diff --git a/website/data/security/advisories.toml b/website/data/security/advisories.toml
index d3995fcc48..dbe5ac58ce 100644
--- a/website/data/security/advisories.toml
+++ b/website/data/security/advisories.toml
@@ -1,2683 +1,2687 @@
# Sort advisories by year, month and day
# $FreeBSD$
+[[advisories]]
+name = "FreeBSD-SA-23:17.pf"
+date = "2023-12-05"
+
[[advisories]]
name = "FreeBSD-SA-23:16.cap_net"
date = "2023-11-08"
[[advisories]]
name = "FreeBSD-SA-23:15.stdio"
date = "2023-11-08"
[[advisories]]
name = "FreeBSD-SA-23:14.smccc"
date = "2023-10-03"
[[advisories]]
name = "FreeBSD-SA-23:13.capsicum"
date = "2023-10-03"
[[advisories]]
name = "FreeBSD-SA-23:12.msdosfs"
date = "2023-10-03"
[[advisories]]
name = "FreeBSD-SA-23:11.wifi"
date = "2023-09-06"
[[advisories]]
name = "FreeBSD-SA-23:10.pf"
date = "2023-09-06"
[[advisories]]
name = "FreeBSD-SA-23:09.pam_krb5"
date = "2023-08-01"
[[advisories]]
name = "FreeBSD-SA-23:08.ssh"
date = "2023-08-01"
[[advisories]]
name = "FreeBSD-SA-23:07.bhyve"
date = "2023-08-01"
[[advisories]]
name = "FreeBSD-SA-23:06.ipv6"
date = "2023-08-01"
[[advisories]]
name = "FreeBSD-SA-23:05.openssh"
date = "2023-06-21"
[[advisories]]
name = "FreeBSD-SA-23:04.pam_krb5"
date = "2023-06-21"
[[advisories]]
name = "FreeBSD-SA-23:03.openssl"
date = "2023-02-16"
[[advisories]]
name = "FreeBSD-SA-23:02.openssh"
date = "2023-02-16"
[[advisories]]
name = "FreeBSD-SA-23:01.geli"
date = "2023-02-08"
[[advisories]]
name = "FreeBSD-SA-22:15.ping"
date = "2022-11-29"
[[advisories]]
name = "FreeBSD-SA-22:14.heimdal"
date = "2022-11-15"
[[advisories]]
name = "FreeBSD-SA-22:13.zlib"
date = "2022-08-30"
[[advisories]]
name = "FreeBSD-SA-22:12.lib9p"
date = "2022-08-09"
[[advisories]]
name = "FreeBSD-SA-22:11.vm"
date = "2022-08-09"
[[advisories]]
name = "FreeBSD-SA-22:10.aio"
date = "2022-08-09"
[[advisories]]
name = "FreeBSD-SA-22:09.elf"
date = "2022-08-09"
[[advisories]]
name = "FreeBSD-SA-22:08.zlib"
date = "2022-04-06"
[[advisories]]
name = "FreeBSD-SA-22:07.wifi_meshid"
date = "2022-04-06"
[[advisories]]
name = "FreeBSD-SA-22:06.ioctl"
date = "2022-04-06"
[[advisories]]
name = "FreeBSD-SA-22:05.bhyve"
date = "2022-04-06"
[[advisories]]
name = "FreeBSD-SA-22:04.netmap"
date = "2022-04-06"
[[advisories]]
name = "FreeBSD-SA-22:03.openssl"
date = "2022-03-15"
[[advisories]]
name = "FreeBSD-SA-22:02.wifi"
date = "2022-03-15"
[[advisories]]
name = "FreeBSD-SA-22:01.vt"
date = "2022-01-11"
[[advisories]]
name = "FreeBSD-SA-21:17.openssl"
date = "2021-08-24"
[[advisories]]
name = "FreeBSD-SA-21:16.openssl"
date = "2021-08-24"
[[advisories]]
name = "FreeBSD-SA-21:15.libfetch"
date = "2021-08-24"
[[advisories]]
name = "FreeBSD-SA-21:14.ggatec"
date = "2021-08-24"
[[advisories]]
name = "FreeBSD-SA-21:13.bhyve"
date = "2021-08-24"
[[advisories]]
name = "FreeBSD-SA-21:12.libradius"
date = "2021-05-26"
[[advisories]]
name = "FreeBSD-SA-21:11.smap"
date = "2021-05-26"
[[advisories]]
name = "FreeBSD-SA-21:10.jail_mount"
date = "2021-04-06"
[[advisories]]
name = "FreeBSD-SA-21:09.accept_filter"
date = "2021-04-06"
[[advisories]]
name = "FreeBSD-SA-21:08.vm"
date = "2021-04-06"
[[advisories]]
name = "FreeBSD-SA-21:07.openssl"
date = "2021-03-25"
[[advisories]]
name = "FreeBSD-SA-21:06.xen"
date = "2021-02-24"
[[advisories]]
name = "FreeBSD-SA-21:05.jail_chdir"
date = "2021-02-24"
[[advisories]]
name = "FreeBSD-SA-21:04.jail_remove"
date = "2021-02-24"
[[advisories]]
name = "FreeBSD-SA-21:03.pam_login_access"
date = "2021-02-24"
[[advisories]]
name = "FreeBSD-SA-21:02.xenoom"
date = "2021-01-29"
[[advisories]]
name = "FreeBSD-SA-21:01.fsdisclosure"
date = "2021-01-29"
[[advisories]]
name = "FreeBSD-SA-20:33.openssl"
date = "2020-12-08"
[[advisories]]
name = "FreeBSD-SA-20:32.rtsold"
date = "2020-12-01"
[[advisories]]
name = "FreeBSD-SA-20:31.icmp6"
date = "2020-12-01"
[[advisories]]
name = "FreeBSD-SA-20:30.ftpd"
date = "2020-09-15"
[[advisories]]
name = "FreeBSD-SA-20:29.bhyve_svm"
date = "2020-09-15"
[[advisories]]
name = "FreeBSD-SA-20:28.bhyve_vmcs"
date = "2020-09-15"
[[advisories]]
name = "FreeBSD-SA-20:27.ure"
date = "2020-09-15"
[[advisories]]
name = "FreeBSD-SA-20:26.dhclient"
date = "2020-09-02"
[[advisories]]
name = "FreeBSD-SA-20:25.sctp"
date = "2020-09-02"
[[advisories]]
name = "FreeBSD-SA-20:24.ipv6"
date = "2020-09-02"
[[advisories]]
name = "FreeBSD-SA-20:23.sendmsg"
date = "2020-08-05"
[[advisories]]
name = "FreeBSD-SA-20:22.sqlite"
date = "2020-08-05"
[[advisories]]
name = "FreeBSD-SA-20:21.usb_net"
date = "2020-08-05"
[[advisories]]
name = "FreeBSD-SA-20:20.ipv6"
date = "2020-07-08"
[[advisories]]
name = "FreeBSD-SA-20:19.unbound"
date = "2020-07-08"
[[advisories]]
name = "FreeBSD-SA-20:18.posix_spawnp"
date = "2020-07-08"
[[advisories]]
name = "FreeBSD-SA-20:17.usb"
date = "2020-06-09"
[[advisories]]
name = "FreeBSD-SA-20:16.cryptodev"
date = "2020-05-12"
[[advisories]]
name = "FreeBSD-SA-20:15.cryptodev"
date = "2020-05-12"
[[advisories]]
name = "FreeBSD-SA-20:14.sctp"
date = "2020-05-12"
[[advisories]]
name = "FreeBSD-SA-20:13.libalias"
date = "2020-05-12"
[[advisories]]
name = "FreeBSD-SA-20:12.libalias"
date = "2020-05-12"
[[advisories]]
name = "FreeBSD-SA-20:11.openssl"
date = "2020-04-21"
[[advisories]]
name = "FreeBSD-SA-20:10.ipfw"
date = "2020-04-21"
[[advisories]]
name = "FreeBSD-SA-20:09.ntp"
date = "2020-03-19"
[[advisories]]
name = "FreeBSD-SA-20:08.jail"
date = "2020-03-19"
[[advisories]]
name = "FreeBSD-SA-20:07.epair"
date = "2020-03-19"
[[advisories]]
name = "FreeBSD-SA-20:06.if_ixl_ioctl"
date = "2020-03-19"
[[advisories]]
name = "FreeBSD-SA-20:05.if_oce_ioctl"
date = "2020-03-19"
[[advisories]]
name = "FreeBSD-SA-20:04.tcp"
date = "2020-03-19"
[[advisories]]
name = "FreeBSD-SA-20:03.thrmisc"
date = "2020-01-28"
[[advisories]]
name = "FreeBSD-SA-20:02.ipsec"
date = "2020-01-28"
[[advisories]]
name = "FreeBSD-SA-20:01.libfetch"
date = "2020-01-28"
[[advisories]]
name = "FreeBSD-SA-19:26.mcu"
date = "2019-11-12"
[[advisories]]
name = "FreeBSD-SA-19:25.mcepsc"
date = "2019-11-12"
[[advisories]]
name = "FreeBSD-SA-19:24.mqueuefs"
date = "2019-08-20"
[[advisories]]
name = "FreeBSD-SA-19:23.midi"
date = "2019-08-20"
[[advisories]]
name = "FreeBSD-SA-19:22.mbuf"
date = "2019-08-20"
[[advisories]]
name = "FreeBSD-SA-19:21.bhyve"
date = "2019-08-06"
[[advisories]]
name = "FreeBSD-SA-19:20.bsnmp"
date = "2019-08-06"
[[advisories]]
name = "FreeBSD-SA-19:19.mldv2"
date = "2019-08-06"
[[advisories]]
name = "FreeBSD-SA-19:18.bzip2"
date = "2019-08-06"
[[advisories]]
name = "FreeBSD-SA-19:17.fd"
date = "2019-07-24"
[[advisories]]
name = "FreeBSD-SA-19:16.bhyve"
date = "2019-07-24"
[[advisories]]
name = "FreeBSD-SA-19:15.mqueuefs"
date = "2019-07-24"
[[advisories]]
name = "FreeBSD-SA-19:14.freebsd32"
date = "2019-07-24"
[[advisories]]
name = "FreeBSD-SA-19:13.pts"
date = "2019-07-24"
[[advisories]]
name = "FreeBSD-SA-19:12.telnet"
date = "2019-07-24"
[[advisories]]
name = "FreeBSD-SA-19:11.cd_ioctl"
date = "2019-07-02"
[[advisories]]
name = "FreeBSD-SA-19:10.ufs"
date = "2019-07-02"
[[advisories]]
name = "FreeBSD-SA-19:09.iconv"
date = "2019-07-02"
[[advisories]]
name = "FreeBSD-SA-19:08.rack"
date = "2019-06-19"
[[advisories]]
name = "FreeBSD-SA-19:07.mds"
date = "2019-05-14"
[[advisories]]
name = "FreeBSD-SA-19:06.pf"
date = "2019-05-14"
[[advisories]]
name = "FreeBSD-SA-19:05.pf"
date = "2019-05-14"
[[advisories]]
name = "FreeBSD-SA-19:04.ntp"
date = "2019-05-14"
[[advisories]]
name = "FreeBSD-SA-19:03.wpa"
date = "2019-05-14"
[[advisories]]
name = "FreeBSD-SA-19:02.fd"
date = "2019-02-05"
[[advisories]]
name = "FreeBSD-SA-19:01.syscall"
date = "2019-02-05"
[[advisories]]
name = "FreeBSD-SA-18:15.bootpd"
date = "2018-12-19"
[[advisories]]
name = "FreeBSD-SA-18:14.bhyve"
date = "2018-12-04"
[[advisories]]
name = "FreeBSD-SA-18:13.nfs"
date = "2018-11-27"
[[advisories]]
name = "FreeBSD-SA-18:12.elf"
date = "2018-09-12"
[[advisories]]
name = "FreeBSD-SA-18:11.hostapd"
date = "2018-08-14"
[[advisories]]
name = "FreeBSD-SA-18:10.ip"
date = "2018-08-14"
[[advisories]]
name = "FreeBSD-SA-18:09.l1tf"
date = "2018-08-14"
[[advisories]]
name = "FreeBSD-SA-18:08.tcp"
date = "2018-08-06"
[[advisories]]
name = "FreeBSD-SA-18:07.lazyfpu"
date = "2018-06-21"
[[advisories]]
name = "FreeBSD-SA-18:06.debugreg"
date = "2018-05-08"
[[advisories]]
name = "FreeBSD-SA-18:05.ipsec"
date = "2018-04-04"
[[advisories]]
name = "FreeBSD-SA-18:04.vt"
date = "2018-04-04"
[[advisories]]
name = "FreeBSD-SA-18:03.speculative_execution"
date = "2018-03-14"
[[advisories]]
name = "FreeBSD-SA-18:02.ntp"
date = "2018-03-07"
[[advisories]]
name = "FreeBSD-SA-18:01.ipsec"
date = "2018-03-07"
[[advisories]]
name = "FreeBSD-SA-17:12.openssl"
date = "2017-12-09"
[[advisories]]
name = "FreeBSD-SA-17:11.openssl"
date = "2017-11-29"
[[advisories]]
name = "FreeBSD-SA-17:10.kldstat"
date = "2017-11-15"
[[advisories]]
name = "FreeBSD-SA-17:09.shm"
date = "2017-11-15"
[[advisories]]
name = "FreeBSD-SA-17:08.ptrace"
date = "2017-11-15"
[[advisories]]
name = "FreeBSD-SA-17:07.wpa"
date = "2017-10-17"
[[advisories]]
name = "FreeBSD-SA-17:06.openssh"
date = "2017-08-10"
[[advisories]]
name = "FreeBSD-SA-17:05.heimdal"
date = "2017-07-12"
[[advisories]]
name = "FreeBSD-SA-17:04.ipfilter"
date = "2017-04-27"
[[advisories]]
name = "FreeBSD-SA-17:03.ntp"
date = "2017-04-12"
[[advisories]]
name = "FreeBSD-SA-17:02.openssl"
date = "2017-02-23"
[[advisories]]
name = "FreeBSD-SA-17:01.openssh"
date = "2017-01-11"
[[advisories]]
name = "FreeBSD-SA-16:39.ntp"
date = "2016-12-22"
[[advisories]]
name = "FreeBSD-SA-16:38.bhyve"
date = "2016-12-06"
[[advisories]]
name = "FreeBSD-SA-16:37.libc"
date = "2016-12-06"
[[advisories]]
name = "FreeBSD-SA-16:36.telnetd"
date = "2016-12-06"
[[advisories]]
name = "FreeBSD-SA-16:35.openssl"
date = "2016-11-02"
[[advisories]]
name = "FreeBSD-SA-16:34.bind"
date = "2016-11-02"
[[advisories]]
name = "FreeBSD-SA-16:33.openssh"
date = "2016-11-02"
[[advisories]]
name = "FreeBSD-SA-16:32.bhyve"
date = "2016-10-25"
[[advisories]]
name = "FreeBSD-SA-16:31.libarchive"
date = "2016-10-10"
[[advisories]]
name = "FreeBSD-SA-16:30.portsnap"
date = "2016-10-10"
[[advisories]]
name = "FreeBSD-SA-16:29.bspatch"
date = "2016-10-10"
[[advisories]]
name = "FreeBSD-SA-16:28.bind"
date = "2016-10-10"
[[advisories]]
name = "FreeBSD-SA-16:27.openssl"
date = "2016-10-10"
[[advisories]]
name = "FreeBSD-SA-16:26.openssl"
date = "2016-09-23"
[[advisories]]
name = "FreeBSD-SA-16:25.bspatch"
date = "2016-07-25"
[[advisories]]
name = "FreeBSD-SA-16:24.ntp"
date = "2016-06-04"
[[advisories]]
name = "FreeBSD-SA-16:23.libarchive"
date = "2016-05-31"
[[advisories]]
name = "FreeBSD-SA-16:22.libarchive"
date = "2016-05-31"
[[advisories]]
name = "FreeBSD-SA-16:21.43bsd"
date = "2016-05-31"
[[advisories]]
name = "FreeBSD-SA-16:20.linux"
date = "2016-05-31"
[[advisories]]
name = "FreeBSD-SA-16:19.sendmsg"
date = "2016-05-17"
[[advisories]]
name = "FreeBSD-SA-16:18.atkbd"
date = "2016-05-17"
[[advisories]]
name = "FreeBSD-SA-16:17.openssl"
date = "2016-05-04"
[[advisories]]
name = "FreeBSD-SA-16:16.ntp"
date = "2016-04-29"
[[advisories]]
name = "FreeBSD-SA-16:15.sysarch"
date = "2016-03-16"
[[advisories]]
name = "FreeBSD-SA-16:14.openssh"
date = "2016-03-16"
[[advisories]]
name = "FreeBSD-SA-16:13.bind"
date = "2016-03-10"
[[advisories]]
name = "FreeBSD-SA-16:12.openssl"
date = "2016-03-10"
[[advisories]]
name = "FreeBSD-SA-16:11.openssl"
date = "2016-01-30"
[[advisories]]
name = "FreeBSD-SA-16:10.linux"
date = "2016-01-27"
[[advisories]]
name = "FreeBSD-SA-16:09.ntp"
date = "2016-01-27"
[[advisories]]
name = "FreeBSD-SA-16:08.bind"
date = "2016-01-27"
[[advisories]]
name = "FreeBSD-SA-16:07.openssh"
date = "2016-01-14"
[[advisories]]
name = "FreeBSD-SA-16:06.bsnmpd"
date = "2016-01-14"
[[advisories]]
name = "FreeBSD-SA-16:05.tcp"
date = "2016-01-14"
[[advisories]]
name = "FreeBSD-SA-16:04.linux"
date = "2016-01-14"
[[advisories]]
name = "FreeBSD-SA-16:03.linux"
date = "2016-01-14"
[[advisories]]
name = "FreeBSD-SA-16:02.ntp"
date = "2016-01-14"
[[advisories]]
name = "FreeBSD-SA-16:01.sctp"
date = "2016-01-14"
[[advisories]]
name = "FreeBSD-SA-15:27.bind"
date = "2015-12-16"
[[advisories]]
name = "FreeBSD-SA-15:26.openssl"
date = "2015-12-06"
[[advisories]]
name = "FreeBSD-SA-15:25.ntp"
date = "2015-10-26"
[[advisories]]
name = "FreeBSD-SA-15:24.rpcbind"
date = "2015-09-29"
[[advisories]]
name = "FreeBSD-SA-15:23.bind"
date = "2015-09-02"
[[advisories]]
name = "FreeBSD-SA-15:22.openssh"
date = "2015-08-25"
[[advisories]]
name = "FreeBSD-SA-15:21.amd64"
date = "2015-08-25"
[[advisories]]
name = "FreeBSD-SA-15:20.expat"
date = "2015-08-18"
[[advisories]]
name = "FreeBSD-SA-15:19.routed"
date = "2015-08-05"
[[advisories]]
name = "FreeBSD-SA-15:18.bsdpatch"
date = "2015-08-05"
[[advisories]]
name = "FreeBSD-SA-15:17.bind"
date = "2015-07-28"
[[advisories]]
name = "FreeBSD-SA-15:16.openssh"
date = "2015-07-28"
[[advisories]]
name = "FreeBSD-SA-15:15.tcp"
date = "2015-07-28"
[[advisories]]
name = "FreeBSD-SA-15:14.bsdpatch"
date = "2015-07-28"
[[advisories]]
name = "FreeBSD-SA-15:13.tcp"
date = "2015-07-21"
[[advisories]]
name = "FreeBSD-SA-15:12.openssl"
date = "2015-07-09"
[[advisories]]
name = "FreeBSD-SA-15:11.bind"
date = "2015-07-07"
[[advisories]]
name = "FreeBSD-SA-15:10.openssl"
date = "2015-06-12"
[[advisories]]
name = "FreeBSD-SA-15:09.ipv6"
date = "2015-04-07"
[[advisories]]
name = "FreeBSD-SA-15:08.bsdinstall"
date = "2015-04-07"
[[advisories]]
name = "FreeBSD-SA-15:07.ntp"
date = "2015-04-07"
[[advisories]]
name = "FreeBSD-SA-15:06.openssl"
date = "2015-03-19"
[[advisories]]
name = "FreeBSD-SA-15:05.bind"
date = "2015-02-25"
[[advisories]]
name = "FreeBSD-SA-15:04.igmp"
date = "2015-02-25"
[[advisories]]
name = "FreeBSD-SA-15:03.sctp"
date = "2015-01-27"
[[advisories]]
name = "FreeBSD-SA-15:02.kmem"
date = "2015-01-27"
[[advisories]]
name = "FreeBSD-SA-15:01.openssl"
date = "2015-01-14"
[[advisories]]
name = "FreeBSD-SA-14:31.ntp"
date = "2014-12-23"
[[advisories]]
name = "FreeBSD-SA-14:30.unbound"
date = "2014-12-17"
[[advisories]]
name = "FreeBSD-SA-14:29.bind"
date = "2014-12-10"
[[advisories]]
name = "FreeBSD-SA-14:28.file"
date = "2014-12-10"
[[advisories]]
name = "FreeBSD-SA-14:27.stdio"
date = "2014-12-10"
[[advisories]]
name = "FreeBSD-SA-14:26.ftp"
date = "2014-11-04"
[[advisories]]
name = "FreeBSD-SA-14:25.setlogin"
date = "2014-11-04"
[[advisories]]
name = "FreeBSD-SA-14:24.sshd"
date = "2014-11-04"
[[advisories]]
name = "FreeBSD-SA-14:23.openssl"
date = "2014-10-21"
[[advisories]]
name = "FreeBSD-SA-14:22.namei"
date = "2014-10-21"
[[advisories]]
name = "FreeBSD-SA-14:21.routed"
date = "2014-10-21"
[[advisories]]
name = "FreeBSD-SA-14:20.rtsold"
date = "2014-10-21"
[[advisories]]
name = "FreeBSD-SA-14:19.tcp"
date = "2014-09-16"
[[advisories]]
name = "FreeBSD-SA-14:18.openssl"
date = "2014-09-09"
[[advisories]]
name = "FreeBSD-SA-14:17.kmem"
date = "2014-07-08"
[[advisories]]
name = "FreeBSD-SA-14:16.file"
date = "2014-06-24"
[[advisories]]
name = "FreeBSD-SA-14:15.iconv"
date = "2014-06-24"
[[advisories]]
name = "FreeBSD-SA-14:14.openssl"
date = "2014-06-05"
[[advisories]]
name = "FreeBSD-SA-14:13.pam"
date = "2014-06-03"
[[advisories]]
name = "FreeBSD-SA-14:12.ktrace"
date = "2014-06-03"
[[advisories]]
name = "FreeBSD-SA-14:11.sendmail"
date = "2014-06-03"
[[advisories]]
name = "FreeBSD-SA-14:10.openssl"
date = "2014-05-13"
[[advisories]]
name = "FreeBSD-SA-14:09.openssl"
date = "2014-04-30"
[[advisories]]
name = "FreeBSD-SA-14:08.tcp"
date = "2014-04-30"
[[advisories]]
name = "FreeBSD-SA-14:07.devfs"
date = "2014-04-30"
[[advisories]]
name = "FreeBSD-SA-14:06.openssl"
date = "2014-04-08"
[[advisories]]
name = "FreeBSD-SA-14:05.nfsserver"
date = "2014-04-08"
[[advisories]]
name = "FreeBSD-SA-14:04.bind"
date = "2014-01-14"
[[advisories]]
name = "FreeBSD-SA-14:03.openssl"
date = "2014-01-14"
[[advisories]]
name = "FreeBSD-SA-14:02.ntpd"
date = "2014-01-14"
[[advisories]]
name = "FreeBSD-SA-14:01.bsnmpd"
date = "2014-01-14"
[[advisories]]
name = "FreeBSD-SA-13:14.openssh"
date = "2013-11-19"
[[advisories]]
name = "FreeBSD-SA-13:13.nullfs"
date = "2013-09-10"
[[advisories]]
name = "FreeBSD-SA-13:12.ifioctl"
date = "2013-09-10"
[[advisories]]
name = "FreeBSD-SA-13:11.sendfile"
date = "2013-09-10"
[[advisories]]
name = "FreeBSD-SA-13:10.sctp"
date = "2013-08-22"
[[advisories]]
name = "FreeBSD-SA-13:09.ip_multicast"
date = "2013-08-22"
[[advisories]]
name = "FreeBSD-SA-13:08.nfsserver"
date = "2013-07-26"
[[advisories]]
name = "FreeBSD-SA-13:07.bind"
date = "2013-07-26"
[[advisories]]
name = "FreeBSD-SA-13:06.mmap"
date = "2013-06-18"
[[advisories]]
name = "FreeBSD-SA-13:05.nfsserver"
date = "2013-04-29"
[[advisories]]
name = "FreeBSD-SA-13:04.bind"
date = "2013-04-02"
[[advisories]]
name = "FreeBSD-SA-13:03.openssl"
date = "2013-04-02"
[[advisories]]
name = "FreeBSD-SA-13:02.libc"
date = "2013-02-19"
[[advisories]]
name = "FreeBSD-SA-13:01.bind"
