diff --git a/website/data/security/advisories.toml b/website/data/security/advisories.toml
index fc502d85e6..b88121ea3b 100644
--- a/website/data/security/advisories.toml
+++ b/website/data/security/advisories.toml
@@ -1,2751 +1,2759 @@
# Sort advisories by year, month and day
# $FreeBSD$
+[[advisories]]
+name = "FreeBSD-SA-24:16.libnv"
+date = "2024-09-19"
+
+[[advisories]]
+name = "FreeBSD-SA-24:15.bhyve"
+date = "2024-09-19"
+
[[advisories]]
name = "FreeBSD-SA-24:14.umtx"
date = "2024-09-04"
[[advisories]]
name = "FreeBSD-SA-24:13.openssl"
date = "2024-09-04"
[[advisories]]
name = "FreeBSD-SA-24:12.bhyve"
date = "2024-09-04"
[[advisories]]
name = "FreeBSD-SA-24:11.ctl"
date = "2024-09-04"
[[advisories]]
name = "FreeBSD-SA-24:10.bhyve"
date = "2024-09-04"
[[advisories]]
name = "FreeBSD-SA-24:09.libnv"
date = "2024-09-04"
[[advisories]]
name = "FreeBSD-SA-24:08.openssh"
date = "2024-08-07"
[[advisories]]
name = "FreeBSD-SA-24:07.nfsclient"
date = "2024-08-07"
[[advisories]]
name = "FreeBSD-SA-24:06.ktrace"
date = "2024-08-07"
[[advisories]]
name = "FreeBSD-SA-24:05.pf"
date = "2024-08-07"
[[advisories]]
name = "FreeBSD-SA-24:04.openssh"
date = "2024-07-01"
[[advisories]]
name = "FreeBSD-SA-24:03.unbound"
date = "2024-03-28"
[[advisories]]
name = "FreeBSD-SA-24:02.tty"
date = "2024-02-14"
[[advisories]]
name = "FreeBSD-SA-24:01.bhyveload"
date = "2024-02-14"
[[advisories]]
name = "FreeBSD-SA-23:19.openssh"
date = "2023-12-19"
[[advisories]]
name = "FreeBSD-SA-23:18.nfsclient"
date = "2023-12-12"
[[advisories]]
name = "FreeBSD-SA-23:17.pf"
date = "2023-12-05"
[[advisories]]
name = "FreeBSD-SA-23:16.cap_net"
date = "2023-11-08"
[[advisories]]
name = "FreeBSD-SA-23:15.stdio"
date = "2023-11-08"
[[advisories]]
name = "FreeBSD-SA-23:14.smccc"
date = "2023-10-03"
[[advisories]]
name = "FreeBSD-SA-23:13.capsicum"
date = "2023-10-03"
[[advisories]]
name = "FreeBSD-SA-23:12.msdosfs"
date = "2023-10-03"
[[advisories]]
name = "FreeBSD-SA-23:11.wifi"
date = "2023-09-06"
[[advisories]]
name = "FreeBSD-SA-23:10.pf"
date = "2023-09-06"
[[advisories]]
name = "FreeBSD-SA-23:09.pam_krb5"
date = "2023-08-01"
[[advisories]]
name = "FreeBSD-SA-23:08.ssh"
date = "2023-08-01"
[[advisories]]
name = "FreeBSD-SA-23:07.bhyve"
date = "2023-08-01"
[[advisories]]
name = "FreeBSD-SA-23:06.ipv6"
date = "2023-08-01"
[[advisories]]
name = "FreeBSD-SA-23:05.openssh"
date = "2023-06-21"
[[advisories]]
name = "FreeBSD-SA-23:04.pam_krb5"
date = "2023-06-21"
[[advisories]]
name = "FreeBSD-SA-23:03.openssl"
date = "2023-02-16"
[[advisories]]
name = "FreeBSD-SA-23:02.openssh"
date = "2023-02-16"
[[advisories]]
name = "FreeBSD-SA-23:01.geli"
date = "2023-02-08"
[[advisories]]
name = "FreeBSD-SA-22:15.ping"
date = "2022-11-29"
[[advisories]]
name = "FreeBSD-SA-22:14.heimdal"
date = "2022-11-15"
[[advisories]]
name = "FreeBSD-SA-22:13.zlib"
date = "2022-08-30"
[[advisories]]
name = "FreeBSD-SA-22:12.lib9p"
date = "2022-08-09"
[[advisories]]
name = "FreeBSD-SA-22:11.vm"
date = "2022-08-09"
[[advisories]]
name = "FreeBSD-SA-22:10.aio"
date = "2022-08-09"
[[advisories]]
name = "FreeBSD-SA-22:09.elf"
date = "2022-08-09"
[[advisories]]
name = "FreeBSD-SA-22:08.zlib"
date = "2022-04-06"
[[advisories]]
name = "FreeBSD-SA-22:07.wifi_meshid"
date = "2022-04-06"
[[advisories]]
name = "FreeBSD-SA-22:06.ioctl"
date = "2022-04-06"
[[advisories]]
name = "FreeBSD-SA-22:05.bhyve"
date = "2022-04-06"
[[advisories]]
name = "FreeBSD-SA-22:04.netmap"
date = "2022-04-06"
[[advisories]]
name = "FreeBSD-SA-22:03.openssl"
date = "2022-03-15"
[[advisories]]
name = "FreeBSD-SA-22:02.wifi"
date = "2022-03-15"
[[advisories]]
name = "FreeBSD-SA-22:01.vt"
date = "2022-01-11"
[[advisories]]
name = "FreeBSD-SA-21:17.openssl"
date = "2021-08-24"
[[advisories]]
name = "FreeBSD-SA-21:16.openssl"
date = "2021-08-24"
[[advisories]]
name = "FreeBSD-SA-21:15.libfetch"
date = "2021-08-24"
[[advisories]]
name = "FreeBSD-SA-21:14.ggatec"
date = "2021-08-24"
[[advisories]]
name = "FreeBSD-SA-21:13.bhyve"
date = "2021-08-24"
[[advisories]]
name = "FreeBSD-SA-21:12.libradius"
date = "2021-05-26"
[[advisories]]
name = "FreeBSD-SA-21:11.smap"
date = "2021-05-26"
[[advisories]]
name = "FreeBSD-SA-21:10.jail_mount"
date = "2021-04-06"
[[advisories]]
name = "FreeBSD-SA-21:09.accept_filter"
date = "2021-04-06"
[[advisories]]
name = "FreeBSD-SA-21:08.vm"
date = "2021-04-06"
[[advisories]]
name = "FreeBSD-SA-21:07.openssl"
date = "2021-03-25"
[[advisories]]
name = "FreeBSD-SA-21:06.xen"
date = "2021-02-24"
[[advisories]]
name = "FreeBSD-SA-21:05.jail_chdir"
date = "2021-02-24"
[[advisories]]
name = "FreeBSD-SA-21:04.jail_remove"
date = "2021-02-24"
[[advisories]]
name = "FreeBSD-SA-21:03.pam_login_access"
date = "2021-02-24"
[[advisories]]
name = "FreeBSD-SA-21:02.xenoom"
date = "2021-01-29"
[[advisories]]
name = "FreeBSD-SA-21:01.fsdisclosure"
date = "2021-01-29"
[[advisories]]
name = "FreeBSD-SA-20:33.openssl"
date = "2020-12-08"
[[advisories]]
name = "FreeBSD-SA-20:32.rtsold"
date = "2020-12-01"
[[advisories]]
name = "FreeBSD-SA-20:31.icmp6"
date = "2020-12-01"
[[advisories]]
name = "FreeBSD-SA-20:30.ftpd"
date = "2020-09-15"
[[advisories]]
name = "FreeBSD-SA-20:29.bhyve_svm"
date = "2020-09-15"
[[advisories]]
name = "FreeBSD-SA-20:28.bhyve_vmcs"
date = "2020-09-15"
[[advisories]]
name = "FreeBSD-SA-20:27.ure"
date = "2020-09-15"
[[advisories]]
name = "FreeBSD-SA-20:26.dhclient"
date = "2020-09-02"
[[advisories]]
name = "FreeBSD-SA-20:25.sctp"
date = "2020-09-02"
[[advisories]]
name = "FreeBSD-SA-20:24.ipv6"
date = "2020-09-02"
[[advisories]]
name = "FreeBSD-SA-20:23.sendmsg"
date = "2020-08-05"
[[advisories]]
name = "FreeBSD-SA-20:22.sqlite"
date = "2020-08-05"
[[advisories]]
name = "FreeBSD-SA-20:21.usb_net"
date = "2020-08-05"
[[advisories]]
name = "FreeBSD-SA-20:20.ipv6"
date = "2020-07-08"
[[advisories]]
name = "FreeBSD-SA-20:19.unbound"
date = "2020-07-08"
[[advisories]]
name = "FreeBSD-SA-20:18.posix_spawnp"
date = "2020-07-08"
[[advisories]]
name = "FreeBSD-SA-20:17.usb"
date = "2020-06-09"
[[advisories]]
name = "FreeBSD-SA-20:16.cryptodev"
date = "2020-05-12"
[[advisories]]
name = "FreeBSD-SA-20:15.cryptodev"
date = "2020-05-12"
[[advisories]]
name = "FreeBSD-SA-20:14.sctp"
date = "2020-05-12"
[[advisories]]
name = "FreeBSD-SA-20:13.libalias"
date = "2020-05-12"
[[advisories]]
name = "FreeBSD-SA-20:12.libalias"
date = "2020-05-12"
[[advisories]]
name = "FreeBSD-SA-20:11.openssl"
date = "2020-04-21"
[[advisories]]
name = "FreeBSD-SA-20:10.ipfw"
date = "2020-04-21"
[[advisories]]
name = "FreeBSD-SA-20:09.ntp"
date = "2020-03-19"
[[advisories]]
name = "FreeBSD-SA-20:08.jail"
date = "2020-03-19"
[[advisories]]
name = "FreeBSD-SA-20:07.epair"
date = "2020-03-19"
[[advisories]]
name = "FreeBSD-SA-20:06.if_ixl_ioctl"
date = "2020-03-19"
[[advisories]]
name = "FreeBSD-SA-20:05.if_oce_ioctl"
date = "2020-03-19"
[[advisories]]
name = "FreeBSD-SA-20:04.tcp"
date = "2020-03-19"
[[advisories]]
name = "FreeBSD-SA-20:03.thrmisc"
date = "2020-01-28"
[[advisories]]
name = "FreeBSD-SA-20:02.ipsec"
date = "2020-01-28"
[[advisories]]
name = "FreeBSD-SA-20:01.libfetch"
date = "2020-01-28"
[[advisories]]
name = "FreeBSD-SA-19:26.mcu"
date = "2019-11-12"
[[advisories]]
name = "FreeBSD-SA-19:25.mcepsc"
date = "2019-11-12"
[[advisories]]
name = "FreeBSD-SA-19:24.mqueuefs"
date = "2019-08-20"
[[advisories]]
name = "FreeBSD-SA-19:23.midi"
date = "2019-08-20"
[[advisories]]
name = "FreeBSD-SA-19:22.mbuf"
date = "2019-08-20"
[[advisories]]
name = "FreeBSD-SA-19:21.bhyve"
date = "2019-08-06"
[[advisories]]
name = "FreeBSD-SA-19:20.bsnmp"
date = "2019-08-06"
[[advisories]]
name = "FreeBSD-SA-19:19.mldv2"
date = "2019-08-06"
[[advisories]]
name = "FreeBSD-SA-19:18.bzip2"
date = "2019-08-06"
[[advisories]]
name = "FreeBSD-SA-19:17.fd"
date = "2019-07-24"
[[advisories]]
name = "FreeBSD-SA-19:16.bhyve"
date = "2019-07-24"
[[advisories]]
name = "FreeBSD-SA-19:15.mqueuefs"
date = "2019-07-24"
[[advisories]]
name = "FreeBSD-SA-19:14.freebsd32"
date = "2019-07-24"
[[advisories]]
name = "FreeBSD-SA-19:13.pts"
date = "2019-07-24"
[[advisories]]
name = "FreeBSD-SA-19:12.telnet"
date = "2019-07-24"
[[advisories]]
name = "FreeBSD-SA-19:11.cd_ioctl"
date = "2019-07-02"
[[advisories]]
name = "FreeBSD-SA-19:10.ufs"
date = "2019-07-02"
[[advisories]]
name = "FreeBSD-SA-19:09.iconv"
date = "2019-07-02"
[[advisories]]
name = "FreeBSD-SA-19:08.rack"
date = "2019-06-19"
[[advisories]]
name = "FreeBSD-SA-19:07.mds"
date = "2019-05-14"
[[advisories]]
name = "FreeBSD-SA-19:06.pf"
date = "2019-05-14"
[[advisories]]
name = "FreeBSD-SA-19:05.pf"
date = "2019-05-14"
[[advisories]]
name = "FreeBSD-SA-19:04.ntp"
date = "2019-05-14"
[[advisories]]
name = "FreeBSD-SA-19:03.wpa"
date = "2019-05-14"
[[advisories]]
name = "FreeBSD-SA-19:02.fd"
date = "2019-02-05"
[[advisories]]
name = "FreeBSD-SA-19:01.syscall"
date = "2019-02-05"
[[advisories]]
name = "FreeBSD-SA-18:15.bootpd"
date = "2018-12-19"
[[advisories]]
name = "FreeBSD-SA-18:14.bhyve"
date = "2018-12-04"
[[advisories]]
name = "FreeBSD-SA-18:13.nfs"
date = "2018-11-27"
[[advisories]]
name = "FreeBSD-SA-18:12.elf"
date = "2018-09-12"
[[advisories]]
name = "FreeBSD-SA-18:11.hostapd"
date = "2018-08-14"
[[advisories]]
name = "FreeBSD-SA-18:10.ip"
date = "2018-08-14"
[[advisories]]
name = "FreeBSD-SA-18:09.l1tf"
date = "2018-08-14"
[[advisories]]
name = "FreeBSD-SA-18:08.tcp"
date = "2018-08-06"
[[advisories]]
name = "FreeBSD-SA-18:07.lazyfpu"
date = "2018-06-21"
[[advisories]]
name = "FreeBSD-SA-18:06.debugreg"
date = "2018-05-08"
[[advisories]]
name = "FreeBSD-SA-18:05.ipsec"
date = "2018-04-04"
[[advisories]]
name = "FreeBSD-SA-18:04.vt"
date = "2018-04-04"
[[advisories]]
name = "FreeBSD-SA-18:03.speculative_execution"
date = "2018-03-14"
[[advisories]]
name = "FreeBSD-SA-18:02.ntp"
date = "2018-03-07"
[[advisories]]
name = "FreeBSD-SA-18:01.ipsec"
date = "2018-03-07"
[[advisories]]
name = "FreeBSD-SA-17:12.openssl"
date = "2017-12-09"
[[advisories]]
name = "FreeBSD-SA-17:11.openssl"
date = "2017-11-29"
[[advisories]]
name = "FreeBSD-SA-17:10.kldstat"
date = "2017-11-15"
[[advisories]]
name = "FreeBSD-SA-17:09.shm"
date = "2017-11-15"
[[advisories]]
name = "FreeBSD-SA-17:08.ptrace"
date = "2017-11-15"
[[advisories]]
name = "FreeBSD-SA-17:07.wpa"
date = "2017-10-17"
[[advisories]]
name = "FreeBSD-SA-17:06.openssh"
date = "2017-08-10"
[[advisories]]
name = "FreeBSD-SA-17:05.heimdal"
date = "2017-07-12"
[[advisories]]
name = "FreeBSD-SA-17:04.ipfilter"
date = "2017-04-27"
[[advisories]]
name = "FreeBSD-SA-17:03.ntp"
date = "2017-04-12"
[[advisories]]
name = "FreeBSD-SA-17:02.openssl"
date = "2017-02-23"
[[advisories]]
name = "FreeBSD-SA-17:01.openssh"
date = "2017-01-11"
[[advisories]]
name = "FreeBSD-SA-16:39.ntp"
date = "2016-12-22"
[[advisories]]
name = "FreeBSD-SA-16:38.bhyve"
date = "2016-12-06"
[[advisories]]
name = "FreeBSD-SA-16:37.libc"
date = "2016-12-06"
[[advisories]]
name = "FreeBSD-SA-16:36.telnetd"
date = "2016-12-06"
[[advisories]]
name = "FreeBSD-SA-16:35.openssl"
date = "2016-11-02"
[[advisories]]
name = "FreeBSD-SA-16:34.bind"
date = "2016-11-02"
[[advisories]]
name = "FreeBSD-SA-16:33.openssh"
date = "2016-11-02"
[[advisories]]
name = "FreeBSD-SA-16:32.bhyve"
date = "2016-10-25"
[[advisories]]
name = "FreeBSD-SA-16:31.libarchive"
date = "2016-10-10"
[[advisories]]
name = "FreeBSD-SA-16:30.portsnap"
date = "2016-10-10"
[[advisories]]
name = "FreeBSD-SA-16:29.bspatch"
date = "2016-10-10"
[[advisories]]
name = "FreeBSD-SA-16:28.bind"
date = "2016-10-10"
[[advisories]]
name = "FreeBSD-SA-16:27.openssl"
date = "2016-10-10"
[[advisories]]
name = "FreeBSD-SA-16:26.openssl"
date = "2016-09-23"
[[advisories]]
name = "FreeBSD-SA-16:25.bspatch"
date = "2016-07-25"
[[advisories]]
name = "FreeBSD-SA-16:24.ntp"
date = "2016-06-04"
[[advisories]]
name = "FreeBSD-SA-16:23.libarchive"
date = "2016-05-31"
[[advisories]]
name = "FreeBSD-SA-16:22.libarchive"
date = "2016-05-31"
[[advisories]]
name = "FreeBSD-SA-16:21.43bsd"
date = "2016-05-31"
[[advisories]]
name = "FreeBSD-SA-16:20.linux"
date = "2016-05-31"
[[advisories]]
name = "FreeBSD-SA-16:19.sendmsg"
date = "2016-05-17"
[[advisories]]
name = "FreeBSD-SA-16:18.atkbd"
date = "2016-05-17"
[[advisories]]
name = "FreeBSD-SA-16:17.openssl"
date = "2016-05-04"
[[advisories]]
name = "FreeBSD-SA-16:16.ntp"
date = "2016-04-29"
[[advisories]]
name = "FreeBSD-SA-16:15.sysarch"
date = "2016-03-16"
[[advisories]]
name = "FreeBSD-SA-16:14.openssh"
date = "2016-03-16"
[[advisories]]
name = "FreeBSD-SA-16:13.bind"
date = "2016-03-10"
[[advisories]]
name = "FreeBSD-SA-16:12.openssl"
date = "2016-03-10"
[[advisories]]
name = "FreeBSD-SA-16:11.openssl"
date = "2016-01-30"
[[advisories]]
name = "FreeBSD-SA-16:10.linux"
date = "2016-01-27"
[[advisories]]
name = "FreeBSD-SA-16:09.ntp"
date = "2016-01-27"
[[advisories]]
name = "FreeBSD-SA-16:08.bind"
date = "2016-01-27"
[[advisories]]
name = "FreeBSD-SA-16:07.openssh"
date = "2016-01-14"
[[advisories]]
name = "FreeBSD-SA-16:06.bsnmpd"
date = "2016-01-14"
[[advisories]]
name = "FreeBSD-SA-16:05.tcp"
date = "2016-01-14"
[[advisories]]
name = "FreeBSD-SA-16:04.linux"
date = "2016-01-14"
[[advisories]]
name = "FreeBSD-SA-16:03.linux"
date = "2016-01-14"
[[advisories]]
name = "FreeBSD-SA-16:02.ntp"
date = "2016-01-14"
[[advisories]]
name = "FreeBSD-SA-16:01.sctp"
date = "2016-01-14"
[[advisories]]
name = "FreeBSD-SA-15:27.bind"
date = "2015-12-16"
[[advisories]]
name = "FreeBSD-SA-15:26.openssl"
date = "2015-12-06"
[[advisories]]
name = "FreeBSD-SA-15:25.ntp"
date = "2015-10-26"
[[advisories]]
name = "FreeBSD-SA-15:24.rpcbind"
date = "2015-09-29"
[[advisories]]
name = "FreeBSD-SA-15:23.bind"
date = "2015-09-02"
[[advisories]]
name = "FreeBSD-SA-15:22.openssh"
date = "2015-08-25"
[[advisories]]
name = "FreeBSD-SA-15:21.amd64"
date = "2015-08-25"
[[advisories]]
name = "FreeBSD-SA-15:20.expat"
date = "2015-08-18"
[[advisories]]
name = "FreeBSD-SA-15:19.routed"
date = "2015-08-05"
[[advisories]]
name = "FreeBSD-SA-15:18.bsdpatch"
date = "2015-08-05"
[[advisories]]
name = "FreeBSD-SA-15:17.bind"
date = "2015-07-28"
[[advisories]]
name = "FreeBSD-SA-15:16.openssh"
date = "2015-07-28"
[[advisories]]
name = "FreeBSD-SA-15:15.tcp"
date = "2015-07-28"
[[advisories]]
name = "FreeBSD-SA-15:14.bsdpatch"
date = "2015-07-28"
[[advisories]]
name = "FreeBSD-SA-15:13.tcp"
date = "2015-07-21"
[[advisories]]
name = "FreeBSD-SA-15:12.openssl"
date = "2015-07-09"
[[advisories]]
name = "FreeBSD-SA-15:11.bind"
date = "2015-07-07"
[[advisories]]
name = "FreeBSD-SA-15:10.openssl"
date = "2015-06-12"
[[advisories]]
name = "FreeBSD-SA-15:09.ipv6"
date = "2015-04-07"
[[advisories]]
name = "FreeBSD-SA-15:08.bsdinstall"
date = "2015-04-07"
[[advisories]]
name = "FreeBSD-SA-15:07.ntp"
date = "2015-04-07"
[[advisories]]
name = "FreeBSD-SA-15:06.openssl"
date = "2015-03-19"
[[advisories]]
name = "FreeBSD-SA-15:05.bind"
date = "2015-02-25"
[[advisories]]
name = "FreeBSD-SA-15:04.igmp"
date = "2015-02-25"
[[advisories]]
name = "FreeBSD-SA-15:03.sctp"
date = "2015-01-27"
[[advisories]]
name = "FreeBSD-SA-15:02.kmem"
date = "2015-01-27"
[[advisories]]
name = "FreeBSD-SA-15:01.openssl"
date = "2015-01-14"
[[advisories]]
name = "FreeBSD-SA-14:31.ntp"
date = "2014-12-23"
[[advisories]]
name = "FreeBSD-SA-14:30.unbound"
date = "2014-12-17"
[[advisories]]
name = "FreeBSD-SA-14:29.bind"
date = "2014-12-10"
[[advisories]]
name = "FreeBSD-SA-14:28.file"
date = "2014-12-10"
[[advisories]]
name = "FreeBSD-SA-14:27.stdio"
date = "2014-12-10"
[[advisories]]
name = "FreeBSD-SA-14:26.ftp"
date = "2014-11-04"
[[advisories]]
name = "FreeBSD-SA-14:25.setlogin"
date = "2014-11-04"
[[advisories]]
name = "FreeBSD-SA-14:24.sshd"
date = "2014-11-04"
[[advisories]]
name = "FreeBSD-SA-14:23.openssl"
date = "2014-10-21"
[[advisories]]
name = "FreeBSD-SA-14:22.namei"
date = "2014-10-21"
[[advisories]]
name = "FreeBSD-SA-14:21.routed"
date = "2014-10-21"
[[advisories]]
name = "FreeBSD-SA-14:20.rtsold"
date = "2014-10-21"
[[advisories]]
name = "FreeBSD-SA-14:19.tcp"
date = "2014-09-16"
[[advisories]]
name = "FreeBSD-SA-14:18.openssl"
date = "2014-09-09"
[[advisories]]
name = "FreeBSD-SA-14:17.kmem"
date = "2014-07-08"
[[advisories]]
name = "FreeBSD-SA-14:16.file"
date = "2014-06-24"
[[advisories]]
name = "FreeBSD-SA-14:15.iconv"
date = "2014-06-24"
[[advisories]]
name = "FreeBSD-SA-14:14.openssl"
date = "2014-06-05"
[[advisories]]
name = "FreeBSD-SA-14:13.pam"
date = "2014-06-03"
[[advisories]]
name = "FreeBSD-SA-14:12.ktrace"
date = "2014-06-03"
[[advisories]]
name = "FreeBSD-SA-14:11.sendmail"
date = "2014-06-03"
[[advisories]]
name = "FreeBSD-SA-14:10.openssl"
date = "2014-05-13"
[[advisories]]
name = "FreeBSD-SA-14:09.openssl"
date = "2014-04-30"
[[advisories]]
name = "FreeBSD-SA-14:08.tcp"
date = "2014-04-30"
[[advisories]]
name = "FreeBSD-SA-14:07.devfs"
date = "2014-04-30"
[[advisories]]
name = "FreeBSD-SA-14:06.openssl"
date = "2014-04-08"
[[advisories]]
name = "FreeBSD-SA-14:05.nfsserver"
date = "2014-04-08"
[[advisories]]
name = "FreeBSD-SA-14:04.bind"
date = "2014-01-14"
[[advisories]]
name = "FreeBSD-SA-14:03.openssl"
date = "2014-01-14"
[[advisories]]
name = "FreeBSD-SA-14:02.ntpd"
date = "2014-01-14"
[[advisories]]
name = "FreeBSD-SA-14:01.bsnmpd"
date = "2014-01-14"
[[advisories]]
name = "FreeBSD-SA-13:14.openssh"
date = "2013-11-19"
[[advisories]]
name = "FreeBSD-SA-13:13.nullfs"
date = "2013-09-10"
[[advisories]]
name = "FreeBSD-SA-13:12.ifioctl"
date = "2013-09-10"
[[advisories]]
name = "FreeBSD-SA-13:11.sendfile"
date = "2013-09-10"
[[advisories]]
name = "FreeBSD-SA-13:10.sctp"
date = "2013-08-22"
[[advisories]]
name = "FreeBSD-SA-13:09.ip_multicast"
date = "2013-08-22"
[[advisories]]
name = "FreeBSD-SA-13:08.nfsserver"
date = "2013-07-26"
[[advisories]]
name = "FreeBSD-SA-13:07.bind"
date = "2013-07-26"
[[advisories]]
name = "FreeBSD-SA-13:06.mmap"
date = "2013-06-18"
[[advisories]]
name = "FreeBSD-SA-13:05.nfsserver"
date = "2013-04-29"
[[advisories]]
name = "FreeBSD-SA-13:04.bind"
date = "2013-04-02"
[[advisories]]
name = "FreeBSD-SA-13:03.openssl"
date = "2013-04-02"
[[advisories]]
name = "FreeBSD-SA-13:02.libc"
date = "2013-02-19"
[[advisories]]
name = "FreeBSD-SA-13:01.bind"
date = "2013-02-19"
[[advisories]]
name = "FreeBSD-SA-12:08.linux"
date = "2012-11-22"
[[advisories]]
name = "FreeBSD-SA-12:07.hostapd"
date = "2012-11-22"
[[advisories]]
name = "FreeBSD-SA-12:06.bind"
date = "2012-11-22"
[[advisories]]
name = "FreeBSD-SA-12:05.bind"
date = "2012-08-06"
[[advisories]]
name = "FreeBSD-SA-12:04.sysret"
date = "2012-06-12"
[[advisories]]
name = "FreeBSD-SA-12:03.bind"
date = "2012-06-12"
[[advisories]]
name = "FreeBSD-SA-12:02.crypt"
date = "2012-05-30"
[[advisories]]
name = "FreeBSD-SA-12:01.openssl"
date = "2012-05-30"
[[advisories]]
name = "FreeBSD-SA-11:10.pam"
date = "2011-12-23"
[[advisories]]
name = "FreeBSD-SA-11:09.pam_ssh"
date = "2011-12-23"
[[advisories]]
name = "FreeBSD-SA-11:08.telnetd"
date = "2011-12-23"
[[advisories]]
name = "FreeBSD-SA-11:07.chroot"
date = "2011-12-23"
[[advisories]]
name = "FreeBSD-SA-11:06.bind"
date = "2011-12-23"
[[advisories]]
name = "FreeBSD-SA-11:05.unix"
date = "2011-09-28"
[[advisories]]
name = "FreeBSD-SA-11:04.compress"
date = "2011-09-28"
[[advisories]]
name = "FreeBSD-SA-11:03.bind"
date = "2011-09-28"
[[advisories]]
name = "FreeBSD-SA-11:02.bind"
date = "2011-05-28"
[[advisories]]
name = "FreeBSD-SA-11:01.mountd"
date = "2011-04-20"
[[advisories]]
name = "FreeBSD-SA-10:10.openssl"
date = "2010-11-29"
[[advisories]]
name = "FreeBSD-SA-10:09.pseudofs"
date = "2010-11-10"
[[advisories]]
name = "FreeBSD-SA-10:08.bzip2"
date = "2010-09-20"
[[advisories]]
name = "FreeBSD-SA-10:07.mbuf"
date = "2010-07-13"
[[advisories]]
name = "FreeBSD-SA-10:06.nfsclient"
date = "2010-05-27"
[[advisories]]
name = "FreeBSD-SA-10:05.opie"
date = "2010-05-27"
[[advisories]]
name = "FreeBSD-SA-10:04.jail"
date = "2010-05-27"
[[advisories]]
name = "FreeBSD-SA-10:03.zfs"
date = "2010-01-06"
[[advisories]]
name = "FreeBSD-SA-10:02.ntpd"
date = "2010-01-06"
[[advisories]]
name = "FreeBSD-SA-10:01.bind"
date = "2010-01-06"
[[advisories]]
name = "FreeBSD-SA-09:17.freebsd-update"
date = "2009-12-03"
[[advisories]]
name = "FreeBSD-SA-09:16.rtld"
