[3/6] guacamole-website git commit: Document vulnerabilities fixed prior to Guacamole's move to the ASF.

[vn...@apache.org]

Document vulnerabilities fixed prior to Guacamole's move to the ASF.


Project: http://git-wip-us.apache.org/repos/asf/guacamole-website/repo
Commit: http://git-wip-us.apache.org/repos/asf/guacamole-website/commit/856c62b2
Tree: http://git-wip-us.apache.org/repos/asf/guacamole-website/tree/856c62b2
Diff: http://git-wip-us.apache.org/repos/asf/guacamole-website/diff/856c62b2

Branch: refs/heads/master
Commit: 856c62b20bfb742627dc898140f6781e81842c05
Parents: 172a5c3
Author: Michael Jumper <mj...@apache.org>
Authored: Sun Jan 7 19:39:34 2018 -0800
Committer: Michael Jumper <mj...@apache.org>
Committed: Sun Jan 7 19:42:51 2018 -0800

----------------------------------------------------------------------
 _security/CVE-2012-4415.md | 14 ++++++++++++++
 _security/CVE-2016-1566.md | 14 ++++++++++++++
 2 files changed, 28 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/guacamole-website/blob/856c62b2/_security/CVE-2012-4415.md
----------------------------------------------------------------------
diff --git a/_security/CVE-2012-4415.md b/_security/CVE-2012-4415.md
new file mode 100644
index 0000000..3e33a57
--- /dev/null
+++ b/_security/CVE-2012-4415.md
@@ -0,0 +1,14 @@
+---
+title: Buffer overflow in guac_client_plugin_open()
+cve:   CVE-2012-4415
+fixed: 0.6.3
+---
+
+A stack-based buffer overflow vulnerability was discovered in the
+`guac_client_plugin_open()` function in libguac in Guacamole before 0.6.3
+which could allow remote attackers to cause a denial of service (crash) or
+execute arbitrary code via a long protocol name.
+
+Acknowledgements: We would like to thank Timo Juhani Lindfors for reporting
+this issue.
+

http://git-wip-us.apache.org/repos/asf/guacamole-website/blob/856c62b2/_security/CVE-2016-1566.md
----------------------------------------------------------------------
diff --git a/_security/CVE-2016-1566.md b/_security/CVE-2016-1566.md
new file mode 100644
index 0000000..9328ee1
--- /dev/null
+++ b/_security/CVE-2016-1566.md
@@ -0,0 +1,14 @@
+---
+title: Stored cross-site scripting (XSS) in file browser
+cve:   CVE-2016-1566
+fixed: 0.9.9
+---
+
+A cross-site scripting (XSS) vulnerability was discovered through which files
+with specially-crafted filenames could lead to JavaScript execution if file
+transfer is enabled to a location which is shared by multiple users, and the
+filename is displayed within the file browser located within the Guacamole
+menu.
+
+Acknowledgements: We would like to thank Niv Levy for reporting this issue.
+