date = "2013-02-19"
[[advisories]]
name = "FreeBSD-SA-12:08.linux"
date = "2012-11-22"
[[advisories]]
name = "FreeBSD-SA-12:07.hostapd"
date = "2012-11-22"
[[advisories]]
name = "FreeBSD-SA-12:06.bind"
date = "2012-11-22"
[[advisories]]
name = "FreeBSD-SA-12:05.bind"
date = "2012-08-06"
[[advisories]]
name = "FreeBSD-SA-12:04.sysret"
date = "2012-06-12"
[[advisories]]
name = "FreeBSD-SA-12:03.bind"
date = "2012-06-12"
[[advisories]]
name = "FreeBSD-SA-12:02.crypt"
date = "2012-05-30"
[[advisories]]
name = "FreeBSD-SA-12:01.openssl"
date = "2012-05-30"
[[advisories]]
name = "FreeBSD-SA-11:10.pam"
date = "2011-12-23"
[[advisories]]
name = "FreeBSD-SA-11:09.pam_ssh"
date = "2011-12-23"
[[advisories]]
name = "FreeBSD-SA-11:08.telnetd"
date = "2011-12-23"
[[advisories]]
name = "FreeBSD-SA-11:07.chroot"
date = "2011-12-23"
[[advisories]]
name = "FreeBSD-SA-11:06.bind"
date = "2011-12-23"
[[advisories]]
name = "FreeBSD-SA-11:05.unix"
date = "2011-09-28"
[[advisories]]
name = "FreeBSD-SA-11:04.compress"
date = "2011-09-28"
[[advisories]]
name = "FreeBSD-SA-11:03.bind"
date = "2011-09-28"
[[advisories]]
name = "FreeBSD-SA-11:02.bind"
date = "2011-05-28"
[[advisories]]
name = "FreeBSD-SA-11:01.mountd"
date = "2011-04-20"
[[advisories]]
name = "FreeBSD-SA-10:10.openssl"
date = "2010-11-29"
[[advisories]]
name = "FreeBSD-SA-10:09.pseudofs"
date = "2010-11-10"
[[advisories]]
name = "FreeBSD-SA-10:08.bzip2"
date = "2010-09-20"
[[advisories]]
name = "FreeBSD-SA-10:07.mbuf"
date = "2010-07-13"
[[advisories]]
name = "FreeBSD-SA-10:06.nfsclient"
date = "2010-05-27"
[[advisories]]
name = "FreeBSD-SA-10:05.opie"
date = "2010-05-27"
[[advisories]]
name = "FreeBSD-SA-10:04.jail"
date = "2010-05-27"
[[advisories]]
name = "FreeBSD-SA-10:03.zfs"
date = "2010-01-06"
[[advisories]]
name = "FreeBSD-SA-10:02.ntpd"
date = "2010-01-06"
[[advisories]]
name = "FreeBSD-SA-10:01.bind"
date = "2010-01-06"
[[advisories]]
name = "FreeBSD-SA-09:17.freebsd-update"
date = "2009-12-03"
[[advisories]]
name = "FreeBSD-SA-09:16.rtld"
date = "2009-12-03"
[[advisories]]
name = "FreeBSD-SA-09:15.ssl"
date = "2009-12-03"
[[advisories]]
name = "FreeBSD-SA-09:14.devfs"
date = "2009-10-02"
[[advisories]]
name = "FreeBSD-SA-09:13.pipe"
date = "2009-10-02"
[[advisories]]
name = "FreeBSD-SA-09:12.bind"
date = "2009-07-29"
[[advisories]]
name = "FreeBSD-SA-09:11.ntpd"
date = "2009-06-10"
[[advisories]]
name = "FreeBSD-SA-09:10.ipv6"
date = "2009-06-10"
[[advisories]]
name = "FreeBSD-SA-09:09.pipe"
date = "2009-06-10"
[[advisories]]
name = "FreeBSD-SA-09:08.openssl"
date = "2009-04-22"
[[advisories]]
name = "FreeBSD-SA-09:07.libc"
date = "2009-04-22"
[[advisories]]
name = "FreeBSD-SA-09:06.ktimer"
date = "2009-03-23"
[[advisories]]
name = "FreeBSD-SA-09:05.telnetd"
date = "2009-02-16"
[[advisories]]
name = "FreeBSD-SA-09:04.bind"
date = "2009-01-13"
[[advisories]]
name = "FreeBSD-SA-09:03.ntpd"
date = "2009-01-13"
[[advisories]]
name = "FreeBSD-SA-09:02.openssl"
date = "2009-01-07"
[[advisories]]
name = "FreeBSD-SA-09:01.lukemftpd"
date = "2009-01-07"
[[advisories]]
name = "FreeBSD-SA-08:13.protosw"
date = "2008-12-23"
[[advisories]]
name = "FreeBSD-SA-08:12.ftpd"
date = "2008-12-23"
[[advisories]]
name = "FreeBSD-SA-08:11.arc4random"
date = "2008-11-24"
[[advisories]]
name = "FreeBSD-SA-08:10.nd6"
date = "2008-10-02"
[[advisories]]
name = "FreeBSD-SA-08:09.icmp6"
date = "2008-09-03"
[[advisories]]
name = "FreeBSD-SA-08:08.nmount"
date = "2008-09-03"
[[advisories]]
name = "FreeBSD-SA-08:07.amd64"
date = "2008-09-03"
[[advisories]]
name = "FreeBSD-SA-08:06.bind"
date = "2008-07-13"
[[advisories]]
name = "FreeBSD-SA-08:05.openssh"
date = "2008-04-17"
[[advisories]]
name = "FreeBSD-SA-08:04.ipsec"
date = "2008-02-14"
[[advisories]]
name = "FreeBSD-SA-08:03.sendfile"
date = "2008-02-14"
[[advisories]]
name = "FreeBSD-SA-08:02.libc"
date = "2008-01-14"
[[advisories]]
name = "FreeBSD-SA-08:01.pty"
date = "2008-01-14"
[[advisories]]
name = "FreeBSD-SA-07:10.gtar"
date = "2007-11-29"
[[advisories]]
name = "FreeBSD-SA-07:09.random"
date = "2007-11-29"
[[advisories]]
name = "FreeBSD-SA-07:08.openssl"
date = "2007-10-03"
[[advisories]]
name = "FreeBSD-SA-07:07.bind"
date = "2007-08-01"
[[advisories]]
name = "FreeBSD-SA-07:06.tcpdump"
date = "2007-08-01"
[[advisories]]
name = "FreeBSD-SA-07:05.libarchive"
date = "2007-07-12"
[[advisories]]
name = "FreeBSD-SA-07:04.file"
date = "2007-05-23"
[[advisories]]
name = "FreeBSD-SA-07:03.ipv6"
date = "2007-04-26"
[[advisories]]
name = "FreeBSD-SA-07:02.bind"
date = "2007-02-09"
[[advisories]]
name = "FreeBSD-SA-07:01.jail"
date = "2007-01-11"
[[advisories]]
name = "FreeBSD-SA-06:26.gtar"
date = "2006-12-06"
[[advisories]]
name = "FreeBSD-SA-06:25.kmem"
date = "2006-12-06"
[[advisories]]
name = "FreeBSD-SA-06:24.libarchive"
date = "2006-11-08"
[[advisories]]
name = "FreeBSD-SA-06:22.openssh"
date = "2006-09-30"
[[advisories]]
name = "FreeBSD-SA-06:23.openssl"
date = "2006-09-28"
[[advisories]]
name = "FreeBSD-SA-06:21.gzip"
date = "2006-09-19"
[[advisories]]
name = "FreeBSD-SA-06:20.bind"
date = "2006-09-06"
[[advisories]]
name = "FreeBSD-SA-06:19.openssl"
date = "2006-09-06"
[[advisories]]
name = "FreeBSD-SA-06:18.ppp"
date = "2006-08-23"
[[advisories]]
name = "FreeBSD-SA-06:17.sendmail"
date = "2006-06-14"
[[advisories]]
name = "FreeBSD-SA-06:16.smbfs"
date = "2006-05-31"
[[advisories]]
name = "FreeBSD-SA-06:15.ypserv"
date = "2006-05-31"
[[advisories]]
name = "FreeBSD-SA-06:14.fpu"
date = "2006-04-19"
[[advisories]]
name = "FreeBSD-SA-06:13.sendmail"
date = "2006-03-22"
[[advisories]]
name = "FreeBSD-SA-06:12.opie"
date = "2006-03-22"
[[advisories]]
name = "FreeBSD-SA-06:11.ipsec"
date = "2006-03-22"
[[advisories]]
name = "FreeBSD-SA-06:10.nfs"
date = "2006-03-01"
[[advisories]]
name = "FreeBSD-SA-06:09.openssh"
date = "2006-03-01"
[[advisories]]
name = "FreeBSD-SA-06:08.sack"
date = "2006-02-01"
[[advisories]]
name = "FreeBSD-SA-06:07.pf"
date = "2006-01-25"
[[advisories]]
name = "FreeBSD-SA-06:06.kmem"
date = "2006-01-25"
[[advisories]]
name = "FreeBSD-SA-06:05.80211"
date = "2006-01-18"
[[advisories]]
name = "FreeBSD-SA-06:04.ipfw"
date = "2006-01-11"
[[advisories]]
name = "FreeBSD-SA-06:03.cpio"
date = "2006-01-11"
[[advisories]]
name = "FreeBSD-SA-06:02.ee"
date = "2006-01-11"
[[advisories]]
name = "FreeBSD-SA-06:01.texindex"
date = "2006-01-11"
[[advisories]]
name = "FreeBSD-SA-05:21.openssl"
date = "2005-10-11"
[[advisories]]
name = "FreeBSD-SA-05:20.cvsbug"
date = "2005-09-07"
[[advisories]]
name = "FreeBSD-SA-05:19.ipsec"
date = "2005-07-27"
[[advisories]]
name = "FreeBSD-SA-05:18.zlib"
date = "2005-07-27"
[[advisories]]
name = "FreeBSD-SA-05:17.devfs"
date = "2005-07-20"
[[advisories]]
name = "FreeBSD-SA-05:16.zlib"
date = "2005-07-06"
[[advisories]]
name = "FreeBSD-SA-05:15.tcp"
date = "2005-06-29"
[[advisories]]
name = "FreeBSD-SA-05:14.bzip2"
date = "2005-06-29"
[[advisories]]
name = "FreeBSD-SA-05:13.ipfw"
date = "2005-06-29"
[[advisories]]
name = "FreeBSD-SA-05:12.bind9"
date = "2005-06-09"
[[advisories]]
name = "FreeBSD-SA-05:11.gzip"
date = "2005-06-09"
[[advisories]]
name = "FreeBSD-SA-05:10.tcpdump"
date = "2005-06-09"
[[advisories]]
name = "FreeBSD-SA-05:09.htt"
date = "2005-05-13"
[[advisories]]
name = "FreeBSD-SA-05:08.kmem"
date = "2005-05-06"
[[advisories]]
name = "FreeBSD-SA-05:07.ldt"
date = "2005-05-06"
[[advisories]]
name = "FreeBSD-SA-05:06.iir"
date = "2005-05-06"
[[advisories]]
name = "FreeBSD-SA-05:05.cvs"
date = "2005-04-22"
[[advisories]]
name = "FreeBSD-SA-05:04.ifconf"
date = "2005-04-15"
[[advisories]]
name = "FreeBSD-SA-05:03.amd64"
date = "2005-04-06"
[[advisories]]
name = "FreeBSD-SA-05:02.sendfile"
date = "2005-04-04"
[[advisories]]
name = "FreeBSD-SA-05:01.telnet"
date = "2005-03-28"
[[advisories]]
name = "FreeBSD-SA-04:17.procfs"
date = "2004-12-01"
[[advisories]]
name = "FreeBSD-SA-04:16.fetch"
date = "2004-11-18"
[[advisories]]
name = "FreeBSD-SA-04:15.syscons"
date = "2004-10-04"
[[advisories]]
name = "FreeBSD-SA-04:14.cvs"
date = "2004-09-19"
[[advisories]]
name = "FreeBSD-SA-04:13.linux"
date = "2004-06-30"
[[advisories]]
name = "FreeBSD-SA-04:12.jailroute"
date = "2004-06-07"
[[advisories]]
name = "FreeBSD-SA-04:11.msync"
date = "2004-05-19"
[[advisories]]
name = "FreeBSD-SA-04:10.cvs"
date = "2004-05-19"
[[advisories]]
name = "FreeBSD-SA-04:09.kadmind"
date = "2004-05-05"
[[advisories]]
name = "FreeBSD-SA-04:08.heimdal"
date = "2004-05-05"
[[advisories]]
name = "FreeBSD-SA-04:07.cvs"
date = "2004-04-15"
[[advisories]]
name = "FreeBSD-SA-04:06.ipv6"
date = "2004-03-29"
[[advisories]]
name = "FreeBSD-SA-04:05.openssl"
date = "2004-03-17"
[[advisories]]
name = "FreeBSD-SA-04:04.tcp"
date = "2004-03-02"
[[advisories]]
name = "FreeBSD-SA-04:03.jail"
date = "2004-02-25"
[[advisories]]
name = "FreeBSD-SA-04:02.shmat"
date = "2004-02-05"
[[advisories]]
name = "FreeBSD-SA-04:01.mksnap_ffs"
date = "2004-01-30"
[[advisories]]
name = "FreeBSD-SA-03:19.bind"
date = "2003-11-28"
[[advisories]]
name = "FreeBSD-SA-03:15.openssh"
date = "2003-10-05"
[[advisories]]
name = "FreeBSD-SA-03:18.openssl"
date = "2003-10-03"
[[advisories]]
name = "FreeBSD-SA-03:17.procfs"
date = "2003-10-03"
[[advisories]]
name = "FreeBSD-SA-03:16.filedesc"
date = "2003-10-02"
[[advisories]]
name = "FreeBSD-SA-03:14.arp"
date = "2003-09-23"
[[advisories]]
name = "FreeBSD-SA-03:13.sendmail"
date = "2003-09-17"
[[advisories]]
name = "FreeBSD-SA-03:12.openssh"
date = "2003-09-16"
[[advisories]]
name = "FreeBSD-SA-03:11.sendmail"
date = "2003-08-26"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1170"
[[advisories]]
name = "FreeBSD-SA-03:10.ibcs2"
date = "2003-08-10"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1164"
[[advisories]]
name = "FreeBSD-SA-03:09.signal"
date = "2003-08-10"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1163"
[[advisories]]
name = "FreeBSD-SA-03:08.realpath"
date = "2003-08-03"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1158"
[[advisories]]
name = "FreeBSD-SN-03:02"
date = "2003-04-08"
[[advisories]]
name = "FreeBSD-SN-03:01"
date = "2003-04-07"
[[advisories]]
name = "FreeBSD-SA-03:07.sendmail"
date = "2003-03-30"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1122"
[[advisories]]
name = "FreeBSD-SA-03:06.openssl"
date = "2003-03-21"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1118"
[[advisories]]
name = "FreeBSD-SA-03:05.xdr"
date = "2003-03-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1117"
[[advisories]]
name = "FreeBSD-SA-03:04.sendmail"
date = "2003-03-03"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1112"
[[advisories]]
name = "FreeBSD-SA-03:03.syncookies"
date = "2003-02-24"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1106"
[[advisories]]
name = "FreeBSD-SA-03:02.openssl"
date = "2003-02-24"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1105"
[[advisories]]
name = "FreeBSD-SA-03:01.cvs"
date = "2003-02-04"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1100"
[[advisories]]
name = "FreeBSD-SA-02:44.filedesc"
date = "2003-01-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1090"
[[advisories]]
name = "FreeBSD-SA-02:43.bind"
date = "2002-11-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1084"
[[advisories]]
name = "FreeBSD-SA-02:41.smrsh"
date = "2002-11-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1082"
[[advisories]]
name = "FreeBSD-SA-02:42.resolv"
date = "2002-11-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1083"
[[advisories]]
name = "FreeBSD-SA-02:40.kadmind"
date = "2002-11-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1081"
[[advisories]]
name = "FreeBSD-SN-02:06"
date = "2002-10-10"
[[advisories]]
name = "FreeBSD-SA-02:39.libkvm"
date = "2002-09-16"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1051"
[[advisories]]
name = "FreeBSD-SN-02:05"
date = "2002-08-28"
[[advisories]]
name = "FreeBSD-SA-02:38.signed-error"
date = "2002-08-19"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1041"
[[advisories]]
name = "FreeBSD-SA-02:37.kqueue"
date = "2002-08-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1033"
[[advisories]]
name = "FreeBSD-SA-02:36.nfs"
date = "2002-08-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1032"
[[advisories]]
name = "FreeBSD-SA-02:35.ffs"
date = "2002-08-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1031"
[[advisories]]
name = "FreeBSD-SA-02:33.openssl"
date = "2002-08-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1023"
[[advisories]]
name = "FreeBSD-SA-02:34.rpc"
date = "2002-08-01"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1024"
[[advisories]]
name = "FreeBSD-SA-02:32.pppd"
date = "2002-07-31"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1022"
[[advisories]]
name = "FreeBSD-SA-02:31.openssh"
date = "2002-07-15"
[[advisories]]
name = "FreeBSD-SA-02:30.ktrace"
date = "2002-07-12"
[[advisories]]
name = "FreeBSD-SA-02:29.tcpdump"
date = "2002-07-12"
[[advisories]]
name = "FreeBSD-SA-02:28.resolv"
date = "2002-06-26"
[[advisories]]
name = "FreeBSD-SN-02:04"
date = "2002-06-19"
[[advisories]]
name = "FreeBSD-SA-02:27.rc"
date = "2002-05-29"
[[advisories]]
name = "FreeBSD-SA-02:26.accept"
date = "2002-05-29"
[[advisories]]
name = "FreeBSD-SN-02:03"
date = "2002-05-28"
[[advisories]]
name = "FreeBSD-SA-02:25.bzip2"
date = "2002-05-20"
[[advisories]]
name = "FreeBSD-SA-02:24.k5su"
date = "2002-05-20"
[[advisories]]
name = "FreeBSD-SN-02:02"
date = "2002-05-13"
[[advisories]]
name = "FreeBSD-SA-02:23.stdio"
date = "2002-04-22"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1021"
[[advisories]]
name = "FreeBSD-SA-02:22.mmap"
date = "2002-04-18"
[[advisories]]
name = "FreeBSD-SA-02:21.tcpip"
date = "2002-04-17"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/980"
[[advisories]]
name = "FreeBSD-SA-02:20.syncache"
date = "2002-04-16"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/979"
[[advisories]]
name = "FreeBSD-SN-02:01"
date = "2002-03-30"
[[advisories]]
name = "FreeBSD-SA-02:19.squid"
date = "2002-03-26"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/960"
[[advisories]]
name = "FreeBSD-SA-02:18.zlib"
date = "2002-03-18"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/978"
[[advisories]]
name = "FreeBSD-SA-02:17.mod_frontpage"
date = "2002-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/954"
[[advisories]]
name = "FreeBSD-SA-02:16.netscape"
date = "2002-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/953"
[[advisories]]
name = "FreeBSD-SA-02:15.cyrus-sasl"
date = "2002-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/952"
[[advisories]]
name = "FreeBSD-SA-02:14.pam-pgsql"
date = "2002-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/951"
[[advisories]]
name = "FreeBSD-SA-02:13.openssh"
date = "2002-03-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/945"
[[advisories]]
name = "FreeBSD-SA-02:12.squid"
date = "2002-02-21"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/938"
[[advisories]]
name = "FreeBSD-SA-02:11.snmp"
date = "2002-02-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/936"
[[advisories]]
name = "FreeBSD-SA-02:10.rsync"
date = "2002-02-06"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/928"
[[advisories]]
name = "FreeBSD-SA-02:09.fstatfs"
date = "2002-02-06"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/927"
[[advisories]]
name = "FreeBSD-SA-02:08.exec"
date = "2002-01-24"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/923"
[[advisories]]
name = "FreeBSD-SA-02:07.k5su"
date = "2002-01-18"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/912"
[[advisories]]
name = "FreeBSD-SA-02:06.sudo"
date = "2002-01-16"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/909"
[[advisories]]
name = "FreeBSD-SA-02:05.pine"
date = "2002-01-04"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/894"
[[advisories]]
name = "FreeBSD-SA-02:04.mutt"
date = "2002-01-04"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/893"
[[advisories]]
name = "FreeBSD-SA-02:03.mod_auth_pgsql"
date = "2002-01-04"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/892"
[[advisories]]
name = "FreeBSD-SA-02:02.pw"
date = "2002-01-04"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/891"
[[advisories]]
name = "FreeBSD-SA-02:01.pkg_add"
date = "2002-01-04"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/898"
[[advisories]]
name = "FreeBSD-SA-01:64.wu-ftpd"
date = "2001-12-04"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/870"
[[advisories]]
name = "FreeBSD-SA-01:63.openssh"
date = "2001-12-02"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/871"
[[advisories]]
name = "FreeBSD-SA-01:62.uucp"
date = "2001-10-08"
[[advisories]]
name = "FreeBSD-SA-01:61.squid"
date = "2001-10-08"
[[advisories]]
name = "FreeBSD-SA-01:60.procmail"
date = "2001-09-24"
[[advisories]]
name = "FreeBSD-SA-01:59.rmuser"
date = "2001-09-04"
[[advisories]]
name = "FreeBSD-SA-01:58.lpd"
date = "2001-08-30"
[[advisories]]
name = "FreeBSD-SA-01:57.sendmail"
