https://wiki.archlinux.org/api.php?action=feedcontributions&user=Anthraxx&feedformat=atom
ArchWiki - User contributions [en]
2024-03-28T20:37:54Z
User contributions
MediaWiki 1.41.0
https://wiki.archlinux.org/index.php?title=DeveloperWiki_talk:Project_Leader&diff=773169
DeveloperWiki talk:Project Leader
2023-03-18T15:14:06Z
<p>Anthraxx: /* Typo */ strike out the closed discussion and fix the signature position -- as forgotten in the last edit</p>
<hr />
<div>==IRV is not a great voting system==<br />
<br />
While Instant-Runoff Voting is less-bad than First-Past-the-Post, there are still many serious problems with it. [https://rangevoting.org/rangeVirv.html This article] goes into substantial detail about them, and may be worth a read. Ultimately, though, it is of course not for me, but for y'all to decide what works best for you. Hope this helps, ⟨Sweyn78⟩ 06:13, 26 February 2020 (UTC)<br />
<br />
== <s>Typo</s> ==<br />
<br />
In the last sentence of the article a full-width apostrophe {{ic|’}} is used. It should be {{ic|'}} instead.<br />
[[User:Newiz|Newiz]] ([[User talk:Newiz|talk]]) 07:30, 3 March 2023 (UTC)<br />
<br />
:Typo corrected in latest version of the article. Thank you very much for reporting. -- [[User:Anthraxx|Anthraxx]] ([[User talk:Anthraxx|talk]]) 15:04, 18 March 2023 (UTC)</div>
Anthraxx
https://wiki.archlinux.org/index.php?title=DeveloperWiki_talk:Project_Leader&diff=773168
DeveloperWiki talk:Project Leader
2023-03-18T15:05:33Z
<p>Anthraxx: response to the typo report</p>
<hr />
<div>==IRV is not a great voting system==<br />
<br />
While Instant-Runoff Voting is less-bad than First-Past-the-Post, there are still many serious problems with it. [https://rangevoting.org/rangeVirv.html This article] goes into substantial detail about them, and may be worth a read. Ultimately, though, it is of course not for me, but for y'all to decide what works best for you. Hope this helps, ⟨Sweyn78⟩ 06:13, 26 February 2020 (UTC)<br />
<br />
== Typo ==<br />
<br />
In the last sentence of the article a full-width apostrophe {{ic|’}} is used. It should be {{ic|'}} instead.<br />
[[User:Newiz|Newiz]] ([[User talk:Newiz|talk]]) 07:30, 3 March 2023 (UTC)<br />
<br />
-- [[User:Anthraxx|Anthraxx]] ([[User talk:Anthraxx|talk]]) 15:04, 18 March 2023 (UTC)<br />
<br />
:Typo corrected in latest version of the article. Thank you very much for reporting.</div>
Anthraxx
https://wiki.archlinux.org/index.php?title=DeveloperWiki:Project_Leader&diff=773167
DeveloperWiki:Project Leader
2023-03-18T15:00:30Z
<p>Anthraxx: typo: In the last sentence of the article a full-width apostrophe ’ is used. It should be ' instead.</p>
<hr />
<div>[[Category:DeveloperWiki]]<br />
== Project Leader ==<br />
<br />
=== Roles ===<br />
<br />
The Arch Linux Leader will have the following roles:<br />
<br />
==== Decision making ====<br />
<br />
The Leader will serve to make decisions on any aspect of the distribution that fails to reach consensus on the mailing lists. Here consensus is defined by the absence of sustained opposition to substantial issues by the concerned parties and by a process that involves seeking to take into account the views of all parties concerned and to reconcile any conflicting arguments. Consensus does not imply unanimity. A clear and concise description of the competing options will be provided to the leader by a single representative of each viewpoint prior to decisions being made, to ensure the Leader is well informed prior to decision making.<br />
<br />
==== Financial ====<br />
<br />
The Leader serves as the Arch Linux representative on the [[Wikipedia:Software in the Public Interest|SPI]], and approves all spending from the Arch Linux account. The Leader will inform the team yearly (to coincide with the release of the SPI report) on the status of Arch Linux finances.<br />
<br />
==== Legal ====<br />
<br />
The leader is the Arch Linux representative in all legal matters. The primary responsibility of the Leader in this role is holding the [[DeveloperWiki:TrademarkPolicy|Arch Linux Trademark]]. They will be in charge of handling trademark requests and related issues.<br />
<br />
==== Project management ====<br />
<br />
The Leader oversee the progress of projects with distribution-wide effect. Regular census of planned and on-going projects will be performed, with action taken to ensure these projects run to completion, whether to full implementation or making a decision regarding abandonment.<br />
<br />
=== Election ===<br />
<br />
The role of Arch Linux Leader is determined by a vote among eligible members of the Arch Linux Team.<br />
<br />
==== Nomination ====<br />
<br />
Nomination of candidates will take place in a two week period prior to voting. Nominations require support of two members of the Arch Linux Team, which may include the nominee. If the nominee is neither of the nominators, then they must also agree to be nominated. All Team members are eligible for nomination.<br />
<br />
==== Voting ====<br />
<br />
When more than two candidates are nominated, voting will be conducted using the [[Wikipedia:Instant-runoff voting|instant-runoff voting]] system. Ballots with candidates ranked in order of preference will be collected and tallied by a member of the Team who is neither a candidate, nor has nominated a candidate. Voting shall take place over a two week period, with no quorum in effect.<br />
<br />
Team members eligible for voting are:<br />
<br />
* Arch Linux Developers<br />
* Arch Linux Trusted Users<br />
* Arch Linux Support Staff<br />
<br />
The complete list of individuals in these roles is defined on the Arch Linux website, fixed at the beginning of the voting period. People who have roles in multiple of these categories are only eligible to vote once.<br />
<br />
After the winner has been determined, the Arch Linux Developers, can enact their right to veto. This veto decision must be made within 14 days of the election. In case of a veto, the current winner is removed from the list of candidates and a new winner is determined based on the remaining votes. Then the veto process is restarted with this new winner. If there are no more candidates on the list, the whole nomination and voting process is restarted.<br />
<br />
A veto can be proposed by any developer on the arch-dev mailing list and needs initial support by at least one other developer. A decision on the veto is then reached by the usual developer decision making process. If two weeks pass without a veto from the developer team, the previous leader (or a representative) publicly announce the new leader. If no veto discussion has been initiated within one week of the election, the developer team can decide to announce the leader ahead of time, thereby refraining from their right to veto.<br />
<br />
==== Triggering of elections ====<br />
<br />
The election of the Arch Linux Leader can triggered by any of the following conditions:<br />
<br />
* The Leader reaches the end of their term (defined below),<br />
* The Leader dies,<br />
* The Leader calls for an early election,<br />
* The Leader resigns, or<br />
* A vote is successfully held to remove the Leader from their position.<br />
<br />
A successful vote for removal of a leader must satisfy the following conditions:<br />
<br />
* A two-thirds majority is achieved in favour of removal<br />
* A quorum of 50% of eligible voters (as defined above) is achieved<br />
<br />
==== Term lengths and re-election ====<br />
<br />
The term length for the Arch Linux Leader is set to a default of 2 years. A Leader may seek reelection an unlimited number of times. Calling an early election does not affect the Leader's ability to seek reelection.</div>
Anthraxx
https://wiki.archlinux.org/index.php?title=PKGBUILD&diff=620592
PKGBUILD
2020-06-17T18:26:28Z
<p>Anthraxx: clarify why first level dependencies shall be declared and in turn omitting transitively pulled in dependencies may lead to great havoc</p>
<hr />
<div>[[Category:Package development]]<br />
[[cs:PKGBUILD]]<br />
[[da:PKGBUILD]]<br />
[[el:PKGBUILD]]<br />
[[es:PKGBUILD]]<br />
[[fa:PKGBUILD]]<br />
[[fr:PKGBUILD]]<br />
[[it:PKGBUILD]]<br />
[[ja:PKGBUILD]]<br />
[[pl:PKGBUILD]]<br />
[[pt:PKGBUILD]]<br />
[[ru:PKGBUILD]]<br />
[[sr:PKGBUILD]]<br />
[[zh-hans:PKGBUILD]]<br />
[[zh-hant:PKGBUILD]]<br />
{{Related articles start}}<br />
{{Related|Arch packaging standards}}<br />
{{Related|Creating packages}}<br />
{{Related|.SRCINFO}}<br />
{{Related|Arch User Repository}}<br />
{{Related|:Category:Package development}}<br />
{{Related|Arch Build System}}<br />
{{Related|makepkg}}<br />
{{Related articles end}}<br />
<br />
This article discusses variables definable by the maintainer in a {{ic|PKGBUILD}}. For information on the {{ic|PKGBUILD}} functions and creating packages in general, refer to [[Creating packages]]. Also read {{man|5|PKGBUILD}}.<br />
<br />
A {{ic|PKGBUILD}} is a shell script containing the build information required by [[Arch Linux]] packages.<br />
<br />
Packages in Arch Linux are built using the [[makepkg]] utility. When ''makepkg'' is run, it searches for a {{ic|PKGBUILD}} file in the current directory and follows the instructions therein to either compile or otherwise acquire the files to build a package archive ({{ic|''pkgname''.pkg.tar.xz}}). The resulting package contains binary files and installation instructions, readily installable with [[pacman]].<br />
<br />
Mandatory variables are {{ic|pkgname}}, {{ic|pkgver}}, {{ic|pkgrel}}, and {{ic|arch}}. {{ic|license}} is not strictly necessary to build a package, but is recommended for any {{ic|PKGBUILD}} shared with others, as ''makepkg'' will produce a warning if not present.<br />
<br />
It is a common practice to define the variables in the {{ic|PKGBUILD}} in same order as given here. However, this is not mandatory, as long as correct [[Bash]] syntax is used.<br />
<br />
{{Tip|Use [[namcap]] to check {{ic|PKGBUILD}}s for common packaging mistakes.}}<br />
<br />
== Package name ==<br />
<br />
=== pkgbase ===<br />
<br />
When building regular packages, this variable should not be explicitly declared in the {{ic|PKGBUILD}}: its value defaults to that of [[#pkgname]].<br />
<br />
When building a [https://jlk.fjfi.cvut.cz/arch/manpages/man/PKGBUILD.5#PACKAGE_SPLITTING split package], this variable can be used to explicitly specify the name to be used to refer to the group of packages in the output of ''makepkg'' and in the naming of source-only tarballs. The value is not allowed to begin with a hyphen. If not specified, the value will default to the first element in the {{ic|pkgname}} array.<br />
<br />
All options and directives for split packages default to the global values given in the {{ic|PKGBUILD}}. Nevertheless, the following ones can be overridden within each split package’s packaging function: [[#pkgdesc]], [[#arch]], [[#url]], [[#license]], [[#groups]], [[#depends]], [[#optdepends]], [[#provides]], [[#conflicts]], [[#replaces]], [[#backup]], [[#options]], [[#install]], and [[#changelog]].<br />
<br />
=== pkgname ===<br />
<br />
Either the name of the package, e.g. {{ic|1=pkgname='foo'}}, or, for split packages, an array of names, e.g. {{ic|1=pkgname=('foo' 'bar')}}. Package names should only consist of lowercase alphanumerics and the following characters: {{ic|@._+-}} (at symbol, dot, underscore, plus, hyphen). Names are not allowed to start with hyphens or dots. For the sake of consistency, {{ic|pkgname}} should match the name of the source tarball of the software: for instance, if the software is in {{ic|foobar-2.5.tar.gz}}, use {{ic|1=pkgname=foobar}}.<br />
<br />
== Version ==<br />
<br />
=== pkgver ===<br />
<br />
The version of the package. This should be the same as the version published by the author of the upstream software. It can contain letters, numbers, periods and underscores, but '''not''' a hyphen ({{ic|-}}). If the author of the software uses one, replace it with an underscore ({{ic|_}}). If the {{ic|pkgver}} variable is used later in the {{ic|PKGBUILD}}, then the underscore can easily be substituted for a hyphen, e.g. {{ic|1=source=("$pkgname-${pkgver//_/-}.tar.gz")}}.<br />
<br />
{{Note|If upstream uses a timestamp versioning such as {{ic|30102014}}, ensure to use the reversed date, i.e. {{ic|20141030}} ([[Wikipedia:ISO 8601|ISO 8601]] format). Otherwise it will not appear as a newer version.}}<br />
<br />
{{Tip|<br />
* The ordering of uncommon values can be tested with {{man|8|vercmp}}, which is provided by the [[pacman]] package.<br />
* [[makepkg]] can automatically [http://allanmcrae.com/2013/04/pacman-4-1-released/ update] this variable by defining a {{ic|pkgver()}} function in the {{ic|PKGBUILD}}. See [[VCS package guidelines#The pkgver() function]] for details.<br />
}}<br />
<br />
=== pkgrel ===<br />
<br />
The release number. This is usually a positive integer number that allows to differentiate between consecutive builds of the same version of a package. As fixes and additional features are added to the {{ic|PKGBUILD}} that influence the resulting package, the {{ic|pkgrel}} should be incremented by 1. When a new version of the software is released, this value must be reset to 1. In exceptional cases other formats can be found in use, such as ''major.minor''.<br />
<br />
=== epoch ===<br />
<br />
{{Warning|{{ic|epoch}} should only be used when absolutely required to do so.}}<br />
<br />
Used to force the package to be seen as newer than any previous version with a lower epoch. This value is required to be a non-negative integer; the default is 0. It is used when the version numbering scheme of a package changes (or is alphanumeric), breaking normal version comparison logic. For example:<br />
<br />
{{hc|1=<br />
pkgver=5.13<br />
pkgrel=2<br />
epoch=1<br />
|2=<br />
1:5.13-2<br />
}}<br />
<br />
See {{man|8|pacman}} for more information on version comparisons.<br />
<br />
== Generic ==<br />
<br />
=== pkgdesc ===<br />
<br />
The description of the package. This is recommended to be 80 characters or less and should not include the package name in a self-referencing way, unless the application name differs from the package name. For example, use {{ic|1=pkgdesc="Text editor for X11"}} instead of {{ic|1=pkgdesc="Nedit is a text editor for X11"}}.<br />
<br />
Also it is important to use keywords wisely to increase the chances of appearing in relevant search queries.<br />
<br />
=== arch ===<br />
<br />
An array of architectures that the {{ic|PKGBUILD}} is intended to build and work on. Arch officially supports only {{ic|x86_64}}, but other projects may support other architectures. For example, [https://archlinux32.org/ Arch Linux 32] provides support for {{ic|i686}} and [http://archlinuxarm.org/ Arch Linux ARM] provides support for {{ic|arm}} (armv5), {{ic|armv6h}} (armv6 hardfloat), {{ic|armv7h}} (armv7 hardfloat), and {{ic|aarch64}} (armv8 64-bit).<br />
<br />
There are two types of values the array can use:<br />
<br />
* {{ic|1=arch=('any')}} indicates the package can be built once on any architecture, and once built, is architecture-independent in its compiled state (shell scripts, fonts, themes, many types of extensions, etc.).<br />
<br />
* {{ic|1=arch=('x86_64')}} with one or more architectures indicates the package can be compiled for any of the specified architectures, but is architecture-specific once compiled. For these packages, specify all architectures that the {{ic|PKGBUILD}} officially supports. For official repository and AUR packages, this means ''x86_64''. Optionally, AUR packages may choose to additionally support other known working architectures.<br />
<br />
The target architecture can be accessed with the variable {{ic|$CARCH}} during a build.<br />
<br />
=== url ===<br />
<br />
The URL of the official site of the software being packaged.<br />
<br />
=== license ===<br />
<br />
The license under which the software is distributed. The {{pkg|licenses}} package (a dependency of the {{Pkg|base}} [[meta package]]) contains many commonly used licenses, which are installed under {{ic|/usr/share/licenses/common/}}. If a package is licensed under one of these licenses, the value should be set to the directory name, e.g. {{ic|1=license=('GPL')}}. If the appropriate license is not included, several things must be done:<br />
<br />
# Add {{ic|custom}} to the {{ic|license}} array. Optionally, you can replace {{ic|custom}} with {{ic|custom:''name of license''}}. Once a license is used in two or more packages in an official repository (including [[community repository|community]]), it becomes a part of the {{Pkg|licenses}} package.<br />
# Install the license in: {{ic|/usr/share/licenses/''pkgname''/}}, e.g. {{ic|/usr/share/licenses/foobar/LICENSE}}. One good way to do this is by using: {{bc|install -Dm644 LICENSE "$pkgdir/usr/share/licenses/$pkgname/LICENSE"}}<br />
# If the license is only found in a website, then you need to separately include it in the package.<br />
<br />
* The [[Wikipedia:BSD License|BSD]], [[Wikipedia:ISC license|ISC]], [[Wikipedia:MIT License|MIT]], [[Wikipedia:ZLIB license|zlib/png]], [[Wikipedia:Python License|Python]] and [[Wikipedia:SIL Open Font License|OFL]] licenses are special cases and could not be included in the {{pkg|licenses}} package. For the sake of the {{ic|license}} array, it is treated as a common license ({{ic|1=license=('BSD')}}, {{ic|1=license=('ISC')}}, {{ic|1=license=('MIT')}}, {{ic|1=license=('ZLIB')}}, {{ic|1=license=('Python')}}, and {{ic|1=license=('OFL')}}), but technically each one is a custom license, because each one has its own copyright line. Any package licensed under these five should have its own unique license file stored in {{ic|/usr/share/licenses/''pkgname''/}}.<br />
* Some packages may not be covered by a single license. In these cases, multiple entries may be made in the {{ic|license}} array, e.g. {{ic|1=license=('GPL' 'custom:''name of license''')}}.<br />
* (L)GPL has many versions and permutations of those versions. For (L)GPL software, the convention is:<br />
** (L)GPL — (L)GPLv2 or any later version<br />
** (L)GPL2 — (L)GPL2 only<br />
** (L)GPL3 — (L)GPL3 or any later version<br />
* If after researching the issue no license can be determined, [https://projects.archlinux.org/pacman.git/tree/proto/PKGBUILD.proto PKGBUILD.proto] suggests using {{ic|unknown}}. However, upstream should be contacted about the conditions under which the software is (and is not) available.<br />
<br />
{{Tip|Some software authors do not provide separate license file and describe distribution rules in section of common {{ic|ReadMe.txt}}. This information can be extracted to a separate file during {{ic|build()}} with something like {{ic|sed -n '/'''This software'''/,/''' thereof.'''/p' ReadMe.txt > LICENSE}}}}<br />
<br />
See also [[Nonfree applications package guidelines]].<br />
<br />
Additional information and perspectives on free and open source software licenses may be found on the following pages:<br />
<br />
* [[Wikipedia:Free software licence]]<br />
* [[Wikipedia:Comparison of free and open-source software licenses]]<br />
* [https://www.softwarefreedom.org/resources/2008/foss-primer.html A Legal Issues Primer for Open Source and Free Software Projects]<br />
* [https://www.gnu.org/licenses/license-list.html GNU Project - Various Licenses and Comments about Them]<br />
* [https://www.debian.org/legal/licenses/ Debian - License information]<br />
* [http://www.opensource.org/licenses/alphabetical Open Source Initiative - Licenses by Name]<br />
<br />
=== groups ===<br />
<br />
The [[Package group|group]] the package belongs in. For instance, when installing {{Grp|plasma}}, it installs all packages belonging in that group.<br />
<br />
== Dependencies ==<br />
<br />
{{Note|Additional architecture-specific arrays can be added by appending an underscore and the architecture name, e.g. {{ic|1=optdepends_x86_64=()}}.<br />
}}<br />
<br />
=== depends ===<br />
<br />
An array of packages that must be installed for the software to build '''and''' run. Dependencies defined inside the {{ic|package()}} function are only required to run the software.<br />
<br />
Version restrictions can be specified with comparison operators, e.g. {{ic|1=depends=('foobar>=1.8.0')}}; if multiple restrictions are needed, the dependency can be repeated for each, e.g. {{ic|1=depends=('foobar>=1.8.0' 'foobar<2.0.0')}}. <br />
<br />
The {{ic|depends}} array shall list all direct first level dependencies even when some are already declare transitively. If the package ''foo'' depends on both ''bar'' and ''baz'', and the ''bar'' package used to depend on ''baz'' too, it will ultimately lead to non desired behavior if ''bar'' stops pulling in ''baz''. This can lead to broken packages/systems in terms of unusable software as ''baz'' may be missing on a user system. Furthermore, this could lead to side-effects in build time optional features such as disabling desired features that were enabled before.<br />
<br />
If the dependency name appears to be a library, e.g. {{ic|1=depends=('libfoobar.so')}}, makepkg will try to find a binary that depends on the library in the built package and append the version needed by the binary. Appending the version yourself disables automatic detection, e.g. {{ic|1=depends=('libfoobar.so=2')}}.<br />
<br />
=== optdepends ===<br />
<br />
An array of packages that are not needed for the software to function, but provide additional features. This may imply that not all executables provided by a package will function without the respective optdepends.[https://lists.archlinux.org/pipermail/arch-general/2014-December/038124.html] If the software works on multiple alternative dependencies, all of them can be listed here, instead of the {{ic|depends}} array.<br />
<br />
A short description of the extra functionality each optdepend provides should also be noted:<br />
<br />
optdepends=('cups: printing support'<br />
'sane: scanners support'<br />
'libgphoto2: digital cameras support'<br />
'alsa-lib: sound support'<br />
'giflib: GIF images support'<br />
'libjpeg: JPEG images support'<br />
'libpng: PNG images support')<br />
<br />
=== makedepends ===<br />
<br />
An array of packages that are '''only''' required to build the software. The minimum dependency version can be specified in the same format as in the {{ic|depends}} array. The packages in the {{ic|depends}} array are implicitly required to build the package, they should not be duplicated here.<br />
<br />
{{Tip|The following can be used to check whether a particular package is either in the {{Grp|base-devel}} group or is pulled in by a member of the group:<br />
<br />
<nowiki>$ LC_ALL=C pacman -Si $(pactree -rl ''package'') 2>/dev/null | grep -q "^Groups *:.*base-devel"</nowiki><br />
<br />
}}<br />
<br />
{{Note|The group {{Grp|base-devel}} is assumed to be already installed when building with ''makepkg''. Members of this group '''should not''' be included in {{ic|makedepends}} array.}}<br />
<br />
=== checkdepends ===<br />
<br />
An array of packages that the software depends on to run its test suite, but are not needed at runtime. Packages in this list follow the same format as {{ic|depends}}. These dependencies are only considered when the [[Creating packages#check()|check()]] function is present and is to be run by makepkg. <br />
<br />
{{Note|The group {{Grp|base-devel}} is assumed to be already installed when building with ''makepkg''. Members of this group '''should not''' be included in {{ic|checkdepends}} array.}}<br />
<br />
== Package relations ==<br />
<br />
{{Note|Additional architecture-specific arrays can be added by appending an underscore and the architecture name, e.g. {{ic|1=conflicts_x86_64=()}}.}}<br />
<br />
=== provides ===<br />
<br />
An array of additional packages that the software provides the features of (or a virtual package such as {{ic|cron}} or {{ic|sh}}). Packages providing the same item can be installed side-by-side, unless at least one of them uses a {{ic|conflicts}} array.<br />
<br />
{{Note|The version that the package provides should be mentioned ({{ic|pkgver}} and potentially the {{ic|pkgrel}}), in case packages referencing the software require one. For instance, a modified ''qt'' package version 3.3.8, named ''qt-foobar'', should use {{ic|1=provides=('qt=3.3.8')}}; omitting the version number would cause the dependencies that require a specific version of ''qt'' to fail. Do not add {{ic|pkgname}} to the {{ic|provides}} array, as it is done automatically.}}<br />
<br />
=== conflicts ===<br />
<br />
An array of packages that conflict with, or cause problems with the package, if installed. All these packages and packages providing this item will need to be removed. The version properties of the conflicting packages can also be specified in the same format as the {{ic|depends}} array.<br />
<br />
This means when you write a package for which an alternate version is available (be it in the official repositories or in the [[AUR]]) and your package conflicts that version, you need to put the other versions in your {{ic|conflicts}} array as well.<br />
<br />
However, there is an exception to this rule. Defining conflicting packages in all directions is not always applicable especially if all these packages are maintained by different people. Indeed, having to contact all package maintainers of packages conflicting with your own version and ask them to include your package name in their {{ic|conflicts}} array is a cumbersome process.<br />
<br />
This is why, in this context, if your package {{ic|provides}} a feature and another package {{ic|provides}} the same feature, you do not need to specify that conflicting package in your {{ic|conflicts}} array. Let us take a concrete example:<br />
<br />
* {{pkg|netbeans}} implicitly provides {{ic|netbeans}} as the {{ic|pkgname}} itself<br />
* {{aur|netbeans-javase}} provides {{ic|netbeans}} and conflicts with {{ic|netbeans}}<br />
* {{aur|netbeans-php}} provides {{ic|netbeans}} and conflicts with {{ic|netbeans}} but does not need to conflict with {{aur|netbeans-javase}} since pacman is smart enough to figure out these packages are incompatible as they provide the same feature and are in conflict with it.<br />
:The same applies in the reverse order: {{aur|netbeans-javase}} does not need to conflict with {{aur|netbeans-php}}, because they provide the same feature.<br />
<br />
=== replaces ===<br />
<br />
An array of obsolete packages that are replaced by the package, e.g. {{pkg|wireshark-qt}} uses {{ic|1=replaces=('wireshark')}}. When syncing, ''pacman'' will immediately replace an installed package upon encountering another package with the matching {{ic|replaces}} in the repositories. If providing an alternate version of an already existing package or uploading to the AUR, use the {{ic|conflicts}} and {{ic|provides}} arrays, which are only evaluated when actually installing the conflicting package.<br />
<br />
== Others ==<br />
<br />
=== backup ===<br />
<br />
An array of files that can contain user-made changes and should be preserved during upgrade or removal of a package, primarily intended for configuration files in {{ic|/etc}}.<br />
<br />
Files in this array should use '''relative''' paths without the leading slash ({{ic|/}}) (e.g. {{ic|etc/pacman.conf}}, instead of {{ic|/etc/pacman.conf}}).<br />
<br />
When updating, new versions may be saved as {{ic|file.pacnew}} to avoid overwriting a file which already exists and was previously modified by the user. Similarly, when the package is removed, user-modified files will be preserved as {{ic|file.pacsave}} unless the package was removed with the {{ic|pacman -Rn}} command.<br />
<br />
See also [[Pacnew and Pacsave files]].<br />
<br />
=== options ===<br />
<br />
This array allows overriding some of the default behavior of ''makepkg'', defined in {{ic|/etc/makepkg.conf}}. To set an option, include the name in the array. To disable an option, place an '''{{ic|!}}''' before it.<br />
<br />
The full list of the available options can be found in {{man|5|PKGBUILD}}.<br />
<br />
=== install ===<br />
<br />
The name of the ''.install'' script to be included in the package. This should be the same as {{ic|pkgname}}. ''pacman'' has the ability to store and execute a package-specific script when it installs, removes or upgrades a package. The script contains the following functions which run at different times:<br />
<br />
* {{ic|pre_install}} — The script is run right before files are extracted. One argument is passed: new package version.<br />
* {{ic|post_install}} — The script is run right after files are extracted. One argument is passed: new package version.<br />
* {{ic|pre_upgrade}} — The script is run right before files are extracted. Two arguments are passed in the following order: new package version, old package version.<br />
* {{ic|post_upgrade}} — The script is run right after files are extracted. Two arguments are passed in the following order: new package version, old package version.<br />
* {{ic|pre_remove}} — The script is run right before files are removed. One argument is passed: old package version.<br />
* {{ic|post_remove}} — The script is run right after files are removed. One argument is passed: old package version.<br />
<br />
Each function is run [[chroot]]ed inside the ''pacman'' install directory. See [https://bbs.archlinux.org/viewtopic.php?pid=913891 this thread].<br />
<br />
{{Tip|<br />
* A prototype ''.install'' is provided at [https://projects.archlinux.org/pacman.git/plain/proto/proto.install /usr/share/pacman/proto.install].<br />
* [[pacman#Hooks]] provide similar functionality.<br />
}}<br />
<br />
{{Note|Do not end the script with {{ic|exit}}. This would prevent the contained functions from executing.}}<br />
<br />
=== changelog ===<br />
<br />
The name of the package changelog. To view changelogs for installed packages (that have this file):<br />
<br />
$ pacman -Qc ''pkgname''<br />
<br />
== Sources ==<br />
<br />
=== source ===<br />
<br />
An array of files needed to build the package. It must contain the location of the software source, which in most cases is a full HTTP or FTP URL. The previously set variables {{ic|pkgname}} and {{ic|pkgver}} can be used effectively here; e.g. {{ic|<nowiki>source=("https://example.com/$pkgname-$pkgver.tar.gz")</nowiki>}}.<br />
<br />
Files can also be supplied in the same directory where the {{ic|PKGBUILD}} is located, and their names added to this array. Before the actual build process starts, all the files referenced in this array will be downloaded or checked for existence, and ''makepkg'' will not proceed if any is missing.<br />
<br />
''.install'' files are recognized automatically by ''makepkg'' and should not be included in the source array. Files in the source array with extensions ''.sig'', ''.sign'', or ''.asc'' are recognized by ''makepkg'' as PGP signatures and will be automatically used to verify the integrity of the corresponding source file.<br />
<br />
{{Warning|The downloaded source filename must be unique because the [[makepkg#Package_output|SRCDEST]] directory can be the same for all packages. For instance, using the version number of the project as a filename potentially conflicts with other projects with the same version number. In this case, the alternative unique filename to be used is provided with the syntax {{ic|1=source=(<nowiki>'</nowiki>''unique_package_name'''''::'''''file_uri''<nowiki>'</nowiki>)}}; e.g. {{ic|<nowiki>source=("$pkgname-$pkgver.tar.gz::https://github.com/coder/program/archive/v$pkgver.tar.gz")</nowiki>}}.<br />
}}<br />
<br />
{{Tip|<br />
* Additional architecture-specific arrays can be added by appending an underscore and the architecture name, e.g. {{ic|1=source_x86_64=()}}. There must be a corresponding integrity array with checksums, e.g. {{ic|1=sha256sums_x86_64=()}}.<br />
* Some servers restrict download by filtering the ''User-Agent'' string of the client, this can be circumvented with [[Nonfree applications package guidelines#Custom DLAGENTS|DLAGENTS]].}}<br />
<br />
=== noextract ===<br />
<br />
An array of files listed under {{ic|source}}, which should not be extracted from their archive format by [[makepkg]]. This can be used with archives that cannot be handled by {{ic|/usr/bin/bsdtar}} or those that need to be installed as-is. If an alternative unarchiving tool is used (e.g. {{Pkg|lrzip}}), it should be added in the {{ic|makedepends}} array and the first line of the [[Creating packages#prepare()|prepare()]] function should extract the source archive manually; for example:<br />
<br />
prepare() {<br />
lrzip -d ''source''.tar.lrz<br />
}<br />
<br />
Note that while the {{ic|source}} array accepts URLs, {{ic|noextract}} is '''just''' the file name portion:<br />
<br />
<nowiki>source=("http://foo.org/bar/foobar.tar.xz")</nowiki><br />
noextract=('foobar.tar.xz')<br />
<br />
To extract ''nothing'', you can do something like this:<br />
<br />
* If {{ic|source}} contains only plain URLs without custom file names, strip the source array before the last slash:<br />
: {{bc|1=noextract=("${source[@]##*/}")}}<br />
* If {{ic|source}} contains only entries with custom file names, strip the source array after the {{ic|::}} separator (taken from [https://projects.archlinux.org/svntogit/packages.git/tree/trunk/PKGBUILD?h=packages/firefox-i18n#n123 firefox-i18n's PKGBUILD]):<br />
: {{bc|1=noextract=("${source[@]%%::*}")}}<br />
<br />
=== validpgpkeys ===<br />
<br />
An array of PGP fingerprints. If used, ''makepkg'' will only accept signatures from the keys listed here and will ignore the trust values from the keyring. If the source file was signed with a subkey, ''makepkg'' will still use the primary key for comparison.<br />
<br />
Only full fingerprints are accepted. They must be uppercase and must not contain whitespace characters.<br />
<br />
{{Note|You can use {{ic|gpg --list-keys --fingerprint <KEYID>}} to find out the fingerprint of the appropriate key.}}<br />
<br />
Please read [[makepkg#Signature checking]] for more information.<br />
<br />
== Integrity ==<br />
<br />
These variables are arrays whose items are checksum strings that will be used to verify the integrity of the respective files in the [[#source|source]] array. You can also insert {{ic|SKIP}} for a particular file, and its checksum will not be tested.<br />
<br />
The checksum type and values should always be those provided by upstream, such as in release announcements. When multiple types are available, the strongest checksum is to be preferred: {{ic|sha256}} over {{ic|sha1}}, and {{ic|sha1}} over {{ic|md5}}. This best ensures the integrity of the downloaded files, from upstream's announcement to package building.<br />
<br />
{{Note|Additionally, when upstream makes [[w:Digital signature|digital signatures]] available, the signature files should be added to the [[#source|source]] array and the PGP key fingerprint to the [[#validpgpkeys|validpgpkeys]] array. This allows authentication of the files at build time.}}<br />
<br />
The values for these variables can be auto-generated by [[makepkg]]'s {{ic|-g}}/{{ic|--geninteg}} option, then commonly appended with {{ic|makepkg -g >> PKGBUILD}}. The {{ic|updpkgsums}} command from {{Pkg|pacman-contrib}} is able to update the variables wherever they are in the {{ic|PKGBUILD}}. Both tools will use the variable that is already set in the {{ic|PKGBUILD}}, or fall back to {{ic|md5sums}} if none is set.<br />
<br />
The file integrity checks to use can be set up with the {{ic|INTEGRITY_CHECK}} option in {{ic|/etc/makepkg.conf}}. See {{man|5|makepkg.conf}}.<br />
<br />
{{Note|Additional architecture-specific arrays can be added by appending an underscore and the architecture name, e.g. {{ic|1=sha256sums_x86_64=()}}.}}<br />
<br />
=== md5sums ===<br />
<br />
An array of 128-bit [[Wikipedia:MD5|MD5]] checksums of the files listed in the {{ic|source}} array.<br />
<br />
=== sha1sums ===<br />
<br />
An array of 160-bit [[Wikipedia:SHA-1|SHA-1]] checksums of the files listed in the {{ic|source}} array.<br />
<br />
=== sha256sums ===<br />
<br />
An array of [[Wikipedia:SHA-2|SHA-2]] checksums with digest size of 256 bits.<br />
<br />
=== sha224sums, sha384sums, sha512sums ===<br />
<br />
An array of SHA-2 checksums with digest sizes 224, 384, and 512 bits, respectively. These are less common alternatives to {{ic|sha256sums}}.<br />
<br />
=== b2sums ===<br />
<br />
An array of [[Wikipedia:BLAKE_(hash_function)#BLAKE2|BLAKE2]] checksums with digest size of 512 bits.<br />
<br />
== See also ==<br />
<br />
* {{man|5|PKGBUILD}} manual page<br />
* [https://projects.archlinux.org/pacman.git/plain/proto/PKGBUILD.proto Example PKGBUILD file]</div>
Anthraxx
https://wiki.archlinux.org/index.php?title=PostgreSQL&diff=554734
PostgreSQL
2018-11-11T19:44:10Z
<p>Anthraxx: /* Upgrading PostgreSQL */ avoid recommending to lower restrictions on postgres data dir from 700 to 755 (world readable)</p>
<hr />
<div>[[Category:Relational DBMSs]]<br />
[[it:PostgreSQL]]<br />
[[ja:PostgreSQL]]<br />
[[ru:PostgreSQL]]<br />
[[zh-hans:PostgreSQL]]<br />
{{Related articles start}}<br />
{{Related|PhpPgAdmin}}<br />
{{Related articles end}}<br />
[https://www.postgresql.org/ PostgreSQL] is an open source, community driven, standard compliant object-relational database system.<br />
<br />
== Installation ==<br />
<br />
{{Style|Don't duplicate [[sudo]] and [[su]].}}<br />
<br />
[[Install]] the {{Pkg|postgresql}} package. It will also create a system user called ''postgres''.<br />
<br />
{{Warning|See [[#Upgrading PostgreSQL]] for necessary steps before installing new versions of the PostgreSQL packages.}}<br />
<br />
{{Note|Commands that should be run as the ''postgres'' user are prefixed by {{ic|[postgres]$}} in this article.}}<br />
<br />
You can switch to the PostgreSQL user by executing the following command:<br />
<br />
* If you have [[sudo]] and are in [[sudoers]]:<br />
<br />
:{{bc|$ sudo -u postgres -i}}<br />
<br />
* Otherwise using [[su]]:<br />
<br />
:{{bc|<nowiki><br />
$ su<br />
# su -l postgres<br />
</nowiki>}}<br />
<br />
See {{man|8|sudo}} or {{man|1|su}} for their usage.<br />
<br />
== Initial configuration ==<br />
<br />
Before PostgreSQL can function correctly, the database cluster must be initialized:<br />
<br />
[postgres]$ initdb -D '/var/lib/postgres/data'<br />
<br />
Where {{ic|-D}} is the default location where the database cluster must be stored (see [[#Change default data directory]] if you want to use a different one).<br />
<br />
Note that by default, the locale and the encoding for the database cluster are derived from your current environment (using [[Locale#LANG: default locale|$LANG]] value). [https://www.postgresql.org/docs/current/static/locale.html]<br />
However, depending on your settings and use cases this might not be what you want, and you can override the defaults using:<br />
* {{ic|--locale ''locale''}}, where ''locale'' is to be chosen amongst the ones defined in the file {{ic|/etc/locale.conf}} (plus {{ic|POSIX}} and {{ic|C}} that are also accepted);<br />
* {{ic|-E ''enconding''}} for the encoding (which must match the chosen locale);<br />
<br />
Example: {{bc|[postgres]$ initdb --locale en_US.UTF-8 -E UTF8 -D '/var/lib/postgres/data'}}<br />
<br />
Many lines should now appear on the screen with several ending by {{ic|... ok}}:<br />
{{bc|<br />
The files belonging to this database system will be owned by user "postgres".<br />
This user must also own the server process.<br />
<br />
The database cluster will be initialized with locale "en_US.UTF-8".<br />
The default database encoding has accordingly been set to "UTF8".<br />
The default text search configuration will be set to "english".<br />
<br />
Data page checksums are disabled.<br />
<br />
fixing permissions on existing directory /var/lib/postgres/data ... ok<br />
creating subdirectories ... ok<br />
selecting default max_connections ... 100<br />
selecting default shared_buffers ... 128MB<br />
selecting dynamic shared memory implementation ... posix<br />
creating configuration files ... ok<br />
running bootstrap script ... ok<br />
performing post-bootstrap initialization ... ok<br />
syncing data to disk ... ok<br />
<br />
WARNING: enabling "trust" authentication for local connections<br />
You can change this by editing pg_hba.conf or using the option -A, or<br />
--auth-local and --auth-host, the next time you run initdb.<br />
<br />
Success. You can now start the database server using:<br />
<br />
pg_ctl -D /var/lib/postgres/ -l logfile start<br />
}}<br />
<br />
If these are the kind of lines you see, then the process succeeded. Return to the regular user using {{ic|exit}}.<br />
<br />
{{Note|To read more about this {{ic|WARNING}}, see [[#Restricts access rights to the database superuser by default|local users configuration]].}}<br />
<br />
{{Tip|If you change the root to something other than {{ic|/var/lib/postgres}}, you will have to [[edit]] the service file. If the root is under {{ic|home}}, make sure to set {{ic|ProtectHome}} to false.}}<br />
<br />
{{Warning|<br />
* If the database resides on a [[Btrfs]] file system, you should consider disabling [[Btrfs#Copy-on-Write (CoW)|Copy-on-Write]] for the directory before creating any database.<br />
* If the database resides on a [[ZFS]] file system, you should consult [[ZFS#Database]] before creating any database.<br />
}}<br />
<br />
Finally, [[start]] and [[enable]] the {{ic|postgresql.service}}.<br />
<br />
== Create your first database/user ==<br />
<br />
{{Tip|If you create a PostgreSQL user with the same name as your Linux username, it allows you to access the PostgreSQL database shell without having to specify a user to login (which makes it quite convenient).}}<br />
<br />
Become the postgres user. Add a new database user using the [https://www.postgresql.org/docs/current/static/app-createuser.html createuser] command:<br />
<br />
[postgres]$ createuser --interactive<br />
<br />
Create a new database over which the above user has read/write privileges using the [https://www.postgresql.org/docs/current/static/app-createdb.html createdb] command (execute this command from your login shell if the database user has the same name as your Linux user, otherwise add {{ic|-O ''database-username''}} to the following command):<br />
<br />
$ createdb myDatabaseName<br />
<br />
{{Tip|If you did not grant your new user database creation privileges, add {{ic|-U postgres}} to the previous command.}}<br />
<br />
== Familiarize with PostgreSQL ==<br />
<br />
=== Access the database shell ===<br />
<br />
Become the postgres user. Start the primary database shell, [https://www.postgresql.org/docs/current/static/app-psql.html psql], where you can do all your creation of databases/tables, deletion, set permissions, and run raw SQL commands. Use the {{ic|-d}} option to connect to the database you created (without specifying a database, {{ic|psql}} will try to access a database that matches your username).<br />
<br />
[postgres]$ psql -d myDatabaseName<br />
<br />
Some helpful commands:<br />
<br />
Get help:<br />
<br />
=> \help<br />
<br />
Connect to a particular database:<br />
<br />
=> \c <database><br />
<br />
List all users and their permission levels:<br />
<br />
=> \du<br />
<br />
Show summary information about all tables in the current database:<br />
<br />
=> \dt<br />
<br />
Exit/quit the {{ic|psql}} shell:<br />
<br />
=> \q or CTRL+d<br />
<br />
There are of course many more meta-commands, but these should help you get started. To see all meta-commands run: <br />
<br />
=> \?<br />
<br />
== Optional configuration ==<br />
<br />
The PostgreSQL database server configuration file is {{ic|postgresql.conf}}. This file is located in the data directory of the server, typically {{ic|/var/lib/postgres/data}}. This folder also houses the other main configuration files, including the {{ic|pg_hba.conf}} which defines authentication settings, for both [[#Restricts access rights to the database superuser by default|local users]] and [[#Configure PostgreSQL to be accessible from remote hosts|other hosts ones]].<br />
<br />
{{Note|By default, this folder will not be browsable or searchable by a regular user. This is why {{ic|find}} and {{ic|locate}} are not finding the configuration files.}}<br />
<br />
=== Restricts access rights to the database superuser by default ===<br />
<br />
The defaults {{ic|pg_hba.conf}} '''allow any local user to connect as any database user''', including the database superuser.<br />
This is likely not what you want, so in order to restrict global access to the ''postgress'' user, change the following line:<br />
<br />
{{hc|/var/lib/postgres/data/pg_hba.conf|2=<br />
# TYPE DATABASE USER ADDRESS METHOD<br />
<br />
# "local" is for Unix domain socket connections only<br />
local all all trust<br />
}}<br />
<br />
To:<br />
{{hc|/var/lib/postgres/data/pg_hba.conf|2=<br />
# TYPE DATABASE USER ADDRESS METHOD<br />
<br />
# "local" is for Unix domain socket connections only<br />
local all postgres peer<br />
}}<br />
<br />
You might later add additional lines depending on your needs or software ones.<br />
<br />
=== Configure PostgreSQL to be accessible exclusively through UNIX Sockets ===<br />
<br />
In the connections and authentications section of your configuration, set:<br />
<br />
{{hc|/var/lib/postgres/data/postgresql.conf|2=<br />
listen_addresses = <nowiki>''</nowiki><br />
}}<br />
<br />
This will disable network listening completely.<br />
After this you should [[restart]] {{ic|postgresql.service}} for the changes to take effect.<br />
<br />
=== Configure PostgreSQL to be accessible from remote hosts ===<br />
<br />
In the connections and authentications section, set the {{ic|listen_addresses}} line to your needs:<br />
<br />
{{hc|/var/lib/postgres/data/postgresql.conf|2=<br />
listen_addresses = 'localhost,''my_local_ip_address'''<br />
}}<br />
<br />
You can use {{ic|'*'}} to listen on all available addresses.<br />
<br />
{{Note|PostgreSQL uses TCP port {{ic|5432}} by default for remote connections. Make sure this port is open in your [[firewall]] and able to receive incoming connections. You can also change it in the configuration file, right below {{ic|listen_addresses}}}}<br />
<br />
Then add a line like the following to the authentication config:<br />
<br />
{{hc|/var/lib/postgres/data/pg_hba.conf|2=<br />
# TYPE DATABASE USER ADDRESS METHOD<br />
# IPv4 local connections:<br />
host all all ''ip_address''/32 md5<br />
}}<br />
<br />
where {{ic|''ip_address''}} is the IP address of the remote client.<br />
<br />
See the documentation for [https://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html pg_hba.conf].<br />
<br />
{{Note|Neither sending your plain password nor the md5 hash (used in the example above) over the Internet is secure if it is not done over an SSL-secured connection. See [https://www.postgresql.org/docs/current/static/ssl-tcp.html Secure TCP/IP Connections with SSL] for how to configure PostgreSQL with SSL.}}<br />
<br />
After this you should [[restart]] {{ic|postgresql.service}} for the changes to take effect.<br />
<br />
For troubleshooting take a look in the server log file:<br />
<br />
$ journalctl -u postgresql.service<br />
<br />
=== Configure PostgreSQL authenticate against PAM ===<br />
<br />
PostgreSQL offers a number of authentication methods. If you would like to allow users to authenticate with their system password, additional steps are necessary. First you need to enable [[PAM]] for the connection.<br />
<br />
For example, the same configuration as above, but with PAM enabled:<br />
{{hc|/var/lib/postgres/data/pg_hba.conf|2=<br />
# IPv4 local connections:<br />
host all all ''my_remote_client_ip_address''/32 pam<br />
}}<br />
<br />
The PostgreSQL server is however running without root privileges and will not be able to access {{ic|/etc/shadow}}. We can work around that by allowing the postgres group to access this file:<br />
<br />
# setfacl -m g:postgres:r /etc/shadow<br />
<br />
=== Change default data directory ===<br />
<br />
The default directory where all your newly created databases will be stored is {{ic|/var/lib/postgres/data}}. To change this, follow these steps:<br />
<br />
Create the new directory and make the postgres user its owner:<br />
<br />
# mkdir -p /pathto/pgroot/data<br />
# chown -R postgres:postgres /pathto/pgroot<br />
<br />
Become the postgres user, and initialize the new cluster:<br />
<br />
[postgres]$ initdb -D /pathto/pgroot/data<br />
<br />
[[Edit]] {{ic|postgresql.service}} to create a drop-in file and override the {{ic|Environment}} and {{ic|PIDFile}} settings. For example:<br />
<br />
[Service]<br />
Environment=PGROOT=''/pathto/pgroot''<br />
PIDFile=''/pathto/pgroot/''data/postmaster.pid<br />
<br />
If you want to use {{ic|/home}} directory for default directory or for tablespaces, add one more line in this file:<br />
<br />
ProtectHome=false<br />
<br />
=== Change default encoding of new databases to UTF-8 ===<br />
<br />
{{Note|If you ran {{ic|initdb}} with {{ic|-E UTF8}} or while using an UTF-8 locale, these steps are not required.}}<br />
<br />
When creating a new database (e.g. with {{ic|createdb blog}}) PostgreSQL actually copies a template database. There are two predefined templates: {{ic|template0}} is vanilla, while {{ic|template1}} is meant as an on-site template changeable by the administrator and is used by default. In order to change the encoding of a new database, one of the options is to change on-site {{ic|template1}}. To do this, log into PostgreSQL shell ({{ic|psql}}) and execute the following:<br />
<br />
First, we need to drop {{ic|template1}}. Templates cannot be dropped, so we first modify it so it is an ordinary database:<br />
<br />
UPDATE pg_database SET datistemplate = FALSE WHERE datname = 'template1';<br />
<br />
Now we can drop it:<br />
<br />
DROP DATABASE template1;<br />
<br />
The next step is to create a new database from {{ic|template0}}, with a new default encoding:<br />
<br />
CREATE DATABASE template1 WITH TEMPLATE = template0 ENCODING = 'UNICODE';<br />
<br />
Now modify {{ic|template1}} so it is actually a template:<br />
<br />
UPDATE pg_database SET datistemplate = TRUE WHERE datname = 'template1';<br />
<br />
Optionally, if you do not want anyone connecting to this template, set {{ic|datallowconn}} to {{ic|FALSE}}:<br />
<br />
UPDATE pg_database SET datallowconn = FALSE WHERE datname = 'template1';<br />
<br />
{{Note|This last step can create problems when upgrading via {{ic|pg_upgrade}}.}}<br />
<br />
Now you can create a new database:<br />
<br />
[postgres]$ createdb blog<br />
<br />
If you log back in to {{ic|psql}} and check the databases, you should see the proper encoding of your new database:<br />
<br />
{{hc|\l|<nowiki><br />
List of databases<br />
Name | Owner | Encoding | Collation | Ctype | Access privileges<br />
-----------+----------+-----------+-----------+-------+----------------------<br />
blog | postgres | UTF8 | C | C |<br />
postgres | postgres | SQL_ASCII | C | C |<br />
template0 | postgres | SQL_ASCII | C | C | =c/postgres<br />
: postgres=CTc/postgres<br />
template1 | postgres | UTF8 | C | C |<br />
</nowiki>}}<br />
<br />
== Administration tools ==<br />
<br />
* {{App|[[Adminer]]|Web-based database management tool for multiple database systems.|https://www.adminer.org|{{AUR|adminer}}}}<br />
* {{App|[[phpPgAdmin]]|Web-based administration tool for PostgreSQL.|http://phppgadmin.sourceforge.net|{{Pkg|phppgadmin}}}}<br />
* {{App|pgAdmin|GUI-based administration tool for PostgreSQL.|https://www.pgadmin.org/|{{Pkg|pgadmin4}}}}<br />
* {{App|pgModeler|Graphical schema designer for PostgreSQL.|https://pgmodeler.io/|{{AUR|pgmodeler}}}}<br />
<br />
== Upgrading PostgreSQL ==<br />
<br />
{{Style|Don't show basic systemctl commands, etc.}}<br />
<br />
Upgrading major PostgreSQL versions requires some extra maintenance.<br />
<br />
{{Note|<br />
* Official PostgreSQL [https://www.postgresql.org/docs/current/static/upgrading.html upgrade documentation] should be followed.<br />
* From version {{ic|10.0}} onwards PostgreSQL [https://www.postgresql.org/about/news/1786/ changed its versioning scheme]. Earlier upgrade from version {{ic|9.''x''}} to {{ic|9.''y''}} was considered as major upgrade. Now upgrade from version {{ic|10.''x''}} to {{ic|10.''y''}} is considered as minor upgrade and upgrade from version {{ic|10.''x''}} to {{ic|11.''y''}} is considered as major upgrade.<br />
}}<br />
<br />
{{Warning|The following instructions could cause data loss. Do not run the commands below blindly, without understanding what they do. [https://www.postgresql.org/docs/current/static/backup.html Backup database] first.}}<br />
<br />
It is recommended to add the following to your {{ic|/etc/pacman.conf}} file:<br />
<br />
IgnorePkg = postgresql*<br />
<br />
This will ensure you do not accidentally upgrade the database to an incompatible version. When an upgrade is available, pacman will notify you that it is skipping the upgrade because of the entry in {{ic|pacman.conf}}. Minor version upgrades are safe to perform. However, if you do an accidental upgrade to a different major version, you might not be able to access any of your data. Always check the [https://www.postgresql.org/ PostgreSQL home page] to be sure of what steps are required for each upgrade. For a bit about why this is the case, see the [https://www.postgresql.org/support/versioning versioning policy].<br />
<br />
There are two main ways to upgrade your PostgreSQL database. Read the official documentation for details.<br />
<br />
For those wishing to use {{ic|pg_upgrade}}, a {{Pkg|postgresql-old-upgrade}} package is available that will always run one major version behind the real PostgreSQL package. This can be installed side-by-side with the new version of PostgreSQL. <br />
<br />
Note that the databases cluster directory does not change from version to version, so before running {{ic|pg_upgrade}}, it is necessary to rename your existing data directory and migrate into a new directory. The new databases cluster must be initialized, as described in the [[#Installation]] section.<br />
<br />
When you are ready, stop the postgresql service, upgrade the following packages: {{Pkg|postgresql}}, {{Pkg|postgresql-libs}}, and {{Pkg|postgresql-old-upgrade}}. Finally upgrade the databases cluster.<br />
<br />
Stop and make sure PostgreSQL is stopped:<br />
<br />
# systemctl stop postgresql.service<br />
# systemctl status postgresql.service<br />
<br />
Upgrade the packages:<br />
<br />
# pacman -S postgresql postgresql-libs postgresql-old-upgrade<br />
<br />
Rename the databases cluster directory, and create an empty one:<br />
<br />
# mv /var/lib/postgres/data /var/lib/postgres/olddata<br />
# install -dm 700 /var/lib/postgres/data /var/lib/postgres/tmp<br />
# chown postgres:postgres /var/lib/postgres/data /var/lib/postgres/tmp<br />
[postgres]$ initdb -D '/var/lib/postgres/data'<br />
<br />
Upgrade the cluster:<br />
<br />
[postgres]$ cd /var/lib/postgres/tmp<br />
[postgres]$ pg_upgrade -b /opt/pgsql-9.6/bin -B /usr/bin -d /var/lib/postgres/olddata -D /var/lib/postgres/data<br />
<br />
{{ic|pg_upgrade}} will perform the upgrade and create some scripts in {{ic|/var/lib/postgres/tmp/}}. Follow the instructions given on screen and act accordingly. You may delete the {{ic|/var/lib/postgres/tmp}} directory once the upgrade is completely over.<br />
<br />
Start the cluster:<br />
<br />
# systemctl start postgresql.service<br />
<br />
=== Manual dump and reload ===<br />
<br />
You could also do something like this (after the upgrade and install of {{Pkg|postgresql-old-upgrade}}).<br />
<br />
{{Note|<br />
* Below are the commands for PostgreSQL 9.6. You can find similar commands in {{ic|/opt/}} for PostgreSQL 9.2.<br />
* If you had customized your {{ic|pg_hba.conf}} file, you may have to temporarily modify it to allow full access to old database cluster from local system. After upgrade is complete set your customization to new database cluster as well and [[restart]] {{ic|postgresql.service}}.<br />
}}<br />
<br />
# systemctl stop postgresql.service<br />
# mv /var/lib/postgres/data /var/lib/postgres/olddata<br />
# mkdir /var/lib/postgres/data<br />
# chown postgres:postgres /var/lib/postgres/data<br />
[postgres]$ initdb -D '/var/lib/postgres/data'<br />
[postgres]$ /opt/pgsql-9.6/bin/pg_ctl -D /var/lib/postgres/olddata/ start<br />
[postgres]$ pg_dumpall -f /tmp/old_backup.sql<br />
[postgres]$ /opt/pgsql-9.6/bin/pg_ctl -D /var/lib/postgres/olddata/ stop<br />
# systemctl start postgresql.service<br />
[postgres]$ psql -f /tmp/old_backup.sql postgres<br />
<br />
== Troubleshooting ==<br />
<br />
=== Improve performance of small transactions ===<br />
<br />
If you are using PostgresSQL on a local machine for development and it seems slow, you could try turning [https://www.postgresql.org/docs/current/static/runtime-config-wal.html#GUC-SYNCHRONOUS-COMMIT synchronous_commit off] in the configuration. Beware of the [https://www.postgresql.org/docs/current/static/runtime-config-wal.html#GUC-SYNCHRONOUS-COMMIT caveats], however.<br />
<br />
{{hc|/var/lib/postgres/data/postgresql.conf|2=<br />
synchronous_commit = off<br />
}}<br />
<br />
=== Prevent disk writes when idle ===<br />
<br />
PostgreSQL periodically updates its internal "statistics" file. By default, this file is stored on disk, which prevents disks from spinning down on laptops and causes hard drive seek noise. It is simple and safe to relocate this file to a memory-only file system with the following configuration option:<br />
<br />
{{hc|/var/lib/postgres/data/postgresql.conf|2=<br />
stats_temp_directory = '/run/postgresql'<br />
}}</div>
Anthraxx
https://wiki.archlinux.org/index.php?title=PC_speaker&diff=516491
PC speaker
2018-04-08T18:07:54Z
<p>Anthraxx: clarify beep privilege escalation vulnerability</p>
<hr />
<div>[[Category:Sound]]<br />
[[ja:PC スピーカー]]<br />
[[ru:PC speaker]]<br />
{{Related articles start}}<br />
{{Related|Kernel modules}}<br />
{{Related|Advanced Linux Sound Architecture}}<br />
{{Related articles end}}<br />
<br />
The computer often seems to make beep noises or other sounds at various times, whether we want them or not. They come from various sources, and as such, you may be able to configure if or when they occur. For situations where no sound card or speakers are available and a simple audio notification is desired, see [[#Beep]]. <br />
<br />
Sounds from the computer can be heard from the built-in case speaker, the speakers, or headphones which are plugged into the soundcard (in which case the noise may be unexpectedly loud). <br />
<br />
{{Note|The sounds are caused by the BIOS (Basic Input/Output System), the OS (Operating System), the DE (Desktop Environment), or various software programs. The BIOS is a particularly troublesome problem because it is kept inside an EPROM chip on the motherboard, and the only direct control the user has is by turning the power on or off. Unless the BIOS setup has a setting you can adjust or you wish to attempt to reprogram that chip with the proper light source, it is not likely you will be able to change it at all. BIOS-generated beep sounds are not addressed here, except to say that unplugging your computer case speaker will stop all such sounds from being heard. (Do so at your own risk.)}}<br />
<br />
== Disable PC Speaker ==<br />
<br />
Turning off a particular instance of a sound, while leaving the others operational, is possible if and only if one can identify which portion of the environment generates the particular sound. This allows customizing the selection of sounds. Please feel free to add any configurations and settings to this wiki page that may be useful for other users.<br />
<br />
=== Globally ===<br />
<br />
The PC speaker can be disabled by [[Kernel modules#Manual_module_handling|unloading]] the {{ic|pcspkr}} [[kernel module]]:<br />
# rmmod pcspkr<br />
<br />
[[Blacklisting]] the {{ic|pcspkr}} module will prevent [[udev]] from loading it at boot:<br />
<br />
# echo "blacklist pcspkr" > /etc/modprobe.d/nobeep.conf<br />
<br />
[[Kernel_modules#Using_kernel_command_line_2|Blacklisting it on the kernel command line]] is yet another way. Simply add {{ic|1=modprobe.blacklist=pcspkr}} to your bootloader's kernel line.<br />
<br />
=== Console ===<br />
<br />
You can add this command in {{ic|/etc/profile}} or a dedicated file like {{ic|/etc/profile.d/disable-beep.sh}}:<br />
setterm -blength 0<br />
<br />
Another way is to uncomment or add this line in {{ic|/etc/inputrc}} or {{ic|~/.inputrc}}:<br />
set bell-style none<br />
<br />
==== Less pager ====<br />
<br />
To disable PC speaker in {{Pkg|less}} pager, you can launch it with {{ic|less -q}} to mute PC speaker for end of line events or {{ic|less -Q}} to mute it altogether. For [[man page]]s, launch {{ic|man -P "less -Q"}} or set the {{ic|$MANPAGER}} or {{ic|$PAGER}} [[environment variable]]s.<br />
<br />
Alternatively, you can add these lines to your {{ic|~/[[.bashrc]]}}:<br />
<br />
alias less='less -Q'<br />
alias man 'man -P "less -Q"'<br />
<br />
=== Xorg ===<br />
<br />
$ xset -b<br />
<br />
You can add this command to a startup file such as {{ic|/etc/xprofile}} to make it permanent. See [[xprofile]] for more information.<br />
<br />
=== ALSA ===<br />
<br />
For most sound cards the PC speaker is listed as an [[ALSA]] channel, named either ''PC Speaker'', ''PC Beep'', or ''Beep''. To mute the speaker, either use ''alsamixer'' or ''amixer'':<br />
$ amixer set ''channel'' 0% mute<br />
<br />
To unmute the channel, see [[Advanced Linux Sound Architecture#Unmuting the channels]].<br />
<br />
{{Tip|If you are using PulseAudio and the PC speaker channel is not listed for the default ALSA device, try selecting the device corresponding to the sound card - PulseAudio proxy controls may not list the PC speaker}}<br />
<br />
=== GNOME ===<br />
<br />
Using GSettings:<br />
<br />
$ gsettings set org.gnome.desktop.wm.preferences audible-bell false<br />
<br />
=== Cinnamon ===<br />
<br />
Cinnamon seems to play a "water drop" sound. To disable it, set in dconf:<br />
<br />
$ dconf write /org/cinnamon/desktop/wm/preferences/audible-bell false<br />
<br />
=== GTK+ ===<br />
<br />
Append this line to {{ic|~/.gtkrc-2.0}}:<br />
<br />
gtk-error-bell = 0<br />
<br />
Add the same line to the [Settings] section of {{ic|$XDG_CONFIG_HOME/gtk-3.0/settings.ini}}:<br />
<br />
[Settings]<br />
gtk-error-bell = 0<br />
<br />
This is documented in the [https://developer.gnome.org/gtk3/stable/GtkSettings.html Gnome Developer Handbook].<br />
<br />
== Beep ==<br />
Beep is an advanced PC speaker beeping program. It is useful for situations where no sound card and/or speakers are available, and simple audio notification is desired.<br />
<br />
=== Installation ===<br />
<br />
[[Install]] the {{Pkg|beep}} package.<br />
<br />
You may also need to [[#ALSA|unmute]] the PC speaker in [[ALSA]].<br />
<br />
=== Access for non-root users ===<br />
<br />
{{Warning|All the following notes are vulnerable to root privilege escalation, as described in [[https://www.debian.org/security/2018/dsa-4163]], which has not been fixed upstream as of 2018-04-03. It is strongly not recommended to allow beep to run without root authentication}}<br />
<br />
By default {{ic|beep}} will fail if not run by the root. Other users may call it using [[sudo]]. To let group {{ic|users}} call {{ic|sudo beep}} without a password (for example to use it in scripts), {{ic|/etc/sudoers}} [[Sudo#Using_visudo|should be edited]]:<br />
<br />
%users ALL=(ALL) NOPASSWD: /usr/bin/beep<br />
<br />
or, to let only a single user do that:<br />
<br />
username ALL=(ALL) NOPASSWD: /usr/bin/beep<br />
<br />
Another way is setting the sticky bit on {{ic|/usr/bin/beep}}:<br />
<br />
# chmod 4755 /usr/bin/beep<br />
<br />
Note however that this way '''anyone''' can execute {{ic|/usr/bin/beep}} with root permissions. The change also creates a difference between local copy and the package, which will be reported by {{ic|pacman -Qkk}}.<br />
<br />
=== Tips and Tricks ===<br />
<br />
While many people are happy with the traditional beep sound, some may like to change its properties a bit. The following example plays slighly higher and shorter sound and repeats it two times.<br />
<br />
# beep -f 5000 -l 50 -r 2<br />
<br />
== See also ==<br />
<br />
* {{man|1|xset}}, {{man|1|setterm}}, {{man|3|readline}}</div>
Anthraxx
https://wiki.archlinux.org/index.php?title=User:Anthraxx&diff=514246
User:Anthraxx
2018-03-20T13:37:00Z
<p>Anthraxx: /* Involvement */</p>
<hr />
<div>===Involvement===<br />
* [[Arch_Security_Team|Arch Security Team]]<br />
* [https://wiki.archlinux.org/index.php/Special:Contributions/Anthraxx Wiki contribution]<br />
* [https://aur.archlinux.org/packages/?SeB=m&K=anthraxx AUR packages]<br />
* [https://bugs.archlinux.org/index.php?string=&project=0&search_name=&type%5B%5D=&sev%5B%5D=&pri%5B%5D=&due%5B%5D=&reported%5B%5D=&cat%5B%5D=&status%5B%5D=&percent%5B%5D=&opened=anthraxx&dev=&closed=&duedatefrom=&duedateto=&changedfrom=&changedto=&openedfrom=&openedto=&closedfrom=&closedto=&do=index Bugtracker]<br />
<br />
===Contact===<br />
* '''E-Mail:''' anthraxx@archlinux.org<br />
* '''Jabber:''' anthraxx@jabber.ccc.de<br />
* '''Twitter:''' [https://twitter.com/anthraxx42 @anthraxx42]<br />
* '''IRC:''' irc://irc.eu.hackint.org:anthraxx<br />
* '''IRC:''' irc://irc.freenode.net:anthraxx<br />
<br />
===PGP Key===<br />
* '''Key ID:''' [http://leventepolyak.net/anthraxx.asc 0x8D8172C8]<br />
* '''Fingerprint:''' [http://leventepolyak.net/anthraxx.asc E240 B57E 2C46 30BA 768E 2F26 FC1B 547C 8D81 72C8]</div>
Anthraxx
https://wiki.archlinux.org/index.php?title=DeveloperWiki:UID_/_GID_Database&diff=482383
DeveloperWiki:UID / GID Database
2017-07-19T15:29:36Z
<p>Anthraxx: register UID/GID for kibana</p>
<hr />
<div>[[Category:DeveloperWiki]]<br />
This is intended to be a starting point for creating standard uid and gid numbers.<br />
<br />
I really think this should be moved directly into arch at some point and just have a a keyword in PKGBUILD like<br />
<br />
require_user('user1' 'user2')<br />
require_group('group1')<br />
<br />
and if they didn't exist they would be created according to this database by makepkg when building or by pacman when installing.<br />
<br />
Actually, for this to work, we will need to add the primary and secondary groups to the database as well.<br />
<br />
==Users==<br />
<br />
{| border="1" cellpadding="4" cellspacing="0"<br />
! Owning Package !! User Name !! UID<br />
|-<br />
| {{pkg|filesystem}} || root || 0<br />
|-<br />
| {{pkg|filesystem}} || bin || 1<br />
|-<br />
| {{pkg|filesystem}} || daemon || 2<br />
|-<br />
| {{pkg|filesystem}} || mail || 8<br />
|-<br />
| || news || 9<br />
|-<br />
| || uucp || 10<br />
|-<br />
| || ftp || 14<br />
|-<br />
| || proxy || 15<br />
|-<br />
| || stunnel || 16<br />
|-<br />
| || jabber || 17<br />
|-<br />
| || osiris || 18<br />
|-<br />
| || slocate || 21<br />
|-<br />
| || cron || 22<br />
|-<br />
| || fcron || 23<br />
|-<br />
| || snort || 29<br />
|-<br />
| || nagios (coming soon) || 30<br />
|-<br />
| || nrpe || 31<br />
|-<br />
| {{pkg|rpcbind}} || rpc || 32<br />
|-<br />
| || http || 33<br />
|-<br />
| || named || 40<br />
|-<br />
| || privoxy || 42<br />
|-<br />
| {{pkg|tor}} || tor || 43<br />
|-<br />
| {{pkg|nbd}} || nbd|| 44<br />
|-<br />
| || mpd || 45<br />
|-<br />
| || mopidy || 46<br />
|-<br />
| || nut || 55<br />
|-<br />
| || tomcat8 || 57<br />
|-<br />
| || rbldns || 58<br />
|-<br />
| || rbldnszones || 59<br />
|-<br />
| || dnslog || 60<br />
|-<br />
| || dnscache || 61<br />
|-<br />
| || tinydns || 62<br />
|-<br />
| || axfrdns || 63<br />
|-<br />
| || clamav || 64<br />
|-<br />
| || bitlbee || 65<br />
|-<br />
| || tomcat6 || 66<br />
|-<br />
| || minbif || 67<br />
|-<br />
| {{pkg|filesystem}} || uuidd || 68<br />
|-<br />
| || fax || 69<br />
|-<br />
| || cyrus || 70<br />
|-<br />
| || tomcat7 || 71<br />
|-<br />
| || courier || 72<br />
|-<br />
| || postfix || 73<br />
|-<br />
| {{pkg|dovecot}} || dovenull || 74<br />
|-<br />
| {{pkg|dovecot}} || dovecot || 76<br />
|-<br />
| || asterisk || 77<br />
|-<br />
| || exim || 79<br />
|-<br />
| || vpopmail || 80<br />
|-<br />
| {{pkg|filesystem}} || dbus || 81<br />
|-<br />
| || nsvsd || 83<br />
|-<br />
| || avahi || 84<br />
|-<br />
| || nx || 85<br />
|-<br />
| || beaglidx || 86<br />
|-<br />
| {{pkg|ntp}} || ntp || 87<br />
|-<br />
| || postgres || 88<br />
|-<br />
| || mysql || 89<br />
|-<br />
| || fetchmail || 90<br />
|-<br />
| || smtpd || 91<br />
|-<br />
| || smtpq || 92<br />
|-<br />
| || smtpf || 93<br />
|-<br />
| {{pkg|filesystem}} || nobody || 99<br />
|-<br />
| {{pkg|polkit}} || polkitd || 102<br />
|-<br />
| || nm-openconnect || 104<br />
|-<br />
| || gitlab || 105<br />
|-<br />
| || cherokee || 106<br />
|-<br />
| || gitlab-runner || 107<br />
|-<br />
| || partimag || 110<br />
|-<br />
| {{pkg|x2goserver}} || x2gouser || 111<br />
|-<br />
| {{pkg|x2goserver}} || x2goprint || 112<br />
|-<br />
| || unifi || 113<br />
|-<br />
| || gdm || 120<br />
|-<br />
| || lxdm || 121<br />
|-<br />
| || murmurd || 122<br />
|-<br />
| || colord || 124<br />
|-<br />
| || deluge || 125<br />
|-<br />
| || backuppc || 126<br />
|-<br />
| || lldpd || 127<br />
|-<br />
| || pulse || 130<br />
|-<br />
| || rtkit || 133<br />
|-<br />
| || netdata || 134<br />
|-<br />
| || kdm || 135<br />
|-<br />
| || znc (deprecated, now dynamic) || 136<br />
|-<br />
| || usbmux || 140<br />
|-<br />
| || salt || 141<br />
|-<br />
| || nvidia-persistenced || 143<br />
|-<br />
| {{pkg|nss-pam-ldapd}}|| nslcd || 146<br />
|-<br />
| {{pkg|transmission-cli}} || transmission || 169<br />
|-<br />
| {{pkg|zabbix-server}} || zabbix-server || 170<br />
|-<br />
| {{pkg|zabbix-proxy}} || zabbix-proxy || 171<br />
|-<br />
| {{pkg|zabbix-agent}} || zabbix-agent || 172<br />
|-<br />
| || postfwd || 180<br />
|-<br />
| || smokeping || 181<br />
|-<br />
| || spamd || 182<br />
|-<br />
| {{pkg|chrony}} || chrony || 183<br />
|-<br />
| {{pkg|pdnsd}} || pdnsd || 184<br />
|-<br />
| {{pkg|polipo}} || polipo || 185<br />
|-<br />
| {{pkg|tinyproxy}} || tinyproxy || 186<br />
|-<br />
| {{pkg|filesystem}} || systemd-journal-gateway || 191<br />
|-<br />
| {{pkg|filesystem}} || systemd-timesync || 192<br />
|-<br />
| {{pkg|filesystem}} || systemd-network || 193<br />
|-<br />
| {{pkg|filesystem}} || systemd-bus-proxy || 194<br />
|-<br />
| {{pkg|filesystem}} || systemd-resolve || 195<br />
|-<br />
| {{pkg|gitolite}} || gitolite || 196<br />
|-<br />
| {{pkg|rabbitmq}} || rabbitmq || 197<br />
|-<br />
| {{pkg|matrix-synapse}} || synapse || 198<br />
|-<br />
| {{pkg|toxcore}} || tox-bootstrapd || 199<br />
|-<br />
| {{AUR|kubernetes}} || kubernetes || 205<br />
|-<br />
| {{pkg|kibana}} || kibana || 206<br />
|-<br />
| || ldap || 439<br />
|-<br />
| || oprofile || 492<br />
|-<br />
| || alias || 7790<br />
|-<br />
| || qmaild || 7791<br />
|-<br />
| || qmaill || 7792<br />
|-<br />
| || qmailp || 7793<br />
|-<br />
| || qmailq || 7794<br />
|-<br />
| || qmailr || 7795<br />
|-<br />
| || qmails || 7796<br />
|}<br />
<br />
==Groups==<br />
<br />
{| border="1" cellpadding="4" cellspacing="0"<br />
! Owning Package || Group Name !! GID<br />
|-<br />
| {{pkg|filesystem}} || root || 0<br />
|-<br />
| {{pkg|filesystem}} || bin || 1<br />
|-<br />
| {{pkg|filesystem}} || daemon || 2<br />
|-<br />
| {{pkg|filesystem}} || sys || 3<br />
|-<br />
| {{pkg|filesystem}} || adm || 4<br />
|-<br />
| {{pkg|filesystem}} || tty || 5<br />
|-<br />
| {{pkg|filesystem}} || disk || 6<br />
|-<br />
| {{pkg|filesystem}} || lp || 7<br />
|-<br />
| {{pkg|filesystem}} || mem || 8<br />
|-<br />
| {{pkg|filesystem}} || kmem || 9<br />
|-<br />
| {{pkg|filesystem}} || wheel || 10<br />
|-<br />
| {{pkg|filesystem}} || ftp || 11<br />
|-<br />
| {{pkg|filesystem}} || mail || 12<br />
|-<br />
| || news || 13<br />
|-<br />
| {{pkg|filesystem}} || uucp || 14<br />
|-<br />
| || proxy || 15<br />
|-<br />
| || stunnel || 16<br />
|-<br />
| || jabber || 17<br />
|-<br />
| || osiris || 18<br />
|-<br />
| {{pkg|filesystem}} || log || 19<br />
|-<br />
| {{pkg|filesystem}} || utmp || 20<br />
|-<br />
| {{pkg|filesystem}} || locate (ex slocate/mlocate/rlocate) || 21<br />
|-<br />
| || cron || 22<br />
|-<br />
| || fcron || 23<br />
|-<br />
| {{pkg|filesystem}} || rfkill || 24<br />
|-<br />
| {{pkg|filesystem}} || smmsp || 25<br />
|-<br />
| {{pkg|filesystem}} || proc || 26<br />
|-<br />
| || snort || 29<br />
|-<br />
| || nagios (coming soon) || 30<br />
|-<br />
| || nrpe || 31<br />
|-<br />
| {{pkg|rpcbind}} || rpc || 32<br />
|-<br />
| {{pkg|filesystem}} || http || 33<br />
|-<br />
| || named || 40<br />
|-<br />
| || privoxy || 42<br />
|-<br />
| {{pkg|tor}} || tor || 43<br />
|-<br />
| {{pkg|nbd}} || nbd|| 44<br />
|-<br />
| || mpd || 45<br />
|-<br />
| || mopidy || 46<br />
|-<br />
| {{pkg|filesystem}} || games || 50<br />
|-<br />
| {{pkg|filesystem}} || lock || 54<br />
|-<br />
| || nut || 55<br />
|-<br />
| || bumblebee || 56<br />
|-<br />
| || tomcat8 || 57<br />
|-<br />
| || rbldns || 58<br />
|-<br />
| || rbldnszones || 59<br />
|-<br />
| || clamav || 64<br />
|-<br />
| || bitlbee || 65<br />
|-<br />
| || tomcat6 || 66<br />
|-<br />
| || minbif || 67<br />
|-<br />
| {{pkg|filesystem}} || uuidd || 68<br />
|-<br />
| || cyrus || 70<br />
|-<br />
| || tomcat7 || 71<br />
|-<br />
| || courier || 72<br />
|-<br />
| {{pkg|dovecot}} || dovenull || 74<br />
|-<br />
| || postdrop || 75<br />
|-<br />
| {{pkg|dovecot}} || dovecot || 76<br />
|-<br />
| || asterisk || 77<br />
|-<br />
| || kvm || 78<br />
|-<br />
| || exim || 79<br />
|-<br />
| || vchkpw || 80<br />
|-<br />
| {{pkg|filesystem}} || dbus || 81<br />
|-<br />
| || nsvsd || 83<br />
|-<br />
| || avahi || 84<br />
|-<br />
| || nx || 85<br />
|-<br />
| || beaglidx || 86<br />
|-<br />
| {{pkg|ntp}} || ntp || 87<br />
|-<br />
| || postgres || 88<br />
|-<br />
| || mysql || 89<br />
|-<br />
| {{pkg|filesystem}} || network || 90<br />
|-<br />
| {{pkg|filesystem}} || video || 91<br />
|-<br />
| {{pkg|filesystem}} || audio || 92<br />
|-<br />
| {{pkg|filesystem}} || optical || 93<br />
|-<br />
| {{pkg|filesystem}} || floppy || 94<br />
|-<br />
| {{pkg|filesystem}} || storage || 95<br />
|-<br />
| {{pkg|filesystem}} || scanner || 96<br />
|-<br />
| {{pkg|filesystem}} || input || 97<br />
|-<br />
| {{pkg|filesystem}} || power || 98<br />
|-<br />
| {{pkg|filesystem}} || nobody || 99<br />
|-<br />
| {{pkg|filesystem}} || users || 100<br />
|-<br />
| {{pkg|polkit}} || polkitd || 102<br />
|-<br />
| || nm-openconnect || 104<br />
|-<br />
| || gitlab || 105<br />
|-<br />
| || cherokee || 106<br />
|-<br />
| || gitlab-runner || 107<br />
|-<br />
| || vboxusers || 108<br />
|-<br />
| || vboxsf || 109<br />
|-<br />
| || partimag || 110<br />
|-<br />
| {{pkg|x2goserver}} || x2gouser || 111<br />
|-<br />
| {{pkg|x2goserver}} || x2goprint || 112<br />
|-<br />
| || unifi || 113<br />
|-<br />
| || gdm || 120<br />
|-<br />
| || lxdm || 121<br />
|-<br />
| || murmurd || 122<br />
|-<br />
| {{pkg|colord}} || colord || 124<br />
|-<br />
| || deluge || 125<br />
|-<br />
| || backuppc || 126<br />
|-<br />
| || lldpd || 127<br />
|-<br />
| || vlock || 129<br />
|-<br />
| || pulse || 130<br />
|-<br />
| || pulse-access || 131<br />
|-<br />
| || pulse-rt || 132<br />
|-<br />
| || rtkit || 133<br />
|-<br />
| || netdata || 134<br />
|-<br />
| || kdm || 135<br />
|-<br />
| || znc (deprecated, now dynamic) || 136<br />
|-<br />
| || usbmux || 140<br />
|-<br />
| || salt || 141<br />
|-<br />
| || docker (deprecated, now dynamic) || 142<br />
|-<br />
| || nvidia-persistenced || 143<br />
|-<br />
| || smtpd || 145<br />
|-<br />
| {{pkg|nss-pam-ldapd}}|| nslcd || 146<br />
|-<br />
| {{pkg|wireshark-cli}} || wireshark || 150<br />
|-<br />
| || cgred || 160<br />
|-<br />
| {{pkg|transmission-cli}} || transmission || 169<br />
|-<br />
| {{pkg|zabbix-server}} || zabbix-server || 170<br />
|-<br />
| {{pkg|zabbix-proxy}} || zabbix-proxy || 171<br />
|-<br />
| {{pkg|zabbix-agent}} || zabbix-agent || 172<br />
|-<br />
| || postfwd || 180<br />
|-<br />
| || smokeping || 181<br />
|-<br />
| || spamd || 182<br />
|-<br />
| {{pkg|chrony}} || chrony || 183<br />
|-<br />
| {{pkg|pdnsd}} || pdnsd || 184<br />
|-<br />
| {{pkg|polipo}} || polipo || 185<br />
|-<br />
| {{pkg|tinyproxy}} || tinyproxy || 186<br />
|-<br />
| {{pkg|filesystem}} || systemd-journal || 190<br />
|-<br />
| {{pkg|filesystem}} || systemd-journal-gateway || 191<br />
|-<br />
| {{pkg|filesystem}} || systemd-timesync || 192<br />
|-<br />
| {{pkg|filesystem}} || systemd-network || 193<br />
|-<br />
| {{pkg|filesystem}} || systemd-bus-proxy || 194<br />
|-<br />
| {{pkg|filesystem}} || systemd-resolve || 195<br />
|-<br />
| {{pkg|gitolite}} || gitolite || 196<br />
|-<br />
| {{pkg|rabbitmq}} || rabbitmq || 197<br />
|-<br />
| {{pkg|matrix-synapse}} || synapse || 198<br />
|-<br />
| {{pkg|toxcore}} || tox-bootstrapd || 199<br />
|-<br />
| {{pkg|grsec-common}}{{Broken package link|package not found}} || tpe || 200<br />
|-<br />
| {{pkg|grsec-common}}{{Broken package link|package not found}} || audit || 201<br />
|-<br />
| {{pkg|grsec-common}}{{Broken package link|package not found}} || socket-deny-all || 202<br />
|-<br />
| {{pkg|grsec-common}}{{Broken package link|package not found}} || socket-deny-client || 203<br />
|-<br />
| {{pkg|grsec-common}}{{Broken package link|package not found}} || socket-deny-server || 204<br />
|-<br />
| {{AUR|kubernetes}} || kubernetes || 205<br />
|-<br />
| {{pkg|kibana}} || kibana || 206<br />
|-<br />
| || ldap || 439<br />
|-<br />
| || oprofile || 492<br />
|-<br />
| || qmail || 2107<br />
|-<br />
| || nofiles || 2108<br />
|}</div>
Anthraxx
https://wiki.archlinux.org/index.php?title=Libvirt&diff=478651
Libvirt
2017-05-30T10:22:54Z
<p>Anthraxx: fixing bug tracker url params for mentioned workaround</p>
<hr />
<div>{{DISPLAYTITLE:libvirt}}<br />
[[Category:Virtualization]]<br />
[[ja:libvirt]]<br />
[[zh-hans:Libvirt]]<br />
[[zh-hant:Libvirt]]<br />
{{Related articles start}}<br />
{{Related|:Category:Hypervisors}}<br />
{{Related|:PCI passthrough via OVMF}}<br />
{{Related articles end}}<br />
<br />
Libvirt is collection of software that provides a convenient way to manage virtual machines and other virtualization functionality, such as storage and network interface management. These software pieces include a long term stable C API, a daemon (libvirtd), and a command line utility (virsh). A primary goal of libvirt is to provide a single way to manage multiple different virtualization providers/hypervisors, such as the [[QEMU|KVM/QEMU]], [[Xen]], [[LXC]], [http://openvz.org OpenVZ] or [[VirtualBox]] [[:Category:Hypervisors|hypervisors]] ([http://libvirt.org/drivers.html among others]).<br />
<br />
Some of the major libvirt features are:<br />
*'''VM management''': Various domain lifecycle operations such as start, stop, pause, save, restore, and migrate. Hotplug operations for many device types including disk and network interfaces, memory, and CPUs.<br />
*'''Remote machine support''': All libvirt functionality is accessible on any machine running the libvirt daemon, including remote machines. A variety of network transports are supported for connecting remotely, with the simplest being SSH, which requires no extra explicit configuration.<br />
*'''Storage management''': Any host running the libvirt daemon can be used to manage various types of storage: create file images of various formats (qcow2, vmdk, raw, ...), mount NFS shares, enumerate existing LVM volume groups, create new LVM volume groups and logical volumes, partition raw disk devices, mount iSCSI shares, and much more.<br />
*'''Network interface management''': Any host running the libvirt daemon can be used to manage physical and logical network interfaces. Enumerate existing interfaces, as well as configure (and create) interfaces, bridges, vlans, and bond devices.<br />
*'''Virtual NAT and Route based networking''': Any host running the libvirt daemon can manage and create virtual networks. Libvirt virtual networks use firewall rules to act as a router, providing VMs transparent access to the host machines network.<br />
<br />
== Installation ==<br />
<br />
Because of its daemon/client architecture, libvirt needs only be installed on the machine which will host the virtualized system. Note that the server and client can be the same physical machine.<br />
<br />
=== Server ===<br />
<br />
[[Install]] the {{pkg|libvirt}} package, as well as at least one hypervisor:<br />
<br />
* The [http://libvirt.org/drvqemu.html libvirt KVM/QEMU driver] is the primary ''libvirt'' driver and if [[QEMU#Enabling_KVM|KVM is enabled]], fully virtualized, hardware accelerated guests will be available. See the [[QEMU]] article for more informations.<br />
<br />
* Other [http://libvirt.org/drivers.html supported hypervisors] include [[LXC]], [[VirtualBox]] and [[Xen]]. See the respective articles for installation instructions. With respect to {{ic|libvirtd}} installation note: <br />
** The [http://libvirt.org/drvlxc.html libvirt LXC driver] has no dependency on the [[LXC]] userspace tools provided by {{Pkg|lxc}}, therefore there is no need to install the package if planning on using the driver.<br />
** [[Xen]] support is available, but not by default. You need to use the [[ABS]] to modify {{Pkg|libvirt}}'s [[PKGBUILD]] and build it without the {{ic|--without-xen}} option. As VirtualBox in turn has no planned stable support for Xen, you might as well replace it with {{ic|--without-vbox}}.<br />
<br />
For network connectivity, install: <br />
<br />
* {{Pkg|ebtables}} '''and''' {{Pkg|dnsmasq}} for the [http://wiki.libvirt.org/page/VirtualNetworking#The_default_configuration default] NAT/DHCP networking.<br />
* {{Pkg|bridge-utils}} for bridged networking.<br />
* {{Pkg|openbsd-netcat}} for remote management over [[SSH]].<br />
<br />
=== Client ===<br />
<br />
The client is the user interface that will be used to manage and access the virtual machines.<br />
<br />
* ''virsh'' is a command line program for managing and configuring domains; it is included in the {{Pkg|libvirt}} package.<br />
* {{Pkg|virt-manager}} is a graphical user interface for managing virtual machines.<br />
* {{Pkg|virt-viewer}} is a lightweight interface for interacting with the graphical display of virtualized guest OS.<br />
* {{Pkg|gnome-boxes}} is a simple GNOME 3 application to access remote or virtual systems.<br />
* {{AUR|virt-manager-qt5}}<br />
* {{AUR|libvirt-sandbox}} is an application sandbox toolkit.<br />
<br />
A list of libvirt-compatible software can be found [http://libvirt.org/apps.html here].<br />
<br />
== Configuration ==<br />
<br />
For '''''system'''''-level administration (i.e. global settings and image-''volume'' location), libvirt minimally requires [[#Set up authentication|setting up authorization]], and [[#Daemon|starting the daemon]].<br />
<br />
{{Note|For user-'''''session''''' administration, daemon setup and configuration is ''not'' required; authorization, however, is limited to local abilities; the front-end will launch a local instance of the '''libvirtd''' daemon.}}<br />
<br />
=== Set up authentication ===<br />
<br />
From [http://libvirt.org/auth.html#ACL_server_config libvirt: Connection authentication]:<br />
:The libvirt daemon allows the administrator to choose the authentication mechanisms used for client connections on each network socket independently. This is primarily controlled via the libvirt daemon master config file in {{ic|/etc/libvirt/libvirtd.conf}}. Each of the libvirt sockets can have its authentication mechanism configured independently. There is currently a choice of {{ic|none}}, {{ic|polkit}} and {{ic|sasl}}. <br />
<br />
Because {{Pkg|libvirt}} pulls {{Pkg|polkit}} as a dependency during installation, [[#Using polkit|polkit]] is used as the default value for the {{ic|unix_sock_auth}} parameter ([http://libvirt.org/auth.html#ACL_server_polkit source]). [[#Authenticate with file-based permissions|File-based permissions]] remain nevertheless available.<br />
<br />
==== Using polkit ====<br />
{{Note|A system reboot may be required before authenticating with {{ic|polkit}} works correctly.}}<br />
<br />
The ''libvirt'' daemon provides two [[Polkit#Actions|polkit actions]] in {{ic|/usr/share/polkit-1/actions/org.libvirt.unix.policy}}:<br />
* {{ic|org.libvirt.unix.manage}} for full management access (RW daemon socket), and<br />
* {{ic|org.libvirt.unix.monitor}} for monitoring only access (read-only socket).<br />
<br />
The default policy for the RW daemon socket will require to authenticate as an admin. This is akin to [[sudo]] auth, but does not require that the client application ultimately run as root. Default policy will still allow any application to connect to the RO socket.<br />
<br />
Arch defaults to consider anybody in the {{ic|wheel}} group as an administrator: this is defined in {{ic|/etc/polkit-1/rules.d/50-default.rules}} (see [[Polkit#Administrator identities]]). Therefore there is no need to create a new group and rule file '''if your user is a member of the {{ic|wheel}} group''': upon connection to the RW socket (e.g. via {{Pkg|virt-manager}}) you will be prompted for your user's password.<br />
<br />
{{Note|Prompting for a password relies on the presence of an [[Polkit#Authentication_agents|authentication agent]] on the system. Console users may face an issue with the default {{ic|pkttyagent}} agent which may or may not work properly.}}<br />
<br />
{{Tip|If you want to configure passwordless authentication, see [[Polkit#Bypass password prompt]].}}<br />
<br />
As of libvirt 1.2.16 (commit:[http://libvirt.org/git/?p=libvirt.git;a=commit;h=e94979e901517af9fdde358d7b7c92cc055dd50c]), members of the {{ic|libvirt}} group have passwordless access to the RW daemon socket by default. The easiest way to ensure your user has access is to ensure the libvirt group exists and they are a member of it. If you wish to change the group authorized to access the RW daemon socket to be the kvm group, create the following file:<br />
<br />
{{hc|/etc/polkit-1/rules.d/50-libvirt.rules|<nowiki><br />
/* Allow users in kvm group to manage the libvirt<br />
daemon without authentication */<br />
polkit.addRule(function(action, subject) {<br />
if (action.id == "org.libvirt.unix.manage" &&<br />
subject.isInGroup("kvm")) {<br />
return polkit.Result.YES;<br />
}<br />
});</nowiki><br />
}}<br />
<br />
Then [[Users_and_groups#Other_examples_of_user_management|add yourself]] to the {{ic|kvm}} group and relogin. Replace ''kvm'' with any group of your preference just make sure it exists and that your user is a member of it (see [[Users and groups]] for more information).<br />
<br />
Do not forget to relogin for group changes to take effect.<br />
<br />
==== Authenticate with file-based permissions ====<br />
<br />
To define file-based permissions for users in the ''libvirt'' group to manage virtual machines, uncomment and define:<br />
<br />
{{hc|/etc/libvirt/libvirtd.conf|<nowiki><br />
#unix_sock_group = "libvirt"<br />
#unix_sock_ro_perms = "0777" # set to 0770 to deny non-group libvirt users<br />
#unix_sock_rw_perms = "0770"<br />
#auth_unix_ro = "none"<br />
#auth_unix_rw = "none"<br />
</nowiki>}}<br />
<br />
While some guides mention changed permissions of certain libvirt directories to ease management, keep in mind permissions are lost on package update. To edit these system directories, root user is expected.<br />
<br />
=== Daemon ===<br />
<br />
[[Start]] both {{ic|libvirtd.service}} and {{ic|virtlogd.service}}. Optionally [[enable]] {{ic|libvirtd.service}}. There is no need to enable {{ic|virtlogd.service}}, since {{ic|libvirtd.service}}, when enabled, also enables the {{ic|virtlogd.socket}} and {{ic|virtlockd.socket}} [[Systemd#Using_units|units]].<br />
<br />
=== Unencrypt TCP/IP sockets ===<br />
<br />
{{Warning|This method is used to help remote domain, connection speed for trusted networks. This is the least secure connection method. This should ''only'' be used for testing or use over a secure, private, and trusted network. SASL is not enabled here, so all TCP traffic is ''cleartext''. For real world use ''always'' enable SASL.}}<br />
<br />
Edit {{ic|/etc/libvirt/libvirtd.conf}}:<br />
{{hc|/etc/libvirt/libvirtd.conf|<nowiki><br />
listen_tls = 0<br />
listen_tcp = 1<br />
auth_tcp="none"<br />
</nowiki>}}<br />
<br />
It is also necessary to start the server in listening mode by editing {{ic|/etc/conf.d/libvirtd}}:<br />
<br />
{{hc|/etc/conf.d/libvirtd|2=LIBVIRTD_ARGS="--listen"}}<br />
<br />
=== Access virtual machines using their hostnames ===<br />
<br />
For host access to guests on non-isolated, bridged networks, enable the {{ic|libvirt}} NSS module provided by {{Pkg|libvirt}}.<br />
<br />
Edit {{ic|/etc/nsswitch.conf}}:<br />
{{hc|/etc/nsswitch.conf|<nowiki><br />
hosts: files libvirt dns myhostname<br />
</nowiki>}}<br />
<br />
{{Note|While commands such as {{ic|ping}} and {{ic|ssh}} should work with virtual machine hostnames, commands such as {{ic|host}} and {{ic|nslookup}} may fail or produce unexpected results because they rely on DNS. Use {{ic|getent hosts <vm-hostname>}} instead.}}<br />
<br />
== Test ==<br />
<br />
To test if libvirt is working properly on a ''system'' level:<br />
<br />
$ virsh -c qemu:///system<br />
<br />
To test if libvirt is working properly for a user-''session'':<br />
<br />
$ virsh -c qemu:///session<br />
<br />
== Management ==<br />
<br />
Libvirt management is done mostly with three tools: {{Pkg|virt-manager}} (GUI), {{ic|virsh}}, and {{ic|guestfish}} (which is part of {{AUR|libguestfs}}).<br />
<br />
=== virsh ===<br />
<br />
The virsh program is for managing guest ''domains'' (virtual machines) and works well for scripting, virtualization administration. Though most virsh commands require root privileges to run due to the communication channels used to talk to the hypervisor, typical management, creation, and running of domains (like that done with VirtualBox) can be done as a regular user.<br />
<br />
Virsh includes an interactive terminal that can be entered if no commands are passed (options are allowed though): {{ic|virsh}}. The interactive terminal has support for tab completion.<br />
<br />
From the command line:<br />
<br />
$ virsh [option] <command> [argument]...<br />
<br />
From the interactive terminal:<br />
<br />
virsh # <command> [argument]...<br />
<br />
Help is available:<br />
<br />
$ virsh help [option*] or [group-keyword*]<br />
<br />
=== Storage pools ===<br />
<br />
A pool is a location where storage ''volumes'' can be kept. What libvirt defines as ''volumes'' others may define as "virtual disks" or "virtual machine images". Pool locations may be a directory, a network filesystem, or partition (this includes a [[LVM]]). Pools can be toggled active or inactive and allocated for space.<br />
