "FreeBSD-SA-07:06.tcpdump"
date = "2007-08-01"
[[advisories]]
name = "FreeBSD-SA-07:05.libarchive"
date = "2007-07-12"
[[advisories]]
name = "FreeBSD-SA-07:04.file"
date = "2007-05-23"
[[advisories]]
name = "FreeBSD-SA-07:03.ipv6"
date = "2007-04-26"
[[advisories]]
name = "FreeBSD-SA-07:02.bind"
date = "2007-02-09"
[[advisories]]
name = "FreeBSD-SA-07:01.jail"
date = "2007-01-11"
[[advisories]]
name = "FreeBSD-SA-06:26.gtar"
date = "2006-12-06"
[[advisories]]
name = "FreeBSD-SA-06:25.kmem"
date = "2006-12-06"
[[advisories]]
name = "FreeBSD-SA-06:24.libarchive"
date = "2006-11-08"
[[advisories]]
name = "FreeBSD-SA-06:22.openssh"
date = "2006-09-30"
[[advisories]]
name = "FreeBSD-SA-06:23.openssl"
date = "2006-09-28"
[[advisories]]
name = "FreeBSD-SA-06:21.gzip"
date = "2006-09-19"
[[advisories]]
name = "FreeBSD-SA-06:20.bind"
date = "2006-09-06"
[[advisories]]
name = "FreeBSD-SA-06:19.openssl"
date = "2006-09-06"
[[advisories]]
name = "FreeBSD-SA-06:18.ppp"
date = "2006-08-23"
[[advisories]]
name = "FreeBSD-SA-06:17.sendmail"
date = "2006-06-14"
[[advisories]]
name = "FreeBSD-SA-06:16.smbfs"
date = "2006-05-31"
[[advisories]]
name = "FreeBSD-SA-06:15.ypserv"
date = "2006-05-31"
[[advisories]]
name = "FreeBSD-SA-06:14.fpu"
date = "2006-04-19"
[[advisories]]
name = "FreeBSD-SA-06:13.sendmail"
date = "2006-03-22"
[[advisories]]
name = "FreeBSD-SA-06:12.opie"
date = "2006-03-22"
[[advisories]]
name = "FreeBSD-SA-06:11.ipsec"
date = "2006-03-22"
[[advisories]]
name = "FreeBSD-SA-06:10.nfs"
date = "2006-03-01"
[[advisories]]
name = "FreeBSD-SA-06:09.openssh"
date = "2006-03-01"
[[advisories]]
name = "FreeBSD-SA-06:08.sack"
date = "2006-02-01"
[[advisories]]
name = "FreeBSD-SA-06:07.pf"
date = "2006-01-25"
[[advisories]]
name = "FreeBSD-SA-06:06.kmem"
date = "2006-01-25"
[[advisories]]
name = "FreeBSD-SA-06:05.80211"
date = "2006-01-18"
[[advisories]]
name = "FreeBSD-SA-06:04.ipfw"
date = "2006-01-11"
[[advisories]]
name = "FreeBSD-SA-06:03.cpio"
date = "2006-01-11"
[[advisories]]
name = "FreeBSD-SA-06:02.ee"
date = "2006-01-11"
[[advisories]]
name = "FreeBSD-SA-06:01.texindex"
date = "2006-01-11"
[[advisories]]
name = "FreeBSD-SA-05:21.openssl"
date = "2005-10-11"
[[advisories]]
name = "FreeBSD-SA-05:20.cvsbug"
date = "2005-09-07"
[[advisories]]
name = "FreeBSD-SA-05:19.ipsec"
date = "2005-07-27"
[[advisories]]
name = "FreeBSD-SA-05:18.zlib"
date = "2005-07-27"
[[advisories]]
name = "FreeBSD-SA-05:17.devfs"
date = "2005-07-20"
[[advisories]]
name = "FreeBSD-SA-05:16.zlib"
date = "2005-07-06"
[[advisories]]
name = "FreeBSD-SA-05:15.tcp"
date = "2005-06-29"
[[advisories]]
name = "FreeBSD-SA-05:14.bzip2"
date = "2005-06-29"
[[advisories]]
name = "FreeBSD-SA-05:13.ipfw"
date = "2005-06-29"
[[advisories]]
name = "FreeBSD-SA-05:12.bind9"
date = "2005-06-09"
[[advisories]]
name = "FreeBSD-SA-05:11.gzip"
date = "2005-06-09"
[[advisories]]
name = "FreeBSD-SA-05:10.tcpdump"
date = "2005-06-09"
[[advisories]]
name = "FreeBSD-SA-05:09.htt"
date = "2005-05-13"
[[advisories]]
name = "FreeBSD-SA-05:08.kmem"
date = "2005-05-06"
[[advisories]]
name = "FreeBSD-SA-05:07.ldt"
date = "2005-05-06"
[[advisories]]
name = "FreeBSD-SA-05:06.iir"
date = "2005-05-06"
[[advisories]]
name = "FreeBSD-SA-05:05.cvs"
date = "2005-04-22"
[[advisories]]
name = "FreeBSD-SA-05:04.ifconf"
date = "2005-04-15"
[[advisories]]
name = "FreeBSD-SA-05:03.amd64"
date = "2005-04-06"
[[advisories]]
name = "FreeBSD-SA-05:02.sendfile"
date = "2005-04-04"
[[advisories]]
name = "FreeBSD-SA-05:01.telnet"
date = "2005-03-28"
[[advisories]]
name = "FreeBSD-SA-04:17.procfs"
date = "2004-12-01"
[[advisories]]
name = "FreeBSD-SA-04:16.fetch"
date = "2004-11-18"
[[advisories]]
name = "FreeBSD-SA-04:15.syscons"
date = "2004-10-04"
[[advisories]]
name = "FreeBSD-SA-04:14.cvs"
date = "2004-09-19"
[[advisories]]
name = "FreeBSD-SA-04:13.linux"
date = "2004-06-30"
[[advisories]]
name = "FreeBSD-SA-04:12.jailroute"
date = "2004-06-07"
[[advisories]]
name = "FreeBSD-SA-04:11.msync"
date = "2004-05-19"
[[advisories]]
name = "FreeBSD-SA-04:10.cvs"
date = "2004-05-19"
[[advisories]]
name = "FreeBSD-SA-04:09.kadmind"
date = "2004-05-05"
[[advisories]]
name = "FreeBSD-SA-04:08.heimdal"
date = "2004-05-05"
[[advisories]]
name = "FreeBSD-SA-04:07.cvs"
date = "2004-04-15"
[[advisories]]
name = "FreeBSD-SA-04:06.ipv6"
date = "2004-03-29"
[[advisories]]
name = "FreeBSD-SA-04:05.openssl"
date = "2004-03-17"
[[advisories]]
name = "FreeBSD-SA-04:04.tcp"
date = "2004-03-02"
[[advisories]]
name = "FreeBSD-SA-04:03.jail"
date = "2004-02-25"
[[advisories]]
name = "FreeBSD-SA-04:02.shmat"
date = "2004-02-05"
[[advisories]]
name = "FreeBSD-SA-04:01.mksnap_ffs"
date = "2004-01-30"
[[advisories]]
name = "FreeBSD-SA-03:19.bind"
date = "2003-11-28"
[[advisories]]
name = "FreeBSD-SA-03:15.openssh"
date = "2003-10-05"
[[advisories]]
name = "FreeBSD-SA-03:18.openssl"
date = "2003-10-03"
[[advisories]]
name = "FreeBSD-SA-03:17.procfs"
date = "2003-10-03"
[[advisories]]
name = "FreeBSD-SA-03:16.filedesc"
date = "2003-10-02"
[[advisories]]
name = "FreeBSD-SA-03:14.arp"
date = "2003-09-23"
[[advisories]]
name = "FreeBSD-SA-03:13.sendmail"
date = "2003-09-17"
[[advisories]]
name = "FreeBSD-SA-03:12.openssh"
date = "2003-09-16"
[[advisories]]
name = "FreeBSD-SA-03:11.sendmail"
date = "2003-08-26"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1170"
[[advisories]]
name = "FreeBSD-SA-03:10.ibcs2"
date = "2003-08-10"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1164"
[[advisories]]
name = "FreeBSD-SA-03:09.signal"
date = "2003-08-10"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1163"
[[advisories]]
name = "FreeBSD-SA-03:08.realpath"
date = "2003-08-03"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1158"
[[advisories]]
name = "FreeBSD-SN-03:02"
date = "2003-04-08"
[[advisories]]
name = "FreeBSD-SN-03:01"
date = "2003-04-07"
[[advisories]]
name = "FreeBSD-SA-03:07.sendmail"
date = "2003-03-30"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1122"
[[advisories]]
name = "FreeBSD-SA-03:06.openssl"
date = "2003-03-21"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1118"
[[advisories]]
name = "FreeBSD-SA-03:05.xdr"
date = "2003-03-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1117"
[[advisories]]
name = "FreeBSD-SA-03:04.sendmail"
date = "2003-03-03"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1112"
[[advisories]]
name = "FreeBSD-SA-03:03.syncookies"
date = "2003-02-24"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1106"
[[advisories]]
name = "FreeBSD-SA-03:02.openssl"
date = "2003-02-24"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1105"
[[advisories]]
name = "FreeBSD-SA-03:01.cvs"
date = "2003-02-04"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1100"
[[advisories]]
name = "FreeBSD-SA-02:44.filedesc"
date = "2003-01-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1090"
[[advisories]]
name = "FreeBSD-SA-02:43.bind"
date = "2002-11-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1084"
[[advisories]]
name = "FreeBSD-SA-02:41.smrsh"
date = "2002-11-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1082"
[[advisories]]
name = "FreeBSD-SA-02:42.resolv"
date = "2002-11-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1083"
[[advisories]]
name = "FreeBSD-SA-02:40.kadmind"
date = "2002-11-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1081"
[[advisories]]
name = "FreeBSD-SN-02:06"
date = "2002-10-10"
[[advisories]]
name = "FreeBSD-SA-02:39.libkvm"
date = "2002-09-16"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1051"
[[advisories]]
name = "FreeBSD-SN-02:05"
date = "2002-08-28"
[[advisories]]
name = "FreeBSD-SA-02:38.signed-error"
date = "2002-08-19"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1041"
[[advisories]]
name = "FreeBSD-SA-02:37.kqueue"
date = "2002-08-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1033"
[[advisories]]
name = "FreeBSD-SA-02:36.nfs"
date = "2002-08-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1032"
[[advisories]]
name = "FreeBSD-SA-02:35.ffs"
date = "2002-08-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1031"
[[advisories]]
name = "FreeBSD-SA-02:33.openssl"
date = "2002-08-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1023"
[[advisories]]
name = "FreeBSD-SA-02:34.rpc"
date = "2002-08-01"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1024"
[[advisories]]
name = "FreeBSD-SA-02:32.pppd"
date = "2002-07-31"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1022"
[[advisories]]
name = "FreeBSD-SA-02:31.openssh"
date = "2002-07-15"
[[advisories]]
name = "FreeBSD-SA-02:30.ktrace"
date = "2002-07-12"
[[advisories]]
name = "FreeBSD-SA-02:29.tcpdump"
date = "2002-07-12"
[[advisories]]
name = "FreeBSD-SA-02:28.resolv"
date = "2002-06-26"
[[advisories]]
name = "FreeBSD-SN-02:04"
date = "2002-06-19"
[[advisories]]
name = "FreeBSD-SA-02:27.rc"
date = "2002-05-29"
[[advisories]]
name = "FreeBSD-SA-02:26.accept"
date = "2002-05-29"
[[advisories]]
name = "FreeBSD-SN-02:03"
date = "2002-05-28"
[[advisories]]
name = "FreeBSD-SA-02:25.bzip2"
date = "2002-05-20"
[[advisories]]
name = "FreeBSD-SA-02:24.k5su"
date = "2002-05-20"
[[advisories]]
name = "FreeBSD-SN-02:02"
date = "2002-05-13"
[[advisories]]
name = "FreeBSD-SA-02:23.stdio"
date = "2002-04-22"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1021"
[[advisories]]
name = "FreeBSD-SA-02:22.mmap"
date = "2002-04-18"
[[advisories]]
name = "FreeBSD-SA-02:21.tcpip"
date = "2002-04-17"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/980"
[[advisories]]
name = "FreeBSD-SA-02:20.syncache"
date = "2002-04-16"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/979"
[[advisories]]
name = "FreeBSD-SN-02:01"
date = "2002-03-30"
[[advisories]]
name = "FreeBSD-SA-02:19.squid"
date = "2002-03-26"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/960"
[[advisories]]
name = "FreeBSD-SA-02:18.zlib"
date = "2002-03-18"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/978"
[[advisories]]
name = "FreeBSD-SA-02:17.mod_frontpage"
date = "2002-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/954"
[[advisories]]
name = "FreeBSD-SA-02:16.netscape"
date = "2002-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/953"
[[advisories]]
name = "FreeBSD-SA-02:15.cyrus-sasl"
date = "2002-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/952"
[[advisories]]
name = "FreeBSD-SA-02:14.pam-pgsql"
date = "2002-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/951"
[[advisories]]
name = "FreeBSD-SA-02:13.openssh"
date = "2002-03-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/945"