date = "2001-08-27"
[[advisories]]
name = "FreeBSD-SA-01:56.tcp_wrappers"
date = "2001-08-23"
[[advisories]]
name = "FreeBSD-SA-01:55.procfs"
date = "2001-08-21"
[[advisories]]
name = "FreeBSD-SA-01:54.ports-telnetd"
date = "2001-08-20"
[[advisories]]
name = "FreeBSD-SA-01:53.ipfw"
date = "2001-08-17"
[[advisories]]
name = "FreeBSD-SA-01:52.fragment"
date = "2001-08-06"
[[advisories]]
name = "FreeBSD-SA-01:51.openssl"
date = "2001-07-30"
[[advisories]]
name = "FreeBSD-SA-01:50.windowmaker"
date = "2001-07-27"
[[advisories]]
name = "FreeBSD-SA-01:49.telnetd"
date = "2001-07-23"
[[advisories]]
name = "FreeBSD-SA-01:48.tcpdump"
date = "2001-07-17"
[[advisories]]
name = "FreeBSD-SA-01:47.xinetd"
date = "2001-07-10"
[[advisories]]
name = "FreeBSD-SA-01:46.w3m"
date = "2001-07-10"
[[advisories]]
name = "FreeBSD-SA-01:45.samba"
date = "2001-07-10"
[[advisories]]
name = "FreeBSD-SA-01:44.gnupg"
date = "2001-07-10"
[[advisories]]
name = "FreeBSD-SA-01:43.fetchmail"
date = "2001-07-10"
[[advisories]]
name = "FreeBSD-SA-01:42.signal"
date = "2001-07-10"
[[advisories]]
name = "FreeBSD-SA-01:41.hanterm"
date = "2001-07-09"
[[advisories]]
name = "FreeBSD-SA-01:40.fts"
date = "2001-06-04"
[[advisories]]
name = "FreeBSD-SA-01:39.tcp-isn"
date = "2001-05-02"
[[advisories]]
name = "FreeBSD-SA-01:38.sudo"
date = "2001-04-23"
[[advisories]]
name = "FreeBSD-SA-01:37.slrn"
date = "2001-04-23"
[[advisories]]
name = "FreeBSD-SA-01:36.samba"
date = "2001-04-23"
[[advisories]]
name = "FreeBSD-SA-01:35.licq"
date = "2001-04-23"
[[advisories]]
name = "FreeBSD-SA-01:34.hylafax"
date = "2001-04-23"
[[advisories]]
name = "FreeBSD-SA-01:33.ftpd-glob"
date = "2001-04-17"
[[advisories]]
name = "FreeBSD-SA-01:32.ipfilter"
date = "2001-04-16"
[[advisories]]
name = "FreeBSD-SA-01:31.ntpd"
date = "2001-04-06"
[[advisories]]
name = "FreeBSD-SA-01:30.ufs-ext2fs"
date = "2001-03-22"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/738"
[[advisories]]
name = "FreeBSD-SA-01:29.rwhod"
date = "2001-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/732"
[[advisories]]
name = "FreeBSD-SA-01:28.timed"
date = "2001-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/731"
[[advisories]]
name = "FreeBSD-SA-01:27.cfengine"
date = "2001-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/730"
[[advisories]]
name = "FreeBSD-SA-01:26.interbase"
date = "2001-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/729"
[[advisories]]
name = "FreeBSD-SA-01:23.icecast"
date = "2001-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/728"
[[advisories]]
name = "FreeBSD-SA-01:25.kerberosIV"
date = "2001-02-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/716"
[[advisories]]
name = "FreeBSD-SA-01:24.ssh"
date = "2001-02-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/715"
[[advisories]]
name = "FreeBSD-SA-01:22.dc20ctrl"
date = "2001-02-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/714"
[[advisories]]
name = "FreeBSD-SA-01:21.ja-elvis"
date = "2001-02-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/713"
[[advisories]]
name = "FreeBSD-SA-01:20.mars_nwe"
date = "2001-02-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/712"
[[advisories]]
name = "FreeBSD-SA-01:19.ja-klock"
date = "2001-02-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/707"
[[advisories]]
name = "FreeBSD-SA-01:18.bind"
date = "2001-01-31"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/706"
[[advisories]]
name = "FreeBSD-SA-01:17.exmh"
date = "2001-01-29"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/705"
[[advisories]]
name = "FreeBSD-SA-01:16.mysql"
date = "2001-01-29"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/704"
[[advisories]]
name = "FreeBSD-SA-01:15.tinyproxy"
date = "2001-01-29"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/703"
[[advisories]]
name = "FreeBSD-SA-01:14.micq"
date = "2001-01-29"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/702"
[[advisories]]
name = "FreeBSD-SA-01:13.sort"
date = "2001-01-29"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/701"
[[advisories]]
name = "FreeBSD-SA-01:12.periodic"
date = "2001-01-29"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/700"
[[advisories]]
name = "FreeBSD-SA-01:11.inetd"
date = "2001-01-29"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/699"
[[advisories]]
name = "FreeBSD-SA-01:10.bind"
date = "2001-01-23"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/698"
[[advisories]]
name = "FreeBSD-SA-01:09.crontab"
date = "2001-01-23"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/697"
[[advisories]]
name = "FreeBSD-SA-01:08.ipfw"
date = "2001-01-23"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/696"
[[advisories]]
name = "FreeBSD-SA-01:07.xfree86"
date = "2001-01-23"
[[advisories]]
name = "FreeBSD-SA-01:06.zope"
date = "2001-01-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/669"
[[advisories]]
name = "FreeBSD-SA-01:05.stunnel"
date = "2001-01-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/668"
[[advisories]]
name = "FreeBSD-SA-01:04.joe"
date = "2001-01-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/667"
[[advisories]]
name = "FreeBSD-SA-01:03.bash1"
date = "2001-01-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/666"
[[advisories]]
name = "FreeBSD-SA-01:02.syslog-ng"
date = "2001-01-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/665"
[[advisories]]
name = "FreeBSD-SA-01:01.openssh"
date = "2001-01-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/664"
[[advisories]]
name = "FreeBSD-SA-00:81.ethereal"
date = "2000-12-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/651"
[[advisories]]
name = "FreeBSD-SA-00:80.halflifeserver"
date = "2000-12-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/650"
[[advisories]]
name = "FreeBSD-SA-00:79.oops"
date = "2000-12-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/649"
[[advisories]]
name = "FreeBSD-SA-00:78.bitchx"
date = "2000-12-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/648"
[[advisories]]
name = "FreeBSD-SA-00:77.procfs"
date = "2000-12-18"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/647"
[[advisories]]
name = "FreeBSD-SA-00:76.tcsh-csh"
date = "2000-11-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/628"
[[advisories]]
name = "FreeBSD-SA-00:75.php"
date = "2000-11-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/627"
[[advisories]]
name = "FreeBSD-SA-00:74.gaim"
date = "2000-11-20"
[[advisories]]
name = "FreeBSD-SA-00:73.thttpd"
date = "2000-11-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/626"
[[advisories]]
name = "FreeBSD-SA-00:72.curl"
date = "2000-11-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/625"
[[advisories]]
name = "FreeBSD-SA-00:71.mgetty"
date = "2000-11-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/624"
[[advisories]]
name = "FreeBSD-SA-00:70.ppp-nat"
date = "2000-11-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/623"
[[advisories]]
name = "FreeBSD-SA-00:69.telnetd"
date = "2000-11-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/622"
[[advisories]]
name = "FreeBSD-SA-00:68.ncurses"
date = "2000-11-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/621"
[[advisories]]
name = "FreeBSD-SA-00:67.gnupg"
date = "2000-11-10"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/620"
[[advisories]]
name = "FreeBSD-SA-00:66.netscape"
date = "2000-11-06"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/619"
[[advisories]]
name = "FreeBSD-SA-00:65.xfce"
date = "2000-11-06"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/618"
[[advisories]]
name = "FreeBSD-SA-00:64.global"
date = "2000-11-06"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/617"
[[advisories]]
name = "FreeBSD-SA-00:63.getnameinfo"
date = "2000-11-01"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/589"
[[advisories]]
name = "FreeBSD-SA-00:62.top"
date = "2000-11-01"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/616"
[[advisories]]
name = "FreeBSD-SA-00:61.tcpdump"
date = "2000-10-31"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/615"
[[advisories]]
name = "FreeBSD-SA-00:60.boa"
date = "2000-10-30"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/586"
[[advisories]]
name = "FreeBSD-SA-00:59.pine"
date = "2000-10-30"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/585"
[[advisories]]
name = "FreeBSD-SA-00:58.chpass"
date = "2000-10-30"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/584"
[[advisories]]
name = "FreeBSD-SA-00:57.muh"
date = "2000-10-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/570"
[[advisories]]
name = "FreeBSD-SA-00:56.lprng"
date = "2000-10-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/569"
[[advisories]]
name = "FreeBSD-SA-00:55.xpdf"
date = "2000-10-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/568"
[[advisories]]
name = "FreeBSD-SA-00:54.fingerd"
date = "2000-10-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/567"
[[advisories]]
name = "FreeBSD-SA-00:52.tcp-iss"
date = "2000-10-06"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/561"
[[advisories]]
name = "FreeBSD-SA-00:53.catopen"
date = "2000-09-27"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/562"
[[advisories]]
name = "FreeBSD-SA-00:51.mailman"
date = "2000-09-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/550"
[[advisories]]
name = "FreeBSD-SA-00:50.listmanager"
date = "2000-09-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/549"
[[advisories]]
name = "FreeBSD-SA-00:49.eject"
date = "2000-09-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/548"
[[advisories]]
name = "FreeBSD-SA-00:48.xchat"
date = "2000-09-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/547"
[[advisories]]
name = "FreeBSD-SA-00:47.pine"
date = "2000-09-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/546"
[[advisories]]
name = "FreeBSD-SA-00:46.screen"
date = "2000-09-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/545"
[[advisories]]
name = "FreeBSD-SA-00:45.esound"
date = "2000-08-31"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/526"
[[advisories]]
name = "FreeBSD-SA-00:44.xlock"
date = "2000-08-28"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/523"
[[advisories]]
name = "FreeBSD-SA-00:43.brouted"
date = "2000-08-28"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/520"
[[advisories]]
name = "FreeBSD-SA-00:42.linux"
date = "2000-08-28"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/530"
[[advisories]]
name = "FreeBSD-SA-00:41.elf"
date = "2000-08-28"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/527"
[[advisories]]
name = "FreeBSD-SA-00:40.mopd"
date = "2000-08-28"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/521"
[[advisories]]
name = "FreeBSD-SA-00:39.netscape"
date = "2000-08-28"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/528"
[[advisories]]
name = "FreeBSD-SA-00:38.zope"
date = "2000-08-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/525"
[[advisories]]
name = "FreeBSD-SA-00:37.cvsweb"
date = "2000-08-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/524"
[[advisories]]
name = "FreeBSD-SA-00:36.ntop"
date = "2000-08-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/531"
[[advisories]]
name = "FreeBSD-SA-00:35.proftpd"
date = "2000-08-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/522"
[[advisories]]
name = "FreeBSD-SA-00:34.dhclient"
date = "2000-08-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/529"
[[advisories]]
name = "FreeBSD-SA-00:33.kerberosIV"
date = "2000-07-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/488"
[[advisories]]
name = "FreeBSD-SA-00:32.bitchx"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/487"
[[advisories]]
name = "FreeBSD-SA-00:31.canna"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/486"
[[advisories]]
name = "FreeBSD-SA-00:30.openssh"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/485"
[[advisories]]
name = "FreeBSD-SA-00:29.wu-ftpd"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/489"
[[advisories]]
name = "FreeBSD-SA-00:28.majordomo"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/484"
[[advisories]]
name = "FreeBSD-SA-00:27.XFree86-4"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/483"
[[advisories]]
name = "FreeBSD-SA-00:26.popper"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/482"
[[advisories]]
name = "FreeBSD-SA-00:24.libedit"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/481"
[[advisories]]
name = "FreeBSD-SA-00:23.ip-options"
date = "2000-06-19"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/480"
[[advisories]]
name = "FreeBSD-SA-00:25.alpha-random"
date = "2000-06-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/473"
[[advisories]]
name = "FreeBSD-SA-00:22.apsfilter"
date = "2000-06-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/461"
[[advisories]]
name = "FreeBSD-SA-00:21.ssh"
date = "2000-06-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/459"
[[advisories]]
name = "FreeBSD-SA-00:20.krb5"
date = "2000-05-26"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/452"
[[advisories]]
name = "FreeBSD-SA-00:19.semconfig"
date = "2000-05-23"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/451"
[[advisories]]
name = "FreeBSD-SA-00:18.gnapster.knapster"
date = "2000-05-09"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/429"
[[advisories]]
name = "FreeBSD-SA-00:17.libmytinfo"
date = "2000-05-09"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/442"
[[advisories]]
name = "FreeBSD-SA-00:16.golddig"
date = "2000-05-09"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/439"
[[advisories]]
name = "FreeBSD-SA-00:15.imap-uw"
date = "2000-04-24"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/438"
[[advisories]]
name = "FreeBSD-SA-00:14.imap-uw"
date = "2000-04-24"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/441"
[[advisories]]
name = "FreeBSD-SA-00:13.generic-nqs"
date = "2000-04-19"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/437"
[[advisories]]
name = "FreeBSD-SA-00:12.healthd"
date = "2000-04-10"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/436"
[[advisories]]
name = "FreeBSD-SA-00:11.ircii"
date = "2000-04-10"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/440"
[[advisories]]
name = "FreeBSD-SA-00:10.orville-write"
date = "2000-03-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/408"
[[advisories]]
name = "FreeBSD-SA-00:09.mtr"
date = "2000-03-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/408"
[[advisories]]
name = "FreeBSD-SA-00:08.lynx"
date = "2000-03-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/407"
[[advisories]]
name = "FreeBSD-SA-00:07.mh"
date = "2000-03-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/411"
[[advisories]]
name = "FreeBSD-SA-00:06.htdig"
date = "2000-03-01"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/403"
[[advisories]]
name = "FreeBSD-SA-00:05.mysql"
date = "2000-02-28"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/402"
[[advisories]]
name = "FreeBSD-SA-00:04.delegate"
date = "2000-02-19"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/392"
[[advisories]]
name = "FreeBSD-SA-00:03.asmon"
date = "2000-02-19"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/391"
[[advisories]]
name = "FreeBSD-SA-00:02.procfs"
date = "2000-01-24"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/380"
[[advisories]]
name = "FreeBSD-SA-00:01.make"
date = "2000-01-19"
[[advisories]]
name = "FreeBSD-SA-99:06.amd"
date = "1999-09-16"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/318"
[[advisories]]
name = "FreeBSD-SA-99:05.fts"
date = "1999-09-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/313"
[[advisories]]
name = "FreeBSD-SA-99:04.core"
date = "1999-09-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/312"
[[advisories]]
name = "FreeBSD-SA-99:03.ftpd"
date = "1999-09-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/311"
[[advisories]]
name = "FreeBSD-SA-99:02.profil"
date = "1999-09-04"
[[advisories]]
name = "FreeBSD-SA-99:01.chflags"
date = "1999-09-04"
[[advisories]]
name = "FreeBSD-SA-98:08.fragment"
date = "1998-11-04"
[[advisories]]
name = "FreeBSD-SA-98:07.rst"
date = "1998-10-13"
[[advisories]]
name = "FreeBSD-SA-98:06.icmp"
date = "1998-06-10"
[[advisories]]
name = "FreeBSD-SA-98:05.nfs"
date = "1998-06-04"
[[advisories]]
name = "FreeBSD-SA-98:04.mmap"
date = "1998-06-02"
[[advisories]]
name = "FreeBSD-SA-98:03.ttcp"
date = "1998-05-14"
[[advisories]]
name = "FreeBSD-SA-98:02.mmap"
date = "1998-03-12"
[[advisories]]
name = "FreeBSD-SA-97:06.f00f"
date = "1997-12-09"
[[advisories]]
name = "FreeBSD-SA-98:01.land"
date = "1997-12-01"
[[advisories]]
name = "FreeBSD-SA-97:05.open"
date = "1997-10-29"
[[advisories]]
name = "FreeBSD-SA-97:04.procfs"
date = "1997-08-19"
[[advisories]]
name = "FreeBSD-SA-97:03.sysinstall"
date = "1997-04-07"
[[advisories]]
name = "FreeBSD-SA-97:02.lpd"
date = "1997-03-26"
[[advisories]]
name = "FreeBSD-SA-97:01.setlocale"
date = "1997-02-05"
[[advisories]]
name = "FreeBSD-SA-96:21.talkd"