date = "2009-12-03"
[[advisories]]
name = "FreeBSD-SA-09:15.ssl"
date = "2009-12-03"
[[advisories]]
name = "FreeBSD-SA-09:14.devfs"
date = "2009-10-02"
[[advisories]]
name = "FreeBSD-SA-09:13.pipe"
date = "2009-10-02"
[[advisories]]
name = "FreeBSD-SA-09:12.bind"
date = "2009-07-29"
[[advisories]]
name = "FreeBSD-SA-09:11.ntpd"
date = "2009-06-10"
[[advisories]]
name = "FreeBSD-SA-09:10.ipv6"
date = "2009-06-10"
[[advisories]]
name = "FreeBSD-SA-09:09.pipe"
date = "2009-06-10"
[[advisories]]
name = "FreeBSD-SA-09:08.openssl"
date = "2009-04-22"
[[advisories]]
name = "FreeBSD-SA-09:07.libc"
date = "2009-04-22"
[[advisories]]
name = "FreeBSD-SA-09:06.ktimer"
date = "2009-03-23"
[[advisories]]
name = "FreeBSD-SA-09:05.telnetd"
date = "2009-02-16"
[[advisories]]
name = "FreeBSD-SA-09:04.bind"
date = "2009-01-13"
[[advisories]]
name = "FreeBSD-SA-09:03.ntpd"
date = "2009-01-13"
[[advisories]]
name = "FreeBSD-SA-09:02.openssl"
date = "2009-01-07"
[[advisories]]
name = "FreeBSD-SA-09:01.lukemftpd"
date = "2009-01-07"
[[advisories]]
name = "FreeBSD-SA-08:13.protosw"
date = "2008-12-23"
[[advisories]]
name = "FreeBSD-SA-08:12.ftpd"
date = "2008-12-23"
[[advisories]]
name = "FreeBSD-SA-08:11.arc4random"
date = "2008-11-24"
[[advisories]]
name = "FreeBSD-SA-08:10.nd6"
date = "2008-10-02"
[[advisories]]
name = "FreeBSD-SA-08:09.icmp6"
date = "2008-09-03"
[[advisories]]
name = "FreeBSD-SA-08:08.nmount"
date = "2008-09-03"
[[advisories]]
name = "FreeBSD-SA-08:07.amd64"
date = "2008-09-03"
[[advisories]]
name = "FreeBSD-SA-08:06.bind"
date = "2008-07-13"
[[advisories]]
name = "FreeBSD-SA-08:05.openssh"
date = "2008-04-17"
[[advisories]]
name = "FreeBSD-SA-08:04.ipsec"
date = "2008-02-14"
[[advisories]]
name = "FreeBSD-SA-08:03.sendfile"
date = "2008-02-14"
[[advisories]]
name = "FreeBSD-SA-08:02.libc"
date = "2008-01-14"
[[advisories]]
name = "FreeBSD-SA-08:01.pty"
date = "2008-01-14"
[[advisories]]
name = "FreeBSD-SA-07:10.gtar"
date = "2007-11-29"
[[advisories]]
name = "FreeBSD-SA-07:09.random"
date = "2007-11-29"
[[advisories]]
name = "FreeBSD-SA-07:08.openssl"
date = "2007-10-03"
[[advisories]]
name = "FreeBSD-SA-07:07.bind"
date = "2007-08-01"
[[advisories]]
name = "FreeBSD-SA-07:06.tcpdump"
date = "2007-08-01"
[[advisories]]
name = "FreeBSD-SA-07:05.libarchive"
date = "2007-07-12"
[[advisories]]
name = "FreeBSD-SA-07:04.file"
date = "2007-05-23"
[[advisories]]
name = "FreeBSD-SA-07:03.ipv6"
date = "2007-04-26"
[[advisories]]
name = "FreeBSD-SA-07:02.bind"
date = "2007-02-09"
[[advisories]]
name = "FreeBSD-SA-07:01.jail"
date = "2007-01-11"
[[advisories]]
name = "FreeBSD-SA-06:26.gtar"
date = "2006-12-06"
[[advisories]]
name = "FreeBSD-SA-06:25.kmem"
date = "2006-12-06"
[[advisories]]
name = "FreeBSD-SA-06:24.libarchive"
date = "2006-11-08"
[[advisories]]
name = "FreeBSD-SA-06:22.openssh"
date = "2006-09-30"
[[advisories]]
name = "FreeBSD-SA-06:23.openssl"
date = "2006-09-28"
[[advisories]]
name = "FreeBSD-SA-06:21.gzip"
date = "2006-09-19"
[[advisories]]
name = "FreeBSD-SA-06:20.bind"
date = "2006-09-06"
[[advisories]]
name = "FreeBSD-SA-06:19.openssl"
date = "2006-09-06"
[[advisories]]
name = "FreeBSD-SA-06:18.ppp"
date = "2006-08-23"
[[advisories]]
name = "FreeBSD-SA-06:17.sendmail"
date = "2006-06-14"
[[advisories]]
name = "FreeBSD-SA-06:16.smbfs"
date = "2006-05-31"
[[advisories]]
name = "FreeBSD-SA-06:15.ypserv"
date = "2006-05-31"
[[advisories]]
name = "FreeBSD-SA-06:14.fpu"
date = "2006-04-19"
[[advisories]]
name = "FreeBSD-SA-06:13.sendmail"
date = "2006-03-22"
[[advisories]]
name = "FreeBSD-SA-06:12.opie"
date = "2006-03-22"
[[advisories]]
name = "FreeBSD-SA-06:11.ipsec"
date = "2006-03-22"
[[advisories]]
name = "FreeBSD-SA-06:10.nfs"
date = "2006-03-01"
[[advisories]]
name = "FreeBSD-SA-06:09.openssh"
date = "2006-03-01"
[[advisories]]
name = "FreeBSD-SA-06:08.sack"
date = "2006-02-01"
[[advisories]]
name = "FreeBSD-SA-06:07.pf"
date = "2006-01-25"
[[advisories]]
name = "FreeBSD-SA-06:06.kmem"
date = "2006-01-25"
[[advisories]]
name = "FreeBSD-SA-06:05.80211"
date = "2006-01-18"
[[advisories]]
name = "FreeBSD-SA-06:04.ipfw"
date = "2006-01-11"
[[advisories]]
name = "FreeBSD-SA-06:03.cpio"
date = "2006-01-11"
[[advisories]]
name = "FreeBSD-SA-06:02.ee"
date = "2006-01-11"
[[advisories]]
name = "FreeBSD-SA-06:01.texindex"
date = "2006-01-11"
[[advisories]]
name = "FreeBSD-SA-05:21.openssl"
date = "2005-10-11"
[[advisories]]
name = "FreeBSD-SA-05:20.cvsbug"
date = "2005-09-07"
[[advisories]]
name = "FreeBSD-SA-05:19.ipsec"
date = "2005-07-27"
[[advisories]]
name = "FreeBSD-SA-05:18.zlib"
date = "2005-07-27"
[[advisories]]
name = "FreeBSD-SA-05:17.devfs"
date = "2005-07-20"
[[advisories]]
name = "FreeBSD-SA-05:16.zlib"
date = "2005-07-06"
[[advisories]]
name = "FreeBSD-SA-05:15.tcp"
date = "2005-06-29"
[[advisories]]
name = "FreeBSD-SA-05:14.bzip2"
date = "2005-06-29"
[[advisories]]
name = "FreeBSD-SA-05:13.ipfw"
date = "2005-06-29"
[[advisories]]
name = "FreeBSD-SA-05:12.bind9"
date = "2005-06-09"
[[advisories]]
name = "FreeBSD-SA-05:11.gzip"
date = "2005-06-09"
[[advisories]]
name = "FreeBSD-SA-05:10.tcpdump"
date = "2005-06-09"
[[advisories]]
name = "FreeBSD-SA-05:09.htt"
date = "2005-05-13"
[[advisories]]
name = "FreeBSD-SA-05:08.kmem"
date = "2005-05-06"
[[advisories]]
name = "FreeBSD-SA-05:07.ldt"
date = "2005-05-06"
[[advisories]]
name = "FreeBSD-SA-05:06.iir"
date = "2005-05-06"
[[advisories]]
name = "FreeBSD-SA-05:05.cvs"
date = "2005-04-22"
[[advisories]]
name = "FreeBSD-SA-05:04.ifconf"
date = "2005-04-15"
[[advisories]]
name = "FreeBSD-SA-05:03.amd64"
date = "2005-04-06"
[[advisories]]
name = "FreeBSD-SA-05:02.sendfile"
date = "2005-04-04"
[[advisories]]
name = "FreeBSD-SA-05:01.telnet"
date = "2005-03-28"
[[advisories]]
name = "FreeBSD-SA-04:17.procfs"
date = "2004-12-01"
[[advisories]]
name = "FreeBSD-SA-04:16.fetch"
date = "2004-11-18"
[[advisories]]
name = "FreeBSD-SA-04:15.syscons"
date = "2004-10-04"
[[advisories]]
name = "FreeBSD-SA-04:14.cvs"
date = "2004-09-19"
[[advisories]]
name = "FreeBSD-SA-04:13.linux"
date = "2004-06-30"
[[advisories]]
name = "FreeBSD-SA-04:12.jailroute"
date = "2004-06-07"
[[advisories]]
name = "FreeBSD-SA-04:11.msync"
date = "2004-05-19"
[[advisories]]
name = "FreeBSD-SA-04:10.cvs"
date = "2004-05-19"
[[advisories]]
name = "FreeBSD-SA-04:09.kadmind"
date = "2004-05-05"
[[advisories]]
name = "FreeBSD-SA-04:08.heimdal"
date = "2004-05-05"
[[advisories]]
name = "FreeBSD-SA-04:07.cvs"
date = "2004-04-15"
[[advisories]]
name = "FreeBSD-SA-04:06.ipv6"
date = "2004-03-29"
[[advisories]]
name = "FreeBSD-SA-04:05.openssl"
date = "2004-03-17"
[[advisories]]
name = "FreeBSD-SA-04:04.tcp"
date = "2004-03-02"
[[advisories]]
name = "FreeBSD-SA-04:03.jail"
date = "2004-02-25"
[[advisories]]
name = "FreeBSD-SA-04:02.shmat"
date = "2004-02-05"
[[advisories]]
name = "FreeBSD-SA-04:01.mksnap_ffs"
date = "2004-01-30"
[[advisories]]
name = "FreeBSD-SA-03:19.bind"
date = "2003-11-28"
[[advisories]]
name = "FreeBSD-SA-03:15.openssh"
date = "2003-10-05"
[[advisories]]
name = "FreeBSD-SA-03:18.openssl"
date = "2003-10-03"
[[advisories]]
name = "FreeBSD-SA-03:17.procfs"
date = "2003-10-03"
[[advisories]]
name = "FreeBSD-SA-03:16.filedesc"
date = "2003-10-02"
[[advisories]]
name = "FreeBSD-SA-03:14.arp"
date = "2003-09-23"
[[advisories]]
name = "FreeBSD-SA-03:13.sendmail"
date = "2003-09-17"
[[advisories]]
name = "FreeBSD-SA-03:12.openssh"
date = "2003-09-16"
[[advisories]]
name = "FreeBSD-SA-03:11.sendmail"
date = "2003-08-26"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1170"
[[advisories]]
name = "FreeBSD-SA-03:10.ibcs2"
date = "2003-08-10"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1164"
[[advisories]]
name = "FreeBSD-SA-03:09.signal"
date = "2003-08-10"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1163"
[[advisories]]
name = "FreeBSD-SA-03:08.realpath"
date = "2003-08-03"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1158"
[[advisories]]
name = "FreeBSD-SN-03:02"
date = "2003-04-08"
[[advisories]]
name = "FreeBSD-SN-03:01"
date = "2003-04-07"
[[advisories]]
name = "FreeBSD-SA-03:07.sendmail"
date = "2003-03-30"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1122"
[[advisories]]
name = "FreeBSD-SA-03:06.openssl"
date = "2003-03-21"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1118"
[[advisories]]
name = "FreeBSD-SA-03:05.xdr"
date = "2003-03-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1117"
[[advisories]]
name = "FreeBSD-SA-03:04.sendmail"
date = "2003-03-03"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1112"
[[advisories]]
name = "FreeBSD-SA-03:03.syncookies"
date = "2003-02-24"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1106"
[[advisories]]
name = "FreeBSD-SA-03:02.openssl"
date = "2003-02-24"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1105"
[[advisories]]
name = "FreeBSD-SA-03:01.cvs"
date = "2003-02-04"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1100"
[[advisories]]
name = "FreeBSD-SA-02:44.filedesc"
date = "2003-01-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1090"
[[advisories]]
name = "FreeBSD-SA-02:43.bind"
date = "2002-11-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1084"
[[advisories]]
name = "FreeBSD-SA-02:41.smrsh"
date = "2002-11-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1082"
[[advisories]]
name = "FreeBSD-SA-02:42.resolv"
date = "2002-11-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1083"
[[advisories]]
name = "FreeBSD-SA-02:40.kadmind"
date = "2002-11-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1081"
[[advisories]]
name = "FreeBSD-SN-02:06"
date = "2002-10-10"
[[advisories]]
name = "FreeBSD-SA-02:39.libkvm"
date = "2002-09-16"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1051"
[[advisories]]
name = "FreeBSD-SN-02:05"
date = "2002-08-28"
[[advisories]]
name = "FreeBSD-SA-02:38.signed-error"
date = "2002-08-19"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1041"
[[advisories]]
name = "FreeBSD-SA-02:37.kqueue"
date = "2002-08-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1033"
[[advisories]]
name = "FreeBSD-SA-02:36.nfs"
date = "2002-08-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1032"
[[advisories]]
name = "FreeBSD-SA-02:35.ffs"
date = "2002-08-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1031"
[[advisories]]
name = "FreeBSD-SA-02:33.openssl"
date = "2002-08-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1023"
[[advisories]]
name = "FreeBSD-SA-02:34.rpc"
date = "2002-08-01"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1024"
[[advisories]]
name = "FreeBSD-SA-02:32.pppd"
date = "2002-07-31"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1022"
[[advisories]]
name = "FreeBSD-SA-02:31.openssh"
date = "2002-07-15"
[[advisories]]
name = "FreeBSD-SA-02:30.ktrace"
date = "2002-07-12"
[[advisories]]
name = "FreeBSD-SA-02:29.tcpdump"
date = "2002-07-12"
[[advisories]]
name = "FreeBSD-SA-02:28.resolv"
date = "2002-06-26"
[[advisories]]
name = "FreeBSD-SN-02:04"
date = "2002-06-19"
[[advisories]]
name = "FreeBSD-SA-02:27.rc"
date = "2002-05-29"
[[advisories]]
name = "FreeBSD-SA-02:26.accept"
date = "2002-05-29"
[[advisories]]
name = "FreeBSD-SN-02:03"
date = "2002-05-28"
[[advisories]]
name = "FreeBSD-SA-02:25.bzip2"
date = "2002-05-20"
[[advisories]]
name = "FreeBSD-SA-02:24.k5su"
date = "2002-05-20"
[[advisories]]
name = "FreeBSD-SN-02:02"
date = "2002-05-13"
[[advisories]]
name = "FreeBSD-SA-02:23.stdio"
date = "2002-04-22"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1021"
[[advisories]]
name = "FreeBSD-SA-02:22.mmap"
date = "2002-04-18"
[[advisories]]
name = "FreeBSD-SA-02:21.tcpip"
date = "2002-04-17"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/980"
[[advisories]]
name = "FreeBSD-SA-02:20.syncache"
date = "2002-04-16"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/979"
[[advisories]]
name = "FreeBSD-SN-02:01"
date = "2002-03-30"
[[advisories]]
name = "FreeBSD-SA-02:19.squid"
date = "2002-03-26"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/960"
[[advisories]]
name = "FreeBSD-SA-02:18.zlib"
date = "2002-03-18"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/978"
[[advisories]]
name = "FreeBSD-SA-02:17.mod_frontpage"
date = "2002-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/954"
[[advisories]]
name = "FreeBSD-SA-02:16.netscape"
date = "2002-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/953"
[[advisories]]
name = "FreeBSD-SA-02:15.cyrus-sasl"
date = "2002-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/952"
[[advisories]]
name = "FreeBSD-SA-02:14.pam-pgsql"
date = "2002-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/951"
[[advisories]]
name = "FreeBSD-SA-02:13.openssh"
date = "2002-03-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/945"
[[advisories]]
name = "FreeBSD-SA-02:12.squid"
date = "2002-02-21"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/938"
[[advisories]]
name = "FreeBSD-SA-02:11.snmp"
date = "2002-02-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/936"
[[advisories]]
name = "FreeBSD-SA-02:10.rsync"
date = "2002-02-06"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/928"
[[advisories]]
name = "FreeBSD-SA-02:09.fstatfs"
date = "2002-02-06"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/927"
[[advisories]]
name = "FreeBSD-SA-02:08.exec"
date = "2002-01-24"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/923"
[[advisories]]
name = "FreeBSD-SA-02:07.k5su"
date = "2002-01-18"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/912"
[[advisories]]
name = "FreeBSD-SA-02:06.sudo"
date = "2002-01-16"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/909"
[[advisories]]
name = "FreeBSD-SA-02:05.pine"
date = "2002-01-04"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/894"
[[advisories]]
name = "FreeBSD-SA-02:04.mutt"
date = "2002-01-04"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/893"
[[advisories]]
name = "FreeBSD-SA-02:03.mod_auth_pgsql"
date = "2002-01-04"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/892"
[[advisories]]
name = "FreeBSD-SA-02:02.pw"
date = "2002-01-04"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/891"
[[advisories]]
name = "FreeBSD-SA-02:01.pkg_add"
date = "2002-01-04"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/898"
[[advisories]]
name = "FreeBSD-SA-01:64.wu-ftpd"
date = "2001-12-04"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/870"
[[advisories]]
name = "FreeBSD-SA-01:63.openssh"
date = "2001-12-02"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/871"
[[advisories]]
name = "FreeBSD-SA-01:62.uucp"
date = "2001-10-08"
[[advisories]]
name = "FreeBSD-SA-01:61.squid"
date = "2001-10-08"
[[advisories]]
name = "FreeBSD-SA-01:60.procmail"
date = "2001-09-24"
[[advisories]]
name = "FreeBSD-SA-01:59.rmuser"
date = "2001-09-04"
[[advisories]]
name = "FreeBSD-SA-01:58.lpd"
date = "2001-08-30"
[[advisories]]
name = "FreeBSD-SA-01:57.sendmail"
date = "2001-08-27"
[[advisories]]
name = "FreeBSD-SA-01:56.tcp_wrappers"
date = "2001-08-23"
[[advisories]]
name = "FreeBSD-SA-01:55.procfs"
date = "2001-08-21"
[[advisories]]
name = "FreeBSD-SA-01:54.ports-telnetd"
date = "2001-08-20"
[[advisories]]
name = "FreeBSD-SA-01:53.ipfw"
date = "2001-08-17"
[[advisories]]
name = "FreeBSD-SA-01:52.fragment"
date = "2001-08-06"
[[advisories]]
name = "FreeBSD-SA-01:51.openssl"
date = "2001-07-30"
[[advisories]]
name = "FreeBSD-SA-01:50.windowmaker"
date = "2001-07-27"
[[advisories]]
name = "FreeBSD-SA-01:49.telnetd"
date = "2001-07-23"
[[advisories]]
name = "FreeBSD-SA-01:48.tcpdump"
date = "2001-07-17"
[[advisories]]
name = "FreeBSD-SA-01:47.xinetd"
date = "2001-07-10"
[[advisories]]
name = "FreeBSD-SA-01:46.w3m"
date = "2001-07-10"
[[advisories]]
name = "FreeBSD-SA-01:45.samba"
date = "2001-07-10"
[[advisories]]
name = "FreeBSD-SA-01:44.gnupg"
date = "2001-07-10"
[[advisories]]
name = "FreeBSD-SA-01:43.fetchmail"
date = "2001-07-10"
[[advisories]]
name = "FreeBSD-SA-01:42.signal"
date = "2001-07-10"
[[advisories]]
name = "FreeBSD-SA-01:41.hanterm"
date = "2001-07-09"
[[advisories]]
name = "FreeBSD-SA-01:40.fts"
date = "2001-06-04"
[[advisories]]
name = "FreeBSD-SA-01:39.tcp-isn"
date = "2001-05-02"
[[advisories]]
name = "FreeBSD-SA-01:38.sudo"
date = "2001-04-23"
[[advisories]]
name = "FreeBSD-SA-01:37.slrn"
date = "2001-04-23"
[[advisories]]
name = "FreeBSD-SA-01:36.samba"
date = "2001-04-23"
[[advisories]]
name = "FreeBSD-SA-01:35.licq"
date = "2001-04-23"
[[advisories]]
name = "FreeBSD-SA-01:34.hylafax"
date = "2001-04-23"
[[advisories]]
name = "FreeBSD-SA-01:33.ftpd-glob"
date = "2001-04-17"
[[advisories]]
name = "FreeBSD-SA-01:32.ipfilter"
date = "2001-04-16"
[[advisories]]
name = "FreeBSD-SA-01:31.ntpd"
date = "2001-04-06"
[[advisories]]
name = "FreeBSD-SA-01:30.ufs-ext2fs"
date = "2001-03-22"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/738"
[[advisories]]
name = "FreeBSD-SA-01:29.rwhod"
date = "2001-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/732"
[[advisories]]
name = "FreeBSD-SA-01:28.timed"
date = "2001-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/731"
[[advisories]]
name = "FreeBSD-SA-01:27.cfengine"
date = "2001-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/730"
[[advisories]]
name = "FreeBSD-SA-01:26.interbase"
date = "2001-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/729"
[[advisories]]
name = "FreeBSD-SA-01:23.icecast"
date = "2001-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/728"
[[advisories]]
name = "FreeBSD-SA-01:25.kerberosIV"
date = "2001-02-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/716"
[[advisories]]
name = "FreeBSD-SA-01:24.ssh"
date = "2001-02-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/715"
[[advisories]]
name = "FreeBSD-SA-01:22.dc20ctrl"
date = "2001-02-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/714"
[[advisories]]
name = "FreeBSD-SA-01:21.ja-elvis"
date = "2001-02-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/713"
[[advisories]]
name = "FreeBSD-SA-01:20.mars_nwe"
date = "2001-02-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/712"
[[advisories]]
name = "FreeBSD-SA-01:19.ja-klock"
date = "2001-02-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/707"
[[advisories]]
name = "FreeBSD-SA-01:18.bind"
date = "2001-01-31"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/706"
[[advisories]]
name = "FreeBSD-SA-01:17.exmh"
date = "2001-01-29"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/705"
[[advisories]]
name = "FreeBSD-SA-01:16.mysql"
date = "2001-01-29"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/704"
[[advisories]]
name = "FreeBSD-SA-01:15.tinyproxy"
date = "2001-01-29"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/703"
[[advisories]]
name = "FreeBSD-SA-01:14.micq"
date = "2001-01-29"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/702"
[[advisories]]
name = "FreeBSD-SA-01:13.sort"
date = "2001-01-29"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/701"
[[advisories]]
name = "FreeBSD-SA-01:12.periodic"
date = "2001-01-29"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/700"
[[advisories]]
name = "FreeBSD-SA-01:11.inetd"
date = "2001-01-29"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/699"
[[advisories]]
name = "FreeBSD-SA-01:10.bind"
date = "2001-01-23"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/698"
[[advisories]]
name = "FreeBSD-SA-01:09.crontab"
date = "2001-01-23"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/697"
[[advisories]]
name = "FreeBSD-SA-01:08.ipfw"
date = "2001-01-23"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/696"
[[advisories]]
name = "FreeBSD-SA-01:07.xfree86"
date = "2001-01-23"
[[advisories]]
name = "FreeBSD-SA-01:06.zope"
date = "2001-01-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/669"
[[advisories]]
name = "FreeBSD-SA-01:05.stunnel"
date = "2001-01-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/668"
[[advisories]]
name = "FreeBSD-SA-01:04.joe"
date = "2001-01-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/667"
[[advisories]]
name = "FreeBSD-SA-01:03.bash1"
date = "2001-01-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/666"
[[advisories]]
name = "FreeBSD-SA-01:02.syslog-ng"
