diff --git a/website/data/security/advisories.toml b/website/data/security/advisories.toml
index d0945c9078..cd751f68a5 100644
--- a/website/data/security/advisories.toml
+++ b/website/data/security/advisories.toml
@@ -1,2711 +1,2727 @@
# Sort advisories by year, month and day
# $FreeBSD$
+[[advisories]]
+name = "FreeBSD-SA-24:08.openssh"
+date = "2024-08-07"
+
+[[advisories]]
+name = "FreeBSD-SA-24:07.nfsclient"
+date = "2024-08-07"
+
+[[advisories]]
+name = "FreeBSD-SA-24:06.ktrace"
+date = "2024-08-07"
+
+[[advisories]]
+name = "FreeBSD-SA-24:05.pf"
+date = "2024-08-07"
+
[[advisories]]
name = "FreeBSD-SA-24:04.openssh"
date = "2024-07-01"
[[advisories]]
name = "FreeBSD-SA-24:03.unbound"
date = "2024-03-28"
[[advisories]]
name = "FreeBSD-SA-24:02.tty"
date = "2024-02-14"
[[advisories]]
name = "FreeBSD-SA-24:01.bhyveload"
date = "2024-02-14"
[[advisories]]
name = "FreeBSD-SA-23:19.openssh"
date = "2023-12-19"
[[advisories]]
name = "FreeBSD-SA-23:18.nfsclient"
date = "2023-12-12"
[[advisories]]
name = "FreeBSD-SA-23:17.pf"
date = "2023-12-05"
[[advisories]]
name = "FreeBSD-SA-23:16.cap_net"
date = "2023-11-08"
[[advisories]]
name = "FreeBSD-SA-23:15.stdio"
date = "2023-11-08"
[[advisories]]
name = "FreeBSD-SA-23:14.smccc"
date = "2023-10-03"
[[advisories]]
name = "FreeBSD-SA-23:13.capsicum"
date = "2023-10-03"
[[advisories]]
name = "FreeBSD-SA-23:12.msdosfs"
date = "2023-10-03"
[[advisories]]
name = "FreeBSD-SA-23:11.wifi"
date = "2023-09-06"
[[advisories]]
name = "FreeBSD-SA-23:10.pf"
date = "2023-09-06"
[[advisories]]
name = "FreeBSD-SA-23:09.pam_krb5"
date = "2023-08-01"
[[advisories]]
name = "FreeBSD-SA-23:08.ssh"
date = "2023-08-01"
[[advisories]]
name = "FreeBSD-SA-23:07.bhyve"
date = "2023-08-01"
[[advisories]]
name = "FreeBSD-SA-23:06.ipv6"
date = "2023-08-01"
[[advisories]]
name = "FreeBSD-SA-23:05.openssh"
date = "2023-06-21"
[[advisories]]
name = "FreeBSD-SA-23:04.pam_krb5"
date = "2023-06-21"
[[advisories]]
name = "FreeBSD-SA-23:03.openssl"
date = "2023-02-16"
[[advisories]]
name = "FreeBSD-SA-23:02.openssh"
date = "2023-02-16"
[[advisories]]
name = "FreeBSD-SA-23:01.geli"
date = "2023-02-08"
[[advisories]]
name = "FreeBSD-SA-22:15.ping"
date = "2022-11-29"
[[advisories]]
name = "FreeBSD-SA-22:14.heimdal"
date = "2022-11-15"
[[advisories]]
name = "FreeBSD-SA-22:13.zlib"
date = "2022-08-30"
[[advisories]]
name = "FreeBSD-SA-22:12.lib9p"
date = "2022-08-09"
[[advisories]]
name = "FreeBSD-SA-22:11.vm"
date = "2022-08-09"
[[advisories]]
name = "FreeBSD-SA-22:10.aio"
date = "2022-08-09"
[[advisories]]
name = "FreeBSD-SA-22:09.elf"
date = "2022-08-09"
[[advisories]]
name = "FreeBSD-SA-22:08.zlib"
date = "2022-04-06"
[[advisories]]
name = "FreeBSD-SA-22:07.wifi_meshid"
date = "2022-04-06"
[[advisories]]
name = "FreeBSD-SA-22:06.ioctl"
date = "2022-04-06"
[[advisories]]
name = "FreeBSD-SA-22:05.bhyve"
date = "2022-04-06"
[[advisories]]
name = "FreeBSD-SA-22:04.netmap"
date = "2022-04-06"
[[advisories]]
name = "FreeBSD-SA-22:03.openssl"
date = "2022-03-15"
[[advisories]]
name = "FreeBSD-SA-22:02.wifi"
date = "2022-03-15"
[[advisories]]
name = "FreeBSD-SA-22:01.vt"
date = "2022-01-11"
[[advisories]]
name = "FreeBSD-SA-21:17.openssl"
date = "2021-08-24"
[[advisories]]
name = "FreeBSD-SA-21:16.openssl"
date = "2021-08-24"
[[advisories]]
name = "FreeBSD-SA-21:15.libfetch"
date = "2021-08-24"
[[advisories]]
name = "FreeBSD-SA-21:14.ggatec"
date = "2021-08-24"
[[advisories]]
name = "FreeBSD-SA-21:13.bhyve"
date = "2021-08-24"
[[advisories]]
name = "FreeBSD-SA-21:12.libradius"
date = "2021-05-26"
[[advisories]]
name = "FreeBSD-SA-21:11.smap"
date = "2021-05-26"
[[advisories]]
name = "FreeBSD-SA-21:10.jail_mount"
date = "2021-04-06"
[[advisories]]
name = "FreeBSD-SA-21:09.accept_filter"
date = "2021-04-06"
[[advisories]]
name = "FreeBSD-SA-21:08.vm"
date = "2021-04-06"
[[advisories]]
name = "FreeBSD-SA-21:07.openssl"
date = "2021-03-25"
[[advisories]]
name = "FreeBSD-SA-21:06.xen"
date = "2021-02-24"
[[advisories]]
name = "FreeBSD-SA-21:05.jail_chdir"
date = "2021-02-24"
[[advisories]]
name = "FreeBSD-SA-21:04.jail_remove"
date = "2021-02-24"
[[advisories]]
name = "FreeBSD-SA-21:03.pam_login_access"
date = "2021-02-24"
[[advisories]]
name = "FreeBSD-SA-21:02.xenoom"
date = "2021-01-29"
[[advisories]]
name = "FreeBSD-SA-21:01.fsdisclosure"
date = "2021-01-29"
[[advisories]]
name = "FreeBSD-SA-20:33.openssl"
date = "2020-12-08"
[[advisories]]
name = "FreeBSD-SA-20:32.rtsold"
date = "2020-12-01"
[[advisories]]
name = "FreeBSD-SA-20:31.icmp6"
date = "2020-12-01"
[[advisories]]
name = "FreeBSD-SA-20:30.ftpd"
date = "2020-09-15"
[[advisories]]
name = "FreeBSD-SA-20:29.bhyve_svm"
date = "2020-09-15"
[[advisories]]
name = "FreeBSD-SA-20:28.bhyve_vmcs"
date = "2020-09-15"
[[advisories]]
name = "FreeBSD-SA-20:27.ure"
date = "2020-09-15"
[[advisories]]
name = "FreeBSD-SA-20:26.dhclient"
date = "2020-09-02"
[[advisories]]
name = "FreeBSD-SA-20:25.sctp"
date = "2020-09-02"
[[advisories]]
name = "FreeBSD-SA-20:24.ipv6"
date = "2020-09-02"
[[advisories]]
name = "FreeBSD-SA-20:23.sendmsg"
date = "2020-08-05"
[[advisories]]
name = "FreeBSD-SA-20:22.sqlite"
date = "2020-08-05"
[[advisories]]
name = "FreeBSD-SA-20:21.usb_net"
date = "2020-08-05"
[[advisories]]
name = "FreeBSD-SA-20:20.ipv6"
date = "2020-07-08"
[[advisories]]
name = "FreeBSD-SA-20:19.unbound"
date = "2020-07-08"
[[advisories]]
name = "FreeBSD-SA-20:18.posix_spawnp"
date = "2020-07-08"
[[advisories]]
name = "FreeBSD-SA-20:17.usb"
date = "2020-06-09"
[[advisories]]
name = "FreeBSD-SA-20:16.cryptodev"
date = "2020-05-12"
[[advisories]]
name = "FreeBSD-SA-20:15.cryptodev"
date = "2020-05-12"
[[advisories]]
name = "FreeBSD-SA-20:14.sctp"
date = "2020-05-12"
[[advisories]]
name = "FreeBSD-SA-20:13.libalias"
date = "2020-05-12"
[[advisories]]
name = "FreeBSD-SA-20:12.libalias"
date = "2020-05-12"
[[advisories]]
name = "FreeBSD-SA-20:11.openssl"
date = "2020-04-21"
[[advisories]]
name = "FreeBSD-SA-20:10.ipfw"
date = "2020-04-21"
[[advisories]]
name = "FreeBSD-SA-20:09.ntp"
date = "2020-03-19"
[[advisories]]
name = "FreeBSD-SA-20:08.jail"
date = "2020-03-19"
[[advisories]]
name = "FreeBSD-SA-20:07.epair"
date = "2020-03-19"
[[advisories]]
name = "FreeBSD-SA-20:06.if_ixl_ioctl"
date = "2020-03-19"
[[advisories]]
name = "FreeBSD-SA-20:05.if_oce_ioctl"
date = "2020-03-19"
[[advisories]]
name = "FreeBSD-SA-20:04.tcp"
date = "2020-03-19"
[[advisories]]
name = "FreeBSD-SA-20:03.thrmisc"
date = "2020-01-28"
[[advisories]]
name = "FreeBSD-SA-20:02.ipsec"
date = "2020-01-28"
[[advisories]]
name = "FreeBSD-SA-20:01.libfetch"
date = "2020-01-28"
[[advisories]]
name = "FreeBSD-SA-19:26.mcu"
date = "2019-11-12"
[[advisories]]
name = "FreeBSD-SA-19:25.mcepsc"
date = "2019-11-12"
[[advisories]]
name = "FreeBSD-SA-19:24.mqueuefs"
date = "2019-08-20"
[[advisories]]
name = "FreeBSD-SA-19:23.midi"
date = "2019-08-20"
[[advisories]]
name = "FreeBSD-SA-19:22.mbuf"
date = "2019-08-20"
[[advisories]]
name = "FreeBSD-SA-19:21.bhyve"
date = "2019-08-06"
[[advisories]]
name = "FreeBSD-SA-19:20.bsnmp"
date = "2019-08-06"
[[advisories]]
name = "FreeBSD-SA-19:19.mldv2"
date = "2019-08-06"
[[advisories]]
name = "FreeBSD-SA-19:18.bzip2"
date = "2019-08-06"
[[advisories]]
name = "FreeBSD-SA-19:17.fd"
date = "2019-07-24"
[[advisories]]
name = "FreeBSD-SA-19:16.bhyve"
date = "2019-07-24"
[[advisories]]
name = "FreeBSD-SA-19:15.mqueuefs"
date = "2019-07-24"
[[advisories]]
name = "FreeBSD-SA-19:14.freebsd32"
date = "2019-07-24"
[[advisories]]
name = "FreeBSD-SA-19:13.pts"
date = "2019-07-24"
[[advisories]]
name = "FreeBSD-SA-19:12.telnet"
date = "2019-07-24"
[[advisories]]
name = "FreeBSD-SA-19:11.cd_ioctl"
date = "2019-07-02"
[[advisories]]
name = "FreeBSD-SA-19:10.ufs"
date = "2019-07-02"
[[advisories]]
name = "FreeBSD-SA-19:09.iconv"
date = "2019-07-02"
[[advisories]]
name = "FreeBSD-SA-19:08.rack"
date = "2019-06-19"
[[advisories]]
name = "FreeBSD-SA-19:07.mds"
date = "2019-05-14"
[[advisories]]
name = "FreeBSD-SA-19:06.pf"
date = "2019-05-14"
[[advisories]]
name = "FreeBSD-SA-19:05.pf"
date = "2019-05-14"
[[advisories]]
name = "FreeBSD-SA-19:04.ntp"
date = "2019-05-14"
[[advisories]]
name = "FreeBSD-SA-19:03.wpa"
date = "2019-05-14"
[[advisories]]
name = "FreeBSD-SA-19:02.fd"
date = "2019-02-05"
[[advisories]]
name = "FreeBSD-SA-19:01.syscall"
date = "2019-02-05"
[[advisories]]
name = "FreeBSD-SA-18:15.bootpd"
date = "2018-12-19"
[[advisories]]
name = "FreeBSD-SA-18:14.bhyve"
date = "2018-12-04"
[[advisories]]
name = "FreeBSD-SA-18:13.nfs"
date = "2018-11-27"
[[advisories]]
name = "FreeBSD-SA-18:12.elf"
date = "2018-09-12"
[[advisories]]
name = "FreeBSD-SA-18:11.hostapd"
date = "2018-08-14"
[[advisories]]
name = "FreeBSD-SA-18:10.ip"
date = "2018-08-14"
[[advisories]]
name = "FreeBSD-SA-18:09.l1tf"
date = "2018-08-14"
[[advisories]]
name = "FreeBSD-SA-18:08.tcp"
date = "2018-08-06"
[[advisories]]
name = "FreeBSD-SA-18:07.lazyfpu"
date = "2018-06-21"
[[advisories]]
name = "FreeBSD-SA-18:06.debugreg"
date = "2018-05-08"
[[advisories]]
name = "FreeBSD-SA-18:05.ipsec"
date = "2018-04-04"
[[advisories]]
name = "FreeBSD-SA-18:04.vt"
date = "2018-04-04"
[[advisories]]
name = "FreeBSD-SA-18:03.speculative_execution"
date = "2018-03-14"
[[advisories]]
name = "FreeBSD-SA-18:02.ntp"
date = "2018-03-07"
[[advisories]]
name = "FreeBSD-SA-18:01.ipsec"
date = "2018-03-07"
[[advisories]]
name = "FreeBSD-SA-17:12.openssl"
date = "2017-12-09"
[[advisories]]
name = "FreeBSD-SA-17:11.openssl"
date = "2017-11-29"
[[advisories]]
name = "FreeBSD-SA-17:10.kldstat"
date = "2017-11-15"
[[advisories]]
name = "FreeBSD-SA-17:09.shm"
date = "2017-11-15"
[[advisories]]
name = "FreeBSD-SA-17:08.ptrace"
date = "2017-11-15"
[[advisories]]
name = "FreeBSD-SA-17:07.wpa"
date = "2017-10-17"
[[advisories]]
name = "FreeBSD-SA-17:06.openssh"
date = "2017-08-10"
[[advisories]]
name = "FreeBSD-SA-17:05.heimdal"
date = "2017-07-12"
[[advisories]]
name = "FreeBSD-SA-17:04.ipfilter"
date = "2017-04-27"
[[advisories]]
name = "FreeBSD-SA-17:03.ntp"
date = "2017-04-12"
[[advisories]]
name = "FreeBSD-SA-17:02.openssl"
date = "2017-02-23"
[[advisories]]
name = "FreeBSD-SA-17:01.openssh"
date = "2017-01-11"
[[advisories]]
name = "FreeBSD-SA-16:39.ntp"
date = "2016-12-22"
[[advisories]]
name = "FreeBSD-SA-16:38.bhyve"
date = "2016-12-06"
[[advisories]]
name = "FreeBSD-SA-16:37.libc"
date = "2016-12-06"
[[advisories]]
name = "FreeBSD-SA-16:36.telnetd"
date = "2016-12-06"
[[advisories]]
name = "FreeBSD-SA-16:35.openssl"
date = "2016-11-02"
[[advisories]]
name = "FreeBSD-SA-16:34.bind"
date = "2016-11-02"
[[advisories]]
name = "FreeBSD-SA-16:33.openssh"
date = "2016-11-02"
[[advisories]]
name = "FreeBSD-SA-16:32.bhyve"
date = "2016-10-25"
[[advisories]]
name = "FreeBSD-SA-16:31.libarchive"
date = "2016-10-10"
[[advisories]]
name = "FreeBSD-SA-16:30.portsnap"
date = "2016-10-10"
[[advisories]]
name = "FreeBSD-SA-16:29.bspatch"
date = "2016-10-10"
[[advisories]]
name = "FreeBSD-SA-16:28.bind"
date = "2016-10-10"
[[advisories]]
name = "FreeBSD-SA-16:27.openssl"
date = "2016-10-10"
[[advisories]]
name = "FreeBSD-SA-16:26.openssl"
date = "2016-09-23"
[[advisories]]
name = "FreeBSD-SA-16:25.bspatch"
date = "2016-07-25"
[[advisories]]
name = "FreeBSD-SA-16:24.ntp"
date = "2016-06-04"
[[advisories]]
name = "FreeBSD-SA-16:23.libarchive"
date = "2016-05-31"
[[advisories]]
name = "FreeBSD-SA-16:22.libarchive"
date = "2016-05-31"
[[advisories]]
name = "FreeBSD-SA-16:21.43bsd"
date = "2016-05-31"
[[advisories]]
name = "FreeBSD-SA-16:20.linux"
date = "2016-05-31"
[[advisories]]
name = "FreeBSD-SA-16:19.sendmsg"
date = "2016-05-17"
[[advisories]]
name = "FreeBSD-SA-16:18.atkbd"
date = "2016-05-17"
[[advisories]]
name = "FreeBSD-SA-16:17.openssl"
date = "2016-05-04"
[[advisories]]
name = "FreeBSD-SA-16:16.ntp"
date = "2016-04-29"
[[advisories]]
name = "FreeBSD-SA-16:15.sysarch"
date = "2016-03-16"
[[advisories]]
name = "FreeBSD-SA-16:14.openssh"
date = "2016-03-16"
[[advisories]]
name = "FreeBSD-SA-16:13.bind"
date = "2016-03-10"
[[advisories]]
name = "FreeBSD-SA-16:12.openssl"
date = "2016-03-10"
[[advisories]]
name = "FreeBSD-SA-16:11.openssl"
date = "2016-01-30"
[[advisories]]
name = "FreeBSD-SA-16:10.linux"
date = "2016-01-27"
[[advisories]]
name = "FreeBSD-SA-16:09.ntp"
date = "2016-01-27"
[[advisories]]
name = "FreeBSD-SA-16:08.bind"
date = "2016-01-27"
[[advisories]]
name = "FreeBSD-SA-16:07.openssh"
date = "2016-01-14"
[[advisories]]
name = "FreeBSD-SA-16:06.bsnmpd"
date = "2016-01-14"
[[advisories]]
name = "FreeBSD-SA-16:05.tcp"
date = "2016-01-14"
[[advisories]]
name = "FreeBSD-SA-16:04.linux"
date = "2016-01-14"
[[advisories]]
name = "FreeBSD-SA-16:03.linux"
date = "2016-01-14"
[[advisories]]
name = "FreeBSD-SA-16:02.ntp"
date = "2016-01-14"
[[advisories]]
name = "FreeBSD-SA-16:01.sctp"
date = "2016-01-14"
[[advisories]]
name = "FreeBSD-SA-15:27.bind"
date = "2015-12-16"
[[advisories]]
name = "FreeBSD-SA-15:26.openssl"
date = "2015-12-06"
[[advisories]]
name = "FreeBSD-SA-15:25.ntp"
date = "2015-10-26"
[[advisories]]
name = "FreeBSD-SA-15:24.rpcbind"
date = "2015-09-29"
[[advisories]]
name = "FreeBSD-SA-15:23.bind"
date = "2015-09-02"
[[advisories]]
name = "FreeBSD-SA-15:22.openssh"
date = "2015-08-25"
[[advisories]]
name = "FreeBSD-SA-15:21.amd64"
date = "2015-08-25"
[[advisories]]
name = "FreeBSD-SA-15:20.expat"
date = "2015-08-18"
[[advisories]]
name = "FreeBSD-SA-15:19.routed"
date = "2015-08-05"
[[advisories]]
name = "FreeBSD-SA-15:18.bsdpatch"
date = "2015-08-05"
[[advisories]]
name = "FreeBSD-SA-15:17.bind"
date = "2015-07-28"
[[advisories]]
name = "FreeBSD-SA-15:16.openssh"
date = "2015-07-28"
[[advisories]]
name = "FreeBSD-SA-15:15.tcp"
date = "2015-07-28"
[[advisories]]
name = "FreeBSD-SA-15:14.bsdpatch"
date = "2015-07-28"
[[advisories]]
name = "FreeBSD-SA-15:13.tcp"
date = "2015-07-21"
[[advisories]]
name = "FreeBSD-SA-15:12.openssl"
date = "2015-07-09"
[[advisories]]
name = "FreeBSD-SA-15:11.bind"
date = "2015-07-07"
[[advisories]]
name = "FreeBSD-SA-15:10.openssl"
date = "2015-06-12"
[[advisories]]
name = "FreeBSD-SA-15:09.ipv6"
date = "2015-04-07"
[[advisories]]
name = "FreeBSD-SA-15:08.bsdinstall"
date = "2015-04-07"
[[advisories]]
name = "FreeBSD-SA-15:07.ntp"
date = "2015-04-07"
[[advisories]]
name = "FreeBSD-SA-15:06.openssl"
date = "2015-03-19"
[[advisories]]
name = "FreeBSD-SA-15:05.bind"
date = "2015-02-25"
[[advisories]]
name = "FreeBSD-SA-15:04.igmp"
date = "2015-02-25"
[[advisories]]
name = "FreeBSD-SA-15:03.sctp"
date = "2015-01-27"
[[advisories]]
name = "FreeBSD-SA-15:02.kmem"
date = "2015-01-27"
[[advisories]]
name = "FreeBSD-SA-15:01.openssl"
date = "2015-01-14"
[[advisories]]
name = "FreeBSD-SA-14:31.ntp"
date = "2014-12-23"
[[advisories]]
name = "FreeBSD-SA-14:30.unbound"
date = "2014-12-17"
[[advisories]]
name = "FreeBSD-SA-14:29.bind"
date = "2014-12-10"
[[advisories]]
name = "FreeBSD-SA-14:28.file"
date = "2014-12-10"
[[advisories]]
name = "FreeBSD-SA-14:27.stdio"
date = "2014-12-10"
[[advisories]]
name = "FreeBSD-SA-14:26.ftp"
date = "2014-11-04"
[[advisories]]
name = "FreeBSD-SA-14:25.setlogin"
date = "2014-11-04"
[[advisories]]
name = "FreeBSD-SA-14:24.sshd"
date = "2014-11-04"
[[advisories]]
name = "FreeBSD-SA-14:23.openssl"
date = "2014-10-21"
[[advisories]]
name = "FreeBSD-SA-14:22.namei"
date = "2014-10-21"
[[advisories]]
name = "FreeBSD-SA-14:21.routed"
date = "2014-10-21"
[[advisories]]
name = "FreeBSD-SA-14:20.rtsold"
date = "2014-10-21"
[[advisories]]
name = "FreeBSD-SA-14:19.tcp"
date = "2014-09-16"
[[advisories]]
name = "FreeBSD-SA-14:18.openssl"
date = "2014-09-09"
[[advisories]]
name = "FreeBSD-SA-14:17.kmem"
date = "2014-07-08"
[[advisories]]
name = "FreeBSD-SA-14:16.file"
date = "2014-06-24"
[[advisories]]
name = "FreeBSD-SA-14:15.iconv"
date = "2014-06-24"
[[advisories]]
name = "FreeBSD-SA-14:14.openssl"
date = "2014-06-05"
[[advisories]]
name = "FreeBSD-SA-14:13.pam"
date = "2014-06-03"
[[advisories]]
name = "FreeBSD-SA-14:12.ktrace"
date = "2014-06-03"
[[advisories]]
name = "FreeBSD-SA-14:11.sendmail"
date = "2014-06-03"
[[advisories]]
name = "FreeBSD-SA-14:10.openssl"
date = "2014-05-13"
[[advisories]]
name = "FreeBSD-SA-14:09.openssl"
date = "2014-04-30"
[[advisories]]
name = "FreeBSD-SA-14:08.tcp"
date = "2014-04-30"
[[advisories]]
name = "FreeBSD-SA-14:07.devfs"
date = "2014-04-30"
[[advisories]]
name = "FreeBSD-SA-14:06.openssl"
date = "2014-04-08"
[[advisories]]
name = "FreeBSD-SA-14:05.nfsserver"
date = "2014-04-08"
[[advisories]]
name = "FreeBSD-SA-14:04.bind"
date = "2014-01-14"
[[advisories]]
name = "FreeBSD-SA-14:03.openssl"
date = "2014-01-14"
[[advisories]]
name = "FreeBSD-SA-14:02.ntpd"
date = "2014-01-14"
[[advisories]]
name = "FreeBSD-SA-14:01.bsnmpd"
date = "2014-01-14"
[[advisories]]
name = "FreeBSD-SA-13:14.openssh"
date = "2013-11-19"
[[advisories]]
name = "FreeBSD-SA-13:13.nullfs"
date = "2013-09-10"
[[advisories]]
name = "FreeBSD-SA-13:12.ifioctl"
date = "2013-09-10"
[[advisories]]
name = "FreeBSD-SA-13:11.sendfile"
date = "2013-09-10"
[[advisories]]
name = "FreeBSD-SA-13:10.sctp"
date = "2013-08-22"
[[advisories]]
name = "FreeBSD-SA-13:09.ip_multicast"
date = "2013-08-22"
[[advisories]]
name = "FreeBSD-SA-13:08.nfsserver"
date = "2013-07-26"
[[advisories]]
name = "FreeBSD-SA-13:07.bind"
date = "2013-07-26"
[[advisories]]
name = "FreeBSD-SA-13:06.mmap"
date = "2013-06-18"
[[advisories]]
name = "FreeBSD-SA-13:05.nfsserver"
date = "2013-04-29"
[[advisories]]
name = "FreeBSD-SA-13:04.bind"
date = "2013-04-02"
[[advisories]]
name = "FreeBSD-SA-13:03.openssl"
date = "2013-04-02"
[[advisories]]
name = "FreeBSD-SA-13:02.libc"
date = "2013-02-19"
[[advisories]]
name = "FreeBSD-SA-13:01.bind"
date = "2013-02-19"
[[advisories]]
name = "FreeBSD-SA-12:08.linux"
date = "2012-11-22"
[[advisories]]
name = "FreeBSD-SA-12:07.hostapd"
date = "2012-11-22"
[[advisories]]
name = "FreeBSD-SA-12:06.bind"
date = "2012-11-22"
[[advisories]]
name = "FreeBSD-SA-12:05.bind"
date = "2012-08-06"
[[advisories]]
name = "FreeBSD-SA-12:04.sysret"
date = "2012-06-12"
[[advisories]]
name = "FreeBSD-SA-12:03.bind"
date = "2012-06-12"
[[advisories]]
name = "FreeBSD-SA-12:02.crypt"
date = "2012-05-30"
[[advisories]]
name = "FreeBSD-SA-12:01.openssl"
date = "2012-05-30"
[[advisories]]
name = "FreeBSD-SA-11:10.pam"
date = "2011-12-23"
[[advisories]]
name = "FreeBSD-SA-11:09.pam_ssh"
date = "2011-12-23"
[[advisories]]
name = "FreeBSD-SA-11:08.telnetd"
date = "2011-12-23"
[[advisories]]
name = "FreeBSD-SA-11:07.chroot"
date = "2011-12-23"
[[advisories]]
name = "FreeBSD-SA-11:06.bind"
date = "2011-12-23"
[[advisories]]
name = "FreeBSD-SA-11:05.unix"
date = "2011-09-28"
[[advisories]]
name = "FreeBSD-SA-11:04.compress"
date = "2011-09-28"
[[advisories]]
name = "FreeBSD-SA-11:03.bind"
date = "2011-09-28"
[[advisories]]
name = "FreeBSD-SA-11:02.bind"
date = "2011-05-28"
[[advisories]]
name = "FreeBSD-SA-11:01.mountd"
date = "2011-04-20"
[[advisories]]
name = "FreeBSD-SA-10:10.openssl"
date = "2010-11-29"
[[advisories]]
name = "FreeBSD-SA-10:09.pseudofs"
date = "2010-11-10"
[[advisories]]
name = "FreeBSD-SA-10:08.bzip2"
date = "2010-09-20"
[[advisories]]
name = "FreeBSD-SA-10:07.mbuf"
date = "2010-07-13"
[[advisories]]
name = "FreeBSD-SA-10:06.nfsclient"
date = "2010-05-27"
[[advisories]]
name = "FreeBSD-SA-10:05.opie"
date = "2010-05-27"
[[advisories]]
name = "FreeBSD-SA-10:04.jail"
date = "2010-05-27"
[[advisories]]
name = "FreeBSD-SA-10:03.zfs"
date = "2010-01-06"
[[advisories]]
name = "FreeBSD-SA-10:02.ntpd"
date = "2010-01-06"
[[advisories]]
name = "FreeBSD-SA-10:01.bind"
date = "2010-01-06"
[[advisories]]
