chore: added links

content/posts/xz-backdoor/index.en.md

@@ -9,7 +9,7 @@ tags: [backdoor, CVE-2024-3094, xz, liblzma, supply-chain, security-engineering]
 
 As you probably already heard, the `xz` package got compromised. 
 
-The package was used as entrypoint to inject malicious code in sshd, altering the authentication flow. This forged vulnerability is now known as CVE-2024-3094.
+The package was used as entrypoint to inject malicious code in sshd, altering the authentication flow. This forged vulnerability is now known as [CVE-2024-3094](https://nvd.nist.gov/vuln/detail/CVE-2024-3094).
 <!--more--> 
 
 {{< admonition type=tip title="Note" open=true >}}
@@ -27,7 +27,7 @@ Check the Resources section for a link to an article with a detailed timeline
 {{< /admonition >}}
 
 - __2023__: 
-    - A new maintainer shows up in the `xz` project.
+    - A new maintainer shows up in the `xz` project
 - __29 Mar 2024__: 
     - Andres Freund sent an email to the oss-security security regarding a backdoor in `xz/liblzma`. 
     He was optimizing his infrastructure and found that ssh was  suspiciously slow. Some debug later he found the issue was likely caused by the backdoor. The initial analysis was performed with the help of Florian Weimer.
@@ -45,13 +45,14 @@ The extent of this breach is still unkown, but here is a (partial) list of compo
 
 Distributions:
 - Arch
+- [Debian Sid](https://security-tracker.debian.org/tracker/CVE-2024-3094)
 - Gentoo
 - Manjaro Testing
 - Parabola
 - NixOS Unstable
 - Slackware
-- SUSE Thumbleweed
-- Kali Linux
+- [SUSE Tumbleweed](https://news.opensuse.org/2024/03/29/xz-backdoor/)
+- [Kali Linux](https://infosec.exchange/@kalilinux/112180505434870941)
 
 The backdoored package is also contained in the following package managers:
 - Homebrew