<br />
On the ''system''-level, {{ic|/var/lib/libvirt/images/}} will be activated by default; on a user-''session'', {{ic|virt-manager}} creates {{ic|$HOME/VirtualMachines}}.<br />
<br />
Print active and inactive storage pools:<br />
<br />
$ virsh pool-list --all<br />
<br />
==== Create a new pool using virsh ====<br />
<br />
If wanted to ''add'' a storage pool, here are examples of the command form, adding a directory, and adding a LVM volume:<br />
<br />
$ virsh pool-define-as name type [source-host] [source-path] [source-dev] [source-name] [<target>] [--source-format format]<br />
$ virsh pool-define-as ''poolname'' dir - - - - /home/''username''/.local/libvirt/images<br />
$ virsh pool-define-as ''poolname'' fs - - ''/dev/vg0/images'' - ''mntpoint''<br />
<br />
The above command defines the information for the pool, to build it:<br />
<br />
$ virsh pool-build ''poolname''<br />
$ virsh pool-start ''poolname''<br />
$ virsh pool-autostart ''poolname''<br />
<br />
To remove it:<br />
<br />
$ virsh pool-undefine ''poolname''<br />
<br />
{{Tip|For LVM storage pools:<br />
* It is a good practice to dedicate a volume group to the storage pool only. <br />
* Choose a LVM volume group that differs from the pool name, otherwise when the storage pool is deleted the LVM group will be too.<br />
}}<br />
<br />
==== Create a new pool using virt-manager ====<br />
<br />
First, connect to a hypervisor (e.g. QEMU/KVM ''system'', or user-''session''). Then, right-click on a connection and select ''Details''; select the ''Storage'' tab, push the ''+'' button on the lower-left, and follow the wizard.<br />
<br />
=== Storage volumes ===<br />
<br />
Once the pool has been created, volumes can be created inside the pool. ''If building a new domain (virtual machine), this step can be skipped as a volume can be created in the domain creation process.''<br />
<br />
==== Create a new volume with virsh ====<br />
<br />
Create volume, list volumes, resize, and delete:<br />
$ virsh vol-create-as ''poolname'' ''volumename'' 10GiB --format aw|bochs|raw|qcow|qcow2|vmdk<br />
$ virsh vol-upload --pool ''poolname'' ''volumename'' ''volumepath''<br />
$ virsh vol-list ''poolname''<br />
$ virsh vol-resize --pool ''poolname'' ''volumename'' 12GiB<br />
$ virsh vol-delete --pool ''poolname'' ''volumename''<br />
$ virsh vol-dumpxml --pool ''poolname'' ''volumename'' # for details.<br />
<br />
==== virt-manager backing store type bug ====<br />
<br />
On newer versions of {{ic|virt-manager}} you can now specify a backing store to use when creating a new disk. This is very useful, in that you can have new domains be based on base images saving you both time and disk space when provisioning new virtual systems. There is a bug (https://bugzilla.redhat.com/show_bug.cgi?id=1235406) in the current version of {{ic|virt-manager}} which causes {{ic|virt-manager}} to choose the wrong type of the backing image in the case where the backing image is a {{ic|qcow2}} type. In this case, it will errantly pick the backing type as {{ic|raw}}. This will cause the new image to be unable to read from the backing store, and effectively remove the utility of having a backing store at all.<br />
<br />
There is a workaround for this issue. {{ic|qemu-img}} has long been able to do this operation directly. If you wish to have a backing store for your new domain before this bug is fixed, you may use the following command.<br />
<br />
$ qemu-img create -f qcow2 -o backing_file=<path to backing image>,backing_fmt=qcow2 <disk name> <disk size><br />
<br />
Then you can use this image as the base for your new domain and it will use the backing store as a COW volume saving you time and disk space.<br />
<br />
=== Domains ===<br />
<br />
Virtual machines are called ''domains''. If working from the command line, use {{ic|virsh}} to list, create, pause, shutdown domains, etc. {{ic|virt-viewer}} can be used to view domains started with {{ic|virsh}}. Creation of domains is typically done either graphically with {{ic|virt-manager}} or with {{ic|virt-install}} (a command line program installed as part of the {{pkg|virt-install}} package).<br />
<br />
Creating a new domain typically involves using some installation media, such as an {{ic|.iso}} from the storage pool or an optical drive.<br />
<br />
Print active and inactive domains:<br />
<br />
# virsh list --all<br />
<br />
{{note|[[SELinux]] has a built-in exemption for libvirt that allows volumes in {{ic|/var/lib/libvirt/images/}} to be accessed. If using SELinux and there are issues with the volumes, ensure that volumes are in that directory, or ensure that other storage pools are correctly labeled.}}<br />
<br />
==== Create a new domain using virt-install ====<br />
<br />
For an extremely detailed domain (virtual machine) setup, it is easier to [[#Create a new domain using virt-manager]]. However, basics can easily be done with {{ic|virt-install}} and still run quite well. Minimum specifications are {{ic|--name}}, {{ic|--memory}}, guest storage ({{ic|--disk}}, {{ic|--filesystem}}, or {{ic|--nodisks}}), and an install method (generally an {{ic|.iso}} or CD). See {{ic|man virt-install}} for more details and information about unlisted options.<br />
<br />
Arch Linux install (two GiB, qcow2 format volume create; user-networking):<br />
<br />
$ virt-install \<br />
--name arch-linux_testing \<br />
--memory 1024 \ <br />
--vcpus=2,maxvcpus=4 \<br />
--cpu host \<br />
--cdrom $HOME/Downloads/arch-linux_install.iso \<br />
--disk size=2,format=qcow2 \<br />
--network user \<br />
--virt-type kvm<br />
<br />
Fedora testing (Xen hypervisor, non-default pool, do not originally view):<br />
<br />
$ virt-install \<br />
--connect xen:/// \<br />
--name fedora-testing \<br />
--memory 2048 \<br />
--vcpus=2 \<br />
--cpu=host \<br />
--cdrom /tmp/fedora20_x84-64.iso \<br />
--os-type=linux --os-variant=fedora20 \<br />
--disk pool=testing,size=4 \<br />
--network bridge=br0 \<br />
--graphics=vnc \<br />
--noautoconsole<br />
$ virt-viewer --connect xen:/// fedora-testing<br />
<br />
Windows:<br />
<br />
$ virt-install \<br />
--name=windows7 \<br />
--memory 2048 \<br />
--cdrom /dev/sr0 \<br />
--os-variant=win7 \<br />
--disk /mnt/storage/domains/windows7.qcow2,size=20GiB \<br />
--network network=vm-net \<br />
--graphics spice<br />
<br />
{{Tip|Run {{ic|1=osinfo-query --fields=name,short-id,version os}} to get argument for {{ic|--os-variant}}; this will help define some specifications for the domain. However, {{ic|--memory}} and {{ic|--disk}} will need to be entered; one can look within the appropriate {{ic|/usr/share/libosinfo/db/oses/''os''.xml}} if needing these specifications. After installing, it will likely be preferable to install the [http://www.spice-space.org/download.html Spice Guest Tools] that include the [https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Virtualization_Host_Configuration_and_Guest_Installation_Guide/form-Virtualization_Host_Configuration_and_Guest_Installation_Guide-Para_virtualized_drivers-Mounting_the_image_with_virt_manager.html VirtIO drivers]. For a Windows VirtIO network driver there is also {{Aur|virtio-win}}. These drivers are referenced by a {{ic|1=<model type='virtio' />}} in the guest's {{ic|.xml}} configuration section for the device. A bit more information can also be found on the [[QEMU#Preparing_a_Windows_guest|QEMU article]].}}<br />
<br />
Import existing volume:<br />
<br />
$ virt-install \<br />
--name demo \<br />
--memory 512 \<br />
--disk /home/user/VMs/mydisk.img \<br />
--import<br />
<br />
==== Create a new domain using virt-manager ====<br />
<br />
First, connect to the hypervisor (e.g. QEMU/KVM ''system'' or user ''session''), right click on a connection and select ''New'', and follow the wizard.<br />
<br />
* On the ''fourth step'', de-selecting ''Allocate entire disk now'' will make setup quicker and can save disk space in the interum; ''however'', it may cause volume fragmentation over time.<br />
* On the ''fifth step'', open ''Advanced options'' and make sure that ''Virt Type'' is set to ''kvm'' (this is usually the preferred method). If additional hardware setup is required, select the ''Customize configuration before install'' option.<br />
<br />
==== Manage a domain ====<br />
<br />
Start a domain:<br />
<br />
$ virsh start ''domain''<br />
$ virt-viewer --connect qemu:///session ''domain''<br />
<br />
Gracefully attempt to shutdown a domain; force off a domain:<br />
<br />
$ virsh shutdown ''domain''<br />
$ virsh destroy ''domain''<br />
<br />
Autostart domain on libvirtd start:<br />
<br />
$ virsh autostart ''domain''<br />
$ virsh autostart ''domain'' --disable<br />
<br />
Shutdown domain on host shutdown:<br />
<br />
: Running domains can be automatically suspended/shutdown at host shutdown using the {{ic|libvirt-guests.service}} systemd service. This same service will resume/startup the suspended/shutdown domain automatically at host startup. Read {{ic|/etc/conf.d/libvirt-guests}} for service options.<br />
<br />
Edit a domain's XML configuration:<br />
<br />
$ virsh edit ''domain''<br />
<br />
{{note|Virtual Machines started directly by QEMU are not managable by libvirt tools.}}<br />
<br />
=== Networks ===<br />
<br />
A [https://jamielinux.com/docs/libvirt-networking-handbook/ decent overview of libvirt networking].<br />
<br />
By default, when the {{ic|libvirtd}} systemd service is started, a NAT bridge is created called ''default'' to allow external network connectivity (warning see: [[#"default" network bug]]{{Broken section link}}). For other network connectivity needs, four network types exist that can be created to connect a domain to:<br />
<br />
* bridge — a virtual device; shares data directly with a physical interface. Use this if the host has ''static'' networking, it does not need to connect other domains, the domain requires full inbound and outbound trafficking, and the domain is running on a ''system''-level. See [[Network bridge]] on how to add a bridge additional to the default one. After creation, it needs to be specified in the respective guest's {{ic|.xml}} configuration file. <br />
* network — a virtual network; has ability to share with other domains. Use a virtual network if the host has ''dynamic'' networking (e.g. NetworkManager), or using wireless.<br />
* macvtap — connect directly to a host physical interface.<br />
* user — local ability networking. Use this only for a user ''session''.<br />
<br />
{{ic|virsh}} has the ability to create networking with numerous options for most users, however, it is easier to create network connectivity with a graphic user interface (like {{ic|virt-manager}}), or to do so on [[#Create a new domain using virt-install|creation with virt-install]].<br />
<br />
{{note|libvirt handles DHCP and DNS with {{pkg|dnsmasq}}, launching a separate instance for every virtual network. It also adds iptables rules for proper routing, and enables the {{ic|ip_forward}} kernel parameter. This also means that having dnsmasq running on the host system is not necessary to support libvirt requirements (and could interfere with libvirt dnsmasq instances).}}<br />
<br />
=== Snapshots ===<br />
<br />
Snapshots take the disk, memory, and device state of a domain at a point-of-time, and save it for future use. They have many uses, from saving a "clean" copy of an OS image to saving a domain's state before a potentially destructive operation. Snapshots are identified with a unique name.<br />
<br />
Snapshots are saved within the volume itself and the volume must be the format: qcow2 or raw. Snapshots use deltas so they have the potentiality to not take much space.<br />
<br />
==== Create a snapshot ====<br />
<br />
{{Out of date|Some of this data appears to be dated.}}<br />
<br />
Once a snapshot is taken it is saved as a new block device and the original snapshot is taken offline. Snapshots can be chosen from and also merged into another (even without shutting down the domain).<br />
<br />
Print a running domain's volumes (running domains can be printed with {{ic|virsh list}}):<br />
<br />
{{hc|# virsh domblklist ''domain''|<nowiki><br />
Target Source<br />
------------------------------------------------<br />
vda /vms/domain.img<br />
</nowiki>}}<br />
<br />
To see a volume's physical properties:<br />
<br />
{{hc|# qemu-img info /vms/domain.img|<nowiki><br />
image: /vms/domain.img<br />
file format: qcow2<br />
virtual size: 50G (53687091200 bytes)<br />
disk size: 2.1G<br />
cluster_size: 65536<br />
</nowiki>}}<br />
<br />
Create a disk-only snapshot (the option {{ic|--atomic}} will prevent the volume from being modified if snapshot creation fails):<br />
<br />
# virsh snapshot-create-as ''domain'' snapshot1 --disk-only --atomic<br />
<br />
List snapshots:<br />
<br />
{{hc|# virsh snapshot-list ''domain''|<nowiki><br />
Name Creation Time State<br />
------------------------------------------------------------<br />
snapshot1 2012-10-21 17:12:57 -0700 disk-snapshot<br />
</nowiki>}}<br />
<br />
One can they copy the original image with {{ic|1=cp --sparse=true}} or {{ic|rsync -S}} and then merge the the original back into snapshot:<br />
<br />
# virsh blockpull --domain ''domain'' --path /vms/''domain''.snapshot1<br />
<br />
{{ic|domain.snapshot1}} becomes a new volume. After this is done the original volume ({{ic|domain.img}} and snapshot metadata can be deleted. The {{ic|virsh blockcommit}} would work opposite to {{ic|blockpull}} but it seems to be currently under development (including {{ic|snapshot-revert feature}}, scheduled to be released sometime next year.<br />
<br />
=== Other management ===<br />
<br />
Connect to non-default hypervisor:<br />
<br />
$ virsh --connect xen:///<br />
virsh # uri<br />
xen:///<br />
<br />
Connect to the QEMU hypervisor over SSH; and the same with logging:<br />
<br />
$ virsh --connect qemu+ssh://''username''@''host''/system<br />
$ LIBVIRT_DEBUG=1 virsh --connect qemu+ssh://''username''@''host''/system<br />
<br />
Connect a graphic console over SSH:<br />
<br />
$ virt-viewer --connect qemu+ssh://''username''@''host''/system ''domain''<br />
$ virt-manager --connect qemu+ssh://''username''@''host''/system ''domain''<br />
<br />
{{Note|If you are having problems connecting to a remote RHEL server (or anything other than Arch, really), try the two workarounds mentioned in {{bug|30748}} and {{bug|22068}}.}}<br />
<br />
Connect to the VirtualBox hypervisor (''VirtualBox support in libvirt is not stable yet and may cause libvirtd to crash''):<br />
<br />
$ virsh --connect vbox:///system<br />
<br />
Network configurations:<br />
<br />
$ virsh -c qemu:///system net-list --all<br />
$ virsh -c qemu:///system net-dumpxml default<br />
<br />
== Python connectivity code ==<br />
<br />
The {{Pkg|libvirt-python}} package provides a {{Pkg|python2}} API in {{ic|/usr/lib/python2.7/site-packages/libvirt.py}}.<br />
<br />
General examples are given in {{ic|/usr/share/doc/libvirt-python-''your_libvirt_version''/examples/}}<br />
<br />
Unofficial example using {{Pkg|qemu}} and {{Pkg|openssh}}:<br />
<br />
#! /usr/bin/env python2<br />
# -*- coding: utf-8 -*-<br />
import socket<br />
import sys<br />
import libvirt<br />
if (__name__ == "__main__"):<br />
<nowiki>conn = libvirt.open("qemu+ssh://xxx/system")</nowiki><br />
print "Trying to find node on xxx"<br />
domains = conn.listDomainsID()<br />
for domainID in domains:<br />
domConnect = conn.lookupByID(domainID)<br />
if domConnect.name() == 'xxx-node':<br />
print "Found shared node on xxx with ID " + str(domainID)<br />
domServ = domConnect<br />
break<br />
<br />
== UEFI Support ==<br />
<br />
Libvirt can suport UEFI virtual machines through QEMU and [https://github.com/tianocore/edk2 OVMF].<br />
<br />
Currently this is possible in Arch Linux through a workaround. [https://bugs.archlinux.org/index.php?do=details&task_id=47101 This ovmf packaging bug] needs to be resolved for this to work out of the box or with minimal configuration of {{ic|/etc/libvirt/qemu.conf}}.<br />
<br />
=== OVMF - QEMU workaround ===<br />
<br />
* Build {{Pkg|ovmf}} from the [[ABS]] with {{ic|makepkg}}.<br />
* Copy the {{ic|OVMF_CODE.fd}} and {{ic|OVMF_VARS.fd}} files either for 64 or 32 bit to the default qemu location.<br />
<br />
{{hc|/etc/libvirt/qemu.conf|<nowiki><br />
#nvram = [<br />
# "/usr/share/OVMF/OVMF_CODE.fd:/usr/share/OVMF/OVMF_VARS.fd",<br />
# "/usr/share/OVMF/OVMF_CODE.secboot.fd:/usr/share/OVMF/OVMF_VARS.fd",<br />
# "/usr/share/AAVMF/AAVMF_CODE.fd:/usr/share/AAVMF/AAVMF_VARS.fd"<br />
#]<br />
</nowiki><br />
}}<br />
<br />
# mkdir /usr/share/OVMF<br />
# cp src/edk2/Build/OvmfX64/RELEASE_GCC49/FV/OVMF_CODE.fd src/edk2/Build/OvmfX64/RELEASE_GCC49/FV/OVMF_VARS.fd /usr/share/OVMF/ <br />
<br />
* [[Restart]] {{ic|libvirtd}}.<br />
<br />
Now you are ready to create a uefi virtual machine. Create a new virtual machine through {{Pkg|virt-manager}}. When you get to the final page of the 'New VM' wizard, do the following: <br />
<br />
* Click 'Customize before install', then select 'Finish'<br />
* On the 'Overview' screen, Change the 'Firmware' field to select the 'UEFI x86_64' option.<br />
* Click 'Begin Installation'<br />
* The boot screen you'll see should use linuxefi commands to boot the installer, and you should be able to run efibootmgr inside that system, to verify that you're running an UEFI OS. <br />
<br />
For more information about this, refer to [https://fedoraproject.org/wiki/Using_UEFI_with_QEMU this fedora wiki page].<br />
<br />
== PulseAudio ==<br />
<br />
The PulseAudio daemon normally runs under your regular user account, and will only accept connections from the same user. This can be a problem if QEMU is being run as root through [[libvirt]]. To run QEMU as a regular user, edit {{ic|/etc/libvirt/qemu.conf}} and set the {{ic|user}} option to your username.<br />
<br />
user = "dave"<br />
<br />
You will also need to tell QEMU to use the PulseAudio backend and identify the server to connect to. Add the following section to your domain configuration using {{ic|virsh edit}}.<br />
<br />
<qemu:commandline><br />
<qemu:env name='QEMU_AUDIO_DRV' value='pa'/><br />
<qemu:env name='QEMU_PA_SERVER' value='/run/user/1000/pulse/native'/><br />
</qemu:commandline><br />
<br />
{{ic|1000}} is your user id. Change it if necessary.<br />
<br />
== See also ==<br />
<br />
* [http://libvirt.org/drvqemu.html Official libvirt web site]<br />
* [https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Virtualization_Deployment_and_Administration_Guide/index.html Red Hat Virtualization Deployment and Administration Guide]<br />
* [https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Virtualization_Tuning_and_Optimization_Guide/index.html Red Hat Virtualization Tuning and Optimization Guide]<br />
* [http://docs.slackware.com/howtos:general_admin:kvm_libvirt Slackware KVM and libvirt]<br />
* [http://www-01.ibm.com/support/knowledgecenter/linuxonibm/liaat/liaatkvm.htm IBM KVM]<br />
* [https://jamielinux.com/docs/libvirt-networking-handbook/ libvirt Networking Handbook]</div>
Anthraxx
https://wiki.archlinux.org/index.php?title=Talk:CVE&diff=465732
Talk:CVE
2017-01-18T11:52:16Z
<p>Anthraxx: /* Move to Developerwiki ? */ adding clarification that we can archive the old pages</p>
<hr />
<div>== Move to Developerwiki ? ==<br />
<br />
The list is getting longer over time. And I think it is not for normal Arch users. Should move to developer namespace if so.Also apply to [[Security Advisories]]. --[[User:Fengchao|Fengchao]] ([[User talk:Fengchao|talk]]) 13:29, 23 April 2015 (UTC)<br />
<br />
:TL;DR: This "issue" will get resolved by its own once we move to the security tracker that I'm developing and testing soon.<br />
:I agree that its not optimal that the list gets longer and longer. I also may agree that the CVE page itself is (most of the time) only used by the security team... '''but''' to be honest the CVE page belongs to the "security transparency" type of category and users may be interested in knowing which packages are known to be vulnerable. For the [[Security Advisories]] I would even go with a stronger opinion, that particular page is (more or less) '''only''' for the community users and '''not''' for the developers.<br />
:However, this topic will very soon get obsolete automatically, because I will soon publish the security tracker that we will use to provide and collect all this information outside of the wiki. I suggest that we leave it this way until its ready. --[[User:Anthraxx|anthraxx]] 15:32, 23 April 2015 (UTC)<br />
<br />
::To all involved: Great job with the tracker! The roll-over to it means the content in this article outdates quick. Have you thought about reusing parts of the article content to update to the new procedure, or should it be [[Template:Archive]]d as a whole in due course? --[[User:Indigo|Indigo]] ([[User talk:Indigo|talk]]) 11:53, 2 January 2017 (UTC)<br />
<br />
:::Sure, please go ahead and archive all pages, except the [[Arch CVE Monitoring Team]] page but please keep some reference there to the new tracker:<br />
:::[[CVE]], [[Security Advisories]], [[Security Advisories/Examples]] — [[User:Anthraxx|Anthraxx]] ([[User talk:Anthraxx|talk]]) 11:52, 18 January 2017 (UTC)</div>
Anthraxx
https://wiki.archlinux.org/index.php?title=User_talk:Anthraxx&diff=465731
User talk:Anthraxx
2017-01-18T11:48:09Z
<p>Anthraxx: </p>
<hr />
<div>== CVE articles ==<br />
<br />
Hey Anthraxx, I see you guys of the ACMT have officially stopped maintaining [[Security Advisories]] and [[CVE]] in favor of https://security.archlinux.org/ , which is great news! Before we archive those pages though, I was wondering if you're still using [[Security Advisories#Publishing a new advisory]] and [[Security Advisories/Examples]] for https://security.archlinux.org/advisory , can you please clarify? Cheers :) — [[User:Kynikos|Kynikos]] ([[User talk:Kynikos|talk]]) 10:01, 18 January 2017 (UTC)<br />
<br />
:Sure, please go ahead and archive all pages, except the [[Arch CVE Monitoring Team]] page:<br />
:[[CVE]], [[Security Advisories]], [[Security Advisories/Examples]] — [[User:Anthraxx|Anthraxx]] ([[User talk:Anthraxx|talk]]) 11:48, 18 January 2017 (UTC)</div>
Anthraxx
https://wiki.archlinux.org/index.php?title=DeveloperWiki:UID_/_GID_Database&diff=465668
DeveloperWiki:UID / GID Database
2017-01-17T17:45:47Z
<p>Anthraxx: switch synapse group to 198 to match uid (there was free space and its not yet published)</p>
<hr />
<div>[[Category:DeveloperWiki]]<br />
This is intended to be a starting point for creating standard uid and gid numbers.<br />
<br />
I really think this should be moved directly into arch at some point and just have a a keyword in PKGBUILD like<br />
<br />
require_user('user1' 'user2')<br />
require_group('group1')<br />
<br />
and if they didn't exist they would be created according to this database by makepkg when building or by pacman when installing.<br />
<br />
Actually, for this to work, we will need to add the primary and secondary groups to the database as well.<br />
<br />
==Users==<br />
<br />
{| border="1" cellpadding="4" cellspacing="0"<br />
! Owning Package !! User Name !! UID<br />
|-<br />
| {{pkg|filesystem}} || root || 0<br />
|-<br />
| {{pkg|filesystem}} || bin || 1<br />
|-<br />
| {{pkg|filesystem}} || daemon || 2<br />
|-<br />
| {{pkg|filesystem}} || mail || 8<br />
|-<br />
| || news || 9<br />
|-<br />
| || uucp || 10<br />
|-<br />
| || ftp || 14<br />
|-<br />
| || proxy || 15<br />
|-<br />
| || stunnel || 16<br />
|-<br />
| || jabber || 17<br />
|-<br />
| || osiris || 18<br />
|-<br />
| || slocate || 21<br />
|-<br />
| || cron || 22<br />
|-<br />
| || fcron || 23<br />
|-<br />
| || snort || 29<br />
|-<br />
| || nagios (coming soon) || 30<br />
|-<br />
| || nrpe || 31<br />
|-<br />
| {{pkg|rpcbind}} || rpc || 32<br />
|-<br />
| || http || 33<br />
|-<br />
| || named || 40<br />
|-<br />
| || privoxy || 42<br />
|-<br />
| {{pkg|tor}} || tor || 43<br />
|-<br />
| {{pkg|nbd}} || nbd|| 44<br />
|-<br />
| || mpd || 45<br />
|-<br />
| || mopidy || 46<br />
|-<br />
| || nut || 55<br />
|-<br />
| || tomcat8 || 57<br />
|-<br />
| || rbldns || 58<br />
|-<br />
| || rbldnszones || 59<br />
|-<br />
| || dnslog || 60<br />
|-<br />
| || dnscache || 61<br />
|-<br />
| || tinydns || 62<br />
|-<br />
| || axfrdns || 63<br />
|-<br />
| || clamav || 64<br />
|-<br />
| || bitlbee || 65<br />
|-<br />
| || tomcat6 || 66<br />
|-<br />
| || minbif || 67<br />
|-<br />
| {{pkg|filesystem}} || uuidd || 68<br />
|-<br />
| || fax || 69<br />
|-<br />
| || cyrus || 70<br />
|-<br />
| || tomcat7 || 71<br />
|-<br />
| || courier || 72<br />
|-<br />
| || postfix || 73<br />
|-<br />
| {{pkg|dovecot}} || dovenull || 74<br />
|-<br />
| {{pkg|dovecot}} || dovecot || 76<br />
|-<br />
| || asterisk || 77<br />
|-<br />
| || exim || 79<br />
|-<br />
| || vpopmail || 80<br />
|-<br />
| {{pkg|filesystem}} || dbus || 81<br />
|-<br />
| || nsvsd || 83<br />
|-<br />
| || avahi || 84<br />
|-<br />
| || nx || 85<br />
|-<br />
| || beaglidx || 86<br />
|-<br />
| {{pkg|ntp}} || ntp || 87<br />
|-<br />
| || postgres || 88<br />
|-<br />
| || mysql || 89<br />
|-<br />
| || fetchmail || 90<br />
|-<br />
| || smtpd || 91<br />
|-<br />
| || smtpq || 92<br />
|-<br />
| || smtpf || 93<br />
|-<br />
| {{pkg|filesystem}} || nobody || 99<br />
|-<br />
| {{pkg|polkit}} || polkitd || 102<br />
|-<br />
| || nm-openconnect || 104<br />
|-<br />
| || gitlab || 105<br />
|-<br />
| || cherokee || 106<br />
|-<br />
| || gitlab-runner || 107<br />
|-<br />
| || partimag || 110<br />
|-<br />
| {{pkg|x2goserver}} || x2gouser || 111<br />
|-<br />
| {{pkg|x2goserver}} || x2goprint || 112<br />
|-<br />
| || unifi || 113<br />
|-<br />
| || gdm || 120<br />
|-<br />
| || lxdm || 121<br />
|-<br />
| || murmurd || 122<br />
|-<br />
| || colord || 124<br />
|-<br />
| || deluge || 125<br />
|-<br />
| || backuppc || 126<br />
|-<br />
| || lldpd || 127<br />
|-<br />
| || pulse || 130<br />
|-<br />
| || rtkit || 133<br />
|-<br />
| || netdata || 134<br />
|-<br />
| || kdm || 135<br />
|-<br />
| || znc (deprecated, now dynamic) || 136<br />
|-<br />
| || usbmux || 140<br />
|-<br />
| || salt || 141<br />
|-<br />
| || nvidia-persistenced || 143<br />
|-<br />
| {{pkg|nss-pam-ldapd}}|| nslcd || 146<br />
|-<br />
| {{pkg|transmission-cli}} || transmission || 169<br />
|-<br />
| || postfwd || 180<br />
|-<br />
| || smokeping || 181<br />
|-<br />
| || spamd || 182<br />
|-<br />
| {{pkg|chrony}} || chrony || 183<br />
|-<br />
| {{pkg|pdnsd}} || pdnsd || 184<br />
|-<br />
| {{pkg|polipo}} || polipo || 185<br />
|-<br />
| {{pkg|tinyproxy}} || tinyproxy || 186<br />
|-<br />
| {{pkg|filesystem}} || systemd-journal-gateway || 191<br />
|-<br />
| {{pkg|filesystem}} || systemd-timesync || 192<br />
|-<br />
| {{pkg|filesystem}} || systemd-network || 193<br />
|-<br />
| {{pkg|filesystem}} || systemd-bus-proxy || 194<br />
|-<br />
| {{pkg|filesystem}} || systemd-resolve || 195<br />
|-<br />
| {{pkg|gitolite}} || gitolite || 196<br />
|-<br />
| {{pkg|rabbitmq}} || rabbitmq || 197<br />
|-<br />
| {{pkg|matrix-synapse}} || synapse || 198<br />
|-<br />
| || ldap || 439<br />
|-<br />
| || oprofile || 492<br />
|-<br />
| || alias || 7790<br />
|-<br />
| || qmaild || 7791<br />
|-<br />
| || qmaill || 7792<br />
|-<br />
| || qmailp || 7793<br />
|-<br />
| || qmailq || 7794<br />
|-<br />
| || qmailr || 7795<br />
|-<br />
| || qmails || 7796<br />
|}<br />
<br />
==Groups==<br />
<br />
{| border="1" cellpadding="4" cellspacing="0"<br />
! Owning Package || Group Name !! GID<br />
|-<br />
| {{pkg|filesystem}} || root || 0<br />
|-<br />
| {{pkg|filesystem}} || bin || 1<br />
|-<br />
| {{pkg|filesystem}} || daemon || 2<br />
|-<br />
| {{pkg|filesystem}} || sys || 3<br />
|-<br />
| {{pkg|filesystem}} || adm || 4<br />
|-<br />
| {{pkg|filesystem}} || tty || 5<br />
|-<br />
| {{pkg|filesystem}} || disk || 6<br />
|-<br />
| {{pkg|filesystem}} || lp || 7<br />
|-<br />
| {{pkg|filesystem}} || mem || 8<br />
|-<br />
| {{pkg|filesystem}} || kmem || 9<br />
|-<br />
| {{pkg|filesystem}} || wheel || 10<br />
|-<br />
| {{pkg|filesystem}} || ftp || 11<br />
|-<br />
| {{pkg|filesystem}} || mail || 12<br />
|-<br />
| || news || 13<br />
|-<br />
| {{pkg|filesystem}} || uucp || 14<br />
|-<br />
| || proxy || 15<br />
|-<br />
| || stunnel || 16<br />
|-<br />
| || jabber || 17<br />
|-<br />
| || osiris || 18<br />
|-<br />
| {{pkg|filesystem}} || log || 19<br />
|-<br />
| {{pkg|filesystem}} || utmp || 20<br />
|-<br />
| {{pkg|filesystem}} || locate (ex slocate/mlocate/rlocate) || 21<br />
|-<br />
| || cron || 22<br />
|-<br />
| || fcron || 23<br />
|-<br />
| {{pkg|filesystem}} || rfkill || 24<br />
|-<br />
| {{pkg|filesystem}} || smmsp || 25<br />
|-<br />
| {{pkg|filesystem}} || proc || 26<br />
|-<br />
| || snort || 29<br />
|-<br />
| || nagios (coming soon) || 30<br />
|-<br />
| || nrpe || 31<br />
|-<br />
| {{pkg|rpcbind}} || rpc || 32<br />
|-<br />
| {{pkg|filesystem}} || http || 33<br />
|-<br />
| || named || 40<br />
|-<br />
| || privoxy || 42<br />
|-<br />
| {{pkg|tor}} || tor || 43<br />
|-<br />
| {{pkg|nbd}} || nbd|| 44<br />
|-<br />
| || mpd || 45<br />
|-<br />
| || mopidy || 46<br />
|-<br />
| {{pkg|filesystem}} || games || 50<br />
|-<br />
| {{pkg|filesystem}} || lock || 54<br />
|-<br />
| || nut || 55<br />
|-<br />
| || bumblebee || 56<br />
|-<br />
| || tomcat8 || 57<br />
|-<br />
| || rbldns || 58<br />
|-<br />
| || rbldnszones || 59<br />
|-<br />
| || clamav || 64<br />
|-<br />
| || bitlbee || 65<br />
|-<br />
| || tomcat6 || 66<br />
|-<br />
| || minbif || 67<br />
|-<br />
| {{pkg|filesystem}} || uuidd || 68<br />
|-<br />
| || cyrus || 70<br />
|-<br />
| || tomcat7 || 71<br />
|-<br />
| || courier || 72<br />
|-<br />
| {{pkg|dovecot}} || dovenull || 74<br />
|-<br />
| || postdrop || 75<br />
|-<br />
| {{pkg|dovecot}} || dovecot || 76<br />
|-<br />
| || asterisk || 77<br />
|-<br />
| || kvm || 78<br />
|-<br />
| || exim || 79<br />
|-<br />
| || vchkpw || 80<br />
|-<br />
| {{pkg|filesystem}} || dbus || 81<br />
|-<br />
| || nsvsd || 83<br />
|-<br />
| || avahi || 84<br />
|-<br />
| || nx || 85<br />
|-<br />
| || beaglidx || 86<br />
|-<br />
| {{pkg|ntp}} || ntp || 87<br />
|-<br />
| || postgres || 88<br />
|-<br />
| || mysql || 89<br />
|-<br />
| {{pkg|filesystem}} || network || 90<br />
|-<br />
| {{pkg|filesystem}} || video || 91<br />
|-<br />
| {{pkg|filesystem}} || audio || 92<br />
|-<br />
| {{pkg|filesystem}} || optical || 93<br />
|-<br />
| {{pkg|filesystem}} || floppy || 94<br />
|-<br />
| {{pkg|filesystem}} || storage || 95<br />
|-<br />
| {{pkg|filesystem}} || scanner || 96<br />
|-<br />
| {{pkg|filesystem}} || input || 97<br />
|-<br />
| {{pkg|filesystem}} || power || 98<br />
|-<br />
| {{pkg|filesystem}} || nobody || 99<br />
|-<br />
| {{pkg|filesystem}} || users || 100<br />
|-<br />
| {{pkg|polkit}} || polkitd || 102<br />
|-<br />
| || nm-openconnect || 104<br />
|-<br />
| || gitlab || 105<br />
|-<br />
| || cherokee || 106<br />
|-<br />
| || gitlab-runner || 107<br />
|-<br />
| || vboxusers || 108<br />
|-<br />
| || vboxsf || 109<br />
|-<br />
| || partimag || 110<br />
|-<br />
| {{pkg|x2goserver}} || x2gouser || 111<br />
|-<br />
| {{pkg|x2goserver}} || x2goprint || 112<br />
|-<br />
| || unifi || 113<br />
|-<br />
| || gdm || 120<br />
|-<br />
| || lxdm || 121<br />
|-<br />
| || murmurd || 122<br />
|-<br />
| {{pkg|colord}} || colord || 124<br />
|-<br />
| || deluge || 125<br />
|-<br />
| || backuppc || 126<br />
|-<br />
| || lldpd || 127<br />
|-<br />
| || vlock || 129<br />
|-<br />
| || pulse || 130<br />
|-<br />
| || pulse-access || 131<br />
|-<br />
| || pulse-rt || 132<br />
|-<br />
| || rtkit || 133<br />
|-<br />
| || netdata || 134<br />
|-<br />
| || kdm || 135<br />
|-<br />
| || znc (deprecated, now dynamic) || 136<br />
|-<br />
| || usbmux || 140<br />
|-<br />
| || salt || 141<br />
|-<br />
| || docker (deprecated, now dynamic) || 142<br />
|-<br />
| || nvidia-persistenced || 143<br />
|-<br />
| || smtpd || 145<br />
|-<br />
| {{pkg|nss-pam-ldapd}}|| nslcd || 146<br />
|-<br />
| {{pkg|wireshark-cli}} || wireshark || 150<br />
|-<br />
| || cgred || 160<br />
|-<br />
| {{pkg|transmission-cli}} || transmission || 169<br />
|-<br />
| || postfwd || 180<br />
|-<br />
| || smokeping || 181<br />
|-<br />
| || spamd || 182<br />
|-<br />
| {{pkg|chrony}} || chrony || 183<br />
|-<br />
| {{pkg|pdnsd}} || pdnsd || 184<br />
|-<br />
| {{pkg|polipo}} || polipo || 185<br />
|-<br />
| {{pkg|tinyproxy}} || tinyproxy || 186<br />
|-<br />
| {{pkg|filesystem}} || systemd-journal || 190<br />
|-<br />
| {{pkg|filesystem}} || systemd-journal-gateway || 191<br />
|-<br />
| {{pkg|filesystem}} || systemd-timesync || 192<br />
|-<br />
| {{pkg|filesystem}} || systemd-network || 193<br />
|-<br />
| {{pkg|filesystem}} || systemd-bus-proxy || 194<br />
|-<br />
| {{pkg|filesystem}} || systemd-resolve || 195<br />
|-<br />
| {{pkg|gitolite}} || gitolite || 196<br />
|-<br />
| {{pkg|rabbitmq}} || rabbitmq || 197<br />
|-<br />
| {{pkg|matrix-synapse}} || synapse || 198<br />
|-<br />
| {{pkg|grsec-common}} || tpe || 200<br />
|-<br />
| {{pkg|grsec-common}} || audit || 201<br />
|-<br />
| {{pkg|grsec-common}} || socket-deny-all || 202<br />
|-<br />
| {{pkg|grsec-common}} || socket-deny-client || 203<br />
|-<br />
| {{pkg|grsec-common}} || socket-deny-server || 204<br />
|-<br />
| || ldap || 439<br />
|-<br />
| || oprofile || 492<br />
|-<br />
| || qmail || 2107<br />
|-<br />
| || nofiles || 2108<br />
|}</div>
Anthraxx
https://wiki.archlinux.org/index.php?title=DeveloperWiki:UID_/_GID_Database&diff=465667
DeveloperWiki:UID / GID Database
2017-01-17T17:42:33Z
<p>Anthraxx: adding synapse user/group for matrix-synapse (198/205)</p>
<hr />
<div>[[Category:DeveloperWiki]]<br />
This is intended to be a starting point for creating standard uid and gid numbers.<br />
<br />
I really think this should be moved directly into arch at some point and just have a a keyword in PKGBUILD like<br />
<br />
require_user('user1' 'user2')<br />
require_group('group1')<br />
<br />
and if they didn't exist they would be created according to this database by makepkg when building or by pacman when installing.<br />
<br />
Actually, for this to work, we will need to add the primary and secondary groups to the database as well.<br />
<br />
==Users==<br />
<br />
{| border="1" cellpadding="4" cellspacing="0"<br />
! Owning Package !! User Name !! UID<br />
|-<br />
| {{pkg|filesystem}} || root || 0<br />
|-<br />
| {{pkg|filesystem}} || bin || 1<br />
|-<br />
| {{pkg|filesystem}} || daemon || 2<br />
|-<br />
| {{pkg|filesystem}} || mail || 8<br />
|-<br />
| || news || 9<br />
|-<br />
| || uucp || 10<br />
|-<br />
| || ftp || 14<br />
|-<br />
| || proxy || 15<br />
|-<br />
| || stunnel || 16<br />
|-<br />
| || jabber || 17<br />
|-<br />
| || osiris || 18<br />
|-<br />
| || slocate || 21<br />
|-<br />
| || cron || 22<br />
|-<br />
| || fcron || 23<br />
|-<br />
| || snort || 29<br />
|-<br />
| || nagios (coming soon) || 30<br />
|-<br />
| || nrpe || 31<br />
|-<br />
| {{pkg|rpcbind}} || rpc || 32<br />
|-<br />
| || http || 33<br />
|-<br />
| || named || 40<br />
|-<br />
| || privoxy || 42<br />
|-<br />
| {{pkg|tor}} || tor || 43<br />
|-<br />
| {{pkg|nbd}} || nbd|| 44<br />
|-<br />
| || mpd || 45<br />
|-<br />
| || mopidy || 46<br />
|-<br />
| || nut || 55<br />
|-<br />
| || tomcat8 || 57<br />
|-<br />
| || rbldns || 58<br />
|-<br />
| || rbldnszones || 59<br />
|-<br />
| || dnslog || 60<br />
|-<br />
| || dnscache || 61<br />
|-<br />
| || tinydns || 62<br />
|-<br />
| || axfrdns || 63<br />
|-<br />
| || clamav || 64<br />
|-<br />
| || bitlbee || 65<br />
|-<br />
| || tomcat6 || 66<br />
|-<br />
| || minbif || 67<br />
|-<br />
| {{pkg|filesystem}} || uuidd || 68<br />
|-<br />
| || fax || 69<br />
|-<br />
| || cyrus || 70<br />
|-<br />
| || tomcat7 || 71<br />
|-<br />
| || courier || 72<br />
|-<br />
| || postfix || 73<br />
|-<br />
| {{pkg|dovecot}} || dovenull || 74<br />
|-<br />
| {{pkg|dovecot}} || dovecot || 76<br />
|-<br />
| || asterisk || 77<br />
|-<br />
| || exim || 79<br />
|-<br />
| || vpopmail || 80<br />
|-<br />
| {{pkg|filesystem}} || dbus || 81<br />
|-<br />
| || nsvsd || 83<br />
|-<br />
| || avahi || 84<br />
|-<br />
| || nx || 85<br />
|-<br />
| || beaglidx || 86<br />
|-<br />
| {{pkg|ntp}} || ntp || 87<br />
|-<br />
| || postgres || 88<br />
|-<br />
| || mysql || 89<br />
|-<br />
| || fetchmail || 90<br />
|-<br />
| || smtpd || 91<br />
|-<br />
| || smtpq || 92<br />
|-<br />
| || smtpf || 93<br />
|-<br />
| {{pkg|filesystem}} || nobody || 99<br />
|-<br />
| {{pkg|polkit}} || polkitd || 102<br />
|-<br />
| || nm-openconnect || 104<br />
|-<br />
| || gitlab || 105<br />
|-<br />
| || cherokee || 106<br />
|-<br />
| || gitlab-runner || 107<br />
|-<br />
| || partimag || 110<br />
|-<br />
| {{pkg|x2goserver}} || x2gouser || 111<br />
|-<br />
| {{pkg|x2goserver}} || x2goprint || 112<br />
|-<br />
| || unifi || 113<br />
|-<br />
| || gdm || 120<br />
|-<br />
| || lxdm || 121<br />
|-<br />
| || murmurd || 122<br />
|-<br />
| || colord || 124<br />
|-<br />
| || deluge || 125<br />
|-<br />
| || backuppc || 126<br />
|-<br />
| || lldpd || 127<br />
|-<br />
| || pulse || 130<br />
|-<br />
| || rtkit || 133<br />
|-<br />
| || netdata || 134<br />
|-<br />
| || kdm || 135<br />
|-<br />
| || znc (deprecated, now dynamic) || 136<br />
|-<br />
| || usbmux || 140<br />
|-<br />
| || salt || 141<br />
|-<br />
| || nvidia-persistenced || 143<br />
|-<br />
| {{pkg|nss-pam-ldapd}}|| nslcd || 146<br />
|-<br />
| {{pkg|transmission-cli}} || transmission || 169<br />
|-<br />
| || postfwd || 180<br />
|-<br />
| || smokeping || 181<br />
|-<br />
| || spamd || 182<br />
|-<br />
| {{pkg|chrony}} || chrony || 183<br />
|-<br />
| {{pkg|pdnsd}} || pdnsd || 184<br />
|-<br />
| {{pkg|polipo}} || polipo || 185<br />
|-<br />
| {{pkg|tinyproxy}} || tinyproxy || 186<br />
|-<br />
| {{pkg|filesystem}} || systemd-journal-gateway || 191<br />
|-<br />
| {{pkg|filesystem}} || systemd-timesync || 192<br />
|-<br />
| {{pkg|filesystem}} || systemd-network || 193<br />
|-<br />
| {{pkg|filesystem}} || systemd-bus-proxy || 194<br />
|-<br />
| {{pkg|filesystem}} || systemd-resolve || 195<br />
|-<br />
| {{pkg|gitolite}} || gitolite || 196<br />
|-<br />
| {{pkg|rabbitmq}} || rabbitmq || 197<br />
|-<br />
| {{pkg|matrix-synapse}} || synapse || 198<br />
|-<br />
| || ldap || 439<br />
|-<br />
| || oprofile || 492<br />
|-<br />
| || alias || 7790<br />
|-<br />
| || qmaild || 7791<br />
|-<br />
| || qmaill || 7792<br />
|-<br />
| || qmailp || 7793<br />
|-<br />
| || qmailq || 7794<br />
|-<br />
| || qmailr || 7795<br />
|-<br />
| || qmails || 7796<br />
|}<br />
<br />
==Groups==<br />
<br />
{| border="1" cellpadding="4" cellspacing="0"<br />
! Owning Package || Group Name !! GID<br />
|-<br />
| {{pkg|filesystem}} || root || 0<br />
|-<br />
| {{pkg|filesystem}} || bin || 1<br />
|-<br />
| {{pkg|filesystem}} || daemon || 2<br />
|-<br />
| {{pkg|filesystem}} || sys || 3<br />
|-<br />
| {{pkg|filesystem}} || adm || 4<br />
|-<br />
| {{pkg|filesystem}} || tty || 5<br />
|-<br />
| {{pkg|filesystem}} || disk || 6<br />
|-<br />
| {{pkg|filesystem}} || lp || 7<br />
|-<br />
| {{pkg|filesystem}} || mem || 8<br />
|-<br />
| {{pkg|filesystem}} || kmem || 9<br />
|-<br />
| {{pkg|filesystem}} || wheel || 10<br />
|-<br />
| {{pkg|filesystem}} || ftp || 11<br />
|-<br />
| {{pkg|filesystem}} || mail || 12<br />
|-<br />
| || news || 13<br />
|-<br />
| {{pkg|filesystem}} || uucp || 14<br />
|-<br />
| || proxy || 15<br />
|-<br />
| || stunnel || 16<br />
|-<br />
| || jabber || 17<br />
|-<br />
| || osiris || 18<br />
|-<br />
| {{pkg|filesystem}} || log || 19<br />
|-<br />
| {{pkg|filesystem}} || utmp || 20<br />
|-<br />
| {{pkg|filesystem}} || locate (ex slocate/mlocate/rlocate) || 21<br />
|-<br />
| || cron || 22<br />
|-<br />
| || fcron || 23<br />
|-<br />
| {{pkg|filesystem}} || rfkill || 24<br />
|-<br />
| {{pkg|filesystem}} || smmsp || 25<br />
|-<br />
| {{pkg|filesystem}} || proc || 26<br />
|-<br />
| || snort || 29<br />
|-<br />
| || nagios (coming soon) || 30<br />
|-<br />
| || nrpe || 31<br />
|-<br />
| {{pkg|rpcbind}} || rpc || 32<br />
|-<br />
| {{pkg|filesystem}} || http || 33<br />
|-<br />
| || named || 40<br />
|-<br />
| || privoxy || 42<br />
|-<br />
| {{pkg|tor}} || tor || 43<br />
|-<br />
| {{pkg|nbd}} || nbd|| 44<br />
|-<br />
| || mpd || 45<br />
|-<br />
| || mopidy || 46<br />
|-<br />
| {{pkg|filesystem}} || games || 50<br />
|-<br />
| {{pkg|filesystem}} || lock || 54<br />
|-<br />
| || nut || 55<br />
|-<br />
| || bumblebee || 56<br />
|-<br />
| || tomcat8 || 57<br />
|-<br />
| || rbldns || 58<br />
|-<br />
| || rbldnszones || 59<br />
|-<br />
| || clamav || 64<br />
|-<br />
| || bitlbee || 65<br />
|-<br />
| || tomcat6 || 66<br />
|-<br />
| || minbif || 67<br />
|-<br />
| {{pkg|filesystem}} || uuidd || 68<br />
|-<br />
| || cyrus || 70<br />
|-<br />
| || tomcat7 || 71<br />
|-<br />
| || courier || 72<br />
|-<br />
| {{pkg|dovecot}} || dovenull || 74<br />
|-<br />
| || postdrop || 75<br />
|-<br />
| {{pkg|dovecot}} || dovecot || 76<br />
|-<br />
| || asterisk || 77<br />
|-<br />
| || kvm || 78<br />
|-<br />
| || exim || 79<br />
|-<br />
| || vchkpw || 80<br />
|-<br />
| {{pkg|filesystem}} || dbus || 81<br />
|-<br />
| || nsvsd || 83<br />
|-<br />
| || avahi || 84<br />
|-<br />
| || nx || 85<br />
|-<br />
| || beaglidx || 86<br />
|-<br />
| {{pkg|ntp}} || ntp || 87<br />
|-<br />
| || postgres || 88<br />
|-<br />
| || mysql || 89<br />
|-<br />
| {{pkg|filesystem}} || network || 90<br />
|-<br />
| {{pkg|filesystem}} || video || 91<br />
|-<br />
| {{pkg|filesystem}} || audio || 92<br />
|-<br />
| {{pkg|filesystem}} || optical || 93<br />
|-<br />
| {{pkg|filesystem}} || floppy || 94<br />
|-<br />
| {{pkg|filesystem}} || storage || 95<br />
|-<br />
| {{pkg|filesystem}} || scanner || 96<br />
|-<br />
| {{pkg|filesystem}} || input || 97<br />
|-<br />
| {{pkg|filesystem}} || power || 98<br />
|-<br />
| {{pkg|filesystem}} || nobody || 99<br />
|-<br />
| {{pkg|filesystem}} || users || 100<br />
|-<br />
| {{pkg|polkit}} || polkitd || 102<br />
|-<br />
| || nm-openconnect || 104<br />
|-<br />
| || gitlab || 105<br />
|-<br />
| || cherokee || 106<br />
|-<br />
| || gitlab-runner || 107<br />
|-<br />
| || vboxusers || 108<br />
|-<br />
| || vboxsf || 109<br />
|-<br />
| || partimag || 110<br />
|-<br />
| {{pkg|x2goserver}} || x2gouser || 111<br />
|-<br />
| {{pkg|x2goserver}} || x2goprint || 112<br />
|-<br />
| || unifi || 113<br />
|-<br />
| || gdm || 120<br />
|-<br />
| || lxdm || 121<br />
|-<br />
| || murmurd || 122<br />
|-<br />
| {{pkg|colord}} || colord || 124<br />
|-<br />
| || deluge || 125<br />
|-<br />
| || backuppc || 126<br />
|-<br />
| || lldpd || 127<br />
|-<br />
| || vlock || 129<br />
|-<br />
| || pulse || 130<br />
|-<br />
| || pulse-access || 131<br />
|-<br />
| || pulse-rt || 132<br />
|-<br />
| || rtkit || 133<br />
|-<br />
| || netdata || 134<br />
|-<br />
| || kdm || 135<br />
|-<br />
| || znc (deprecated, now dynamic) || 136<br />
|-<br />
| || usbmux || 140<br />
|-<br />
| || salt || 141<br />
|-<br />
| || docker (deprecated, now dynamic) || 142<br />
|-<br />
| || nvidia-persistenced || 143<br />
|-<br />
| || smtpd || 145<br />
|-<br />
| {{pkg|nss-pam-ldapd}}|| nslcd || 146<br />
|-<br />
| {{pkg|wireshark-cli}} || wireshark || 150<br />
|-<br />
| || cgred || 160<br />
|-<br />
| {{pkg|transmission-cli}} || transmission || 169<br />
|-<br />
| || postfwd || 180<br />
|-<br />
| || smokeping || 181<br />
|-<br />
| || spamd || 182<br />
|-<br />
| {{pkg|chrony}} || chrony || 183<br />
|-<br />
| {{pkg|pdnsd}} || pdnsd || 184<br />
|-<br />
| {{pkg|polipo}} || polipo || 185<br />
|-<br />
| {{pkg|tinyproxy}} || tinyproxy || 186<br />
|-<br />
| {{pkg|filesystem}} || systemd-journal || 190<br />
|-<br />
| {{pkg|filesystem}} || systemd-journal-gateway || 191<br />
|-<br />
| {{pkg|filesystem}} || systemd-timesync || 192<br />
|-<br />
| {{pkg|filesystem}} || systemd-network || 193<br />
|-<br />
| {{pkg|filesystem}} || systemd-bus-proxy || 194<br />
|-<br />
| {{pkg|filesystem}} || systemd-resolve || 195<br />
|-<br />
| {{pkg|gitolite}} || gitolite || 196<br />
|-<br />
| {{pkg|rabbitmq}} || rabbitmq || 197<br />
|-<br />
| {{pkg|grsec-common}} || tpe || 200<br />
|-<br />
| {{pkg|grsec-common}} || audit || 201<br />
|-<br />
| {{pkg|grsec-common}} || socket-deny-all || 202<br />
|-<br />
| {{pkg|grsec-common}} || socket-deny-client || 203<br />
|-<br />
| {{pkg|grsec-common}} || socket-deny-server || 204<br />
|-<br />
| {{pkg|matrix-synapse}} || synapse || 205<br />
|-<br />
| || ldap || 439<br />
|-<br />
| || oprofile || 492<br />
|-<br />
| || qmail || 2107<br />
|-<br />
| || nofiles || 2108<br />
|}</div>
Anthraxx
https://wiki.archlinux.org/index.php?title=User:Anthraxx&diff=459674
User:Anthraxx
2016-12-20T22:48:38Z
<p>Anthraxx: </p>
<hr />
<div>===Involvement===<br />
* [[Arch_CVE_Monitoring_Team|Arch CVE Monitoring Team]]<br />
* [https://wiki.archlinux.org/index.php/Special:Contributions/Anthraxx Wiki contribution]<br />
* [https://aur.archlinux.org/packages/?SeB=m&K=anthraxx AUR packages]<br />
* [https://bugs.archlinux.org/index.php?string=&project=0&search_name=&type%5B%5D=&sev%5B%5D=&pri%5B%5D=&due%5B%5D=&reported%5B%5D=&cat%5B%5D=&status%5B%5D=&percent%5B%5D=&opened=anthraxx&dev=&closed=&duedatefrom=&duedateto=&changedfrom=&changedto=&openedfrom=&openedto=&closedfrom=&closedto=&do=index Bugtracker]<br />
<br />
===Contact===<br />
* '''E-Mail:''' anthraxx@archlinux.org<br />
* '''Jabber:''' anthraxx@jabber.ccc.de<br />
* '''Twitter:''' [https://twitter.com/anthraxx42 @anthraxx42]<br />
* '''IRC:''' irc://irc.eu.hackint.org:anthraxx<br />
* '''IRC:''' irc://irc.freenode.net:anthraxx<br />
<br />
===PGP Key===<br />
* '''Key ID:''' [http://leventepolyak.net/anthraxx.asc 0x8D8172C8]<br />
* '''Fingerprint:''' [http://leventepolyak.net/anthraxx.asc E240 B57E 2C46 30BA 768E 2F26 FC1B 547C 8D81 72C8]</div>
Anthraxx
https://wiki.archlinux.org/index.php?title=Security_Advisories&diff=459412
Security Advisories
2016-12-15T16:54:22Z
<p>Anthraxx: adding flash plugins</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
[[ja:セキュリティアドバイザリ]]<br />
{{Related articles start}}<br />
{{Related|Arch CVE Monitoring Team}}<br />
{{Related|CVE}}<br />
{{Related|Security Advisories/Examples}}<br />
{{Related articles end}}<br />
<br />
Security Advisories are published by the community driven [[Arch CVE Monitoring Team]] to the public [https://mailman.archlinux.org/mailman/listinfo/arch-security arch-security] list.<br />
All published advisories can be found below, however if you want to be up-to-date its recommended to subscribe to the [https://mailman.archlinux.org/mailman/listinfo/arch-security list]. All assigned CVE's are tracked at the relevant CVE page [[CVE]], by the [[Arch_CVE_Monitoring_Team|ACMT]].<br />
<br />
==Scheduled Advisories==<br />
<br />
==Recent Advisories==<br />
Here is an archive of security advisories posted to the [https://mailman.archlinux.org/mailman/listinfo/arch-security arch-security] list.<br />
<br />
=== December 2016 ===<br />
* [15 December 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-December/000794.html ASA-201612-17] {{pkg|lib32-flashplugin}} multiple issues<br />
* [15 December 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-December/000793.html ASA-201612-16] {{pkg|flashplugin}} multiple issues<br />
* [14 December 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-December/000792.html ASA-201612-15] {{pkg|firefox}} multiple issues<br />
* [13 December 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-December/000791.html ASA-201612-14] {{pkg|linux-zen}} denial of service<br />
* [13 December 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-December/000790.html ASA-201612-13] {{pkg|python-html5lib}} cross-site scripting<br />
* [13 December 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-December/000789.html ASA-201612-12] {{pkg|python2-html5lib}} cross-site scripting<br />
* [10 December 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-December/000787.html ASA-201612-11] {{pkg|linux-grsec}} denial of service<br />
* [10 December 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-December/000786.html ASA-201612-10] {{pkg|linux}} denial of service<br />
* [06 December 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-December/000785.html ASA-201612-9] {{pkg|jasper}} multiple issues<br />
* [06 December 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-December/000784.html ASA-201612-8] {{pkg|linux-zen}} privilege escalation<br />
* [06 December 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-December/000783.html ASA-201612-7] {{pkg|linux-lts}} privilege escalation<br />
* [06 December 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-December/000782.html ASA-201612-6] {{pkg|linux}} privilege escalation<br />
* [06 December 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-December/000781.html ASA-201612-5] {{pkg|linux-grsec}} privilege escalation<br />
* [02 December 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-December/000780.html ASA-201612-4] {{pkg|libdwarf}} multiple issues<br />
* [02 December 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-December/000779.html ASA-201612-3] {{pkg|chromium}} multiple issues<br />
* [01 December 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-December/000778.html ASA-201612-2] {{pkg|thunderbird}} arbitrary code execution<br />
* [01 December 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-December/000777.html ASA-201612-1] {{pkg|firefox}} multiple issues<br />
<br />
=== November 2016 ===<br />
* [30 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000776.html ASA-201611-29] {{pkg|neovim}} arbitrary command execution<br />
* [26 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000775.html ASA-201611-28] {{pkg|ntp}} multiple issues <br />
* [25 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000774.html ASA-201611-27] {{pkg|lib32-libtiff}} multiple issues<br />
* [25 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000773.html ASA-201611-26] {{pkg|libtiff}} multiple issues<br />
* [24 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000772.html ASA-201611-25] {{pkg|wireshark-cli}} multiple issues<br />
* [24 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000771.html ASA-201611-24] {{pkg|wireshark-qt}} multiple issues<br />
* [24 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000770.html ASA-201611-23] {{pkg|wireshark-gtk}} multiple issues<br />
* [23 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000769.html ASA-201611-22] {{pkg|tomcat6}} multiple issues<br />
* [21 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000768.html ASA-201611-21] {{pkg|slock}} access restriction bypass<br />
* [19 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000767.html ASA-201611-20] {{pkg|drupal}} multiple issues<br />
* [18 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000766.html ASA-201611-19] {{pkg|php}} arbitrary code execution<br />
* [18 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000765.html ASA-201611-18] {{pkg|w3m}} arbitrary code execution<br />
* [16 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000764.html ASA-201611-17] {{pkg|libgit2}} denial of service<br />
* [16 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000763.html ASA-201611-16] {{pkg|firefox}} multiple issues<br />
* [16 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000762.html ASA-201611-15] {{pkg|python-django}} multiple issues<br />
* [16 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000761.html ASA-201611-14] {{pkg|python2-django}} multiple issues<br />
* [14 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000760.html ASA-201611-13] {{pkg|shutter}} arbitrary code execution<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000759.html ASA-201611-12] {{pkg|lib32-gdk-pixbuf2}} arbitrary code execution<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000758.html ASA-201611-11] {{pkg|tar}} arbitrary file overwrite<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000757.html ASA-201611-10] {{pkg|lib32-libcurl-gnutls}} multiple issues<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000756.html ASA-201611-9] {{pkg|libcurl-gnutls}} multiple issues<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000755.html ASA-201611-8] {{pkg|libcurl-compat}} multiple issues<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000754.html ASA-201611-7] {{pkg|curl}} multiple issues<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000753.html ASA-201611-6] {{pkg|tomcat6}} proxy injection<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000752.html ASA-201611-5] {{pkg|lib32-libcurl-compat}} multiple issues<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000751.html ASA-201611-4] {{pkg|lib32-curl}} multiple issues<br />
* [01 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000750.html ASA-201611-3] {{pkg|bind}} denial of service<br />
* [01 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000749.html ASA-201611-2] {{pkg|libxml2}} arbitrary code execution<br />
* [01 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000748.html ASA-201611-1] {{pkg|memcached}} arbitrary code execution<br />
<br />
=== October 2016 ===<br />
* [26 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000747.html ASA-201610-19] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [26 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000746.html ASA-201610-18] {{pkg|flashplugin}} arbitrary code execution<br />
* [24 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000745.html ASA-201610-17] {{pkg|ocaml}} information disclosure<br />
* [24 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000744.html ASA-201610-16] {{pkg|linux-grsec}} privilege escalation<br />
* [23 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000743.html ASA-201610-15] {{pkg|chromium}} multiple issues<br />
* [22 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000742.html ASA-201610-14] {{pkg|linux}} privilege escalation<br />
* [21 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000741.html ASA-201610-13] {{pkg|python-django}} cross-site request forgery<br />
* [21 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000740.html ASA-201610-12] {{pkg|python2-django}} cross-site request forgery<br />
* [21 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000739.html ASA-201610-11] {{pkg|linux-lts}} privilege escalation<br />
* [16 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000738.html ASA-201610-10] {{pkg|guile}} multiple issues<br />
* [13 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000737.html ASA-201610-9] {{pkg|gdk-pixbuf2}} arbitrary code execution<br />
* [11 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000736.html ASA-201610-8] {{pkg|crypto++}} information disclosure<br />
* [09 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000735.html ASA-201610-7] {{pkg|wpa_supplicant}} multiple issues<br />
* [08 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000734.html ASA-201610-6] {{pkg|imagemagick}} multiple issues<br />
* [07 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000733.html ASA-201610-5] {{pkg|messagelib}} multiple issues<br />
* [07 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000732.html ASA-201610-4] {{pkg|kcoreaddons}} insufficient validation<br />
* [03 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000731.html ASA-201610-3] {{pkg|hostapd}} multiple issues<br />
* [03 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000730.html ASA-201610-2] {{pkg|systemd}} denial of service<br />
* [03 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000729.html ASA-201610-1] {{pkg|chromium}} arbitrary code execution<br />
<br />
=== September 2016 ===<br />
* [30 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000728.html ASA-201609-32] {{pkg|wordpress}} multiple issues<br />
* [30 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000727.html ASA-201609-31] {{pkg|c-ares}} arbitrary code execution<br />
* [28 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000726.html ASA-201609-30] {{pkg|openssl}} denial of service<br />
* [28 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000725.html ASA-201609-29] {{pkg|bind}} denial of service<br />
* [27 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000724.html ASA-201609-28] {{pkg|lib32-openssl}} denial of service<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000723.html ASA-201609-27] {{pkg|wireshark-cli}} denial of service<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000722.html ASA-201609-26] {{pkg|lib32-gnutls}} certificate verification bypass<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000721.html ASA-201609-25] {{pkg|gnutls}} certificate verification bypass<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000720.html ASA-201609-24] {{pkg|lib32-openssl}} multiple issues<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000719.html ASA-201609-23] {{pkg|openssl}} multiple issues<br />
* [22 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000718.html ASA-201609-22] {{pkg|firefox}} multiple issues<br />
* [22 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000717.html ASA-201609-21] {{pkg|tomcat7}} proxy injection<br />
* [22 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000716.html ASA-201609-20] {{pkg|irssi}} arbitrary code execution<br />
* [20 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000715.html ASA-201609-19] {{pkg|curl}} denial of service<br />
* [20 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000714.html ASA-201609-18] {{pkg|lib32-curl}} denial of service<br />
* [20 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000713.html ASA-201609-17] {{pkg|lib32-jansson}} denial of service<br />
* [18 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000712.html ASA-201609-16] {{pkg|php}} multiple issues<br />
* [17 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000711.html ASA-201609-15] {{pkg|jansson}} denial of service<br />
* [17 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000710.html ASA-201609-14] {{pkg|lib32-libgcrypt}} information disclosure<br />
* [17 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000709.html ASA-201609-13] {{pkg|chromium}} multiple issues<br />
* [15 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000708.html ASA-201609-12] {{pkg|lib32-flashplugin}} multiple issues<br />
* [15 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000707.html ASA-201609-11] {{pkg|flashplugin}} multiple issues<br />
* [14 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000706.html ASA-201609-10] {{pkg|mariadb}} multiple issues<br />
* [13 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000705.html ASA-201609-9] {{pkg|powerdns}} denial of service<br />
* [13 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000704.html ASA-201609-8] {{pkg|libtorrent-rasterbar}} denial of service<br />
* [10 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000703.html ASA-201609-7] {{pkg|tomcat8}} proxy injection<br />
* [09 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000702.html ASA-201609-6] {{pkg|graphicsmagick}} multiple issues<br />
* [09 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000701.html ASA-201609-5] {{pkg|file-roller}} directory traversal<br />
* [09 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000700.html ASA-201609-4] {{pkg|wordpress}} multiple issues<br />
* [04 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000699.html ASA-201609-3] {{pkg|thunderbird}} arbitrary code execution<br />
* [01 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000698.html ASA-201609-2] {{pkg|webkit2gtk}} multiple issues<br />
* [01 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000697.html ASA-201609-1] {{pkg|chromium}} multiple issues<br />
<br />
=== August 2016 ===<br />
* [30 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000696.html ASA-201608-22] {{pkg|mupdf}} arbitrary code execution<br />
* [30 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000695.html ASA-201608-21] {{pkg|mupdf}} arbitrary code execution<br />
* [27 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000694.html ASA-201608-20] {{pkg|wireshark-cli}} denial of service<br />
* [26 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000693.html ASA-201608-19] {{pkg|mediawiki}} multiple issues<br />
* [22 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000692.html ASA-201608-18] {{pkg|libgcrypt}} information disclosure<br />
* [21 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000691.html ASA-201608-17] {{pkg|linux-lts}} information disclosure<br />
* [17 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000690.html ASA-201608-16] {{pkg|chromium}} multiple issues<br />
* [17 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000689.html ASA-201608-15] {{pkg|linux-zen}} information disclosure<br />
* [14 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000688.html ASA-201608-14] {{pkg|postgresql}} multiple issues<br />
* [14 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000687.html ASA-201608-13] {{pkg|linux-grsec}} information disclosure<br />
* [14 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000686.html ASA-201608-12] {{pkg|linux}} information disclosure<br />
* [11 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000685.html ASA-201608-11] {{pkg|websvn}} cross-site scripting<br />
* [10 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000684.html ASA-201608-10] {{pkg|jq}} arbitrary code execution<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000683.html ASA-201608-9] {{pkg|curl}} multiple issues<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000682.html ASA-201608-8] {{pkg|libupnp}} arbitrary filesystem access<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000681.html ASA-201608-7] {{pkg|lib32-glibc}} denial of service<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000680.html ASA-201608-6] {{pkg|glibc}} denial of service<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000679.html ASA-201608-5] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000678.html ASA-201608-4] {{pkg|jre7-openjdk}} multiple issues<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000677.html ASA-201608-3] {{pkg|jdk7-openjdk}} multiple issues<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000676.html ASA-201608-2] {{pkg|firefox}} multiple issues<br />
* [02 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000675.html ASA-201608-1] {{pkg|openssh}} information leakage<br />
<br />
=== July 2016 ===<br />
* [30 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000674.html ASA-201607-14] {{pkg|libidn}} denial of service<br />
* [29 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000673.html ASA-201607-13] {{pkg|imagemagick}} information leakage<br />
* [24 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000672.html ASA-201607-12] {{pkg|chromium}} multiple issues<br />
* [22 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000671.html ASA-201607-11] {{pkg|python2-django}} cross site scripting<br />
* [22 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000670.html ASA-201607-10] {{pkg|python-django}} cross site scripting<br />
* [21 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000669.html ASA-201607-9] {{pkg|drupal}} proxy injection<br />
* [20 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000668.html ASA-201607-8] {{pkg|bind}} denial of service<br />
* [18 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000667.html ASA-201607-7] {{pkg|lib32-flashplugin}} multiple issues<br />
* [18 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000666.html ASA-201607-6] {{pkg|flashplugin}} multiple issues<br />
* [17 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000665.html ASA-201607-5] {{pkg|gimp}} arbitrary code execution<br />
* [10 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000664.html ASA-201607-4] {{pkg|thunderbird}} arbitrary code execution<br />
* [05 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000663.html ASA-201607-3] {{pkg|libreoffice-fresh}} arbitrary code execution<br />
* [05 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000662.html ASA-201607-2] {{pkg|xerces-c}} denial of service<br />
* [05 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000661.html ASA-201607-1] {{pkg|libarchive}} arbitrary code execution<br />
<br />
=== June 2016 ===<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000660.html ASA-201606-25] {{pkg|phpmyadmin}} multiple issues<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000659.html ASA-201606-24] {{pkg|libpurple}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000658.html ASA-201606-23] {{pkg|libdwarf}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000657.html ASA-201606-22] {{pkg|xerces-c}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000656.html ASA-201606-21] {{pkg|vlc}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000655.html ASA-201606-20] {{pkg|chromium}} arbitrary code execution<br />
* [20 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000654.html ASA-201606-19] {{pkg|wget}} arbitrary file upload<br />
* [20 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000653.html ASA-201606-18] {{pkg|lib32-flashplugin}} multiple issues<br />
* [19 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000652.html ASA-201606-17] {{pkg|lib32-glibc}} denial of service<br />
* [19 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000651.html ASA-201606-16] {{pkg|glibc}} denial of service<br />
* [19 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000650.html ASA-201606-15] {{pkg|flashplugin}} multiple issues<br />
* [13 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000649.html ASA-201606-14] {{pkg|lib32-expat}} multiple issues<br />
* [13 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000648.html ASA-201606-13] {{pkg|expat}} multiple issues<br />
* [10 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000647.html ASA-201606-12] {{pkg|lib32-gnutls}} arbitrary file overwrite<br />
* [10 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000646.html ASA-201606-11] {{pkg|haproxy}} denial of service<br />
* [10 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000645.html ASA-201606-10] {{pkg|gnutls}} arbitrary file overwrite<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000644.html ASA-201606-9] {{pkg|qemu-arch-extra}} multiple issues<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000643.html ASA-201606-8] {{pkg|qemu}} multiple issues<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000642.html ASA-201606-7] {{pkg|firefox}} multiple issues<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000641.html ASA-201606-6] {{pkg|subversion}} multiple issues<br />
* [5 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000640.html ASA-201606-5] {{pkg|chromium}} multiple issues<br />
* [4 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000639.html ASA-201606-4] {{pkg|ntp}} distributed denial of service amplification<br />
* [4 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000638.html ASA-201606-3] {{pkg|webkit2gtk}} arbitrary code execution<br />
* [1 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000637.html ASA-201606-2] {{pkg|nginx-mainline}} denial of service<br />
* [1 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000636.html ASA-201606-1] {{pkg|nginx}} denial of service<br />
<br />
=== May 2016 ===<br />
<br />
* [28 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000635.html ASA-201605-28] {{pkg|chromium}} multiple issues<br />
* [26 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000634.html ASA-201605-27] {{pkg|libxml2}} multiple issues<br />
* [24 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000633.html ASA-201605-26] {{pkg|libndp}} man-in-the-middle<br />
* [19 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000632.html ASA-201605-25] {{pkg|bugzilla}} cross-site scripting<br />
* [18 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000631.html ASA-201605-24] {{pkg|p7zip}} arbitrary code execution<br />
* [18 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000630.html ASA-201605-23] {{pkg|lib32-expat}} arbitrary code execution<br />
* [18 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000629.html ASA-201605-22] {{pkg|expat}} arbitrary code execution<br />
* [15 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000628.html ASA-201605-21] {{pkg|thunderbird}} arbitrary code execution<br />
* [13 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000627.html ASA-201605-20] {{pkg|lib32-glibc}} multiple issues<br />
* [13 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000626.html ASA-201605-19] {{pkg|glibc}} multiple issues<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000625.html ASA-201605-18] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000624.html ASA-201605-17] {{pkg|libksba}} denial of service<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000623.html ASA-201605-16] {{pkg|flashplugin}} arbitrary code execution<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000622.html ASA-201605-15] {{pkg|chromium}} multiple issues<br />
* [10 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000621.html ASA-201605-14] {{pkg|cacti}} sql injection<br />
* [10 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000620.html ASA-201605-13] {{pkg|squid}} multiple issues<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000619.html ASA-201605-12] {{pkg|mencoder}} denial of service<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000618.html ASA-201605-11] {{pkg|mplayer}} denial of service<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000617.html ASA-201605-10] {{pkg|mercurial}} arbitrary code execution<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000616.html ASA-201605-9] {{pkg|latex2rtf}} arbitrary code execution<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000615.html ASA-201605-8] {{pkg|gd}} arbitrary code execution<br />
* [05 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000614.html ASA-201605-7] {{pkg|chromium}} multiple issues<br />
* [05 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000613.html ASA-201605-6] {{pkg|imagemagick}} arbitrary code execution<br />
* [05 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000612.html ASA-201605-5] {{pkg|quassel-core}} denial of service<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000611.html ASA-201605-4] {{pkg|lib32-openssl}} multiple issues<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000610.html ASA-201605-3] {{pkg|openssl}} multiple issues<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000609.html ASA-201605-2] {{pkg|jasper}} multiple issues<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000608.html ASA-201605-1] {{pkg|imlib2}} multiple issues<br />
<br />
=== April 2016 ===<br />
<br />
* [30 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000607.html ASA-201604-15] {{pkg|firefox}} multiple issues<br />
* [23 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000606.html ASA-201604-14] {{pkg|squid}} multiple issues<br />
* [23 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000605.html ASA-201604-13] {{pkg|samba}} multiple issues<br />
* [23 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000604.html ASA-201604-12] {{pkg|thunderbird}} multiple issues<br />
* [22 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000603.html ASA-201604-11] {{pkg|pgpdump}} denial of service<br />
* [17 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000602.html ASA-201604-10] {{pkg|chromium}} multiple issues<br />
* [17 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000601.html ASA-201604-9] {{pkg|libtasn1}} denial of service<br />
* [14 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000600.html ASA-201604-8] {{pkg|lhasa}} arbitrary code execution<br />
* [10 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000599.html ASA-201604-7] {{pkg|flashplugin}} arbitrary code execution<br />
* [06 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000598.html ASA-201604-6] {{pkg|mercurial}} arbitrary code execution<br />
* [04 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000597.html ASA-201604-5] {{pkg|optipng}} arbitrary code execution<br />
* [02 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000596.html ASA-201604-4] {{pkg|squid}} denial of service<br />
* [01 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000595.html ASA-201604-3] {{pkg|jre7-openjdk-headless}} sandbox escape<br />
* [01 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000594.html ASA-201604-2] {{pkg|jre7-openjdk}} sandbox escape<br />
* [01 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000593.html ASA-201604-1] {{pkg|jdk7-openjdk}} sandbox escape<br />
<br />
=== March 2016 ===<br />
<br />
* [29 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000592.html ASA-201603-27] {{pkg|jre8-openjdk-headless}} sandbox escape<br />
* [29 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000591.html ASA-201603-26] {{pkg|jre8-openjdk}} sandbox escape<br />
* [29 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000590.html ASA-201603-25] {{pkg|jdk8-openjdk}} sandbox escape<br />
* [26 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000589.html ASA-201603-24] {{pkg|chromium}} multiple issues<br />
* [24 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000588.html ASA-201603-23] {{pkg|expat}} arbitrary code execution<br />
* [24 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000587.html ASA-201603-22] {{pkg|botan}} multiple issues<br />
* [20 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000586.html ASA-201603-21] {{pkg|thunderbird}} multiple issues<br />
* [20 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000585.html ASA-201603-20] {{pkg|git}} remote command execution<br />
* [14 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000584.html ASA-201603-19] {{pkg|dropbear}} command injection<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000583.html ASA-201603-18] {{pkg|pcre}} arbitrary code execution<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000582.html ASA-201603-17] {{pkg|wireshark-gtk}} denial of service<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000581.html ASA-201603-16] {{pkg|wireshark-qt}} denial of service<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000580.html ASA-201603-15] {{pkg|wireshark-cli}} denial of service<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000579.html ASA-201603-14] {{pkg|pidgin-otr}} arbitrary code execution<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000578.html ASA-201603-13] {{pkg|bind}} denial of service<br />
* [11 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000577.html ASA-201603-12] {{pkg|openssh}} command injection<br />
* [11 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000576.html ASA-201603-11] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [11 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000575.html ASA-201603-10] {{pkg|flashplugin}} arbitrary code execution<br />
* [10 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000574.html ASA-201603-9] {{pkg|perl}} improper input validation<br />
* [10 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000573.html ASA-201603-8] {{pkg|exim}} privilege escalation<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000572.html ASA-201603-7] {{pkg|bind}} denial of service<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000571.html ASA-201603-6] {{pkg|libotr}} arbitrary code execution<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000570.html ASA-201603-5] {{pkg|chromium}} multiple issues<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000569.html ASA-201603-4] {{pkg|firefox}} multiple issues<br />
* [7 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000568.html ASA-201603-3] {{pkg|lib32-openssl}} multiple issues<br />
* [7 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000567.html ASA-201603-2] {{pkg|openssl}} multiple issues<br />
* [3 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000566.html ASA-201603-1] {{pkg|chromium}} multiple issues<br />
<br />
=== February 2016 ===<br />
<br />
* [28 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000565.html ASA-201602-24] {{pkg|cacti}} SQL injection<br />
* [28 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000564.html ASA-201602-23] {{pkg|lib32-glibc}} unbound stack usage<br />
* [28 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000563.html ASA-201602-22] {{pkg|glibc}} unbound stack usage<br />
* [25 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000562.html ASA-201602-21] {{pkg|lib32-libssh2}} man-in-the-middle<br />
* [25 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000561.html ASA-201602-20] {{pkg|libssh2}} man-in-the-middle<br />
* [24 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000560.html ASA-201602-19] {{pkg|libgcrypt}} secret key extraction<br />
* [23 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000559.html ASA-201602-18] {{pkg|libssh}} man-in-the-middle<br />
* [21 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000558.html ASA-201602-17] {{pkg|chromium}} multiple issues<br />
* [21 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000557.html ASA-201602-16] {{pkg|thunderbird}} multiple issues<br />
* [17 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000555.html ASA-201602-15] {{pkg|lib32-glibc}} multiple issues<br />
* [17 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000554.html ASA-201602-14] {{pkg|glibc}} multiple issues<br />
* [13 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000553.html ASA-201602-13] {{pkg|nghttp2}} denial of service<br />
* [13 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000552.html ASA-201602-12] {{pkg|firefox}} same-origin policy bypass<br />
* [10 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000551.html ASA-201602-11] {{pkg|botan}} multiple issues<br />
* [10 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000550.html ASA-201602-10] {{pkg|kscreenlocker}} access restriction bypass<br />
* [6 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000549.html ASA-201602-9] {{pkg|lib32-libsndfile}} multiple issues<br />
* [6 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000548.html ASA-201602-8] {{pkg|libsndfile}} multiple issues<br />
* [4 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000547.html ASA-201602-7] {{pkg|libbsd}} denial of service<br />
* [3 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000546.html ASA-201602-6] {{pkg|lib32-nettle}} improper cryptographic calculations<br />
* [3 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000545.html ASA-201602-5] {{pkg|nettle}} improper cryptographic calculations<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000544.html ASA-201602-4] {{pkg|lib32-curl}} man-in-the-middle<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000543.html ASA-201602-3] {{pkg|curl}} man-in-the-middle<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000542.html ASA-201602-2] {{pkg|python2-django}} permission bypass<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000540.html ASA-201602-1] {{pkg|python-django}} permission bypass<br />
<br />
=== January 2016 ===<br />
* [29 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000539.html ASA-201601-33] {{pkg|lib32-openssl}} man-in-the-middle<br />
* [29 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000538.html ASA-201601-32] {{pkg|openssl}} man-in-the-middle<br />
* [27 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000536.html ASA-201601-31] {{pkg|nginx}} denial of service<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000535.html ASA-201601-30] {{pkg|blueman}} privilege escalation<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000534.html ASA-201601-29] {{pkg|mbedtls}} man-in-the-middle<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000533.html ASA-201601-28] {{pkg|chromium}} multiple issues<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000532.html ASA-201601-27] {{pkg|privoxy}} denial of service<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000531.html ASA-201601-26] {{pkg|linux-lts}} privilege escalation<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000530.html ASA-201601-25] {{pkg|ecryptfs-utils}} privilege escalation<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000529.html ASA-201601-24] {{pkg|python2-rsa}} signature forgery<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000528.html ASA-201601-23] {{pkg|python-rsa}} signature forgery<br />
* [21 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000527.html ASA-201601-22] {{pkg|libdwarf}} denial of service<br />
* [21 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000526.html ASA-201601-21] {{pkg|bind}} denial of service<br />
* [20 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000525.html ASA-201601-20] {{pkg|linux}} privilege escalation<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000524.html ASA-201601-19] {{pkg|ntp}} time alteration<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000523.html ASA-201601-18] {{pkg|roundcubemail}} remote code execution<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000522.html ASA-201601-17] {{pkg|ffmpeg}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000521.html ASA-201601-16] {{pkg|syncthing}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000520.html ASA-201601-15] {{pkg|keybase}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000519.html ASA-201601-14] {{pkg|hub}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000518.html ASA-201601-13] {{pkg|go-ipfs}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000517.html ASA-201601-12] {{pkg|docker}} information leakage<br />
* [16 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000516.html ASA-201601-11] {{pkg|go}} information leakage<br />
* [14 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000515.html ASA-201601-10] {{pkg|php}} multiple issues<br />
* [14 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000512.html ASA-201601-9] {{pkg|openssh}} multiple issues<br />
* [13 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000487.html ASA-201601-8] {{pkg|libxslt}} denial of service<br />
* [11 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000486.html ASA-201601-7] {{pkg|dhcpcd}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000485.html ASA-201601-6] {{pkg|wireshark-qt}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000484.html ASA-201601-5] {{pkg|wireshark-gtk}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000483.html ASA-201601-4] {{pkg|wireshark-cli}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000482.html ASA-201601-3] {{pkg|gajim}} man-in-the-middle<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000481.html ASA-201601-2] {{pkg|wordpress}} cross-side scripting<br />
* [02 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000480.html ASA-201601-1] {{pkg|rtmpdump}} multiple issues<br />
<br />
=== December 2015 ===<br />
<br />
* [28 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000479.html ASA-201512-19] {{pkg|openvpn}} out-of-bound read<br />
* [28 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000478.html ASA-201512-18] {{pkg|libpng}} buffer overflow<br />
* [28 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000477.html ASA-201512-17] {{pkg|flashplugin}}, {{pkg|lib32-flashplugin}} multiple issues<br />
* [25 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000476.html ASA-201512-16] {{pkg|nghttp2}} use-after-free<br />
* [25 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000475.html ASA-201512-15] {{pkg|mediawiki}} multiple issues<br />
* [25 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000474.html ASA-201512-14] {{pkg|thunderbird}} multiple issues<br />
* [22 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000473.html ASA-201512-13] {{pkg|claws-mail}} buffer overflow<br />
* [17 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000472.html ASA-201512-12] {{pkg|python2-pyamf}} XML external entity injection<br />
* [17 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000471.html ASA-201512-11] {{pkg|ruby}} unsafe tainted string usage<br />
* [16 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000468.html ASA-201512-10] {{pkg|bind}} denial of service<br />
* [15 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000467.html ASA-201512-9] {{pkg|firefox}} multiple issues<br />
* [10 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000466.html ASA-201512-8] {{pkg|keepassx}} information disclosure<br />
* [09 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000465.html ASA-201512-7] {{pkg|flashplugin}} multiple issues<br />
* [09 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000464.html ASA-201512-6] {{pkg|libxml2}} multiple issues<br />
* [09 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000463.html ASA-201512-5] {{pkg|chromium}} multiple issues<br />
* [05 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000462.html ASA-201512-4] {{pkg|nodejs}} denial of service<br />
* [05 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000460.html ASA-201512-3] {{pkg|python-django}} {{pkg|python2-django}} information leakage<br />
* [05 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000459.html ASA-201512-2] {{pkg|openssl}} {{pkg|lib32-openssl}} multiple issues<br />
* [02 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000440.html ASA-201512-1] {{pkg|chromium}} multiple issues<br />
<br />
=== November 2015 ===<br />
<br />
* [18 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000439.html ASA-201511-11] {{pkg|jenkins}} multiple issues<br />
* [17 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000438.html ASA-201511-10] {{pkg|lib32-libpng}} multiple issues<br />
* [17 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000437.html ASA-201511-9] {{pkg|libpng}} multiple issues<br />
* [13 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000436.html ASA-201511-8] {{pkg|chromium}} information leakage<br />
* [12 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000435.html ASA-201511-7] {{pkg|putty}} arbitrary code execution<br />
* [12 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000434.html ASA-201511-6] {{pkg|powerdns}} denial of service<br />
* [11 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000433.html ASA-201511-5] {{pkg|flashplugin}} multiple issues<br />
* [06 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000432.html ASA-201511-4] {{pkg|nspr}} arbitrary code execution<br />
* [06 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000431.html ASA-201511-3] {{pkg|nss}} arbitrary code execution<br />
* [04 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000430.html ASA-201511-2] {{pkg|firefox}} multiple issues<br />
* [03 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000429.html ASA-201511-1] {{pkg|unzip}} multiple issues<br />
<br />
=== October 2015 ===<br />
<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000428.html ASA-201510-26] {{pkg|mariadb}} denial of service<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000427.html ASA-201510-25] {{pkg|lldpd}} denial of service<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000426.html ASA-201510-24] {{pkg|wordpress}} multiple issues<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000425.html ASA-201510-23] {{pkg|phpmyadmin}} content spoofing<br />
* [27 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000424.html ASA-201510-22] {{pkg|vorbis-tools}} denial of service<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000423.html ASA-201510-21] {{pkg|drupal}} open redirect<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000422.html ASA-201510-20] {{pkg|jre8-openjdk-headless}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000421.html ASA-201510-19] {{pkg|jre8-openjdk}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000420.html ASA-201510-18] {{pkg|jdk8-openjdk}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000419.html ASA-201510-17] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000418.html ASA-201510-16] {{pkg|jre7-openjdk}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000417.html ASA-201510-15] {{pkg|jdk7-openjdk}} multiple issues<br />
* [22 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000416.html ASA-201510-14] {{pkg|ntp}} multiple issues<br />
* [19 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000415.html ASA-201510-13] {{pkg|spice}} multiple issues<br />
* [18 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000414.html ASA-201510-12] {{pkg|flashplugin}} arbitrary code execution<br />
* [18 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000413.html ASA-201510-11] {{pkg|miniupnpc}} arbitrary code execution<br />
* [16 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000412.html ASA-201510-10] {{pkg|firefox}} cross-origin restriction bypass<br />
* [15 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000411.html ASA-201510-9] {{pkg|mbedtls}} arbitrary code execution<br />
* [14 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000410.html ASA-201510-8] {{pkg|chromium}} multiple issues<br />
* [14 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000409.html ASA-201510-7] {{pkg|flashplugin}} multiple issues<br />
* [10 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000408.html ASA-201510-6] {{pkg|gdk-pixbuf2}} multiple issues<br />
* [08 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000407.html ASA-201510-5] {{pkg|opensmtpd}} multiple issues<br />
* [08 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000406.html ASA-201510-4] {{pkg|bugzilla}} unauthorized account creation<br />
* [05 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000405.html ASA-201510-3] {{pkg|nodejs}} denial of service<br />
* [05 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000404.html ASA-201510-2] {{pkg|hostapd}} denial of service<br />
* [05 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000403.html ASA-201510-1] {{pkg|libunwind}} denial of service<br />
<br />
=== September 2015 ===<br />
* [28 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000401.html ASA-201509-11] {{pkg|chromium}} cross-origin bypass<br />
* [25 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000400.html ASA-201509-10] {{pkg|rpcbind}} denial of service<br />
* [23 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000399.html ASA-201509-9] {{pkg|firefox}} multiple issues<br />
* [22 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000398.html ASA-201509-8] {{pkg|flashplugin}} multiple issues<br />
* [21 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000397.html ASA-201509-7] {{pkg|wordpress}} multiple issues<br />
* [13 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000395.html ASA-201509-6] {{pkg|icedtea-web}} multiple issues<br />
