diff --git a/CHANGELOG b/CHANGELOG
index 7e9207ed5..92e8fc9dc 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,4 +1,6 @@
 # Nmap Changelog ($Id$); -*-text-*-
+Nmap 4.01
+
 o Fixed a bug that would cause bogus reverse-DNS resolution on
   big-endian machines.  Thanks to Doug Hoyte, Seth Miller, Tony Doan,
   and Andrew Lutomirsky for helping to debug and patch the problem.
@@ -13,14 +15,20 @@ o Fixed --system-dns option so that --system_dns works too.  Error
   VanEeckhoutte (Peter.VanEeckhoutte(a)saraleefoodseurope.com) for
   reporting the problem.
 
+o Fixed a crash which would report this message:
+  "NmapOutputTable.cc:143: void NmapOutputTable::addItem(unsigned int,
+  unsigned int, bool, const char*, int): Assertion `row < numRows'
+  failed."  Thanks to Jake Schneider (Jake.Schneider(a)dynetics.com) for
+  reporting and helping to debug the problem.
+
 o Whenever Nmap sends packets with the SYN bit set (except for OS
   detection), it now includes the maximum segment size (MSS) tcp
   option with a value of 1460.  This makes it stand out less as almost
   all hosts set at least this option.  Thanks to Juergen Schmidt
   (ju(a)heisec.de) for the suggestion.
 
-o Applied a patch for a Windows "interface reading bug" from Doug
-  Hoyte.
+o Applied a patch for a Windows interface reading bug in the aDNS
+  subsystem from Doug Hoyte.
 
 o Minor changes to recognize DragonFly BSD in configure
   scripts. Thanks to Joerg Sonnenberger (joerg(a)britannica.bec.de)
@@ -30,7 +38,7 @@ o Fixed a minor bug in an error message starting with "eth_send of ARP
   packet returned".  Thanks to J.W. Hoogervorst
   (J.W.Hoogervorst(a)uva.nl) for finding this.
 
-4.00
+Nmap 4.00
 
 o Added the '?' command to the runtime interaction system.  It prints a
   list of accepted commands.  Thanks to Andrew Lutomirski
@@ -40,7 +48,7 @@ o See the announcement at
   http://www.insecure.org/stf/Nmap-4.00-Release.html for high-level
   changes since 3.50.
 
-3.9999
+Nmap 3.9999
 
 o Generated a new libpcre/configure to cope with changes in LibPCRE
   6.4
@@ -55,7 +63,7 @@ o Updated the Nmap version number and related fields that MS Visual
   Studio places in the binary.  This was done by editing
   mswin32/nmap.rc.
 
-3.999
+Nmap 3.999
 
 o Added runtime interaction support to Windows, thanks to patches from
   Andrew Lutomirski (luto(a)myrealbox.com) and Gisle Vanem (giva(a)bgnett.no).
@@ -73,7 +81,7 @@ o Fixed an issue in which the installer would malfunction in rare
   issues when installing to a directory with spaces in it.  Thanks to
   Thierry Zoller (Thierry(a)Zoller.lu) for the report.
 
-3.99
+Nmap 3.99
 
 o Integrated all remaining 2005 service submissions.  The DB now has
   surpassed 3,000 signatures for the first time.  There now are 3,153
@@ -99,7 +107,7 @@ o Fixed compilation to again work with gcc-derivatives such as
   MingW. Thanks to Gisle Vanem (giva(a)bgnett.no) for sending the
   patches
 
-3.98BETA1
+Nmap 3.98BETA1
 
 o Added run time interaction as documented at
   http://www.insecure.org/nmap/man/man-runtime-interaction.html .
@@ -166,7 +174,7 @@ o Stripped the firewall API out of the libdnet included with Nmap
 o Modified the previously useless --noninteractive option so that it
   deactivates runtime interaction.
 
-3.96BETA1
+Nmap 3.96BETA1
 
 o Added --max_retries option for capping the maximum number of
   retransmissions the port scan engine will do. The value may be as low
@@ -239,7 +247,7 @@ o Fixed Nmap so it doesn't crash when you ask it to resume a previous
   scan, but pass in a bogus file rather than actual Nmap output.  Thanks
   to Piotr Sobolewski (piotr_sobolewski(a)o2.pl) for the fix.
 
-3.95
+Nmap 3.95
 
 o Fixed a crash in IPID Idle scan.  Thanks to Ron
   (iago(a)valhallalegends.com>, Bakeman (bakeman(a)physics.unr.edu),
@@ -253,7 +261,7 @@ o Fixed a 3.94ALPHA3 bug that caused UDP scan results to be listed as
   TCP ports instead.  Thanks to Justin M Cacak (jcacak(a)nebraska.edu)
   for reporting the problem.
 
-3.94ALPHA3
+Nmap 3.94ALPHA3
 
 o Updated NmapFE to build with GTK2 rather than obsolete GTK1.  Thanks
   to Mike Basinger (dbasinge(a)speakeasy.net) and Meethune Bhowmick
@@ -279,7 +287,7 @@ o Define INET_ADDRSTRLEN in tcpip.h if the system doesn't define it
   Thanks to Albert Chin (nmap-hackers(a)mlists.thewrittenword.com) for
   sending the patch..
 
