Add links to DSA and sitsec.net regarding CVE-2013-1428.

author Guus Sliepen <guus@tinc-vpn.org>

Tue, 23 Apr 2013 08:50:12 +0000 (10:50 +0200)

committer Guus Sliepen <guus@tinc-vpn.org>

Tue, 23 Apr 2013 08:50:12 +0000 (10:50 +0200)
author Guus Sliepen <guus@tinc-vpn.org>
Tue, 23 Apr 2013 08:50:12 +0000 (10:50 +0200)
committer Guus Sliepen <guus@tinc-vpn.org>
Tue, 23 Apr 2013 08:50:12 +0000 (10:50 +0200)
diff --git a/security.mdwn b/security.mdwn

index 1b10b33..04a940e 100644 (file)
--- a/security.mdwn
+++ b/security.mdwn
@@ -2,8 +2,10 @@
  
  The following list contains advisories for security issues in tinc in old versions:
  
-- [CVE-2013-1428](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1428):
-  to be published.
+- [CVE-2013-1428](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1428),
+  [DSA-2663](http://www.debian.org/security/2013/dsa-2663),
+  [sitsec advisory](http://sitsec.net/blog/2013/04/22/stack-based-buffer-overflow-in-the-vpn-software-tinc-for-authenticated-peers):
+  stack based buffer overflow
  
  - [CVE-2002-1755](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1755):
    tinc 1.0pre3 and 1.0pre4 VPN do not authenticate forwarded packets, which allows remote attackers to inject data into user sessions without detection, and possibly control the data contents via cut-and-paste attacks on CBC.
author	Guus Sliepen <guus@tinc-vpn.org>
	Tue, 23 Apr 2013 08:50:12 +0000 (10:50 +0200)
committer	Guus Sliepen <guus@tinc-vpn.org>
	Tue, 23 Apr 2013 08:50:12 +0000 (10:50 +0200)