X-Git-Url: https://www.tinc-vpn.org/git/browse?a=blobdiff_plain;f=security.mdwn;h=aa05ea3cf998506847d14d67df6eb4d1ab2e09ec;hb=f90afaf581392621709b256a951b8905c0220dac;hp=53c001c375d5e61ebdb08b8b77de1c733101e712;hpb=b982f5b352d91fe8e2c57a3ea0903a42f06df392;p=wiki

diff --git a/security.mdwn b/security.mdwn
index 53c001c..aa05ea3 100644
--- a/security.mdwn
+++ b/security.mdwn
@@ -1,9 +1,15 @@
+## Reporting security issues
+
+In case you have found a security issue in tinc, please report it via email
+to Guus Sliepen <guus@tinc-vpn.org>, preferrably PGP encrypted.
+We will then try to get a CVE number assigned, and coordinate a bugfix release with major Linux distributions.
+
 ## Security advisories
 
 The following list contains advisories for security issues in tinc in old versions:
 
 - [CVE-2013-1428](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1428),
-  [DSA-2663](http://www.debian.org/security/2013/dsa-2663),
+  [DSA-2663](https://www.debian.org/security/2013/dsa-2663),
   [Sitsec advisory](http://sitsec.net/blog/2013/04/22/stack-based-buffer-overflow-in-the-vpn-software-tinc-for-authenticated-peers):
   stack based buffer overflow
 
@@ -18,7 +24,7 @@ The following list contains advisories for security issues in tinc in old versio
 For those who run tinc on Debian or Debian-based distributions like
 Ubuntu and Knoppix, be advised that the following security issue
 affects tinc as well:
-[http://www.debian.org/security/2008/dsa-1571](http://www.debian.org/security/2008/dsa-1571)
+[https://www.debian.org/security/2008/dsa-1571](https://www.debian.org/security/2008/dsa-1571)
 In short, if you generated public/private keypairs for tinc between
 2006 and May 7th, 2008 on a machine running Debian or a derivative,
 they may have been generated without a properly seeded random