date = "1997-01-18"
[[advisories]]
name = "FreeBSD-SA-96:20.stack-overflow"
date = "1996-12-16"
[[advisories]]
name = "FreeBSD-SA-96:19.modstat"
date = "1996-12-10"
[[advisories]]
name = "FreeBSD-SA-96:18.lpr"
date = "1996-11-25"
[[advisories]]
name = "FreeBSD-SA-96:17.rzsz"
date = "1996-07-16"
[[advisories]]
name = "FreeBSD-SA-96:16.rdist"
date = "1996-07-12"
[[advisories]]
name = "FreeBSD-SA-96:15.ppp"
date = "1996-07-04"
[[advisories]]
name = "FreeBSD-SA-96:12.perl"
date = "1996-06-28"
[[advisories]]
name = "FreeBSD-SA-96:14.ipfw"
date = "1996-06-24"
[[advisories]]
name = "FreeBSD-SA-96:13.comsat"
date = "1996-06-05"
[[advisories]]
name = "FreeBSD-SA-96:11.man"
date = "1996-05-21"
[[advisories]]
name = "FreeBSD-SA-96:10.mount_union"
date = "1996-05-17"
[[advisories]]
name = "FreeBSD-SA-96:09.vfsload"
date = "1996-05-17"
[[advisories]]
name = "FreeBSD-SA-96:02.apache"
date = "1996-04-22"
[[advisories]]
name = "FreeBSD-SA-96:08.syslog"
date = "1996-04-21"
[[advisories]]
name = "FreeBSD-SA-96:01.sliplogin"
date = "1996-04-21"
[[advisories]]
name = "FreeBSD-SA-96:03.sendmail-suggestion"
date = "1996-04-20"
diff --git a/website/data/security/errata.toml b/website/data/security/errata.toml
index 4966e33623..5ac787b1f2 100644
--- a/website/data/security/errata.toml
+++ b/website/data/security/errata.toml
@@ -1,895 +1,919 @@
# Sort errata notices by year, month and day
# $FreeBSD$
+[[notices]]
+name = "FreeBSD-EN-23:22.vfs"
+date = "2023-12-05"
+
+[[notices]]
+name = "FreeBSD-EN-23:21.tty"
+date = "2023-12-05"
+
+[[notices]]
+name = "FreeBSD-EN-23:20.vm"
+date = "2023-12-05"
+
+[[notices]]
+name = "FreeBSD-EN-23:19.pkgbase"
+date = "2023-12-05"
+
+[[notices]]
+name = "FreeBSD-EN-23:18.openzfs"
+date = "2023-12-05"
+
+[[notices]]
+name = "FreeBSD-EN-23:17.ossl"
+date = "2023-12-05"
+
[[notices]]
name = "FreeBSD-EN-23:16.openzfs"
date = "2023-12-01"
[[notices]]
name = "FreeBSD-EN-23:15.sanitizer"
date = "2023-12-01"
[[notices]]
name = "FreeBSD-EN-23:14.regcomp"
date = "2023-11-08"
[[notices]]
name = "FreeBSD-EN-23:13.freebsd-update"
date = "2023-11-08"
[[notices]]
name = "FreeBSD-EN-23:12.freebsd-update"
date = "2023-10-03"
[[notices]]
name = "FreeBSD-EN-23:11.caroot"
date = "2023-09-06"
[[notices]]
name = "FreeBSD-EN-23:10.pci"
date = "2023-09-06"
[[notices]]
name = "FreeBSD-EN-23:09.freebsd-update"
date = "2023-09-06"
[[notices]]
name = "FreeBSD-EN-23:08.vnet"
date = "2023-08-01"
[[notices]]
name = "FreeBSD-EN-23:07.mpr"
date = "2023-06-21"
[[notices]]
name = "FreeBSD-EN-23:06.loader"
date = "2023-06-21"
[[notices]]
name = "FreeBSD-EN-23:05.tzdata"
date = "2023-06-21"
[[notices]]
name = "FreeBSD-EN-23:04.ixgbe"
date = "2023-02-08"
[[notices]]
name = "FreeBSD-EN-23:03.ena"
date = "2023-02-08"
[[notices]]
name = "FreeBSD-EN-23:02.sdhci"
date = "2023-02-08"
[[notices]]
name = "FreeBSD-EN-23:01.tzdata"
date = "2023-02-08"
[[notices]]
name = "FreeBSD-EN-22:28.heimdal"
date = "2022-11-29"
[[notices]]
name = "FreeBSD-EN-22:27.loader"
date = "2022-11-01"
[[notices]]
name = "FreeBSD-EN-22:26.cam"
date = "2022-11-01"
[[notices]]
name = "FreeBSD-EN-22:25.tcp"
date = "2022-11-01"
[[notices]]
name = "FreeBSD-EN-22:24.zfs"
date = "2022-11-01"
[[notices]]
name = "FreeBSD-EN-22:23.vm"
date = "2022-11-01"
[[notices]]
name = "FreeBSD-EN-22:22.tzdata"
date = "2022-11-01"
[[notices]]
name = "FreeBSD-EN-22:21.zfs"
date = "2022-11-01"
[[notices]]
name = "FreeBSD-EN-22:20.tzdata"
date = "2022-08-30"
[[notices]]
name = "FreeBSD-EN-22:19.pam_exec"
date = "2022-08-09"
[[notices]]
name = "FreeBSD-EN-22:18.wifi"
date = "2022-08-09"
[[notices]]
name = "FreeBSD-EN-22:17.cam"
date = "2022-08-09"
[[notices]]
name = "FreeBSD-EN-22:16.kqueue"
date = "2022-08-09"
[[notices]]
name = "FreeBSD-EN-22:15.pf"
date = "2022-04-06"
[[notices]]
name = "FreeBSD-EN-22:14.tzdata"
date = "2022-03-22"
[[notices]]
name = "FreeBSD-EN-22:13.zfs"
date = "2022-03-21"
[[notices]]
name = "FreeBSD-EN-22:12.zfs"
date = "2022-03-15"
[[notices]]
name = "FreeBSD-EN-22:11.zfs"
date = "2022-03-15"
[[notices]]
name = "FreeBSD-EN-22:10.zfs"
date = "2022-03-15"
[[notices]]
name = "FreeBSD-EN-22:09.freebsd-update"
date = "2022-03-15"
[[notices]]
name = "FreeBSD-EN-22:08.i386"
date = "2022-02-01"
[[notices]]
name = "FreeBSD-EN-22:07.la57"
date = "2022-02-01"
[[notices]]
name = "FreeBSD-EN-22:06.libalias"
date = "2022-01-11"
[[notices]]
name = "FreeBSD-EN-22:05.tail"
date = "2022-01-11"
[[notices]]
name = "FreeBSD-EN-22:04.pcid"
date = "2022-01-11"
[[notices]]
name = "FreeBSD-EN-22:03.hyperv"
date = "2022-01-11"
[[notices]]
name = "FreeBSD-EN-22:02.xsave"
date = "2022-01-11"
[[notices]]
name = "FreeBSD-EN-22:01.fsck_ffs"
date = "2022-01-11"
[[notices]]
name = "FreeBSD-EN-21:29.tzdata"
date = "2021-11-03"
[[notices]]
name = "FreeBSD-EN-21:28.vmci"
date = "2021-11-03"
[[notices]]
name = "FreeBSD-EN-21:27.caroot"
date = "2021-11-03"
[[notices]]
name = "FreeBSD-EN-21:26.libevent"
date = "2021-11-03"
[[notices]]
name = "FreeBSD-EN-21:25.bhyve"
date = "2021-08-24"
[[notices]]
name = "FreeBSD-EN-21:24.libcrypto"
date = "2021-08-24"
[[notices]]
name = "FreeBSD-EN-21:23.virtio_blk"
date = "2021-08-24"
[[notices]]
name = "FreeBSD-EN-21:22.linux_futex"
date = "2021-06-29"
[[notices]]
name = "FreeBSD-EN-21:21.ipfw"
date = "2021-06-29"
[[notices]]
name = "FreeBSD-EN-21:20.vlan"
date = "2021-06-29"
[[notices]]
name = "FreeBSD-EN-21:19.libcasper"
date = "2021-06-29"
[[notices]]
name = "FreeBSD-EN-21:18.libc++"
date = "2021-06-29"
[[notices]]
name = "FreeBSD-EN-21:17.libradius"
date = "2021-06-01"
[[notices]]
name = "FreeBSD-EN-21:16.bc"
date = "2021-05-26"
[[notices]]
name = "FreeBSD-EN-21:15.virtio"
date = "2021-05-26"
[[notices]]
name = "FreeBSD-EN-21:14.pms"
date = "2021-05-26"
[[notices]]
name = "FreeBSD-EN-21:13.mpt"
date = "2021-05-26"
[[notices]]
name = "FreeBSD-EN-21:12.divert"
date = "2021-05-26"
[[notices]]
name = "FreeBSD-EN-21:11.aesni"
date = "2021-05-26"
[[notices]]
name = "FreeBSD-EN-21:10.lldb"
date = "2021-04-06"
[[notices]]
name = "FreeBSD-EN-21:09.pf"
date = "2021-04-06"
[[notices]]
name = "FreeBSD-EN-21:08.freebsd-update"
date = "2021-02-24"
[[notices]]
name = "FreeBSD-EN-21:07.caroot"
date = "2021-02-24"
[[notices]]
name = "FreeBSD-EN-21:06.microcode"
date = "2021-02-24"
[[notices]]
name = "FreeBSD-EN-21:05.libatomic"
date = "2021-01-29"
[[notices]]
name = "FreeBSD-EN-21:04.zfs"
date = "2021-01-29"
[[notices]]
name = "FreeBSD-EN-21:03.vnet"
date = "2021-01-29"
[[notices]]
name = "FreeBSD-EN-21:02.extattr"
date = "2021-01-29"
[[notices]]
name = "FreeBSD-EN-21:01.tzdata"
date = "2021-01-29"
[[notices]]
name = "FreeBSD-EN-20:22.callout"
date = "2020-12-01"
[[notices]]
name = "FreeBSD-EN-20:21.ipfw"
date = "2020-12-01"
[[notices]]
name = "FreeBSD-EN-20:20.tzdata"
date = "2020-12-01"
[[notices]]
name = "FreeBSD-EN-20:19.audit"
date = "2020-12-01"
[[notices]]
name = "FreeBSD-EN-20:18.getfsstat"
date = "2020-09-02"
[[notices]]
name = "FreeBSD-EN-20:17.linuxthread"
date = "2020-09-02"
[[notices]]
name = "FreeBSD-EN-20:16.vmx"
date = "2020-08-05"
[[notices]]
name = "FreeBSD-EN-20:15.mps"
date = "2020-07-08"
[[notices]]
name = "FreeBSD-EN-20:14.linuxkpi"
date = "2020-07-08"
[[notices]]
name = "FreeBSD-EN-20:13.bhyve"
date = "2020-07-08"
[[notices]]
name = "FreeBSD-EN-20:12.iflib"
date = "2020-06-09"
[[notices]]
name = "FreeBSD-EN-20:11.ena"
date = "2020-06-09"
[[notices]]
name = "FreeBSD-EN-20:10.build"
date = "2020-05-12"
[[notices]]
name = "FreeBSD-EN-20:09.igb"
date = "2020-05-12"
[[notices]]
name = "FreeBSD-EN-20:08.tzdata"
date = "2020-05-12"
[[notices]]
name = "FreeBSD-EN-20:07.quotad"
date = "2020-04-21"
[[notices]]
name = "FreeBSD-EN-20:06.ipv6"
date = "2020-03-19"
[[notices]]
name = "FreeBSD-EN-20:05.mlx5en"
date = "2020-03-19"
[[notices]]
name = "FreeBSD-EN-20:04.pfctl"
date = "2020-03-19"
[[notices]]
name = "FreeBSD-EN-20:03.sshd"
date = "2020-03-19"
[[notices]]
name = "FreeBSD-EN-20:02.nmount"
date = "2020-01-28"
[[notices]]
name = "FreeBSD-EN-20:01.ssp"
date = "2020-01-28"
[[notices]]
name = "FreeBSD-EN-19:19.loader"
date = "2019-11-12"
[[notices]]
name = "FreeBSD-EN-19:18.tzdata"
date = "2019-10-23"
[[notices]]
name = "FreeBSD-EN-19:17.ipfw"
date = "2019-08-20"
[[notices]]
name = "FreeBSD-EN-19:16.bhyve"
date = "2019-08-20"
[[notices]]
name = "FreeBSD-EN-19:15.libunwind"
date = "2019-08-06"
[[notices]]
name = "FreeBSD-EN-19:14.epoch"
date = "2019-08-06"
[[notices]]
name = "FreeBSD-EN-19:13.mds"
date = "2019-07-24"
[[notices]]
name = "FreeBSD-EN-19:12.tzdata"
date = "2019-07-02"
[[notices]]
name = "FreeBSD-EN-19:11.net"
date = "2019-06-19"
[[notices]]
name = "FreeBSD-EN-19:10.scp"
date = "2019-05-14"
[[notices]]
name = "FreeBSD-EN-19:09.xinstall"
date = "2019-05-14"
[[notices]]
name = "FreeBSD-EN-19:08.tzdata"
date = "2019-05-14"
[[notices]]
name = "FreeBSD-EN-19:07.lle"
date = "2019-02-05"
[[notices]]
name = "FreeBSD-EN-19:06.dtrace"
date = "2019-02-05"
[[notices]]
name = "FreeBSD-EN-19:05.kqueue"
date = "2019-01-09"
[[notices]]
name = "FreeBSD-EN-19:04.tzdata"
date = "2019-01-09"
[[notices]]
name = "FreeBSD-EN-19:03.sqlite"
date = "2019-01-09"
[[notices]]
name = "FreeBSD-EN-19:02.tcp"
date = "2019-01-09"
[[notices]]
name = "FreeBSD-EN-19:01.cc_cubic"
date = "2019-01-09"
[[notices]]
name = "FreeBSD-EN-18:18.zfs"
date = "2018-12-19"
[[notices]]
name = "FreeBSD-EN-18:17.vm"
date = "2018-12-19"
[[notices]]
name = "FreeBSD-EN-18:16.ptrace"
date = "2018-12-19"
[[notices]]
name = "FreeBSD-EN-18:15.loader"
date = "2018-11-27"
[[notices]]
name = "FreeBSD-EN-18:14.tzdata"
date = "2018-11-27"
[[notices]]
name = "FreeBSD-EN-18:13.icmp"
date = "2018-11-27"
[[notices]]
name = "FreeBSD-EN-18:12.mem"
date = "2018-09-27"
[[notices]]
name = "FreeBSD-EN-18:11.listen"
date = "2018-09-27"
[[notices]]
name = "FreeBSD-EN-18:10.syscall"
date = "2018-09-27"
[[notices]]
name = "FreeBSD-EN-18:09.ip"
date = "2018-09-27"
[[notices]]
name = "FreeBSD-EN-18:08.lazyfpu"
date = "2018-09-12"
[[notices]]
name = "FreeBSD-EN-18:07.pmap"
date = "2018-06-21"
[[notices]]
name = "FreeBSD-EN-18:06.tzdata"
date = "2018-05-08"
[[notices]]
name = "FreeBSD-EN-18:05.mem"
date = "2018-05-08"
[[notices]]
name = "FreeBSD-EN-18:04.mem"
date = "2018-04-04"
[[notices]]
name = "FreeBSD-EN-18:03.tzdata"
date = "2018-04-04"
[[notices]]
name = "FreeBSD-EN-18:02.file"
date = "2018-03-07"
[[notices]]
name = "FreeBSD-EN-18:01.tzdata"
date = "2018-03-07"
[[notices]]
name = "FreeBSD-EN-17:09.tzdata"
date = "2017-11-02"
[[notices]]
name = "FreeBSD-EN-17:08.pf"
date = "2017-08-10"
[[notices]]
name = "FreeBSD-EN-17:07.vnet"
date = "2017-08-10"
[[notices]]
name = "FreeBSD-EN-17:06.hyperv"
date = "2017-07-12"
[[notices]]
name = "FreeBSD-EN-17:05.xen"
date = "2017-04-12"
[[notices]]
name = "FreeBSD-EN-17:04.mandoc"
date = "2017-02-23"
[[notices]]
name = "FreeBSD-EN-17:03.hyperv"
date = "2017-02-23"
[[notices]]
name = "FreeBSD-EN-17:02.yp"
date = "2017-02-23"
[[notices]]
name = "FreeBSD-EN-17:01.pcie"
date = "2017-02-23"
[[notices]]
name = "FreeBSD-EN-16:21.localedef"
date = "2016-12-06"
[[notices]]
name = "FreeBSD-EN-16:20.tzdata"
date = "2016-12-06"
[[notices]]
name = "FreeBSD-EN-16:19.tzcode"
date = "2016-12-06"
[[notices]]
name = "FreeBSD-EN-16:18.loader"
date = "2016-10-25"
[[notices]]
name = "FreeBSD-EN-16:17.vm"
date = "2016-10-25"
[[notices]]
name = "FreeBSD-EN-16:16.hv_storvsc"
date = "2016-08-12"
[[notices]]
name = "FreeBSD-EN-16:15.vmbus"
date = "2016-08-12"
[[notices]]
name = "FreeBSD-EN-16:14.hv_storvsc"
date = "2016-08-12"
[[notices]]
name = "FreeBSD-EN-16:13.vmbus"
date = "2016-08-12"
[[notices]]
name = "FreeBSD-EN-16:12.hv_storvsc"
date = "2016-08-12"
[[notices]]
name = "FreeBSD-EN-16:11.vmbus"
date = "2016-08-12"
[[notices]]
name = "FreeBSD-EN-16:10.dhclient"
date = "2016-08-12"
[[notices]]
name = "FreeBSD-EN-16:09.freebsd-update"
date = "2016-07-25"
[[notices]]
name = "FreeBSD-EN-16:08.zfs"
date = "2016-05-04"
[[notices]]
name = "FreeBSD-EN-16:07.ipi"
date = "2016-05-04"
[[notices]]
name = "FreeBSD-EN-16:06.libc"
date = "2016-05-04"
[[notices]]
name = "FreeBSD-EN-16:05.hv_netvsc"
date = "2016-03-16"
[[notices]]
name = "FreeBSD-EN-16:04.hyperv"
date = "2016-03-16"
[[notices]]
name = "FreeBSD-EN-16:03.yplib"
date = "2016-01-14"
[[notices]]
name = "FreeBSD-EN-16:02.pf"
date = "2016-01-14"
[[notices]]
name = "FreeBSD-EN-16:01.filemon"
date = "2016-01-14"
[[notices]]
name = "FreeBSD-EN-15:20.vm"
date = "2015-11-04"
[[notices]]
name = "FreeBSD-EN-15:19.kqueue"
date = "2015-11-04"
[[notices]]
name = "FreeBSD-EN-15:18.pkg"
date = "2015-09-16"
[[notices]]
name = "FreeBSD-EN-15:17.libc"
date = "2015-09-16"
[[notices]]
name = "FreeBSD-EN-15:16.pw"
date = "2015-09-16"
[[notices]]
name = "FreeBSD-EN-15:15.pkg"
date = "2015-08-25"
[[notices]]
name = "FreeBSD-EN-15:14.ixgbe"
date = "2015-08-25"
[[notices]]
name = "FreeBSD-EN-15:13.vidcontrol"
date = "2015-08-18"
[[notices]]
name = "FreeBSD-EN-15:12.netstat"
date = "2015-08-18"
[[notices]]
name = "FreeBSD-EN-15:11.toolchain"
date = "2015-08-18"
[[notices]]
name = "FreeBSD-EN-15:10.iconv"
date = "2015-06-30"
[[notices]]
name = "FreeBSD-EN-15:09.xlocale"
date = "2015-06-30"
[[notices]]
name = "FreeBSD-EN-15:08.sendmail"
date = "2015-06-18"
[[notices]]
name = "FreeBSD-EN-15:07.zfs"
date = "2015-06-09"
[[notices]]
name = "FreeBSD-EN-15:06.file"
date = "2015-06-09"
[[notices]]
name = "FreeBSD-EN-15:05.ufs"
date = "2015-05-13"
[[notices]]
name = "FreeBSD-EN-15:04.freebsd-update"
date = "2015-05-13"
[[notices]]
name = "FreeBSD-EN-15:03.freebsd-update"
date = "2015-02-25"
[[notices]]
name = "FreeBSD-EN-15:02.openssl"
date = "2015-02-25"
[[notices]]
name = "FreeBSD-EN-15:01.vt"
date = "2015-02-25"
[[notices]]
name = "FreeBSD-EN-14:13.freebsd-update"
date = "2014-12-23"
[[notices]]
name = "FreeBSD-EN-14:12.zfs"
date = "2014-11-04"
[[notices]]
name = "FreeBSD-EN-14:11.crypt"
date = "2014-10-22"
[[notices]]
name = "FreeBSD-EN-14:10.tzdata"
date = "2014-10-22"
[[notices]]
name = "FreeBSD-EN-14:09.jail"
date = "2014-07-08"
[[notices]]
name = "FreeBSD-EN-14:08.heimdal"
date = "2014-06-24"
[[notices]]
name = "FreeBSD-EN-14:07.pmap"
date = "2014-06-24"
[[notices]]
name = "FreeBSD-EN-14:06.exec"
date = "2014-06-03"
[[notices]]
name = "FreeBSD-EN-14:05.ciss"
date = "2014-05-13"
[[notices]]
name = "FreeBSD-EN-14:04.kldxref"
date = "2014-05-13"
[[notices]]
name = "FreeBSD-EN-14:03.pkg"
date = "2014-05-13"
[[notices]]
name = "FreeBSD-EN-14:02.mmap"
date = "2014-01-14"
[[notices]]
name = "FreeBSD-EN-14:01.random"
date = "2014-01-14"
[[notices]]
name = "FreeBSD-EN-13:05.freebsd-update"
date = "2013-11-28"
[[notices]]
name = "FreeBSD-EN-13:04.freebsd-update"
date = "2013-10-26"
[[notices]]
name = "FreeBSD-EN-13:03.mfi"
date = "2013-08-22"
[[notices]]
name = "FreeBSD-EN-13:01.fxp"
date = "2013-06-28"
[[notices]]
name = "FreeBSD-EN-13:02.vtnet"
date = "2013-06-28"
[[notices]]
name = "FreeBSD-EN-12:02.ipv6refcount"
date = "2012-06-12"
[[notices]]
name = "FreeBSD-EN-12:01.freebsd-update"
date = "2012-01-04"
[[notices]]
name = "FreeBSD-EN-10:02.sched_ule"
date = "2010-02-27"
[[notices]]
name = "FreeBSD-EN-10:01.freebsd"
date = "2010-01-06"
[[notices]]
name = "FreeBSD-EN-09:05.null"
date = "2009-10-02"
[[notices]]
name = "FreeBSD-EN-09:04.fork"
date = "2009-06-24"
[[notices]]
name = "FreeBSD-EN-09:03.fxp"
date = "2009-06-24"
[[notices]]
name = "FreeBSD-EN-09:02.bce"
date = "2009-06-24"
[[notices]]
name = "FreeBSD-EN-09:01.kenv"
date = "2009-03-23"
[[notices]]
name = "FreeBSD-EN-08:02.tcp"
date = "2008-06-19"
[[notices]]
name = "FreeBSD-EN-08:01.libpthread"
date = "2008-04-17"
[[notices]]
name = "FreeBSD-EN-07:05.freebsd-update"
date = "2007-03-15"
[[notices]]
name = "FreeBSD-EN-07:04.zoneinfo"
date = "2007-02-28"
[[notices]]
name = "FreeBSD-EN-07:03.rc.d_jail"
date = "2007-02-28"
[[notices]]
name = "FreeBSD-EN-07:02.net"
date = "2007-02-28"
[[notices]]
name = "FreeBSD-EN-07:01.nfs"
date = "2007-02-14"
[[notices]]
name = "FreeBSD-EN-06:02.net"
date = "2006-08-28"
[[notices]]
name = "FreeBSD-EN-06:01.jail"
date = "2006-07-07"
[[notices]]
name = "FreeBSD-EN-05:04.nfs"
date = "2005-12-19"
[[notices]]
name = "FreeBSD-EN-05:03.ipi"
date = "2005-01-16"
[[notices]]
name = "FreeBSD-EN-05:02.sk"
date = "2005-01-06"
[[notices]]
name = "FreeBSD-EN-05:01.nfs"
date = "2005-01-05"
[[notices]]
name = "FreeBSD-EN-04:01.twe"
date = "2004-06-28"
diff --git a/website/static/security/advisories/FreeBSD-EN-23:17.ossl.asc b/website/static/security/advisories/FreeBSD-EN-23:17.ossl.asc
new file mode 100644
index 0000000000..7959bf01f7
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-EN-23:17.ossl.asc
@@ -0,0 +1,142 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-23:17.ossl Errata Notice
+ The FreeBSD Project
+
+Topic: ossl(4)'s AES-GCM implementation may give incorrect results
+
+Category: core
+Module: ossl
+Announced: 2023-12-05
+Affects: FreeBSD 14.0
+Corrected: 2023-12-03 17:48:09 UTC (stable/14, 14.0-STABLE)
+ 2023-12-05 18:27:34 UTC (releng/14.0, 14.0-RELEASE-p2)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+.