* [13 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000394.html ASA-201509-5] {{pkg|libvdpau}} {{pkg|lib32-libvdpau}} multiple issues<br />
* [13 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000393.html ASA-201509-4] {{pkg|openldap}} denial of service<br />
* [07 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000392.html ASA-201509-3] {{pkg|powerdns}} denial of service<br />
* [03 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000391.html ASA-201509-2] {{pkg|bind}} denial of service<br />
* [02 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000390.html ASA-201509-1] {{pkg|chromium}} multiple issues<br />
<br />
=== August 2015 ===<br />
* [28 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000389.html ASA-201508-12] {{pkg|firefox}} multiple issues<br />
* [26 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000388.html ASA-201508-11] {{pkg|pcre}} arbitrary code execution<br />
* [26 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000387.html ASA-201508-10] {{pkg|jasper}} denial of service<br />
* [25 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000386.html ASA-201508-9] {{pkg|django}} denial of service<br />
* [25 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000385.html ASA-201508-8] {{pkg|gnutls}} denial of service<br />
* [16 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000384.html ASA-201508-7] {{pkg|glibc}} denial of service<br />
* [14 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000383.html ASA-201508-6] {{pkg|freeradius}} insufficient CRL validation<br />
* [14 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000382.html ASA-201508-5] {{pkg|subversion}} authentication bypass<br />
* [12 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000381.html ASA-201508-4] {{pkg|firefox}} multiple issues<br />
* [11 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000380.html ASA-201508-3] {{pkg|ppp}} denial of service<br />
* [07 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000379.html ASA-201508-2] {{pkg|wordpress}} multiple issues<br />
* [07 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000378.html ASA-201508-1] {{pkg|firefox}} information leakage<br />
<br />
=== July 2015 ===<br />
* [29 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000377.html ASA-201507-23] {{pkg|pacman}} silent downgrade<br />
* [29 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000376.html ASA-201507-22] {{pkg|bind}} denial of service<br />
* [29 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000375.html ASA-201507-21] {{pkg|qemu}} multiple issues<br />
* [24 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000374.html ASA-201507-20] {{pkg|crypto++}} private key recovery<br />
* [24 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000373.html ASA-201507-19] {{pkg|libuser}} privilege escalation<br />
* [23 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000371.html ASA-201507-18] {{pkg|chromium}} multiple issues<br />
* [23 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000372.html ASA-201507-17] {{pkg|openssh}} authentication limits bypass<br />
* [22 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000370.html ASA-201507-16] {{pkg|jre7-openjdk}} multiple issues<br />
* [17 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000369.html ASA-201507-15] {{pkg|apache}} multiple issues<br />
* [16 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000368.html ASA-201507-14] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [16 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000367.html ASA-201507-13] {{pkg|flashplugin}} arbitrary code execution<br />
* [13 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000366.html ASA-201507-12] {{pkg|lib32-openssl}} man-in-the-middle<br />
* [12 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000365.html ASA-201507-11] {{pkg|lib32-krb5}} multiple issues<br />
* [12 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000364.html ASA-201507-10] {{pkg|krb5}} multiple issues<br />
* [11 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000363.html ASA-201507-9] {{pkg|thunderbird}} multiple issues<br />
* [09 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000362.html ASA-201507-8] {{pkg|openssl}} man-in-the-middle<br />
* [08 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000361.html ASA-201507-7] {{pkg|flashplugin}} remote code execution<br />
* [07 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000360.html ASA-201507-6] {{pkg|bind}} denial of service<br />
* [07 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000359.html ASA-201507-5] {{pkg|ntp}} denial of service<br />
* [04 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000358.html ASA-201507-4] {{pkg|openssh}} XSECURITY restrictions bypass<br />
* [04 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000357.html ASA-201507-3] {{pkg|haproxy}} information leakage<br />
* [03 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000356.html ASA-201507-2] {{pkg|firefox}} remote code execution<br />
* [03 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000355.html ASA-201507-1] {{pkg|wesnoth}} information leakage<br />
<br />
=== June 2015 ===<br />
* [24 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000346.html ASA-201506-5] {{pkg|flashplugin}} remote code execution<br />
* [22 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000345.html ASA-201506-4] {{pkg|curl}} information leakage<br />
* [12 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000344.html ASA-201506-3] {{pkg|openssl}} multiple issues<br />
* [10 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000343.html ASA-201506-2] {{pkg|cups}} multiple issues<br />
* [01 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000342.html ASA-201506-1] {{pkg|pcre}} buffer overflow<br />
<br />
=== May 2015 ===<br />
* [28 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000341.html ASA-201505-20] {{pkg|curl}} information leakage<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000340.html ASA-201505-19] {{pkg|webkitgtk2}} man-in-the-middle<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000339.html ASA-201505-18] {{pkg|webkitgtk}} man-in-the-middle<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000338.html ASA-201505-17] {{pkg|postgresql}} multiple issues<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000337.html ASA-201505-16] {{pkg|pgbouncer}} denial of service<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000336.html ASA-201505-15] {{pkg|nbd}} denial of service<br />
* [21 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000335.html ASA-201505-14] {{pkg|chromium}} multiple issues<br />
* [18 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000332.html ASA-201505-13] {{pkg|thunderbird}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000331.html ASA-201505-12] {{pkg|wireshark-gtk}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000330.html ASA-201505-11] {{pkg|wireshark-qt}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000329.html ASA-201505-10] {{pkg|wireshark-cli}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000328.html ASA-201505-9] {{pkg|qemu}} arbitrary code execution<br />
* [13 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000321.html ASA-201505-8] {{pkg|tomcat6}} denial of service<br />
* [13 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000320.html ASA-201505-7] {{pkg|firefox}} multiple issues<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000319.html ASA-201505-6] {{pkg|docker}} multiple issues<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000318.html ASA-201505-5] {{pkg|libtasn1}} arbitrary code execution<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000317.html ASA-201505-4] {{pkg|mariadb-clients}} multiple issues<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000316.html ASA-201505-3] {{pkg|mariadb}} multiple issues<br />
* [03 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000315.html ASA-201505-2] {{pkg|clamav}} multiple issues<br />
* [01 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000314.html ASA-201505-1] {{pkg|squid}} weak certificate validation<br />
<br />
=== Apr 2015 ===<br />
* [30 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000313.html ASA-201504-32] {{pkg|perl-xml-libxml}} xml external entity injection<br />
* [29 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000312.html ASA-201504-31] {{pkg|dovecot}} denial of service<br />
* [29 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000311.html ASA-201504-30] {{pkg|chromium}} multiple issues<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000310.html ASA-201504-29] {{pkg|wpa_supplicant}} arbitrary code execution<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000309.html ASA-201504-28] {{pkg|curl}} multiple issues<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000308.html ASA-201504-27] {{pkg|powerdns-recursor}} denial of service<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000307.html ASA-201504-26] {{pkg|powerdns}} denial of service<br />
* [23 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000305.html ASA-201504-25] {{pkg|glibc}} arbitrary code execution<br />
* [22 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000304.html ASA-201504-24] {{pkg|firefox}} arbitrary code execution<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000302.html ASA-201504-23] {{pkg|jre8-openjdk-headless}} multiple issues<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000301.html ASA-201504-22] {{pkg|jre8-openjdk}} multiple issues<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000300.html ASA-201504-21] {{pkg|jdk8-openjdk}} multiple issues<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000299.html ASA-201504-20] {{pkg|tcpdump}} denial of service<br />
* [18 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000298.html ASA-201504-19] {{pkg|chromium}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000297.html ASA-201504-18] {{pkg|flashplugin}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000296.html ASA-201504-17] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000295.html ASA-201504-16] {{pkg|jre7-openjdk}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000294.html ASA-201504-15] {{pkg|jdk7-openjdk}} multiple issues<br />
* [15 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000291.html ASA-201504-14] {{pkg|php}} multiple issues<br />
* [14 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000282.html ASA-201504-13] {{pkg|ruby}} permissive certificate matching<br />
* [11 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000281.html ASA-201504-12] {{pkg|icecast}} denial of service<br />
* [10 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000280.html ASA-201504-11] {{pkg|mediawiki}} multiple issues<br />
* [09 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000279.html ASA-201504-10] {{pkg|libssh2}} out-of-bounds read<br />
* [08 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000278.html ASA-201504-9] {{pkg|chrony}} denial of service<br />
* [08 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000275.html ASA-201504-8] {{pkg|ntp}} multiple issues<br />
* [07 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000274.html ASA-201504-7] {{pkg|tor}} multiple issues<br />
* [04 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000272.html ASA-201504-6] {{pkg|thunderbird}} multiple issues<br />
* [04 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000273.html ASA-201504-5] {{pkg|java-batik}} xml external entity injection<br />
* [04 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000271.html ASA-201504-4] {{pkg|firefox}} certificate verification bypass<br />
* [03 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000270.html ASA-201504-3] {{pkg|libtasn1}} stack overflow<br />
* [02 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000269.html ASA-201504-2] {{pkg|chromium}} remote code execution<br />
* [01 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000268.html ASA-201504-1] {{pkg|firefox}} multiple issues<br />
<br />
=== Mar 2015 ===<br />
* [31 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000267.html ASA-201503-26] {{pkg|musl}} arbitrary code execution<br />
* [28 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000266.html ASA-201503-25] {{pkg|php}} zip integer overflow<br />
* [25 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000265.html ASA-201503-24] {{pkg|vorbis-tools}} denial of service<br />
* [24 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000264.html ASA-201503-23] {{pkg|util-linux}} command injection<br />
* [23 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000263.html ASA-201503-22] {{pkg|cpio}} directory traversal<br />
* [21 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000262.html ASA-201503-21] {{pkg|firefox}} multiple issues<br />
* [20 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000261.html ASA-201503-20] {{pkg|tcpdump}} multiple issues<br />
* [20 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000260.html ASA-201503-19] {{pkg|xerces-c}} denial of service<br />
* [20 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000259.html ASA-201503-18] {{pkg|drupal}} multiple issues<br />
* [19 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000258.html ASA-201503-17] {{pkg|lib32-openssl}} multiple issues<br />
* [19 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000257.html ASA-201503-16] {{pkg|openssl}} multiple issues<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000256.html ASA-201503-15] {{pkg|libxfont}} multiple issues<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000255.html ASA-201503-14] {{pkg|ecryptfs-utils}} hard-coded passphrase salt<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000254.html ASA-201503-13] {{pkg|ettercap-gtk}} multiple issues<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000253.html ASA-201503-12] {{pkg|ettercap}} multiple issues<br />
* [16 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000252.html ASA-201503-11] {{pkg|flashplugin}} multiple issues<br />
* [16 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000251.html ASA-201503-10] {{pkg|librsync}} checksum collision<br />
* [15 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000250.html ASA-201503-9] {{pkg|unzip}} arbitrary code execution<br />
* [12 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000249.html ASA-201503-8] {{pkg|e2fsprogs}} arbitrary code execution<br />
* [11 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000248.html ASA-201503-7] {{pkg|python2-django}} {{pkg|python-django}} cross site scripting<br />
* [09 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000247.html ASA-201503-6] {{pkg|mutt}} denial of service<br />
* [05 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000245.html ASA-201503-5] {{pkg|chromium}} multiple issues<br />
* [05 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000244.html ASA-201503-4] {{pkg|grep}} denial of service<br />
* [02 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000243.html ASA-201503-3] {{pkg|lib32-elfutils}} directory traversal<br />
* [02 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000242.html ASA-201503-2] {{pkg|elfutils}} directory traversal<br />
* [02 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000241.html ASA-201503-1] {{pkg|putty}} information disclosure<br />
<br />
=== Feb 2015 ===<br />
* [25 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000238.html ASA-201502-15] {{pkg|thunderbird}} multiple issues<br />
* [25 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000237.html ASA-201502-14] {{pkg|firefox}} multiple issues<br />
* [23 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000236.html ASA-201502-13] {{pkg|samba}} arbitrary code execution<br />
* [17 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000235.html ASA-201502-12] {{pkg|krb5}} multiple issues<br />
* [11 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000234.html ASA-201502-11] {{pkg|xorg-server}} information leak and denial of service<br />
* [10 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000233.html ASA-201502-10] {{pkg|dbus}} denial of service<br />
* [09 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000232.html ASA-201502-9] {{pkg|pigz}} remote write to arbitrary file<br />
* [09 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000231.html ASA-201502-8] {{pkg|glibc}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000230.html ASA-201502-7] {{pkg|ntp}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000229.html ASA-201502-6] {{pkg|clamav}} arbitrary code execution<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000228.html ASA-201502-5] {{pkg|chromium}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000227.html ASA-201502-4] {{pkg|postgresql}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000226.html ASA-201502-3] {{pkg|mantisbt}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000225.html ASA-201502-2] {{pkg|flashplugin}} remote code execution<br />
* [03 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000224.html ASA-201502-1] {{pkg|privoxy}} denial of service<br />
<br />
=== Jan 2015 ===<br />
* [28 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000223.html ASA-201501-24] {{pkg|patch}} multiple issues<br />
* [27 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000222.html ASA-201501-23] {{pkg|jasper}} arbitrary code execution<br />
* [26 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000220.html ASA-201501-22] {{pkg|flashplugin}} multiple issues<br />
* [25 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000219.html ASA-201501-21] {{pkg|chromium}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000218.html ASA-201501-20] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000217.html ASA-201501-19] {{pkg|jre7-openjdk}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000216.html ASA-201501-18] {{pkg|jdk7-openjdk}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000215.html ASA-201501-17] {{pkg|php}} remote code execution<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000212.html ASA-201501-16] {{pkg|jre8-openjdk-headless}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000211.html ASA-201501-15] {{pkg|jre8-openjdk}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000210.html ASA-201501-14] {{pkg|jdk8-openjdk}} multiple issues<br />
* [20 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000209.html ASA-201501-13] {{pkg|polarssl}} remote code execution<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000208.html ASA-201501-12] {{pkg|libssh}} denial of service<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000207.html ASA-201501-11] {{pkg|tinyproxy}} denial of service<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000206.html ASA-201501-10] {{pkg|samba}} privilege elevation<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000205.html ASA-201501-9] {{pkg|curl}} url request injection<br />
* [15 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000204.html ASA-201501-8] {{pkg|flashplugin}} multiple issues<br />
* [14 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000203.html ASA-201501-7] {{pkg|thunderbird}} multiple issues<br />
* [14 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000202.html ASA-201501-6] {{pkg|firefox}} multiple issues<br />
* [14 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000201.html ASA-201501-5] {{pkg|cpio}} heap buffer overflow<br />
* [13 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000200.html ASA-201501-4] {{pkg|libevent}} heap overflow<br />
* [10 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000199.html ASA-201501-3] {{pkg|unzip}} arbitrary code execution<br />
* [09 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000198.html ASA-201501-2] {{pkg|openssl}} multiple issues<br />
* [07 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000192.html ASA-201501-1] {{pkg|imagemagick}} multiple issues<br />
<br />
=== Dec 2014 ===<br />
* [22 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000189.html ASA-201412-24] {{pkg|ntp}} multiple issues<br />
* [18 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000183.html ASA-201412-23] {{pkg|php}} use after free<br />
* [18 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000182.html ASA-201412-22] {{pkg|jasper}} arbitrary code execution<br />
* [18 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000181.html ASA-201412-21] {{pkg|glibc}} arbitrary code execution<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000178.html ASA-201412-20] {{pkg|unrtf}} arbitrary code execution<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000177.html ASA-201412-19] {{pkg|dokuwiki}} cross-site scripting<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000176.html ASA-201412-18] {{pkg|nss}} signature forgery<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000175.html ASA-201412-17] {{pkg|subversion}} denial of service<br />
* [15 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000174.html ASA-201412-16] {{pkg|docker}} multiple issues<br />
* [15 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000173.html ASA-201412-15] {{pkg|python2}} multiple issues<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000172.html ASA-201412-14] {{pkg|xorg-server}} multiple issues<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000171.html ASA-201412-13] {{pkg|flashplugin}} multiple issues<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000170.html ASA-201412-12] {{pkg|nvidia}} arbitrary code execution<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000169.html ASA-201412-11] {{pkg|nvidia-340xx}} arbitrary code execution<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000168.html ASA-201412-10] {{pkg|nvidia-304xx}} arbitrary code execution<br />
* [09 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000167.html ASA-201412-9] {{pkg|powerdns-recursor}} denial of service<br />
* [09 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000166.html ASA-201412-8] {{pkg|unbound}} denial of service<br />
* [08 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000165.html ASA-201412-7] {{pkg|bind}} denial of service<br />
* [08 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000164.html ASA-201412-6] {{pkg|mantisbt}} multiple issues<br />
* [04 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000163.html ASA-201412-5] {{pkg|antiword}} buffer overflow<br />
* [03 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000162.html ASA-201412-4] {{pkg|graphviz}} format string vulnerability<br />
* [03 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000161.html ASA-201412-3] {{pkg|firefox}} multiple issues<br />
* [02 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000160.html ASA-201412-2] {{pkg|openvpn}} denial of service<br />
* [01 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000159.html ASA-201412-1] {{pkg|gnupg}} denial of service<br />
<br />
=== Nov 2014 ===<br />
* [28 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000156.html ASA-201411-31] {{pkg|libksba}} denial of service<br />
* [28 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000157.html ASA-201411-32] {{pkg|icecast}} information leak<br />
* [28 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000158.html ASA-201411-33] {{pkg|libjpeg-turbo}} denial of service <br />
* [26 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000155.html ASA-201411-30] {{pkg|flac}} arbitrary code execution<br />
* [26 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000154.html ASA-201411-29] {{pkg|pcre}} heap buffer overflow<br />
* [23 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000153.html ASA-201411-28] {{pkg|dbus}} denial of service<br />
* [21 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000152.html ASA-201411-27] {{pkg|glibc}} command execution<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000151.html ASA-201411-26] {{pkg|chromium}} multiple issues<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000150.html ASA-201411-25] {{pkg|drupal}} session hijacking and denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000149.html ASA-201411-24] {{pkg|wireshark-qt}} denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000148.html ASA-201411-23] {{pkg|wireshark-gtk}} denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000147.html ASA-201411-22] {{pkg|wireshark-cli}} denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000146.html ASA-201411-21] {{pkg|clamav}} denial of service<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000145.html ASA-201411-20] {{pkg|avr-binutils}} multiple issues<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000144.html ASA-201411-19] {{pkg|mingw-w64-binutils}} multiple issues<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000143.html ASA-201411-18] {{pkg|arm-none-eabi-binutils}} multiple issues<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000142.html ASA-201411-17] {{pkg|binutils}} multiple issues<br />
* [17 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000141.html ASA-201411-16] {{pkg|ruby}} denial of service<br />
* [17 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000140.html ASA-201411-15] {{pkg|linux-lts}} local denial of service, privilege escalation<br />
* [17 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000139.html ASA-201411-14] {{pkg|linux}} local denial of service, privilege escalation<br />
* [13 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000138.html ASA-201411-13] {{pkg|php}} denial of service<br />
* [13 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000137.html ASA-201411-12] {{pkg|imagemagick}} denial of service<br />
* [13 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000136.html ASA-201411-11] {{pkg|flashplugin}} remote code execution<br />
* [12 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000135.html ASA-201411-10] {{pkg|gnutls}} out-of-bounds memory write<br />
* [12 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000134.html ASA-201411-9] {{pkg|file}} denial of service through out-of-bounds read<br />
* [12 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000133.html ASA-201411-8] {{pkg|mantisbt}} arbitrary code execution and unrestricted access<br />
* [11 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000132.html ASA-201411-7] {{pkg|curl}} out-of-bounds read<br />
* [10 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000131.html ASA-201411-6] {{pkg|kdebase-workspace}} local privilege escalation<br />
* [09 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000130.html ASA-201411-5] {{pkg|konversation}} denial of service<br />
* [06 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000129.html ASA-201411-4] {{pkg|polarssl}} multiple issues<br />
* [05 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000128.html ASA-201411-3] {{pkg|mantisbt}} sql injection<br />
* [03 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000127.html ASA-201411-2] {{pkg|aircrack-ng}} multiple vulnerabilities<br />
* [01 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000126.html ASA-201411-1] {{pkg|tnftp}} arbitrary command execution<br />
<br />
=== Oct 2014 ===<br />
<br />
* [29 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000125.html ASA-201410-14] {{pkg|wget}} arbitrary filesystem access<br />
* [27 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000124.html ASA-201410-13] {{pkg|ejabberd}} circumvention of encryption<br />
* [24 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000123.html ASA-201410-12] {{pkg|libxml2}} Denial of service<br />
* [24 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000122.html ASA-201410-11] {{pkg|ctags}} Denial of service<br />
* [23 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000121.html ASA-201410-10] {{pkg|libvncserver}} Remote code execution and Remote DoS<br />
* [22 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000120.html ASA-201410-9] {{pkg|libpurple}} Remote DoS and Information leakage<br />
* [20 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000119.html ASA-201410-8] {{pkg|wpa_supplicant}}, {{pkg|hostapd}} Arbitrary command execution<br />
* [16 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000118.html ASA-201410-7] {{pkg|drupal}} SQL Injection<br />
* [16 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000117.html ASA-201410-6] {{pkg|openssl}} Memory leak and poodle mitigation<br />
* [15 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000116.html ASA-201410-4] {{pkg|zeromq}} Man-in-the-middle downgrade and replay attack<br />
* [8 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000115.html ASA-201410-5] {{pkg|rsyslog}} Denial of service<br />
* [4 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000114.html ASA-201410-3] {{pkg|mediawiki}} Cross-site Scripting (XSS) and UI redressing<br />
* [2 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000113.html ASA-201410-2] {{pkg|jenkins}} Multiple issues<br />
* [1 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000112.html ASA-201410-1] {{pkg|rsyslog}} Remote denial of service<br />
<br />
=== Sep 2014 ===<br />
<br />
* [29 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000111.html ASA-201409-5] {{pkg|libvirt}} Out-of-bounds read access<br />
* [29 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000109.html ASA-201409-4] {{pkg|mediawiki}} Cross-site Scripting (XSS)<br />
* [26 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000102.html ASA-201409-3] {{pkg|python2}} Information leakage through integer overflow<br />
* [26 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000099.html ASA-201409-2] {{pkg|bash}} Remote code execution<br />
* [25 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000097.html ASA-201409-1] {{pkg|nss}} Signature forgery attack<br />
<br />
==Publishing a new advisory==<br />
<br />
We try to always wait for the vulnerability to have been fixed in the corresponding package before issuing an advisory.<br />
In case of an extremely critical vulnerability,<br />
we may issue an advisory before the package has been fixed, but only if a work-around exists. <br />
<br />
If you want to publish a new advisory, please check that:<br />
* the corresponding Arch Linux package is really vulnerable ;<br />
* the tracking [[Arch_CVE_Monitoring_Team#Procedure|Procedure]] has been completed;<br />
* no Arch Linux Security Advisory for this vulnerability has been published yet ;<br />
* no upcoming Security Advisory for this vulnerability has been claimed in the "[[#Scheduled Advisories|Scheduled Advisories]]" list of this page, as it would mean that someone is already working on an advisory ;<br />
* the current maintainer has been notified, either by flagging the package ouf-of-date if an upstream release fixing the issue exists and/or by creating a new [https://bugs.archlinux.org/ bug-tracker] entry (see the exact procedure [[Arch_CVE_Monitoring_Team#Procedure|here]]).<br />
<br />
You may then:<br />
* add a line in the "[[#Scheduled Advisories|Scheduled Advisories]]" list of this page, indicating that you are going to publish an advisory soon ;<br />
* use the following template as an example to write the advisory ;<br />
* ensure that every line in the advisory is properly wrapped after 72 characters<br />
* send the advisory to the [https://mailman.archlinux.org/mailman/listinfo/arch-security arch-security] mailing-list (note that it would be nice if you could send a PGP-signed e-mail, but it is not required).<br />
* move the published advisory from "[[#Scheduled Advisories|Scheduled Advisories]]" to "[[#Recent Advisories|Recent Advisories]]"<br />
* adapt the [[CVE#Documented_CVE.27s|CVE]] tracking page for the fixed package and add a link to the appropriate ASA.<br />
<br />
===Templates===<br />
<br />
{{bc|<nowiki><br />
Subject:<br />
[ASA-<YYYYMM-N>] <Package>: <Vulnerability Type><br />
<br />
Body:<br />
Arch Linux Security Advisory ASA-YYYYMM-N<br />
=========================================<br />
<br />
Severity: Low, Medium, High, Critical<br />
Date : YYYY-MM-DD<br />
CVE-ID : <CVE-ID><br />
Package : <package><br />
Type : <Vulnerability Type><br />
Remote : <Yes/No><br />
Link : https://wiki.archlinux.org/index.php/CVE<br />
<br />
Summary<br />
=======<br />
<br />
The package <package> before version <Arch Linux fixed version> is vulnerable to <Vulnerability type>.<br />
<br />
Resolution<br />
==========<br />
<br />
Upgrade to <Arch Linux fixed version>.<br />
<br />
# pacman -Syu "<package>>=<Arch Linux fixed version>"<br />
<br />
The problem has been fixed upstream in version <upstream fixed version>.<br />
<br />
Workaround<br />
==========<br />
<br />
<Is there a way to mitigate this vulnerability without upgrading?><br />
<br />
Description<br />
===========<br />
<br />
<Long description, for example from original advisory>.<br />
<br />
Impact<br />
======<br />
<br />
<<br />
What is it that an attacker can do? Does this need existing<br />
pre-conditions to be exploited (valid credentials, physical access)?<br />
Is this remotely exploitable?<br />
>.<br />
<br />
References<br />
==========<br />
<br />
<CVE-Link><br />
<Upstream report><br />
<Arch Linux Bug-Tracker><br />
</nowiki>}}<br />
<br />
===Vim-Snippet===<br />
<br />
Vim-Snippet for vim-ultisnips plugin for easy completing the archlinux template. Just install {{pkg|vim-ultisnips}} and copy the text below in your {{ic|~/.vim/UltiSnips/all.snippets}} you can jump through the tabstops with {{ic|CTRL+j}}.<br />
<br />
{{bc|<nowiki><br />
snippet archsec "arch security form" <br />
Arch Linux Security Advisory ASA-`date -I -u | egrep -o '[0-9]{4}'``date -I -u | egrep -o '[0-9]{2}' | sed '3q;d'`-${1}<br />
========================================${1/./=/g} <br />
<br />
Severity: ${2} <br />
Date : `date -I -u` <br />
CVE-ID : $3 <br />
Package : $4 <br />
Type : $5<br />
Remote : ${6} <br />
Link : https://wiki.archlinux.org/index.php/CVE <br />
<br />
Summary<br />
=======<br />
<br />
The package $4 before version $7 is vulnerable to $5 ${8} <br />
<br />
Resolution<br />
==========<br />
<br />
Upgrade to $7.<br />
<br />
# pacman -Syu "$4>=$7" <br />
<br />
${9:The problems have been fixed upstream in version ${7/-\d+$/./}} <br />
<br />
Workaround<br />
========== <br />
<br />
${10:None.} <br />
<br />
Description <br />
=========== <br />
<br />
${3/(CVE-....-....)(\s?)/- $1(?2: : )()\n\n/g} <br />
<br />
Impact<br />
====== <br />
<br />
A${6/(Yes)|(No)/(?1: remote )(?2: local )/}attacker is able to ${12} <br />
<br />
References<br />
========== <br />
<br />
${3/(CVE-....-....)(\s?)/https:\/\/access.redhat.com\/security\/cve\/$1\n/g}<br />
${13}<br />
endsnippet<br />
<br />
</nowiki>}}</div>
Anthraxx
https://wiki.archlinux.org/index.php?title=Security_Advisories&diff=458817
Security Advisories
2016-12-09T02:25:57Z
<p>Anthraxx: published jasper advisory</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
[[ja:セキュリティアドバイザリ]]<br />
{{Related articles start}}<br />
{{Related|Arch CVE Monitoring Team}}<br />
{{Related|CVE}}<br />
{{Related|Security Advisories/Examples}}<br />
{{Related articles end}}<br />
<br />
Security Advisories are published by the community driven [[Arch CVE Monitoring Team]] to the public [https://mailman.archlinux.org/mailman/listinfo/arch-security arch-security] list.<br />
All published advisories can be found below, however if you want to be up-to-date its recommended to subscribe to the [https://mailman.archlinux.org/mailman/listinfo/arch-security list]. All assigned CVE's are tracked at the relevant CVE page [[CVE]], by the [[Arch_CVE_Monitoring_Team|ACMT]].<br />
<br />
==Scheduled Advisories==<br />
<br />
==Recent Advisories==<br />
Here is an archive of security advisories posted to the [https://mailman.archlinux.org/mailman/listinfo/arch-security arch-security] list.<br />
<br />
=== December 2016 ===<br />
* [06 December 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-December/000785.html ASA-201612-9] {{pkg|jasper}} multiple issues<br />
* [06 December 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-December/000784.html ASA-201612-8] {{pkg|linux-zen}} privilege escalation<br />
* [06 December 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-December/000783.html ASA-201612-7] {{pkg|linux-lts}} privilege escalation<br />
* [06 December 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-December/000782.html ASA-201612-6] {{pkg|linux}} privilege escalation<br />
* [06 December 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-December/000781.html ASA-201612-5] {{pkg|linux-grsec}} privilege escalation<br />
* [02 December 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-December/000780.html ASA-201612-4] {{pkg|libdwarf}} multiple issues<br />
* [02 December 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-December/000779.html ASA-201612-3] {{pkg|chromium}} multiple issues<br />
* [01 December 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-December/000778.html ASA-201612-2] {{pkg|thunderbird}} arbitrary code execution<br />
* [01 December 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-December/000777.html ASA-201612-1] {{pkg|firefox}} multiple issues<br />
<br />
=== November 2016 ===<br />
* [30 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000776.html ASA-201611-29] {{pkg|neovim}} arbitrary command execution<br />
* [26 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000775.html ASA-201611-28] {{pkg|ntp}} multiple issues <br />
* [25 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000774.html ASA-201611-27] {{pkg|lib32-libtiff}} multiple issues<br />
* [25 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000773.html ASA-201611-26] {{pkg|libtiff}} multiple issues<br />
* [24 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000772.html ASA-201611-25] {{pkg|wireshark-cli}} multiple issues<br />
* [24 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000771.html ASA-201611-24] {{pkg|wireshark-qt}} multiple issues<br />
* [24 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000770.html ASA-201611-23] {{pkg|wireshark-gtk}} multiple issues<br />
* [23 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000769.html ASA-201611-22] {{pkg|tomcat6}} multiple issues<br />
* [21 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000768.html ASA-201611-21] {{pkg|slock}} access restriction bypass<br />
* [19 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000767.html ASA-201611-20] {{pkg|drupal}} multiple issues<br />
* [18 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000766.html ASA-201611-19] {{pkg|php}} arbitrary code execution<br />
* [18 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000765.html ASA-201611-18] {{pkg|w3m}} arbitrary code execution<br />
* [16 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000764.html ASA-201611-17] {{pkg|libgit2}} denial of service<br />
* [16 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000763.html ASA-201611-16] {{pkg|firefox}} multiple issues<br />
* [16 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000762.html ASA-201611-15] {{pkg|python-django}} multiple issues<br />
* [16 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000761.html ASA-201611-14] {{pkg|python2-django}} multiple issues<br />
* [14 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000760.html ASA-201611-13] {{pkg|shutter}} arbitrary code execution<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000759.html ASA-201611-12] {{pkg|lib32-gdk-pixbuf2}} arbitrary code execution<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000758.html ASA-201611-11] {{pkg|tar}} arbitrary file overwrite<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000757.html ASA-201611-10] {{pkg|lib32-libcurl-gnutls}} multiple issues<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000756.html ASA-201611-9] {{pkg|libcurl-gnutls}} multiple issues<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000755.html ASA-201611-8] {{pkg|libcurl-compat}} multiple issues<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000754.html ASA-201611-7] {{pkg|curl}} multiple issues<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000753.html ASA-201611-6] {{pkg|tomcat6}} proxy injection<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000752.html ASA-201611-5] {{pkg|lib32-libcurl-compat}} multiple issues<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000751.html ASA-201611-4] {{pkg|lib32-curl}} multiple issues<br />
* [01 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000750.html ASA-201611-3] {{pkg|bind}} denial of service<br />
* [01 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000749.html ASA-201611-2] {{pkg|libxml2}} arbitrary code execution<br />
* [01 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000748.html ASA-201611-1] {{pkg|memcached}} arbitrary code execution<br />
<br />
=== October 2016 ===<br />
* [26 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000747.html ASA-201610-19] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [26 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000746.html ASA-201610-18] {{pkg|flashplugin}} arbitrary code execution<br />
* [24 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000745.html ASA-201610-17] {{pkg|ocaml}} information disclosure<br />
* [24 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000744.html ASA-201610-16] {{pkg|linux-grsec}} privilege escalation<br />
* [23 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000743.html ASA-201610-15] {{pkg|chromium}} multiple issues<br />
* [22 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000742.html ASA-201610-14] {{pkg|linux}} privilege escalation<br />
* [21 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000741.html ASA-201610-13] {{pkg|python-django}} cross-site request forgery<br />
* [21 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000740.html ASA-201610-12] {{pkg|python2-django}} cross-site request forgery<br />
* [21 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000739.html ASA-201610-11] {{pkg|linux-lts}} privilege escalation<br />
* [16 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000738.html ASA-201610-10] {{pkg|guile}} multiple issues<br />
* [13 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000737.html ASA-201610-9] {{pkg|gdk-pixbuf2}} arbitrary code execution<br />
* [11 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000736.html ASA-201610-8] {{pkg|crypto++}} information disclosure<br />
* [09 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000735.html ASA-201610-7] {{pkg|wpa_supplicant}} multiple issues<br />
* [08 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000734.html ASA-201610-6] {{pkg|imagemagick}} multiple issues<br />
* [07 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000733.html ASA-201610-5] {{pkg|messagelib}} multiple issues<br />
* [07 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000732.html ASA-201610-4] {{pkg|kcoreaddons}} insufficient validation<br />
* [03 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000731.html ASA-201610-3] {{pkg|hostapd}} multiple issues<br />
* [03 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000730.html ASA-201610-2] {{pkg|systemd}} denial of service<br />
* [03 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000729.html ASA-201610-1] {{pkg|chromium}} arbitrary code execution<br />
<br />
=== September 2016 ===<br />
* [30 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000728.html ASA-201609-32] {{pkg|wordpress}} multiple issues<br />
* [30 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000727.html ASA-201609-31] {{pkg|c-ares}} arbitrary code execution<br />
* [28 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000726.html ASA-201609-30] {{pkg|openssl}} denial of service<br />
* [28 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000725.html ASA-201609-29] {{pkg|bind}} denial of service<br />
* [27 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000724.html ASA-201609-28] {{pkg|lib32-openssl}} denial of service<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000723.html ASA-201609-27] {{pkg|wireshark-cli}} denial of service<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000722.html ASA-201609-26] {{pkg|lib32-gnutls}} certificate verification bypass<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000721.html ASA-201609-25] {{pkg|gnutls}} certificate verification bypass<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000720.html ASA-201609-24] {{pkg|lib32-openssl}} multiple issues<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000719.html ASA-201609-23] {{pkg|openssl}} multiple issues<br />
* [22 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000718.html ASA-201609-22] {{pkg|firefox}} multiple issues<br />
* [22 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000717.html ASA-201609-21] {{pkg|tomcat7}} proxy injection<br />
* [22 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000716.html ASA-201609-20] {{pkg|irssi}} arbitrary code execution<br />
* [20 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000715.html ASA-201609-19] {{pkg|curl}} denial of service<br />
* [20 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000714.html ASA-201609-18] {{pkg|lib32-curl}} denial of service<br />
* [20 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000713.html ASA-201609-17] {{pkg|lib32-jansson}} denial of service<br />
* [18 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000712.html ASA-201609-16] {{pkg|php}} multiple issues<br />
* [17 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000711.html ASA-201609-15] {{pkg|jansson}} denial of service<br />
* [17 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000710.html ASA-201609-14] {{pkg|lib32-libgcrypt}} information disclosure<br />
* [17 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000709.html ASA-201609-13] {{pkg|chromium}} multiple issues<br />
* [15 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000708.html ASA-201609-12] {{pkg|lib32-flashplugin}} multiple issues<br />
* [15 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000707.html ASA-201609-11] {{pkg|flashplugin}} multiple issues<br />
* [14 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000706.html ASA-201609-10] {{pkg|mariadb}} multiple issues<br />
* [13 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000705.html ASA-201609-9] {{pkg|powerdns}} denial of service<br />
* [13 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000704.html ASA-201609-8] {{pkg|libtorrent-rasterbar}} denial of service<br />
* [10 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000703.html ASA-201609-7] {{pkg|tomcat8}} proxy injection<br />
* [09 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000702.html ASA-201609-6] {{pkg|graphicsmagick}} multiple issues<br />
* [09 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000701.html ASA-201609-5] {{pkg|file-roller}} directory traversal<br />
* [09 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000700.html ASA-201609-4] {{pkg|wordpress}} multiple issues<br />
* [04 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000699.html ASA-201609-3] {{pkg|thunderbird}} arbitrary code execution<br />
* [01 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000698.html ASA-201609-2] {{pkg|webkit2gtk}} multiple issues<br />
* [01 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000697.html ASA-201609-1] {{pkg|chromium}} multiple issues<br />
<br />
=== August 2016 ===<br />
* [30 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000696.html ASA-201608-22] {{pkg|mupdf}} arbitrary code execution<br />
* [30 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000695.html ASA-201608-21] {{pkg|mupdf}} arbitrary code execution<br />
* [27 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000694.html ASA-201608-20] {{pkg|wireshark-cli}} denial of service<br />
* [26 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000693.html ASA-201608-19] {{pkg|mediawiki}} multiple issues<br />
* [22 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000692.html ASA-201608-18] {{pkg|libgcrypt}} information disclosure<br />
* [21 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000691.html ASA-201608-17] {{pkg|linux-lts}} information disclosure<br />
* [17 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000690.html ASA-201608-16] {{pkg|chromium}} multiple issues<br />
* [17 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000689.html ASA-201608-15] {{pkg|linux-zen}} information disclosure<br />
* [14 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000688.html ASA-201608-14] {{pkg|postgresql}} multiple issues<br />
* [14 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000687.html ASA-201608-13] {{pkg|linux-grsec}} information disclosure<br />
* [14 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000686.html ASA-201608-12] {{pkg|linux}} information disclosure<br />
* [11 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000685.html ASA-201608-11] {{pkg|websvn}} cross-site scripting<br />
* [10 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000684.html ASA-201608-10] {{pkg|jq}} arbitrary code execution<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000683.html ASA-201608-9] {{pkg|curl}} multiple issues<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000682.html ASA-201608-8] {{pkg|libupnp}} arbitrary filesystem access<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000681.html ASA-201608-7] {{pkg|lib32-glibc}} denial of service<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000680.html ASA-201608-6] {{pkg|glibc}} denial of service<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000679.html ASA-201608-5] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000678.html ASA-201608-4] {{pkg|jre7-openjdk}} multiple issues<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000677.html ASA-201608-3] {{pkg|jdk7-openjdk}} multiple issues<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000676.html ASA-201608-2] {{pkg|firefox}} multiple issues<br />
* [02 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000675.html ASA-201608-1] {{pkg|openssh}} information leakage<br />
<br />
=== July 2016 ===<br />
* [30 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000674.html ASA-201607-14] {{pkg|libidn}} denial of service<br />
* [29 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000673.html ASA-201607-13] {{pkg|imagemagick}} information leakage<br />
* [24 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000672.html ASA-201607-12] {{pkg|chromium}} multiple issues<br />
* [22 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000671.html ASA-201607-11] {{pkg|python2-django}} cross site scripting<br />
* [22 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000670.html ASA-201607-10] {{pkg|python-django}} cross site scripting<br />
* [21 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000669.html ASA-201607-9] {{pkg|drupal}} proxy injection<br />
* [20 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000668.html ASA-201607-8] {{pkg|bind}} denial of service<br />
* [18 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000667.html ASA-201607-7] {{pkg|lib32-flashplugin}} multiple issues<br />
* [18 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000666.html ASA-201607-6] {{pkg|flashplugin}} multiple issues<br />
* [17 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000665.html ASA-201607-5] {{pkg|gimp}} arbitrary code execution<br />
* [10 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000664.html ASA-201607-4] {{pkg|thunderbird}} arbitrary code execution<br />
* [05 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000663.html ASA-201607-3] {{pkg|libreoffice-fresh}} arbitrary code execution<br />
* [05 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000662.html ASA-201607-2] {{pkg|xerces-c}} denial of service<br />
* [05 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000661.html ASA-201607-1] {{pkg|libarchive}} arbitrary code execution<br />
<br />
=== June 2016 ===<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000660.html ASA-201606-25] {{pkg|phpmyadmin}} multiple issues<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000659.html ASA-201606-24] {{pkg|libpurple}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000658.html ASA-201606-23] {{pkg|libdwarf}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000657.html ASA-201606-22] {{pkg|xerces-c}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000656.html ASA-201606-21] {{pkg|vlc}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000655.html ASA-201606-20] {{pkg|chromium}} arbitrary code execution<br />
* [20 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000654.html ASA-201606-19] {{pkg|wget}} arbitrary file upload<br />
* [20 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000653.html ASA-201606-18] {{pkg|lib32-flashplugin}} multiple issues<br />
* [19 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000652.html ASA-201606-17] {{pkg|lib32-glibc}} denial of service<br />
* [19 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000651.html ASA-201606-16] {{pkg|glibc}} denial of service<br />
* [19 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000650.html ASA-201606-15] {{pkg|flashplugin}} multiple issues<br />
* [13 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000649.html ASA-201606-14] {{pkg|lib32-expat}} multiple issues<br />
* [13 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000648.html ASA-201606-13] {{pkg|expat}} multiple issues<br />
* [10 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000647.html ASA-201606-12] {{pkg|lib32-gnutls}} arbitrary file overwrite<br />
* [10 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000646.html ASA-201606-11] {{pkg|haproxy}} denial of service<br />
* [10 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000645.html ASA-201606-10] {{pkg|gnutls}} arbitrary file overwrite<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000644.html ASA-201606-9] {{pkg|qemu-arch-extra}} multiple issues<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000643.html ASA-201606-8] {{pkg|qemu}} multiple issues<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000642.html ASA-201606-7] {{pkg|firefox}} multiple issues<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000641.html ASA-201606-6] {{pkg|subversion}} multiple issues<br />
* [5 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000640.html ASA-201606-5] {{pkg|chromium}} multiple issues<br />
* [4 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000639.html ASA-201606-4] {{pkg|ntp}} distributed denial of service amplification<br />
* [4 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000638.html ASA-201606-3] {{pkg|webkit2gtk}} arbitrary code execution<br />
* [1 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000637.html ASA-201606-2] {{pkg|nginx-mainline}} denial of service<br />
* [1 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000636.html ASA-201606-1] {{pkg|nginx}} denial of service<br />
<br />
=== May 2016 ===<br />
<br />
* [28 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000635.html ASA-201605-28] {{pkg|chromium}} multiple issues<br />
* [26 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000634.html ASA-201605-27] {{pkg|libxml2}} multiple issues<br />
* [24 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000633.html ASA-201605-26] {{pkg|libndp}} man-in-the-middle<br />
* [19 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000632.html ASA-201605-25] {{pkg|bugzilla}} cross-site scripting<br />
* [18 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000631.html ASA-201605-24] {{pkg|p7zip}} arbitrary code execution<br />
* [18 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000630.html ASA-201605-23] {{pkg|lib32-expat}} arbitrary code execution<br />
* [18 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000629.html ASA-201605-22] {{pkg|expat}} arbitrary code execution<br />
* [15 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000628.html ASA-201605-21] {{pkg|thunderbird}} arbitrary code execution<br />
* [13 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000627.html ASA-201605-20] {{pkg|lib32-glibc}} multiple issues<br />
* [13 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000626.html ASA-201605-19] {{pkg|glibc}} multiple issues<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000625.html ASA-201605-18] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000624.html ASA-201605-17] {{pkg|libksba}} denial of service<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000623.html ASA-201605-16] {{pkg|flashplugin}} arbitrary code execution<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000622.html ASA-201605-15] {{pkg|chromium}} multiple issues<br />
* [10 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000621.html ASA-201605-14] {{pkg|cacti}} sql injection<br />
* [10 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000620.html ASA-201605-13] {{pkg|squid}} multiple issues<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000619.html ASA-201605-12] {{pkg|mencoder}} denial of service<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000618.html ASA-201605-11] {{pkg|mplayer}} denial of service<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000617.html ASA-201605-10] {{pkg|mercurial}} arbitrary code execution<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000616.html ASA-201605-9] {{pkg|latex2rtf}} arbitrary code execution<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000615.html ASA-201605-8] {{pkg|gd}} arbitrary code execution<br />
* [05 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000614.html ASA-201605-7] {{pkg|chromium}} multiple issues<br />
* [05 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000613.html ASA-201605-6] {{pkg|imagemagick}} arbitrary code execution<br />
* [05 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000612.html ASA-201605-5] {{pkg|quassel-core}} denial of service<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000611.html ASA-201605-4] {{pkg|lib32-openssl}} multiple issues<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000610.html ASA-201605-3] {{pkg|openssl}} multiple issues<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000609.html ASA-201605-2] {{pkg|jasper}} multiple issues<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000608.html ASA-201605-1] {{pkg|imlib2}} multiple issues<br />
<br />
=== April 2016 ===<br />
<br />
* [30 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000607.html ASA-201604-15] {{pkg|firefox}} multiple issues<br />
* [23 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000606.html ASA-201604-14] {{pkg|squid}} multiple issues<br />
* [23 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000605.html ASA-201604-13] {{pkg|samba}} multiple issues<br />
* [23 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000604.html ASA-201604-12] {{pkg|thunderbird}} multiple issues<br />
* [22 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000603.html ASA-201604-11] {{pkg|pgpdump}} denial of service<br />
* [17 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000602.html ASA-201604-10] {{pkg|chromium}} multiple issues<br />
* [17 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000601.html ASA-201604-9] {{pkg|libtasn1}} denial of service<br />
* [14 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000600.html ASA-201604-8] {{pkg|lhasa}} arbitrary code execution<br />
* [10 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000599.html ASA-201604-7] {{pkg|flashplugin}} arbitrary code execution<br />
* [06 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000598.html ASA-201604-6] {{pkg|mercurial}} arbitrary code execution<br />
* [04 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000597.html ASA-201604-5] {{pkg|optipng}} arbitrary code execution<br />
* [02 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000596.html ASA-201604-4] {{pkg|squid}} denial of service<br />
* [01 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000595.html ASA-201604-3] {{pkg|jre7-openjdk-headless}} sandbox escape<br />
* [01 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000594.html ASA-201604-2] {{pkg|jre7-openjdk}} sandbox escape<br />
* [01 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000593.html ASA-201604-1] {{pkg|jdk7-openjdk}} sandbox escape<br />
<br />
=== March 2016 ===<br />
<br />
* [29 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000592.html ASA-201603-27] {{pkg|jre8-openjdk-headless}} sandbox escape<br />
* [29 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000591.html ASA-201603-26] {{pkg|jre8-openjdk}} sandbox escape<br />
* [29 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000590.html ASA-201603-25] {{pkg|jdk8-openjdk}} sandbox escape<br />
* [26 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000589.html ASA-201603-24] {{pkg|chromium}} multiple issues<br />
* [24 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000588.html ASA-201603-23] {{pkg|expat}} arbitrary code execution<br />
* [24 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000587.html ASA-201603-22] {{pkg|botan}} multiple issues<br />
* [20 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000586.html ASA-201603-21] {{pkg|thunderbird}} multiple issues<br />
* [20 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000585.html ASA-201603-20] {{pkg|git}} remote command execution<br />
* [14 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000584.html ASA-201603-19] {{pkg|dropbear}} command injection<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000583.html ASA-201603-18] {{pkg|pcre}} arbitrary code execution<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000582.html ASA-201603-17] {{pkg|wireshark-gtk}} denial of service<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000581.html ASA-201603-16] {{pkg|wireshark-qt}} denial of service<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000580.html ASA-201603-15] {{pkg|wireshark-cli}} denial of service<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000579.html ASA-201603-14] {{pkg|pidgin-otr}} arbitrary code execution<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000578.html ASA-201603-13] {{pkg|bind}} denial of service<br />
* [11 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000577.html ASA-201603-12] {{pkg|openssh}} command injection<br />
* [11 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000576.html ASA-201603-11] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [11 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000575.html ASA-201603-10] {{pkg|flashplugin}} arbitrary code execution<br />
* [10 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000574.html ASA-201603-9] {{pkg|perl}} improper input validation<br />
* [10 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000573.html ASA-201603-8] {{pkg|exim}} privilege escalation<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000572.html ASA-201603-7] {{pkg|bind}} denial of service<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000571.html ASA-201603-6] {{pkg|libotr}} arbitrary code execution<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000570.html ASA-201603-5] {{pkg|chromium}} multiple issues<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000569.html ASA-201603-4] {{pkg|firefox}} multiple issues<br />
* [7 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000568.html ASA-201603-3] {{pkg|lib32-openssl}} multiple issues<br />
* [7 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000567.html ASA-201603-2] {{pkg|openssl}} multiple issues<br />
* [3 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000566.html ASA-201603-1] {{pkg|chromium}} multiple issues<br />
<br />
=== February 2016 ===<br />
<br />
* [28 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000565.html ASA-201602-24] {{pkg|cacti}} SQL injection<br />
* [28 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000564.html ASA-201602-23] {{pkg|lib32-glibc}} unbound stack usage<br />
* [28 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000563.html ASA-201602-22] {{pkg|glibc}} unbound stack usage<br />
* [25 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000562.html ASA-201602-21] {{pkg|lib32-libssh2}} man-in-the-middle<br />
* [25 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000561.html ASA-201602-20] {{pkg|libssh2}} man-in-the-middle<br />
* [24 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000560.html ASA-201602-19] {{pkg|libgcrypt}} secret key extraction<br />
* [23 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000559.html ASA-201602-18] {{pkg|libssh}} man-in-the-middle<br />
* [21 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000558.html ASA-201602-17] {{pkg|chromium}} multiple issues<br />
* [21 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000557.html ASA-201602-16] {{pkg|thunderbird}} multiple issues<br />
* [17 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000555.html ASA-201602-15] {{pkg|lib32-glibc}} multiple issues<br />
* [17 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000554.html ASA-201602-14] {{pkg|glibc}} multiple issues<br />
* [13 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000553.html ASA-201602-13] {{pkg|nghttp2}} denial of service<br />
* [13 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000552.html ASA-201602-12] {{pkg|firefox}} same-origin policy bypass<br />
* [10 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000551.html ASA-201602-11] {{pkg|botan}} multiple issues<br />
* [10 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000550.html ASA-201602-10] {{pkg|kscreenlocker}} access restriction bypass<br />
* [6 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000549.html ASA-201602-9] {{pkg|lib32-libsndfile}} multiple issues<br />
* [6 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000548.html ASA-201602-8] {{pkg|libsndfile}} multiple issues<br />
* [4 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000547.html ASA-201602-7] {{pkg|libbsd}} denial of service<br />
* [3 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000546.html ASA-201602-6] {{pkg|lib32-nettle}} improper cryptographic calculations<br />
* [3 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000545.html ASA-201602-5] {{pkg|nettle}} improper cryptographic calculations<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000544.html ASA-201602-4] {{pkg|lib32-curl}} man-in-the-middle<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000543.html ASA-201602-3] {{pkg|curl}} man-in-the-middle<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000542.html ASA-201602-2] {{pkg|python2-django}} permission bypass<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000540.html ASA-201602-1] {{pkg|python-django}} permission bypass<br />
<br />
=== January 2016 ===<br />
* [29 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000539.html ASA-201601-33] {{pkg|lib32-openssl}} man-in-the-middle<br />
* [29 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000538.html ASA-201601-32] {{pkg|openssl}} man-in-the-middle<br />
* [27 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000536.html ASA-201601-31] {{pkg|nginx}} denial of service<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000535.html ASA-201601-30] {{pkg|blueman}} privilege escalation<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000534.html ASA-201601-29] {{pkg|mbedtls}} man-in-the-middle<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000533.html ASA-201601-28] {{pkg|chromium}} multiple issues<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000532.html ASA-201601-27] {{pkg|privoxy}} denial of service<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000531.html ASA-201601-26] {{pkg|linux-lts}} privilege escalation<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000530.html ASA-201601-25] {{pkg|ecryptfs-utils}} privilege escalation<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000529.html ASA-201601-24] {{pkg|python2-rsa}} signature forgery<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000528.html ASA-201601-23] {{pkg|python-rsa}} signature forgery<br />
* [21 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000527.html ASA-201601-22] {{pkg|libdwarf}} denial of service<br />
* [21 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000526.html ASA-201601-21] {{pkg|bind}} denial of service<br />
* [20 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000525.html ASA-201601-20] {{pkg|linux}} privilege escalation<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000524.html ASA-201601-19] {{pkg|ntp}} time alteration<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000523.html ASA-201601-18] {{pkg|roundcubemail}} remote code execution<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000522.html ASA-201601-17] {{pkg|ffmpeg}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000521.html ASA-201601-16] {{pkg|syncthing}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000520.html ASA-201601-15] {{pkg|keybase}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000519.html ASA-201601-14] {{pkg|hub}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000518.html ASA-201601-13] {{pkg|go-ipfs}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000517.html ASA-201601-12] {{pkg|docker}} information leakage<br />
* [16 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000516.html ASA-201601-11] {{pkg|go}} information leakage<br />
* [14 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000515.html ASA-201601-10] {{pkg|php}} multiple issues<br />
* [14 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000512.html ASA-201601-9] {{pkg|openssh}} multiple issues<br />
* [13 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000487.html ASA-201601-8] {{pkg|libxslt}} denial of service<br />
* [11 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000486.html ASA-201601-7] {{pkg|dhcpcd}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000485.html ASA-201601-6] {{pkg|wireshark-qt}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000484.html ASA-201601-5] {{pkg|wireshark-gtk}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000483.html ASA-201601-4] {{pkg|wireshark-cli}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000482.html ASA-201601-3] {{pkg|gajim}} man-in-the-middle<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000481.html ASA-201601-2] {{pkg|wordpress}} cross-side scripting<br />
* [02 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000480.html ASA-201601-1] {{pkg|rtmpdump}} multiple issues<br />
<br />
=== December 2015 ===<br />
<br />
* [28 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000479.html ASA-201512-19] {{pkg|openvpn}} out-of-bound read<br />
* [28 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000478.html ASA-201512-18] {{pkg|libpng}} buffer overflow<br />
* [28 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000477.html ASA-201512-17] {{pkg|flashplugin}}, {{pkg|lib32-flashplugin}} multiple issues<br />
* [25 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000476.html ASA-201512-16] {{pkg|nghttp2}} use-after-free<br />
* [25 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000475.html ASA-201512-15] {{pkg|mediawiki}} multiple issues<br />
* [25 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000474.html ASA-201512-14] {{pkg|thunderbird}} multiple issues<br />
* [22 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000473.html ASA-201512-13] {{pkg|claws-mail}} buffer overflow<br />
* [17 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000472.html ASA-201512-12] {{pkg|python2-pyamf}} XML external entity injection<br />
* [17 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000471.html ASA-201512-11] {{pkg|ruby}} unsafe tainted string usage<br />
* [16 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000468.html ASA-201512-10] {{pkg|bind}} denial of service<br />
* [15 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000467.html ASA-201512-9] {{pkg|firefox}} multiple issues<br />
* [10 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000466.html ASA-201512-8] {{pkg|keepassx}} information disclosure<br />
* [09 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000465.html ASA-201512-7] {{pkg|flashplugin}} multiple issues<br />
* [09 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000464.html ASA-201512-6] {{pkg|libxml2}} multiple issues<br />
* [09 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000463.html ASA-201512-5] {{pkg|chromium}} multiple issues<br />
* [05 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000462.html ASA-201512-4] {{pkg|nodejs}} denial of service<br />
* [05 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000460.html ASA-201512-3] {{pkg|python-django}} {{pkg|python2-django}} information leakage<br />
* [05 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000459.html ASA-201512-2] {{pkg|openssl}} {{pkg|lib32-openssl}} multiple issues<br />
* [02 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000440.html ASA-201512-1] {{pkg|chromium}} multiple issues<br />
<br />
=== November 2015 ===<br />
<br />
* [18 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000439.html ASA-201511-11] {{pkg|jenkins}} multiple issues<br />
* [17 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000438.html ASA-201511-10] {{pkg|lib32-libpng}} multiple issues<br />
* [17 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000437.html ASA-201511-9] {{pkg|libpng}} multiple issues<br />
* [13 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000436.html ASA-201511-8] {{pkg|chromium}} information leakage<br />
* [12 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000435.html ASA-201511-7] {{pkg|putty}} arbitrary code execution<br />
* [12 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000434.html ASA-201511-6] {{pkg|powerdns}} denial of service<br />
* [11 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000433.html ASA-201511-5] {{pkg|flashplugin}} multiple issues<br />
* [06 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000432.html ASA-201511-4] {{pkg|nspr}} arbitrary code execution<br />
* [06 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000431.html ASA-201511-3] {{pkg|nss}} arbitrary code execution<br />
* [04 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000430.html ASA-201511-2] {{pkg|firefox}} multiple issues<br />
* [03 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000429.html ASA-201511-1] {{pkg|unzip}} multiple issues<br />
<br />
=== October 2015 ===<br />
<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000428.html ASA-201510-26] {{pkg|mariadb}} denial of service<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000427.html ASA-201510-25] {{pkg|lldpd}} denial of service<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000426.html ASA-201510-24] {{pkg|wordpress}} multiple issues<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000425.html ASA-201510-23] {{pkg|phpmyadmin}} content spoofing<br />
* [27 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000424.html ASA-201510-22] {{pkg|vorbis-tools}} denial of service<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000423.html ASA-201510-21] {{pkg|drupal}} open redirect<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000422.html ASA-201510-20] {{pkg|jre8-openjdk-headless}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000421.html ASA-201510-19] {{pkg|jre8-openjdk}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000420.html ASA-201510-18] {{pkg|jdk8-openjdk}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000419.html ASA-201510-17] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000418.html ASA-201510-16] {{pkg|jre7-openjdk}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000417.html ASA-201510-15] {{pkg|jdk7-openjdk}} multiple issues<br />
* [22 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000416.html ASA-201510-14] {{pkg|ntp}} multiple issues<br />
* [19 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000415.html ASA-201510-13] {{pkg|spice}} multiple issues<br />
* [18 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000414.html ASA-201510-12] {{pkg|flashplugin}} arbitrary code execution<br />
* [18 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000413.html ASA-201510-11] {{pkg|miniupnpc}} arbitrary code execution<br />
* [16 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000412.html ASA-201510-10] {{pkg|firefox}} cross-origin restriction bypass<br />
* [15 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000411.html ASA-201510-9] {{pkg|mbedtls}} arbitrary code execution<br />
* [14 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000410.html ASA-201510-8] {{pkg|chromium}} multiple issues<br />
* [14 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000409.html ASA-201510-7] {{pkg|flashplugin}} multiple issues<br />
* [10 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000408.html ASA-201510-6] {{pkg|gdk-pixbuf2}} multiple issues<br />
* [08 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000407.html ASA-201510-5] {{pkg|opensmtpd}} multiple issues<br />
* [08 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000406.html ASA-201510-4] {{pkg|bugzilla}} unauthorized account creation<br />
* [05 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000405.html ASA-201510-3] {{pkg|nodejs}} denial of service<br />
* [05 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000404.html ASA-201510-2] {{pkg|hostapd}} denial of service<br />
* [05 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000403.html ASA-201510-1] {{pkg|libunwind}} denial of service<br />
<br />
=== September 2015 ===<br />
* [28 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000401.html ASA-201509-11] {{pkg|chromium}} cross-origin bypass<br />
* [25 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000400.html ASA-201509-10] {{pkg|rpcbind}} denial of service<br />
* [23 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000399.html ASA-201509-9] {{pkg|firefox}} multiple issues<br />
* [22 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000398.html ASA-201509-8] {{pkg|flashplugin}} multiple issues<br />
* [21 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000397.html ASA-201509-7] {{pkg|wordpress}} multiple issues<br />
* [13 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000395.html ASA-201509-6] {{pkg|icedtea-web}} multiple issues<br />
* [13 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000394.html ASA-201509-5] {{pkg|libvdpau}} {{pkg|lib32-libvdpau}} multiple issues<br />
* [13 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000393.html ASA-201509-4] {{pkg|openldap}} denial of service<br />
* [07 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000392.html ASA-201509-3] {{pkg|powerdns}} denial of service<br />
* [03 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000391.html ASA-201509-2] {{pkg|bind}} denial of service<br />
* [02 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000390.html ASA-201509-1] {{pkg|chromium}} multiple issues<br />
<br />
=== August 2015 ===<br />
* [28 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000389.html ASA-201508-12] {{pkg|firefox}} multiple issues<br />
* [26 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000388.html ASA-201508-11] {{pkg|pcre}} arbitrary code execution<br />
* [26 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000387.html ASA-201508-10] {{pkg|jasper}} denial of service<br />
* [25 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000386.html ASA-201508-9] {{pkg|django}} denial of service<br />
* [25 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000385.html ASA-201508-8] {{pkg|gnutls}} denial of service<br />
* [16 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000384.html ASA-201508-7] {{pkg|glibc}} denial of service<br />
* [14 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000383.html ASA-201508-6] {{pkg|freeradius}} insufficient CRL validation<br />
* [14 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000382.html ASA-201508-5] {{pkg|subversion}} authentication bypass<br />
* [12 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000381.html ASA-201508-4] {{pkg|firefox}} multiple issues<br />
* [11 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000380.html ASA-201508-3] {{pkg|ppp}} denial of service<br />
* [07 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000379.html ASA-201508-2] {{pkg|wordpress}} multiple issues<br />
* [07 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000378.html ASA-201508-1] {{pkg|firefox}} information leakage<br />
<br />
=== July 2015 ===<br />
* [29 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000377.html ASA-201507-23] {{pkg|pacman}} silent downgrade<br />
* [29 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000376.html ASA-201507-22] {{pkg|bind}} denial of service<br />
* [29 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000375.html ASA-201507-21] {{pkg|qemu}} multiple issues<br />
* [24 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000374.html ASA-201507-20] {{pkg|crypto++}} private key recovery<br />
* [24 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000373.html ASA-201507-19] {{pkg|libuser}} privilege escalation<br />
* [23 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000371.html ASA-201507-18] {{pkg|chromium}} multiple issues<br />
* [23 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000372.html ASA-201507-17] {{pkg|openssh}} authentication limits bypass<br />
* [22 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000370.html ASA-201507-16] {{pkg|jre7-openjdk}} multiple issues<br />
* [17 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000369.html ASA-201507-15] {{pkg|apache}} multiple issues<br />
* [16 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000368.html ASA-201507-14] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [16 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000367.html ASA-201507-13] {{pkg|flashplugin}} arbitrary code execution<br />
* [13 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000366.html ASA-201507-12] {{pkg|lib32-openssl}} man-in-the-middle<br />
* [12 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000365.html ASA-201507-11] {{pkg|lib32-krb5}} multiple issues<br />
* [12 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000364.html ASA-201507-10] {{pkg|krb5}} multiple issues<br />
* [11 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000363.html ASA-201507-9] {{pkg|thunderbird}} multiple issues<br />
* [09 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000362.html ASA-201507-8] {{pkg|openssl}} man-in-the-middle<br />
* [08 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000361.html ASA-201507-7] {{pkg|flashplugin}} remote code execution<br />
* [07 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000360.html ASA-201507-6] {{pkg|bind}} denial of service<br />
* [07 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000359.html ASA-201507-5] {{pkg|ntp}} denial of service<br />
* [04 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000358.html ASA-201507-4] {{pkg|openssh}} XSECURITY restrictions bypass<br />
* [04 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000357.html ASA-201507-3] {{pkg|haproxy}} information leakage<br />
* [03 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000356.html ASA-201507-2] {{pkg|firefox}} remote code execution<br />
* [03 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000355.html ASA-201507-1] {{pkg|wesnoth}} information leakage<br />
<br />
=== June 2015 ===<br />
* [24 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000346.html ASA-201506-5] {{pkg|flashplugin}} remote code execution<br />
* [22 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000345.html ASA-201506-4] {{pkg|curl}} information leakage<br />
* [12 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000344.html ASA-201506-3] {{pkg|openssl}} multiple issues<br />
* [10 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000343.html ASA-201506-2] {{pkg|cups}} multiple issues<br />
* [01 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000342.html ASA-201506-1] {{pkg|pcre}} buffer overflow<br />
<br />
=== May 2015 ===<br />
* [28 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000341.html ASA-201505-20] {{pkg|curl}} information leakage<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000340.html ASA-201505-19] {{pkg|webkitgtk2}} man-in-the-middle<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000339.html ASA-201505-18] {{pkg|webkitgtk}} man-in-the-middle<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000338.html ASA-201505-17] {{pkg|postgresql}} multiple issues<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000337.html ASA-201505-16] {{pkg|pgbouncer}} denial of service<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000336.html ASA-201505-15] {{pkg|nbd}} denial of service<br />
* [21 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000335.html ASA-201505-14] {{pkg|chromium}} multiple issues<br />
* [18 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000332.html ASA-201505-13] {{pkg|thunderbird}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000331.html ASA-201505-12] {{pkg|wireshark-gtk}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000330.html ASA-201505-11] {{pkg|wireshark-qt}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000329.html ASA-201505-10] {{pkg|wireshark-cli}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000328.html ASA-201505-9] {{pkg|qemu}} arbitrary code execution<br />
* [13 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000321.html ASA-201505-8] {{pkg|tomcat6}} denial of service<br />
* [13 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000320.html ASA-201505-7] {{pkg|firefox}} multiple issues<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000319.html ASA-201505-6] {{pkg|docker}} multiple issues<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000318.html ASA-201505-5] {{pkg|libtasn1}} arbitrary code execution<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000317.html ASA-201505-4] {{pkg|mariadb-clients}} multiple issues<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000316.html ASA-201505-3] {{pkg|mariadb}} multiple issues<br />
* [03 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000315.html ASA-201505-2] {{pkg|clamav}} multiple issues<br />
* [01 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000314.html ASA-201505-1] {{pkg|squid}} weak certificate validation<br />
<br />
=== Apr 2015 ===<br />
* [30 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000313.html ASA-201504-32] {{pkg|perl-xml-libxml}} xml external entity injection<br />
* [29 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000312.html ASA-201504-31] {{pkg|dovecot}} denial of service<br />
* [29 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000311.html ASA-201504-30] {{pkg|chromium}} multiple issues<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000310.html ASA-201504-29] {{pkg|wpa_supplicant}} arbitrary code execution<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000309.html ASA-201504-28] {{pkg|curl}} multiple issues<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000308.html ASA-201504-27] {{pkg|powerdns-recursor}} denial of service<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000307.html ASA-201504-26] {{pkg|powerdns}} denial of service<br />
* [23 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000305.html ASA-201504-25] {{pkg|glibc}} arbitrary code execution<br />
* [22 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000304.html ASA-201504-24] {{pkg|firefox}} arbitrary code execution<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000302.html ASA-201504-23] {{pkg|jre8-openjdk-headless}} multiple issues<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000301.html ASA-201504-22] {{pkg|jre8-openjdk}} multiple issues<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000300.html ASA-201504-21] {{pkg|jdk8-openjdk}} multiple issues<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000299.html ASA-201504-20] {{pkg|tcpdump}} denial of service<br />
* [18 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000298.html ASA-201504-19] {{pkg|chromium}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000297.html ASA-201504-18] {{pkg|flashplugin}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000296.html ASA-201504-17] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000295.html ASA-201504-16] {{pkg|jre7-openjdk}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000294.html ASA-201504-15] {{pkg|jdk7-openjdk}} multiple issues<br />
* [15 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000291.html ASA-201504-14] {{pkg|php}} multiple issues<br />
* [14 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000282.html ASA-201504-13] {{pkg|ruby}} permissive certificate matching<br />
* [11 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000281.html ASA-201504-12] {{pkg|icecast}} denial of service<br />
* [10 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000280.html ASA-201504-11] {{pkg|mediawiki}} multiple issues<br />
* [09 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000279.html ASA-201504-10] {{pkg|libssh2}} out-of-bounds read<br />
* [08 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000278.html ASA-201504-9] {{pkg|chrony}} denial of service<br />
* [08 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000275.html ASA-201504-8] {{pkg|ntp}} multiple issues<br />
* [07 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000274.html ASA-201504-7] {{pkg|tor}} multiple issues<br />
* [04 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000272.html ASA-201504-6] {{pkg|thunderbird}} multiple issues<br />
* [04 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000273.html ASA-201504-5] {{pkg|java-batik}} xml external entity injection<br />
* [04 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000271.html ASA-201504-4] {{pkg|firefox}} certificate verification bypass<br />
* [03 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000270.html ASA-201504-3] {{pkg|libtasn1}} stack overflow<br />
* [02 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000269.html ASA-201504-2] {{pkg|chromium}} remote code execution<br />
* [01 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000268.html ASA-201504-1] {{pkg|firefox}} multiple issues<br />
<br />
=== Mar 2015 ===<br />
* [31 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000267.html ASA-201503-26] {{pkg|musl}} arbitrary code execution<br />
* [28 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000266.html ASA-201503-25] {{pkg|php}} zip integer overflow<br />
* [25 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000265.html ASA-201503-24] {{pkg|vorbis-tools}} denial of service<br />
* [24 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000264.html ASA-201503-23] {{pkg|util-linux}} command injection<br />
* [23 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000263.html ASA-201503-22] {{pkg|cpio}} directory traversal<br />
* [21 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000262.html ASA-201503-21] {{pkg|firefox}} multiple issues<br />
* [20 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000261.html ASA-201503-20] {{pkg|tcpdump}} multiple issues<br />
* [20 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000260.html ASA-201503-19] {{pkg|xerces-c}} denial of service<br />
