New errata: SA-03:09, SA-03:10.

Minor grammatical fixes to SA-03:08 item.

release/doc/en_US.ISO8859-1/errata/article.sgml

@@ -116,14 +116,30 @@
 ]]>
 
 <![ %release.type.snapshot [
-    <para>The implementation of the &man.realpath.3; function contains
-      a single-byte buffer overflow bug.  This may have various
+    <para>The implementation of the &man.realpath.3; function contained
+      a single-byte buffer overflow bug.  This had various
       impacts, depending on the application using &man.realpath.3; and
       other factors.  This bug was fixed on the &release.branch; development
       branch before &release.prev;; &os; &release.prev; is therefore not affected.  However, this change
       was not noted in the release documentation.  For
       more information, see security advisory
       <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:08.realpath.asc">FreeBSD-SA-03:08</ulink>.</para>
+
+    <para>The kernel contains a bug that could allow it to attempt
+      delivery of invalid signals, leading to a kernel panic or, under
+      some circumstances, unauthorized modification of kernel memory.
+      This bug has been fixed on the &release.branch; development
+      branch and the &release.prev; security fix branch.  For more
+      information, see security advisory
+      <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:09.signal.asc">FreeBSD-SA-03:09</ulink>.</para>
+
+    <para>A bug in the iBCS2 emulation module could result in
+      disclosing the contents of kernel memory.  (Note that this
+      module is not enabled in &os; by default.)  This bug has been
+      fixed on the &release.branch; development branch and the
+      &release.prev; security fix branch.  More information can be
+      found in security advisory
+      <ulink url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:10.ibcs2.asc">FreeBSD-SA-03:10</ulink>.</para>
 ]]>
 
   </sect1>