name = "FreeBSD-SA-09:17.freebsd-update"
date = "2009-12-03"
[[advisories]]
name = "FreeBSD-SA-09:16.rtld"
date = "2009-12-03"
[[advisories]]
name = "FreeBSD-SA-09:15.ssl"
date = "2009-12-03"
[[advisories]]
name = "FreeBSD-SA-09:14.devfs"
date = "2009-10-02"
[[advisories]]
name = "FreeBSD-SA-09:13.pipe"
date = "2009-10-02"
[[advisories]]
name = "FreeBSD-SA-09:12.bind"
date = "2009-07-29"
[[advisories]]
name = "FreeBSD-SA-09:11.ntpd"
date = "2009-06-10"
[[advisories]]
name = "FreeBSD-SA-09:10.ipv6"
date = "2009-06-10"
[[advisories]]
name = "FreeBSD-SA-09:09.pipe"
date = "2009-06-10"
[[advisories]]
name = "FreeBSD-SA-09:08.openssl"
date = "2009-04-22"
[[advisories]]
name = "FreeBSD-SA-09:07.libc"
date = "2009-04-22"
[[advisories]]
name = "FreeBSD-SA-09:06.ktimer"
date = "2009-03-23"
[[advisories]]
name = "FreeBSD-SA-09:05.telnetd"
date = "2009-02-16"
[[advisories]]
name = "FreeBSD-SA-09:04.bind"
date = "2009-01-13"
[[advisories]]
name = "FreeBSD-SA-09:03.ntpd"
date = "2009-01-13"
[[advisories]]
name = "FreeBSD-SA-09:02.openssl"
date = "2009-01-07"
[[advisories]]
name = "FreeBSD-SA-09:01.lukemftpd"
date = "2009-01-07"
[[advisories]]
name = "FreeBSD-SA-08:13.protosw"
date = "2008-12-23"
[[advisories]]
name = "FreeBSD-SA-08:12.ftpd"
date = "2008-12-23"
[[advisories]]
name = "FreeBSD-SA-08:11.arc4random"
date = "2008-11-24"
[[advisories]]
name = "FreeBSD-SA-08:10.nd6"
date = "2008-10-02"
[[advisories]]
name = "FreeBSD-SA-08:09.icmp6"
date = "2008-09-03"
[[advisories]]
name = "FreeBSD-SA-08:08.nmount"
date = "2008-09-03"
[[advisories]]
name = "FreeBSD-SA-08:07.amd64"
date = "2008-09-03"
[[advisories]]
name = "FreeBSD-SA-08:06.bind"
date = "2008-07-13"
[[advisories]]
name = "FreeBSD-SA-08:05.openssh"
date = "2008-04-17"
[[advisories]]
name = "FreeBSD-SA-08:04.ipsec"
date = "2008-02-14"
[[advisories]]
name = "FreeBSD-SA-08:03.sendfile"
date = "2008-02-14"
[[advisories]]
name = "FreeBSD-SA-08:02.libc"
date = "2008-01-14"
[[advisories]]
name = "FreeBSD-SA-08:01.pty"
date = "2008-01-14"
[[advisories]]
name = "FreeBSD-SA-07:10.gtar"
date = "2007-11-29"
[[advisories]]
name = "FreeBSD-SA-07:09.random"
date = "2007-11-29"
[[advisories]]
name = "FreeBSD-SA-07:08.openssl"
date = "2007-10-03"
[[advisories]]
name = "FreeBSD-SA-07:07.bind"
date = "2007-08-01"
[[advisories]]
name = "FreeBSD-SA-07:06.tcpdump"
date = "2007-08-01"
[[advisories]]
name = "FreeBSD-SA-07:05.libarchive"
date = "2007-07-12"
[[advisories]]
name = "FreeBSD-SA-07:04.file"
date = "2007-05-23"
[[advisories]]
name = "FreeBSD-SA-07:03.ipv6"
date = "2007-04-26"
[[advisories]]
name = "FreeBSD-SA-07:02.bind"
date = "2007-02-09"
[[advisories]]
name = "FreeBSD-SA-07:01.jail"
date = "2007-01-11"
[[advisories]]
name = "FreeBSD-SA-06:26.gtar"
date = "2006-12-06"
[[advisories]]
name = "FreeBSD-SA-06:25.kmem"
date = "2006-12-06"
[[advisories]]
name = "FreeBSD-SA-06:24.libarchive"
date = "2006-11-08"
[[advisories]]
name = "FreeBSD-SA-06:22.openssh"
date = "2006-09-30"
[[advisories]]
name = "FreeBSD-SA-06:23.openssl"
date = "2006-09-28"
[[advisories]]
name = "FreeBSD-SA-06:21.gzip"
date = "2006-09-19"
[[advisories]]
name = "FreeBSD-SA-06:20.bind"
date = "2006-09-06"
[[advisories]]
name = "FreeBSD-SA-06:19.openssl"
date = "2006-09-06"
[[advisories]]
name = "FreeBSD-SA-06:18.ppp"
date = "2006-08-23"
[[advisories]]
name = "FreeBSD-SA-06:17.sendmail"
date = "2006-06-14"
[[advisories]]
name = "FreeBSD-SA-06:16.smbfs"
date = "2006-05-31"
[[advisories]]
name = "FreeBSD-SA-06:15.ypserv"
date = "2006-05-31"
[[advisories]]
name = "FreeBSD-SA-06:14.fpu"
date = "2006-04-19"
[[advisories]]
name = "FreeBSD-SA-06:13.sendmail"
date = "2006-03-22"
[[advisories]]
name = "FreeBSD-SA-06:12.opie"
date = "2006-03-22"
[[advisories]]
name = "FreeBSD-SA-06:11.ipsec"
date = "2006-03-22"
[[advisories]]
name = "FreeBSD-SA-06:10.nfs"
date = "2006-03-01"
[[advisories]]
name = "FreeBSD-SA-06:09.openssh"
date = "2006-03-01"
[[advisories]]
name = "FreeBSD-SA-06:08.sack"
date = "2006-02-01"
[[advisories]]
name = "FreeBSD-SA-06:07.pf"
date = "2006-01-25"
[[advisories]]
name = "FreeBSD-SA-06:06.kmem"
date = "2006-01-25"
[[advisories]]
name = "FreeBSD-SA-06:05.80211"
date = "2006-01-18"
[[advisories]]
name = "FreeBSD-SA-06:04.ipfw"
date = "2006-01-11"
[[advisories]]
name = "FreeBSD-SA-06:03.cpio"
date = "2006-01-11"
[[advisories]]
name = "FreeBSD-SA-06:02.ee"
date = "2006-01-11"
[[advisories]]
name = "FreeBSD-SA-06:01.texindex"
date = "2006-01-11"
[[advisories]]
name = "FreeBSD-SA-05:21.openssl"
date = "2005-10-11"
[[advisories]]
name = "FreeBSD-SA-05:20.cvsbug"
date = "2005-09-07"
[[advisories]]
name = "FreeBSD-SA-05:19.ipsec"
date = "2005-07-27"
[[advisories]]
name = "FreeBSD-SA-05:18.zlib"
date = "2005-07-27"
[[advisories]]
name = "FreeBSD-SA-05:17.devfs"
date = "2005-07-20"
[[advisories]]
name = "FreeBSD-SA-05:16.zlib"
date = "2005-07-06"
[[advisories]]
name = "FreeBSD-SA-05:15.tcp"
date = "2005-06-29"
[[advisories]]
name = "FreeBSD-SA-05:14.bzip2"
date = "2005-06-29"
[[advisories]]
name = "FreeBSD-SA-05:13.ipfw"
date = "2005-06-29"
[[advisories]]
name = "FreeBSD-SA-05:12.bind9"
date = "2005-06-09"
[[advisories]]
name = "FreeBSD-SA-05:11.gzip"
date = "2005-06-09"
[[advisories]]
name = "FreeBSD-SA-05:10.tcpdump"
date = "2005-06-09"
[[advisories]]
name = "FreeBSD-SA-05:09.htt"
date = "2005-05-13"
[[advisories]]
name = "FreeBSD-SA-05:08.kmem"
date = "2005-05-06"
[[advisories]]
name = "FreeBSD-SA-05:07.ldt"
date = "2005-05-06"
[[advisories]]
name = "FreeBSD-SA-05:06.iir"
date = "2005-05-06"
[[advisories]]
name = "FreeBSD-SA-05:05.cvs"
date = "2005-04-22"
[[advisories]]
name = "FreeBSD-SA-05:04.ifconf"
date = "2005-04-15"
[[advisories]]
name = "FreeBSD-SA-05:03.amd64"
date = "2005-04-06"
[[advisories]]
name = "FreeBSD-SA-05:02.sendfile"
date = "2005-04-04"
[[advisories]]
name = "FreeBSD-SA-05:01.telnet"
date = "2005-03-28"
[[advisories]]
name = "FreeBSD-SA-04:17.procfs"
date = "2004-12-01"
[[advisories]]
name = "FreeBSD-SA-04:16.fetch"
date = "2004-11-18"
[[advisories]]
name = "FreeBSD-SA-04:15.syscons"
date = "2004-10-04"
[[advisories]]
name = "FreeBSD-SA-04:14.cvs"
date = "2004-09-19"
[[advisories]]
name = "FreeBSD-SA-04:13.linux"
date = "2004-06-30"
[[advisories]]
name = "FreeBSD-SA-04:12.jailroute"
date = "2004-06-07"
[[advisories]]
name = "FreeBSD-SA-04:11.msync"
date = "2004-05-19"
[[advisories]]
name = "FreeBSD-SA-04:10.cvs"
date = "2004-05-19"
[[advisories]]
name = "FreeBSD-SA-04:09.kadmind"
date = "2004-05-05"
[[advisories]]
name = "FreeBSD-SA-04:08.heimdal"
date = "2004-05-05"
[[advisories]]
name = "FreeBSD-SA-04:07.cvs"
date = "2004-04-15"
[[advisories]]
name = "FreeBSD-SA-04:06.ipv6"
date = "2004-03-29"
[[advisories]]
name = "FreeBSD-SA-04:05.openssl"
date = "2004-03-17"
[[advisories]]
name = "FreeBSD-SA-04:04.tcp"
date = "2004-03-02"
[[advisories]]
name = "FreeBSD-SA-04:03.jail"
date = "2004-02-25"
[[advisories]]
name = "FreeBSD-SA-04:02.shmat"
date = "2004-02-05"
[[advisories]]
name = "FreeBSD-SA-04:01.mksnap_ffs"
date = "2004-01-30"
[[advisories]]
name = "FreeBSD-SA-03:19.bind"
date = "2003-11-28"
[[advisories]]
name = "FreeBSD-SA-03:15.openssh"
date = "2003-10-05"
[[advisories]]
name = "FreeBSD-SA-03:18.openssl"
date = "2003-10-03"
[[advisories]]
name = "FreeBSD-SA-03:17.procfs"
date = "2003-10-03"
[[advisories]]
name = "FreeBSD-SA-03:16.filedesc"
date = "2003-10-02"
[[advisories]]
name = "FreeBSD-SA-03:14.arp"
date = "2003-09-23"
[[advisories]]
name = "FreeBSD-SA-03:13.sendmail"
date = "2003-09-17"
[[advisories]]
name = "FreeBSD-SA-03:12.openssh"
date = "2003-09-16"
[[advisories]]
name = "FreeBSD-SA-03:11.sendmail"
date = "2003-08-26"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1170"
[[advisories]]
name = "FreeBSD-SA-03:10.ibcs2"
date = "2003-08-10"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1164"
[[advisories]]
name = "FreeBSD-SA-03:09.signal"
date = "2003-08-10"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1163"
[[advisories]]
name = "FreeBSD-SA-03:08.realpath"
date = "2003-08-03"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1158"
[[advisories]]
name = "FreeBSD-SN-03:02"
date = "2003-04-08"
[[advisories]]
name = "FreeBSD-SN-03:01"
date = "2003-04-07"
[[advisories]]
name = "FreeBSD-SA-03:07.sendmail"
date = "2003-03-30"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1122"
[[advisories]]
name = "FreeBSD-SA-03:06.openssl"
date = "2003-03-21"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1118"
[[advisories]]
name = "FreeBSD-SA-03:05.xdr"
date = "2003-03-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1117"
[[advisories]]
name = "FreeBSD-SA-03:04.sendmail"
date = "2003-03-03"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1112"
[[advisories]]
name = "FreeBSD-SA-03:03.syncookies"
date = "2003-02-24"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1106"
[[advisories]]
name = "FreeBSD-SA-03:02.openssl"
date = "2003-02-24"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1105"
[[advisories]]
name = "FreeBSD-SA-03:01.cvs"
date = "2003-02-04"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1100"
[[advisories]]
name = "FreeBSD-SA-02:44.filedesc"
date = "2003-01-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1090"
[[advisories]]
name = "FreeBSD-SA-02:43.bind"
date = "2002-11-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1084"
[[advisories]]
name = "FreeBSD-SA-02:41.smrsh"
date = "2002-11-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1082"
[[advisories]]
name = "FreeBSD-SA-02:42.resolv"
date = "2002-11-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1083"
[[advisories]]
name = "FreeBSD-SA-02:40.kadmind"
date = "2002-11-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1081"
[[advisories]]
name = "FreeBSD-SN-02:06"
date = "2002-10-10"
[[advisories]]
name = "FreeBSD-SA-02:39.libkvm"
date = "2002-09-16"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1051"
[[advisories]]
name = "FreeBSD-SN-02:05"
date = "2002-08-28"
[[advisories]]
name = "FreeBSD-SA-02:38.signed-error"
date = "2002-08-19"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1041"
[[advisories]]
name = "FreeBSD-SA-02:37.kqueue"
date = "2002-08-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1033"
[[advisories]]
name = "FreeBSD-SA-02:36.nfs"
date = "2002-08-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1032"
[[advisories]]
name = "FreeBSD-SA-02:35.ffs"
date = "2002-08-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1031"
[[advisories]]
name = "FreeBSD-SA-02:33.openssl"
date = "2002-08-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1023"
[[advisories]]
name = "FreeBSD-SA-02:34.rpc"
date = "2002-08-01"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1024"
[[advisories]]
name = "FreeBSD-SA-02:32.pppd"
date = "2002-07-31"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1022"
[[advisories]]
name = "FreeBSD-SA-02:31.openssh"
date = "2002-07-15"
[[advisories]]
name = "FreeBSD-SA-02:30.ktrace"
date = "2002-07-12"
[[advisories]]
name = "FreeBSD-SA-02:29.tcpdump"
date = "2002-07-12"
[[advisories]]
name = "FreeBSD-SA-02:28.resolv"
date = "2002-06-26"
[[advisories]]
name = "FreeBSD-SN-02:04"
date = "2002-06-19"
[[advisories]]
name = "FreeBSD-SA-02:27.rc"
date = "2002-05-29"
[[advisories]]
name = "FreeBSD-SA-02:26.accept"
date = "2002-05-29"
[[advisories]]
name = "FreeBSD-SN-02:03"
date = "2002-05-28"
[[advisories]]
name = "FreeBSD-SA-02:25.bzip2"
date = "2002-05-20"
[[advisories]]
name = "FreeBSD-SA-02:24.k5su"
date = "2002-05-20"
[[advisories]]
name = "FreeBSD-SN-02:02"
date = "2002-05-13"
[[advisories]]
name = "FreeBSD-SA-02:23.stdio"
date = "2002-04-22"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1021"
[[advisories]]
name = "FreeBSD-SA-02:22.mmap"
date = "2002-04-18"
[[advisories]]
name = "FreeBSD-SA-02:21.tcpip"
date = "2002-04-17"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/980"
[[advisories]]
name = "FreeBSD-SA-02:20.syncache"
date = "2002-04-16"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/979"
[[advisories]]
name = "FreeBSD-SN-02:01"
date = "2002-03-30"
[[advisories]]
name = "FreeBSD-SA-02:19.squid"
date = "2002-03-26"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/960"
[[advisories]]
name = "FreeBSD-SA-02:18.zlib"
date = "2002-03-18"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/978"
[[advisories]]
name = "FreeBSD-SA-02:17.mod_frontpage"
date = "2002-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/954"
[[advisories]]
name = "FreeBSD-SA-02:16.netscape"
date = "2002-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/953"
[[advisories]]
name = "FreeBSD-SA-02:15.cyrus-sasl"
date = "2002-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/952"
[[advisories]]
name = "FreeBSD-SA-02:14.pam-pgsql"
date = "2002-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/951"
[[advisories]]
name = "FreeBSD-SA-02:13.openssh"
date = "2002-03-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/945"
[[advisories]]
name = "FreeBSD-SA-02:12.squid"
date = "2002-02-21"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/938"
[[advisories]]
name = "FreeBSD-SA-02:11.snmp"
date = "2002-02-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/936"
[[advisories]]
name = "FreeBSD-SA-02:10.rsync"
date = "2002-02-06"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/928"
[[advisories]]
name = "FreeBSD-SA-02:09.fstatfs"
date = "2002-02-06"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/927"
[[advisories]]
name = "FreeBSD-SA-02:08.exec"
date = "2002-01-24"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/923"
[[advisories]]
name = "FreeBSD-SA-02:07.k5su"
date = "2002-01-18"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/912"
[[advisories]]
name = "FreeBSD-SA-02:06.sudo"
date = "2002-01-16"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/909"
[[advisories]]
name = "FreeBSD-SA-02:05.pine"
date = "2002-01-04"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/894"
[[advisories]]
name = "FreeBSD-SA-02:04.mutt"
date = "2002-01-04"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/893"
[[advisories]]
name = "FreeBSD-SA-02:03.mod_auth_pgsql"
date = "2002-01-04"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/892"
[[advisories]]
name = "FreeBSD-SA-02:02.pw"
date = "2002-01-04"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/891"
[[advisories]]
name = "FreeBSD-SA-02:01.pkg_add"
date = "2002-01-04"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/898"
[[advisories]]
name = "FreeBSD-SA-01:64.wu-ftpd"
date = "2001-12-04"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/870"
[[advisories]]
name = "FreeBSD-SA-01:63.openssh"
date = "2001-12-02"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/871"
[[advisories]]
name = "FreeBSD-SA-01:62.uucp"
date = "2001-10-08"
[[advisories]]
name = "FreeBSD-SA-01:61.squid"
date = "2001-10-08"
[[advisories]]
name = "FreeBSD-SA-01:60.procmail"
date = "2001-09-24"
[[advisories]]
name = "FreeBSD-SA-01:59.rmuser"
date = "2001-09-04"
[[advisories]]
name = "FreeBSD-SA-01:58.lpd"
date = "2001-08-30"
[[advisories]]
name = "FreeBSD-SA-01:57.sendmail"
date = "2001-08-27"
[[advisories]]
name = "FreeBSD-SA-01:56.tcp_wrappers"
date = "2001-08-23"
[[advisories]]
name = "FreeBSD-SA-01:55.procfs"
date = "2001-08-21"
[[advisories]]
name = "FreeBSD-SA-01:54.ports-telnetd"
date = "2001-08-20"
[[advisories]]
name = "FreeBSD-SA-01:53.ipfw"
date = "2001-08-17"
[[advisories]]
name = "FreeBSD-SA-01:52.fragment"
date = "2001-08-06"
[[advisories]]
name = "FreeBSD-SA-01:51.openssl"
date = "2001-07-30"
[[advisories]]
name = "FreeBSD-SA-01:50.windowmaker"
date = "2001-07-27"
[[advisories]]
name = "FreeBSD-SA-01:49.telnetd"
date = "2001-07-23"
[[advisories]]
name = "FreeBSD-SA-01:48.tcpdump"
date = "2001-07-17"
[[advisories]]
name = "FreeBSD-SA-01:47.xinetd"
date = "2001-07-10"
[[advisories]]
name = "FreeBSD-SA-01:46.w3m"
date = "2001-07-10"
[[advisories]]
name = "FreeBSD-SA-01:45.samba"
date = "2001-07-10"
[[advisories]]
name = "FreeBSD-SA-01:44.gnupg"
date = "2001-07-10"
[[advisories]]
name = "FreeBSD-SA-01:43.fetchmail"
date = "2001-07-10"
[[advisories]]
name = "FreeBSD-SA-01:42.signal"
date = "2001-07-10"
[[advisories]]
name = "FreeBSD-SA-01:41.hanterm"
date = "2001-07-09"
[[advisories]]
name = "FreeBSD-SA-01:40.fts"
date = "2001-06-04"
[[advisories]]
name = "FreeBSD-SA-01:39.tcp-isn"
date = "2001-05-02"
[[advisories]]
name = "FreeBSD-SA-01:38.sudo"
date = "2001-04-23"
[[advisories]]
name = "FreeBSD-SA-01:37.slrn"
date = "2001-04-23"
[[advisories]]
name = "FreeBSD-SA-01:36.samba"
date = "2001-04-23"
[[advisories]]
name = "FreeBSD-SA-01:35.licq"
date = "2001-04-23"
[[advisories]]
name = "FreeBSD-SA-01:34.hylafax"
date = "2001-04-23"
[[advisories]]
name = "FreeBSD-SA-01:33.ftpd-glob"
date = "2001-04-17"
[[advisories]]
name = "FreeBSD-SA-01:32.ipfilter"
date = "2001-04-16"
[[advisories]]
name = "FreeBSD-SA-01:31.ntpd"
date = "2001-04-06"
[[advisories]]
name = "FreeBSD-SA-01:30.ufs-ext2fs"
date = "2001-03-22"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/738"
[[advisories]]
name = "FreeBSD-SA-01:29.rwhod"
date = "2001-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/732"
[[advisories]]
name = "FreeBSD-SA-01:28.timed"
date = "2001-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/731"
[[advisories]]
name = "FreeBSD-SA-01:27.cfengine"
date = "2001-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/730"
[[advisories]]
name = "FreeBSD-SA-01:26.interbase"
date = "2001-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/729"
[[advisories]]
name = "FreeBSD-SA-01:23.icecast"
date = "2001-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/728"
[[advisories]]
name = "FreeBSD-SA-01:25.kerberosIV"
date = "2001-02-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/716"
[[advisories]]
name = "FreeBSD-SA-01:24.ssh"
date = "2001-02-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/715"
[[advisories]]
name = "FreeBSD-SA-01:22.dc20ctrl"
date = "2001-02-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/714"
[[advisories]]
name = "FreeBSD-SA-01:21.ja-elvis"
date = "2001-02-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/713"
[[advisories]]
name = "FreeBSD-SA-01:20.mars_nwe"
date = "2001-02-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/712"
[[advisories]]
name = "FreeBSD-SA-01:19.ja-klock"
date = "2001-02-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/707"
[[advisories]]
name = "FreeBSD-SA-01:18.bind"
date = "2001-01-31"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/706"
[[advisories]]
name = "FreeBSD-SA-01:17.exmh"
date = "2001-01-29"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/705"
[[advisories]]
name = "FreeBSD-SA-01:16.mysql"
date = "2001-01-29"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/704"
[[advisories]]
name = "FreeBSD-SA-01:15.tinyproxy"
date = "2001-01-29"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/703"
[[advisories]]
name = "FreeBSD-SA-01:14.micq"
date = "2001-01-29"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/702"
[[advisories]]
name = "FreeBSD-SA-01:13.sort"
date = "2001-01-29"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/701"
[[advisories]]
name = "FreeBSD-SA-01:12.periodic"
date = "2001-01-29"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/700"
[[advisories]]
name = "FreeBSD-SA-01:11.inetd"
date = "2001-01-29"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/699"
[[advisories]]
name = "FreeBSD-SA-01:10.bind"
date = "2001-01-23"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/698"
[[advisories]]
name = "FreeBSD-SA-01:09.crontab"
date = "2001-01-23"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/697"
[[advisories]]
name = "FreeBSD-SA-01:08.ipfw"