[[advisories]]
name = "FreeBSD-SA-02:12.squid"
date = "2002-02-21"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/938"
[[advisories]]
name = "FreeBSD-SA-02:11.snmp"
date = "2002-02-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/936"
[[advisories]]
name = "FreeBSD-SA-02:10.rsync"
date = "2002-02-06"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/928"
[[advisories]]
name = "FreeBSD-SA-02:09.fstatfs"
date = "2002-02-06"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/927"
[[advisories]]
name = "FreeBSD-SA-02:08.exec"
date = "2002-01-24"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/923"
[[advisories]]
name = "FreeBSD-SA-02:07.k5su"
date = "2002-01-18"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/912"
[[advisories]]
name = "FreeBSD-SA-02:06.sudo"
date = "2002-01-16"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/909"
[[advisories]]
name = "FreeBSD-SA-02:05.pine"
date = "2002-01-04"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/894"
[[advisories]]
name = "FreeBSD-SA-02:04.mutt"
date = "2002-01-04"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/893"
[[advisories]]
name = "FreeBSD-SA-02:03.mod_auth_pgsql"
date = "2002-01-04"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/892"
[[advisories]]
name = "FreeBSD-SA-02:02.pw"
date = "2002-01-04"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/891"
[[advisories]]
name = "FreeBSD-SA-02:01.pkg_add"
date = "2002-01-04"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/898"
[[advisories]]
name = "FreeBSD-SA-01:64.wu-ftpd"
date = "2001-12-04"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/870"
[[advisories]]
name = "FreeBSD-SA-01:63.openssh"
date = "2001-12-02"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/871"
[[advisories]]
name = "FreeBSD-SA-01:62.uucp"
date = "2001-10-08"
[[advisories]]
name = "FreeBSD-SA-01:61.squid"
date = "2001-10-08"
[[advisories]]
name = "FreeBSD-SA-01:60.procmail"
date = "2001-09-24"
[[advisories]]
name = "FreeBSD-SA-01:59.rmuser"
date = "2001-09-04"
[[advisories]]
name = "FreeBSD-SA-01:58.lpd"
date = "2001-08-30"
[[advisories]]
name = "FreeBSD-SA-01:57.sendmail"
date = "2001-08-27"
[[advisories]]
name = "FreeBSD-SA-01:56.tcp_wrappers"
date = "2001-08-23"
[[advisories]]
name = "FreeBSD-SA-01:55.procfs"
date = "2001-08-21"
[[advisories]]
name = "FreeBSD-SA-01:54.ports-telnetd"
date = "2001-08-20"
[[advisories]]
name = "FreeBSD-SA-01:53.ipfw"
date = "2001-08-17"
[[advisories]]
name = "FreeBSD-SA-01:52.fragment"
date = "2001-08-06"
[[advisories]]
name = "FreeBSD-SA-01:51.openssl"
date = "2001-07-30"
[[advisories]]
name = "FreeBSD-SA-01:50.windowmaker"
date = "2001-07-27"
[[advisories]]
name = "FreeBSD-SA-01:49.telnetd"
date = "2001-07-23"
[[advisories]]
name = "FreeBSD-SA-01:48.tcpdump"
date = "2001-07-17"
[[advisories]]
name = "FreeBSD-SA-01:47.xinetd"
date = "2001-07-10"
[[advisories]]
name = "FreeBSD-SA-01:46.w3m"
date = "2001-07-10"
[[advisories]]
name = "FreeBSD-SA-01:45.samba"
date = "2001-07-10"
[[advisories]]
name = "FreeBSD-SA-01:44.gnupg"
date = "2001-07-10"
[[advisories]]
name = "FreeBSD-SA-01:43.fetchmail"
date = "2001-07-10"
[[advisories]]
name = "FreeBSD-SA-01:42.signal"
date = "2001-07-10"
[[advisories]]
name = "FreeBSD-SA-01:41.hanterm"
date = "2001-07-09"
[[advisories]]
name = "FreeBSD-SA-01:40.fts"
date = "2001-06-04"
[[advisories]]
name = "FreeBSD-SA-01:39.tcp-isn"
date = "2001-05-02"
[[advisories]]
name = "FreeBSD-SA-01:38.sudo"
date = "2001-04-23"
[[advisories]]
name = "FreeBSD-SA-01:37.slrn"
date = "2001-04-23"
[[advisories]]
name = "FreeBSD-SA-01:36.samba"
date = "2001-04-23"
[[advisories]]
name = "FreeBSD-SA-01:35.licq"
date = "2001-04-23"
[[advisories]]
name = "FreeBSD-SA-01:34.hylafax"
date = "2001-04-23"
[[advisories]]
name = "FreeBSD-SA-01:33.ftpd-glob"
date = "2001-04-17"
[[advisories]]
name = "FreeBSD-SA-01:32.ipfilter"
date = "2001-04-16"
[[advisories]]
name = "FreeBSD-SA-01:31.ntpd"
date = "2001-04-06"
[[advisories]]
name = "FreeBSD-SA-01:30.ufs-ext2fs"
date = "2001-03-22"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/738"
[[advisories]]
name = "FreeBSD-SA-01:29.rwhod"
date = "2001-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/732"
[[advisories]]
name = "FreeBSD-SA-01:28.timed"
date = "2001-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/731"
[[advisories]]
name = "FreeBSD-SA-01:27.cfengine"
date = "2001-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/730"
[[advisories]]
name = "FreeBSD-SA-01:26.interbase"
date = "2001-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/729"
[[advisories]]
name = "FreeBSD-SA-01:23.icecast"
date = "2001-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/728"
[[advisories]]
name = "FreeBSD-SA-01:25.kerberosIV"
date = "2001-02-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/716"
[[advisories]]
name = "FreeBSD-SA-01:24.ssh"
date = "2001-02-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/715"
[[advisories]]
name = "FreeBSD-SA-01:22.dc20ctrl"
date = "2001-02-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/714"
[[advisories]]
name = "FreeBSD-SA-01:21.ja-elvis"
date = "2001-02-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/713"
[[advisories]]
name = "FreeBSD-SA-01:20.mars_nwe"
date = "2001-02-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/712"
[[advisories]]
name = "FreeBSD-SA-01:19.ja-klock"
date = "2001-02-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/707"
[[advisories]]
name = "FreeBSD-SA-01:18.bind"
date = "2001-01-31"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/706"
[[advisories]]
name = "FreeBSD-SA-01:17.exmh"
date = "2001-01-29"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/705"
[[advisories]]
name = "FreeBSD-SA-01:16.mysql"
date = "2001-01-29"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/704"
[[advisories]]
name = "FreeBSD-SA-01:15.tinyproxy"
date = "2001-01-29"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/703"
[[advisories]]
name = "FreeBSD-SA-01:14.micq"
date = "2001-01-29"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/702"
[[advisories]]
name = "FreeBSD-SA-01:13.sort"
date = "2001-01-29"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/701"
[[advisories]]
name = "FreeBSD-SA-01:12.periodic"
date = "2001-01-29"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/700"
[[advisories]]
name = "FreeBSD-SA-01:11.inetd"
date = "2001-01-29"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/699"
[[advisories]]
name = "FreeBSD-SA-01:10.bind"
date = "2001-01-23"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/698"
[[advisories]]
name = "FreeBSD-SA-01:09.crontab"
date = "2001-01-23"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/697"
[[advisories]]
name = "FreeBSD-SA-01:08.ipfw"
date = "2001-01-23"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/696"
[[advisories]]
name = "FreeBSD-SA-01:07.xfree86"
date = "2001-01-23"
[[advisories]]
name = "FreeBSD-SA-01:06.zope"
date = "2001-01-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/669"
[[advisories]]
name = "FreeBSD-SA-01:05.stunnel"
date = "2001-01-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/668"
[[advisories]]
name = "FreeBSD-SA-01:04.joe"
date = "2001-01-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/667"
[[advisories]]
name = "FreeBSD-SA-01:03.bash1"
date = "2001-01-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/666"
[[advisories]]
name = "FreeBSD-SA-01:02.syslog-ng"
date = "2001-01-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/665"
[[advisories]]
name = "FreeBSD-SA-01:01.openssh"
date = "2001-01-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/664"
[[advisories]]
name = "FreeBSD-SA-00:81.ethereal"
date = "2000-12-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/651"
[[advisories]]
name = "FreeBSD-SA-00:80.halflifeserver"
date = "2000-12-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/650"
[[advisories]]
name = "FreeBSD-SA-00:79.oops"
date = "2000-12-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/649"
[[advisories]]
name = "FreeBSD-SA-00:78.bitchx"
date = "2000-12-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/648"
[[advisories]]
name = "FreeBSD-SA-00:77.procfs"
date = "2000-12-18"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/647"
[[advisories]]
name = "FreeBSD-SA-00:76.tcsh-csh"
date = "2000-11-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/628"
[[advisories]]
name = "FreeBSD-SA-00:75.php"
date = "2000-11-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/627"
[[advisories]]
name = "FreeBSD-SA-00:74.gaim"
date = "2000-11-20"
[[advisories]]
name = "FreeBSD-SA-00:73.thttpd"
date = "2000-11-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/626"
[[advisories]]
name = "FreeBSD-SA-00:72.curl"
date = "2000-11-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/625"
[[advisories]]
name = "FreeBSD-SA-00:71.mgetty"
date = "2000-11-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/624"
[[advisories]]
name = "FreeBSD-SA-00:70.ppp-nat"
date = "2000-11-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/623"
[[advisories]]
name = "FreeBSD-SA-00:69.telnetd"
date = "2000-11-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/622"
[[advisories]]
name = "FreeBSD-SA-00:68.ncurses"
date = "2000-11-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/621"
[[advisories]]
name = "FreeBSD-SA-00:67.gnupg"
date = "2000-11-10"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/620"
[[advisories]]
name = "FreeBSD-SA-00:66.netscape"
date = "2000-11-06"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/619"
[[advisories]]
name = "FreeBSD-SA-00:65.xfce"
date = "2000-11-06"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/618"
[[advisories]]
name = "FreeBSD-SA-00:64.global"
date = "2000-11-06"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/617"
[[advisories]]
name = "FreeBSD-SA-00:63.getnameinfo"
date = "2000-11-01"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/589"
[[advisories]]
name = "FreeBSD-SA-00:62.top"
date = "2000-11-01"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/616"
[[advisories]]
name = "FreeBSD-SA-00:61.tcpdump"
date = "2000-10-31"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/615"
[[advisories]]
name = "FreeBSD-SA-00:60.boa"
date = "2000-10-30"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/586"
[[advisories]]
name = "FreeBSD-SA-00:59.pine"
date = "2000-10-30"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/585"
[[advisories]]
name = "FreeBSD-SA-00:58.chpass"
date = "2000-10-30"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/584"
[[advisories]]