+
+I. Background
+
+ossl(4) is a kernel module which implements some cryptographic operations
+using implementations derived from OpenSSL. It integrated into the FreeBSD
+kernel's OpenCrypto Framework (OCF).
+
+II. Problem Description
+
+ossl(4) contains an implementation of AES-GCM for amd64. This implementation
+did not properly implement some aspects of the OCF interface. In particular,
+ossl(4) AES-GCM sessions were not thread-safe, and did not handle an AAD
+buffer outside of the main plaintext/ciphertext buffer. The former bug
+affects consumers which dispatch multiple requests in parallel on a single
+session, such as ZFS when encrypted datasets are configured. External AAD
+buffers are used by some network features such as ktls(4).
+
+III. Impact
+
+On amd64 systems, ossl(4) could give incorrect output for AES-GCM operations
+if consumers trigger either of the bugs described above. This could, for
+example, result in packet loss, if ossl is used to encrypt/decrypt tunnelled
+traffic, or data corruption if ossl is used to encrypt/decrypt filesystem
+data.
+
+Users are not affected by default, as ossl.ko is not loaded by default. To
+be affected, a system must either be running a custom kernel which contains
+ossl(4), or be configured to load ossl.ko via loader.conf(5).
+
+IV. Workaround
+
+Disable the use of ossl(4), either by removing it from loader.conf or the
+kernel configuration, and reboot the system. The built-in aesni(4) module
+currently implements all of the same operations as ossl, so consumers will
+not notice any functional difference.
+
+V. Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date. A reboot is required
+following the upgrade.
+
+Perform one of the following:
+
+1) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms,
+or the i386 platfrom on FreeBSD 13 and earlier, can be updated via
+the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r now
+
+2) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-23:17/ossl.patch
+# fetch https://security.FreeBSD.org/patches/EN-23:17/ossl.patch.asc
+# gpg --verify ossl.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+ and reboot the
+system.
+
+VI. Correction details
+
+This issue is corrected as of the corresponding Git commit hash or Subversion
+revision number in the following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/14/ 118b866d9c39 stable/14-n265898
+releng/14.0/ 433fe061fc59 releng/14.0-n265388
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmVvmVoACgkQbljekB8A
+Gu/dvQ/+KCck7lbRZYax4QZ7JxLpbutOWDITGFVMtELT7njcMMpIH6TIKLwTDpcR
+XPz/znROLquDkTpke6uf0IZyC1nMHxaYwgiTImpA0ecd3Z5n6hNj2EEhOhlitDfc
+N+UNhpQa8689CYkcm4ofgb2MQdzc/0HDTX+6tUpLuwuLhqGxyJK5bgQo63MK2osb
+qlj5TntXjVIbd33dN97JZfV9JDSapS2xLBFShe0R9+do0ucvDVOiPErHvKsLSm9P
+iYxrezxw3X6fi1BbLVe7u3B3ELeNgKnreh7CakDn/UF3hhn138d4XQ2+3ppRaadG
+81kbzMtHQHOKTRzVBrdi2sd7wDOgTapGmeeSr/87GYCOU2ZfXpZjr5k4tuD/RUOB
+44ZxeWnaNKWa4C8xr1ESr3pebTF1la2tqNQwiG/9euUn3Kl/NZFRCzaruiEmaLaG
+DeOAu3VZCucHPowA3rr80J6XPx/295Bq/bN6J5/Qd+TzKjzbqzvelXXHsn5AMjur
+tPUtG5iCLQZvivM5Wd4jaOVrZvp0ps7qlugNnOZPr/qBcW04YdwCamzwUipIDNnP
+XrxmxJdhFJhy//hnTNgJiKS6LJP5lh2ogAN6tRnvKKZrb11OAcHPIUqIyI51Bieh
+w4Yqrq2cOxMDgi7jKlSi2DLWs56WWEDob8cHhRhKhI6Fre2Yizs=
+=Vn8m
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-EN-23:18.openzfs.asc b/website/static/security/advisories/FreeBSD-EN-23:18.openzfs.asc
new file mode 100644
index 0000000000..892e2cfaef
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-EN-23:18.openzfs.asc
@@ -0,0 +1,135 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-23:18.openzfs Errata Notice
+ The FreeBSD Project
+
+Topic: High CPU usage by ZFS kernel threads
+
+Category: contrib
+Module: zfs
+Announced: 2023-12-05
+Affects: FreeBSD 14.0
+Corrected: 2023-11-22 11:43:59 UTC (stable/14, 14.0-STABLE)
+ 2023-12-05 18:27:35 UTC (releng/14.0, 14.0-RELEASE-p2)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+.
+
+I. Background
+
+ZFS is an advanced and scalable file system originally developed by Sun
+Microsystems for its Solaris operating system. ZFS was integrated as part of
+the FreeBSD starting with FreeBSD 7.0, and it has since become a prominent
+and preferred choice for storage management.
+
+II. Problem Description
+
+Because ZFS may consume large amounts of RAM to cache various types of
+filesystem objects, it continuously monitors system RAM available to decide
+whether to shrink its caches. Some caches are shrunk using a dedicated
+thread, to which work is dispatched asynchronously.
+
+In some cases, the cache shrinking logic may dispatch excessive amounts of
+work to the "ARC pruning" thread, causing it to continue attempting to shrink
+caches even after resource shortages are resolved.
+
+III. Impact
+
+The bug manifests as a kernel thread, "arc_prune", consuming 100% of a CPU
+core for indefinite periods, even while the system is otherwise idle. This
+behavior may impact workloads running on the system, by reducing available
+CPU resources and by triggering lock contention in the kernel.
+
+IV. Workaround
+
+No workaround is available. Systems not using ZFS are unaffected.
+
+V. Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date. A reboot is required
+following the upgrade.
+
+Perform one of the following:
+
+1) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms,
+or the i386 platfrom on FreeBSD 13 and earlier, can be updated via
+the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+2) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-23:18/openzfs.patch
+# fetch https://security.FreeBSD.org/patches/EN-23:18/openzfs.patch.asc
+# gpg --verify openzfs.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+ and reboot the
+system.
+
+VI. Correction details
+
+This issue is corrected as of the corresponding Git commit hash or Subversion
+revision number in the following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/14/ f7f5c2419ea7 stable/14-n265783
+releng/14.0/ 64c5eaab835b releng/14.0-n265389
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmVvmWEACgkQbljekB8A
+Gu9bwQ//XsLmkl7ttR+LKXCYUCLCzAZF9PXYA8IQQlUWQ39SMrEaCRP5XSBOznuy
+UtxdSfH/aQJaGb7P8b88IxMiOteYovRCApkdEY4RstaisdgDFie7XdXUDizzPZL/
+jPDSxU9I3dsHs3diQxqJRMTVtABYkErwLizLlCOJByKGUAXe+xpOibtSf2p1RtuJ
+4+EaUS6j5TDpRyocEvR/x3DsbKVZcyHevd5XCgwFl69YyX7ShmrQMJA+ytAuF6or
+l3dty1KxpwY7GJq6wIF8nM1Xo08t4uDsXyxHHOtFLBkyK5710KhrzbkDzamwKl5j
+7PhyOfj4r4+k4NhOiDPBM3O72DU4zoOpZak2BwPeT4iDoSeeJslR2SyU3dk1w76X
+bSfPWq7I3gSPcpndkskY1jCXwKo8Zm9gzu8ROF9Fg31ve/x7dVUYF+ZItppFq5k7
++o/0klvA+pCJpRWpSuDLsVyPcdmu5E25iTLDoJMjSKUiDXwdhI+AvKac4HLmd84C
+PhNmc6pVMdlFH9GdV/34wyvfyfSfhiWxxoel+ZOHZ2gjfFkwcSIFS7BNGBYvMKFi
+0k/DAsLxNlQk+nv5Z8MKaYDpAyjW3CQi+14TmLudhxqmtt25cod2+dxoyJg6F7jE
+Na47H6+jdAB3dBnNhSKaIE1eoOy1kz+RukHQxScm9kX+8x0A9o0=
+=4CJg
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-EN-23:19.pkgbase.asc b/website/static/security/advisories/FreeBSD-EN-23:19.pkgbase.asc
new file mode 100644
index 0000000000..8ed2c9f4ad
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-EN-23:19.pkgbase.asc
@@ -0,0 +1,128 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-23:19.pkgbase Errata Notice
+ The FreeBSD Project
+
+Topic: Incorrect pkgbase version number for FreeBSD 14.0
+
+Category: core
+Module: bin
+Announced: 2023-12-05
+Affects: FreeBSD 14.0
+Corrected: 2023-11-16 08:19:08 UTC (stable/14, 14.0-STABLE)
+ 2023-12-05 18:27:36 UTC (releng/14.0, 14.0-RELEASE-p2)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+.
+
+I. Background
+
+In addition to the traditional release artifacts (such as base.txz), the base
+system is also packaged into a few hundred packages installable with pkg(8)
+as part of the experimental pkgbase project.
+
+II. Problem Description
+
+The pkgbase package versions for 14.0-RELEASE packages are set to "14"
+instead of "14.0". This differs from earlier releases, for instance the
+latest pkgbase version number for releng/13.2 is "13.2p5".
+
+III. Impact
+
+Using package versions without the minor version will cause package version
+conflicts in the future for FreeBSD 14.1 and later.
+
+IV. Workaround
+
+No workaround is available. This problem only affects systems using the
+experimental pkgbase package sets.
+
+V. Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date. No reboot is required.
+If pkgbase is not in use on your system, no action is required.
+
+Perform one of the following:
+
+1) To update your system via a binary patch:
+
+Systems using pkgbase can be updated via the pkg(8) utility.
+
+# pkg update -r FreeBSD-base
+# pkg upgrade -r FreeBSD-base
+
+2) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable FreeBSD
+release branches. Note that since this issue mainly affects people that
+build pkgbase packages locally, consumers of pkbbase (i.e users that have
+installed experimental pkgbase packages should update using pkg(8) as
+described above.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-23:19/pkgbase.patch
+# fetch https://security.FreeBSD.org/patches/EN-23:19/pkgbase.patch.asc
+# gpg --verify pkgbase.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and buildkernel and create
+a package set with correct version numbers using 'make packages'
+
+VI. Correction details
+
+This issue is corrected by the corresponding Git commit hash or Subversion
+revision number in the following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/14/ da7e9601a99a stable/14-n265735
+releng/14.0/ ad3edd66d15e releng/14.0-n265390
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmVvmWMACgkQbljekB8A
+Gu+GgRAAo/xP3ZVWXUhcg9JXK2RnqTH2K4V/8f67e//HEs4wjYjkfvZe2m7yiYzu
+pvwKo+ifCmWiMEHzHiMuVIknmfD2eDfVWH687KCHBhG7CJztxickSWIIFJyuTzKb
+leg1ZBQo546SQVtamkGo8TEb+TMJhaRBz3McQ0ZxsyQJU59f02SH8Ua2swpTbZ58
+irL7PiDJi85dlmLiVry33osotdfoSkmPeNHDZFtXMhWWIy/5MVy0FBvkmA9NzR6S
+R1QozM9kXmcpEEOmt9EmW/asDFtF9p/2Ozi6wEnB67oNh2+ASynGlOD4mjYcRgYh
+/RBLT0+j4FlB2FVU7n94oysPN72dYDCAMqk7tqzGFeOjNBJ2cdlN/7iGNvi7kp65
+kgmHUd0Rr4txMb2XcxKfMOyOoknPluktNcQ2QoU9oBFR7ejNgGmSMaXIWI3O5NaQ
+pdZJEj/4eOn0A5xuWCKCW16ymgXlGYdC3DzQ71nlKREV5uZJqYBmQBI+PbVJij+C
+Z7Cxw1Ia3TKZn1B7NocRQNjPQIKLo12SLwJ+TcbxjRHE3QC8sLyYl8moXRaG4UWy
+8C4yBatzAOmn4d50JzElNHDnE+XXaKExDBBcSVab3T+Y+4z7HNINH+d6+RdNSI3L
+2MgKURXoaegGB7ExqA/kgKQliuFUg320LOrIq7gnQ47SaCBZ6xI=
+=cn6s
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-EN-23:20.vm.asc b/website/static/security/advisories/FreeBSD-EN-23:20.vm.asc
new file mode 100644
index 0000000000..7c80a32eff
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-EN-23:20.vm.asc
@@ -0,0 +1,171 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-23:20.vm Errata Notice
+ The FreeBSD Project
+
+Topic: Incorrect results from the kernel physical memory allocator
+
+Category: core
+Module: vm
+Announced: 2023-12-05
+Affects: FreeBSD 14.0
+Corrected: 2023-11-25 01:26:35 UTC (stable/14, 14.0-STABLE)
+ 2023-12-05 18:27:37 UTC (releng/14.0, 14.0-RELEASE-p2)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+.
+
+I. Background
+
+The FreeBSD kernel implements a physical memory allocator which is
+responsible for managing the system's RAM. This allocator provides
+interfaces which allow kernel code to request the allocation of memory which
+satisifies certain constraints, such as bounds on the physical address range
+for returned memory, and alignment of the returned physical pages.
+
+One use of the physical memory allocator is to allocate memory for DMA for
+device drivers, which may have special requirements. For example, a common
+constraint is that DMA memory be allocated from the lowest 4GB of the
+physical address space.
+
+II. Problem Description
+
+The code which implements the physical memory allocator in FreeBSD 14.0
+contains a bug such that the returned physical memory may, in some
+circumstances, fail to satisfy the specified constraints.
+
+III. Impact
+
+The effects of the bug do not have a simple characterization, as different
+users of the interface may be affected differently by the bug. In one case,
+the symptom was that the affected system would occasionally panic during
+boot. It is believed that most users will be unaffected by the problem.
+
+IV. Workaround
+
+No workaround is available.
+
+V. Solution
+
+
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date. A reboot is required
+following the upgrade.
+
+Perform one of the following:
+
+1) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms,
+or the i386 platfrom on FreeBSD 13 and earlier, can be updated via
+the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+2) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 12.4]
+# fetch https://security.FreeBSD.org/patches/EN-23:20/vm.patch
+# fetch https://security.FreeBSD.org/patches/EN-23:20/vm.patch.asc
+# gpg --verify vm.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+
+
+c) Recompile the operating system using buildworld and installworld as
+described in .
+
+
+
+c) Recompile the operating system using buildworld and installworld as
+described in .
+
+Restart the applicable daemons, or reboot the system.
+
+
+
+c) Recompile the operating system using buildworld and installworld as
+described in .
+
+Restart all daemons that use the library, or reboot the system.
+
+
+
+c) Recompile your kernel as described in
+ and reboot the
+system.
+
+VI. Correction details
+
+This issue is corrected as of the corresponding Git commit hash or Subversion
+revision number in the following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/14/ 210fce73ae0e stable/14-n265801
+releng/14.0/ 4be96902ba82 releng/14.0-n265391
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+For FreeBSD 12 and earlier:
+
+Run the following command to see which files were modified by a particular
+revision, replacing NNNNNN with the revision number:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+
+
+VII. References
+
+
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmVvmWUACgkQbljekB8A
+Gu+kRhAAtUSzuLKhrxQc3+FfL4M+GvebvPkQASFygFCzQR1mXJJFnFl4UkLMNlnN
+83zzFbSC5jVxGUrlu1BDmgIZobmB1/INKE/dcl/GRTqJuQhzYGJ+Q5lAGX5AQV2H
+kmYEUuGmMT8YR1KsDY9f+4yB61hkSbm8snOO4VRb1D+CBUCF2skKPrZu25+xDsxV
+888LY1X0LAO7Udvk9DEldWRM6IYeXuIn24mfUIkPYF62sBb82jW1w+LC148W2xIz
+F6jr9N9CBqhthpujWSMmKymOFSEg9HcKPJ55CEE1LCIhuxtz7h0GxP+GN9l4vc3b
+FfvQHcoxin9wpmaYevPXLoAW415lMvvgurP12NirDgB5lEadPEfnhckLO9ndw5y7
+PmSOKwKQlDfBHMwjTnlUUE3G8kw5FOXcT7/qr3x++Cl3tBNTGaei9A6EpFD3mzNS
+y0BH7bwYbr/GjSMJAeH3SI9il3hTA9/4jP8KATIUGuIWJJGqlFJR3uuubh2pIdR9
+qrHpA6JqcYjbRyK3+AkV1EXPoRmOjt/uYbRld/8HIkFMrD/cBvh7R+mP4+XU4k5y
+eYgoPxjJat63XIfzqtFPkAVH+h+bbvUpzaikrArQuvshq/4IrO3NV1ub6gZWc6N7
+QfsBKolQQ37FgHKmIbrBFOegmDuiaaXGVLDH3s7fWYmKl9DRr/8=
+=con6
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-EN-23:21.tty.asc b/website/static/security/advisories/FreeBSD-EN-23:21.tty.asc
new file mode 100644
index 0000000000..d0475aa4d3
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-EN-23:21.tty.asc
@@ -0,0 +1,133 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-23:21.tty Errata Notice
+ The FreeBSD Project
+
+Topic: tty(4) IUTF8 causes a kernel panic
+
+Category: core
+Module: tty
+Announced: 2023-11-24
+Affects: FreeBSD 14.0
+Corrected: 2023-11-20 16:54:54 UTC (stable/14, 14.0-STABLE)
+ 2023-12-05 18:27:38 UTC (releng/14.0, 14.0-RELEASE-p2)
+ 2023-11-20 16:57:49 UTC (stable/13, 13.2-STABLE)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+.