* [20 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000259.html ASA-201503-18] {{pkg|drupal}} multiple issues<br />
* [19 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000258.html ASA-201503-17] {{pkg|lib32-openssl}} multiple issues<br />
* [19 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000257.html ASA-201503-16] {{pkg|openssl}} multiple issues<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000256.html ASA-201503-15] {{pkg|libxfont}} multiple issues<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000255.html ASA-201503-14] {{pkg|ecryptfs-utils}} hard-coded passphrase salt<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000254.html ASA-201503-13] {{pkg|ettercap-gtk}} multiple issues<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000253.html ASA-201503-12] {{pkg|ettercap}} multiple issues<br />
* [16 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000252.html ASA-201503-11] {{pkg|flashplugin}} multiple issues<br />
* [16 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000251.html ASA-201503-10] {{pkg|librsync}} checksum collision<br />
* [15 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000250.html ASA-201503-9] {{pkg|unzip}} arbitrary code execution<br />
* [12 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000249.html ASA-201503-8] {{pkg|e2fsprogs}} arbitrary code execution<br />
* [11 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000248.html ASA-201503-7] {{pkg|python2-django}} {{pkg|python-django}} cross site scripting<br />
* [09 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000247.html ASA-201503-6] {{pkg|mutt}} denial of service<br />
* [05 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000245.html ASA-201503-5] {{pkg|chromium}} multiple issues<br />
* [05 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000244.html ASA-201503-4] {{pkg|grep}} denial of service<br />
* [02 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000243.html ASA-201503-3] {{pkg|lib32-elfutils}} directory traversal<br />
* [02 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000242.html ASA-201503-2] {{pkg|elfutils}} directory traversal<br />
* [02 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000241.html ASA-201503-1] {{pkg|putty}} information disclosure<br />
<br />
=== Feb 2015 ===<br />
* [25 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000238.html ASA-201502-15] {{pkg|thunderbird}} multiple issues<br />
* [25 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000237.html ASA-201502-14] {{pkg|firefox}} multiple issues<br />
* [23 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000236.html ASA-201502-13] {{pkg|samba}} arbitrary code execution<br />
* [17 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000235.html ASA-201502-12] {{pkg|krb5}} multiple issues<br />
* [11 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000234.html ASA-201502-11] {{pkg|xorg-server}} information leak and denial of service<br />
* [10 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000233.html ASA-201502-10] {{pkg|dbus}} denial of service<br />
* [09 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000232.html ASA-201502-9] {{pkg|pigz}} remote write to arbitrary file<br />
* [09 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000231.html ASA-201502-8] {{pkg|glibc}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000230.html ASA-201502-7] {{pkg|ntp}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000229.html ASA-201502-6] {{pkg|clamav}} arbitrary code execution<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000228.html ASA-201502-5] {{pkg|chromium}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000227.html ASA-201502-4] {{pkg|postgresql}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000226.html ASA-201502-3] {{pkg|mantisbt}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000225.html ASA-201502-2] {{pkg|flashplugin}} remote code execution<br />
* [03 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000224.html ASA-201502-1] {{pkg|privoxy}} denial of service<br />
<br />
=== Jan 2015 ===<br />
* [28 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000223.html ASA-201501-24] {{pkg|patch}} multiple issues<br />
* [27 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000222.html ASA-201501-23] {{pkg|jasper}} arbitrary code execution<br />
* [26 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000220.html ASA-201501-22] {{pkg|flashplugin}} multiple issues<br />
* [25 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000219.html ASA-201501-21] {{pkg|chromium}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000218.html ASA-201501-20] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000217.html ASA-201501-19] {{pkg|jre7-openjdk}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000216.html ASA-201501-18] {{pkg|jdk7-openjdk}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000215.html ASA-201501-17] {{pkg|php}} remote code execution<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000212.html ASA-201501-16] {{pkg|jre8-openjdk-headless}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000211.html ASA-201501-15] {{pkg|jre8-openjdk}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000210.html ASA-201501-14] {{pkg|jdk8-openjdk}} multiple issues<br />
* [20 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000209.html ASA-201501-13] {{pkg|polarssl}} remote code execution<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000208.html ASA-201501-12] {{pkg|libssh}} denial of service<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000207.html ASA-201501-11] {{pkg|tinyproxy}} denial of service<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000206.html ASA-201501-10] {{pkg|samba}} privilege elevation<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000205.html ASA-201501-9] {{pkg|curl}} url request injection<br />
* [15 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000204.html ASA-201501-8] {{pkg|flashplugin}} multiple issues<br />
* [14 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000203.html ASA-201501-7] {{pkg|thunderbird}} multiple issues<br />
* [14 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000202.html ASA-201501-6] {{pkg|firefox}} multiple issues<br />
* [14 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000201.html ASA-201501-5] {{pkg|cpio}} heap buffer overflow<br />
* [13 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000200.html ASA-201501-4] {{pkg|libevent}} heap overflow<br />
* [10 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000199.html ASA-201501-3] {{pkg|unzip}} arbitrary code execution<br />
* [09 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000198.html ASA-201501-2] {{pkg|openssl}} multiple issues<br />
* [07 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000192.html ASA-201501-1] {{pkg|imagemagick}} multiple issues<br />
<br />
=== Dec 2014 ===<br />
* [22 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000189.html ASA-201412-24] {{pkg|ntp}} multiple issues<br />
* [18 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000183.html ASA-201412-23] {{pkg|php}} use after free<br />
* [18 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000182.html ASA-201412-22] {{pkg|jasper}} arbitrary code execution<br />
* [18 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000181.html ASA-201412-21] {{pkg|glibc}} arbitrary code execution<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000178.html ASA-201412-20] {{pkg|unrtf}} arbitrary code execution<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000177.html ASA-201412-19] {{pkg|dokuwiki}} cross-site scripting<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000176.html ASA-201412-18] {{pkg|nss}} signature forgery<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000175.html ASA-201412-17] {{pkg|subversion}} denial of service<br />
* [15 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000174.html ASA-201412-16] {{pkg|docker}} multiple issues<br />
* [15 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000173.html ASA-201412-15] {{pkg|python2}} multiple issues<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000172.html ASA-201412-14] {{pkg|xorg-server}} multiple issues<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000171.html ASA-201412-13] {{pkg|flashplugin}} multiple issues<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000170.html ASA-201412-12] {{pkg|nvidia}} arbitrary code execution<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000169.html ASA-201412-11] {{pkg|nvidia-340xx}} arbitrary code execution<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000168.html ASA-201412-10] {{pkg|nvidia-304xx}} arbitrary code execution<br />
* [09 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000167.html ASA-201412-9] {{pkg|powerdns-recursor}} denial of service<br />
* [09 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000166.html ASA-201412-8] {{pkg|unbound}} denial of service<br />
* [08 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000165.html ASA-201412-7] {{pkg|bind}} denial of service<br />
* [08 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000164.html ASA-201412-6] {{pkg|mantisbt}} multiple issues<br />
* [04 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000163.html ASA-201412-5] {{pkg|antiword}} buffer overflow<br />
* [03 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000162.html ASA-201412-4] {{pkg|graphviz}} format string vulnerability<br />
* [03 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000161.html ASA-201412-3] {{pkg|firefox}} multiple issues<br />
* [02 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000160.html ASA-201412-2] {{pkg|openvpn}} denial of service<br />
* [01 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000159.html ASA-201412-1] {{pkg|gnupg}} denial of service<br />
<br />
=== Nov 2014 ===<br />
* [28 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000156.html ASA-201411-31] {{pkg|libksba}} denial of service<br />
* [28 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000157.html ASA-201411-32] {{pkg|icecast}} information leak<br />
* [28 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000158.html ASA-201411-33] {{pkg|libjpeg-turbo}} denial of service <br />
* [26 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000155.html ASA-201411-30] {{pkg|flac}} arbitrary code execution<br />
* [26 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000154.html ASA-201411-29] {{pkg|pcre}} heap buffer overflow<br />
* [23 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000153.html ASA-201411-28] {{pkg|dbus}} denial of service<br />
* [21 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000152.html ASA-201411-27] {{pkg|glibc}} command execution<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000151.html ASA-201411-26] {{pkg|chromium}} multiple issues<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000150.html ASA-201411-25] {{pkg|drupal}} session hijacking and denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000149.html ASA-201411-24] {{pkg|wireshark-qt}} denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000148.html ASA-201411-23] {{pkg|wireshark-gtk}} denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000147.html ASA-201411-22] {{pkg|wireshark-cli}} denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000146.html ASA-201411-21] {{pkg|clamav}} denial of service<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000145.html ASA-201411-20] {{pkg|avr-binutils}} multiple issues<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000144.html ASA-201411-19] {{pkg|mingw-w64-binutils}} multiple issues<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000143.html ASA-201411-18] {{pkg|arm-none-eabi-binutils}} multiple issues<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000142.html ASA-201411-17] {{pkg|binutils}} multiple issues<br />
* [17 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000141.html ASA-201411-16] {{pkg|ruby}} denial of service<br />
* [17 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000140.html ASA-201411-15] {{pkg|linux-lts}} local denial of service, privilege escalation<br />
* [17 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000139.html ASA-201411-14] {{pkg|linux}} local denial of service, privilege escalation<br />
* [13 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000138.html ASA-201411-13] {{pkg|php}} denial of service<br />
* [13 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000137.html ASA-201411-12] {{pkg|imagemagick}} denial of service<br />
* [13 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000136.html ASA-201411-11] {{pkg|flashplugin}} remote code execution<br />
* [12 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000135.html ASA-201411-10] {{pkg|gnutls}} out-of-bounds memory write<br />
* [12 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000134.html ASA-201411-9] {{pkg|file}} denial of service through out-of-bounds read<br />
* [12 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000133.html ASA-201411-8] {{pkg|mantisbt}} arbitrary code execution and unrestricted access<br />
* [11 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000132.html ASA-201411-7] {{pkg|curl}} out-of-bounds read<br />
* [10 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000131.html ASA-201411-6] {{pkg|kdebase-workspace}} local privilege escalation<br />
* [09 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000130.html ASA-201411-5] {{pkg|konversation}} denial of service<br />
* [06 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000129.html ASA-201411-4] {{pkg|polarssl}} multiple issues<br />
* [05 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000128.html ASA-201411-3] {{pkg|mantisbt}} sql injection<br />
* [03 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000127.html ASA-201411-2] {{pkg|aircrack-ng}} multiple vulnerabilities<br />
* [01 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000126.html ASA-201411-1] {{pkg|tnftp}} arbitrary command execution<br />
<br />
=== Oct 2014 ===<br />
<br />
* [29 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000125.html ASA-201410-14] {{pkg|wget}} arbitrary filesystem access<br />
* [27 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000124.html ASA-201410-13] {{pkg|ejabberd}} circumvention of encryption<br />
* [24 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000123.html ASA-201410-12] {{pkg|libxml2}} Denial of service<br />
* [24 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000122.html ASA-201410-11] {{pkg|ctags}} Denial of service<br />
* [23 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000121.html ASA-201410-10] {{pkg|libvncserver}} Remote code execution and Remote DoS<br />
* [22 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000120.html ASA-201410-9] {{pkg|libpurple}} Remote DoS and Information leakage<br />
* [20 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000119.html ASA-201410-8] {{pkg|wpa_supplicant}}, {{pkg|hostapd}} Arbitrary command execution<br />
* [16 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000118.html ASA-201410-7] {{pkg|drupal}} SQL Injection<br />
* [16 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000117.html ASA-201410-6] {{pkg|openssl}} Memory leak and poodle mitigation<br />
* [15 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000116.html ASA-201410-4] {{pkg|zeromq}} Man-in-the-middle downgrade and replay attack<br />
* [8 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000115.html ASA-201410-5] {{pkg|rsyslog}} Denial of service<br />
* [4 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000114.html ASA-201410-3] {{pkg|mediawiki}} Cross-site Scripting (XSS) and UI redressing<br />
* [2 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000113.html ASA-201410-2] {{pkg|jenkins}} Multiple issues<br />
* [1 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000112.html ASA-201410-1] {{pkg|rsyslog}} Remote denial of service<br />
<br />
=== Sep 2014 ===<br />
<br />
* [29 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000111.html ASA-201409-5] {{pkg|libvirt}} Out-of-bounds read access<br />
* [29 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000109.html ASA-201409-4] {{pkg|mediawiki}} Cross-site Scripting (XSS)<br />
* [26 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000102.html ASA-201409-3] {{pkg|python2}} Information leakage through integer overflow<br />
* [26 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000099.html ASA-201409-2] {{pkg|bash}} Remote code execution<br />
* [25 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000097.html ASA-201409-1] {{pkg|nss}} Signature forgery attack<br />
<br />
==Publishing a new advisory==<br />
<br />
We try to always wait for the vulnerability to have been fixed in the corresponding package before issuing an advisory.<br />
In case of an extremely critical vulnerability,<br />
we may issue an advisory before the package has been fixed, but only if a work-around exists. <br />
<br />
If you want to publish a new advisory, please check that:<br />
* the corresponding Arch Linux package is really vulnerable ;<br />
* the tracking [[Arch_CVE_Monitoring_Team#Procedure|Procedure]] has been completed;<br />
* no Arch Linux Security Advisory for this vulnerability has been published yet ;<br />
* no upcoming Security Advisory for this vulnerability has been claimed in the "[[#Scheduled Advisories|Scheduled Advisories]]" list of this page, as it would mean that someone is already working on an advisory ;<br />
* the current maintainer has been notified, either by flagging the package ouf-of-date if an upstream release fixing the issue exists and/or by creating a new [https://bugs.archlinux.org/ bug-tracker] entry (see the exact procedure [[Arch_CVE_Monitoring_Team#Procedure|here]]).<br />
<br />
You may then:<br />
* add a line in the "[[#Scheduled Advisories|Scheduled Advisories]]" list of this page, indicating that you are going to publish an advisory soon ;<br />
* use the following template as an example to write the advisory ;<br />
* ensure that every line in the advisory is properly wrapped after 72 characters<br />
* send the advisory to the [https://mailman.archlinux.org/mailman/listinfo/arch-security arch-security] mailing-list (note that it would be nice if you could send a PGP-signed e-mail, but it is not required).<br />
* move the published advisory from "[[#Scheduled Advisories|Scheduled Advisories]]" to "[[#Recent Advisories|Recent Advisories]]"<br />
* adapt the [[CVE#Documented_CVE.27s|CVE]] tracking page for the fixed package and add a link to the appropriate ASA.<br />
<br />
===Templates===<br />
<br />
{{bc|<nowiki><br />
Subject:<br />
[ASA-<YYYYMM-N>] <Package>: <Vulnerability Type><br />
<br />
Body:<br />
Arch Linux Security Advisory ASA-YYYYMM-N<br />
=========================================<br />
<br />
Severity: Low, Medium, High, Critical<br />
Date : YYYY-MM-DD<br />
CVE-ID : <CVE-ID><br />
Package : <package><br />
Type : <Vulnerability Type><br />
Remote : <Yes/No><br />
Link : https://wiki.archlinux.org/index.php/CVE<br />
<br />
Summary<br />
=======<br />
<br />
The package <package> before version <Arch Linux fixed version> is vulnerable to <Vulnerability type>.<br />
<br />
Resolution<br />
==========<br />
<br />
Upgrade to <Arch Linux fixed version>.<br />
<br />
# pacman -Syu "<package>>=<Arch Linux fixed version>"<br />
<br />
The problem has been fixed upstream in version <upstream fixed version>.<br />
<br />
Workaround<br />
==========<br />
<br />
<Is there a way to mitigate this vulnerability without upgrading?><br />
<br />
Description<br />
===========<br />
<br />
<Long description, for example from original advisory>.<br />
<br />
Impact<br />
======<br />
<br />
<<br />
What is it that an attacker can do? Does this need existing<br />
pre-conditions to be exploited (valid credentials, physical access)?<br />
Is this remotely exploitable?<br />
>.<br />
<br />
References<br />
==========<br />
<br />
<CVE-Link><br />
<Upstream report><br />
<Arch Linux Bug-Tracker><br />
</nowiki>}}<br />
<br />
===Vim-Snippet===<br />
<br />
Vim-Snippet for vim-ultisnips plugin for easy completing the archlinux template. Just install {{pkg|vim-ultisnips}} and copy the text below in your {{ic|~/.vim/UltiSnips/all.snippets}} you can jump through the tabstops with {{ic|CTRL+j}}.<br />
<br />
{{bc|<nowiki><br />
snippet archsec "arch security form" <br />
Arch Linux Security Advisory ASA-`date -I -u | egrep -o '[0-9]{4}'``date -I -u | egrep -o '[0-9]{2}' | sed '3q;d'`-${1}<br />
========================================${1/./=/g} <br />
<br />
Severity: ${2} <br />
Date : `date -I -u` <br />
CVE-ID : $3 <br />
Package : $4 <br />
Type : $5<br />
Remote : ${6} <br />
Link : https://wiki.archlinux.org/index.php/CVE <br />
<br />
Summary<br />
=======<br />
<br />
The package $4 before version $7 is vulnerable to $5 ${8} <br />
<br />
Resolution<br />
==========<br />
<br />
Upgrade to $7.<br />
<br />
# pacman -Syu "$4>=$7" <br />
<br />
${9:The problems have been fixed upstream in version ${7/-\d+$/./}} <br />
<br />
Workaround<br />
========== <br />
<br />
${10:None.} <br />
<br />
Description <br />
=========== <br />
<br />
${3/(CVE-....-....)(\s?)/- $1(?2: : )()\n\n/g} <br />
<br />
Impact<br />
====== <br />
<br />
A${6/(Yes)|(No)/(?1: remote )(?2: local )/}attacker is able to ${12} <br />
<br />
References<br />
========== <br />
<br />
${3/(CVE-....-....)(\s?)/https:\/\/access.redhat.com\/security\/cve\/$1\n/g}<br />
${13}<br />
endsnippet<br />
<br />
</nowiki>}}</div>
Anthraxx
https://wiki.archlinux.org/index.php?title=Security_Advisories&diff=458639
Security Advisories
2016-12-06T16:56:44Z
<p>Anthraxx: published advisories</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
[[ja:セキュリティアドバイザリ]]<br />
{{Related articles start}}<br />
{{Related|Arch CVE Monitoring Team}}<br />
{{Related|CVE}}<br />
{{Related|Security Advisories/Examples}}<br />
{{Related articles end}}<br />
<br />
Security Advisories are published by the community driven [[Arch CVE Monitoring Team]] to the public [https://mailman.archlinux.org/mailman/listinfo/arch-security arch-security] list.<br />
All published advisories can be found below, however if you want to be up-to-date its recommended to subscribe to the [https://mailman.archlinux.org/mailman/listinfo/arch-security list]. All assigned CVE's are tracked at the relevant CVE page [[CVE]], by the [[Arch_CVE_Monitoring_Team|ACMT]].<br />
<br />
==Scheduled Advisories==<br />
<br />
==Recent Advisories==<br />
Here is an archive of security advisories posted to the [https://mailman.archlinux.org/mailman/listinfo/arch-security arch-security] list.<br />
<br />
=== December 2016 ===<br />
* [06 December 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-December/000783.html ASA-201612-7] {{pkg|linux-lts}} privilege escalation<br />
* [06 December 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-December/000782.html ASA-201612-6] {{pkg|linux}} privilege escalation<br />
* [06 December 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-December/000781.html ASA-201612-5] {{pkg|linux-grsec}} privilege escalation<br />
* [02 December 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-December/000780.html ASA-201612-4] {{pkg|libdwarf}} multiple issues<br />
* [02 December 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-December/000779.html ASA-201612-3] {{pkg|chromium}} multiple issues<br />
* [01 December 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-December/000778.html ASA-201612-2] {{pkg|thunderbird}} arbitrary code execution<br />
* [01 December 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-December/000777.html ASA-201612-1] {{pkg|firefox}} multiple issues<br />
<br />
=== November 2016 ===<br />
* [30 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000776.html ASA-201611-29] {{pkg|neovim}} arbitrary command execution<br />
* [26 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000775.html ASA-201611-28] {{pkg|ntp}} multiple issues <br />
* [25 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000774.html ASA-201611-27] {{pkg|lib32-libtiff}} multiple issues<br />
* [25 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000773.html ASA-201611-26] {{pkg|libtiff}} multiple issues<br />
* [24 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000772.html ASA-201611-25] {{pkg|wireshark-cli}} multiple issues<br />
* [24 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000771.html ASA-201611-24] {{pkg|wireshark-qt}} multiple issues<br />
* [24 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000770.html ASA-201611-23] {{pkg|wireshark-gtk}} multiple issues<br />
* [23 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000769.html ASA-201611-22] {{pkg|tomcat6}} multiple issues<br />
* [21 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000768.html ASA-201611-21] {{pkg|slock}} access restriction bypass<br />
* [19 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000767.html ASA-201611-20] {{pkg|drupal}} multiple issues<br />
* [18 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000766.html ASA-201611-19] {{pkg|php}} arbitrary code execution<br />
* [18 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000765.html ASA-201611-18] {{pkg|w3m}} arbitrary code execution<br />
* [16 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000764.html ASA-201611-17] {{pkg|libgit2}} denial of service<br />
* [16 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000763.html ASA-201611-16] {{pkg|firefox}} multiple issues<br />
* [16 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000762.html ASA-201611-15] {{pkg|python-django}} multiple issues<br />
* [16 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000761.html ASA-201611-14] {{pkg|python2-django}} multiple issues<br />
* [14 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000760.html ASA-201611-13] {{pkg|shutter}} arbitrary code execution<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000759.html ASA-201611-12] {{pkg|lib32-gdk-pixbuf2}} arbitrary code execution<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000758.html ASA-201611-11] {{pkg|tar}} arbitrary file overwrite<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000757.html ASA-201611-10] {{pkg|lib32-libcurl-gnutls}} multiple issues<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000756.html ASA-201611-9] {{pkg|libcurl-gnutls}} multiple issues<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000755.html ASA-201611-8] {{pkg|libcurl-compat}} multiple issues<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000754.html ASA-201611-7] {{pkg|curl}} multiple issues<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000753.html ASA-201611-6] {{pkg|tomcat6}} proxy injection<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000752.html ASA-201611-5] {{pkg|lib32-libcurl-compat}} multiple issues<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000751.html ASA-201611-4] {{pkg|lib32-curl}} multiple issues<br />
* [01 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000750.html ASA-201611-3] {{pkg|bind}} denial of service<br />
* [01 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000749.html ASA-201611-2] {{pkg|libxml2}} arbitrary code execution<br />
* [01 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000748.html ASA-201611-1] {{pkg|memcached}} arbitrary code execution<br />
<br />
=== October 2016 ===<br />
* [26 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000747.html ASA-201610-19] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [26 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000746.html ASA-201610-18] {{pkg|flashplugin}} arbitrary code execution<br />
* [24 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000745.html ASA-201610-17] {{pkg|ocaml}} information disclosure<br />
* [24 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000744.html ASA-201610-16] {{pkg|linux-grsec}} privilege escalation<br />
* [23 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000743.html ASA-201610-15] {{pkg|chromium}} multiple issues<br />
* [22 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000742.html ASA-201610-14] {{pkg|linux}} privilege escalation<br />
* [21 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000741.html ASA-201610-13] {{pkg|python-django}} cross-site request forgery<br />
* [21 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000740.html ASA-201610-12] {{pkg|python2-django}} cross-site request forgery<br />
* [21 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000739.html ASA-201610-11] {{pkg|linux-lts}} privilege escalation<br />
* [16 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000738.html ASA-201610-10] {{pkg|guile}} multiple issues<br />
* [13 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000737.html ASA-201610-9] {{pkg|gdk-pixbuf2}} arbitrary code execution<br />
* [11 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000736.html ASA-201610-8] {{pkg|crypto++}} information disclosure<br />
* [09 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000735.html ASA-201610-7] {{pkg|wpa_supplicant}} multiple issues<br />
* [08 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000734.html ASA-201610-6] {{pkg|imagemagick}} multiple issues<br />
* [07 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000733.html ASA-201610-5] {{pkg|messagelib}} multiple issues<br />
* [07 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000732.html ASA-201610-4] {{pkg|kcoreaddons}} insufficient validation<br />
* [03 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000731.html ASA-201610-3] {{pkg|hostapd}} multiple issues<br />
* [03 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000730.html ASA-201610-2] {{pkg|systemd}} denial of service<br />
* [03 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000729.html ASA-201610-1] {{pkg|chromium}} arbitrary code execution<br />
<br />
=== September 2016 ===<br />
* [30 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000728.html ASA-201609-32] {{pkg|wordpress}} multiple issues<br />
* [30 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000727.html ASA-201609-31] {{pkg|c-ares}} arbitrary code execution<br />
* [28 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000726.html ASA-201609-30] {{pkg|openssl}} denial of service<br />
* [28 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000725.html ASA-201609-29] {{pkg|bind}} denial of service<br />
* [27 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000724.html ASA-201609-28] {{pkg|lib32-openssl}} denial of service<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000723.html ASA-201609-27] {{pkg|wireshark-cli}} denial of service<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000722.html ASA-201609-26] {{pkg|lib32-gnutls}} certificate verification bypass<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000721.html ASA-201609-25] {{pkg|gnutls}} certificate verification bypass<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000720.html ASA-201609-24] {{pkg|lib32-openssl}} multiple issues<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000719.html ASA-201609-23] {{pkg|openssl}} multiple issues<br />
* [22 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000718.html ASA-201609-22] {{pkg|firefox}} multiple issues<br />
* [22 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000717.html ASA-201609-21] {{pkg|tomcat7}} proxy injection<br />
* [22 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000716.html ASA-201609-20] {{pkg|irssi}} arbitrary code execution<br />
* [20 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000715.html ASA-201609-19] {{pkg|curl}} denial of service<br />
* [20 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000714.html ASA-201609-18] {{pkg|lib32-curl}} denial of service<br />
* [20 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000713.html ASA-201609-17] {{pkg|lib32-jansson}} denial of service<br />
* [18 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000712.html ASA-201609-16] {{pkg|php}} multiple issues<br />
* [17 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000711.html ASA-201609-15] {{pkg|jansson}} denial of service<br />
* [17 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000710.html ASA-201609-14] {{pkg|lib32-libgcrypt}} information disclosure<br />
* [17 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000709.html ASA-201609-13] {{pkg|chromium}} multiple issues<br />
* [15 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000708.html ASA-201609-12] {{pkg|lib32-flashplugin}} multiple issues<br />
* [15 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000707.html ASA-201609-11] {{pkg|flashplugin}} multiple issues<br />
* [14 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000706.html ASA-201609-10] {{pkg|mariadb}} multiple issues<br />
* [13 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000705.html ASA-201609-9] {{pkg|powerdns}} denial of service<br />
* [13 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000704.html ASA-201609-8] {{pkg|libtorrent-rasterbar}} denial of service<br />
* [10 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000703.html ASA-201609-7] {{pkg|tomcat8}} proxy injection<br />
* [09 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000702.html ASA-201609-6] {{pkg|graphicsmagick}} multiple issues<br />
* [09 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000701.html ASA-201609-5] {{pkg|file-roller}} directory traversal<br />
* [09 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000700.html ASA-201609-4] {{pkg|wordpress}} multiple issues<br />
* [04 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000699.html ASA-201609-3] {{pkg|thunderbird}} arbitrary code execution<br />
* [01 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000698.html ASA-201609-2] {{pkg|webkit2gtk}} multiple issues<br />
* [01 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000697.html ASA-201609-1] {{pkg|chromium}} multiple issues<br />
<br />
=== August 2016 ===<br />
* [30 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000696.html ASA-201608-22] {{pkg|mupdf}} arbitrary code execution<br />
* [30 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000695.html ASA-201608-21] {{pkg|mupdf}} arbitrary code execution<br />
* [27 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000694.html ASA-201608-20] {{pkg|wireshark-cli}} denial of service<br />
* [26 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000693.html ASA-201608-19] {{pkg|mediawiki}} multiple issues<br />
* [22 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000692.html ASA-201608-18] {{pkg|libgcrypt}} information disclosure<br />
* [21 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000691.html ASA-201608-17] {{pkg|linux-lts}} information disclosure<br />
* [17 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000690.html ASA-201608-16] {{pkg|chromium}} multiple issues<br />
* [17 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000689.html ASA-201608-15] {{pkg|linux-zen}} information disclosure<br />
* [14 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000688.html ASA-201608-14] {{pkg|postgresql}} multiple issues<br />
* [14 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000687.html ASA-201608-13] {{pkg|linux-grsec}} information disclosure<br />
* [14 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000686.html ASA-201608-12] {{pkg|linux}} information disclosure<br />
* [11 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000685.html ASA-201608-11] {{pkg|websvn}} cross-site scripting<br />
* [10 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000684.html ASA-201608-10] {{pkg|jq}} arbitrary code execution<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000683.html ASA-201608-9] {{pkg|curl}} multiple issues<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000682.html ASA-201608-8] {{pkg|libupnp}} arbitrary filesystem access<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000681.html ASA-201608-7] {{pkg|lib32-glibc}} denial of service<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000680.html ASA-201608-6] {{pkg|glibc}} denial of service<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000679.html ASA-201608-5] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000678.html ASA-201608-4] {{pkg|jre7-openjdk}} multiple issues<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000677.html ASA-201608-3] {{pkg|jdk7-openjdk}} multiple issues<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000676.html ASA-201608-2] {{pkg|firefox}} multiple issues<br />
* [02 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000675.html ASA-201608-1] {{pkg|openssh}} information leakage<br />
<br />
=== July 2016 ===<br />
* [30 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000674.html ASA-201607-14] {{pkg|libidn}} denial of service<br />
* [29 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000673.html ASA-201607-13] {{pkg|imagemagick}} information leakage<br />
* [24 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000672.html ASA-201607-12] {{pkg|chromium}} multiple issues<br />
* [22 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000671.html ASA-201607-11] {{pkg|python2-django}} cross site scripting<br />
* [22 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000670.html ASA-201607-10] {{pkg|python-django}} cross site scripting<br />
* [21 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000669.html ASA-201607-9] {{pkg|drupal}} proxy injection<br />
* [20 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000668.html ASA-201607-8] {{pkg|bind}} denial of service<br />
* [18 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000667.html ASA-201607-7] {{pkg|lib32-flashplugin}} multiple issues<br />
* [18 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000666.html ASA-201607-6] {{pkg|flashplugin}} multiple issues<br />
* [17 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000665.html ASA-201607-5] {{pkg|gimp}} arbitrary code execution<br />
* [10 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000664.html ASA-201607-4] {{pkg|thunderbird}} arbitrary code execution<br />
* [05 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000663.html ASA-201607-3] {{pkg|libreoffice-fresh}} arbitrary code execution<br />
* [05 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000662.html ASA-201607-2] {{pkg|xerces-c}} denial of service<br />
* [05 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000661.html ASA-201607-1] {{pkg|libarchive}} arbitrary code execution<br />
<br />
=== June 2016 ===<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000660.html ASA-201606-25] {{pkg|phpmyadmin}} multiple issues<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000659.html ASA-201606-24] {{pkg|libpurple}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000658.html ASA-201606-23] {{pkg|libdwarf}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000657.html ASA-201606-22] {{pkg|xerces-c}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000656.html ASA-201606-21] {{pkg|vlc}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000655.html ASA-201606-20] {{pkg|chromium}} arbitrary code execution<br />
* [20 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000654.html ASA-201606-19] {{pkg|wget}} arbitrary file upload<br />
* [20 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000653.html ASA-201606-18] {{pkg|lib32-flashplugin}} multiple issues<br />
* [19 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000652.html ASA-201606-17] {{pkg|lib32-glibc}} denial of service<br />
* [19 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000651.html ASA-201606-16] {{pkg|glibc}} denial of service<br />
* [19 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000650.html ASA-201606-15] {{pkg|flashplugin}} multiple issues<br />
* [13 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000649.html ASA-201606-14] {{pkg|lib32-expat}} multiple issues<br />
* [13 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000648.html ASA-201606-13] {{pkg|expat}} multiple issues<br />
* [10 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000647.html ASA-201606-12] {{pkg|lib32-gnutls}} arbitrary file overwrite<br />
* [10 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000646.html ASA-201606-11] {{pkg|haproxy}} denial of service<br />
* [10 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000645.html ASA-201606-10] {{pkg|gnutls}} arbitrary file overwrite<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000644.html ASA-201606-9] {{pkg|qemu-arch-extra}} multiple issues<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000643.html ASA-201606-8] {{pkg|qemu}} multiple issues<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000642.html ASA-201606-7] {{pkg|firefox}} multiple issues<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000641.html ASA-201606-6] {{pkg|subversion}} multiple issues<br />
* [5 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000640.html ASA-201606-5] {{pkg|chromium}} multiple issues<br />
* [4 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000639.html ASA-201606-4] {{pkg|ntp}} distributed denial of service amplification<br />
* [4 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000638.html ASA-201606-3] {{pkg|webkit2gtk}} arbitrary code execution<br />
* [1 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000637.html ASA-201606-2] {{pkg|nginx-mainline}} denial of service<br />
* [1 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000636.html ASA-201606-1] {{pkg|nginx}} denial of service<br />
<br />
=== May 2016 ===<br />
<br />
* [28 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000635.html ASA-201605-28] {{pkg|chromium}} multiple issues<br />
* [26 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000634.html ASA-201605-27] {{pkg|libxml2}} multiple issues<br />
* [24 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000633.html ASA-201605-26] {{pkg|libndp}} man-in-the-middle<br />
* [19 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000632.html ASA-201605-25] {{pkg|bugzilla}} cross-site scripting<br />
* [18 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000631.html ASA-201605-24] {{pkg|p7zip}} arbitrary code execution<br />
* [18 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000630.html ASA-201605-23] {{pkg|lib32-expat}} arbitrary code execution<br />
* [18 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000629.html ASA-201605-22] {{pkg|expat}} arbitrary code execution<br />
* [15 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000628.html ASA-201605-21] {{pkg|thunderbird}} arbitrary code execution<br />
* [13 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000627.html ASA-201605-20] {{pkg|lib32-glibc}} multiple issues<br />
* [13 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000626.html ASA-201605-19] {{pkg|glibc}} multiple issues<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000625.html ASA-201605-18] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000624.html ASA-201605-17] {{pkg|libksba}} denial of service<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000623.html ASA-201605-16] {{pkg|flashplugin}} arbitrary code execution<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000622.html ASA-201605-15] {{pkg|chromium}} multiple issues<br />
* [10 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000621.html ASA-201605-14] {{pkg|cacti}} sql injection<br />
* [10 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000620.html ASA-201605-13] {{pkg|squid}} multiple issues<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000619.html ASA-201605-12] {{pkg|mencoder}} denial of service<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000618.html ASA-201605-11] {{pkg|mplayer}} denial of service<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000617.html ASA-201605-10] {{pkg|mercurial}} arbitrary code execution<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000616.html ASA-201605-9] {{pkg|latex2rtf}} arbitrary code execution<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000615.html ASA-201605-8] {{pkg|gd}} arbitrary code execution<br />
* [05 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000614.html ASA-201605-7] {{pkg|chromium}} multiple issues<br />
* [05 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000613.html ASA-201605-6] {{pkg|imagemagick}} arbitrary code execution<br />
* [05 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000612.html ASA-201605-5] {{pkg|quassel-core}} denial of service<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000611.html ASA-201605-4] {{pkg|lib32-openssl}} multiple issues<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000610.html ASA-201605-3] {{pkg|openssl}} multiple issues<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000609.html ASA-201605-2] {{pkg|jasper}} multiple issues<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000608.html ASA-201605-1] {{pkg|imlib2}} multiple issues<br />
<br />
=== April 2016 ===<br />
<br />
* [30 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000607.html ASA-201604-15] {{pkg|firefox}} multiple issues<br />
* [23 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000606.html ASA-201604-14] {{pkg|squid}} multiple issues<br />
* [23 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000605.html ASA-201604-13] {{pkg|samba}} multiple issues<br />
* [23 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000604.html ASA-201604-12] {{pkg|thunderbird}} multiple issues<br />
* [22 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000603.html ASA-201604-11] {{pkg|pgpdump}} denial of service<br />
* [17 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000602.html ASA-201604-10] {{pkg|chromium}} multiple issues<br />
* [17 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000601.html ASA-201604-9] {{pkg|libtasn1}} denial of service<br />
* [14 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000600.html ASA-201604-8] {{pkg|lhasa}} arbitrary code execution<br />
* [10 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000599.html ASA-201604-7] {{pkg|flashplugin}} arbitrary code execution<br />
* [06 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000598.html ASA-201604-6] {{pkg|mercurial}} arbitrary code execution<br />
* [04 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000597.html ASA-201604-5] {{pkg|optipng}} arbitrary code execution<br />
* [02 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000596.html ASA-201604-4] {{pkg|squid}} denial of service<br />
* [01 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000595.html ASA-201604-3] {{pkg|jre7-openjdk-headless}} sandbox escape<br />
* [01 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000594.html ASA-201604-2] {{pkg|jre7-openjdk}} sandbox escape<br />
* [01 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000593.html ASA-201604-1] {{pkg|jdk7-openjdk}} sandbox escape<br />
<br />
=== March 2016 ===<br />
<br />
* [29 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000592.html ASA-201603-27] {{pkg|jre8-openjdk-headless}} sandbox escape<br />
* [29 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000591.html ASA-201603-26] {{pkg|jre8-openjdk}} sandbox escape<br />
* [29 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000590.html ASA-201603-25] {{pkg|jdk8-openjdk}} sandbox escape<br />
* [26 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000589.html ASA-201603-24] {{pkg|chromium}} multiple issues<br />
* [24 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000588.html ASA-201603-23] {{pkg|expat}} arbitrary code execution<br />
* [24 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000587.html ASA-201603-22] {{pkg|botan}} multiple issues<br />
* [20 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000586.html ASA-201603-21] {{pkg|thunderbird}} multiple issues<br />
* [20 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000585.html ASA-201603-20] {{pkg|git}} remote command execution<br />
* [14 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000584.html ASA-201603-19] {{pkg|dropbear}} command injection<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000583.html ASA-201603-18] {{pkg|pcre}} arbitrary code execution<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000582.html ASA-201603-17] {{pkg|wireshark-gtk}} denial of service<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000581.html ASA-201603-16] {{pkg|wireshark-qt}} denial of service<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000580.html ASA-201603-15] {{pkg|wireshark-cli}} denial of service<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000579.html ASA-201603-14] {{pkg|pidgin-otr}} arbitrary code execution<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000578.html ASA-201603-13] {{pkg|bind}} denial of service<br />
* [11 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000577.html ASA-201603-12] {{pkg|openssh}} command injection<br />
* [11 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000576.html ASA-201603-11] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [11 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000575.html ASA-201603-10] {{pkg|flashplugin}} arbitrary code execution<br />
* [10 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000574.html ASA-201603-9] {{pkg|perl}} improper input validation<br />
* [10 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000573.html ASA-201603-8] {{pkg|exim}} privilege escalation<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000572.html ASA-201603-7] {{pkg|bind}} denial of service<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000571.html ASA-201603-6] {{pkg|libotr}} arbitrary code execution<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000570.html ASA-201603-5] {{pkg|chromium}} multiple issues<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000569.html ASA-201603-4] {{pkg|firefox}} multiple issues<br />
* [7 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000568.html ASA-201603-3] {{pkg|lib32-openssl}} multiple issues<br />
* [7 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000567.html ASA-201603-2] {{pkg|openssl}} multiple issues<br />
* [3 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000566.html ASA-201603-1] {{pkg|chromium}} multiple issues<br />
<br />
=== February 2016 ===<br />
<br />
* [28 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000565.html ASA-201602-24] {{pkg|cacti}} SQL injection<br />
* [28 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000564.html ASA-201602-23] {{pkg|lib32-glibc}} unbound stack usage<br />
* [28 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000563.html ASA-201602-22] {{pkg|glibc}} unbound stack usage<br />
* [25 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000562.html ASA-201602-21] {{pkg|lib32-libssh2}} man-in-the-middle<br />
* [25 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000561.html ASA-201602-20] {{pkg|libssh2}} man-in-the-middle<br />
* [24 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000560.html ASA-201602-19] {{pkg|libgcrypt}} secret key extraction<br />
* [23 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000559.html ASA-201602-18] {{pkg|libssh}} man-in-the-middle<br />
* [21 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000558.html ASA-201602-17] {{pkg|chromium}} multiple issues<br />
* [21 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000557.html ASA-201602-16] {{pkg|thunderbird}} multiple issues<br />
* [17 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000555.html ASA-201602-15] {{pkg|lib32-glibc}} multiple issues<br />
* [17 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000554.html ASA-201602-14] {{pkg|glibc}} multiple issues<br />
* [13 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000553.html ASA-201602-13] {{pkg|nghttp2}} denial of service<br />
* [13 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000552.html ASA-201602-12] {{pkg|firefox}} same-origin policy bypass<br />
* [10 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000551.html ASA-201602-11] {{pkg|botan}} multiple issues<br />
* [10 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000550.html ASA-201602-10] {{pkg|kscreenlocker}} access restriction bypass<br />
* [6 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000549.html ASA-201602-9] {{pkg|lib32-libsndfile}} multiple issues<br />
* [6 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000548.html ASA-201602-8] {{pkg|libsndfile}} multiple issues<br />
* [4 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000547.html ASA-201602-7] {{pkg|libbsd}} denial of service<br />
* [3 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000546.html ASA-201602-6] {{pkg|lib32-nettle}} improper cryptographic calculations<br />
* [3 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000545.html ASA-201602-5] {{pkg|nettle}} improper cryptographic calculations<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000544.html ASA-201602-4] {{pkg|lib32-curl}} man-in-the-middle<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000543.html ASA-201602-3] {{pkg|curl}} man-in-the-middle<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000542.html ASA-201602-2] {{pkg|python2-django}} permission bypass<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000540.html ASA-201602-1] {{pkg|python-django}} permission bypass<br />
<br />
=== January 2016 ===<br />
* [29 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000539.html ASA-201601-33] {{pkg|lib32-openssl}} man-in-the-middle<br />
* [29 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000538.html ASA-201601-32] {{pkg|openssl}} man-in-the-middle<br />
* [27 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000536.html ASA-201601-31] {{pkg|nginx}} denial of service<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000535.html ASA-201601-30] {{pkg|blueman}} privilege escalation<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000534.html ASA-201601-29] {{pkg|mbedtls}} man-in-the-middle<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000533.html ASA-201601-28] {{pkg|chromium}} multiple issues<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000532.html ASA-201601-27] {{pkg|privoxy}} denial of service<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000531.html ASA-201601-26] {{pkg|linux-lts}} privilege escalation<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000530.html ASA-201601-25] {{pkg|ecryptfs-utils}} privilege escalation<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000529.html ASA-201601-24] {{pkg|python2-rsa}} signature forgery<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000528.html ASA-201601-23] {{pkg|python-rsa}} signature forgery<br />
* [21 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000527.html ASA-201601-22] {{pkg|libdwarf}} denial of service<br />
* [21 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000526.html ASA-201601-21] {{pkg|bind}} denial of service<br />
* [20 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000525.html ASA-201601-20] {{pkg|linux}} privilege escalation<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000524.html ASA-201601-19] {{pkg|ntp}} time alteration<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000523.html ASA-201601-18] {{pkg|roundcubemail}} remote code execution<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000522.html ASA-201601-17] {{pkg|ffmpeg}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000521.html ASA-201601-16] {{pkg|syncthing}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000520.html ASA-201601-15] {{pkg|keybase}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000519.html ASA-201601-14] {{pkg|hub}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000518.html ASA-201601-13] {{pkg|go-ipfs}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000517.html ASA-201601-12] {{pkg|docker}} information leakage<br />
* [16 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000516.html ASA-201601-11] {{pkg|go}} information leakage<br />
* [14 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000515.html ASA-201601-10] {{pkg|php}} multiple issues<br />
* [14 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000512.html ASA-201601-9] {{pkg|openssh}} multiple issues<br />
* [13 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000487.html ASA-201601-8] {{pkg|libxslt}} denial of service<br />
* [11 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000486.html ASA-201601-7] {{pkg|dhcpcd}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000485.html ASA-201601-6] {{pkg|wireshark-qt}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000484.html ASA-201601-5] {{pkg|wireshark-gtk}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000483.html ASA-201601-4] {{pkg|wireshark-cli}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000482.html ASA-201601-3] {{pkg|gajim}} man-in-the-middle<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000481.html ASA-201601-2] {{pkg|wordpress}} cross-side scripting<br />
* [02 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000480.html ASA-201601-1] {{pkg|rtmpdump}} multiple issues<br />
<br />
=== December 2015 ===<br />
<br />
* [28 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000479.html ASA-201512-19] {{pkg|openvpn}} out-of-bound read<br />
* [28 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000478.html ASA-201512-18] {{pkg|libpng}} buffer overflow<br />
* [28 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000477.html ASA-201512-17] {{pkg|flashplugin}}, {{pkg|lib32-flashplugin}} multiple issues<br />
* [25 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000476.html ASA-201512-16] {{pkg|nghttp2}} use-after-free<br />
* [25 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000475.html ASA-201512-15] {{pkg|mediawiki}} multiple issues<br />
* [25 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000474.html ASA-201512-14] {{pkg|thunderbird}} multiple issues<br />
* [22 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000473.html ASA-201512-13] {{pkg|claws-mail}} buffer overflow<br />
* [17 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000472.html ASA-201512-12] {{pkg|python2-pyamf}} XML external entity injection<br />
* [17 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000471.html ASA-201512-11] {{pkg|ruby}} unsafe tainted string usage<br />
* [16 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000468.html ASA-201512-10] {{pkg|bind}} denial of service<br />
* [15 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000467.html ASA-201512-9] {{pkg|firefox}} multiple issues<br />
* [10 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000466.html ASA-201512-8] {{pkg|keepassx}} information disclosure<br />
* [09 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000465.html ASA-201512-7] {{pkg|flashplugin}} multiple issues<br />
* [09 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000464.html ASA-201512-6] {{pkg|libxml2}} multiple issues<br />
* [09 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000463.html ASA-201512-5] {{pkg|chromium}} multiple issues<br />
* [05 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000462.html ASA-201512-4] {{pkg|nodejs}} denial of service<br />
* [05 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000460.html ASA-201512-3] {{pkg|python-django}} {{pkg|python2-django}} information leakage<br />
* [05 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000459.html ASA-201512-2] {{pkg|openssl}} {{pkg|lib32-openssl}} multiple issues<br />
* [02 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000440.html ASA-201512-1] {{pkg|chromium}} multiple issues<br />
<br />
=== November 2015 ===<br />
<br />
* [18 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000439.html ASA-201511-11] {{pkg|jenkins}} multiple issues<br />
* [17 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000438.html ASA-201511-10] {{pkg|lib32-libpng}} multiple issues<br />
* [17 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000437.html ASA-201511-9] {{pkg|libpng}} multiple issues<br />
* [13 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000436.html ASA-201511-8] {{pkg|chromium}} information leakage<br />
* [12 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000435.html ASA-201511-7] {{pkg|putty}} arbitrary code execution<br />
* [12 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000434.html ASA-201511-6] {{pkg|powerdns}} denial of service<br />
* [11 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000433.html ASA-201511-5] {{pkg|flashplugin}} multiple issues<br />
* [06 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000432.html ASA-201511-4] {{pkg|nspr}} arbitrary code execution<br />
* [06 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000431.html ASA-201511-3] {{pkg|nss}} arbitrary code execution<br />
* [04 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000430.html ASA-201511-2] {{pkg|firefox}} multiple issues<br />
* [03 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000429.html ASA-201511-1] {{pkg|unzip}} multiple issues<br />
<br />
=== October 2015 ===<br />
<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000428.html ASA-201510-26] {{pkg|mariadb}} denial of service<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000427.html ASA-201510-25] {{pkg|lldpd}} denial of service<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000426.html ASA-201510-24] {{pkg|wordpress}} multiple issues<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000425.html ASA-201510-23] {{pkg|phpmyadmin}} content spoofing<br />
* [27 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000424.html ASA-201510-22] {{pkg|vorbis-tools}} denial of service<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000423.html ASA-201510-21] {{pkg|drupal}} open redirect<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000422.html ASA-201510-20] {{pkg|jre8-openjdk-headless}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000421.html ASA-201510-19] {{pkg|jre8-openjdk}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000420.html ASA-201510-18] {{pkg|jdk8-openjdk}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000419.html ASA-201510-17] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000418.html ASA-201510-16] {{pkg|jre7-openjdk}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000417.html ASA-201510-15] {{pkg|jdk7-openjdk}} multiple issues<br />
* [22 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000416.html ASA-201510-14] {{pkg|ntp}} multiple issues<br />
* [19 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000415.html ASA-201510-13] {{pkg|spice}} multiple issues<br />
* [18 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000414.html ASA-201510-12] {{pkg|flashplugin}} arbitrary code execution<br />
* [18 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000413.html ASA-201510-11] {{pkg|miniupnpc}} arbitrary code execution<br />
* [16 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000412.html ASA-201510-10] {{pkg|firefox}} cross-origin restriction bypass<br />
* [15 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000411.html ASA-201510-9] {{pkg|mbedtls}} arbitrary code execution<br />
* [14 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000410.html ASA-201510-8] {{pkg|chromium}} multiple issues<br />
* [14 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000409.html ASA-201510-7] {{pkg|flashplugin}} multiple issues<br />
* [10 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000408.html ASA-201510-6] {{pkg|gdk-pixbuf2}} multiple issues<br />
* [08 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000407.html ASA-201510-5] {{pkg|opensmtpd}} multiple issues<br />
* [08 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000406.html ASA-201510-4] {{pkg|bugzilla}} unauthorized account creation<br />
* [05 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000405.html ASA-201510-3] {{pkg|nodejs}} denial of service<br />
* [05 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000404.html ASA-201510-2] {{pkg|hostapd}} denial of service<br />
* [05 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000403.html ASA-201510-1] {{pkg|libunwind}} denial of service<br />
<br />
=== September 2015 ===<br />
* [28 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000401.html ASA-201509-11] {{pkg|chromium}} cross-origin bypass<br />
* [25 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000400.html ASA-201509-10] {{pkg|rpcbind}} denial of service<br />
* [23 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000399.html ASA-201509-9] {{pkg|firefox}} multiple issues<br />
* [22 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000398.html ASA-201509-8] {{pkg|flashplugin}} multiple issues<br />
* [21 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000397.html ASA-201509-7] {{pkg|wordpress}} multiple issues<br />
* [13 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000395.html ASA-201509-6] {{pkg|icedtea-web}} multiple issues<br />
* [13 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000394.html ASA-201509-5] {{pkg|libvdpau}} {{pkg|lib32-libvdpau}} multiple issues<br />
* [13 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000393.html ASA-201509-4] {{pkg|openldap}} denial of service<br />
* [07 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000392.html ASA-201509-3] {{pkg|powerdns}} denial of service<br />
* [03 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000391.html ASA-201509-2] {{pkg|bind}} denial of service<br />
* [02 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000390.html ASA-201509-1] {{pkg|chromium}} multiple issues<br />
<br />
=== August 2015 ===<br />
* [28 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000389.html ASA-201508-12] {{pkg|firefox}} multiple issues<br />
* [26 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000388.html ASA-201508-11] {{pkg|pcre}} arbitrary code execution<br />
* [26 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000387.html ASA-201508-10] {{pkg|jasper}} denial of service<br />
* [25 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000386.html ASA-201508-9] {{pkg|django}} denial of service<br />
* [25 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000385.html ASA-201508-8] {{pkg|gnutls}} denial of service<br />
* [16 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000384.html ASA-201508-7] {{pkg|glibc}} denial of service<br />
* [14 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000383.html ASA-201508-6] {{pkg|freeradius}} insufficient CRL validation<br />
* [14 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000382.html ASA-201508-5] {{pkg|subversion}} authentication bypass<br />
* [12 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000381.html ASA-201508-4] {{pkg|firefox}} multiple issues<br />
* [11 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000380.html ASA-201508-3] {{pkg|ppp}} denial of service<br />
* [07 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000379.html ASA-201508-2] {{pkg|wordpress}} multiple issues<br />
* [07 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000378.html ASA-201508-1] {{pkg|firefox}} information leakage<br />
<br />
=== July 2015 ===<br />
* [29 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000377.html ASA-201507-23] {{pkg|pacman}} silent downgrade<br />
* [29 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000376.html ASA-201507-22] {{pkg|bind}} denial of service<br />
* [29 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000375.html ASA-201507-21] {{pkg|qemu}} multiple issues<br />
* [24 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000374.html ASA-201507-20] {{pkg|crypto++}} private key recovery<br />
* [24 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000373.html ASA-201507-19] {{pkg|libuser}} privilege escalation<br />
* [23 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000371.html ASA-201507-18] {{pkg|chromium}} multiple issues<br />
* [23 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000372.html ASA-201507-17] {{pkg|openssh}} authentication limits bypass<br />
* [22 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000370.html ASA-201507-16] {{pkg|jre7-openjdk}} multiple issues<br />
* [17 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000369.html ASA-201507-15] {{pkg|apache}} multiple issues<br />
* [16 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000368.html ASA-201507-14] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [16 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000367.html ASA-201507-13] {{pkg|flashplugin}} arbitrary code execution<br />
* [13 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000366.html ASA-201507-12] {{pkg|lib32-openssl}} man-in-the-middle<br />
* [12 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000365.html ASA-201507-11] {{pkg|lib32-krb5}} multiple issues<br />
* [12 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000364.html ASA-201507-10] {{pkg|krb5}} multiple issues<br />
* [11 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000363.html ASA-201507-9] {{pkg|thunderbird}} multiple issues<br />
* [09 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000362.html ASA-201507-8] {{pkg|openssl}} man-in-the-middle<br />
* [08 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000361.html ASA-201507-7] {{pkg|flashplugin}} remote code execution<br />
* [07 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000360.html ASA-201507-6] {{pkg|bind}} denial of service<br />
* [07 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000359.html ASA-201507-5] {{pkg|ntp}} denial of service<br />
* [04 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000358.html ASA-201507-4] {{pkg|openssh}} XSECURITY restrictions bypass<br />
* [04 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000357.html ASA-201507-3] {{pkg|haproxy}} information leakage<br />
* [03 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000356.html ASA-201507-2] {{pkg|firefox}} remote code execution<br />
* [03 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000355.html ASA-201507-1] {{pkg|wesnoth}} information leakage<br />
<br />
=== June 2015 ===<br />
* [24 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000346.html ASA-201506-5] {{pkg|flashplugin}} remote code execution<br />
* [22 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000345.html ASA-201506-4] {{pkg|curl}} information leakage<br />
* [12 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000344.html ASA-201506-3] {{pkg|openssl}} multiple issues<br />
* [10 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000343.html ASA-201506-2] {{pkg|cups}} multiple issues<br />
* [01 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000342.html ASA-201506-1] {{pkg|pcre}} buffer overflow<br />
<br />
=== May 2015 ===<br />
* [28 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000341.html ASA-201505-20] {{pkg|curl}} information leakage<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000340.html ASA-201505-19] {{pkg|webkitgtk2}} man-in-the-middle<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000339.html ASA-201505-18] {{pkg|webkitgtk}} man-in-the-middle<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000338.html ASA-201505-17] {{pkg|postgresql}} multiple issues<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000337.html ASA-201505-16] {{pkg|pgbouncer}} denial of service<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000336.html ASA-201505-15] {{pkg|nbd}} denial of service<br />
* [21 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000335.html ASA-201505-14] {{pkg|chromium}} multiple issues<br />
* [18 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000332.html ASA-201505-13] {{pkg|thunderbird}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000331.html ASA-201505-12] {{pkg|wireshark-gtk}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000330.html ASA-201505-11] {{pkg|wireshark-qt}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000329.html ASA-201505-10] {{pkg|wireshark-cli}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000328.html ASA-201505-9] {{pkg|qemu}} arbitrary code execution<br />
* [13 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000321.html ASA-201505-8] {{pkg|tomcat6}} denial of service<br />
* [13 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000320.html ASA-201505-7] {{pkg|firefox}} multiple issues<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000319.html ASA-201505-6] {{pkg|docker}} multiple issues<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000318.html ASA-201505-5] {{pkg|libtasn1}} arbitrary code execution<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000317.html ASA-201505-4] {{pkg|mariadb-clients}} multiple issues<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000316.html ASA-201505-3] {{pkg|mariadb}} multiple issues<br />
* [03 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000315.html ASA-201505-2] {{pkg|clamav}} multiple issues<br />
* [01 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000314.html ASA-201505-1] {{pkg|squid}} weak certificate validation<br />
<br />
=== Apr 2015 ===<br />
* [30 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000313.html ASA-201504-32] {{pkg|perl-xml-libxml}} xml external entity injection<br />
* [29 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000312.html ASA-201504-31] {{pkg|dovecot}} denial of service<br />
* [29 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000311.html ASA-201504-30] {{pkg|chromium}} multiple issues<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000310.html ASA-201504-29] {{pkg|wpa_supplicant}} arbitrary code execution<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000309.html ASA-201504-28] {{pkg|curl}} multiple issues<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000308.html ASA-201504-27] {{pkg|powerdns-recursor}} denial of service<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000307.html ASA-201504-26] {{pkg|powerdns}} denial of service<br />
* [23 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000305.html ASA-201504-25] {{pkg|glibc}} arbitrary code execution<br />
* [22 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000304.html ASA-201504-24] {{pkg|firefox}} arbitrary code execution<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000302.html ASA-201504-23] {{pkg|jre8-openjdk-headless}} multiple issues<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000301.html ASA-201504-22] {{pkg|jre8-openjdk}} multiple issues<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000300.html ASA-201504-21] {{pkg|jdk8-openjdk}} multiple issues<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000299.html ASA-201504-20] {{pkg|tcpdump}} denial of service<br />
* [18 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000298.html ASA-201504-19] {{pkg|chromium}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000297.html ASA-201504-18] {{pkg|flashplugin}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000296.html ASA-201504-17] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000295.html ASA-201504-16] {{pkg|jre7-openjdk}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000294.html ASA-201504-15] {{pkg|jdk7-openjdk}} multiple issues<br />
* [15 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000291.html ASA-201504-14] {{pkg|php}} multiple issues<br />
* [14 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000282.html ASA-201504-13] {{pkg|ruby}} permissive certificate matching<br />
* [11 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000281.html ASA-201504-12] {{pkg|icecast}} denial of service<br />
* [10 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000280.html ASA-201504-11] {{pkg|mediawiki}} multiple issues<br />
* [09 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000279.html ASA-201504-10] {{pkg|libssh2}} out-of-bounds read<br />
* [08 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000278.html ASA-201504-9] {{pkg|chrony}} denial of service<br />
* [08 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000275.html ASA-201504-8] {{pkg|ntp}} multiple issues<br />
* [07 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000274.html ASA-201504-7] {{pkg|tor}} multiple issues<br />
* [04 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000272.html ASA-201504-6] {{pkg|thunderbird}} multiple issues<br />
* [04 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000273.html ASA-201504-5] {{pkg|java-batik}} xml external entity injection<br />
* [04 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000271.html ASA-201504-4] {{pkg|firefox}} certificate verification bypass<br />
* [03 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000270.html ASA-201504-3] {{pkg|libtasn1}} stack overflow<br />
* [02 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000269.html ASA-201504-2] {{pkg|chromium}} remote code execution<br />
* [01 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000268.html ASA-201504-1] {{pkg|firefox}} multiple issues<br />
<br />
=== Mar 2015 ===<br />
* [31 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000267.html ASA-201503-26] {{pkg|musl}} arbitrary code execution<br />
* [28 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000266.html ASA-201503-25] {{pkg|php}} zip integer overflow<br />
* [25 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000265.html ASA-201503-24] {{pkg|vorbis-tools}} denial of service<br />
* [24 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000264.html ASA-201503-23] {{pkg|util-linux}} command injection<br />
* [23 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000263.html ASA-201503-22] {{pkg|cpio}} directory traversal<br />
* [21 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000262.html ASA-201503-21] {{pkg|firefox}} multiple issues<br />
* [20 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000261.html ASA-201503-20] {{pkg|tcpdump}} multiple issues<br />
* [20 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000260.html ASA-201503-19] {{pkg|xerces-c}} denial of service<br />
* [20 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000259.html ASA-201503-18] {{pkg|drupal}} multiple issues<br />
* [19 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000258.html ASA-201503-17] {{pkg|lib32-openssl}} multiple issues<br />
* [19 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000257.html ASA-201503-16] {{pkg|openssl}} multiple issues<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000256.html ASA-201503-15] {{pkg|libxfont}} multiple issues<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000255.html ASA-201503-14] {{pkg|ecryptfs-utils}} hard-coded passphrase salt<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000254.html ASA-201503-13] {{pkg|ettercap-gtk}} multiple issues<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000253.html ASA-201503-12] {{pkg|ettercap}} multiple issues<br />
* [16 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000252.html ASA-201503-11] {{pkg|flashplugin}} multiple issues<br />
* [16 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000251.html ASA-201503-10] {{pkg|librsync}} checksum collision<br />
* [15 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000250.html ASA-201503-9] {{pkg|unzip}} arbitrary code execution<br />
* [12 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000249.html ASA-201503-8] {{pkg|e2fsprogs}} arbitrary code execution<br />
* [11 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000248.html ASA-201503-7] {{pkg|python2-django}} {{pkg|python-django}} cross site scripting<br />
* [09 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000247.html ASA-201503-6] {{pkg|mutt}} denial of service<br />
* [05 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000245.html ASA-201503-5] {{pkg|chromium}} multiple issues<br />
* [05 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000244.html ASA-201503-4] {{pkg|grep}} denial of service<br />
* [02 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000243.html ASA-201503-3] {{pkg|lib32-elfutils}} directory traversal<br />
* [02 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000242.html ASA-201503-2] {{pkg|elfutils}} directory traversal<br />
* [02 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000241.html ASA-201503-1] {{pkg|putty}} information disclosure<br />
<br />
=== Feb 2015 ===<br />
* [25 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000238.html ASA-201502-15] {{pkg|thunderbird}} multiple issues<br />
* [25 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000237.html ASA-201502-14] {{pkg|firefox}} multiple issues<br />
* [23 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000236.html ASA-201502-13] {{pkg|samba}} arbitrary code execution<br />
* [17 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000235.html ASA-201502-12] {{pkg|krb5}} multiple issues<br />
* [11 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000234.html ASA-201502-11] {{pkg|xorg-server}} information leak and denial of service<br />
* [10 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000233.html ASA-201502-10] {{pkg|dbus}} denial of service<br />
* [09 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000232.html ASA-201502-9] {{pkg|pigz}} remote write to arbitrary file<br />
* [09 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000231.html ASA-201502-8] {{pkg|glibc}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000230.html ASA-201502-7] {{pkg|ntp}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000229.html ASA-201502-6] {{pkg|clamav}} arbitrary code execution<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000228.html ASA-201502-5] {{pkg|chromium}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000227.html ASA-201502-4] {{pkg|postgresql}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000226.html ASA-201502-3] {{pkg|mantisbt}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000225.html ASA-201502-2] {{pkg|flashplugin}} remote code execution<br />
* [03 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000224.html ASA-201502-1] {{pkg|privoxy}} denial of service<br />
<br />
=== Jan 2015 ===<br />
* [28 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000223.html ASA-201501-24] {{pkg|patch}} multiple issues<br />
* [27 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000222.html ASA-201501-23] {{pkg|jasper}} arbitrary code execution<br />
* [26 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000220.html ASA-201501-22] {{pkg|flashplugin}} multiple issues<br />
* [25 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000219.html ASA-201501-21] {{pkg|chromium}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000218.html ASA-201501-20] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000217.html ASA-201501-19] {{pkg|jre7-openjdk}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000216.html ASA-201501-18] {{pkg|jdk7-openjdk}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000215.html ASA-201501-17] {{pkg|php}} remote code execution<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000212.html ASA-201501-16] {{pkg|jre8-openjdk-headless}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000211.html ASA-201501-15] {{pkg|jre8-openjdk}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000210.html ASA-201501-14] {{pkg|jdk8-openjdk}} multiple issues<br />
* [20 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000209.html ASA-201501-13] {{pkg|polarssl}} remote code execution<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000208.html ASA-201501-12] {{pkg|libssh}} denial of service<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000207.html ASA-201501-11] {{pkg|tinyproxy}} denial of service<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000206.html ASA-201501-10] {{pkg|samba}} privilege elevation<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000205.html ASA-201501-9] {{pkg|curl}} url request injection<br />
* [15 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000204.html ASA-201501-8] {{pkg|flashplugin}} multiple issues<br />
* [14 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000203.html ASA-201501-7] {{pkg|thunderbird}} multiple issues<br />
* [14 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000202.html ASA-201501-6] {{pkg|firefox}} multiple issues<br />
* [14 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000201.html ASA-201501-5] {{pkg|cpio}} heap buffer overflow<br />
* [13 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000200.html ASA-201501-4] {{pkg|libevent}} heap overflow<br />
* [10 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000199.html ASA-201501-3] {{pkg|unzip}} arbitrary code execution<br />
* [09 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000198.html ASA-201501-2] {{pkg|openssl}} multiple issues<br />
* [07 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000192.html ASA-201501-1] {{pkg|imagemagick}} multiple issues<br />
<br />
=== Dec 2014 ===<br />
* [22 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000189.html ASA-201412-24] {{pkg|ntp}} multiple issues<br />
* [18 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000183.html ASA-201412-23] {{pkg|php}} use after free<br />
* [18 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000182.html ASA-201412-22] {{pkg|jasper}} arbitrary code execution<br />
* [18 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000181.html ASA-201412-21] {{pkg|glibc}} arbitrary code execution<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000178.html ASA-201412-20] {{pkg|unrtf}} arbitrary code execution<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000177.html ASA-201412-19] {{pkg|dokuwiki}} cross-site scripting<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000176.html ASA-201412-18] {{pkg|nss}} signature forgery<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000175.html ASA-201412-17] {{pkg|subversion}} denial of service<br />
* [15 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000174.html ASA-201412-16] {{pkg|docker}} multiple issues<br />
* [15 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000173.html ASA-201412-15] {{pkg|python2}} multiple issues<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000172.html ASA-201412-14] {{pkg|xorg-server}} multiple issues<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000171.html ASA-201412-13] {{pkg|flashplugin}} multiple issues<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000170.html ASA-201412-12] {{pkg|nvidia}} arbitrary code execution<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000169.html ASA-201412-11] {{pkg|nvidia-340xx}} arbitrary code execution<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000168.html ASA-201412-10] {{pkg|nvidia-304xx}} arbitrary code execution<br />
* [09 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000167.html ASA-201412-9] {{pkg|powerdns-recursor}} denial of service<br />
* [09 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000166.html ASA-201412-8] {{pkg|unbound}} denial of service<br />
* [08 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000165.html ASA-201412-7] {{pkg|bind}} denial of service<br />
* [08 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000164.html ASA-201412-6] {{pkg|mantisbt}} multiple issues<br />
* [04 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000163.html ASA-201412-5] {{pkg|antiword}} buffer overflow<br />
* [03 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000162.html ASA-201412-4] {{pkg|graphviz}} format string vulnerability<br />
* [03 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000161.html ASA-201412-3] {{pkg|firefox}} multiple issues<br />
* [02 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000160.html ASA-201412-2] {{pkg|openvpn}} denial of service<br />
* [01 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000159.html ASA-201412-1] {{pkg|gnupg}} denial of service<br />
<br />
=== Nov 2014 ===<br />
* [28 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000156.html ASA-201411-31] {{pkg|libksba}} denial of service<br />
* [28 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000157.html ASA-201411-32] {{pkg|icecast}} information leak<br />
* [28 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000158.html ASA-201411-33] {{pkg|libjpeg-turbo}} denial of service <br />
* [26 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000155.html ASA-201411-30] {{pkg|flac}} arbitrary code execution<br />
* [26 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000154.html ASA-201411-29] {{pkg|pcre}} heap buffer overflow<br />
* [23 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000153.html ASA-201411-28] {{pkg|dbus}} denial of service<br />
* [21 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000152.html ASA-201411-27] {{pkg|glibc}} command execution<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000151.html ASA-201411-26] {{pkg|chromium}} multiple issues<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000150.html ASA-201411-25] {{pkg|drupal}} session hijacking and denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000149.html ASA-201411-24] {{pkg|wireshark-qt}} denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000148.html ASA-201411-23] {{pkg|wireshark-gtk}} denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000147.html ASA-201411-22] {{pkg|wireshark-cli}} denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000146.html ASA-201411-21] {{pkg|clamav}} denial of service<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000145.html ASA-201411-20] {{pkg|avr-binutils}} multiple issues<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000144.html ASA-201411-19] {{pkg|mingw-w64-binutils}} multiple issues<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000143.html ASA-201411-18] {{pkg|arm-none-eabi-binutils}} multiple issues<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000142.html ASA-201411-17] {{pkg|binutils}} multiple issues<br />
* [17 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000141.html ASA-201411-16] {{pkg|ruby}} denial of service<br />
* [17 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000140.html ASA-201411-15] {{pkg|linux-lts}} local denial of service, privilege escalation<br />
* [17 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000139.html ASA-201411-14] {{pkg|linux}} local denial of service, privilege escalation<br />
* [13 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000138.html ASA-201411-13] {{pkg|php}} denial of service<br />
* [13 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000137.html ASA-201411-12] {{pkg|imagemagick}} denial of service<br />
* [13 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000136.html ASA-201411-11] {{pkg|flashplugin}} remote code execution<br />
* [12 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000135.html ASA-201411-10] {{pkg|gnutls}} out-of-bounds memory write<br />
* [12 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000134.html ASA-201411-9] {{pkg|file}} denial of service through out-of-bounds read<br />
* [12 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000133.html ASA-201411-8] {{pkg|mantisbt}} arbitrary code execution and unrestricted access<br />
* [11 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000132.html ASA-201411-7] {{pkg|curl}} out-of-bounds read<br />