date = "2001-01-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/665"
[[advisories]]
name = "FreeBSD-SA-01:01.openssh"
date = "2001-01-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/664"
[[advisories]]
name = "FreeBSD-SA-00:81.ethereal"
date = "2000-12-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/651"
[[advisories]]
name = "FreeBSD-SA-00:80.halflifeserver"
date = "2000-12-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/650"
[[advisories]]
name = "FreeBSD-SA-00:79.oops"
date = "2000-12-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/649"
[[advisories]]
name = "FreeBSD-SA-00:78.bitchx"
date = "2000-12-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/648"
[[advisories]]
name = "FreeBSD-SA-00:77.procfs"
date = "2000-12-18"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/647"
[[advisories]]
name = "FreeBSD-SA-00:76.tcsh-csh"
date = "2000-11-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/628"
[[advisories]]
name = "FreeBSD-SA-00:75.php"
date = "2000-11-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/627"
[[advisories]]
name = "FreeBSD-SA-00:74.gaim"
date = "2000-11-20"
[[advisories]]
name = "FreeBSD-SA-00:73.thttpd"
date = "2000-11-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/626"
[[advisories]]
name = "FreeBSD-SA-00:72.curl"
date = "2000-11-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/625"
[[advisories]]
name = "FreeBSD-SA-00:71.mgetty"
date = "2000-11-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/624"
[[advisories]]
name = "FreeBSD-SA-00:70.ppp-nat"
date = "2000-11-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/623"
[[advisories]]
name = "FreeBSD-SA-00:69.telnetd"
date = "2000-11-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/622"
[[advisories]]
name = "FreeBSD-SA-00:68.ncurses"
date = "2000-11-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/621"
[[advisories]]
name = "FreeBSD-SA-00:67.gnupg"
date = "2000-11-10"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/620"
[[advisories]]
name = "FreeBSD-SA-00:66.netscape"
date = "2000-11-06"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/619"
[[advisories]]
name = "FreeBSD-SA-00:65.xfce"
date = "2000-11-06"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/618"
[[advisories]]
name = "FreeBSD-SA-00:64.global"
date = "2000-11-06"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/617"
[[advisories]]
name = "FreeBSD-SA-00:63.getnameinfo"
date = "2000-11-01"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/589"
[[advisories]]
name = "FreeBSD-SA-00:62.top"
date = "2000-11-01"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/616"
[[advisories]]
name = "FreeBSD-SA-00:61.tcpdump"
date = "2000-10-31"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/615"
[[advisories]]
name = "FreeBSD-SA-00:60.boa"
date = "2000-10-30"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/586"
[[advisories]]
name = "FreeBSD-SA-00:59.pine"
date = "2000-10-30"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/585"
[[advisories]]
name = "FreeBSD-SA-00:58.chpass"
date = "2000-10-30"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/584"
[[advisories]]
name = "FreeBSD-SA-00:57.muh"
date = "2000-10-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/570"
[[advisories]]
name = "FreeBSD-SA-00:56.lprng"
date = "2000-10-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/569"
[[advisories]]
name = "FreeBSD-SA-00:55.xpdf"
date = "2000-10-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/568"
[[advisories]]
name = "FreeBSD-SA-00:54.fingerd"
date = "2000-10-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/567"
[[advisories]]
name = "FreeBSD-SA-00:52.tcp-iss"
date = "2000-10-06"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/561"
[[advisories]]
name = "FreeBSD-SA-00:53.catopen"
date = "2000-09-27"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/562"
[[advisories]]
name = "FreeBSD-SA-00:51.mailman"
date = "2000-09-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/550"
[[advisories]]
name = "FreeBSD-SA-00:50.listmanager"
date = "2000-09-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/549"
[[advisories]]
name = "FreeBSD-SA-00:49.eject"
date = "2000-09-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/548"
[[advisories]]
name = "FreeBSD-SA-00:48.xchat"
date = "2000-09-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/547"
[[advisories]]
name = "FreeBSD-SA-00:47.pine"
date = "2000-09-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/546"
[[advisories]]
name = "FreeBSD-SA-00:46.screen"
date = "2000-09-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/545"
[[advisories]]
name = "FreeBSD-SA-00:45.esound"
date = "2000-08-31"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/526"
[[advisories]]
name = "FreeBSD-SA-00:44.xlock"
date = "2000-08-28"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/523"
[[advisories]]
name = "FreeBSD-SA-00:43.brouted"
date = "2000-08-28"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/520"
[[advisories]]
name = "FreeBSD-SA-00:42.linux"
date = "2000-08-28"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/530"
[[advisories]]
name = "FreeBSD-SA-00:41.elf"
date = "2000-08-28"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/527"
[[advisories]]
name = "FreeBSD-SA-00:40.mopd"
date = "2000-08-28"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/521"
[[advisories]]
name = "FreeBSD-SA-00:39.netscape"
date = "2000-08-28"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/528"
[[advisories]]
name = "FreeBSD-SA-00:38.zope"
date = "2000-08-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/525"
[[advisories]]
name = "FreeBSD-SA-00:37.cvsweb"
date = "2000-08-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/524"
[[advisories]]
name = "FreeBSD-SA-00:36.ntop"
date = "2000-08-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/531"
[[advisories]]
name = "FreeBSD-SA-00:35.proftpd"
date = "2000-08-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/522"
[[advisories]]
name = "FreeBSD-SA-00:34.dhclient"
date = "2000-08-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/529"
[[advisories]]
name = "FreeBSD-SA-00:33.kerberosIV"
date = "2000-07-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/488"
[[advisories]]
name = "FreeBSD-SA-00:32.bitchx"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/487"
[[advisories]]
name = "FreeBSD-SA-00:31.canna"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/486"
[[advisories]]
name = "FreeBSD-SA-00:30.openssh"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/485"
[[advisories]]
name = "FreeBSD-SA-00:29.wu-ftpd"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/489"
[[advisories]]
name = "FreeBSD-SA-00:28.majordomo"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/484"
[[advisories]]
name = "FreeBSD-SA-00:27.XFree86-4"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/483"
[[advisories]]
name = "FreeBSD-SA-00:26.popper"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/482"
[[advisories]]
name = "FreeBSD-SA-00:24.libedit"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/481"
[[advisories]]
name = "FreeBSD-SA-00:23.ip-options"
date = "2000-06-19"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/480"
[[advisories]]
name = "FreeBSD-SA-00:25.alpha-random"
date = "2000-06-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/473"
[[advisories]]
name = "FreeBSD-SA-00:22.apsfilter"
date = "2000-06-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/461"
[[advisories]]
name = "FreeBSD-SA-00:21.ssh"
date = "2000-06-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/459"
[[advisories]]
name = "FreeBSD-SA-00:20.krb5"
date = "2000-05-26"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/452"
[[advisories]]
name = "FreeBSD-SA-00:19.semconfig"
date = "2000-05-23"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/451"
[[advisories]]
name = "FreeBSD-SA-00:18.gnapster.knapster"
date = "2000-05-09"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/429"
[[advisories]]
name = "FreeBSD-SA-00:17.libmytinfo"
date = "2000-05-09"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/442"
[[advisories]]
name = "FreeBSD-SA-00:16.golddig"
date = "2000-05-09"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/439"
[[advisories]]
name = "FreeBSD-SA-00:15.imap-uw"
date = "2000-04-24"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/438"
[[advisories]]
name = "FreeBSD-SA-00:14.imap-uw"
date = "2000-04-24"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/441"
[[advisories]]
name = "FreeBSD-SA-00:13.generic-nqs"
date = "2000-04-19"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/437"
[[advisories]]
name = "FreeBSD-SA-00:12.healthd"
date = "2000-04-10"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/436"
[[advisories]]
name = "FreeBSD-SA-00:11.ircii"
date = "2000-04-10"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/440"
[[advisories]]
name = "FreeBSD-SA-00:10.orville-write"
date = "2000-03-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/408"
[[advisories]]
name = "FreeBSD-SA-00:09.mtr"
date = "2000-03-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/408"
[[advisories]]
name = "FreeBSD-SA-00:08.lynx"
date = "2000-03-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/407"
[[advisories]]
name = "FreeBSD-SA-00:07.mh"
date = "2000-03-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/411"
[[advisories]]
name = "FreeBSD-SA-00:06.htdig"
date = "2000-03-01"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/403"
[[advisories]]
name = "FreeBSD-SA-00:05.mysql"
date = "2000-02-28"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/402"
[[advisories]]
name = "FreeBSD-SA-00:04.delegate"
date = "2000-02-19"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/392"
[[advisories]]
name = "FreeBSD-SA-00:03.asmon"
date = "2000-02-19"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/391"
[[advisories]]
name = "FreeBSD-SA-00:02.procfs"
date = "2000-01-24"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/380"
[[advisories]]
name = "FreeBSD-SA-00:01.make"
date = "2000-01-19"
[[advisories]]
name = "FreeBSD-SA-99:06.amd"
date = "1999-09-16"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/318"
[[advisories]]
name = "FreeBSD-SA-99:05.fts"
date = "1999-09-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/313"
[[advisories]]
name = "FreeBSD-SA-99:04.core"
date = "1999-09-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/312"
[[advisories]]
name = "FreeBSD-SA-99:03.ftpd"
date = "1999-09-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/311"
[[advisories]]
name = "FreeBSD-SA-99:02.profil"
date = "1999-09-04"
[[advisories]]
name = "FreeBSD-SA-99:01.chflags"
date = "1999-09-04"
[[advisories]]
name = "FreeBSD-SA-98:08.fragment"
date = "1998-11-04"
[[advisories]]
name = "FreeBSD-SA-98:07.rst"
date = "1998-10-13"
[[advisories]]
name = "FreeBSD-SA-98:06.icmp"
date = "1998-06-10"
[[advisories]]
name = "FreeBSD-SA-98:05.nfs"
date = "1998-06-04"
[[advisories]]
name = "FreeBSD-SA-98:04.mmap"
date = "1998-06-02"
[[advisories]]
name = "FreeBSD-SA-98:03.ttcp"
date = "1998-05-14"
[[advisories]]
name = "FreeBSD-SA-98:02.mmap"
date = "1998-03-12"
[[advisories]]
name = "FreeBSD-SA-97:06.f00f"
date = "1997-12-09"
[[advisories]]
name = "FreeBSD-SA-98:01.land"
date = "1997-12-01"
[[advisories]]
name = "FreeBSD-SA-97:05.open"
date = "1997-10-29"
[[advisories]]
name = "FreeBSD-SA-97:04.procfs"
date = "1997-08-19"
[[advisories]]
name = "FreeBSD-SA-97:03.sysinstall"
date = "1997-04-07"
[[advisories]]
name = "FreeBSD-SA-97:02.lpd"
date = "1997-03-26"
[[advisories]]
name = "FreeBSD-SA-97:01.setlocale"
date = "1997-02-05"
[[advisories]]
name = "FreeBSD-SA-96:21.talkd"
date = "1997-01-18"
[[advisories]]
name = "FreeBSD-SA-96:20.stack-overflow"
date = "1996-12-16"
[[advisories]]
name = "FreeBSD-SA-96:19.modstat"
date = "1996-12-10"
[[advisories]]
name = "FreeBSD-SA-96:18.lpr"
date = "1996-11-25"
[[advisories]]
name = "FreeBSD-SA-96:17.rzsz"
date = "1996-07-16"
[[advisories]]
name = "FreeBSD-SA-96:16.rdist"
date = "1996-07-12"
[[advisories]]
name = "FreeBSD-SA-96:15.ppp"
date = "1996-07-04"
[[advisories]]
name = "FreeBSD-SA-96:12.perl"
date = "1996-06-28"
[[advisories]]
name = "FreeBSD-SA-96:14.ipfw"
date = "1996-06-24"
[[advisories]]
name = "FreeBSD-SA-96:13.comsat"
date = "1996-06-05"
[[advisories]]
name = "FreeBSD-SA-96:11.man"
date = "1996-05-21"
[[advisories]]
name = "FreeBSD-SA-96:10.mount_union"
date = "1996-05-17"
[[advisories]]
name = "FreeBSD-SA-96:09.vfsload"
date = "1996-05-17"
[[advisories]]
name = "FreeBSD-SA-96:02.apache"
date = "1996-04-22"
[[advisories]]
name = "FreeBSD-SA-96:08.syslog"
date = "1996-04-21"
[[advisories]]
name = "FreeBSD-SA-96:01.sliplogin"
date = "1996-04-21"
[[advisories]]
name = "FreeBSD-SA-96:03.sendmail-suggestion"
date = "1996-04-20"
diff --git a/website/data/security/errata.toml b/website/data/security/errata.toml
index ddd7e6e5da..83dfdc6468 100644
--- a/website/data/security/errata.toml
+++ b/website/data/security/errata.toml
@@ -1,979 +1,983 @@
# Sort errata notices by year, month and day
# $FreeBSD$
+[[notices]]
+name = "FreeBSD-EN-24:16.pf"
+date = "2024-09-19"
+
[[notices]]
name = "FreeBSD-EN-24:15.calendar"
date = "2024-09-04"
[[notices]]
name = "FreeBSD-EN-24:14.ifconfig"
date = "2024-08-07"
[[notices]]
name = "FreeBSD-EN-24:13.libc++"
date = "2024-06-19"
[[notices]]
name = "FreeBSD-EN-24:12.killpg"
date = "2024-06-19"
[[notices]]
name = "FreeBSD-EN-24:11.ldns"
date = "2024-06-19"
[[notices]]
name = "FreeBSD-EN-24:10.zfs"
date = "2024-06-19"
[[notices]]
name = "FreeBSD-EN-24:09.zfs"
date = "2024-04-24"
[[notices]]
name = "FreeBSD-EN-24:08.kerberos"
date = "2024-03-28"
[[notices]]
name = "FreeBSD-EN-24:07.clang"
date = "2024-03-28"
[[notices]]
name = "FreeBSD-EN-24:06.wireguard"
date = "2024-03-28"
[[notices]]
name = "FreeBSD-EN-24:05.tty"
date = "2024-03-28"
[[notices]]
name = "FreeBSD-EN-24:04.ip"
date = "2024-02-14"
[[notices]]
name = "FreeBSD-EN-24:03.kqueue"
date = "2024-02-14"
[[notices]]
name = "FreeBSD-EN-24:02.libutil"
date = "2024-02-14"
[[notices]]
name = "FreeBSD-EN-24:01.tzdata"
date = "2024-02-14"
[[notices]]
name = "FreeBSD-EN-23:22.vfs"
date = "2023-12-05"
[[notices]]
name = "FreeBSD-EN-23:21.tty"
date = "2023-12-05"
[[notices]]
name = "FreeBSD-EN-23:20.vm"
date = "2023-12-05"
[[notices]]
name = "FreeBSD-EN-23:19.pkgbase"
date = "2023-12-05"
[[notices]]
name = "FreeBSD-EN-23:18.openzfs"
date = "2023-12-05"
[[notices]]
name = "FreeBSD-EN-23:17.ossl"
date = "2023-12-05"
[[notices]]
name = "FreeBSD-EN-23:16.openzfs"
date = "2023-12-01"
[[notices]]
name = "FreeBSD-EN-23:15.sanitizer"
date = "2023-12-01"
[[notices]]
name = "FreeBSD-EN-23:14.regcomp"
date = "2023-11-08"
[[notices]]
name = "FreeBSD-EN-23:13.freebsd-update"
date = "2023-11-08"
[[notices]]
name = "FreeBSD-EN-23:12.freebsd-update"
date = "2023-10-03"
[[notices]]
name = "FreeBSD-EN-23:11.caroot"
date = "2023-09-06"
[[notices]]
name = "FreeBSD-EN-23:10.pci"
date = "2023-09-06"
[[notices]]
name = "FreeBSD-EN-23:09.freebsd-update"
date = "2023-09-06"
[[notices]]
name = "FreeBSD-EN-23:08.vnet"
date = "2023-08-01"
[[notices]]
name = "FreeBSD-EN-23:07.mpr"
date = "2023-06-21"
[[notices]]
name = "FreeBSD-EN-23:06.loader"
date = "2023-06-21"
[[notices]]
name = "FreeBSD-EN-23:05.tzdata"
date = "2023-06-21"
[[notices]]
name = "FreeBSD-EN-23:04.ixgbe"
date = "2023-02-08"
[[notices]]
name = "FreeBSD-EN-23:03.ena"
date = "2023-02-08"
[[notices]]
name = "FreeBSD-EN-23:02.sdhci"
date = "2023-02-08"
[[notices]]
name = "FreeBSD-EN-23:01.tzdata"
date = "2023-02-08"
[[notices]]
name = "FreeBSD-EN-22:28.heimdal"
date = "2022-11-29"
[[notices]]
name = "FreeBSD-EN-22:27.loader"
date = "2022-11-01"
[[notices]]
name = "FreeBSD-EN-22:26.cam"
date = "2022-11-01"
[[notices]]
name = "FreeBSD-EN-22:25.tcp"
date = "2022-11-01"
[[notices]]
name = "FreeBSD-EN-22:24.zfs"
date = "2022-11-01"
[[notices]]
name = "FreeBSD-EN-22:23.vm"
date = "2022-11-01"
[[notices]]
name = "FreeBSD-EN-22:22.tzdata"
date = "2022-11-01"
[[notices]]
name = "FreeBSD-EN-22:21.zfs"
date = "2022-11-01"
[[notices]]
name = "FreeBSD-EN-22:20.tzdata"
date = "2022-08-30"
[[notices]]
name = "FreeBSD-EN-22:19.pam_exec"
date = "2022-08-09"
[[notices]]
name = "FreeBSD-EN-22:18.wifi"
date = "2022-08-09"
[[notices]]
name = "FreeBSD-EN-22:17.cam"
date = "2022-08-09"
[[notices]]
name = "FreeBSD-EN-22:16.kqueue"
date = "2022-08-09"
[[notices]]
name = "FreeBSD-EN-22:15.pf"
date = "2022-04-06"
[[notices]]
name = "FreeBSD-EN-22:14.tzdata"
date = "2022-03-22"
[[notices]]
name = "FreeBSD-EN-22:13.zfs"
date = "2022-03-21"
[[notices]]
name = "FreeBSD-EN-22:12.zfs"
date = "2022-03-15"
[[notices]]
name = "FreeBSD-EN-22:11.zfs"
date = "2022-03-15"
[[notices]]
name = "FreeBSD-EN-22:10.zfs"
date = "2022-03-15"
[[notices]]
name = "FreeBSD-EN-22:09.freebsd-update"
date = "2022-03-15"
[[notices]]
name = "FreeBSD-EN-22:08.i386"
date = "2022-02-01"
[[notices]]
name = "FreeBSD-EN-22:07.la57"
date = "2022-02-01"
[[notices]]
name = "FreeBSD-EN-22:06.libalias"
date = "2022-01-11"
[[notices]]
name = "FreeBSD-EN-22:05.tail"
date = "2022-01-11"
[[notices]]
name = "FreeBSD-EN-22:04.pcid"
date = "2022-01-11"
[[notices]]
name = "FreeBSD-EN-22:03.hyperv"
date = "2022-01-11"
[[notices]]
name = "FreeBSD-EN-22:02.xsave"
date = "2022-01-11"
[[notices]]
name = "FreeBSD-EN-22:01.fsck_ffs"
date = "2022-01-11"
[[notices]]
name = "FreeBSD-EN-21:29.tzdata"
date = "2021-11-03"
[[notices]]
name = "FreeBSD-EN-21:28.vmci"
date = "2021-11-03"
[[notices]]
name = "FreeBSD-EN-21:27.caroot"
date = "2021-11-03"
[[notices]]
name = "FreeBSD-EN-21:26.libevent"
date = "2021-11-03"
[[notices]]
name = "FreeBSD-EN-21:25.bhyve"
date = "2021-08-24"
[[notices]]
name = "FreeBSD-EN-21:24.libcrypto"
date = "2021-08-24"
[[notices]]
name = "FreeBSD-EN-21:23.virtio_blk"
date = "2021-08-24"
[[notices]]
name = "FreeBSD-EN-21:22.linux_futex"
date = "2021-06-29"
[[notices]]
name = "FreeBSD-EN-21:21.ipfw"
date = "2021-06-29"
[[notices]]
name = "FreeBSD-EN-21:20.vlan"
date = "2021-06-29"
[[notices]]
name = "FreeBSD-EN-21:19.libcasper"
date = "2021-06-29"
[[notices]]
name = "FreeBSD-EN-21:18.libc++"
date = "2021-06-29"
[[notices]]
name = "FreeBSD-EN-21:17.libradius"
date = "2021-06-01"
[[notices]]
name = "FreeBSD-EN-21:16.bc"
date = "2021-05-26"
[[notices]]
name = "FreeBSD-EN-21:15.virtio"
date = "2021-05-26"
[[notices]]
name = "FreeBSD-EN-21:14.pms"
date = "2021-05-26"
[[notices]]
name = "FreeBSD-EN-21:13.mpt"
date = "2021-05-26"
[[notices]]
name = "FreeBSD-EN-21:12.divert"
date = "2021-05-26"
[[notices]]
name = "FreeBSD-EN-21:11.aesni"
date = "2021-05-26"
[[notices]]
name = "FreeBSD-EN-21:10.lldb"
date = "2021-04-06"
[[notices]]
name = "FreeBSD-EN-21:09.pf"
date = "2021-04-06"
[[notices]]
name = "FreeBSD-EN-21:08.freebsd-update"
date = "2021-02-24"
[[notices]]
name = "FreeBSD-EN-21:07.caroot"
date = "2021-02-24"
[[notices]]
name = "FreeBSD-EN-21:06.microcode"
date = "2021-02-24"
[[notices]]
name = "FreeBSD-EN-21:05.libatomic"
date = "2021-01-29"
[[notices]]
name = "FreeBSD-EN-21:04.zfs"
date = "2021-01-29"
[[notices]]
name = "FreeBSD-EN-21:03.vnet"
date = "2021-01-29"
[[notices]]
name = "FreeBSD-EN-21:02.extattr"
date = "2021-01-29"
[[notices]]
name = "FreeBSD-EN-21:01.tzdata"
date = "2021-01-29"
[[notices]]
name = "FreeBSD-EN-20:22.callout"
date = "2020-12-01"
[[notices]]
name = "FreeBSD-EN-20:21.ipfw"
date = "2020-12-01"
[[notices]]
name = "FreeBSD-EN-20:20.tzdata"
date = "2020-12-01"
[[notices]]
name = "FreeBSD-EN-20:19.audit"
date = "2020-12-01"
[[notices]]
name = "FreeBSD-EN-20:18.getfsstat"
date = "2020-09-02"
[[notices]]
name = "FreeBSD-EN-20:17.linuxthread"
date = "2020-09-02"
[[notices]]
name = "FreeBSD-EN-20:16.vmx"
date = "2020-08-05"
[[notices]]
name = "FreeBSD-EN-20:15.mps"
date = "2020-07-08"
[[notices]]
name = "FreeBSD-EN-20:14.linuxkpi"
date = "2020-07-08"
[[notices]]
name = "FreeBSD-EN-20:13.bhyve"
date = "2020-07-08"
[[notices]]
name = "FreeBSD-EN-20:12.iflib"
date = "2020-06-09"
[[notices]]
name = "FreeBSD-EN-20:11.ena"
date = "2020-06-09"
[[notices]]
name = "FreeBSD-EN-20:10.build"
date = "2020-05-12"
[[notices]]
name = "FreeBSD-EN-20:09.igb"
date = "2020-05-12"
[[notices]]
name = "FreeBSD-EN-20:08.tzdata"
date = "2020-05-12"
[[notices]]
