diff --git a/website/data/security/advisories.toml b/website/data/security/advisories.toml
index b3a4c14939..ccb6c58848 100644
--- a/website/data/security/advisories.toml
+++ b/website/data/security/advisories.toml
@@ -1,2531 +1,2539 @@
# Sort advisories by year, month and day
# $FreeBSD$
+[[advisories]]
+name = "FreeBSD-SA-21:12.libradius"
+date = "2021-05-26"
+
+[[advisories]]
+name = "FreeBSD-SA-21:11.smap"
+date = "2021-05-26"
+
[[advisories]]
name = "FreeBSD-SA-21:10.jail_mount"
date = "2021-04-06"
[[advisories]]
name = "FreeBSD-SA-21:09.accept_filter"
date = "2021-04-06"
[[advisories]]
name = "FreeBSD-SA-21:08.vm"
date = "2021-04-06"
[[advisories]]
name = "FreeBSD-SA-21:07.openssl"
date = "2021-03-25"
[[advisories]]
name = "FreeBSD-SA-21:06.xen"
date = "2021-02-24"
[[advisories]]
name = "FreeBSD-SA-21:05.jail_chdir"
date = "2021-02-24"
[[advisories]]
name = "FreeBSD-SA-21:04.jail_remove"
date = "2021-02-24"
[[advisories]]
name = "FreeBSD-SA-21:03.pam_login_access"
date = "2021-02-24"
[[advisories]]
name = "FreeBSD-SA-21:02.xenoom"
date = "2021-01-29"
[[advisories]]
name = "FreeBSD-SA-21:01.fsdisclosure"
date = "2021-01-29"
[[advisories]]
name = "FreeBSD-SA-20:33.openssl"
date = "2020-12-08"
[[advisories]]
name = "FreeBSD-SA-20:32.rtsold"
date = "2020-12-01"
[[advisories]]
name = "FreeBSD-SA-20:31.icmp6"
date = "2020-12-01"
[[advisories]]
name = "FreeBSD-SA-20:30.ftpd"
date = "2020-09-15"
[[advisories]]
name = "FreeBSD-SA-20:29.bhyve_svm"
date = "2020-09-15"
[[advisories]]
name = "FreeBSD-SA-20:28.bhyve_vmcs"
date = "2020-09-15"
[[advisories]]
name = "FreeBSD-SA-20:27.ure"
date = "2020-09-15"
[[advisories]]
name = "FreeBSD-SA-20:26.dhclient"
date = "2020-09-02"
[[advisories]]
name = "FreeBSD-SA-20:25.sctp"
date = "2020-09-02"
[[advisories]]
name = "FreeBSD-SA-20:24.ipv6"
date = "2020-09-02"
[[advisories]]
name = "FreeBSD-SA-20:23.sendmsg"
date = "2020-08-05"
[[advisories]]
name = "FreeBSD-SA-20:22.sqlite"
date = "2020-08-05"
[[advisories]]
name = "FreeBSD-SA-20:21.usb_net"
date = "2020-08-05"
[[advisories]]
name = "FreeBSD-SA-20:20.ipv6"
date = "2020-07-08"
[[advisories]]
name = "FreeBSD-SA-20:19.unbound"
date = "2020-07-08"
[[advisories]]
name = "FreeBSD-SA-20:18.posix_spawnp"
date = "2020-07-08"
[[advisories]]
name = "FreeBSD-SA-20:17.usb"
date = "2020-06-09"
[[advisories]]
name = "FreeBSD-SA-20:16.cryptodev"
date = "2020-05-12"
[[advisories]]
name = "FreeBSD-SA-20:15.cryptodev"
date = "2020-05-12"
[[advisories]]
name = "FreeBSD-SA-20:14.sctp"
date = "2020-05-12"
[[advisories]]
name = "FreeBSD-SA-20:13.libalias"
date = "2020-05-12"
[[advisories]]
name = "FreeBSD-SA-20:12.libalias"
date = "2020-05-12"
[[advisories]]
name = "FreeBSD-SA-20:11.openssl"
date = "2020-04-21"
[[advisories]]
name = "FreeBSD-SA-20:10.ipfw"
date = "2020-04-21"
[[advisories]]
name = "FreeBSD-SA-20:09.ntp"
date = "2020-03-19"
[[advisories]]
name = "FreeBSD-SA-20:08.jail"
date = "2020-03-19"
[[advisories]]
name = "FreeBSD-SA-20:07.epair"
date = "2020-03-19"
[[advisories]]
name = "FreeBSD-SA-20:06.if_ixl_ioctl"
date = "2020-03-19"
[[advisories]]
name = "FreeBSD-SA-20:05.if_oce_ioctl"
date = "2020-03-19"
[[advisories]]
name = "FreeBSD-SA-20:04.tcp"
date = "2020-03-19"
[[advisories]]
name = "FreeBSD-SA-20:03.thrmisc"
date = "2020-01-28"
[[advisories]]
name = "FreeBSD-SA-20:02.ipsec"
date = "2020-01-28"
[[advisories]]
name = "FreeBSD-SA-20:01.libfetch"
date = "2020-01-28"
[[advisories]]
name = "FreeBSD-SA-19:26.mcu"
date = "2019-11-12"
[[advisories]]
name = "FreeBSD-SA-19:25.mcepsc"
date = "2019-11-12"
[[advisories]]
name = "FreeBSD-SA-19:24.mqueuefs"
date = "2019-08-20"
[[advisories]]
name = "FreeBSD-SA-19:23.midi"
date = "2019-08-20"
[[advisories]]
name = "FreeBSD-SA-19:22.mbuf"
date = "2019-08-20"
[[advisories]]
name = "FreeBSD-SA-19:21.bhyve"
date = "2019-08-06"
[[advisories]]
name = "FreeBSD-SA-19:20.bsnmp"
date = "2019-08-06"
[[advisories]]
name = "FreeBSD-SA-19:19.mldv2"
date = "2019-08-06"
[[advisories]]
name = "FreeBSD-SA-19:18.bzip2"
date = "2019-08-06"
[[advisories]]
name = "FreeBSD-SA-19:17.fd"
date = "2019-07-24"
[[advisories]]
name = "FreeBSD-SA-19:16.bhyve"
date = "2019-07-24"
[[advisories]]
name = "FreeBSD-SA-19:15.mqueuefs"
date = "2019-07-24"
[[advisories]]
name = "FreeBSD-SA-19:14.freebsd32"
date = "2019-07-24"
[[advisories]]
name = "FreeBSD-SA-19:13.pts"
date = "2019-07-24"
[[advisories]]
name = "FreeBSD-SA-19:12.telnet"
date = "2019-07-24"
[[advisories]]
name = "FreeBSD-SA-19:11.cd_ioctl"
date = "2019-07-02"
[[advisories]]
name = "FreeBSD-SA-19:10.ufs"
date = "2019-07-02"
[[advisories]]
name = "FreeBSD-SA-19:09.iconv"
date = "2019-07-02"
[[advisories]]
name = "FreeBSD-SA-19:08.rack"
date = "2019-06-19"
[[advisories]]
name = "FreeBSD-SA-19:07.mds"
date = "2019-05-14"
[[advisories]]
name = "FreeBSD-SA-19:06.pf"
date = "2019-05-14"
[[advisories]]
name = "FreeBSD-SA-19:05.pf"
date = "2019-05-14"
[[advisories]]
name = "FreeBSD-SA-19:04.ntp"
date = "2019-05-14"
[[advisories]]
name = "FreeBSD-SA-19:03.wpa"
date = "2019-05-14"
[[advisories]]
name = "FreeBSD-SA-19:02.fd"
date = "2019-02-05"
[[advisories]]
name = "FreeBSD-SA-19:01.syscall"
date = "2019-02-05"
[[advisories]]
name = "FreeBSD-SA-18:15.bootpd"
date = "2018-12-19"
[[advisories]]
name = "FreeBSD-SA-18:14.bhyve"
date = "2018-12-04"
[[advisories]]
name = "FreeBSD-SA-18:13.nfs"
date = "2018-11-27"
[[advisories]]
name = "FreeBSD-SA-18:12.elf"
date = "2018-09-12"
[[advisories]]
name = "FreeBSD-SA-18:11.hostapd"
date = "2018-08-14"
[[advisories]]
name = "FreeBSD-SA-18:10.ip"
date = "2018-08-14"
[[advisories]]
name = "FreeBSD-SA-18:09.l1tf"
date = "2018-08-14"
[[advisories]]
name = "FreeBSD-SA-18:08.tcp"
date = "2018-08-06"
[[advisories]]
name = "FreeBSD-SA-18:07.lazyfpu"
date = "2018-06-21"
[[advisories]]
name = "FreeBSD-SA-18:06.debugreg"
date = "2018-05-08"
[[advisories]]
name = "FreeBSD-SA-18:05.ipsec"
date = "2018-04-04"
[[advisories]]
name = "FreeBSD-SA-18:04.vt"
date = "2018-04-04"
[[advisories]]
name = "FreeBSD-SA-18:03.speculative_execution"
date = "2018-03-14"
[[advisories]]
name = "FreeBSD-SA-18:02.ntp"
date = "2018-03-07"
[[advisories]]
name = "FreeBSD-SA-18:01.ipsec"
date = "2018-03-07"
[[advisories]]
name = "FreeBSD-SA-17:12.openssl"
date = "2017-12-09"
[[advisories]]
name = "FreeBSD-SA-17:11.openssl"
date = "2017-11-29"
[[advisories]]
name = "FreeBSD-SA-17:10.kldstat"
date = "2017-11-15"
[[advisories]]
name = "FreeBSD-SA-17:09.shm"
date = "2017-11-15"
[[advisories]]
name = "FreeBSD-SA-17:08.ptrace"
date = "2017-11-15"
[[advisories]]
name = "FreeBSD-SA-17:07.wpa"
date = "2017-10-17"
[[advisories]]
name = "FreeBSD-SA-17:06.openssh"
date = "2017-08-10"
[[advisories]]
name = "FreeBSD-SA-17:05.heimdal"
date = "2017-07-12"
[[advisories]]
name = "FreeBSD-SA-17:04.ipfilter"
date = "2017-04-27"
[[advisories]]
name = "FreeBSD-SA-17:03.ntp"
date = "2017-04-12"
[[advisories]]
name = "FreeBSD-SA-17:02.openssl"
date = "2017-02-23"
[[advisories]]
name = "FreeBSD-SA-17:01.openssh"
date = "2017-01-11"
[[advisories]]
name = "FreeBSD-SA-16:39.ntp"
date = "2016-12-22"
[[advisories]]
name = "FreeBSD-SA-16:38.bhyve"
date = "2016-12-06"
[[advisories]]
name = "FreeBSD-SA-16:37.libc"
date = "2016-12-06"
[[advisories]]
name = "FreeBSD-SA-16:36.telnetd"
date = "2016-12-06"
[[advisories]]
name = "FreeBSD-SA-16:35.openssl"
date = "2016-11-02"
[[advisories]]
name = "FreeBSD-SA-16:34.bind"
date = "2016-11-02"
[[advisories]]
name = "FreeBSD-SA-16:33.openssh"
date = "2016-11-02"
[[advisories]]
name = "FreeBSD-SA-16:32.bhyve"
date = "2016-10-25"
[[advisories]]
name = "FreeBSD-SA-16:31.libarchive"
date = "2016-10-10"
[[advisories]]
name = "FreeBSD-SA-16:30.portsnap"
date = "2016-10-10"
[[advisories]]
name = "FreeBSD-SA-16:29.bspatch"
date = "2016-10-10"
[[advisories]]
name = "FreeBSD-SA-16:28.bind"
date = "2016-10-10"
[[advisories]]
name = "FreeBSD-SA-16:27.openssl"
date = "2016-10-10"
[[advisories]]
name = "FreeBSD-SA-16:26.openssl"
date = "2016-09-23"
[[advisories]]
name = "FreeBSD-SA-16:25.bspatch"
date = "2016-07-25"
[[advisories]]
name = "FreeBSD-SA-16:24.ntp"
date = "2016-06-04"
[[advisories]]
name = "FreeBSD-SA-16:23.libarchive"
date = "2016-05-31"
[[advisories]]
name = "FreeBSD-SA-16:22.libarchive"
date = "2016-05-31"
[[advisories]]
name = "FreeBSD-SA-16:21.43bsd"
date = "2016-05-31"
[[advisories]]
name = "FreeBSD-SA-16:20.linux"
date = "2016-05-31"
[[advisories]]
name = "FreeBSD-SA-16:19.sendmsg"
date = "2016-05-17"
[[advisories]]
name = "FreeBSD-SA-16:18.atkbd"
date = "2016-05-17"
[[advisories]]
name = "FreeBSD-SA-16:17.openssl"
date = "2016-05-04"
[[advisories]]
name = "FreeBSD-SA-16:16.ntp"
date = "2016-04-29"
[[advisories]]
name = "FreeBSD-SA-16:15.sysarch"
date = "2016-03-16"
[[advisories]]
name = "FreeBSD-SA-16:14.openssh"
date = "2016-03-16"
[[advisories]]
name = "FreeBSD-SA-16:13.bind"
date = "2016-03-10"
[[advisories]]
name = "FreeBSD-SA-16:12.openssl"
date = "2016-03-10"
[[advisories]]
name = "FreeBSD-SA-16:11.openssl"
date = "2016-01-30"
[[advisories]]
name = "FreeBSD-SA-16:10.linux"
date = "2016-01-27"
[[advisories]]
name = "FreeBSD-SA-16:09.ntp"
date = "2016-01-27"
[[advisories]]
name = "FreeBSD-SA-16:08.bind"
date = "2016-01-27"
[[advisories]]
name = "FreeBSD-SA-16:07.openssh"
date = "2016-01-14"
[[advisories]]
name = "FreeBSD-SA-16:06.bsnmpd"
date = "2016-01-14"
[[advisories]]
name = "FreeBSD-SA-16:05.tcp"
date = "2016-01-14"
[[advisories]]
name = "FreeBSD-SA-16:04.linux"
date = "2016-01-14"
[[advisories]]
name = "FreeBSD-SA-16:03.linux"
date = "2016-01-14"
[[advisories]]
name = "FreeBSD-SA-16:02.ntp"
date = "2016-01-14"
[[advisories]]
name = "FreeBSD-SA-16:01.sctp"
date = "2016-01-14"
[[advisories]]
name = "FreeBSD-SA-15:27.bind"
date = "2015-12-16"
[[advisories]]
name = "FreeBSD-SA-15:26.openssl"
date = "2015-12-06"
[[advisories]]
name = "FreeBSD-SA-15:25.ntp"
date = "2015-10-26"
[[advisories]]
name = "FreeBSD-SA-15:24.rpcbind"
date = "2015-09-29"
[[advisories]]
name = "FreeBSD-SA-15:23.bind"
date = "2015-09-02"
[[advisories]]
name = "FreeBSD-SA-15:22.openssh"
date = "2015-08-25"
[[advisories]]
name = "FreeBSD-SA-15:21.amd64"
date = "2015-08-25"
[[advisories]]
name = "FreeBSD-SA-15:20.expat"
date = "2015-08-18"
[[advisories]]
name = "FreeBSD-SA-15:19.routed"
date = "2015-08-05"
[[advisories]]
name = "FreeBSD-SA-15:18.bsdpatch"
date = "2015-08-05"
[[advisories]]
name = "FreeBSD-SA-15:17.bind"
date = "2015-07-28"
[[advisories]]
name = "FreeBSD-SA-15:16.openssh"
date = "2015-07-28"
[[advisories]]
name = "FreeBSD-SA-15:15.tcp"
date = "2015-07-28"
[[advisories]]
name = "FreeBSD-SA-15:14.bsdpatch"
date = "2015-07-28"
[[advisories]]
name = "FreeBSD-SA-15:13.tcp"
date = "2015-07-21"
[[advisories]]
name = "FreeBSD-SA-15:12.openssl"
date = "2015-07-09"
[[advisories]]
name = "FreeBSD-SA-15:11.bind"
date = "2015-07-07"
[[advisories]]
name = "FreeBSD-SA-15:10.openssl"
date = "2015-06-12"
[[advisories]]
name = "FreeBSD-SA-15:09.ipv6"
date = "2015-04-07"
[[advisories]]
name = "FreeBSD-SA-15:08.bsdinstall"
date = "2015-04-07"
[[advisories]]
name = "FreeBSD-SA-15:07.ntp"
date = "2015-04-07"
[[advisories]]
name = "FreeBSD-SA-15:06.openssl"
date = "2015-03-19"
[[advisories]]
name = "FreeBSD-SA-15:05.bind"
date = "2015-02-25"
[[advisories]]
name = "FreeBSD-SA-15:04.igmp"
date = "2015-02-25"
[[advisories]]
name = "FreeBSD-SA-15:03.sctp"
date = "2015-01-27"
[[advisories]]
name = "FreeBSD-SA-15:02.kmem"
date = "2015-01-27"
[[advisories]]
name = "FreeBSD-SA-15:01.openssl"
date = "2015-01-14"
[[advisories]]
name = "FreeBSD-SA-14:31.ntp"
date = "2014-12-23"
[[advisories]]
name = "FreeBSD-SA-14:30.unbound"
date = "2014-12-17"
[[advisories]]
name = "FreeBSD-SA-14:29.bind"
date = "2014-12-10"
[[advisories]]
name = "FreeBSD-SA-14:28.file"
date = "2014-12-10"
[[advisories]]
name = "FreeBSD-SA-14:27.stdio"
date = "2014-12-10"
[[advisories]]
name = "FreeBSD-SA-14:26.ftp"
date = "2014-11-04"
[[advisories]]
name = "FreeBSD-SA-14:25.setlogin"
date = "2014-11-04"
[[advisories]]
name = "FreeBSD-SA-14:24.sshd"
date = "2014-11-04"
[[advisories]]
name = "FreeBSD-SA-14:23.openssl"
date = "2014-10-21"
[[advisories]]
name = "FreeBSD-SA-14:22.namei"
date = "2014-10-21"
[[advisories]]
name = "FreeBSD-SA-14:21.routed"
date = "2014-10-21"
[[advisories]]
name = "FreeBSD-SA-14:20.rtsold"
date = "2014-10-21"
[[advisories]]
name = "FreeBSD-SA-14:19.tcp"
date = "2014-09-16"
[[advisories]]
name = "FreeBSD-SA-14:18.openssl"
date = "2014-09-09"
[[advisories]]
name = "FreeBSD-SA-14:17.kmem"
date = "2014-07-08"
[[advisories]]
name = "FreeBSD-SA-14:16.file"
date = "2014-06-24"
[[advisories]]
name = "FreeBSD-SA-14:15.iconv"
date = "2014-06-24"
[[advisories]]
name = "FreeBSD-SA-14:14.openssl"
date = "2014-06-05"
[[advisories]]
name = "FreeBSD-SA-14:13.pam"
date = "2014-06-03"
[[advisories]]
name = "FreeBSD-SA-14:12.ktrace"
date = "2014-06-03"
[[advisories]]
name = "FreeBSD-SA-14:11.sendmail"
date = "2014-06-03"
[[advisories]]
name = "FreeBSD-SA-14:10.openssl"
date = "2014-05-13"
[[advisories]]
name = "FreeBSD-SA-14:09.openssl"
date = "2014-04-30"
[[advisories]]
name = "FreeBSD-SA-14:08.tcp"
date = "2014-04-30"
[[advisories]]
name = "FreeBSD-SA-14:07.devfs"
date = "2014-04-30"
[[advisories]]
name = "FreeBSD-SA-14:06.openssl"
date = "2014-04-08"
[[advisories]]
name = "FreeBSD-SA-14:05.nfsserver"
date = "2014-04-08"
[[advisories]]
name = "FreeBSD-SA-14:04.bind"
date = "2014-01-14"
[[advisories]]
name = "FreeBSD-SA-14:03.openssl"
date = "2014-01-14"
[[advisories]]
name = "FreeBSD-SA-14:02.ntpd"
date = "2014-01-14"
[[advisories]]
name = "FreeBSD-SA-14:01.bsnmpd"
date = "2014-01-14"
[[advisories]]
name = "FreeBSD-SA-13:14.openssh"
date = "2013-11-19"
[[advisories]]
name = "FreeBSD-SA-13:13.nullfs"
date = "2013-09-10"
[[advisories]]
name = "FreeBSD-SA-13:12.ifioctl"
date = "2013-09-10"
[[advisories]]
name = "FreeBSD-SA-13:11.sendfile"
date = "2013-09-10"
[[advisories]]
name = "FreeBSD-SA-13:10.sctp"
date = "2013-08-22"
[[advisories]]
name = "FreeBSD-SA-13:09.ip_multicast"
date = "2013-08-22"
[[advisories]]
name = "FreeBSD-SA-13:08.nfsserver"
date = "2013-07-26"
[[advisories]]
name = "FreeBSD-SA-13:07.bind"
date = "2013-07-26"
[[advisories]]
name = "FreeBSD-SA-13:06.mmap"
date = "2013-06-18"
[[advisories]]
name = "FreeBSD-SA-13:05.nfsserver"
date = "2013-04-29"
[[advisories]]
name = "FreeBSD-SA-13:04.bind"
date = "2013-04-02"
[[advisories]]
name = "FreeBSD-SA-13:03.openssl"
date = "2013-04-02"
[[advisories]]
name = "FreeBSD-SA-13:02.libc"
date = "2013-02-19"
[[advisories]]
name = "FreeBSD-SA-13:01.bind"
date = "2013-02-19"
[[advisories]]
name = "FreeBSD-SA-12:08.linux"
date = "2012-11-22"
[[advisories]]
name = "FreeBSD-SA-12:07.hostapd"
date = "2012-11-22"
[[advisories]]
name = "FreeBSD-SA-12:06.bind"
date = "2012-11-22"
[[advisories]]
name = "FreeBSD-SA-12:05.bind"
date = "2012-08-06"
[[advisories]]
name = "FreeBSD-SA-12:04.sysret"
date = "2012-06-12"
[[advisories]]
name = "FreeBSD-SA-12:03.bind"
date = "2012-06-12"
[[advisories]]
name = "FreeBSD-SA-12:02.crypt"
date = "2012-05-30"
[[advisories]]
name = "FreeBSD-SA-12:01.openssl"
date = "2012-05-30"
[[advisories]]
name = "FreeBSD-SA-11:10.pam"
date = "2011-12-23"
[[advisories]]
name = "FreeBSD-SA-11:09.pam_ssh"
date = "2011-12-23"
[[advisories]]
name = "FreeBSD-SA-11:08.telnetd"
date = "2011-12-23"
[[advisories]]
name = "FreeBSD-SA-11:07.chroot"
date = "2011-12-23"
[[advisories]]
name = "FreeBSD-SA-11:06.bind"
date = "2011-12-23"
[[advisories]]
name = "FreeBSD-SA-11:05.unix"
date = "2011-09-28"
[[advisories]]
name = "FreeBSD-SA-11:04.compress"
date = "2011-09-28"
[[advisories]]
name = "FreeBSD-SA-11:03.bind"
date = "2011-09-28"
[[advisories]]
name = "FreeBSD-SA-11:02.bind"
date = "2011-05-28"
[[advisories]]
name = "FreeBSD-SA-11:01.mountd"
date = "2011-04-20"
[[advisories]]
name = "FreeBSD-SA-10:10.openssl"
date = "2010-11-29"
[[advisories]]
name = "FreeBSD-SA-10:09.pseudofs"
date = "2010-11-10"
[[advisories]]
name = "FreeBSD-SA-10:08.bzip2"
date = "2010-09-20"
[[advisories]]
name = "FreeBSD-SA-10:07.mbuf"
date = "2010-07-13"
[[advisories]]
name = "FreeBSD-SA-10:06.nfsclient"
date = "2010-05-27"
[[advisories]]
name = "FreeBSD-SA-10:05.opie"
date = "2010-05-27"
[[advisories]]
name = "FreeBSD-SA-10:04.jail"
date = "2010-05-27"
[[advisories]]
name = "FreeBSD-SA-10:03.zfs"
date = "2010-01-06"
[[advisories]]
name = "FreeBSD-SA-10:02.ntpd"
date = "2010-01-06"
[[advisories]]
name = "FreeBSD-SA-10:01.bind"
date = "2010-01-06"
[[advisories]]
name = "FreeBSD-SA-09:17.freebsd-update"
date = "2009-12-03"
[[advisories]]
name = "FreeBSD-SA-09:16.rtld"
date = "2009-12-03"
[[advisories]]
name = "FreeBSD-SA-09:15.ssl"
date = "2009-12-03"
[[advisories]]
name = "FreeBSD-SA-09:14.devfs"
date = "2009-10-02"
[[advisories]]
name = "FreeBSD-SA-09:13.pipe"
date = "2009-10-02"
[[advisories]]
name = "FreeBSD-SA-09:12.bind"
date = "2009-07-29"
[[advisories]]
name = "FreeBSD-SA-09:11.ntpd"
date = "2009-06-10"
[[advisories]]
name = "FreeBSD-SA-09:10.ipv6"
date = "2009-06-10"
[[advisories]]
name = "FreeBSD-SA-09:09.pipe"
date = "2009-06-10"
[[advisories]]
name = "FreeBSD-SA-09:08.openssl"
date = "2009-04-22"
[[advisories]]
