Fix links to CVEs.

author Guus Sliepen <guus@tinc-vpn.org>

Mon, 22 Apr 2013 20:04:07 +0000 (22:04 +0200)

committer Guus Sliepen <guus@tinc-vpn.org>

Mon, 22 Apr 2013 20:04:07 +0000 (22:04 +0200)
author Guus Sliepen <guus@tinc-vpn.org>
Mon, 22 Apr 2013 20:04:07 +0000 (22:04 +0200)
committer Guus Sliepen <guus@tinc-vpn.org>
Mon, 22 Apr 2013 20:04:07 +0000 (22:04 +0200)
diff --git a/security.mdwn b/security.mdwn

index d6cdea0..1b10b33 100644 (file)
--- a/security.mdwn
+++ b/security.mdwn
@@ -2,11 +2,13 @@
  
  The following list contains advisories for security issues in tinc in old versions:
  
-- [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1428](CVE-2013-1428):
+- [CVE-2013-1428](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1428):
    to be published.
-- [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1755](CVE-2002-1755):
+
+- [CVE-2002-1755](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1755):
    tinc 1.0pre3 and 1.0pre4 VPN do not authenticate forwarded packets, which allows remote attackers to inject data into user sessions without detection, and possibly control the data contents via cut-and-paste attacks on CBC. 
-- [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1505](CVE-2001-1505):
+
+- [CVE-2001-1505](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1505):
    tinc 1.0pre3 and 1.0pre4 allow remote attackers to inject data into user sessions by sniffing and replaying packets. 
  
  ## Possible weak keys generated by tinc on Debian (and derivates) due to a security bug in Debian's OpenSSL packages
author	Guus Sliepen <guus@tinc-vpn.org>
	Mon, 22 Apr 2013 20:04:07 +0000 (22:04 +0200)
committer	Guus Sliepen <guus@tinc-vpn.org>
	Mon, 22 Apr 2013 20:04:07 +0000 (22:04 +0200)