date = "2001-01-23"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/696"
[[advisories]]
name = "FreeBSD-SA-01:07.xfree86"
date = "2001-01-23"
[[advisories]]
name = "FreeBSD-SA-01:06.zope"
date = "2001-01-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/669"
[[advisories]]
name = "FreeBSD-SA-01:05.stunnel"
date = "2001-01-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/668"
[[advisories]]
name = "FreeBSD-SA-01:04.joe"
date = "2001-01-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/667"
[[advisories]]
name = "FreeBSD-SA-01:03.bash1"
date = "2001-01-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/666"
[[advisories]]
name = "FreeBSD-SA-01:02.syslog-ng"
date = "2001-01-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/665"
[[advisories]]
name = "FreeBSD-SA-01:01.openssh"
date = "2001-01-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/664"
[[advisories]]
name = "FreeBSD-SA-00:81.ethereal"
date = "2000-12-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/651"
[[advisories]]
name = "FreeBSD-SA-00:80.halflifeserver"
date = "2000-12-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/650"
[[advisories]]
name = "FreeBSD-SA-00:79.oops"
date = "2000-12-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/649"
[[advisories]]
name = "FreeBSD-SA-00:78.bitchx"
date = "2000-12-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/648"
[[advisories]]
name = "FreeBSD-SA-00:77.procfs"
date = "2000-12-18"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/647"
[[advisories]]
name = "FreeBSD-SA-00:76.tcsh-csh"
date = "2000-11-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/628"
[[advisories]]
name = "FreeBSD-SA-00:75.php"
date = "2000-11-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/627"
[[advisories]]
name = "FreeBSD-SA-00:74.gaim"
date = "2000-11-20"
[[advisories]]
name = "FreeBSD-SA-00:73.thttpd"
date = "2000-11-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/626"
[[advisories]]
name = "FreeBSD-SA-00:72.curl"
date = "2000-11-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/625"
[[advisories]]
name = "FreeBSD-SA-00:71.mgetty"
date = "2000-11-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/624"
[[advisories]]
name = "FreeBSD-SA-00:70.ppp-nat"
date = "2000-11-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/623"
[[advisories]]
name = "FreeBSD-SA-00:69.telnetd"
date = "2000-11-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/622"
[[advisories]]
name = "FreeBSD-SA-00:68.ncurses"
date = "2000-11-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/621"
[[advisories]]
name = "FreeBSD-SA-00:67.gnupg"
date = "2000-11-10"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/620"
[[advisories]]
name = "FreeBSD-SA-00:66.netscape"
date = "2000-11-06"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/619"
[[advisories]]
name = "FreeBSD-SA-00:65.xfce"
date = "2000-11-06"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/618"
[[advisories]]
name = "FreeBSD-SA-00:64.global"
date = "2000-11-06"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/617"
[[advisories]]
name = "FreeBSD-SA-00:63.getnameinfo"
date = "2000-11-01"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/589"
[[advisories]]
name = "FreeBSD-SA-00:62.top"
date = "2000-11-01"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/616"
[[advisories]]
name = "FreeBSD-SA-00:61.tcpdump"
date = "2000-10-31"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/615"
[[advisories]]
name = "FreeBSD-SA-00:60.boa"
date = "2000-10-30"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/586"
[[advisories]]
name = "FreeBSD-SA-00:59.pine"
date = "2000-10-30"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/585"
[[advisories]]
name = "FreeBSD-SA-00:58.chpass"
date = "2000-10-30"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/584"
[[advisories]]
name = "FreeBSD-SA-00:57.muh"
date = "2000-10-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/570"
[[advisories]]
name = "FreeBSD-SA-00:56.lprng"
date = "2000-10-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/569"
[[advisories]]
name = "FreeBSD-SA-00:55.xpdf"
date = "2000-10-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/568"
[[advisories]]
name = "FreeBSD-SA-00:54.fingerd"
date = "2000-10-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/567"
[[advisories]]
name = "FreeBSD-SA-00:52.tcp-iss"
date = "2000-10-06"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/561"
[[advisories]]
name = "FreeBSD-SA-00:53.catopen"
date = "2000-09-27"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/562"
[[advisories]]
name = "FreeBSD-SA-00:51.mailman"
date = "2000-09-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/550"
[[advisories]]
name = "FreeBSD-SA-00:50.listmanager"
date = "2000-09-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/549"
[[advisories]]
name = "FreeBSD-SA-00:49.eject"
date = "2000-09-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/548"
[[advisories]]
name = "FreeBSD-SA-00:48.xchat"
date = "2000-09-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/547"
[[advisories]]
name = "FreeBSD-SA-00:47.pine"
date = "2000-09-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/546"
[[advisories]]
name = "FreeBSD-SA-00:46.screen"
date = "2000-09-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/545"
[[advisories]]
name = "FreeBSD-SA-00:45.esound"
date = "2000-08-31"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/526"
[[advisories]]
name = "FreeBSD-SA-00:44.xlock"
date = "2000-08-28"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/523"
[[advisories]]
name = "FreeBSD-SA-00:43.brouted"
date = "2000-08-28"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/520"
[[advisories]]
name = "FreeBSD-SA-00:42.linux"
date = "2000-08-28"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/530"
[[advisories]]
name = "FreeBSD-SA-00:41.elf"
date = "2000-08-28"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/527"
[[advisories]]
name = "FreeBSD-SA-00:40.mopd"
date = "2000-08-28"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/521"
[[advisories]]
name = "FreeBSD-SA-00:39.netscape"
date = "2000-08-28"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/528"
[[advisories]]
name = "FreeBSD-SA-00:38.zope"
date = "2000-08-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/525"
[[advisories]]
name = "FreeBSD-SA-00:37.cvsweb"
date = "2000-08-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/524"
[[advisories]]
name = "FreeBSD-SA-00:36.ntop"
date = "2000-08-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/531"
[[advisories]]
name = "FreeBSD-SA-00:35.proftpd"
date = "2000-08-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/522"
[[advisories]]
name = "FreeBSD-SA-00:34.dhclient"
date = "2000-08-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/529"
[[advisories]]
name = "FreeBSD-SA-00:33.kerberosIV"
date = "2000-07-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/488"
[[advisories]]
name = "FreeBSD-SA-00:32.bitchx"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/487"
[[advisories]]
name = "FreeBSD-SA-00:31.canna"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/486"
[[advisories]]
name = "FreeBSD-SA-00:30.openssh"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/485"
[[advisories]]
name = "FreeBSD-SA-00:29.wu-ftpd"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/489"
[[advisories]]
name = "FreeBSD-SA-00:28.majordomo"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/484"
[[advisories]]
name = "FreeBSD-SA-00:27.XFree86-4"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/483"
[[advisories]]
name = "FreeBSD-SA-00:26.popper"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/482"
[[advisories]]
name = "FreeBSD-SA-00:24.libedit"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/481"
[[advisories]]
name = "FreeBSD-SA-00:23.ip-options"
date = "2000-06-19"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/480"
[[advisories]]
name = "FreeBSD-SA-00:25.alpha-random"
date = "2000-06-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/473"
[[advisories]]
name = "FreeBSD-SA-00:22.apsfilter"
date = "2000-06-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/461"
[[advisories]]
name = "FreeBSD-SA-00:21.ssh"
date = "2000-06-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/459"
[[advisories]]
name = "FreeBSD-SA-00:20.krb5"
date = "2000-05-26"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/452"
[[advisories]]
name = "FreeBSD-SA-00:19.semconfig"
date = "2000-05-23"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/451"
[[advisories]]
name = "FreeBSD-SA-00:18.gnapster.knapster"
date = "2000-05-09"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/429"
[[advisories]]
name = "FreeBSD-SA-00:17.libmytinfo"
date = "2000-05-09"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/442"
[[advisories]]
name = "FreeBSD-SA-00:16.golddig"
date = "2000-05-09"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/439"
[[advisories]]
name = "FreeBSD-SA-00:15.imap-uw"
date = "2000-04-24"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/438"
[[advisories]]
name = "FreeBSD-SA-00:14.imap-uw"
date = "2000-04-24"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/441"
[[advisories]]
name = "FreeBSD-SA-00:13.generic-nqs"
date = "2000-04-19"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/437"
[[advisories]]
name = "FreeBSD-SA-00:12.healthd"
date = "2000-04-10"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/436"
[[advisories]]
name = "FreeBSD-SA-00:11.ircii"
date = "2000-04-10"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/440"
[[advisories]]
name = "FreeBSD-SA-00:10.orville-write"
date = "2000-03-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/408"
[[advisories]]
name = "FreeBSD-SA-00:09.mtr"
date = "2000-03-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/408"
[[advisories]]
name = "FreeBSD-SA-00:08.lynx"
date = "2000-03-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/407"
[[advisories]]
name = "FreeBSD-SA-00:07.mh"
date = "2000-03-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/411"
[[advisories]]
name = "FreeBSD-SA-00:06.htdig"
date = "2000-03-01"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/403"
[[advisories]]
name = "FreeBSD-SA-00:05.mysql"
date = "2000-02-28"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/402"
[[advisories]]
name = "FreeBSD-SA-00:04.delegate"
date = "2000-02-19"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/392"
[[advisories]]
name = "FreeBSD-SA-00:03.asmon"
date = "2000-02-19"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/391"
[[advisories]]
name = "FreeBSD-SA-00:02.procfs"
date = "2000-01-24"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/380"
[[advisories]]
name = "FreeBSD-SA-00:01.make"
date = "2000-01-19"
[[advisories]]
name = "FreeBSD-SA-99:06.amd"
date = "1999-09-16"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/318"
[[advisories]]
name = "FreeBSD-SA-99:05.fts"
date = "1999-09-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/313"
[[advisories]]
name = "FreeBSD-SA-99:04.core"
date = "1999-09-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/312"
[[advisories]]
name = "FreeBSD-SA-99:03.ftpd"
date = "1999-09-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/311"
[[advisories]]
name = "FreeBSD-SA-99:02.profil"
date = "1999-09-04"
[[advisories]]
name = "FreeBSD-SA-99:01.chflags"
date = "1999-09-04"
[[advisories]]
name = "FreeBSD-SA-98:08.fragment"
date = "1998-11-04"
[[advisories]]
name = "FreeBSD-SA-98:07.rst"
date = "1998-10-13"
[[advisories]]
name = "FreeBSD-SA-98:06.icmp"
date = "1998-06-10"
[[advisories]]
name = "FreeBSD-SA-98:05.nfs"
date = "1998-06-04"
[[advisories]]
name = "FreeBSD-SA-98:04.mmap"
date = "1998-06-02"
[[advisories]]
name = "FreeBSD-SA-98:03.ttcp"
date = "1998-05-14"
[[advisories]]
name = "FreeBSD-SA-98:02.mmap"
date = "1998-03-12"
[[advisories]]
name = "FreeBSD-SA-97:06.f00f"
date = "1997-12-09"
[[advisories]]
name = "FreeBSD-SA-98:01.land"
date = "1997-12-01"
[[advisories]]
name = "FreeBSD-SA-97:05.open"
date = "1997-10-29"
[[advisories]]
name = "FreeBSD-SA-97:04.procfs"
date = "1997-08-19"
[[advisories]]
name = "FreeBSD-SA-97:03.sysinstall"
date = "1997-04-07"
[[advisories]]
name = "FreeBSD-SA-97:02.lpd"
date = "1997-03-26"
[[advisories]]
name = "FreeBSD-SA-97:01.setlocale"
date = "1997-02-05"
[[advisories]]
name = "FreeBSD-SA-96:21.talkd"
date = "1997-01-18"
[[advisories]]
name = "FreeBSD-SA-96:20.stack-overflow"
date = "1996-12-16"
[[advisories]]
name = "FreeBSD-SA-96:19.modstat"
date = "1996-12-10"
[[advisories]]
name = "FreeBSD-SA-96:18.lpr"
date = "1996-11-25"
[[advisories]]
name = "FreeBSD-SA-96:17.rzsz"
date = "1996-07-16"
[[advisories]]
name = "FreeBSD-SA-96:16.rdist"
date = "1996-07-12"
[[advisories]]
name = "FreeBSD-SA-96:15.ppp"
date = "1996-07-04"
[[advisories]]
name = "FreeBSD-SA-96:12.perl"
date = "1996-06-28"
[[advisories]]
name = "FreeBSD-SA-96:14.ipfw"
date = "1996-06-24"
[[advisories]]
name = "FreeBSD-SA-96:13.comsat"
date = "1996-06-05"
[[advisories]]
name = "FreeBSD-SA-96:11.man"
date = "1996-05-21"
[[advisories]]
name = "FreeBSD-SA-96:10.mount_union"
date = "1996-05-17"
[[advisories]]
name = "FreeBSD-SA-96:09.vfsload"
date = "1996-05-17"
[[advisories]]
name = "FreeBSD-SA-96:02.apache"
date = "1996-04-22"
[[advisories]]
name = "FreeBSD-SA-96:08.syslog"
date = "1996-04-21"
[[advisories]]
name = "FreeBSD-SA-96:01.sliplogin"
date = "1996-04-21"
[[advisories]]
name = "FreeBSD-SA-96:03.sendmail-suggestion"
date = "1996-04-20"
diff --git a/website/data/security/errata.toml b/website/data/security/errata.toml
index 885339ab1d..47a42d0b59 100644
--- a/website/data/security/errata.toml
+++ b/website/data/security/errata.toml
@@ -1,971 +1,975 @@
# Sort errata notices by year, month and day
# $FreeBSD$
+[[notices]]
+name = "FreeBSD-EN-24:14.ifconfig"
+date = "2024-08-07"
+
[[notices]]
name = "FreeBSD-EN-24:13.libc++"
date = "2024-06-19"
[[notices]]
name = "FreeBSD-EN-24:12.killpg"
date = "2024-06-19"
[[notices]]
name = "FreeBSD-EN-24:11.ldns"
date = "2024-06-19"
[[notices]]
name = "FreeBSD-EN-24:10.zfs"
date = "2024-06-19"
[[notices]]
name = "FreeBSD-EN-24:09.zfs"
date = "2024-04-24"
[[notices]]
name = "FreeBSD-EN-24:08.kerberos"
date = "2024-03-28"
[[notices]]
name = "FreeBSD-EN-24:07.clang"
date = "2024-03-28"
[[notices]]
name = "FreeBSD-EN-24:06.wireguard"
date = "2024-03-28"
[[notices]]
name = "FreeBSD-EN-24:05.tty"
date = "2024-03-28"
[[notices]]
name = "FreeBSD-EN-24:04.ip"
date = "2024-02-14"
[[notices]]
name = "FreeBSD-EN-24:03.kqueue"
date = "2024-02-14"
[[notices]]
name = "FreeBSD-EN-24:02.libutil"
date = "2024-02-14"
[[notices]]
name = "FreeBSD-EN-24:01.tzdata"
date = "2024-02-14"
[[notices]]
name = "FreeBSD-EN-23:22.vfs"
date = "2023-12-05"
[[notices]]
name = "FreeBSD-EN-23:21.tty"
date = "2023-12-05"
[[notices]]
name = "FreeBSD-EN-23:20.vm"
date = "2023-12-05"
[[notices]]
name = "FreeBSD-EN-23:19.pkgbase"
date = "2023-12-05"
[[notices]]
name = "FreeBSD-EN-23:18.openzfs"
date = "2023-12-05"
[[notices]]
name = "FreeBSD-EN-23:17.ossl"
date = "2023-12-05"
[[notices]]
name = "FreeBSD-EN-23:16.openzfs"
date = "2023-12-01"
[[notices]]
name = "FreeBSD-EN-23:15.sanitizer"
date = "2023-12-01"
[[notices]]
name = "FreeBSD-EN-23:14.regcomp"
date = "2023-11-08"
[[notices]]
name = "FreeBSD-EN-23:13.freebsd-update"
date = "2023-11-08"
[[notices]]
name = "FreeBSD-EN-23:12.freebsd-update"
date = "2023-10-03"
[[notices]]
name = "FreeBSD-EN-23:11.caroot"
date = "2023-09-06"
[[notices]]
name = "FreeBSD-EN-23:10.pci"
date = "2023-09-06"
[[notices]]
name = "FreeBSD-EN-23:09.freebsd-update"
date = "2023-09-06"
[[notices]]
name = "FreeBSD-EN-23:08.vnet"
date = "2023-08-01"
[[notices]]
name = "FreeBSD-EN-23:07.mpr"
date = "2023-06-21"
[[notices]]
name = "FreeBSD-EN-23:06.loader"
date = "2023-06-21"
[[notices]]
name = "FreeBSD-EN-23:05.tzdata"
date = "2023-06-21"
[[notices]]
name = "FreeBSD-EN-23:04.ixgbe"
date = "2023-02-08"
[[notices]]
name = "FreeBSD-EN-23:03.ena"
date = "2023-02-08"
[[notices]]
name = "FreeBSD-EN-23:02.sdhci"
date = "2023-02-08"
[[notices]]
name = "FreeBSD-EN-23:01.tzdata"
date = "2023-02-08"
[[notices]]
name = "FreeBSD-EN-22:28.heimdal"
date = "2022-11-29"
[[notices]]
name = "FreeBSD-EN-22:27.loader"
date = "2022-11-01"
[[notices]]
name = "FreeBSD-EN-22:26.cam"
date = "2022-11-01"
[[notices]]
name = "FreeBSD-EN-22:25.tcp"
date = "2022-11-01"
[[notices]]
name = "FreeBSD-EN-22:24.zfs"
date = "2022-11-01"
[[notices]]
name = "FreeBSD-EN-22:23.vm"
date = "2022-11-01"
[[notices]]
name = "FreeBSD-EN-22:22.tzdata"
date = "2022-11-01"
[[notices]]
name = "FreeBSD-EN-22:21.zfs"
date = "2022-11-01"
[[notices]]
name = "FreeBSD-EN-22:20.tzdata"
date = "2022-08-30"
[[notices]]
name = "FreeBSD-EN-22:19.pam_exec"
date = "2022-08-09"
[[notices]]
name = "FreeBSD-EN-22:18.wifi"
date = "2022-08-09"
[[notices]]
name = "FreeBSD-EN-22:17.cam"
date = "2022-08-09"
[[notices]]
name = "FreeBSD-EN-22:16.kqueue"
date = "2022-08-09"
[[notices]]
name = "FreeBSD-EN-22:15.pf"
date = "2022-04-06"
[[notices]]
name = "FreeBSD-EN-22:14.tzdata"
date = "2022-03-22"
[[notices]]
name = "FreeBSD-EN-22:13.zfs"
date = "2022-03-21"
[[notices]]
name = "FreeBSD-EN-22:12.zfs"
date = "2022-03-15"
[[notices]]
name = "FreeBSD-EN-22:11.zfs"
date = "2022-03-15"
[[notices]]
name = "FreeBSD-EN-22:10.zfs"
date = "2022-03-15"
[[notices]]
name = "FreeBSD-EN-22:09.freebsd-update"
date = "2022-03-15"
[[notices]]
name = "FreeBSD-EN-22:08.i386"
date = "2022-02-01"
[[notices]]
name = "FreeBSD-EN-22:07.la57"
date = "2022-02-01"
[[notices]]
name = "FreeBSD-EN-22:06.libalias"
date = "2022-01-11"
[[notices]]
name = "FreeBSD-EN-22:05.tail"
date = "2022-01-11"
[[notices]]
name = "FreeBSD-EN-22:04.pcid"
date = "2022-01-11"
[[notices]]
name = "FreeBSD-EN-22:03.hyperv"
date = "2022-01-11"
[[notices]]
name = "FreeBSD-EN-22:02.xsave"
date = "2022-01-11"
[[notices]]
name = "FreeBSD-EN-22:01.fsck_ffs"
date = "2022-01-11"
[[notices]]
name = "FreeBSD-EN-21:29.tzdata"
date = "2021-11-03"
[[notices]]
name = "FreeBSD-EN-21:28.vmci"
date = "2021-11-03"
[[notices]]
name = "FreeBSD-EN-21:27.caroot"
date = "2021-11-03"
[[notices]]
name = "FreeBSD-EN-21:26.libevent"
date = "2021-11-03"
[[notices]]
name = "FreeBSD-EN-21:25.bhyve"
date = "2021-08-24"
[[notices]]
name = "FreeBSD-EN-21:24.libcrypto"
date = "2021-08-24"
[[notices]]
name = "FreeBSD-EN-21:23.virtio_blk"
date = "2021-08-24"
[[notices]]
name = "FreeBSD-EN-21:22.linux_futex"
date = "2021-06-29"
[[notices]]
name = "FreeBSD-EN-21:21.ipfw"
date = "2021-06-29"
[[notices]]
name = "FreeBSD-EN-21:20.vlan"
date = "2021-06-29"
[[notices]]
name = "FreeBSD-EN-21:19.libcasper"
date = "2021-06-29"
[[notices]]
name = "FreeBSD-EN-21:18.libc++"
date = "2021-06-29"
[[notices]]
name = "FreeBSD-EN-21:17.libradius"
date = "2021-06-01"
[[notices]]
name = "FreeBSD-EN-21:16.bc"
date = "2021-05-26"
[[notices]]
name = "FreeBSD-EN-21:15.virtio"
date = "2021-05-26"
[[notices]]
name = "FreeBSD-EN-21:14.pms"
date = "2021-05-26"
[[notices]]
name = "FreeBSD-EN-21:13.mpt"
date = "2021-05-26"
[[notices]]
name = "FreeBSD-EN-21:12.divert"
date = "2021-05-26"
[[notices]]
name = "FreeBSD-EN-21:11.aesni"
date = "2021-05-26"
[[notices]]
name = "FreeBSD-EN-21:10.lldb"
date = "2021-04-06"
[[notices]]
name = "FreeBSD-EN-21:09.pf"
date = "2021-04-06"
[[notices]]
name = "FreeBSD-EN-21:08.freebsd-update"
date = "2021-02-24"
[[notices]]
name = "FreeBSD-EN-21:07.caroot"
date = "2021-02-24"
[[notices]]
name = "FreeBSD-EN-21:06.microcode"
date = "2021-02-24"
[[notices]]
name = "FreeBSD-EN-21:05.libatomic"
date = "2021-01-29"
[[notices]]
name = "FreeBSD-EN-21:04.zfs"