name = "FreeBSD-SA-09:07.libc"
date = "2009-04-22"
[[advisories]]
name = "FreeBSD-SA-09:06.ktimer"
date = "2009-03-23"
[[advisories]]
name = "FreeBSD-SA-09:05.telnetd"
date = "2009-02-16"
[[advisories]]
name = "FreeBSD-SA-09:04.bind"
date = "2009-01-13"
[[advisories]]
name = "FreeBSD-SA-09:03.ntpd"
date = "2009-01-13"
[[advisories]]
name = "FreeBSD-SA-09:02.openssl"
date = "2009-01-07"
[[advisories]]
name = "FreeBSD-SA-09:01.lukemftpd"
date = "2009-01-07"
[[advisories]]
name = "FreeBSD-SA-08:13.protosw"
date = "2008-12-23"
[[advisories]]
name = "FreeBSD-SA-08:12.ftpd"
date = "2008-12-23"
[[advisories]]
name = "FreeBSD-SA-08:11.arc4random"
date = "2008-11-24"
[[advisories]]
name = "FreeBSD-SA-08:10.nd6"
date = "2008-10-02"
[[advisories]]
name = "FreeBSD-SA-08:09.icmp6"
date = "2008-09-03"
[[advisories]]
name = "FreeBSD-SA-08:08.nmount"
date = "2008-09-03"
[[advisories]]
name = "FreeBSD-SA-08:07.amd64"
date = "2008-09-03"
[[advisories]]
name = "FreeBSD-SA-08:06.bind"
date = "2008-07-13"
[[advisories]]
name = "FreeBSD-SA-08:05.openssh"
date = "2008-04-17"
[[advisories]]
name = "FreeBSD-SA-08:04.ipsec"
date = "2008-02-14"
[[advisories]]
name = "FreeBSD-SA-08:03.sendfile"
date = "2008-02-14"
[[advisories]]
name = "FreeBSD-SA-08:02.libc"
date = "2008-01-14"
[[advisories]]
name = "FreeBSD-SA-08:01.pty"
date = "2008-01-14"
[[advisories]]
name = "FreeBSD-SA-07:10.gtar"
date = "2007-11-29"
[[advisories]]
name = "FreeBSD-SA-07:09.random"
date = "2007-11-29"
[[advisories]]
name = "FreeBSD-SA-07:08.openssl"
date = "2007-10-03"
[[advisories]]
name = "FreeBSD-SA-07:07.bind"
date = "2007-08-01"
[[advisories]]
name = "FreeBSD-SA-07:06.tcpdump"
date = "2007-08-01"
[[advisories]]
name = "FreeBSD-SA-07:05.libarchive"
date = "2007-07-12"
[[advisories]]
name = "FreeBSD-SA-07:04.file"
date = "2007-05-23"
[[advisories]]
name = "FreeBSD-SA-07:03.ipv6"
date = "2007-04-26"
[[advisories]]
name = "FreeBSD-SA-07:02.bind"
date = "2007-02-09"
[[advisories]]
name = "FreeBSD-SA-07:01.jail"
date = "2007-01-11"
[[advisories]]
name = "FreeBSD-SA-06:26.gtar"
date = "2006-12-06"
[[advisories]]
name = "FreeBSD-SA-06:25.kmem"
date = "2006-12-06"
[[advisories]]
name = "FreeBSD-SA-06:24.libarchive"
date = "2006-11-08"
[[advisories]]
name = "FreeBSD-SA-06:22.openssh"
date = "2006-09-30"
[[advisories]]
name = "FreeBSD-SA-06:23.openssl"
date = "2006-09-28"
[[advisories]]
name = "FreeBSD-SA-06:21.gzip"
date = "2006-09-19"
[[advisories]]
name = "FreeBSD-SA-06:20.bind"
date = "2006-09-06"
[[advisories]]
name = "FreeBSD-SA-06:19.openssl"
date = "2006-09-06"
[[advisories]]
name = "FreeBSD-SA-06:18.ppp"
date = "2006-08-23"
[[advisories]]
name = "FreeBSD-SA-06:17.sendmail"
date = "2006-06-14"
[[advisories]]
name = "FreeBSD-SA-06:16.smbfs"
date = "2006-05-31"
[[advisories]]
name = "FreeBSD-SA-06:15.ypserv"
date = "2006-05-31"
[[advisories]]
name = "FreeBSD-SA-06:14.fpu"
date = "2006-04-19"
[[advisories]]
name = "FreeBSD-SA-06:13.sendmail"
date = "2006-03-22"
[[advisories]]
name = "FreeBSD-SA-06:12.opie"
date = "2006-03-22"
[[advisories]]
name = "FreeBSD-SA-06:11.ipsec"
date = "2006-03-22"
[[advisories]]
name = "FreeBSD-SA-06:10.nfs"
date = "2006-03-01"
[[advisories]]
name = "FreeBSD-SA-06:09.openssh"
date = "2006-03-01"
[[advisories]]
name = "FreeBSD-SA-06:08.sack"
date = "2006-02-01"
[[advisories]]
name = "FreeBSD-SA-06:07.pf"
date = "2006-01-25"
[[advisories]]
name = "FreeBSD-SA-06:06.kmem"
date = "2006-01-25"
[[advisories]]
name = "FreeBSD-SA-06:05.80211"
date = "2006-01-18"
[[advisories]]
name = "FreeBSD-SA-06:04.ipfw"
date = "2006-01-11"
[[advisories]]
name = "FreeBSD-SA-06:03.cpio"
date = "2006-01-11"
[[advisories]]
name = "FreeBSD-SA-06:02.ee"
date = "2006-01-11"
[[advisories]]
name = "FreeBSD-SA-06:01.texindex"
date = "2006-01-11"
[[advisories]]
name = "FreeBSD-SA-05:21.openssl"
date = "2005-10-11"
[[advisories]]
name = "FreeBSD-SA-05:20.cvsbug"
date = "2005-09-07"
[[advisories]]
name = "FreeBSD-SA-05:19.ipsec"
date = "2005-07-27"
[[advisories]]
name = "FreeBSD-SA-05:18.zlib"
date = "2005-07-27"
[[advisories]]
name = "FreeBSD-SA-05:17.devfs"
date = "2005-07-20"
[[advisories]]
name = "FreeBSD-SA-05:16.zlib"
date = "2005-07-06"
[[advisories]]
name = "FreeBSD-SA-05:15.tcp"
date = "2005-06-29"
[[advisories]]
name = "FreeBSD-SA-05:14.bzip2"
date = "2005-06-29"
[[advisories]]
name = "FreeBSD-SA-05:13.ipfw"
date = "2005-06-29"
[[advisories]]
name = "FreeBSD-SA-05:12.bind9"
date = "2005-06-09"
[[advisories]]
name = "FreeBSD-SA-05:11.gzip"
date = "2005-06-09"
[[advisories]]
name = "FreeBSD-SA-05:10.tcpdump"
date = "2005-06-09"
[[advisories]]
name = "FreeBSD-SA-05:09.htt"
date = "2005-05-13"
[[advisories]]
name = "FreeBSD-SA-05:08.kmem"
date = "2005-05-06"
[[advisories]]
name = "FreeBSD-SA-05:07.ldt"
date = "2005-05-06"
[[advisories]]
name = "FreeBSD-SA-05:06.iir"
date = "2005-05-06"
[[advisories]]
name = "FreeBSD-SA-05:05.cvs"
date = "2005-04-22"
[[advisories]]
name = "FreeBSD-SA-05:04.ifconf"
date = "2005-04-15"
[[advisories]]
name = "FreeBSD-SA-05:03.amd64"
date = "2005-04-06"
[[advisories]]
name = "FreeBSD-SA-05:02.sendfile"
date = "2005-04-04"
[[advisories]]
name = "FreeBSD-SA-05:01.telnet"
date = "2005-03-28"
[[advisories]]
name = "FreeBSD-SA-04:17.procfs"
date = "2004-12-01"
[[advisories]]
name = "FreeBSD-SA-04:16.fetch"
date = "2004-11-18"
[[advisories]]
name = "FreeBSD-SA-04:15.syscons"
date = "2004-10-04"
[[advisories]]
name = "FreeBSD-SA-04:14.cvs"
date = "2004-09-19"
[[advisories]]
name = "FreeBSD-SA-04:13.linux"
date = "2004-06-30"
[[advisories]]
name = "FreeBSD-SA-04:12.jailroute"
date = "2004-06-07"
[[advisories]]
name = "FreeBSD-SA-04:11.msync"
date = "2004-05-19"
[[advisories]]
name = "FreeBSD-SA-04:10.cvs"
date = "2004-05-19"
[[advisories]]
name = "FreeBSD-SA-04:09.kadmind"
date = "2004-05-05"
[[advisories]]
name = "FreeBSD-SA-04:08.heimdal"
date = "2004-05-05"
[[advisories]]
name = "FreeBSD-SA-04:07.cvs"
date = "2004-04-15"
[[advisories]]
name = "FreeBSD-SA-04:06.ipv6"
date = "2004-03-29"
[[advisories]]
name = "FreeBSD-SA-04:05.openssl"
date = "2004-03-17"
[[advisories]]
name = "FreeBSD-SA-04:04.tcp"
date = "2004-03-02"
[[advisories]]
name = "FreeBSD-SA-04:03.jail"
date = "2004-02-25"
[[advisories]]
name = "FreeBSD-SA-04:02.shmat"
date = "2004-02-05"
[[advisories]]
name = "FreeBSD-SA-04:01.mksnap_ffs"
date = "2004-01-30"
[[advisories]]
name = "FreeBSD-SA-03:19.bind"
date = "2003-11-28"
[[advisories]]
name = "FreeBSD-SA-03:15.openssh"
date = "2003-10-05"
[[advisories]]
name = "FreeBSD-SA-03:18.openssl"
date = "2003-10-03"
[[advisories]]
name = "FreeBSD-SA-03:17.procfs"
date = "2003-10-03"
[[advisories]]
name = "FreeBSD-SA-03:16.filedesc"
date = "2003-10-02"
[[advisories]]
name = "FreeBSD-SA-03:14.arp"
date = "2003-09-23"
[[advisories]]
name = "FreeBSD-SA-03:13.sendmail"
date = "2003-09-17"
[[advisories]]
name = "FreeBSD-SA-03:12.openssh"
date = "2003-09-16"
[[advisories]]
name = "FreeBSD-SA-03:11.sendmail"
date = "2003-08-26"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1170"
[[advisories]]
name = "FreeBSD-SA-03:10.ibcs2"
date = "2003-08-10"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1164"
[[advisories]]
name = "FreeBSD-SA-03:09.signal"
date = "2003-08-10"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1163"
[[advisories]]
name = "FreeBSD-SA-03:08.realpath"
date = "2003-08-03"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1158"
[[advisories]]
name = "FreeBSD-SN-03:02"
date = "2003-04-08"
[[advisories]]
name = "FreeBSD-SN-03:01"
date = "2003-04-07"
[[advisories]]
name = "FreeBSD-SA-03:07.sendmail"
date = "2003-03-30"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1122"
[[advisories]]
name = "FreeBSD-SA-03:06.openssl"
date = "2003-03-21"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1118"
[[advisories]]
name = "FreeBSD-SA-03:05.xdr"
date = "2003-03-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1117"
[[advisories]]
name = "FreeBSD-SA-03:04.sendmail"
date = "2003-03-03"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1112"
[[advisories]]
name = "FreeBSD-SA-03:03.syncookies"
date = "2003-02-24"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1106"
[[advisories]]
name = "FreeBSD-SA-03:02.openssl"
date = "2003-02-24"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1105"
[[advisories]]
name = "FreeBSD-SA-03:01.cvs"
date = "2003-02-04"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1100"
[[advisories]]
name = "FreeBSD-SA-02:44.filedesc"
date = "2003-01-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1090"
[[advisories]]
name = "FreeBSD-SA-02:43.bind"
date = "2002-11-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1084"
[[advisories]]
name = "FreeBSD-SA-02:41.smrsh"
date = "2002-11-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1082"
[[advisories]]
name = "FreeBSD-SA-02:42.resolv"
date = "2002-11-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1083"
[[advisories]]
name = "FreeBSD-SA-02:40.kadmind"
date = "2002-11-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1081"
[[advisories]]
name = "FreeBSD-SN-02:06"
date = "2002-10-10"
[[advisories]]
name = "FreeBSD-SA-02:39.libkvm"
date = "2002-09-16"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1051"
[[advisories]]
name = "FreeBSD-SN-02:05"
date = "2002-08-28"
[[advisories]]
name = "FreeBSD-SA-02:38.signed-error"
date = "2002-08-19"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1041"
[[advisories]]
name = "FreeBSD-SA-02:37.kqueue"
date = "2002-08-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1033"
[[advisories]]
name = "FreeBSD-SA-02:36.nfs"
date = "2002-08-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1032"
[[advisories]]
name = "FreeBSD-SA-02:35.ffs"
date = "2002-08-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1031"
[[advisories]]
name = "FreeBSD-SA-02:33.openssl"
date = "2002-08-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1023"
[[advisories]]
name = "FreeBSD-SA-02:34.rpc"
date = "2002-08-01"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1024"
[[advisories]]
name = "FreeBSD-SA-02:32.pppd"
date = "2002-07-31"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1022"
[[advisories]]
name = "FreeBSD-SA-02:31.openssh"
date = "2002-07-15"
[[advisories]]
name = "FreeBSD-SA-02:30.ktrace"
date = "2002-07-12"
[[advisories]]
name = "FreeBSD-SA-02:29.tcpdump"
date = "2002-07-12"
[[advisories]]
name = "FreeBSD-SA-02:28.resolv"
date = "2002-06-26"
[[advisories]]
name = "FreeBSD-SN-02:04"
date = "2002-06-19"
[[advisories]]
name = "FreeBSD-SA-02:27.rc"
date = "2002-05-29"
[[advisories]]
name = "FreeBSD-SA-02:26.accept"
date = "2002-05-29"
[[advisories]]
name = "FreeBSD-SN-02:03"
date = "2002-05-28"
[[advisories]]
name = "FreeBSD-SA-02:25.bzip2"
date = "2002-05-20"
[[advisories]]
name = "FreeBSD-SA-02:24.k5su"
date = "2002-05-20"
[[advisories]]
name = "FreeBSD-SN-02:02"
date = "2002-05-13"
[[advisories]]
name = "FreeBSD-SA-02:23.stdio"
date = "2002-04-22"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1021"
[[advisories]]
name = "FreeBSD-SA-02:22.mmap"
date = "2002-04-18"
[[advisories]]
name = "FreeBSD-SA-02:21.tcpip"
date = "2002-04-17"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/980"
[[advisories]]
name = "FreeBSD-SA-02:20.syncache"
date = "2002-04-16"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/979"
[[advisories]]
name = "FreeBSD-SN-02:01"
date = "2002-03-30"
[[advisories]]
name = "FreeBSD-SA-02:19.squid"
date = "2002-03-26"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/960"
[[advisories]]
name = "FreeBSD-SA-02:18.zlib"
date = "2002-03-18"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/978"
[[advisories]]
name = "FreeBSD-SA-02:17.mod_frontpage"
date = "2002-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/954"
[[advisories]]
name = "FreeBSD-SA-02:16.netscape"
date = "2002-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/953"
[[advisories]]
name = "FreeBSD-SA-02:15.cyrus-sasl"
date = "2002-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/952"
[[advisories]]
name = "FreeBSD-SA-02:14.pam-pgsql"
date = "2002-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/951"
[[advisories]]
name = "FreeBSD-SA-02:13.openssh"
date = "2002-03-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/945"
[[advisories]]
name = "FreeBSD-SA-02:12.squid"
date = "2002-02-21"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/938"
[[advisories]]
name = "FreeBSD-SA-02:11.snmp"
date = "2002-02-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/936"
[[advisories]]
name = "FreeBSD-SA-02:10.rsync"
date = "2002-02-06"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/928"
[[advisories]]
name = "FreeBSD-SA-02:09.fstatfs"
date = "2002-02-06"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/927"
[[advisories]]
name = "FreeBSD-SA-02:08.exec"
date = "2002-01-24"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/923"
[[advisories]]
name = "FreeBSD-SA-02:07.k5su"
date = "2002-01-18"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/912"
[[advisories]]
name = "FreeBSD-SA-02:06.sudo"
date = "2002-01-16"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/909"
[[advisories]]
name = "FreeBSD-SA-02:05.pine"
date = "2002-01-04"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/894"
[[advisories]]
name = "FreeBSD-SA-02:04.mutt"
date = "2002-01-04"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/893"
[[advisories]]
name = "FreeBSD-SA-02:03.mod_auth_pgsql"
date = "2002-01-04"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/892"
[[advisories]]
name = "FreeBSD-SA-02:02.pw"
date = "2002-01-04"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/891"
[[advisories]]
name = "FreeBSD-SA-02:01.pkg_add"
date = "2002-01-04"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/898"
[[advisories]]
name = "FreeBSD-SA-01:64.wu-ftpd"
date = "2001-12-04"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/870"
[[advisories]]
name = "FreeBSD-SA-01:63.openssh"
date = "2001-12-02"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/871"
[[advisories]]
name = "FreeBSD-SA-01:62.uucp"
date = "2001-10-08"
[[advisories]]
name = "FreeBSD-SA-01:61.squid"
date = "2001-10-08"
[[advisories]]
name = "FreeBSD-SA-01:60.procmail"
date = "2001-09-24"
[[advisories]]
name = "FreeBSD-SA-01:59.rmuser"
date = "2001-09-04"
[[advisories]]
name = "FreeBSD-SA-01:58.lpd"
date = "2001-08-30"
[[advisories]]
name = "FreeBSD-SA-01:57.sendmail"
date = "2001-08-27"
[[advisories]]
name = "FreeBSD-SA-01:56.tcp_wrappers"
date = "2001-08-23"
[[advisories]]
name = "FreeBSD-SA-01:55.procfs"
date = "2001-08-21"
[[advisories]]
name = "FreeBSD-SA-01:54.ports-telnetd"
date = "2001-08-20"
[[advisories]]
name = "FreeBSD-SA-01:53.ipfw"
date = "2001-08-17"
[[advisories]]
name = "FreeBSD-SA-01:52.fragment"
date = "2001-08-06"
[[advisories]]
name = "FreeBSD-SA-01:51.openssl"
date = "2001-07-30"
[[advisories]]
name = "FreeBSD-SA-01:50.windowmaker"
date = "2001-07-27"
[[advisories]]
name = "FreeBSD-SA-01:49.telnetd"
date = "2001-07-23"
[[advisories]]
name = "FreeBSD-SA-01:48.tcpdump"
date = "2001-07-17"
[[advisories]]
name = "FreeBSD-SA-01:47.xinetd"
date = "2001-07-10"
[[advisories]]
name = "FreeBSD-SA-01:46.w3m"
date = "2001-07-10"
[[advisories]]
name = "FreeBSD-SA-01:45.samba"
date = "2001-07-10"
[[advisories]]
name = "FreeBSD-SA-01:44.gnupg"
date = "2001-07-10"
[[advisories]]
name = "FreeBSD-SA-01:43.fetchmail"
date = "2001-07-10"
[[advisories]]
name = "FreeBSD-SA-01:42.signal"
date = "2001-07-10"
[[advisories]]
name = "FreeBSD-SA-01:41.hanterm"
date = "2001-07-09"
[[advisories]]
name = "FreeBSD-SA-01:40.fts"
date = "2001-06-04"
[[advisories]]
name = "FreeBSD-SA-01:39.tcp-isn"
date = "2001-05-02"
[[advisories]]
name = "FreeBSD-SA-01:38.sudo"
date = "2001-04-23"
[[advisories]]
name = "FreeBSD-SA-01:37.slrn"
date = "2001-04-23"
[[advisories]]
name = "FreeBSD-SA-01:36.samba"
date = "2001-04-23"
[[advisories]]
name = "FreeBSD-SA-01:35.licq"
date = "2001-04-23"
[[advisories]]
name = "FreeBSD-SA-01:34.hylafax"
date = "2001-04-23"
[[advisories]]
name = "FreeBSD-SA-01:33.ftpd-glob"
date = "2001-04-17"
[[advisories]]
name = "FreeBSD-SA-01:32.ipfilter"
date = "2001-04-16"
[[advisories]]
name = "FreeBSD-SA-01:31.ntpd"
date = "2001-04-06"
[[advisories]]
name = "FreeBSD-SA-01:30.ufs-ext2fs"
date = "2001-03-22"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/738"
[[advisories]]
name = "FreeBSD-SA-01:29.rwhod"
date = "2001-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/732"
[[advisories]]
name = "FreeBSD-SA-01:28.timed"
date = "2001-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/731"
[[advisories]]
name = "FreeBSD-SA-01:27.cfengine"
date = "2001-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/730"
[[advisories]]
name = "FreeBSD-SA-01:26.interbase"
date = "2001-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/729"
[[advisories]]
name = "FreeBSD-SA-01:23.icecast"
date = "2001-03-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/728"
[[advisories]]
name = "FreeBSD-SA-01:25.kerberosIV"
date = "2001-02-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/716"
[[advisories]]
name = "FreeBSD-SA-01:24.ssh"