name = "FreeBSD-SA-00:57.muh"
date = "2000-10-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/570"
[[advisories]]
name = "FreeBSD-SA-00:56.lprng"
date = "2000-10-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/569"
[[advisories]]
name = "FreeBSD-SA-00:55.xpdf"
date = "2000-10-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/568"
[[advisories]]
name = "FreeBSD-SA-00:54.fingerd"
date = "2000-10-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/567"
[[advisories]]
name = "FreeBSD-SA-00:52.tcp-iss"
date = "2000-10-06"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/561"
[[advisories]]
name = "FreeBSD-SA-00:53.catopen"
date = "2000-09-27"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/562"
[[advisories]]
name = "FreeBSD-SA-00:51.mailman"
date = "2000-09-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/550"
[[advisories]]
name = "FreeBSD-SA-00:50.listmanager"
date = "2000-09-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/549"
[[advisories]]
name = "FreeBSD-SA-00:49.eject"
date = "2000-09-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/548"
[[advisories]]
name = "FreeBSD-SA-00:48.xchat"
date = "2000-09-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/547"
[[advisories]]
name = "FreeBSD-SA-00:47.pine"
date = "2000-09-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/546"
[[advisories]]
name = "FreeBSD-SA-00:46.screen"
date = "2000-09-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/545"
[[advisories]]
name = "FreeBSD-SA-00:45.esound"
date = "2000-08-31"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/526"
[[advisories]]
name = "FreeBSD-SA-00:44.xlock"
date = "2000-08-28"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/523"
[[advisories]]
name = "FreeBSD-SA-00:43.brouted"
date = "2000-08-28"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/520"
[[advisories]]
name = "FreeBSD-SA-00:42.linux"
date = "2000-08-28"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/530"
[[advisories]]
name = "FreeBSD-SA-00:41.elf"
date = "2000-08-28"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/527"
[[advisories]]
name = "FreeBSD-SA-00:40.mopd"
date = "2000-08-28"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/521"
[[advisories]]
name = "FreeBSD-SA-00:39.netscape"
date = "2000-08-28"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/528"
[[advisories]]
name = "FreeBSD-SA-00:38.zope"
date = "2000-08-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/525"
[[advisories]]
name = "FreeBSD-SA-00:37.cvsweb"
date = "2000-08-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/524"
[[advisories]]
name = "FreeBSD-SA-00:36.ntop"
date = "2000-08-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/531"
[[advisories]]
name = "FreeBSD-SA-00:35.proftpd"
date = "2000-08-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/522"
[[advisories]]
name = "FreeBSD-SA-00:34.dhclient"
date = "2000-08-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/529"
[[advisories]]
name = "FreeBSD-SA-00:33.kerberosIV"
date = "2000-07-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/488"
[[advisories]]
name = "FreeBSD-SA-00:32.bitchx"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/487"
[[advisories]]
name = "FreeBSD-SA-00:31.canna"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/486"
[[advisories]]
name = "FreeBSD-SA-00:30.openssh"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/485"
[[advisories]]
name = "FreeBSD-SA-00:29.wu-ftpd"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/489"
[[advisories]]
name = "FreeBSD-SA-00:28.majordomo"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/484"
[[advisories]]
name = "FreeBSD-SA-00:27.XFree86-4"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/483"
[[advisories]]
name = "FreeBSD-SA-00:26.popper"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/482"
[[advisories]]
name = "FreeBSD-SA-00:24.libedit"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/481"
[[advisories]]
name = "FreeBSD-SA-00:23.ip-options"
date = "2000-06-19"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/480"
[[advisories]]
name = "FreeBSD-SA-00:25.alpha-random"
date = "2000-06-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/473"
[[advisories]]
name = "FreeBSD-SA-00:22.apsfilter"
date = "2000-06-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/461"
[[advisories]]
name = "FreeBSD-SA-00:21.ssh"
date = "2000-06-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/459"
[[advisories]]
name = "FreeBSD-SA-00:20.krb5"
date = "2000-05-26"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/452"
[[advisories]]
name = "FreeBSD-SA-00:19.semconfig"
date = "2000-05-23"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/451"
[[advisories]]
name = "FreeBSD-SA-00:18.gnapster.knapster"
date = "2000-05-09"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/429"
[[advisories]]
name = "FreeBSD-SA-00:17.libmytinfo"
date = "2000-05-09"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/442"
[[advisories]]
name = "FreeBSD-SA-00:16.golddig"
date = "2000-05-09"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/439"
[[advisories]]
name = "FreeBSD-SA-00:15.imap-uw"
date = "2000-04-24"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/438"
[[advisories]]
name = "FreeBSD-SA-00:14.imap-uw"
date = "2000-04-24"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/441"
[[advisories]]
name = "FreeBSD-SA-00:13.generic-nqs"
date = "2000-04-19"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/437"
[[advisories]]
name = "FreeBSD-SA-00:12.healthd"
date = "2000-04-10"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/436"
[[advisories]]
name = "FreeBSD-SA-00:11.ircii"
date = "2000-04-10"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/440"
[[advisories]]
name = "FreeBSD-SA-00:10.orville-write"
date = "2000-03-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/408"
[[advisories]]
name = "FreeBSD-SA-00:09.mtr"
date = "2000-03-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/408"
[[advisories]]
name = "FreeBSD-SA-00:08.lynx"
date = "2000-03-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/407"
[[advisories]]
name = "FreeBSD-SA-00:07.mh"
date = "2000-03-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/411"
[[advisories]]
name = "FreeBSD-SA-00:06.htdig"
date = "2000-03-01"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/403"
[[advisories]]
name = "FreeBSD-SA-00:05.mysql"
date = "2000-02-28"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/402"
[[advisories]]
name = "FreeBSD-SA-00:04.delegate"
date = "2000-02-19"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/392"
[[advisories]]
name = "FreeBSD-SA-00:03.asmon"
date = "2000-02-19"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/391"
[[advisories]]
name = "FreeBSD-SA-00:02.procfs"
date = "2000-01-24"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/380"
[[advisories]]
name = "FreeBSD-SA-00:01.make"
date = "2000-01-19"
[[advisories]]
name = "FreeBSD-SA-99:06.amd"
date = "1999-09-16"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/318"
[[advisories]]
name = "FreeBSD-SA-99:05.fts"
date = "1999-09-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/313"
[[advisories]]
name = "FreeBSD-SA-99:04.core"
date = "1999-09-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/312"
[[advisories]]
name = "FreeBSD-SA-99:03.ftpd"
date = "1999-09-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/311"
[[advisories]]
name = "FreeBSD-SA-99:02.profil"
date = "1999-09-04"
[[advisories]]
name = "FreeBSD-SA-99:01.chflags"
date = "1999-09-04"
[[advisories]]
name = "FreeBSD-SA-98:08.fragment"
date = "1998-11-04"
[[advisories]]
name = "FreeBSD-SA-98:07.rst"
date = "1998-10-13"
[[advisories]]
name = "FreeBSD-SA-98:06.icmp"
date = "1998-06-10"
[[advisories]]
name = "FreeBSD-SA-98:05.nfs"
date = "1998-06-04"
[[advisories]]
name = "FreeBSD-SA-98:04.mmap"
date = "1998-06-02"
[[advisories]]
name = "FreeBSD-SA-98:03.ttcp"
date = "1998-05-14"
[[advisories]]
name = "FreeBSD-SA-98:02.mmap"
date = "1998-03-12"
[[advisories]]
name = "FreeBSD-SA-97:06.f00f"
date = "1997-12-09"
[[advisories]]
name = "FreeBSD-SA-98:01.land"
date = "1997-12-01"
[[advisories]]
name = "FreeBSD-SA-97:05.open"
date = "1997-10-29"
[[advisories]]
name = "FreeBSD-SA-97:04.procfs"
date = "1997-08-19"
[[advisories]]
name = "FreeBSD-SA-97:03.sysinstall"
date = "1997-04-07"
[[advisories]]
name = "FreeBSD-SA-97:02.lpd"
date = "1997-03-26"
[[advisories]]
name = "FreeBSD-SA-97:01.setlocale"
date = "1997-02-05"
[[advisories]]
name = "FreeBSD-SA-96:21.talkd"
date = "1997-01-18"
[[advisories]]
name = "FreeBSD-SA-96:20.stack-overflow"
date = "1996-12-16"
[[advisories]]
name = "FreeBSD-SA-96:19.modstat"
date = "1996-12-10"
[[advisories]]
name = "FreeBSD-SA-96:18.lpr"
date = "1996-11-25"
[[advisories]]
name = "FreeBSD-SA-96:17.rzsz"
date = "1996-07-16"
[[advisories]]
name = "FreeBSD-SA-96:16.rdist"
date = "1996-07-12"
[[advisories]]
name = "FreeBSD-SA-96:15.ppp"
date = "1996-07-04"
[[advisories]]
name = "FreeBSD-SA-96:12.perl"
date = "1996-06-28"
[[advisories]]
name = "FreeBSD-SA-96:14.ipfw"
date = "1996-06-24"
[[advisories]]
name = "FreeBSD-SA-96:13.comsat"
date = "1996-06-05"
[[advisories]]
name = "FreeBSD-SA-96:11.man"
date = "1996-05-21"
[[advisories]]
name = "FreeBSD-SA-96:10.mount_union"
date = "1996-05-17"
[[advisories]]
name = "FreeBSD-SA-96:09.vfsload"
date = "1996-05-17"
[[advisories]]
name = "FreeBSD-SA-96:02.apache"
date = "1996-04-22"
[[advisories]]
name = "FreeBSD-SA-96:08.syslog"
date = "1996-04-21"
[[advisories]]
name = "FreeBSD-SA-96:01.sliplogin"
date = "1996-04-21"
[[advisories]]
name = "FreeBSD-SA-96:03.sendmail-suggestion"
date = "1996-04-20"
diff --git a/website/static/security/advisories/FreeBSD-SA-26:06.tcp.asc b/website/static/security/advisories/FreeBSD-SA-26:06.tcp.asc
new file mode 100644
index 0000000000..ae57cc80a2
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-SA-26:06.tcp.asc
@@ -0,0 +1,180 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-26:06.tcp Security Advisory
+ The FreeBSD Project
+
+Topic: TCP: remotely exploitable DoS vector (mbuf leak)
+
+Category: core
+Module: tcp
+Announced: 2026-03-26
+Credits: Michael Tuexen (Netflix)
+Affects: FreeBSD 14.x and FreeBSD 15.0
+Corrected: 2026-03-26 01:25:22 UTC (stable/15, 15.0-STABLE)
+ 2026-03-26 01:11:18 UTC (releng/15.0, 15.0-RELEASE-p5)
+ 2026-03-26 01:28:46 UTC (stable/14, 14.4-STABLE)
+ 2026-03-26 01:14:54 UTC (releng/14.4, 14.4-RELEASE-p1)
+ 2026-03-26 01:16:00 UTC (releng/14.3, 14.3-RELEASE-p10)
+CVE Name: CVE-2026-4247
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit .
+
+I. Background
+
+The Transmission Control Protocol (TCP) is a connection oriented transport
+protocol, which can be used as an upper layer of IP.
+
+When unexpected TCP segments are received for an established TCP connection,
+so called "challenge ACK" segments may be sent back in response if certain
+criteria are met.
+
+Challenge ACKs are rate limited to ensure the remote peer does not waste too
+many CPU cycles or outbound bandwidth on the local peer if large numbers of
+unexpected TCP segments are received.
+
+The rate limiting is controlled by the net.inet.tcp.ack_war_timewindow and
+net.inet.tcp.ack_war_cnt sysctls which default to 1000 (milliseconds) and 5
+respectively i.e. challenge ACKs will be sent for the first 5 qualifying TCP
+segments received within a 1s time period and the rest will be ignored.
+
+The handling of challenge ACKs is common code in tcp_subr.c shared among the
+different TCP stacks available in the system. This includes the FreeBSD
+default, RACK and BBR stacks. There are differences in the behaviour of the
+different stacks; e.g. the base FreeBSD stack sends challenge ACKs to a larger
+set of unexpected packets.
+
+II. Problem Description
+
+When a challenge ACK is to be sent tcp_respond() constructs and sends the
+challenge ACK and consumes the mbuf that is passed in. When no challenge ACK
+should be sent the function returns and leaks the mbuf.
+
+III. Impact
+
+If an attacker is either on path with an established TCP connection, or can
+themselves establish a TCP connection, to an affected FreeBSD machine, they
+can easily craft and send packets which meet the challenge ACK criteria and
+cause the FreeBSD host to leak an mbuf for each crafted packet in excess of
+the configured rate limit settings i.e. with default settings, crafted packets
+in excess of the first 5 sent within a 1s period will leak an mbuf.
+
+Technically, off-path attackers can also exploit this problem by guessing the
+IP addresses, TCP port numbers and in some cases the sequence numbers of
+established connections and spoofing packets towards a FreeBSD machine, but
+this is harder to do effectively.
+
+IV. Workaround
+
+The mbuf leak can be mitigated by not rate limiting the sending of challenge
+ACKs. This can be achieved with immediate effect by setting the
+net.inet.tcp.ack_war_timewindow sysctl to 0:
+
+sysctl net.inet.tcp.ack_war_timewindow=0
+
+This mitigation does trade off the leaking of mbufs against additional
+CPU/resource cost associated with responding to all challenge ACK eligible
+packets received for established TCP connections.
+
+To make this change persistent across reboots, add it to /etc/sysctl.conf.
+
+V. Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or release /
+security branch (releng) dated after the correction date and reboot.
+
+Perform one of the following:
+
+1) To update your vulnerable system installed from base system packages:
+
+Systems running a 15.0-RELEASE version of FreeBSD on the amd64 or arm64
+platforms, which were installed using base system packages, can be updated
+via the pkg(8) utility:
+
+# pkg upgrade -r FreeBSD-base
+# shutdown -r +10min "Rebooting for a security update"
+
+2) To update your vulnerable system installed from binary distribution sets:
+
+Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms,
+which were not installed using base system packages, can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for a security update"
+
+3) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/SA-26:06/tcp.patch
+# fetch https://security.FreeBSD.org/patches/SA-26:06/tcp.patch.asc
+# gpg --verify tcp.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+ and reboot the
+system.
+
+VI. Correction details
+
+This issue is corrected as of the corresponding Git commit hash in the
+following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/15/ 1fddb5435315 stable/15-n282699
+releng/15.0/ de9e5d82581e releng/15.0-n281011
+stable/14/ b45e7530ffb9 stable/14-n273839
+releng/14.4/ 44dd8b58394b releng/14.4-n273676
+releng/14.3/ a9cba5321021 releng/14.3-n271476
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmnEkVIACgkQbljekB8A
+Gu/sWRAAtGouQg2M2RuF4+EFK1fpDKyDgBpbx88kH/y2ToHQ/voEwpeC3OOulfQ0
+kM7vluUY2yf/yITXJnX/czqxX4flpC9fsAIZtSjXwI27V+xrvWwz/LTgmBumJjgC
+VI0i66c6ajie8JC6h4Q2yYpF7M2ymYo/rLXXFM+nq/UpOWLEXbEzzDv6hwvwYqJd
+h7pvoNUDWRjbxHykilUQ+KrnEDRz4cdmulil+1aAS1af2WHdROHfOSsVmSY/hQJh
+MPA9dJxESzHAjYhjQrLFoWiuSt1JFOt5k/Y6FI4ix1UElJVEvwF7NEj6VxTW9/UX
+0sWGmKt23ckfBG6fwBjW2e9NVnqIU4NNMbR0vJghtVsi0K4uw4b5/9n2WbfYYHQZ
+eoZ8BiFRdrbRwFgk7NK9UG5r1B0l7O9rJWob0ZUt2/tGYpC7sLz9kOWAptD7JPpE
+XkrK354K0KIBPdoVj7QDsK7njYkvnjxlHwWX148gQ1maEX/zWHD6x5RXS+QShzjL
+kmp/h5Eiz977qHzotXkK7Le/4EnHQlLYO7n8NafoRrCRszPPlLv1/gaEHYYlTU+S
+GMJpvsV9ENd15BhcZRCoLRxwa94D9beDhw89RTgPZ8ItpRO7z1cCfZrNC4aE0x3P
+Q+BVMF18lrU/UB4jDW2/BmoGdZSjJMqxHaDGiHZZewQX/dVP2BU=
+=a5LJ
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-SA-26:07.nvmf.asc b/website/static/security/advisories/FreeBSD-SA-26:07.nvmf.asc
new file mode 100644
index 0000000000..af5c8618bb
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-SA-26:07.nvmf.asc
@@ -0,0 +1,140 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-26:07.nvmf Security Advisory
+ The FreeBSD Project
+
+Topic: Remote denial of service via null pointer dereference
+
+Category: core
+Module: nvmf
+Announced: 2026-03-26
+Credits: Nikolay Denev
+Affects: FreeBSD 15.0
+Corrected: 2026-03-25 01:29:47 UTC (stable/15, 15.0-STABLE)
+ 2026-03-26 01:11:19 UTC (releng/15.0, 15.0-RELEASE-p5)
+CVE Name: CVE-2026-4652
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit .
+
+I. Background
+
+The nvmf driver implements the kernel component of an NVMe over Fabrics
+host.
+
+The CONNECT command is used to create connections (queue pairs) that
+carry NVMe read/write commands over the network. For I/O queues, this
+is commonly referred to as an I/O CONNECT.
+
+II. Problem Description
+
+On a system exposing an NVMe/TCP target, a remote client can trigger
+a kernel panic by sending a CONNECT command for an I/O queue with a
+bogus or stale CNTLID.
+
+III. Impact
+
+An attacker with network access to the NVMe/TCP target can trigger
+an unauthenticated Denial of Service condition on the affected machine.
+
+IV. Workaround
+
+No workaround is available.
+
+V. Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or release /
+security branch (releng) dated after the correction date and reboot.
+
+Perform one of the following:
+
+1) To update your vulnerable system installed from base system packages:
+
+Systems running a 15.0-RELEASE version of FreeBSD on the amd64 or arm64
+platforms, which were installed using base system packages, can be updated
+via the pkg(8) utility:
+
+# pkg upgrade -r FreeBSD-base
+# shutdown -r +10min "Rebooting for a security update"
+
+2) To update your vulnerable system installed from binary distribution sets:
+
+Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms,
+which were not installed using base system packages, can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for a security update"
+
+3) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/SA-26:07/nvmf.patch
+# fetch https://security.FreeBSD.org/patches/SA-26:07/nvmf.patch.asc
+# gpg --verify nvmf.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+ and reboot the
+system.
+
+VI. Correction details
+
+This issue is corrected as of the corresponding Git commit hash in the
+following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/15/ b1d32521747f stable/15-n282694
+releng/15.0/ 48766013063a releng/15.0-n281012
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmnEkV4ACgkQbljekB8A
+Gu/KVBAA0QPwISRLuInGilUGPkO0fjXD5teeufdqHOABQJB+YgvelArfgd0odN4S
+b7OXiDIdUsJsJF5CDFm5FVkAuQe0PnhakuXnxEMrDxpNu+H9zFBWrmCVtflWRay3
+APB3EGqxghhez/pNx+8M/Tf//QZjOmZSsu2C3om7mfv5jGetjRY/3jLkWiMx7ASu
+lVFYue+PRSKf0jl0fjsxjvJMosTtgmM6xkB2cpDF+z6HKK6rtt0YUhw+/v0plLxa
+jBQNIT3MCJ8OJU75LB5K/84iF3c/PTFupZQIMenejPt1FfC55CDKmta88LGUPxRn
+u67tyidS+C7BLMnOn3mlgx3Vst1NxLc5to7KVYr1S3V17na5jglnnE3Av2lE/CMJ
+v9UT7IsLG5AsHusY1iYvkiReLfJgeouOlSJkQoiVfJYuT5G0ERdC+Sp3G9X0q8sp
+2Q/YA0+qt0Fqdc8hn25Qus1pvWSvg+RBUuDDLsWsC9FbUbyjBNB2Og34dmW46t38
+EWoCFHZ0u/PRPZ7YnwpIE6xx6mDOc7XcVtK9fFc6VKjtiP7sDk42W5O2wyAKBcRl
+oTZl56h/g+Kutmnvj1vHAcntX4IbTfXw7S5SVnzPBVD2W6yOKas5R1GBK9O2S4IE
+CU69VbcPD51vJY/mY8w6oefZXLoxHE2WH0eAwz3/NJaFRwtqT1k=
+=l61h
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-SA-26:08.rpcsec_gss.asc b/website/static/security/advisories/FreeBSD-SA-26:08.rpcsec_gss.asc
new file mode 100644
index 0000000000..d312246c4e
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-SA-26:08.rpcsec_gss.asc
@@ -0,0 +1,163 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-26:08.rpcsec_gss Security Advisory
+ The FreeBSD Project
+
+Topic: Remote code execution via RPCSEC_GSS packet validation
+
+Category: core
+Module: rpcsec_gss
+Announced: 2026-03-26
+Credits: Nicholas Carlini using Claude, Anthropic
+Affects: All supported versions of FreeBSD.
+Corrected: 2026-03-26 01:25:23 UTC (stable/15, 15.0-STABLE)
+ 2026-03-26 01:11:20 UTC (releng/15.0, 15.0-RELEASE-p5)
+ 2026-03-26 01:28:47 UTC (stable/14, 14.4-STABLE)
+ 2026-03-26 01:14:55 UTC (releng/14.4, 14.4-RELEASE-p1)
+ 2026-03-26 01:16:01 UTC (releng/14.3, 14.3-RELEASE-p10)
+ 2026-03-26 01:30:12 UTC (stable/13, 13.5-STABLE)
+ 2026-03-26 01:34:10 UTC (releng/13.5, 13.5-RELEASE-p11)
+CVE Name: CVE-2026-4747
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit .
+
+I. Background
+
+Generic Security Services (GSS) is an API which lets applications establish a
+private, authenticated communication channel with a server, such as an NFC
+server.
+
+RPCSEC_GSS is a module which enables the use of GSS with Sun RPC (rpc(3))
+servers. It is implemented in the kernel by the kgssapi.ko kernel module, and
+used by the NFS server to enable Kerberos-based authentication and encryption
+of traffic between the server and clients. In userspace it is implemented by
+the librpcsec_gss library.
+
+II. Problem Description
+
+Each RPCSEC_GSS data packet is validated by a routine which checks a signature
+in the packet. This routine copies a portion of the packet into a stack buffer,
+but fails to ensure that the buffer is sufficiently large, and a malicious
+client can trigger a stack overflow. Notably, this does not require the client
+to authenticate itself first.
+
+III. Impact
+
+As kgssapi.ko's RPCSEC_GSS implementation is vulnerable, remote code execution
+in the kernel is possible by an authenticated user that is able to send packets
+to the kernel's NFS server while kgssapi.ko is loaded into the kernel.
+
+In userspace, applications which have librpcgss_sec loaded and run an RPC server
+are vulnerable to remote code execution from any client able to send it packets.
+We are not aware of any such applications in the FreeBSD base system.
+
+IV. Workaround
+
+No workaround is available. Kernels that do not have kgssapi.ko loaded are not
+vulnerable. In userspace, any daemon linked with librpcgss_sec and running an
+RPC server is vulnerable.
+
+V. Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+Perform one of the following:
+
+1) To update your vulnerable system installed from base system packages:
+
+Systems running a 15.0-RELEASE version of FreeBSD on the amd64 or arm64
+platforms, which were installed using base system packages, can be updated
+via the pkg(8) utility:
+
+# pkg upgrade -r FreeBSD-base
+# shutdown -r +10min "Rebooting for a security update"
+
+2) To update your vulnerable system installed from binary distribution sets:
+
+Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms,
+or the i386 platform on FreeBSD 13, which were not installed using base
+system packages, can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for a security update"
+
+3) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/SA-26:08/rpcsec_gss.patch
+# fetch https://security.FreeBSD.org/patches/SA-26:08/rpcsec_gss.patch.asc
+# gpg --verify rpcsec_gss.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel and the operating system as described in
+ and
+ and reboot the
+system.
+
+VI. Correction details
+
+This issue is corrected as of the corresponding Git commit hash in the
+following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/15/ 1b00fdc1f3cd stable/15-n282700
+releng/15.0/ 4ec1b6213463 releng/15.0-n281013
+stable/14/ e5ed09ffd592 stable/14-n273840
+releng/14.4/ 7ea03a4238e8 releng/14.4-n273677
+releng/14.3/ b6ce88ab9a5f releng/14.3-n271477
+stable/13/ 99ec7f9b9e48 stable/13-n259823
+releng/13.5/ c4f53a1adbd4 releng/13.5-n259207
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmnEkWEACgkQbljekB8A
+Gu/LsA/9EC3I0xFSAJpbHLVpV4dmCpzhMUn5CU3iJhXOsV4hWip6fJvjHmiRcVDC
+luJ/udrLS6izmx4dmZBcEQMSOt2hXK/P/5JgVQCM0f3hXfkLFWGPnA1/wG4hSqjd
+nsbHfExgqs4ToWhgfQDaEwgc5d9FQfnQUTk3noXal1FA6o10+9PAA5nmj74ZGtYC
+6umspzzJNR8+6EaTftY8nb40DMAAyNMTBu3S2KikiuiqLSuMETyGEHS0ceMZzX0C
+D8rWRlaXpNOyVrRPhEuVurF9SB9EghEB1K587Xm0cqpCLT8GsW5FeSkp4VD2Ir0v
+7Ghu693vLbmVwm5pQUNr8cf7uO/kLg6Gce3FWlqYteRN+PeuOkx2DRAChm4QMEK2
+8Xjix/bS3HT6GkRmHCtwS7IU8L1vw/kAt4uvSV5uyEzRbpGKEbrdZOXFUSjPrY3R
+xHAKGosZaZKYJ4rveQOhsS1OoevN7ghhEJJ6PJf1wdYOSwNl41zq8R9LVqos4A+w
+fJmIQwoSMPhT7E+XCjrsOrt5TuBHrv5O7871IFxk00rsgJN3W2vTw4epEwRiWpJm
+mqv40zoarV4L4Gq3P4PAT8VaiWXTo44qyvu9LV+fnEArtlyfYPNLglC7NJKaeI1D
+Ou89dG/+L1GeJlkIVbRj4DUfcpLO0yV1LG/KYvQqr4TCILaddzk=
+=K+Bc
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-SA-26:09.pf.asc b/website/static/security/advisories/FreeBSD-SA-26:09.pf.asc
new file mode 100644
index 0000000000..13cdb6bd52
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-SA-26:09.pf.asc
@@ -0,0 +1,168 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-26:09.pf Security Advisory
+ The FreeBSD Project
+
+Topic: pf silently ignores certain rules
+
+Category: core
+Module: pf
+Announced: 2026-03-25
+Credits: Michael Gmelin
+Affects: FreeBSD 14.x and FreeBSD 15.0
+Corrected: 2026-03-25 07:11:58 UTC (stable/15, 15.0-STABLE)
+ 2026-03-26 01:11:25 UTC (releng/15.0, 15.0-RELEASE-p5)
+ 2026-03-25 09:58:28 UTC (stable/14, 14.4-STABLE)
+ 2026-03-26 01:15:00 UTC (releng/14.4, 14.4-RELEASE-p1)
+ 2026-03-26 01:16:06 UTC (releng/14.3, 14.3-RELEASE-p10)
+CVE Name: CVE-2026-4748
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit .
+
+I. Background
+
+pf is an Internet Protocol packet filter originally written for OpenBSD.
+While loading its configuration, pf hashes rules and silently drops
+duplicates as an optimisation. Only the first rule with the same hash is
+considered.
+
+II. Problem Description
+
+A regression in the way hashes were calculated caused rules containing the
+address range syntax (x.x.x.x - y.y.y.y) that only differ in the address
+range(s) involved to be silently dropped as duplicates. Only the first of
+such rules is actually loaded into pf. Ranges expressed using the
+address[/mask-bits] syntax were not affected.
+
+Some keywords representing actions taken on a packet-matching rule, such as
+'log', 'return tll', or 'dnpipe', may suffer from the same issue. It is
+unlikely that users have such configurations, as these rules would always be
+redundant. The verification described in "IV. Workaround" below will find
+these as well.
+
+III. Impact
+
+Affected rules are silently ignored, which can lead to unexpected behaviour
+including over- and underblocking.
+
+IV. Workaround
+
+Only systems using the pf firewall are affected.
+
+The operator can determine if a specific system is affected by reloading the
+configuration verbosely:
+
+# pfctl -vf /etc/pf.conf | grep already
+
+As a workaround, affected rules can be rewritten, e.g., by
+using tables or multiple rules instead of address ranges.
+Another option is to add labels to rules to make them unique.
+
+V. Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date
+and reboot.
+
+Perform one of the following:
+
+1) To update your vulnerable system installed from base system packages:
+
+Systems running a 15.0-RELEASE version of FreeBSD on the amd64 or arm64
+platforms, which were installed using base system packages, can be updated
+via the pkg(8) utility:
+
+# pkg upgrade -r FreeBSD-base
+# shutdown -r +10min "Rebooting for a security update"
+
+2) To update your vulnerable system installed from binary distribution sets:
+
+Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms,
+or the i386 platform on FreeBSD 13, which were not installed using base
+system packages, can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for a security update"
+
+3) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 15.0]
+# fetch https://security.FreeBSD.org/patches/SA-26:09/pf-15.patch
+# fetch https://security.FreeBSD.org/patches/SA-26:09/pf-15.patch.asc
+# gpg --verify pf-15.patch.asc
+
+[FreeBSD 14.x]
+# fetch https://security.FreeBSD.org/patches/SA-26:09/pf-14.patch
+# fetch https://security.FreeBSD.org/patches/SA-26:09/pf-14.patch.asc
+# gpg --verify pf-14.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+ and reboot the
+system.