date = "2021-01-29"
[[notices]]
name = "FreeBSD-EN-21:03.vnet"
date = "2021-01-29"
[[notices]]
name = "FreeBSD-EN-21:02.extattr"
date = "2021-01-29"
[[notices]]
name = "FreeBSD-EN-21:01.tzdata"
date = "2021-01-29"
[[notices]]
name = "FreeBSD-EN-20:22.callout"
date = "2020-12-01"
[[notices]]
name = "FreeBSD-EN-20:21.ipfw"
date = "2020-12-01"
[[notices]]
name = "FreeBSD-EN-20:20.tzdata"
date = "2020-12-01"
[[notices]]
name = "FreeBSD-EN-20:19.audit"
date = "2020-12-01"
[[notices]]
name = "FreeBSD-EN-20:18.getfsstat"
date = "2020-09-02"
[[notices]]
name = "FreeBSD-EN-20:17.linuxthread"
date = "2020-09-02"
[[notices]]
name = "FreeBSD-EN-20:16.vmx"
date = "2020-08-05"
[[notices]]
name = "FreeBSD-EN-20:15.mps"
date = "2020-07-08"
[[notices]]
name = "FreeBSD-EN-20:14.linuxkpi"
date = "2020-07-08"
[[notices]]
name = "FreeBSD-EN-20:13.bhyve"
date = "2020-07-08"
[[notices]]
name = "FreeBSD-EN-20:12.iflib"
date = "2020-06-09"
[[notices]]
name = "FreeBSD-EN-20:11.ena"
date = "2020-06-09"
[[notices]]
name = "FreeBSD-EN-20:10.build"
date = "2020-05-12"
[[notices]]
name = "FreeBSD-EN-20:09.igb"
date = "2020-05-12"
[[notices]]
name = "FreeBSD-EN-20:08.tzdata"
date = "2020-05-12"
[[notices]]
name = "FreeBSD-EN-20:07.quotad"
date = "2020-04-21"
[[notices]]
name = "FreeBSD-EN-20:06.ipv6"
date = "2020-03-19"
[[notices]]
name = "FreeBSD-EN-20:05.mlx5en"
date = "2020-03-19"
[[notices]]
name = "FreeBSD-EN-20:04.pfctl"
date = "2020-03-19"
[[notices]]
name = "FreeBSD-EN-20:03.sshd"
date = "2020-03-19"
[[notices]]
name = "FreeBSD-EN-20:02.nmount"
date = "2020-01-28"
[[notices]]
name = "FreeBSD-EN-20:01.ssp"
date = "2020-01-28"
[[notices]]
name = "FreeBSD-EN-19:19.loader"
date = "2019-11-12"
[[notices]]
name = "FreeBSD-EN-19:18.tzdata"
date = "2019-10-23"
[[notices]]
name = "FreeBSD-EN-19:17.ipfw"
date = "2019-08-20"
[[notices]]
name = "FreeBSD-EN-19:16.bhyve"
date = "2019-08-20"
[[notices]]
name = "FreeBSD-EN-19:15.libunwind"
date = "2019-08-06"
[[notices]]
name = "FreeBSD-EN-19:14.epoch"
date = "2019-08-06"
[[notices]]
name = "FreeBSD-EN-19:13.mds"
date = "2019-07-24"
[[notices]]
name = "FreeBSD-EN-19:12.tzdata"
date = "2019-07-02"
[[notices]]
name = "FreeBSD-EN-19:11.net"
date = "2019-06-19"
[[notices]]
name = "FreeBSD-EN-19:10.scp"
date = "2019-05-14"
[[notices]]
name = "FreeBSD-EN-19:09.xinstall"
date = "2019-05-14"
[[notices]]
name = "FreeBSD-EN-19:08.tzdata"
date = "2019-05-14"
[[notices]]
name = "FreeBSD-EN-19:07.lle"
date = "2019-02-05"
[[notices]]
name = "FreeBSD-EN-19:06.dtrace"
date = "2019-02-05"
[[notices]]
name = "FreeBSD-EN-19:05.kqueue"
date = "2019-01-09"
[[notices]]
name = "FreeBSD-EN-19:04.tzdata"
date = "2019-01-09"
[[notices]]
name = "FreeBSD-EN-19:03.sqlite"
date = "2019-01-09"
[[notices]]
name = "FreeBSD-EN-19:02.tcp"
date = "2019-01-09"
[[notices]]
name = "FreeBSD-EN-19:01.cc_cubic"
date = "2019-01-09"
[[notices]]
name = "FreeBSD-EN-18:18.zfs"
date = "2018-12-19"
[[notices]]
name = "FreeBSD-EN-18:17.vm"
date = "2018-12-19"
[[notices]]
name = "FreeBSD-EN-18:16.ptrace"
date = "2018-12-19"
[[notices]]
name = "FreeBSD-EN-18:15.loader"
date = "2018-11-27"
[[notices]]
name = "FreeBSD-EN-18:14.tzdata"
date = "2018-11-27"
[[notices]]
name = "FreeBSD-EN-18:13.icmp"
date = "2018-11-27"
[[notices]]
name = "FreeBSD-EN-18:12.mem"
date = "2018-09-27"
[[notices]]
name = "FreeBSD-EN-18:11.listen"
date = "2018-09-27"
[[notices]]
name = "FreeBSD-EN-18:10.syscall"
date = "2018-09-27"
[[notices]]
name = "FreeBSD-EN-18:09.ip"
date = "2018-09-27"
[[notices]]
name = "FreeBSD-EN-18:08.lazyfpu"
date = "2018-09-12"
[[notices]]
name = "FreeBSD-EN-18:07.pmap"
date = "2018-06-21"
[[notices]]
name = "FreeBSD-EN-18:06.tzdata"
date = "2018-05-08"
[[notices]]
name = "FreeBSD-EN-18:05.mem"
date = "2018-05-08"
[[notices]]
name = "FreeBSD-EN-18:04.mem"
date = "2018-04-04"
[[notices]]
name = "FreeBSD-EN-18:03.tzdata"
date = "2018-04-04"
[[notices]]
name = "FreeBSD-EN-18:02.file"
date = "2018-03-07"
[[notices]]
name = "FreeBSD-EN-18:01.tzdata"
date = "2018-03-07"
[[notices]]
name = "FreeBSD-EN-17:09.tzdata"
date = "2017-11-02"
[[notices]]
name = "FreeBSD-EN-17:08.pf"
date = "2017-08-10"
[[notices]]
name = "FreeBSD-EN-17:07.vnet"
date = "2017-08-10"
[[notices]]
name = "FreeBSD-EN-17:06.hyperv"
date = "2017-07-12"
[[notices]]
name = "FreeBSD-EN-17:05.xen"
date = "2017-04-12"
[[notices]]
name = "FreeBSD-EN-17:04.mandoc"
date = "2017-02-23"
[[notices]]
name = "FreeBSD-EN-17:03.hyperv"
date = "2017-02-23"
[[notices]]
name = "FreeBSD-EN-17:02.yp"
date = "2017-02-23"
[[notices]]
name = "FreeBSD-EN-17:01.pcie"
date = "2017-02-23"
[[notices]]
name = "FreeBSD-EN-16:21.localedef"
date = "2016-12-06"
[[notices]]
name = "FreeBSD-EN-16:20.tzdata"
date = "2016-12-06"
[[notices]]
name = "FreeBSD-EN-16:19.tzcode"
date = "2016-12-06"
[[notices]]
name = "FreeBSD-EN-16:18.loader"
date = "2016-10-25"
[[notices]]
name = "FreeBSD-EN-16:17.vm"
date = "2016-10-25"
[[notices]]
name = "FreeBSD-EN-16:16.hv_storvsc"
date = "2016-08-12"
[[notices]]
name = "FreeBSD-EN-16:15.vmbus"
date = "2016-08-12"
[[notices]]
name = "FreeBSD-EN-16:14.hv_storvsc"
date = "2016-08-12"
[[notices]]
name = "FreeBSD-EN-16:13.vmbus"
date = "2016-08-12"
[[notices]]
name = "FreeBSD-EN-16:12.hv_storvsc"
date = "2016-08-12"
[[notices]]
name = "FreeBSD-EN-16:11.vmbus"
date = "2016-08-12"
[[notices]]
name = "FreeBSD-EN-16:10.dhclient"
date = "2016-08-12"
[[notices]]
name = "FreeBSD-EN-16:09.freebsd-update"
date = "2016-07-25"
[[notices]]
name = "FreeBSD-EN-16:08.zfs"
date = "2016-05-04"
[[notices]]
name = "FreeBSD-EN-16:07.ipi"
date = "2016-05-04"
[[notices]]
name = "FreeBSD-EN-16:06.libc"
date = "2016-05-04"
[[notices]]
name = "FreeBSD-EN-16:05.hv_netvsc"
date = "2016-03-16"
[[notices]]
name = "FreeBSD-EN-16:04.hyperv"
date = "2016-03-16"
[[notices]]
name = "FreeBSD-EN-16:03.yplib"
date = "2016-01-14"
[[notices]]
name = "FreeBSD-EN-16:02.pf"
date = "2016-01-14"
[[notices]]
name = "FreeBSD-EN-16:01.filemon"
date = "2016-01-14"
[[notices]]
name = "FreeBSD-EN-15:20.vm"
date = "2015-11-04"
[[notices]]
name = "FreeBSD-EN-15:19.kqueue"
date = "2015-11-04"
[[notices]]
name = "FreeBSD-EN-15:18.pkg"
date = "2015-09-16"
[[notices]]
name = "FreeBSD-EN-15:17.libc"
date = "2015-09-16"
[[notices]]
name = "FreeBSD-EN-15:16.pw"
date = "2015-09-16"
[[notices]]
name = "FreeBSD-EN-15:15.pkg"
date = "2015-08-25"
[[notices]]
name = "FreeBSD-EN-15:14.ixgbe"
date = "2015-08-25"
[[notices]]
name = "FreeBSD-EN-15:13.vidcontrol"
date = "2015-08-18"
[[notices]]
name = "FreeBSD-EN-15:12.netstat"
date = "2015-08-18"
[[notices]]
name = "FreeBSD-EN-15:11.toolchain"
date = "2015-08-18"
[[notices]]
name = "FreeBSD-EN-15:10.iconv"
date = "2015-06-30"
[[notices]]
name = "FreeBSD-EN-15:09.xlocale"
date = "2015-06-30"
[[notices]]
name = "FreeBSD-EN-15:08.sendmail"
date = "2015-06-18"
[[notices]]
name = "FreeBSD-EN-15:07.zfs"
date = "2015-06-09"
[[notices]]
name = "FreeBSD-EN-15:06.file"
date = "2015-06-09"
[[notices]]
name = "FreeBSD-EN-15:05.ufs"
date = "2015-05-13"
[[notices]]
name = "FreeBSD-EN-15:04.freebsd-update"
date = "2015-05-13"
[[notices]]
name = "FreeBSD-EN-15:03.freebsd-update"
date = "2015-02-25"
[[notices]]
name = "FreeBSD-EN-15:02.openssl"
date = "2015-02-25"
[[notices]]
name = "FreeBSD-EN-15:01.vt"
date = "2015-02-25"
[[notices]]
name = "FreeBSD-EN-14:13.freebsd-update"
date = "2014-12-23"
[[notices]]
name = "FreeBSD-EN-14:12.zfs"
date = "2014-11-04"
[[notices]]
name = "FreeBSD-EN-14:11.crypt"
date = "2014-10-22"
[[notices]]
name = "FreeBSD-EN-14:10.tzdata"
date = "2014-10-22"
[[notices]]
name = "FreeBSD-EN-14:09.jail"
date = "2014-07-08"
[[notices]]
name = "FreeBSD-EN-14:08.heimdal"
date = "2014-06-24"
[[notices]]
name = "FreeBSD-EN-14:07.pmap"
date = "2014-06-24"
[[notices]]
name = "FreeBSD-EN-14:06.exec"
date = "2014-06-03"
[[notices]]
name = "FreeBSD-EN-14:05.ciss"
date = "2014-05-13"
[[notices]]
name = "FreeBSD-EN-14:04.kldxref"
date = "2014-05-13"
[[notices]]
name = "FreeBSD-EN-14:03.pkg"
date = "2014-05-13"
[[notices]]
name = "FreeBSD-EN-14:02.mmap"
date = "2014-01-14"
[[notices]]
name = "FreeBSD-EN-14:01.random"
date = "2014-01-14"
[[notices]]
name = "FreeBSD-EN-13:05.freebsd-update"
date = "2013-11-28"
[[notices]]
name = "FreeBSD-EN-13:04.freebsd-update"
date = "2013-10-26"
[[notices]]
name = "FreeBSD-EN-13:03.mfi"
date = "2013-08-22"
[[notices]]
name = "FreeBSD-EN-13:01.fxp"
date = "2013-06-28"
[[notices]]
name = "FreeBSD-EN-13:02.vtnet"
date = "2013-06-28"
[[notices]]
name = "FreeBSD-EN-12:02.ipv6refcount"
date = "2012-06-12"
[[notices]]
name = "FreeBSD-EN-12:01.freebsd-update"
date = "2012-01-04"
[[notices]]
name = "FreeBSD-EN-10:02.sched_ule"
date = "2010-02-27"
[[notices]]
name = "FreeBSD-EN-10:01.freebsd"
date = "2010-01-06"
[[notices]]
name = "FreeBSD-EN-09:05.null"
date = "2009-10-02"
[[notices]]
name = "FreeBSD-EN-09:04.fork"
date = "2009-06-24"
[[notices]]
name = "FreeBSD-EN-09:03.fxp"
date = "2009-06-24"
[[notices]]
name = "FreeBSD-EN-09:02.bce"
date = "2009-06-24"
[[notices]]
name = "FreeBSD-EN-09:01.kenv"
date = "2009-03-23"
[[notices]]
name = "FreeBSD-EN-08:02.tcp"
date = "2008-06-19"
[[notices]]
name = "FreeBSD-EN-08:01.libpthread"
date = "2008-04-17"
[[notices]]
name = "FreeBSD-EN-07:05.freebsd-update"
date = "2007-03-15"
[[notices]]
name = "FreeBSD-EN-07:04.zoneinfo"
date = "2007-02-28"
[[notices]]
name = "FreeBSD-EN-07:03.rc.d_jail"
date = "2007-02-28"
[[notices]]
name = "FreeBSD-EN-07:02.net"
date = "2007-02-28"
[[notices]]
name = "FreeBSD-EN-07:01.nfs"
date = "2007-02-14"
[[notices]]
name = "FreeBSD-EN-06:02.net"
date = "2006-08-28"
[[notices]]
name = "FreeBSD-EN-06:01.jail"
date = "2006-07-07"
[[notices]]
name = "FreeBSD-EN-05:04.nfs"
date = "2005-12-19"
[[notices]]
name = "FreeBSD-EN-05:03.ipi"
date = "2005-01-16"
[[notices]]
name = "FreeBSD-EN-05:02.sk"
date = "2005-01-06"
[[notices]]
name = "FreeBSD-EN-05:01.nfs"
date = "2005-01-05"
[[notices]]
name = "FreeBSD-EN-04:01.twe"
date = "2004-06-28"
diff --git a/website/static/security/advisories/FreeBSD-EN-24:14.ifconfig.asc b/website/static/security/advisories/FreeBSD-EN-24:14.ifconfig.asc
new file mode 100644
index 0000000000..b71e288bf5
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-EN-24:14.ifconfig.asc
@@ -0,0 +1,150 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-24:14.ifconfig Errata Notice
+ The FreeBSD Project
+
+Topic: Incorrect ifconfig netmask assignment
+
+Category: core
+Module: ifconfig
+Announced: 2024-08-07
+Affects: FreeBSD 14.0 and later
+Corrected: 2024-06-15 15:24:59 UTC (stable/14, 14.1-STABLE)
+ 2024-08-07 13:44:28 UTC (releng/14.1, 14.1-RELEASE-p3)
+ 2024-08-07 13:44:41 UTC (releng/14.0, 14.0-RELEASE-p9)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+.
+
+I. Background
+
+Prior to the advent of classless inter-domain routing (CIDR), the IPv4
+address space was divided into classes based on how many of an address's
+most-significant bits were set. Since the class dictated the network
+mask, it was not necessary to specify the mask when configuring an
+interface. Even after CIDR was introduced, FreeBSD continued to allow
+the network mask to be omitted, for backward compatibility reasons.
+
+II. Problem Description
+
+When FreeBSD switched from using ioctl(2) to using Netlink sockets to
+configure network interfaces, the logic for determining the default mask
+in cases where one was not explicitly provided was inadvertantly
+inverted, resulting in class A addresses getting a prefix size of 24
+instead of 8, and vice versa for class C addresses. Class B addresses
+were not affected.
+
+III. Impact
+
+FreeBSD hosts which still rely on default network mask assignment and
+have addresses in the old class A (0.0.0.0-127.255.255.255) or class C
+(192.0.0.0-223.255.255.255) ranges will have an incorrect network mask.
+The exact consequences will vary depending on the direction of the error
+and the relative positions of the affected host and its default router
+within the local address space. Affected hosts should still be able to
+communicate with at least a subset of their local network, and may also
+be able to communicate with a subset of the wider network, but will
+typically lose the ability to communicate with any address which is not
+within both the actual local address space and the misconfigured local
+address space. This may include their default router.
+
+IV. Workaround
+
+Make sure to always specify either a network mask or a prefix size when
+adding IPv4 addresses to network interfaces. For instance, in a VM with
+a paravirtualized network interface and an IPv4 address of 192.0.2.5
+(historically class C), use either of the following in /etc/rc.conf or
+/etc/rc.conf.d/network:
+
+ ifconfig_vtnet0="inet 192.0.2.5/24"
+
+or
+
+ ifconfig_vtnet0="inet 192.0.2.5 netmask 255.255.255.0"
+
+V. Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+
+Perform one of the following:
+
+1) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms,
+or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8)
+utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+2) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-24:14/ifconfig.patch
+# fetch https://security.FreeBSD.org/patches/EN-24:14/ifconfig.patch.asc
+# gpg --verify ifconfig.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in .
+
+VI. Correction details
+
+This issue is corrected as of the corresponding Git commit hash in the
+following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/14/ 048ad7a9ef9f stable/14-n267957
+releng/14.1/ b9115dba07e8 releng/14.1-n267692
+releng/14.0/ 01792dd7f27b releng/14.0-n265424
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmazhZwACgkQbljekB8A
+Gu/6HBAA1PB3WA8wuqi2iebMvqZ1iM0Oh0sb9JotX8VFpO7zWpIHImITbLvWjYEm
+0YMb62mJNiKBVxRf0p1SWhOqRJcJAVNxU8U8wb6p7UJ2LXnLgU7t3kLNVdKN+Yq5
+jIMBOHpIJz/na/LsOEtxtneCvnNL+lOQ4NkHLKfFOUtf0PkAn2nUVnYyA+PGH/3l
+VQFxSCQCB3CxNMeiI5R2x9ZdaESfNdn/qh6vZcca2fl6seWMQaoqwzxrtBS1VXsR
+1LofhqJsOvIDOkKS5SFLIGMfPdETl2jmd+YrG9ujXWYcyvaQxfRE66RRT1AROCXb
++vD8MXc7q3gtjAV398iYdMwf7eqbPngX6xZCLPs6PR96eaa1tGTK0+cdan7CfHFB
+WahFo1md9kORCq2DLkLhekdJjy1+4J9KsMjGWLYRILZNPHU/IvAGFS1czFMPmTbm
+V1IHWeszDUPgjKlp0m59CsGjwcyJnIeZBnTMiMQ5EM29zEOUdgCayz2/v6JaEgwb
+7xCb5x0HzyR0hM4GDG8ccNe8VQFSm6McRSWb77zXnB5Lp2aCug9VwuUN1mJNdQVp
+3O5tm+Wd5HeA15YubO4aQ3aUTdsk92BZ9cxorn2dOTlE8vyxmqLk7KYs0644Dzmv
+IxRNYmBfb/trIWDLW7QZTVXtoSpTjdNvQG0+yEAFDTfTuAe0qVM=
+=+Q9R
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-SA-24:05.pf.asc b/website/static/security/advisories/FreeBSD-SA-24:05.pf.asc
new file mode 100644
index 0000000000..0c6d2b859d
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-SA-24:05.pf.asc
@@ -0,0 +1,155 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-24:05.pf Security Advisory
+ The FreeBSD Project
+
+Topic: pf incorrectly matches different ICMPv6 states in the state table
+
+Category: core
+Module: pf
+Announced: 2024-08-07
+Credits: Enrico Bassetti e.bassetti@tudelft.nl
+ (Cybersecurity @ TU Delft, SPRITZ Group @ UniPD)
+Affects: All supported versions of FreeBSD.
+Corrected: 2024-07-31 07:41:11 UTC (stable/14, 14.0-STABLE)
+ 2024-08-07 13:44:25 UTC (releng/14.1, 14.1-RELEASE-p3)
+ 2024-08-07 13:44:46 UTC (releng/14.0, 14.0-RELEASE-p9)
+ 2024-07-31 07:41:12 UTC (stable/13, 13.3-STABLE)
+ 2024-08-07 13:44:57 UTC (releng/13.3, 13.3-RELEASE-p5)
+CVE Name: CVE-2024-6640
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit .
+
+I. Background
+
+pf is an Internet Protocol packet filter originally written for OpenBSD. pf
+uses a state table to determine whether to allow a packet that is from a
+known/already open transmission. It identifies ICMPv6 states based on the
+address family, protocol, addresses, and the ID.
+
+Normally, states are created by outgoing packets, or by incoming packets
+matching 'pass' rules. A packet that do not match any rule will be blocked
+or allowed depending on the default rule.
+
+ICMPv6 Neighbor Discovery has to be allowed in the firewall for IPv6 to work
+properly in broadcast networks, such as Ethernet.
+
+II. Problem Description
+
+In ICMPv6 Neighbor Discovery (ND), the ID is always 0. When pf is configured
+to allow ND and block incoming Echo Requests, a crafted Echo Request packet
+after a Neighbor Solicitation (NS) can trigger an Echo Reply. The packet has
+to come from the same host as the NS and have a zero as identifier to match
+the state created by the Neighbor Discovery and allow replies to be
+generated.
+
+III. Impact
+
+ICMPv6 packets with identifier value of zero bypass firewall rules written on
+the assumption that the incoming packets are going to create a state in the
+state table.
+
+IV. Workaround
+
+No workaround is available but systems not using the pf firewall are not
+affected.
+
+V. Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date
+and reboot.
+
+Perform one of the following:
+
+1) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms,
+or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8)
+utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for a security update"
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 13.3]
+# fetch https://security.FreeBSD.org/patches/SA-24:05/pf-13.patch
+# fetch https://security.FreeBSD.org/patches/SA-24:05/pf-13.patch.asc
+# gpg --verify pf.patch.asc
+
+[FreeBSD 14.0 & FreeBSD 14.1]
+# fetch https://security.FreeBSD.org/patches/SA-24:05/pf-14.patch
+# fetch https://security.FreeBSD.org/patches/SA-24:05/pf-14.patch.asc
+# gpg --verify pf.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+ and reboot the
+system.
+
+VI. Correction details
+
+This issue is corrected as of the corresponding Git commit hash in the
+following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/14/ 3382c691dc6a stable/14-n268277
+releng/14.1/ a66d33fcf334 releng/14.1-n267690
+releng/14.0/ ca9580967e74 releng/14.0-n265428
+stable/13/ 05f91f8dd5ce stable/13-n258160
+releng/13.3/ 5eb30c313cb0 releng/13.3-n257443
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmazhasACgkQbljekB8A
+Gu9/0Q//S/qcyIxnQ1V8Gz8ghAQuJu8OlTdYV9OexFSKExcbc9FYK6LwhSUfPtHf
+Bx9KowhQCH2D1X33qHRUCWVhDMhgpvHmg/+ajnm0IP/+nc+ZnNFCC0Ew5b/mk7Uw
+jQAxW54/RSe1Cnl11T4RTcPI7YhGTej8T5T8dm2TlCdTI3m7xS/zfR3e4x89yrmW
+gVUBG54udbSSzxMDJk2rbr9anoinzaI0eiXY/rnb729OTU6y4SmJ9ZZZwXs+bRpP
+AUE7Zgj7pNrWC1CxTMy6XLdPE/L/8Yxz9mOFpyJcHahoEHcMH+5DKQePGa4mQgnS
+N8Srtrxx3Ipz5/zzOPr+O0BbOh8m7KMXU/J8Y3aHpUzbnr+IfGEUHBukN93M3qbV
+Qkw9iW+5HZ45P16Fyaj2cq7He7F39/7B/DhfjLldbUOnWGPmn3JrWkvONL++iAyI
++vOrfGubyTtwgSdZGDcv+FUrL6af6nQzFBBgv4z4TpHN+BTcwA5c6JwuOlvMc5ZY
+ISh8WItjxmK5Gh27H7JBGKwWDnKYjqkRcgJ7QZd7dmjo2bzOlnKV0eYk51eBvoIh
+FV4YGAgMPxCJGBrl54/0F5+C8zl0cjNlEhnyyl2IEBbPbnfmvpNw3tMbJdPfEUhF
+DK+j5IkDU/4sNrV/dmeD+K+u/3xgDxtUv6IjH2odmADtlCbOV80=
+=/mRR
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-SA-24:06.ktrace.asc b/website/static/security/advisories/FreeBSD-SA-24:06.ktrace.asc
new file mode 100644
index 0000000000..1c157f0203
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-SA-24:06.ktrace.asc
@@ -0,0 +1,139 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-24:06.ktrace Security Advisory
+ The FreeBSD Project
+
+Topic: ktrace(2) fails to detach when executing a setuid binary
+
+Category: core
+Module: ktrace
+Announced: 2024-08-07
+Affects: All supported versions of FreeBSD
+Corrected: 2024-08-07 13:41:53 UTC (stable/14, 14.1-STABLE)
+ 2024-08-07 13:44:29 UTC (releng/14.1, 14.1-RELEASE-p3)
+ 2024-08-07 13:44:47 UTC (releng/14.0, 14.0-RELEASE-p9)
+ 2024-08-07 13:42:10 UTC (stable/13, 13.3-STABLE)
+ 2024-08-07 13:44:59 UTC (releng/13.3, 13.3-RELEASE-p5)
+CVE Name: CVE-2024-6760
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit .
+
+I. Background
+
+The ktrace utility enables kernel trace logging for the specified processes,
+commonly used for diagnostic or debugging purposes. The kernel operations
+that are traced include system calls, namei translations, signal processing,
+and I/O as well as data associated with these operations.
+
+II. Problem Description
+
+A logic bug in the code which disables kernel tracing for setuid programs
+meant that tracing was not disabled when it should have, allowing
+unprivileged users to trace and inspect the behavior of setuid programs.
+
+III. Impact
+
+The bug may be used by an unprivileged user to read the contents of files to
+which they would not otherwise have access, such as the local password
+database.
+
+IV. Workaround
+
+No workaround is available.
+
+I/O tracing can be disabled by setting the kern.ktrace.genio_size sysctl to
+0, but other information recorded by ktrace, such as system call arguments,
+can still be leaked.
+
+V. Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+Perform one of the following:
+
+1) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms,
+or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8)
+utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for a security update"
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/SA-24:06/ktrace.patch
+# fetch https://security.FreeBSD.org/patches/SA-24:06/ktrace.patch.asc
+# gpg --verify ktrace.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+ and reboot the
+system.
+
+VI. Correction details
+
+This issue is corrected as of the corresponding Git commit hash in the
+following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/14/ 8b400c8488f0 stable/14-n268423
+releng/14.1/ 22d04990cee5 releng/14.1-n267693
+releng/14.0/ c39fb98e4740 releng/14.0-n265429
+stable/13/ f702110bc4bc stable/13-n258224
+releng/13.3/ 769536bcb5c3 releng/13.3-n257445
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmazha0ACgkQbljekB8A
+Gu/6ThAAvKUJFwdRV/rSRyGEOTWJE+dv1Qig000xhD6g42yKpfGShaNFUTSvMPG+
+kLtpN41SRN/LXyNyQfk3GL2SmphB2V9nlJ+FM2PEmi4hMrWoiNi6uX9MmSheFbp3
+QbDAh5+2sRo66AUXjUX118cK1ruqQjRRMVSW6D8hOeDv64Wvg01L0R3ls1ZsdXYL
+5wYuTRNh2ciyMEHQ0QUz8X38qebdPSV/8aVNSZYinwtYE+wGWbpmUCQoqgtLlnT9
+3UqIy68KVj4+TNYoZuQkK5/Ur9YG884YlNpzsJ6peX8U0gjQhG1BfqEPAylTZn/6
+vPp0LtJ0fRRZs0a6XJQ+rBxhuh22vLLFLXI9jSthCcNdJhRFFnnY9nFoB0/EOpIH
+I6i94dEExCeGkWcpPB2wyrQGPcRTik9h57vsTaHcnEAPWu1fO2OckUILZVsMs7Yp
+WXePdrVfTke1hIzk5DAc5PYJ1IKcN49m/+GhXjLz8aCcy9RadJPpJDe2HSltgfTn
+xvxAudY+58f6518getIfvU4tAA1DVw2Y9zRoRhdlXLiVDayBkCOFRMMBY1cWOk9o
+aUnbQ9PYO2h7iyzSvqgWDLIy7fIdLZnyuflSVtJ4KUnetk2hU5kxb0VZFx10+z7l
+dsTyXGdb04olDMvURtgn5eQotbJzn+KLqi3vOmQ92uAGSsLeH70=
+=3iOc
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-SA-24:07.nfsclient.asc b/website/static/security/advisories/FreeBSD-SA-24:07.nfsclient.asc
new file mode 100644
index 0000000000..ee3f20bf8b
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-SA-24:07.nfsclient.asc
@@ -0,0 +1,145 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-24:07.nfsclient Security Advisory
+ The FreeBSD Project
+
+Topic: NFS client accepts file names containing path separators
+
+Category: core
+Module: NFS client
+Announced: 2024-08-07
+Credits: Apple Security Engineering and Architecture (SEAR)
+Affects: All supported versions of FreeBSD
+Corrected: 2024-07-27 03:54:45 UTC (stable/14, 14.1-STABLE)
+ 2024-08-07 13:44:21 UTC (releng/14.1, 14.1-RELEASE-p3)
+ 2024-08-07 13:44:39 UTC (releng/14.0, 14.0-RELEASE-p9)
+ 2024-07-28 04:14:54 UTC (stable/13, 13.3-STABLE)
+ 2024-08-07 13:44:52 UTC (releng/13.3, 13.3-RELEASE-p5)
+CVE Name: CVE-2024-6759
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit .
+
+I. Background
+
+The Network File System (NFS) is a distributed file system that allows remote
+systems to access files and directories over a network as if they were local.
+FreeBSD includes both server and client implementations of NFS.
+
+II. Problem Description
+
+When mounting a remote filesystem using NFS, the kernel did not sanitize
+remotely provided filenames for the path separator character, "/". This
+allows readdir(3) and related functions to return filesystem entries with
+names containing additional path components.
+
+III. Impact
+
+The lack of validation described above gives rise to a confused deputy
+problem. For example, a program copying files from an NFS mount could be
+tricked into copying from outside the intended source directory, and/or to a
+location outside the intended destination directory.
+
+IV. Workaround
+
+No workaround is available. Note that for the problem to occur, the NFS
+server would have to deliberately inject altered paths into RPC replies, or
+a MITM would have to be altering NFS traffic.
+
+V. Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+Perform one of the following:
+
+1) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms,
+or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8)
+utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for a security update"
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 13.3]
+# fetch https://security.FreeBSD.org/patches/SA-24:07/nfclient-13.patch
+# fetch https://security.FreeBSD.org/patches/SA-24:07/nfclient-13.patch.asc
+# gpg --verify nfsclient-13.patch.asc
+
+[FreeBSD 14.0 & FreeBSD 14.1]
+# fetch https://security.FreeBSD.org/patches/SA-24:07/nfclient-14.patch
+# fetch https://security.FreeBSD.org/patches/SA-24:07/nfclient-14.patch.asc
+# gpg --verify nfsclient-14.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+ and reboot the
+system.
+
+VI. Correction details
+
+This issue is corrected as of the corresponding Git commit hash in the
+following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/14/ 9328ded386d5 stable/14-n268239
+releng/14.1/ 8533e927afc1 releng/14.1-n267686
+releng/14.0/ 4e7bf17e9db8 releng/14.0-n265422
+stable/13/ 0172b5145ad9 stable/13-n258140
+releng/13.3/ 3d5cb2b9a97c releng/13.3-n257439
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmazha8ACgkQbljekB8A
+Gu80VxAAsDhdNW5FHcXEBZXbfR6fsShdWGQo8rCY1R1Buq8uhPI4bdzXCFrgUKM7
+Rm5P+zfZNcTYtM0epU1Fiz2BhjsKVfKIOMIBmuMik9xMBfeHnTihKGFBZ+TFj7i8
+1Kv/NE+oCn99jKZS7sZVNBvdbDMNBq4Em0vixXGRnKlEpa3r8b7niLuB0rHa97//
+gzIP5GvhUTsMaw3TwCAkVnZDrx+AoAU0dbLVIFf07P4mEt7StGd76C1dq4a6+3ZV
+s3Gqm16H8nYan5NJzpH2SIhcav4YyDuSD1eS8isyLn5bybpROdYQT7tCAfplpR2X
+pX0oQ8FRlslodV/wWaGNnCTNTYoSTj0jf77CM4fd8ERdKKmhC6x9zHsDyJBzH5Ku
+E6JlY9IvM0fL2N4KPDpNjF/U8RmNWDcxxaaou/6uohWdg977CX8uP1wfSL/4Sw6u
+SvqfDwwqd5BRE4KiqMFE024zgeogeJU7i21747HKs4nxWlNuPhVrWRjrarRhYlc2
+M4l2te7OQMjVPtbYhO4DXnDMqNgN37Qf2srgBiAnlOpmRX5Trgj4pw6DGQlSVoWO
+xY8fO02xAZuRUKgNA/TEvmRVuZx0LaLkl49xQjB8DxSvggYVFbJaY2HpfjnktmN0
+ZuMlcw0h/cv9UEFn3FWy0147xN/cjXjozvACmDUWhG0LdiUcnzc=
+=tJAo
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-SA-24:08.openssh.asc b/website/static/security/advisories/FreeBSD-SA-24:08.openssh.asc
new file mode 100644
index 0000000000..c9aefa9e68
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-SA-24:08.openssh.asc
@@ -0,0 +1,150 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-24:08.openssh Security Advisory
+ The FreeBSD Project
+
+Topic: OpenSSH pre-authentication async signal safety issue
+
+Category: contrib
+Module: openssh
+Announced: 2024-08-07
+Affects: All supported versions of FreeBSD.
+Corrected: 2024-08-06 19:43:54 UTC (stable/14, 14.1-STABLE)
+ 2024-08-07 13:44:26 UTC (releng/14.1, 14.1-RELEASE-p3)
+ 2024-08-07 13:44:40 UTC (releng/14.0, 14.0-RELEASE-p9)
+ 2024-08-06 19:46:19 UTC (stable/13, 13.3-STABLE)
+ 2024-08-07 13:44:58 UTC (releng/13.3, 13.3-RELEASE-p5)
+CVE Name: CVE-2024-7589
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit .
+
+I. Background
+
+OpenSSH is an implementation of the SSH protocol suite, providing an
+encrypted and authenticated transport for a variety of services, including
+remote shell access.
+
+II. Problem Description
+
+A signal handler in sshd(8) may call a logging function that is not async-
+signal-safe. The signal handler is invoked when a client does not
+authenticate within the LoginGraceTime seconds (120 by default). This signal
+handler executes in the context of the sshd(8)'s privileged code, which is
+not sandboxed and runs with full root privileges.
+
+This issue is another instance of the problem in CVE-2024-6387 addressed by
+FreeBSD-SA-24:04.openssh. The faulty code in this case is from the
+integration of blacklistd in OpenSSH in FreeBSD.
+
+III. Impact
+
+As a result of calling functions that are not async-signal-safe in the
+privileged sshd(8) context, a race condition exists that a determined
+attacker may be able to exploit to allow an unauthenticated remote code
+execution as root.
+
+IV. Workaround
+
+If sshd(8) cannot be updated, this signal handler race condition can be
+mitigated by setting LoginGraceTime to 0 in /etc/ssh/sshd_config and
+restarting sshd(8). This makes sshd(8) vulnerable to a denial of service
+(the exhaustion of all MaxStartups connections), but makes it safe from the
+remote code execution presented in this advisory.
+
+V. Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date, and
+restart sshd.
+
+Perform one of the following:
+
+1) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms,
+or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8)
+utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/SA-24:08/openssh.patch
+# fetch https://security.FreeBSD.org/patches/SA-24:08/openssh.patch.asc
+# gpg --verify openssh.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in .
+
+Restart the applicable daemons, or reboot the system.
+
+VI. Correction details
+
+This issue is corrected as of the corresponding Git commit hash in the
+following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/14/ 73466449a9bf stable/14-n268414
+releng/14.1/ 450425089212 releng/14.1-n267691
+releng/14.0/ c4ade13d5498 releng/14.0-n265423
+stable/13/ d5f16ef6463d stable/13-n258221
+releng/13.3/ f41c11d7f209 releng/13.3-n257444
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+
+
+
+
+
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmazhbIACgkQbljekB8A
+Gu8uDBAA6gj9o4DXfVMHeZCFKr3WT/g3wPbilTk2xmvzkYoCkAMFC2PZ48wbxK7U
+/tXvVC5Hs7OO0jkZXgCNiLsUe4kzgEPeutsyi3x5i6uWlLA+I03UZyPdwFgkBM75
+w4IYeut6nMfiozJmiy7ekmxdjO1f+IGMy/yoa46gUr0524TyNjqF//p1wAePTF75
+WgvZrGEildEuZk6lHp3/sm1fmv4HxG5EmNmzlzWcj/jjMnOAe5Cbf8qpcKe42V5Y
+vBj8Cm6lVtOaviuT4XXnmkQro3uejeUq6z+LYwM7Pcs26OIeRgz9kzLNB2EXEwR7
+GNJDwzUbKvaOfvTnZao8KWqdw3fbS9Un39SJAAs32Y+5sqAcUnmRbdHa1pEFZ2rx
+F9moYxZ3/xuQhxzNmMqXMyAfWrlJcoX1Tc5hVSh2Rn0TWpH17BMTs3FVdtoaP2iG
+owhwdPLXBvePkNa/FSARVfhunrFDIBEwBQd3pN5TJRCmKdzvNqmxJsL6Z2y7Ib48
+EkFaw90t9kRg1+87YUjMQlhwNVww/yLzDzdZ137bRAeJtP3i7ZdbEVqUZGQvubCE
+2eDDaYuEj4RM3UElIlHRj2Z8YlXgfmgr2BcbLpqgP3cXw6McS0POG4Pw4z4Wyshn
+prFtFlMFqJbAqlNQkXfdVquu/V8BSay0iLaEy69t4KBVp4DFsf4=
+=TDgI
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/EN-24:14/ifconfig.patch b/website/static/security/patches/EN-24:14/ifconfig.patch
new file mode 100644
index 0000000000..80bc33028f
--- /dev/null
+++ b/website/static/security/patches/EN-24:14/ifconfig.patch
@@ -0,0 +1,26 @@
+--- sbin/ifconfig/af_inet.c.orig
++++ sbin/ifconfig/af_inet.c
+@@ -440,7 +440,7 @@
+ static void
+ in_setdefaultmask_nl(void)
+ {
+- struct in_px *px = sintab_nl[ADDR];
++ struct in_px *px = sintab_nl[ADDR];
+
+ in_addr_t i = ntohl(px->addr.s_addr);
+
+@@ -451,11 +451,11 @@
+ * we should return an error rather than warning.
+ */
+ if (IN_CLASSA(i))
+- px->plen = IN_CLASSA_NSHIFT;
++ px->plen = 32 - IN_CLASSA_NSHIFT;
+ else if (IN_CLASSB(i))
+- px->plen = IN_CLASSB_NSHIFT;
++ px->plen = 32 - IN_CLASSB_NSHIFT;
+ else
+- px->plen = IN_CLASSC_NSHIFT;
++ px->plen = 32 - IN_CLASSC_NSHIFT;
+ px->maskset = true;
+ }
+ #endif
diff --git a/website/static/security/patches/EN-24:14/ifconfig.patch.asc b/website/static/security/patches/EN-24:14/ifconfig.patch.asc
new file mode 100644
index 0000000000..0019542641
--- /dev/null
+++ b/website/static/security/patches/EN-24:14/ifconfig.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmazhaMACgkQbljekB8A
+Gu/swxAAzAKd+3rr/cfRw0A2eh264D+y29FyjsMONJ7MUeGil8yHLAW1mF35uVAl
+7VVeGM2z3KMkuI57yrmV2qqFmY5kmHMaJQ806JfC8a7QmwSpFb34P7Ti3JgnQBPw
+8+iaa0PkbBKkj4SM3D5RRCic+oz5XxFg8gjsFzJwil6t48rsZuqGby6U/MUtswbz
+NI4Qs/koxjuyWwougPqEcqL3feCO3leV4dXV6V211nT+zRlrFf0p4/bzbN4hRz81
+xn+w7xrwB85LxOyuz8XLb/Akqih+g/AXZf4hOBxDlPdVWdYmMBG8Ze1QIuO1Drzj
+1cxGAuzxzJEKWNjIuXvDxebLA9PbF+S/BYl+a8bFETBBnfazylA0ONYsU+CjOnYB
+RhJT7Z+65hFVNK3DqfQ7B0PYXwkZgZC60I4Kfl3FOu9RnM5R+aYxRhfhjKZBdIA5
+rTftpcUWt9ZDs0ZuHLTcNcwcmUrJ6Kb/qy8Q7yZ8XJHm8GD63fOLYZ5ayBCZsG3u
+EoEJ0/lz4u4A6mRkfGG08MT0Rv0ek6B0lVURlgS7lSmiLRTRCzJ8n0IzXJq3w8xl
+53Q0GDH+UNBJlM2H8QKNTb5+Dl0AlOm/C6MbGci+8xdTRp7bPeU5rfsh9vHUQ1vn
+fUatggjLfsgWJHRnQD4t8ll0yz7muppsDj02ejGn6DcDUZ5Xots=
+=iSB0
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/SA-24:05/pf-13.patch b/website/static/security/patches/SA-24:05/pf-13.patch
new file mode 100644
index 0000000000..e41ace722d
--- /dev/null
+++ b/website/static/security/patches/SA-24:05/pf-13.patch
@@ -0,0 +1,615 @@
+--- sys/netpfil/pf/pf.c.orig
++++ sys/netpfil/pf/pf.c
+@@ -276,6 +276,8 @@
+ u_int16_t, u_int8_t, sa_family_t);
+ static int pf_modulate_sack(struct mbuf *, int, struct pf_pdesc *,
+ struct tcphdr *, struct pf_state_peer *);
++int pf_icmp_mapping(struct pf_pdesc *, u_int8_t, int *,
++ int *, u_int16_t *, u_int16_t *);
+ static void pf_change_icmp(struct pf_addr *, u_int16_t *,
+ struct pf_addr *, struct pf_addr *, u_int16_t,
+ u_int16_t *, u_int16_t *, u_int16_t *,
+@@ -316,6 +318,10 @@
+ static int pf_test_state_udp(struct pf_kstate **, int,
+ struct pfi_kkif *, struct mbuf *, int,
+ void *, struct pf_pdesc *);
++int pf_icmp_state_lookup(struct pf_state_key_cmp *,
++ struct pf_pdesc *, struct pf_kstate **, struct mbuf *,
++ int, struct pfi_kkif *, u_int16_t, u_int16_t,
++ int, int *, int);
+ static int pf_test_state_icmp(struct pf_kstate **, int,
+ struct pfi_kkif *, struct mbuf *, int,
+ void *, struct pf_pdesc *, u_short *);
+@@ -369,6 +375,7 @@
+ extern struct proc *pf_purge_proc;
+
+ VNET_DEFINE(struct pf_limit, pf_limits[PF_LIMIT_MAX]);
++enum { PF_ICMP_MULTI_NONE, PF_ICMP_MULTI_SOLICITED, PF_ICMP_MULTI_LINK };
+
+ #define PACKET_UNDO_NAT(_m, _pd, _off, _s, _dir) \
+ do { \
+@@ -1689,6 +1696,172 @@
+ return (false);
+ }
+
++int
++pf_icmp_mapping(struct pf_pdesc *pd, u_int8_t type,
++ int *icmp_dir, int *multi, u_int16_t *virtual_id, u_int16_t *virtual_type)
++{
++ /*
++ * ICMP types marked with PF_OUT are typically responses to
++ * PF_IN, and will match states in the opposite direction.
++ * PF_IN ICMP types need to match a state with that type.
++ */
++ *icmp_dir = PF_OUT;
++ *multi = PF_ICMP_MULTI_LINK;
++ /* Queries (and responses) */
++ switch (pd->af) {
++#ifdef INET
++ case AF_INET:
++ switch (type) {
++ case ICMP_ECHO:
++ *icmp_dir = PF_IN;
++ case ICMP_ECHOREPLY:
++ *virtual_type = ICMP_ECHO;
++ *virtual_id = pd->hdr.icmp.icmp_id;
++ break;
++
++ case ICMP_TSTAMP:
++ *icmp_dir = PF_IN;
++ case ICMP_TSTAMPREPLY:
++ *virtual_type = ICMP_TSTAMP;
++ *virtual_id = pd->hdr.icmp.icmp_id;
++ break;
++
++ case ICMP_IREQ:
++ *icmp_dir = PF_IN;
++ case ICMP_IREQREPLY:
++ *virtual_type = ICMP_IREQ;
++ *virtual_id = pd->hdr.icmp.icmp_id;
++ break;
++
++ case ICMP_MASKREQ:
++ *icmp_dir = PF_IN;
++ case ICMP_MASKREPLY:
++ *virtual_type = ICMP_MASKREQ;
++ *virtual_id = pd->hdr.icmp.icmp_id;
++ break;
++
++ case ICMP_IPV6_WHEREAREYOU:
++ *icmp_dir = PF_IN;
++ case ICMP_IPV6_IAMHERE:
++ *virtual_type = ICMP_IPV6_WHEREAREYOU;
++ *virtual_id = 0; /* Nothing sane to match on! */
++ break;
++
++ case ICMP_MOBILE_REGREQUEST:
++ *icmp_dir = PF_IN;
++ case ICMP_MOBILE_REGREPLY:
++ *virtual_type = ICMP_MOBILE_REGREQUEST;
++ *virtual_id = 0; /* Nothing sane to match on! */
++ break;
++
++ case ICMP_ROUTERSOLICIT:
++ *icmp_dir = PF_IN;
++ case ICMP_ROUTERADVERT:
++ *virtual_type = ICMP_ROUTERSOLICIT;
++ *virtual_id = 0; /* Nothing sane to match on! */
++ break;
++
++ /* These ICMP types map to other connections */
++ case ICMP_UNREACH:
++ case ICMP_SOURCEQUENCH:
++ case ICMP_REDIRECT:
++ case ICMP_TIMXCEED:
++ case ICMP_PARAMPROB:
++ /* These will not be used, but set them anyway */
++ *icmp_dir = PF_IN;
++ *virtual_type = type;
++ *virtual_id = 0;
++ HTONS(*virtual_type);
++ return (1); /* These types match to another state */
++
++ /*
++ * All remaining ICMP types get their own states,
++ * and will only match in one direction.
++ */
++ default:
++ *icmp_dir = PF_IN;
++ *virtual_type = type;
++ *virtual_id = 0;
++ break;
++ }
++ break;
++#endif /* INET */
++#ifdef INET6
++ case AF_INET6:
++ switch (type) {
++ case ICMP6_ECHO_REQUEST:
++ *icmp_dir = PF_IN;
++ case ICMP6_ECHO_REPLY:
++ *virtual_type = ICMP6_ECHO_REQUEST;
++ *virtual_id = pd->hdr.icmp6.icmp6_id;
++ break;
++
++ case MLD_LISTENER_QUERY:
++ case MLD_LISTENER_REPORT: {
++ /*
++ * Listener Report can be sent by clients
++ * without an associated Listener Query.
++ * In addition to that, when Report is sent as a
++ * reply to a Query its source and destination
++ * address are different.
++ */
++ *icmp_dir = PF_IN;
++ *virtual_type = MLD_LISTENER_QUERY;
++ *virtual_id = 0;
++ break;
++ }
++ case MLD_MTRACE:
++ *icmp_dir = PF_IN;
++ case MLD_MTRACE_RESP:
++ *virtual_type = MLD_MTRACE;
++ *virtual_id = 0; /* Nothing sane to match on! */
++ break;
++
++ case ND_NEIGHBOR_SOLICIT:
++ *icmp_dir = PF_IN;
++ case ND_NEIGHBOR_ADVERT: {
++ *virtual_type = ND_NEIGHBOR_SOLICIT;
++ *virtual_id = 0;
++ break;
++ }
++
++ /*
++ * These ICMP types map to other connections.
++ * ND_REDIRECT can't be in this list because the triggering
++ * packet header is optional.
++ */
++ case ICMP6_DST_UNREACH:
++ case ICMP6_PACKET_TOO_BIG:
++ case ICMP6_TIME_EXCEEDED:
++ case ICMP6_PARAM_PROB:
++ /* These will not be used, but set them anyway */
++ *icmp_dir = PF_IN;
++ *virtual_type = type;
++ *virtual_id = 0;
++ HTONS(*virtual_type);
++ return (1); /* These types match to another state */
++ /*
++ * All remaining ICMP6 types get their own states,
++ * and will only match in one direction.