date = "2001-02-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/715"
[[advisories]]
name = "FreeBSD-SA-01:22.dc20ctrl"
date = "2001-02-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/714"
[[advisories]]
name = "FreeBSD-SA-01:21.ja-elvis"
date = "2001-02-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/713"
[[advisories]]
name = "FreeBSD-SA-01:20.mars_nwe"
date = "2001-02-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/712"
[[advisories]]
name = "FreeBSD-SA-01:19.ja-klock"
date = "2001-02-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/707"
[[advisories]]
name = "FreeBSD-SA-01:18.bind"
date = "2001-01-31"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/706"
[[advisories]]
name = "FreeBSD-SA-01:17.exmh"
date = "2001-01-29"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/705"
[[advisories]]
name = "FreeBSD-SA-01:16.mysql"
date = "2001-01-29"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/704"
[[advisories]]
name = "FreeBSD-SA-01:15.tinyproxy"
date = "2001-01-29"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/703"
[[advisories]]
name = "FreeBSD-SA-01:14.micq"
date = "2001-01-29"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/702"
[[advisories]]
name = "FreeBSD-SA-01:13.sort"
date = "2001-01-29"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/701"
[[advisories]]
name = "FreeBSD-SA-01:12.periodic"
date = "2001-01-29"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/700"
[[advisories]]
name = "FreeBSD-SA-01:11.inetd"
date = "2001-01-29"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/699"
[[advisories]]
name = "FreeBSD-SA-01:10.bind"
date = "2001-01-23"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/698"
[[advisories]]
name = "FreeBSD-SA-01:09.crontab"
date = "2001-01-23"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/697"
[[advisories]]
name = "FreeBSD-SA-01:08.ipfw"
date = "2001-01-23"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/696"
[[advisories]]
name = "FreeBSD-SA-01:07.xfree86"
date = "2001-01-23"
[[advisories]]
name = "FreeBSD-SA-01:06.zope"
date = "2001-01-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/669"
[[advisories]]
name = "FreeBSD-SA-01:05.stunnel"
date = "2001-01-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/668"
[[advisories]]
name = "FreeBSD-SA-01:04.joe"
date = "2001-01-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/667"
[[advisories]]
name = "FreeBSD-SA-01:03.bash1"
date = "2001-01-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/666"
[[advisories]]
name = "FreeBSD-SA-01:02.syslog-ng"
date = "2001-01-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/665"
[[advisories]]
name = "FreeBSD-SA-01:01.openssh"
date = "2001-01-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/664"
[[advisories]]
name = "FreeBSD-SA-00:81.ethereal"
date = "2000-12-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/651"
[[advisories]]
name = "FreeBSD-SA-00:80.halflifeserver"
date = "2000-12-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/650"
[[advisories]]
name = "FreeBSD-SA-00:79.oops"
date = "2000-12-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/649"
[[advisories]]
name = "FreeBSD-SA-00:78.bitchx"
date = "2000-12-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/648"
[[advisories]]
name = "FreeBSD-SA-00:77.procfs"
date = "2000-12-18"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/647"
[[advisories]]
name = "FreeBSD-SA-00:76.tcsh-csh"
date = "2000-11-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/628"
[[advisories]]
name = "FreeBSD-SA-00:75.php"
date = "2000-11-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/627"
[[advisories]]
name = "FreeBSD-SA-00:74.gaim"
date = "2000-11-20"
[[advisories]]
name = "FreeBSD-SA-00:73.thttpd"
date = "2000-11-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/626"
[[advisories]]
name = "FreeBSD-SA-00:72.curl"
date = "2000-11-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/625"
[[advisories]]
name = "FreeBSD-SA-00:71.mgetty"
date = "2000-11-20"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/624"
[[advisories]]
name = "FreeBSD-SA-00:70.ppp-nat"
date = "2000-11-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/623"
[[advisories]]
name = "FreeBSD-SA-00:69.telnetd"
date = "2000-11-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/622"
[[advisories]]
name = "FreeBSD-SA-00:68.ncurses"
date = "2000-11-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/621"
[[advisories]]
name = "FreeBSD-SA-00:67.gnupg"
date = "2000-11-10"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/620"
[[advisories]]
name = "FreeBSD-SA-00:66.netscape"
date = "2000-11-06"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/619"
[[advisories]]
name = "FreeBSD-SA-00:65.xfce"
date = "2000-11-06"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/618"
[[advisories]]
name = "FreeBSD-SA-00:64.global"
date = "2000-11-06"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/617"
[[advisories]]
name = "FreeBSD-SA-00:63.getnameinfo"
date = "2000-11-01"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/589"
[[advisories]]
name = "FreeBSD-SA-00:62.top"
date = "2000-11-01"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/616"
[[advisories]]
name = "FreeBSD-SA-00:61.tcpdump"
date = "2000-10-31"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/615"
[[advisories]]
name = "FreeBSD-SA-00:60.boa"
date = "2000-10-30"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/586"
[[advisories]]
name = "FreeBSD-SA-00:59.pine"
date = "2000-10-30"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/585"
[[advisories]]
name = "FreeBSD-SA-00:58.chpass"
date = "2000-10-30"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/584"
[[advisories]]
name = "FreeBSD-SA-00:57.muh"
date = "2000-10-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/570"
[[advisories]]
name = "FreeBSD-SA-00:56.lprng"
date = "2000-10-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/569"
[[advisories]]
name = "FreeBSD-SA-00:55.xpdf"
date = "2000-10-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/568"
[[advisories]]
name = "FreeBSD-SA-00:54.fingerd"
date = "2000-10-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/567"
[[advisories]]
name = "FreeBSD-SA-00:52.tcp-iss"
date = "2000-10-06"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/561"
[[advisories]]
name = "FreeBSD-SA-00:53.catopen"
date = "2000-09-27"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/562"
[[advisories]]
name = "FreeBSD-SA-00:51.mailman"
date = "2000-09-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/550"
[[advisories]]
name = "FreeBSD-SA-00:50.listmanager"
date = "2000-09-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/549"
[[advisories]]
name = "FreeBSD-SA-00:49.eject"
date = "2000-09-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/548"
[[advisories]]
name = "FreeBSD-SA-00:48.xchat"
date = "2000-09-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/547"
[[advisories]]
name = "FreeBSD-SA-00:47.pine"
date = "2000-09-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/546"
[[advisories]]
name = "FreeBSD-SA-00:46.screen"
date = "2000-09-13"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/545"
[[advisories]]
name = "FreeBSD-SA-00:45.esound"
date = "2000-08-31"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/526"
[[advisories]]
name = "FreeBSD-SA-00:44.xlock"
date = "2000-08-28"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/523"
[[advisories]]
name = "FreeBSD-SA-00:43.brouted"
date = "2000-08-28"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/520"
[[advisories]]
name = "FreeBSD-SA-00:42.linux"
date = "2000-08-28"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/530"
[[advisories]]
name = "FreeBSD-SA-00:41.elf"
date = "2000-08-28"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/527"
[[advisories]]
name = "FreeBSD-SA-00:40.mopd"
date = "2000-08-28"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/521"
[[advisories]]
name = "FreeBSD-SA-00:39.netscape"
date = "2000-08-28"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/528"
[[advisories]]
name = "FreeBSD-SA-00:38.zope"
date = "2000-08-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/525"
[[advisories]]
name = "FreeBSD-SA-00:37.cvsweb"
date = "2000-08-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/524"
[[advisories]]
name = "FreeBSD-SA-00:36.ntop"
date = "2000-08-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/531"
[[advisories]]
name = "FreeBSD-SA-00:35.proftpd"
date = "2000-08-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/522"
[[advisories]]
name = "FreeBSD-SA-00:34.dhclient"
date = "2000-08-14"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/529"
[[advisories]]
name = "FreeBSD-SA-00:33.kerberosIV"
date = "2000-07-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/488"
[[advisories]]
name = "FreeBSD-SA-00:32.bitchx"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/487"
[[advisories]]
name = "FreeBSD-SA-00:31.canna"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/486"
[[advisories]]
name = "FreeBSD-SA-00:30.openssh"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/485"
[[advisories]]
name = "FreeBSD-SA-00:29.wu-ftpd"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/489"
[[advisories]]
name = "FreeBSD-SA-00:28.majordomo"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/484"
[[advisories]]
name = "FreeBSD-SA-00:27.XFree86-4"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/483"
[[advisories]]
name = "FreeBSD-SA-00:26.popper"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/482"
[[advisories]]
name = "FreeBSD-SA-00:24.libedit"
date = "2000-07-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/481"
[[advisories]]
name = "FreeBSD-SA-00:23.ip-options"
date = "2000-06-19"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/480"
[[advisories]]
name = "FreeBSD-SA-00:25.alpha-random"
date = "2000-06-12"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/473"
[[advisories]]
name = "FreeBSD-SA-00:22.apsfilter"
date = "2000-06-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/461"
[[advisories]]
name = "FreeBSD-SA-00:21.ssh"
date = "2000-06-07"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/459"
[[advisories]]
name = "FreeBSD-SA-00:20.krb5"
date = "2000-05-26"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/452"
[[advisories]]
name = "FreeBSD-SA-00:19.semconfig"
date = "2000-05-23"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/451"
[[advisories]]
name = "FreeBSD-SA-00:18.gnapster.knapster"
date = "2000-05-09"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/429"
[[advisories]]
name = "FreeBSD-SA-00:17.libmytinfo"
date = "2000-05-09"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/442"
[[advisories]]
name = "FreeBSD-SA-00:16.golddig"
date = "2000-05-09"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/439"
[[advisories]]
name = "FreeBSD-SA-00:15.imap-uw"
date = "2000-04-24"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/438"
[[advisories]]
name = "FreeBSD-SA-00:14.imap-uw"
date = "2000-04-24"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/441"
[[advisories]]
name = "FreeBSD-SA-00:13.generic-nqs"
date = "2000-04-19"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/437"
[[advisories]]
name = "FreeBSD-SA-00:12.healthd"
date = "2000-04-10"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/436"
[[advisories]]
name = "FreeBSD-SA-00:11.ircii"
date = "2000-04-10"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/440"
[[advisories]]
name = "FreeBSD-SA-00:10.orville-write"
date = "2000-03-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/408"
[[advisories]]
name = "FreeBSD-SA-00:09.mtr"
date = "2000-03-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/408"
[[advisories]]
name = "FreeBSD-SA-00:08.lynx"
date = "2000-03-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/407"
[[advisories]]
name = "FreeBSD-SA-00:07.mh"
date = "2000-03-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/411"
[[advisories]]
name = "FreeBSD-SA-00:06.htdig"
date = "2000-03-01"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/403"
[[advisories]]
name = "FreeBSD-SA-00:05.mysql"
date = "2000-02-28"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/402"
[[advisories]]
name = "FreeBSD-SA-00:04.delegate"
date = "2000-02-19"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/392"
[[advisories]]
name = "FreeBSD-SA-00:03.asmon"
date = "2000-02-19"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/391"
[[advisories]]
name = "FreeBSD-SA-00:02.procfs"
date = "2000-01-24"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/380"
[[advisories]]
name = "FreeBSD-SA-00:01.make"
date = "2000-01-19"
[[advisories]]
name = "FreeBSD-SA-99:06.amd"
date = "1999-09-16"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/318"
[[advisories]]
name = "FreeBSD-SA-99:05.fts"
date = "1999-09-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/313"
[[advisories]]
name = "FreeBSD-SA-99:04.core"
date = "1999-09-15"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/312"
[[advisories]]
name = "FreeBSD-SA-99:03.ftpd"
date = "1999-09-05"
link = "http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/311"
[[advisories]]
name = "FreeBSD-SA-99:02.profil"
date = "1999-09-04"
[[advisories]]
name = "FreeBSD-SA-99:01.chflags"
date = "1999-09-04"
[[advisories]]
name = "FreeBSD-SA-98:08.fragment"
date = "1998-11-04"
[[advisories]]
name = "FreeBSD-SA-98:07.rst"
date = "1998-10-13"
[[advisories]]
name = "FreeBSD-SA-98:06.icmp"
date = "1998-06-10"
[[advisories]]
name = "FreeBSD-SA-98:05.nfs"
date = "1998-06-04"
[[advisories]]
name = "FreeBSD-SA-98:04.mmap"
date = "1998-06-02"
[[advisories]]
name = "FreeBSD-SA-98:03.ttcp"
date = "1998-05-14"
[[advisories]]
name = "FreeBSD-SA-98:02.mmap"
date = "1998-03-12"
[[advisories]]
name = "FreeBSD-SA-97:06.f00f"
date = "1997-12-09"
[[advisories]]
name = "FreeBSD-SA-98:01.land"
date = "1997-12-01"
[[advisories]]
name = "FreeBSD-SA-97:05.open"
date = "1997-10-29"
[[advisories]]
name = "FreeBSD-SA-97:04.procfs"
date = "1997-08-19"
[[advisories]]
name = "FreeBSD-SA-97:03.sysinstall"
date = "1997-04-07"
[[advisories]]
name = "FreeBSD-SA-97:02.lpd"
date = "1997-03-26"
[[advisories]]
name = "FreeBSD-SA-97:01.setlocale"
date = "1997-02-05"
[[advisories]]
name = "FreeBSD-SA-96:21.talkd"
date = "1997-01-18"
[[advisories]]
name = "FreeBSD-SA-96:20.stack-overflow"
date = "1996-12-16"
[[advisories]]
name = "FreeBSD-SA-96:19.modstat"
date = "1996-12-10"
[[advisories]]
name = "FreeBSD-SA-96:18.lpr"
date = "1996-11-25"
[[advisories]]
name = "FreeBSD-SA-96:17.rzsz"
date = "1996-07-16"
[[advisories]]
name = "FreeBSD-SA-96:16.rdist"
date = "1996-07-12"
[[advisories]]
name = "FreeBSD-SA-96:15.ppp"
date = "1996-07-04"
[[advisories]]
name = "FreeBSD-SA-96:12.perl"
date = "1996-06-28"
[[advisories]]
name = "FreeBSD-SA-96:14.ipfw"
date = "1996-06-24"
[[advisories]]
name = "FreeBSD-SA-96:13.comsat"
date = "1996-06-05"
[[advisories]]
name = "FreeBSD-SA-96:11.man"
date = "1996-05-21"
[[advisories]]
name = "FreeBSD-SA-96:10.mount_union"
date = "1996-05-17"
[[advisories]]
name = "FreeBSD-SA-96:09.vfsload"
date = "1996-05-17"
[[advisories]]
name = "FreeBSD-SA-96:02.apache"
date = "1996-04-22"
[[advisories]]
name = "FreeBSD-SA-96:08.syslog"
date = "1996-04-21"
[[advisories]]
name = "FreeBSD-SA-96:01.sliplogin"
date = "1996-04-21"
[[advisories]]
name = "FreeBSD-SA-96:03.sendmail-suggestion"
date = "1996-04-20"
diff --git a/website/data/security/errata.toml b/website/data/security/errata.toml
index bf235e7212..de0a6f640f 100644
--- a/website/data/security/errata.toml
+++ b/website/data/security/errata.toml
@@ -1,643 +1,667 @@
# Sort errata notices by year, month and day
# $FreeBSD$
+[[notices]]
+name = "FreeBSD-EN-21:16.bc"
+date = "2021-05-26"
+
+[[notices]]
+name = "FreeBSD-EN-21:15.virtio"
+date = "2021-05-26"
+
+[[notices]]
+name = "FreeBSD-EN-21:14.pms"
+date = "2021-05-26"
+
+[[notices]]
+name = "FreeBSD-EN-21:13.mpt"
+date = "2021-05-26"
+
+[[notices]]
+name = "FreeBSD-EN-21:12.divert"
+date = "2021-05-26"
+
+[[notices]]
+name = "FreeBSD-EN-21:11.aesni"
+date = "2021-05-26"
+
[[notices]]
name = "FreeBSD-EN-21:10.lldb"
date = "2021-04-06"
[[notices]]
name = "FreeBSD-EN-21:09.pf"
date = "2021-04-06"
[[notices]]
name = "FreeBSD-EN-21:08.freebsd-update"
date = "2021-02-24"
[[notices]]
name = "FreeBSD-EN-21:07.caroot"
date = "2021-02-24"
[[notices]]
name = "FreeBSD-EN-21:06.microcode"
date = "2021-02-24"
[[notices]]
name = "FreeBSD-EN-21:05.libatomic"
date = "2021-01-29"
[[notices]]
name = "FreeBSD-EN-21:04.zfs"
date = "2021-01-29"
[[notices]]
name = "FreeBSD-EN-21:03.vnet"
date = "2021-01-29"
[[notices]]
name = "FreeBSD-EN-21:02.extattr"
date = "2021-01-29"
[[notices]]
name = "FreeBSD-EN-21:01.tzdata"
date = "2021-01-29"
[[notices]]
name = "FreeBSD-EN-20:22.callout"
date = "2020-12-01"
[[notices]]
name = "FreeBSD-EN-20:21.ipfw"
date = "2020-12-01"
[[notices]]
name = "FreeBSD-EN-20:20.tzdata"
date = "2020-12-01"
[[notices]]
name = "FreeBSD-EN-20:19.audit"
date = "2020-12-01"
[[notices]]
name = "FreeBSD-EN-20:18.getfsstat"