+
+VI. Correction details
+
+This issue is corrected as of the corresponding Git commit hash in the
+following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/15/ 4311217a039c stable/15-n282698
+releng/15.0/ d91cf52e31ac releng/15.0-n281017
+stable/14/ e3b801edded9 stable/14-n273835
+releng/14.4/ b6865bca4ba5 releng/14.4-n273681
+releng/14.3/ c03577d99d2d releng/14.3-n271481
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmnEp+AACgkQbljekB8A
+Gu84/Q//cIBdAEmzD04kjglaG1X75rULWJ0fsD26RW89Y3IEvLnUa5yoWV0dKUeW
+wRta0n7cvpkLiuDVqSfasVrkVM0EZ70toWcd0JXTRwaJ+i7IhHMByXjvSwTzhS/d
+OL2uDzjJ1nUyUqangNM+99Mpr3UQOEIMY9Scq5E0NNr/x6NdWXN4psiB/RCSFU64
+abRos56CPkWbfVQLVZ3i2FihGhYQ2JLnqvP9DgCT6xy6MU5uTDWF57sxe4ciYWGw
+4ZRydr/oyTkpthetm9xPFoFkaBiOiGfdTnsOi58f7mcWln+AgiKLzT0KdOd6XkEy
+RH22v4254P4nquDXfBTIJUVyDFd8SVIk7Ol78BzRNdEYOEog6KEI3fTjArFMIiy6
+CLPS92ph3xq4aBWMdxnZ4cvfW7Ktm8Zp9xrXCvdRaUGfl+wawzjfjgw62eXaec4x
+pFxip2jLziZUDAvpzg1ywK0ajJE+RYh7HlT7CG2pTEcCaaIC0rJ7B2eEIaoO48Ho
+Uez92JN54P7xBRLy/rLVfUHz7Td11toAg6wwBTEAQPKssDHh1DQZMLSDKZcGanlt
+waUCybHeaWkMZvoHtLlEJjZ8hL/67Ivz2Huv5KCZ5CtpoEqe5ZHmGGS3iOCiuLvQ
+9k2F3fkJN4w1zpGHE48JJ03FYQA7cTHwEro7TCRzeM6+KnqgAzE=
+=cGmd
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/SA-26:06/tcp.patch b/website/static/security/patches/SA-26:06/tcp.patch
new file mode 100644
index 0000000000..d7be7a9ac7
--- /dev/null
+++ b/website/static/security/patches/SA-26:06/tcp.patch
@@ -0,0 +1,11 @@
+--- sys/netinet/tcp_subr.c.orig
++++ sys/netinet/tcp_subr.c
+@@ -2216,6 +2216,8 @@
+ tcp_respond(tp, mtod(m, void *), th, m, tp->rcv_nxt,
+ tp->snd_nxt, TH_ACK);
+ tp->last_ack_sent = tp->rcv_nxt;
++ } else {
++ m_freem(m);
+ }
+ }
+
diff --git a/website/static/security/patches/SA-26:06/tcp.patch.asc b/website/static/security/patches/SA-26:06/tcp.patch.asc
new file mode 100644
index 0000000000..939ecee86f
--- /dev/null
+++ b/website/static/security/patches/SA-26:06/tcp.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmnEkV0ACgkQbljekB8A
+Gu9xUg//YDZkTuRSscYc6YtrYfnQWBU3clCebVSu3J5gqLhS1xFgW5pDrallSAMY
+0aG2sOPLQdmVjy8fs//AfBqRW/eFPlC0okSVNWSS3Ufv27iZB+didjA+B0//1W3G
+oOHIzKCZhG7UsGjx2pDcebI9TOAlYGy3yslkOuRwMHzOyOyAsX+WHPHzxicxbSZ5
+FCWbhnxnRDaNDeJ2wlKnrm0tZQvpfPhYTc8e311v1vJSfeIzukocMcg9ffddEuYr
+d+kzcv6HuSwz6n7+ZvUSM+wWNnGXWaDCyjLs+fL2H4VZJ5G6+q7ydEe/VwzZHP2b
+E2lVTy4AYRewI9dMbOVcs0as8/ZauYaS8dPEuHsuVJSIqseVHEPuSK9aJ1us/XBv
+ExRm1mb2lUKkSMWClSA55wiEfAzpgQi/EKMYaF6UFni8PRDQnhfB1zcJouctLLaw
+OAgnDgpoNe9IyMrfL+4SdYWSquniGa3GGb4c7mpWZe2CegF1D3RSkv5hbGjstglm
+CgTigeXlpMCBKpoz/fpZdBvIUDoj6PSuyVB5wyTQJkcQW7dkX9ziWb5WHq5s7Wz+
+wOMJQwTiuZLidlsN0BvE2PVj8EY2aa8q9CXpZ4cF9djjMakm+WnaaD69RhV54eFc
+026hUX0wm//aHzqE6BaaiAac5AciDiibczZ3ombhEhlrEMqXHlQ=
+=m/gK
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/SA-26:07/nvmf.patch b/website/static/security/patches/SA-26:07/nvmf.patch
new file mode 100644
index 0000000000..44eaab112a
--- /dev/null
+++ b/website/static/security/patches/SA-26:07/nvmf.patch
@@ -0,0 +1,12 @@
+--- sys/dev/nvmf/controller/nvmft_controller.c
++++ sys/dev/nvmf/controller/nvmft_controller.c
+@@ -227,7 +227,7 @@
+ if (ctrlr == NULL) {
+ mtx_unlock(&np->lock);
+ printf("NVMFT: Nonexistent controller %u for I/O queue %u from %.*s\n",
+- ctrlr->cntlid, qid, (int)sizeof(data->hostnqn),
++ cntlid, qid, (int)sizeof(data->hostnqn),
+ data->hostnqn);
+ nvmft_connect_invalid_parameters(qp, cmd, true,
+ offsetof(struct nvmf_fabric_connect_data, cntlid));
+
diff --git a/website/static/security/patches/SA-26:07/nvmf.patch.asc b/website/static/security/patches/SA-26:07/nvmf.patch.asc
new file mode 100644
index 0000000000..103fbf5f74
--- /dev/null
+++ b/website/static/security/patches/SA-26:07/nvmf.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmnEkV8ACgkQbljekB8A
+Gu+Yng/8DOZPbBhwa1imzjIUyXE6l26nF6/yOqK3P1HaQ8h6XNTCDaqmmoRfMhlX
+EPrMNyST0eN7XEoD6DdEinQyt69h9QphbF3F85yxIzepm6b2C+vKgRCJ3WCH2tRT
+twm3KMmLiNw6n22nIv8cJSRvzfF6pYOnTUeu89SD1pONhb+AaWDYAe31xfHdFymd
+1rCr7fLOMlkHuhMkGGrQFdWCtuAeFUXfkGYmuyb523WdIQKzSNWO6FWZ3F7uAXbq
+dYXG95+Xd88L1C9G1uDE3jfnv4oB9wbf2I+raNQPbGH23TSyuvEJnLcsXLR+3uL+
+tT3RWfNJz+dOWkj0gqF9xK3DKlJxIzgPopzYG7ILqrfJ0syjwot6huDmDSe2az4K
+EyFmnHa1qmfAOC15bzsKZVMsxRFcv1U2s7gtQ+vzIZyfU1hZnaNkuwTOgSfkHgIm
+4592ctZbKxGIfH/ezm55HyfexB+2KsuDOm6TWj+EIEDRiPhuxWdPCpop4jN2gUnM
+EujBoDaw1Z9NPobT65A6WDR3g33wb9HpYJLkG3+scujeY5eOM7dGeP5mHNLNiubZ
+lDDCEZJ9Rt7rG+bVSxXObIJx2+GTHaWC9VPa7TgidlzQDF/+HbK9m8Bl66sewe7B
+MuFzLe6c8JrjTyZoCNG9+5K3ScsCQO+YBaT6G+Bb6wwOCtFMorU=
+=VSzB
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/SA-26:08/rpcsec_gss.patch b/website/static/security/patches/SA-26:08/rpcsec_gss.patch
new file mode 100644
index 0000000000..82896df793
--- /dev/null
+++ b/website/static/security/patches/SA-26:08/rpcsec_gss.patch
@@ -0,0 +1,51 @@
+--- lib/librpcsec_gss/svc_rpcsec_gss.c.orig
++++ lib/librpcsec_gss/svc_rpcsec_gss.c
+@@ -758,6 +758,14 @@
+
+ memset(rpchdr, 0, sizeof(rpchdr));
+
++ oa = &msg->rm_call.cb_cred;
++
++ if (oa->oa_length > sizeof(rpchdr) - 8 * BYTES_PER_XDR_UNIT) {
++ log_debug("auth length %d exceeds maximum", oa->oa_length);
++ client->cl_state = CLIENT_STALE;
++ return (FALSE);
++ }
++
+ /* Reconstruct RPC header for signing (from xdr_callmsg). */
+ buf = rpchdr;
+ IXDR_PUT_LONG(buf, msg->rm_xid);
+@@ -766,7 +774,6 @@
+ IXDR_PUT_LONG(buf, msg->rm_call.cb_prog);
+ IXDR_PUT_LONG(buf, msg->rm_call.cb_vers);
+ IXDR_PUT_LONG(buf, msg->rm_call.cb_proc);
+- oa = &msg->rm_call.cb_cred;
+ IXDR_PUT_ENUM(buf, oa->oa_flavor);
+ IXDR_PUT_LONG(buf, oa->oa_length);
+ if (oa->oa_length) {
+--- sys/rpc/rpcsec_gss/svc_rpcsec_gss.c.orig
++++ sys/rpc/rpcsec_gss/svc_rpcsec_gss.c
+@@ -1170,6 +1170,15 @@
+
+ memset(rpchdr, 0, sizeof(rpchdr));
+
++ oa = &msg->rm_call.cb_cred;
++
++ if (oa->oa_length > sizeof(rpchdr) - 8 * BYTES_PER_XDR_UNIT) {
++ rpc_gss_log_debug("auth length %d exceeds maximum",
++ oa->oa_length);
++ client->cl_state = CLIENT_STALE;
++ return (FALSE);
++ }
++
+ /* Reconstruct RPC header for signing (from xdr_callmsg). */
+ buf = rpchdr;
+ IXDR_PUT_LONG(buf, msg->rm_xid);
+@@ -1178,7 +1187,6 @@
+ IXDR_PUT_LONG(buf, msg->rm_call.cb_prog);
+ IXDR_PUT_LONG(buf, msg->rm_call.cb_vers);
+ IXDR_PUT_LONG(buf, msg->rm_call.cb_proc);
+- oa = &msg->rm_call.cb_cred;
+ IXDR_PUT_ENUM(buf, oa->oa_flavor);
+ IXDR_PUT_LONG(buf, oa->oa_length);
+ if (oa->oa_length) {
diff --git a/website/static/security/patches/SA-26:08/rpcsec_gss.patch.asc b/website/static/security/patches/SA-26:08/rpcsec_gss.patch.asc
new file mode 100644
index 0000000000..b88ebb8529
--- /dev/null
+++ b/website/static/security/patches/SA-26:08/rpcsec_gss.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmnEkWIACgkQbljekB8A
+Gu/muQ/+IwXcDjdBY49Xf396/tRJeRNsAiAnCZMOJuUxLfRiZM78Z46LkM6FsHoI
+D8BuUJK72nJAX/Cy6vzsr88IZhRZwob/McsN15+37akVZdq2u6mZOHWBiVORBVIS
+LTaklgxBjleR2JRYdK8Wz11TLBWIFtDgY+Po/9xWFr4pOF1brWDaIRMJVeP3nf4i
+MvAewSBxQGyT9fkWEgU6WXQQpsO7Nahv9R4NG/YnFhElsB2NsgVdYoweOkQxJNPY
+1N2mMsKadlnfQvSpgdGhmXSBB6pNpK6XXCbYYU2DvjVxKGjHbVJEyRnSZZo7uZ8A
+/ZW7u5SMwW1cPIcqgHfkzLxyIFCTKoH2fuiFoo8Gc7f7gDhCyUJ1xZ7ytFm4bLvV
+pwLLOleeg3a5LDouA1PbBxN9Y4P/ud0xaQfmfcQsKGzzETiYyHMPM9GvDVx0cTDE
++jvngAhiHn4pcsKOBHPNkxwfkLovFTNAlOqpm+Wa5A9eUZxFO8KYUnnAsEHGIAue
+Lvd35kAPgcF5tt0jhAAJr3BQXtHiTue6QqpP9tKPjyYf3o0M/LZMzEqJk4YlJKz/
+rmlTaaDNQjzx8geV5pPCZcOC5CvjdOILXrv343qozJTRksWp3NuuyLYMBUWcXire