-3.94ALPHA2
+Nmap 3.94ALPHA2
 
 o Put Nmap on a diet, with changes to the core port scanning routine
   (ultra_scan) to substantially reduce memory consumption, particularly
@@ -315,7 +323,7 @@ o Modified libdnet-stripped/src/eth-bsd.c to allow for up to 128 bpf
   aliases.  Thanks to Krok (krok(a)void.ru) for reporting the problem
   and even sending a patch.
 
-3.94ALPHA1
+Nmap 3.94ALPHA1
 
 o Wrote a new man page from scratch.  It is much more comprehensive
   (more than twice as long) and (IMHO) better organized than the
diff --git a/Makefile.in b/Makefile.in
index 7312118c1..83636970e 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -1,4 +1,4 @@
-export NMAP_VERSION = 4.00
+export NMAP_VERSION = 4.01
 NMAP_NAME= Nmap
 NMAP_URL= http://www.insecure.org/nmap/
 NMAP_PLATFORM=@host@
diff --git a/docs/nmap.1 b/docs/nmap.1
index 42d8ab509..b1f9a50b6 100644
--- a/docs/nmap.1
+++ b/docs/nmap.1
@@ -2,7 +2,7 @@
 .\" It was generated using the DocBook XSL Stylesheets (version 1.69.1).
 .\" Instead of manually editing it, you probably should edit the DocBook XML
 .\" source for it and then use the DocBook XSL Stylesheets to regenerate it.
-.TH "NMAP" "1" "02/09/2006" "" "Nmap Reference Guide"
+.TH "NMAP" "1" "02/16/2006" "" "Nmap Reference Guide"
 .\" disable hyphenation
 .nh
 .\" disable justification (adjust text to left margin only)
@@ -192,7 +192,7 @@ CIDR notation is short but not always flexible enough. For example, you might wa
 IPv6 addresses can only be specified by their fully qualified IPv6 address or hostname. CIDR and octet ranges aren't supported for IPv6 because they are rarely useful.
 .PP
 Nmap accepts multiple host specifications on the command line, and they don't need to be the same type. The command
-\fBnmap scanme.nmap.org 192.168.0.0/8 10.0.0,1,3\-7.0\-255\fR
+\fBnmap scanme.nmap.org 192.168.0.0/16 10.0.0,1,3\-7.0\-255\fR
 does what you would expect.
 .PP
 While targets are usually specified on the command lines, the following options are also available to control target selection:
@@ -656,7 +656,7 @@ database contains probes for querying various services and match expressions to
 open|filtered
 state after a UDP port scan is unable to determine whether the port is open or filtered. Version detection will try to elicit a response from these ports (just as it does with open ports), and change the state to open if it succeeds.
 open|filtered
-TCP ports are treaded the same way. Note that the Nmap
+TCP ports are treated the same way. Note that the Nmap
 \fB\-A\fR
 option enables version detection among other things. A paper documenting the workings, usage, and customization of version detection is available at
 \fI\%http://www.insecure.org/nmap/vscan/\fR.
@@ -685,7 +685,7 @@ When performing a version scan (\fB\-sV\fR), nmap sends a series of probes, each
 \fInmap\-service\-probes\fRports
 directive, that probe is tried regardless of intensity level. This ensures that the DNS probes will always be attempted against any open port 53, the SSL probe will be done against 443, etc.
 .TP
-\fB\-\-version\-light\fR (Enablie light mode)
+\fB\-\-version\-light\fR (Enable light mode)
 This is a convenience alias for
 \fB\-\-version\-intensity 2\fR. This light mode makes version scanning much faster, but it is slightly less likely to identify services.
 .TP
diff --git a/docs/nmap.usage.txt b/docs/nmap.usage.txt
index b7a166df7..aa324a8f5 100644
--- a/docs/nmap.usage.txt
+++ b/docs/nmap.usage.txt
@@ -1,4 +1,4 @@
-Nmap 4.00 ( http://www.insecure.org/nmap/ )
+Nmap 4.01 ( http://www.insecure.org/nmap/ )
 Usage: nmap [Scan Type(s)] [Options] {target specification}
 TARGET SPECIFICATION:
   Can pass hostnames, IP addresses, networks, etc.
diff --git a/nmap_winconfig.h b/nmap_winconfig.h
index 7cb8ae636..fe7a1ea6e 100644
--- a/nmap_winconfig.h
+++ b/nmap_winconfig.h
@@ -104,7 +104,7 @@
 #ifndef NMAP_WINCONFIG_H
 #define NMAP_WINCONFIG_H
 
-#define NMAP_VERSION "4.00"
+#define NMAP_VERSION "4.01"
 #define NMAP_NAME "Nmap"
 #define NMAP_URL "http://www.insecure.org/nmap"
 #define NMAP_PLATFORM "i686-pc-windows-windows"
diff --git a/service_scan.cc b/service_scan.cc
index b65908d98..7acf32a28 100644
--- a/service_scan.cc
+++ b/service_scan.cc
@@ -1658,7 +1658,7 @@ static void adjustPortStateIfNeccessary(ServiceNFO *svc) {
   char host[128];
 
   if (svc->port->state == PORT_OPENFILTERED) {
-    svc->port->state = PORT_OPEN;
+    svc->target->ports.addPort(svc->portno, svc->proto, NULL, PORT_OPEN);
 
     if (o.verbose || o.debugging > 1) {
       svc->target->NameIP(host, sizeof(host));