From: Guus Sliepen Date: Tue, 23 Apr 2013 08:50:12 +0000 (+0200) Subject: Add links to DSA and sitsec.net regarding CVE-2013-1428. X-Git-Url: http://git.tinc-vpn.org/git/browse?a=commitdiff_plain;h=5edda89f2436166e66bc53d33e04b0c9aaa3b76b;p=wiki Add links to DSA and sitsec.net regarding CVE-2013-1428. --- diff --git a/security.mdwn b/security.mdwn index 1b10b33..04a940e 100644 --- a/security.mdwn +++ b/security.mdwn @@ -2,8 +2,10 @@ The following list contains advisories for security issues in tinc in old versions: -- [CVE-2013-1428](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1428): - to be published. +- [CVE-2013-1428](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1428), + [DSA-2663](http://www.debian.org/security/2013/dsa-2663), + [sitsec advisory](http://sitsec.net/blog/2013/04/22/stack-based-buffer-overflow-in-the-vpn-software-tinc-for-authenticated-peers): + stack based buffer overflow - [CVE-2002-1755](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1755): tinc 1.0pre3 and 1.0pre4 VPN do not authenticate forwarded packets, which allows remote attackers to inject data into user sessions without detection, and possibly control the data contents via cut-and-paste attacks on CBC.