date = "2020-09-02"
[[notices]]
name = "FreeBSD-EN-20:17.linuxthread"
date = "2020-09-02"
[[notices]]
name = "FreeBSD-EN-20:16.vmx"
date = "2020-08-05"
[[notices]]
name = "FreeBSD-EN-20:15.mps"
date = "2020-07-08"
[[notices]]
name = "FreeBSD-EN-20:14.linuxkpi"
date = "2020-07-08"
[[notices]]
name = "FreeBSD-EN-20:13.bhyve"
date = "2020-07-08"
[[notices]]
name = "FreeBSD-EN-20:12.iflib"
date = "2020-06-09"
[[notices]]
name = "FreeBSD-EN-20:11.ena"
date = "2020-06-09"
[[notices]]
name = "FreeBSD-EN-20:10.build"
date = "2020-05-12"
[[notices]]
name = "FreeBSD-EN-20:09.igb"
date = "2020-05-12"
[[notices]]
name = "FreeBSD-EN-20:08.tzdata"
date = "2020-05-12"
[[notices]]
name = "FreeBSD-EN-20:07.quotad"
date = "2020-04-21"
[[notices]]
name = "FreeBSD-EN-20:06.ipv6"
date = "2020-03-19"
[[notices]]
name = "FreeBSD-EN-20:05.mlx5en"
date = "2020-03-19"
[[notices]]
name = "FreeBSD-EN-20:04.pfctl"
date = "2020-03-19"
[[notices]]
name = "FreeBSD-EN-20:03.sshd"
date = "2020-03-19"
[[notices]]
name = "FreeBSD-EN-20:02.nmount"
date = "2020-01-28"
[[notices]]
name = "FreeBSD-EN-20:01.ssp"
date = "2020-01-28"
[[notices]]
name = "FreeBSD-EN-19:19.loader"
date = "2019-11-12"
[[notices]]
name = "FreeBSD-EN-19:18.tzdata"
date = "2019-10-23"
[[notices]]
name = "FreeBSD-EN-19:17.ipfw"
date = "2019-08-20"
[[notices]]
name = "FreeBSD-EN-19:16.bhyve"
date = "2019-08-20"
[[notices]]
name = "FreeBSD-EN-19:15.libunwind"
date = "2019-08-06"
[[notices]]
name = "FreeBSD-EN-19:14.epoch"
date = "2019-08-06"
[[notices]]
name = "FreeBSD-EN-19:13.mds"
date = "2019-07-24"
[[notices]]
name = "FreeBSD-EN-19:12.tzdata"
date = "2019-07-02"
[[notices]]
name = "FreeBSD-EN-19:11.net"
date = "2019-06-19"
[[notices]]
name = "FreeBSD-EN-19:10.scp"
date = "2019-05-14"
[[notices]]
name = "FreeBSD-EN-19:09.xinstall"
date = "2019-05-14"
[[notices]]
name = "FreeBSD-EN-19:08.tzdata"
date = "2019-05-14"
[[notices]]
name = "FreeBSD-EN-19:07.lle"
date = "2019-02-05"
[[notices]]
name = "FreeBSD-EN-19:06.dtrace"
date = "2019-02-05"
[[notices]]
name = "FreeBSD-EN-19:05.kqueue"
date = "2019-01-09"
[[notices]]
name = "FreeBSD-EN-19:04.tzdata"
date = "2019-01-09"
[[notices]]
name = "FreeBSD-EN-19:03.sqlite"
date = "2019-01-09"
[[notices]]
name = "FreeBSD-EN-19:02.tcp"
date = "2019-01-09"
[[notices]]
name = "FreeBSD-EN-19:01.cc_cubic"
date = "2019-01-09"
[[notices]]
name = "FreeBSD-EN-18:18.zfs"
date = "2018-12-19"
[[notices]]
name = "FreeBSD-EN-18:17.vm"
date = "2018-12-19"
[[notices]]
name = "FreeBSD-EN-18:16.ptrace"
date = "2018-12-19"
[[notices]]
name = "FreeBSD-EN-18:15.loader"
date = "2018-11-27"
[[notices]]
name = "FreeBSD-EN-18:14.tzdata"
date = "2018-11-27"
[[notices]]
name = "FreeBSD-EN-18:13.icmp"
date = "2018-11-27"
[[notices]]
name = "FreeBSD-EN-18:12.mem"
date = "2018-09-27"
[[notices]]
name = "FreeBSD-EN-18:11.listen"
date = "2018-09-27"
[[notices]]
name = "FreeBSD-EN-18:10.syscall"
date = "2018-09-27"
[[notices]]
name = "FreeBSD-EN-18:09.ip"
date = "2018-09-27"
[[notices]]
name = "FreeBSD-EN-18:08.lazyfpu"
date = "2018-09-12"
[[notices]]
name = "FreeBSD-EN-18:07.pmap"
date = "2018-06-21"
[[notices]]
name = "FreeBSD-EN-18:06.tzdata"
date = "2018-05-08"
[[notices]]
name = "FreeBSD-EN-18:05.mem"
date = "2018-05-08"
[[notices]]
name = "FreeBSD-EN-18:04.mem"
date = "2018-04-04"
[[notices]]
name = "FreeBSD-EN-18:03.tzdata"
date = "2018-04-04"
[[notices]]
name = "FreeBSD-EN-18:02.file"
date = "2018-03-07"
[[notices]]
name = "FreeBSD-EN-18:01.tzdata"
date = "2018-03-07"
[[notices]]
name = "FreeBSD-EN-17:09.tzdata"
date = "2017-11-02"
[[notices]]
name = "FreeBSD-EN-17:08.pf"
date = "2017-08-10"
[[notices]]
name = "FreeBSD-EN-17:07.vnet"
date = "2017-08-10"
[[notices]]
name = "FreeBSD-EN-17:06.hyperv"
date = "2017-07-12"
[[notices]]
name = "FreeBSD-EN-17:05.xen"
date = "2017-04-12"
[[notices]]
name = "FreeBSD-EN-17:04.mandoc"
date = "2017-02-23"
[[notices]]
name = "FreeBSD-EN-17:03.hyperv"
date = "2017-02-23"
[[notices]]
name = "FreeBSD-EN-17:02.yp"
date = "2017-02-23"
[[notices]]
name = "FreeBSD-EN-17:01.pcie"
date = "2017-02-23"
[[notices]]
name = "FreeBSD-EN-16:21.localedef"
date = "2016-12-06"
[[notices]]
name = "FreeBSD-EN-16:20.tzdata"
date = "2016-12-06"
[[notices]]
name = "FreeBSD-EN-16:19.tzcode"
date = "2016-12-06"
[[notices]]
name = "FreeBSD-EN-16:18.loader"
date = "2016-10-25"
[[notices]]
name = "FreeBSD-EN-16:17.vm"
date = "2016-10-25"
[[notices]]
name = "FreeBSD-EN-16:16.hv_storvsc"
date = "2016-08-12"
[[notices]]
name = "FreeBSD-EN-16:15.vmbus"
date = "2016-08-12"
[[notices]]
name = "FreeBSD-EN-16:14.hv_storvsc"
date = "2016-08-12"
[[notices]]
name = "FreeBSD-EN-16:13.vmbus"
date = "2016-08-12"
[[notices]]
name = "FreeBSD-EN-16:12.hv_storvsc"
date = "2016-08-12"
[[notices]]
name = "FreeBSD-EN-16:11.vmbus"
date = "2016-08-12"
[[notices]]
name = "FreeBSD-EN-16:10.dhclient"
date = "2016-08-12"
[[notices]]
name = "FreeBSD-EN-16:09.freebsd-update"
date = "2016-07-25"
[[notices]]
name = "FreeBSD-EN-16:08.zfs"
date = "2016-05-04"
[[notices]]
name = "FreeBSD-EN-16:07.ipi"
date = "2016-05-04"
[[notices]]
name = "FreeBSD-EN-16:06.libc"
date = "2016-05-04"
[[notices]]
name = "FreeBSD-EN-16:05.hv_netvsc"
date = "2016-03-16"
[[notices]]
name = "FreeBSD-EN-16:04.hyperv"
date = "2016-03-16"
[[notices]]
name = "FreeBSD-EN-16:03.yplib"
date = "2016-01-14"
[[notices]]
name = "FreeBSD-EN-16:02.pf"
date = "2016-01-14"
[[notices]]
name = "FreeBSD-EN-16:01.filemon"
date = "2016-01-14"
[[notices]]
name = "FreeBSD-EN-15:20.vm"
date = "2015-11-04"
[[notices]]
name = "FreeBSD-EN-15:19.kqueue"
date = "2015-11-04"
[[notices]]
name = "FreeBSD-EN-15:18.pkg"
date = "2015-09-16"
[[notices]]
name = "FreeBSD-EN-15:17.libc"
date = "2015-09-16"
[[notices]]
name = "FreeBSD-EN-15:16.pw"
date = "2015-09-16"
[[notices]]
name = "FreeBSD-EN-15:15.pkg"
date = "2015-08-25"
[[notices]]
name = "FreeBSD-EN-15:14.ixgbe"
date = "2015-08-25"
[[notices]]
name = "FreeBSD-EN-15:13.vidcontrol"
date = "2015-08-18"
[[notices]]
name = "FreeBSD-EN-15:12.netstat"
date = "2015-08-18"
[[notices]]
name = "FreeBSD-EN-15:11.toolchain"
date = "2015-08-18"
[[notices]]
name = "FreeBSD-EN-15:10.iconv"
date = "2015-06-30"
[[notices]]
name = "FreeBSD-EN-15:09.xlocale"
date = "2015-06-30"
[[notices]]
name = "FreeBSD-EN-15:08.sendmail"
date = "2015-06-18"
[[notices]]
name = "FreeBSD-EN-15:07.zfs"
date = "2015-06-09"
[[notices]]
name = "FreeBSD-EN-15:06.file"
date = "2015-06-09"
[[notices]]
name = "FreeBSD-EN-15:05.ufs"
date = "2015-05-13"
[[notices]]
name = "FreeBSD-EN-15:04.freebsd-update"
date = "2015-05-13"
[[notices]]
name = "FreeBSD-EN-15:03.freebsd-update"
date = "2015-02-25"
[[notices]]
name = "FreeBSD-EN-15:02.openssl"
date = "2015-02-25"
[[notices]]
name = "FreeBSD-EN-15:01.vt"
date = "2015-02-25"
[[notices]]
name = "FreeBSD-EN-14:13.freebsd-update"
date = "2014-12-23"
[[notices]]
name = "FreeBSD-EN-14:12.zfs"
date = "2014-11-04"
[[notices]]
name = "FreeBSD-EN-14:11.crypt"
date = "2014-10-22"
[[notices]]
name = "FreeBSD-EN-14:10.tzdata"
date = "2014-10-22"
[[notices]]
name = "FreeBSD-EN-14:09.jail"
date = "2014-07-08"
[[notices]]
name = "FreeBSD-EN-14:08.heimdal"
date = "2014-06-24"
[[notices]]
name = "FreeBSD-EN-14:07.pmap"
date = "2014-06-24"
[[notices]]
name = "FreeBSD-EN-14:06.exec"
date = "2014-06-03"
[[notices]]
name = "FreeBSD-EN-14:05.ciss"
date = "2014-05-13"
[[notices]]
name = "FreeBSD-EN-14:04.kldxref"
date = "2014-05-13"
[[notices]]
name = "FreeBSD-EN-14:03.pkg"
date = "2014-05-13"
[[notices]]
name = "FreeBSD-EN-14:02.mmap"
date = "2014-01-14"
[[notices]]
name = "FreeBSD-EN-14:01.random"
date = "2014-01-14"
[[notices]]
name = "FreeBSD-EN-13:05.freebsd-update"
date = "2013-11-28"
[[notices]]
name = "FreeBSD-EN-13:04.freebsd-update"
date = "2013-10-26"
[[notices]]
name = "FreeBSD-EN-13:03.mfi"
date = "2013-08-22"
[[notices]]
name = "FreeBSD-EN-13:01.fxp"
date = "2013-06-28"
[[notices]]
name = "FreeBSD-EN-13:02.vtnet"
date = "2013-06-28"
[[notices]]
name = "FreeBSD-EN-12:02.ipv6refcount"
date = "2012-06-12"
[[notices]]
name = "FreeBSD-EN-12:01.freebsd-update"
date = "2012-01-04"
[[notices]]
name = "FreeBSD-EN-10:02.sched_ule"
date = "2010-02-27"
[[notices]]
name = "FreeBSD-EN-10:01.freebsd"
date = "2010-01-06"
[[notices]]
name = "FreeBSD-EN-09:05.null"
date = "2009-10-02"
[[notices]]
name = "FreeBSD-EN-09:04.fork"
date = "2009-06-24"
[[notices]]
name = "FreeBSD-EN-09:03.fxp"
date = "2009-06-24"
[[notices]]
name = "FreeBSD-EN-09:02.bce"
date = "2009-06-24"
[[notices]]
name = "FreeBSD-EN-09:01.kenv"
date = "2009-03-23"
[[notices]]
name = "FreeBSD-EN-08:02.tcp"
date = "2008-06-19"
[[notices]]
name = "FreeBSD-EN-08:01.libpthread"
date = "2008-04-17"
[[notices]]
name = "FreeBSD-EN-07:05.freebsd-update"
date = "2007-03-15"
[[notices]]
name = "FreeBSD-EN-07:04.zoneinfo"
date = "2007-02-28"
[[notices]]
name = "FreeBSD-EN-07:03.rc.d_jail"
date = "2007-02-28"
[[notices]]
name = "FreeBSD-EN-07:02.net"
date = "2007-02-28"
[[notices]]
name = "FreeBSD-EN-07:01.nfs"
date = "2007-02-14"
[[notices]]
name = "FreeBSD-EN-06:02.net"
date = "2006-08-28"
[[notices]]
name = "FreeBSD-EN-06:01.jail"
date = "2006-07-07"
[[notices]]
name = "FreeBSD-EN-05:04.nfs"
date = "2005-12-19"
[[notices]]
name = "FreeBSD-EN-05:03.ipi"
date = "2005-01-16"
[[notices]]
name = "FreeBSD-EN-05:02.sk"
date = "2005-01-06"
[[notices]]
name = "FreeBSD-EN-05:01.nfs"
date = "2005-01-05"
[[notices]]
name = "FreeBSD-EN-04:01.twe"
date = "2004-06-28"
diff --git a/website/static/security/advisories/FreeBSD-EN-21:11.aesni.asc b/website/static/security/advisories/FreeBSD-EN-21:11.aesni.asc
new file mode 100644
index 0000000000..484758e445
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-EN-21:11.aesni.asc
@@ -0,0 +1,136 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-21:11.aesni Errata Notice
+ The FreeBSD Project
+
+Topic: Race condition in aesni(4) encrypt-then-auth operations
+
+Category: core
+Module: aesni
+Announced: 2021-05-26
+Affects: FreeBSD 12.2
+Corrected: 2021-04-27 19:16:35 UTC (stable/12, 12.2-STABLE)
+ 2021-05-26 20:40:11 UTC (releng/12.2, 12.2-RELEASE-p7)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+.
+
+I. Background
+
+The aesni(4) driver provides implementations of various cryptographic
+operations using specialized CPU instructions available on contemporary Intel
+and AMD CPUs. This provides improved throughput relative to pure software
+implementations of the same operations.
+
+II. Problem Description
+
+aesni(4) implements SHA-1 and SHA-2 and can compute HMACs using these
+functions. One step of the HMAC computation involves the computation of a
+derived key. This step was implemented such that if multiple threads were
+concurrently computing an HMAC using the same crypto(9) session, the kernel's
+copy of the session key could be corrupted.
+
+III. Impact
+
+This bug could cause aesni(4) to return incorrect digests of input data,
+or incorrect report a digest verification failure.
+
+Since the bug is only triggered when multiple threads are sharing a crypto(9)
+session, some consumers are unaffected. For example, geli(8) will not trigger
+the bug. It is possible to trigger the bug with IPSec or KGSSAPI, or via
+crypto(4) if the underlying application is multithreaded and shares sessions
+among multiple threads.
+
+IV. Workaround
+
+The aesni(4) kernel module may be unloaded to work around the problem. Note
+that this may incur a substantial hit to performance.
+
+Workloads not making use of HMAC-based authentication using aesni(4) are
+unaffected. For example, aesni(4) implements AES-GCM, and that implementation
+is not susceptible to this problem.
+
+V. Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date and reboot.
+
+Perform one of the following:
+
+1) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64, i386, or
+(on FreeBSD 13 and later) arm64 platforms can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for an erratum update"
+
+2) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-21:11/aesni.patch
+# fetch https://security.FreeBSD.org/patches/EN-21:11/aesni.patch.asc
+# gpg --verify aesni.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+ and reboot the
+system.
+
+VI. Correction details
+
+This issue is corrected by the corresponding Git commit hash or Subversion
+revision number in the following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/12/ r369665
+releng/12.2/ r369860
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a particular
+revision, replacing NNNNNN with the revision number:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+
+
+VII. References
+
+
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmCu6t4ACgkQ05eS9J6n
+5cJdUBAAor2SfwygnujBNtepn8miqhACwa2P/8HZo1G68JTrHzRp8U8l/iLhTIwn
+FF/aylaIg3uiFkb5V68yi9YKo4a8kIK0U/J805n8WUFFTS5OiwLkI3mLKC3vHMUD
+d2gvBaAjPeBNjlNanFp8WpdNsCXvJq9CBXECQnwsnNJ1zpSSsTwm/T48pIeRpk/T
+sYpyaLgEjsXl0tx0VkW2wwk7tNSQx0K7BouzqrwbQku18GW9ybETfQh5NE+Mz2+S
+T1e3A4y2VNWXpDqCgHwl7+X7NX3FH2wGI56G3Xv781zJY5jq+UjxoXyLGVY56y3P
+KvCgqnPavLZgER3ui/bqro3DR3uN6P3hb/Jg/3ChrNVuf9U0hElblWzQ3KQ/y2J8
+21YSuVvclMu4cfWfGcOYA8uXBQCUUYHAMKzenzmj9kZYMWaSZHpn/aibaYWZEO/U
+hsDfeJRbR1hIVOdKGUmGrcWc2BVAQw/xHyAIn1IEBvCO9JRl09VPLNU6q19mrquH
+GoQ0NRaWg6v+spHJeuiv3wreLjr/mfznk+I4Cz/CT3cVbm7b4gJXerObIWKnEyFI
+Cj8ySvkhFAVdWcLIOJPrlIgxY5IoVr/raRuKhJ7kmFkELfUd1HK81e9QdpdzKYOH
+hKWROGEBMr6bG17rqMY+tZmlx6wKVtf8mJCQHomQSi3Q7J2DRO0=
+=KdoV
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-EN-21:12.divert.asc b/website/static/security/advisories/FreeBSD-EN-21:12.divert.asc
new file mode 100644
index 0000000000..c7ac1ce64e
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-EN-21:12.divert.asc
@@ -0,0 +1,130 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-21:12.divert Errata Notice
+ The FreeBSD Project
+
+Topic: Kernel double free when transmitting on a divert socket
+
+Category: core
+Module: divert(4)
+Announced: 2021-05-26
+Affects: FreeBSD 13.0
+Corrected: 2021-05-10 13:36:08 UTC (stable/13, 13.0-STABLE)
+ 2021-05-26 19:30:51 UTC (releng/13.0, 13.0-RELEASE-p1)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+.
+
+I. Background
+
+divert(4) sockets are a facility that permit firewalls to transmit a
+copy of a packet to a userspace process. They may also be used by
+userspace programs to inject packets into the IP packet processing
+stack. In the FreeBSD base system, the only user of divert(4) sockets
+is natd(8).
+
+II. Problem Description
+
+A bug in the error handling of transmission on a divert(4) socket could
+result in a double free of an mbuf.
+
+III. Impact
+
+Systems making use of divert(4) may misbehave or panic in a
+non-deterministic manner.
+
+IV. Workaround
+
+No workaround is available. Systems not making use of divert(4) sockets
+are unaffected. divert(4) sockets appear in sockstat(8) output as using
+protocol "div".
+
+V. Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date and reboot.
+
+Perform one of the following:
+
+1) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64, i386, or
+(on FreeBSD 13 and later) arm64 platforms can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for an erratum update"
+
+2) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-21:12/divert.patch
+# fetch https://security.FreeBSD.org/patches/EN-21:12/divert.patch.asc
+# gpg --verify divert.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+ and reboot the
+system.
+
+VI. Correction details
+
+This issue is corrected by the corresponding Git commit hash or Subversion
+revision number in the following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/13/ eafeee082c50 stable/13-n245578
+releng/13.0/ 22b58630d6ba releng/13.0-n244737
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmCu6usACgkQ05eS9J6n
+5cJ/mw//SPzrCBbMJBWgwhQiJpI50BRgXWBFneThy2f5+2LWsg5gh1OJjqhqk+s9
+6PAHxujsUM15zAUQhwv5g+Z6g1l9j2Zy4kPsCN/QJR1zL51zqabOdOnqmAOom6gQ
+nbXS2Fsh43dqCx3S+uEviC7U62kbU7CRXAhCI3wsHwRAyvzuXcUWizazp1hYllDE
+IZ5LqJG/t9ZrMgMd3KabCoIVHFgPANZaBpSSFPhnDZxz7mvGVN4XtX2RYOht9f2B
+xN05YSwmSLcB8EE1TQmjgcD6/K3hrPvkeFC0qSe9F66SJakuX19vfiWF2mrN/SO1
+fIILHtCaHcs2IWVzKK4FG01t3r3o7TkAnux+R4T7aMMh8LGbYiGtYCrlzaIN45aZ
+bEA4aNqpZl1J1DtnthTnhNsd3R6Cq7f/hjtGNxYrSp6QLECPb4FhqVUig7m3p0s4
+a3Y5m3govOnTaRppmSt7aoXGd/yQDDc4YfIbqkWa/z3IabbW+cVUH5+uexmdLy+y
+WJl/sNqznQPKPGDtPq39Ez1Pt6+TsOAowG4TXbNmaIk8C00KjFWnr+XcNS4GAhnd
+QK+B2N9TQpBTSgwVMhDnjNIptEjE75VmpW3yAlQt6FL1DlVcAgZ5dgVeGHHPI+NZ
+ONMpO+ifh/sRUDLH4QMviMoNi23ngkFdjo1Cq10DrIrxP4wDh6E=
+=yWIx
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-EN-21:13.mpt.asc b/website/static/security/advisories/FreeBSD-EN-21:13.mpt.asc
new file mode 100644
index 0000000000..e91db4a244
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-EN-21:13.mpt.asc
@@ -0,0 +1,125 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-21:13.mpt Errata Notice
+ The FreeBSD Project
+
+Topic: mpt(4) I/O errors with a large maxphys value
+
+Category: core
+Module: mpt
+Announced: 2021-05-26
+Affects: FreeBSD 13.0
+Corrected: 2021-04-24 00:43:14 UTC (stable/13, 13.0-STABLE)
+ 2021-05-26 19:29:54 UTC (releng/13.0, 13.0-RELEASE-p1)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+.