++ */
++ default:
++ *icmp_dir = PF_IN;
++ *virtual_type = type;
++ *virtual_id = 0;
++ break;
++ }
++ break;
++#endif /* INET6 */
++ default:
++ *icmp_dir = PF_IN;
++ *virtual_type = type;
++ *virtual_id = 0;
++ break;
++ }
++ HTONS(*virtual_type);
++ return (0); /* These types match to their own state */
++}
++
+ void
+ pf_intr(void *v)
+ {
+@@ -3851,8 +4024,8 @@
+ int tag = -1, rtableid = -1;
+ int asd = 0;
+ int match = 0;
+- int state_icmp = 0;
+- u_int16_t sport = 0, dport = 0;
++ int state_icmp = 0, icmp_dir, multi;
++ u_int16_t sport = 0, dport = 0, virtual_type, virtual_id;
+ u_int16_t bproto_sum = 0, bip_sum = 0;
+ u_int8_t icmptype = 0, icmpcode = 0;
+ struct pf_kanchor_stackframe anchor_stack[PF_ANCHOR_STACKSIZE];
+@@ -3886,33 +4059,37 @@
+ case IPPROTO_ICMP:
+ if (pd->af != AF_INET)
+ break;
+- sport = dport = pd->hdr.icmp.icmp_id;
+ hdrlen = sizeof(pd->hdr.icmp);
+ icmptype = pd->hdr.icmp.icmp_type;
+ icmpcode = pd->hdr.icmp.icmp_code;
+-
+- if (icmptype == ICMP_UNREACH ||
+- icmptype == ICMP_SOURCEQUENCH ||
+- icmptype == ICMP_REDIRECT ||
+- icmptype == ICMP_TIMXCEED ||
+- icmptype == ICMP_PARAMPROB)
+- state_icmp++;
++ state_icmp = pf_icmp_mapping(pd, icmptype,
++ &icmp_dir, &multi, &virtual_id, &virtual_type);
++ if (icmp_dir == PF_IN) {
++ sport = virtual_id;
++ dport = virtual_type;
++ } else {
++ sport = virtual_type;
++ dport = virtual_id;
++ }
+ break;
+ #endif /* INET */
+ #ifdef INET6
+ case IPPROTO_ICMPV6:
+ if (af != AF_INET6)
+ break;
+- sport = dport = pd->hdr.icmp6.icmp6_id;
+ hdrlen = sizeof(pd->hdr.icmp6);
+ icmptype = pd->hdr.icmp6.icmp6_type;
+ icmpcode = pd->hdr.icmp6.icmp6_code;
++ state_icmp = pf_icmp_mapping(pd, icmptype,
++ &icmp_dir, &multi, &virtual_id, &virtual_type);
++ if (icmp_dir == PF_IN) {
++ sport = virtual_id;
++ dport = virtual_type;
++ } else {
++ sport = virtual_type;
++ dport = virtual_id;
++ }
+
+- if (icmptype == ICMP6_DST_UNREACH ||
+- icmptype == ICMP6_PACKET_TOO_BIG ||
+- icmptype == ICMP6_TIME_EXCEEDED ||
+- icmptype == ICMP6_PARAM_PROB)
+- state_icmp++;
+ break;
+ #endif /* INET6 */
+ default:
+@@ -4001,7 +4178,6 @@
+ }
+ #ifdef INET
+ case IPPROTO_ICMP:
+- nk->port[0] = nk->port[1];
+ if (PF_ANEQ(saddr, &nk->addr[pd->sidx], AF_INET))
+ pf_change_a(&saddr->v4.s_addr, pd->ip_sum,
+ nk->addr[pd->sidx].v4.s_addr, 0);
+@@ -4010,11 +4186,12 @@
+ pf_change_a(&daddr->v4.s_addr, pd->ip_sum,
+ nk->addr[pd->didx].v4.s_addr, 0);
+
+- if (nk->port[1] != pd->hdr.icmp.icmp_id) {
++ if (virtual_type == htons(ICMP_ECHO) &&
++ nk->port[pd->sidx] != pd->hdr.icmp.icmp_id) {
+ pd->hdr.icmp.icmp_cksum = pf_cksum_fixup(
+ pd->hdr.icmp.icmp_cksum, sport,
+- nk->port[1], 0);
+- pd->hdr.icmp.icmp_id = nk->port[1];
++ nk->port[pd->sidx], 0);
++ pd->hdr.icmp.icmp_id = nk->port[pd->sidx];
+ pd->sport = &pd->hdr.icmp.icmp_id;
+ }
+ m_copyback(m, off, ICMP_MINLEN, (caddr_t)&pd->hdr.icmp);
+@@ -4022,7 +4199,6 @@
+ #endif /* INET */
+ #ifdef INET6
+ case IPPROTO_ICMPV6:
+- nk->port[0] = nk->port[1];
+ if (PF_ANEQ(saddr, &nk->addr[pd->sidx], AF_INET6))
+ pf_change_a6(saddr, &pd->hdr.icmp6.icmp6_cksum,
+ &nk->addr[pd->sidx], 0);
+@@ -5812,15 +5988,73 @@
+ return (pf_multihome_scan(m, start, len, pd, kif, SCTP_ADD_IP_ADDRESS));
+ }
+
++int
++pf_icmp_state_lookup(struct pf_state_key_cmp *key, struct pf_pdesc *pd,
++ struct pf_kstate **state, struct mbuf *m, int direction, struct pfi_kkif *kif,
++ u_int16_t icmpid, u_int16_t type, int icmp_dir, int *iidx, int multi)
++{
++ key->af = pd->af;
++ key->proto = pd->proto;
++ if (icmp_dir == PF_IN) {
++ *iidx = pd->sidx;
++ key->port[pd->sidx] = icmpid;
++ key->port[pd->didx] = type;
++ } else {
++ *iidx = pd->didx;
++ key->port[pd->sidx] = type;
++ key->port[pd->didx] = icmpid;
++ }
++ if (pd->af == AF_INET6 && multi != PF_ICMP_MULTI_NONE) {
++ switch (multi) {
++ case PF_ICMP_MULTI_SOLICITED:
++ key->addr[pd->sidx].addr32[0] = IPV6_ADDR_INT32_MLL;
++ key->addr[pd->sidx].addr32[1] = 0;
++ key->addr[pd->sidx].addr32[2] = IPV6_ADDR_INT32_ONE;
++ key->addr[pd->sidx].addr32[3] = pd->src->addr32[3];
++ key->addr[pd->sidx].addr8[12] = 0xff;
++ break;
++ case PF_ICMP_MULTI_LINK:
++ key->addr[pd->sidx].addr32[0] = IPV6_ADDR_INT32_MLL;
++ key->addr[pd->sidx].addr32[1] = 0;
++ key->addr[pd->sidx].addr32[2] = 0;
++ key->addr[pd->sidx].addr32[3] = IPV6_ADDR_INT32_ONE;
++ break;
++ }
++ } else
++ PF_ACPY(&key->addr[pd->sidx], pd->src, key->af);
++ PF_ACPY(&key->addr[pd->didx], pd->dst, key->af);
++
++ STATE_LOOKUP(kif, key, direction, *state, pd);
++
++ /* Is this ICMP message flowing in right direction? */
++ if ((*state)->rule.ptr->type &&
++ (((*state)->direction == direction) ?
++ PF_IN : PF_OUT) != icmp_dir) {
++ if (V_pf_status.debug >= PF_DEBUG_MISC) {
++ printf("pf: icmp type %d in wrong direction (%d): ",
++ icmp_dir, pd->dir);
++ pf_print_state(*state);
++ printf("\n");
++ }
++ return (PF_DROP);
++ }
++ return (-1);
++}
++
+ static int
+ pf_test_state_icmp(struct pf_kstate **state, int direction, struct pfi_kkif *kif,
+ struct mbuf *m, int off, void *h, struct pf_pdesc *pd, u_short *reason)
+ {
+ struct pf_addr *saddr = pd->src, *daddr = pd->dst;
+- u_int16_t icmpid = 0, *icmpsum;
++ u_int16_t *icmpsum, virtual_id, virtual_type;
+ u_int8_t icmptype, icmpcode;
+- int state_icmp = 0;
++ int icmp_dir, iidx, ret, multi;
+ struct pf_state_key_cmp key;
++#ifdef INET
++ u_int16_t icmpid;
++#endif
++
++ MPASS(*state == NULL);
+
+ bzero(&key, sizeof(key));
+ switch (pd->proto) {
+@@ -5830,49 +6064,43 @@
+ icmpcode = pd->hdr.icmp.icmp_code;
+ icmpid = pd->hdr.icmp.icmp_id;
+ icmpsum = &pd->hdr.icmp.icmp_cksum;
+-
+- if (icmptype == ICMP_UNREACH ||
+- icmptype == ICMP_SOURCEQUENCH ||
+- icmptype == ICMP_REDIRECT ||
+- icmptype == ICMP_TIMXCEED ||
+- icmptype == ICMP_PARAMPROB)
+- state_icmp++;
+ break;
+ #endif /* INET */
+ #ifdef INET6
+ case IPPROTO_ICMPV6:
+ icmptype = pd->hdr.icmp6.icmp6_type;
+ icmpcode = pd->hdr.icmp6.icmp6_code;
++#ifdef INET
+ icmpid = pd->hdr.icmp6.icmp6_id;
++#endif
+ icmpsum = &pd->hdr.icmp6.icmp6_cksum;
+-
+- if (icmptype == ICMP6_DST_UNREACH ||
+- icmptype == ICMP6_PACKET_TOO_BIG ||
+- icmptype == ICMP6_TIME_EXCEEDED ||
+- icmptype == ICMP6_PARAM_PROB)
+- state_icmp++;
+ break;
+ #endif /* INET6 */
+ }
+
+- if (!state_icmp) {
++ if (pf_icmp_mapping(pd, icmptype, &icmp_dir, &multi,
++ &virtual_id, &virtual_type) == 0) {
+ /*
+ * ICMP query/reply message not related to a TCP/UDP packet.
+ * Search for an ICMP state.
+ */
+- key.af = pd->af;
+- key.proto = pd->proto;
+- key.port[0] = key.port[1] = icmpid;
+- if (direction == PF_IN) { /* wire side, straight */
+- PF_ACPY(&key.addr[0], pd->src, key.af);
+- PF_ACPY(&key.addr[1], pd->dst, key.af);
+- } else { /* stack side, reverse */
+- PF_ACPY(&key.addr[1], pd->src, key.af);
+- PF_ACPY(&key.addr[0], pd->dst, key.af);
++ ret = pf_icmp_state_lookup(&key, pd, state, m, pd->dir,
++ kif, virtual_id, virtual_type, icmp_dir, &iidx,
++ PF_ICMP_MULTI_NONE);
++ if (ret >= 0) {
++ if (ret == PF_DROP && pd->af == AF_INET6 &&
++ icmp_dir == PF_OUT) {
++ if (*state != NULL)
++ PF_STATE_UNLOCK((*state));
++ ret = pf_icmp_state_lookup(&key, pd, state, m,
++ pd->dir, kif, virtual_id, virtual_type,
++ icmp_dir, &iidx, multi);
++ if (ret >= 0)
++ return (ret);
++ } else
++ return (ret);
+ }
+
+- STATE_LOOKUP(kif, &key, direction, *state, pd);
+-
+ (*state)->expire = time_uptime;
+ (*state)->timeout = PFTM_ICMP_ERROR_REPLY;
+
+@@ -5895,14 +6123,14 @@
+ pd->ip_sum,
+ nk->addr[pd->didx].v4.s_addr, 0);
+
+- if (nk->port[0] !=
++ if (nk->port[iidx] !=
+ pd->hdr.icmp.icmp_id) {
+ pd->hdr.icmp.icmp_cksum =
+ pf_cksum_fixup(
+ pd->hdr.icmp.icmp_cksum, icmpid,
+- nk->port[pd->sidx], 0);
++ nk->port[iidx], 0);
+ pd->hdr.icmp.icmp_id =
+- nk->port[pd->sidx];
++ nk->port[iidx];
+ }
+
+ m_copyback(m, off, ICMP_MINLEN,
+@@ -6267,13 +6495,15 @@
+ return (PF_DROP);
+ }
+
+- key.af = pd2.af;
+- key.proto = IPPROTO_ICMP;
+- PF_ACPY(&key.addr[pd2.sidx], pd2.src, key.af);
+- PF_ACPY(&key.addr[pd2.didx], pd2.dst, key.af);
+- key.port[0] = key.port[1] = iih.icmp_id;
++ icmpid = iih.icmp_id;
++ pf_icmp_mapping(&pd2, iih.icmp_type,
++ &icmp_dir, &multi, &virtual_id, &virtual_type);
+
+- STATE_LOOKUP(kif, &key, direction, *state, pd);
++ ret = pf_icmp_state_lookup(&key, &pd2, state, m,
++ pd->dir, kif, virtual_id, virtual_type,
++ icmp_dir, &iidx, PF_ICMP_MULTI_NONE);
++ if (ret >= 0)
++ return (ret);
+
+ /* translate source/destination address, if necessary */
+ if ((*state)->key[PF_SK_WIRE] !=
+@@ -6283,21 +6513,23 @@
+
+ if (PF_ANEQ(pd2.src,
+ &nk->addr[pd2.sidx], pd2.af) ||
+- nk->port[pd2.sidx] != iih.icmp_id)
+- pf_change_icmp(pd2.src, &iih.icmp_id,
++ (virtual_type == htons(ICMP_ECHO) &&
++ nk->port[iidx] != iih.icmp_id))
++ pf_change_icmp(pd2.src,
++ (virtual_type == htons(ICMP_ECHO)) ?
++ &iih.icmp_id : NULL,
+ daddr, &nk->addr[pd2.sidx],
+- nk->port[pd2.sidx], NULL,
++ (virtual_type == htons(ICMP_ECHO)) ?
++ nk->port[iidx] : 0, NULL,
+ pd2.ip_sum, icmpsum,
+ pd->ip_sum, 0, AF_INET);
+
+ if (PF_ANEQ(pd2.dst,
+- &nk->addr[pd2.didx], pd2.af) ||
+- nk->port[pd2.didx] != iih.icmp_id)
+- pf_change_icmp(pd2.dst, &iih.icmp_id,
+- saddr, &nk->addr[pd2.didx],
+- nk->port[pd2.didx], NULL,
+- pd2.ip_sum, icmpsum,
+- pd->ip_sum, 0, AF_INET);
++ &nk->addr[pd2.didx], pd2.af))
++ pf_change_icmp(pd2.dst, NULL, NULL,
++ &nk->addr[pd2.didx], 0, NULL,
++ pd2.ip_sum, icmpsum, pd->ip_sum, 0,
++ AF_INET);
+
+ m_copyback(m, off, ICMP_MINLEN, (caddr_t)&pd->hdr.icmp);
+ m_copyback(m, ipoff2, sizeof(h2), (caddr_t)&h2);
+@@ -6319,13 +6551,25 @@
+ return (PF_DROP);
+ }
+
+- key.af = pd2.af;
+- key.proto = IPPROTO_ICMPV6;
+- PF_ACPY(&key.addr[pd2.sidx], pd2.src, key.af);
+- PF_ACPY(&key.addr[pd2.didx], pd2.dst, key.af);
+- key.port[0] = key.port[1] = iih.icmp6_id;
+-
+- STATE_LOOKUP(kif, &key, direction, *state, pd);
++ pf_icmp_mapping(&pd2, iih.icmp6_type,
++ &icmp_dir, &multi, &virtual_id, &virtual_type);
++ ret = pf_icmp_state_lookup(&key, &pd2, state, m,
++ pd->dir, kif, virtual_id, virtual_type,
++ icmp_dir, &iidx, PF_ICMP_MULTI_NONE);
++ if (ret >= 0) {
++ if (ret == PF_DROP && pd->af == AF_INET6 &&
++ icmp_dir == PF_OUT) {
++ if (*state != NULL)
++ PF_STATE_UNLOCK((*state));
++ ret = pf_icmp_state_lookup(&key, pd,
++ state, m, pd->dir, kif,
++ virtual_id, virtual_type,
++ icmp_dir, &iidx, multi);
++ if (ret >= 0)
++ return (ret);
++ } else
++ return (ret);
++ }
+
+ /* translate source/destination address, if necessary */
+ if ((*state)->key[PF_SK_WIRE] !=
+@@ -6335,19 +6579,21 @@
+
+ if (PF_ANEQ(pd2.src,
+ &nk->addr[pd2.sidx], pd2.af) ||
+- nk->port[pd2.sidx] != iih.icmp6_id)
+- pf_change_icmp(pd2.src, &iih.icmp6_id,
++ ((virtual_type == htons(ICMP6_ECHO_REQUEST)) &&
++ nk->port[pd2.sidx] != iih.icmp6_id))
++ pf_change_icmp(pd2.src,
++ (virtual_type == htons(ICMP6_ECHO_REQUEST))
++ ? &iih.icmp6_id : NULL,
+ daddr, &nk->addr[pd2.sidx],
+- nk->port[pd2.sidx], NULL,
++ (virtual_type == htons(ICMP6_ECHO_REQUEST))
++ ? nk->port[iidx] : 0, NULL,
+ pd2.ip_sum, icmpsum,
+ pd->ip_sum, 0, AF_INET6);
+
+ if (PF_ANEQ(pd2.dst,
+- &nk->addr[pd2.didx], pd2.af) ||
+- nk->port[pd2.didx] != iih.icmp6_id)
+- pf_change_icmp(pd2.dst, &iih.icmp6_id,
+- saddr, &nk->addr[pd2.didx],
+- nk->port[pd2.didx], NULL,
++ &nk->addr[pd2.didx], pd2.af))
++ pf_change_icmp(pd2.dst, NULL, NULL,
++ &nk->addr[pd2.didx], 0, NULL,
+ pd2.ip_sum, icmpsum,
+ pd->ip_sum, 0, AF_INET6);
+
+--- sys/netpfil/pf/pf_lb.c.orig
++++ sys/netpfil/pf/pf_lb.c
+@@ -222,6 +222,23 @@
+ if (pf_map_addr(af, r, saddr, naddr, &init_addr, sn))
+ return (1);
+
++ if (proto == IPPROTO_ICMP) {
++ if (*nport == htons(ICMP_ECHO)) {
++ low = 1;
++ high = 65535;
++ } else
++ return (0); /* Don't try to modify non-echo ICMP */
++ }
++#ifdef INET6
++ if (proto == IPPROTO_ICMPV6) {
++ if (*nport == htons(ICMP6_ECHO_REQUEST)) {
++ low = 1;
++ high = 65535;
++ } else
++ return (0); /* Don't try to modify non-echo ICMP */
++ }
++#endif /* INET6 */
++
+ bzero(&key, sizeof(key));
+ key.af = af;
+ key.proto = proto;
+@@ -606,7 +623,7 @@
+ switch (r->action) {
+ case PF_NAT:
+ if (pd->proto == IPPROTO_ICMP) {
+- low = 1;
++ low = 1;
+ high = 65535;
+ } else {
+ low = r->rpool.proxy_port[0];
diff --git a/website/static/security/patches/SA-24:05/pf-13.patch.asc b/website/static/security/patches/SA-24:05/pf-13.patch.asc
new file mode 100644
index 0000000000..5fb28ffa7d
--- /dev/null
+++ b/website/static/security/patches/SA-24:05/pf-13.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmazhawACgkQbljekB8A
+Gu9vJw//e8R+kcZCUQTBFJEXqED9aQUtkDIoUqRnpqlkDUZzM/19lQhHceaLdpH4
+4fS2JgIZ55J2t9a69KRTSOyeB/vX4c7flShXjdRpZSjM/IC/qoUuiFSmchMzbmvd
+i38pRSQE3ps4X6stCiUFd8TSllqHPhgtBF0s89DQRHJMOPCZBQtqr2gA4fvidk5F
+8Mw26e6v1ULcoxA7l6ruOItOYL/uVkay4AWcWJh1bsa+b8nj3saQIPUD4SCtx7Qd
+4dXQOTPC8dJjjqL7kATNsWL2KHbyncrccqlF1iELufk4aMOcp+ZlCghMpCxzUegu
+9Oh5S2XFmdN3I7sVGhzjMinD+NEJYbzr7Ke/moYNGyohUMth1LO0JEi/RThYw7yu
+moYuaG3m0zmKxJ9KHor3KOSKQ+l8b3bTyglkMjt4auqi6W0qH4Wq2LCUOgykfh60
+eUUxJSQSwmN4Od85V7hscFohShJxCMaiueyMoOU3QEDyBLtMvHVgXLHJ7jxGYdfF
+9ggVqmuXbq3fDqwnyCGNxIcoGhXxQPEjtxzOsg+EyVpovTUJWCihnb9Z5tF7QAsG
+joJO+4Gz7EnmOeg50sD5tIMY9hSwyaI/ptpdGzB8XTNVGQl/omzAYcP+OxbPA2y4
+GlxCINsABK3f9XlkNQk4g211iPmQ8IIxGzjpQZjgZNmHVkT6o+Y=
+=fjaq
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/SA-24:05/pf-14.patch b/website/static/security/patches/SA-24:05/pf-14.patch
new file mode 100644
index 0000000000..846f27ce6c
--- /dev/null
+++ b/website/static/security/patches/SA-24:05/pf-14.patch
@@ -0,0 +1,616 @@
+--- sys/netpfil/pf/pf.c.orig
++++ sys/netpfil/pf/pf.c
+@@ -291,6 +291,8 @@
+ u_int16_t, u_int8_t, sa_family_t);
+ static int pf_modulate_sack(struct mbuf *, int, struct pf_pdesc *,
+ struct tcphdr *, struct pf_state_peer *);
++int pf_icmp_mapping(struct pf_pdesc *, u_int8_t, int *,
++ int *, u_int16_t *, u_int16_t *);
+ static void pf_change_icmp(struct pf_addr *, u_int16_t *,
+ struct pf_addr *, struct pf_addr *, u_int16_t,
+ u_int16_t *, u_int16_t *, u_int16_t *,
+@@ -337,6 +339,10 @@
+ static int pf_test_state_udp(struct pf_kstate **,
+ struct pfi_kkif *, struct mbuf *, int,
+ void *, struct pf_pdesc *);
++int pf_icmp_state_lookup(struct pf_state_key_cmp *,
++ struct pf_pdesc *, struct pf_kstate **, struct mbuf *,
++ int, struct pfi_kkif *, u_int16_t, u_int16_t,
++ int, int *, int);
+ static int pf_test_state_icmp(struct pf_kstate **,
+ struct pfi_kkif *, struct mbuf *, int,
+ void *, struct pf_pdesc *, u_short *);
+@@ -389,6 +395,8 @@
+
+ VNET_DEFINE(struct pf_limit, pf_limits[PF_LIMIT_MAX]);
+
++enum { PF_ICMP_MULTI_NONE, PF_ICMP_MULTI_SOLICITED, PF_ICMP_MULTI_LINK };
++
+ #define PACKET_UNDO_NAT(_m, _pd, _off, _s) \
+ do { \
+ struct pf_state_key *nk; \
+@@ -1734,6 +1742,172 @@
+ return (false);
+ }
+
++int
++pf_icmp_mapping(struct pf_pdesc *pd, u_int8_t type,
++ int *icmp_dir, int *multi, u_int16_t *virtual_id, u_int16_t *virtual_type)
++{
++ /*
++ * ICMP types marked with PF_OUT are typically responses to
++ * PF_IN, and will match states in the opposite direction.
++ * PF_IN ICMP types need to match a state with that type.
++ */
++ *icmp_dir = PF_OUT;
++ *multi = PF_ICMP_MULTI_LINK;
++ /* Queries (and responses) */
++ switch (pd->af) {
++#ifdef INET
++ case AF_INET:
++ switch (type) {
++ case ICMP_ECHO:
++ *icmp_dir = PF_IN;
++ case ICMP_ECHOREPLY:
++ *virtual_type = ICMP_ECHO;
++ *virtual_id = pd->hdr.icmp.icmp_id;
++ break;
++
++ case ICMP_TSTAMP:
++ *icmp_dir = PF_IN;
++ case ICMP_TSTAMPREPLY:
++ *virtual_type = ICMP_TSTAMP;
++ *virtual_id = pd->hdr.icmp.icmp_id;
++ break;
++
++ case ICMP_IREQ:
++ *icmp_dir = PF_IN;
++ case ICMP_IREQREPLY:
++ *virtual_type = ICMP_IREQ;
++ *virtual_id = pd->hdr.icmp.icmp_id;
++ break;
++
++ case ICMP_MASKREQ:
++ *icmp_dir = PF_IN;
++ case ICMP_MASKREPLY:
++ *virtual_type = ICMP_MASKREQ;
++ *virtual_id = pd->hdr.icmp.icmp_id;
++ break;
++
++ case ICMP_IPV6_WHEREAREYOU:
++ *icmp_dir = PF_IN;
++ case ICMP_IPV6_IAMHERE:
++ *virtual_type = ICMP_IPV6_WHEREAREYOU;
++ *virtual_id = 0; /* Nothing sane to match on! */
++ break;
++
++ case ICMP_MOBILE_REGREQUEST:
++ *icmp_dir = PF_IN;
++ case ICMP_MOBILE_REGREPLY:
++ *virtual_type = ICMP_MOBILE_REGREQUEST;
++ *virtual_id = 0; /* Nothing sane to match on! */
++ break;
++
++ case ICMP_ROUTERSOLICIT:
++ *icmp_dir = PF_IN;
++ case ICMP_ROUTERADVERT:
++ *virtual_type = ICMP_ROUTERSOLICIT;
++ *virtual_id = 0; /* Nothing sane to match on! */
++ break;
++
++ /* These ICMP types map to other connections */
++ case ICMP_UNREACH:
++ case ICMP_SOURCEQUENCH:
++ case ICMP_REDIRECT:
++ case ICMP_TIMXCEED:
++ case ICMP_PARAMPROB:
++ /* These will not be used, but set them anyway */
++ *icmp_dir = PF_IN;
++ *virtual_type = type;
++ *virtual_id = 0;
++ HTONS(*virtual_type);
++ return (1); /* These types match to another state */
++
++ /*
++ * All remaining ICMP types get their own states,
++ * and will only match in one direction.
++ */
++ default:
++ *icmp_dir = PF_IN;
++ *virtual_type = type;
++ *virtual_id = 0;
++ break;
++ }
++ break;
++#endif /* INET */
++#ifdef INET6
++ case AF_INET6:
++ switch (type) {
++ case ICMP6_ECHO_REQUEST:
++ *icmp_dir = PF_IN;
++ case ICMP6_ECHO_REPLY:
++ *virtual_type = ICMP6_ECHO_REQUEST;
++ *virtual_id = pd->hdr.icmp6.icmp6_id;
++ break;
++
++ case MLD_LISTENER_QUERY:
++ case MLD_LISTENER_REPORT: {
++ /*
++ * Listener Report can be sent by clients
++ * without an associated Listener Query.