* [10 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000131.html ASA-201411-6] {{pkg|kdebase-workspace}} local privilege escalation<br />
* [09 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000130.html ASA-201411-5] {{pkg|konversation}} denial of service<br />
* [06 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000129.html ASA-201411-4] {{pkg|polarssl}} multiple issues<br />
* [05 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000128.html ASA-201411-3] {{pkg|mantisbt}} sql injection<br />
* [03 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000127.html ASA-201411-2] {{pkg|aircrack-ng}} multiple vulnerabilities<br />
* [01 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000126.html ASA-201411-1] {{pkg|tnftp}} arbitrary command execution<br />
<br />
=== Oct 2014 ===<br />
<br />
* [29 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000125.html ASA-201410-14] {{pkg|wget}} arbitrary filesystem access<br />
* [27 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000124.html ASA-201410-13] {{pkg|ejabberd}} circumvention of encryption<br />
* [24 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000123.html ASA-201410-12] {{pkg|libxml2}} Denial of service<br />
* [24 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000122.html ASA-201410-11] {{pkg|ctags}} Denial of service<br />
* [23 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000121.html ASA-201410-10] {{pkg|libvncserver}} Remote code execution and Remote DoS<br />
* [22 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000120.html ASA-201410-9] {{pkg|libpurple}} Remote DoS and Information leakage<br />
* [20 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000119.html ASA-201410-8] {{pkg|wpa_supplicant}}, {{pkg|hostapd}} Arbitrary command execution<br />
* [16 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000118.html ASA-201410-7] {{pkg|drupal}} SQL Injection<br />
* [16 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000117.html ASA-201410-6] {{pkg|openssl}} Memory leak and poodle mitigation<br />
* [15 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000116.html ASA-201410-4] {{pkg|zeromq}} Man-in-the-middle downgrade and replay attack<br />
* [8 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000115.html ASA-201410-5] {{pkg|rsyslog}} Denial of service<br />
* [4 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000114.html ASA-201410-3] {{pkg|mediawiki}} Cross-site Scripting (XSS) and UI redressing<br />
* [2 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000113.html ASA-201410-2] {{pkg|jenkins}} Multiple issues<br />
* [1 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000112.html ASA-201410-1] {{pkg|rsyslog}} Remote denial of service<br />
<br />
=== Sep 2014 ===<br />
<br />
* [29 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000111.html ASA-201409-5] {{pkg|libvirt}} Out-of-bounds read access<br />
* [29 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000109.html ASA-201409-4] {{pkg|mediawiki}} Cross-site Scripting (XSS)<br />
* [26 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000102.html ASA-201409-3] {{pkg|python2}} Information leakage through integer overflow<br />
* [26 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000099.html ASA-201409-2] {{pkg|bash}} Remote code execution<br />
* [25 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000097.html ASA-201409-1] {{pkg|nss}} Signature forgery attack<br />
<br />
==Publishing a new advisory==<br />
<br />
We try to always wait for the vulnerability to have been fixed in the corresponding package before issuing an advisory.<br />
In case of an extremely critical vulnerability,<br />
we may issue an advisory before the package has been fixed, but only if a work-around exists. <br />
<br />
If you want to publish a new advisory, please check that:<br />
* the corresponding Arch Linux package is really vulnerable ;<br />
* the tracking [[Arch_CVE_Monitoring_Team#Procedure|Procedure]] has been completed;<br />
* no Arch Linux Security Advisory for this vulnerability has been published yet ;<br />
* no upcoming Security Advisory for this vulnerability has been claimed in the "[[#Scheduled Advisories|Scheduled Advisories]]" list of this page, as it would mean that someone is already working on an advisory ;<br />
* the current maintainer has been notified, either by flagging the package ouf-of-date if an upstream release fixing the issue exists and/or by creating a new [https://bugs.archlinux.org/ bug-tracker] entry (see the exact procedure [[Arch_CVE_Monitoring_Team#Procedure|here]]).<br />
<br />
You may then:<br />
* add a line in the "[[#Scheduled Advisories|Scheduled Advisories]]" list of this page, indicating that you are going to publish an advisory soon ;<br />
* use the following template as an example to write the advisory ;<br />
* ensure that every line in the advisory is properly wrapped after 72 characters<br />
* send the advisory to the [https://mailman.archlinux.org/mailman/listinfo/arch-security arch-security] mailing-list (note that it would be nice if you could send a PGP-signed e-mail, but it is not required).<br />
* move the published advisory from "[[#Scheduled Advisories|Scheduled Advisories]]" to "[[#Recent Advisories|Recent Advisories]]"<br />
* adapt the [[CVE#Documented_CVE.27s|CVE]] tracking page for the fixed package and add a link to the appropriate ASA.<br />
<br />
===Templates===<br />
<br />
{{bc|<nowiki><br />
Subject:<br />
[ASA-<YYYYMM-N>] <Package>: <Vulnerability Type><br />
<br />
Body:<br />
Arch Linux Security Advisory ASA-YYYYMM-N<br />
=========================================<br />
<br />
Severity: Low, Medium, High, Critical<br />
Date : YYYY-MM-DD<br />
CVE-ID : <CVE-ID><br />
Package : <package><br />
Type : <Vulnerability Type><br />
Remote : <Yes/No><br />
Link : https://wiki.archlinux.org/index.php/CVE<br />
<br />
Summary<br />
=======<br />
<br />
The package <package> before version <Arch Linux fixed version> is vulnerable to <Vulnerability type>.<br />
<br />
Resolution<br />
==========<br />
<br />
Upgrade to <Arch Linux fixed version>.<br />
<br />
# pacman -Syu "<package>>=<Arch Linux fixed version>"<br />
<br />
The problem has been fixed upstream in version <upstream fixed version>.<br />
<br />
Workaround<br />
==========<br />
<br />
<Is there a way to mitigate this vulnerability without upgrading?><br />
<br />
Description<br />
===========<br />
<br />
<Long description, for example from original advisory>.<br />
<br />
Impact<br />
======<br />
<br />
<<br />
What is it that an attacker can do? Does this need existing<br />
pre-conditions to be exploited (valid credentials, physical access)?<br />
Is this remotely exploitable?<br />
>.<br />
<br />
References<br />
==========<br />
<br />
<CVE-Link><br />
<Upstream report><br />
<Arch Linux Bug-Tracker><br />
</nowiki>}}<br />
<br />
===Vim-Snippet===<br />
<br />
Vim-Snippet for vim-ultisnips plugin for easy completing the archlinux template. Just install {{pkg|vim-ultisnips}} and copy the text below in your {{ic|~/.vim/UltiSnips/all.snippets}} you can jump through the tabstops with {{ic|CTRL+j}}.<br />
<br />
{{bc|<nowiki><br />
snippet archsec "arch security form" <br />
Arch Linux Security Advisory ASA-`date -I -u | egrep -o '[0-9]{4}'``date -I -u | egrep -o '[0-9]{2}' | sed '3q;d'`-${1}<br />
========================================${1/./=/g} <br />
<br />
Severity: ${2} <br />
Date : `date -I -u` <br />
CVE-ID : $3 <br />
Package : $4 <br />
Type : $5<br />
Remote : ${6} <br />
Link : https://wiki.archlinux.org/index.php/CVE <br />
<br />
Summary<br />
=======<br />
<br />
The package $4 before version $7 is vulnerable to $5 ${8} <br />
<br />
Resolution<br />
==========<br />
<br />
Upgrade to $7.<br />
<br />
# pacman -Syu "$4>=$7" <br />
<br />
${9:The problems have been fixed upstream in version ${7/-\d+$/./}} <br />
<br />
Workaround<br />
========== <br />
<br />
${10:None.} <br />
<br />
Description <br />
=========== <br />
<br />
${3/(CVE-....-....)(\s?)/- $1(?2: : )()\n\n/g} <br />
<br />
Impact<br />
====== <br />
<br />
A${6/(Yes)|(No)/(?1: remote )(?2: local )/}attacker is able to ${12} <br />
<br />
References<br />
========== <br />
<br />
${3/(CVE-....-....)(\s?)/https:\/\/access.redhat.com\/security\/cve\/$1\n/g}<br />
${13}<br />
endsnippet<br />
<br />
</nowiki>}}</div>
Anthraxx
https://wiki.archlinux.org/index.php?title=Security_Advisories&diff=458405
Security Advisories
2016-12-04T16:24:38Z
<p>Anthraxx: adding advisories</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
[[ja:セキュリティアドバイザリ]]<br />
{{Related articles start}}<br />
{{Related|Arch CVE Monitoring Team}}<br />
{{Related|CVE}}<br />
{{Related|Security Advisories/Examples}}<br />
{{Related articles end}}<br />
<br />
Security Advisories are published by the community driven [[Arch CVE Monitoring Team]] to the public [https://mailman.archlinux.org/mailman/listinfo/arch-security arch-security] list.<br />
All published advisories can be found below, however if you want to be up-to-date its recommended to subscribe to the [https://mailman.archlinux.org/mailman/listinfo/arch-security list]. All assigned CVE's are tracked at the relevant CVE page [[CVE]], by the [[Arch_CVE_Monitoring_Team|ACMT]].<br />
<br />
==Scheduled Advisories==<br />
<br />
==Recent Advisories==<br />
Here is an archive of security advisories posted to the [https://mailman.archlinux.org/mailman/listinfo/arch-security arch-security] list.<br />
<br />
=== December 2016 ===<br />
* [02 December 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-December/000780.html ASA-201612-4] {{pkg|libdwarf}} multiple issues<br />
* [02 December 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-December/000779.html ASA-201612-3] {{pkg|chromium}} multiple issues<br />
* [01 December 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-December/000778.html ASA-201612-2] {{pkg|thunderbird}} arbitrary code execution<br />
* [01 December 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-December/000777.html ASA-201612-1] {{pkg|firefox}} multiple issues<br />
<br />
=== November 2016 ===<br />
* [30 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000776.html ASA-201611-29] {{pkg|neovim}} arbitrary command execution<br />
* [26 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000775.html ASA-201611-28] {{pkg|ntp}} multiple issues <br />
* [25 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000774.html ASA-201611-27] {{pkg|lib32-libtiff}} multiple issues<br />
* [25 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000773.html ASA-201611-26] {{pkg|libtiff}} multiple issues<br />
* [24 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000772.html ASA-201611-25] {{pkg|wireshark-cli}} multiple issues<br />
* [24 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000771.html ASA-201611-24] {{pkg|wireshark-qt}} multiple issues<br />
* [24 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000770.html ASA-201611-23] {{pkg|wireshark-gtk}} multiple issues<br />
* [23 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000769.html ASA-201611-22] {{pkg|tomcat6}} multiple issues<br />
* [21 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000768.html ASA-201611-21] {{pkg|slock}} access restriction bypass<br />
* [19 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000767.html ASA-201611-20] {{pkg|drupal}} multiple issues<br />
* [18 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000766.html ASA-201611-19] {{pkg|php}} arbitrary code execution<br />
* [18 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000765.html ASA-201611-18] {{pkg|w3m}} arbitrary code execution<br />
* [16 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000764.html ASA-201611-17] {{pkg|libgit2}} denial of service<br />
* [16 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000763.html ASA-201611-16] {{pkg|firefox}} multiple issues<br />
* [16 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000762.html ASA-201611-15] {{pkg|python-django}} multiple issues<br />
* [16 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000761.html ASA-201611-14] {{pkg|python2-django}} multiple issues<br />
* [14 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000760.html ASA-201611-13] {{pkg|shutter}} arbitrary code execution<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000759.html ASA-201611-12] {{pkg|lib32-gdk-pixbuf2}} arbitrary code execution<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000758.html ASA-201611-11] {{pkg|tar}} arbitrary file overwrite<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000757.html ASA-201611-10] {{pkg|lib32-libcurl-gnutls}} multiple issues<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000756.html ASA-201611-9] {{pkg|libcurl-gnutls}} multiple issues<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000755.html ASA-201611-8] {{pkg|libcurl-compat}} multiple issues<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000754.html ASA-201611-7] {{pkg|curl}} multiple issues<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000753.html ASA-201611-6] {{pkg|tomcat6}} proxy injection<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000752.html ASA-201611-5] {{pkg|lib32-libcurl-compat}} multiple issues<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000751.html ASA-201611-4] {{pkg|lib32-curl}} multiple issues<br />
* [01 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000750.html ASA-201611-3] {{pkg|bind}} denial of service<br />
* [01 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000749.html ASA-201611-2] {{pkg|libxml2}} arbitrary code execution<br />
* [01 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000748.html ASA-201611-1] {{pkg|memcached}} arbitrary code execution<br />
<br />
=== October 2016 ===<br />
* [26 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000747.html ASA-201610-19] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [26 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000746.html ASA-201610-18] {{pkg|flashplugin}} arbitrary code execution<br />
* [24 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000745.html ASA-201610-17] {{pkg|ocaml}} information disclosure<br />
* [24 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000744.html ASA-201610-16] {{pkg|linux-grsec}} privilege escalation<br />
* [23 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000743.html ASA-201610-15] {{pkg|chromium}} multiple issues<br />
* [22 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000742.html ASA-201610-14] {{pkg|linux}} privilege escalation<br />
* [21 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000741.html ASA-201610-13] {{pkg|python-django}} cross-site request forgery<br />
* [21 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000740.html ASA-201610-12] {{pkg|python2-django}} cross-site request forgery<br />
* [21 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000739.html ASA-201610-11] {{pkg|linux-lts}} privilege escalation<br />
* [16 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000738.html ASA-201610-10] {{pkg|guile}} multiple issues<br />
* [13 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000737.html ASA-201610-9] {{pkg|gdk-pixbuf2}} arbitrary code execution<br />
* [11 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000736.html ASA-201610-8] {{pkg|crypto++}} information disclosure<br />
* [09 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000735.html ASA-201610-7] {{pkg|wpa_supplicant}} multiple issues<br />
* [08 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000734.html ASA-201610-6] {{pkg|imagemagick}} multiple issues<br />
* [07 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000733.html ASA-201610-5] {{pkg|messagelib}} multiple issues<br />
* [07 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000732.html ASA-201610-4] {{pkg|kcoreaddons}} insufficient validation<br />
* [03 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000731.html ASA-201610-3] {{pkg|hostapd}} multiple issues<br />
* [03 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000730.html ASA-201610-2] {{pkg|systemd}} denial of service<br />
* [03 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000729.html ASA-201610-1] {{pkg|chromium}} arbitrary code execution<br />
<br />
=== September 2016 ===<br />
* [30 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000728.html ASA-201609-32] {{pkg|wordpress}} multiple issues<br />
* [30 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000727.html ASA-201609-31] {{pkg|c-ares}} arbitrary code execution<br />
* [28 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000726.html ASA-201609-30] {{pkg|openssl}} denial of service<br />
* [28 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000725.html ASA-201609-29] {{pkg|bind}} denial of service<br />
* [27 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000724.html ASA-201609-28] {{pkg|lib32-openssl}} denial of service<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000723.html ASA-201609-27] {{pkg|wireshark-cli}} denial of service<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000722.html ASA-201609-26] {{pkg|lib32-gnutls}} certificate verification bypass<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000721.html ASA-201609-25] {{pkg|gnutls}} certificate verification bypass<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000720.html ASA-201609-24] {{pkg|lib32-openssl}} multiple issues<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000719.html ASA-201609-23] {{pkg|openssl}} multiple issues<br />
* [22 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000718.html ASA-201609-22] {{pkg|firefox}} multiple issues<br />
* [22 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000717.html ASA-201609-21] {{pkg|tomcat7}} proxy injection<br />
* [22 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000716.html ASA-201609-20] {{pkg|irssi}} arbitrary code execution<br />
* [20 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000715.html ASA-201609-19] {{pkg|curl}} denial of service<br />
* [20 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000714.html ASA-201609-18] {{pkg|lib32-curl}} denial of service<br />
* [20 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000713.html ASA-201609-17] {{pkg|lib32-jansson}} denial of service<br />
* [18 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000712.html ASA-201609-16] {{pkg|php}} multiple issues<br />
* [17 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000711.html ASA-201609-15] {{pkg|jansson}} denial of service<br />
* [17 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000710.html ASA-201609-14] {{pkg|lib32-libgcrypt}} information disclosure<br />
* [17 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000709.html ASA-201609-13] {{pkg|chromium}} multiple issues<br />
* [15 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000708.html ASA-201609-12] {{pkg|lib32-flashplugin}} multiple issues<br />
* [15 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000707.html ASA-201609-11] {{pkg|flashplugin}} multiple issues<br />
* [14 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000706.html ASA-201609-10] {{pkg|mariadb}} multiple issues<br />
* [13 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000705.html ASA-201609-9] {{pkg|powerdns}} denial of service<br />
* [13 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000704.html ASA-201609-8] {{pkg|libtorrent-rasterbar}} denial of service<br />
* [10 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000703.html ASA-201609-7] {{pkg|tomcat8}} proxy injection<br />
* [09 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000702.html ASA-201609-6] {{pkg|graphicsmagick}} multiple issues<br />
* [09 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000701.html ASA-201609-5] {{pkg|file-roller}} directory traversal<br />
* [09 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000700.html ASA-201609-4] {{pkg|wordpress}} multiple issues<br />
* [04 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000699.html ASA-201609-3] {{pkg|thunderbird}} arbitrary code execution<br />
* [01 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000698.html ASA-201609-2] {{pkg|webkit2gtk}} multiple issues<br />
* [01 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000697.html ASA-201609-1] {{pkg|chromium}} multiple issues<br />
<br />
=== August 2016 ===<br />
* [30 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000696.html ASA-201608-22] {{pkg|mupdf}} arbitrary code execution<br />
* [30 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000695.html ASA-201608-21] {{pkg|mupdf}} arbitrary code execution<br />
* [27 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000694.html ASA-201608-20] {{pkg|wireshark-cli}} denial of service<br />
* [26 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000693.html ASA-201608-19] {{pkg|mediawiki}} multiple issues<br />
* [22 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000692.html ASA-201608-18] {{pkg|libgcrypt}} information disclosure<br />
* [21 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000691.html ASA-201608-17] {{pkg|linux-lts}} information disclosure<br />
* [17 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000690.html ASA-201608-16] {{pkg|chromium}} multiple issues<br />
* [17 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000689.html ASA-201608-15] {{pkg|linux-zen}} information disclosure<br />
* [14 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000688.html ASA-201608-14] {{pkg|postgresql}} multiple issues<br />
* [14 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000687.html ASA-201608-13] {{pkg|linux-grsec}} information disclosure<br />
* [14 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000686.html ASA-201608-12] {{pkg|linux}} information disclosure<br />
* [11 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000685.html ASA-201608-11] {{pkg|websvn}} cross-site scripting<br />
* [10 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000684.html ASA-201608-10] {{pkg|jq}} arbitrary code execution<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000683.html ASA-201608-9] {{pkg|curl}} multiple issues<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000682.html ASA-201608-8] {{pkg|libupnp}} arbitrary filesystem access<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000681.html ASA-201608-7] {{pkg|lib32-glibc}} denial of service<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000680.html ASA-201608-6] {{pkg|glibc}} denial of service<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000679.html ASA-201608-5] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000678.html ASA-201608-4] {{pkg|jre7-openjdk}} multiple issues<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000677.html ASA-201608-3] {{pkg|jdk7-openjdk}} multiple issues<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000676.html ASA-201608-2] {{pkg|firefox}} multiple issues<br />
* [02 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000675.html ASA-201608-1] {{pkg|openssh}} information leakage<br />
<br />
=== July 2016 ===<br />
* [30 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000674.html ASA-201607-14] {{pkg|libidn}} denial of service<br />
* [29 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000673.html ASA-201607-13] {{pkg|imagemagick}} information leakage<br />
* [24 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000672.html ASA-201607-12] {{pkg|chromium}} multiple issues<br />
* [22 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000671.html ASA-201607-11] {{pkg|python2-django}} cross site scripting<br />
* [22 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000670.html ASA-201607-10] {{pkg|python-django}} cross site scripting<br />
* [21 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000669.html ASA-201607-9] {{pkg|drupal}} proxy injection<br />
* [20 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000668.html ASA-201607-8] {{pkg|bind}} denial of service<br />
* [18 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000667.html ASA-201607-7] {{pkg|lib32-flashplugin}} multiple issues<br />
* [18 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000666.html ASA-201607-6] {{pkg|flashplugin}} multiple issues<br />
* [17 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000665.html ASA-201607-5] {{pkg|gimp}} arbitrary code execution<br />
* [10 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000664.html ASA-201607-4] {{pkg|thunderbird}} arbitrary code execution<br />
* [05 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000663.html ASA-201607-3] {{pkg|libreoffice-fresh}} arbitrary code execution<br />
* [05 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000662.html ASA-201607-2] {{pkg|xerces-c}} denial of service<br />
* [05 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000661.html ASA-201607-1] {{pkg|libarchive}} arbitrary code execution<br />
<br />
=== June 2016 ===<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000660.html ASA-201606-25] {{pkg|phpmyadmin}} multiple issues<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000659.html ASA-201606-24] {{pkg|libpurple}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000658.html ASA-201606-23] {{pkg|libdwarf}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000657.html ASA-201606-22] {{pkg|xerces-c}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000656.html ASA-201606-21] {{pkg|vlc}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000655.html ASA-201606-20] {{pkg|chromium}} arbitrary code execution<br />
* [20 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000654.html ASA-201606-19] {{pkg|wget}} arbitrary file upload<br />
* [20 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000653.html ASA-201606-18] {{pkg|lib32-flashplugin}} multiple issues<br />
* [19 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000652.html ASA-201606-17] {{pkg|lib32-glibc}} denial of service<br />
* [19 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000651.html ASA-201606-16] {{pkg|glibc}} denial of service<br />
* [19 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000650.html ASA-201606-15] {{pkg|flashplugin}} multiple issues<br />
* [13 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000649.html ASA-201606-14] {{pkg|lib32-expat}} multiple issues<br />
* [13 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000648.html ASA-201606-13] {{pkg|expat}} multiple issues<br />
* [10 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000647.html ASA-201606-12] {{pkg|lib32-gnutls}} arbitrary file overwrite<br />
* [10 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000646.html ASA-201606-11] {{pkg|haproxy}} denial of service<br />
* [10 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000645.html ASA-201606-10] {{pkg|gnutls}} arbitrary file overwrite<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000644.html ASA-201606-9] {{pkg|qemu-arch-extra}} multiple issues<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000643.html ASA-201606-8] {{pkg|qemu}} multiple issues<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000642.html ASA-201606-7] {{pkg|firefox}} multiple issues<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000641.html ASA-201606-6] {{pkg|subversion}} multiple issues<br />
* [5 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000640.html ASA-201606-5] {{pkg|chromium}} multiple issues<br />
* [4 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000639.html ASA-201606-4] {{pkg|ntp}} distributed denial of service amplification<br />
* [4 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000638.html ASA-201606-3] {{pkg|webkit2gtk}} arbitrary code execution<br />
* [1 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000637.html ASA-201606-2] {{pkg|nginx-mainline}} denial of service<br />
* [1 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000636.html ASA-201606-1] {{pkg|nginx}} denial of service<br />
<br />
=== May 2016 ===<br />
<br />
* [28 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000635.html ASA-201605-28] {{pkg|chromium}} multiple issues<br />
* [26 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000634.html ASA-201605-27] {{pkg|libxml2}} multiple issues<br />
* [24 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000633.html ASA-201605-26] {{pkg|libndp}} man-in-the-middle<br />
* [19 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000632.html ASA-201605-25] {{pkg|bugzilla}} cross-site scripting<br />
* [18 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000631.html ASA-201605-24] {{pkg|p7zip}} arbitrary code execution<br />
* [18 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000630.html ASA-201605-23] {{pkg|lib32-expat}} arbitrary code execution<br />
* [18 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000629.html ASA-201605-22] {{pkg|expat}} arbitrary code execution<br />
* [15 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000628.html ASA-201605-21] {{pkg|thunderbird}} arbitrary code execution<br />
* [13 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000627.html ASA-201605-20] {{pkg|lib32-glibc}} multiple issues<br />
* [13 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000626.html ASA-201605-19] {{pkg|glibc}} multiple issues<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000625.html ASA-201605-18] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000624.html ASA-201605-17] {{pkg|libksba}} denial of service<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000623.html ASA-201605-16] {{pkg|flashplugin}} arbitrary code execution<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000622.html ASA-201605-15] {{pkg|chromium}} multiple issues<br />
* [10 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000621.html ASA-201605-14] {{pkg|cacti}} sql injection<br />
* [10 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000620.html ASA-201605-13] {{pkg|squid}} multiple issues<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000619.html ASA-201605-12] {{pkg|mencoder}} denial of service<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000618.html ASA-201605-11] {{pkg|mplayer}} denial of service<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000617.html ASA-201605-10] {{pkg|mercurial}} arbitrary code execution<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000616.html ASA-201605-9] {{pkg|latex2rtf}} arbitrary code execution<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000615.html ASA-201605-8] {{pkg|gd}} arbitrary code execution<br />
* [05 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000614.html ASA-201605-7] {{pkg|chromium}} multiple issues<br />
* [05 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000613.html ASA-201605-6] {{pkg|imagemagick}} arbitrary code execution<br />
* [05 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000612.html ASA-201605-5] {{pkg|quassel-core}} denial of service<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000611.html ASA-201605-4] {{pkg|lib32-openssl}} multiple issues<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000610.html ASA-201605-3] {{pkg|openssl}} multiple issues<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000609.html ASA-201605-2] {{pkg|jasper}} multiple issues<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000608.html ASA-201605-1] {{pkg|imlib2}} multiple issues<br />
<br />
=== April 2016 ===<br />
<br />
* [30 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000607.html ASA-201604-15] {{pkg|firefox}} multiple issues<br />
* [23 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000606.html ASA-201604-14] {{pkg|squid}} multiple issues<br />
* [23 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000605.html ASA-201604-13] {{pkg|samba}} multiple issues<br />
* [23 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000604.html ASA-201604-12] {{pkg|thunderbird}} multiple issues<br />
* [22 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000603.html ASA-201604-11] {{pkg|pgpdump}} denial of service<br />
* [17 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000602.html ASA-201604-10] {{pkg|chromium}} multiple issues<br />
* [17 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000601.html ASA-201604-9] {{pkg|libtasn1}} denial of service<br />
* [14 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000600.html ASA-201604-8] {{pkg|lhasa}} arbitrary code execution<br />
* [10 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000599.html ASA-201604-7] {{pkg|flashplugin}} arbitrary code execution<br />
* [06 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000598.html ASA-201604-6] {{pkg|mercurial}} arbitrary code execution<br />
* [04 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000597.html ASA-201604-5] {{pkg|optipng}} arbitrary code execution<br />
* [02 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000596.html ASA-201604-4] {{pkg|squid}} denial of service<br />
* [01 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000595.html ASA-201604-3] {{pkg|jre7-openjdk-headless}} sandbox escape<br />
* [01 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000594.html ASA-201604-2] {{pkg|jre7-openjdk}} sandbox escape<br />
* [01 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000593.html ASA-201604-1] {{pkg|jdk7-openjdk}} sandbox escape<br />
<br />
=== March 2016 ===<br />
<br />
* [29 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000592.html ASA-201603-27] {{pkg|jre8-openjdk-headless}} sandbox escape<br />
* [29 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000591.html ASA-201603-26] {{pkg|jre8-openjdk}} sandbox escape<br />
* [29 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000590.html ASA-201603-25] {{pkg|jdk8-openjdk}} sandbox escape<br />
* [26 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000589.html ASA-201603-24] {{pkg|chromium}} multiple issues<br />
* [24 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000588.html ASA-201603-23] {{pkg|expat}} arbitrary code execution<br />
* [24 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000587.html ASA-201603-22] {{pkg|botan}} multiple issues<br />
* [20 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000586.html ASA-201603-21] {{pkg|thunderbird}} multiple issues<br />
* [20 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000585.html ASA-201603-20] {{pkg|git}} remote command execution<br />
* [14 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000584.html ASA-201603-19] {{pkg|dropbear}} command injection<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000583.html ASA-201603-18] {{pkg|pcre}} arbitrary code execution<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000582.html ASA-201603-17] {{pkg|wireshark-gtk}} denial of service<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000581.html ASA-201603-16] {{pkg|wireshark-qt}} denial of service<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000580.html ASA-201603-15] {{pkg|wireshark-cli}} denial of service<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000579.html ASA-201603-14] {{pkg|pidgin-otr}} arbitrary code execution<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000578.html ASA-201603-13] {{pkg|bind}} denial of service<br />
* [11 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000577.html ASA-201603-12] {{pkg|openssh}} command injection<br />
* [11 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000576.html ASA-201603-11] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [11 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000575.html ASA-201603-10] {{pkg|flashplugin}} arbitrary code execution<br />
* [10 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000574.html ASA-201603-9] {{pkg|perl}} improper input validation<br />
* [10 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000573.html ASA-201603-8] {{pkg|exim}} privilege escalation<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000572.html ASA-201603-7] {{pkg|bind}} denial of service<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000571.html ASA-201603-6] {{pkg|libotr}} arbitrary code execution<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000570.html ASA-201603-5] {{pkg|chromium}} multiple issues<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000569.html ASA-201603-4] {{pkg|firefox}} multiple issues<br />
* [7 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000568.html ASA-201603-3] {{pkg|lib32-openssl}} multiple issues<br />
* [7 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000567.html ASA-201603-2] {{pkg|openssl}} multiple issues<br />
* [3 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000566.html ASA-201603-1] {{pkg|chromium}} multiple issues<br />
<br />
=== February 2016 ===<br />
<br />
* [28 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000565.html ASA-201602-24] {{pkg|cacti}} SQL injection<br />
* [28 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000564.html ASA-201602-23] {{pkg|lib32-glibc}} unbound stack usage<br />
* [28 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000563.html ASA-201602-22] {{pkg|glibc}} unbound stack usage<br />
* [25 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000562.html ASA-201602-21] {{pkg|lib32-libssh2}} man-in-the-middle<br />
* [25 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000561.html ASA-201602-20] {{pkg|libssh2}} man-in-the-middle<br />
* [24 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000560.html ASA-201602-19] {{pkg|libgcrypt}} secret key extraction<br />
* [23 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000559.html ASA-201602-18] {{pkg|libssh}} man-in-the-middle<br />
* [21 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000558.html ASA-201602-17] {{pkg|chromium}} multiple issues<br />
* [21 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000557.html ASA-201602-16] {{pkg|thunderbird}} multiple issues<br />
* [17 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000555.html ASA-201602-15] {{pkg|lib32-glibc}} multiple issues<br />
* [17 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000554.html ASA-201602-14] {{pkg|glibc}} multiple issues<br />
* [13 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000553.html ASA-201602-13] {{pkg|nghttp2}} denial of service<br />
* [13 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000552.html ASA-201602-12] {{pkg|firefox}} same-origin policy bypass<br />
* [10 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000551.html ASA-201602-11] {{pkg|botan}} multiple issues<br />
* [10 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000550.html ASA-201602-10] {{pkg|kscreenlocker}} access restriction bypass<br />
* [6 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000549.html ASA-201602-9] {{pkg|lib32-libsndfile}} multiple issues<br />
* [6 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000548.html ASA-201602-8] {{pkg|libsndfile}} multiple issues<br />
* [4 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000547.html ASA-201602-7] {{pkg|libbsd}} denial of service<br />
* [3 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000546.html ASA-201602-6] {{pkg|lib32-nettle}} improper cryptographic calculations<br />
* [3 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000545.html ASA-201602-5] {{pkg|nettle}} improper cryptographic calculations<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000544.html ASA-201602-4] {{pkg|lib32-curl}} man-in-the-middle<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000543.html ASA-201602-3] {{pkg|curl}} man-in-the-middle<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000542.html ASA-201602-2] {{pkg|python2-django}} permission bypass<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000540.html ASA-201602-1] {{pkg|python-django}} permission bypass<br />
<br />
=== January 2016 ===<br />
* [29 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000539.html ASA-201601-33] {{pkg|lib32-openssl}} man-in-the-middle<br />
* [29 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000538.html ASA-201601-32] {{pkg|openssl}} man-in-the-middle<br />
* [27 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000536.html ASA-201601-31] {{pkg|nginx}} denial of service<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000535.html ASA-201601-30] {{pkg|blueman}} privilege escalation<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000534.html ASA-201601-29] {{pkg|mbedtls}} man-in-the-middle<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000533.html ASA-201601-28] {{pkg|chromium}} multiple issues<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000532.html ASA-201601-27] {{pkg|privoxy}} denial of service<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000531.html ASA-201601-26] {{pkg|linux-lts}} privilege escalation<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000530.html ASA-201601-25] {{pkg|ecryptfs-utils}} privilege escalation<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000529.html ASA-201601-24] {{pkg|python2-rsa}} signature forgery<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000528.html ASA-201601-23] {{pkg|python-rsa}} signature forgery<br />
* [21 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000527.html ASA-201601-22] {{pkg|libdwarf}} denial of service<br />
* [21 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000526.html ASA-201601-21] {{pkg|bind}} denial of service<br />
* [20 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000525.html ASA-201601-20] {{pkg|linux}} privilege escalation<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000524.html ASA-201601-19] {{pkg|ntp}} time alteration<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000523.html ASA-201601-18] {{pkg|roundcubemail}} remote code execution<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000522.html ASA-201601-17] {{pkg|ffmpeg}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000521.html ASA-201601-16] {{pkg|syncthing}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000520.html ASA-201601-15] {{pkg|keybase}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000519.html ASA-201601-14] {{pkg|hub}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000518.html ASA-201601-13] {{pkg|go-ipfs}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000517.html ASA-201601-12] {{pkg|docker}} information leakage<br />
* [16 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000516.html ASA-201601-11] {{pkg|go}} information leakage<br />
* [14 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000515.html ASA-201601-10] {{pkg|php}} multiple issues<br />
* [14 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000512.html ASA-201601-9] {{pkg|openssh}} multiple issues<br />
* [13 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000487.html ASA-201601-8] {{pkg|libxslt}} denial of service<br />
* [11 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000486.html ASA-201601-7] {{pkg|dhcpcd}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000485.html ASA-201601-6] {{pkg|wireshark-qt}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000484.html ASA-201601-5] {{pkg|wireshark-gtk}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000483.html ASA-201601-4] {{pkg|wireshark-cli}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000482.html ASA-201601-3] {{pkg|gajim}} man-in-the-middle<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000481.html ASA-201601-2] {{pkg|wordpress}} cross-side scripting<br />
* [02 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000480.html ASA-201601-1] {{pkg|rtmpdump}} multiple issues<br />
<br />
=== December 2015 ===<br />
<br />
* [28 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000479.html ASA-201512-19] {{pkg|openvpn}} out-of-bound read<br />
* [28 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000478.html ASA-201512-18] {{pkg|libpng}} buffer overflow<br />
* [28 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000477.html ASA-201512-17] {{pkg|flashplugin}}, {{pkg|lib32-flashplugin}} multiple issues<br />
* [25 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000476.html ASA-201512-16] {{pkg|nghttp2}} use-after-free<br />
* [25 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000475.html ASA-201512-15] {{pkg|mediawiki}} multiple issues<br />
* [25 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000474.html ASA-201512-14] {{pkg|thunderbird}} multiple issues<br />
* [22 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000473.html ASA-201512-13] {{pkg|claws-mail}} buffer overflow<br />
* [17 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000472.html ASA-201512-12] {{pkg|python2-pyamf}} XML external entity injection<br />
* [17 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000471.html ASA-201512-11] {{pkg|ruby}} unsafe tainted string usage<br />
* [16 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000468.html ASA-201512-10] {{pkg|bind}} denial of service<br />
* [15 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000467.html ASA-201512-9] {{pkg|firefox}} multiple issues<br />
* [10 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000466.html ASA-201512-8] {{pkg|keepassx}} information disclosure<br />
* [09 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000465.html ASA-201512-7] {{pkg|flashplugin}} multiple issues<br />
* [09 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000464.html ASA-201512-6] {{pkg|libxml2}} multiple issues<br />
* [09 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000463.html ASA-201512-5] {{pkg|chromium}} multiple issues<br />
* [05 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000462.html ASA-201512-4] {{pkg|nodejs}} denial of service<br />
* [05 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000460.html ASA-201512-3] {{pkg|python-django}} {{pkg|python2-django}} information leakage<br />
* [05 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000459.html ASA-201512-2] {{pkg|openssl}} {{pkg|lib32-openssl}} multiple issues<br />
* [02 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000440.html ASA-201512-1] {{pkg|chromium}} multiple issues<br />
<br />
=== November 2015 ===<br />
<br />
* [18 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000439.html ASA-201511-11] {{pkg|jenkins}} multiple issues<br />
* [17 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000438.html ASA-201511-10] {{pkg|lib32-libpng}} multiple issues<br />
* [17 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000437.html ASA-201511-9] {{pkg|libpng}} multiple issues<br />
* [13 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000436.html ASA-201511-8] {{pkg|chromium}} information leakage<br />
* [12 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000435.html ASA-201511-7] {{pkg|putty}} arbitrary code execution<br />
* [12 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000434.html ASA-201511-6] {{pkg|powerdns}} denial of service<br />
* [11 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000433.html ASA-201511-5] {{pkg|flashplugin}} multiple issues<br />
* [06 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000432.html ASA-201511-4] {{pkg|nspr}} arbitrary code execution<br />
* [06 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000431.html ASA-201511-3] {{pkg|nss}} arbitrary code execution<br />
* [04 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000430.html ASA-201511-2] {{pkg|firefox}} multiple issues<br />
* [03 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000429.html ASA-201511-1] {{pkg|unzip}} multiple issues<br />
<br />
=== October 2015 ===<br />
<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000428.html ASA-201510-26] {{pkg|mariadb}} denial of service<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000427.html ASA-201510-25] {{pkg|lldpd}} denial of service<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000426.html ASA-201510-24] {{pkg|wordpress}} multiple issues<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000425.html ASA-201510-23] {{pkg|phpmyadmin}} content spoofing<br />
* [27 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000424.html ASA-201510-22] {{pkg|vorbis-tools}} denial of service<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000423.html ASA-201510-21] {{pkg|drupal}} open redirect<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000422.html ASA-201510-20] {{pkg|jre8-openjdk-headless}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000421.html ASA-201510-19] {{pkg|jre8-openjdk}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000420.html ASA-201510-18] {{pkg|jdk8-openjdk}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000419.html ASA-201510-17] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000418.html ASA-201510-16] {{pkg|jre7-openjdk}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000417.html ASA-201510-15] {{pkg|jdk7-openjdk}} multiple issues<br />
* [22 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000416.html ASA-201510-14] {{pkg|ntp}} multiple issues<br />
* [19 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000415.html ASA-201510-13] {{pkg|spice}} multiple issues<br />
* [18 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000414.html ASA-201510-12] {{pkg|flashplugin}} arbitrary code execution<br />
* [18 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000413.html ASA-201510-11] {{pkg|miniupnpc}} arbitrary code execution<br />
* [16 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000412.html ASA-201510-10] {{pkg|firefox}} cross-origin restriction bypass<br />
* [15 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000411.html ASA-201510-9] {{pkg|mbedtls}} arbitrary code execution<br />
* [14 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000410.html ASA-201510-8] {{pkg|chromium}} multiple issues<br />
* [14 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000409.html ASA-201510-7] {{pkg|flashplugin}} multiple issues<br />
* [10 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000408.html ASA-201510-6] {{pkg|gdk-pixbuf2}} multiple issues<br />
* [08 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000407.html ASA-201510-5] {{pkg|opensmtpd}} multiple issues<br />
* [08 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000406.html ASA-201510-4] {{pkg|bugzilla}} unauthorized account creation<br />
* [05 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000405.html ASA-201510-3] {{pkg|nodejs}} denial of service<br />
* [05 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000404.html ASA-201510-2] {{pkg|hostapd}} denial of service<br />
* [05 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000403.html ASA-201510-1] {{pkg|libunwind}} denial of service<br />
<br />
=== September 2015 ===<br />
* [28 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000401.html ASA-201509-11] {{pkg|chromium}} cross-origin bypass<br />
* [25 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000400.html ASA-201509-10] {{pkg|rpcbind}} denial of service<br />
* [23 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000399.html ASA-201509-9] {{pkg|firefox}} multiple issues<br />
* [22 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000398.html ASA-201509-8] {{pkg|flashplugin}} multiple issues<br />
* [21 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000397.html ASA-201509-7] {{pkg|wordpress}} multiple issues<br />
* [13 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000395.html ASA-201509-6] {{pkg|icedtea-web}} multiple issues<br />
* [13 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000394.html ASA-201509-5] {{pkg|libvdpau}} {{pkg|lib32-libvdpau}} multiple issues<br />
* [13 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000393.html ASA-201509-4] {{pkg|openldap}} denial of service<br />
* [07 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000392.html ASA-201509-3] {{pkg|powerdns}} denial of service<br />
* [03 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000391.html ASA-201509-2] {{pkg|bind}} denial of service<br />
* [02 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000390.html ASA-201509-1] {{pkg|chromium}} multiple issues<br />
<br />
=== August 2015 ===<br />
* [28 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000389.html ASA-201508-12] {{pkg|firefox}} multiple issues<br />
* [26 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000388.html ASA-201508-11] {{pkg|pcre}} arbitrary code execution<br />
* [26 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000387.html ASA-201508-10] {{pkg|jasper}} denial of service<br />
* [25 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000386.html ASA-201508-9] {{pkg|django}} denial of service<br />
* [25 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000385.html ASA-201508-8] {{pkg|gnutls}} denial of service<br />
* [16 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000384.html ASA-201508-7] {{pkg|glibc}} denial of service<br />
* [14 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000383.html ASA-201508-6] {{pkg|freeradius}} insufficient CRL validation<br />
* [14 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000382.html ASA-201508-5] {{pkg|subversion}} authentication bypass<br />
* [12 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000381.html ASA-201508-4] {{pkg|firefox}} multiple issues<br />
* [11 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000380.html ASA-201508-3] {{pkg|ppp}} denial of service<br />
* [07 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000379.html ASA-201508-2] {{pkg|wordpress}} multiple issues<br />
* [07 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000378.html ASA-201508-1] {{pkg|firefox}} information leakage<br />
<br />
=== July 2015 ===<br />
* [29 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000377.html ASA-201507-23] {{pkg|pacman}} silent downgrade<br />
* [29 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000376.html ASA-201507-22] {{pkg|bind}} denial of service<br />
* [29 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000375.html ASA-201507-21] {{pkg|qemu}} multiple issues<br />
* [24 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000374.html ASA-201507-20] {{pkg|crypto++}} private key recovery<br />
* [24 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000373.html ASA-201507-19] {{pkg|libuser}} privilege escalation<br />
* [23 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000371.html ASA-201507-18] {{pkg|chromium}} multiple issues<br />
* [23 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000372.html ASA-201507-17] {{pkg|openssh}} authentication limits bypass<br />
* [22 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000370.html ASA-201507-16] {{pkg|jre7-openjdk}} multiple issues<br />
* [17 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000369.html ASA-201507-15] {{pkg|apache}} multiple issues<br />
* [16 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000368.html ASA-201507-14] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [16 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000367.html ASA-201507-13] {{pkg|flashplugin}} arbitrary code execution<br />
* [13 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000366.html ASA-201507-12] {{pkg|lib32-openssl}} man-in-the-middle<br />
* [12 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000365.html ASA-201507-11] {{pkg|lib32-krb5}} multiple issues<br />
* [12 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000364.html ASA-201507-10] {{pkg|krb5}} multiple issues<br />
* [11 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000363.html ASA-201507-9] {{pkg|thunderbird}} multiple issues<br />
* [09 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000362.html ASA-201507-8] {{pkg|openssl}} man-in-the-middle<br />
* [08 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000361.html ASA-201507-7] {{pkg|flashplugin}} remote code execution<br />
* [07 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000360.html ASA-201507-6] {{pkg|bind}} denial of service<br />
* [07 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000359.html ASA-201507-5] {{pkg|ntp}} denial of service<br />
* [04 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000358.html ASA-201507-4] {{pkg|openssh}} XSECURITY restrictions bypass<br />
* [04 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000357.html ASA-201507-3] {{pkg|haproxy}} information leakage<br />
* [03 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000356.html ASA-201507-2] {{pkg|firefox}} remote code execution<br />
* [03 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000355.html ASA-201507-1] {{pkg|wesnoth}} information leakage<br />
<br />
=== June 2015 ===<br />
* [24 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000346.html ASA-201506-5] {{pkg|flashplugin}} remote code execution<br />
* [22 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000345.html ASA-201506-4] {{pkg|curl}} information leakage<br />
* [12 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000344.html ASA-201506-3] {{pkg|openssl}} multiple issues<br />
* [10 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000343.html ASA-201506-2] {{pkg|cups}} multiple issues<br />
* [01 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000342.html ASA-201506-1] {{pkg|pcre}} buffer overflow<br />
<br />
=== May 2015 ===<br />
* [28 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000341.html ASA-201505-20] {{pkg|curl}} information leakage<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000340.html ASA-201505-19] {{pkg|webkitgtk2}} man-in-the-middle<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000339.html ASA-201505-18] {{pkg|webkitgtk}} man-in-the-middle<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000338.html ASA-201505-17] {{pkg|postgresql}} multiple issues<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000337.html ASA-201505-16] {{pkg|pgbouncer}} denial of service<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000336.html ASA-201505-15] {{pkg|nbd}} denial of service<br />
* [21 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000335.html ASA-201505-14] {{pkg|chromium}} multiple issues<br />
* [18 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000332.html ASA-201505-13] {{pkg|thunderbird}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000331.html ASA-201505-12] {{pkg|wireshark-gtk}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000330.html ASA-201505-11] {{pkg|wireshark-qt}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000329.html ASA-201505-10] {{pkg|wireshark-cli}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000328.html ASA-201505-9] {{pkg|qemu}} arbitrary code execution<br />
* [13 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000321.html ASA-201505-8] {{pkg|tomcat6}} denial of service<br />
* [13 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000320.html ASA-201505-7] {{pkg|firefox}} multiple issues<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000319.html ASA-201505-6] {{pkg|docker}} multiple issues<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000318.html ASA-201505-5] {{pkg|libtasn1}} arbitrary code execution<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000317.html ASA-201505-4] {{pkg|mariadb-clients}} multiple issues<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000316.html ASA-201505-3] {{pkg|mariadb}} multiple issues<br />
* [03 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000315.html ASA-201505-2] {{pkg|clamav}} multiple issues<br />
* [01 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000314.html ASA-201505-1] {{pkg|squid}} weak certificate validation<br />
<br />
=== Apr 2015 ===<br />
* [30 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000313.html ASA-201504-32] {{pkg|perl-xml-libxml}} xml external entity injection<br />
* [29 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000312.html ASA-201504-31] {{pkg|dovecot}} denial of service<br />
* [29 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000311.html ASA-201504-30] {{pkg|chromium}} multiple issues<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000310.html ASA-201504-29] {{pkg|wpa_supplicant}} arbitrary code execution<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000309.html ASA-201504-28] {{pkg|curl}} multiple issues<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000308.html ASA-201504-27] {{pkg|powerdns-recursor}} denial of service<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000307.html ASA-201504-26] {{pkg|powerdns}} denial of service<br />
* [23 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000305.html ASA-201504-25] {{pkg|glibc}} arbitrary code execution<br />
* [22 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000304.html ASA-201504-24] {{pkg|firefox}} arbitrary code execution<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000302.html ASA-201504-23] {{pkg|jre8-openjdk-headless}} multiple issues<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000301.html ASA-201504-22] {{pkg|jre8-openjdk}} multiple issues<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000300.html ASA-201504-21] {{pkg|jdk8-openjdk}} multiple issues<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000299.html ASA-201504-20] {{pkg|tcpdump}} denial of service<br />
* [18 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000298.html ASA-201504-19] {{pkg|chromium}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000297.html ASA-201504-18] {{pkg|flashplugin}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000296.html ASA-201504-17] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000295.html ASA-201504-16] {{pkg|jre7-openjdk}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000294.html ASA-201504-15] {{pkg|jdk7-openjdk}} multiple issues<br />
* [15 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000291.html ASA-201504-14] {{pkg|php}} multiple issues<br />
* [14 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000282.html ASA-201504-13] {{pkg|ruby}} permissive certificate matching<br />
* [11 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000281.html ASA-201504-12] {{pkg|icecast}} denial of service<br />
* [10 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000280.html ASA-201504-11] {{pkg|mediawiki}} multiple issues<br />
* [09 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000279.html ASA-201504-10] {{pkg|libssh2}} out-of-bounds read<br />
* [08 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000278.html ASA-201504-9] {{pkg|chrony}} denial of service<br />
* [08 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000275.html ASA-201504-8] {{pkg|ntp}} multiple issues<br />
* [07 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000274.html ASA-201504-7] {{pkg|tor}} multiple issues<br />
* [04 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000272.html ASA-201504-6] {{pkg|thunderbird}} multiple issues<br />
* [04 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000273.html ASA-201504-5] {{pkg|java-batik}} xml external entity injection<br />
* [04 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000271.html ASA-201504-4] {{pkg|firefox}} certificate verification bypass<br />
* [03 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000270.html ASA-201504-3] {{pkg|libtasn1}} stack overflow<br />
* [02 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000269.html ASA-201504-2] {{pkg|chromium}} remote code execution<br />
* [01 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000268.html ASA-201504-1] {{pkg|firefox}} multiple issues<br />
<br />
=== Mar 2015 ===<br />
* [31 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000267.html ASA-201503-26] {{pkg|musl}} arbitrary code execution<br />
* [28 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000266.html ASA-201503-25] {{pkg|php}} zip integer overflow<br />
* [25 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000265.html ASA-201503-24] {{pkg|vorbis-tools}} denial of service<br />
* [24 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000264.html ASA-201503-23] {{pkg|util-linux}} command injection<br />
* [23 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000263.html ASA-201503-22] {{pkg|cpio}} directory traversal<br />
* [21 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000262.html ASA-201503-21] {{pkg|firefox}} multiple issues<br />
* [20 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000261.html ASA-201503-20] {{pkg|tcpdump}} multiple issues<br />
* [20 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000260.html ASA-201503-19] {{pkg|xerces-c}} denial of service<br />
* [20 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000259.html ASA-201503-18] {{pkg|drupal}} multiple issues<br />
* [19 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000258.html ASA-201503-17] {{pkg|lib32-openssl}} multiple issues<br />
* [19 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000257.html ASA-201503-16] {{pkg|openssl}} multiple issues<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000256.html ASA-201503-15] {{pkg|libxfont}} multiple issues<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000255.html ASA-201503-14] {{pkg|ecryptfs-utils}} hard-coded passphrase salt<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000254.html ASA-201503-13] {{pkg|ettercap-gtk}} multiple issues<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000253.html ASA-201503-12] {{pkg|ettercap}} multiple issues<br />
* [16 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000252.html ASA-201503-11] {{pkg|flashplugin}} multiple issues<br />
* [16 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000251.html ASA-201503-10] {{pkg|librsync}} checksum collision<br />
* [15 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000250.html ASA-201503-9] {{pkg|unzip}} arbitrary code execution<br />
* [12 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000249.html ASA-201503-8] {{pkg|e2fsprogs}} arbitrary code execution<br />
* [11 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000248.html ASA-201503-7] {{pkg|python2-django}} {{pkg|python-django}} cross site scripting<br />
* [09 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000247.html ASA-201503-6] {{pkg|mutt}} denial of service<br />
* [05 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000245.html ASA-201503-5] {{pkg|chromium}} multiple issues<br />
* [05 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000244.html ASA-201503-4] {{pkg|grep}} denial of service<br />
* [02 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000243.html ASA-201503-3] {{pkg|lib32-elfutils}} directory traversal<br />
* [02 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000242.html ASA-201503-2] {{pkg|elfutils}} directory traversal<br />
* [02 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000241.html ASA-201503-1] {{pkg|putty}} information disclosure<br />
<br />
=== Feb 2015 ===<br />
* [25 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000238.html ASA-201502-15] {{pkg|thunderbird}} multiple issues<br />
* [25 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000237.html ASA-201502-14] {{pkg|firefox}} multiple issues<br />
* [23 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000236.html ASA-201502-13] {{pkg|samba}} arbitrary code execution<br />
* [17 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000235.html ASA-201502-12] {{pkg|krb5}} multiple issues<br />
* [11 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000234.html ASA-201502-11] {{pkg|xorg-server}} information leak and denial of service<br />
* [10 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000233.html ASA-201502-10] {{pkg|dbus}} denial of service<br />
* [09 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000232.html ASA-201502-9] {{pkg|pigz}} remote write to arbitrary file<br />
* [09 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000231.html ASA-201502-8] {{pkg|glibc}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000230.html ASA-201502-7] {{pkg|ntp}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000229.html ASA-201502-6] {{pkg|clamav}} arbitrary code execution<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000228.html ASA-201502-5] {{pkg|chromium}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000227.html ASA-201502-4] {{pkg|postgresql}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000226.html ASA-201502-3] {{pkg|mantisbt}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000225.html ASA-201502-2] {{pkg|flashplugin}} remote code execution<br />
* [03 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000224.html ASA-201502-1] {{pkg|privoxy}} denial of service<br />
<br />
=== Jan 2015 ===<br />
* [28 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000223.html ASA-201501-24] {{pkg|patch}} multiple issues<br />
* [27 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000222.html ASA-201501-23] {{pkg|jasper}} arbitrary code execution<br />
* [26 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000220.html ASA-201501-22] {{pkg|flashplugin}} multiple issues<br />
* [25 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000219.html ASA-201501-21] {{pkg|chromium}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000218.html ASA-201501-20] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000217.html ASA-201501-19] {{pkg|jre7-openjdk}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000216.html ASA-201501-18] {{pkg|jdk7-openjdk}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000215.html ASA-201501-17] {{pkg|php}} remote code execution<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000212.html ASA-201501-16] {{pkg|jre8-openjdk-headless}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000211.html ASA-201501-15] {{pkg|jre8-openjdk}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000210.html ASA-201501-14] {{pkg|jdk8-openjdk}} multiple issues<br />
* [20 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000209.html ASA-201501-13] {{pkg|polarssl}} remote code execution<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000208.html ASA-201501-12] {{pkg|libssh}} denial of service<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000207.html ASA-201501-11] {{pkg|tinyproxy}} denial of service<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000206.html ASA-201501-10] {{pkg|samba}} privilege elevation<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000205.html ASA-201501-9] {{pkg|curl}} url request injection<br />
* [15 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000204.html ASA-201501-8] {{pkg|flashplugin}} multiple issues<br />
* [14 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000203.html ASA-201501-7] {{pkg|thunderbird}} multiple issues<br />
* [14 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000202.html ASA-201501-6] {{pkg|firefox}} multiple issues<br />
* [14 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000201.html ASA-201501-5] {{pkg|cpio}} heap buffer overflow<br />
* [13 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000200.html ASA-201501-4] {{pkg|libevent}} heap overflow<br />
* [10 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000199.html ASA-201501-3] {{pkg|unzip}} arbitrary code execution<br />
* [09 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000198.html ASA-201501-2] {{pkg|openssl}} multiple issues<br />
* [07 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000192.html ASA-201501-1] {{pkg|imagemagick}} multiple issues<br />
<br />
=== Dec 2014 ===<br />
* [22 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000189.html ASA-201412-24] {{pkg|ntp}} multiple issues<br />
* [18 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000183.html ASA-201412-23] {{pkg|php}} use after free<br />
* [18 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000182.html ASA-201412-22] {{pkg|jasper}} arbitrary code execution<br />
* [18 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000181.html ASA-201412-21] {{pkg|glibc}} arbitrary code execution<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000178.html ASA-201412-20] {{pkg|unrtf}} arbitrary code execution<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000177.html ASA-201412-19] {{pkg|dokuwiki}} cross-site scripting<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000176.html ASA-201412-18] {{pkg|nss}} signature forgery<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000175.html ASA-201412-17] {{pkg|subversion}} denial of service<br />
* [15 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000174.html ASA-201412-16] {{pkg|docker}} multiple issues<br />
* [15 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000173.html ASA-201412-15] {{pkg|python2}} multiple issues<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000172.html ASA-201412-14] {{pkg|xorg-server}} multiple issues<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000171.html ASA-201412-13] {{pkg|flashplugin}} multiple issues<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000170.html ASA-201412-12] {{pkg|nvidia}} arbitrary code execution<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000169.html ASA-201412-11] {{pkg|nvidia-340xx}} arbitrary code execution<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000168.html ASA-201412-10] {{pkg|nvidia-304xx}} arbitrary code execution<br />
* [09 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000167.html ASA-201412-9] {{pkg|powerdns-recursor}} denial of service<br />
* [09 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000166.html ASA-201412-8] {{pkg|unbound}} denial of service<br />
* [08 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000165.html ASA-201412-7] {{pkg|bind}} denial of service<br />
* [08 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000164.html ASA-201412-6] {{pkg|mantisbt}} multiple issues<br />
* [04 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000163.html ASA-201412-5] {{pkg|antiword}} buffer overflow<br />
* [03 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000162.html ASA-201412-4] {{pkg|graphviz}} format string vulnerability<br />
* [03 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000161.html ASA-201412-3] {{pkg|firefox}} multiple issues<br />
* [02 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000160.html ASA-201412-2] {{pkg|openvpn}} denial of service<br />
* [01 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000159.html ASA-201412-1] {{pkg|gnupg}} denial of service<br />
<br />
=== Nov 2014 ===<br />
* [28 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000156.html ASA-201411-31] {{pkg|libksba}} denial of service<br />
* [28 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000157.html ASA-201411-32] {{pkg|icecast}} information leak<br />
* [28 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000158.html ASA-201411-33] {{pkg|libjpeg-turbo}} denial of service <br />
* [26 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000155.html ASA-201411-30] {{pkg|flac}} arbitrary code execution<br />
* [26 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000154.html ASA-201411-29] {{pkg|pcre}} heap buffer overflow<br />
* [23 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000153.html ASA-201411-28] {{pkg|dbus}} denial of service<br />
* [21 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000152.html ASA-201411-27] {{pkg|glibc}} command execution<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000151.html ASA-201411-26] {{pkg|chromium}} multiple issues<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000150.html ASA-201411-25] {{pkg|drupal}} session hijacking and denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000149.html ASA-201411-24] {{pkg|wireshark-qt}} denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000148.html ASA-201411-23] {{pkg|wireshark-gtk}} denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000147.html ASA-201411-22] {{pkg|wireshark-cli}} denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000146.html ASA-201411-21] {{pkg|clamav}} denial of service<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000145.html ASA-201411-20] {{pkg|avr-binutils}} multiple issues<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000144.html ASA-201411-19] {{pkg|mingw-w64-binutils}} multiple issues<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000143.html ASA-201411-18] {{pkg|arm-none-eabi-binutils}} multiple issues<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000142.html ASA-201411-17] {{pkg|binutils}} multiple issues<br />
* [17 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000141.html ASA-201411-16] {{pkg|ruby}} denial of service<br />
* [17 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000140.html ASA-201411-15] {{pkg|linux-lts}} local denial of service, privilege escalation<br />
* [17 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000139.html ASA-201411-14] {{pkg|linux}} local denial of service, privilege escalation<br />
* [13 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000138.html ASA-201411-13] {{pkg|php}} denial of service<br />
* [13 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000137.html ASA-201411-12] {{pkg|imagemagick}} denial of service<br />
* [13 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000136.html ASA-201411-11] {{pkg|flashplugin}} remote code execution<br />
* [12 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000135.html ASA-201411-10] {{pkg|gnutls}} out-of-bounds memory write<br />
* [12 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000134.html ASA-201411-9] {{pkg|file}} denial of service through out-of-bounds read<br />
* [12 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000133.html ASA-201411-8] {{pkg|mantisbt}} arbitrary code execution and unrestricted access<br />
* [11 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000132.html ASA-201411-7] {{pkg|curl}} out-of-bounds read<br />
* [10 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000131.html ASA-201411-6] {{pkg|kdebase-workspace}} local privilege escalation<br />
* [09 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000130.html ASA-201411-5] {{pkg|konversation}} denial of service<br />
* [06 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000129.html ASA-201411-4] {{pkg|polarssl}} multiple issues<br />
* [05 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000128.html ASA-201411-3] {{pkg|mantisbt}} sql injection<br />
* [03 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000127.html ASA-201411-2] {{pkg|aircrack-ng}} multiple vulnerabilities<br />
* [01 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000126.html ASA-201411-1] {{pkg|tnftp}} arbitrary command execution<br />
<br />
=== Oct 2014 ===<br />
<br />
* [29 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000125.html ASA-201410-14] {{pkg|wget}} arbitrary filesystem access<br />
* [27 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000124.html ASA-201410-13] {{pkg|ejabberd}} circumvention of encryption<br />
* [24 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000123.html ASA-201410-12] {{pkg|libxml2}} Denial of service<br />
* [24 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000122.html ASA-201410-11] {{pkg|ctags}} Denial of service<br />
* [23 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000121.html ASA-201410-10] {{pkg|libvncserver}} Remote code execution and Remote DoS<br />
* [22 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000120.html ASA-201410-9] {{pkg|libpurple}} Remote DoS and Information leakage<br />
* [20 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000119.html ASA-201410-8] {{pkg|wpa_supplicant}}, {{pkg|hostapd}} Arbitrary command execution<br />
* [16 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000118.html ASA-201410-7] {{pkg|drupal}} SQL Injection<br />
* [16 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000117.html ASA-201410-6] {{pkg|openssl}} Memory leak and poodle mitigation<br />
* [15 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000116.html ASA-201410-4] {{pkg|zeromq}} Man-in-the-middle downgrade and replay attack<br />
* [8 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000115.html ASA-201410-5] {{pkg|rsyslog}} Denial of service<br />
* [4 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000114.html ASA-201410-3] {{pkg|mediawiki}} Cross-site Scripting (XSS) and UI redressing<br />
* [2 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000113.html ASA-201410-2] {{pkg|jenkins}} Multiple issues<br />
* [1 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000112.html ASA-201410-1] {{pkg|rsyslog}} Remote denial of service<br />
<br />
=== Sep 2014 ===<br />
<br />
* [29 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000111.html ASA-201409-5] {{pkg|libvirt}} Out-of-bounds read access<br />
* [29 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000109.html ASA-201409-4] {{pkg|mediawiki}} Cross-site Scripting (XSS)<br />
* [26 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000102.html ASA-201409-3] {{pkg|python2}} Information leakage through integer overflow<br />
* [26 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000099.html ASA-201409-2] {{pkg|bash}} Remote code execution<br />
* [25 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000097.html ASA-201409-1] {{pkg|nss}} Signature forgery attack<br />
<br />
==Publishing a new advisory==<br />
<br />
We try to always wait for the vulnerability to have been fixed in the corresponding package before issuing an advisory.<br />
In case of an extremely critical vulnerability,<br />
we may issue an advisory before the package has been fixed, but only if a work-around exists. <br />
<br />
If you want to publish a new advisory, please check that:<br />
* the corresponding Arch Linux package is really vulnerable ;<br />
* the tracking [[Arch_CVE_Monitoring_Team#Procedure|Procedure]] has been completed;<br />
* no Arch Linux Security Advisory for this vulnerability has been published yet ;<br />
* no upcoming Security Advisory for this vulnerability has been claimed in the "[[#Scheduled Advisories|Scheduled Advisories]]" list of this page, as it would mean that someone is already working on an advisory ;<br />
* the current maintainer has been notified, either by flagging the package ouf-of-date if an upstream release fixing the issue exists and/or by creating a new [https://bugs.archlinux.org/ bug-tracker] entry (see the exact procedure [[Arch_CVE_Monitoring_Team#Procedure|here]]).<br />
<br />
You may then:<br />
* add a line in the "[[#Scheduled Advisories|Scheduled Advisories]]" list of this page, indicating that you are going to publish an advisory soon ;<br />
* use the following template as an example to write the advisory ;<br />
* ensure that every line in the advisory is properly wrapped after 72 characters<br />
* send the advisory to the [https://mailman.archlinux.org/mailman/listinfo/arch-security arch-security] mailing-list (note that it would be nice if you could send a PGP-signed e-mail, but it is not required).<br />
* move the published advisory from "[[#Scheduled Advisories|Scheduled Advisories]]" to "[[#Recent Advisories|Recent Advisories]]"<br />
* adapt the [[CVE#Documented_CVE.27s|CVE]] tracking page for the fixed package and add a link to the appropriate ASA.<br />
<br />
===Templates===<br />
<br />
{{bc|<nowiki><br />
Subject:<br />
[ASA-<YYYYMM-N>] <Package>: <Vulnerability Type><br />
<br />
Body:<br />
Arch Linux Security Advisory ASA-YYYYMM-N<br />
=========================================<br />
<br />
Severity: Low, Medium, High, Critical<br />
Date : YYYY-MM-DD<br />
CVE-ID : <CVE-ID><br />
Package : <package><br />
Type : <Vulnerability Type><br />
Remote : <Yes/No><br />
Link : https://wiki.archlinux.org/index.php/CVE<br />
<br />
Summary<br />
=======<br />
<br />
The package <package> before version <Arch Linux fixed version> is vulnerable to <Vulnerability type>.<br />
<br />
Resolution<br />
==========<br />
<br />
Upgrade to <Arch Linux fixed version>.<br />
<br />
# pacman -Syu "<package>>=<Arch Linux fixed version>"<br />
<br />
The problem has been fixed upstream in version <upstream fixed version>.<br />
<br />
Workaround<br />
==========<br />
<br />
<Is there a way to mitigate this vulnerability without upgrading?><br />
<br />
Description<br />
===========<br />
<br />
<Long description, for example from original advisory>.<br />
<br />
Impact<br />
======<br />
<br />
<<br />
What is it that an attacker can do? Does this need existing<br />
pre-conditions to be exploited (valid credentials, physical access)?<br />
Is this remotely exploitable?<br />
>.<br />
<br />
References<br />
==========<br />
<br />
<CVE-Link><br />
<Upstream report><br />
<Arch Linux Bug-Tracker><br />
</nowiki>}}<br />
<br />
===Vim-Snippet===<br />
<br />
Vim-Snippet for vim-ultisnips plugin for easy completing the archlinux template. Just install {{pkg|vim-ultisnips}} and copy the text below in your {{ic|~/.vim/UltiSnips/all.snippets}} you can jump through the tabstops with {{ic|CTRL+j}}.<br />
<br />
{{bc|<nowiki><br />
snippet archsec "arch security form" <br />
Arch Linux Security Advisory ASA-`date -I -u | egrep -o '[0-9]{4}'``date -I -u | egrep -o '[0-9]{2}' | sed '3q;d'`-${1}<br />
========================================${1/./=/g} <br />
<br />
Severity: ${2} <br />
Date : `date -I -u` <br />
CVE-ID : $3 <br />
Package : $4 <br />
Type : $5<br />
Remote : ${6} <br />
Link : https://wiki.archlinux.org/index.php/CVE <br />
<br />
Summary<br />
=======<br />
<br />
The package $4 before version $7 is vulnerable to $5 ${8} <br />
<br />
Resolution<br />
==========<br />
<br />
Upgrade to $7.<br />
<br />
# pacman -Syu "$4>=$7" <br />
<br />
${9:The problems have been fixed upstream in version ${7/-\d+$/./}} <br />
<br />
Workaround<br />
========== <br />
<br />
${10:None.} <br />
<br />
Description <br />
=========== <br />
<br />
${3/(CVE-....-....)(\s?)/- $1(?2: : )()\n\n/g} <br />
<br />
Impact<br />
====== <br />
<br />
A${6/(Yes)|(No)/(?1: remote )(?2: local )/}attacker is able to ${12} <br />
<br />
References<br />
========== <br />
<br />
${3/(CVE-....-....)(\s?)/https:\/\/access.redhat.com\/security\/cve\/$1\n/g}<br />
${13}<br />
endsnippet<br />
<br />
</nowiki>}}</div>
Anthraxx
https://wiki.archlinux.org/index.php?title=Security_Advisories&diff=458060
Security Advisories
2016-11-29T23:34:20Z
<p>Anthraxx: added neovim advisory</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
[[ja:セキュリティアドバイザリ]]<br />
{{Related articles start}}<br />
{{Related|Arch CVE Monitoring Team}}<br />
{{Related|CVE}}<br />
{{Related|Security Advisories/Examples}}<br />
{{Related articles end}}<br />
<br />
Security Advisories are published by the community driven [[Arch CVE Monitoring Team]] to the public [https://mailman.archlinux.org/mailman/listinfo/arch-security arch-security] list.<br />
All published advisories can be found below, however if you want to be up-to-date its recommended to subscribe to the [https://mailman.archlinux.org/mailman/listinfo/arch-security list]. All assigned CVE's are tracked at the relevant CVE page [[CVE]], by the [[Arch_CVE_Monitoring_Team|ACMT]].<br />
<br />
==Scheduled Advisories==<br />
<br />
<br />
==Recent Advisories==<br />
Here is an archive of security advisories posted to the [https://mailman.archlinux.org/mailman/listinfo/arch-security arch-security] list.<br />
<br />
=== November 2016 ===<br />
* [30 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000776.html ASA-201611-29] {{pkg|neovim}} arbitrary command execution<br />
* [26 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000775.html ASA-201611-28] {{pkg|ntp}} multiple issues <br />
* [25 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000774.html ASA-201611-27] {{pkg|lib32-libtiff}} multiple issues<br />
* [25 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000773.html ASA-201611-26] {{pkg|libtiff}} multiple issues<br />
* [24 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000772.html ASA-201611-25] {{pkg|wireshark-cli}} multiple issues<br />
* [24 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000771.html ASA-201611-24] {{pkg|wireshark-qt}} multiple issues<br />
* [24 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000770.html ASA-201611-23] {{pkg|wireshark-gtk}} multiple issues<br />
* [23 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000769.html ASA-201611-22] {{pkg|tomcat6}} multiple issues<br />
* [21 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000768.html ASA-201611-21] {{pkg|slock}} access restriction bypass<br />
* [19 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000767.html ASA-201611-20] {{pkg|drupal}} multiple issues<br />
* [18 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000766.html ASA-201611-19] {{pkg|php}} arbitrary code execution<br />
* [18 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000765.html ASA-201611-18] {{pkg|w3m}} arbitrary code execution<br />
* [16 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000764.html ASA-201611-17] {{pkg|libgit2}} denial of service<br />
* [16 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000763.html ASA-201611-16] {{pkg|firefox}} multiple issues<br />
* [16 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000762.html ASA-201611-15] {{pkg|python-django}} multiple issues<br />
* [16 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000761.html ASA-201611-14] {{pkg|python2-django}} multiple issues<br />
* [14 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000760.html ASA-201611-13] {{pkg|shutter}} arbitrary code execution<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000759.html ASA-201611-12] {{pkg|lib32-gdk-pixbuf2}} arbitrary code execution<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000758.html ASA-201611-11] {{pkg|tar}} arbitrary file overwrite<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000757.html ASA-201611-10] {{pkg|lib32-libcurl-gnutls}} multiple issues<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000756.html ASA-201611-9] {{pkg|libcurl-gnutls}} multiple issues<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000755.html ASA-201611-8] {{pkg|libcurl-compat}} multiple issues<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000754.html ASA-201611-7] {{pkg|curl}} multiple issues<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000753.html ASA-201611-6] {{pkg|tomcat6}} proxy injection<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000752.html ASA-201611-5] {{pkg|lib32-libcurl-compat}} multiple issues<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000751.html ASA-201611-4] {{pkg|lib32-curl}} multiple issues<br />
* [01 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000750.html ASA-201611-3] {{pkg|bind}} denial of service<br />
* [01 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000749.html ASA-201611-2] {{pkg|libxml2}} arbitrary code execution<br />
* [01 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000748.html ASA-201611-1] {{pkg|memcached}} arbitrary code execution<br />
<br />
=== October 2016 ===<br />
* [26 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000747.html ASA-201610-19] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [26 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000746.html ASA-201610-18] {{pkg|flashplugin}} arbitrary code execution<br />
* [24 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000745.html ASA-201610-17] {{pkg|ocaml}} information disclosure<br />
* [24 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000744.html ASA-201610-16] {{pkg|linux-grsec}} privilege escalation<br />