+
+Note: This issue does not affect 13.2-RELEASE, as the bug was introduced into
+the stable/13 branch after the 13.2 release.
+
+I. Background
+
+The IUTF8 flag was added to the tty(4) subsystem in order to add proper
+backspace handling for UTF-8 characters. Without this flag, tty(4) treats
+all characters as single-byte-wide characters and so, in the case of a UTF-8
+character two bytes in size or larger, tty(4) deletes only one byte during a
+backspace event, instead of all bytes, which results in the tty buffer
+containing garbage.
+
+II. Problem Description
+
+The implementation of backspace handling failed to check whether the TTY
+buffer was empty, in which case the kernel could panic.
+
+III. Impact
+
+An unprivileged user may be able to trigger a kernel panic.
+
+IV. Workaround
+
+No workaround is available.
+
+V. Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security branch
+(releng) dated after the correction date, and reboot.
+
+Perform one of the following:
+
+1) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms,
+or the i386 platfrom on FreeBSD 13 and earlier, can be updated via
+the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for a security update"
+
+2) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-23:21/tty.patch
+# fetch https://security.FreeBSD.org/patches/EN-23:21/tty.patch.asc
+# gpg --verify tty.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+ and reboot the
+system.
+
+VI. Correction details
+
+This issue is corrected as of the corresponding Git commit hash or Subversion
+revision number in the following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/14/ ae8387cc818a stable/14-n265760
+releng/14.0/ 31f6cfca851f releng/14.0-n265392
+stable/13/ 8647fe60b8c3 stable/13-n256709
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmVvmWcACgkQbljekB8A
+Gu+WfxAA4+u5wXTSy1UcpO17JzFuo0JjhQUcOEh3uWRCPdgpokEkv7xnjJQz8W3u
+0c1GtigtKLOvJx6gF4ilFQhVbxtFNj5a73ODPqcy0K0x7YPw/5Rbrl+jk7389NXT
+A5H7kT7bscF6x9D7YfAkA2/JSgSS3opx6KJhOP8x8DvNuNpl/v2ja1LAcIVjytu6
+YYBz/GaODjX4iOw8dYzQetmbeEOiKZX660Eq5Sm2UySRz/BpJpT3y1Ncl84dWC+H
+otBihg1iezD5Ju4TIbGz6/N2oSf6mEQ2jx+ahNPGHj/A4fUeBajZWJZrge4Birii
+c45EIcPUzyt8Q4Xjcn4qCKJ3MHGCR65/39oK5DbOXD62t3l/vbLSbHToYjeJWyTN
+Fl/hOtVSrF7Om0qhlrNOfS2jXIcTQDBQJ/vgjC+m+FTDtnyiSSAZfYXQz4Ckkqfw
+KMPc3N9YI7aoifyTQxj508WN1dma7eRwyupLabwfOij03vmN/4tAI89v6EEefhpM
+wTUPTgebQWgHJjjUi7Mo8EXSzWxtPbdt2UX8XtVw3EpjQOqqc0vv+VJxkCAdMdDO
+fE8614WWcHppswXi7dlWgKUcMEEdtZ48+QjM1h+fA8DeNk6FSLBJXLUQnll1QPEW
+VDj9oKnoXquQyuxWB8MwbiUfrLlAhAXhfC8nG+Ci75sts0E4jQE=
+=wp8X
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-EN-23:22.vfs.asc b/website/static/security/advisories/FreeBSD-EN-23:22.vfs.asc
new file mode 100644
index 0000000000..e6fb59ced8
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-EN-23:22.vfs.asc
@@ -0,0 +1,133 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-23:22.vfs Errata Notice
+ The FreeBSD Project
+
+Topic: ZFS snapshot directories not accessible over NFS
+
+Category: core
+Module: vfs
+Announced: 2023-12-05
+Affects: FreeBSD 14.0
+Corrected: 2023-12-01 13:27:28 UTC (stable/14, 14.0-STABLE)
+ 2023-12-05 18:27:40 UTC (releng/14.0, 14.0-RELEASE-p2)
+ 2023-12-04 21:03:42 UTC (stable/13, 13.2-STABLE)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+.
+
+I. Background
+
+ZFS is one of several filesystems available on FreeBSD. ZFS supports many
+advanced features, including checksumming, transparent compression, and
+snapshots.
+
+Snapshots of a ZFS dataset can be accessed through a hidden directory,
+.zfs/snapshots, located in the root of the mounted dataset.
+
+II. Problem Description
+
+When a process attempts to access a snapshot under //.zfs/snapshot,
+the snapshot is automounted. However, without this patch, the automount does
+not properly set some metadata in the kernel's representation of the mount
+point, which results in the snapshot not being accessible over NFS.
+
+III. Impact
+
+Workflows which rely on ZFS snapshots being accessible over NFS are broken.
+
+IV. Workaround
+
+No workaround is available.
+
+V. Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date. A reboot is required after
+the upgrade procedure has been completed.
+
+Perform one of the following:
+
+1) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms,
+or the i386 platfrom on FreeBSD 13 and earlier, can be updated via
+the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r now
+
+2) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-23:22/vfs.patch
+# fetch https://security.FreeBSD.org/patches/EN-23:22/vfs.patch.asc
+# gpg --verify vfs.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+ and reboot the
+system.
+
+VI. Correction details
+
+This issue is corrected as of the corresponding Git commit hash or Subversion
+revision number in the following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/14/ 62304a0c3b8b stable/14-n265867
+releng/14.0/ 889ecd8fd178 releng/14.0-n265394
+stable/13/ 00f0b99e63c3 stable/13-n256835
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmVvmWkACgkQbljekB8A
+Gu+7TBAAt31ElRhk83oPelDQ0Trq1ngDk7qWabeG+ODjS6mptke5mqBn0ZvFyTNb
+z+x6biXUGnE9o9P4T0mdE/euSGSHQWASU+DwycRqkEM4Xo7rMWrheOGwFBJ+1g/z
+ZQyowYL8HRIOQ7Ijal1NTZ2S/HpAvXdyuGsxYYimyZyckOAe+ZzmUiCmlvvLJCdk
+m8uUnRidevXWiUrRW9MNBHG5XoNwT7je5KT/RxqqeJQ4ObWEywjsHxwZn1Px1vQw
+ycjbL82sKrv2FiXf2FdvC2xbji5QkrLTf+EOecreTKaiyMcooT9h+ZQUiRj3ChbW
+KHszVdwYrGmDx9OOq+JWWqf+KgEfmiisFQsqHpq4Zc4RTKhPwAV/PX7+cLvBlX85
+QgNupyGLkwOkrAb3hdC7dsPTZl4htFJzC49CDH4IZNIJxQ7pTa0LDujyybacnYE+
+reCe6DZ5aY+TULHlCTfGZ21OcpiEDrCmvFoZhZHuEZxMl9LjIf1jjpGPFP+lPJ7u
+nG5VXRjFfFdGtuiyfzs4UsYD5XOn+hgcZl8vkMgfXQU0LwPyKHxo3k+vg5rdxImI
+HWZPYlo6D+lrtIBW3LLjiHrhHrekruqN2RT8cmkSOftihLdNuO8KC72DE0Co/D49
+QeVeOv5tkNyc0/M7TVEYapIYGCTb5VpawZNyr6ABLwnXDyQ8rck=
+=ufsO
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-SA-23:17.pf.asc b/website/static/security/advisories/FreeBSD-SA-23:17.pf.asc
new file mode 100644
index 0000000000..e06ff7e005
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-SA-23:17.pf.asc
@@ -0,0 +1,165 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-23:17.pf Security Advisory
+ The FreeBSD Project
+
+Topic: TCP spoofing vulnerability in pf(4)
+
+Category: core
+Module: pf
+Announced: 2023-12-05
+Credits: Yuxiang Yang, Ao Wang, Xuewei Feng, Qi Li and Ke Xu from
+ Tsinghua University
+Affects: All supported versions of FreeBSD.
+Corrected: 2023-12-05 18:24:35 UTC (stable/14, 14.0-STABLE)
+ 2023-12-05 18:26:28 UTC (releng/14.0, 14.0-RELEASE-p2)
+ 2023-12-05 18:25:22 UTC (stable/13, 13.2-STABLE)
+ 2023-12-05 18:28:12 UTC (releng/13.2, 13.2-RELEASE-p7)
+ 2023-12-05 18:31:13 UTC (stable/12, 12.4-STABLE)
+ 2023-12-05 18:38:14 UTC (releng/12.4, 12.4-RELEASE-p9)
+CVE Name: CVE-2023-6534
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit .
+
+I. Background
+
+pf(4) is an Internet Protocol packet filter originally written for
+OpenBSD. pf implements TCP state tracking, wherein it maintains
+metadata for each TCP connection tracked by the firewall and uses this
+metadata to decide whether to accept or reject packets matching the
+connection identifiers.
+
+II. Problem Description
+
+As part of its stateful TCP connection tracking implementation, pf
+performs sequence number validation on inbound packets. This makes it
+difficult for a would-be attacker to spoof the sender and inject packets
+into a TCP stream, since crafted packets must contain sequence numbers
+which match the current connection state to avoid being rejected by the
+firewall.
+
+A bug in the implementation of sequence number validation means that the
+sequence number is not in fact validated, allowing an attacker who is
+able to impersonate the remote host and guess the connection's port
+numbers to inject packets into the TCP stream.
+
+III. Impact
+
+An attacker can, with relatively little effort, inject packets into a
+TCP stream destined to a host behind a pf firewall. This could be used
+to implement a denial-of-service attack for hosts behind the firewall,
+for example by sending TCP RST packets to the host.
+
+IV. Workaround
+
+No workaround is available.
+
+Systems which do not use pf(4) are unaffected.
+
+V. Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date
+and reboot.
+
+Perform one of the following:
+
+1) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms,
+or the i386 platfrom on FreeBSD 13 and earlier, can be updated via
+the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for a security update"
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/SA-23:17/pf.patch
+# fetch https://security.FreeBSD.org/patches/SA-23:17/pf.patch.asc
+# gpg --verify pf.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+ and reboot the
+system.
+
+VI. Correction details
+
+This issue is corrected as of the corresponding Git commit hash or Subversion
+revision number in the following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/14/ a47a44c0d69c stable/14-n265915
+releng/14.0/ 0019b7058a7a releng/14.0-n265395
+stable/13/ ee1d1e38fae6 stable/13-n256844
+releng/13.2/ 45e256e24c97 releng/13.2-n254647
+stable/12/ r373284
+releng/12.4/ r373287
+- -------------------------------------------------------------------------
+
+For FreeBSD 13 and later:
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+For FreeBSD 12 and earlier:
+
+Run the following command to see which files were modified by a particular
+revision, replacing NNNNNN with the revision number:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+
+
+VII. References
+
+
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmVvmWsACgkQbljekB8A
+Gu8kgxAA0SNvDNzfrivMBDrp3s4q86rLLsDSe3DN4kc+Rtid4R2tf/AzjSO7BVcg
+O3jvzXtx5RdX+udEbwK26ej+B2N2JCR4L5UC2N0ECo5ECdVd7jCZ5yty9CRawAeE
+cZZoT028eWeDCMrMI35iO4HTZeT0zF0lER1gTlogQbTzCu4uODSjPvOat/bilmh/
+VaXI2ofiVrOpwjhq4t7ksTUK6O0g7LogDF/CEhj1ohEULtHCIDomm+9JuN86CFxJ
+T0Zd5nePCGMhQBewXir25XFKTFOOAOVGRy79Otx5+gPEg9SucWlwBxMwmhASAHPO
+60SCWUt95q/5C2OCyWoFhi6H7303YvinFKO/3FCx9/iTxAh/O86y1d2CU8PRStzk
+0kPOoN9fnXP2P27+o0q0Uqn9AiViRWMHC99nM1w6Kxz7wTSvs0dMGrLRQENRs7YF
++9Zte+1yqsi/gcWsDkoTJstCJ8E2hjn/h12/LSZyLY3D3qNSdczFWauhIOQFTloj
+8MHmzLGUBvWpQNWair4+mb5TpXVuJfFW3XBcQ2XGkUnT0Ws8hU0W/Lxef+wrNHFh
+aPvT5rF683RH7qX8cnJGkMgPPI4/CTS+U+WePlAITumND8gf/jHaa3qourqLkmSM
+XV8+9LIVfPimjFDmqpbyi6QxdWo834KP83c8TmzLDNUgEXe9L/k=
+=s8QG
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/EN-23:17/ossl.patch b/website/static/security/patches/EN-23:17/ossl.patch
new file mode 100644
index 0000000000..421caf0138
--- /dev/null
+++ b/website/static/security/patches/EN-23:17/ossl.patch
@@ -0,0 +1,127 @@
+--- sys/crypto/openssl/amd64/ossl_aes_gcm.c.orig
++++ sys/crypto/openssl/amd64/ossl_aes_gcm.c
+@@ -459,7 +459,7 @@
+ size_t bulk = 0, res;
+ int error;
+
+- res = (AES_BLOCK_LEN - ctx->gcm.mres) % AES_BLOCK_LEN;
++ res = MIN(len, (AES_BLOCK_LEN - ctx->gcm.mres) % AES_BLOCK_LEN);
+ if ((error = gcm_encrypt(ctx, in, out, res)) != 0)
+ return error;
+
+@@ -621,12 +621,12 @@
+ size_t bulk = 0, res;
+ int error;
+
+- res = (AES_BLOCK_LEN - ctx->gcm.mres) % AES_BLOCK_LEN;
++ res = MIN(len, (AES_BLOCK_LEN - ctx->gcm.mres) % AES_BLOCK_LEN);
+ if ((error = gcm_decrypt(ctx, in, out, res)) != 0)
+ return error;
+
+- bulk = aesni_gcm_decrypt(in, out, len, &ctx->aes_ks, ctx->gcm.Yi.c,
+- ctx->gcm.Xi.u);
++ bulk = aesni_gcm_decrypt(in + res, out + res, len - res, &ctx->aes_ks,
++ ctx->gcm.Yi.c, ctx->gcm.Xi.u);
+ ctx->gcm.len.u[1] += bulk;
+ bulk += res;
+
+--- sys/crypto/openssl/ossl_aes.c.orig
++++ sys/crypto/openssl/ossl_aes.c
+@@ -168,10 +168,9 @@
+ ossl_aes_gcm(struct ossl_session_cipher *s, struct cryptop *crp,
+ const struct crypto_session_params *csp)
+ {
+- struct ossl_cipher_context key;
++ struct ossl_gcm_context ctx;
+ struct crypto_buffer_cursor cc_in, cc_out;
+ unsigned char iv[AES_BLOCK_LEN], tag[AES_BLOCK_LEN];
+- struct ossl_gcm_context *ctx;
+ const unsigned char *inseg;
+ unsigned char *outseg;
+ size_t inlen, outlen, seglen;
+@@ -183,30 +182,37 @@
+ if (crp->crp_cipher_key != NULL) {
+ if (encrypt)
+ error = s->cipher->set_encrypt_key(crp->crp_cipher_key,
+- 8 * csp->csp_cipher_klen, &key);
++ 8 * csp->csp_cipher_klen,
++ (struct ossl_cipher_context *)&ctx);
+ else
+ error = s->cipher->set_decrypt_key(crp->crp_cipher_key,
+- 8 * csp->csp_cipher_klen, &key);
++ 8 * csp->csp_cipher_klen,
++ (struct ossl_cipher_context *)&ctx);
+ if (error)
+ return (error);
+- ctx = (struct ossl_gcm_context *)&key;
+ } else if (encrypt) {
+- ctx = (struct ossl_gcm_context *)&s->enc_ctx;
++ memcpy(&ctx, &s->enc_ctx, sizeof(struct ossl_gcm_context));
+ } else {
+- ctx = (struct ossl_gcm_context *)&s->dec_ctx;
++ memcpy(&ctx, &s->dec_ctx, sizeof(struct ossl_gcm_context));
+ }
+
+ crypto_read_iv(crp, iv);
+- ctx->ops->setiv(ctx, iv, csp->csp_ivlen);
++ ctx.ops->setiv(&ctx, iv, csp->csp_ivlen);
+
+- crypto_cursor_init(&cc_in, &crp->crp_buf);
+- crypto_cursor_advance(&cc_in, crp->crp_aad_start);
+- for (size_t alen = crp->crp_aad_length; alen > 0; alen -= seglen) {
+- inseg = crypto_cursor_segment(&cc_in, &inlen);
+- seglen = MIN(alen, inlen);
+- if (ctx->ops->aad(ctx, inseg, seglen) != 0)
++ if (crp->crp_aad != NULL) {
++ if (ctx.ops->aad(&ctx, crp->crp_aad, crp->crp_aad_length) != 0)
+ return (EINVAL);
+- crypto_cursor_advance(&cc_in, seglen);
++ } else {
++ crypto_cursor_init(&cc_in, &crp->crp_buf);
++ crypto_cursor_advance(&cc_in, crp->crp_aad_start);
++ for (size_t alen = crp->crp_aad_length; alen > 0;
++ alen -= seglen) {
++ inseg = crypto_cursor_segment(&cc_in, &inlen);
++ seglen = MIN(alen, inlen);
++ if (ctx.ops->aad(&ctx, inseg, seglen) != 0)
++ return (EINVAL);
++ crypto_cursor_advance(&cc_in, seglen);
++ }
+ }
+
+ crypto_cursor_init(&cc_in, &crp->crp_buf);
+@@ -224,10 +230,10 @@
+ seglen = MIN(plen, MIN(inlen, outlen));
+
+ if (encrypt) {
+- if (ctx->ops->encrypt(ctx, inseg, outseg, seglen) != 0)
++ if (ctx.ops->encrypt(&ctx, inseg, outseg, seglen) != 0)
+ return (EINVAL);
+ } else {
+- if (ctx->ops->decrypt(ctx, inseg, outseg, seglen) != 0)
++ if (ctx.ops->decrypt(&ctx, inseg, outseg, seglen) != 0)
+ return (EINVAL);
+ }
+
+@@ -237,18 +243,19 @@
+
+ error = 0;
+ if (encrypt) {
+- ctx->ops->tag(ctx, tag, GMAC_DIGEST_LEN);
++ ctx.ops->tag(&ctx, tag, GMAC_DIGEST_LEN);
+ crypto_copyback(crp, crp->crp_digest_start, GMAC_DIGEST_LEN,
+ tag);
+ } else {
+ crypto_copydata(crp, crp->crp_digest_start, GMAC_DIGEST_LEN,
+ tag);
+- if (ctx->ops->finish(ctx, tag, GMAC_DIGEST_LEN) != 0)
++ if (ctx.ops->finish(&ctx, tag, GMAC_DIGEST_LEN) != 0)
+ error = EBADMSG;
+ }
+
+ explicit_bzero(iv, sizeof(iv));
+ explicit_bzero(tag, sizeof(tag));
++ explicit_bzero(&ctx, sizeof(ctx));
+
+ return (error);
+ }
diff --git a/website/static/security/patches/EN-23:17/ossl.patch.asc b/website/static/security/patches/EN-23:17/ossl.patch.asc
new file mode 100644
index 0000000000..91737cdd28
--- /dev/null
+++ b/website/static/security/patches/EN-23:17/ossl.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmVvmWAACgkQbljekB8A
+Gu/YlBAAu/+7/5GKn/z8FQ+sG2EHuJhtqaaGu5Y6UREOJs7cF+rPGYXipahzYPjy
+1XBLcU6D9ruP/oBXka2Ydln9VjZfNBbVnEr+lX7l5cleoBVi9LU+qsMd9cRvzbPf
+7HmKD1znA9AT/uzApztwNqj2Xzj5Iqu/Y88OwiCAmuw0jdPfZRNv1SEMpetr5+2L
+IDSa8QsaGFYWUiN97YTT7E8I1AUN/XAY5SgJDc3nL5sGtcXIyGrx6NPwmCj+/Vfy
+Sj/xtY3MAegXF5ttSJVDOvyZ+xyW7nnMXFUMsnRopARMMF5UgTexatPHkgLw237d
+jGn1ffXQ6tVX8VTX4eclQ6YGX8nrfdXMs6hQPIgX0XSPvVT1fb6oKzjh5WfvtSy5
+z47V1Bhf0Zh5QS8ICFqCrhYVgyaq8/RdTiWvsocmjAihRkxlCia2HWMKSlbgumnE
+RQ2FzWntAx1rMGWIte8b8qvq58TVy8NEAAmSUtTmeTUqwQcVyGepJCfgbaFSTXmR
+5o1Y6M1acfiVtdlpg/3lwLRyQmVIQ06pfXmH3ngaQEaUPptyyxfpbNstcDo6UxKo
+6Ry4c2DNTpx4TaTY48wXMs71F97Em7H+/6QIkUfjOvDCx6oI9t2Eq1f5zaId44GH
+YAhW1YwfBRtgEmlUEt+GR4yvMUfAEIMMQrDvg+x4Uv/rAoqApC4=
+=nvbc
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/EN-23:18/openzfs.patch b/website/static/security/patches/EN-23:18/openzfs.patch
new file mode 100644
index 0000000000..6ed43dfdb7
--- /dev/null
+++ b/website/static/security/patches/EN-23:18/openzfs.patch
@@ -0,0 +1,315 @@
+--- sys/contrib/openzfs/include/os/linux/zfs/sys/zpl.h.orig
++++ sys/contrib/openzfs/include/os/linux/zfs/sys/zpl.h
+@@ -60,7 +60,7 @@
+ extern const struct file_operations zpl_dir_file_operations;
+
+ /* zpl_super.c */
+-extern void zpl_prune_sb(int64_t nr_to_scan, void *arg);
++extern void zpl_prune_sb(uint64_t nr_to_scan, void *arg);
+
+ extern const struct super_operations zpl_super_operations;
+ extern const struct export_operations zpl_export_operations;
+--- sys/contrib/openzfs/include/sys/arc.h.orig
++++ sys/contrib/openzfs/include/sys/arc.h
+@@ -81,7 +81,7 @@
+ typedef void arc_read_done_func_t(zio_t *zio, const zbookmark_phys_t *zb,
+ const blkptr_t *bp, arc_buf_t *buf, void *priv);
+ typedef void arc_write_done_func_t(zio_t *zio, arc_buf_t *buf, void *priv);
+-typedef void arc_prune_func_t(int64_t bytes, void *priv);
++typedef void arc_prune_func_t(uint64_t bytes, void *priv);
+
+ /* Shared module parameters */
+ extern uint_t zfs_arc_average_blocksize;
+--- sys/contrib/openzfs/include/sys/arc_impl.h.orig
++++ sys/contrib/openzfs/include/sys/arc_impl.h
+@@ -1065,7 +1065,6 @@
+
+ extern void arc_lowmem_init(void);
+ extern void arc_lowmem_fini(void);
+-extern void arc_prune_async(uint64_t);
+ extern int arc_memory_throttle(spa_t *spa, uint64_t reserve, uint64_t txg);
+ extern uint64_t arc_free_memory(void);
+ extern int64_t arc_available_memory(void);
+--- sys/contrib/openzfs/module/os/freebsd/zfs/arc_os.c.orig
++++ sys/contrib/openzfs/module/os/freebsd/zfs/arc_os.c
+@@ -52,11 +52,6 @@
+ #include
+ #include
+
+-#if __FreeBSD_version >= 1300139
+-static struct sx arc_vnlru_lock;
+-static struct vnode *arc_vnlru_marker;
+-#endif
+-
+ extern struct vfsops zfs_vfsops;
+
+ uint_t zfs_arc_free_target = 0;
+@@ -131,53 +126,6 @@
+ return (MAX(allmem * 5 / 8, size));
+ }
+
+-/*
+- * Helper function for arc_prune_async() it is responsible for safely
+- * handling the execution of a registered arc_prune_func_t.
