From fcf94eb044c3aef8ea2b09e0e6eef5464abbe1f6 Mon Sep 17 00:00:00 2001
From: Vincent Bernat <vincent@bernat.ch>
Date: Wed, 13 Jan 2021 19:11:57 +0100
Subject: [PATCH] security: enhance description

---
 content/security.html | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/content/security.html b/content/security.html
index 5deb73ae..e745a9a9 100644
--- a/content/security.html
+++ b/content/security.html
@@ -10,11 +10,12 @@ directly.
 # Past vulnerabilities
 
  * [CVE-2020-27827][]: memory exhaustion attack through crafted LLDPU
-   with some duplicate TLVs. A remote device can send LLDPU with a
-   duplicate port description, system name, or system description TLV.
-   The vulnerability does not allow arbitrary code execution. This bug
-   is present since the initial release. It has been fixed in commit
-   [a8d3c90f][] and in version 1.0.8.
+   with duplicate TLVs. A remote device can send LLDPU with a
+   duplicate port description, system name, or system description TLV
+   and trigger a memory leak. The vulnerability does not allow
+   arbitrary code execution. This bug is present since the initial
+   release. It has been fixed in commit [a8d3c90f][] and in version
+   1.0.8.
 
  * [CVE-2015-8011][]: buffer overflow when handling management address
    TLV for LLDP. When a remote device was advertising a too large
-- 
2.39.5