name = "FreeBSD-EN-20:07.quotad"
date = "2020-04-21"
[[notices]]
name = "FreeBSD-EN-20:06.ipv6"
date = "2020-03-19"
[[notices]]
name = "FreeBSD-EN-20:05.mlx5en"
date = "2020-03-19"
[[notices]]
name = "FreeBSD-EN-20:04.pfctl"
date = "2020-03-19"
[[notices]]
name = "FreeBSD-EN-20:03.sshd"
date = "2020-03-19"
[[notices]]
name = "FreeBSD-EN-20:02.nmount"
date = "2020-01-28"
[[notices]]
name = "FreeBSD-EN-20:01.ssp"
date = "2020-01-28"
[[notices]]
name = "FreeBSD-EN-19:19.loader"
date = "2019-11-12"
[[notices]]
name = "FreeBSD-EN-19:18.tzdata"
date = "2019-10-23"
[[notices]]
name = "FreeBSD-EN-19:17.ipfw"
date = "2019-08-20"
[[notices]]
name = "FreeBSD-EN-19:16.bhyve"
date = "2019-08-20"
[[notices]]
name = "FreeBSD-EN-19:15.libunwind"
date = "2019-08-06"
[[notices]]
name = "FreeBSD-EN-19:14.epoch"
date = "2019-08-06"
[[notices]]
name = "FreeBSD-EN-19:13.mds"
date = "2019-07-24"
[[notices]]
name = "FreeBSD-EN-19:12.tzdata"
date = "2019-07-02"
[[notices]]
name = "FreeBSD-EN-19:11.net"
date = "2019-06-19"
[[notices]]
name = "FreeBSD-EN-19:10.scp"
date = "2019-05-14"
[[notices]]
name = "FreeBSD-EN-19:09.xinstall"
date = "2019-05-14"
[[notices]]
name = "FreeBSD-EN-19:08.tzdata"
date = "2019-05-14"
[[notices]]
name = "FreeBSD-EN-19:07.lle"
date = "2019-02-05"
[[notices]]
name = "FreeBSD-EN-19:06.dtrace"
date = "2019-02-05"
[[notices]]
name = "FreeBSD-EN-19:05.kqueue"
date = "2019-01-09"
[[notices]]
name = "FreeBSD-EN-19:04.tzdata"
date = "2019-01-09"
[[notices]]
name = "FreeBSD-EN-19:03.sqlite"
date = "2019-01-09"
[[notices]]
name = "FreeBSD-EN-19:02.tcp"
date = "2019-01-09"
[[notices]]
name = "FreeBSD-EN-19:01.cc_cubic"
date = "2019-01-09"
[[notices]]
name = "FreeBSD-EN-18:18.zfs"
date = "2018-12-19"
[[notices]]
name = "FreeBSD-EN-18:17.vm"
date = "2018-12-19"
[[notices]]
name = "FreeBSD-EN-18:16.ptrace"
date = "2018-12-19"
[[notices]]
name = "FreeBSD-EN-18:15.loader"
date = "2018-11-27"
[[notices]]
name = "FreeBSD-EN-18:14.tzdata"
date = "2018-11-27"
[[notices]]
name = "FreeBSD-EN-18:13.icmp"
date = "2018-11-27"
[[notices]]
name = "FreeBSD-EN-18:12.mem"
date = "2018-09-27"
[[notices]]
name = "FreeBSD-EN-18:11.listen"
date = "2018-09-27"
[[notices]]
name = "FreeBSD-EN-18:10.syscall"
date = "2018-09-27"
[[notices]]
name = "FreeBSD-EN-18:09.ip"
date = "2018-09-27"
[[notices]]
name = "FreeBSD-EN-18:08.lazyfpu"
date = "2018-09-12"
[[notices]]
name = "FreeBSD-EN-18:07.pmap"
date = "2018-06-21"
[[notices]]
name = "FreeBSD-EN-18:06.tzdata"
date = "2018-05-08"
[[notices]]
name = "FreeBSD-EN-18:05.mem"
date = "2018-05-08"
[[notices]]
name = "FreeBSD-EN-18:04.mem"
date = "2018-04-04"
[[notices]]
name = "FreeBSD-EN-18:03.tzdata"
date = "2018-04-04"
[[notices]]
name = "FreeBSD-EN-18:02.file"
date = "2018-03-07"
[[notices]]
name = "FreeBSD-EN-18:01.tzdata"
date = "2018-03-07"
[[notices]]
name = "FreeBSD-EN-17:09.tzdata"
date = "2017-11-02"
[[notices]]
name = "FreeBSD-EN-17:08.pf"
date = "2017-08-10"
[[notices]]
name = "FreeBSD-EN-17:07.vnet"
date = "2017-08-10"
[[notices]]
name = "FreeBSD-EN-17:06.hyperv"
date = "2017-07-12"
[[notices]]
name = "FreeBSD-EN-17:05.xen"
date = "2017-04-12"
[[notices]]
name = "FreeBSD-EN-17:04.mandoc"
date = "2017-02-23"
[[notices]]
name = "FreeBSD-EN-17:03.hyperv"
date = "2017-02-23"
[[notices]]
name = "FreeBSD-EN-17:02.yp"
date = "2017-02-23"
[[notices]]
name = "FreeBSD-EN-17:01.pcie"
date = "2017-02-23"
[[notices]]
name = "FreeBSD-EN-16:21.localedef"
date = "2016-12-06"
[[notices]]
name = "FreeBSD-EN-16:20.tzdata"
date = "2016-12-06"
[[notices]]
name = "FreeBSD-EN-16:19.tzcode"
date = "2016-12-06"
[[notices]]
name = "FreeBSD-EN-16:18.loader"
date = "2016-10-25"
[[notices]]
name = "FreeBSD-EN-16:17.vm"
date = "2016-10-25"
[[notices]]
name = "FreeBSD-EN-16:16.hv_storvsc"
date = "2016-08-12"
[[notices]]
name = "FreeBSD-EN-16:15.vmbus"
date = "2016-08-12"
[[notices]]
name = "FreeBSD-EN-16:14.hv_storvsc"
date = "2016-08-12"
[[notices]]
name = "FreeBSD-EN-16:13.vmbus"
date = "2016-08-12"
[[notices]]
name = "FreeBSD-EN-16:12.hv_storvsc"
date = "2016-08-12"
[[notices]]
name = "FreeBSD-EN-16:11.vmbus"
date = "2016-08-12"
[[notices]]
name = "FreeBSD-EN-16:10.dhclient"
date = "2016-08-12"
[[notices]]
name = "FreeBSD-EN-16:09.freebsd-update"
date = "2016-07-25"
[[notices]]
name = "FreeBSD-EN-16:08.zfs"
date = "2016-05-04"
[[notices]]
name = "FreeBSD-EN-16:07.ipi"
date = "2016-05-04"
[[notices]]
name = "FreeBSD-EN-16:06.libc"
date = "2016-05-04"
[[notices]]
name = "FreeBSD-EN-16:05.hv_netvsc"
date = "2016-03-16"
[[notices]]
name = "FreeBSD-EN-16:04.hyperv"
date = "2016-03-16"
[[notices]]
name = "FreeBSD-EN-16:03.yplib"
date = "2016-01-14"
[[notices]]
name = "FreeBSD-EN-16:02.pf"
date = "2016-01-14"
[[notices]]
name = "FreeBSD-EN-16:01.filemon"
date = "2016-01-14"
[[notices]]
name = "FreeBSD-EN-15:20.vm"
date = "2015-11-04"
[[notices]]
name = "FreeBSD-EN-15:19.kqueue"
date = "2015-11-04"
[[notices]]
name = "FreeBSD-EN-15:18.pkg"
date = "2015-09-16"
[[notices]]
name = "FreeBSD-EN-15:17.libc"
date = "2015-09-16"
[[notices]]
name = "FreeBSD-EN-15:16.pw"
date = "2015-09-16"
[[notices]]
name = "FreeBSD-EN-15:15.pkg"
date = "2015-08-25"
[[notices]]
name = "FreeBSD-EN-15:14.ixgbe"
date = "2015-08-25"
[[notices]]
name = "FreeBSD-EN-15:13.vidcontrol"
date = "2015-08-18"
[[notices]]
name = "FreeBSD-EN-15:12.netstat"
date = "2015-08-18"
[[notices]]
name = "FreeBSD-EN-15:11.toolchain"
date = "2015-08-18"
[[notices]]
name = "FreeBSD-EN-15:10.iconv"
date = "2015-06-30"
[[notices]]
name = "FreeBSD-EN-15:09.xlocale"
date = "2015-06-30"
[[notices]]
name = "FreeBSD-EN-15:08.sendmail"
date = "2015-06-18"
[[notices]]
name = "FreeBSD-EN-15:07.zfs"
date = "2015-06-09"
[[notices]]
name = "FreeBSD-EN-15:06.file"
date = "2015-06-09"
[[notices]]
name = "FreeBSD-EN-15:05.ufs"
date = "2015-05-13"
[[notices]]
name = "FreeBSD-EN-15:04.freebsd-update"
date = "2015-05-13"
[[notices]]
name = "FreeBSD-EN-15:03.freebsd-update"
date = "2015-02-25"
[[notices]]
name = "FreeBSD-EN-15:02.openssl"
date = "2015-02-25"
[[notices]]
name = "FreeBSD-EN-15:01.vt"
date = "2015-02-25"
[[notices]]
name = "FreeBSD-EN-14:13.freebsd-update"
date = "2014-12-23"
[[notices]]
name = "FreeBSD-EN-14:12.zfs"
date = "2014-11-04"
[[notices]]
name = "FreeBSD-EN-14:11.crypt"
date = "2014-10-22"
[[notices]]
name = "FreeBSD-EN-14:10.tzdata"
date = "2014-10-22"
[[notices]]
name = "FreeBSD-EN-14:09.jail"
date = "2014-07-08"
[[notices]]
name = "FreeBSD-EN-14:08.heimdal"
date = "2014-06-24"
[[notices]]
name = "FreeBSD-EN-14:07.pmap"
date = "2014-06-24"
[[notices]]
name = "FreeBSD-EN-14:06.exec"
date = "2014-06-03"
[[notices]]
name = "FreeBSD-EN-14:05.ciss"
date = "2014-05-13"
[[notices]]
name = "FreeBSD-EN-14:04.kldxref"
date = "2014-05-13"
[[notices]]
name = "FreeBSD-EN-14:03.pkg"
date = "2014-05-13"
[[notices]]
name = "FreeBSD-EN-14:02.mmap"
date = "2014-01-14"
[[notices]]
name = "FreeBSD-EN-14:01.random"
date = "2014-01-14"
[[notices]]
name = "FreeBSD-EN-13:05.freebsd-update"
date = "2013-11-28"
[[notices]]
name = "FreeBSD-EN-13:04.freebsd-update"
date = "2013-10-26"
[[notices]]
name = "FreeBSD-EN-13:03.mfi"
date = "2013-08-22"
[[notices]]
name = "FreeBSD-EN-13:01.fxp"
date = "2013-06-28"
[[notices]]
name = "FreeBSD-EN-13:02.vtnet"
date = "2013-06-28"
[[notices]]
name = "FreeBSD-EN-12:02.ipv6refcount"
date = "2012-06-12"
[[notices]]
name = "FreeBSD-EN-12:01.freebsd-update"
date = "2012-01-04"
[[notices]]
name = "FreeBSD-EN-10:02.sched_ule"
date = "2010-02-27"
[[notices]]
name = "FreeBSD-EN-10:01.freebsd"
date = "2010-01-06"
[[notices]]
name = "FreeBSD-EN-09:05.null"
date = "2009-10-02"
[[notices]]
name = "FreeBSD-EN-09:04.fork"
date = "2009-06-24"
[[notices]]
name = "FreeBSD-EN-09:03.fxp"
date = "2009-06-24"
[[notices]]
name = "FreeBSD-EN-09:02.bce"
date = "2009-06-24"
[[notices]]
name = "FreeBSD-EN-09:01.kenv"
date = "2009-03-23"
[[notices]]
name = "FreeBSD-EN-08:02.tcp"
date = "2008-06-19"
[[notices]]
name = "FreeBSD-EN-08:01.libpthread"
date = "2008-04-17"
[[notices]]
name = "FreeBSD-EN-07:05.freebsd-update"
date = "2007-03-15"
[[notices]]
name = "FreeBSD-EN-07:04.zoneinfo"
date = "2007-02-28"
[[notices]]
name = "FreeBSD-EN-07:03.rc.d_jail"
date = "2007-02-28"
[[notices]]
name = "FreeBSD-EN-07:02.net"
date = "2007-02-28"
[[notices]]
name = "FreeBSD-EN-07:01.nfs"
date = "2007-02-14"
[[notices]]
name = "FreeBSD-EN-06:02.net"
date = "2006-08-28"
[[notices]]
name = "FreeBSD-EN-06:01.jail"
date = "2006-07-07"
[[notices]]
name = "FreeBSD-EN-05:04.nfs"
date = "2005-12-19"
[[notices]]
name = "FreeBSD-EN-05:03.ipi"
date = "2005-01-16"
[[notices]]
name = "FreeBSD-EN-05:02.sk"
date = "2005-01-06"
[[notices]]
name = "FreeBSD-EN-05:01.nfs"
date = "2005-01-05"
[[notices]]
name = "FreeBSD-EN-04:01.twe"
date = "2004-06-28"
diff --git a/website/static/security/advisories/FreeBSD-EN-24:16.pf.asc b/website/static/security/advisories/FreeBSD-EN-24:16.pf.asc
new file mode 100644
index 0000000000..3c38b7cd27
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-EN-24:16.pf.asc
@@ -0,0 +1,160 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-24:16.pf Errata Notice
+ The FreeBSD Project
+
+Topic: Incorrect ICMPv6 state handling in pf
+
+Category: core
+Module: pf
+Announced: 2024-09-19
+Affects: All supported versions of FreeBSD
+Corrected: 2024-09-04 08:53:34 UTC (stable/14, 14.1-STABLE)
+ 2024-09-19 13:02:58 UTC (releng/14.1, 14.1-RELEASE-p5)
+ 2024-09-19 13:03:30 UTC (releng/14.0, 14.0-RELEASE-p11)
+ 2024-09-04 08:53:34 UTC (stable/13, 13.4-STABLE)
+ 2024-09-05 07:35:39 UTC (releng/13.4, 13.4-RC3)
+ 2024-09-19 13:04:05 UTC (releng/13.3, 13.3-RELEASE-p7)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+.
+
+I. Background
+
+pf is an Internet Protocol packet filter originally written for OpenBSD. pf
+uses a state table to determine whether to allow a packet that is from a
+known/already open transmission. It identifies ICMPv6 states based on the
+address family, protocol, addresses, and the ID.
+
+Normally, states are created by outgoing packets, or by incoming packets
+matching 'pass' rules. Packets that do not match any rule will be blocked or
+allowed depending on the default rule.
+
+ICMPv6 Neighbor Discovery has to be allowed in the firewall for IPv6 to work
+properly in broadcast networks, such as Ethernet.
+
+II. Problem Description
+
+Patches for a previous security advisory, FreeBSD-SA-24:05, were incomplete
+and introduced some overly strict pf state tracking for ICMPv6 packets.
+
+III. Impact
+
+The bugs may prevent ICMPv6 functions, e.g., Neighbor Discovery, from working
+as designed when the pf firewall is configured.
+
+IV. Workaround
+
+No workaround is available but systems not using IPv6 and the pf firewall are
+not affected.
+
+V. Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date and reboot.
+
+Perform one of the following:
+
+1) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms,
+or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8)
+utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for a security update"
+
+2) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 14.1]
+# fetch https://security.FreeBSD.org/patches/EN-23:16/pf-14.1.patch
+# fetch https://security.FreeBSD.org/patches/EN-23:16/pf-14.1.patch.asc
+# gpg --verify pf-14.1.patch.asc
+
+[FreeBSD 14.0]
+# fetch https://security.FreeBSD.org/patches/EN-23:16/pf-14.0.patch
+# fetch https://security.FreeBSD.org/patches/EN-23:16/pf-14.0.patch.asc
+# gpg --verify pf-14.0.patch.asc
+
+[FreeBSD 13.4]
+No discrete patch is provided against 13.4 as the fix for this issue was
+incorporated into 13.4-RELEASE.
+
+[FreeBSD 13.3]
+# fetch https://security.FreeBSD.org/patches/EN-23:16/pf-13.3.patch
+# fetch https://security.FreeBSD.org/patches/EN-23:16/pf-13.3.patch.asc
+# gpg --verify pf-13.3.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+ and reboot the
+system.
+
+VI. Correction details
+
+This issue is corrected as of the corresponding Git commit hash in the
+following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/14/ 38f74de7184a stable/14-n268653
+releng/14.1/ 1e965d5399e1 releng/14.1-n267715
+releng/14.0/ 413ae023b056 releng/14.0-n265452
+stable/13/ d6e5f8643d37 stable/13-n258307
+releng/13.4/ e893ec49afb2 releng/13.4-n258254
+releng/13.3/ ea9257bcd0e1 releng/13.3-n257467
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+
+
+
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmbsPQkACgkQbljekB8A
+Gu9jORAAw5niz67Jcjm2fP6//BNGgDTlXR+rI+Yajm3lNLqhz0xPZ7BDTZ/NINwc
+bUfEK74R8n4kBuwhfIWendmDrYveeqGhhlZZOgiQfqXJuKmg6FBmQVQruq/Njs1Y
+y1BOI/KOSyRjzB3nrq1D8HpTtj8zJdtlB3rvKbEL038BmM/AslOdQvZLq12xPyNO
+xYqOYao664IaG6kqNUtN8oE8UpY0ACQGRt8BX2izLa+MAsDyglT2K3YS3cEiGRP9
+ZdbKplcVTZuNZ2XIORXkatRLCgC5BnFu0bK9TO6iMPtciX0ZwKov79zAvl14TK++
+sZhY2bKFEq1VrvpdngjAZfWNMTysQCZIsWqsBJCMQb42Q/DY9Cxs7KK2231zKkt2
+FcKdmQro2Qiy5DIClDoZuvQitQ6hRBFaffL6yRy2Zya70gz8cok3t7iEMsB9oSr3
+BVyNYBHwD3JUkq663mO785zvSIZAxQcqvuR8Tn034ffqJEojI1eFBNaHUcKvt4q4
+Uea03m+zq6xwFH/ZzUow/FFxBC67Nzje+2y3gaCLt4oKPxMDmvP2N43wbHevoTPD
+/p4M8fki6RFzOEjc/+vAveul23dbNmbB1ssEdkG6VcqGcesdNTygei9r7j4GGJc4
+VjPmZ0emfR22lfGLGH817odQxXfb/0UYpiTuRcG1cKeU2Fv1Lg8=
+=w2vT
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-SA-24:05.pf.asc b/website/static/security/advisories/FreeBSD-SA-24:05.pf.asc
index 0c6d2b859d..aa65bb2f3c 100644
--- a/website/static/security/advisories/FreeBSD-SA-24:05.pf.asc
+++ b/website/static/security/advisories/FreeBSD-SA-24:05.pf.asc
@@ -1,155 +1,165 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-SA-24:05.pf Security Advisory
The FreeBSD Project
Topic: pf incorrectly matches different ICMPv6 states in the state table
Category: core
Module: pf
Announced: 2024-08-07
Credits: Enrico Bassetti e.bassetti@tudelft.nl
(Cybersecurity @ TU Delft, SPRITZ Group @ UniPD)
Affects: All supported versions of FreeBSD.
Corrected: 2024-07-31 07:41:11 UTC (stable/14, 14.0-STABLE)
2024-08-07 13:44:25 UTC (releng/14.1, 14.1-RELEASE-p3)
2024-08-07 13:44:46 UTC (releng/14.0, 14.0-RELEASE-p9)
2024-07-31 07:41:12 UTC (stable/13, 13.3-STABLE)
2024-08-07 13:44:57 UTC (releng/13.3, 13.3-RELEASE-p5)
CVE Name: CVE-2024-6640
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit .
+Note: This advisory introduced additional issues that were addressed by
+FreeBSD-EN-24:16.pf. Please refer to that erratum for additional fixes.
+
+0. Revision History
+
+v1.0 2024-08-07 -- Initial release
+v1.1 2024-09-19 -- Add reference to EN-24:16.pf
+
I. Background
pf is an Internet Protocol packet filter originally written for OpenBSD. pf
uses a state table to determine whether to allow a packet that is from a
known/already open transmission. It identifies ICMPv6 states based on the
address family, protocol, addresses, and the ID.
Normally, states are created by outgoing packets, or by incoming packets
matching 'pass' rules. A packet that do not match any rule will be blocked
or allowed depending on the default rule.
ICMPv6 Neighbor Discovery has to be allowed in the firewall for IPv6 to work
properly in broadcast networks, such as Ethernet.
II. Problem Description
In ICMPv6 Neighbor Discovery (ND), the ID is always 0. When pf is configured
to allow ND and block incoming Echo Requests, a crafted Echo Request packet
after a Neighbor Solicitation (NS) can trigger an Echo Reply. The packet has
to come from the same host as the NS and have a zero as identifier to match
the state created by the Neighbor Discovery and allow replies to be
generated.
III. Impact
ICMPv6 packets with identifier value of zero bypass firewall rules written on
the assumption that the incoming packets are going to create a state in the
state table.
IV. Workaround
No workaround is available but systems not using the pf firewall are not
affected.
V. Solution
Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date
and reboot.
Perform one of the following:
1) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms,
or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8)
utility:
# freebsd-update fetch
# freebsd-update install
# shutdown -r +10min "Rebooting for a security update"
2) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
[FreeBSD 13.3]
# fetch https://security.FreeBSD.org/patches/SA-24:05/pf-13.patch
# fetch https://security.FreeBSD.org/patches/SA-24:05/pf-13.patch.asc
# gpg --verify pf.patch.asc
[FreeBSD 14.0 & FreeBSD 14.1]
# fetch https://security.FreeBSD.org/patches/SA-24:05/pf-14.patch
# fetch https://security.FreeBSD.org/patches/SA-24:05/pf-14.patch.asc
# gpg --verify pf.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
and reboot the
system.
VI. Correction details
This issue is corrected as of the corresponding Git commit hash in the
following stable and release branches:
Branch/path Hash Revision
- -------------------------------------------------------------------------
stable/14/ 3382c691dc6a stable/14-n268277
releng/14.1/ a66d33fcf334 releng/14.1-n267690
releng/14.0/ ca9580967e74 releng/14.0-n265428
stable/13/ 05f91f8dd5ce stable/13-n258160
releng/13.3/ 5eb30c313cb0 releng/13.3-n257443
- -------------------------------------------------------------------------
Run the following command to see which files were modified by a
particular commit:
# git show --stat
Or visit the following URL, replacing NNNNNN with the hash:
To determine the commit count in a working tree (for comparison against
nNNNNNN in the table above), run:
# git rev-list --count --first-parent HEAD
VII. References
+
+
The latest revision of this advisory is available at
-----BEGIN PGP SIGNATURE-----
-iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmazhasACgkQbljekB8A
-Gu9/0Q//S/qcyIxnQ1V8Gz8ghAQuJu8OlTdYV9OexFSKExcbc9FYK6LwhSUfPtHf
-Bx9KowhQCH2D1X33qHRUCWVhDMhgpvHmg/+ajnm0IP/+nc+ZnNFCC0Ew5b/mk7Uw
-jQAxW54/RSe1Cnl11T4RTcPI7YhGTej8T5T8dm2TlCdTI3m7xS/zfR3e4x89yrmW
-gVUBG54udbSSzxMDJk2rbr9anoinzaI0eiXY/rnb729OTU6y4SmJ9ZZZwXs+bRpP
-AUE7Zgj7pNrWC1CxTMy6XLdPE/L/8Yxz9mOFpyJcHahoEHcMH+5DKQePGa4mQgnS
-N8Srtrxx3Ipz5/zzOPr+O0BbOh8m7KMXU/J8Y3aHpUzbnr+IfGEUHBukN93M3qbV
-Qkw9iW+5HZ45P16Fyaj2cq7He7F39/7B/DhfjLldbUOnWGPmn3JrWkvONL++iAyI
-+vOrfGubyTtwgSdZGDcv+FUrL6af6nQzFBBgv4z4TpHN+BTcwA5c6JwuOlvMc5ZY
-ISh8WItjxmK5Gh27H7JBGKwWDnKYjqkRcgJ7QZd7dmjo2bzOlnKV0eYk51eBvoIh
-FV4YGAgMPxCJGBrl54/0F5+C8zl0cjNlEhnyyl2IEBbPbnfmvpNw3tMbJdPfEUhF
-DK+j5IkDU/4sNrV/dmeD+K+u/3xgDxtUv6IjH2odmADtlCbOV80=
-=/mRR
+iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmbsNYgACgkQbljekB8A
+Gu/+9Q/9H++Mts0NlrhE3hsCOats5GpAtsq/hRByjZx0flGwIKyIhvHh364hAWDQ
+gvdzWijlrYz86jiekM+CEpg08lkCKKm9jM22AaA2uZqIaUNgh0blenDMvAOqJc4W
+e08vmW1Q7RopuT3mjJHhqC9mU6s6B5aaAdjFfkKBRdp+BtMnTZmaH1Bx/acHx7SL
+R9WVIDUMEQVorqo1/2YnuO+LrAaiFEKkJ7YN+CS/wN2IbDaupyny1fWKffhBGu0C
+Hg/gubJuLGqlBvmDp88Mi+kxyzkw9+MbR3haS2P13FFxDj80JEhaH71hG7CAZ5xd
+1S1qv2PvpEKw8TdH249Z0YVK1aUA6h3wy6TWrQkM1YjaWzHY3XJoMq90OwluQQTI
+fw5njyLrVvYonHQLqLRv59hlC/0V9+Utpy8cvRA9d7dRf/JBarsFVhp5F7IQDLuq
+qE/vf+0lRa7WwFkr+FWfP4Cgt+I39DJFW0nybtll4eJfR5+0j+vGsaZZM973S94F
+xkqAU3xXulpQvT1qHvf7d7UY24H7Kmbzet0LNd30PrWT+uRktpZ164wHRZd96eHg
+3TXOvSTgqIzvsuxcBI0vh+5EWbTgMKOG21zSwwzbDMM1vNI/39YYJaWnNlUFH17+
+w0sm1aAF9P4vbAz7n+hxQVJFEAZwSChIfuPEuV8QKJGbpyqoDm8=
+=iMcB
-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-SA-24:09.libnv.asc b/website/static/security/advisories/FreeBSD-SA-24:09.libnv.asc
index 8fa9aa9e43..9c18ebdc37 100644
--- a/website/static/security/advisories/FreeBSD-SA-24:09.libnv.asc
+++ b/website/static/security/advisories/FreeBSD-SA-24:09.libnv.asc
@@ -1,158 +1,169 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-SA-24:09.libnv Security Advisory
The FreeBSD Project
Topic: Multiple vulnerabilities in libnv
Category: core
Module: libnv
Announced: 2024-09-04
Credits: Taylor R Campbell (NetBSD, CVE-2024-45287)
Synacktiv (CVE-2024-45287, CVE-2024-45288)
Sponsored by: The FreeBSD Foundation, The Alpha-Omega Project
Affects: All supported versions of FreeBSD.
Corrected: 2024-09-04 12:24:56 UTC (stable/14, 14.1-STABLE)
2024-09-04 21:07:27 UTC (releng/14.1, 14.1-RELEASE-p4)
2024-09-04 20:54:12 UTC (releng/14.0, 14.0-RELEASE-p10)
2024-09-04 12:24:12 UTC (stable/13, 13.4-STABLE)
2024-09-04 19:13:10 UTC (releng/13.4, 13.4-RC2-p1)
2024-09-04 20:29:40 UTC (releng/13.3, 13.3-RELEASE-p6)
CVE Name: CVE-2024-45287, CVE-2024-45288
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit .
+Note: This advisory provided an incomplete fix for the issues described as
+CVE-2024-45287 that were further addressed by FreeBSD-SA-24:16.pf. Please
+refer to that advisory for additional fixes.
+
+0. Revision History
+
+v1.0 2024-09-04 -- Initial release
+v1.1 2024-09-19 -- Add reference to SA-24:16.libnv
+
I. Background
libnv (also called nvlist) is a general-purpose library designed for storing
name-value pairs. This library can serve as an Inter-Process Communication
(IPC) framework, enabling processes to exchange data. For example, it is
used in libcasper to communicate between privileged and unprivileged
processes. Additionally, libnv can function as an interface for communication
between userland and kernel.
Originally, libnv was inspired by OpenZFS nvlist. However, the
implementations are separate. This advisory is only about base system
implementation of libnv, not a OpenZFS one.
II. Problem Description
CVE-2024-45287 is a vulnerability that affects both the kernel and userland.
A malicious value of size in a structure of packed libnv can cause an integer
overflow, leading to the allocation of a smaller buffer than required for the
parsed data.
CVE-2024-45288 is a vulnerability that affects both the kernel and userland.
A missing null-termination character in the last element of an nvlist array
string can lead to writing outside the allocated buffer.
III. Impact
It is possible for an attacker to overwrite portions of memory (in userland
or the kernel) as the allocated buffer might be smaller than the data
received from a malicious process. This vulnerability could result in
privilege escalation or cause a system panic.
IV. Workaround
No workaround is available.
V. Solution
Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date
and reboot.
Perform one of the following:
1) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms,
or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8)
utility:
# freebsd-update fetch
# freebsd-update install
# shutdown -r +10min "Rebooting for a security update"
2) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch https://security.FreeBSD.org/patches/SA-24:09/libnv.patch
# fetch https://security.FreeBSD.org/patches/SA-24:09/libnv.patch.asc
# gpg --verify libnv.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in .
d) Recompile your kernel as described in
and reboot the
system.
VI. Correction details
This issue is corrected as of the corresponding Git commit hash in the
following stable and release branches:
Branch/path Hash Revision
- -------------------------------------------------------------------------
stable/14/ 9c2ef102166e stable/14-n268655
releng/14.1/ d87f821959fb releng/14.1-n267696
releng/14.0/ b219ce1c5a93 releng/14.0-n265433
stable/13/ 03bef9971d73 stable/13-n258309
releng/13.4/ 3aa9be7e3334 releng/13.4-n258240
releng/13.3/ 33b4e2361c82 releng/13.3-n257449
- -------------------------------------------------------------------------
Run the following command to see which files were modified by a
particular commit:
# git show --stat
Or visit the following URL, replacing NNNNNN with the hash:
To determine the commit count in a working tree (for comparison against
nNNNNNN in the table above), run:
# git rev-list --count --first-parent HEAD
VII. References
+
+
The latest revision of this advisory is available at
-----BEGIN PGP SIGNATURE-----
-iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmbY54cACgkQbljekB8A
-Gu8YLRAAmpVVVib8RgEj0bKS5qNLwujEssMIO96LS73txcFGm/Iy+QJA/N/SRtDL
-lnKRi0ya90pBmXXhX03Uei+O/nBAFxkCxCukuQ36bauJrA74RFgn/8ZK63RbvdDE
-K+xAyK71FXLTr+wGqyzv0xOxNA60dl14WiyaLCUX++0DU3EesmVD508wIL7Ls/bS
-5g5vllxmELV2zXYXY/DbEVHS/i2YRCs8ftasa92uXVgOibODVpL/GSXy1QHyykNQ
-ODAmGjs+p0xf2JDJa2qvokMh4WS4HkGe4W/TcJueTiSbsdOrDDhOV/n0QTgwt1rQ
-zq2QQU3tk2unYjhQrR6ZvHTbFCKc7G3BVFCPAZ6fSthq834EoCr2LUGyYhU+bLZ6
-SweQfCP48ExjIqvDzQqMOlvp9rMiLbxpjkdDcsml4zhD2GE+byuT6RSRBqq3tBvT
-893YoIiW1m069DnAQxh1Zlewsk/BZFeeXBHZdk4Ik5KYFCwCabV3HLFa9hA1/iKx
-5ITULL0gZgZKBQ9IbpkL45q9mcDHXrVuMPfA0a3bb38rpoK5uof25+oKSGGvWyDA
-plGXuEh5Sltmx0lOdY2O70j8pLh7bVJCyo5rYDhObzQlWiajUx1pH3M9DePbI+Rk
-Z+Gby0zKpXzgSfHSiSyfVPgDMa83yDpiozRMszjpvApB7h/hekQ=
-=yX5r
+iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmbsNakACgkQbljekB8A
+Gu8sqBAAjveC5IbbKHX/Up8kxzM7XhSjpdTHRCPfwpcjZuAUfCd39m1LRpDTlx0O
+gJKksiC5A92rk4aj/OtRB29p6LLyc7k531tqW/3F2Zh7n7aqjKaY9G5neTcPVn3u
+7XMVyOtV6dJIUrZaG7+UXrkdUCOrTYNhCOKGoC4EKibyPcAaI0YflY8h7AY5oYVm
+KagVktjWfHp3uE7BQqc//9VTA9ZiTO6RrJ2EJus2Nd6M08FQKA2B+q4XcVBHY5oO
+n7A0eUso6IUGFFVA1bPpVV8757nlwrnaOalO37ab0Kol3eekeKmFfJez03pWUeDW
+tVohnIu3KLcmJ4HeS3aUbr83YbWAFQnvmOM10JUwz4af88RUBvAMHRu0f9hz+aVG
+1uukXL+zdK4nmFllfFjQ8+HhSF9MWsc9ZoEgR+JfekkiIV/t4yUqPo8IjaS6ysQs
+FdziZMuLsywHEnTzni2STDKXnb0MNV/8OrDtND1ihzFkX+iksapvdjHIJZJwI9Pc
+qkXEw1Q7WDKDHlK5iEzkCcTkeEe7N4oNeHjCEn1LznU2mQoreCAGPm6KDQFjN4G6
+U2/o1vJTIpxoOsHT5xJ9dk1WV/gE7C7BSWAPALNPv92v7G/Lmxf5hr4LquaswiNl
+L1C7olKkIDo+gYbRJPIA5cvxZP/YQ5WEIqHHuAT085jG1rlXbQk=
+=64kV
-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-SA-24:15.bhyve.asc b/website/static/security/advisories/FreeBSD-SA-24:15.bhyve.asc
new file mode 100644
index 0000000000..77351dc3df
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-SA-24:15.bhyve.asc
@@ -0,0 +1,148 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-24:15.bhyve Security Advisory
+ The FreeBSD Project
+
+Topic: bhyve(8) out-of-bounds read access via XHCI emulation
+
+Category: core
+Module: bhyve
+Announced: 2024-09-19
+Credits: Synacktiv
+Sponsored by: The FreeBSD Foundation, The Alpha-Omega Project
+Affects: All supported versions of FreeBSD.
+Corrected: 2024-09-19 12:40:17 UTC (stable/14, 14.1-STABLE)
+ 2024-09-19 13:30:18 UTC (releng/14.1, 14.1-RELEASE-p5)
+ 2024-09-19 13:30:44 UTC (releng/14.0, 14.0-RELEASE-p11)
+ 2024-09-19 12:48:52 UTC (stable/13, 13.4-STABLE)
+ 2024-09-19 13:35:06 UTC (releng/13.4, 13.4-RELEASE-p1)
+ 2024-09-19 13:35:37 UTC (releng/13.3, 13.3-RELEASE-p7)
+CVE Name: CVE-2024-41721
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit .
+
+I. Background
+
+bhyve(8) is a hypervisor that runs guest operating systems inside a virtual
+machine.
+
+II. Problem Description
+
+bhyve can be configured to emulate devices on a virtual USB controller (XHCI),
+such as USB tablet devices. An insufficient boundary validation in the USB
+code could lead to an out-of-bounds read on the heap, which could potentially
+lead to an arbitrary write and remote code execution.
+
+III. Impact
+
+A malicious, privileged software running in a guest VM can exploit the
+vulnerability to crash the hypervisor process or potentially achieve code
+execution on the host in the bhyve userspace process, which typically runs as
+root. Note that bhyve runs in a Capsicum sandbox, so malicious code is
+constrained by the capabilities available to the bhyve process.
+
+IV. Workaround
+
+No workaround is available, but guests that do not use XHCI emulation are not
+impacted.
+
+V. Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+Guest operating systems emulating USB devices with XHCI need to be restarted for
+the correction to be applied (i.e., their corresponding bhyve process needs to
+be terminated and started again).
+
+Perform one of the following:
+
+1) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms,
+or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8)
+utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/SA-24:15/bhyve.patch
+# fetch https://security.FreeBSD.org/patches/SA-24:15/bhyve.patch.asc
+# gpg --verify bhyve.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in .
+
+Restart the corresponding bhyve processes, or reboot the system.
+
+VI. Correction details
+
+This issue is corrected as of the corresponding Git commit hash in the
+following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/14/ 419da61f8203 stable/14-n268745
+releng/14.1/ 3c6c0dcb5acb releng/14.1-n267716
+releng/14.0/ ba46f1174972 releng/14.0-n265453
+stable/13/ 2abd2ad64899 stable/13-n258347
+releng/13.4/ 5f035df278cc releng/13.4-n258258
+releng/13.3/ e7a790dc3ffe releng/13.3-n257468
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+The corresponding part of the security audit report as provided by Synacktiv
+will be published in due course.
+
+
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmbsPQ0ACgkQbljekB8A
+Gu/6chAAzST6xGx6RCb7MAHeZbqE3mTTUFoEkElPG3OiFsnFDySDnk0kKIjCNRbq
+GssLGYfUerFYD4/jDhGLApZnBnPhaTruNgwi38d8Pg4pkcqGv8Y5xSdOQBN83Rjq
+WiEgRqysuaE6HhvNN+JYf690M1Z6Tz0WkqoUJa8ZB8WcDnvBNQwMM0Prmo1RTZGR
+UXxftj+is3EQFUQs/3GcPRzTcp8Cu5QZnfFdbGph6Da/ZIQ6NaslYgslWvmsYHzP
+AVb/WI54VnIuMVoRIDWGtjjQa8p2H+dRih67clZYFxl2ya85aK78UrrtPk8x4dci
+9KsISpKidqC/ofdT4mHpNH3Uxx4N2ymPJG6xJ/MGmDmrIIk1vjKejy9RVSJzt4QN
+Iu1u/8d5NVXsMxbKQMEKqXY2dPFKi17S+EnhKzJUjtXeBxcMbNPh2Xcl+BmI8cZ2
+WuJvfplzu5Wcvd3LUa7s0Z3AHKktiMr1IGIlk8XEEee0b7k164imZlRUZFTCYA6S
+dNGTQ2UcHZz7W2Sk2HZf8CdNEgQQftW0BDc2IIs3lyA2WyPsIjGByUl987k3veQa
+fQCXzf7cp/a0rOZ9KngMxdJap+TBKCsPLEFm46i074ngmuoJZsW3xd7ZD8hLFlPX
+eaKh5MjWsHHfTYPRxeUKk2j9dobzN1ZP7AYWDasaDxZ4kmVIuEE=
+=FVQ2
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-SA-24:09.libnv.asc b/website/static/security/advisories/FreeBSD-SA-24:16.libnv.asc
similarity index 60%
copy from website/static/security/advisories/FreeBSD-SA-24:09.libnv.asc
copy to website/static/security/advisories/FreeBSD-SA-24:16.libnv.asc
index 8fa9aa9e43..751a154622 100644
--- a/website/static/security/advisories/FreeBSD-SA-24:09.libnv.asc
+++ b/website/static/security/advisories/FreeBSD-SA-24:16.libnv.asc
@@ -1,158 +1,157 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
-FreeBSD-SA-24:09.libnv Security Advisory
+FreeBSD-SA-24:16.libnv Security Advisory
The FreeBSD Project
-Topic: Multiple vulnerabilities in libnv
+Topic: Integer overflow in libnv
Category: core
Module: libnv
-Announced: 2024-09-04
-Credits: Taylor R Campbell (NetBSD, CVE-2024-45287)
- Synacktiv (CVE-2024-45287, CVE-2024-45288)
-Sponsored by: The FreeBSD Foundation, The Alpha-Omega Project
+Announced: 2024-09-19
+Credits: Miłosz Kaniewski
Affects: All supported versions of FreeBSD.
-Corrected: 2024-09-04 12:24:56 UTC (stable/14, 14.1-STABLE)
- 2024-09-04 21:07:27 UTC (releng/14.1, 14.1-RELEASE-p4)
- 2024-09-04 20:54:12 UTC (releng/14.0, 14.0-RELEASE-p10)
- 2024-09-04 12:24:12 UTC (stable/13, 13.4-STABLE)
- 2024-09-04 19:13:10 UTC (releng/13.4, 13.4-RC2-p1)
- 2024-09-04 20:29:40 UTC (releng/13.3, 13.3-RELEASE-p6)
-CVE Name: CVE-2024-45287, CVE-2024-45288
+Corrected: 2024-09-15 16:59:15 UTC (stable/14, 14.1-STABLE)
+ 2024-09-19 13:30:20 UTC (releng/14.1, 14.1-RELEASE-p5)
+ 2024-09-19 13:30:45 UTC (releng/14.0, 14.0-RELEASE-p11)
+ 2024-09-15 16:59:51 UTC (stable/13, 13.4-STABLE)
+ 2024-09-19 13:35:07 UTC (releng/13.4, 13.4-RELEASE-p1)
+ 2024-09-19 13:35:38 UTC (releng/13.3, 13.3-RELEASE-p7)
+CVE Name: CVE-2024-45287
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit .
I. Background
libnv (also called nvlist) is a general-purpose library designed for storing
name-value pairs. This library can serve as an Inter-Process Communication
(IPC) framework, enabling processes to exchange data. For example, it is
used in libcasper to communicate between privileged and unprivileged
processes. Additionally, libnv can function as an interface for communication
between userland and kernel.
Originally, libnv was inspired by OpenZFS nvlist. However, the
implementations are separate. This advisory is only about base system
implementation of libnv, not a OpenZFS one.
II. Problem Description
-CVE-2024-45287 is a vulnerability that affects both the kernel and userland.
A malicious value of size in a structure of packed libnv can cause an integer
overflow, leading to the allocation of a smaller buffer than required for the
-parsed data.
+parsed data. The introduced check was incorrect, as it took into account the
+size of the pointer, not the structure. This vulnerability affects both
+kernel and userland.
-CVE-2024-45288 is a vulnerability that affects both the kernel and userland.
-A missing null-termination character in the last element of an nvlist array
-string can lead to writing outside the allocated buffer.
+This issue was originally intended to be addressed as part of
+FreeBSD-SA-24:09.libnv, but due to a logic issue, this issue was not properly
+addressed.
III. Impact
It is possible for an attacker to overwrite portions of memory (in userland
or the kernel) as the allocated buffer might be smaller than the data
received from a malicious process. This vulnerability could result in
privilege escalation or cause a system panic.
IV. Workaround
No workaround is available.
V. Solution
Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date
and reboot.
Perform one of the following:
1) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms,
or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8)
utility:
# freebsd-update fetch
# freebsd-update install
# shutdown -r +10min "Rebooting for a security update"
2) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
-# fetch https://security.FreeBSD.org/patches/SA-24:09/libnv.patch
-# fetch https://security.FreeBSD.org/patches/SA-24:09/libnv.patch.asc
+# fetch https://security.FreeBSD.org/patches/SA-24:16/libnv.patch
+# fetch https://security.FreeBSD.org/patches/SA-24:16/libnv.patch.asc
# gpg --verify libnv.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in .
d) Recompile your kernel as described in
and reboot the
system.
VI. Correction details
This issue is corrected as of the corresponding Git commit hash in the
following stable and release branches:
Branch/path Hash Revision
- -------------------------------------------------------------------------
-stable/14/ 9c2ef102166e stable/14-n268655
-releng/14.1/ d87f821959fb releng/14.1-n267696
-releng/14.0/ b219ce1c5a93 releng/14.0-n265433
-stable/13/ 03bef9971d73 stable/13-n258309
-releng/13.4/ 3aa9be7e3334 releng/13.4-n258240
-releng/13.3/ 33b4e2361c82 releng/13.3-n257449
+stable/14/ 056c50c48be3 stable/14-n268739
+releng/14.1/ f67468e6e5e2 releng/14.1-n267717
+releng/14.0/ e9d57be06e23 releng/14.0-n265454
+stable/13/ d84fced6b468 stable/13-n258342
+releng/13.4/ 2cffa6354d9f releng/13.4-n258259
+releng/13.3/ 417e81a40091 releng/13.3-n257469
- -------------------------------------------------------------------------
Run the following command to see which files were modified by a
particular commit:
# git show --stat
Or visit the following URL, replacing NNNNNN with the hash:
To determine the commit count in a working tree (for comparison against
nNNNNNN in the table above), run:
# git rev-list --count --first-parent HEAD
VII. References
-
+
The latest revision of this advisory is available at
-
+
-----BEGIN PGP SIGNATURE-----
-iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmbY54cACgkQbljekB8A
-Gu8YLRAAmpVVVib8RgEj0bKS5qNLwujEssMIO96LS73txcFGm/Iy+QJA/N/SRtDL
-lnKRi0ya90pBmXXhX03Uei+O/nBAFxkCxCukuQ36bauJrA74RFgn/8ZK63RbvdDE
-K+xAyK71FXLTr+wGqyzv0xOxNA60dl14WiyaLCUX++0DU3EesmVD508wIL7Ls/bS
-5g5vllxmELV2zXYXY/DbEVHS/i2YRCs8ftasa92uXVgOibODVpL/GSXy1QHyykNQ
-ODAmGjs+p0xf2JDJa2qvokMh4WS4HkGe4W/TcJueTiSbsdOrDDhOV/n0QTgwt1rQ
-zq2QQU3tk2unYjhQrR6ZvHTbFCKc7G3BVFCPAZ6fSthq834EoCr2LUGyYhU+bLZ6
-SweQfCP48ExjIqvDzQqMOlvp9rMiLbxpjkdDcsml4zhD2GE+byuT6RSRBqq3tBvT
-893YoIiW1m069DnAQxh1Zlewsk/BZFeeXBHZdk4Ik5KYFCwCabV3HLFa9hA1/iKx
-5ITULL0gZgZKBQ9IbpkL45q9mcDHXrVuMPfA0a3bb38rpoK5uof25+oKSGGvWyDA
-plGXuEh5Sltmx0lOdY2O70j8pLh7bVJCyo5rYDhObzQlWiajUx1pH3M9DePbI+Rk
-Z+Gby0zKpXzgSfHSiSyfVPgDMa83yDpiozRMszjpvApB7h/hekQ=
-=yX5r
+iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmbsPQ8ACgkQbljekB8A
+Gu9aMBAA1N3FliBdeklIU0XGoyrvS0z7goFpFKeLVlkIHssYzZQAWHMILHET6O9n
+Gv5vICw5vGDWv/1Rb9muCMQ4wcEW/c/YFEU0FM3VFTgJ+fQrA4ZO/NjpRSixiGDk
+uVkJ25Fo2TMp58ITPWmT3Nj1MJ0x9xNzMxXhLk2JgK/sEMH+/Giju8Zq7XojHHC0
+QluYmz1V3EClPXiArkcgt/pagQ24b5yYmOAKGQGHEdRM18QWeJzJ4kUBzATcUVjv
+RWkLHz69emH6aQ3JNwyuEQlK/Xda3ge2zMIJ4tYObg21dEFdgqnFoLFrylCUkgIE
+T86QPQfb0HGTRhnSjdh/NN5qyiOo9q4FzpIsI3eJ3XJgk0/T/O8Rv+2fexAm0g3+
+37kgkxohETi6RQc3D4ClpmW7bP1DEK8uUwUGeJgCNmkpE4DVpLmGZ0tNbSf/0Mk6
+slYSHb6dF6wNB4AV/1HIusp6i2GlPziNYkhlslkRQgeyXO9T1bWxYqdkYihDFLRs
+PStlk1Diu0p+h3r08sX3LQrszBp1bLGkqaipFPLBwWStxYne9nsClORFhN4q9i+4
+fAnWxIRBXH62fJTy1DCPFqpI9zyvQTkVHQVKu5d+JgaTmTPsfJ3MIXdkGdAEV6+m
+xbZSFwd2e8uzPIlZke2JmaT4xVv1T92lWu7Ywf8M0eEYWg5WQi8=
+=OHm5
-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/EN-24:16/pf-13.3.patch b/website/static/security/patches/EN-24:16/pf-13.3.patch
new file mode 100644
index 0000000000..3f657dcfdd
--- /dev/null
+++ b/website/static/security/patches/EN-24:16/pf-13.3.patch
@@ -0,0 +1,628 @@
+--- sys/net/pfvar.h.orig
++++ sys/net/pfvar.h
+@@ -330,8 +330,8 @@
+ mtx_unlock(_s->lock); \
+ } while (0)
+ #else
+-#define PF_STATE_LOCK(s) mtx_lock(s->lock)
+-#define PF_STATE_UNLOCK(s) mtx_unlock(s->lock)
++#define PF_STATE_LOCK(s) mtx_lock((s)->lock)
++#define PF_STATE_UNLOCK(s) mtx_unlock((s)->lock)
+ #endif
+
+ #ifdef INVARIANTS
+@@ -2222,7 +2222,7 @@
+ struct pf_addr *, struct pf_addr *,
+ uint16_t, uint16_t, struct pf_kanchor_stackframe *);
+
+-struct pf_state_key *pf_state_key_setup(struct pf_pdesc *, struct pf_addr *,
++struct pf_state_key *pf_state_key_setup(struct pf_pdesc *, struct mbuf *, int, struct pf_addr *,
+ struct pf_addr *, u_int16_t, u_int16_t);
+ struct pf_state_key *pf_state_key_clone(struct pf_state_key *);
+
+--- sys/netpfil/pf/pf.c.orig
++++ sys/netpfil/pf/pf.c
+@@ -307,6 +307,9 @@
+ struct pfi_kkif *, struct mbuf *, void *,
+ struct pf_pdesc *, struct pf_krule **,
+ struct pf_kruleset **);
++static int pf_state_key_addr_setup(struct pf_pdesc *, struct mbuf *,
++ int, struct pf_state_key_cmp *, int, struct pf_addr *,
++ int, struct pf_addr *, int);
+ static int pf_tcp_track_full(struct pf_kstate **,
+ struct pfi_kkif *, struct mbuf *, int,
+ struct pf_pdesc *, u_short *, int *);
+@@ -320,8 +323,8 @@
+ void *, struct pf_pdesc *);
+ int pf_icmp_state_lookup(struct pf_state_key_cmp *,
+ struct pf_pdesc *, struct pf_kstate **, struct mbuf *,
+- int, struct pfi_kkif *, u_int16_t, u_int16_t,
+- int, int *, int);
++ int, int, struct pfi_kkif *, u_int16_t, u_int16_t,
++ int, int *, int, int);
+ static int pf_test_state_icmp(struct pf_kstate **, int,
+ struct pfi_kkif *, struct mbuf *, int,
+ void *, struct pf_pdesc *, u_short *);
+@@ -375,7 +378,7 @@
+ extern struct proc *pf_purge_proc;
+
+ VNET_DEFINE(struct pf_limit, pf_limits[PF_LIMIT_MAX]);
+-enum { PF_ICMP_MULTI_NONE, PF_ICMP_MULTI_SOLICITED, PF_ICMP_MULTI_LINK };
++enum { PF_ICMP_MULTI_NONE, PF_ICMP_MULTI_LINK };
+
+ #define PACKET_UNDO_NAT(_m, _pd, _off, _s, _dir) \
+ do { \
+@@ -1414,9 +1417,66 @@
+ return (0);
+ }
+
++static int
++pf_state_key_addr_setup(struct pf_pdesc *pd, struct mbuf *m, int off,
++ struct pf_state_key_cmp *key, int sidx, struct pf_addr *saddr,
++ int didx, struct pf_addr *daddr, int multi)
++{
++#ifdef INET6
++ struct nd_neighbor_solicit nd;
++ struct pf_addr *target;
++ u_short action, reason;
++
++ if (pd->af == AF_INET || pd->proto != IPPROTO_ICMPV6)
++ goto copy;
++
++ switch (pd->hdr.icmp6.icmp6_type) {
++ case ND_NEIGHBOR_SOLICIT:
++ if (multi)
++ return (-1);
++ if (!pf_pull_hdr(m, off, &nd, sizeof(nd), &action, &reason, pd->af))
++ return (-1);
++ target = (struct pf_addr *)&nd.nd_ns_target;
++ daddr = target;
++ break;
++ case ND_NEIGHBOR_ADVERT:
++ if (multi)
++ return (-1);
++ if (!pf_pull_hdr(m, off, &nd, sizeof(nd), &action, &reason, pd->af))
++ return (-1);
++ target = (struct pf_addr *)&nd.nd_ns_target;
++ saddr = target;
++ if (IN6_IS_ADDR_MULTICAST(&pd->dst->v6)) {
++ key->addr[didx].addr32[0] = 0;
++ key->addr[didx].addr32[1] = 0;
++ key->addr[didx].addr32[2] = 0;
++ key->addr[didx].addr32[3] = 0;
++ daddr = NULL; /* overwritten */
++ }
++ break;
++ default:
++ if (multi == PF_ICMP_MULTI_LINK) {
++ key->addr[sidx].addr32[0] = IPV6_ADDR_INT32_MLL;
++ key->addr[sidx].addr32[1] = 0;
++ key->addr[sidx].addr32[2] = 0;
++ key->addr[sidx].addr32[3] = IPV6_ADDR_INT32_ONE;
++ saddr = NULL; /* overwritten */
++ }
++ }
++copy:
++#endif
++ if (saddr)
++ PF_ACPY(&key->addr[sidx], saddr, pd->af);
++ if (daddr)
++ PF_ACPY(&key->addr[didx], daddr, pd->af);
++
++ return (0);
++}
++
+ struct pf_state_key *
+-pf_state_key_setup(struct pf_pdesc *pd, struct pf_addr *saddr,
+- struct pf_addr *daddr, u_int16_t sport, u_int16_t dport)
++pf_state_key_setup(struct pf_pdesc *pd, struct mbuf *m, int off,
++ struct pf_addr *saddr, struct pf_addr *daddr, u_int16_t sport,
++ u_int16_t dport)
+ {
+ struct pf_state_key *sk;
+
+@@ -1424,8 +1484,12 @@
+ if (sk == NULL)
+ return (NULL);
+
+- PF_ACPY(&sk->addr[pd->sidx], saddr, pd->af);
+- PF_ACPY(&sk->addr[pd->didx], daddr, pd->af);
++ if (pf_state_key_addr_setup(pd, m, off, (struct pf_state_key_cmp *)sk,
++ pd->sidx, pd->src, pd->didx, pd->dst, 0)) {
++ uma_zfree(V_pf_state_key_z, sk);
++ return (NULL);
++ }
++
+ sk->port[pd->sidx] = sport;
+ sk->port[pd->didx] = dport;
+ sk->proto = pd->proto;
+@@ -4579,7 +4643,7 @@
+ if (nr == NULL) {
+ KASSERT((sk == NULL && nk == NULL), ("%s: nr %p sk %p, nk %p",
+ __func__, nr, sk, nk));
+- sk = pf_state_key_setup(pd, pd->src, pd->dst, sport, dport);
++ sk = pf_state_key_setup(pd, m, off, pd->src, pd->dst, sport, dport);
+ if (sk == NULL)
+ goto csfailed;
+ nk = sk;
+@@ -5990,8 +6054,9 @@
+
+ int
+ pf_icmp_state_lookup(struct pf_state_key_cmp *key, struct pf_pdesc *pd,
+- struct pf_kstate **state, struct mbuf *m, int direction, struct pfi_kkif *kif,
+- u_int16_t icmpid, u_int16_t type, int icmp_dir, int *iidx, int multi)
++ struct pf_kstate **state, struct mbuf *m, int off, int direction,
++ struct pfi_kkif *kif, u_int16_t icmpid, u_int16_t type, int icmp_dir,
++ int *iidx, int multi, int inner)
+ {
+ key->af = pd->af;
+ key->proto = pd->proto;
+@@ -6004,31 +6069,19 @@
+ key->port[pd->sidx] = type;
+ key->port[pd->didx] = icmpid;
+ }
+- if (pd->af == AF_INET6 && multi != PF_ICMP_MULTI_NONE) {
+- switch (multi) {
+- case PF_ICMP_MULTI_SOLICITED:
+- key->addr[pd->sidx].addr32[0] = IPV6_ADDR_INT32_MLL;
+- key->addr[pd->sidx].addr32[1] = 0;
+- key->addr[pd->sidx].addr32[2] = IPV6_ADDR_INT32_ONE;
+- key->addr[pd->sidx].addr32[3] = pd->src->addr32[3];
+- key->addr[pd->sidx].addr8[12] = 0xff;
+- break;
+- case PF_ICMP_MULTI_LINK:
+- key->addr[pd->sidx].addr32[0] = IPV6_ADDR_INT32_MLL;
+- key->addr[pd->sidx].addr32[1] = 0;
+- key->addr[pd->sidx].addr32[2] = 0;
+- key->addr[pd->sidx].addr32[3] = IPV6_ADDR_INT32_ONE;
+- break;
+- }
+- } else
+- PF_ACPY(&key->addr[pd->sidx], pd->src, key->af);
+- PF_ACPY(&key->addr[pd->didx], pd->dst, key->af);
++ if (pf_state_key_addr_setup(pd, m, off, key, pd->sidx, pd->src,
++ pd->didx, pd->dst, multi))
++ return (PF_DROP);
+
+ STATE_LOOKUP(kif, key, direction, *state, pd);
+
++ if ((*state)->state_flags & PFSTATE_SLOPPY)
++ return (-1);
++
+ /* Is this ICMP message flowing in right direction? */
+ if ((*state)->rule.ptr->type &&
+- (((*state)->direction == direction) ?
