From c2157a3c17003b0bc020987b5bcd104997c72b7b Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Mon, 22 Apr 2013 22:04:07 +0200 Subject: [PATCH] Fix links to CVEs. --- security.mdwn | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/security.mdwn b/security.mdwn index d6cdea0..1b10b33 100644 --- a/security.mdwn +++ b/security.mdwn @@ -2,11 +2,13 @@ The following list contains advisories for security issues in tinc in old versions: -- [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1428](CVE-2013-1428): +- [CVE-2013-1428](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1428): to be published. -- [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1755](CVE-2002-1755): + +- [CVE-2002-1755](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1755): tinc 1.0pre3 and 1.0pre4 VPN do not authenticate forwarded packets, which allows remote attackers to inject data into user sessions without detection, and possibly control the data contents via cut-and-paste attacks on CBC. -- [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1505](CVE-2001-1505): + +- [CVE-2001-1505](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1505): tinc 1.0pre3 and 1.0pre4 allow remote attackers to inject data into user sessions by sniffing and replaying packets. ## Possible weak keys generated by tinc on Debian (and derivates) due to a security bug in Debian's OpenSSL packages -- 2.20.1