+
+I. Background
+
+mpt(4) is a driver for LSI disk controllers.
+
+II. Problem Description
+
+The mpt(4) driver did not correctly handle I/O requests larger than or
+equal to 2MB and would incorrectly report errors. The I/O request size
+is limited by the value of the kern.maxphys tunable and the default
+value is below this threshold.
+
+III. Impact
+
+With kern.maxphys set to 2MB or larger, I/O to mpt(4) devices will not
+work correctly.
+
+IV. Workaround
+
+To work around the problem, ensure that the kern.maxphys value is kept
+at its default value.
+
+V. Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date and reboot.
+
+Perform one of the following:
+
+1) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64, i386, or
+(on FreeBSD 13 and later) arm64 platforms can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for an erratum update"
+
+2) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-21:13/mpt.patch
+# fetch https://security.FreeBSD.org/patches/EN-21:13/mpt.patch.asc
+# gpg --verify mpt.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+ and reboot the
+system.
+
+VI. Correction details
+
+This issue is corrected by the corresponding Git commit hash or Subversion
+revision number in the following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/13/ f0077b4c1dcf stable/13-n245384
+releng/13.0/ a8a91efa74e0 releng/13.0-n244734
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmCu6uwACgkQ05eS9J6n
+5cJB6A//bXZXr5CaQJeZYCt88W4EXHaf9vZSLE0p3umoNE2V7bXFsfKPN+mQJKmB
+KFOHD8PZstnG0MX4D30t8gzxeLaadO3XhzifE8bRCa49Xiibdg0eL/XqQWylyVkm
+Qpyi4QIqmfPijNVFFf9FFv+1I+ERhF66isqzcWravucZZn+nV26eKaPBSPzRv7pz
+qbDxW3JHXNZOo6qJJiN71mPwlOleiY4ZcIsR1iz0uf2Uo7qu69YyecPkDnj0lbxT
+2CrH2JV7sLXRkAHn9gujk50nu4iyUkWFsgo7dQZ34yEFXqicQMMAkiFpVadJvFgz
+FXcLVBbKCuuI0yr5vV6/jms36FQVBtWlZGJx/BKg5jGhj8deSireP4BsyttfWdQA
+6zLGtyKghFAmG9o9XCzOtast9LUd0ggK3RIe4GzxImWe2mWAnQPEp7QQD0sqmYzW
+XDzF5rwHzdYDTtnp+fQ9rLKhKsunMwk3tCslnb3sO4Ai2bXm+wjV4t6nresmAZDT
+fJlKU8XyIhzHy33rUe1JGhv+iuNbORA7dS07XYrB70T80HOFMNo1vOy4NE2A41TJ
+plPXCjIdOZBkZsmy16uYLMnljRzYgBLejr/4QnSbKxEtUGJiog8osnGnFC6wCzgy
+XyscM8G2tL6jvmAVuKDLDiiBRZtc7ZEGHGjTpABLccPOmbcq4fk=
+=Ch28
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-EN-21:14.pms.asc b/website/static/security/advisories/FreeBSD-EN-21:14.pms.asc
new file mode 100644
index 0000000000..db520ea5ad
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-EN-21:14.pms.asc
@@ -0,0 +1,151 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-21:14.pms Errata Notice
+ The FreeBSD Project
+
+Topic: pms(4) data corruption
+
+Category: core
+Module: pms
+Announced: 2021-05-26
+Affects: FreeBSD 12.2 and later.
+Corrected: 2021-04-23 01:05:42 UTC (stable/13, 13.0-STABLE)
+ 2021-05-26 19:30:23 UTC (releng/13.0, 13.0-RELEASE-p1)
+ 2021-04-23 01:11:07 UTC (stable/12, 12.2-STABLE)
+ 2021-05-26 20:40:15 UTC (releng/12.2, 12.2-RELEASE-p7)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+.
+
+I. Background
+
+pms(4) is a driver for PMC-Sierra disk controllers.
+
+II. Problem Description
+
+Two problems are fixed by this update.
+
+First, the pms(4) driver did not correctly handle the new kern.maxphys
+value set in FreeBSD 13.0. The devices supported by the driver impose a
+limit on the maximum I/O size, and this limit is smaller than the new
+default.
+
+Second, the pms(4) driver did not correctly handle some error cases in
+the I/O path and would falsely report success to upper layers.
+
+III. Impact
+
+The bugs may cause data corruption.
+
+IV. Workaround
+
+No workaround is available. Systems not using pms(4) are unaffected.
+
+V. Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date and reboot.
+
+Perform one of the following:
+
+1) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64, i386, or
+(on FreeBSD 13 and later) arm64 platforms can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for an erratum update"
+
+2) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 13.0]
+# fetch https://security.FreeBSD.org/patches/EN-21:14/pms.13.patch
+# fetch https://security.FreeBSD.org/patches/EN-21:14/pms.13.patch.asc
+# gpg --verify pms.13.patch.asc
+
+[FreeBSD 12.2]
+# fetch https://security.FreeBSD.org/patches/EN-21:14/pms.12.patch
+# fetch https://security.FreeBSD.org/patches/EN-21:14/pms.12.patch.asc
+# gpg --verify pms.12.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+ and reboot the
+system.
+
+VI. Correction details
+
+This issue is corrected by the corresponding Git commit hash or Subversion
+revision number in the following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/13/ 6514cb18d94e stable/13-n245322
+releng/13.0/ b62d492067ba releng/13.0-n244736
+stable/12/ r369655
+releng/12.2/ r369861
+- -------------------------------------------------------------------------
+
+For FreeBSD 13 and later:
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+For FreeBSD 12 and earlier:
+
+Run the following command to see which files were modified by a particular
+revision, replacing NNNNNN with the revision number:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+
+
+VII. References
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmCu6uwACgkQ05eS9J6n
+5cJZWg/8DEsOaseewourLWezA+HeV2aHfsNf96qa4O7oAOUGtCm7nKi7jodIiLB1
+DiX8YqskrVav36lLxgyQazSCF84xB1YsNP4EiOzjeIoZyirR8+KiG37CunGhUDPg
+8mPCE1+WBzHlcDwAEexldi+b88ehEqADbZiGWAsBcXYqhwaXoF6zUkgp5WFRWKzu
+Kiq7Wjs7FGkAp38O4UKduybpubSyUjHCeShEGyZvevJQE4kAZKzv1+Q+spUeIBLP
+P99p+vidIFIpX4uq0GgjF1GLuz4ym1tRZwu4jlJ0Vhr0KjqTWwxoMZ0m+0+SwKit
+dqPLQ/rj1vBiCScU7rIS49wfT6vtujH9gPt4GI5mTY8++4hDkfRvS4D5we9RgIo+
+0j3NIAf0cb47V6nPSOBwAqkFwjtGu7rhtGgmmp1Pmf0v8I/EqRCgIekexMVW294u
+L9pyH3LalHqi/GcuMn8emTPiJ6+5a1e+EBKXtnoX5tJvenkSXAl6eV7BuETaaMOc
+zvMheSzvcnn+h2jIA1Mizfv9BIglRNakIxzJpSxugQWTzAQ7PutzqSaLCsn9byp3
+590cBmbmVdAFEuqIdz5I/d3BwpF24myNmYFtRlxT115jaOV8ta2qKg4GryMOCUL2
+R+zE2+d1JT+/Ra1wm2vfWIUb1pPQUIIvQ8m2rGhiok0Nlc7C7O0=
+=nfsk
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-EN-21:15.virtio.asc b/website/static/security/advisories/FreeBSD-EN-21:15.virtio.asc
new file mode 100644
index 0000000000..45bff06182
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-EN-21:15.virtio.asc
@@ -0,0 +1,125 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-21:15.virtio Errata Notice
+ The FreeBSD Project
+
+Topic: virtio(4) device probing fails
+
+Category: core
+Module: virtio
+Announced: 2021-05-26
+Affects: FreeBSD 13.0
+Corrected: 2021-04-03 06:09:50 UTC (stable/13, 13.0-STABLE)
+ 2021-05-26 20:32:40 UTC (releng/13.0, 13.0-RELEASE-p1)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+.
+
+I. Background
+
+VirtIO is a specification for para-virtualized I/O in a virtual machine
+(VM). It defines an interface for efficient I/O between the hypervisor
+and VM.
+
+II. Problem Description
+
+The virtio(4) driver on FreeBSD implemented support of the legacy
+interface, which was released before the specification was formalized,
+requiring certain characteristics that were different on some VMM
+implementations.
+
+III. Impact
+
+FreeBSD will not boot on certain VMM implementations.
+
+IV. Workaround
+
+No workaround is available.
+
+V. Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date and reboot.
+
+Perform one of the following:
+
+1) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64, i386, or
+(on FreeBSD 13 and later) arm64 platforms can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for an erratum update"
+
+2) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-21:15/virtio.patch
+# fetch https://security.FreeBSD.org/patches/EN-21:15/virtio.patch.asc
+# gpg --verify virtio.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+ and reboot the
+system.
+
+VI. Correction details
+
+This issue is corrected by the corresponding Git commit hash or Subversion
+revision number in the following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/13/ 2e107638eac2 stable/13-n245094
+releng/13.0/ 61acb3179a90 releng/13.0-n244741
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmCu6uwACgkQ05eS9J6n
+5cLlmA/5AR5G9Ifb34fJVhj4PT4rUiSj41mbdECbNKTgdPD2zBkedAI9Nc4w2xcG
++/i7hhePMCe8jfIwgw6eWW3UlJWx9XAtR0r/HsPxUt+glopPNcK9xr2OSY2h/jSo
+EkFE3JdhTvSwapIH4VNku1PULXXMQWxI3E5Ccd4mEFz/uchq7Q83koE136M2UyXR
+XXk9AsxmuNrG/dlWi5MhbUuljqkXY2O160ErIrNivHiOVHIxtiX/snEX6Q4srE2Q
+YmdAC07p64xB+3c2ZkFrA/4Khp/XRO8wRwbNE8FhGiVUwlYL2a/BB1Ldq84UbdOl
+ISEPr564SfhV2bSFs7PM6iHRXdD46K0/7O42X6ZswIhwN1IN+mkTW/LkYdPMpLn2
+S7lmV9ulgOBkAqHQ//+7gcOMPerNXwZ0Rcnf8SY8aOqOkgIVIXG0XocOl/nBJ9CZ
+Syq7vuFly9EijTYtLonNv3XtTjB9Z5UjwBJPnmNGS6JYgbJQVpjllchLkb+cv5Kt
+jVnC5YiuOAaNJ8XjqfjhyHXZrSkVmdYINRohn1y2tojNkn3jRMCYJMB0EvIugCqU
+oCKmMn8R3m87723ylm5CykXmxgkSR3rfsvwzvioEFojcC+sgB5H5tdcP0XLvqg52
+DP9Rnq+j0YfNs/Ud+dcIpI4/7ANduVu+WKsd58w+H3lPmkrP9aE=
+=Cr4I
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-EN-21:16.bc.asc b/website/static/security/advisories/FreeBSD-EN-21:16.bc.asc
new file mode 100644
index 0000000000..01233d766c
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-EN-21:16.bc.asc
@@ -0,0 +1,160 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-21:16.bc Errata Notice
+ The FreeBSD Project
+
+Topic: dc update
+
+Category: contrib
+Module: bc
+Announced: 2021-05-26
+Affects: FreeBSD 13.0
+ FreeBSD 12.2 (only when built with option WITH_GH_BC)
+Corrected: 2021-04-06 08:44:52 UTC (stable/13, 13.0-STABLE)
+ 2021-05-26 20:32:40 UTC (releng/13.0, 13.0-RELEASE-p1)
+ 2021-04-06 08:44:52 UTC (stable/12, 12.2-STABLE)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+.
+
+I. Background
+
+The program dc provides a simple stack-based programming language that uses
+a reverse Polish notation. Although it is a fully functional language, it
+has been used primarily as a computational engine by the program bc, which
+implements a more traditional language based on infix notation of operands.
+
+In FreeBSD 13.0 and in custom builds of FreeBSD 12.2-STABLE (with the
+non-default option WITH_GH_BC) the traditional implementations of bc and dc
+have been replaced by a single program under both names that provides better
+POSIX conformance of the bc language, compatibility with GNU bc extensions,
+and significantly improved performance of big number calculations.
+
+II. Problem Description
+
+The "P" command of the dc language outputs the top-of-stack value and should
+consume it, but in this version leaves it on the stack. This problem only
+affects direct dc command scripts that use "P" and rely on its effect on the
+stack (i.e., do not terminate after this command and have references to stack
+elements that are hidden by the value that has not been removed).
+
+III. Impact
+
+Since dc has been used very little as a general purpose programming language,
+only a very small number of dc scripts exist, and most of them are used to
+describe the language for educational purposes only. This issue has existed
+in this implementation of dc for at least 3 years without having been
+noticed.
+
+If a dc script relies on the correct semantics of a "P" instruction, it will
+not execute subsequent instructions correctly, which may result in incorrect
+output or in an infinite loop.
+
+IV. Workaround
+
+The math/gh-bc port and the gh-bc package have been updated to correct the
+issue and are fully compatible with this version in all other aspects.
+
+They can be installed in addition to the base system versions of bc and
+dc but may require a change of scripts that use dc to invoke the version
+installed below LOCALBASE.
+
+V. Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+
+Perform one of the following:
+
+1) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64, i386, or
+(on FreeBSD 13 and later) arm64 platforms can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+2) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-21:16/bc.patch
+# fetch https://security.FreeBSD.org/patches/EN-21:16/bc.patch.asc
+# gpg --verify bc.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in .
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/13/ 0ca6ce5e976a stable/13-n245186
+releng/13.0/ 312510880e2e releng/13.0-n244742
+stable/12/ r369589
+- -------------------------------------------------------------------------
+
+For FreeBSD 13 and later:
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+For FreeBSD 12 and earlier:
+
+Run the following command to see which files were modified by a particular
+revision, replacing NNNNNN with the revision number:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+
+
+VII. References
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmCu6u0ACgkQ05eS9J6n
+5cK2Ww//Th4xtnGjvJ/GSGUq+eLMDPLJzUJhRI0jgjDVqI8tL5JMyxcui1oR0/Ur
++0GvR7JSYJ+WYLLIMHwnP3DYzyHp7ICRhCJoykwa4yKVpcdLcvX0R8Nm+2/fBC02
+PDFAvnO4HVdOJdqM5rNzA4/Y150HYj30bDXrry0RKaHKYDgp6SVc9+2T7o5zHJSX
+x49TiHSVwHCjvnauIFqqFldTz1eGUMMxlisyxD9sP6efkYS49C/25O/xhwdqmrtx
+HvhTdFsOr0FgPsMUSvLVcuYJOcW+/1Q+5CM/rjMyQ1VkdP/5UqFGoXHfZuiTvrRY
+9pXjymwk1MyUYzEn3vu7B1ZDqJptZ4DRok4La/ylOlVVWq2hUKYtJUQja9u9O2wt
+YjBvdAF/wjkr3t93qwsoWwiTP3tuPADtccfQ18rSNmN12405hAVKfLvvGDQ/mTZn
+lnDHOpMQXMvuChYdf2VYOX67S7yhxV4+ThrEJkopcdCOOxYRN8A6ePmPyVg+HqHw
+WcAGWWPZjm/o0r2SKJi5SM6cwJUMOQAF/hVw02NiK2uY5aXuZlIVDPgHR/LfoDce
+juLKfBWAw3om7nPOF7dDXkJDN/HZ03IQM6DOStK7zvytCctxNq2+eVgSb4g/3yvs
+mpvGMP1DLQywSOvmp00B8mLws9rcQbe8rUI6rR2hb9kMCcfTHIU=
+=MITo
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-SA-21:11.smap.asc b/website/static/security/advisories/FreeBSD-SA-21:11.smap.asc
new file mode 100644
index 0000000000..22afada9c9
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-SA-21:11.smap.asc
@@ -0,0 +1,167 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-21:11.smap Security Advisory
+ The FreeBSD Project
+
+Topic: SMAP bypass
+
+Category: core
+Module: amd64
+Announced: 2021-05-26
+Credits: I lost my dog if you see him please contact me at @m00nbsd.
+Affects: FreeBSD 12.2 and later.
+Corrected: 2021-05-26 19:18:54 UTC (stable/13, 13.0-STABLE)
+ 2021-05-26 19:31:50 UTC (releng/13.0, 13.0-RELEASE-p1)
+ 2021-05-26 19:30:31 UTC (stable/12, 12.2-STABLE)
+ 2021-05-26 20:40:20 UTC (releng/12.2, 12.2-RELEASE-p7)
+CVE Name: CVE-2021-29628
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit .
+
+I. Background
+
+Supervisor Mode Access Prevention (SMAP) is a security feature
+implemented by contemporary Intel and AMD CPUs. When enabled, it
+ensures that accesses to user memory by the kernel trigger a page fault
+and a subsequent kernel panic. This helps mitigate the security
+implications of kernel bugs that permit an attacker to read from or
+write to user memory from the kernel.
+
+The kernel may legitimately need to copy data between userspace and the
+kernel. To enable this, SMAP is temporarily disabled in the subroutines
+which handle this copying, so only small, specially designated portions
+of the kernel should be executed with SMAP disabled.
+
+II. Problem Description
+
+The FreeBSD kernel enables SMAP during boot when the CPU reports that
+the SMAP capability is present. Subroutines such as copyin() and
+copyout() are responsible for disabling SMAP around the sections of code
+that perform user memory accesses.
+
+Such subroutines must handle page faults triggered when user memory is
+not mapped. The kernel's page fault handler checks the validity of the
+fault, and if it is indeed valid it will map a page and resume copying.
+If the fault is invalid, the fault handler returns control to a
+trampoline which aborts the operation and causes an error to be
+returned. In this second scenario, a bug in the implementation of SMAP
+support meant that SMAP would remain disabled until the thread returns
+to user mode.
+
+III. Impact
+
+This bug may be used to bypass the protections provided by SMAP for the
+duration of a system call. It could thus be combined with other kernel
+bugs to craft an exploit.
+
+IV. Workaround
+
+No workaround is available. On hardware that does not implement SMAP,
+the bug is inconsequential as the mitigation does not exist in the first
+place.
+
+V. Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date
+and reboot.
+
+Perform one of the following:
+
+1) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64, i386, or
+(on FreeBSD 13 and later) arm64 platforms can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for a security update"
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/SA-21:11/smap.patch
+# fetch https://security.FreeBSD.org/patches/SA-21:11/smap.patch.asc
+# gpg --verify smap.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+ and reboot the
+system.
+
+VI. Correction details
+
+This issue is corrected by the corresponding Git commit hash or Subversion
+revision number in the following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/13/ 876ffe28796c stable/13-n245764
+releng/13.0/ f32130a1955e releng/13.0-n244739
+stable/12/ r369857
+releng/12.2/ r369863
+- -------------------------------------------------------------------------
+
+For FreeBSD 13 and later:
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+For FreeBSD 12 and earlier:
+
+Run the following command to see which files were modified by a particular
+revision, replacing NNNNNN with the revision number:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+
+
+VII. References
+
+
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmCu6vIACgkQ05eS9J6n
+5cJagg//Yy30r/Dq2rgoY7p31CoF/jXDDqNEhqyJTcWoDY2M5THXBficHxWW68lE
+YLfndQRgz4oT7QNgxgnW0PYa0iHLiNFxZoI8lOcILpvHereXy0gEvLVPCstY7NY9
++jZnY7seLfSH+Y+VS5sjXbveMSMxovKzpp1rOrHVxJK7YeGY7YDqsK9pQ8Jk+4pE
+XlhOvhugL0qE4Fxj4qI5ClGmqDvyNXxlGWWwVtzZV2jYN1bdmZ0g88+HgJI1FcUr
+E2KIk1XwVidhQC8GJk9v7D/Bg4nYdq59Dozv4tu9IFfPkV+xl3qbgtXN5qJ0bp+u
+Y3NCEgq8Aoz60Xebulw1XBfvJFkLqUEthenYKtMSc9hN+QgAM9c9eQreRawTNezK
+aUSl+hUt9D6oVHh1Ki+OIhAgF+pAKN+7ARfcn2Ot57/TNbO1T9/C5mMd/hhQOkyj
+wJwj3nSLkUVQTNR9ntyyIj44XFRijtzG4foAJDuozfzC+hD82jSgXpCGnLwH6Gyx
+n0yIM1LbDZWrvAJ9W+uQmGJ1nv12Tzt24cDCSQ+zJjuTNfCso3bQ9b/IrXomBAwp
+waYpEOujzjaM7XdI9F4vb69XGX9mbKO67MoXgwlVowaRvVUBM0jAkaRo1gknF1sO
+CXLuogbOomTHcutlBsXtF0FBphLFx7YA8w4jtWnjnFW7wBzZ5dQ=
+=/4r7
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-SA-21:12.libradius.asc b/website/static/security/advisories/FreeBSD-SA-21:12.libradius.asc
new file mode 100644
index 0000000000..2b0a9ebec3
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-SA-21:12.libradius.asc
@@ -0,0 +1,170 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-21:12.libradius Security Advisory
+ The FreeBSD Project
+
+Topic: Missing message validation in libradius(3)
+
+Category: core
+Module: libradius
+Announced: 2021-05-26
+Credits: leommxj and Swings from Chaitin Security Research Lab
+Affects: All supported versions of FreeBSD.