++ (((!inner && (*state)->direction == direction) ||
++ (inner && (*state)->direction != direction)) ?
+ PF_IN : PF_OUT) != icmp_dir) {
+ if (V_pf_status.debug >= PF_DEBUG_MISC) {
+ printf("pf: icmp type %d in wrong direction (%d): ",
+@@ -6036,6 +6089,8 @@
+ pf_print_state(*state);
+ printf("\n");
+ }
++ PF_STATE_UNLOCK(*state);
++ *state = NULL;
+ return (PF_DROP);
+ }
+ return (-1);
+@@ -6084,19 +6139,20 @@
+ * ICMP query/reply message not related to a TCP/UDP packet.
+ * Search for an ICMP state.
+ */
+- ret = pf_icmp_state_lookup(&key, pd, state, m, pd->dir,
++ ret = pf_icmp_state_lookup(&key, pd, state, m, off, pd->dir,
+ kif, virtual_id, virtual_type, icmp_dir, &iidx,
+- PF_ICMP_MULTI_NONE);
++ PF_ICMP_MULTI_NONE, 0);
+ if (ret >= 0) {
++ MPASS(*state == NULL);
+ if (ret == PF_DROP && pd->af == AF_INET6 &&
+ icmp_dir == PF_OUT) {
+- if (*state != NULL)
+- PF_STATE_UNLOCK((*state));
+- ret = pf_icmp_state_lookup(&key, pd, state, m,
++ ret = pf_icmp_state_lookup(&key, pd, state, m, off,
+ pd->dir, kif, virtual_id, virtual_type,
+- icmp_dir, &iidx, multi);
+- if (ret >= 0)
++ icmp_dir, &iidx, multi, 0);
++ if (ret >= 0) {
++ MPASS(*state == NULL);
+ return (ret);
++ }
+ } else
+ return (ret);
+ }
+@@ -6178,6 +6234,7 @@
+ int off2 = 0;
+
+ pd2.af = pd->af;
++ pd2.dir = pd->dir;
+ /* Payload packet is from the opposite direction. */
+ pd2.sidx = (direction == PF_IN) ? 1 : 0;
+ pd2.didx = (direction == PF_IN) ? 0 : 1;
+@@ -6485,9 +6542,9 @@
+ }
+ #ifdef INET
+ case IPPROTO_ICMP: {
+- struct icmp iih;
++ struct icmp *iih = &pd2.hdr.icmp;
+
+- if (!pf_pull_hdr(m, off2, &iih, ICMP_MINLEN,
++ if (!pf_pull_hdr(m, off2, iih, ICMP_MINLEN,
+ NULL, reason, pd2.af)) {
+ DPFPRINTF(PF_DEBUG_MISC,
+ ("pf: ICMP error message too short i"
+@@ -6495,15 +6552,17 @@
+ return (PF_DROP);
+ }
+
+- icmpid = iih.icmp_id;
+- pf_icmp_mapping(&pd2, iih.icmp_type,
++ icmpid = iih->icmp_id;
++ pf_icmp_mapping(&pd2, iih->icmp_type,
+ &icmp_dir, &multi, &virtual_id, &virtual_type);
+
+- ret = pf_icmp_state_lookup(&key, &pd2, state, m,
+- pd->dir, kif, virtual_id, virtual_type,
+- icmp_dir, &iidx, PF_ICMP_MULTI_NONE);
+- if (ret >= 0)
++ ret = pf_icmp_state_lookup(&key, &pd2, state, m, off,
++ pd2.dir, kif, virtual_id, virtual_type,
++ icmp_dir, &iidx, PF_ICMP_MULTI_NONE, 1);
++ if (ret >= 0) {
++ MPASS(*state == NULL);
+ return (ret);
++ }
+
+ /* translate source/destination address, if necessary */
+ if ((*state)->key[PF_SK_WIRE] !=
+@@ -6514,10 +6573,10 @@
+ if (PF_ANEQ(pd2.src,
+ &nk->addr[pd2.sidx], pd2.af) ||
+ (virtual_type == htons(ICMP_ECHO) &&
+- nk->port[iidx] != iih.icmp_id))
++ nk->port[iidx] != iih->icmp_id))
+ pf_change_icmp(pd2.src,
+ (virtual_type == htons(ICMP_ECHO)) ?
+- &iih.icmp_id : NULL,
++ &iih->icmp_id : NULL,
+ daddr, &nk->addr[pd2.sidx],
+ (virtual_type == htons(ICMP_ECHO)) ?
+ nk->port[iidx] : 0, NULL,
+@@ -6533,7 +6592,7 @@
+
+ m_copyback(m, off, ICMP_MINLEN, (caddr_t)&pd->hdr.icmp);
+ m_copyback(m, ipoff2, sizeof(h2), (caddr_t)&h2);
+- m_copyback(m, off2, ICMP_MINLEN, (caddr_t)&iih);
++ m_copyback(m, off2, ICMP_MINLEN, (caddr_t)iih);
+ }
+ return (PF_PASS);
+ break;
+@@ -6541,9 +6600,9 @@
+ #endif /* INET */
+ #ifdef INET6
+ case IPPROTO_ICMPV6: {
+- struct icmp6_hdr iih;
++ struct icmp6_hdr *iih = &pd2.hdr.icmp6;
+
+- if (!pf_pull_hdr(m, off2, &iih,
++ if (!pf_pull_hdr(m, off2, iih,
+ sizeof(struct icmp6_hdr), NULL, reason, pd2.af)) {
+ DPFPRINTF(PF_DEBUG_MISC,
+ ("pf: ICMP error message too short "
+@@ -6551,22 +6610,24 @@
+ return (PF_DROP);
+ }
+
+- pf_icmp_mapping(&pd2, iih.icmp6_type,
++ pf_icmp_mapping(&pd2, iih->icmp6_type,
+ &icmp_dir, &multi, &virtual_id, &virtual_type);
+- ret = pf_icmp_state_lookup(&key, &pd2, state, m,
++
++ ret = pf_icmp_state_lookup(&key, &pd2, state, m, off,
+ pd->dir, kif, virtual_id, virtual_type,
+- icmp_dir, &iidx, PF_ICMP_MULTI_NONE);
++ icmp_dir, &iidx, PF_ICMP_MULTI_NONE, 1);
+ if (ret >= 0) {
+- if (ret == PF_DROP && pd->af == AF_INET6 &&
++ MPASS(*state == NULL);
++ if (ret == PF_DROP && pd2.af == AF_INET6 &&
+ icmp_dir == PF_OUT) {
+- if (*state != NULL)
+- PF_STATE_UNLOCK((*state));
+- ret = pf_icmp_state_lookup(&key, pd,
+- state, m, pd->dir, kif,
++ ret = pf_icmp_state_lookup(&key, &pd2,
++ state, m, off, pd->dir, kif,
+ virtual_id, virtual_type,
+- icmp_dir, &iidx, multi);
+- if (ret >= 0)
++ icmp_dir, &iidx, multi, 1);
++ if (ret >= 0) {
++ MPASS(*state == NULL);
+ return (ret);
++ }
+ } else
+ return (ret);
+ }
+@@ -6580,10 +6641,10 @@
+ if (PF_ANEQ(pd2.src,
+ &nk->addr[pd2.sidx], pd2.af) ||
+ ((virtual_type == htons(ICMP6_ECHO_REQUEST)) &&
+- nk->port[pd2.sidx] != iih.icmp6_id))
++ nk->port[pd2.sidx] != iih->icmp6_id))
+ pf_change_icmp(pd2.src,
+ (virtual_type == htons(ICMP6_ECHO_REQUEST))
+- ? &iih.icmp6_id : NULL,
++ ? &iih->icmp6_id : NULL,
+ daddr, &nk->addr[pd2.sidx],
+ (virtual_type == htons(ICMP6_ECHO_REQUEST))
+ ? nk->port[iidx] : 0, NULL,
+@@ -6601,7 +6662,7 @@
+ (caddr_t)&pd->hdr.icmp6);
+ m_copyback(m, ipoff2, sizeof(h2_6), (caddr_t)&h2_6);
+ m_copyback(m, off2, sizeof(struct icmp6_hdr),
+- (caddr_t)&iih);
++ (caddr_t)iih);
+ }
+ return (PF_PASS);
+ break;
+--- sys/netpfil/pf/pf_lb.c.orig
++++ sys/netpfil/pf/pf_lb.c
+@@ -606,7 +606,7 @@
+ return (NULL);
+ }
+
+- *skp = pf_state_key_setup(pd, saddr, daddr, sport, dport);
++ *skp = pf_state_key_setup(pd, m, off, saddr, daddr, sport, dport);
+ if (*skp == NULL)
+ return (NULL);
+ *nkp = pf_state_key_clone(*skp);
+--- tests/sys/netpfil/pf/Makefile.orig
++++ tests/sys/netpfil/pf/Makefile
+@@ -12,6 +12,7 @@
+ fragmentation \
+ get_state \
+ icmp \
++ icmp6 \
+ killstate \
+ macro \
+ map_e \
+--- tests/sys/netpfil/pf/icmp.sh.orig
++++ tests/sys/netpfil/pf/icmp.sh
+@@ -71,7 +71,74 @@
+ pft_cleanup
+ }
+
++atf_test_case "ttl_exceeded" "cleanup"
++ttl_exceeded_head()
++{
++ atf_set descr 'Test that we correctly translate TTL exceeded back'
++ atf_set require.user root
++}
++
++ttl_exceeded_body()
++{
++ pft_init
++
++ epair_srv=$(vnet_mkepair)
++ epair_int=$(vnet_mkepair)
++ epair_cl=$(vnet_mkepair)
++
++ vnet_mkjail srv ${epair_srv}a
++ jexec srv ifconfig ${epair_srv}a 192.0.2.1/24 up
++ jexec srv route add default 192.0.2.2
++
++ vnet_mkjail int ${epair_srv}b ${epair_int}a
++ jexec int sysctl net.inet.ip.forwarding=1
++ jexec int ifconfig ${epair_srv}b 192.0.2.2/24 up
++ jexec int ifconfig ${epair_int}a 203.0.113.2/24 up
++
++ vnet_mkjail nat ${epair_int}b ${epair_cl}b
++ jexec nat ifconfig ${epair_int}b 203.0.113.1/24 up
++ jexec nat ifconfig ${epair_cl}b 198.51.100.2/24 up
++ jexec nat sysctl net.inet.ip.forwarding=1
++ jexec nat route add default 203.0.113.2
++
++ vnet_mkjail cl ${epair_cl}a
++ jexec cl ifconfig ${epair_cl}a 198.51.100.1/24 up
++ jexec cl route add default 198.51.100.2
++
++ jexec nat pfctl -e
++ pft_set_rules nat \
++ "nat on ${epair_int}b from 198.51.100.0/24 -> (${epair_int}b)" \
++ "block" \
++ "pass inet proto udp" \
++ "pass inet proto icmp icmp-type { echoreq }"
++
++ # Sanity checks
++ atf_check -s exit:0 -o ignore \
++ jexec cl ping -c 1 198.51.100.2
++ atf_check -s exit:0 -o ignore \
++ jexec cl ping -c 1 203.0.113.1
++ atf_check -s exit:0 -o ignore \
++ jexec cl ping -c 1 203.0.113.2
++ atf_check -s exit:0 -o ignore \
++ jexec cl ping -c 1 192.0.2.1
++
++ echo "UDP"
++ atf_check -s exit:0 -e ignore -o match:".*203.0.113.2.*" \
++ jexec cl traceroute 192.0.2.1
++ jexec nat pfctl -Fs
++
++ echo "ICMP"
++ atf_check -s exit:0 -e ignore -o match:".*203.0.113.2.*" \
++ jexec cl traceroute -I 192.0.2.1
++}
++
++ttl_exceeded_cleanup()
++{
++ pft_cleanup
++}
++
+ atf_init_test_cases()
+ {
+ atf_add_test_case "cve_2019_5598"
++ atf_add_test_case "ttl_exceeded"
+ }
+--- /dev/null
++++ tests/sys/netpfil/pf/icmp6.sh
+@@ -0,0 +1,156 @@
++#
++# SPDX-License-Identifier: BSD-2-Clause
++#
++# Copyright (c) 2024 Rubicon Communications, LLC (Netgate)
++#
++# Redistribution and use in source and binary forms, with or without
++# modification, are permitted provided that the following conditions
++# are met:
++# 1. Redistributions of source code must retain the above copyright
++# notice, this list of conditions and the following disclaimer.
++# 2. Redistributions in binary form must reproduce the above copyright
++# notice, this list of conditions and the following disclaimer in the
++# documentation and/or other materials provided with the distribution.
++#
++# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
++# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
++# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
++# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
++# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
++# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
++# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
++# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
++# SUCH DAMAGE.
++
++. $(atf_get_srcdir)/utils.subr
++
++common_dir=$(atf_get_srcdir)/../common
++
++atf_test_case "zero_id" "cleanup"
++zero_id_head()
++{
++ atf_set descr 'Test ICMPv6 echo with ID 0 keep being blocked'
++ atf_set require.user root
++ atf_set require.progs scapy
++}
++
++zero_id_body()
++{
++ pft_init
++
++ epair=$(vnet_mkepair)
++ ifconfig ${epair}a inet6 2001:db8::2/64 up no_dad
++
++ vnet_mkjail alcatraz ${epair}b
++ jexec alcatraz ifconfig ${epair}b inet6 2001:db8::1/64 up no_dad
++
++ # Sanity check
++ atf_check -s exit:0 -o ignore \
++ ping -c 1 2001:db8::1
++
++ jexec alcatraz pfctl -e
++ pft_set_rules alcatraz \
++ "set block-policy drop" \
++ "antispoof quick for { egress ${epair}b }" \
++ "block all" \
++ "pass out" \
++ "pass in quick inet6 proto IPV6-ICMP icmp6-type 135" \
++ "pass in quick inet6 proto IPV6-ICMP icmp6-type 136" \
++ "pass out quick inet6 proto IPV6 from self to any"
++
++ # Now we can't ping
++ atf_check -s exit:2 -o ignore \
++ ping -c 1 2001:db8::1
++
++ # Force neighbour discovery
++ ndp -d 2001:db8::1
++
++ # Verify that we don't confuse echo request with ID 0 for neighbour discovery
++ atf_check -s exit:1 -o ignore \
++ ${common_dir}/pft_ping.py \
++ --sendif ${epair}a \
++ --to 2001:db8::1 \
++ --replyif ${epair}a
++
++ jexec alcatraz pfctl -ss -vv
++ jexec alcatraz pfctl -sr -vv
++}
++
++zero_id_cleanup()
++{
++ pft_cleanup
++}
++
++atf_test_case "ttl_exceeded" "cleanup"
++ttl_exceeded_head()
++{
++ atf_set descr 'Test that we correctly translate TTL exceeded back'
++ atf_set require.user root
++}
++
++ttl_exceeded_body()
++{
++ pft_init
++
++ epair_srv=$(vnet_mkepair)
++ epair_int=$(vnet_mkepair)
++ epair_cl=$(vnet_mkepair)
++
++ vnet_mkjail srv ${epair_srv}a
++ jexec srv ifconfig ${epair_srv}a inet6 2001:db8:1::1/64 no_dad up
++ jexec srv route add -6 default 2001:db8:1::2
++
++ vnet_mkjail int ${epair_srv}b ${epair_int}a
++ jexec int sysctl net.inet6.ip6.forwarding=1
++ jexec int ifconfig ${epair_srv}b inet6 2001:db8:1::2/64 no_dad up
++ jexec int ifconfig ${epair_int}a inet6 2001:db8:2::2/64 no_dad up
++
++ vnet_mkjail nat ${epair_int}b ${epair_cl}b
++ jexec nat ifconfig ${epair_int}b inet6 2001:db8:2::1 no_dad up
++ jexec nat ifconfig ${epair_cl}b inet6 2001:db8:3::2/64 no_dad up
++ jexec nat sysctl net.inet6.ip6.forwarding=1
++ jexec nat route add -6 default 2001:db8:2::2
++
++ vnet_mkjail cl ${epair_cl}a
++ jexec cl ifconfig ${epair_cl}a inet6 2001:db8:3::1/64 no_dad up
++ jexec cl route add -6 default 2001:db8:3::2
++
++ jexec nat pfctl -e
++ pft_set_rules nat \
++ "nat on ${epair_int}b from 2001:db8:3::/64 -> (${epair_int}b:0)" \
++ "block" \
++ "pass inet6 proto udp" \
++ "pass inet6 proto icmp6 icmp6-type { neighbrsol, neighbradv, echoreq }"
++
++ # Sanity checks
++ atf_check -s exit:0 -o ignore \
++ jexec cl ping -c 1 2001:db8:3::2
++ atf_check -s exit:0 -o ignore \
++ jexec cl ping -c 1 2001:db8:2::1
++ atf_check -s exit:0 -o ignore \
++ jexec cl ping -c 1 2001:db8:2::2
++ atf_check -s exit:0 -o ignore \
++ jexec cl ping -c 1 2001:db8:1::1
++
++ echo "UDP"
++ atf_check -s exit:0 -e ignore -o match:".*2001:db8:2::2.*" \
++ jexec cl traceroute6 2001:db8:1::1
++ jexec nat pfctl -Fs
++
++ echo "ICMP"
++ atf_check -s exit:0 -e ignore -o match:".*2001:db8:2::2.*" \
++ jexec cl traceroute6 -I 2001:db8:1::1
++}
++
++ttl_exceeded_cleanup()
++{
++ pft_cleanup
++}
++
++atf_init_test_cases()
++{
++ atf_add_test_case "zero_id"
++ atf_add_test_case "ttl_exceeded"
++}
diff --git a/website/static/security/patches/EN-24:16/pf-13.3.patch.asc b/website/static/security/patches/EN-24:16/pf-13.3.patch.asc
new file mode 100644
index 0000000000..fe51cb96ca
--- /dev/null
+++ b/website/static/security/patches/EN-24:16/pf-13.3.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmbsPQoACgkQbljekB8A
+Gu9blRAAqe2+7l0ZZcw3minxaU3hmjJiXscCVRJvb+Igj99LQDpQLCWNsiOzPOp5
+3A2Jnkjpd5Ax1qZ/n7zydFubKFNlW7cBEsgzTg1P3X7r4/LV/x0pame/bImVpRqd
+s5+Zd8ygE/udOj1fPn83EBIedQF9u0MzN3rU2Ll5YqsCH2cW7DQ548VgXsl6J1TB
+TjnJSCM87WBy1UhgaMt/A2pzoAMyjViBPQcKtWwYwkEv5avJo/eX0+RpYZlbVUl4
+MTKBcr0Utq8PueRHQQDlgvF7MHrbrnXg4qBdTKZqodGtDc3Ty9bDJXTfT9D27Vtr
+ltaL4TyB8Zu0cy4DsUzN+1HnBTUrYQiyfZeMB2cJwwATkPs4VDBJzBJpjdgZG9pT
+ZWXQBlLUyDPg40c0DPGe+IixxWj6J8oprlXqc1XmGzbopvBbrBvVd6G3OkC5H99T
+UxdD//5Czr9P+9jiQF4oXGaUAs3EjL8zXHDPzu9vnau5CRP0uT6AcZ83qx5l6kiJ
++VheGTuPbZDY36WQ9iMPeMyZO1fQ3BBchaaaO6vP7pyV7fpBAvq0pWGZvydiQI7C
+PpxQEhHIRVa7aFrKU4S7a6E/hvgugQatn8u0KViKFSy5ixBg/vz2hJD8qAuxpbt8
+4aRxXj/PpUa8JIdNRcA1ZU0vYolEDo5+2tB+5RUN7DzV3yC0QuY=
+=I//K
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/EN-24:16/pf-14.0.patch b/website/static/security/patches/EN-24:16/pf-14.0.patch
new file mode 100644
index 0000000000..0486e01fc4
--- /dev/null
+++ b/website/static/security/patches/EN-24:16/pf-14.0.patch
@@ -0,0 +1,486 @@
+--- sys/net/pfvar.h.orig
++++ sys/net/pfvar.h
+@@ -359,8 +359,8 @@
+ mtx_unlock(_s->lock); \
+ } while (0)
+ #else
+-#define PF_STATE_LOCK(s) mtx_lock(s->lock)
+-#define PF_STATE_UNLOCK(s) mtx_unlock(s->lock)
++#define PF_STATE_LOCK(s) mtx_lock((s)->lock)
++#define PF_STATE_UNLOCK(s) mtx_unlock((s)->lock)
+ #endif
+
+ #ifdef INVARIANTS
+@@ -2482,8 +2482,8 @@
+ struct pf_addr *, struct pf_addr *,
+ uint16_t, uint16_t, struct pf_kanchor_stackframe *);
+
+-struct pf_state_key *pf_state_key_setup(struct pf_pdesc *, struct pf_addr *,
+- struct pf_addr *, u_int16_t, u_int16_t);
++struct pf_state_key *pf_state_key_setup(struct pf_pdesc *, struct mbuf *, int,
++ struct pf_addr *, struct pf_addr *, u_int16_t, u_int16_t);
+ struct pf_state_key *pf_state_key_clone(struct pf_state_key *);
+ void pf_rule_to_actions(struct pf_krule *,
+ struct pf_rule_actions *);
+--- sys/netpfil/pf/pf.c.orig
++++ sys/netpfil/pf/pf.c
+@@ -292,6 +292,9 @@
+ u_int16_t, u_int16_t, int *, struct pfi_kkif *,
+ struct pf_kstate **, int, u_int16_t, u_int16_t,
+ int, struct pf_krule_slist *);
++static int pf_state_key_addr_setup(struct pf_pdesc *, struct mbuf *,
++ int, struct pf_state_key_cmp *, int, struct pf_addr *,
++ int, struct pf_addr *, int);
+ static int pf_test_fragment(struct pf_krule **, struct pfi_kkif *,
+ struct mbuf *, void *, struct pf_pdesc *,
+ struct pf_krule **, struct pf_kruleset **);
+@@ -308,8 +311,8 @@
+ void *, struct pf_pdesc *);
+ int pf_icmp_state_lookup(struct pf_state_key_cmp *,
+ struct pf_pdesc *, struct pf_kstate **, struct mbuf *,
+- int, struct pfi_kkif *, u_int16_t, u_int16_t,
+- int, int *, int);
++ int, int, struct pfi_kkif *, u_int16_t, u_int16_t,
++ int, int *, int, int);
+ static int pf_test_state_icmp(struct pf_kstate **,
+ struct pfi_kkif *, struct mbuf *, int,
+ void *, struct pf_pdesc *, u_short *);
+@@ -359,7 +362,7 @@
+
+ VNET_DEFINE(struct pf_limit, pf_limits[PF_LIMIT_MAX]);
+
+-enum { PF_ICMP_MULTI_NONE, PF_ICMP_MULTI_SOLICITED, PF_ICMP_MULTI_LINK };
++enum { PF_ICMP_MULTI_NONE, PF_ICMP_MULTI_LINK };
+
+ #define PACKET_UNDO_NAT(_m, _pd, _off, _s) \
+ do { \
+@@ -1418,9 +1421,66 @@
+ return (0);
+ }
+
++static int
++pf_state_key_addr_setup(struct pf_pdesc *pd, struct mbuf *m, int off,
++ struct pf_state_key_cmp *key, int sidx, struct pf_addr *saddr,
++ int didx, struct pf_addr *daddr, int multi)
++{
++#ifdef INET6
++ struct nd_neighbor_solicit nd;
++ struct pf_addr *target;
++ u_short action, reason;
++
++ if (pd->af == AF_INET || pd->proto != IPPROTO_ICMPV6)
++ goto copy;
++
++ switch (pd->hdr.icmp6.icmp6_type) {
++ case ND_NEIGHBOR_SOLICIT:
++ if (multi)
++ return (-1);
++ if (!pf_pull_hdr(m, off, &nd, sizeof(nd), &action, &reason, pd->af))
++ return (-1);
++ target = (struct pf_addr *)&nd.nd_ns_target;
++ daddr = target;
++ break;
++ case ND_NEIGHBOR_ADVERT:
++ if (multi)
++ return (-1);
++ if (!pf_pull_hdr(m, off, &nd, sizeof(nd), &action, &reason, pd->af))
++ return (-1);
++ target = (struct pf_addr *)&nd.nd_ns_target;
++ saddr = target;
++ if (IN6_IS_ADDR_MULTICAST(&pd->dst->v6)) {
++ key->addr[didx].addr32[0] = 0;
++ key->addr[didx].addr32[1] = 0;
++ key->addr[didx].addr32[2] = 0;
++ key->addr[didx].addr32[3] = 0;
++ daddr = NULL; /* overwritten */
++ }
++ break;
++ default:
++ if (multi == PF_ICMP_MULTI_LINK) {
++ key->addr[sidx].addr32[0] = IPV6_ADDR_INT32_MLL;
++ key->addr[sidx].addr32[1] = 0;
++ key->addr[sidx].addr32[2] = 0;
++ key->addr[sidx].addr32[3] = IPV6_ADDR_INT32_ONE;
++ saddr = NULL; /* overwritten */
++ }
++ }
++copy:
++#endif
++ if (saddr)
++ PF_ACPY(&key->addr[sidx], saddr, pd->af);
++ if (daddr)
++ PF_ACPY(&key->addr[didx], daddr, pd->af);
++
++ return (0);
++}
++
+ struct pf_state_key *
+-pf_state_key_setup(struct pf_pdesc *pd, struct pf_addr *saddr,
+- struct pf_addr *daddr, u_int16_t sport, u_int16_t dport)
++pf_state_key_setup(struct pf_pdesc *pd, struct mbuf *m, int off,
++ struct pf_addr *saddr, struct pf_addr *daddr, u_int16_t sport,
++ u_int16_t dport)
+ {
+ struct pf_state_key *sk;
+
+@@ -1428,8 +1488,12 @@
+ if (sk == NULL)
+ return (NULL);
+
+- PF_ACPY(&sk->addr[pd->sidx], saddr, pd->af);
+- PF_ACPY(&sk->addr[pd->didx], daddr, pd->af);
++ if (pf_state_key_addr_setup(pd, m, off, (struct pf_state_key_cmp *)sk,
++ pd->sidx, pd->src, pd->didx, pd->dst, 0)) {
++ uma_zfree(V_pf_state_key_z, sk);
++ return (NULL);
++ }
++
+ sk->port[pd->sidx] = sport;
+ sk->port[pd->didx] = dport;
+ sk->proto = pd->proto;
+@@ -5110,7 +5174,7 @@
+ if (nr == NULL) {
+ KASSERT((sk == NULL && nk == NULL), ("%s: nr %p sk %p, nk %p",
+ __func__, nr, sk, nk));
+- sk = pf_state_key_setup(pd, pd->src, pd->dst, sport, dport);
++ sk = pf_state_key_setup(pd, m, off, pd->src, pd->dst, sport, dport);
+ if (sk == NULL)
+ goto csfailed;
+ nk = sk;
+@@ -6090,8 +6154,9 @@
+
+ int
+ pf_icmp_state_lookup(struct pf_state_key_cmp *key, struct pf_pdesc *pd,
+- struct pf_kstate **state, struct mbuf *m, int direction, struct pfi_kkif *kif,
+- u_int16_t icmpid, u_int16_t type, int icmp_dir, int *iidx, int multi)
++ struct pf_kstate **state, struct mbuf *m, int off, int direction,
++ struct pfi_kkif *kif, u_int16_t icmpid, u_int16_t type, int icmp_dir,
++ int *iidx, int multi, int inner)
+ {
+ key->af = pd->af;
+ key->proto = pd->proto;
+@@ -6104,31 +6169,19 @@
+ key->port[pd->sidx] = type;
+ key->port[pd->didx] = icmpid;
+ }
+- if (pd->af == AF_INET6 && multi != PF_ICMP_MULTI_NONE) {
+- switch (multi) {
+- case PF_ICMP_MULTI_SOLICITED:
+- key->addr[pd->sidx].addr32[0] = IPV6_ADDR_INT32_MLL;
+- key->addr[pd->sidx].addr32[1] = 0;
+- key->addr[pd->sidx].addr32[2] = IPV6_ADDR_INT32_ONE;
+- key->addr[pd->sidx].addr32[3] = pd->src->addr32[3];
+- key->addr[pd->sidx].addr8[12] = 0xff;
+- break;
+- case PF_ICMP_MULTI_LINK:
+- key->addr[pd->sidx].addr32[0] = IPV6_ADDR_INT32_MLL;
+- key->addr[pd->sidx].addr32[1] = 0;
+- key->addr[pd->sidx].addr32[2] = 0;
+- key->addr[pd->sidx].addr32[3] = IPV6_ADDR_INT32_ONE;
+- break;
+- }
+- } else
+- PF_ACPY(&key->addr[pd->sidx], pd->src, key->af);
+- PF_ACPY(&key->addr[pd->didx], pd->dst, key->af);
++ if (pf_state_key_addr_setup(pd, m, off, key, pd->sidx, pd->src,
++ pd->didx, pd->dst, multi))
++ return (PF_DROP);
+
+ STATE_LOOKUP(kif, key, *state, pd);
+
++ if ((*state)->state_flags & PFSTATE_SLOPPY)
++ return (-1);
++
+ /* Is this ICMP message flowing in right direction? */
+ if ((*state)->rule.ptr->type &&
+- (((*state)->direction == direction) ?
