Subject: Re: new CVS remote vulnerabilities 

The path to the 3.5 patch was incorrect, it should be:
    ftp://ftp.OpenBSD.org/pub/OpenBSD/patches/3.5/common/011_cvs3.patch