+nMbH+q85rGlAah9KHmJhQcpka4vaRRlOkHAkV2IUEN0Qoy1inUg=
+=R9iR
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/SA-26:09/pf-14.patch b/website/static/security/patches/SA-26:09/pf-14.patch
new file mode 100644
index 0000000000..477dde061e
--- /dev/null
+++ b/website/static/security/patches/SA-26:09/pf-14.patch
@@ -0,0 +1,212 @@
+--- sbin/pfctl/pfctl.c.orig
++++ sbin/pfctl/pfctl.c
+@@ -2043,13 +2043,13 @@
+ }
+ }
+
+- if (pf->opts & PF_OPT_VERBOSE) {
++ if (pf->opts & PF_OPT_VERBOSE || was_present) {
+ INDENT(depth, !(pf->opts & PF_OPT_VERBOSE2));
+ print_rule(r, name,
+ pf->opts & PF_OPT_VERBOSE2,
+ pf->opts & PF_OPT_NUMERIC);
+ if (was_present)
+- printf(" -- rule was already present");
++ printf(" -- rule was already present\n");
+ }
+ path[len] = '\0';
+ pfctl_clear_pool(&r->rpool);
+--- sys/netpfil/pf/pf_ioctl.c.orig
++++ sys/netpfil/pf/pf_ioctl.c
+@@ -1264,10 +1264,17 @@
+ PF_MD5_UPD(pfr, addr.v.tblname);
+ break;
+ case PF_ADDR_ADDRMASK:
++ case PF_ADDR_RANGE:
+ /* XXX ignore af? */
+ PF_MD5_UPD(pfr, addr.v.a.addr.addr32);
+ PF_MD5_UPD(pfr, addr.v.a.mask.addr32);
+ break;
++ case PF_ADDR_NOROUTE:
++ case PF_ADDR_URPFFAILED:
++ /* These do not use any address data. */
++ break;
++ default:
++ panic("Unknown address type %d", pfr->addr.type);
+ }
+
+ PF_MD5_UPD(pfr, port[0]);
+@@ -1276,6 +1283,28 @@
+ PF_MD5_UPD(pfr, port_op);
+ }
+
++static void
++pf_hash_pool(MD5_CTX *ctx, struct pf_kpool *pool)
++{
++ uint16_t x;
++ int y;
++
++ if (pool->cur) {
++ PF_MD5_UPD(pool, cur->addr);
++ PF_MD5_UPD_STR(pool, cur->ifname);
++ }
++ PF_MD5_UPD(pool, key);
++ PF_MD5_UPD(pool, counter);
++
++ PF_MD5_UPD(pool, mape.offset);
++ PF_MD5_UPD(pool, mape.psidlen);
++ PF_MD5_UPD_HTONS(pool, mape.psid, x);
++ PF_MD5_UPD_HTONL(pool, tblidx, y);
++ PF_MD5_UPD_HTONS(pool, proxy_port[0], x);
++ PF_MD5_UPD_HTONS(pool, proxy_port[1], x);
++ PF_MD5_UPD(pool, opts);
++}
++
+ static void
+ pf_hash_rule_rolling(MD5_CTX *ctx, struct pf_krule *rule)
+ {
+@@ -1286,37 +1315,84 @@
+ pf_hash_rule_addr(ctx, &rule->dst);
+ for (int i = 0; i < PF_RULE_MAX_LABEL_COUNT; i++)
+ PF_MD5_UPD_STR(rule, label[i]);
++ PF_MD5_UPD_HTONL(rule, ridentifier, y);
+ PF_MD5_UPD_STR(rule, ifname);
++ PF_MD5_UPD_STR(rule, qname);
++ PF_MD5_UPD_STR(rule, pqname);
++ PF_MD5_UPD_STR(rule, tagname);
+ PF_MD5_UPD_STR(rule, match_tagname);
+- PF_MD5_UPD_HTONS(rule, match_tag, x); /* dup? */
++
++ PF_MD5_UPD_STR(rule, overload_tblname);
++
++ pf_hash_pool(ctx, &rule->rpool);
++
+ PF_MD5_UPD_HTONL(rule, os_fingerprint, y);
++
++ PF_MD5_UPD_HTONL(rule, rtableid, y);
++ for (int i = 0; i < PFTM_MAX; i++)
++ PF_MD5_UPD_HTONL(rule, timeout[i], y);
++ PF_MD5_UPD_HTONL(rule, max_states, y);
++ PF_MD5_UPD_HTONL(rule, max_src_nodes, y);
++ PF_MD5_UPD_HTONL(rule, max_src_states, y);
++ PF_MD5_UPD_HTONL(rule, max_src_conn, y);
++ PF_MD5_UPD_HTONL(rule, max_src_conn_rate.limit, y);
++ PF_MD5_UPD_HTONL(rule, max_src_conn_rate.seconds, y);
++ PF_MD5_UPD_HTONS(rule, qid, x);
++ PF_MD5_UPD_HTONS(rule, pqid, x);
++ PF_MD5_UPD_HTONS(rule, dnpipe, x);
++ PF_MD5_UPD_HTONS(rule, dnrpipe, x);
++ PF_MD5_UPD_HTONL(rule, free_flags, y);
+ PF_MD5_UPD_HTONL(rule, prob, y);
++
++ PF_MD5_UPD_HTONS(rule, return_icmp, x);
++ PF_MD5_UPD_HTONS(rule, return_icmp6, x);
++ PF_MD5_UPD_HTONS(rule, max_mss, x);
++ PF_MD5_UPD_HTONS(rule, tag, x); /* dup? */
++ PF_MD5_UPD_HTONS(rule, match_tag, x); /* dup? */
++ PF_MD5_UPD_HTONS(rule, scrub_flags, x);
++
++ PF_MD5_UPD(rule, uid.op);
+ PF_MD5_UPD_HTONL(rule, uid.uid[0], y);
+ PF_MD5_UPD_HTONL(rule, uid.uid[1], y);
+- PF_MD5_UPD(rule, uid.op);
++ PF_MD5_UPD(rule, gid.op);
+ PF_MD5_UPD_HTONL(rule, gid.gid[0], y);
+ PF_MD5_UPD_HTONL(rule, gid.gid[1], y);
+- PF_MD5_UPD(rule, gid.op);
++
+ PF_MD5_UPD_HTONL(rule, rule_flag, y);
++ PF_MD5_UPD_HTONL(rule, rule_ref, y);
+ PF_MD5_UPD(rule, action);
+ PF_MD5_UPD(rule, direction);
+- PF_MD5_UPD(rule, af);
++ PF_MD5_UPD(rule, log);
++ PF_MD5_UPD(rule, logif);
+ PF_MD5_UPD(rule, quick);
+ PF_MD5_UPD(rule, ifnot);
+ PF_MD5_UPD(rule, match_tag_not);
+ PF_MD5_UPD(rule, natpass);
++
+ PF_MD5_UPD(rule, keep_state);
++ PF_MD5_UPD(rule, af);
+ PF_MD5_UPD(rule, proto);
+- PF_MD5_UPD(rule, type);
+- PF_MD5_UPD(rule, code);
++ PF_MD5_UPD_HTONS(rule, type, x);
++ PF_MD5_UPD_HTONS(rule, code, x);
+ PF_MD5_UPD(rule, flags);
+ PF_MD5_UPD(rule, flagset);
++ PF_MD5_UPD(rule, min_ttl);
+ PF_MD5_UPD(rule, allow_opts);
+ PF_MD5_UPD(rule, rt);
++ PF_MD5_UPD(rule, return_ttl);
+ PF_MD5_UPD(rule, tos);
+- PF_MD5_UPD(rule, scrub_flags);
+- PF_MD5_UPD(rule, min_ttl);
+ PF_MD5_UPD(rule, set_tos);
++ PF_MD5_UPD(rule, anchor_relative);
++ PF_MD5_UPD(rule, anchor_wildcard);
++
++ PF_MD5_UPD(rule, flush);
++ PF_MD5_UPD(rule, prio);
++ PF_MD5_UPD(rule, set_prio[0]);
++ PF_MD5_UPD(rule, set_prio[1]);
++
++ PF_MD5_UPD(rule, divert.addr);
++ PF_MD5_UPD_HTONS(rule, divert.port, x);
++
+ if (rule->anchor != NULL)
+ PF_MD5_UPD_STR(rule, anchor->path);
+ }
+--- tests/sys/netpfil/pf/pass_block.sh.orig
++++ tests/sys/netpfil/pf/pass_block.sh
+@@ -255,6 +255,43 @@
+ pft_cleanup
+ }
+
++atf_test_case "addr_range" "cleanup"
++addr_range_head()
++{
++ atf_set descr 'Test rulesets with multiple address ranges'
++ atf_set require.user root
++}
++
++addr_range_body()
++{
++ pft_init
++
++ epair=$(vnet_mkepair)
++ ifconfig ${epair}b 192.0.2.2/24 up
++
++ vnet_mkjail alcatraz ${epair}a
++ jexec alcatraz ifconfig ${epair}a 192.0.2.1/24 up
++
++ # Sanity check
++ atf_check -s exit:0 -o ignore ping -c 1 -t 1 192.0.2.1
++
++ jexec alcatraz pfctl -e
++ pft_set_rules alcatraz \
++ "block" \
++ "pass inet from any to 10.100.100.1 - 10.100.100.20" \
++ "pass inet from any to 192.0.2.1 - 192.0.2.10"
++
++jexec alcatraz pfctl -sr -vv
++
++ atf_check -s exit:0 -o ignore ping -c 1 -t 1 192.0.2.1
++jexec alcatraz pfctl -sr -vv
++}
++
++addr_range_cleanup()
++{
++ pft_cleanup
++}
++
+ atf_init_test_cases()
+ {
+ atf_add_test_case "v4"
+@@ -262,4 +299,5 @@
+ atf_add_test_case "noalias"
+ atf_add_test_case "nested_inline"
+ atf_add_test_case "urpf"
++ atf_add_test_case "addr_range"
+ }
diff --git a/website/static/security/patches/SA-26:09/pf-14.patch.asc b/website/static/security/patches/SA-26:09/pf-14.patch.asc
new file mode 100644
index 0000000000..0b572eee3e
--- /dev/null
+++ b/website/static/security/patches/SA-26:09/pf-14.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmnEp+wACgkQbljekB8A
+Gu/hhhAAh86LN5+Snpm3MlfMChSdRAmsl2dqGgpYlPIoBg5v3CDV1N5L7w4UT62D
+G70vLkObvtnA4fVw2X962KVonBuvDuCDn/hj2vG0bJxKrtSTaK28B5LutnEnygfv
+z9ZIQNUSsT3E1sDzWWv+C0OFKQ+6enjVt7NfuASq8h0vfVq0oDA71Uab2xhMIfAG
+TKdC2+aQSGVO2Odenib55Slqi1F51SB1gw+ANLAg7t9+HxC5pQjJO5l08T9TuOvj
+FtqjY2qRno7nAC4tJNakSFGAAyVppaHCRjHiCwRjY2BUnjORDZLjUNuw6IVnYvVm
+REoeZg4fnP5vPURw7BpDxXejL+uiO/lFiL0kEXHktn6uUdw54t5dI0ssLGui4S94
+NIIxmn7c0rh+TMAyFGwjOFJODQbyWNmjuWnRaR5IOnys7nO0u58evZhl68dDhjrc
+w4Z1aAKSGx0P6VY22/+cnZA2bPwDdcalyCzpy8TIKjYYkXL8Y38F8erPRSl3Sm+C
+JA2NrRO6/dZanUHQHTjU0a5OE4mEfKUyPpSsm/QjG2x3ZX9yr96P6jIaVwrHUWnA
+9B40ztgAPAPXRMT9p4MOm+e2lpCzwoFP4XJab325i9eB4BIkcjndUTqQJGApU7SH
+T/xhFPomYbOv4Scou/41qPnXvrym2Q4XpW/il4JOsqKL7c4ClXk=
+=n+h+
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/SA-26:09/pf-15.patch b/website/static/security/patches/SA-26:09/pf-15.patch
new file mode 100644
index 0000000000..19e6cad8c3