+Corrected: 2021-05-26 19:45:31 UTC (stable/13, 13.0-STABLE)
+ 2021-05-26 20:36:29 UTC (releng/13.0, 13.0-RELEASE-p1)
+ 2021-05-26 20:39:35 UTC (stable/12, 12.2-STABLE)
+ 2021-05-26 20:40:23 UTC (releng/12.2, 12.2-RELEASE-p7)
+ 2021-05-26 20:41:31 UTC (stable/11, 11.4-STABLE)
+ 2021-05-26 20:41:58 UTC (releng/11.4, 11.4-RELEASE-p10)
+CVE Name: CVE-2021-29629
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit .
+
+I. Background
+
+libradius(3) is a client and server library implementing the Remote
+Authentication Dial In User Service (RADIUS) protocol. It is used by
+pam_radius(8) and mpd5 (available in the ports tree as net/mpd5).
+
+II. Problem Description
+
+libradius did not perform sufficient validation of received messages.
+
+rad_get_attr(3) did not verify that the attribute length is valid before
+subtracting the length of the Type and Length fields. As a result, it
+could return success while also providing a bogus length of SIZE_T_MAX -
+2 for the Value field.
+
+When processing attributes to find an optional authenticator,
+is_valid_response() failed to verify that each attribute length is
+non-zero and could thus enter an infinite loop.
+
+III. Impact
+
+A server may use libradius(3) to process messages from RADIUS clients.
+In this case, a malicious client could trigger a denial-of-service in
+the server. A client using libradius(3) to process messages from a
+server is susceptible to the same problem.
+
+The impact of the rad_get_attr(3) bug depends on how the returned length
+is validated and used by the consumer. It is possible that libradius(3)
+applications will crash or enter an infinite loop when calling
+rad_get_attr(3) on untrusted RADIUS messages.
+
+IV. Workaround
+
+No workaround is available. Systems not making use of libradius(3) are
+unaffected.
+
+V. Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+Perform one of the following:
+
+1) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64, i386, or
+(on FreeBSD 13 and later) arm64 platforms can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 13.0, 12.2]
+# fetch https://security.FreeBSD.org/patches/SA-21:12/libradius.patch
+# fetch https://security.FreeBSD.org/patches/SA-21:12/libradius.patch.asc
+# gpg --verify libradius.patch.asc
+
+[FreeBSD 11.4]
+# fetch https://security.FreeBSD.org/patches/SA-21:12/libradius.11.patch
+# fetch https://security.FreeBSD.org/patches/SA-21:12/libradius.11.patch.asc
+# gpg --verify libradius.11.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in .
+
+Restart all daemons that use the library, or reboot the system.
+
+VI. Correction details
+
+This issue is corrected by the corresponding Git commit hash or Subversion
+revision number in the following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/13/ bec0d2c9c841 stable/13-n245765
+releng/13.0/ 7d900abe6269 releng/13.0-n244743
+stable/12/ r369859
+releng/12.2/ r369864
+stable/11/ r369866
+releng/11.4/ r369867
+- -------------------------------------------------------------------------
+
+For FreeBSD 13 and later:
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+For FreeBSD 12 and earlier:
+
+Run the following command to see which files were modified by a particular
+revision, replacing NNNNNN with the revision number:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+
+
+VII. References
+
+
+
+The latest revision of this advisory is available at
+
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmCu6vMACgkQ05eS9J6n
+5cLBUQ//aEsqwU/okABtOEAYbr87TSl0eHpmnNjfLS/OHgkQ7FPIBCpF2ThifBk3
+t84F9q5ILOizrc916hT4RzFkTdHwVOGJCk7uEWwYCkHnDOIIzsbKD8Jzv+nKJf2P
+hyrm5aVmRyEgwImZFv3158dmaK+AvrrFoWOwZDW+A1zBDrf/EgCKCAFTn9I72wZI
+1HoPkO8I4lJYTDKkr1AQ2Xh0fHYwcP5myvGZFwIJftmG6BbETgAzfPPiwiMC/dN4
+ZUkyyZI9O+kfzRH+iIchEt+kls7m0eXIt5EQmVAyCj76Npa0zCPXa5pPLJ9no6N7
+YT2nuuOGQUeriaMo1P9PeMhGECOcdW96DWuXGKsTjGei70634eADxmv8tjR0Vndm
+VPbi3f9O4d8Yqsr+ioNm1dwT8kgbChbTBob/r6NyIWqJVsinIVSI+u9U7aCAlxpK
+6grc9FUZDHpGdP2DqdE5iZ4WSkjh7yZR9676sHmIvdnNkUT5LonxP8iDmGbexlLZ
+mGAiNNaI19hEeaf+1AyF0l8/VZdvgZsjoSYUtATqYH6aO4xF6MMzirKYtfbphrdj
++BwVyZB4WRU0S71v2zkz7wAlErQnwRI+CYvZFxe7jyMkk5C70btxZllAs9dgYsHE
+DL7SugtvoKb/eBtIfSCSf6fe+MW1poIG0G7T26K5crHNiUxHYvY=
+=yqoJ
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/EN-21:11/aesni.patch b/website/static/security/patches/EN-21:11/aesni.patch
new file mode 100644
index 0000000000..ab404f6e38
--- /dev/null
+++ b/website/static/security/patches/EN-21:11/aesni.patch
@@ -0,0 +1,79 @@
+ aesni: Avoid modifying session keys in hmac_update()
+
+ Otherwise aesni_process() is not thread-safe for AES+SHA-HMAC
+ transforms, since hmac_update() updates the caller-supplied key directly
+ to create the derived key. Use a buffer on the stack to store a copy of
+ the key used for computing inner and outer digests.
+
+ This is a direct commit to stable/12 as the bug is not present in later
+ branches.
+
+ Reviewed by: kib
+ Differential Revision: https://reviews.freebsd.org/D30001
+
+ (cherry picked from commit 62e32cf9140e6c13663dcd69ec3b3c7ca4579782)
+--- sys/crypto/aesni/aesni.c.orig
++++ sys/crypto/aesni/aesni.c
+@@ -655,10 +655,10 @@
+ {
+ size_t i;
+
+- for (i = 0; i < 64; i++)
++ for (i = 0; i < AESNI_SHA_BLOCK_LEN; i++)
+ key[i] ^= xorbyte;
+- update(ctx, key, 64);
+- for (i = 0; i < 64; i++)
++ update(ctx, key, AESNI_SHA_BLOCK_LEN);
++ for (i = 0; i < AESNI_SHA_BLOCK_LEN; i++)
+ key[i] ^= xorbyte;
+
+ crypto_apply(crpflags, __DECONST(void *, buf), off, buflen,
+@@ -883,6 +883,7 @@
+ struct SHA256Context sha2 __aligned(16);
+ struct sha1_ctxt sha1 __aligned(16);
+ } sctx;
++ uint8_t hmac_key[AESNI_SHA_BLOCK_LEN] __aligned(16);
+ uint32_t res[SHA2_256_HASH_LEN / sizeof(uint32_t)];
+ int hashlen, error;
+ void *ctx;
+@@ -946,15 +947,16 @@
+ }
+
+ if (hmac) {
++ memcpy(hmac_key, ses->hmac_key, AESNI_SHA_BLOCK_LEN);
++
+ /* Inner hash: (K ^ IPAD) || data */
+ InitFn(ctx);
+- hmac_internal(ctx, res, UpdateFn, FinalizeFn, ses->hmac_key,
+- 0x36, crp->crp_buf, crd->crd_skip, crd->crd_len,
+- crp->crp_flags);
++ hmac_internal(ctx, res, UpdateFn, FinalizeFn, hmac_key, 0x36,
++ crp->crp_buf, crd->crd_skip, crd->crd_len, crp->crp_flags);
+ /* Outer hash: (K ^ OPAD) || inner hash */
+ InitFn(ctx);
+- hmac_internal(ctx, res, UpdateFn, FinalizeFn, ses->hmac_key,
+- 0x5C, res, 0, hashlen, 0);
++ hmac_internal(ctx, res, UpdateFn, FinalizeFn, hmac_key, 0x5C,
++ res, 0, hashlen, 0);
+ } else {
+ InitFn(ctx);
+ crypto_apply(crp->crp_flags, crp->crp_buf, crd->crd_skip,
+--- sys/crypto/aesni/aesni.h.orig
++++ sys/crypto/aesni/aesni.h
+@@ -52,12 +52,14 @@
+ #define AES256_ROUNDS 14
+ #define AES_SCHED_LEN ((AES256_ROUNDS + 1) * AES_BLOCK_LEN)
+
++/* SHA1, SHA2-224 and SHA2-256 only. */
++#define AESNI_SHA_BLOCK_LEN 64
++
+ struct aesni_session {
+ uint8_t enc_schedule[AES_SCHED_LEN] __aligned(16);
+ uint8_t dec_schedule[AES_SCHED_LEN] __aligned(16);
+ uint8_t xts_schedule[AES_SCHED_LEN] __aligned(16);
+- /* Same as the SHA256 Blocksize. */
+- uint8_t hmac_key[SHA1_BLOCK_LEN] __aligned(16);
++ uint8_t hmac_key[AESNI_SHA_BLOCK_LEN];
+ int algo;
+ int rounds;
+ /* uint8_t *ses_ictx; */
diff --git a/website/static/security/patches/EN-21:11/aesni.patch.asc b/website/static/security/patches/EN-21:11/aesni.patch.asc
new file mode 100644
index 0000000000..cb7a021e12
--- /dev/null
+++ b/website/static/security/patches/EN-21:11/aesni.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmCu6usACgkQ05eS9J6n
+5cIdaxAApg58koZCY49VMEVH33tKY6MzXA88FuciUkKlrhp/P4QghX/S0baDuNv3
+X2rFd5jK+dwD8H7OcYUMEbYZB4A81Ten0t/qXvnzMO2YqQ7xaAhnctvxZWOmuJ8M
+C6ZL9CDqKZ/tMwRySd60T0cThhj2ELeHHpk4BwDRMN7vHkLZyYcNSbJakB9ojV+I
+IVslofVQc5xemD3FDevDjA9NWWJfsmLIYeb7wH4BEPM3LcgAfMGDVyYF5lLd3c+p
+Qr5t38mTHT+h5IMX4UXF7tB0JVwSS+aAPcl2nV7Evdta6HzjJLHyRFaJ6ECEkXfj
+AVR3JB1K/Zo84fwv5WsW2qKqb2bzhgDgER0G4fBbr6d2rb4/KcDRLUctpELzlGUu
+pbTY0g1sVXfSb8g+mZuIXGR2xBRrGyfpQUAtv+qlwHp64zFnWDnnyO/30CoZWny+
+gQDPBnicCKxVyqSFYBTsx9JwCs0/IuHUykgiZdvc5TV2sm7B4214sa6psllvMl9j
+aU0D/h6XWfPioZrFJGjtyotlXjOwGLES0D7a0UmDeiV4etgf6M7NLSqhaOA6zH0t
+Y9tSFJgRu7ZMteA7lubqfw/1FSrNWTn3Gd7Djz/JXPp+gzsqdv7BGgVnWWjJuDt3
+DTSE1eZpTtqrW8YUFujPAnpFvahCZ9f8E3OxjxtRneV7tvdx+hU=
+=suwP
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/EN-21:12/divert.patch b/website/static/security/patches/EN-21:12/divert.patch
new file mode 100644
index 0000000000..40c814ca0a
--- /dev/null
+++ b/website/static/security/patches/EN-21:12/divert.patch
@@ -0,0 +1,94 @@
+ divert: Fix mbuf ownership confusion in div_output()
+
+ div_output_outbound() and div_output_inbound() relied on the caller to
+ free the mbuf if an error occurred. However, this is contrary to the
+ semantics of their callees, ip_output(), ip6_output() and
+ netisr_queue_src(), which always consume the mbuf. So, if one of these
+ functions returned an error, that would get propagated up to
+ div_output(), resulting in a double free.
+
+ Fix the problem by making div_output_outbound() and div_output_inbound()
+ responsible for freeing the mbuf in all cases.
+
+ Reported by: Michael Schmiedgen
+ Tested by: Michael Schmiedgen
+ Reviewed by: donner
+ Sponsored by: The FreeBSD Foundation
+ Differential Revision: https://reviews.freebsd.org/D30129
+
+ (cherry picked from commit a1fadf7de25b973a308b86d04c4ada4fa8be193f)
+--- sys/netinet/ip_divert.c.orig
++++ sys/netinet/ip_divert.c
+@@ -402,17 +402,13 @@
+ }
+ NET_EPOCH_EXIT(et);
+
+- if (error != 0)
+- m_freem(m);
+-
+ return (error);
+ }
+
+ /*
+ * Sends mbuf @m to the wire via ip[6]_output().
+ *
+- * Returns 0 on success, @m is consumed.
+- * On failure, returns error code. It is caller responsibility to free @m.
++ * Returns 0 on success or an errno value on failure. @m is always consumed.
+ */
+ static int
+ div_output_outbound(int family, struct socket *so, struct mbuf *m)
+@@ -435,6 +431,7 @@
+ inp->inp_options != NULL) ||
+ ((u_short)ntohs(ip->ip_len) > m->m_pkthdr.len)) {
+ INP_RUNLOCK(inp);
++ m_freem(m);
+ return (EINVAL);
+ }
+ break;
+@@ -446,6 +443,7 @@
+ /* Don't allow packet length sizes that will crash */
+ if (((u_short)ntohs(ip6->ip6_plen) > m->m_pkthdr.len)) {
+ INP_RUNLOCK(inp);
++ m_freem(m);
+ return (EINVAL);
+ }
+ break;
+@@ -485,6 +483,7 @@
+ options = m_dup(inp->inp_options, M_NOWAIT);
+ if (options == NULL) {
+ INP_RUNLOCK(inp);
++ m_freem(m);
+ return (ENOBUFS);
+ }
+ }
+@@ -512,8 +511,7 @@
+ /*
+ * Schedules mbuf @m for local processing via IPv4/IPv6 netisr queue.
+ *
+- * Returns 0 on success, @m is consumed.
+- * Returns error code on failure. It is caller responsibility to free @m.
++ * Returns 0 on success or an errno value on failure. @m is always consumed.
+ */
+ static int
+ div_output_inbound(int family, struct socket *so, struct mbuf *m,
+@@ -533,8 +531,10 @@
+ bzero(sin->sin_zero, sizeof(sin->sin_zero));
+ sin->sin_port = 0;
+ ifa = ifa_ifwithaddr((struct sockaddr *) sin);
+- if (ifa == NULL)
++ if (ifa == NULL) {
++ m_freem(m);
+ return (EADDRNOTAVAIL);
++ }
+ m->m_pkthdr.rcvif = ifa->ifa_ifp;
+ }
+ #ifdef MAC
+@@ -560,6 +560,7 @@
+ break;
+ #endif
+ default:
++ m_freem(m);
+ return (EINVAL);
+ }
+
diff --git a/website/static/security/patches/EN-21:12/divert.patch.asc b/website/static/security/patches/EN-21:12/divert.patch.asc
new file mode 100644
index 0000000000..1b9da3cf48
--- /dev/null
+++ b/website/static/security/patches/EN-21:12/divert.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmCu6usACgkQ05eS9J6n
+5cLsog/8C5fI9RcHBmFoyaVMbSTkscZka3R2t65ABMXj4GYwyKfu1Gt0GqTDWF2+
+nwLoupU95atKlExbGs4AAFh5zdmofrvJjL3mn1pumYW+cTZZU1XVxfkRwPPLRanF
++QH1c3lE9DHueUmySp5KcZmE9Cw6yW8b5hquKIBw0q+DXj1r5RLfuSXkTfe9Kiu3
+cXSIq1JHbeRAQLdh1uwI5AZid9/He00TmtILIG/HFpWsxUxFwN5aU1X5z31rDHtu
+Kj8PahztsD8a6biIjDr2eDLsnwQQan92A9iJwrBnPFnvmDLkOoLlkGyNSK9TE7f5
+Q5FNSRE3TckoHoCRJPOryQ2UR94aJNKqTshEyHaYgC+md9WJQM7NMsQY6ENU2rE/
+StlQ7TwjW/yV9Y1RkNNpYz4NHoKVCOjYS8cjmPAdrGWYqh8xfneP7Ae3TuJukUhq
+cOoehcwt3XFWT9vQn8QXF/iFh6DkAxFPST69ZmsY2tlRTc6gKohr4BGlRut9KEXK
+dYdCSlIkNBcVF656RVascZHGpCuTxur+eu/a9pVrglZATpqLLvbt99zrcE7AgdEz
+xBqDrnCX+5g1owvx9psApUr+hXdf/WrdzElvWzjNSfOtIf7IBR4ufKilwL/KovZ2
+qGX+RbYb6NACwVZ67sx7KkyQnAkAVrc7bymJthFSiIJp0Pe7k5M=
+=7pd7
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/EN-21:13/mpt.patch b/website/static/security/patches/EN-21:13/mpt.patch
new file mode 100644
index 0000000000..63ca886328
--- /dev/null
+++ b/website/static/security/patches/EN-21:13/mpt.patch
@@ -0,0 +1,61 @@
+ mpt(4): Remove incorrect S/G segments limits.
+
+ First, two of those four checks are unreachable.
+ Second, I don't believe there should be ">=" instead of ">".
+ Third, bus_dma(9) already returns the same EFBIG if ">".
+
+ This fixes false I/O errors in worst S/G cases with maxphys >= 2MB.
+
+ MFC after: 1 week
+
+ (cherry picked from commit 0f29396e493bd87ffa6a63fcb602b12e79d21a1e)
+--- sys/dev/mpt/mpt_cam.c.orig
++++ sys/dev/mpt/mpt_cam.c
+@@ -1292,10 +1292,6 @@
+ hdrp = req->req_vbuf;
+ mpt_off = req->req_vbuf;
+
+- if (error == 0 && ((uint32_t)nseg) >= mpt->max_seg_cnt) {
+- error = EFBIG;
+- }
+-
+ if (error == 0) {
+ switch (hdrp->Function) {
+ case MPI_FUNCTION_SCSI_IO_REQUEST:
+@@ -1315,12 +1311,6 @@
+ }
+ }
+
+- if (error == 0 && ((uint32_t)nseg) >= mpt->max_seg_cnt) {
+- error = EFBIG;
+- mpt_prt(mpt, "segment count %d too large (max %u)\n",
+- nseg, mpt->max_seg_cnt);
+- }
+-
+ bad:
+ if (error != 0) {
+ if (error != EFBIG && error != ENOMEM) {
+@@ -1694,10 +1684,6 @@
+ hdrp = req->req_vbuf;
+ mpt_off = req->req_vbuf;
+
+- if (error == 0 && ((uint32_t)nseg) >= mpt->max_seg_cnt) {
+- error = EFBIG;
+- }
+-
+ if (error == 0) {
+ switch (hdrp->Function) {
+ case MPI_FUNCTION_SCSI_IO_REQUEST:
+@@ -1716,12 +1702,6 @@
+ }
+ }
+
+- if (error == 0 && ((uint32_t)nseg) >= mpt->max_seg_cnt) {
+- error = EFBIG;
+- mpt_prt(mpt, "segment count %d too large (max %u)\n",
+- nseg, mpt->max_seg_cnt);
+- }
+-
+ bad:
+ if (error != 0) {
+ if (error != EFBIG && error != ENOMEM) {
diff --git a/website/static/security/patches/EN-21:13/mpt.patch.asc b/website/static/security/patches/EN-21:13/mpt.patch.asc
new file mode 100644
index 0000000000..56bf7e0e65
--- /dev/null
+++ b/website/static/security/patches/EN-21:13/mpt.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmCu6uwACgkQ05eS9J6n
+5cKbfw//QvE7/xX8mVMXoBGMxF44t7cn1FRw+l/akreFGhYZhTiDoTFxtC5oIZKo
+QabfdO37e7BArZF0JHeTJddzRdWMMNRLAsMGi1M7tVr99urQopbppeJfecdaes+8
+jTBO53OEUI/fq+lWjNVLoZd4JQwFlR9pjb9hLj96XxKSq/Dr4Jl2G+TUgWZ/djrB
+Z3Vvm9jLrY8gwJydzMvpZgg+6+09tPynsNRGefssoMS9BK9AhID6ZxsGO7EAg+k6
+a3bB0SeJEQVMkusWnk3Jfer4L8tqQr+W7ugeXAztGjivZfzjjUcB/w2ENhFN2g+Y
+TXSzG/MO3LHCf3FXI9e3BGHAHI/lMOS2F9C+TbVbopIKxUrFwRJvrFbp/r4cQx2N
+fJP6GcbNq5o0b8TqTwJtKyqLqyx3FoB6j33LqBjWnnsP/h7aox+d+zjC26K0vBch
+Zpnt5aqLQO+xZCLToIm9KGL7UQcQp+jQiy5fimqLx3noDnYixgjhtWTUOT7fglPA
+oUCcB2QFHdxiMmii9++ZgNJ89kBRCOdn2Z7Tc+Yki3Vc4R8aNvxw53iavIU3+AHA
+mZc3lyndLyhfA+14H+Vu7TNTcIBJlUiSHqNDxYyhrU9ASeXSWD/kSvqkVU8pO4Np
+6LjNokffZQOyI72OnJDcylG0GmXxgq7XaoOmwF6P8PJHNVGN2QI=
+=t9mR
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/EN-21:14/pms.12.patch b/website/static/security/patches/EN-21:14/pms.12.patch
new file mode 100644
index 0000000000..081faee699
--- /dev/null
+++ b/website/static/security/patches/EN-21:14/pms.12.patch
@@ -0,0 +1,71 @@
+ pms(4): Do not return CAM_REQ_CMP on errors.
