I looked at 6.1. 008 wasn’t really a bug, just preventative maintenance for stack clash. 012 was logic error related to size of the freed memory, which triggers an assertion. 016 was logic error, triggered an assertion in malloc.
But cool write up.
Thank you! I’ve corrected 6.1 012 and 016. I’ll leave 008 in the table since it was a published errata patch.
A disturbing number of kernel buffer overflows are not classified as security, unless those can all only be triggered by root I doubt I agree with the classification scheme.
I included overall stats as well as “security fix” only stats to avoid relying on OpenBSD’s own categories.