--- /dev/null
+++ b/website/static/security/patches/SA-26:09/pf-15.patch
@@ -0,0 +1,224 @@
+--- sbin/pfctl/pfctl.c.orig
++++ sbin/pfctl/pfctl.c
+@@ -2189,13 +2189,13 @@
+ }
+ }
+
+- if (pf->opts & PF_OPT_VERBOSE) {
++ if (pf->opts & PF_OPT_VERBOSE || was_present) {
+ INDENT(depth, !(pf->opts & PF_OPT_VERBOSE2));
+ print_rule(r, name,
+ pf->opts & PF_OPT_VERBOSE2,
+ pf->opts & PF_OPT_NUMERIC);
+ if (was_present)
+- printf(" -- rule was already present");
++ printf(" -- rule was already present\n");
+ }
+ path[len] = '\0';
+ pfctl_clear_pool(&r->rdr);
+--- sys/netpfil/pf/pf_ioctl.c.orig
++++ sys/netpfil/pf/pf_ioctl.c
+@@ -1350,10 +1350,18 @@
+ PF_MD5_UPD(pfr, addr.v.tblname);
+ break;
+ case PF_ADDR_ADDRMASK:
++ case PF_ADDR_RANGE:
+ /* XXX ignore af? */
+ PF_MD5_UPD(pfr, addr.v.a.addr.addr32);
+ PF_MD5_UPD(pfr, addr.v.a.mask.addr32);
+ break;
++ case PF_ADDR_NONE:
++ case PF_ADDR_NOROUTE:
++ case PF_ADDR_URPFFAILED:
++ /* These do not use any address data. */
++ break;
++ default:
++ panic("Unknown address type %d", pfr->addr.type);
+ }
+
+ PF_MD5_UPD(pfr, port[0]);
+@@ -1362,6 +1370,30 @@
+ PF_MD5_UPD(pfr, port_op);
+ }
+
++static void
++pf_hash_pool(MD5_CTX *ctx, struct pf_kpool *pool)
++{
++ uint16_t x;
++ int y;
++
++ if (pool->cur) {
++ PF_MD5_UPD(pool, cur->addr);
++ PF_MD5_UPD_STR(pool, cur->ifname);
++ PF_MD5_UPD(pool, cur->af);
++ }
++ PF_MD5_UPD(pool, key);
++ PF_MD5_UPD(pool, counter);
++
++ PF_MD5_UPD(pool, mape.offset);
++ PF_MD5_UPD(pool, mape.psidlen);
++ PF_MD5_UPD_HTONS(pool, mape.psid, x);
++ PF_MD5_UPD_HTONL(pool, tblidx, y);
++ PF_MD5_UPD_HTONS(pool, proxy_port[0], x);
++ PF_MD5_UPD_HTONS(pool, proxy_port[1], x);
++ PF_MD5_UPD(pool, opts);
++ PF_MD5_UPD(pool, ipv6_nexthop_af);
++}
++
+ static void
+ pf_hash_rule_rolling(MD5_CTX *ctx, struct pf_krule *rule)
+ {
+@@ -1372,39 +1404,92 @@
+ pf_hash_rule_addr(ctx, &rule->dst);
+ for (int i = 0; i < PF_RULE_MAX_LABEL_COUNT; i++)
+ PF_MD5_UPD_STR(rule, label[i]);
++ PF_MD5_UPD_HTONL(rule, ridentifier, y);
+ PF_MD5_UPD_STR(rule, ifname);
+ PF_MD5_UPD_STR(rule, rcv_ifname);
++ PF_MD5_UPD_STR(rule, qname);
++ PF_MD5_UPD_STR(rule, pqname);
++ PF_MD5_UPD_STR(rule, tagname);
+ PF_MD5_UPD_STR(rule, match_tagname);
+- PF_MD5_UPD_HTONS(rule, match_tag, x); /* dup? */
++
++ PF_MD5_UPD_STR(rule, overload_tblname);
++
++ pf_hash_pool(ctx, &rule->nat);
++ pf_hash_pool(ctx, &rule->rdr);
++ pf_hash_pool(ctx, &rule->route);
++ PF_MD5_UPD_HTONL(rule, pktrate.limit, y);
++ PF_MD5_UPD_HTONL(rule, pktrate.seconds, y);
++
+ PF_MD5_UPD_HTONL(rule, os_fingerprint, y);
++
++ PF_MD5_UPD_HTONL(rule, rtableid, y);
++ for (int i = 0; i < PFTM_MAX; i++)
++ PF_MD5_UPD_HTONL(rule, timeout[i], y);
++ PF_MD5_UPD_HTONL(rule, max_states, y);
++ PF_MD5_UPD_HTONL(rule, max_src_nodes, y);
++ PF_MD5_UPD_HTONL(rule, max_src_states, y);
++ PF_MD5_UPD_HTONL(rule, max_src_conn, y);
++ PF_MD5_UPD_HTONL(rule, max_src_conn_rate.limit, y);
++ PF_MD5_UPD_HTONL(rule, max_src_conn_rate.seconds, y);
++ PF_MD5_UPD_HTONS(rule, max_pkt_size, y);
++ PF_MD5_UPD_HTONS(rule, qid, x);
++ PF_MD5_UPD_HTONS(rule, pqid, x);
++ PF_MD5_UPD_HTONS(rule, dnpipe, x);
++ PF_MD5_UPD_HTONS(rule, dnrpipe, x);
++ PF_MD5_UPD_HTONL(rule, free_flags, y);
+ PF_MD5_UPD_HTONL(rule, prob, y);
++
++ PF_MD5_UPD_HTONS(rule, return_icmp, x);
++ PF_MD5_UPD_HTONS(rule, return_icmp6, x);
++ PF_MD5_UPD_HTONS(rule, max_mss, x);
++ PF_MD5_UPD_HTONS(rule, tag, x); /* dup? */
++ PF_MD5_UPD_HTONS(rule, match_tag, x); /* dup? */
++ PF_MD5_UPD_HTONS(rule, scrub_flags, x);
++
++ PF_MD5_UPD(rule, uid.op);
+ PF_MD5_UPD_HTONL(rule, uid.uid[0], y);
+ PF_MD5_UPD_HTONL(rule, uid.uid[1], y);
+- PF_MD5_UPD(rule, uid.op);
++ PF_MD5_UPD(rule, gid.op);
+ PF_MD5_UPD_HTONL(rule, gid.gid[0], y);
+ PF_MD5_UPD_HTONL(rule, gid.gid[1], y);
+- PF_MD5_UPD(rule, gid.op);
++
+ PF_MD5_UPD_HTONL(rule, rule_flag, y);
++ PF_MD5_UPD_HTONL(rule, rule_ref, y);
+ PF_MD5_UPD(rule, action);
+ PF_MD5_UPD(rule, direction);
+- PF_MD5_UPD(rule, af);
++ PF_MD5_UPD(rule, log);
++ PF_MD5_UPD(rule, logif);
+ PF_MD5_UPD(rule, quick);
+ PF_MD5_UPD(rule, ifnot);
+- PF_MD5_UPD(rule, rcvifnot);
+ PF_MD5_UPD(rule, match_tag_not);
+ PF_MD5_UPD(rule, natpass);
++
+ PF_MD5_UPD(rule, keep_state);
++ PF_MD5_UPD(rule, af);
+ PF_MD5_UPD(rule, proto);
+- PF_MD5_UPD(rule, type);
+- PF_MD5_UPD(rule, code);
++ PF_MD5_UPD_HTONS(rule, type, x);
++ PF_MD5_UPD_HTONS(rule, code, x);
+ PF_MD5_UPD(rule, flags);
+ PF_MD5_UPD(rule, flagset);
++ PF_MD5_UPD(rule, min_ttl);
+ PF_MD5_UPD(rule, allow_opts);
+ PF_MD5_UPD(rule, rt);
++ PF_MD5_UPD(rule, return_ttl);
+ PF_MD5_UPD(rule, tos);
+- PF_MD5_UPD(rule, scrub_flags);
+- PF_MD5_UPD(rule, min_ttl);
+ PF_MD5_UPD(rule, set_tos);
++ PF_MD5_UPD(rule, anchor_relative);
++ PF_MD5_UPD(rule, anchor_wildcard);
++
++ PF_MD5_UPD(rule, flush);
++ PF_MD5_UPD(rule, prio);
++ PF_MD5_UPD(rule, set_prio[0]);
++ PF_MD5_UPD(rule, set_prio[1]);
++ PF_MD5_UPD(rule, naf);
++ PF_MD5_UPD(rule, rcvifnot);
++
++ PF_MD5_UPD(rule, divert.addr);
++ PF_MD5_UPD_HTONS(rule, divert.port, x);
++
+ if (rule->anchor != NULL)
+ PF_MD5_UPD_STR(rule, anchor->path);
+ }
+--- tests/sys/netpfil/pf/pass_block.sh.orig
++++ tests/sys/netpfil/pf/pass_block.sh
+@@ -451,6 +451,43 @@
+ pft_cleanup
+ }
+
++atf_test_case "addr_range" "cleanup"
++addr_range_head()
++{
++ atf_set descr 'Test rulesets with multiple address ranges'
++ atf_set require.user root
++}
++
++addr_range_body()
++{
++ pft_init
++
++ epair=$(vnet_mkepair)
++ ifconfig ${epair}b 192.0.2.2/24 up
++
++ vnet_mkjail alcatraz ${epair}a
++ jexec alcatraz ifconfig ${epair}a 192.0.2.1/24 up
++
++ # Sanity check
++ atf_check -s exit:0 -o ignore ping -c 1 -t 1 192.0.2.1
++
++ jexec alcatraz pfctl -e
++ pft_set_rules alcatraz \
++ "block" \
++ "pass inet from any to 10.100.100.1 - 10.100.100.20" \
++ "pass inet from any to 192.0.2.1 - 192.0.2.10"
++
++jexec alcatraz pfctl -sr -vv
++
++ atf_check -s exit:0 -o ignore ping -c 1 -t 1 192.0.2.1
++jexec alcatraz pfctl -sr -vv
++}
++
++addr_range_cleanup()
++{
++ pft_cleanup
++}
++
+ atf_init_test_cases()
+ {
+ atf_add_test_case "enable_disable"
+@@ -462,4 +499,5 @@
+ atf_add_test_case "received_on"
+ atf_add_test_case "optimize_any"
+ atf_add_test_case "any_if"
++ atf_add_test_case "addr_range"
+ }
diff --git a/website/static/security/patches/SA-26:09/pf-15.patch.asc b/website/static/security/patches/SA-26:09/pf-15.patch.asc
new file mode 100644
index 0000000000..fa27926ab0
--- /dev/null
+++ b/website/static/security/patches/SA-26:09/pf-15.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmnEp+0ACgkQbljekB8A
+Gu8w8Q/+JVp4ZMcd9vM8l+zqCqj2XTUg2887KBnJ+qZRYZvXtNzJpxJTxaEUYe7p
+Dj/OsFTxm821shqYxJv5I7lgJpqNNggKn41j/BaOTf3GK6Or8bVKUI3GmCKjEMD/
+AnxILH1WeM0hsFqs2GhtXww1EeFRuKTqNyLbjJ/sEdXI+AQQhYQi4PiFvLXecezh
+dpP4FRCU52hqYYz3C4wbW92hZfkVCTHOZEkFbpNYerzxsgLxDOzMLq+FTgPNRUBw
+YaNs5rPWbiYqpATsryGKDjT1SS3Y1zyVGcuTMtcvpOK9//il9paexzwLt+6FjUsa
+sAGrA+vKfmdFxJBsiHm7IxjMZvkPtvY8TSNnnljLnRtWXdmptucHg11KSX5gzxvw
+YsPmu7TwZ3JLzfAZ0jhOn3jRVBqpyZmarBw2txkwVL3WQ7OETwV32HOMLdwwzhXg
+nI0aSgWWf3OiPMHLjCogrGE8mnS5yuymfRefMHvMarawMoDOFJQB8bXhe0VwxOke
+XypsrHMif5my2+QTi/cQNcJT6dm2qaD9l7xIqJnazV/JID108ff+iQkC2AI349io
+ZJ9StSd4owudffN633Aqx6M+ttex5uYb8QzxhqEtgJbDTshU/RCg2pnni3D8r1GC
+gf45MYEAllePewusKKoYQDoRF3csF9V43GPHx0LUhgvw4QxMR28=
+=QAdP
+-----END PGP SIGNATURE-----