* [23 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000743.html ASA-201610-15] {{pkg|chromium}} multiple issues<br />
* [22 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000742.html ASA-201610-14] {{pkg|linux}} privilege escalation<br />
* [21 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000741.html ASA-201610-13] {{pkg|python-django}} cross-site request forgery<br />
* [21 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000740.html ASA-201610-12] {{pkg|python2-django}} cross-site request forgery<br />
* [21 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000739.html ASA-201610-11] {{pkg|linux-lts}} privilege escalation<br />
* [16 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000738.html ASA-201610-10] {{pkg|guile}} multiple issues<br />
* [13 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000737.html ASA-201610-9] {{pkg|gdk-pixbuf2}} arbitrary code execution<br />
* [11 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000736.html ASA-201610-8] {{pkg|crypto++}} information disclosure<br />
* [09 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000735.html ASA-201610-7] {{pkg|wpa_supplicant}} multiple issues<br />
* [08 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000734.html ASA-201610-6] {{pkg|imagemagick}} multiple issues<br />
* [07 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000733.html ASA-201610-5] {{pkg|messagelib}} multiple issues<br />
* [07 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000732.html ASA-201610-4] {{pkg|kcoreaddons}} insufficient validation<br />
* [03 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000731.html ASA-201610-3] {{pkg|hostapd}} multiple issues<br />
* [03 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000730.html ASA-201610-2] {{pkg|systemd}} denial of service<br />
* [03 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000729.html ASA-201610-1] {{pkg|chromium}} arbitrary code execution<br />
<br />
=== September 2016 ===<br />
* [30 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000728.html ASA-201609-32] {{pkg|wordpress}} multiple issues<br />
* [30 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000727.html ASA-201609-31] {{pkg|c-ares}} arbitrary code execution<br />
* [28 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000726.html ASA-201609-30] {{pkg|openssl}} denial of service<br />
* [28 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000725.html ASA-201609-29] {{pkg|bind}} denial of service<br />
* [27 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000724.html ASA-201609-28] {{pkg|lib32-openssl}} denial of service<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000723.html ASA-201609-27] {{pkg|wireshark-cli}} denial of service<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000722.html ASA-201609-26] {{pkg|lib32-gnutls}} certificate verification bypass<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000721.html ASA-201609-25] {{pkg|gnutls}} certificate verification bypass<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000720.html ASA-201609-24] {{pkg|lib32-openssl}} multiple issues<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000719.html ASA-201609-23] {{pkg|openssl}} multiple issues<br />
* [22 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000718.html ASA-201609-22] {{pkg|firefox}} multiple issues<br />
* [22 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000717.html ASA-201609-21] {{pkg|tomcat7}} proxy injection<br />
* [22 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000716.html ASA-201609-20] {{pkg|irssi}} arbitrary code execution<br />
* [20 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000715.html ASA-201609-19] {{pkg|curl}} denial of service<br />
* [20 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000714.html ASA-201609-18] {{pkg|lib32-curl}} denial of service<br />
* [20 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000713.html ASA-201609-17] {{pkg|lib32-jansson}} denial of service<br />
* [18 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000712.html ASA-201609-16] {{pkg|php}} multiple issues<br />
* [17 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000711.html ASA-201609-15] {{pkg|jansson}} denial of service<br />
* [17 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000710.html ASA-201609-14] {{pkg|lib32-libgcrypt}} information disclosure<br />
* [17 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000709.html ASA-201609-13] {{pkg|chromium}} multiple issues<br />
* [15 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000708.html ASA-201609-12] {{pkg|lib32-flashplugin}} multiple issues<br />
* [15 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000707.html ASA-201609-11] {{pkg|flashplugin}} multiple issues<br />
* [14 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000706.html ASA-201609-10] {{pkg|mariadb}} multiple issues<br />
* [13 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000705.html ASA-201609-9] {{pkg|powerdns}} denial of service<br />
* [13 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000704.html ASA-201609-8] {{pkg|libtorrent-rasterbar}} denial of service<br />
* [10 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000703.html ASA-201609-7] {{pkg|tomcat8}} proxy injection<br />
* [09 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000702.html ASA-201609-6] {{pkg|graphicsmagick}} multiple issues<br />
* [09 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000701.html ASA-201609-5] {{pkg|file-roller}} directory traversal<br />
* [09 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000700.html ASA-201609-4] {{pkg|wordpress}} multiple issues<br />
* [04 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000699.html ASA-201609-3] {{pkg|thunderbird}} arbitrary code execution<br />
* [01 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000698.html ASA-201609-2] {{pkg|webkit2gtk}} multiple issues<br />
* [01 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000697.html ASA-201609-1] {{pkg|chromium}} multiple issues<br />
<br />
=== August 2016 ===<br />
* [30 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000696.html ASA-201608-22] {{pkg|mupdf}} arbitrary code execution<br />
* [30 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000695.html ASA-201608-21] {{pkg|mupdf}} arbitrary code execution<br />
* [27 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000694.html ASA-201608-20] {{pkg|wireshark-cli}} denial of service<br />
* [26 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000693.html ASA-201608-19] {{pkg|mediawiki}} multiple issues<br />
* [22 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000692.html ASA-201608-18] {{pkg|libgcrypt}} information disclosure<br />
* [21 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000691.html ASA-201608-17] {{pkg|linux-lts}} information disclosure<br />
* [17 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000690.html ASA-201608-16] {{pkg|chromium}} multiple issues<br />
* [17 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000689.html ASA-201608-15] {{pkg|linux-zen}} information disclosure<br />
* [14 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000688.html ASA-201608-14] {{pkg|postgresql}} multiple issues<br />
* [14 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000687.html ASA-201608-13] {{pkg|linux-grsec}} information disclosure<br />
* [14 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000686.html ASA-201608-12] {{pkg|linux}} information disclosure<br />
* [11 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000685.html ASA-201608-11] {{pkg|websvn}} cross-site scripting<br />
* [10 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000684.html ASA-201608-10] {{pkg|jq}} arbitrary code execution<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000683.html ASA-201608-9] {{pkg|curl}} multiple issues<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000682.html ASA-201608-8] {{pkg|libupnp}} arbitrary filesystem access<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000681.html ASA-201608-7] {{pkg|lib32-glibc}} denial of service<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000680.html ASA-201608-6] {{pkg|glibc}} denial of service<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000679.html ASA-201608-5] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000678.html ASA-201608-4] {{pkg|jre7-openjdk}} multiple issues<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000677.html ASA-201608-3] {{pkg|jdk7-openjdk}} multiple issues<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000676.html ASA-201608-2] {{pkg|firefox}} multiple issues<br />
* [02 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000675.html ASA-201608-1] {{pkg|openssh}} information leakage<br />
<br />
=== July 2016 ===<br />
* [30 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000674.html ASA-201607-14] {{pkg|libidn}} denial of service<br />
* [29 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000673.html ASA-201607-13] {{pkg|imagemagick}} information leakage<br />
* [24 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000672.html ASA-201607-12] {{pkg|chromium}} multiple issues<br />
* [22 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000671.html ASA-201607-11] {{pkg|python2-django}} cross site scripting<br />
* [22 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000670.html ASA-201607-10] {{pkg|python-django}} cross site scripting<br />
* [21 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000669.html ASA-201607-9] {{pkg|drupal}} proxy injection<br />
* [20 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000668.html ASA-201607-8] {{pkg|bind}} denial of service<br />
* [18 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000667.html ASA-201607-7] {{pkg|lib32-flashplugin}} multiple issues<br />
* [18 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000666.html ASA-201607-6] {{pkg|flashplugin}} multiple issues<br />
* [17 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000665.html ASA-201607-5] {{pkg|gimp}} arbitrary code execution<br />
* [10 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000664.html ASA-201607-4] {{pkg|thunderbird}} arbitrary code execution<br />
* [05 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000663.html ASA-201607-3] {{pkg|libreoffice-fresh}} arbitrary code execution<br />
* [05 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000662.html ASA-201607-2] {{pkg|xerces-c}} denial of service<br />
* [05 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000661.html ASA-201607-1] {{pkg|libarchive}} arbitrary code execution<br />
<br />
=== June 2016 ===<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000660.html ASA-201606-25] {{pkg|phpmyadmin}} multiple issues<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000659.html ASA-201606-24] {{pkg|libpurple}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000658.html ASA-201606-23] {{pkg|libdwarf}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000657.html ASA-201606-22] {{pkg|xerces-c}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000656.html ASA-201606-21] {{pkg|vlc}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000655.html ASA-201606-20] {{pkg|chromium}} arbitrary code execution<br />
* [20 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000654.html ASA-201606-19] {{pkg|wget}} arbitrary file upload<br />
* [20 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000653.html ASA-201606-18] {{pkg|lib32-flashplugin}} multiple issues<br />
* [19 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000652.html ASA-201606-17] {{pkg|lib32-glibc}} denial of service<br />
* [19 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000651.html ASA-201606-16] {{pkg|glibc}} denial of service<br />
* [19 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000650.html ASA-201606-15] {{pkg|flashplugin}} multiple issues<br />
* [13 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000649.html ASA-201606-14] {{pkg|lib32-expat}} multiple issues<br />
* [13 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000648.html ASA-201606-13] {{pkg|expat}} multiple issues<br />
* [10 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000647.html ASA-201606-12] {{pkg|lib32-gnutls}} arbitrary file overwrite<br />
* [10 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000646.html ASA-201606-11] {{pkg|haproxy}} denial of service<br />
* [10 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000645.html ASA-201606-10] {{pkg|gnutls}} arbitrary file overwrite<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000644.html ASA-201606-9] {{pkg|qemu-arch-extra}} multiple issues<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000643.html ASA-201606-8] {{pkg|qemu}} multiple issues<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000642.html ASA-201606-7] {{pkg|firefox}} multiple issues<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000641.html ASA-201606-6] {{pkg|subversion}} multiple issues<br />
* [5 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000640.html ASA-201606-5] {{pkg|chromium}} multiple issues<br />
* [4 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000639.html ASA-201606-4] {{pkg|ntp}} distributed denial of service amplification<br />
* [4 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000638.html ASA-201606-3] {{pkg|webkit2gtk}} arbitrary code execution<br />
* [1 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000637.html ASA-201606-2] {{pkg|nginx-mainline}} denial of service<br />
* [1 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000636.html ASA-201606-1] {{pkg|nginx}} denial of service<br />
<br />
=== May 2016 ===<br />
<br />
* [28 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000635.html ASA-201605-28] {{pkg|chromium}} multiple issues<br />
* [26 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000634.html ASA-201605-27] {{pkg|libxml2}} multiple issues<br />
* [24 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000633.html ASA-201605-26] {{pkg|libndp}} man-in-the-middle<br />
* [19 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000632.html ASA-201605-25] {{pkg|bugzilla}} cross-site scripting<br />
* [18 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000631.html ASA-201605-24] {{pkg|p7zip}} arbitrary code execution<br />
* [18 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000630.html ASA-201605-23] {{pkg|lib32-expat}} arbitrary code execution<br />
* [18 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000629.html ASA-201605-22] {{pkg|expat}} arbitrary code execution<br />
* [15 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000628.html ASA-201605-21] {{pkg|thunderbird}} arbitrary code execution<br />
* [13 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000627.html ASA-201605-20] {{pkg|lib32-glibc}} multiple issues<br />
* [13 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000626.html ASA-201605-19] {{pkg|glibc}} multiple issues<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000625.html ASA-201605-18] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000624.html ASA-201605-17] {{pkg|libksba}} denial of service<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000623.html ASA-201605-16] {{pkg|flashplugin}} arbitrary code execution<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000622.html ASA-201605-15] {{pkg|chromium}} multiple issues<br />
* [10 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000621.html ASA-201605-14] {{pkg|cacti}} sql injection<br />
* [10 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000620.html ASA-201605-13] {{pkg|squid}} multiple issues<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000619.html ASA-201605-12] {{pkg|mencoder}} denial of service<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000618.html ASA-201605-11] {{pkg|mplayer}} denial of service<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000617.html ASA-201605-10] {{pkg|mercurial}} arbitrary code execution<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000616.html ASA-201605-9] {{pkg|latex2rtf}} arbitrary code execution<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000615.html ASA-201605-8] {{pkg|gd}} arbitrary code execution<br />
* [05 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000614.html ASA-201605-7] {{pkg|chromium}} multiple issues<br />
* [05 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000613.html ASA-201605-6] {{pkg|imagemagick}} arbitrary code execution<br />
* [05 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000612.html ASA-201605-5] {{pkg|quassel-core}} denial of service<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000611.html ASA-201605-4] {{pkg|lib32-openssl}} multiple issues<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000610.html ASA-201605-3] {{pkg|openssl}} multiple issues<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000609.html ASA-201605-2] {{pkg|jasper}} multiple issues<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000608.html ASA-201605-1] {{pkg|imlib2}} multiple issues<br />
<br />
=== April 2016 ===<br />
<br />
* [30 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000607.html ASA-201604-15] {{pkg|firefox}} multiple issues<br />
* [23 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000606.html ASA-201604-14] {{pkg|squid}} multiple issues<br />
* [23 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000605.html ASA-201604-13] {{pkg|samba}} multiple issues<br />
* [23 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000604.html ASA-201604-12] {{pkg|thunderbird}} multiple issues<br />
* [22 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000603.html ASA-201604-11] {{pkg|pgpdump}} denial of service<br />
* [17 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000602.html ASA-201604-10] {{pkg|chromium}} multiple issues<br />
* [17 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000601.html ASA-201604-9] {{pkg|libtasn1}} denial of service<br />
* [14 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000600.html ASA-201604-8] {{pkg|lhasa}} arbitrary code execution<br />
* [10 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000599.html ASA-201604-7] {{pkg|flashplugin}} arbitrary code execution<br />
* [06 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000598.html ASA-201604-6] {{pkg|mercurial}} arbitrary code execution<br />
* [04 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000597.html ASA-201604-5] {{pkg|optipng}} arbitrary code execution<br />
* [02 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000596.html ASA-201604-4] {{pkg|squid}} denial of service<br />
* [01 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000595.html ASA-201604-3] {{pkg|jre7-openjdk-headless}} sandbox escape<br />
* [01 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000594.html ASA-201604-2] {{pkg|jre7-openjdk}} sandbox escape<br />
* [01 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000593.html ASA-201604-1] {{pkg|jdk7-openjdk}} sandbox escape<br />
<br />
=== March 2016 ===<br />
<br />
* [29 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000592.html ASA-201603-27] {{pkg|jre8-openjdk-headless}} sandbox escape<br />
* [29 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000591.html ASA-201603-26] {{pkg|jre8-openjdk}} sandbox escape<br />
* [29 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000590.html ASA-201603-25] {{pkg|jdk8-openjdk}} sandbox escape<br />
* [26 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000589.html ASA-201603-24] {{pkg|chromium}} multiple issues<br />
* [24 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000588.html ASA-201603-23] {{pkg|expat}} arbitrary code execution<br />
* [24 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000587.html ASA-201603-22] {{pkg|botan}} multiple issues<br />
* [20 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000586.html ASA-201603-21] {{pkg|thunderbird}} multiple issues<br />
* [20 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000585.html ASA-201603-20] {{pkg|git}} remote command execution<br />
* [14 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000584.html ASA-201603-19] {{pkg|dropbear}} command injection<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000583.html ASA-201603-18] {{pkg|pcre}} arbitrary code execution<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000582.html ASA-201603-17] {{pkg|wireshark-gtk}} denial of service<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000581.html ASA-201603-16] {{pkg|wireshark-qt}} denial of service<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000580.html ASA-201603-15] {{pkg|wireshark-cli}} denial of service<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000579.html ASA-201603-14] {{pkg|pidgin-otr}} arbitrary code execution<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000578.html ASA-201603-13] {{pkg|bind}} denial of service<br />
* [11 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000577.html ASA-201603-12] {{pkg|openssh}} command injection<br />
* [11 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000576.html ASA-201603-11] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [11 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000575.html ASA-201603-10] {{pkg|flashplugin}} arbitrary code execution<br />
* [10 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000574.html ASA-201603-9] {{pkg|perl}} improper input validation<br />
* [10 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000573.html ASA-201603-8] {{pkg|exim}} privilege escalation<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000572.html ASA-201603-7] {{pkg|bind}} denial of service<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000571.html ASA-201603-6] {{pkg|libotr}} arbitrary code execution<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000570.html ASA-201603-5] {{pkg|chromium}} multiple issues<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000569.html ASA-201603-4] {{pkg|firefox}} multiple issues<br />
* [7 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000568.html ASA-201603-3] {{pkg|lib32-openssl}} multiple issues<br />
* [7 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000567.html ASA-201603-2] {{pkg|openssl}} multiple issues<br />
* [3 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000566.html ASA-201603-1] {{pkg|chromium}} multiple issues<br />
<br />
=== February 2016 ===<br />
<br />
* [28 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000565.html ASA-201602-24] {{pkg|cacti}} SQL injection<br />
* [28 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000564.html ASA-201602-23] {{pkg|lib32-glibc}} unbound stack usage<br />
* [28 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000563.html ASA-201602-22] {{pkg|glibc}} unbound stack usage<br />
* [25 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000562.html ASA-201602-21] {{pkg|lib32-libssh2}} man-in-the-middle<br />
* [25 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000561.html ASA-201602-20] {{pkg|libssh2}} man-in-the-middle<br />
* [24 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000560.html ASA-201602-19] {{pkg|libgcrypt}} secret key extraction<br />
* [23 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000559.html ASA-201602-18] {{pkg|libssh}} man-in-the-middle<br />
* [21 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000558.html ASA-201602-17] {{pkg|chromium}} multiple issues<br />
* [21 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000557.html ASA-201602-16] {{pkg|thunderbird}} multiple issues<br />
* [17 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000555.html ASA-201602-15] {{pkg|lib32-glibc}} multiple issues<br />
* [17 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000554.html ASA-201602-14] {{pkg|glibc}} multiple issues<br />
* [13 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000553.html ASA-201602-13] {{pkg|nghttp2}} denial of service<br />
* [13 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000552.html ASA-201602-12] {{pkg|firefox}} same-origin policy bypass<br />
* [10 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000551.html ASA-201602-11] {{pkg|botan}} multiple issues<br />
* [10 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000550.html ASA-201602-10] {{pkg|kscreenlocker}} access restriction bypass<br />
* [6 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000549.html ASA-201602-9] {{pkg|lib32-libsndfile}} multiple issues<br />
* [6 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000548.html ASA-201602-8] {{pkg|libsndfile}} multiple issues<br />
* [4 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000547.html ASA-201602-7] {{pkg|libbsd}} denial of service<br />
* [3 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000546.html ASA-201602-6] {{pkg|lib32-nettle}} improper cryptographic calculations<br />
* [3 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000545.html ASA-201602-5] {{pkg|nettle}} improper cryptographic calculations<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000544.html ASA-201602-4] {{pkg|lib32-curl}} man-in-the-middle<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000543.html ASA-201602-3] {{pkg|curl}} man-in-the-middle<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000542.html ASA-201602-2] {{pkg|python2-django}} permission bypass<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000540.html ASA-201602-1] {{pkg|python-django}} permission bypass<br />
<br />
=== January 2016 ===<br />
* [29 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000539.html ASA-201601-33] {{pkg|lib32-openssl}} man-in-the-middle<br />
* [29 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000538.html ASA-201601-32] {{pkg|openssl}} man-in-the-middle<br />
* [27 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000536.html ASA-201601-31] {{pkg|nginx}} denial of service<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000535.html ASA-201601-30] {{pkg|blueman}} privilege escalation<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000534.html ASA-201601-29] {{pkg|mbedtls}} man-in-the-middle<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000533.html ASA-201601-28] {{pkg|chromium}} multiple issues<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000532.html ASA-201601-27] {{pkg|privoxy}} denial of service<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000531.html ASA-201601-26] {{pkg|linux-lts}} privilege escalation<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000530.html ASA-201601-25] {{pkg|ecryptfs-utils}} privilege escalation<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000529.html ASA-201601-24] {{pkg|python2-rsa}} signature forgery<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000528.html ASA-201601-23] {{pkg|python-rsa}} signature forgery<br />
* [21 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000527.html ASA-201601-22] {{pkg|libdwarf}} denial of service<br />
* [21 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000526.html ASA-201601-21] {{pkg|bind}} denial of service<br />
* [20 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000525.html ASA-201601-20] {{pkg|linux}} privilege escalation<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000524.html ASA-201601-19] {{pkg|ntp}} time alteration<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000523.html ASA-201601-18] {{pkg|roundcubemail}} remote code execution<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000522.html ASA-201601-17] {{pkg|ffmpeg}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000521.html ASA-201601-16] {{pkg|syncthing}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000520.html ASA-201601-15] {{pkg|keybase}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000519.html ASA-201601-14] {{pkg|hub}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000518.html ASA-201601-13] {{pkg|go-ipfs}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000517.html ASA-201601-12] {{pkg|docker}} information leakage<br />
* [16 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000516.html ASA-201601-11] {{pkg|go}} information leakage<br />
* [14 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000515.html ASA-201601-10] {{pkg|php}} multiple issues<br />
* [14 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000512.html ASA-201601-9] {{pkg|openssh}} multiple issues<br />
* [13 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000487.html ASA-201601-8] {{pkg|libxslt}} denial of service<br />
* [11 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000486.html ASA-201601-7] {{pkg|dhcpcd}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000485.html ASA-201601-6] {{pkg|wireshark-qt}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000484.html ASA-201601-5] {{pkg|wireshark-gtk}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000483.html ASA-201601-4] {{pkg|wireshark-cli}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000482.html ASA-201601-3] {{pkg|gajim}} man-in-the-middle<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000481.html ASA-201601-2] {{pkg|wordpress}} cross-side scripting<br />
* [02 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000480.html ASA-201601-1] {{pkg|rtmpdump}} multiple issues<br />
<br />
=== December 2015 ===<br />
<br />
* [28 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000479.html ASA-201512-19] {{pkg|openvpn}} out-of-bound read<br />
* [28 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000478.html ASA-201512-18] {{pkg|libpng}} buffer overflow<br />
* [28 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000477.html ASA-201512-17] {{pkg|flashplugin}}, {{pkg|lib32-flashplugin}} multiple issues<br />
* [25 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000476.html ASA-201512-16] {{pkg|nghttp2}} use-after-free<br />
* [25 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000475.html ASA-201512-15] {{pkg|mediawiki}} multiple issues<br />
* [25 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000474.html ASA-201512-14] {{pkg|thunderbird}} multiple issues<br />
* [22 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000473.html ASA-201512-13] {{pkg|claws-mail}} buffer overflow<br />
* [17 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000472.html ASA-201512-12] {{pkg|python2-pyamf}} XML external entity injection<br />
* [17 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000471.html ASA-201512-11] {{pkg|ruby}} unsafe tainted string usage<br />
* [16 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000468.html ASA-201512-10] {{pkg|bind}} denial of service<br />
* [15 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000467.html ASA-201512-9] {{pkg|firefox}} multiple issues<br />
* [10 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000466.html ASA-201512-8] {{pkg|keepassx}} information disclosure<br />
* [09 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000465.html ASA-201512-7] {{pkg|flashplugin}} multiple issues<br />
* [09 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000464.html ASA-201512-6] {{pkg|libxml2}} multiple issues<br />
* [09 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000463.html ASA-201512-5] {{pkg|chromium}} multiple issues<br />
* [05 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000462.html ASA-201512-4] {{pkg|nodejs}} denial of service<br />
* [05 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000460.html ASA-201512-3] {{pkg|python-django}} {{pkg|python2-django}} information leakage<br />
* [05 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000459.html ASA-201512-2] {{pkg|openssl}} {{pkg|lib32-openssl}} multiple issues<br />
* [02 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000440.html ASA-201512-1] {{pkg|chromium}} multiple issues<br />
<br />
=== November 2015 ===<br />
<br />
* [18 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000439.html ASA-201511-11] {{pkg|jenkins}} multiple issues<br />
* [17 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000438.html ASA-201511-10] {{pkg|lib32-libpng}} multiple issues<br />
* [17 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000437.html ASA-201511-9] {{pkg|libpng}} multiple issues<br />
* [13 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000436.html ASA-201511-8] {{pkg|chromium}} information leakage<br />
* [12 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000435.html ASA-201511-7] {{pkg|putty}} arbitrary code execution<br />
* [12 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000434.html ASA-201511-6] {{pkg|powerdns}} denial of service<br />
* [11 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000433.html ASA-201511-5] {{pkg|flashplugin}} multiple issues<br />
* [06 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000432.html ASA-201511-4] {{pkg|nspr}} arbitrary code execution<br />
* [06 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000431.html ASA-201511-3] {{pkg|nss}} arbitrary code execution<br />
* [04 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000430.html ASA-201511-2] {{pkg|firefox}} multiple issues<br />
* [03 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000429.html ASA-201511-1] {{pkg|unzip}} multiple issues<br />
<br />
=== October 2015 ===<br />
<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000428.html ASA-201510-26] {{pkg|mariadb}} denial of service<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000427.html ASA-201510-25] {{pkg|lldpd}} denial of service<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000426.html ASA-201510-24] {{pkg|wordpress}} multiple issues<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000425.html ASA-201510-23] {{pkg|phpmyadmin}} content spoofing<br />
* [27 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000424.html ASA-201510-22] {{pkg|vorbis-tools}} denial of service<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000423.html ASA-201510-21] {{pkg|drupal}} open redirect<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000422.html ASA-201510-20] {{pkg|jre8-openjdk-headless}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000421.html ASA-201510-19] {{pkg|jre8-openjdk}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000420.html ASA-201510-18] {{pkg|jdk8-openjdk}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000419.html ASA-201510-17] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000418.html ASA-201510-16] {{pkg|jre7-openjdk}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000417.html ASA-201510-15] {{pkg|jdk7-openjdk}} multiple issues<br />
* [22 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000416.html ASA-201510-14] {{pkg|ntp}} multiple issues<br />
* [19 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000415.html ASA-201510-13] {{pkg|spice}} multiple issues<br />
* [18 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000414.html ASA-201510-12] {{pkg|flashplugin}} arbitrary code execution<br />
* [18 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000413.html ASA-201510-11] {{pkg|miniupnpc}} arbitrary code execution<br />
* [16 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000412.html ASA-201510-10] {{pkg|firefox}} cross-origin restriction bypass<br />
* [15 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000411.html ASA-201510-9] {{pkg|mbedtls}} arbitrary code execution<br />
* [14 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000410.html ASA-201510-8] {{pkg|chromium}} multiple issues<br />
* [14 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000409.html ASA-201510-7] {{pkg|flashplugin}} multiple issues<br />
* [10 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000408.html ASA-201510-6] {{pkg|gdk-pixbuf2}} multiple issues<br />
* [08 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000407.html ASA-201510-5] {{pkg|opensmtpd}} multiple issues<br />
* [08 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000406.html ASA-201510-4] {{pkg|bugzilla}} unauthorized account creation<br />
* [05 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000405.html ASA-201510-3] {{pkg|nodejs}} denial of service<br />
* [05 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000404.html ASA-201510-2] {{pkg|hostapd}} denial of service<br />
* [05 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000403.html ASA-201510-1] {{pkg|libunwind}} denial of service<br />
<br />
=== September 2015 ===<br />
* [28 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000401.html ASA-201509-11] {{pkg|chromium}} cross-origin bypass<br />
* [25 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000400.html ASA-201509-10] {{pkg|rpcbind}} denial of service<br />
* [23 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000399.html ASA-201509-9] {{pkg|firefox}} multiple issues<br />
* [22 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000398.html ASA-201509-8] {{pkg|flashplugin}} multiple issues<br />
* [21 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000397.html ASA-201509-7] {{pkg|wordpress}} multiple issues<br />
* [13 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000395.html ASA-201509-6] {{pkg|icedtea-web}} multiple issues<br />
* [13 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000394.html ASA-201509-5] {{pkg|libvdpau}} {{pkg|lib32-libvdpau}} multiple issues<br />
* [13 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000393.html ASA-201509-4] {{pkg|openldap}} denial of service<br />
* [07 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000392.html ASA-201509-3] {{pkg|powerdns}} denial of service<br />
* [03 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000391.html ASA-201509-2] {{pkg|bind}} denial of service<br />
* [02 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000390.html ASA-201509-1] {{pkg|chromium}} multiple issues<br />
<br />
=== August 2015 ===<br />
* [28 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000389.html ASA-201508-12] {{pkg|firefox}} multiple issues<br />
* [26 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000388.html ASA-201508-11] {{pkg|pcre}} arbitrary code execution<br />
* [26 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000387.html ASA-201508-10] {{pkg|jasper}} denial of service<br />
* [25 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000386.html ASA-201508-9] {{pkg|django}} denial of service<br />
* [25 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000385.html ASA-201508-8] {{pkg|gnutls}} denial of service<br />
* [16 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000384.html ASA-201508-7] {{pkg|glibc}} denial of service<br />
* [14 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000383.html ASA-201508-6] {{pkg|freeradius}} insufficient CRL validation<br />
* [14 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000382.html ASA-201508-5] {{pkg|subversion}} authentication bypass<br />
* [12 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000381.html ASA-201508-4] {{pkg|firefox}} multiple issues<br />
* [11 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000380.html ASA-201508-3] {{pkg|ppp}} denial of service<br />
* [07 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000379.html ASA-201508-2] {{pkg|wordpress}} multiple issues<br />
* [07 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000378.html ASA-201508-1] {{pkg|firefox}} information leakage<br />
<br />
=== July 2015 ===<br />
* [29 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000377.html ASA-201507-23] {{pkg|pacman}} silent downgrade<br />
* [29 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000376.html ASA-201507-22] {{pkg|bind}} denial of service<br />
* [29 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000375.html ASA-201507-21] {{pkg|qemu}} multiple issues<br />
* [24 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000374.html ASA-201507-20] {{pkg|crypto++}} private key recovery<br />
* [24 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000373.html ASA-201507-19] {{pkg|libuser}} privilege escalation<br />
* [23 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000371.html ASA-201507-18] {{pkg|chromium}} multiple issues<br />
* [23 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000372.html ASA-201507-17] {{pkg|openssh}} authentication limits bypass<br />
* [22 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000370.html ASA-201507-16] {{pkg|jre7-openjdk}} multiple issues<br />
* [17 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000369.html ASA-201507-15] {{pkg|apache}} multiple issues<br />
* [16 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000368.html ASA-201507-14] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [16 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000367.html ASA-201507-13] {{pkg|flashplugin}} arbitrary code execution<br />
* [13 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000366.html ASA-201507-12] {{pkg|lib32-openssl}} man-in-the-middle<br />
* [12 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000365.html ASA-201507-11] {{pkg|lib32-krb5}} multiple issues<br />
* [12 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000364.html ASA-201507-10] {{pkg|krb5}} multiple issues<br />
* [11 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000363.html ASA-201507-9] {{pkg|thunderbird}} multiple issues<br />
* [09 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000362.html ASA-201507-8] {{pkg|openssl}} man-in-the-middle<br />
* [08 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000361.html ASA-201507-7] {{pkg|flashplugin}} remote code execution<br />
* [07 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000360.html ASA-201507-6] {{pkg|bind}} denial of service<br />
* [07 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000359.html ASA-201507-5] {{pkg|ntp}} denial of service<br />
* [04 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000358.html ASA-201507-4] {{pkg|openssh}} XSECURITY restrictions bypass<br />
* [04 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000357.html ASA-201507-3] {{pkg|haproxy}} information leakage<br />
* [03 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000356.html ASA-201507-2] {{pkg|firefox}} remote code execution<br />
* [03 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000355.html ASA-201507-1] {{pkg|wesnoth}} information leakage<br />
<br />
=== June 2015 ===<br />
* [24 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000346.html ASA-201506-5] {{pkg|flashplugin}} remote code execution<br />
* [22 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000345.html ASA-201506-4] {{pkg|curl}} information leakage<br />
* [12 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000344.html ASA-201506-3] {{pkg|openssl}} multiple issues<br />
* [10 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000343.html ASA-201506-2] {{pkg|cups}} multiple issues<br />
* [01 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000342.html ASA-201506-1] {{pkg|pcre}} buffer overflow<br />
<br />
=== May 2015 ===<br />
* [28 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000341.html ASA-201505-20] {{pkg|curl}} information leakage<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000340.html ASA-201505-19] {{pkg|webkitgtk2}} man-in-the-middle<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000339.html ASA-201505-18] {{pkg|webkitgtk}} man-in-the-middle<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000338.html ASA-201505-17] {{pkg|postgresql}} multiple issues<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000337.html ASA-201505-16] {{pkg|pgbouncer}} denial of service<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000336.html ASA-201505-15] {{pkg|nbd}} denial of service<br />
* [21 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000335.html ASA-201505-14] {{pkg|chromium}} multiple issues<br />
* [18 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000332.html ASA-201505-13] {{pkg|thunderbird}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000331.html ASA-201505-12] {{pkg|wireshark-gtk}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000330.html ASA-201505-11] {{pkg|wireshark-qt}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000329.html ASA-201505-10] {{pkg|wireshark-cli}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000328.html ASA-201505-9] {{pkg|qemu}} arbitrary code execution<br />
* [13 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000321.html ASA-201505-8] {{pkg|tomcat6}} denial of service<br />
* [13 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000320.html ASA-201505-7] {{pkg|firefox}} multiple issues<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000319.html ASA-201505-6] {{pkg|docker}} multiple issues<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000318.html ASA-201505-5] {{pkg|libtasn1}} arbitrary code execution<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000317.html ASA-201505-4] {{pkg|mariadb-clients}} multiple issues<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000316.html ASA-201505-3] {{pkg|mariadb}} multiple issues<br />
* [03 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000315.html ASA-201505-2] {{pkg|clamav}} multiple issues<br />
* [01 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000314.html ASA-201505-1] {{pkg|squid}} weak certificate validation<br />
<br />
=== Apr 2015 ===<br />
* [30 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000313.html ASA-201504-32] {{pkg|perl-xml-libxml}} xml external entity injection<br />
* [29 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000312.html ASA-201504-31] {{pkg|dovecot}} denial of service<br />
* [29 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000311.html ASA-201504-30] {{pkg|chromium}} multiple issues<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000310.html ASA-201504-29] {{pkg|wpa_supplicant}} arbitrary code execution<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000309.html ASA-201504-28] {{pkg|curl}} multiple issues<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000308.html ASA-201504-27] {{pkg|powerdns-recursor}} denial of service<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000307.html ASA-201504-26] {{pkg|powerdns}} denial of service<br />
* [23 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000305.html ASA-201504-25] {{pkg|glibc}} arbitrary code execution<br />
* [22 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000304.html ASA-201504-24] {{pkg|firefox}} arbitrary code execution<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000302.html ASA-201504-23] {{pkg|jre8-openjdk-headless}} multiple issues<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000301.html ASA-201504-22] {{pkg|jre8-openjdk}} multiple issues<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000300.html ASA-201504-21] {{pkg|jdk8-openjdk}} multiple issues<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000299.html ASA-201504-20] {{pkg|tcpdump}} denial of service<br />
* [18 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000298.html ASA-201504-19] {{pkg|chromium}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000297.html ASA-201504-18] {{pkg|flashplugin}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000296.html ASA-201504-17] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000295.html ASA-201504-16] {{pkg|jre7-openjdk}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000294.html ASA-201504-15] {{pkg|jdk7-openjdk}} multiple issues<br />
* [15 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000291.html ASA-201504-14] {{pkg|php}} multiple issues<br />
* [14 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000282.html ASA-201504-13] {{pkg|ruby}} permissive certificate matching<br />
* [11 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000281.html ASA-201504-12] {{pkg|icecast}} denial of service<br />
* [10 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000280.html ASA-201504-11] {{pkg|mediawiki}} multiple issues<br />
* [09 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000279.html ASA-201504-10] {{pkg|libssh2}} out-of-bounds read<br />
* [08 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000278.html ASA-201504-9] {{pkg|chrony}} denial of service<br />
* [08 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000275.html ASA-201504-8] {{pkg|ntp}} multiple issues<br />
* [07 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000274.html ASA-201504-7] {{pkg|tor}} multiple issues<br />
* [04 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000272.html ASA-201504-6] {{pkg|thunderbird}} multiple issues<br />
* [04 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000273.html ASA-201504-5] {{pkg|java-batik}} xml external entity injection<br />
* [04 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000271.html ASA-201504-4] {{pkg|firefox}} certificate verification bypass<br />
* [03 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000270.html ASA-201504-3] {{pkg|libtasn1}} stack overflow<br />
* [02 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000269.html ASA-201504-2] {{pkg|chromium}} remote code execution<br />
* [01 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000268.html ASA-201504-1] {{pkg|firefox}} multiple issues<br />
<br />
=== Mar 2015 ===<br />
* [31 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000267.html ASA-201503-26] {{pkg|musl}} arbitrary code execution<br />
* [28 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000266.html ASA-201503-25] {{pkg|php}} zip integer overflow<br />
* [25 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000265.html ASA-201503-24] {{pkg|vorbis-tools}} denial of service<br />
* [24 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000264.html ASA-201503-23] {{pkg|util-linux}} command injection<br />
* [23 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000263.html ASA-201503-22] {{pkg|cpio}} directory traversal<br />
* [21 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000262.html ASA-201503-21] {{pkg|firefox}} multiple issues<br />
* [20 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000261.html ASA-201503-20] {{pkg|tcpdump}} multiple issues<br />
* [20 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000260.html ASA-201503-19] {{pkg|xerces-c}} denial of service<br />
* [20 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000259.html ASA-201503-18] {{pkg|drupal}} multiple issues<br />
* [19 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000258.html ASA-201503-17] {{pkg|lib32-openssl}} multiple issues<br />
* [19 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000257.html ASA-201503-16] {{pkg|openssl}} multiple issues<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000256.html ASA-201503-15] {{pkg|libxfont}} multiple issues<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000255.html ASA-201503-14] {{pkg|ecryptfs-utils}} hard-coded passphrase salt<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000254.html ASA-201503-13] {{pkg|ettercap-gtk}} multiple issues<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000253.html ASA-201503-12] {{pkg|ettercap}} multiple issues<br />
* [16 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000252.html ASA-201503-11] {{pkg|flashplugin}} multiple issues<br />
* [16 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000251.html ASA-201503-10] {{pkg|librsync}} checksum collision<br />
* [15 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000250.html ASA-201503-9] {{pkg|unzip}} arbitrary code execution<br />
* [12 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000249.html ASA-201503-8] {{pkg|e2fsprogs}} arbitrary code execution<br />
* [11 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000248.html ASA-201503-7] {{pkg|python2-django}} {{pkg|python-django}} cross site scripting<br />
* [09 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000247.html ASA-201503-6] {{pkg|mutt}} denial of service<br />
* [05 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000245.html ASA-201503-5] {{pkg|chromium}} multiple issues<br />
* [05 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000244.html ASA-201503-4] {{pkg|grep}} denial of service<br />
* [02 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000243.html ASA-201503-3] {{pkg|lib32-elfutils}} directory traversal<br />
* [02 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000242.html ASA-201503-2] {{pkg|elfutils}} directory traversal<br />
* [02 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000241.html ASA-201503-1] {{pkg|putty}} information disclosure<br />
<br />
=== Feb 2015 ===<br />
* [25 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000238.html ASA-201502-15] {{pkg|thunderbird}} multiple issues<br />
* [25 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000237.html ASA-201502-14] {{pkg|firefox}} multiple issues<br />
* [23 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000236.html ASA-201502-13] {{pkg|samba}} arbitrary code execution<br />
* [17 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000235.html ASA-201502-12] {{pkg|krb5}} multiple issues<br />
* [11 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000234.html ASA-201502-11] {{pkg|xorg-server}} information leak and denial of service<br />
* [10 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000233.html ASA-201502-10] {{pkg|dbus}} denial of service<br />
* [09 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000232.html ASA-201502-9] {{pkg|pigz}} remote write to arbitrary file<br />
* [09 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000231.html ASA-201502-8] {{pkg|glibc}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000230.html ASA-201502-7] {{pkg|ntp}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000229.html ASA-201502-6] {{pkg|clamav}} arbitrary code execution<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000228.html ASA-201502-5] {{pkg|chromium}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000227.html ASA-201502-4] {{pkg|postgresql}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000226.html ASA-201502-3] {{pkg|mantisbt}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000225.html ASA-201502-2] {{pkg|flashplugin}} remote code execution<br />
* [03 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000224.html ASA-201502-1] {{pkg|privoxy}} denial of service<br />
<br />
=== Jan 2015 ===<br />
* [28 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000223.html ASA-201501-24] {{pkg|patch}} multiple issues<br />
* [27 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000222.html ASA-201501-23] {{pkg|jasper}} arbitrary code execution<br />
* [26 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000220.html ASA-201501-22] {{pkg|flashplugin}} multiple issues<br />
* [25 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000219.html ASA-201501-21] {{pkg|chromium}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000218.html ASA-201501-20] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000217.html ASA-201501-19] {{pkg|jre7-openjdk}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000216.html ASA-201501-18] {{pkg|jdk7-openjdk}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000215.html ASA-201501-17] {{pkg|php}} remote code execution<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000212.html ASA-201501-16] {{pkg|jre8-openjdk-headless}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000211.html ASA-201501-15] {{pkg|jre8-openjdk}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000210.html ASA-201501-14] {{pkg|jdk8-openjdk}} multiple issues<br />
* [20 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000209.html ASA-201501-13] {{pkg|polarssl}} remote code execution<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000208.html ASA-201501-12] {{pkg|libssh}} denial of service<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000207.html ASA-201501-11] {{pkg|tinyproxy}} denial of service<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000206.html ASA-201501-10] {{pkg|samba}} privilege elevation<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000205.html ASA-201501-9] {{pkg|curl}} url request injection<br />
* [15 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000204.html ASA-201501-8] {{pkg|flashplugin}} multiple issues<br />
* [14 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000203.html ASA-201501-7] {{pkg|thunderbird}} multiple issues<br />
* [14 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000202.html ASA-201501-6] {{pkg|firefox}} multiple issues<br />
* [14 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000201.html ASA-201501-5] {{pkg|cpio}} heap buffer overflow<br />
* [13 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000200.html ASA-201501-4] {{pkg|libevent}} heap overflow<br />
* [10 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000199.html ASA-201501-3] {{pkg|unzip}} arbitrary code execution<br />
* [09 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000198.html ASA-201501-2] {{pkg|openssl}} multiple issues<br />
* [07 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000192.html ASA-201501-1] {{pkg|imagemagick}} multiple issues<br />
<br />
=== Dec 2014 ===<br />
* [22 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000189.html ASA-201412-24] {{pkg|ntp}} multiple issues<br />
* [18 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000183.html ASA-201412-23] {{pkg|php}} use after free<br />
* [18 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000182.html ASA-201412-22] {{pkg|jasper}} arbitrary code execution<br />
* [18 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000181.html ASA-201412-21] {{pkg|glibc}} arbitrary code execution<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000178.html ASA-201412-20] {{pkg|unrtf}} arbitrary code execution<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000177.html ASA-201412-19] {{pkg|dokuwiki}} cross-site scripting<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000176.html ASA-201412-18] {{pkg|nss}} signature forgery<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000175.html ASA-201412-17] {{pkg|subversion}} denial of service<br />
* [15 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000174.html ASA-201412-16] {{pkg|docker}} multiple issues<br />
* [15 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000173.html ASA-201412-15] {{pkg|python2}} multiple issues<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000172.html ASA-201412-14] {{pkg|xorg-server}} multiple issues<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000171.html ASA-201412-13] {{pkg|flashplugin}} multiple issues<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000170.html ASA-201412-12] {{pkg|nvidia}} arbitrary code execution<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000169.html ASA-201412-11] {{pkg|nvidia-340xx}} arbitrary code execution<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000168.html ASA-201412-10] {{pkg|nvidia-304xx}} arbitrary code execution<br />
* [09 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000167.html ASA-201412-9] {{pkg|powerdns-recursor}} denial of service<br />
* [09 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000166.html ASA-201412-8] {{pkg|unbound}} denial of service<br />
* [08 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000165.html ASA-201412-7] {{pkg|bind}} denial of service<br />
* [08 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000164.html ASA-201412-6] {{pkg|mantisbt}} multiple issues<br />
* [04 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000163.html ASA-201412-5] {{pkg|antiword}} buffer overflow<br />
* [03 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000162.html ASA-201412-4] {{pkg|graphviz}} format string vulnerability<br />
* [03 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000161.html ASA-201412-3] {{pkg|firefox}} multiple issues<br />
* [02 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000160.html ASA-201412-2] {{pkg|openvpn}} denial of service<br />
* [01 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000159.html ASA-201412-1] {{pkg|gnupg}} denial of service<br />
<br />
=== Nov 2014 ===<br />
* [28 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000156.html ASA-201411-31] {{pkg|libksba}} denial of service<br />
* [28 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000157.html ASA-201411-32] {{pkg|icecast}} information leak<br />
* [28 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000158.html ASA-201411-33] {{pkg|libjpeg-turbo}} denial of service <br />
* [26 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000155.html ASA-201411-30] {{pkg|flac}} arbitrary code execution<br />
* [26 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000154.html ASA-201411-29] {{pkg|pcre}} heap buffer overflow<br />
* [23 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000153.html ASA-201411-28] {{pkg|dbus}} denial of service<br />
* [21 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000152.html ASA-201411-27] {{pkg|glibc}} command execution<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000151.html ASA-201411-26] {{pkg|chromium}} multiple issues<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000150.html ASA-201411-25] {{pkg|drupal}} session hijacking and denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000149.html ASA-201411-24] {{pkg|wireshark-qt}} denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000148.html ASA-201411-23] {{pkg|wireshark-gtk}} denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000147.html ASA-201411-22] {{pkg|wireshark-cli}} denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000146.html ASA-201411-21] {{pkg|clamav}} denial of service<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000145.html ASA-201411-20] {{pkg|avr-binutils}} multiple issues<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000144.html ASA-201411-19] {{pkg|mingw-w64-binutils}} multiple issues<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000143.html ASA-201411-18] {{pkg|arm-none-eabi-binutils}} multiple issues<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000142.html ASA-201411-17] {{pkg|binutils}} multiple issues<br />
* [17 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000141.html ASA-201411-16] {{pkg|ruby}} denial of service<br />
* [17 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000140.html ASA-201411-15] {{pkg|linux-lts}} local denial of service, privilege escalation<br />
* [17 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000139.html ASA-201411-14] {{pkg|linux}} local denial of service, privilege escalation<br />
* [13 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000138.html ASA-201411-13] {{pkg|php}} denial of service<br />
* [13 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000137.html ASA-201411-12] {{pkg|imagemagick}} denial of service<br />
* [13 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000136.html ASA-201411-11] {{pkg|flashplugin}} remote code execution<br />
* [12 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000135.html ASA-201411-10] {{pkg|gnutls}} out-of-bounds memory write<br />
* [12 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000134.html ASA-201411-9] {{pkg|file}} denial of service through out-of-bounds read<br />
* [12 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000133.html ASA-201411-8] {{pkg|mantisbt}} arbitrary code execution and unrestricted access<br />
* [11 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000132.html ASA-201411-7] {{pkg|curl}} out-of-bounds read<br />
* [10 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000131.html ASA-201411-6] {{pkg|kdebase-workspace}} local privilege escalation<br />
* [09 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000130.html ASA-201411-5] {{pkg|konversation}} denial of service<br />
* [06 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000129.html ASA-201411-4] {{pkg|polarssl}} multiple issues<br />
* [05 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000128.html ASA-201411-3] {{pkg|mantisbt}} sql injection<br />
* [03 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000127.html ASA-201411-2] {{pkg|aircrack-ng}} multiple vulnerabilities<br />
* [01 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000126.html ASA-201411-1] {{pkg|tnftp}} arbitrary command execution<br />
<br />
=== Oct 2014 ===<br />
<br />
* [29 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000125.html ASA-201410-14] {{pkg|wget}} arbitrary filesystem access<br />
* [27 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000124.html ASA-201410-13] {{pkg|ejabberd}} circumvention of encryption<br />
* [24 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000123.html ASA-201410-12] {{pkg|libxml2}} Denial of service<br />
* [24 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000122.html ASA-201410-11] {{pkg|ctags}} Denial of service<br />
* [23 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000121.html ASA-201410-10] {{pkg|libvncserver}} Remote code execution and Remote DoS<br />
* [22 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000120.html ASA-201410-9] {{pkg|libpurple}} Remote DoS and Information leakage<br />
* [20 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000119.html ASA-201410-8] {{pkg|wpa_supplicant}}, {{pkg|hostapd}} Arbitrary command execution<br />
* [16 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000118.html ASA-201410-7] {{pkg|drupal}} SQL Injection<br />
* [16 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000117.html ASA-201410-6] {{pkg|openssl}} Memory leak and poodle mitigation<br />
* [15 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000116.html ASA-201410-4] {{pkg|zeromq}} Man-in-the-middle downgrade and replay attack<br />
* [8 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000115.html ASA-201410-5] {{pkg|rsyslog}} Denial of service<br />
* [4 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000114.html ASA-201410-3] {{pkg|mediawiki}} Cross-site Scripting (XSS) and UI redressing<br />
* [2 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000113.html ASA-201410-2] {{pkg|jenkins}} Multiple issues<br />
* [1 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000112.html ASA-201410-1] {{pkg|rsyslog}} Remote denial of service<br />
<br />
=== Sep 2014 ===<br />
<br />
* [29 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000111.html ASA-201409-5] {{pkg|libvirt}} Out-of-bounds read access<br />
* [29 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000109.html ASA-201409-4] {{pkg|mediawiki}} Cross-site Scripting (XSS)<br />
* [26 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000102.html ASA-201409-3] {{pkg|python2}} Information leakage through integer overflow<br />
* [26 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000099.html ASA-201409-2] {{pkg|bash}} Remote code execution<br />
* [25 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000097.html ASA-201409-1] {{pkg|nss}} Signature forgery attack<br />
<br />
==Publishing a new advisory==<br />
<br />
We try to always wait for the vulnerability to have been fixed in the corresponding package before issuing an advisory.<br />
In case of an extremely critical vulnerability,<br />
we may issue an advisory before the package has been fixed, but only if a work-around exists. <br />
<br />
If you want to publish a new advisory, please check that:<br />
* the corresponding Arch Linux package is really vulnerable ;<br />
* the tracking [[Arch_CVE_Monitoring_Team#Procedure|Procedure]] has been completed;<br />
* no Arch Linux Security Advisory for this vulnerability has been published yet ;<br />
* no upcoming Security Advisory for this vulnerability has been claimed in the "[[#Scheduled Advisories|Scheduled Advisories]]" list of this page, as it would mean that someone is already working on an advisory ;<br />
* the current maintainer has been notified, either by flagging the package ouf-of-date if an upstream release fixing the issue exists and/or by creating a new [https://bugs.archlinux.org/ bug-tracker] entry (see the exact procedure [[Arch_CVE_Monitoring_Team#Procedure|here]]).<br />
<br />
You may then:<br />
* add a line in the "[[#Scheduled Advisories|Scheduled Advisories]]" list of this page, indicating that you are going to publish an advisory soon ;<br />
* use the following template as an example to write the advisory ;<br />
* ensure that every line in the advisory is properly wrapped after 72 characters<br />
* send the advisory to the [https://mailman.archlinux.org/mailman/listinfo/arch-security arch-security] mailing-list (note that it would be nice if you could send a PGP-signed e-mail, but it is not required).<br />
* move the published advisory from "[[#Scheduled Advisories|Scheduled Advisories]]" to "[[#Recent Advisories|Recent Advisories]]"<br />
* adapt the [[CVE#Documented_CVE.27s|CVE]] tracking page for the fixed package and add a link to the appropriate ASA.<br />
<br />
===Templates===<br />
<br />
{{bc|<nowiki><br />
Subject:<br />
[ASA-<YYYYMM-N>] <Package>: <Vulnerability Type><br />
<br />
Body:<br />
Arch Linux Security Advisory ASA-YYYYMM-N<br />
=========================================<br />
<br />
Severity: Low, Medium, High, Critical<br />
Date : YYYY-MM-DD<br />
CVE-ID : <CVE-ID><br />
Package : <package><br />
Type : <Vulnerability Type><br />
Remote : <Yes/No><br />
Link : https://wiki.archlinux.org/index.php/CVE<br />
<br />
Summary<br />
=======<br />
<br />
The package <package> before version <Arch Linux fixed version> is vulnerable to <Vulnerability type>.<br />
<br />
Resolution<br />
==========<br />
<br />
Upgrade to <Arch Linux fixed version>.<br />
<br />
# pacman -Syu "<package>>=<Arch Linux fixed version>"<br />
<br />
The problem has been fixed upstream in version <upstream fixed version>.<br />
<br />
Workaround<br />
==========<br />
<br />
<Is there a way to mitigate this vulnerability without upgrading?><br />
<br />
Description<br />
===========<br />
<br />
<Long description, for example from original advisory>.<br />
<br />
Impact<br />
======<br />
<br />
<<br />
What is it that an attacker can do? Does this need existing<br />
pre-conditions to be exploited (valid credentials, physical access)?<br />
Is this remotely exploitable?<br />
>.<br />
<br />
References<br />
==========<br />
<br />
<CVE-Link><br />
<Upstream report><br />
<Arch Linux Bug-Tracker><br />
</nowiki>}}<br />
<br />
===Vim-Snippet===<br />
<br />
Vim-Snippet for vim-ultisnips plugin for easy completing the archlinux template. Just install {{pkg|vim-ultisnips}} and copy the text below in your {{ic|~/.vim/UltiSnips/all.snippets}} you can jump through the tabstops with {{ic|CTRL+j}}.<br />
<br />
{{bc|<nowiki><br />
snippet archsec "arch security form" <br />
Arch Linux Security Advisory ASA-`date -I -u | egrep -o '[0-9]{4}'``date -I -u | egrep -o '[0-9]{2}' | sed '3q;d'`-${1}<br />
========================================${1/./=/g} <br />
<br />
Severity: ${2} <br />
Date : `date -I -u` <br />
CVE-ID : $3 <br />
Package : $4 <br />
Type : $5<br />
Remote : ${6} <br />
Link : https://wiki.archlinux.org/index.php/CVE <br />
<br />
Summary<br />
=======<br />
<br />
The package $4 before version $7 is vulnerable to $5 ${8} <br />
<br />
Resolution<br />
==========<br />
<br />
Upgrade to $7.<br />
<br />
# pacman -Syu "$4>=$7" <br />
<br />
${9:The problems have been fixed upstream in version ${7/-\d+$/./}} <br />
<br />
Workaround<br />
========== <br />
<br />
${10:None.} <br />
<br />
Description <br />
=========== <br />
<br />
${3/(CVE-....-....)(\s?)/- $1(?2: : )()\n\n/g} <br />
<br />
Impact<br />
====== <br />
<br />
A${6/(Yes)|(No)/(?1: remote )(?2: local )/}attacker is able to ${12} <br />
<br />
References<br />
========== <br />
<br />
${3/(CVE-....-....)(\s?)/https:\/\/access.redhat.com\/security\/cve\/$1\n/g}<br />
${13}<br />
endsnippet<br />
<br />
</nowiki>}}</div>
Anthraxx
https://wiki.archlinux.org/index.php?title=Security_Advisories&diff=457789
Security Advisories
2016-11-25T23:33:59Z
<p>Anthraxx: adding libtiff advisories</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
[[ja:セキュリティアドバイザリ]]<br />
{{Related articles start}}<br />
{{Related|Arch CVE Monitoring Team}}<br />
{{Related|CVE}}<br />
{{Related|Security Advisories/Examples}}<br />
{{Related articles end}}<br />
<br />
Security Advisories are published by the community driven [[Arch CVE Monitoring Team]] to the public [https://mailman.archlinux.org/mailman/listinfo/arch-security arch-security] list.<br />
All published advisories can be found below, however if you want to be up-to-date its recommended to subscribe to the [https://mailman.archlinux.org/mailman/listinfo/arch-security list]. All assigned CVE's are tracked at the relevant CVE page [[CVE]], by the [[Arch_CVE_Monitoring_Team|ACMT]].<br />
<br />
==Scheduled Advisories==<br />
<br />
<br />
==Recent Advisories==<br />
Here is an archive of security advisories posted to the [https://mailman.archlinux.org/mailman/listinfo/arch-security arch-security] list.<br />
<br />
=== November 2016 ===<br />
* [25 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000774.html ASA-201611-27] {{pkg|lib32-libtiff}} multiple issues<br />
* [25 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000773.html ASA-201611-26] {{pkg|libtiff}} multiple issues<br />
* [24 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000772.html ASA-201611-25] {{pkg|wireshark-cli}} multiple issues<br />
* [24 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000771.html ASA-201611-24] {{pkg|wireshark-qt}} multiple issues<br />
* [24 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000770.html ASA-201611-23] {{pkg|wireshark-gtk}} multiple issues<br />
* [23 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000769.html ASA-201611-22] {{pkg|tomcat6}} multiple issues<br />
* [21 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000768.html ASA-201611-21] {{pkg|slock}} access restriction bypass<br />
* [19 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000767.html ASA-201611-20] {{pkg|drupal}} multiple issues<br />
* [18 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000766.html ASA-201611-19] {{pkg|php}} arbitrary code execution<br />
* [18 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000765.html ASA-201611-18] {{pkg|w3m}} arbitrary code execution<br />
* [16 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000764.html ASA-201611-17] {{pkg|libgit2}} denial of service<br />
* [16 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000763.html ASA-201611-16] {{pkg|firefox}} multiple issues<br />
* [16 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000762.html ASA-201611-15] {{pkg|python-django}} multiple issues<br />
* [16 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000761.html ASA-201611-14] {{pkg|python2-django}} multiple issues<br />
* [14 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000760.html ASA-201611-13] {{pkg|shutter}} arbitrary code execution<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000759.html ASA-201611-12] {{pkg|lib32-gdk-pixbuf2}} arbitrary code execution<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000758.html ASA-201611-11] {{pkg|tar}} arbitrary file overwrite<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000757.html ASA-201611-10] {{pkg|lib32-libcurl-gnutls}} multiple issues<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000756.html ASA-201611-9] {{pkg|libcurl-gnutls}} multiple issues<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000755.html ASA-201611-8] {{pkg|libcurl-compat}} multiple issues<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000754.html ASA-201611-7] {{pkg|curl}} multiple issues<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000753.html ASA-201611-6] {{pkg|tomcat6}} proxy injection<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000752.html ASA-201611-5] {{pkg|lib32-libcurl-compat}} multiple issues<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000751.html ASA-201611-4] {{pkg|lib32-curl}} multiple issues<br />
* [01 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000750.html ASA-201611-3] {{pkg|bind}} denial of service<br />
* [01 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000749.html ASA-201611-2] {{pkg|libxml2}} arbitrary code execution<br />
* [01 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000748.html ASA-201611-1] {{pkg|memcached}} arbitrary code execution<br />
<br />
=== October 2016 ===<br />
* [26 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000747.html ASA-201610-19] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [26 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000746.html ASA-201610-18] {{pkg|flashplugin}} arbitrary code execution<br />
* [24 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000745.html ASA-201610-17] {{pkg|ocaml}} information disclosure<br />
* [24 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000744.html ASA-201610-16] {{pkg|linux-grsec}} privilege escalation<br />
* [23 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000743.html ASA-201610-15] {{pkg|chromium}} multiple issues<br />
* [22 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000742.html ASA-201610-14] {{pkg|linux}} privilege escalation<br />
* [21 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000741.html ASA-201610-13] {{pkg|python-django}} cross-site request forgery<br />
* [21 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000740.html ASA-201610-12] {{pkg|python2-django}} cross-site request forgery<br />
* [21 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000739.html ASA-201610-11] {{pkg|linux-lts}} privilege escalation<br />
* [16 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000738.html ASA-201610-10] {{pkg|guile}} multiple issues<br />
* [13 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000737.html ASA-201610-9] {{pkg|gdk-pixbuf2}} arbitrary code execution<br />
* [11 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000736.html ASA-201610-8] {{pkg|crypto++}} information disclosure<br />
* [09 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000735.html ASA-201610-7] {{pkg|wpa_supplicant}} multiple issues<br />
* [08 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000734.html ASA-201610-6] {{pkg|imagemagick}} multiple issues<br />
* [07 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000733.html ASA-201610-5] {{pkg|messagelib}} multiple issues<br />
* [07 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000732.html ASA-201610-4] {{pkg|kcoreaddons}} insufficient validation<br />
* [03 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000731.html ASA-201610-3] {{pkg|hostapd}} multiple issues<br />
* [03 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000730.html ASA-201610-2] {{pkg|systemd}} denial of service<br />
* [03 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000729.html ASA-201610-1] {{pkg|chromium}} arbitrary code execution<br />
<br />
=== September 2016 ===<br />
* [30 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000728.html ASA-201609-32] {{pkg|wordpress}} multiple issues<br />
* [30 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000727.html ASA-201609-31] {{pkg|c-ares}} arbitrary code execution<br />
* [28 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000726.html ASA-201609-30] {{pkg|openssl}} denial of service<br />
* [28 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000725.html ASA-201609-29] {{pkg|bind}} denial of service<br />
* [27 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000724.html ASA-201609-28] {{pkg|lib32-openssl}} denial of service<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000723.html ASA-201609-27] {{pkg|wireshark-cli}} denial of service<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000722.html ASA-201609-26] {{pkg|lib32-gnutls}} certificate verification bypass<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000721.html ASA-201609-25] {{pkg|gnutls}} certificate verification bypass<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000720.html ASA-201609-24] {{pkg|lib32-openssl}} multiple issues<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000719.html ASA-201609-23] {{pkg|openssl}} multiple issues<br />
* [22 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000718.html ASA-201609-22] {{pkg|firefox}} multiple issues<br />
* [22 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000717.html ASA-201609-21] {{pkg|tomcat7}} proxy injection<br />
* [22 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000716.html ASA-201609-20] {{pkg|irssi}} arbitrary code execution<br />
* [20 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000715.html ASA-201609-19] {{pkg|curl}} denial of service<br />
* [20 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000714.html ASA-201609-18] {{pkg|lib32-curl}} denial of service<br />
* [20 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000713.html ASA-201609-17] {{pkg|lib32-jansson}} denial of service<br />
* [18 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000712.html ASA-201609-16] {{pkg|php}} multiple issues<br />
* [17 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000711.html ASA-201609-15] {{pkg|jansson}} denial of service<br />
* [17 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000710.html ASA-201609-14] {{pkg|lib32-libgcrypt}} information disclosure<br />
* [17 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000709.html ASA-201609-13] {{pkg|chromium}} multiple issues<br />
* [15 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000708.html ASA-201609-12] {{pkg|lib32-flashplugin}} multiple issues<br />
* [15 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000707.html ASA-201609-11] {{pkg|flashplugin}} multiple issues<br />
* [14 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000706.html ASA-201609-10] {{pkg|mariadb}} multiple issues<br />
* [13 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000705.html ASA-201609-9] {{pkg|powerdns}} denial of service<br />
* [13 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000704.html ASA-201609-8] {{pkg|libtorrent-rasterbar}} denial of service<br />
* [10 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000703.html ASA-201609-7] {{pkg|tomcat8}} proxy injection<br />
* [09 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000702.html ASA-201609-6] {{pkg|graphicsmagick}} multiple issues<br />
* [09 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000701.html ASA-201609-5] {{pkg|file-roller}} directory traversal<br />
* [09 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000700.html ASA-201609-4] {{pkg|wordpress}} multiple issues<br />
* [04 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000699.html ASA-201609-3] {{pkg|thunderbird}} arbitrary code execution<br />
* [01 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000698.html ASA-201609-2] {{pkg|webkit2gtk}} multiple issues<br />
* [01 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000697.html ASA-201609-1] {{pkg|chromium}} multiple issues<br />
<br />
=== August 2016 ===<br />
* [30 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000696.html ASA-201608-22] {{pkg|mupdf}} arbitrary code execution<br />
* [30 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000695.html ASA-201608-21] {{pkg|mupdf}} arbitrary code execution<br />
* [27 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000694.html ASA-201608-20] {{pkg|wireshark-cli}} denial of service<br />
* [26 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000693.html ASA-201608-19] {{pkg|mediawiki}} multiple issues<br />
* [22 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000692.html ASA-201608-18] {{pkg|libgcrypt}} information disclosure<br />
* [21 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000691.html ASA-201608-17] {{pkg|linux-lts}} information disclosure<br />
* [17 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000690.html ASA-201608-16] {{pkg|chromium}} multiple issues<br />
* [17 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000689.html ASA-201608-15] {{pkg|linux-zen}} information disclosure<br />
* [14 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000688.html ASA-201608-14] {{pkg|postgresql}} multiple issues<br />
* [14 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000687.html ASA-201608-13] {{pkg|linux-grsec}} information disclosure<br />
* [14 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000686.html ASA-201608-12] {{pkg|linux}} information disclosure<br />
* [11 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000685.html ASA-201608-11] {{pkg|websvn}} cross-site scripting<br />
* [10 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000684.html ASA-201608-10] {{pkg|jq}} arbitrary code execution<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000683.html ASA-201608-9] {{pkg|curl}} multiple issues<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000682.html ASA-201608-8] {{pkg|libupnp}} arbitrary filesystem access<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000681.html ASA-201608-7] {{pkg|lib32-glibc}} denial of service<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000680.html ASA-201608-6] {{pkg|glibc}} denial of service<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000679.html ASA-201608-5] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000678.html ASA-201608-4] {{pkg|jre7-openjdk}} multiple issues<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000677.html ASA-201608-3] {{pkg|jdk7-openjdk}} multiple issues<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000676.html ASA-201608-2] {{pkg|firefox}} multiple issues<br />
* [02 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000675.html ASA-201608-1] {{pkg|openssh}} information leakage<br />
<br />
=== July 2016 ===<br />
* [30 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000674.html ASA-201607-14] {{pkg|libidn}} denial of service<br />
* [29 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000673.html ASA-201607-13] {{pkg|imagemagick}} information leakage<br />
* [24 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000672.html ASA-201607-12] {{pkg|chromium}} multiple issues<br />
* [22 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000671.html ASA-201607-11] {{pkg|python2-django}} cross site scripting<br />
* [22 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000670.html ASA-201607-10] {{pkg|python-django}} cross site scripting<br />
* [21 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000669.html ASA-201607-9] {{pkg|drupal}} proxy injection<br />
* [20 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000668.html ASA-201607-8] {{pkg|bind}} denial of service<br />
* [18 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000667.html ASA-201607-7] {{pkg|lib32-flashplugin}} multiple issues<br />
* [18 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000666.html ASA-201607-6] {{pkg|flashplugin}} multiple issues<br />
* [17 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000665.html ASA-201607-5] {{pkg|gimp}} arbitrary code execution<br />
* [10 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000664.html ASA-201607-4] {{pkg|thunderbird}} arbitrary code execution<br />
* [05 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000663.html ASA-201607-3] {{pkg|libreoffice-fresh}} arbitrary code execution<br />
* [05 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000662.html ASA-201607-2] {{pkg|xerces-c}} denial of service<br />
* [05 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000661.html ASA-201607-1] {{pkg|libarchive}} arbitrary code execution<br />
<br />
=== June 2016 ===<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000660.html ASA-201606-25] {{pkg|phpmyadmin}} multiple issues<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000659.html ASA-201606-24] {{pkg|libpurple}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000658.html ASA-201606-23] {{pkg|libdwarf}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000657.html ASA-201606-22] {{pkg|xerces-c}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000656.html ASA-201606-21] {{pkg|vlc}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000655.html ASA-201606-20] {{pkg|chromium}} arbitrary code execution<br />
* [20 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000654.html ASA-201606-19] {{pkg|wget}} arbitrary file upload<br />
* [20 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000653.html ASA-201606-18] {{pkg|lib32-flashplugin}} multiple issues<br />
* [19 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000652.html ASA-201606-17] {{pkg|lib32-glibc}} denial of service<br />
* [19 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000651.html ASA-201606-16] {{pkg|glibc}} denial of service<br />
* [19 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000650.html ASA-201606-15] {{pkg|flashplugin}} multiple issues<br />
* [13 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000649.html ASA-201606-14] {{pkg|lib32-expat}} multiple issues<br />
* [13 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000648.html ASA-201606-13] {{pkg|expat}} multiple issues<br />
* [10 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000647.html ASA-201606-12] {{pkg|lib32-gnutls}} arbitrary file overwrite<br />
* [10 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000646.html ASA-201606-11] {{pkg|haproxy}} denial of service<br />
* [10 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000645.html ASA-201606-10] {{pkg|gnutls}} arbitrary file overwrite<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000644.html ASA-201606-9] {{pkg|qemu-arch-extra}} multiple issues<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000643.html ASA-201606-8] {{pkg|qemu}} multiple issues<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000642.html ASA-201606-7] {{pkg|firefox}} multiple issues<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000641.html ASA-201606-6] {{pkg|subversion}} multiple issues<br />
* [5 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000640.html ASA-201606-5] {{pkg|chromium}} multiple issues<br />
* [4 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000639.html ASA-201606-4] {{pkg|ntp}} distributed denial of service amplification<br />
* [4 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000638.html ASA-201606-3] {{pkg|webkit2gtk}} arbitrary code execution<br />
* [1 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000637.html ASA-201606-2] {{pkg|nginx-mainline}} denial of service<br />
* [1 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000636.html ASA-201606-1] {{pkg|nginx}} denial of service<br />
<br />
=== May 2016 ===<br />
<br />
* [28 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000635.html ASA-201605-28] {{pkg|chromium}} multiple issues<br />
* [26 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000634.html ASA-201605-27] {{pkg|libxml2}} multiple issues<br />
* [24 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000633.html ASA-201605-26] {{pkg|libndp}} man-in-the-middle<br />
* [19 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000632.html ASA-201605-25] {{pkg|bugzilla}} cross-site scripting<br />
* [18 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000631.html ASA-201605-24] {{pkg|p7zip}} arbitrary code execution<br />
* [18 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000630.html ASA-201605-23] {{pkg|lib32-expat}} arbitrary code execution<br />
* [18 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000629.html ASA-201605-22] {{pkg|expat}} arbitrary code execution<br />