+
+ It is a direct request for data corruptions, one report of which we
+ have received. I am very surprised that only one.
+
+ MFC after: 1 week
+ Sponsored by: iXsystems, Inc.
+
+ (cherry picked from commit 8434a65ce49bd6bc6779f0e57b0ce0f4bc46f48e)
+ (cherry picked from commit 320fd259c69ef16e9b8d64424f66eeed8ddc3c77)
+--- sys/dev/pms/freebsd/driver/ini/src/agtiapi.c.orig
++++ sys/dev/pms/freebsd/driver/ini/src/agtiapi.c
+@@ -2628,9 +2628,11 @@
+ {
+ AGTIAPI_PRINTK("agtiapi_PrepareSGListCB: error status 0x%x\n", error);
+ bus_dmamap_unload(pmcsc->buffer_dmat, pccb->CCB_dmamap);
+- bus_dmamap_destroy(pmcsc->buffer_dmat, pccb->CCB_dmamap);
+ agtiapi_FreeCCB(pmcsc, pccb);
+- ccb->ccb_h.status = CAM_REQ_CMP;
++ if (error == EFBIG)
++ ccb->ccb_h.status = CAM_REQ_TOO_BIG;
++ else
++ ccb->ccb_h.status = CAM_REQ_CMP_ERR;
+ xpt_done(ccb);
+ return;
+ }
+@@ -2642,9 +2644,8 @@
+ " AGTIAPI_MAX_DMA_SEGS %d\n",
+ nsegs, AGTIAPI_MAX_DMA_SEGS );
+ bus_dmamap_unload(pmcsc->buffer_dmat, pccb->CCB_dmamap);
+- bus_dmamap_destroy(pmcsc->buffer_dmat, pccb->CCB_dmamap);
+ agtiapi_FreeCCB(pmcsc, pccb);
+- ccb->ccb_h.status = CAM_REQ_CMP;
++ ccb->ccb_h.status = CAM_REQ_TOO_BIG;
+ xpt_done(ccb);
+ return;
+ }
+@@ -3688,9 +3689,11 @@
+ AGTIAPI_PRINTK( "agtiapi_PrepareSMPSGListCB: error status 0x%x\n",
+ error );
+ bus_dmamap_unload( pmcsc->buffer_dmat, pccb->CCB_dmamap );
+- bus_dmamap_destroy( pmcsc->buffer_dmat, pccb->CCB_dmamap );
+ agtiapi_FreeCCB( pmcsc, pccb );
+- ccb->ccb_h.status = CAM_REQ_CMP;
++ if (error == EFBIG)
++ ccb->ccb_h.status = CAM_REQ_TOO_BIG;
++ else
++ ccb->ccb_h.status = CAM_REQ_CMP_ERR;
+ xpt_done( ccb );
+ return;
+ }
+@@ -3702,9 +3705,8 @@
+ "AGTIAPI_MAX_DMA_SEGS %d\n",
+ nsegs, AGTIAPI_MAX_DMA_SEGS );
+ bus_dmamap_unload( pmcsc->buffer_dmat, pccb->CCB_dmamap );
+- bus_dmamap_destroy( pmcsc->buffer_dmat, pccb->CCB_dmamap );
+ agtiapi_FreeCCB( pmcsc, pccb );
+- ccb->ccb_h.status = CAM_REQ_CMP;
++ ccb->ccb_h.status = CAM_REQ_TOO_BIG;
+ xpt_done( ccb );
+ return;
+ }
+@@ -4409,7 +4411,7 @@
+ if ((pccb = agtiapi_GetCCB(pmcsc)) == NULL)
+ {
+ AGTIAPI_PRINTK("agtiapi_QueueSMP: GetCCB ERROR\n");
+- ccb->ccb_h.status = CAM_REQ_CMP;
++ ccb->ccb_h.status = CAM_REQ_CMP_ERR;
+ xpt_done(ccb);
+ return tiBusy;
+ }
diff --git a/website/static/security/patches/EN-21:14/pms.12.patch.asc b/website/static/security/patches/EN-21:14/pms.12.patch.asc
new file mode 100644
index 0000000000..71652c8de2
--- /dev/null
+++ b/website/static/security/patches/EN-21:14/pms.12.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmCu6uwACgkQ05eS9J6n
+5cJy5g//Wrqsp9wHZZAud9Vqr95f9nDqmr4TxiMPSZUfIkExo+qFoeQRGgju2ceN
+mHGxogsdJKPfV6j5oqZ3zx0wBSkQ6ECnEF6xqG4VuDtrqVRUDP3ikRWyddD4MUYz
+9iChRyBBaXoMmrEgwgcvwBtjcFxzz12WSQUQuDP8p4Idv+fvQeNXoLLWvwxtzTJv
+7cVBY8sOO9FNVAy4l9zvJPbI0I9YI6xCn6tooVz3rOsStuj7BsPSKchQK84+OIkd
+PFPxqMDOWnwc+EXQENYh4gSlIUtBI76s6R9y8snuVz9rkx/V7jfuhnyImqHhF8Qm
+A4Jr35eN6cxh1FM9W3AW0lONQaGvTlH2wRo0ahbRrszcemjCHbE0IynEhR5mp6XJ
+fp81IWVqUmqMG9NljY736tnEwZu50iUqq7fawat8WG24TRywHG0gbKoGNn0LF4MS
+fMfDyzBLfnbcBtM5XnK0e3kmgx7qzaeTrxddbZ+qQW9BBsphTbr344hEKbzjItIO
+t66oO0dE7kNXnwvKqP40Sp+vWEsRsOSMUtf1QHsWF8PiY7HJCwYUoRke63PjiNNI
+9w+8E3AxV+dAbo4/fkXlqaXN2qN1iGx0T+Vf4NjeAYiAifmGRy1DMxh/CzyTkw1L
+wa4Kekg/P2P4KlzLSmsv9jN9u9jmuPy6jW9TlUHKwDGzNegSmQo=
+=LnfH
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/EN-21:14/pms.13.patch b/website/static/security/patches/EN-21:14/pms.13.patch
new file mode 100644
index 0000000000..1d109aa39a
--- /dev/null
+++ b/website/static/security/patches/EN-21:14/pms.13.patch
@@ -0,0 +1,81 @@
+--- sys/dev/pms/freebsd/driver/ini/src/agdef.h.orig
++++ sys/dev/pms/freebsd/driver/ini/src/agdef.h
+@@ -62,7 +62,7 @@
+ #define AGTIAPI_MAX_DEVICE_7H 256 /*Max devices per channel in 7H */
+ #define AGTIAPI_MAX_DEVICE_8H 512 /*Max devices per channel in 8H*/
+ #define AGTIAPI_MAX_CAM_Q_DEPTH 1024
+-#define AGTIAPI_NSEGS (btoc(maxphys) + 1)
++#define AGTIAPI_NSEGS (MIN(btoc(maxphys), 64) + 1)
+ /*
+ ** Adapter specific defines
+ */
+--- sys/dev/pms/freebsd/driver/ini/src/agtiapi.c.orig
++++ sys/dev/pms/freebsd/driver/ini/src/agtiapi.c
+@@ -1834,7 +1834,7 @@
+ cpi->max_target = maxTargets - 1;
+ cpi->max_lun = AGTIAPI_MAX_LUN;
+ /* Max supported I/O size, in bytes. */
+- cpi->maxio = ulmin(1024 * 1024, maxphys);
++ cpi->maxio = ctob(AGTIAPI_NSEGS - 1);
+ cpi->initiator_id = 255;
+ strlcpy(cpi->sim_vid, "FreeBSD", SIM_IDLEN);
+ strlcpy(cpi->hba_vid, "PMC", HBA_IDLEN);
+@@ -2629,9 +2629,11 @@
+ {
+ AGTIAPI_PRINTK("agtiapi_PrepareSGListCB: error status 0x%x\n", error);
+ bus_dmamap_unload(pmcsc->buffer_dmat, pccb->CCB_dmamap);
+- bus_dmamap_destroy(pmcsc->buffer_dmat, pccb->CCB_dmamap);
+ agtiapi_FreeCCB(pmcsc, pccb);
+- ccb->ccb_h.status = CAM_REQ_CMP;
++ if (error == EFBIG)
++ ccb->ccb_h.status = CAM_REQ_TOO_BIG;
++ else
++ ccb->ccb_h.status = CAM_REQ_CMP_ERR;
+ xpt_done(ccb);
+ return;
+ }
+@@ -2643,9 +2645,8 @@
+ " AGTIAPI_MAX_DMA_SEGS %d\n",
+ nsegs, AGTIAPI_MAX_DMA_SEGS );
+ bus_dmamap_unload(pmcsc->buffer_dmat, pccb->CCB_dmamap);
+- bus_dmamap_destroy(pmcsc->buffer_dmat, pccb->CCB_dmamap);
+ agtiapi_FreeCCB(pmcsc, pccb);
+- ccb->ccb_h.status = CAM_REQ_CMP;
++ ccb->ccb_h.status = CAM_REQ_TOO_BIG;
+ xpt_done(ccb);
+ return;
+ }
+@@ -3689,9 +3690,11 @@
+ AGTIAPI_PRINTK( "agtiapi_PrepareSMPSGListCB: error status 0x%x\n",
+ error );
+ bus_dmamap_unload( pmcsc->buffer_dmat, pccb->CCB_dmamap );
+- bus_dmamap_destroy( pmcsc->buffer_dmat, pccb->CCB_dmamap );
+ agtiapi_FreeCCB( pmcsc, pccb );
+- ccb->ccb_h.status = CAM_REQ_CMP;
++ if (error == EFBIG)
++ ccb->ccb_h.status = CAM_REQ_TOO_BIG;
++ else
++ ccb->ccb_h.status = CAM_REQ_CMP_ERR;
+ xpt_done( ccb );
+ return;
+ }
+@@ -3703,9 +3706,8 @@
+ "AGTIAPI_MAX_DMA_SEGS %d\n",
+ nsegs, AGTIAPI_MAX_DMA_SEGS );
+ bus_dmamap_unload( pmcsc->buffer_dmat, pccb->CCB_dmamap );
+- bus_dmamap_destroy( pmcsc->buffer_dmat, pccb->CCB_dmamap );
+ agtiapi_FreeCCB( pmcsc, pccb );
+- ccb->ccb_h.status = CAM_REQ_CMP;
++ ccb->ccb_h.status = CAM_REQ_TOO_BIG;
+ xpt_done( ccb );
+ return;
+ }
+@@ -4410,7 +4412,7 @@
+ if ((pccb = agtiapi_GetCCB(pmcsc)) == NULL)
+ {
+ AGTIAPI_PRINTK("agtiapi_QueueSMP: GetCCB ERROR\n");
+- ccb->ccb_h.status = CAM_REQ_CMP;
++ ccb->ccb_h.status = CAM_REQ_CMP_ERR;
+ xpt_done(ccb);
+ return tiBusy;
+ }
diff --git a/website/static/security/patches/EN-21:14/pms.13.patch.asc b/website/static/security/patches/EN-21:14/pms.13.patch.asc
new file mode 100644
index 0000000000..2a6d8caa76
--- /dev/null
+++ b/website/static/security/patches/EN-21:14/pms.13.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmCu6uwACgkQ05eS9J6n
+5cIwuw/+NYD1AVMpus7h7ensQ/iLtgR6S2nPyHqUqTnngQDhkuO6LbmH4+nV1r0f
+cML6AtMIzLpuedIPe3qxFtOxeKXs7E3z3Sy4YJjzb+rKAdiMGiuzIuqlFmwBn9um
+3kkcdBAxTyC8sJT0B0UDZAlTGl/txzblWIw07gHaDEmiZsBodbrUDHOT6eKVIk1J
+0/lKKfqP7upQhHNEI3Bp0V6Ksx6n5vV31OJsk57J+qespoSiicAkp/8CUEYMVaXE
+zTCOvJ+oMjc0Buv/og3A8gLRvvgMU4do5UdlWPqKEaJrQS2vPINGqCM2+Al6w5vm
+5SJzjSGRUk79Q08vGwR9ga/fMLeS560Cq8pIDvadMX0Xtf+S233wt5ir7E5Udx7Q
+N9o5rd/MvXQBBNYdGOPZ6QNyBIk9jsUQdDYRgzinNY8mGseQumVBKnOU3U4BTced
+Uog0Vq5bDVwKMX0w2WRsLshmYgxoxiY0F6gYHFk/1KRafd826Qh5B1RqvI88wgrD
+vvFN0EJLbw4wuWNmUrhIOCUewTJElKdjPX+bcLKLkNftZ91O4K1fBGyA6WqFYFPo
+pUCSRADzne7hXDd5eGHKZywNoNt0mxbp3YU5TLV3qicR7dsCd2nWSm/3CBaWGzkQ
+PIYp1fQOn70oJRysiE6K4pYfaY3+Aaxh9TgQrqDZ/UZfsT0iDGc=
+=3VLG
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/EN-21:15/virtio.patch b/website/static/security/patches/EN-21:15/virtio.patch
new file mode 100644
index 0000000000..06d7674bbf
--- /dev/null
+++ b/website/static/security/patches/EN-21:15/virtio.patch
@@ -0,0 +1,155 @@
+--- sys/dev/virtio/pci/virtio_pci_legacy.c.orig
++++ sys/dev/virtio/pci/virtio_pci_legacy.c
+@@ -59,8 +59,10 @@
+ struct vtpci_legacy_softc {
+ device_t vtpci_dev;
+ struct vtpci_common vtpci_common;
++ int vtpci_res_type;
+ struct resource *vtpci_res;
+- struct resource *vtpci_msix_res;
++ struct resource *vtpci_msix_table_res;
++ struct resource *vtpci_msix_pba_res;
+ };
+
+ static int vtpci_legacy_probe(device_t);
+@@ -97,6 +99,8 @@
+ static void vtpci_legacy_read_dev_config(device_t, bus_size_t, void *, int);
+ static void vtpci_legacy_write_dev_config(device_t, bus_size_t, void *, int);
+
++static bool vtpci_legacy_setup_msix(struct vtpci_legacy_softc *sc);
++static void vtpci_legacy_teardown_msix(struct vtpci_legacy_softc *sc);
+ static int vtpci_legacy_alloc_resources(struct vtpci_legacy_softc *);
+ static void vtpci_legacy_free_resources(struct vtpci_legacy_softc *);
+
+@@ -228,10 +232,17 @@
+
+ error = vtpci_legacy_alloc_resources(sc);
+ if (error) {
+- device_printf(dev, "cannot map I/O space\n");
++ device_printf(dev, "cannot map I/O space nor memory space\n");
+ return (error);
+ }
+
++ if (vtpci_is_msix_available(&sc->vtpci_common) &&
++ !vtpci_legacy_setup_msix(sc)) {
++ device_printf(dev, "cannot setup MSI-x resources\n");
++ error = ENXIO;
++ goto fail;
++ }
++
+ vtpci_legacy_reset(sc);
+
+ /* Tell the host we've noticed this device. */
+@@ -265,6 +276,7 @@
+ return (error);
+
+ vtpci_legacy_reset(sc);
++ vtpci_legacy_teardown_msix(sc);
+ vtpci_legacy_free_resources(sc);
+
+ return (0);
+@@ -539,25 +551,77 @@
+ }
+ }
+
++static bool
++vtpci_legacy_setup_msix(struct vtpci_legacy_softc *sc)
++{
++ device_t dev;
++ int rid, table_rid;
++
++ dev = sc->vtpci_dev;
++
++ rid = table_rid = pci_msix_table_bar(dev);
++ if (rid != PCIR_BAR(0)) {
++ sc->vtpci_msix_table_res = bus_alloc_resource_any(
++ dev, SYS_RES_MEMORY, &rid, RF_ACTIVE);
++ if (sc->vtpci_msix_table_res == NULL)
++ return (false);
++ }
++
++ rid = pci_msix_pba_bar(dev);
++ if (rid != table_rid && rid != PCIR_BAR(0)) {
++ sc->vtpci_msix_pba_res = bus_alloc_resource_any(
++ dev, SYS_RES_MEMORY, &rid, RF_ACTIVE);
++ if (sc->vtpci_msix_pba_res == NULL)
++ return (false);
++ }
++
++ return (true);
++}
++
++static void
++vtpci_legacy_teardown_msix(struct vtpci_legacy_softc *sc)
++{
++ device_t dev;
++
++ dev = sc->vtpci_dev;
++
++ if (sc->vtpci_msix_pba_res != NULL) {
++ bus_release_resource(dev, SYS_RES_MEMORY,
++ rman_get_rid(sc->vtpci_msix_pba_res),
++ sc->vtpci_msix_pba_res);
++ sc->vtpci_msix_pba_res = NULL;
++ }
++ if (sc->vtpci_msix_table_res != NULL) {
++ bus_release_resource(dev, SYS_RES_MEMORY,
++ rman_get_rid(sc->vtpci_msix_table_res),
++ sc->vtpci_msix_table_res);
++ sc->vtpci_msix_table_res = NULL;
++ }
++}
++
+ static int
+ vtpci_legacy_alloc_resources(struct vtpci_legacy_softc *sc)
+ {
++ const int res_types[] = { SYS_RES_IOPORT, SYS_RES_MEMORY };
+ device_t dev;
+- int rid;
++ int rid, i;
+
+ dev = sc->vtpci_dev;
+
+- rid = PCIR_BAR(0);
+- if ((sc->vtpci_res = bus_alloc_resource_any(dev, SYS_RES_IOPORT,
+- &rid, RF_ACTIVE)) == NULL)
+- return (ENXIO);
+-
+- if (vtpci_is_msix_available(&sc->vtpci_common)) {
+- rid = PCIR_BAR(1);
+- if ((sc->vtpci_msix_res = bus_alloc_resource_any(dev,
+- SYS_RES_MEMORY, &rid, RF_ACTIVE)) == NULL)
+- return (ENXIO);
++ /*
++ * Most hypervisors export the common configuration structure in IO
++ * space, but some use memory space; try both.