++ (((!inner && (*state)->direction == direction) ||
++ (inner && (*state)->direction != direction)) ?
+ PF_IN : PF_OUT) != icmp_dir) {
+ if (V_pf_status.debug >= PF_DEBUG_MISC) {
+ printf("pf: icmp type %d in wrong direction (%d): ",
+@@ -6136,6 +6189,8 @@
+ pf_print_state(*state);
+ printf("\n");
+ }
++ PF_STATE_UNLOCK(*state);
++ *state = NULL;
+ return (PF_DROP);
+ }
+ return (-1);
+@@ -6184,19 +6239,20 @@
+ * ICMP query/reply message not related to a TCP/UDP packet.
+ * Search for an ICMP state.
+ */
+- ret = pf_icmp_state_lookup(&key, pd, state, m, pd->dir,
++ ret = pf_icmp_state_lookup(&key, pd, state, m, off, pd->dir,
+ kif, virtual_id, virtual_type, icmp_dir, &iidx,
+- PF_ICMP_MULTI_NONE);
++ PF_ICMP_MULTI_NONE, 0);
+ if (ret >= 0) {
++ MPASS(*state == NULL);
+ if (ret == PF_DROP && pd->af == AF_INET6 &&
+ icmp_dir == PF_OUT) {
+- if (*state != NULL)
+- PF_STATE_UNLOCK((*state));
+- ret = pf_icmp_state_lookup(&key, pd, state, m,
++ ret = pf_icmp_state_lookup(&key, pd, state, m, off,
+ pd->dir, kif, virtual_id, virtual_type,
+- icmp_dir, &iidx, multi);
+- if (ret >= 0)
++ icmp_dir, &iidx, multi, 0);
++ if (ret >= 0) {
++ MPASS(*state == NULL);
+ return (ret);
++ }
+ } else
+ return (ret);
+ }
+@@ -6278,6 +6334,7 @@
+ int off2 = 0;
+
+ pd2.af = pd->af;
++ pd2.dir = pd->dir;
+ /* Payload packet is from the opposite direction. */
+ pd2.sidx = (pd->dir == PF_IN) ? 1 : 0;
+ pd2.didx = (pd->dir == PF_IN) ? 0 : 1;
+@@ -6585,9 +6642,9 @@
+ }
+ #ifdef INET
+ case IPPROTO_ICMP: {
+- struct icmp iih;
++ struct icmp *iih = &pd2.hdr.icmp;
+
+- if (!pf_pull_hdr(m, off2, &iih, ICMP_MINLEN,
++ if (!pf_pull_hdr(m, off2, iih, ICMP_MINLEN,
+ NULL, reason, pd2.af)) {
+ DPFPRINTF(PF_DEBUG_MISC,
+ ("pf: ICMP error message too short i"
+@@ -6595,15 +6652,17 @@
+ return (PF_DROP);
+ }
+
+- icmpid = iih.icmp_id;
+- pf_icmp_mapping(&pd2, iih.icmp_type,
++ icmpid = iih->icmp_id;
++ pf_icmp_mapping(&pd2, iih->icmp_type,
+ &icmp_dir, &multi, &virtual_id, &virtual_type);
+
+- ret = pf_icmp_state_lookup(&key, &pd2, state, m,
+- pd->dir, kif, virtual_id, virtual_type,
+- icmp_dir, &iidx, PF_ICMP_MULTI_NONE);
+- if (ret >= 0)
++ ret = pf_icmp_state_lookup(&key, &pd2, state, m, off,
++ pd2.dir, kif, virtual_id, virtual_type,
++ icmp_dir, &iidx, PF_ICMP_MULTI_NONE, 1);
++ if (ret >= 0) {
++ MPASS(*state == NULL);
+ return (ret);
++ }
+
+ /* translate source/destination address, if necessary */
+ if ((*state)->key[PF_SK_WIRE] !=
+@@ -6614,10 +6673,10 @@
+ if (PF_ANEQ(pd2.src,
+ &nk->addr[pd2.sidx], pd2.af) ||
+ (virtual_type == htons(ICMP_ECHO) &&
+- nk->port[iidx] != iih.icmp_id))
++ nk->port[iidx] != iih->icmp_id))
+ pf_change_icmp(pd2.src,
+ (virtual_type == htons(ICMP_ECHO)) ?
+- &iih.icmp_id : NULL,
++ &iih->icmp_id : NULL,
+ daddr, &nk->addr[pd2.sidx],
+ (virtual_type == htons(ICMP_ECHO)) ?
+ nk->port[iidx] : 0, NULL,
+@@ -6633,7 +6692,7 @@
+
+ m_copyback(m, off, ICMP_MINLEN, (caddr_t)&pd->hdr.icmp);
+ m_copyback(m, ipoff2, sizeof(h2), (caddr_t)&h2);
+- m_copyback(m, off2, ICMP_MINLEN, (caddr_t)&iih);
++ m_copyback(m, off2, ICMP_MINLEN, (caddr_t)iih);
+ }
+ return (PF_PASS);
+ break;
+@@ -6641,9 +6700,9 @@
+ #endif /* INET */
+ #ifdef INET6
+ case IPPROTO_ICMPV6: {
+- struct icmp6_hdr iih;
++ struct icmp6_hdr *iih = &pd2.hdr.icmp6;
+
+- if (!pf_pull_hdr(m, off2, &iih,
++ if (!pf_pull_hdr(m, off2, iih,
+ sizeof(struct icmp6_hdr), NULL, reason, pd2.af)) {
+ DPFPRINTF(PF_DEBUG_MISC,
+ ("pf: ICMP error message too short "
+@@ -6651,22 +6710,24 @@
+ return (PF_DROP);
+ }
+
+- pf_icmp_mapping(&pd2, iih.icmp6_type,
++ pf_icmp_mapping(&pd2, iih->icmp6_type,
+ &icmp_dir, &multi, &virtual_id, &virtual_type);
+- ret = pf_icmp_state_lookup(&key, &pd2, state, m,
++
++ ret = pf_icmp_state_lookup(&key, &pd2, state, m, off,
+ pd->dir, kif, virtual_id, virtual_type,
+- icmp_dir, &iidx, PF_ICMP_MULTI_NONE);
++ icmp_dir, &iidx, PF_ICMP_MULTI_NONE, 1);
+ if (ret >= 0) {
+- if (ret == PF_DROP && pd->af == AF_INET6 &&
++ MPASS(*state == NULL);
++ if (ret == PF_DROP && pd2.af == AF_INET6 &&
+ icmp_dir == PF_OUT) {
+- if (*state != NULL)
+- PF_STATE_UNLOCK((*state));
+- ret = pf_icmp_state_lookup(&key, pd,
+- state, m, pd->dir, kif,
++ ret = pf_icmp_state_lookup(&key, &pd2,
++ state, m, off, pd->dir, kif,
+ virtual_id, virtual_type,
+- icmp_dir, &iidx, multi);
+- if (ret >= 0)
++ icmp_dir, &iidx, multi, 1);
++ if (ret >= 0) {
++ MPASS(*state == NULL);
+ return (ret);
++ }
+ } else
+ return (ret);
+ }
+@@ -6680,10 +6741,10 @@
+ if (PF_ANEQ(pd2.src,
+ &nk->addr[pd2.sidx], pd2.af) ||
+ ((virtual_type == htons(ICMP6_ECHO_REQUEST)) &&
+- nk->port[pd2.sidx] != iih.icmp6_id))
++ nk->port[pd2.sidx] != iih->icmp6_id))
+ pf_change_icmp(pd2.src,
+ (virtual_type == htons(ICMP6_ECHO_REQUEST))
+- ? &iih.icmp6_id : NULL,
++ ? &iih->icmp6_id : NULL,
+ daddr, &nk->addr[pd2.sidx],
+ (virtual_type == htons(ICMP6_ECHO_REQUEST))
+ ? nk->port[iidx] : 0, NULL,
+@@ -6701,7 +6762,7 @@
+ (caddr_t)&pd->hdr.icmp6);
+ m_copyback(m, ipoff2, sizeof(h2_6), (caddr_t)&h2_6);
+ m_copyback(m, off2, sizeof(struct icmp6_hdr),
+- (caddr_t)&iih);
++ (caddr_t)iih);
+ }
+ return (PF_PASS);
+ break;
+--- sys/netpfil/pf/pf_lb.c.orig
++++ sys/netpfil/pf/pf_lb.c
+@@ -633,7 +633,7 @@
+ return (NULL);
+ }
+
+- *skp = pf_state_key_setup(pd, saddr, daddr, sport, dport);
++ *skp = pf_state_key_setup(pd, m, off, saddr, daddr, sport, dport);
+ if (*skp == NULL)
+ return (NULL);
+ *nkp = pf_state_key_clone(*skp);
+--- tests/sys/netpfil/pf/Makefile.orig
++++ tests/sys/netpfil/pf/Makefile
+@@ -13,6 +13,7 @@
+ fragmentation_pass \
+ get_state \
+ icmp \
++ icmp6 \
+ killstate \
+ macro \
+ map_e \
+--- /dev/null
++++ tests/sys/netpfil/pf/icmp6.sh
+@@ -0,0 +1,89 @@
++#
++# SPDX-License-Identifier: BSD-2-Clause
++#
++# Copyright (c) 2024 Rubicon Communications, LLC (Netgate)
++#
++# Redistribution and use in source and binary forms, with or without
++# modification, are permitted provided that the following conditions
++# are met:
++# 1. Redistributions of source code must retain the above copyright
++# notice, this list of conditions and the following disclaimer.
++# 2. Redistributions in binary form must reproduce the above copyright
++# notice, this list of conditions and the following disclaimer in the
++# documentation and/or other materials provided with the distribution.
++#
++# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
++# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
++# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
++# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
++# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
++# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
++# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
++# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
++# SUCH DAMAGE.
++
++. $(atf_get_srcdir)/utils.subr
++
++common_dir=$(atf_get_srcdir)/../common
++
++atf_test_case "zero_id" "cleanup"
++zero_id_head()
++{
++ atf_set descr 'Test ICMPv6 echo with ID 0 keep being blocked'
++ atf_set require.user root
++ atf_set require.progs scapy
++}
++
++zero_id_body()
++{
++ pft_init
++
++ epair=$(vnet_mkepair)
++ ifconfig ${epair}a inet6 2001:db8::2/64 up no_dad
++
++ vnet_mkjail alcatraz ${epair}b
++ jexec alcatraz ifconfig ${epair}b inet6 2001:db8::1/64 up no_dad
++
++ # Sanity check
++ atf_check -s exit:0 -o ignore \
++ ping -c 1 2001:db8::1
++
++ jexec alcatraz pfctl -e
++ pft_set_rules alcatraz \
++ "set block-policy drop" \
++ "antispoof quick for { egress ${epair}b }" \
++ "block all" \
++ "pass out" \
++ "pass in quick inet6 proto IPV6-ICMP icmp6-type 135" \
++ "pass in quick inet6 proto IPV6-ICMP icmp6-type 136" \
++ "pass out quick inet6 proto IPV6 from self to any"
++
++ # Now we can't ping
++ atf_check -s exit:2 -o ignore \
++ ping -c 1 2001:db8::1
++
++ # Force neighbour discovery
++ ndp -d 2001:db8::1
++
++ # Verify that we don't confuse echo request with ID 0 for neighbour discovery
++ atf_check -s exit:1 -o ignore \
++ ${common_dir}/pft_ping.py \
++ --sendif ${epair}a \
++ --to 2001:db8::1 \
++ --replyif ${epair}a
++
++ jexec alcatraz pfctl -ss -vv
++ jexec alcatraz pfctl -sr -vv
++}
++
++zero_id_cleanup()
++{
++ pft_cleanup
++}
++
++atf_init_test_cases()
++{
++ atf_add_test_case "zero_id"
++}
diff --git a/website/static/security/patches/EN-24:16/pf-14.0.patch.asc b/website/static/security/patches/EN-24:16/pf-14.0.patch.asc
new file mode 100644
index 0000000000..8fbfe7653b
--- /dev/null
+++ b/website/static/security/patches/EN-24:16/pf-14.0.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmbsPQsACgkQbljekB8A
+Gu/uNRAAl55peDh/O/GRKNB4Cf5auf+rnL2A8pFZ2zLYhjhguVoHauuuviFWCgK0
+BhsEGspwAVAzG79zUCBMrhIZfJ2zP6IAwJ6X+I8HoZYIhYMBM7X1OmDq8lDffpgo
+Z9C73lftJXvT+L54SxWVmxs1agBBM/0GB1x+YXugxVmUElIj+e/Wv/uEcGFLKxFc
+9sva/uaxJEY2Un8VslgClrJz85cRQfC2E6JxZ4t7FTcE+MlVzbYa9YZeHO8+AxqJ
+3lnZBo1dDGeXzXNxsSdFOnz+vwbdRHo5U8a6b+G8b9eCJj3+WCF2/zuKTLPqLYMC
+QUw8Fj+mAbVge5rOmT74UWRVhvL3pdw82O1X0V0jJZu2OQ1LW5AEUJKA/ssdVsZa
+wRO5A8T8vJCyhid8YErUzAr3O6Bat/r7bJI2TJDoUODbcrzdXuT0dgCEIMfL6EGu
+Z337blTPnBdD7u1oYhY7MOudT3il7z9yoYWRPfxxqMJQf0gI6qf6q/iztnlzNcIX
+1xHxNWVxL1p0arfMuHcgolepS8OC6uN/pT04M/UftiUf82Z1DPZMNtYqOR4veb7t
+xQ0kwj2JbqdZ9OccpozEgtfcFIQ8R3EavL88dudHROR5g1LVOUlnjfVeM+RsHKAo
+bU+PpL7QOTj0uMsIaFa2sawEd9wsqYvuEgBg3wvqB08ho8MmZkQ=
+=331g
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/EN-24:16/pf-14.1.patch b/website/static/security/patches/EN-24:16/pf-14.1.patch
new file mode 100644
index 0000000000..543043ca23
--- /dev/null
+++ b/website/static/security/patches/EN-24:16/pf-14.1.patch
@@ -0,0 +1,384 @@
+--- sys/net/pfvar.h.orig
++++ sys/net/pfvar.h
+@@ -359,8 +359,8 @@
+ mtx_unlock(_s->lock); \
+ } while (0)
+ #else
+-#define PF_STATE_LOCK(s) mtx_lock(s->lock)
+-#define PF_STATE_UNLOCK(s) mtx_unlock(s->lock)
++#define PF_STATE_LOCK(s) mtx_lock((s)->lock)
++#define PF_STATE_UNLOCK(s) mtx_unlock((s)->lock)
+ #endif
+
+ #ifdef INVARIANTS
+@@ -2512,8 +2512,8 @@
+ struct pf_addr *, struct pf_addr *,
+ uint16_t, uint16_t, struct pf_kanchor_stackframe *);
+
+-struct pf_state_key *pf_state_key_setup(struct pf_pdesc *, struct pf_addr *,
+- struct pf_addr *, u_int16_t, u_int16_t);
++struct pf_state_key *pf_state_key_setup(struct pf_pdesc *, struct mbuf *, int,
++ struct pf_addr *, struct pf_addr *, u_int16_t, u_int16_t);
+ struct pf_state_key *pf_state_key_clone(struct pf_state_key *);
+ void pf_rule_to_actions(struct pf_krule *,
+ struct pf_rule_actions *);
+--- sys/netpfil/pf/pf.c.orig
++++ sys/netpfil/pf/pf.c
+@@ -325,6 +325,9 @@
+ u_int16_t, u_int16_t, int *, struct pfi_kkif *,
+ struct pf_kstate **, int, u_int16_t, u_int16_t,
+ int, struct pf_krule_slist *);
++static int pf_state_key_addr_setup(struct pf_pdesc *, struct mbuf *,
++ int, struct pf_state_key_cmp *, int, struct pf_addr *,
++ int, struct pf_addr *, int);
+ static int pf_test_fragment(struct pf_krule **, struct pfi_kkif *,
+ struct mbuf *, void *, struct pf_pdesc *,
+ struct pf_krule **, struct pf_kruleset **);
+@@ -341,8 +344,8 @@
+ void *, struct pf_pdesc *);
+ int pf_icmp_state_lookup(struct pf_state_key_cmp *,
+ struct pf_pdesc *, struct pf_kstate **, struct mbuf *,
+- int, struct pfi_kkif *, u_int16_t, u_int16_t,
+- int, int *, int);
++ int, int, struct pfi_kkif *, u_int16_t, u_int16_t,
++ int, int *, int, int);
+ static int pf_test_state_icmp(struct pf_kstate **,
+ struct pfi_kkif *, struct mbuf *, int,
+ void *, struct pf_pdesc *, u_short *);
+@@ -395,7 +398,7 @@
+
+ VNET_DEFINE(struct pf_limit, pf_limits[PF_LIMIT_MAX]);
+
+-enum { PF_ICMP_MULTI_NONE, PF_ICMP_MULTI_SOLICITED, PF_ICMP_MULTI_LINK };
++enum { PF_ICMP_MULTI_NONE, PF_ICMP_MULTI_LINK };
+
+ #define PACKET_UNDO_NAT(_m, _pd, _off, _s) \
+ do { \
+@@ -1457,9 +1460,66 @@
+ return (0);
+ }
+
++static int
++pf_state_key_addr_setup(struct pf_pdesc *pd, struct mbuf *m, int off,
++ struct pf_state_key_cmp *key, int sidx, struct pf_addr *saddr,
++ int didx, struct pf_addr *daddr, int multi)
++{
++#ifdef INET6
++ struct nd_neighbor_solicit nd;
++ struct pf_addr *target;
++ u_short action, reason;
++
++ if (pd->af == AF_INET || pd->proto != IPPROTO_ICMPV6)
++ goto copy;
++
++ switch (pd->hdr.icmp6.icmp6_type) {
++ case ND_NEIGHBOR_SOLICIT:
++ if (multi)
++ return (-1);
++ if (!pf_pull_hdr(m, off, &nd, sizeof(nd), &action, &reason, pd->af))
++ return (-1);
++ target = (struct pf_addr *)&nd.nd_ns_target;
++ daddr = target;
++ break;
++ case ND_NEIGHBOR_ADVERT:
++ if (multi)
++ return (-1);
++ if (!pf_pull_hdr(m, off, &nd, sizeof(nd), &action, &reason, pd->af))
++ return (-1);
++ target = (struct pf_addr *)&nd.nd_ns_target;
++ saddr = target;
++ if (IN6_IS_ADDR_MULTICAST(&pd->dst->v6)) {
++ key->addr[didx].addr32[0] = 0;
++ key->addr[didx].addr32[1] = 0;
++ key->addr[didx].addr32[2] = 0;
++ key->addr[didx].addr32[3] = 0;
++ daddr = NULL; /* overwritten */
++ }
++ break;
++ default:
++ if (multi == PF_ICMP_MULTI_LINK) {
++ key->addr[sidx].addr32[0] = IPV6_ADDR_INT32_MLL;
++ key->addr[sidx].addr32[1] = 0;
++ key->addr[sidx].addr32[2] = 0;
++ key->addr[sidx].addr32[3] = IPV6_ADDR_INT32_ONE;
++ saddr = NULL; /* overwritten */
++ }
++ }
++copy:
++#endif
++ if (saddr)
++ PF_ACPY(&key->addr[sidx], saddr, pd->af);
++ if (daddr)
++ PF_ACPY(&key->addr[didx], daddr, pd->af);
++
++ return (0);
++}
++
+ struct pf_state_key *
+-pf_state_key_setup(struct pf_pdesc *pd, struct pf_addr *saddr,
+- struct pf_addr *daddr, u_int16_t sport, u_int16_t dport)
++pf_state_key_setup(struct pf_pdesc *pd, struct mbuf *m, int off,
++ struct pf_addr *saddr, struct pf_addr *daddr, u_int16_t sport,
++ u_int16_t dport)
+ {
+ struct pf_state_key *sk;
+
+@@ -1467,8 +1527,12 @@
+ if (sk == NULL)
+ return (NULL);
+
+- PF_ACPY(&sk->addr[pd->sidx], saddr, pd->af);
+- PF_ACPY(&sk->addr[pd->didx], daddr, pd->af);
++ if (pf_state_key_addr_setup(pd, m, off, (struct pf_state_key_cmp *)sk,
++ pd->sidx, pd->src, pd->didx, pd->dst, 0)) {
++ uma_zfree(V_pf_state_key_z, sk);
++ return (NULL);
++ }
++
+ sk->port[pd->sidx] = sport;
+ sk->port[pd->didx] = dport;
+ sk->proto = pd->proto;
+@@ -5152,7 +5216,7 @@
+ if (nr == NULL) {
+ KASSERT((sk == NULL && nk == NULL), ("%s: nr %p sk %p, nk %p",
+ __func__, nr, sk, nk));
+- sk = pf_state_key_setup(pd, pd->src, pd->dst, sport, dport);
++ sk = pf_state_key_setup(pd, m, off, pd->src, pd->dst, sport, dport);
+ if (sk == NULL)
+ goto csfailed;
+ nk = sk;
+@@ -6581,8 +6645,9 @@
+
+ int
+ pf_icmp_state_lookup(struct pf_state_key_cmp *key, struct pf_pdesc *pd,
+- struct pf_kstate **state, struct mbuf *m, int direction, struct pfi_kkif *kif,
+- u_int16_t icmpid, u_int16_t type, int icmp_dir, int *iidx, int multi)
++ struct pf_kstate **state, struct mbuf *m, int off, int direction,
++ struct pfi_kkif *kif, u_int16_t icmpid, u_int16_t type, int icmp_dir,
++ int *iidx, int multi, int inner)
+ {
+ key->af = pd->af;
+ key->proto = pd->proto;
+@@ -6595,31 +6660,19 @@
+ key->port[pd->sidx] = type;
+ key->port[pd->didx] = icmpid;
+ }
+- if (pd->af == AF_INET6 && multi != PF_ICMP_MULTI_NONE) {
+- switch (multi) {
+- case PF_ICMP_MULTI_SOLICITED:
+- key->addr[pd->sidx].addr32[0] = IPV6_ADDR_INT32_MLL;
+- key->addr[pd->sidx].addr32[1] = 0;
+- key->addr[pd->sidx].addr32[2] = IPV6_ADDR_INT32_ONE;
+- key->addr[pd->sidx].addr32[3] = pd->src->addr32[3];
+- key->addr[pd->sidx].addr8[12] = 0xff;
+- break;
+- case PF_ICMP_MULTI_LINK:
+- key->addr[pd->sidx].addr32[0] = IPV6_ADDR_INT32_MLL;
+- key->addr[pd->sidx].addr32[1] = 0;
+- key->addr[pd->sidx].addr32[2] = 0;
+- key->addr[pd->sidx].addr32[3] = IPV6_ADDR_INT32_ONE;
+- break;
+- }
+- } else
+- PF_ACPY(&key->addr[pd->sidx], pd->src, key->af);
+- PF_ACPY(&key->addr[pd->didx], pd->dst, key->af);
++ if (pf_state_key_addr_setup(pd, m, off, key, pd->sidx, pd->src,
++ pd->didx, pd->dst, multi))
++ return (PF_DROP);
+
+ STATE_LOOKUP(kif, key, *state, pd);
+
++ if ((*state)->state_flags & PFSTATE_SLOPPY)
++ return (-1);
++
+ /* Is this ICMP message flowing in right direction? */
+ if ((*state)->rule.ptr->type &&
+- (((*state)->direction == direction) ?