++ * In addition to that, when Report is sent as a
++ * reply to a Query its source and destination
++ * address are different.
++ */
++ *icmp_dir = PF_IN;
++ *virtual_type = MLD_LISTENER_QUERY;
++ *virtual_id = 0;
++ break;
++ }
++ case MLD_MTRACE:
++ *icmp_dir = PF_IN;
++ case MLD_MTRACE_RESP:
++ *virtual_type = MLD_MTRACE;
++ *virtual_id = 0; /* Nothing sane to match on! */
++ break;
++
++ case ND_NEIGHBOR_SOLICIT:
++ *icmp_dir = PF_IN;
++ case ND_NEIGHBOR_ADVERT: {
++ *virtual_type = ND_NEIGHBOR_SOLICIT;
++ *virtual_id = 0;
++ break;
++ }
++
++ /*
++ * These ICMP types map to other connections.
++ * ND_REDIRECT can't be in this list because the triggering
++ * packet header is optional.
++ */
++ case ICMP6_DST_UNREACH:
++ case ICMP6_PACKET_TOO_BIG:
++ case ICMP6_TIME_EXCEEDED:
++ case ICMP6_PARAM_PROB:
++ /* These will not be used, but set them anyway */
++ *icmp_dir = PF_IN;
++ *virtual_type = type;
++ *virtual_id = 0;
++ HTONS(*virtual_type);
++ return (1); /* These types match to another state */
++ /*
++ * All remaining ICMP6 types get their own states,
++ * and will only match in one direction.
++ */
++ default:
++ *icmp_dir = PF_IN;
++ *virtual_type = type;
++ *virtual_id = 0;
++ break;
++ }
++ break;
++#endif /* INET6 */
++ default:
++ *icmp_dir = PF_IN;
++ *virtual_type = type;
++ *virtual_id = 0;
++ break;
++ }
++ HTONS(*virtual_type);
++ return (0); /* These types match to their own state */
++}
++
+ void
+ pf_intr(void *v)
+ {
+@@ -4397,8 +4571,8 @@
+ int tag = -1;
+ int asd = 0;
+ int match = 0;
+- int state_icmp = 0;
+- u_int16_t sport = 0, dport = 0;
++ int state_icmp = 0, icmp_dir, multi;
++ u_int16_t sport = 0, dport = 0, virtual_type, virtual_id;
+ u_int16_t bproto_sum = 0, bip_sum = 0;
+ u_int8_t icmptype = 0, icmpcode = 0;
+ struct pf_kanchor_stackframe anchor_stack[PF_ANCHOR_STACKSIZE];
+@@ -4432,33 +4606,37 @@
+ case IPPROTO_ICMP:
+ if (pd->af != AF_INET)
+ break;
+- sport = dport = pd->hdr.icmp.icmp_id;
+ hdrlen = sizeof(pd->hdr.icmp);
+ icmptype = pd->hdr.icmp.icmp_type;
+ icmpcode = pd->hdr.icmp.icmp_code;
+-
+- if (icmptype == ICMP_UNREACH ||
+- icmptype == ICMP_SOURCEQUENCH ||
+- icmptype == ICMP_REDIRECT ||
+- icmptype == ICMP_TIMXCEED ||
+- icmptype == ICMP_PARAMPROB)
+- state_icmp++;
++ state_icmp = pf_icmp_mapping(pd, icmptype,
++ &icmp_dir, &multi, &virtual_id, &virtual_type);
++ if (icmp_dir == PF_IN) {
++ sport = virtual_id;
++ dport = virtual_type;
++ } else {
++ sport = virtual_type;
++ dport = virtual_id;
++ }
+ break;
+ #endif /* INET */
+ #ifdef INET6
+ case IPPROTO_ICMPV6:
+ if (af != AF_INET6)
+ break;
+- sport = dport = pd->hdr.icmp6.icmp6_id;
+ hdrlen = sizeof(pd->hdr.icmp6);
+ icmptype = pd->hdr.icmp6.icmp6_type;
+ icmpcode = pd->hdr.icmp6.icmp6_code;
++ state_icmp = pf_icmp_mapping(pd, icmptype,
++ &icmp_dir, &multi, &virtual_id, &virtual_type);
++ if (icmp_dir == PF_IN) {
++ sport = virtual_id;
++ dport = virtual_type;
++ } else {
++ sport = virtual_type;
++ dport = virtual_id;
++ }
+
+- if (icmptype == ICMP6_DST_UNREACH ||
+- icmptype == ICMP6_PACKET_TOO_BIG ||
+- icmptype == ICMP6_TIME_EXCEEDED ||
+- icmptype == ICMP6_PARAM_PROB)
+- state_icmp++;
+ break;
+ #endif /* INET6 */
+ default:
+@@ -4552,7 +4730,6 @@
+ }
+ #ifdef INET
+ case IPPROTO_ICMP:
+- nk->port[0] = nk->port[1];
+ if (PF_ANEQ(saddr, &nk->addr[pd->sidx], AF_INET))
+ pf_change_a(&saddr->v4.s_addr, pd->ip_sum,
+ nk->addr[pd->sidx].v4.s_addr, 0);
+@@ -4561,11 +4738,12 @@
+ pf_change_a(&daddr->v4.s_addr, pd->ip_sum,
+ nk->addr[pd->didx].v4.s_addr, 0);
+
+- if (nk->port[1] != pd->hdr.icmp.icmp_id) {
++ if (virtual_type == htons(ICMP_ECHO) &&
++ nk->port[pd->sidx] != pd->hdr.icmp.icmp_id) {
+ pd->hdr.icmp.icmp_cksum = pf_cksum_fixup(
+ pd->hdr.icmp.icmp_cksum, sport,
+- nk->port[1], 0);
+- pd->hdr.icmp.icmp_id = nk->port[1];
++ nk->port[pd->sidx], 0);
++ pd->hdr.icmp.icmp_id = nk->port[pd->sidx];
+ pd->sport = &pd->hdr.icmp.icmp_id;
+ }
+ m_copyback(m, off, ICMP_MINLEN, (caddr_t)&pd->hdr.icmp);
+@@ -4573,7 +4751,6 @@
+ #endif /* INET */
+ #ifdef INET6
+ case IPPROTO_ICMPV6:
+- nk->port[0] = nk->port[1];
+ if (PF_ANEQ(saddr, &nk->addr[pd->sidx], AF_INET6))
+ pf_change_a6(saddr, &pd->hdr.icmp6.icmp6_cksum,
+ &nk->addr[pd->sidx], 0);
+@@ -6402,15 +6579,73 @@
+ return (pf_multihome_scan(m, start, len, pd, kif, SCTP_ADD_IP_ADDRESS));
+ }
+
++int
++pf_icmp_state_lookup(struct pf_state_key_cmp *key, struct pf_pdesc *pd,
++ struct pf_kstate **state, struct mbuf *m, int direction, struct pfi_kkif *kif,
++ u_int16_t icmpid, u_int16_t type, int icmp_dir, int *iidx, int multi)
++{
++ key->af = pd->af;
++ key->proto = pd->proto;
++ if (icmp_dir == PF_IN) {
++ *iidx = pd->sidx;
++ key->port[pd->sidx] = icmpid;
++ key->port[pd->didx] = type;
++ } else {
++ *iidx = pd->didx;
++ key->port[pd->sidx] = type;
++ key->port[pd->didx] = icmpid;
++ }
++ if (pd->af == AF_INET6 && multi != PF_ICMP_MULTI_NONE) {
++ switch (multi) {
++ case PF_ICMP_MULTI_SOLICITED:
++ key->addr[pd->sidx].addr32[0] = IPV6_ADDR_INT32_MLL;
++ key->addr[pd->sidx].addr32[1] = 0;
++ key->addr[pd->sidx].addr32[2] = IPV6_ADDR_INT32_ONE;
++ key->addr[pd->sidx].addr32[3] = pd->src->addr32[3];
++ key->addr[pd->sidx].addr8[12] = 0xff;
++ break;
++ case PF_ICMP_MULTI_LINK:
++ key->addr[pd->sidx].addr32[0] = IPV6_ADDR_INT32_MLL;
++ key->addr[pd->sidx].addr32[1] = 0;
++ key->addr[pd->sidx].addr32[2] = 0;
++ key->addr[pd->sidx].addr32[3] = IPV6_ADDR_INT32_ONE;
++ break;
++ }
++ } else
++ PF_ACPY(&key->addr[pd->sidx], pd->src, key->af);
++ PF_ACPY(&key->addr[pd->didx], pd->dst, key->af);
++
++ STATE_LOOKUP(kif, key, *state, pd);
++
++ /* Is this ICMP message flowing in right direction? */
++ if ((*state)->rule.ptr->type &&
++ (((*state)->direction == direction) ?
++ PF_IN : PF_OUT) != icmp_dir) {
++ if (V_pf_status.debug >= PF_DEBUG_MISC) {
++ printf("pf: icmp type %d in wrong direction (%d): ",
++ icmp_dir, pd->dir);
++ pf_print_state(*state);
++ printf("\n");
++ }
++ return (PF_DROP);
++ }
++ return (-1);
++}
++
+ static int
+ pf_test_state_icmp(struct pf_kstate **state, struct pfi_kkif *kif,
+ struct mbuf *m, int off, void *h, struct pf_pdesc *pd, u_short *reason)
+ {
+ struct pf_addr *saddr = pd->src, *daddr = pd->dst;
+- u_int16_t icmpid = 0, *icmpsum;
++ u_int16_t *icmpsum, virtual_id, virtual_type;
+ u_int8_t icmptype, icmpcode;
+- int state_icmp = 0;
++ int icmp_dir, iidx, ret, multi;
+ struct pf_state_key_cmp key;
++#ifdef INET
++ u_int16_t icmpid;
++#endif
++
++ MPASS(*state == NULL);
+
+ bzero(&key, sizeof(key));
+ switch (pd->proto) {
+@@ -6420,49 +6655,43 @@
+ icmpcode = pd->hdr.icmp.icmp_code;
+ icmpid = pd->hdr.icmp.icmp_id;
+ icmpsum = &pd->hdr.icmp.icmp_cksum;
+-
+- if (icmptype == ICMP_UNREACH ||
+- icmptype == ICMP_SOURCEQUENCH ||
+- icmptype == ICMP_REDIRECT ||
+- icmptype == ICMP_TIMXCEED ||
+- icmptype == ICMP_PARAMPROB)
+- state_icmp++;
+ break;
+ #endif /* INET */
+ #ifdef INET6
+ case IPPROTO_ICMPV6:
+ icmptype = pd->hdr.icmp6.icmp6_type;
+ icmpcode = pd->hdr.icmp6.icmp6_code;
++#ifdef INET
+ icmpid = pd->hdr.icmp6.icmp6_id;
++#endif
+ icmpsum = &pd->hdr.icmp6.icmp6_cksum;
+-
+- if (icmptype == ICMP6_DST_UNREACH ||
+- icmptype == ICMP6_PACKET_TOO_BIG ||
+- icmptype == ICMP6_TIME_EXCEEDED ||
+- icmptype == ICMP6_PARAM_PROB)
+- state_icmp++;
+ break;
+ #endif /* INET6 */
+ }
+
+- if (!state_icmp) {
++ if (pf_icmp_mapping(pd, icmptype, &icmp_dir, &multi,
++ &virtual_id, &virtual_type) == 0) {
+ /*
+ * ICMP query/reply message not related to a TCP/UDP packet.
+ * Search for an ICMP state.
+ */
+- key.af = pd->af;
+- key.proto = pd->proto;
+- key.port[0] = key.port[1] = icmpid;
+- if (pd->dir == PF_IN) { /* wire side, straight */
+- PF_ACPY(&key.addr[0], pd->src, key.af);
+- PF_ACPY(&key.addr[1], pd->dst, key.af);
+- } else { /* stack side, reverse */
+- PF_ACPY(&key.addr[1], pd->src, key.af);
+- PF_ACPY(&key.addr[0], pd->dst, key.af);
++ ret = pf_icmp_state_lookup(&key, pd, state, m, pd->dir,
++ kif, virtual_id, virtual_type, icmp_dir, &iidx,
++ PF_ICMP_MULTI_NONE);
++ if (ret >= 0) {
++ if (ret == PF_DROP && pd->af == AF_INET6 &&
++ icmp_dir == PF_OUT) {
++ if (*state != NULL)
++ PF_STATE_UNLOCK((*state));
++ ret = pf_icmp_state_lookup(&key, pd, state, m,
++ pd->dir, kif, virtual_id, virtual_type,
++ icmp_dir, &iidx, multi);
++ if (ret >= 0)
++ return (ret);
++ } else
++ return (ret);
+ }
+
+- STATE_LOOKUP(kif, &key, *state, pd);
+-
+ (*state)->expire = time_uptime;
+ (*state)->timeout = PFTM_ICMP_ERROR_REPLY;
+
+@@ -6485,14 +6714,14 @@
+ pd->ip_sum,
+ nk->addr[pd->didx].v4.s_addr, 0);
+
+- if (nk->port[0] !=
++ if (nk->port[iidx] !=
+ pd->hdr.icmp.icmp_id) {
+ pd->hdr.icmp.icmp_cksum =
+ pf_cksum_fixup(
+ pd->hdr.icmp.icmp_cksum, icmpid,
+- nk->port[pd->sidx], 0);
++ nk->port[iidx], 0);
+ pd->hdr.icmp.icmp_id =
+- nk->port[pd->sidx];
++ nk->port[iidx];
+ }
+
+ m_copyback(m, off, ICMP_MINLEN,
+@@ -6857,13 +7086,15 @@
+ return (PF_DROP);
+ }
+
+- key.af = pd2.af;
+- key.proto = IPPROTO_ICMP;
+- PF_ACPY(&key.addr[pd2.sidx], pd2.src, key.af);
+- PF_ACPY(&key.addr[pd2.didx], pd2.dst, key.af);
+- key.port[0] = key.port[1] = iih.icmp_id;
++ icmpid = iih.icmp_id;
++ pf_icmp_mapping(&pd2, iih.icmp_type,
++ &icmp_dir, &multi, &virtual_id, &virtual_type);
+
+- STATE_LOOKUP(kif, &key, *state, pd);
++ ret = pf_icmp_state_lookup(&key, &pd2, state, m,
++ pd->dir, kif, virtual_id, virtual_type,
++ icmp_dir, &iidx, PF_ICMP_MULTI_NONE);
++ if (ret >= 0)
++ return (ret);
+
+ /* translate source/destination address, if necessary */
+ if ((*state)->key[PF_SK_WIRE] !=
+@@ -6873,21 +7104,23 @@
+
+ if (PF_ANEQ(pd2.src,
+ &nk->addr[pd2.sidx], pd2.af) ||
+- nk->port[pd2.sidx] != iih.icmp_id)
+- pf_change_icmp(pd2.src, &iih.icmp_id,
++ (virtual_type == htons(ICMP_ECHO) &&
++ nk->port[iidx] != iih.icmp_id))
++ pf_change_icmp(pd2.src,
++ (virtual_type == htons(ICMP_ECHO)) ?
++ &iih.icmp_id : NULL,
+ daddr, &nk->addr[pd2.sidx],
+- nk->port[pd2.sidx], NULL,
++ (virtual_type == htons(ICMP_ECHO)) ?
++ nk->port[iidx] : 0, NULL,
+ pd2.ip_sum, icmpsum,
+ pd->ip_sum, 0, AF_INET);
+
+ if (PF_ANEQ(pd2.dst,
+- &nk->addr[pd2.didx], pd2.af) ||
+- nk->port[pd2.didx] != iih.icmp_id)
+- pf_change_icmp(pd2.dst, &iih.icmp_id,
+- saddr, &nk->addr[pd2.didx],
+- nk->port[pd2.didx], NULL,
+- pd2.ip_sum, icmpsum,
+- pd->ip_sum, 0, AF_INET);
++ &nk->addr[pd2.didx], pd2.af))
++ pf_change_icmp(pd2.dst, NULL, NULL,
++ &nk->addr[pd2.didx], 0, NULL,
++ pd2.ip_sum, icmpsum, pd->ip_sum, 0,
++ AF_INET);
+
+ m_copyback(m, off, ICMP_MINLEN, (caddr_t)&pd->hdr.icmp);
+ m_copyback(m, ipoff2, sizeof(h2), (caddr_t)&h2);
+@@ -6909,13 +7142,25 @@
+ return (PF_DROP);
+ }
+
+- key.af = pd2.af;
+- key.proto = IPPROTO_ICMPV6;
+- PF_ACPY(&key.addr[pd2.sidx], pd2.src, key.af);
+- PF_ACPY(&key.addr[pd2.didx], pd2.dst, key.af);
+- key.port[0] = key.port[1] = iih.icmp6_id;
+-
+- STATE_LOOKUP(kif, &key, *state, pd);
++ pf_icmp_mapping(&pd2, iih.icmp6_type,
++ &icmp_dir, &multi, &virtual_id, &virtual_type);
++ ret = pf_icmp_state_lookup(&key, &pd2, state, m,
++ pd->dir, kif, virtual_id, virtual_type,
++ icmp_dir, &iidx, PF_ICMP_MULTI_NONE);
++ if (ret >= 0) {
++ if (ret == PF_DROP && pd->af == AF_INET6 &&
++ icmp_dir == PF_OUT) {
++ if (*state != NULL)
++ PF_STATE_UNLOCK((*state));
++ ret = pf_icmp_state_lookup(&key, pd,
++ state, m, pd->dir, kif,
++ virtual_id, virtual_type,
++ icmp_dir, &iidx, multi);
++ if (ret >= 0)
++ return (ret);
++ } else
++ return (ret);
++ }
+
+ /* translate source/destination address, if necessary */
+ if ((*state)->key[PF_SK_WIRE] !=
+@@ -6925,19 +7170,21 @@
+
+ if (PF_ANEQ(pd2.src,
+ &nk->addr[pd2.sidx], pd2.af) ||
+- nk->port[pd2.sidx] != iih.icmp6_id)
+- pf_change_icmp(pd2.src, &iih.icmp6_id,
++ ((virtual_type == htons(ICMP6_ECHO_REQUEST)) &&
++ nk->port[pd2.sidx] != iih.icmp6_id))
++ pf_change_icmp(pd2.src,
++ (virtual_type == htons(ICMP6_ECHO_REQUEST))
++ ? &iih.icmp6_id : NULL,
+ daddr, &nk->addr[pd2.sidx],
+- nk->port[pd2.sidx], NULL,
++ (virtual_type == htons(ICMP6_ECHO_REQUEST))
++ ? nk->port[iidx] : 0, NULL,
+ pd2.ip_sum, icmpsum,
+ pd->ip_sum, 0, AF_INET6);
+
+ if (PF_ANEQ(pd2.dst,
+- &nk->addr[pd2.didx], pd2.af) ||
+- nk->port[pd2.didx] != iih.icmp6_id)
+- pf_change_icmp(pd2.dst, &iih.icmp6_id,
+- saddr, &nk->addr[pd2.didx],
+- nk->port[pd2.didx], NULL,
++ &nk->addr[pd2.didx], pd2.af))
++ pf_change_icmp(pd2.dst, NULL, NULL,
++ &nk->addr[pd2.didx], 0, NULL,
+ pd2.ip_sum, icmpsum,
+ pd->ip_sum, 0, AF_INET6);
+
+--- sys/netpfil/pf/pf_lb.c.orig
++++ sys/netpfil/pf/pf_lb.c
+@@ -225,6 +225,23 @@
+ if (pf_map_addr(af, r, saddr, naddr, NULL, &init_addr, sn))
+ return (1);
+
++ if (proto == IPPROTO_ICMP) {
++ if (*nport == htons(ICMP_ECHO)) {
++ low = 1;
++ high = 65535;
++ } else
++ return (0); /* Don't try to modify non-echo ICMP */
++ }
++#ifdef INET6
++ if (proto == IPPROTO_ICMPV6) {
++ if (*nport == htons(ICMP6_ECHO_REQUEST)) {
++ low = 1;
++ high = 65535;
++ } else
++ return (0); /* Don't try to modify non-echo ICMP */
++ }
++#endif /* INET6 */
++
+ bzero(&key, sizeof(key));
+ key.af = af;
+ key.proto = proto;
+@@ -633,7 +650,7 @@
+ switch (r->action) {
+ case PF_NAT:
+ if (pd->proto == IPPROTO_ICMP) {
+- low = 1;
++ low = 1;
+ high = 65535;
+ } else {
+ low = r->rpool.proxy_port[0];
diff --git a/website/static/security/patches/SA-24:05/pf-14.patch.asc b/website/static/security/patches/SA-24:05/pf-14.patch.asc
new file mode 100644
index 0000000000..379b631459
--- /dev/null
+++ b/website/static/security/patches/SA-24:05/pf-14.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmazha0ACgkQbljekB8A
+Gu8SBQ/9G8rKkwiAzEk9gKBXgk6Q5o6Wv1ibcrrcV+DohAm5mLQsGSZsgjL0VWTT
+FFfB8lwgo4fM+Q6N2a1oNpM2N9hqhUHU1G2xkasDCdEdSZc2OBvWo+Hlx4nI42yV
+R5/bNNBXpUGtaCaMr5um/f6WBgrexN2nwFyGX2Wg4p5gGUcaCtXHcYBJoPnDCBJS
+s9mbg/rzs65y7HUvKQ6Npe7RQqw0XugPhnFCU0y5h4ap2BQAze4Qi8C77Aw1BaVo
+E0Z0xmYoc0AvD1YQrKLljRqQqHFf4brEcC+ywf2upw7pjWaXU7yYXSZcU0Jj7bmF
+sXbuHl8K712f15OnhPRqrBVScbXG/RA8UvfxwipkFlviFxkjZbQKMoONSVGN7faq
+7gbFiqPY5h4tTAj10hCCOCJfou24ZT9MeSj7BvA2NQM5tyVUUptxT9pOnL0Qawnx
+H4Lv73h9bw4CALD+Igy1Gz1gkYSYPOqYN/bjsKWIi7ekEKlI+Dco/CBMc5nUDJxt
+fO8HXm00qptPFsBIswqGIaSj6XR/MIdHm1QkvWDhhuu5CfPvjsmnT5bsX7ctziSe
+t7mLHg3OUkjf9m1HeS7ARKmyfzIq/cJ08GX2sBk1u/nWPzgCbv1bTtPcmjC4RP9X
+U52R/HQmaeQdUE35DsaOY29/fSspMB6kgLRvcNE8SZd71MjRZiM=
+=gw/+
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/SA-24:06/ktrace.patch b/website/static/security/patches/SA-24:06/ktrace.patch
new file mode 100644
index 0000000000..c1914c1647
--- /dev/null
+++ b/website/static/security/patches/SA-24:06/ktrace.patch
@@ -0,0 +1,11 @@
+--- sys/kern/kern_ktrace.c.orig
++++ sys/kern/kern_ktrace.c
+@@ -591,7 +591,7 @@
+ PROC_LOCK_ASSERT(p, MA_OWNED);
+
+ kiop = p->p_ktrioparms;
+- if (kiop == NULL || priv_check_cred(kiop->cr, PRIV_DEBUG_DIFFCRED))
++ if (kiop == NULL || priv_check_cred(kiop->cr, PRIV_DEBUG_DIFFCRED) == 0)
+ return (NULL);
+
+ mtx_lock(&ktrace_mtx);
diff --git a/website/static/security/patches/SA-24:06/ktrace.patch.asc b/website/static/security/patches/SA-24:06/ktrace.patch.asc
new file mode 100644
index 0000000000..984d94b9a2
--- /dev/null
+++ b/website/static/security/patches/SA-24:06/ktrace.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmazha4ACgkQbljekB8A
+Gu+krw//d3W53N2DL2t+5cpHOZ9pGhH+i3eyP82vY/cV4svbugbJvJGBK1er7XEj
+fOX9YpGaS8coVs3re9pHQlZ9DTx/xKo7uMWLtL/ur3VAD+jJPij6hox8K+cYCrzl
+U32lYW3iA03Zsu7L2xPvvX9qTb5A4TuB1AbP1ev5ZYKHF1NCi/MQvoanW2l9KkUd
+ou0oek96k8CLN7OhvjCCsWoiyg5mkosy5IdLN7mfnHOGxLLFkvo/Y9ZJwWB1cYtc
+pSoWur2hTapIOMZjLHPJag1nk6fKH2TkSK0TpMiHDP33Sa5fhjvDk2zs0vgEUQvg
+Dx34riIwugxj72lz7VrUZ0dSFyAHbHjHNQGRVrsYYUJ+frbOVFDBrDETBBB24sBz
+IfmTToDaVV4ggm8Z/ZvmD14u8K5cukNyD0TAC2Ded+zSm9wgx0wHZ+OXGStOQN1W
+Cu6aN+gUEKoSdipNpoN8oGmvUaDYmpIthhQPcpf2+FNq9wK4KZe/m2uMv77hHQ19
+4KJOB5JLZMI5JEplnelhi9F7Swdte0AesVoVF42Rm2DPCBmhudHN0YSv7dGqvcVl
+Q2fo1p8Ic9YvElUaZJmoK3lBxzeJmXCKz7RGtplWZbLzItBNtTtvmCj/euVtXBPT
+A+DctvgxpoqTtt2TjVqy5twWI0u2W5RrcxWQsKwnQQTrIHRPkH8=
+=+SYD
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/SA-24:07/nfsclient-13.patch b/website/static/security/patches/SA-24:07/nfsclient-13.patch
new file mode 100644
index 0000000000..cb97748445
--- /dev/null
+++ b/website/static/security/patches/SA-24:07/nfsclient-13.patch
@@ -0,0 +1,201 @@
+--- sys/fs/nfsclient/nfs_clrpcops.c.orig
++++ sys/fs/nfsclient/nfs_clrpcops.c
+@@ -140,6 +140,7 @@
+ nfsquad_t, int, struct nfsclowner *, struct nfscldeleg **, struct ucred *,
+ NFSPROC_T *, struct nfsvattr *, struct nfsvattr *, struct nfsfh **, int *,
+ int *, void *, int *);
++static bool nfscl_invalidfname(bool, char *, int);
+ static int nfsrpc_locku(struct nfsrv_descript *, struct nfsmount *,
+ struct nfscllockowner *, u_int64_t, u_int64_t,
+ u_int32_t, struct ucred *, NFSPROC_T *, int);
+@@ -2997,6 +2998,31 @@
+ return (error);
+ }
+
++/*
++ * Check to make sure the file name in a Readdir reply is valid.