* [15 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000628.html ASA-201605-21] {{pkg|thunderbird}} arbitrary code execution<br />
* [13 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000627.html ASA-201605-20] {{pkg|lib32-glibc}} multiple issues<br />
* [13 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000626.html ASA-201605-19] {{pkg|glibc}} multiple issues<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000625.html ASA-201605-18] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000624.html ASA-201605-17] {{pkg|libksba}} denial of service<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000623.html ASA-201605-16] {{pkg|flashplugin}} arbitrary code execution<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000622.html ASA-201605-15] {{pkg|chromium}} multiple issues<br />
* [10 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000621.html ASA-201605-14] {{pkg|cacti}} sql injection<br />
* [10 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000620.html ASA-201605-13] {{pkg|squid}} multiple issues<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000619.html ASA-201605-12] {{pkg|mencoder}} denial of service<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000618.html ASA-201605-11] {{pkg|mplayer}} denial of service<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000617.html ASA-201605-10] {{pkg|mercurial}} arbitrary code execution<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000616.html ASA-201605-9] {{pkg|latex2rtf}} arbitrary code execution<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000615.html ASA-201605-8] {{pkg|gd}} arbitrary code execution<br />
* [05 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000614.html ASA-201605-7] {{pkg|chromium}} multiple issues<br />
* [05 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000613.html ASA-201605-6] {{pkg|imagemagick}} arbitrary code execution<br />
* [05 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000612.html ASA-201605-5] {{pkg|quassel-core}} denial of service<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000611.html ASA-201605-4] {{pkg|lib32-openssl}} multiple issues<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000610.html ASA-201605-3] {{pkg|openssl}} multiple issues<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000609.html ASA-201605-2] {{pkg|jasper}} multiple issues<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000608.html ASA-201605-1] {{pkg|imlib2}} multiple issues<br />
<br />
=== April 2016 ===<br />
<br />
* [30 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000607.html ASA-201604-15] {{pkg|firefox}} multiple issues<br />
* [23 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000606.html ASA-201604-14] {{pkg|squid}} multiple issues<br />
* [23 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000605.html ASA-201604-13] {{pkg|samba}} multiple issues<br />
* [23 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000604.html ASA-201604-12] {{pkg|thunderbird}} multiple issues<br />
* [22 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000603.html ASA-201604-11] {{pkg|pgpdump}} denial of service<br />
* [17 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000602.html ASA-201604-10] {{pkg|chromium}} multiple issues<br />
* [17 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000601.html ASA-201604-9] {{pkg|libtasn1}} denial of service<br />
* [14 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000600.html ASA-201604-8] {{pkg|lhasa}} arbitrary code execution<br />
* [10 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000599.html ASA-201604-7] {{pkg|flashplugin}} arbitrary code execution<br />
* [06 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000598.html ASA-201604-6] {{pkg|mercurial}} arbitrary code execution<br />
* [04 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000597.html ASA-201604-5] {{pkg|optipng}} arbitrary code execution<br />
* [02 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000596.html ASA-201604-4] {{pkg|squid}} denial of service<br />
* [01 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000595.html ASA-201604-3] {{pkg|jre7-openjdk-headless}} sandbox escape<br />
* [01 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000594.html ASA-201604-2] {{pkg|jre7-openjdk}} sandbox escape<br />
* [01 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000593.html ASA-201604-1] {{pkg|jdk7-openjdk}} sandbox escape<br />
<br />
=== March 2016 ===<br />
<br />
* [29 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000592.html ASA-201603-27] {{pkg|jre8-openjdk-headless}} sandbox escape<br />
* [29 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000591.html ASA-201603-26] {{pkg|jre8-openjdk}} sandbox escape<br />
* [29 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000590.html ASA-201603-25] {{pkg|jdk8-openjdk}} sandbox escape<br />
* [26 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000589.html ASA-201603-24] {{pkg|chromium}} multiple issues<br />
* [24 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000588.html ASA-201603-23] {{pkg|expat}} arbitrary code execution<br />
* [24 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000587.html ASA-201603-22] {{pkg|botan}} multiple issues<br />
* [20 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000586.html ASA-201603-21] {{pkg|thunderbird}} multiple issues<br />
* [20 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000585.html ASA-201603-20] {{pkg|git}} remote command execution<br />
* [14 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000584.html ASA-201603-19] {{pkg|dropbear}} command injection<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000583.html ASA-201603-18] {{pkg|pcre}} arbitrary code execution<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000582.html ASA-201603-17] {{pkg|wireshark-gtk}} denial of service<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000581.html ASA-201603-16] {{pkg|wireshark-qt}} denial of service<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000580.html ASA-201603-15] {{pkg|wireshark-cli}} denial of service<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000579.html ASA-201603-14] {{pkg|pidgin-otr}} arbitrary code execution<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000578.html ASA-201603-13] {{pkg|bind}} denial of service<br />
* [11 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000577.html ASA-201603-12] {{pkg|openssh}} command injection<br />
* [11 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000576.html ASA-201603-11] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [11 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000575.html ASA-201603-10] {{pkg|flashplugin}} arbitrary code execution<br />
* [10 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000574.html ASA-201603-9] {{pkg|perl}} improper input validation<br />
* [10 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000573.html ASA-201603-8] {{pkg|exim}} privilege escalation<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000572.html ASA-201603-7] {{pkg|bind}} denial of service<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000571.html ASA-201603-6] {{pkg|libotr}} arbitrary code execution<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000570.html ASA-201603-5] {{pkg|chromium}} multiple issues<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000569.html ASA-201603-4] {{pkg|firefox}} multiple issues<br />
* [7 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000568.html ASA-201603-3] {{pkg|lib32-openssl}} multiple issues<br />
* [7 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000567.html ASA-201603-2] {{pkg|openssl}} multiple issues<br />
* [3 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000566.html ASA-201603-1] {{pkg|chromium}} multiple issues<br />
<br />
=== February 2016 ===<br />
<br />
* [28 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000565.html ASA-201602-24] {{pkg|cacti}} SQL injection<br />
* [28 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000564.html ASA-201602-23] {{pkg|lib32-glibc}} unbound stack usage<br />
* [28 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000563.html ASA-201602-22] {{pkg|glibc}} unbound stack usage<br />
* [25 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000562.html ASA-201602-21] {{pkg|lib32-libssh2}} man-in-the-middle<br />
* [25 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000561.html ASA-201602-20] {{pkg|libssh2}} man-in-the-middle<br />
* [24 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000560.html ASA-201602-19] {{pkg|libgcrypt}} secret key extraction<br />
* [23 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000559.html ASA-201602-18] {{pkg|libssh}} man-in-the-middle<br />
* [21 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000558.html ASA-201602-17] {{pkg|chromium}} multiple issues<br />
* [21 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000557.html ASA-201602-16] {{pkg|thunderbird}} multiple issues<br />
* [17 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000555.html ASA-201602-15] {{pkg|lib32-glibc}} multiple issues<br />
* [17 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000554.html ASA-201602-14] {{pkg|glibc}} multiple issues<br />
* [13 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000553.html ASA-201602-13] {{pkg|nghttp2}} denial of service<br />
* [13 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000552.html ASA-201602-12] {{pkg|firefox}} same-origin policy bypass<br />
* [10 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000551.html ASA-201602-11] {{pkg|botan}} multiple issues<br />
* [10 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000550.html ASA-201602-10] {{pkg|kscreenlocker}} access restriction bypass<br />
* [6 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000549.html ASA-201602-9] {{pkg|lib32-libsndfile}} multiple issues<br />
* [6 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000548.html ASA-201602-8] {{pkg|libsndfile}} multiple issues<br />
* [4 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000547.html ASA-201602-7] {{pkg|libbsd}} denial of service<br />
* [3 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000546.html ASA-201602-6] {{pkg|lib32-nettle}} improper cryptographic calculations<br />
* [3 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000545.html ASA-201602-5] {{pkg|nettle}} improper cryptographic calculations<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000544.html ASA-201602-4] {{pkg|lib32-curl}} man-in-the-middle<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000543.html ASA-201602-3] {{pkg|curl}} man-in-the-middle<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000542.html ASA-201602-2] {{pkg|python2-django}} permission bypass<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000540.html ASA-201602-1] {{pkg|python-django}} permission bypass<br />
<br />
=== January 2016 ===<br />
* [29 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000539.html ASA-201601-33] {{pkg|lib32-openssl}} man-in-the-middle<br />
* [29 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000538.html ASA-201601-32] {{pkg|openssl}} man-in-the-middle<br />
* [27 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000536.html ASA-201601-31] {{pkg|nginx}} denial of service<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000535.html ASA-201601-30] {{pkg|blueman}} privilege escalation<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000534.html ASA-201601-29] {{pkg|mbedtls}} man-in-the-middle<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000533.html ASA-201601-28] {{pkg|chromium}} multiple issues<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000532.html ASA-201601-27] {{pkg|privoxy}} denial of service<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000531.html ASA-201601-26] {{pkg|linux-lts}} privilege escalation<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000530.html ASA-201601-25] {{pkg|ecryptfs-utils}} privilege escalation<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000529.html ASA-201601-24] {{pkg|python2-rsa}} signature forgery<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000528.html ASA-201601-23] {{pkg|python-rsa}} signature forgery<br />
* [21 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000527.html ASA-201601-22] {{pkg|libdwarf}} denial of service<br />
* [21 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000526.html ASA-201601-21] {{pkg|bind}} denial of service<br />
* [20 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000525.html ASA-201601-20] {{pkg|linux}} privilege escalation<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000524.html ASA-201601-19] {{pkg|ntp}} time alteration<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000523.html ASA-201601-18] {{pkg|roundcubemail}} remote code execution<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000522.html ASA-201601-17] {{pkg|ffmpeg}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000521.html ASA-201601-16] {{pkg|syncthing}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000520.html ASA-201601-15] {{pkg|keybase}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000519.html ASA-201601-14] {{pkg|hub}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000518.html ASA-201601-13] {{pkg|go-ipfs}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000517.html ASA-201601-12] {{pkg|docker}} information leakage<br />
* [16 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000516.html ASA-201601-11] {{pkg|go}} information leakage<br />
* [14 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000515.html ASA-201601-10] {{pkg|php}} multiple issues<br />
* [14 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000512.html ASA-201601-9] {{pkg|openssh}} multiple issues<br />
* [13 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000487.html ASA-201601-8] {{pkg|libxslt}} denial of service<br />
* [11 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000486.html ASA-201601-7] {{pkg|dhcpcd}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000485.html ASA-201601-6] {{pkg|wireshark-qt}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000484.html ASA-201601-5] {{pkg|wireshark-gtk}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000483.html ASA-201601-4] {{pkg|wireshark-cli}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000482.html ASA-201601-3] {{pkg|gajim}} man-in-the-middle<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000481.html ASA-201601-2] {{pkg|wordpress}} cross-side scripting<br />
* [02 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000480.html ASA-201601-1] {{pkg|rtmpdump}} multiple issues<br />
<br />
=== December 2015 ===<br />
<br />
* [28 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000479.html ASA-201512-19] {{pkg|openvpn}} out-of-bound read<br />
* [28 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000478.html ASA-201512-18] {{pkg|libpng}} buffer overflow<br />
* [28 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000477.html ASA-201512-17] {{pkg|flashplugin}}, {{pkg|lib32-flashplugin}} multiple issues<br />
* [25 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000476.html ASA-201512-16] {{pkg|nghttp2}} use-after-free<br />
* [25 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000475.html ASA-201512-15] {{pkg|mediawiki}} multiple issues<br />
* [25 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000474.html ASA-201512-14] {{pkg|thunderbird}} multiple issues<br />
* [22 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000473.html ASA-201512-13] {{pkg|claws-mail}} buffer overflow<br />
* [17 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000472.html ASA-201512-12] {{pkg|python2-pyamf}} XML external entity injection<br />
* [17 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000471.html ASA-201512-11] {{pkg|ruby}} unsafe tainted string usage<br />
* [16 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000468.html ASA-201512-10] {{pkg|bind}} denial of service<br />
* [15 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000467.html ASA-201512-9] {{pkg|firefox}} multiple issues<br />
* [10 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000466.html ASA-201512-8] {{pkg|keepassx}} information disclosure<br />
* [09 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000465.html ASA-201512-7] {{pkg|flashplugin}} multiple issues<br />
* [09 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000464.html ASA-201512-6] {{pkg|libxml2}} multiple issues<br />
* [09 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000463.html ASA-201512-5] {{pkg|chromium}} multiple issues<br />
* [05 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000462.html ASA-201512-4] {{pkg|nodejs}} denial of service<br />
* [05 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000460.html ASA-201512-3] {{pkg|python-django}} {{pkg|python2-django}} information leakage<br />
* [05 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000459.html ASA-201512-2] {{pkg|openssl}} {{pkg|lib32-openssl}} multiple issues<br />
* [02 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000440.html ASA-201512-1] {{pkg|chromium}} multiple issues<br />
<br />
=== November 2015 ===<br />
<br />
* [18 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000439.html ASA-201511-11] {{pkg|jenkins}} multiple issues<br />
* [17 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000438.html ASA-201511-10] {{pkg|lib32-libpng}} multiple issues<br />
* [17 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000437.html ASA-201511-9] {{pkg|libpng}} multiple issues<br />
* [13 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000436.html ASA-201511-8] {{pkg|chromium}} information leakage<br />
* [12 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000435.html ASA-201511-7] {{pkg|putty}} arbitrary code execution<br />
* [12 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000434.html ASA-201511-6] {{pkg|powerdns}} denial of service<br />
* [11 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000433.html ASA-201511-5] {{pkg|flashplugin}} multiple issues<br />
* [06 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000432.html ASA-201511-4] {{pkg|nspr}} arbitrary code execution<br />
* [06 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000431.html ASA-201511-3] {{pkg|nss}} arbitrary code execution<br />
* [04 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000430.html ASA-201511-2] {{pkg|firefox}} multiple issues<br />
* [03 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000429.html ASA-201511-1] {{pkg|unzip}} multiple issues<br />
<br />
=== October 2015 ===<br />
<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000428.html ASA-201510-26] {{pkg|mariadb}} denial of service<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000427.html ASA-201510-25] {{pkg|lldpd}} denial of service<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000426.html ASA-201510-24] {{pkg|wordpress}} multiple issues<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000425.html ASA-201510-23] {{pkg|phpmyadmin}} content spoofing<br />
* [27 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000424.html ASA-201510-22] {{pkg|vorbis-tools}} denial of service<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000423.html ASA-201510-21] {{pkg|drupal}} open redirect<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000422.html ASA-201510-20] {{pkg|jre8-openjdk-headless}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000421.html ASA-201510-19] {{pkg|jre8-openjdk}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000420.html ASA-201510-18] {{pkg|jdk8-openjdk}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000419.html ASA-201510-17] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000418.html ASA-201510-16] {{pkg|jre7-openjdk}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000417.html ASA-201510-15] {{pkg|jdk7-openjdk}} multiple issues<br />
* [22 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000416.html ASA-201510-14] {{pkg|ntp}} multiple issues<br />
* [19 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000415.html ASA-201510-13] {{pkg|spice}} multiple issues<br />
* [18 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000414.html ASA-201510-12] {{pkg|flashplugin}} arbitrary code execution<br />
* [18 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000413.html ASA-201510-11] {{pkg|miniupnpc}} arbitrary code execution<br />
* [16 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000412.html ASA-201510-10] {{pkg|firefox}} cross-origin restriction bypass<br />
* [15 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000411.html ASA-201510-9] {{pkg|mbedtls}} arbitrary code execution<br />
* [14 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000410.html ASA-201510-8] {{pkg|chromium}} multiple issues<br />
* [14 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000409.html ASA-201510-7] {{pkg|flashplugin}} multiple issues<br />
* [10 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000408.html ASA-201510-6] {{pkg|gdk-pixbuf2}} multiple issues<br />
* [08 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000407.html ASA-201510-5] {{pkg|opensmtpd}} multiple issues<br />
* [08 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000406.html ASA-201510-4] {{pkg|bugzilla}} unauthorized account creation<br />
* [05 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000405.html ASA-201510-3] {{pkg|nodejs}} denial of service<br />
* [05 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000404.html ASA-201510-2] {{pkg|hostapd}} denial of service<br />
* [05 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000403.html ASA-201510-1] {{pkg|libunwind}} denial of service<br />
<br />
=== September 2015 ===<br />
* [28 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000401.html ASA-201509-11] {{pkg|chromium}} cross-origin bypass<br />
* [25 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000400.html ASA-201509-10] {{pkg|rpcbind}} denial of service<br />
* [23 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000399.html ASA-201509-9] {{pkg|firefox}} multiple issues<br />
* [22 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000398.html ASA-201509-8] {{pkg|flashplugin}} multiple issues<br />
* [21 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000397.html ASA-201509-7] {{pkg|wordpress}} multiple issues<br />
* [13 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000395.html ASA-201509-6] {{pkg|icedtea-web}} multiple issues<br />
* [13 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000394.html ASA-201509-5] {{pkg|libvdpau}} {{pkg|lib32-libvdpau}} multiple issues<br />
* [13 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000393.html ASA-201509-4] {{pkg|openldap}} denial of service<br />
* [07 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000392.html ASA-201509-3] {{pkg|powerdns}} denial of service<br />
* [03 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000391.html ASA-201509-2] {{pkg|bind}} denial of service<br />
* [02 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000390.html ASA-201509-1] {{pkg|chromium}} multiple issues<br />
<br />
=== August 2015 ===<br />
* [28 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000389.html ASA-201508-12] {{pkg|firefox}} multiple issues<br />
* [26 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000388.html ASA-201508-11] {{pkg|pcre}} arbitrary code execution<br />
* [26 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000387.html ASA-201508-10] {{pkg|jasper}} denial of service<br />
* [25 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000386.html ASA-201508-9] {{pkg|django}} denial of service<br />
* [25 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000385.html ASA-201508-8] {{pkg|gnutls}} denial of service<br />
* [16 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000384.html ASA-201508-7] {{pkg|glibc}} denial of service<br />
* [14 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000383.html ASA-201508-6] {{pkg|freeradius}} insufficient CRL validation<br />
* [14 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000382.html ASA-201508-5] {{pkg|subversion}} authentication bypass<br />
* [12 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000381.html ASA-201508-4] {{pkg|firefox}} multiple issues<br />
* [11 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000380.html ASA-201508-3] {{pkg|ppp}} denial of service<br />
* [07 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000379.html ASA-201508-2] {{pkg|wordpress}} multiple issues<br />
* [07 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000378.html ASA-201508-1] {{pkg|firefox}} information leakage<br />
<br />
=== July 2015 ===<br />
* [29 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000377.html ASA-201507-23] {{pkg|pacman}} silent downgrade<br />
* [29 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000376.html ASA-201507-22] {{pkg|bind}} denial of service<br />
* [29 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000375.html ASA-201507-21] {{pkg|qemu}} multiple issues<br />
* [24 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000374.html ASA-201507-20] {{pkg|crypto++}} private key recovery<br />
* [24 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000373.html ASA-201507-19] {{pkg|libuser}} privilege escalation<br />
* [23 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000371.html ASA-201507-18] {{pkg|chromium}} multiple issues<br />
* [23 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000372.html ASA-201507-17] {{pkg|openssh}} authentication limits bypass<br />
* [22 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000370.html ASA-201507-16] {{pkg|jre7-openjdk}} multiple issues<br />
* [17 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000369.html ASA-201507-15] {{pkg|apache}} multiple issues<br />
* [16 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000368.html ASA-201507-14] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [16 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000367.html ASA-201507-13] {{pkg|flashplugin}} arbitrary code execution<br />
* [13 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000366.html ASA-201507-12] {{pkg|lib32-openssl}} man-in-the-middle<br />
* [12 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000365.html ASA-201507-11] {{pkg|lib32-krb5}} multiple issues<br />
* [12 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000364.html ASA-201507-10] {{pkg|krb5}} multiple issues<br />
* [11 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000363.html ASA-201507-9] {{pkg|thunderbird}} multiple issues<br />
* [09 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000362.html ASA-201507-8] {{pkg|openssl}} man-in-the-middle<br />
* [08 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000361.html ASA-201507-7] {{pkg|flashplugin}} remote code execution<br />
* [07 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000360.html ASA-201507-6] {{pkg|bind}} denial of service<br />
* [07 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000359.html ASA-201507-5] {{pkg|ntp}} denial of service<br />
* [04 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000358.html ASA-201507-4] {{pkg|openssh}} XSECURITY restrictions bypass<br />
* [04 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000357.html ASA-201507-3] {{pkg|haproxy}} information leakage<br />
* [03 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000356.html ASA-201507-2] {{pkg|firefox}} remote code execution<br />
* [03 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000355.html ASA-201507-1] {{pkg|wesnoth}} information leakage<br />
<br />
=== June 2015 ===<br />
* [24 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000346.html ASA-201506-5] {{pkg|flashplugin}} remote code execution<br />
* [22 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000345.html ASA-201506-4] {{pkg|curl}} information leakage<br />
* [12 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000344.html ASA-201506-3] {{pkg|openssl}} multiple issues<br />
* [10 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000343.html ASA-201506-2] {{pkg|cups}} multiple issues<br />
* [01 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000342.html ASA-201506-1] {{pkg|pcre}} buffer overflow<br />
<br />
=== May 2015 ===<br />
* [28 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000341.html ASA-201505-20] {{pkg|curl}} information leakage<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000340.html ASA-201505-19] {{pkg|webkitgtk2}} man-in-the-middle<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000339.html ASA-201505-18] {{pkg|webkitgtk}} man-in-the-middle<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000338.html ASA-201505-17] {{pkg|postgresql}} multiple issues<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000337.html ASA-201505-16] {{pkg|pgbouncer}} denial of service<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000336.html ASA-201505-15] {{pkg|nbd}} denial of service<br />
* [21 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000335.html ASA-201505-14] {{pkg|chromium}} multiple issues<br />
* [18 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000332.html ASA-201505-13] {{pkg|thunderbird}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000331.html ASA-201505-12] {{pkg|wireshark-gtk}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000330.html ASA-201505-11] {{pkg|wireshark-qt}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000329.html ASA-201505-10] {{pkg|wireshark-cli}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000328.html ASA-201505-9] {{pkg|qemu}} arbitrary code execution<br />
* [13 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000321.html ASA-201505-8] {{pkg|tomcat6}} denial of service<br />
* [13 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000320.html ASA-201505-7] {{pkg|firefox}} multiple issues<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000319.html ASA-201505-6] {{pkg|docker}} multiple issues<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000318.html ASA-201505-5] {{pkg|libtasn1}} arbitrary code execution<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000317.html ASA-201505-4] {{pkg|mariadb-clients}} multiple issues<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000316.html ASA-201505-3] {{pkg|mariadb}} multiple issues<br />
* [03 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000315.html ASA-201505-2] {{pkg|clamav}} multiple issues<br />
* [01 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000314.html ASA-201505-1] {{pkg|squid}} weak certificate validation<br />
<br />
=== Apr 2015 ===<br />
* [30 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000313.html ASA-201504-32] {{pkg|perl-xml-libxml}} xml external entity injection<br />
* [29 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000312.html ASA-201504-31] {{pkg|dovecot}} denial of service<br />
* [29 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000311.html ASA-201504-30] {{pkg|chromium}} multiple issues<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000310.html ASA-201504-29] {{pkg|wpa_supplicant}} arbitrary code execution<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000309.html ASA-201504-28] {{pkg|curl}} multiple issues<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000308.html ASA-201504-27] {{pkg|powerdns-recursor}} denial of service<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000307.html ASA-201504-26] {{pkg|powerdns}} denial of service<br />
* [23 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000305.html ASA-201504-25] {{pkg|glibc}} arbitrary code execution<br />
* [22 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000304.html ASA-201504-24] {{pkg|firefox}} arbitrary code execution<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000302.html ASA-201504-23] {{pkg|jre8-openjdk-headless}} multiple issues<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000301.html ASA-201504-22] {{pkg|jre8-openjdk}} multiple issues<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000300.html ASA-201504-21] {{pkg|jdk8-openjdk}} multiple issues<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000299.html ASA-201504-20] {{pkg|tcpdump}} denial of service<br />
* [18 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000298.html ASA-201504-19] {{pkg|chromium}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000297.html ASA-201504-18] {{pkg|flashplugin}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000296.html ASA-201504-17] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000295.html ASA-201504-16] {{pkg|jre7-openjdk}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000294.html ASA-201504-15] {{pkg|jdk7-openjdk}} multiple issues<br />
* [15 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000291.html ASA-201504-14] {{pkg|php}} multiple issues<br />
* [14 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000282.html ASA-201504-13] {{pkg|ruby}} permissive certificate matching<br />
* [11 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000281.html ASA-201504-12] {{pkg|icecast}} denial of service<br />
* [10 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000280.html ASA-201504-11] {{pkg|mediawiki}} multiple issues<br />
* [09 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000279.html ASA-201504-10] {{pkg|libssh2}} out-of-bounds read<br />
* [08 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000278.html ASA-201504-9] {{pkg|chrony}} denial of service<br />
* [08 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000275.html ASA-201504-8] {{pkg|ntp}} multiple issues<br />
* [07 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000274.html ASA-201504-7] {{pkg|tor}} multiple issues<br />
* [04 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000272.html ASA-201504-6] {{pkg|thunderbird}} multiple issues<br />
* [04 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000273.html ASA-201504-5] {{pkg|java-batik}} xml external entity injection<br />
* [04 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000271.html ASA-201504-4] {{pkg|firefox}} certificate verification bypass<br />
* [03 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000270.html ASA-201504-3] {{pkg|libtasn1}} stack overflow<br />
* [02 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000269.html ASA-201504-2] {{pkg|chromium}} remote code execution<br />
* [01 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000268.html ASA-201504-1] {{pkg|firefox}} multiple issues<br />
<br />
=== Mar 2015 ===<br />
* [31 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000267.html ASA-201503-26] {{pkg|musl}} arbitrary code execution<br />
* [28 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000266.html ASA-201503-25] {{pkg|php}} zip integer overflow<br />
* [25 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000265.html ASA-201503-24] {{pkg|vorbis-tools}} denial of service<br />
* [24 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000264.html ASA-201503-23] {{pkg|util-linux}} command injection<br />
* [23 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000263.html ASA-201503-22] {{pkg|cpio}} directory traversal<br />
* [21 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000262.html ASA-201503-21] {{pkg|firefox}} multiple issues<br />
* [20 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000261.html ASA-201503-20] {{pkg|tcpdump}} multiple issues<br />
* [20 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000260.html ASA-201503-19] {{pkg|xerces-c}} denial of service<br />
* [20 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000259.html ASA-201503-18] {{pkg|drupal}} multiple issues<br />
* [19 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000258.html ASA-201503-17] {{pkg|lib32-openssl}} multiple issues<br />
* [19 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000257.html ASA-201503-16] {{pkg|openssl}} multiple issues<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000256.html ASA-201503-15] {{pkg|libxfont}} multiple issues<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000255.html ASA-201503-14] {{pkg|ecryptfs-utils}} hard-coded passphrase salt<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000254.html ASA-201503-13] {{pkg|ettercap-gtk}} multiple issues<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000253.html ASA-201503-12] {{pkg|ettercap}} multiple issues<br />
* [16 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000252.html ASA-201503-11] {{pkg|flashplugin}} multiple issues<br />
* [16 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000251.html ASA-201503-10] {{pkg|librsync}} checksum collision<br />
* [15 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000250.html ASA-201503-9] {{pkg|unzip}} arbitrary code execution<br />
* [12 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000249.html ASA-201503-8] {{pkg|e2fsprogs}} arbitrary code execution<br />
* [11 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000248.html ASA-201503-7] {{pkg|python2-django}} {{pkg|python-django}} cross site scripting<br />
* [09 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000247.html ASA-201503-6] {{pkg|mutt}} denial of service<br />
* [05 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000245.html ASA-201503-5] {{pkg|chromium}} multiple issues<br />
* [05 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000244.html ASA-201503-4] {{pkg|grep}} denial of service<br />
* [02 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000243.html ASA-201503-3] {{pkg|lib32-elfutils}} directory traversal<br />
* [02 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000242.html ASA-201503-2] {{pkg|elfutils}} directory traversal<br />
* [02 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000241.html ASA-201503-1] {{pkg|putty}} information disclosure<br />
<br />
=== Feb 2015 ===<br />
* [25 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000238.html ASA-201502-15] {{pkg|thunderbird}} multiple issues<br />
* [25 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000237.html ASA-201502-14] {{pkg|firefox}} multiple issues<br />
* [23 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000236.html ASA-201502-13] {{pkg|samba}} arbitrary code execution<br />
* [17 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000235.html ASA-201502-12] {{pkg|krb5}} multiple issues<br />
* [11 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000234.html ASA-201502-11] {{pkg|xorg-server}} information leak and denial of service<br />
* [10 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000233.html ASA-201502-10] {{pkg|dbus}} denial of service<br />
* [09 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000232.html ASA-201502-9] {{pkg|pigz}} remote write to arbitrary file<br />
* [09 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000231.html ASA-201502-8] {{pkg|glibc}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000230.html ASA-201502-7] {{pkg|ntp}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000229.html ASA-201502-6] {{pkg|clamav}} arbitrary code execution<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000228.html ASA-201502-5] {{pkg|chromium}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000227.html ASA-201502-4] {{pkg|postgresql}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000226.html ASA-201502-3] {{pkg|mantisbt}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000225.html ASA-201502-2] {{pkg|flashplugin}} remote code execution<br />
* [03 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000224.html ASA-201502-1] {{pkg|privoxy}} denial of service<br />
<br />
=== Jan 2015 ===<br />
* [28 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000223.html ASA-201501-24] {{pkg|patch}} multiple issues<br />
* [27 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000222.html ASA-201501-23] {{pkg|jasper}} arbitrary code execution<br />
* [26 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000220.html ASA-201501-22] {{pkg|flashplugin}} multiple issues<br />
* [25 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000219.html ASA-201501-21] {{pkg|chromium}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000218.html ASA-201501-20] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000217.html ASA-201501-19] {{pkg|jre7-openjdk}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000216.html ASA-201501-18] {{pkg|jdk7-openjdk}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000215.html ASA-201501-17] {{pkg|php}} remote code execution<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000212.html ASA-201501-16] {{pkg|jre8-openjdk-headless}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000211.html ASA-201501-15] {{pkg|jre8-openjdk}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000210.html ASA-201501-14] {{pkg|jdk8-openjdk}} multiple issues<br />
* [20 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000209.html ASA-201501-13] {{pkg|polarssl}} remote code execution<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000208.html ASA-201501-12] {{pkg|libssh}} denial of service<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000207.html ASA-201501-11] {{pkg|tinyproxy}} denial of service<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000206.html ASA-201501-10] {{pkg|samba}} privilege elevation<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000205.html ASA-201501-9] {{pkg|curl}} url request injection<br />
* [15 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000204.html ASA-201501-8] {{pkg|flashplugin}} multiple issues<br />
* [14 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000203.html ASA-201501-7] {{pkg|thunderbird}} multiple issues<br />
* [14 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000202.html ASA-201501-6] {{pkg|firefox}} multiple issues<br />
* [14 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000201.html ASA-201501-5] {{pkg|cpio}} heap buffer overflow<br />
* [13 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000200.html ASA-201501-4] {{pkg|libevent}} heap overflow<br />
* [10 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000199.html ASA-201501-3] {{pkg|unzip}} arbitrary code execution<br />
* [09 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000198.html ASA-201501-2] {{pkg|openssl}} multiple issues<br />
* [07 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000192.html ASA-201501-1] {{pkg|imagemagick}} multiple issues<br />
<br />
=== Dec 2014 ===<br />
* [22 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000189.html ASA-201412-24] {{pkg|ntp}} multiple issues<br />
* [18 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000183.html ASA-201412-23] {{pkg|php}} use after free<br />
* [18 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000182.html ASA-201412-22] {{pkg|jasper}} arbitrary code execution<br />
* [18 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000181.html ASA-201412-21] {{pkg|glibc}} arbitrary code execution<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000178.html ASA-201412-20] {{pkg|unrtf}} arbitrary code execution<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000177.html ASA-201412-19] {{pkg|dokuwiki}} cross-site scripting<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000176.html ASA-201412-18] {{pkg|nss}} signature forgery<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000175.html ASA-201412-17] {{pkg|subversion}} denial of service<br />
* [15 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000174.html ASA-201412-16] {{pkg|docker}} multiple issues<br />
* [15 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000173.html ASA-201412-15] {{pkg|python2}} multiple issues<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000172.html ASA-201412-14] {{pkg|xorg-server}} multiple issues<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000171.html ASA-201412-13] {{pkg|flashplugin}} multiple issues<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000170.html ASA-201412-12] {{pkg|nvidia}} arbitrary code execution<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000169.html ASA-201412-11] {{pkg|nvidia-340xx}} arbitrary code execution<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000168.html ASA-201412-10] {{pkg|nvidia-304xx}} arbitrary code execution<br />
* [09 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000167.html ASA-201412-9] {{pkg|powerdns-recursor}} denial of service<br />
* [09 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000166.html ASA-201412-8] {{pkg|unbound}} denial of service<br />
* [08 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000165.html ASA-201412-7] {{pkg|bind}} denial of service<br />
* [08 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000164.html ASA-201412-6] {{pkg|mantisbt}} multiple issues<br />
* [04 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000163.html ASA-201412-5] {{pkg|antiword}} buffer overflow<br />
* [03 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000162.html ASA-201412-4] {{pkg|graphviz}} format string vulnerability<br />
* [03 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000161.html ASA-201412-3] {{pkg|firefox}} multiple issues<br />
* [02 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000160.html ASA-201412-2] {{pkg|openvpn}} denial of service<br />
* [01 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000159.html ASA-201412-1] {{pkg|gnupg}} denial of service<br />
<br />
=== Nov 2014 ===<br />
* [28 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000156.html ASA-201411-31] {{pkg|libksba}} denial of service<br />
* [28 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000157.html ASA-201411-32] {{pkg|icecast}} information leak<br />
* [28 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000158.html ASA-201411-33] {{pkg|libjpeg-turbo}} denial of service <br />
* [26 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000155.html ASA-201411-30] {{pkg|flac}} arbitrary code execution<br />
* [26 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000154.html ASA-201411-29] {{pkg|pcre}} heap buffer overflow<br />
* [23 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000153.html ASA-201411-28] {{pkg|dbus}} denial of service<br />
* [21 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000152.html ASA-201411-27] {{pkg|glibc}} command execution<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000151.html ASA-201411-26] {{pkg|chromium}} multiple issues<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000150.html ASA-201411-25] {{pkg|drupal}} session hijacking and denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000149.html ASA-201411-24] {{pkg|wireshark-qt}} denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000148.html ASA-201411-23] {{pkg|wireshark-gtk}} denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000147.html ASA-201411-22] {{pkg|wireshark-cli}} denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000146.html ASA-201411-21] {{pkg|clamav}} denial of service<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000145.html ASA-201411-20] {{pkg|avr-binutils}} multiple issues<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000144.html ASA-201411-19] {{pkg|mingw-w64-binutils}} multiple issues<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000143.html ASA-201411-18] {{pkg|arm-none-eabi-binutils}} multiple issues<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000142.html ASA-201411-17] {{pkg|binutils}} multiple issues<br />
* [17 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000141.html ASA-201411-16] {{pkg|ruby}} denial of service<br />
* [17 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000140.html ASA-201411-15] {{pkg|linux-lts}} local denial of service, privilege escalation<br />
* [17 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000139.html ASA-201411-14] {{pkg|linux}} local denial of service, privilege escalation<br />
* [13 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000138.html ASA-201411-13] {{pkg|php}} denial of service<br />
* [13 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000137.html ASA-201411-12] {{pkg|imagemagick}} denial of service<br />
* [13 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000136.html ASA-201411-11] {{pkg|flashplugin}} remote code execution<br />
* [12 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000135.html ASA-201411-10] {{pkg|gnutls}} out-of-bounds memory write<br />
* [12 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000134.html ASA-201411-9] {{pkg|file}} denial of service through out-of-bounds read<br />
* [12 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000133.html ASA-201411-8] {{pkg|mantisbt}} arbitrary code execution and unrestricted access<br />
* [11 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000132.html ASA-201411-7] {{pkg|curl}} out-of-bounds read<br />
* [10 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000131.html ASA-201411-6] {{pkg|kdebase-workspace}} local privilege escalation<br />
* [09 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000130.html ASA-201411-5] {{pkg|konversation}} denial of service<br />
* [06 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000129.html ASA-201411-4] {{pkg|polarssl}} multiple issues<br />
* [05 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000128.html ASA-201411-3] {{pkg|mantisbt}} sql injection<br />
* [03 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000127.html ASA-201411-2] {{pkg|aircrack-ng}} multiple vulnerabilities<br />
* [01 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000126.html ASA-201411-1] {{pkg|tnftp}} arbitrary command execution<br />
<br />
=== Oct 2014 ===<br />
<br />
* [29 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000125.html ASA-201410-14] {{pkg|wget}} arbitrary filesystem access<br />
* [27 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000124.html ASA-201410-13] {{pkg|ejabberd}} circumvention of encryption<br />
* [24 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000123.html ASA-201410-12] {{pkg|libxml2}} Denial of service<br />
* [24 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000122.html ASA-201410-11] {{pkg|ctags}} Denial of service<br />
* [23 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000121.html ASA-201410-10] {{pkg|libvncserver}} Remote code execution and Remote DoS<br />
* [22 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000120.html ASA-201410-9] {{pkg|libpurple}} Remote DoS and Information leakage<br />
* [20 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000119.html ASA-201410-8] {{pkg|wpa_supplicant}}, {{pkg|hostapd}} Arbitrary command execution<br />
* [16 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000118.html ASA-201410-7] {{pkg|drupal}} SQL Injection<br />
* [16 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000117.html ASA-201410-6] {{pkg|openssl}} Memory leak and poodle mitigation<br />
* [15 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000116.html ASA-201410-4] {{pkg|zeromq}} Man-in-the-middle downgrade and replay attack<br />
* [8 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000115.html ASA-201410-5] {{pkg|rsyslog}} Denial of service<br />
* [4 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000114.html ASA-201410-3] {{pkg|mediawiki}} Cross-site Scripting (XSS) and UI redressing<br />
* [2 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000113.html ASA-201410-2] {{pkg|jenkins}} Multiple issues<br />
* [1 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000112.html ASA-201410-1] {{pkg|rsyslog}} Remote denial of service<br />
<br />
=== Sep 2014 ===<br />
<br />
* [29 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000111.html ASA-201409-5] {{pkg|libvirt}} Out-of-bounds read access<br />
* [29 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000109.html ASA-201409-4] {{pkg|mediawiki}} Cross-site Scripting (XSS)<br />
* [26 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000102.html ASA-201409-3] {{pkg|python2}} Information leakage through integer overflow<br />
* [26 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000099.html ASA-201409-2] {{pkg|bash}} Remote code execution<br />
* [25 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000097.html ASA-201409-1] {{pkg|nss}} Signature forgery attack<br />
<br />
==Publishing a new advisory==<br />
<br />
We try to always wait for the vulnerability to have been fixed in the corresponding package before issuing an advisory.<br />
In case of an extremely critical vulnerability,<br />
we may issue an advisory before the package has been fixed, but only if a work-around exists. <br />
<br />
If you want to publish a new advisory, please check that:<br />
* the corresponding Arch Linux package is really vulnerable ;<br />
* the tracking [[Arch_CVE_Monitoring_Team#Procedure|Procedure]] has been completed;<br />
* no Arch Linux Security Advisory for this vulnerability has been published yet ;<br />
* no upcoming Security Advisory for this vulnerability has been claimed in the "[[#Scheduled Advisories|Scheduled Advisories]]" list of this page, as it would mean that someone is already working on an advisory ;<br />
* the current maintainer has been notified, either by flagging the package ouf-of-date if an upstream release fixing the issue exists and/or by creating a new [https://bugs.archlinux.org/ bug-tracker] entry (see the exact procedure [[Arch_CVE_Monitoring_Team#Procedure|here]]).<br />
<br />
You may then:<br />
* add a line in the "[[#Scheduled Advisories|Scheduled Advisories]]" list of this page, indicating that you are going to publish an advisory soon ;<br />
* use the following template as an example to write the advisory ;<br />
* ensure that every line in the advisory is properly wrapped after 72 characters<br />
* send the advisory to the [https://mailman.archlinux.org/mailman/listinfo/arch-security arch-security] mailing-list (note that it would be nice if you could send a PGP-signed e-mail, but it is not required).<br />
* move the published advisory from "[[#Scheduled Advisories|Scheduled Advisories]]" to "[[#Recent Advisories|Recent Advisories]]"<br />
* adapt the [[CVE#Documented_CVE.27s|CVE]] tracking page for the fixed package and add a link to the appropriate ASA.<br />
<br />
===Templates===<br />
<br />
{{bc|<nowiki><br />
Subject:<br />
[ASA-<YYYYMM-N>] <Package>: <Vulnerability Type><br />
<br />
Body:<br />
Arch Linux Security Advisory ASA-YYYYMM-N<br />
=========================================<br />
<br />
Severity: Low, Medium, High, Critical<br />
Date : YYYY-MM-DD<br />
CVE-ID : <CVE-ID><br />
Package : <package><br />
Type : <Vulnerability Type><br />
Remote : <Yes/No><br />
Link : https://wiki.archlinux.org/index.php/CVE<br />
<br />
Summary<br />
=======<br />
<br />
The package <package> before version <Arch Linux fixed version> is vulnerable to <Vulnerability type>.<br />
<br />
Resolution<br />
==========<br />
<br />
Upgrade to <Arch Linux fixed version>.<br />
<br />
# pacman -Syu "<package>>=<Arch Linux fixed version>"<br />
<br />
The problem has been fixed upstream in version <upstream fixed version>.<br />
<br />
Workaround<br />
==========<br />
<br />
<Is there a way to mitigate this vulnerability without upgrading?><br />
<br />
Description<br />
===========<br />
<br />
<Long description, for example from original advisory>.<br />
<br />
Impact<br />
======<br />
<br />
<<br />
What is it that an attacker can do? Does this need existing<br />
pre-conditions to be exploited (valid credentials, physical access)?<br />
Is this remotely exploitable?<br />
>.<br />
<br />
References<br />
==========<br />
<br />
<CVE-Link><br />
<Upstream report><br />
<Arch Linux Bug-Tracker><br />
</nowiki>}}<br />
<br />
===Vim-Snippet===<br />
<br />
Vim-Snippet for vim-ultisnips plugin for easy completing the archlinux template. Just install {{pkg|vim-ultisnips}} and copy the text below in your {{ic|~/.vim/UltiSnips/all.snippets}} you can jump through the tabstops with {{ic|CTRL+j}}.<br />
<br />
{{bc|<nowiki><br />
snippet archsec "arch security form" <br />
Arch Linux Security Advisory ASA-`date -I -u | egrep -o '[0-9]{4}'``date -I -u | egrep -o '[0-9]{2}' | sed '3q;d'`-${1}<br />
========================================${1/./=/g} <br />
<br />
Severity: ${2} <br />
Date : `date -I -u` <br />
CVE-ID : $3 <br />
Package : $4 <br />
Type : $5<br />
Remote : ${6} <br />
Link : https://wiki.archlinux.org/index.php/CVE <br />
<br />
Summary<br />
=======<br />
<br />
The package $4 before version $7 is vulnerable to $5 ${8} <br />
<br />
Resolution<br />
==========<br />
<br />
Upgrade to $7.<br />
<br />
# pacman -Syu "$4>=$7" <br />
<br />
${9:The problems have been fixed upstream in version ${7/-\d+$/./}} <br />
<br />
Workaround<br />
========== <br />
<br />
${10:None.} <br />
<br />
Description <br />
=========== <br />
<br />
${3/(CVE-....-....)(\s?)/- $1(?2: : )()\n\n/g} <br />
<br />
Impact<br />
====== <br />
<br />
A${6/(Yes)|(No)/(?1: remote )(?2: local )/}attacker is able to ${12} <br />
<br />
References<br />
========== <br />
<br />
${3/(CVE-....-....)(\s?)/https:\/\/access.redhat.com\/security\/cve\/$1\n/g}<br />
${13}<br />
endsnippet<br />
<br />
</nowiki>}}</div>
Anthraxx
https://wiki.archlinux.org/index.php?title=Security_Advisories&diff=457748
Security Advisories
2016-11-25T11:49:19Z
<p>Anthraxx: adding missing advisories</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
[[ja:セキュリティアドバイザリ]]<br />
{{Related articles start}}<br />
{{Related|Arch CVE Monitoring Team}}<br />
{{Related|CVE}}<br />
{{Related|Security Advisories/Examples}}<br />
{{Related articles end}}<br />
<br />
Security Advisories are published by the community driven [[Arch CVE Monitoring Team]] to the public [https://mailman.archlinux.org/mailman/listinfo/arch-security arch-security] list.<br />
All published advisories can be found below, however if you want to be up-to-date its recommended to subscribe to the [https://mailman.archlinux.org/mailman/listinfo/arch-security list]. All assigned CVE's are tracked at the relevant CVE page [[CVE]], by the [[Arch_CVE_Monitoring_Team|ACMT]].<br />
<br />
==Scheduled Advisories==<br />
<br />
<br />
==Recent Advisories==<br />
Here is an archive of security advisories posted to the [https://mailman.archlinux.org/mailman/listinfo/arch-security arch-security] list.<br />
<br />
=== November 2016 ===<br />
* [24 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000772.html ASA-201611-25] {{pkg|wireshark-cli}} multiple issues<br />
* [24 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000771.html ASA-201611-24] {{pkg|wireshark-qt}} multiple issues<br />
* [24 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000770.html ASA-201611-23] {{pkg|wireshark-gtk}} multiple issues<br />
* [23 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000769.html ASA-201611-22] {{pkg|tomcat6}} multiple issues<br />
* [21 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000768.html ASA-201611-21] {{pkg|slock}} access restriction bypass<br />
* [19 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000767.html ASA-201611-20] {{pkg|drupal}} multiple issues<br />
* [18 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000766.html ASA-201611-19] {{pkg|php}} arbitrary code execution<br />
* [18 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000765.html ASA-201611-18] {{pkg|w3m}} arbitrary code execution<br />
* [16 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000764.html ASA-201611-17] {{pkg|libgit2}} denial of service<br />
* [16 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000763.html ASA-201611-16] {{pkg|firefox}} multiple issues<br />
* [16 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000762.html ASA-201611-15] {{pkg|python-django}} multiple issues<br />
* [16 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000761.html ASA-201611-14] {{pkg|python2-django}} multiple issues<br />
* [14 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000760.html ASA-201611-13] {{pkg|shutter}} arbitrary code execution<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000759.html ASA-201611-12] {{pkg|lib32-gdk-pixbuf2}} arbitrary code execution<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000758.html ASA-201611-11] {{pkg|tar}} arbitrary file overwrite<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000757.html ASA-201611-10] {{pkg|lib32-libcurl-gnutls}} multiple issues<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000756.html ASA-201611-9] {{pkg|libcurl-gnutls}} multiple issues<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000755.html ASA-201611-8] {{pkg|libcurl-compat}} multiple issues<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000754.html ASA-201611-7] {{pkg|curl}} multiple issues<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000753.html ASA-201611-6] {{pkg|tomcat6}} proxy injection<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000752.html ASA-201611-5] {{pkg|lib32-libcurl-compat}} multiple issues<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000751.html ASA-201611-4] {{pkg|lib32-curl}} multiple issues<br />
* [01 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000750.html ASA-201611-3] {{pkg|bind}} denial of service<br />
* [01 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000749.html ASA-201611-2] {{pkg|libxml2}} arbitrary code execution<br />
* [01 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000748.html ASA-201611-1] {{pkg|memcached}} arbitrary code execution<br />
<br />
=== October 2016 ===<br />
* [26 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000747.html ASA-201610-19] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [26 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000746.html ASA-201610-18] {{pkg|flashplugin}} arbitrary code execution<br />
* [24 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000745.html ASA-201610-17] {{pkg|ocaml}} information disclosure<br />
* [24 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000744.html ASA-201610-16] {{pkg|linux-grsec}} privilege escalation<br />
* [23 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000743.html ASA-201610-15] {{pkg|chromium}} multiple issues<br />
* [22 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000742.html ASA-201610-14] {{pkg|linux}} privilege escalation<br />
* [21 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000741.html ASA-201610-13] {{pkg|python-django}} cross-site request forgery<br />
* [21 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000740.html ASA-201610-12] {{pkg|python2-django}} cross-site request forgery<br />
* [21 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000739.html ASA-201610-11] {{pkg|linux-lts}} privilege escalation<br />
* [16 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000738.html ASA-201610-10] {{pkg|guile}} multiple issues<br />
* [13 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000737.html ASA-201610-9] {{pkg|gdk-pixbuf2}} arbitrary code execution<br />
* [11 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000736.html ASA-201610-8] {{pkg|crypto++}} information disclosure<br />
* [09 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000735.html ASA-201610-7] {{pkg|wpa_supplicant}} multiple issues<br />
* [08 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000734.html ASA-201610-6] {{pkg|imagemagick}} multiple issues<br />
* [07 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000733.html ASA-201610-5] {{pkg|messagelib}} multiple issues<br />
* [07 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000732.html ASA-201610-4] {{pkg|kcoreaddons}} insufficient validation<br />
* [03 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000731.html ASA-201610-3] {{pkg|hostapd}} multiple issues<br />
* [03 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000730.html ASA-201610-2] {{pkg|systemd}} denial of service<br />
* [03 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000729.html ASA-201610-1] {{pkg|chromium}} arbitrary code execution<br />
<br />
=== September 2016 ===<br />
* [30 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000728.html ASA-201609-32] {{pkg|wordpress}} multiple issues<br />
* [30 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000727.html ASA-201609-31] {{pkg|c-ares}} arbitrary code execution<br />
* [28 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000726.html ASA-201609-30] {{pkg|openssl}} denial of service<br />
* [28 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000725.html ASA-201609-29] {{pkg|bind}} denial of service<br />
* [27 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000724.html ASA-201609-28] {{pkg|lib32-openssl}} denial of service<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000723.html ASA-201609-27] {{pkg|wireshark-cli}} denial of service<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000722.html ASA-201609-26] {{pkg|lib32-gnutls}} certificate verification bypass<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000721.html ASA-201609-25] {{pkg|gnutls}} certificate verification bypass<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000720.html ASA-201609-24] {{pkg|lib32-openssl}} multiple issues<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000719.html ASA-201609-23] {{pkg|openssl}} multiple issues<br />
* [22 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000718.html ASA-201609-22] {{pkg|firefox}} multiple issues<br />
* [22 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000717.html ASA-201609-21] {{pkg|tomcat7}} proxy injection<br />
* [22 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000716.html ASA-201609-20] {{pkg|irssi}} arbitrary code execution<br />
* [20 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000715.html ASA-201609-19] {{pkg|curl}} denial of service<br />
* [20 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000714.html ASA-201609-18] {{pkg|lib32-curl}} denial of service<br />
* [20 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000713.html ASA-201609-17] {{pkg|lib32-jansson}} denial of service<br />
* [18 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000712.html ASA-201609-16] {{pkg|php}} multiple issues<br />
* [17 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000711.html ASA-201609-15] {{pkg|jansson}} denial of service<br />
* [17 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000710.html ASA-201609-14] {{pkg|lib32-libgcrypt}} information disclosure<br />
* [17 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000709.html ASA-201609-13] {{pkg|chromium}} multiple issues<br />
* [15 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000708.html ASA-201609-12] {{pkg|lib32-flashplugin}} multiple issues<br />
* [15 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000707.html ASA-201609-11] {{pkg|flashplugin}} multiple issues<br />
* [14 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000706.html ASA-201609-10] {{pkg|mariadb}} multiple issues<br />
* [13 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000705.html ASA-201609-9] {{pkg|powerdns}} denial of service<br />
* [13 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000704.html ASA-201609-8] {{pkg|libtorrent-rasterbar}} denial of service<br />
* [10 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000703.html ASA-201609-7] {{pkg|tomcat8}} proxy injection<br />
* [09 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000702.html ASA-201609-6] {{pkg|graphicsmagick}} multiple issues<br />
* [09 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000701.html ASA-201609-5] {{pkg|file-roller}} directory traversal<br />
* [09 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000700.html ASA-201609-4] {{pkg|wordpress}} multiple issues<br />
* [04 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000699.html ASA-201609-3] {{pkg|thunderbird}} arbitrary code execution<br />
* [01 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000698.html ASA-201609-2] {{pkg|webkit2gtk}} multiple issues<br />
* [01 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000697.html ASA-201609-1] {{pkg|chromium}} multiple issues<br />
<br />
=== August 2016 ===<br />
* [30 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000696.html ASA-201608-22] {{pkg|mupdf}} arbitrary code execution<br />
* [30 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000695.html ASA-201608-21] {{pkg|mupdf}} arbitrary code execution<br />
* [27 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000694.html ASA-201608-20] {{pkg|wireshark-cli}} denial of service<br />
* [26 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000693.html ASA-201608-19] {{pkg|mediawiki}} multiple issues<br />
* [22 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000692.html ASA-201608-18] {{pkg|libgcrypt}} information disclosure<br />
* [21 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000691.html ASA-201608-17] {{pkg|linux-lts}} information disclosure<br />
* [17 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000690.html ASA-201608-16] {{pkg|chromium}} multiple issues<br />
* [17 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000689.html ASA-201608-15] {{pkg|linux-zen}} information disclosure<br />
* [14 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000688.html ASA-201608-14] {{pkg|postgresql}} multiple issues<br />
* [14 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000687.html ASA-201608-13] {{pkg|linux-grsec}} information disclosure<br />
* [14 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000686.html ASA-201608-12] {{pkg|linux}} information disclosure<br />
* [11 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000685.html ASA-201608-11] {{pkg|websvn}} cross-site scripting<br />
* [10 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000684.html ASA-201608-10] {{pkg|jq}} arbitrary code execution<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000683.html ASA-201608-9] {{pkg|curl}} multiple issues<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000682.html ASA-201608-8] {{pkg|libupnp}} arbitrary filesystem access<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000681.html ASA-201608-7] {{pkg|lib32-glibc}} denial of service<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000680.html ASA-201608-6] {{pkg|glibc}} denial of service<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000679.html ASA-201608-5] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000678.html ASA-201608-4] {{pkg|jre7-openjdk}} multiple issues<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000677.html ASA-201608-3] {{pkg|jdk7-openjdk}} multiple issues<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000676.html ASA-201608-2] {{pkg|firefox}} multiple issues<br />
* [02 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000675.html ASA-201608-1] {{pkg|openssh}} information leakage<br />
<br />
=== July 2016 ===<br />
* [30 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000674.html ASA-201607-14] {{pkg|libidn}} denial of service<br />
* [29 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000673.html ASA-201607-13] {{pkg|imagemagick}} information leakage<br />
* [24 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000672.html ASA-201607-12] {{pkg|chromium}} multiple issues<br />
* [22 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000671.html ASA-201607-11] {{pkg|python2-django}} cross site scripting<br />
* [22 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000670.html ASA-201607-10] {{pkg|python-django}} cross site scripting<br />
* [21 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000669.html ASA-201607-9] {{pkg|drupal}} proxy injection<br />
* [20 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000668.html ASA-201607-8] {{pkg|bind}} denial of service<br />
* [18 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000667.html ASA-201607-7] {{pkg|lib32-flashplugin}} multiple issues<br />
* [18 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000666.html ASA-201607-6] {{pkg|flashplugin}} multiple issues<br />
* [17 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000665.html ASA-201607-5] {{pkg|gimp}} arbitrary code execution<br />
* [10 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000664.html ASA-201607-4] {{pkg|thunderbird}} arbitrary code execution<br />
* [05 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000663.html ASA-201607-3] {{pkg|libreoffice-fresh}} arbitrary code execution<br />
* [05 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000662.html ASA-201607-2] {{pkg|xerces-c}} denial of service<br />
* [05 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000661.html ASA-201607-1] {{pkg|libarchive}} arbitrary code execution<br />
<br />
=== June 2016 ===<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000660.html ASA-201606-25] {{pkg|phpmyadmin}} multiple issues<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000659.html ASA-201606-24] {{pkg|libpurple}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000658.html ASA-201606-23] {{pkg|libdwarf}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000657.html ASA-201606-22] {{pkg|xerces-c}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000656.html ASA-201606-21] {{pkg|vlc}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000655.html ASA-201606-20] {{pkg|chromium}} arbitrary code execution<br />
* [20 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000654.html ASA-201606-19] {{pkg|wget}} arbitrary file upload<br />
* [20 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000653.html ASA-201606-18] {{pkg|lib32-flashplugin}} multiple issues<br />
* [19 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000652.html ASA-201606-17] {{pkg|lib32-glibc}} denial of service<br />
* [19 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000651.html ASA-201606-16] {{pkg|glibc}} denial of service<br />
* [19 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000650.html ASA-201606-15] {{pkg|flashplugin}} multiple issues<br />
* [13 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000649.html ASA-201606-14] {{pkg|lib32-expat}} multiple issues<br />
* [13 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000648.html ASA-201606-13] {{pkg|expat}} multiple issues<br />
* [10 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000647.html ASA-201606-12] {{pkg|lib32-gnutls}} arbitrary file overwrite<br />
* [10 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000646.html ASA-201606-11] {{pkg|haproxy}} denial of service<br />
* [10 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000645.html ASA-201606-10] {{pkg|gnutls}} arbitrary file overwrite<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000644.html ASA-201606-9] {{pkg|qemu-arch-extra}} multiple issues<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000643.html ASA-201606-8] {{pkg|qemu}} multiple issues<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000642.html ASA-201606-7] {{pkg|firefox}} multiple issues<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000641.html ASA-201606-6] {{pkg|subversion}} multiple issues<br />
* [5 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000640.html ASA-201606-5] {{pkg|chromium}} multiple issues<br />
* [4 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000639.html ASA-201606-4] {{pkg|ntp}} distributed denial of service amplification<br />
* [4 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000638.html ASA-201606-3] {{pkg|webkit2gtk}} arbitrary code execution<br />
* [1 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000637.html ASA-201606-2] {{pkg|nginx-mainline}} denial of service<br />
* [1 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000636.html ASA-201606-1] {{pkg|nginx}} denial of service<br />
<br />
=== May 2016 ===<br />
<br />
* [28 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000635.html ASA-201605-28] {{pkg|chromium}} multiple issues<br />
* [26 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000634.html ASA-201605-27] {{pkg|libxml2}} multiple issues<br />
* [24 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000633.html ASA-201605-26] {{pkg|libndp}} man-in-the-middle<br />
* [19 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000632.html ASA-201605-25] {{pkg|bugzilla}} cross-site scripting<br />
* [18 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000631.html ASA-201605-24] {{pkg|p7zip}} arbitrary code execution<br />
* [18 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000630.html ASA-201605-23] {{pkg|lib32-expat}} arbitrary code execution<br />
* [18 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000629.html ASA-201605-22] {{pkg|expat}} arbitrary code execution<br />
* [15 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000628.html ASA-201605-21] {{pkg|thunderbird}} arbitrary code execution<br />
* [13 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000627.html ASA-201605-20] {{pkg|lib32-glibc}} multiple issues<br />
* [13 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000626.html ASA-201605-19] {{pkg|glibc}} multiple issues<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000625.html ASA-201605-18] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000624.html ASA-201605-17] {{pkg|libksba}} denial of service<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000623.html ASA-201605-16] {{pkg|flashplugin}} arbitrary code execution<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000622.html ASA-201605-15] {{pkg|chromium}} multiple issues<br />
* [10 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000621.html ASA-201605-14] {{pkg|cacti}} sql injection<br />
* [10 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000620.html ASA-201605-13] {{pkg|squid}} multiple issues<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000619.html ASA-201605-12] {{pkg|mencoder}} denial of service<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000618.html ASA-201605-11] {{pkg|mplayer}} denial of service<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000617.html ASA-201605-10] {{pkg|mercurial}} arbitrary code execution<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000616.html ASA-201605-9] {{pkg|latex2rtf}} arbitrary code execution<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000615.html ASA-201605-8] {{pkg|gd}} arbitrary code execution<br />
* [05 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000614.html ASA-201605-7] {{pkg|chromium}} multiple issues<br />
* [05 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000613.html ASA-201605-6] {{pkg|imagemagick}} arbitrary code execution<br />
* [05 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000612.html ASA-201605-5] {{pkg|quassel-core}} denial of service<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000611.html ASA-201605-4] {{pkg|lib32-openssl}} multiple issues<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000610.html ASA-201605-3] {{pkg|openssl}} multiple issues<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000609.html ASA-201605-2] {{pkg|jasper}} multiple issues<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000608.html ASA-201605-1] {{pkg|imlib2}} multiple issues<br />
<br />
=== April 2016 ===<br />
<br />
* [30 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000607.html ASA-201604-15] {{pkg|firefox}} multiple issues<br />
* [23 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000606.html ASA-201604-14] {{pkg|squid}} multiple issues<br />
* [23 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000605.html ASA-201604-13] {{pkg|samba}} multiple issues<br />
* [23 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000604.html ASA-201604-12] {{pkg|thunderbird}} multiple issues<br />
* [22 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000603.html ASA-201604-11] {{pkg|pgpdump}} denial of service<br />
* [17 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000602.html ASA-201604-10] {{pkg|chromium}} multiple issues<br />
* [17 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000601.html ASA-201604-9] {{pkg|libtasn1}} denial of service<br />
* [14 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000600.html ASA-201604-8] {{pkg|lhasa}} arbitrary code execution<br />
* [10 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000599.html ASA-201604-7] {{pkg|flashplugin}} arbitrary code execution<br />
* [06 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000598.html ASA-201604-6] {{pkg|mercurial}} arbitrary code execution<br />
* [04 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000597.html ASA-201604-5] {{pkg|optipng}} arbitrary code execution<br />
* [02 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000596.html ASA-201604-4] {{pkg|squid}} denial of service<br />
* [01 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000595.html ASA-201604-3] {{pkg|jre7-openjdk-headless}} sandbox escape<br />
* [01 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000594.html ASA-201604-2] {{pkg|jre7-openjdk}} sandbox escape<br />
* [01 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000593.html ASA-201604-1] {{pkg|jdk7-openjdk}} sandbox escape<br />
<br />
=== March 2016 ===<br />
<br />
* [29 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000592.html ASA-201603-27] {{pkg|jre8-openjdk-headless}} sandbox escape<br />
* [29 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000591.html ASA-201603-26] {{pkg|jre8-openjdk}} sandbox escape<br />
* [29 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000590.html ASA-201603-25] {{pkg|jdk8-openjdk}} sandbox escape<br />
* [26 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000589.html ASA-201603-24] {{pkg|chromium}} multiple issues<br />
* [24 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000588.html ASA-201603-23] {{pkg|expat}} arbitrary code execution<br />
* [24 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000587.html ASA-201603-22] {{pkg|botan}} multiple issues<br />
* [20 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000586.html ASA-201603-21] {{pkg|thunderbird}} multiple issues<br />
* [20 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000585.html ASA-201603-20] {{pkg|git}} remote command execution<br />
* [14 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000584.html ASA-201603-19] {{pkg|dropbear}} command injection<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000583.html ASA-201603-18] {{pkg|pcre}} arbitrary code execution<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000582.html ASA-201603-17] {{pkg|wireshark-gtk}} denial of service<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000581.html ASA-201603-16] {{pkg|wireshark-qt}} denial of service<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000580.html ASA-201603-15] {{pkg|wireshark-cli}} denial of service<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000579.html ASA-201603-14] {{pkg|pidgin-otr}} arbitrary code execution<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000578.html ASA-201603-13] {{pkg|bind}} denial of service<br />
* [11 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000577.html ASA-201603-12] {{pkg|openssh}} command injection<br />
* [11 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000576.html ASA-201603-11] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [11 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000575.html ASA-201603-10] {{pkg|flashplugin}} arbitrary code execution<br />
* [10 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000574.html ASA-201603-9] {{pkg|perl}} improper input validation<br />
* [10 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000573.html ASA-201603-8] {{pkg|exim}} privilege escalation<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000572.html ASA-201603-7] {{pkg|bind}} denial of service<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000571.html ASA-201603-6] {{pkg|libotr}} arbitrary code execution<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000570.html ASA-201603-5] {{pkg|chromium}} multiple issues<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000569.html ASA-201603-4] {{pkg|firefox}} multiple issues<br />
* [7 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000568.html ASA-201603-3] {{pkg|lib32-openssl}} multiple issues<br />
* [7 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000567.html ASA-201603-2] {{pkg|openssl}} multiple issues<br />
* [3 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000566.html ASA-201603-1] {{pkg|chromium}} multiple issues<br />
<br />
=== February 2016 ===<br />
<br />
* [28 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000565.html ASA-201602-24] {{pkg|cacti}} SQL injection<br />
* [28 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000564.html ASA-201602-23] {{pkg|lib32-glibc}} unbound stack usage<br />
* [28 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000563.html ASA-201602-22] {{pkg|glibc}} unbound stack usage<br />
* [25 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000562.html ASA-201602-21] {{pkg|lib32-libssh2}} man-in-the-middle<br />
* [25 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000561.html ASA-201602-20] {{pkg|libssh2}} man-in-the-middle<br />
* [24 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000560.html ASA-201602-19] {{pkg|libgcrypt}} secret key extraction<br />
* [23 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000559.html ASA-201602-18] {{pkg|libssh}} man-in-the-middle<br />
* [21 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000558.html ASA-201602-17] {{pkg|chromium}} multiple issues<br />
* [21 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000557.html ASA-201602-16] {{pkg|thunderbird}} multiple issues<br />
* [17 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000555.html ASA-201602-15] {{pkg|lib32-glibc}} multiple issues<br />
* [17 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000554.html ASA-201602-14] {{pkg|glibc}} multiple issues<br />
* [13 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000553.html ASA-201602-13] {{pkg|nghttp2}} denial of service<br />
* [13 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000552.html ASA-201602-12] {{pkg|firefox}} same-origin policy bypass<br />
* [10 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000551.html ASA-201602-11] {{pkg|botan}} multiple issues<br />
* [10 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000550.html ASA-201602-10] {{pkg|kscreenlocker}} access restriction bypass<br />
* [6 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000549.html ASA-201602-9] {{pkg|lib32-libsndfile}} multiple issues<br />
* [6 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000548.html ASA-201602-8] {{pkg|libsndfile}} multiple issues<br />
* [4 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000547.html ASA-201602-7] {{pkg|libbsd}} denial of service<br />
* [3 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000546.html ASA-201602-6] {{pkg|lib32-nettle}} improper cryptographic calculations<br />
* [3 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000545.html ASA-201602-5] {{pkg|nettle}} improper cryptographic calculations<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000544.html ASA-201602-4] {{pkg|lib32-curl}} man-in-the-middle<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000543.html ASA-201602-3] {{pkg|curl}} man-in-the-middle<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000542.html ASA-201602-2] {{pkg|python2-django}} permission bypass<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000540.html ASA-201602-1] {{pkg|python-django}} permission bypass<br />
<br />
=== January 2016 ===<br />
* [29 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000539.html ASA-201601-33] {{pkg|lib32-openssl}} man-in-the-middle<br />
* [29 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000538.html ASA-201601-32] {{pkg|openssl}} man-in-the-middle<br />
* [27 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000536.html ASA-201601-31] {{pkg|nginx}} denial of service<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000535.html ASA-201601-30] {{pkg|blueman}} privilege escalation<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000534.html ASA-201601-29] {{pkg|mbedtls}} man-in-the-middle<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000533.html ASA-201601-28] {{pkg|chromium}} multiple issues<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000532.html ASA-201601-27] {{pkg|privoxy}} denial of service<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000531.html ASA-201601-26] {{pkg|linux-lts}} privilege escalation<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000530.html ASA-201601-25] {{pkg|ecryptfs-utils}} privilege escalation<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000529.html ASA-201601-24] {{pkg|python2-rsa}} signature forgery<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000528.html ASA-201601-23] {{pkg|python-rsa}} signature forgery<br />
* [21 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000527.html ASA-201601-22] {{pkg|libdwarf}} denial of service<br />
* [21 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000526.html ASA-201601-21] {{pkg|bind}} denial of service<br />
* [20 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000525.html ASA-201601-20] {{pkg|linux}} privilege escalation<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000524.html ASA-201601-19] {{pkg|ntp}} time alteration<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000523.html ASA-201601-18] {{pkg|roundcubemail}} remote code execution<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000522.html ASA-201601-17] {{pkg|ffmpeg}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000521.html ASA-201601-16] {{pkg|syncthing}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000520.html ASA-201601-15] {{pkg|keybase}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000519.html ASA-201601-14] {{pkg|hub}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000518.html ASA-201601-13] {{pkg|go-ipfs}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000517.html ASA-201601-12] {{pkg|docker}} information leakage<br />
* [16 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000516.html ASA-201601-11] {{pkg|go}} information leakage<br />
* [14 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000515.html ASA-201601-10] {{pkg|php}} multiple issues<br />
* [14 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000512.html ASA-201601-9] {{pkg|openssh}} multiple issues<br />
* [13 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000487.html ASA-201601-8] {{pkg|libxslt}} denial of service<br />
* [11 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000486.html ASA-201601-7] {{pkg|dhcpcd}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000485.html ASA-201601-6] {{pkg|wireshark-qt}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000484.html ASA-201601-5] {{pkg|wireshark-gtk}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000483.html ASA-201601-4] {{pkg|wireshark-cli}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000482.html ASA-201601-3] {{pkg|gajim}} man-in-the-middle<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000481.html ASA-201601-2] {{pkg|wordpress}} cross-side scripting<br />
* [02 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000480.html ASA-201601-1] {{pkg|rtmpdump}} multiple issues<br />
<br />
=== December 2015 ===<br />
<br />
* [28 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000479.html ASA-201512-19] {{pkg|openvpn}} out-of-bound read<br />