++ (((!inner && (*state)->direction == direction) ||
++ (inner && (*state)->direction != direction)) ?
+ PF_IN : PF_OUT) != icmp_dir) {
+ if (V_pf_status.debug >= PF_DEBUG_MISC) {
+ printf("pf: icmp type %d in wrong direction (%d): ",
+@@ -6627,6 +6680,8 @@
+ pf_print_state(*state);
+ printf("\n");
+ }
++ PF_STATE_UNLOCK(*state);
++ *state = NULL;
+ return (PF_DROP);
+ }
+ return (-1);
+@@ -6675,19 +6730,20 @@
+ * ICMP query/reply message not related to a TCP/UDP packet.
+ * Search for an ICMP state.
+ */
+- ret = pf_icmp_state_lookup(&key, pd, state, m, pd->dir,
++ ret = pf_icmp_state_lookup(&key, pd, state, m, off, pd->dir,
+ kif, virtual_id, virtual_type, icmp_dir, &iidx,
+- PF_ICMP_MULTI_NONE);
++ PF_ICMP_MULTI_NONE, 0);
+ if (ret >= 0) {
++ MPASS(*state == NULL);
+ if (ret == PF_DROP && pd->af == AF_INET6 &&
+ icmp_dir == PF_OUT) {
+- if (*state != NULL)
+- PF_STATE_UNLOCK((*state));
+- ret = pf_icmp_state_lookup(&key, pd, state, m,
++ ret = pf_icmp_state_lookup(&key, pd, state, m, off,
+ pd->dir, kif, virtual_id, virtual_type,
+- icmp_dir, &iidx, multi);
+- if (ret >= 0)
++ icmp_dir, &iidx, multi, 0);
++ if (ret >= 0) {
++ MPASS(*state == NULL);
+ return (ret);
++ }
+ } else
+ return (ret);
+ }
+@@ -6769,6 +6825,7 @@
+ int off2 = 0;
+
+ pd2.af = pd->af;
++ pd2.dir = pd->dir;
+ /* Payload packet is from the opposite direction. */
+ pd2.sidx = (pd->dir == PF_IN) ? 1 : 0;
+ pd2.didx = (pd->dir == PF_IN) ? 0 : 1;
+@@ -7076,9 +7133,9 @@
+ }
+ #ifdef INET
+ case IPPROTO_ICMP: {
+- struct icmp iih;
++ struct icmp *iih = &pd2.hdr.icmp;
+
+- if (!pf_pull_hdr(m, off2, &iih, ICMP_MINLEN,
++ if (!pf_pull_hdr(m, off2, iih, ICMP_MINLEN,
+ NULL, reason, pd2.af)) {
+ DPFPRINTF(PF_DEBUG_MISC,
+ ("pf: ICMP error message too short i"
+@@ -7086,15 +7143,17 @@
+ return (PF_DROP);
+ }
+
+- icmpid = iih.icmp_id;
+- pf_icmp_mapping(&pd2, iih.icmp_type,
++ icmpid = iih->icmp_id;
++ pf_icmp_mapping(&pd2, iih->icmp_type,
+ &icmp_dir, &multi, &virtual_id, &virtual_type);
+
+- ret = pf_icmp_state_lookup(&key, &pd2, state, m,
+- pd->dir, kif, virtual_id, virtual_type,
+- icmp_dir, &iidx, PF_ICMP_MULTI_NONE);
+- if (ret >= 0)
++ ret = pf_icmp_state_lookup(&key, &pd2, state, m, off,
++ pd2.dir, kif, virtual_id, virtual_type,
++ icmp_dir, &iidx, PF_ICMP_MULTI_NONE, 1);
++ if (ret >= 0) {
++ MPASS(*state == NULL);
+ return (ret);
++ }
+
+ /* translate source/destination address, if necessary */
+ if ((*state)->key[PF_SK_WIRE] !=
+@@ -7105,10 +7164,10 @@
+ if (PF_ANEQ(pd2.src,
+ &nk->addr[pd2.sidx], pd2.af) ||
+ (virtual_type == htons(ICMP_ECHO) &&
+- nk->port[iidx] != iih.icmp_id))
++ nk->port[iidx] != iih->icmp_id))
+ pf_change_icmp(pd2.src,
+ (virtual_type == htons(ICMP_ECHO)) ?
+- &iih.icmp_id : NULL,
++ &iih->icmp_id : NULL,
+ daddr, &nk->addr[pd2.sidx],
+ (virtual_type == htons(ICMP_ECHO)) ?
+ nk->port[iidx] : 0, NULL,
+@@ -7124,7 +7183,7 @@
+
+ m_copyback(m, off, ICMP_MINLEN, (caddr_t)&pd->hdr.icmp);
+ m_copyback(m, ipoff2, sizeof(h2), (caddr_t)&h2);
+- m_copyback(m, off2, ICMP_MINLEN, (caddr_t)&iih);
++ m_copyback(m, off2, ICMP_MINLEN, (caddr_t)iih);
+ }
+ return (PF_PASS);
+ break;
+@@ -7132,9 +7191,9 @@
+ #endif /* INET */
+ #ifdef INET6
+ case IPPROTO_ICMPV6: {
+- struct icmp6_hdr iih;
++ struct icmp6_hdr *iih = &pd2.hdr.icmp6;
+
+- if (!pf_pull_hdr(m, off2, &iih,
++ if (!pf_pull_hdr(m, off2, iih,
+ sizeof(struct icmp6_hdr), NULL, reason, pd2.af)) {
+ DPFPRINTF(PF_DEBUG_MISC,
+ ("pf: ICMP error message too short "
+@@ -7142,22 +7201,24 @@
+ return (PF_DROP);
+ }
+
+- pf_icmp_mapping(&pd2, iih.icmp6_type,
++ pf_icmp_mapping(&pd2, iih->icmp6_type,
+ &icmp_dir, &multi, &virtual_id, &virtual_type);
+- ret = pf_icmp_state_lookup(&key, &pd2, state, m,
++
++ ret = pf_icmp_state_lookup(&key, &pd2, state, m, off,
+ pd->dir, kif, virtual_id, virtual_type,
+- icmp_dir, &iidx, PF_ICMP_MULTI_NONE);
++ icmp_dir, &iidx, PF_ICMP_MULTI_NONE, 1);
+ if (ret >= 0) {
+- if (ret == PF_DROP && pd->af == AF_INET6 &&
++ MPASS(*state == NULL);
++ if (ret == PF_DROP && pd2.af == AF_INET6 &&
+ icmp_dir == PF_OUT) {
+- if (*state != NULL)
+- PF_STATE_UNLOCK((*state));
+- ret = pf_icmp_state_lookup(&key, pd,
+- state, m, pd->dir, kif,
++ ret = pf_icmp_state_lookup(&key, &pd2,
++ state, m, off, pd->dir, kif,
+ virtual_id, virtual_type,
+- icmp_dir, &iidx, multi);
+- if (ret >= 0)
++ icmp_dir, &iidx, multi, 1);
++ if (ret >= 0) {
++ MPASS(*state == NULL);
+ return (ret);
++ }
+ } else
+ return (ret);
+ }
+@@ -7171,10 +7232,10 @@
+ if (PF_ANEQ(pd2.src,
+ &nk->addr[pd2.sidx], pd2.af) ||
+ ((virtual_type == htons(ICMP6_ECHO_REQUEST)) &&
+- nk->port[pd2.sidx] != iih.icmp6_id))
++ nk->port[pd2.sidx] != iih->icmp6_id))
+ pf_change_icmp(pd2.src,
+ (virtual_type == htons(ICMP6_ECHO_REQUEST))
+- ? &iih.icmp6_id : NULL,
++ ? &iih->icmp6_id : NULL,
+ daddr, &nk->addr[pd2.sidx],
+ (virtual_type == htons(ICMP6_ECHO_REQUEST))
+ ? nk->port[iidx] : 0, NULL,
+@@ -7192,7 +7253,7 @@
+ (caddr_t)&pd->hdr.icmp6);
+ m_copyback(m, ipoff2, sizeof(h2_6), (caddr_t)&h2_6);
+ m_copyback(m, off2, sizeof(struct icmp6_hdr),
+- (caddr_t)&iih);
++ (caddr_t)iih);
+ }
+ return (PF_PASS);
+ break;
+--- sys/netpfil/pf/pf_lb.c.orig
++++ sys/netpfil/pf/pf_lb.c
+@@ -633,7 +633,7 @@
+ return (NULL);
+ }
+
+- *skp = pf_state_key_setup(pd, saddr, daddr, sport, dport);
++ *skp = pf_state_key_setup(pd, m, off, saddr, daddr, sport, dport);
+ if (*skp == NULL)
+ return (NULL);
+ *nkp = pf_state_key_clone(*skp);
diff --git a/website/static/security/patches/EN-24:16/pf-14.1.patch.asc b/website/static/security/patches/EN-24:16/pf-14.1.patch.asc
new file mode 100644
index 0000000000..214b1cb8ca
--- /dev/null
+++ b/website/static/security/patches/EN-24:16/pf-14.1.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmbsPQwACgkQbljekB8A
+Gu8r/Q//fjwmvxhYt3odCrFRDSv+pO9VNUPhSgIf3aDlTaj4wScX6cnoXmGXG3Tx
+YHBGjr1Teu8UlS3lITY1DiW3nni52a2VU0jpkuZ0Tj3uJ+2UWMJ15hUPYzxkeDNl
+DND/Cc0iueGhXNgLqDQ5X/EuOB5RovDijvX16S+Ez8Mk5p50bS1fymLEH3w8SaRQ
+ZgYFTS1drrd5hdQ+xEFK6nYzxoOt1JeueZB1eE54SUcFRKdUAhgxcx3uYm3eQQM2
+za//619N3g/Ck/oBpR9QdPMXXS2HkD2wI9dNcj/Pvrc5tAnQ0sV82CzpQR9whVsP
+qSESpNAMrAZPSbBU79kFRXqwCqRRt2JDkzs63HtAJQGydJLEea3yP8FUBPK+iHKH
+rQMq20VXQ5ilQp/chtm7JElAUhYyRm5TYBsVppBX3xgIqb9sv6pDsyYhQVCmb40o
+WFXAlSte6jKXcg2ayFaZaNAnbLck5Sf6cEkd+lr56Nd9J1aLkQBLgiK5sk77gMKF
+Dhk7+mQl6nRc9Dm2N/ZqqAaGjBpqtr04/ShNxzR4gl9BVruh7WOCjq2b4XllEbQ/
+SBB1jr6T2fY7Q/1ydtJuXNfIyd8ZuXQpCs9YpoNTMc9j33cslykXviuQrnr4jhhL
+37WLk+mz0lkhgnV9Av5JJwX5z/5yNTkFTrCjYLS932ONeYIaL8s=
+=hUTv
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/SA-24:15/bhyve.patch b/website/static/security/patches/SA-24:15/bhyve.patch
new file mode 100644
index 0000000000..31524ad6ec
--- /dev/null
+++ b/website/static/security/patches/SA-24:15/bhyve.patch
@@ -0,0 +1,165 @@
+--- usr.sbin/bhyve/pci_xhci.c.orig
++++ usr.sbin/bhyve/pci_xhci.c
+@@ -580,7 +580,7 @@
+ uint64_t devctx_addr;
+ struct xhci_dev_ctx *devctx;
+
+- assert(slot > 0 && slot <= XHCI_MAX_DEVS);
++ assert(slot > 0 && slot <= XHCI_MAX_SLOTS);
+ assert(XHCI_SLOTDEV_PTR(sc, slot) != NULL);
+ assert(sc->opregs.dcbaa_p != NULL);
+
+@@ -853,7 +853,10 @@
+ if (sc->portregs == NULL)
+ goto done;
+
+- if (slot > XHCI_MAX_SLOTS) {
++ if (slot == 0) {
++ cmderr = XHCI_TRB_ERROR_TRB;
++ goto done;
++ } else if (slot > XHCI_MAX_SLOTS) {
+ cmderr = XHCI_TRB_ERROR_SLOT_NOT_ON;
+ goto done;
+ }
+@@ -889,6 +892,14 @@
+
+ DPRINTF(("pci_xhci reset device slot %u", slot));
+
++ if (slot == 0) {
++ cmderr = XHCI_TRB_ERROR_TRB;
++ goto done;
++ } else if (slot > XHCI_MAX_SLOTS) {
++ cmderr = XHCI_TRB_ERROR_SLOT_NOT_ON;
++ goto done;
++ }
++
+ dev = XHCI_SLOTDEV_PTR(sc, slot);
+ if (!dev || dev->dev_slotstate == XHCI_ST_DISABLED)
+ cmderr = XHCI_TRB_ERROR_SLOT_NOT_ON;
+@@ -897,6 +908,10 @@
+
+ dev->hci.hci_address = 0;
+ dev_ctx = pci_xhci_get_dev_ctx(sc, slot);
++ if (dev_ctx == NULL) {
++ cmderr = XHCI_TRB_ERROR_PARAMETER;
++ goto done;
++ }
+
+ /* slot state */
+ dev_ctx->ctx_slot.dwSctx3 = FIELD_REPLACE(
+@@ -957,8 +972,20 @@
+ goto done;
+ }
+
++ if (slot == 0) {
++ cmderr = XHCI_TRB_ERROR_TRB;
++ goto done;
++ } else if (slot > XHCI_MAX_SLOTS) {
++ cmderr = XHCI_TRB_ERROR_SLOT_NOT_ON;
++ goto done;
++ }
++
+ /* assign address to slot */
+ dev_ctx = pci_xhci_get_dev_ctx(sc, slot);
++ if (dev_ctx == NULL) {
++ cmderr = XHCI_TRB_ERROR_PARAMETER;
++ goto done;
++ }
+
+ DPRINTF(("pci_xhci: address device, dev ctx"));
+ DPRINTF((" slot %08x %08x %08x %08x",
+@@ -1019,6 +1046,14 @@
+
+ DPRINTF(("pci_xhci config_ep slot %u", slot));
+
++ if (slot == 0) {
++ cmderr = XHCI_TRB_ERROR_TRB;
++ goto done;
++ } else if (slot > XHCI_MAX_SLOTS) {
++ cmderr = XHCI_TRB_ERROR_SLOT_NOT_ON;
++ goto done;
++ }
++
+ dev = XHCI_SLOTDEV_PTR(sc, slot);
+ assert(dev != NULL);
+
+@@ -1032,6 +1067,10 @@
+
+ dev->hci.hci_address = 0;
+ dev_ctx = pci_xhci_get_dev_ctx(sc, slot);
++ if (dev_ctx == NULL) {
++ cmderr = XHCI_TRB_ERROR_PARAMETER;
++ goto done;
++ }
+
+ /* number of contexts */
+ dev_ctx->ctx_slot.dwSctx0 = FIELD_REPLACE(
+@@ -1138,11 +1177,19 @@
+
+ cmderr = XHCI_TRB_ERROR_SUCCESS;
+
+- type = XHCI_TRB_3_TYPE_GET(trb->dwTrb3);
++ if (slot == 0) {
++ cmderr = XHCI_TRB_ERROR_TRB;
++ goto done;
++ } else if (slot > XHCI_MAX_SLOTS) {
++ cmderr = XHCI_TRB_ERROR_SLOT_NOT_ON;
++ goto done;
++ }
+
+ dev = XHCI_SLOTDEV_PTR(sc, slot);
+ assert(dev != NULL);
+
++ type = XHCI_TRB_3_TYPE_GET(trb->dwTrb3);
++
+ if (type == XHCI_TRB_TYPE_STOP_EP &&
+ (trb->dwTrb3 & XHCI_TRB_3_SUSP_EP_BIT) != 0) {
+ /* XXX suspend endpoint for 10ms */
+@@ -1227,6 +1274,14 @@
+
+ cmderr = XHCI_TRB_ERROR_SUCCESS;
+
++ if (slot == 0) {
++ cmderr = XHCI_TRB_ERROR_TRB;
++ goto done;
++ } else if (slot > XHCI_MAX_SLOTS) {
++ cmderr = XHCI_TRB_ERROR_SLOT_NOT_ON;
++ goto done;
++ }
++
+ dev = XHCI_SLOTDEV_PTR(sc, slot);
+ assert(dev != NULL);
+
+@@ -1325,8 +1380,20 @@
+ goto done;
+ }
+
++ if (slot == 0) {
++ cmderr = XHCI_TRB_ERROR_TRB;
++ goto done;
++ } else if (slot > XHCI_MAX_SLOTS) {
++ cmderr = XHCI_TRB_ERROR_SLOT_NOT_ON;
++ goto done;
++ }
++
+ /* assign address to slot; in this emulation, slot_id = address */
+ dev_ctx = pci_xhci_get_dev_ctx(sc, slot);
++ if (dev_ctx == NULL) {
++ cmderr = XHCI_TRB_ERROR_PARAMETER;
++ goto done;
++ }
+
+ DPRINTF(("pci_xhci: eval ctx, dev ctx"));
+ DPRINTF((" slot %08x %08x %08x %08x",
+@@ -1555,8 +1622,9 @@
+ dev = XHCI_SLOTDEV_PTR(sc, slot);
+ devep = &dev->eps[epid];
+ dev_ctx = pci_xhci_get_dev_ctx(sc, slot);
+-
+- assert(dev_ctx != NULL);
++ if (dev_ctx == NULL) {
++ return XHCI_TRB_ERROR_PARAMETER;
++ }
+
+ ep_ctx = &dev_ctx->ctx_ep[epid];
+
diff --git a/website/static/security/patches/SA-24:15/bhyve.patch.asc b/website/static/security/patches/SA-24:15/bhyve.patch.asc
new file mode 100644
index 0000000000..ff19901874
--- /dev/null
+++ b/website/static/security/patches/SA-24:15/bhyve.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmbsPQ4ACgkQbljekB8A
+Gu+qgA/+Igo7p4BoEnxeQyAwvfqe/VEdNPYGIf+/pf5GwL+vqKPERzptSbTX84xM
++PA+FFAPsiHkgFYiQy7+BM5x3p34zyHmS/Lu0NcAVVkupjpCfiLB5Pn86XyMBuFI
+I8ZGvtMeTaTwZzI94Tw6eFA8O+2kdpFoNCqVsYR3z7uU/WtdY3OrXjEkweWBTZF8
+2GT3LyBsHTxFP0Pn9+C8f1kwe3foIsGrITuD8fKZdWlZHnyPySuaKvDBoXoG7nbv
+TXemVN8AkNXvUZeMLl42GxThpDWSi0M9+bkzqmP3QgrikH0nKLSWmaNXTtW0dxqs
+KUmiT3HgQoCf5h5ZnmUgktOoWrjTxevL/ZSRD/a01sZNOQG+rGmY5VhOXB9tewTX
+a0v7WI/uN9pszIGbd+w8ErNU+/Eata+8AjwpITFL+JRL3jaL9z+6v4jUuSlNJPLc
+8BnPcLCtgzH6A5byaqucxQzKKu2aL3tzskdaOtp8RuwtCWVy+KPO2eRd+4Ri8Lq4
+1voz5m4t/QQTJyyooDZ5ab3LJC7p9N6LqoArE24kZlYzg1RPKww4NLw1gK0BB49l
+LBuJkSPu/Vub0tVq+M6b2VJB1Rb720DVF51bpix8MFdAAB2qBdQ32pQj6Yg3xYMM
+LEu3XYP//GSMlM0UBUGcRttCjWdLIpNZP+Wmka25Q5DQClOU2XI=
+=DugM
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/SA-24:16/libnv.patch b/website/static/security/patches/SA-24:16/libnv.patch
new file mode 100644
index 0000000000..4a904b0ce6
--- /dev/null
+++ b/website/static/security/patches/SA-24:16/libnv.patch
@@ -0,0 +1,11 @@
+--- sys/contrib/libnv/nvlist.c.orig
++++ sys/contrib/libnv/nvlist.c
+@@ -1029,7 +1029,7 @@
+ nvlist_check_header(struct nvlist_header *nvlhdrp)
+ {
+
+- if (nvlhdrp->nvlh_size > SIZE_MAX - sizeof(nvlhdrp)) {
++ if (nvlhdrp->nvlh_size > SIZE_MAX - sizeof(*nvlhdrp)) {
+ ERRNO_SET(EINVAL);
+ return (false);
+ }
diff --git a/website/static/security/patches/SA-24:16/libnv.patch.asc b/website/static/security/patches/SA-24:16/libnv.patch.asc
new file mode 100644
index 0000000000..ca6086921e
--- /dev/null
+++ b/website/static/security/patches/SA-24:16/libnv.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmbsPRAACgkQbljekB8A
+Gu/XPRAAxmzdpoMrIjrxZ7ibST+R9l722PhmUZXwxy8284t024Qp0sjFtsKbpQnd
+/C8oMDJddeGOSHe9tHpErUVuWwb0EiFWOtUUUjHn7vRjv9GnSgrUNHHt1MI45bYs
+lmserwas+SsR/oZPljEAidN1CqUEMFci9MRpGs5skDs2rt7bCTdlK4CoeVF6Wvvu
+QJW3P36V8WXSo4fQbIx2TBrKsRM5urHatteT+fS53ruVJRklj+79OG+R8tpgSiZM
+GIFlGUxwotkIfXzlcru4OsfgKZ38722OosDX7u0A/TH7XAyewTsUEzLIoafInPnv
+G+umTYV+9hPhnBg555oAFSqMK2iJyistIWQ02LPce8CCy4oqaKk5uKMg4VzsFnzW
+WS6JXL7aIhaQ3P9sDYLBjKw/HqqifK3S0LzQ7rl3yWJs0X5cOCzVwPIpqniOkFtR
+pXHMeeX/r7V/NUlzWHef6SgXE3VYa3zwY7zbWQKvQ3u96KcqgssxrrK2w57IiMNo
+OON0QL6M12qHRuM6BrumqWpS9P2Z2E4d4Rko3ras5ljpA7FRkMSYCLpFo/trhz/h
+YVxHvDaoSjHHUa1XhBtJn8yajvFqOijs3qfVD9O92pZXzyaetUziwnb5JG2T4SvL
+KX36zSzxIlcZh4ySjuOPEfkS6gkuClijUyLzk2pJN/OwRIc8SCc=
+=5ulb
+-----END PGP SIGNATURE-----