++ */
++static bool
++nfscl_invalidfname(bool is_v4, char *name, int len)
++{
++ int i;
++ char *cp;
++
++ if (is_v4 && ((len == 1 && name[0] == '.') ||
++ (len == 2 && name[0] == '.' && name[1] == '.'))) {
++ printf("Readdir NFSv4 reply has dot or dotdot in it\n");
++ return (true);
++ }
++ cp = name;
++ for (i = 0; i < len; i++, cp++) {
++ if (*cp == '/' || *cp == '\0') {
++ printf("Readdir reply file name had imbedded / or nul"
++ " byte\n");
++ return (true);
++ }
++ }
++ return (false);
++}
++
+ /*
+ * Readdir rpc.
+ * Always returns with either uio_resid unchanged, if you are at the
+@@ -3049,6 +3075,8 @@
+ KASSERT(uiop->uio_iovcnt == 1 &&
+ (uiop->uio_resid & (DIRBLKSIZ - 1)) == 0,
+ ("nfs readdirrpc bad uio"));
++ KASSERT(uiop->uio_segflg == UIO_SYSSPACE,
++ ("nfsrpc_readdir: uio userspace"));
+ ncookie.lval[0] = ncookie.lval[1] = 0;
+ /*
+ * There is no point in reading a lot more than uio_resid, however
+@@ -3307,6 +3335,17 @@
+ uiop->uio_resid)
+ bigenough = 0;
+ if (bigenough) {
++ struct iovec saviov;
++ off_t savoff;
++ ssize_t savresid;
++ int savblksiz;
++
++ saviov.iov_base = uiop->uio_iov->iov_base;
++ saviov.iov_len = uiop->uio_iov->iov_len;
++ savoff = uiop->uio_offset;
++ savresid = uiop->uio_resid;
++ savblksiz = blksiz;
++
+ dp = (struct dirent *)uiop->uio_iov->iov_base;
+ dp->d_pad0 = dp->d_pad1 = 0;
+ dp->d_off = 0;
+@@ -3322,20 +3361,35 @@
+ uiop->uio_iov->iov_base =
+ (char *)uiop->uio_iov->iov_base + DIRHDSIZ;
+ uiop->uio_iov->iov_len -= DIRHDSIZ;
++ cp = uiop->uio_iov->iov_base;
+ error = nfsm_mbufuio(nd, uiop, len);
+ if (error)
+ goto nfsmout;
+- cp = uiop->uio_iov->iov_base;
+- tlen -= len;
+- NFSBZERO(cp, tlen);
+- cp += tlen; /* points to cookie storage */
+- tl2 = (u_int32_t *)cp;
+- uiop->uio_iov->iov_base =
+- (char *)uiop->uio_iov->iov_base + tlen +
+- NFSX_HYPER;
+- uiop->uio_iov->iov_len -= tlen + NFSX_HYPER;
+- uiop->uio_resid -= tlen + NFSX_HYPER;
+- uiop->uio_offset += (tlen + NFSX_HYPER);
++ /* Check for an invalid file name. */
++ if (nfscl_invalidfname(
++ (nd->nd_flag & ND_NFSV4) != 0, cp, len)) {
++ /* Skip over this entry. */
++ uiop->uio_iov->iov_base =
++ saviov.iov_base;
++ uiop->uio_iov->iov_len =
++ saviov.iov_len;
++ uiop->uio_offset = savoff;
++ uiop->uio_resid = savresid;
++ blksiz = savblksiz;
++ } else {
++ cp = uiop->uio_iov->iov_base;
++ tlen -= len;
++ NFSBZERO(cp, tlen);
++ cp += tlen; /* points to cookie store */
++ tl2 = (u_int32_t *)cp;
++ uiop->uio_iov->iov_base =
++ (char *)uiop->uio_iov->iov_base +
++ tlen + NFSX_HYPER;
++ uiop->uio_iov->iov_len -= tlen +
++ NFSX_HYPER;
++ uiop->uio_resid -= tlen + NFSX_HYPER;
++ uiop->uio_offset += (tlen + NFSX_HYPER);
++ }
+ } else {
+ error = nfsm_advance(nd, NFSM_RNDUP(len), -1);
+ if (error)
+@@ -3503,6 +3557,8 @@
+ KASSERT(uiop->uio_iovcnt == 1 &&
+ (uiop->uio_resid & (DIRBLKSIZ - 1)) == 0,
+ ("nfs readdirplusrpc bad uio"));
++ KASSERT(uiop->uio_segflg == UIO_SYSSPACE,
++ ("nfsrpc_readdirplus: uio userspace"));
+ ncookie.lval[0] = ncookie.lval[1] = 0;
+ timespecclear(&dctime);
+ *attrflagp = 0;
+@@ -3738,6 +3794,17 @@
+ uiop->uio_resid)
+ bigenough = 0;
+ if (bigenough) {
++ struct iovec saviov;
++ off_t savoff;
++ ssize_t savresid;
++ int savblksiz;
++
++ saviov.iov_base = uiop->uio_iov->iov_base;
++ saviov.iov_len = uiop->uio_iov->iov_len;
++ savoff = uiop->uio_offset;
++ savresid = uiop->uio_resid;
++ savblksiz = blksiz;
++
+ dp = (struct dirent *)uiop->uio_iov->iov_base;
+ dp->d_pad0 = dp->d_pad1 = 0;
+ dp->d_off = 0;
+@@ -3756,25 +3823,41 @@
+ cnp->cn_nameptr = uiop->uio_iov->iov_base;
+ cnp->cn_namelen = len;
+ NFSCNHASHZERO(cnp);
++ cp = uiop->uio_iov->iov_base;
+ error = nfsm_mbufuio(nd, uiop, len);
+ if (error)
+ goto nfsmout;
+- cp = uiop->uio_iov->iov_base;
+- tlen -= len;
+- NFSBZERO(cp, tlen);
+- cp += tlen; /* points to cookie storage */
+- tl2 = (u_int32_t *)cp;
+- if (len == 2 && cnp->cn_nameptr[0] == '.' &&
+- cnp->cn_nameptr[1] == '.')
+- isdotdot = 1;
+- else
+- isdotdot = 0;
+- uiop->uio_iov->iov_base =
+- (char *)uiop->uio_iov->iov_base + tlen +
+- NFSX_HYPER;
+- uiop->uio_iov->iov_len -= tlen + NFSX_HYPER;
+- uiop->uio_resid -= tlen + NFSX_HYPER;
+- uiop->uio_offset += (tlen + NFSX_HYPER);
++ /* Check for an invalid file name. */
++ if (nfscl_invalidfname(
++ (nd->nd_flag & ND_NFSV4) != 0, cp, len)) {
++ /* Skip over this entry. */
++ uiop->uio_iov->iov_base =
++ saviov.iov_base;
++ uiop->uio_iov->iov_len =
++ saviov.iov_len;
++ uiop->uio_offset = savoff;
++ uiop->uio_resid = savresid;
++ blksiz = savblksiz;
++ } else {
++ cp = uiop->uio_iov->iov_base;
++ tlen -= len;
++ NFSBZERO(cp, tlen);
++ cp += tlen; /* points to cookie store */
++ tl2 = (u_int32_t *)cp;
++ if (len == 2 &&
++ cnp->cn_nameptr[0] == '.' &&
++ cnp->cn_nameptr[1] == '.')
++ isdotdot = 1;
++ else
++ isdotdot = 0;
++ uiop->uio_iov->iov_base =
++ (char *)uiop->uio_iov->iov_base +
++ tlen + NFSX_HYPER;
++ uiop->uio_iov->iov_len -= tlen +
++ NFSX_HYPER;
++ uiop->uio_resid -= tlen + NFSX_HYPER;
++ uiop->uio_offset += (tlen + NFSX_HYPER);
++ }
+ } else {
+ error = nfsm_advance(nd, NFSM_RNDUP(len), -1);
+ if (error)
diff --git a/website/static/security/patches/SA-24:07/nfsclient-13.patch.asc b/website/static/security/patches/SA-24:07/nfsclient-13.patch.asc
new file mode 100644
index 0000000000..950c7d4b00
--- /dev/null
+++ b/website/static/security/patches/SA-24:07/nfsclient-13.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmazhbAACgkQbljekB8A
+Gu/6tRAA6EuRvHU5eLFHwpYUCWACMju4kPvYQBHglYP08G3i+IKLFjGm2W3E8E9W
+urDI4oCyB5nrQmZzs30q3ZQOlSgRFEWkpNbAZRbW8ZWzV/kYKys5t5kGY7X6uo/4
+p32gToaUxcblovYdQR3mrMeZhDjq+XT1wHMvBm1gOMdVKWMhNafUF/puIapMKI9u
+y/0QL4IGT5il9LXg2SkksEBa8FU30f5+RFif8LEQcVagjy2dKInsnrUbwGtQyJBN
+wvUwOsIcj7xdu/vXgxLg4V4TLinwm9sP1luxEZu+d4G6STbWxGyp8RjFPxXFdYsx
+6qlOKr2wLpkfjToV3F0tMBlwjU+tkMi3mDVdM2ATip06WIzqroxVh6z8sI7qALhu
+2rIgCApJRctuS9bkDgm4Z/YYoJRtiL005QIs0Gn8YcCQYNcPauL5rcXdEndOHDgJ
+/ooMzKov7mT8RA0i1wsSZKWw4VFVODBXZjL0B/HTd8WtRAPM0KbxnW09YWNER5Nt
+VZEte+Sb6B8tbdGp0I549OnIdrWm2MCKnr9V2Ejs5Ols7rILnHoM9tekECqultVR
+mKMNsKhdRaE+MxPuELGwivpGZesC54BfcGFGKl0YqZGUn8O4HzeyA6aulJ3p47WS
+31YI6t4J5baXOqnQ3kChqaB6AhYTJe4GS06nSDlvVIffjXjz3lQ=
+=KW0g
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/SA-24:07/nfsclient-14.patch b/website/static/security/patches/SA-24:07/nfsclient-14.patch
new file mode 100644
index 0000000000..708015471e
--- /dev/null
+++ b/website/static/security/patches/SA-24:07/nfsclient-14.patch
@@ -0,0 +1,201 @@
+--- sys/fs/nfsclient/nfs_clrpcops.c.orig
++++ sys/fs/nfsclient/nfs_clrpcops.c
+@@ -142,6 +142,7 @@
+ nfsquad_t, int, struct nfsclowner *, struct nfscldeleg **, struct ucred *,
+ NFSPROC_T *, struct nfsvattr *, struct nfsvattr *, struct nfsfh **, int *,
+ int *, int *);
++static bool nfscl_invalidfname(bool, char *, int);
+ static int nfsrpc_locku(struct nfsrv_descript *, struct nfsmount *,
+ struct nfscllockowner *, u_int64_t, u_int64_t,
+ u_int32_t, struct ucred *, NFSPROC_T *, int);
+@@ -3279,6 +3280,31 @@
+ return (error);
+ }
+
++/*
++ * Check to make sure the file name in a Readdir reply is valid.
++ */
++static bool
++nfscl_invalidfname(bool is_v4, char *name, int len)
++{
++ int i;
++ char *cp;
++
++ if (is_v4 && ((len == 1 && name[0] == '.') ||
++ (len == 2 && name[0] == '.' && name[1] == '.'))) {
++ printf("Readdir NFSv4 reply has dot or dotdot in it\n");
++ return (true);
++ }
++ cp = name;
++ for (i = 0; i < len; i++, cp++) {
++ if (*cp == '/' || *cp == '\0') {
++ printf("Readdir reply file name had imbedded / or nul"
++ " byte\n");
++ return (true);
++ }
++ }
++ return (false);
++}
++
+ /*
+ * Readdir rpc.
+ * Always returns with either uio_resid unchanged, if you are at the
+@@ -3331,6 +3357,8 @@
+ KASSERT(uiop->uio_iovcnt == 1 &&
+ (uiop->uio_resid & (DIRBLKSIZ - 1)) == 0,
+ ("nfs readdirrpc bad uio"));
++ KASSERT(uiop->uio_segflg == UIO_SYSSPACE,
++ ("nfsrpc_readdir: uio userspace"));
+ ncookie.lval[0] = ncookie.lval[1] = 0;
+ /*
+ * There is no point in reading a lot more than uio_resid, however
+@@ -3588,6 +3616,17 @@
+ uiop->uio_resid)
+ bigenough = 0;
+ if (bigenough) {
++ struct iovec saviov;
++ off_t savoff;
++ ssize_t savresid;
++ int savblksiz;
++
++ saviov.iov_base = uiop->uio_iov->iov_base;
++ saviov.iov_len = uiop->uio_iov->iov_len;
++ savoff = uiop->uio_offset;
++ savresid = uiop->uio_resid;
++ savblksiz = blksiz;
++
+ dp = (struct dirent *)uiop->uio_iov->iov_base;
+ dp->d_pad0 = dp->d_pad1 = 0;
+ dp->d_off = 0;
+@@ -3603,20 +3642,35 @@
+ uiop->uio_iov->iov_base =
+ (char *)uiop->uio_iov->iov_base + DIRHDSIZ;
+ uiop->uio_iov->iov_len -= DIRHDSIZ;
++ cp = uiop->uio_iov->iov_base;
+ error = nfsm_mbufuio(nd, uiop, len);
+ if (error)
+ goto nfsmout;
+- cp = uiop->uio_iov->iov_base;
+- tlen -= len;
+- NFSBZERO(cp, tlen);
+- cp += tlen; /* points to cookie storage */
+- tl2 = (u_int32_t *)cp;
+- uiop->uio_iov->iov_base =
+- (char *)uiop->uio_iov->iov_base + tlen +
+- NFSX_HYPER;
+- uiop->uio_iov->iov_len -= tlen + NFSX_HYPER;
+- uiop->uio_resid -= tlen + NFSX_HYPER;
+- uiop->uio_offset += (tlen + NFSX_HYPER);
++ /* Check for an invalid file name. */
++ if (nfscl_invalidfname(
++ (nd->nd_flag & ND_NFSV4) != 0, cp, len)) {
++ /* Skip over this entry. */
++ uiop->uio_iov->iov_base =
++ saviov.iov_base;
++ uiop->uio_iov->iov_len =
++ saviov.iov_len;
++ uiop->uio_offset = savoff;
++ uiop->uio_resid = savresid;
++ blksiz = savblksiz;
++ } else {
++ cp = uiop->uio_iov->iov_base;
++ tlen -= len;
++ NFSBZERO(cp, tlen);
++ cp += tlen; /* points to cookie store */
++ tl2 = (u_int32_t *)cp;
++ uiop->uio_iov->iov_base =
++ (char *)uiop->uio_iov->iov_base +
++ tlen + NFSX_HYPER;
++ uiop->uio_iov->iov_len -= tlen +
++ NFSX_HYPER;
++ uiop->uio_resid -= tlen + NFSX_HYPER;
++ uiop->uio_offset += (tlen + NFSX_HYPER);
++ }
+ } else {
+ error = nfsm_advance(nd, NFSM_RNDUP(len), -1);
+ if (error)
+@@ -3782,6 +3836,8 @@
+ KASSERT(uiop->uio_iovcnt == 1 &&
+ (uiop->uio_resid & (DIRBLKSIZ - 1)) == 0,
+ ("nfs readdirplusrpc bad uio"));
++ KASSERT(uiop->uio_segflg == UIO_SYSSPACE,
++ ("nfsrpc_readdirplus: uio userspace"));
+ ncookie.lval[0] = ncookie.lval[1] = 0;
+ timespecclear(&dctime);
+ *attrflagp = 0;
+@@ -4017,6 +4073,17 @@
+ uiop->uio_resid)
+ bigenough = 0;
+ if (bigenough) {
++ struct iovec saviov;
++ off_t savoff;
++ ssize_t savresid;
++ int savblksiz;
++
++ saviov.iov_base = uiop->uio_iov->iov_base;
++ saviov.iov_len = uiop->uio_iov->iov_len;
++ savoff = uiop->uio_offset;
++ savresid = uiop->uio_resid;
++ savblksiz = blksiz;
++
+ dp = (struct dirent *)uiop->uio_iov->iov_base;
+ dp->d_pad0 = dp->d_pad1 = 0;
+ dp->d_off = 0;
+@@ -4035,25 +4102,41 @@
+ cnp->cn_nameptr = uiop->uio_iov->iov_base;
+ cnp->cn_namelen = len;
+ NFSCNHASHZERO(cnp);
++ cp = uiop->uio_iov->iov_base;
+ error = nfsm_mbufuio(nd, uiop, len);
+ if (error)
+ goto nfsmout;
+- cp = uiop->uio_iov->iov_base;
+- tlen -= len;
+- NFSBZERO(cp, tlen);
+- cp += tlen; /* points to cookie storage */
+- tl2 = (u_int32_t *)cp;
+- if (len == 2 && cnp->cn_nameptr[0] == '.' &&
+- cnp->cn_nameptr[1] == '.')
+- isdotdot = 1;
+- else
+- isdotdot = 0;
+- uiop->uio_iov->iov_base =
+- (char *)uiop->uio_iov->iov_base + tlen +
+- NFSX_HYPER;
+- uiop->uio_iov->iov_len -= tlen + NFSX_HYPER;
+- uiop->uio_resid -= tlen + NFSX_HYPER;
+- uiop->uio_offset += (tlen + NFSX_HYPER);
++ /* Check for an invalid file name. */
++ if (nfscl_invalidfname(
++ (nd->nd_flag & ND_NFSV4) != 0, cp, len)) {
++ /* Skip over this entry. */
++ uiop->uio_iov->iov_base =
++ saviov.iov_base;
++ uiop->uio_iov->iov_len =
++ saviov.iov_len;
++ uiop->uio_offset = savoff;
++ uiop->uio_resid = savresid;
++ blksiz = savblksiz;
++ } else {
++ cp = uiop->uio_iov->iov_base;
++ tlen -= len;
++ NFSBZERO(cp, tlen);
++ cp += tlen; /* points to cookie store */
++ tl2 = (u_int32_t *)cp;
++ if (len == 2 &&
++ cnp->cn_nameptr[0] == '.' &&
++ cnp->cn_nameptr[1] == '.')
++ isdotdot = 1;
++ else
++ isdotdot = 0;
++ uiop->uio_iov->iov_base =
++ (char *)uiop->uio_iov->iov_base +
++ tlen + NFSX_HYPER;
++ uiop->uio_iov->iov_len -= tlen +
++ NFSX_HYPER;
++ uiop->uio_resid -= tlen + NFSX_HYPER;
++ uiop->uio_offset += (tlen + NFSX_HYPER);
++ }
+ } else {
+ error = nfsm_advance(nd, NFSM_RNDUP(len), -1);
+ if (error)
diff --git a/website/static/security/patches/SA-24:07/nfsclient-14.patch.asc b/website/static/security/patches/SA-24:07/nfsclient-14.patch.asc
new file mode 100644
index 0000000000..d8d93285bf
--- /dev/null
+++ b/website/static/security/patches/SA-24:07/nfsclient-14.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmazhbEACgkQbljekB8A
+Gu8mpw/+LN0oS7Ciza7QaUYXomEfj7pnNGhMiuIdDfJwK+chO5A4tkj8ioy1BXSt
+kRFfhiYLBV6mRnvWoYpfGCPVZ4aolKmvceKvqUY90OPL67eH596Ky+pg1JJe8moh
+VgJvPAU/kMwu0iTzKALr4ncgrRcxbAevGTYmPwJhgRBakIyB0Q6dDOSfMLJZRRLj
+btgClj3KJg6svu7LjZsFVcHfRbm/TChbyQedCCAyuF5SwPdFZDjzFp4kfbO6HCaU
+RWmsQ4yVMtqK++7jNTLX8zBrYId/3HgUmGcyN0SHpBxia2NOM/R7ppaIcAN8tA7c
+QRoKaKBG7LG2P8JHjLxYBgZo8csZtd4AObYYE5lh5UraZeimcol7qncwDRZ61WsI
+IkDTwAYidIG8unrmHuFfNdNfR0JkX2fnQjOPih+pdM5JaMzk8YA+GUOwZbKZOxn7
+T2B85QqYO0+CEGku4+uVW25TzDlnjduPYNi/FeYl0DNCgvNw09zUBQP1uiEcow7R
+83OOuct52Z6ue3VtATJUC4qeM91I9Op/bcjNZoYfhYcZpe4KAbX+/cAq+zv5LgVf
+YX+bDFTvogEefW0jZykvZoB4IGPqv8/ekBlWehjShvMTiTQbicFYTR14I7L09I2R
+C3Bl24PQXHg3ay3gjKe8NMzx6OHx9TK7GzOBr+ONEpwzb+JQ5Qw=
+=ryLz
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/SA-24:08/openssh.patch b/website/static/security/patches/SA-24:08/openssh.patch
new file mode 100644
index 0000000000..a7f879eb95
--- /dev/null
+++ b/website/static/security/patches/SA-24:08/openssh.patch
@@ -0,0 +1,19 @@
+--- crypto/openssh/sshd.c.orig
++++ crypto/openssh/sshd.c
+@@ -377,8 +377,6 @@
+ kill(0, SIGTERM);
+ }
+
+- BLACKLIST_NOTIFY(the_active_state, BLACKLIST_AUTH_FAIL, "ssh");
+-
+ /* Log error and exit. */
+ sigdie("Timeout before authentication for %s port %d",
+ ssh_remote_ipaddr(the_active_state),
+--- crypto/openssh/version.h.orig
++++ crypto/openssh/version.h
+@@ -5,4 +5,4 @@
+ #define SSH_PORTABLE "p1"
+ #define SSH_RELEASE SSH_VERSION SSH_PORTABLE
+
+-#define SSH_VERSION_FREEBSD "FreeBSD-20240701"
++#define SSH_VERSION_FREEBSD "FreeBSD-20240806"
diff --git a/website/static/security/patches/SA-24:08/openssh.patch.asc b/website/static/security/patches/SA-24:08/openssh.patch.asc
new file mode 100644
index 0000000000..6343c340b8
--- /dev/null
+++ b/website/static/security/patches/SA-24:08/openssh.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmazhbMACgkQbljekB8A
+Gu9JXA//Rr0lVH03IbYvKxSZMLjgEt3PEuoWPfES3Wil1cssOy27lSy50bvvJ2jo
+YLDmHgGWtv8lVFmZfWb7fiPX535xmmxPAo5/RG3pc8hk9AYKdL8bo70axJsRYuvN
+sZeFbWGMPfc1S6wmIg+uP0yF+2N8k/K4/vOzmfGvZSNVnVrJX94QEVHiFkQyGzP6
+wIoQ6VDHvNDqOSNA5fvm0jN+UrQCKoz05HQ2AJRl/Wqg9Mo03CM1OwCbcXEo96D+
+0izRZYnEMgHvBpj9zmTpiwqbUglIJaYonF8tnc1wYHc1dIBATYBXkechB3WXErHY
+MRCUSGXVQGbDqQTZykJfTUmFLycwbpzPCVtzA8IFFG8LBKmyQg7wMaKUmj4IZA56
+HSYj31mG1468KFXRQjZVzPeSIv898Kf9dU9FFhCuHmzJfzGywfx/kCJZmla7sYj9
+keI6un60TzFKSbMYuiGoa7CFuU+JBEYhB9UQytZXhQKOH8TbX28u35HWy3ewIogP
+AFQR9+1VaUz4NQ4baODXXPvZDbHPbp8g7jm+zfzClLT0hy1X0Md/USqBzIdaGayW
+u+jKX02CM/j3ADMP/QAmuZGXmLIWjN6gM6aoAlFBzrUFmBH08ykjuR2eUlpRLPIl
+Fpr2zM2X6luzhuQCPLBCZN05v/HnZmKFLLhO4F2dd6qCeYvpvkk=
+=XLuK
+-----END PGP SIGNATURE-----