Add everything for the 2.14.10 release
default tip
4 weeks ago, Gary Kramlich
Add everything for the 2.14.10 release

Testing Done:
ran `npm run hugo:server`

Reviewed at
title: cve-2013-6483-00
date: 2014-01-28T00:00:00.000Z
cveNumber: cve-2013-6483
summary: XMPP doesn't verify 'from' on some iq replies
discoveredBy: Fabian Yamaguchi and Christian Wressnegger of the University of Goettingen
fixedInRelease: 2.10.8
type: security
layout: cve
hidden: true
### Description
The XMPP protocol plugin failed to ensure that iq replies came from the person
they were sent to. A remote user could send a spoofed iq reply and attempt to
guess the iq id. This could allow an attacker to inject fake data or trigger a
null pointer dereference.
### Mitigation
Keep track of the 'to' when sending an iq stanza and make sure replies for a
given stanza ID come from the same address it was sent to.