+- */
+-static void
+-arc_prune_task(void *arg)
+-{
+- uint64_t nr_scan = (uintptr_t)arg;
+-
+-#ifndef __ILP32__
+- if (nr_scan > INT_MAX)
+- nr_scan = INT_MAX;
+-#endif
+-
+-#if __FreeBSD_version >= 1300139
+- sx_xlock(&arc_vnlru_lock);
+- vnlru_free_vfsops(nr_scan, &zfs_vfsops, arc_vnlru_marker);
+- sx_xunlock(&arc_vnlru_lock);
+-#else
+- vnlru_free(nr_scan, &zfs_vfsops);
+-#endif
+-}
+-
+-/*
+- * Notify registered consumers they must drop holds on a portion of the ARC
+- * buffered they reference. This provides a mechanism to ensure the ARC can
+- * honor the metadata limit and reclaim otherwise pinned ARC buffers. This
+- * is analogous to dnlc_reduce_cache() but more generic.
+- *
+- * This operation is performed asynchronously so it may be safely called
+- * in the context of the arc_reclaim_thread(). A reference is taken here
+- * for each registered arc_prune_t and the arc_prune_task() is responsible
+- * for releasing it once the registered arc_prune_func_t has completed.
+- */
+-void
+-arc_prune_async(uint64_t adjust)
+-{
+-
+-#ifndef __LP64__
+- if (adjust > UINTPTR_MAX)
+- adjust = UINTPTR_MAX;
+-#endif
+- taskq_dispatch(arc_prune_taskq, arc_prune_task,
+- (void *)(intptr_t)adjust, TQ_SLEEP);
+- ARCSTAT_BUMP(arcstat_prune);
+-}
+-
+ uint64_t
+ arc_all_memory(void)
+ {
+@@ -228,10 +176,6 @@
+ {
+ arc_event_lowmem = EVENTHANDLER_REGISTER(vm_lowmem, arc_lowmem, NULL,
+ EVENTHANDLER_PRI_FIRST);
+-#if __FreeBSD_version >= 1300139
+- arc_vnlru_marker = vnlru_alloc_marker();
+- sx_init(&arc_vnlru_lock, "arc vnlru lock");
+-#endif
+ }
+
+ void
+@@ -239,12 +183,6 @@
+ {
+ if (arc_event_lowmem != NULL)
+ EVENTHANDLER_DEREGISTER(vm_lowmem, arc_event_lowmem);
+-#if __FreeBSD_version >= 1300139
+- if (arc_vnlru_marker != NULL) {
+- vnlru_free_marker(arc_vnlru_marker);
+- sx_destroy(&arc_vnlru_lock);
+- }
+-#endif
+ }
+
+ void
+--- sys/contrib/openzfs/module/os/freebsd/zfs/zfs_vfsops.c.orig
++++ sys/contrib/openzfs/module/os/freebsd/zfs/zfs_vfsops.c
+@@ -2074,6 +2074,26 @@
+ #endif
+ }
+
++#if __FreeBSD_version >= 1300139
++static struct sx zfs_vnlru_lock;
++static struct vnode *zfs_vnlru_marker;
++#endif
++static arc_prune_t *zfs_prune;
++
++static void
++zfs_prune_task(uint64_t nr_to_scan, void *arg __unused)
++{
++ if (nr_to_scan > INT_MAX)
++ nr_to_scan = INT_MAX;
++#if __FreeBSD_version >= 1300139
++ sx_xlock(&zfs_vnlru_lock);
++ vnlru_free_vfsops(nr_to_scan, &zfs_vfsops, zfs_vnlru_marker);
++ sx_xunlock(&zfs_vnlru_lock);
++#else
++ vnlru_free(nr_to_scan, &zfs_vfsops);
++#endif
++}
++
+ void
+ zfs_init(void)
+ {
+@@ -2100,11 +2120,23 @@
+ dmu_objset_register_type(DMU_OST_ZFS, zpl_get_file_info);
+
+ zfsvfs_taskq = taskq_create("zfsvfs", 1, minclsyspri, 0, 0, 0);
++
++#if __FreeBSD_version >= 1300139
++ zfs_vnlru_marker = vnlru_alloc_marker();
++ sx_init(&zfs_vnlru_lock, "zfs vnlru lock");
++#endif
++ zfs_prune = arc_add_prune_callback(zfs_prune_task, NULL);
+ }
+
+ void
+ zfs_fini(void)
+ {
++ arc_remove_prune_callback(zfs_prune);
++#if __FreeBSD_version >= 1300139
++ vnlru_free_marker(zfs_vnlru_marker);
++ sx_destroy(&zfs_vnlru_lock);
++#endif
++
+ taskq_destroy(zfsvfs_taskq);
+ zfsctl_fini();
+ zfs_znode_fini();
+--- sys/contrib/openzfs/module/os/linux/zfs/arc_os.c.orig
++++ sys/contrib/openzfs/module/os/linux/zfs/arc_os.c
+@@ -489,56 +489,5 @@
+ }
+ #endif /* _KERNEL */
+
+-/*
+- * Helper function for arc_prune_async() it is responsible for safely
+- * handling the execution of a registered arc_prune_func_t.
+- */
+-static void
+-arc_prune_task(void *ptr)
+-{
+- arc_prune_t *ap = (arc_prune_t *)ptr;
+- arc_prune_func_t *func = ap->p_pfunc;
+-
+- if (func != NULL)
+- func(ap->p_adjust, ap->p_private);
+-
+- zfs_refcount_remove(&ap->p_refcnt, func);
+-}
+-
+-/*
+- * Notify registered consumers they must drop holds on a portion of the ARC
+- * buffered they reference. This provides a mechanism to ensure the ARC can
+- * honor the metadata limit and reclaim otherwise pinned ARC buffers. This
+- * is analogous to dnlc_reduce_cache() but more generic.
+- *
+- * This operation is performed asynchronously so it may be safely called
+- * in the context of the arc_reclaim_thread(). A reference is taken here
+- * for each registered arc_prune_t and the arc_prune_task() is responsible
+- * for releasing it once the registered arc_prune_func_t has completed.
+- */
+-void
+-arc_prune_async(uint64_t adjust)
+-{
+- arc_prune_t *ap;
+-
+- mutex_enter(&arc_prune_mtx);
+- for (ap = list_head(&arc_prune_list); ap != NULL;
+- ap = list_next(&arc_prune_list, ap)) {
+-
+- if (zfs_refcount_count(&ap->p_refcnt) >= 2)
+- continue;
+-
+- zfs_refcount_add(&ap->p_refcnt, ap->p_pfunc);
+- ap->p_adjust = adjust;
+- if (taskq_dispatch(arc_prune_taskq, arc_prune_task,
+- ap, TQ_SLEEP) == TASKQID_INVALID) {
+- zfs_refcount_remove(&ap->p_refcnt, ap->p_pfunc);
+- continue;
+- }
+- ARCSTAT_BUMP(arcstat_prune);
+- }
+- mutex_exit(&arc_prune_mtx);
+-}
+-
+ ZFS_MODULE_PARAM(zfs_arc, zfs_arc_, shrinker_limit, INT, ZMOD_RW,
+ "Limit on number of pages that ARC shrinker can reclaim at once");
+--- sys/contrib/openzfs/module/os/linux/zfs/zpl_super.c.orig
++++ sys/contrib/openzfs/module/os/linux/zfs/zpl_super.c
+@@ -375,7 +375,7 @@
+ }
+
+ void
+-zpl_prune_sb(int64_t nr_to_scan, void *arg)
++zpl_prune_sb(uint64_t nr_to_scan, void *arg)
+ {
+ struct super_block *sb = (struct super_block *)arg;
+ int objects = 0;
+--- sys/contrib/openzfs/module/zfs/arc.c.orig
++++ sys/contrib/openzfs/module/zfs/arc.c
+@@ -886,6 +886,8 @@
+ static void l2arc_hdr_arcstats_update(arc_buf_hdr_t *hdr, boolean_t incr,
+ boolean_t state_only);
+
++static void arc_prune_async(uint64_t adjust);
++
+ #define l2arc_hdr_arcstats_increment(hdr) \
+ l2arc_hdr_arcstats_update((hdr), B_TRUE, B_FALSE)
+ #define l2arc_hdr_arcstats_decrement(hdr) \
+@@ -6048,6 +6050,56 @@
+ kmem_free(p, sizeof (*p));
+ }
+
++/*
++ * Helper function for arc_prune_async() it is responsible for safely
++ * handling the execution of a registered arc_prune_func_t.
++ */
++static void
++arc_prune_task(void *ptr)
++{
++ arc_prune_t *ap = (arc_prune_t *)ptr;
++ arc_prune_func_t *func = ap->p_pfunc;
++
++ if (func != NULL)
++ func(ap->p_adjust, ap->p_private);
++
++ zfs_refcount_remove(&ap->p_refcnt, func);
++}
++
++/*
++ * Notify registered consumers they must drop holds on a portion of the ARC
++ * buffers they reference. This provides a mechanism to ensure the ARC can
++ * honor the metadata limit and reclaim otherwise pinned ARC buffers.
++ *
++ * This operation is performed asynchronously so it may be safely called
++ * in the context of the arc_reclaim_thread(). A reference is taken here
++ * for each registered arc_prune_t and the arc_prune_task() is responsible
++ * for releasing it once the registered arc_prune_func_t has completed.
++ */
++static void
++arc_prune_async(uint64_t adjust)
++{
++ arc_prune_t *ap;
++
++ mutex_enter(&arc_prune_mtx);
++ for (ap = list_head(&arc_prune_list); ap != NULL;
++ ap = list_next(&arc_prune_list, ap)) {
++
++ if (zfs_refcount_count(&ap->p_refcnt) >= 2)
++ continue;
++
++ zfs_refcount_add(&ap->p_refcnt, ap->p_pfunc);
++ ap->p_adjust = adjust;
++ if (taskq_dispatch(arc_prune_taskq, arc_prune_task,
++ ap, TQ_SLEEP) == TASKQID_INVALID) {
++ zfs_refcount_remove(&ap->p_refcnt, ap->p_pfunc);
++ continue;
++ }
++ ARCSTAT_BUMP(arcstat_prune);
++ }
++ mutex_exit(&arc_prune_mtx);
++}
++
+ /*
+ * Notify the arc that a block was freed, and thus will never be used again.
+ */
diff --git a/website/static/security/patches/EN-23:18/openzfs.patch.asc b/website/static/security/patches/EN-23:18/openzfs.patch.asc
new file mode 100644
index 0000000000..2e639b86b9
--- /dev/null
+++ b/website/static/security/patches/EN-23:18/openzfs.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmVvmWIACgkQbljekB8A
+Gu/rexAAjPU3p/moNJ48e9Kc042PNtaWFv++bX5TSu7BGHAk+ArtonN6iAF5HaPS
++VTBEu5VdERVBkVku0RlCDAV0AIIscOZN5afNrRPZeeB2G5t5LMHOMseMHnCsEwq
+O97uTt1Ze1LsShnEYM+axtvLrS1Bq3wZu2aOjOJxsRTUxg536wO0jBXI+KRYf/QZ
+V1KxCsnNcrciOl4qPbR003f60/K7QXVGm/IeuWxzAkIanEN6eh4ScW7yajv7rvgY
+1FG1gsMnmKNbd6ykJODX6C4uzhB9SEHquPUa2rqBjmSdkK/R7fXkRtSaYOsdbfLa
+xOsP/lnIlUXb6acA1dAOCE0W42WjKAL54z3+J5bW/+tjDvL+Zs1sesOjxFnYN+Du
+SFNdnJRfgLax/mcHaqJrORJTKy4R6pISFMQpxdX9i7cbcN/sH/q3uRiqMRUKRUIK
+Yh9xvGQBeqFKLSR75/Lqb++C+kddyR8A3R4hVJwSlkDo0HvMO1imZNr/+cfjGJrt
+I4vLevKaLezGjEBGIZ4mWU1gOQ9M8RhoYaod65xiMZ8FMGkWScqDEsFOMJ7v4vft
+P6f5qmeo18JDzja0ln0Stdsj1q/i2EatF8LYt47DtLG3mLmGLCXzhJEqlKm4geI3
+rf7TbmTn4b8nTTCaNZbinUG6iLAD/h0SXQU1IhuV0c3FxlfR5Oc=
+=Z0aS
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/EN-23:19/pkgbase.patch b/website/static/security/patches/EN-23:19/pkgbase.patch
new file mode 100644
index 0000000000..0f002bd5de
--- /dev/null
+++ b/website/static/security/patches/EN-23:19/pkgbase.patch
@@ -0,0 +1,23 @@
+--- Makefile.inc1.orig
++++ Makefile.inc1
+@@ -547,9 +547,11 @@
+ MAJOR_REVISION= ${_REVISION:R}
+
+ .if !defined(PKG_VERSION)
++_PKG_REVISION= ${_REVISION}
+ _STRTIMENOW= %Y%m%d%H%M%S
+ _TIMENOW= ${_STRTIMENOW:gmtime}
+ .if ${_BRANCH:MCURRENT*} || ${_BRANCH:MSTABLE*} || ${_BRANCH:MPRERELEASE*}
++_PKG_REVISION= ${MAJOR_REVISION}
+ EXTRA_REVISION= .snap${_TIMENOW}
+ .elif ${_BRANCH:MALPHA*}
+ EXTRA_REVISION= .a${_BRANCH:C/ALPHA([0-9]+).*/\1/}.${_TIMENOW}
+@@ -560,7 +562,7 @@
+ .elif ${_BRANCH:M*-p*}
+ EXTRA_REVISION= p${_BRANCH:C/.*-p([0-9]+$)/\1/}
+ .endif
+-PKG_VERSION:= ${MAJOR_REVISION}${EXTRA_REVISION:C/[[:space:]]//g}
++PKG_VERSION:= ${_PKG_REVISION}${EXTRA_REVISION:C/[[:space:]]//g}
+ .endif
+ .endif # !defined(PKG_VERSION)
+
diff --git a/website/static/security/patches/EN-23:19/pkgbase.patch.asc b/website/static/security/patches/EN-23:19/pkgbase.patch.asc
new file mode 100644
index 0000000000..790a80e801
--- /dev/null
+++ b/website/static/security/patches/EN-23:19/pkgbase.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmVvmWQACgkQbljekB8A
+Gu+J4g//VVH7enWAcUphoOQE6pXteNI0W518Wy1q1ZAgyG5EXdDqVyiBxMK1nF97
+2cPiev1iLNjt73EV+zrh4/imO8D7apSXYa08gPjcDzTMV7650ngmZ2foaRQj721P
+yNKbnRqYyTjvhJU1wSbuUSzMBcaVjLbE+LwULCtpuZTZgBCWj7+h/UnbVwMugEtk
+r2ChB7b/kaAlYCLkZMRAihImryQzdPudf9d1TL154A2ENx4jYGB1ftT4tJIw0egO
+2+2OJAHkcvwL/46h/4NYhT5Rp/nTiKEalqXi0H5eVWTNqTm0RTmyqlKsZ+sIT7bF
+FH4p0cDYZgztDRXHwqYWCha/UhY3XoM/gyVIWFzaMpMEsSvxv8erJX4JRviiwyHW
+Gt34Q0Nod+yM/D5VAXhk+uHKX2bJQPHSMN92qEcbXM8/IGGN9EhwzQ24jafMZm8l
++YU09cOzWxHsgJHrWK93JAIUd+9UTfzDaJdLWf3Bnpfysc3gYlsaBkvyQeNqFP6q
+lSPfenn7XciOIyY4l9kVRoZ3MA+7bbumwsg+uiLSH6mD2a2CwbN2zXlV+5EHYgLN
+mOV+APiEedb/IAH29c9tQbmVDcEefOHgGqB9VcNqKiGGmf2Lm1HBIHY8OBG/eW8n
+47kRsnM6nC2XNHUNNrvKhjpDLbUNr5ROBgKmnWS0yrzw9/L9Gac=
+=4I+s
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/EN-23:20/vm.patch b/website/static/security/patches/EN-23:20/vm.patch
new file mode 100644
index 0000000000..30c082e4a4
--- /dev/null
+++ b/website/static/security/patches/EN-23:20/vm.patch
@@ -0,0 +1,192 @@
+--- sys/vm/vm_phys.c.orig
++++ sys/vm/vm_phys.c
+@@ -1360,108 +1360,75 @@
+ }
+
+ /*
+- * Find a run of contiguous physical pages from the specified page list.
++ * Find a run of contiguous physical pages, meeting alignment requirements, from
++ * a list of max-sized page blocks, where we need at least two consecutive
++ * blocks to satisfy the (large) page request.
+ */
+ static vm_page_t
+-vm_phys_find_freelist_contig(struct vm_freelist *fl, int oind, u_long npages,
++vm_phys_find_freelist_contig(struct vm_freelist *fl, u_long npages,
+ vm_paddr_t low, vm_paddr_t high, u_long alignment, vm_paddr_t boundary)
+ {
+ struct vm_phys_seg *seg;
+- vm_paddr_t frag, lbound, pa, page_size, pa_end, pa_pre, size;
+- vm_page_t m, m_listed, m_ret;
+- int order;
++ vm_page_t m, m_iter, m_ret;
++ vm_paddr_t max_size, size;
++ int max_order;
+
+- KASSERT(npages > 0, ("npages is 0"));
+- KASSERT(powerof2(alignment), ("alignment is not a power of 2"));
+- KASSERT(powerof2(boundary), ("boundary is not a power of 2"));
+- /* Search for a run satisfying the specified conditions. */
+- page_size = PAGE_SIZE;
++ max_order = VM_NFREEORDER - 1;
+ size = npages << PAGE_SHIFT;
+- frag = (npages & ~(~0UL << oind)) << PAGE_SHIFT;
+- TAILQ_FOREACH(m_listed, &fl[oind].pl, listq) {
+- /*
+- * Determine if the address range starting at pa is
+- * too low.