++ */
++ for (i = 0; nitems(res_types); i++) {
++ rid = PCIR_BAR(0);
++ sc->vtpci_res_type = res_types[i];
++ sc->vtpci_res = bus_alloc_resource_any(dev, res_types[i], &rid,
++ RF_ACTIVE);
++ if (sc->vtpci_res != NULL)
++ break;
+ }
++ if (sc->vtpci_res == NULL)
++ return (ENXIO);
+
+ return (0);
+ }
+@@ -569,14 +633,8 @@
+
+ dev = sc->vtpci_dev;
+
+- if (sc->vtpci_msix_res != NULL) {
+- bus_release_resource(dev, SYS_RES_MEMORY, PCIR_BAR(1),
+- sc->vtpci_msix_res);
+- sc->vtpci_msix_res = NULL;
+- }
+-
+ if (sc->vtpci_res != NULL) {
+- bus_release_resource(dev, SYS_RES_IOPORT, PCIR_BAR(0),
++ bus_release_resource(dev, sc->vtpci_res_type, PCIR_BAR(0),
+ sc->vtpci_res);
+ sc->vtpci_res = NULL;
+ }
diff --git a/website/static/security/patches/EN-21:15/virtio.patch.asc b/website/static/security/patches/EN-21:15/virtio.patch.asc
new file mode 100644
index 0000000000..a72fcc9461
--- /dev/null
+++ b/website/static/security/patches/EN-21:15/virtio.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmCu6u0ACgkQ05eS9J6n
+5cIFeg/7B/6vLP428OBwLjMPvvkDUQLIZ+P37OzAR5K+yGFaXZ4y9JPEk37Sx4Ax
+QTecy9D1YmD/f73N9tuHv7wZQ/BfSTk1RqAA9JCIODKjjbMVlXhE4N8LZM13MXN1
+WkTFQdIPqgW69aiRpYVdRsW4p8uzN/ek/ULKVkHfuYLGzbkTUgW3QJYje0Bd9dYm
+KF2rkhQf4Dc+R4ev2HBKBr93/dGvPKkmwM3nr2xvTSvsUqYJcY6KbJc1YwslZaRv
+kkSTwil6DjwbQNs2f4YrJBV47/+UwKQR/byNFGG/QGc64cAHeuWQnB2//gL2Degq
+1diVa7C128oqyCYu/xEPUTif1M7lNEwQpXKhs2FmgLYwTTm3QkrdeeHxS/lV+Ye+
+zM+hWLHU+0Ztug4GREwk5FkBpgcqKmDjaEMLD/tu7iNu6C/eOkRJRQPzRZaUP8HL
+VRlB5ghrdrS3SChCeicAGcE2lhXBvn8RqA6lnpXuoOHvHoD0cq33afTJtSb8ahN9
+NHfxdkcxzbswoZEaFLsfK//pJecxbjk2b6QotzkHfCtTwdANYkXhlFuH8azyx4Cw
+M5z/Ohex+lA7giuviNrO3C7rWvCO1XoPEyvtzQ45JYIO2kgGv3MRgos8If3Z16Im
+P/+c3Q25xRduEQCRkIifrsDMm6QpGwxgFpdoVaiK3oBBY/lyTtg=
+=eWxI
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/EN-21:16/bc.patch b/website/static/security/patches/EN-21:16/bc.patch
new file mode 100644
index 0000000000..de04652211
--- /dev/null
+++ b/website/static/security/patches/EN-21:16/bc.patch
@@ -0,0 +1,11 @@
+--- contrib/bc/src/program.c.orig
++++ contrib/bc/src/program.c
+@@ -1443,6 +1443,8 @@
+ size_t idx = (r->t == BC_RESULT_STR) ? r->d.loc.loc : n->scale;
+ bc_program_printChars(*((char**) bc_vec_item(p->strs, idx)));
+ }
++
++ bc_vec_pop(&p->results);
+ }
+
+ static void bc_program_nquit(BcProgram *p, uchar inst) {
diff --git a/website/static/security/patches/EN-21:16/bc.patch.asc b/website/static/security/patches/EN-21:16/bc.patch.asc
new file mode 100644
index 0000000000..044629df8a
--- /dev/null
+++ b/website/static/security/patches/EN-21:16/bc.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmCu6u0ACgkQ05eS9J6n
+5cKDgw/9G6Btno2gYPieQ4m6rf8EK9Dh2wxHTyMAQEM/1QXgG9ZIFawZ1XzlSlzu
+cn4VVf3Io9bqDSUidobo/SmknJID1c7rDdRtLhduEZSYE3IBJphlvr7upZ1mQoAr
+tZIBG9ICspYDd5TrL1Emr6BPIj3bDImWhh/7R9z6cejP54hknOoU0t/PeKtk6R/W
+bYkBOTclYtGsv1WU1pzuDYHcWmzgqbB0475P3TsehXqnmF+mijQ5nIfJ9Z5U9e7p
+o+sZG4+jdgoEQPTgE+km5FcR7vgdb+kG8rOgJ0+jx+3EULWZSWKR6jwgBLwQHGxS
+T79ERXyY1IMnmaCro3dCelZflAIkbquo4RXlevkV6zZBPU0t57eJT7aPTrqQ5XAK
+orA5Movm2uTgDSC20cQsdP0Hri3/CXrHbzEYs1AvHBSsy01Ahn/O5o2zCKQThq3P
+/Z14Nr5M5XiMfO86kW9N8oZCzm6NTtbPsH94WY1WCfSB+jHIMml6QfkSt2AiozQa
+uiMosx8JcQu5yw1Wkfnw1++TZNrxKMbHvppzS6fmk76R187Rk63VU6SubwZOnMlV
+/L8Vd1pkwXcom2Go8oFpVgSNfYsmPxxabdzK2bn9V+Gv+epZKjdH94JtRS7s6dpD
+O0QeZwAA8BwjyPn7JLalCdhGOBf2TvxBBeawMUOZfVvsz2zgl1U=
+=+NdI
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/SA-21:11/smap.patch b/website/static/security/patches/SA-21:11/smap.patch
new file mode 100644
index 0000000000..68392d5691
--- /dev/null
+++ b/website/static/security/patches/SA-21:11/smap.patch
@@ -0,0 +1,81 @@
+--- sys/amd64/amd64/support.S.orig
++++ sys/amd64/amd64/support.S
+@@ -919,9 +919,11 @@
+ END(copyin_smap_erms)
+
+ ALIGN_TEXT
+- /* Trap entry clears PSL.AC */
+ copy_fault:
+- movq $0,PCB_ONFAULT(%r11)
++ testl $CPUID_STDEXT_SMAP,cpu_stdext_feature(%rip)
++ je 1f
++ clac
++1: movq $0,PCB_ONFAULT(%r11)
+ movl $EFAULT,%eax
+ POP_FRAME_POINTER
+ ret
+@@ -1358,9 +1360,11 @@
+ END(subyte_smap)
+
+ ALIGN_TEXT
+- /* Fault entry clears PSL.AC */
+ fusufault:
+- movq PCPU(CURPCB),%rcx
++ testl $CPUID_STDEXT_SMAP,cpu_stdext_feature(%rip)
++ je 1f
++ clac
++1: movq PCPU(CURPCB),%rcx
+ xorl %eax,%eax
+ movq %rax,PCB_ONFAULT(%rcx)
+ decq %rax
+@@ -1443,8 +1447,10 @@
+ END(copyinstr_smap)
+
+ cpystrflt:
+- /* Fault entry clears PSL.AC */
+- movl $EFAULT,%eax
++ testl $CPUID_STDEXT_SMAP,cpu_stdext_feature(%rip)
++ je 1f
++ clac
++1: movl $EFAULT,%eax
+ cpystrflt_x:
+ /* set *lencopied and return %eax */
+ movq $0,PCB_ONFAULT(%r9)
+--- sys/amd64/linux/linux_support.s.orig
++++ sys/amd64/linux/linux_support.s
+@@ -30,11 +30,15 @@
+
+ #include "linux_assym.h" /* system definitions */
+ #include /* miscellaneous asm macros */
++#include
+
+ #include "assym.inc"
+
+ futex_fault:
+- movq $0,PCB_ONFAULT(%r8)
++ testl $CPUID_STDEXT_SMAP,cpu_stdext_feature(%rip)
++ je 1f
++ clac
++1: movq $0,PCB_ONFAULT(%r8)
+ movl $-EFAULT,%eax
+ ret
+
+--- sys/amd64/linux32/linux32_support.s.orig
++++ sys/amd64/linux32/linux32_support.s
+@@ -30,11 +30,15 @@
+
+ #include "linux32_assym.h" /* system definitions */
+ #include /* miscellaneous asm macros */
++#include
+
+ #include "assym.inc"
+
+ futex_fault:
+- movq $0,PCB_ONFAULT(%r8)
++ testl $CPUID_STDEXT_SMAP,cpu_stdext_feature(%rip)
++ je 1f
++ clac
++1: movq $0,PCB_ONFAULT(%r8)
+ movl $-EFAULT,%eax
+ ret
+
diff --git a/website/static/security/patches/SA-21:11/smap.patch.asc b/website/static/security/patches/SA-21:11/smap.patch.asc
new file mode 100644
index 0000000000..5cda4e9238
--- /dev/null
+++ b/website/static/security/patches/SA-21:11/smap.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmCu6vIACgkQ05eS9J6n
+5cIrRA//caPhVUoo6r1xBDRzBs4OcT/Sz2fwUBDXKlggD+JQIsxE6vDrWssgKR72
+Oj5knBZCqfVO/+VzviUQha0QkCpF00MV2Tscu+LV6yfQdnh5NRCgj4CuLYAA+6aI
+0RA6tVanT+0kwOi8+2dkVIG0zcXrchsswDeM+nyeSIdszWas+E4N4NUDTIs5H5LH
+mDBELHuSMHau123Yhb1u7rbPdQ5Cj1VT8xuPzvSTYcMRo/IeEPScXdVmwAHl/tNe
+Os0Yd8/XyqMaY5RHQgXO236k5gAR0vHe9P6mPx8C7FdyLiHaD9Egl8FUOCjotnEa
+CZJB78ADM9tSDXjgTpDFEIgA9IpktbjQ86vPs0I/h4LSzEzodMT4oy01C9u86NtV
+uMec3r69hgohkd5OUmPuu1ByO+SDuC7WSkCSo85X211enoTnpgveoKmTnpWU3hBI
+b6NMcDy8eGOXWyen4v5G3wsuWGtWs4Gvntg5GZvCJ+OFm/3sjTjJPgDHa3y/VyIe
+MOmc69IS8rFmCRErar63MXU7wvyGVvtYINkR84P37j5ACHh+cMJywYitFehgJieZ
+RmHL5+jpDGoljPLO3g8dgSlQChw5jrAyuZhbcI42V6/lQuc2Rhf9pPgJ+l26o2Ib
+RKBzlI8W8e50H8O+LveGzRokqi+QT+15uJ+WAqDfP1AY7nWIzjQ=
+=z4rU
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/SA-21:12/libradius.11.patch b/website/static/security/patches/SA-21:12/libradius.11.patch
new file mode 100644
index 0000000000..289a8b4162
--- /dev/null
+++ b/website/static/security/patches/SA-21:12/libradius.11.patch
@@ -0,0 +1,123 @@
+--- lib/libradius/radlib.c.orig
++++ lib/libradius/radlib.c
+@@ -186,7 +186,7 @@
+ MD5_CTX ctx;
+ unsigned char md5[MD5_DIGEST_LENGTH];
+ const struct rad_server *srvp;
+- int len;
++ int alen, len;
+ #ifdef WITH_SSL
+ HMAC_CTX hctx;
+ u_char resp[MSGSIZE], md[EVP_MAX_MD_SIZE];
+@@ -205,8 +205,8 @@
+ /* Check the message length */
+ if (h->in_len < POS_ATTRS)
+ return 0;
+- len = h->in[POS_LENGTH] << 8 | h->in[POS_LENGTH+1];
+- if (len > h->in_len)
++ len = (h->in[POS_LENGTH] << 8) | h->in[POS_LENGTH + 1];
++ if (len < POS_ATTRS || len > h->in_len)
+ return 0;
+
+ /* Check the response authenticator */
+@@ -231,9 +231,12 @@
+
+ /* Search and verify the Message-Authenticator */
+ while (pos < len - 2) {
+-
+ if (h->in[pos] == RAD_MESSAGE_AUTHENTIC) {
+- /* zero fill the Message-Authenticator */
++ if (h->in[pos + 1] != MD5_DIGEST_LENGTH + 2)
++ return 0;
++ if (len - pos < MD5_DIGEST_LENGTH + 2)
++ return 0;
++
+ memset(&resp[pos + 2], 0, MD5_DIGEST_LENGTH);
+
+ HMAC_CTX_init(&hctx);
+@@ -253,7 +256,10 @@
+ return 0;
+ break;
+ }
+- pos += h->in[pos + 1];
++ alen = h->in[pos + 1];
++ if (alen < 2)
++ return 0;
++ pos += alen;
+ }
+ }
+ #endif
+@@ -269,7 +275,7 @@
+ MD5_CTX ctx;
+ unsigned char md5[MD5_DIGEST_LENGTH];
+ const struct rad_server *srvp;
+- int len;
++ int alen, len;
+ #ifdef WITH_SSL
+ HMAC_CTX hctx;
+ u_char resp[MSGSIZE], md[EVP_MAX_MD_SIZE];
+@@ -282,8 +288,8 @@
+ /* Check the message length */
+ if (h->in_len < POS_ATTRS)
+ return (0);
+- len = h->in[POS_LENGTH] << 8 | h->in[POS_LENGTH+1];
+- if (len > h->in_len)
++ len = (h->in[POS_LENGTH] << 8) | h->in[POS_LENGTH + 1];
++ if (len < POS_ATTRS || len > h->in_len)
+ return (0);
+
+ if (h->in[POS_CODE] != RAD_ACCESS_REQUEST) {
+@@ -303,7 +309,14 @@
+ /* Search and verify the Message-Authenticator */
+ pos = POS_ATTRS;
+ while (pos < len - 2) {
++ alen = h->in[pos + 1];
++ if (alen < 2)
++ return (0);
+ if (h->in[pos] == RAD_MESSAGE_AUTHENTIC) {
++ if (len - pos < MD5_DIGEST_LENGTH + 2)
++ return (0);
++ if (alen < MD5_DIGEST_LENGTH + 2)
++ return (0);
+ memcpy(resp, h->in, MSGSIZE);
+ /* zero fill the Request-Authenticator */
+ if (h->in[POS_CODE] != RAD_ACCESS_REQUEST)
+@@ -323,7 +336,7 @@
+ return (0);
+ break;
+ }
+- pos += h->in[pos + 1];
++ pos += alen;
+ }
+ #endif
+ return (1);
+@@ -924,9 +937,9 @@
+ * returns -1.
+ */
+ int
+-rad_get_attr(struct rad_handle *h, const void **value, size_t *len)
++rad_get_attr(struct rad_handle *h, const void **value, size_t *lenp)
+ {
+- int type;
++ int len, type;
+
+ if (h->in_pos >= h->in_len)
+ return 0;
+@@ -935,13 +948,14 @@
+ return -1;
+ }
+ type = h->in[h->in_pos++];
+- *len = h->in[h->in_pos++] - 2;
+- if (h->in_pos + (int)*len > h->in_len) {
++ len = h->in[h->in_pos++];
++ if (len < 2 || h->in_pos + len > h->in_len) {
+ generr(h, "Malformed attribute in response");
+ return -1;
+ }
++ *lenp = len;
+ *value = &h->in[h->in_pos];
+- h->in_pos += *len;
++ h->in_pos += len;
+ return type;
+ }
+
diff --git a/website/static/security/patches/SA-21:12/libradius.11.patch.asc b/website/static/security/patches/SA-21:12/libradius.11.patch.asc
new file mode 100644
index 0000000000..c818b11381
--- /dev/null
+++ b/website/static/security/patches/SA-21:12/libradius.11.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmCu6vMACgkQ05eS9J6n
+5cICeRAAqpt9abjKWg2pMPYccgxLn4Gc0ayG2ICWQ6BIWVFCa/cUJjOFNn+QUyuM
+euNTknfwegAiH9sVfWhvX8Vr9jhUsAWOq1hf82JTSdK1FUirCcjMGX2SFAVyTElb
+2d0LgzTF/5YLWfP2l3hvNUBz18wc8WCBHC3uYOVpmNRlyYmGfK5dIrYkcNBjjbuU
+5rBZqBkXWY89/qbmhfu0sghP3ey7p4qnhZ5xzbgARIykRolncZIvgWrzzEyAi5du
+RTHVfHNXGMNCXpD/ejVbJDoq/0KKmnFHL3Rz+B0dX96ZQAmhSqqjDW8RALi1y7bO
+Q5tP6MOxxb2yMVIuogXxgi2yBebLfKVxq6q9rNhD3oGru+lLQ895LTETMbpS1oBA
+NAYKGdt7jIK/pRn+IRVP7EUnCKs6L+Pbm5mz/PfsWWhaoAFWc+mLlbdU/1YNm5qF
+PGn18/xegRUjPF1wPts9Z8l0qqU2WzJN9S9NniO+PI96Imo8V2ttYgYAFjYPaJ1r
+Nm5uhcqoUn/OeO4UD+0SfrJUmTbdz8KC7FiyhdjQvDZ+AfXBQrfMqTjo8LiOI0zV
+ribU+pWu8AhZZYfwWtz3vaaa1bKlBLhpc3d1BTllE7mKcH05/AN/aFmzT7RzJHWu
+0grPH9c3lq3UMeNkXoIP+TW+21kdHrlKrqyCUae4cTAs8GFKPlw=
+=ROJc
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/patches/SA-21:12/libradius.patch b/website/static/security/patches/SA-21:12/libradius.patch
new file mode 100644
index 0000000000..358c804029
--- /dev/null
+++ b/website/static/security/patches/SA-21:12/libradius.patch
@@ -0,0 +1,133 @@
+--- lib/libradius/radlib.c.orig
++++ lib/libradius/radlib.c
+@@ -187,7 +187,7 @@
+ MD5_CTX ctx;
+ unsigned char md5[MD5_DIGEST_LENGTH];
+ const struct rad_server *srvp;
+- int len;
++ int alen, len;
+ #ifdef WITH_SSL
+ HMAC_CTX *hctx;
+ u_char resp[MSGSIZE], md[EVP_MAX_MD_SIZE];
+@@ -206,8 +206,8 @@
+ /* Check the message length */
+ if (h->in_len < POS_ATTRS)
+ return 0;
+- len = h->in[POS_LENGTH] << 8 | h->in[POS_LENGTH+1];
+- if (len > h->in_len)
++ len = (h->in[POS_LENGTH] << 8) | h->in[POS_LENGTH + 1];
++ if (len < POS_ATTRS || len > h->in_len)
+ return 0;
+
+ /* Check the response authenticator */
+@@ -233,9 +233,16 @@
+ /* Search and verify the Message-Authenticator */
+ hctx = HMAC_CTX_new();
+ while (pos < len - 2) {
+-
+ if (h->in[pos] == RAD_MESSAGE_AUTHENTIC) {
+- /* zero fill the Message-Authenticator */
++ if (h->in[pos + 1] != MD5_DIGEST_LENGTH + 2) {
++ HMAC_CTX_free(hctx);
++ return 0;
++ }
++ if (len - pos < MD5_DIGEST_LENGTH + 2) {
++ HMAC_CTX_free(hctx);
++ return 0;
++ }
++
+ memset(&resp[pos + 2], 0, MD5_DIGEST_LENGTH);
+
+ HMAC_Init_ex(hctx, srvp->secret,
+@@ -255,7 +262,12 @@
+ }
+ break;
+ }
+- pos += h->in[pos + 1];
++ alen = h->in[pos + 1];
++ if (alen < 2) {
++ HMAC_CTX_free(hctx);
++ return 0;
++ }
++ pos += alen;
+ }
+ HMAC_CTX_free(hctx);
+ }
+@@ -272,7 +284,7 @@
+ MD5_CTX ctx;
+ unsigned char md5[MD5_DIGEST_LENGTH];
+ const struct rad_server *srvp;
+- int len;
++ int alen, len;
+ #ifdef WITH_SSL
+ HMAC_CTX *hctx;
+ u_char resp[MSGSIZE], md[EVP_MAX_MD_SIZE];
+@@ -285,8 +297,8 @@
+ /* Check the message length */
+ if (h->in_len < POS_ATTRS)
+ return (0);
+- len = h->in[POS_LENGTH] << 8 | h->in[POS_LENGTH+1];
+- if (len > h->in_len)
++ len = (h->in[POS_LENGTH] << 8) | h->in[POS_LENGTH + 1];
++ if (len < POS_ATTRS || len > h->in_len)
+ return (0);
+
+ if (h->in[POS_CODE] != RAD_ACCESS_REQUEST) {
+@@ -307,7 +319,18 @@
+ pos = POS_ATTRS;
+ hctx = HMAC_CTX_new();
+ while (pos < len - 2) {
++ alen = h->in[pos + 1];
++ if (alen < 2)
++ return (0);
+ if (h->in[pos] == RAD_MESSAGE_AUTHENTIC) {
++ if (len - pos < MD5_DIGEST_LENGTH + 2) {
++ HMAC_CTX_free(hctx);
++ return (0);
++ }
++ if (alen < MD5_DIGEST_LENGTH + 2) {
++ HMAC_CTX_free(hctx);
++ return (0);
++ }
+ memcpy(resp, h->in, MSGSIZE);
+ /* zero fill the Request-Authenticator */
+ if (h->in[POS_CODE] != RAD_ACCESS_REQUEST)
+@@ -327,7 +350,7 @@
+ }
+ break;
+ }
+- pos += h->in[pos + 1];
++ pos += alen;
+ }
+ HMAC_CTX_free(hctx);
+ #endif
+@@ -929,9 +952,9 @@
+ * returns -1.
+ */
+ int
+-rad_get_attr(struct rad_handle *h, const void **value, size_t *len)
++rad_get_attr(struct rad_handle *h, const void **value, size_t *lenp)
+ {
+- int type;
++ int len, type;
+
+ if (h->in_pos >= h->in_len)
+ return 0;
+@@ -940,13 +963,14 @@
+ return -1;
+ }
+ type = h->in[h->in_pos++];
+- *len = h->in[h->in_pos++] - 2;
+- if (h->in_pos + (int)*len > h->in_len) {
++ len = h->in[h->in_pos++];
++ if (len < 2 || h->in_pos + len > h->in_len) {
+ generr(h, "Malformed attribute in response");
+ return -1;
+ }
++ *lenp = len;
+ *value = &h->in[h->in_pos];
+- h->in_pos += *len;
++ h->in_pos += len;
+ return type;
+ }
+
diff --git a/website/static/security/patches/SA-21:12/libradius.patch.asc b/website/static/security/patches/SA-21:12/libradius.patch.asc
new file mode 100644
index 0000000000..c9349d3e1c
--- /dev/null
+++ b/website/static/security/patches/SA-21:12/libradius.patch.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmCu6vMACgkQ05eS9J6n
+5cIldg//f0D59dg4H7AH0pvG7gmjYXsyNo+6PcHgRYvYbdgzHNrPxtLvhVmt8BP9
+0xTLCemtZ2JUAS+1I9lpeEkAxBbuUlJQQmmzH9BUdpwuyPXz4j9m5+c0CC6z8m4O
+N124oeQBoPS/UBRTSYQGOqP8hY9hyPGPjr7prUsZ1FJCr6H84c+Hn4sv7mvk2Iek
+lkgwtUsYpGzpSG8tp+jpTNUkJtgJC5RjHugUgrYYYQ6rDAe1InGFLaTZv+BhxKPD
+rqQ1ZCbdlX/6A9jILgTBgCpGU9UwjAOr9TpecAl4NKYzkutp/mae5thZylm6GyDU
+aeirP3dn2mW2wnEeekBGTlRAdqo5XNfERHsdrOL9RA4gZmgjACg/uGiiDxRtRTea
+QHDAIIWsFlNWdi53JPV/pJPhAyO1Db3klZzCjzXGAFIEXyIYJa1EFHKlYF01x3s5
+iGhwRGDZwh9txbXaZ6CrGgFKtqWpCss1xDkbkXBuVk9mgQ+kg3qh4Bh3nWo6zeBs
+4SapMjgwqoHEBDrO4FY+c//WOTIpYPwSexFJHla7WwAySg/CFCmfP2OXDOOBORPN
+eou9NIThPlRAzXEyDA3URDadsD/+Y9yJEMAh27kCWjZwg0KSFdZqHscZO3zDX0ty
+rKxJ3bh25NpwIaEt4cSak9p0jmGGJeU+uklQdpsgcrdJ0EIF3uw=
+=h7pE
+-----END PGP SIGNATURE-----