+- */
+- pa = VM_PAGE_TO_PHYS(m_listed);
+- if (pa < low)
+- continue;
++ max_size = (vm_paddr_t)1 << (PAGE_SHIFT + max_order);
++ KASSERT(size > max_size, ("size is too small"));
+
++ /*
++ * In order to avoid examining any free max-sized page block more than
++ * twice, identify the ones that are first in a physically-contiguous
++ * sequence of such blocks, and only for those walk the sequence to
++ * check if there are enough free blocks starting at a properly aligned
++ * block. Thus, no block is checked for free-ness more than twice.
++ */
++ TAILQ_FOREACH(m, &fl[max_order].pl, listq) {
+ /*
+- * If this is not the first free oind-block in this range, bail
+- * out. We have seen the first free block already, or will see
+- * it before failing to find an appropriate range.
++ * Skip m unless it is first in a sequence of free max page
++ * blocks >= low in its segment.
+ */
+- seg = &vm_phys_segs[m_listed->segind];
+- lbound = low > seg->start ? low : seg->start;
+- pa_pre = pa - (page_size << oind);
+- m = &seg->first_page[atop(pa_pre - seg->start)];
+- if (pa != 0 && pa_pre >= lbound && m->order == oind)
++ seg = &vm_phys_segs[m->segind];
++ if (VM_PAGE_TO_PHYS(m) < MAX(low, seg->start))
++ continue;
++ if (VM_PAGE_TO_PHYS(m) >= max_size &&
++ VM_PAGE_TO_PHYS(m) - max_size >= MAX(low, seg->start) &&
++ max_order == m[-1 << max_order].order)
+ continue;
+-
+- if (!vm_addr_align_ok(pa, alignment))
+- /* Advance to satisfy alignment condition. */
+- pa = roundup2(pa, alignment);
+- else if (frag != 0 && lbound + frag <= pa) {
+- /*
+- * Back up to the first aligned free block in this
+- * range, without moving below lbound.
+- */
+- pa_end = pa;
+- for (order = oind - 1; order >= 0; order--) {
+- pa_pre = pa_end - (page_size << order);
+- if (!vm_addr_align_ok(pa_pre, alignment))
+- break;
+- m = &seg->first_page[atop(pa_pre - seg->start)];
+- if (pa_pre >= lbound && m->order == order)
+- pa_end = pa_pre;
+- }
+- /*
+- * If the extra small blocks are enough to complete the
+- * fragment, use them. Otherwise, look to allocate the
+- * fragment at the other end.
+- */
+- if (pa_end + frag <= pa)
+- pa = pa_end;
+- }
+-
+- /* Advance as necessary to satisfy boundary conditions. */
+- if (!vm_addr_bound_ok(pa, size, boundary))
+- pa = roundup2(pa + 1, boundary);
+- pa_end = pa + size;
+
+ /*
+- * Determine if the address range is valid (without overflow in
+- * pa_end calculation), and fits within the segment.
++ * Advance m_ret from m to the first of the sequence, if any,
++ * that satisfies alignment conditions and might leave enough
++ * space.
+ */
+- if (pa_end < pa || seg->end < pa_end)
+- continue;
+-
+- m_ret = &seg->first_page[atop(pa - seg->start)];
++ m_ret = m;
++ while (!vm_addr_ok(VM_PAGE_TO_PHYS(m_ret),
++ size, alignment, boundary) &&
++ VM_PAGE_TO_PHYS(m_ret) + size <= MIN(high, seg->end) &&
++ max_order == m_ret[1 << max_order].order)
++ m_ret += 1 << max_order;
+
+ /*
+- * Determine whether there are enough free oind-blocks here to
+- * satisfy the allocation request.
++ * Skip m unless some block m_ret in the sequence is properly
++ * aligned, and begins a sequence of enough pages less than
++ * high, and in the same segment.
+ */
+- pa = VM_PAGE_TO_PHYS(m_listed);
+- do {
+- pa += page_size << oind;
+- if (pa >= pa_end)
+- return (m_ret);
+- m = &seg->first_page[atop(pa - seg->start)];
+- } while (oind == m->order);
++ if (VM_PAGE_TO_PHYS(m_ret) + size > MIN(high, seg->end))
++ continue;
+
+ /*
+- * Determine if an additional series of free blocks of
+- * diminishing size can help to satisfy the allocation request.
++ * Skip m unless the blocks to allocate starting at m_ret are
++ * all free.
+ */
+- while (m->order < oind &&
+- pa + 2 * (page_size << m->order) > pa_end) {
+- pa += page_size << m->order;
+- if (pa >= pa_end)
+- return (m_ret);
+- m = &seg->first_page[atop(pa - seg->start)];
++ for (m_iter = m_ret;
++ m_iter < m_ret + npages && max_order == m_iter->order;
++ m_iter += 1 << max_order) {
+ }
++ if (m_iter < m_ret + npages)
++ continue;
++ return (m_ret);
+ }
+ return (NULL);
+ }
+@@ -1508,11 +1475,10 @@
+ }
+ if (order < VM_NFREEORDER)
+ return (NULL);
+- /* Search for a long-enough sequence of small blocks. */
+- oind = VM_NFREEORDER - 1;
++ /* Search for a long-enough sequence of max-order blocks. */
+ for (pind = 0; pind < VM_NFREEPOOL; pind++) {
+ fl = (*queues)[pind];
+- m_ret = vm_phys_find_freelist_contig(fl, oind, npages,
++ m_ret = vm_phys_find_freelist_contig(fl, npages,
+ low, high, alignment, boundary);
+ if (m_ret != NULL)
+ return (m_ret);
+@@ -1593,6 +1559,18 @@
+ /* Return excess pages to the free lists. */
+ fl = (*queues)[VM_FREEPOOL_DEFAULT];
+ vm_phys_enq_range(&m_run[npages], m - &m_run[npages], fl, 0);
++
++ /* Return page verified to satisfy conditions of request. */
++ pa_start = VM_PAGE_TO_PHYS(m_run);
++ KASSERT(low <= pa_start,
++ ("memory allocated below minimum requested range"));
++ KASSERT(pa_start + ptoa(npages) <= high,
++ ("memory allocated above maximum requested range"));
++ seg = &vm_phys_segs[m_run->segind];
++ KASSERT(seg->domain == domain,
++ ("memory not allocated from specified domain"));
++ KASSERT(vm_addr_ok(pa_start, ptoa(npages), alignment, boundary),
++ ("memory alignment/boundary constraints not satisfied"));
+ return (m_run);
+ }
+
diff --git a/website/static/security/patches/EN-23:20/vm.patch.asc b/website/static/security/patches/EN-23:20/vm.patch.asc
new file mode 100644
index 0000000000..23b7e5cb03
--- /dev/null
+++ b/website/static/security/patches/EN-23:20/vm.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmVvmWYACgkQbljekB8A
+Gu9nUxAAkSvzerH2O2/anz3eGTqdy1sSMmquEtG86WTrSeI70kVc2zfoZ95/kLyt
+okvA9SZKxpvGoHOKqQ/scwbQ0FI9L8CLjaq3rjXPe70MtwzRWvyDMg9KuBSPeuIr
+W6bCx4W9QE7cy0Bh9F3S/kJbT7ZqS1FpaEXWm2WVCMWRtCkdKjO/93C7tcNtmESG
+55bdLRbVqruJwHRoW/LV88+/ULa+f041ZWYaPnOYdYtXSQrFxXNDyqzlNhS6ppbI
+QNqhhCIVvtd3ofdTdIY6Zi9lZFb7UoNDIqqEiIqfr+JbsufXUk44q1ZziwI7S81H
+39Umg7eHmyCHCc3uaS4ncpmab6BVRP/9M+OZP3Ub+S7avrT6+FWgqskTnkh3MrS2
+QiJPqwfdrowwso4y7Pkwzwy4H2LhmFT9SeccC6egc5zDJ8wprxWKwmzDtOGUmmtV
+J27rjURu+Lvk0XB/EM/Q9hnBL01kdRHtWk9yAUUeIMbScu3QbpnyWHn2ZUgNmjEB
+SsdblvoQLo7p7Lvn608S7QGHst8+1DzsLzo1c7qtrUKnWQbqHRm0L9oz33WVsvfY
+DwnAiEzvw8v8LSZ5LNu3EcKyYw5s+/g8Em+IyTDWoXgdo3C/hvQC3JsTXCTYxz03
+VXMdD1f9dZxDH8XULMg4KgKer5vCCQl9iJ1zIcb/3IitV5KCBGE=
+=7F0t
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/EN-23:21/tty.patch b/website/static/security/patches/EN-23:21/tty.patch
new file mode 100644
index 0000000000..696a890c27
--- /dev/null
+++ b/website/static/security/patches/EN-23:21/tty.patch
@@ -0,0 +1,17 @@
+--- sys/kern/tty_ttydisc.c.orig
++++ sys/kern/tty_ttydisc.c
+@@ -822,7 +822,13 @@
+ /* Loop back through inq until we hit the
+ * leading byte. */
+ while (CTL_UTF8_CONT(c) && nb < UTF8_STACKBUF) {
+- ttyinq_peekchar(&tp->t_inq, &c, "e);
++ /*
++ * Check if we've reached the beginning
++ * of the line.
++ */
++ if (ttyinq_peekchar(&tp->t_inq, &c,
++ "e) != 0)
++ break;
+ ttyinq_unputchar(&tp->t_inq);
+ bytes[curidx] = c;
+ curidx--;
diff --git a/website/static/security/patches/EN-23:21/tty.patch.asc b/website/static/security/patches/EN-23:21/tty.patch.asc
new file mode 100644
index 0000000000..eec98c8ba8
--- /dev/null
+++ b/website/static/security/patches/EN-23:21/tty.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmVvmWgACgkQbljekB8A
+Gu9cYhAAxZYNP3C5eo/exsz2FfGDSHkxcUovYe2xstJx2c5HMkLpIDIzVHAiaJuY
+cDuYtIgUL4qp79aVhZsGbEW0sYJfcuOIMtfuq4KkMpguofbXCxpqh/f4spg8/Mte
+FNStlfVf3Z7nNBMINRfgGf5rpEkSaJkcu6w+ogXd/rOA9BsKqes6qBO7eFjIYb6S
+ki5pYfnnt80tFL7+y55265wpADH6hdxO/y5FnvXFz19Uu9jTxuI7kXiTuvWE9RUU
+GaNfxasTJ4UCKr5ZNj8YRBr0609BbHowzFvIoZbM/cRaZXi9qYFB6PdsDSKje4IK
+7zffopJ4hBsSXNGVJNT4VimcBTRmipHNNlGXWs3E2TFzV5ZFqsxmPfHja8F1GVw4
+SbbcLBDf6u0N92nYkK3fz2fjh5iKX/TMHHpmp1CgUCOBaKTflhO3Sw0+RwCokUnd
+dgnUfzC9xMnn0SGEJN7uYfrMIniYViMhQBlk5ExbgJMWp+BEY20/h6eUOXUkCJX7
+4xXWvv1AUaPHG/fge+Qa9gQ3j/dYln3rRcfz0vcyG+b3c43kZzFIRONOzOjkpuY6
+iPWb8gNPt7CJ23cCU8CPhskGlHoy7IGiD51PvFTLBChrI+qGemI6EwckdWqHXvop
+jQ0wrR8arxiJpcIIMTt8BeUnyYok/7vthYZN6B1IsumAjnlCoDk=
+=4p0S
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/EN-23:22/vfs.patch b/website/static/security/patches/EN-23:22/vfs.patch
new file mode 100644
index 0000000000..e87542d87c
--- /dev/null
+++ b/website/static/security/patches/EN-23:22/vfs.patch
@@ -0,0 +1,112 @@
+--- sys/contrib/openzfs/include/os/freebsd/spl/sys/vfs.h.orig
++++ sys/contrib/openzfs/include/os/freebsd/spl/sys/vfs.h
+@@ -101,7 +101,7 @@
+ void vfs_clearmntopt(vfs_t *vfsp, const char *name);
+ int vfs_optionisset(const vfs_t *vfsp, const char *opt, char **argp);
+ int mount_snapshot(kthread_t *td, vnode_t **vpp, const char *fstype,
+- char *fspath, char *fspec, int fsflags);
++ char *fspath, char *fspec, int fsflags, vfs_t *parent_vfsp);
+
+ typedef uint64_t vfs_feature_t;
+
+--- sys/contrib/openzfs/module/os/freebsd/spl/spl_vfs.c.orig
++++ sys/contrib/openzfs/module/os/freebsd/spl/spl_vfs.c
+@@ -120,7 +120,7 @@
+
+ int
+ mount_snapshot(kthread_t *td, vnode_t **vpp, const char *fstype, char *fspath,
+- char *fspec, int fsflags)
++ char *fspec, int fsflags, vfs_t *parent_vfsp)
+ {
+ struct vfsconf *vfsp;
+ struct mount *mp;
+@@ -220,6 +220,13 @@
+ mp->mnt_opt = mp->mnt_optnew;
+ (void) VFS_STATFS(mp, &mp->mnt_stat);
+
++#ifdef VFS_SUPPORTS_EXJAIL_CLONE
++ /*
++ * Clone the mnt_exjail credentials of the parent, as required.
++ */
++ vfs_exjail_clone(parent_vfsp, mp);
++#endif
++
+ /*
+ * Prevent external consumers of mount options from reading
+ * mnt_optnew.
+--- sys/contrib/openzfs/module/os/freebsd/zfs/zfs_ctldir.c.orig
++++ sys/contrib/openzfs/module/os/freebsd/zfs/zfs_ctldir.c
+@@ -1026,7 +1026,8 @@
+ "%s/" ZFS_CTLDIR_NAME "/snapshot/%s",
+ dvp->v_vfsp->mnt_stat.f_mntonname, name);
+
+- err = mount_snapshot(curthread, vpp, "zfs", mountpoint, fullname, 0);
++ err = mount_snapshot(curthread, vpp, "zfs", mountpoint, fullname, 0,
++ dvp->v_vfsp);
+ kmem_free(mountpoint, mountpoint_len);
+ if (err == 0) {
+ /*
+--- sys/kern/vfs_mount.c.orig
++++ sys/kern/vfs_mount.c
+@@ -3119,6 +3119,41 @@
+ mtx_unlock(&mountlist_mtx);
+ }
+
++/*
++ * Clone the mnt_exjail field to a new mount point.
++ */
++void
++vfs_exjail_clone(struct mount *inmp, struct mount *outmp)
++{
++ struct ucred *cr;
++ struct prison *pr;
++
++ MNT_ILOCK(inmp);
++ cr = inmp->mnt_exjail;
++ if (cr != NULL) {
++ crhold(cr);
++ MNT_IUNLOCK(inmp);
++ pr = cr->cr_prison;
++ sx_slock(&allprison_lock);
++ if (!prison_isalive(pr)) {
++ sx_sunlock(&allprison_lock);
++ crfree(cr);
++ return;
++ }
++ MNT_ILOCK(outmp);
++ if (outmp->mnt_exjail == NULL) {
++ outmp->mnt_exjail = cr;
++ atomic_add_int(&pr->pr_exportcnt, 1);
++ cr = NULL;
++ }
++ MNT_IUNLOCK(outmp);
++ sx_sunlock(&allprison_lock);
++ if (cr != NULL)
++ crfree(cr);
++ } else
++ MNT_IUNLOCK(inmp);
++}
++
+ void
+ resume_all_fs(void)
+ {
+--- sys/sys/mount.h.orig
++++ sys/sys/mount.h
+@@ -980,6 +980,9 @@
+ * exported vnode operations
+ */
+
++/* Define this to indicate that vfs_exjail_clone() exists for ZFS to use. */
++#define VFS_SUPPORTS_EXJAIL_CLONE 1
++
+ int dounmount(struct mount *, uint64_t, struct thread *);
+
+ int kernel_mount(struct mntarg *ma, uint64_t flags);
+@@ -1016,6 +1019,7 @@
+ (struct mount *, struct netexport *, struct export_args *);
+ void vfs_periodic(struct mount *, int);
+ int vfs_busy(struct mount *, int);
++void vfs_exjail_clone(struct mount *, struct mount *);
+ void vfs_exjail_delete(struct prison *);
+ int vfs_export /* process mount export info */
+ (struct mount *, struct export_args *, bool);
diff --git a/website/static/security/patches/EN-23:22/vfs.patch.asc b/website/static/security/patches/EN-23:22/vfs.patch.asc
new file mode 100644
index 0000000000..cedd11e156
--- /dev/null
+++ b/website/static/security/patches/EN-23:22/vfs.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmVvmWoACgkQbljekB8A
+Gu8p3xAAuHsfxzOjJVUqsOMF2L461lVfyV+QPJvBkO77/qpekpVP768kkC+6b4/w
+nRgrSxznP/EecbcZ4CFRlB2/zSFp0j5eP2YtfbrgyM9R7Gq+oFk5QXbCNbYtoyZo
+MAwYezO+mHhSclaeP3H24tX7uL0NOtSsvhriYIi6H2z1+4WlYi/8b4LelxyoKw1F
+13crFiWCpI51nfu7b/JPDq0lGF/8HKbiViYSlCnpW2gn7A+xz6kvLq/H9nW2ikyy
+//zSNlmPdi90h01SKTuWkbldFvQvoeOtzJupp4gq2+eDq1WWfc8IdPfMZDneg3L2
+hcdiu1aGCah0+M37/pggW3b7uoQkfGz3A6RbNuoS/YQeuWFGWeXs9hMbR4JF/SLm
+xng6p/AMbRZOC09HmzmqGv8fgx108JpVjBBP9Y7cFUPb/V9ce5LpVaSBimQYqvjI
+2F0JUrifseJF5ryW08oxTOntJS3N/SCFYKwkWA/qQZoC6x23oRZdOX7vk8DCx9YX
+32mulqhmHYh/gHXcCmhtHm1Npr/LT8LSCEnESxi1Ouzw664/LDEatZyOvfeQQ2lO
+y+Fe2XxSUWfAUBXbrtjJzzJQCKIdWyCEjkCxRNLIyV8kfgXnk+lwWVzSahVn826A
+s8Fk883XF+2HVBU8HahRKtqFjs+QN/JaEZit4iUQuwvCkKGVEx4=
+=hdRm
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/SA-23:17/pf.patch b/website/static/security/patches/SA-23:17/pf.patch
new file mode 100644
index 0000000000..65e6e5869b
--- /dev/null
+++ b/website/static/security/patches/SA-23:17/pf.patch
@@ -0,0 +1,12 @@
+--- sys/netpfil/pf/pf.c.orig
++++ sys/netpfil/pf/pf.c
+@@ -5367,8 +5367,7 @@
+ (ackskew <= (MAXACKWINDOW << sws)) &&
+ /* Acking not more than one window forward */
+ ((th->th_flags & TH_RST) == 0 || orig_seq == src->seqlo ||
+- (orig_seq == src->seqlo + 1) || (orig_seq + 1 == src->seqlo) ||
+- (pd->flags & PFDESC_IP_REAS) == 0)) {
++ (orig_seq == src->seqlo + 1) || (orig_seq + 1 == src->seqlo))) {
+ /* Require an exact/+1 sequence match on resets when possible */
+
+ if (dst->scrub || src->scrub) {
diff --git a/website/static/security/patches/SA-23:17/pf.patch.asc b/website/static/security/patches/SA-23:17/pf.patch.asc
new file mode 100644
index 0000000000..ce278000d4
--- /dev/null
+++ b/website/static/security/patches/SA-23:17/pf.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmVvmWwACgkQbljekB8A
+Gu/NOg/+MsGtcJnwLdAUBcaT1wvQZDtJQFPVmFg9FXu46wZLB2fuy+A/Y0uqHWV0
+grK9/z7UuIOr9a3Unu5kE91idG4P/x1vltHC1LRmKfHlj6puc7gQYHzOdDlwcJtK
+MzsDnj2h8bxsxlElstpZz8QXC1o6ZJwtDpVPrNPhTmgv5BgQMUzq4GAoyQEcL9yc
+F0ke21VDRQ+RYUinKWvbrY2dfYFwCshGPw7AxkbL+D4vPVvbwPQl673xXZe/6Gha
+l/tzmNPdSZzUt2bRszEchSfigJjdJU1r4pZtWfh9TP5bHOM1LiMZwr0aMWQZ/7Mk
+W2EAQq2eoVod2qeXZkv0qT+pHlavPYRWMwFqqY1sDiHz+pft32r54bGbJGqniWRF
+vvdSDEodqEe9UrrGGXelZWPd2Btcq+u7wiIiBVrMNW8cq9/zcjXEpg0VQJQpnBfI
+kxgW+7piUVffvGX6mw9RoqcVcgNUIg2yfP5BNN0czNpUZx//mCPXRD/H4rrN9wer
+ipiw8zG6yZ7fbWITrmyBXpyjmARcNdo1DHe13pGWjS3+eMG0zpl1kjrPVUsF4/ji
+N0JwxTD608+APOe0bjW19kHbNSZCZOgtjQgXneMWKAv95QF/IJnYDjqDwV61Bic9
+nZ75t3ufY0gSCa4e0Yn22m9xMZvThsvMeVxggnf8YkOk5eGAff8=
+=z23u
+-----END PGP SIGNATURE-----