* [28 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000478.html ASA-201512-18] {{pkg|libpng}} buffer overflow<br />
* [28 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000477.html ASA-201512-17] {{pkg|flashplugin}}, {{pkg|lib32-flashplugin}} multiple issues<br />
* [25 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000476.html ASA-201512-16] {{pkg|nghttp2}} use-after-free<br />
* [25 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000475.html ASA-201512-15] {{pkg|mediawiki}} multiple issues<br />
* [25 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000474.html ASA-201512-14] {{pkg|thunderbird}} multiple issues<br />
* [22 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000473.html ASA-201512-13] {{pkg|claws-mail}} buffer overflow<br />
* [17 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000472.html ASA-201512-12] {{pkg|python2-pyamf}} XML external entity injection<br />
* [17 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000471.html ASA-201512-11] {{pkg|ruby}} unsafe tainted string usage<br />
* [16 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000468.html ASA-201512-10] {{pkg|bind}} denial of service<br />
* [15 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000467.html ASA-201512-9] {{pkg|firefox}} multiple issues<br />
* [10 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000466.html ASA-201512-8] {{pkg|keepassx}} information disclosure<br />
* [09 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000465.html ASA-201512-7] {{pkg|flashplugin}} multiple issues<br />
* [09 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000464.html ASA-201512-6] {{pkg|libxml2}} multiple issues<br />
* [09 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000463.html ASA-201512-5] {{pkg|chromium}} multiple issues<br />
* [05 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000462.html ASA-201512-4] {{pkg|nodejs}} denial of service<br />
* [05 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000460.html ASA-201512-3] {{pkg|python-django}} {{pkg|python2-django}} information leakage<br />
* [05 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000459.html ASA-201512-2] {{pkg|openssl}} {{pkg|lib32-openssl}} multiple issues<br />
* [02 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000440.html ASA-201512-1] {{pkg|chromium}} multiple issues<br />
<br />
=== November 2015 ===<br />
<br />
* [18 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000439.html ASA-201511-11] {{pkg|jenkins}} multiple issues<br />
* [17 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000438.html ASA-201511-10] {{pkg|lib32-libpng}} multiple issues<br />
* [17 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000437.html ASA-201511-9] {{pkg|libpng}} multiple issues<br />
* [13 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000436.html ASA-201511-8] {{pkg|chromium}} information leakage<br />
* [12 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000435.html ASA-201511-7] {{pkg|putty}} arbitrary code execution<br />
* [12 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000434.html ASA-201511-6] {{pkg|powerdns}} denial of service<br />
* [11 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000433.html ASA-201511-5] {{pkg|flashplugin}} multiple issues<br />
* [06 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000432.html ASA-201511-4] {{pkg|nspr}} arbitrary code execution<br />
* [06 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000431.html ASA-201511-3] {{pkg|nss}} arbitrary code execution<br />
* [04 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000430.html ASA-201511-2] {{pkg|firefox}} multiple issues<br />
* [03 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000429.html ASA-201511-1] {{pkg|unzip}} multiple issues<br />
<br />
=== October 2015 ===<br />
<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000428.html ASA-201510-26] {{pkg|mariadb}} denial of service<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000427.html ASA-201510-25] {{pkg|lldpd}} denial of service<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000426.html ASA-201510-24] {{pkg|wordpress}} multiple issues<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000425.html ASA-201510-23] {{pkg|phpmyadmin}} content spoofing<br />
* [27 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000424.html ASA-201510-22] {{pkg|vorbis-tools}} denial of service<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000423.html ASA-201510-21] {{pkg|drupal}} open redirect<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000422.html ASA-201510-20] {{pkg|jre8-openjdk-headless}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000421.html ASA-201510-19] {{pkg|jre8-openjdk}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000420.html ASA-201510-18] {{pkg|jdk8-openjdk}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000419.html ASA-201510-17] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000418.html ASA-201510-16] {{pkg|jre7-openjdk}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000417.html ASA-201510-15] {{pkg|jdk7-openjdk}} multiple issues<br />
* [22 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000416.html ASA-201510-14] {{pkg|ntp}} multiple issues<br />
* [19 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000415.html ASA-201510-13] {{pkg|spice}} multiple issues<br />
* [18 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000414.html ASA-201510-12] {{pkg|flashplugin}} arbitrary code execution<br />
* [18 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000413.html ASA-201510-11] {{pkg|miniupnpc}} arbitrary code execution<br />
* [16 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000412.html ASA-201510-10] {{pkg|firefox}} cross-origin restriction bypass<br />
* [15 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000411.html ASA-201510-9] {{pkg|mbedtls}} arbitrary code execution<br />
* [14 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000410.html ASA-201510-8] {{pkg|chromium}} multiple issues<br />
* [14 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000409.html ASA-201510-7] {{pkg|flashplugin}} multiple issues<br />
* [10 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000408.html ASA-201510-6] {{pkg|gdk-pixbuf2}} multiple issues<br />
* [08 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000407.html ASA-201510-5] {{pkg|opensmtpd}} multiple issues<br />
* [08 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000406.html ASA-201510-4] {{pkg|bugzilla}} unauthorized account creation<br />
* [05 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000405.html ASA-201510-3] {{pkg|nodejs}} denial of service<br />
* [05 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000404.html ASA-201510-2] {{pkg|hostapd}} denial of service<br />
* [05 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000403.html ASA-201510-1] {{pkg|libunwind}} denial of service<br />
<br />
=== September 2015 ===<br />
* [28 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000401.html ASA-201509-11] {{pkg|chromium}} cross-origin bypass<br />
* [25 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000400.html ASA-201509-10] {{pkg|rpcbind}} denial of service<br />
* [23 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000399.html ASA-201509-9] {{pkg|firefox}} multiple issues<br />
* [22 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000398.html ASA-201509-8] {{pkg|flashplugin}} multiple issues<br />
* [21 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000397.html ASA-201509-7] {{pkg|wordpress}} multiple issues<br />
* [13 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000395.html ASA-201509-6] {{pkg|icedtea-web}} multiple issues<br />
* [13 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000394.html ASA-201509-5] {{pkg|libvdpau}} {{pkg|lib32-libvdpau}} multiple issues<br />
* [13 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000393.html ASA-201509-4] {{pkg|openldap}} denial of service<br />
* [07 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000392.html ASA-201509-3] {{pkg|powerdns}} denial of service<br />
* [03 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000391.html ASA-201509-2] {{pkg|bind}} denial of service<br />
* [02 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000390.html ASA-201509-1] {{pkg|chromium}} multiple issues<br />
<br />
=== August 2015 ===<br />
* [28 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000389.html ASA-201508-12] {{pkg|firefox}} multiple issues<br />
* [26 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000388.html ASA-201508-11] {{pkg|pcre}} arbitrary code execution<br />
* [26 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000387.html ASA-201508-10] {{pkg|jasper}} denial of service<br />
* [25 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000386.html ASA-201508-9] {{pkg|django}} denial of service<br />
* [25 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000385.html ASA-201508-8] {{pkg|gnutls}} denial of service<br />
* [16 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000384.html ASA-201508-7] {{pkg|glibc}} denial of service<br />
* [14 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000383.html ASA-201508-6] {{pkg|freeradius}} insufficient CRL validation<br />
* [14 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000382.html ASA-201508-5] {{pkg|subversion}} authentication bypass<br />
* [12 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000381.html ASA-201508-4] {{pkg|firefox}} multiple issues<br />
* [11 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000380.html ASA-201508-3] {{pkg|ppp}} denial of service<br />
* [07 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000379.html ASA-201508-2] {{pkg|wordpress}} multiple issues<br />
* [07 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000378.html ASA-201508-1] {{pkg|firefox}} information leakage<br />
<br />
=== July 2015 ===<br />
* [29 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000377.html ASA-201507-23] {{pkg|pacman}} silent downgrade<br />
* [29 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000376.html ASA-201507-22] {{pkg|bind}} denial of service<br />
* [29 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000375.html ASA-201507-21] {{pkg|qemu}} multiple issues<br />
* [24 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000374.html ASA-201507-20] {{pkg|crypto++}} private key recovery<br />
* [24 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000373.html ASA-201507-19] {{pkg|libuser}} privilege escalation<br />
* [23 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000371.html ASA-201507-18] {{pkg|chromium}} multiple issues<br />
* [23 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000372.html ASA-201507-17] {{pkg|openssh}} authentication limits bypass<br />
* [22 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000370.html ASA-201507-16] {{pkg|jre7-openjdk}} multiple issues<br />
* [17 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000369.html ASA-201507-15] {{pkg|apache}} multiple issues<br />
* [16 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000368.html ASA-201507-14] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [16 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000367.html ASA-201507-13] {{pkg|flashplugin}} arbitrary code execution<br />
* [13 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000366.html ASA-201507-12] {{pkg|lib32-openssl}} man-in-the-middle<br />
* [12 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000365.html ASA-201507-11] {{pkg|lib32-krb5}} multiple issues<br />
* [12 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000364.html ASA-201507-10] {{pkg|krb5}} multiple issues<br />
* [11 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000363.html ASA-201507-9] {{pkg|thunderbird}} multiple issues<br />
* [09 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000362.html ASA-201507-8] {{pkg|openssl}} man-in-the-middle<br />
* [08 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000361.html ASA-201507-7] {{pkg|flashplugin}} remote code execution<br />
* [07 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000360.html ASA-201507-6] {{pkg|bind}} denial of service<br />
* [07 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000359.html ASA-201507-5] {{pkg|ntp}} denial of service<br />
* [04 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000358.html ASA-201507-4] {{pkg|openssh}} XSECURITY restrictions bypass<br />
* [04 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000357.html ASA-201507-3] {{pkg|haproxy}} information leakage<br />
* [03 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000356.html ASA-201507-2] {{pkg|firefox}} remote code execution<br />
* [03 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000355.html ASA-201507-1] {{pkg|wesnoth}} information leakage<br />
<br />
=== June 2015 ===<br />
* [24 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000346.html ASA-201506-5] {{pkg|flashplugin}} remote code execution<br />
* [22 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000345.html ASA-201506-4] {{pkg|curl}} information leakage<br />
* [12 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000344.html ASA-201506-3] {{pkg|openssl}} multiple issues<br />
* [10 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000343.html ASA-201506-2] {{pkg|cups}} multiple issues<br />
* [01 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000342.html ASA-201506-1] {{pkg|pcre}} buffer overflow<br />
<br />
=== May 2015 ===<br />
* [28 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000341.html ASA-201505-20] {{pkg|curl}} information leakage<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000340.html ASA-201505-19] {{pkg|webkitgtk2}} man-in-the-middle<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000339.html ASA-201505-18] {{pkg|webkitgtk}} man-in-the-middle<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000338.html ASA-201505-17] {{pkg|postgresql}} multiple issues<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000337.html ASA-201505-16] {{pkg|pgbouncer}} denial of service<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000336.html ASA-201505-15] {{pkg|nbd}} denial of service<br />
* [21 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000335.html ASA-201505-14] {{pkg|chromium}} multiple issues<br />
* [18 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000332.html ASA-201505-13] {{pkg|thunderbird}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000331.html ASA-201505-12] {{pkg|wireshark-gtk}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000330.html ASA-201505-11] {{pkg|wireshark-qt}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000329.html ASA-201505-10] {{pkg|wireshark-cli}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000328.html ASA-201505-9] {{pkg|qemu}} arbitrary code execution<br />
* [13 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000321.html ASA-201505-8] {{pkg|tomcat6}} denial of service<br />
* [13 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000320.html ASA-201505-7] {{pkg|firefox}} multiple issues<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000319.html ASA-201505-6] {{pkg|docker}} multiple issues<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000318.html ASA-201505-5] {{pkg|libtasn1}} arbitrary code execution<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000317.html ASA-201505-4] {{pkg|mariadb-clients}} multiple issues<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000316.html ASA-201505-3] {{pkg|mariadb}} multiple issues<br />
* [03 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000315.html ASA-201505-2] {{pkg|clamav}} multiple issues<br />
* [01 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000314.html ASA-201505-1] {{pkg|squid}} weak certificate validation<br />
<br />
=== Apr 2015 ===<br />
* [30 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000313.html ASA-201504-32] {{pkg|perl-xml-libxml}} xml external entity injection<br />
* [29 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000312.html ASA-201504-31] {{pkg|dovecot}} denial of service<br />
* [29 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000311.html ASA-201504-30] {{pkg|chromium}} multiple issues<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000310.html ASA-201504-29] {{pkg|wpa_supplicant}} arbitrary code execution<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000309.html ASA-201504-28] {{pkg|curl}} multiple issues<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000308.html ASA-201504-27] {{pkg|powerdns-recursor}} denial of service<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000307.html ASA-201504-26] {{pkg|powerdns}} denial of service<br />
* [23 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000305.html ASA-201504-25] {{pkg|glibc}} arbitrary code execution<br />
* [22 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000304.html ASA-201504-24] {{pkg|firefox}} arbitrary code execution<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000302.html ASA-201504-23] {{pkg|jre8-openjdk-headless}} multiple issues<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000301.html ASA-201504-22] {{pkg|jre8-openjdk}} multiple issues<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000300.html ASA-201504-21] {{pkg|jdk8-openjdk}} multiple issues<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000299.html ASA-201504-20] {{pkg|tcpdump}} denial of service<br />
* [18 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000298.html ASA-201504-19] {{pkg|chromium}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000297.html ASA-201504-18] {{pkg|flashplugin}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000296.html ASA-201504-17] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000295.html ASA-201504-16] {{pkg|jre7-openjdk}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000294.html ASA-201504-15] {{pkg|jdk7-openjdk}} multiple issues<br />
* [15 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000291.html ASA-201504-14] {{pkg|php}} multiple issues<br />
* [14 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000282.html ASA-201504-13] {{pkg|ruby}} permissive certificate matching<br />
* [11 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000281.html ASA-201504-12] {{pkg|icecast}} denial of service<br />
* [10 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000280.html ASA-201504-11] {{pkg|mediawiki}} multiple issues<br />
* [09 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000279.html ASA-201504-10] {{pkg|libssh2}} out-of-bounds read<br />
* [08 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000278.html ASA-201504-9] {{pkg|chrony}} denial of service<br />
* [08 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000275.html ASA-201504-8] {{pkg|ntp}} multiple issues<br />
* [07 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000274.html ASA-201504-7] {{pkg|tor}} multiple issues<br />
* [04 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000272.html ASA-201504-6] {{pkg|thunderbird}} multiple issues<br />
* [04 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000273.html ASA-201504-5] {{pkg|java-batik}} xml external entity injection<br />
* [04 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000271.html ASA-201504-4] {{pkg|firefox}} certificate verification bypass<br />
* [03 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000270.html ASA-201504-3] {{pkg|libtasn1}} stack overflow<br />
* [02 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000269.html ASA-201504-2] {{pkg|chromium}} remote code execution<br />
* [01 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000268.html ASA-201504-1] {{pkg|firefox}} multiple issues<br />
<br />
=== Mar 2015 ===<br />
* [31 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000267.html ASA-201503-26] {{pkg|musl}} arbitrary code execution<br />
* [28 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000266.html ASA-201503-25] {{pkg|php}} zip integer overflow<br />
* [25 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000265.html ASA-201503-24] {{pkg|vorbis-tools}} denial of service<br />
* [24 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000264.html ASA-201503-23] {{pkg|util-linux}} command injection<br />
* [23 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000263.html ASA-201503-22] {{pkg|cpio}} directory traversal<br />
* [21 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000262.html ASA-201503-21] {{pkg|firefox}} multiple issues<br />
* [20 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000261.html ASA-201503-20] {{pkg|tcpdump}} multiple issues<br />
* [20 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000260.html ASA-201503-19] {{pkg|xerces-c}} denial of service<br />
* [20 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000259.html ASA-201503-18] {{pkg|drupal}} multiple issues<br />
* [19 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000258.html ASA-201503-17] {{pkg|lib32-openssl}} multiple issues<br />
* [19 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000257.html ASA-201503-16] {{pkg|openssl}} multiple issues<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000256.html ASA-201503-15] {{pkg|libxfont}} multiple issues<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000255.html ASA-201503-14] {{pkg|ecryptfs-utils}} hard-coded passphrase salt<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000254.html ASA-201503-13] {{pkg|ettercap-gtk}} multiple issues<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000253.html ASA-201503-12] {{pkg|ettercap}} multiple issues<br />
* [16 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000252.html ASA-201503-11] {{pkg|flashplugin}} multiple issues<br />
* [16 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000251.html ASA-201503-10] {{pkg|librsync}} checksum collision<br />
* [15 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000250.html ASA-201503-9] {{pkg|unzip}} arbitrary code execution<br />
* [12 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000249.html ASA-201503-8] {{pkg|e2fsprogs}} arbitrary code execution<br />
* [11 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000248.html ASA-201503-7] {{pkg|python2-django}} {{pkg|python-django}} cross site scripting<br />
* [09 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000247.html ASA-201503-6] {{pkg|mutt}} denial of service<br />
* [05 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000245.html ASA-201503-5] {{pkg|chromium}} multiple issues<br />
* [05 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000244.html ASA-201503-4] {{pkg|grep}} denial of service<br />
* [02 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000243.html ASA-201503-3] {{pkg|lib32-elfutils}} directory traversal<br />
* [02 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000242.html ASA-201503-2] {{pkg|elfutils}} directory traversal<br />
* [02 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000241.html ASA-201503-1] {{pkg|putty}} information disclosure<br />
<br />
=== Feb 2015 ===<br />
* [25 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000238.html ASA-201502-15] {{pkg|thunderbird}} multiple issues<br />
* [25 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000237.html ASA-201502-14] {{pkg|firefox}} multiple issues<br />
* [23 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000236.html ASA-201502-13] {{pkg|samba}} arbitrary code execution<br />
* [17 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000235.html ASA-201502-12] {{pkg|krb5}} multiple issues<br />
* [11 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000234.html ASA-201502-11] {{pkg|xorg-server}} information leak and denial of service<br />
* [10 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000233.html ASA-201502-10] {{pkg|dbus}} denial of service<br />
* [09 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000232.html ASA-201502-9] {{pkg|pigz}} remote write to arbitrary file<br />
* [09 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000231.html ASA-201502-8] {{pkg|glibc}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000230.html ASA-201502-7] {{pkg|ntp}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000229.html ASA-201502-6] {{pkg|clamav}} arbitrary code execution<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000228.html ASA-201502-5] {{pkg|chromium}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000227.html ASA-201502-4] {{pkg|postgresql}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000226.html ASA-201502-3] {{pkg|mantisbt}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000225.html ASA-201502-2] {{pkg|flashplugin}} remote code execution<br />
* [03 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000224.html ASA-201502-1] {{pkg|privoxy}} denial of service<br />
<br />
=== Jan 2015 ===<br />
* [28 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000223.html ASA-201501-24] {{pkg|patch}} multiple issues<br />
* [27 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000222.html ASA-201501-23] {{pkg|jasper}} arbitrary code execution<br />
* [26 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000220.html ASA-201501-22] {{pkg|flashplugin}} multiple issues<br />
* [25 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000219.html ASA-201501-21] {{pkg|chromium}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000218.html ASA-201501-20] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000217.html ASA-201501-19] {{pkg|jre7-openjdk}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000216.html ASA-201501-18] {{pkg|jdk7-openjdk}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000215.html ASA-201501-17] {{pkg|php}} remote code execution<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000212.html ASA-201501-16] {{pkg|jre8-openjdk-headless}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000211.html ASA-201501-15] {{pkg|jre8-openjdk}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000210.html ASA-201501-14] {{pkg|jdk8-openjdk}} multiple issues<br />
* [20 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000209.html ASA-201501-13] {{pkg|polarssl}} remote code execution<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000208.html ASA-201501-12] {{pkg|libssh}} denial of service<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000207.html ASA-201501-11] {{pkg|tinyproxy}} denial of service<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000206.html ASA-201501-10] {{pkg|samba}} privilege elevation<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000205.html ASA-201501-9] {{pkg|curl}} url request injection<br />
* [15 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000204.html ASA-201501-8] {{pkg|flashplugin}} multiple issues<br />
* [14 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000203.html ASA-201501-7] {{pkg|thunderbird}} multiple issues<br />
* [14 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000202.html ASA-201501-6] {{pkg|firefox}} multiple issues<br />
* [14 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000201.html ASA-201501-5] {{pkg|cpio}} heap buffer overflow<br />
* [13 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000200.html ASA-201501-4] {{pkg|libevent}} heap overflow<br />
* [10 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000199.html ASA-201501-3] {{pkg|unzip}} arbitrary code execution<br />
* [09 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000198.html ASA-201501-2] {{pkg|openssl}} multiple issues<br />
* [07 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000192.html ASA-201501-1] {{pkg|imagemagick}} multiple issues<br />
<br />
=== Dec 2014 ===<br />
* [22 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000189.html ASA-201412-24] {{pkg|ntp}} multiple issues<br />
* [18 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000183.html ASA-201412-23] {{pkg|php}} use after free<br />
* [18 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000182.html ASA-201412-22] {{pkg|jasper}} arbitrary code execution<br />
* [18 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000181.html ASA-201412-21] {{pkg|glibc}} arbitrary code execution<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000178.html ASA-201412-20] {{pkg|unrtf}} arbitrary code execution<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000177.html ASA-201412-19] {{pkg|dokuwiki}} cross-site scripting<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000176.html ASA-201412-18] {{pkg|nss}} signature forgery<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000175.html ASA-201412-17] {{pkg|subversion}} denial of service<br />
* [15 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000174.html ASA-201412-16] {{pkg|docker}} multiple issues<br />
* [15 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000173.html ASA-201412-15] {{pkg|python2}} multiple issues<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000172.html ASA-201412-14] {{pkg|xorg-server}} multiple issues<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000171.html ASA-201412-13] {{pkg|flashplugin}} multiple issues<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000170.html ASA-201412-12] {{pkg|nvidia}} arbitrary code execution<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000169.html ASA-201412-11] {{pkg|nvidia-340xx}} arbitrary code execution<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000168.html ASA-201412-10] {{pkg|nvidia-304xx}} arbitrary code execution<br />
* [09 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000167.html ASA-201412-9] {{pkg|powerdns-recursor}} denial of service<br />
* [09 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000166.html ASA-201412-8] {{pkg|unbound}} denial of service<br />
* [08 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000165.html ASA-201412-7] {{pkg|bind}} denial of service<br />
* [08 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000164.html ASA-201412-6] {{pkg|mantisbt}} multiple issues<br />
* [04 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000163.html ASA-201412-5] {{pkg|antiword}} buffer overflow<br />
* [03 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000162.html ASA-201412-4] {{pkg|graphviz}} format string vulnerability<br />
* [03 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000161.html ASA-201412-3] {{pkg|firefox}} multiple issues<br />
* [02 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000160.html ASA-201412-2] {{pkg|openvpn}} denial of service<br />
* [01 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000159.html ASA-201412-1] {{pkg|gnupg}} denial of service<br />
<br />
=== Nov 2014 ===<br />
* [28 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000156.html ASA-201411-31] {{pkg|libksba}} denial of service<br />
* [28 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000157.html ASA-201411-32] {{pkg|icecast}} information leak<br />
* [28 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000158.html ASA-201411-33] {{pkg|libjpeg-turbo}} denial of service <br />
* [26 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000155.html ASA-201411-30] {{pkg|flac}} arbitrary code execution<br />
* [26 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000154.html ASA-201411-29] {{pkg|pcre}} heap buffer overflow<br />
* [23 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000153.html ASA-201411-28] {{pkg|dbus}} denial of service<br />
* [21 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000152.html ASA-201411-27] {{pkg|glibc}} command execution<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000151.html ASA-201411-26] {{pkg|chromium}} multiple issues<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000150.html ASA-201411-25] {{pkg|drupal}} session hijacking and denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000149.html ASA-201411-24] {{pkg|wireshark-qt}} denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000148.html ASA-201411-23] {{pkg|wireshark-gtk}} denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000147.html ASA-201411-22] {{pkg|wireshark-cli}} denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000146.html ASA-201411-21] {{pkg|clamav}} denial of service<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000145.html ASA-201411-20] {{pkg|avr-binutils}} multiple issues<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000144.html ASA-201411-19] {{pkg|mingw-w64-binutils}} multiple issues<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000143.html ASA-201411-18] {{pkg|arm-none-eabi-binutils}} multiple issues<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000142.html ASA-201411-17] {{pkg|binutils}} multiple issues<br />
* [17 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000141.html ASA-201411-16] {{pkg|ruby}} denial of service<br />
* [17 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000140.html ASA-201411-15] {{pkg|linux-lts}} local denial of service, privilege escalation<br />
* [17 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000139.html ASA-201411-14] {{pkg|linux}} local denial of service, privilege escalation<br />
* [13 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000138.html ASA-201411-13] {{pkg|php}} denial of service<br />
* [13 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000137.html ASA-201411-12] {{pkg|imagemagick}} denial of service<br />
* [13 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000136.html ASA-201411-11] {{pkg|flashplugin}} remote code execution<br />
* [12 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000135.html ASA-201411-10] {{pkg|gnutls}} out-of-bounds memory write<br />
* [12 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000134.html ASA-201411-9] {{pkg|file}} denial of service through out-of-bounds read<br />
* [12 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000133.html ASA-201411-8] {{pkg|mantisbt}} arbitrary code execution and unrestricted access<br />
* [11 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000132.html ASA-201411-7] {{pkg|curl}} out-of-bounds read<br />
* [10 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000131.html ASA-201411-6] {{pkg|kdebase-workspace}} local privilege escalation<br />
* [09 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000130.html ASA-201411-5] {{pkg|konversation}} denial of service<br />
* [06 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000129.html ASA-201411-4] {{pkg|polarssl}} multiple issues<br />
* [05 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000128.html ASA-201411-3] {{pkg|mantisbt}} sql injection<br />
* [03 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000127.html ASA-201411-2] {{pkg|aircrack-ng}} multiple vulnerabilities<br />
* [01 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000126.html ASA-201411-1] {{pkg|tnftp}} arbitrary command execution<br />
<br />
=== Oct 2014 ===<br />
<br />
* [29 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000125.html ASA-201410-14] {{pkg|wget}} arbitrary filesystem access<br />
* [27 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000124.html ASA-201410-13] {{pkg|ejabberd}} circumvention of encryption<br />
* [24 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000123.html ASA-201410-12] {{pkg|libxml2}} Denial of service<br />
* [24 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000122.html ASA-201410-11] {{pkg|ctags}} Denial of service<br />
* [23 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000121.html ASA-201410-10] {{pkg|libvncserver}} Remote code execution and Remote DoS<br />
* [22 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000120.html ASA-201410-9] {{pkg|libpurple}} Remote DoS and Information leakage<br />
* [20 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000119.html ASA-201410-8] {{pkg|wpa_supplicant}}, {{pkg|hostapd}} Arbitrary command execution<br />
* [16 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000118.html ASA-201410-7] {{pkg|drupal}} SQL Injection<br />
* [16 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000117.html ASA-201410-6] {{pkg|openssl}} Memory leak and poodle mitigation<br />
* [15 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000116.html ASA-201410-4] {{pkg|zeromq}} Man-in-the-middle downgrade and replay attack<br />
* [8 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000115.html ASA-201410-5] {{pkg|rsyslog}} Denial of service<br />
* [4 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000114.html ASA-201410-3] {{pkg|mediawiki}} Cross-site Scripting (XSS) and UI redressing<br />
* [2 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000113.html ASA-201410-2] {{pkg|jenkins}} Multiple issues<br />
* [1 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000112.html ASA-201410-1] {{pkg|rsyslog}} Remote denial of service<br />
<br />
=== Sep 2014 ===<br />
<br />
* [29 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000111.html ASA-201409-5] {{pkg|libvirt}} Out-of-bounds read access<br />
* [29 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000109.html ASA-201409-4] {{pkg|mediawiki}} Cross-site Scripting (XSS)<br />
* [26 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000102.html ASA-201409-3] {{pkg|python2}} Information leakage through integer overflow<br />
* [26 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000099.html ASA-201409-2] {{pkg|bash}} Remote code execution<br />
* [25 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000097.html ASA-201409-1] {{pkg|nss}} Signature forgery attack<br />
<br />
==Publishing a new advisory==<br />
<br />
We try to always wait for the vulnerability to have been fixed in the corresponding package before issuing an advisory.<br />
In case of an extremely critical vulnerability,<br />
we may issue an advisory before the package has been fixed, but only if a work-around exists. <br />
<br />
If you want to publish a new advisory, please check that:<br />
* the corresponding Arch Linux package is really vulnerable ;<br />
* the tracking [[Arch_CVE_Monitoring_Team#Procedure|Procedure]] has been completed;<br />
* no Arch Linux Security Advisory for this vulnerability has been published yet ;<br />
* no upcoming Security Advisory for this vulnerability has been claimed in the "[[#Scheduled Advisories|Scheduled Advisories]]" list of this page, as it would mean that someone is already working on an advisory ;<br />
* the current maintainer has been notified, either by flagging the package ouf-of-date if an upstream release fixing the issue exists and/or by creating a new [https://bugs.archlinux.org/ bug-tracker] entry (see the exact procedure [[Arch_CVE_Monitoring_Team#Procedure|here]]).<br />
<br />
You may then:<br />
* add a line in the "[[#Scheduled Advisories|Scheduled Advisories]]" list of this page, indicating that you are going to publish an advisory soon ;<br />
* use the following template as an example to write the advisory ;<br />
* ensure that every line in the advisory is properly wrapped after 72 characters<br />
* send the advisory to the [https://mailman.archlinux.org/mailman/listinfo/arch-security arch-security] mailing-list (note that it would be nice if you could send a PGP-signed e-mail, but it is not required).<br />
* move the published advisory from "[[#Scheduled Advisories|Scheduled Advisories]]" to "[[#Recent Advisories|Recent Advisories]]"<br />
* adapt the [[CVE#Documented_CVE.27s|CVE]] tracking page for the fixed package and add a link to the appropriate ASA.<br />
<br />
===Templates===<br />
<br />
{{bc|<nowiki><br />
Subject:<br />
[ASA-<YYYYMM-N>] <Package>: <Vulnerability Type><br />
<br />
Body:<br />
Arch Linux Security Advisory ASA-YYYYMM-N<br />
=========================================<br />
<br />
Severity: Low, Medium, High, Critical<br />
Date : YYYY-MM-DD<br />
CVE-ID : <CVE-ID><br />
Package : <package><br />
Type : <Vulnerability Type><br />
Remote : <Yes/No><br />
Link : https://wiki.archlinux.org/index.php/CVE<br />
<br />
Summary<br />
=======<br />
<br />
The package <package> before version <Arch Linux fixed version> is vulnerable to <Vulnerability type>.<br />
<br />
Resolution<br />
==========<br />
<br />
Upgrade to <Arch Linux fixed version>.<br />
<br />
# pacman -Syu "<package>>=<Arch Linux fixed version>"<br />
<br />
The problem has been fixed upstream in version <upstream fixed version>.<br />
<br />
Workaround<br />
==========<br />
<br />
<Is there a way to mitigate this vulnerability without upgrading?><br />
<br />
Description<br />
===========<br />
<br />
<Long description, for example from original advisory>.<br />
<br />
Impact<br />
======<br />
<br />
<<br />
What is it that an attacker can do? Does this need existing<br />
pre-conditions to be exploited (valid credentials, physical access)?<br />
Is this remotely exploitable?<br />
>.<br />
<br />
References<br />
==========<br />
<br />
<CVE-Link><br />
<Upstream report><br />
<Arch Linux Bug-Tracker><br />
</nowiki>}}<br />
<br />
===Vim-Snippet===<br />
<br />
Vim-Snippet for vim-ultisnips plugin for easy completing the archlinux template. Just install {{pkg|vim-ultisnips}} and copy the text below in your {{ic|~/.vim/UltiSnips/all.snippets}} you can jump through the tabstops with {{ic|CTRL+j}}.<br />
<br />
{{bc|<nowiki><br />
snippet archsec "arch security form" <br />
Arch Linux Security Advisory ASA-`date -I -u | egrep -o '[0-9]{4}'``date -I -u | egrep -o '[0-9]{2}' | sed '3q;d'`-${1}<br />
========================================${1/./=/g} <br />
<br />
Severity: ${2} <br />
Date : `date -I -u` <br />
CVE-ID : $3 <br />
Package : $4 <br />
Type : $5<br />
Remote : ${6} <br />
Link : https://wiki.archlinux.org/index.php/CVE <br />
<br />
Summary<br />
=======<br />
<br />
The package $4 before version $7 is vulnerable to $5 ${8} <br />
<br />
Resolution<br />
==========<br />
<br />
Upgrade to $7.<br />
<br />
# pacman -Syu "$4>=$7" <br />
<br />
${9:The problems have been fixed upstream in version ${7/-\d+$/./}} <br />
<br />
Workaround<br />
========== <br />
<br />
${10:None.} <br />
<br />
Description <br />
=========== <br />
<br />
${3/(CVE-....-....)(\s?)/- $1(?2: : )()\n\n/g} <br />
<br />
Impact<br />
====== <br />
<br />
A${6/(Yes)|(No)/(?1: remote )(?2: local )/}attacker is able to ${12} <br />
<br />
References<br />
========== <br />
<br />
${3/(CVE-....-....)(\s?)/https:\/\/access.redhat.com\/security\/cve\/$1\n/g}<br />
${13}<br />
endsnippet<br />
<br />
</nowiki>}}</div>
Anthraxx
https://wiki.archlinux.org/index.php?title=Security_Advisories&diff=457365
Security Advisories
2016-11-21T15:15:47Z
<p>Anthraxx: adding slock</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
[[ja:セキュリティアドバイザリ]]<br />
{{Related articles start}}<br />
{{Related|Arch CVE Monitoring Team}}<br />
{{Related|CVE}}<br />
{{Related|Security Advisories/Examples}}<br />
{{Related articles end}}<br />
<br />
Security Advisories are published by the community driven [[Arch CVE Monitoring Team]] to the public [https://mailman.archlinux.org/mailman/listinfo/arch-security arch-security] list.<br />
All published advisories can be found below, however if you want to be up-to-date its recommended to subscribe to the [https://mailman.archlinux.org/mailman/listinfo/arch-security list]. All assigned CVE's are tracked at the relevant CVE page [[CVE]], by the [[Arch_CVE_Monitoring_Team|ACMT]].<br />
<br />
==Scheduled Advisories==<br />
<br />
<br />
==Recent Advisories==<br />
Here is an archive of security advisories posted to the [https://mailman.archlinux.org/mailman/listinfo/arch-security arch-security] list.<br />
<br />
=== November 2016 ===<br />
* [21 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000768.html ASA-201611-21] {{pkg|slock}} access restriction bypass<br />
* [19 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000767.html ASA-201611-20] {{pkg|drupal}} multiple issues<br />
* [18 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000766.html ASA-201611-19] {{pkg|php}} arbitrary code execution<br />
* [18 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000765.html ASA-201611-18] {{pkg|w3m}} arbitrary code execution<br />
* [16 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000764.html ASA-201611-17] {{pkg|libgit2}} denial of service<br />
* [16 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000763.html ASA-201611-16] {{pkg|firefox}} multiple issues<br />
* [16 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000762.html ASA-201611-15] {{pkg|python-django}} multiple issues<br />
* [16 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000761.html ASA-201611-14] {{pkg|python2-django}} multiple issues<br />
* [14 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000760.html ASA-201611-13] {{pkg|shutter}} arbitrary code execution<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000759.html ASA-201611-12] {{pkg|lib32-gdk-pixbuf2}} arbitrary code execution<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000758.html ASA-201611-11] {{pkg|tar}} arbitrary file overwrite<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000757.html ASA-201611-10] {{pkg|lib32-libcurl-gnutls}} multiple issues<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000756.html ASA-201611-9] {{pkg|libcurl-gnutls}} multiple issues<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000755.html ASA-201611-8] {{pkg|libcurl-compat}} multiple issues<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000754.html ASA-201611-7] {{pkg|curl}} multiple issues<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000753.html ASA-201611-6] {{pkg|tomcat6}} proxy injection<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000752.html ASA-201611-5] {{pkg|lib32-libcurl-compat}} multiple issues<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000751.html ASA-201611-4] {{pkg|lib32-curl}} multiple issues<br />
* [01 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000750.html ASA-201611-3] {{pkg|bind}} denial of service<br />
* [01 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000749.html ASA-201611-2] {{pkg|libxml2}} arbitrary code execution<br />
* [01 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000748.html ASA-201611-1] {{pkg|memcached}} arbitrary code execution<br />
<br />
=== October 2016 ===<br />
* [26 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000747.html ASA-201610-19] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [26 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000746.html ASA-201610-18] {{pkg|flashplugin}} arbitrary code execution<br />
* [24 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000745.html ASA-201610-17] {{pkg|ocaml}} information disclosure<br />
* [24 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000744.html ASA-201610-16] {{pkg|linux-grsec}} privilege escalation<br />
* [23 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000743.html ASA-201610-15] {{pkg|chromium}} multiple issues<br />
* [22 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000742.html ASA-201610-14] {{pkg|linux}} privilege escalation<br />
* [21 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000741.html ASA-201610-13] {{pkg|python-django}} cross-site request forgery<br />
* [21 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000740.html ASA-201610-12] {{pkg|python2-django}} cross-site request forgery<br />
* [21 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000739.html ASA-201610-11] {{pkg|linux-lts}} privilege escalation<br />
* [16 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000738.html ASA-201610-10] {{pkg|guile}} multiple issues<br />
* [13 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000737.html ASA-201610-9] {{pkg|gdk-pixbuf2}} arbitrary code execution<br />
* [11 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000736.html ASA-201610-8] {{pkg|crypto++}} information disclosure<br />
* [09 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000735.html ASA-201610-7] {{pkg|wpa_supplicant}} multiple issues<br />
* [08 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000734.html ASA-201610-6] {{pkg|imagemagick}} multiple issues<br />
* [07 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000733.html ASA-201610-5] {{pkg|messagelib}} multiple issues<br />
* [07 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000732.html ASA-201610-4] {{pkg|kcoreaddons}} insufficient validation<br />
* [03 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000731.html ASA-201610-3] {{pkg|hostapd}} multiple issues<br />
* [03 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000730.html ASA-201610-2] {{pkg|systemd}} denial of service<br />
* [03 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000729.html ASA-201610-1] {{pkg|chromium}} arbitrary code execution<br />
<br />
=== September 2016 ===<br />
* [30 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000728.html ASA-201609-32] {{pkg|wordpress}} multiple issues<br />
* [30 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000727.html ASA-201609-31] {{pkg|c-ares}} arbitrary code execution<br />
* [28 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000726.html ASA-201609-30] {{pkg|openssl}} denial of service<br />
* [28 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000725.html ASA-201609-29] {{pkg|bind}} denial of service<br />
* [27 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000724.html ASA-201609-28] {{pkg|lib32-openssl}} denial of service<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000723.html ASA-201609-27] {{pkg|wireshark-cli}} denial of service<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000722.html ASA-201609-26] {{pkg|lib32-gnutls}} certificate verification bypass<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000721.html ASA-201609-25] {{pkg|gnutls}} certificate verification bypass<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000720.html ASA-201609-24] {{pkg|lib32-openssl}} multiple issues<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000719.html ASA-201609-23] {{pkg|openssl}} multiple issues<br />
* [22 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000718.html ASA-201609-22] {{pkg|firefox}} multiple issues<br />
* [22 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000717.html ASA-201609-21] {{pkg|tomcat7}} proxy injection<br />
* [22 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000716.html ASA-201609-20] {{pkg|irssi}} arbitrary code execution<br />
* [20 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000715.html ASA-201609-19] {{pkg|curl}} denial of service<br />
* [20 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000714.html ASA-201609-18] {{pkg|lib32-curl}} denial of service<br />
* [20 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000713.html ASA-201609-17] {{pkg|lib32-jansson}} denial of service<br />
* [18 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000712.html ASA-201609-16] {{pkg|php}} multiple issues<br />
* [17 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000711.html ASA-201609-15] {{pkg|jansson}} denial of service<br />
* [17 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000710.html ASA-201609-14] {{pkg|lib32-libgcrypt}} information disclosure<br />
* [17 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000709.html ASA-201609-13] {{pkg|chromium}} multiple issues<br />
* [15 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000708.html ASA-201609-12] {{pkg|lib32-flashplugin}} multiple issues<br />
* [15 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000707.html ASA-201609-11] {{pkg|flashplugin}} multiple issues<br />
* [14 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000706.html ASA-201609-10] {{pkg|mariadb}} multiple issues<br />
* [13 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000705.html ASA-201609-9] {{pkg|powerdns}} denial of service<br />
* [13 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000704.html ASA-201609-8] {{pkg|libtorrent-rasterbar}} denial of service<br />
* [10 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000703.html ASA-201609-7] {{pkg|tomcat8}} proxy injection<br />
* [09 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000702.html ASA-201609-6] {{pkg|graphicsmagick}} multiple issues<br />
* [09 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000701.html ASA-201609-5] {{pkg|file-roller}} directory traversal<br />
* [09 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000700.html ASA-201609-4] {{pkg|wordpress}} multiple issues<br />
* [04 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000699.html ASA-201609-3] {{pkg|thunderbird}} arbitrary code execution<br />
* [01 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000698.html ASA-201609-2] {{pkg|webkit2gtk}} multiple issues<br />
* [01 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000697.html ASA-201609-1] {{pkg|chromium}} multiple issues<br />
<br />
=== August 2016 ===<br />
* [30 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000696.html ASA-201608-22] {{pkg|mupdf}} arbitrary code execution<br />
* [30 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000695.html ASA-201608-21] {{pkg|mupdf}} arbitrary code execution<br />
* [27 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000694.html ASA-201608-20] {{pkg|wireshark-cli}} denial of service<br />
* [26 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000693.html ASA-201608-19] {{pkg|mediawiki}} multiple issues<br />
* [22 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000692.html ASA-201608-18] {{pkg|libgcrypt}} information disclosure<br />
* [21 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000691.html ASA-201608-17] {{pkg|linux-lts}} information disclosure<br />
* [17 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000690.html ASA-201608-16] {{pkg|chromium}} multiple issues<br />
* [17 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000689.html ASA-201608-15] {{pkg|linux-zen}} information disclosure<br />
* [14 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000688.html ASA-201608-14] {{pkg|postgresql}} multiple issues<br />
* [14 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000687.html ASA-201608-13] {{pkg|linux-grsec}} information disclosure<br />
* [14 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000686.html ASA-201608-12] {{pkg|linux}} information disclosure<br />
* [11 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000685.html ASA-201608-11] {{pkg|websvn}} cross-site scripting<br />
* [10 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000684.html ASA-201608-10] {{pkg|jq}} arbitrary code execution<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000683.html ASA-201608-9] {{pkg|curl}} multiple issues<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000682.html ASA-201608-8] {{pkg|libupnp}} arbitrary filesystem access<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000681.html ASA-201608-7] {{pkg|lib32-glibc}} denial of service<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000680.html ASA-201608-6] {{pkg|glibc}} denial of service<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000679.html ASA-201608-5] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000678.html ASA-201608-4] {{pkg|jre7-openjdk}} multiple issues<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000677.html ASA-201608-3] {{pkg|jdk7-openjdk}} multiple issues<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000676.html ASA-201608-2] {{pkg|firefox}} multiple issues<br />
* [02 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000675.html ASA-201608-1] {{pkg|openssh}} information leakage<br />
<br />
=== July 2016 ===<br />
* [30 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000674.html ASA-201607-14] {{pkg|libidn}} denial of service<br />
* [29 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000673.html ASA-201607-13] {{pkg|imagemagick}} information leakage<br />
* [24 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000672.html ASA-201607-12] {{pkg|chromium}} multiple issues<br />
* [22 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000671.html ASA-201607-11] {{pkg|python2-django}} cross site scripting<br />
* [22 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000670.html ASA-201607-10] {{pkg|python-django}} cross site scripting<br />
* [21 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000669.html ASA-201607-9] {{pkg|drupal}} proxy injection<br />
* [20 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000668.html ASA-201607-8] {{pkg|bind}} denial of service<br />
* [18 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000667.html ASA-201607-7] {{pkg|lib32-flashplugin}} multiple issues<br />
* [18 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000666.html ASA-201607-6] {{pkg|flashplugin}} multiple issues<br />
* [17 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000665.html ASA-201607-5] {{pkg|gimp}} arbitrary code execution<br />
* [10 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000664.html ASA-201607-4] {{pkg|thunderbird}} arbitrary code execution<br />
* [05 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000663.html ASA-201607-3] {{pkg|libreoffice-fresh}} arbitrary code execution<br />
* [05 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000662.html ASA-201607-2] {{pkg|xerces-c}} denial of service<br />
* [05 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000661.html ASA-201607-1] {{pkg|libarchive}} arbitrary code execution<br />
<br />
=== June 2016 ===<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000660.html ASA-201606-25] {{pkg|phpmyadmin}} multiple issues<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000659.html ASA-201606-24] {{pkg|libpurple}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000658.html ASA-201606-23] {{pkg|libdwarf}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000657.html ASA-201606-22] {{pkg|xerces-c}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000656.html ASA-201606-21] {{pkg|vlc}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000655.html ASA-201606-20] {{pkg|chromium}} arbitrary code execution<br />
* [20 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000654.html ASA-201606-19] {{pkg|wget}} arbitrary file upload<br />
* [20 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000653.html ASA-201606-18] {{pkg|lib32-flashplugin}} multiple issues<br />
* [19 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000652.html ASA-201606-17] {{pkg|lib32-glibc}} denial of service<br />
* [19 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000651.html ASA-201606-16] {{pkg|glibc}} denial of service<br />
* [19 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000650.html ASA-201606-15] {{pkg|flashplugin}} multiple issues<br />
* [13 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000649.html ASA-201606-14] {{pkg|lib32-expat}} multiple issues<br />
* [13 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000648.html ASA-201606-13] {{pkg|expat}} multiple issues<br />
* [10 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000647.html ASA-201606-12] {{pkg|lib32-gnutls}} arbitrary file overwrite<br />
* [10 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000646.html ASA-201606-11] {{pkg|haproxy}} denial of service<br />
* [10 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000645.html ASA-201606-10] {{pkg|gnutls}} arbitrary file overwrite<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000644.html ASA-201606-9] {{pkg|qemu-arch-extra}} multiple issues<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000643.html ASA-201606-8] {{pkg|qemu}} multiple issues<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000642.html ASA-201606-7] {{pkg|firefox}} multiple issues<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000641.html ASA-201606-6] {{pkg|subversion}} multiple issues<br />
* [5 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000640.html ASA-201606-5] {{pkg|chromium}} multiple issues<br />
* [4 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000639.html ASA-201606-4] {{pkg|ntp}} distributed denial of service amplification<br />
* [4 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000638.html ASA-201606-3] {{pkg|webkit2gtk}} arbitrary code execution<br />
* [1 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000637.html ASA-201606-2] {{pkg|nginx-mainline}} denial of service<br />
* [1 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000636.html ASA-201606-1] {{pkg|nginx}} denial of service<br />
<br />
=== May 2016 ===<br />
<br />
* [28 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000635.html ASA-201605-28] {{pkg|chromium}} multiple issues<br />
* [26 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000634.html ASA-201605-27] {{pkg|libxml2}} multiple issues<br />
* [24 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000633.html ASA-201605-26] {{pkg|libndp}} man-in-the-middle<br />
* [19 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000632.html ASA-201605-25] {{pkg|bugzilla}} cross-site scripting<br />
* [18 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000631.html ASA-201605-24] {{pkg|p7zip}} arbitrary code execution<br />
* [18 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000630.html ASA-201605-23] {{pkg|lib32-expat}} arbitrary code execution<br />
* [18 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000629.html ASA-201605-22] {{pkg|expat}} arbitrary code execution<br />
* [15 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000628.html ASA-201605-21] {{pkg|thunderbird}} arbitrary code execution<br />
* [13 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000627.html ASA-201605-20] {{pkg|lib32-glibc}} multiple issues<br />
* [13 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000626.html ASA-201605-19] {{pkg|glibc}} multiple issues<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000625.html ASA-201605-18] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000624.html ASA-201605-17] {{pkg|libksba}} denial of service<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000623.html ASA-201605-16] {{pkg|flashplugin}} arbitrary code execution<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000622.html ASA-201605-15] {{pkg|chromium}} multiple issues<br />
* [10 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000621.html ASA-201605-14] {{pkg|cacti}} sql injection<br />
* [10 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000620.html ASA-201605-13] {{pkg|squid}} multiple issues<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000619.html ASA-201605-12] {{pkg|mencoder}} denial of service<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000618.html ASA-201605-11] {{pkg|mplayer}} denial of service<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000617.html ASA-201605-10] {{pkg|mercurial}} arbitrary code execution<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000616.html ASA-201605-9] {{pkg|latex2rtf}} arbitrary code execution<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000615.html ASA-201605-8] {{pkg|gd}} arbitrary code execution<br />
* [05 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000614.html ASA-201605-7] {{pkg|chromium}} multiple issues<br />
* [05 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000613.html ASA-201605-6] {{pkg|imagemagick}} arbitrary code execution<br />
* [05 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000612.html ASA-201605-5] {{pkg|quassel-core}} denial of service<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000611.html ASA-201605-4] {{pkg|lib32-openssl}} multiple issues<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000610.html ASA-201605-3] {{pkg|openssl}} multiple issues<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000609.html ASA-201605-2] {{pkg|jasper}} multiple issues<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000608.html ASA-201605-1] {{pkg|imlib2}} multiple issues<br />
<br />
=== April 2016 ===<br />
<br />
* [30 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000607.html ASA-201604-15] {{pkg|firefox}} multiple issues<br />
* [23 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000606.html ASA-201604-14] {{pkg|squid}} multiple issues<br />
* [23 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000605.html ASA-201604-13] {{pkg|samba}} multiple issues<br />
* [23 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000604.html ASA-201604-12] {{pkg|thunderbird}} multiple issues<br />
* [22 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000603.html ASA-201604-11] {{pkg|pgpdump}} denial of service<br />
* [17 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000602.html ASA-201604-10] {{pkg|chromium}} multiple issues<br />
* [17 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000601.html ASA-201604-9] {{pkg|libtasn1}} denial of service<br />
* [14 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000600.html ASA-201604-8] {{pkg|lhasa}} arbitrary code execution<br />
* [10 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000599.html ASA-201604-7] {{pkg|flashplugin}} arbitrary code execution<br />
* [06 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000598.html ASA-201604-6] {{pkg|mercurial}} arbitrary code execution<br />
* [04 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000597.html ASA-201604-5] {{pkg|optipng}} arbitrary code execution<br />
* [02 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000596.html ASA-201604-4] {{pkg|squid}} denial of service<br />
* [01 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000595.html ASA-201604-3] {{pkg|jre7-openjdk-headless}} sandbox escape<br />
* [01 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000594.html ASA-201604-2] {{pkg|jre7-openjdk}} sandbox escape<br />
* [01 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000593.html ASA-201604-1] {{pkg|jdk7-openjdk}} sandbox escape<br />
<br />
=== March 2016 ===<br />
<br />
* [29 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000592.html ASA-201603-27] {{pkg|jre8-openjdk-headless}} sandbox escape<br />
* [29 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000591.html ASA-201603-26] {{pkg|jre8-openjdk}} sandbox escape<br />
* [29 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000590.html ASA-201603-25] {{pkg|jdk8-openjdk}} sandbox escape<br />
* [26 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000589.html ASA-201603-24] {{pkg|chromium}} multiple issues<br />
* [24 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000588.html ASA-201603-23] {{pkg|expat}} arbitrary code execution<br />
* [24 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000587.html ASA-201603-22] {{pkg|botan}} multiple issues<br />
* [20 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000586.html ASA-201603-21] {{pkg|thunderbird}} multiple issues<br />
* [20 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000585.html ASA-201603-20] {{pkg|git}} remote command execution<br />
* [14 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000584.html ASA-201603-19] {{pkg|dropbear}} command injection<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000583.html ASA-201603-18] {{pkg|pcre}} arbitrary code execution<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000582.html ASA-201603-17] {{pkg|wireshark-gtk}} denial of service<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000581.html ASA-201603-16] {{pkg|wireshark-qt}} denial of service<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000580.html ASA-201603-15] {{pkg|wireshark-cli}} denial of service<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000579.html ASA-201603-14] {{pkg|pidgin-otr}} arbitrary code execution<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000578.html ASA-201603-13] {{pkg|bind}} denial of service<br />
* [11 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000577.html ASA-201603-12] {{pkg|openssh}} command injection<br />
* [11 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000576.html ASA-201603-11] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [11 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000575.html ASA-201603-10] {{pkg|flashplugin}} arbitrary code execution<br />
* [10 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000574.html ASA-201603-9] {{pkg|perl}} improper input validation<br />
* [10 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000573.html ASA-201603-8] {{pkg|exim}} privilege escalation<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000572.html ASA-201603-7] {{pkg|bind}} denial of service<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000571.html ASA-201603-6] {{pkg|libotr}} arbitrary code execution<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000570.html ASA-201603-5] {{pkg|chromium}} multiple issues<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000569.html ASA-201603-4] {{pkg|firefox}} multiple issues<br />
* [7 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000568.html ASA-201603-3] {{pkg|lib32-openssl}} multiple issues<br />
* [7 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000567.html ASA-201603-2] {{pkg|openssl}} multiple issues<br />
* [3 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000566.html ASA-201603-1] {{pkg|chromium}} multiple issues<br />
<br />
=== February 2016 ===<br />
<br />
* [28 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000565.html ASA-201602-24] {{pkg|cacti}} SQL injection<br />
* [28 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000564.html ASA-201602-23] {{pkg|lib32-glibc}} unbound stack usage<br />
* [28 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000563.html ASA-201602-22] {{pkg|glibc}} unbound stack usage<br />
* [25 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000562.html ASA-201602-21] {{pkg|lib32-libssh2}} man-in-the-middle<br />
* [25 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000561.html ASA-201602-20] {{pkg|libssh2}} man-in-the-middle<br />
* [24 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000560.html ASA-201602-19] {{pkg|libgcrypt}} secret key extraction<br />
* [23 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000559.html ASA-201602-18] {{pkg|libssh}} man-in-the-middle<br />
* [21 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000558.html ASA-201602-17] {{pkg|chromium}} multiple issues<br />
* [21 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000557.html ASA-201602-16] {{pkg|thunderbird}} multiple issues<br />
* [17 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000555.html ASA-201602-15] {{pkg|lib32-glibc}} multiple issues<br />
* [17 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000554.html ASA-201602-14] {{pkg|glibc}} multiple issues<br />
* [13 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000553.html ASA-201602-13] {{pkg|nghttp2}} denial of service<br />
* [13 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000552.html ASA-201602-12] {{pkg|firefox}} same-origin policy bypass<br />
* [10 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000551.html ASA-201602-11] {{pkg|botan}} multiple issues<br />
* [10 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000550.html ASA-201602-10] {{pkg|kscreenlocker}} access restriction bypass<br />
* [6 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000549.html ASA-201602-9] {{pkg|lib32-libsndfile}} multiple issues<br />
* [6 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000548.html ASA-201602-8] {{pkg|libsndfile}} multiple issues<br />
* [4 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000547.html ASA-201602-7] {{pkg|libbsd}} denial of service<br />
* [3 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000546.html ASA-201602-6] {{pkg|lib32-nettle}} improper cryptographic calculations<br />
* [3 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000545.html ASA-201602-5] {{pkg|nettle}} improper cryptographic calculations<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000544.html ASA-201602-4] {{pkg|lib32-curl}} man-in-the-middle<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000543.html ASA-201602-3] {{pkg|curl}} man-in-the-middle<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000542.html ASA-201602-2] {{pkg|python2-django}} permission bypass<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000540.html ASA-201602-1] {{pkg|python-django}} permission bypass<br />
<br />
=== January 2016 ===<br />
* [29 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000539.html ASA-201601-33] {{pkg|lib32-openssl}} man-in-the-middle<br />
* [29 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000538.html ASA-201601-32] {{pkg|openssl}} man-in-the-middle<br />
* [27 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000536.html ASA-201601-31] {{pkg|nginx}} denial of service<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000535.html ASA-201601-30] {{pkg|blueman}} privilege escalation<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000534.html ASA-201601-29] {{pkg|mbedtls}} man-in-the-middle<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000533.html ASA-201601-28] {{pkg|chromium}} multiple issues<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000532.html ASA-201601-27] {{pkg|privoxy}} denial of service<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000531.html ASA-201601-26] {{pkg|linux-lts}} privilege escalation<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000530.html ASA-201601-25] {{pkg|ecryptfs-utils}} privilege escalation<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000529.html ASA-201601-24] {{pkg|python2-rsa}} signature forgery<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000528.html ASA-201601-23] {{pkg|python-rsa}} signature forgery<br />
* [21 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000527.html ASA-201601-22] {{pkg|libdwarf}} denial of service<br />
* [21 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000526.html ASA-201601-21] {{pkg|bind}} denial of service<br />
* [20 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000525.html ASA-201601-20] {{pkg|linux}} privilege escalation<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000524.html ASA-201601-19] {{pkg|ntp}} time alteration<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000523.html ASA-201601-18] {{pkg|roundcubemail}} remote code execution<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000522.html ASA-201601-17] {{pkg|ffmpeg}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000521.html ASA-201601-16] {{pkg|syncthing}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000520.html ASA-201601-15] {{pkg|keybase}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000519.html ASA-201601-14] {{pkg|hub}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000518.html ASA-201601-13] {{pkg|go-ipfs}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000517.html ASA-201601-12] {{pkg|docker}} information leakage<br />
* [16 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000516.html ASA-201601-11] {{pkg|go}} information leakage<br />
* [14 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000515.html ASA-201601-10] {{pkg|php}} multiple issues<br />
* [14 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000512.html ASA-201601-9] {{pkg|openssh}} multiple issues<br />
* [13 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000487.html ASA-201601-8] {{pkg|libxslt}} denial of service<br />
* [11 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000486.html ASA-201601-7] {{pkg|dhcpcd}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000485.html ASA-201601-6] {{pkg|wireshark-qt}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000484.html ASA-201601-5] {{pkg|wireshark-gtk}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000483.html ASA-201601-4] {{pkg|wireshark-cli}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000482.html ASA-201601-3] {{pkg|gajim}} man-in-the-middle<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000481.html ASA-201601-2] {{pkg|wordpress}} cross-side scripting<br />
* [02 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000480.html ASA-201601-1] {{pkg|rtmpdump}} multiple issues<br />
<br />
=== December 2015 ===<br />
<br />
* [28 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000479.html ASA-201512-19] {{pkg|openvpn}} out-of-bound read<br />
* [28 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000478.html ASA-201512-18] {{pkg|libpng}} buffer overflow<br />
* [28 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000477.html ASA-201512-17] {{pkg|flashplugin}}, {{pkg|lib32-flashplugin}} multiple issues<br />
* [25 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000476.html ASA-201512-16] {{pkg|nghttp2}} use-after-free<br />
* [25 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000475.html ASA-201512-15] {{pkg|mediawiki}} multiple issues<br />
* [25 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000474.html ASA-201512-14] {{pkg|thunderbird}} multiple issues<br />
* [22 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000473.html ASA-201512-13] {{pkg|claws-mail}} buffer overflow<br />
* [17 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000472.html ASA-201512-12] {{pkg|python2-pyamf}} XML external entity injection<br />
* [17 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000471.html ASA-201512-11] {{pkg|ruby}} unsafe tainted string usage<br />
* [16 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000468.html ASA-201512-10] {{pkg|bind}} denial of service<br />
* [15 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000467.html ASA-201512-9] {{pkg|firefox}} multiple issues<br />
* [10 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000466.html ASA-201512-8] {{pkg|keepassx}} information disclosure<br />
* [09 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000465.html ASA-201512-7] {{pkg|flashplugin}} multiple issues<br />
* [09 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000464.html ASA-201512-6] {{pkg|libxml2}} multiple issues<br />
* [09 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000463.html ASA-201512-5] {{pkg|chromium}} multiple issues<br />
* [05 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000462.html ASA-201512-4] {{pkg|nodejs}} denial of service<br />
* [05 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000460.html ASA-201512-3] {{pkg|python-django}} {{pkg|python2-django}} information leakage<br />
* [05 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000459.html ASA-201512-2] {{pkg|openssl}} {{pkg|lib32-openssl}} multiple issues<br />
* [02 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000440.html ASA-201512-1] {{pkg|chromium}} multiple issues<br />
<br />
=== November 2015 ===<br />
<br />
* [18 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000439.html ASA-201511-11] {{pkg|jenkins}} multiple issues<br />
* [17 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000438.html ASA-201511-10] {{pkg|lib32-libpng}} multiple issues<br />
* [17 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000437.html ASA-201511-9] {{pkg|libpng}} multiple issues<br />
* [13 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000436.html ASA-201511-8] {{pkg|chromium}} information leakage<br />
* [12 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000435.html ASA-201511-7] {{pkg|putty}} arbitrary code execution<br />
* [12 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000434.html ASA-201511-6] {{pkg|powerdns}} denial of service<br />
* [11 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000433.html ASA-201511-5] {{pkg|flashplugin}} multiple issues<br />
* [06 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000432.html ASA-201511-4] {{pkg|nspr}} arbitrary code execution<br />
* [06 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000431.html ASA-201511-3] {{pkg|nss}} arbitrary code execution<br />
* [04 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000430.html ASA-201511-2] {{pkg|firefox}} multiple issues<br />
* [03 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000429.html ASA-201511-1] {{pkg|unzip}} multiple issues<br />
<br />
=== October 2015 ===<br />
<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000428.html ASA-201510-26] {{pkg|mariadb}} denial of service<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000427.html ASA-201510-25] {{pkg|lldpd}} denial of service<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000426.html ASA-201510-24] {{pkg|wordpress}} multiple issues<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000425.html ASA-201510-23] {{pkg|phpmyadmin}} content spoofing<br />
* [27 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000424.html ASA-201510-22] {{pkg|vorbis-tools}} denial of service<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000423.html ASA-201510-21] {{pkg|drupal}} open redirect<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000422.html ASA-201510-20] {{pkg|jre8-openjdk-headless}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000421.html ASA-201510-19] {{pkg|jre8-openjdk}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000420.html ASA-201510-18] {{pkg|jdk8-openjdk}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000419.html ASA-201510-17] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000418.html ASA-201510-16] {{pkg|jre7-openjdk}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000417.html ASA-201510-15] {{pkg|jdk7-openjdk}} multiple issues<br />
* [22 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000416.html ASA-201510-14] {{pkg|ntp}} multiple issues<br />
* [19 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000415.html ASA-201510-13] {{pkg|spice}} multiple issues<br />
* [18 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000414.html ASA-201510-12] {{pkg|flashplugin}} arbitrary code execution<br />
* [18 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000413.html ASA-201510-11] {{pkg|miniupnpc}} arbitrary code execution<br />
* [16 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000412.html ASA-201510-10] {{pkg|firefox}} cross-origin restriction bypass<br />
* [15 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000411.html ASA-201510-9] {{pkg|mbedtls}} arbitrary code execution<br />
* [14 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000410.html ASA-201510-8] {{pkg|chromium}} multiple issues<br />
* [14 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000409.html ASA-201510-7] {{pkg|flashplugin}} multiple issues<br />
* [10 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000408.html ASA-201510-6] {{pkg|gdk-pixbuf2}} multiple issues<br />
* [08 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000407.html ASA-201510-5] {{pkg|opensmtpd}} multiple issues<br />
* [08 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000406.html ASA-201510-4] {{pkg|bugzilla}} unauthorized account creation<br />
* [05 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000405.html ASA-201510-3] {{pkg|nodejs}} denial of service<br />
* [05 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000404.html ASA-201510-2] {{pkg|hostapd}} denial of service<br />
* [05 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000403.html ASA-201510-1] {{pkg|libunwind}} denial of service<br />
<br />
=== September 2015 ===<br />
* [28 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000401.html ASA-201509-11] {{pkg|chromium}} cross-origin bypass<br />
* [25 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000400.html ASA-201509-10] {{pkg|rpcbind}} denial of service<br />
* [23 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000399.html ASA-201509-9] {{pkg|firefox}} multiple issues<br />
* [22 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000398.html ASA-201509-8] {{pkg|flashplugin}} multiple issues<br />
* [21 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000397.html ASA-201509-7] {{pkg|wordpress}} multiple issues<br />
* [13 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000395.html ASA-201509-6] {{pkg|icedtea-web}} multiple issues<br />
* [13 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000394.html ASA-201509-5] {{pkg|libvdpau}} {{pkg|lib32-libvdpau}} multiple issues<br />
* [13 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000393.html ASA-201509-4] {{pkg|openldap}} denial of service<br />
* [07 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000392.html ASA-201509-3] {{pkg|powerdns}} denial of service<br />
* [03 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000391.html ASA-201509-2] {{pkg|bind}} denial of service<br />
* [02 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000390.html ASA-201509-1] {{pkg|chromium}} multiple issues<br />
<br />
=== August 2015 ===<br />
* [28 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000389.html ASA-201508-12] {{pkg|firefox}} multiple issues<br />
* [26 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000388.html ASA-201508-11] {{pkg|pcre}} arbitrary code execution<br />
* [26 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000387.html ASA-201508-10] {{pkg|jasper}} denial of service<br />
* [25 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000386.html ASA-201508-9] {{pkg|django}} denial of service<br />
* [25 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000385.html ASA-201508-8] {{pkg|gnutls}} denial of service<br />
* [16 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000384.html ASA-201508-7] {{pkg|glibc}} denial of service<br />
* [14 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000383.html ASA-201508-6] {{pkg|freeradius}} insufficient CRL validation<br />
* [14 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000382.html ASA-201508-5] {{pkg|subversion}} authentication bypass<br />
* [12 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000381.html ASA-201508-4] {{pkg|firefox}} multiple issues<br />
* [11 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000380.html ASA-201508-3] {{pkg|ppp}} denial of service<br />
* [07 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000379.html ASA-201508-2] {{pkg|wordpress}} multiple issues<br />
* [07 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000378.html ASA-201508-1] {{pkg|firefox}} information leakage<br />
<br />
=== July 2015 ===<br />
* [29 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000377.html ASA-201507-23] {{pkg|pacman}} silent downgrade<br />
* [29 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000376.html ASA-201507-22] {{pkg|bind}} denial of service<br />
* [29 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000375.html ASA-201507-21] {{pkg|qemu}} multiple issues<br />
* [24 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000374.html ASA-201507-20] {{pkg|crypto++}} private key recovery<br />
* [24 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000373.html ASA-201507-19] {{pkg|libuser}} privilege escalation<br />
* [23 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000371.html ASA-201507-18] {{pkg|chromium}} multiple issues<br />
* [23 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000372.html ASA-201507-17] {{pkg|openssh}} authentication limits bypass<br />
* [22 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000370.html ASA-201507-16] {{pkg|jre7-openjdk}} multiple issues<br />
* [17 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000369.html ASA-201507-15] {{pkg|apache}} multiple issues<br />
* [16 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000368.html ASA-201507-14] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [16 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000367.html ASA-201507-13] {{pkg|flashplugin}} arbitrary code execution<br />
* [13 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000366.html ASA-201507-12] {{pkg|lib32-openssl}} man-in-the-middle<br />
* [12 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000365.html ASA-201507-11] {{pkg|lib32-krb5}} multiple issues<br />
* [12 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000364.html ASA-201507-10] {{pkg|krb5}} multiple issues<br />
* [11 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000363.html ASA-201507-9] {{pkg|thunderbird}} multiple issues<br />
* [09 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000362.html ASA-201507-8] {{pkg|openssl}} man-in-the-middle<br />
* [08 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000361.html ASA-201507-7] {{pkg|flashplugin}} remote code execution<br />
* [07 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000360.html ASA-201507-6] {{pkg|bind}} denial of service<br />
* [07 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000359.html ASA-201507-5] {{pkg|ntp}} denial of service<br />
* [04 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000358.html ASA-201507-4] {{pkg|openssh}} XSECURITY restrictions bypass<br />
* [04 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000357.html ASA-201507-3] {{pkg|haproxy}} information leakage<br />
* [03 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000356.html ASA-201507-2] {{pkg|firefox}} remote code execution<br />
* [03 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000355.html ASA-201507-1] {{pkg|wesnoth}} information leakage<br />
<br />
=== June 2015 ===<br />
* [24 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000346.html ASA-201506-5] {{pkg|flashplugin}} remote code execution<br />
* [22 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000345.html ASA-201506-4] {{pkg|curl}} information leakage<br />
* [12 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000344.html ASA-201506-3] {{pkg|openssl}} multiple issues<br />
* [10 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000343.html ASA-201506-2] {{pkg|cups}} multiple issues<br />
* [01 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000342.html ASA-201506-1] {{pkg|pcre}} buffer overflow<br />
<br />
=== May 2015 ===<br />
* [28 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000341.html ASA-201505-20] {{pkg|curl}} information leakage<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000340.html ASA-201505-19] {{pkg|webkitgtk2}} man-in-the-middle<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000339.html ASA-201505-18] {{pkg|webkitgtk}} man-in-the-middle<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000338.html ASA-201505-17] {{pkg|postgresql}} multiple issues<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000337.html ASA-201505-16] {{pkg|pgbouncer}} denial of service<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000336.html ASA-201505-15] {{pkg|nbd}} denial of service<br />
* [21 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000335.html ASA-201505-14] {{pkg|chromium}} multiple issues<br />
* [18 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000332.html ASA-201505-13] {{pkg|thunderbird}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000331.html ASA-201505-12] {{pkg|wireshark-gtk}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000330.html ASA-201505-11] {{pkg|wireshark-qt}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000329.html ASA-201505-10] {{pkg|wireshark-cli}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000328.html ASA-201505-9] {{pkg|qemu}} arbitrary code execution<br />
* [13 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000321.html ASA-201505-8] {{pkg|tomcat6}} denial of service<br />
* [13 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000320.html ASA-201505-7] {{pkg|firefox}} multiple issues<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000319.html ASA-201505-6] {{pkg|docker}} multiple issues<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000318.html ASA-201505-5] {{pkg|libtasn1}} arbitrary code execution<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000317.html ASA-201505-4] {{pkg|mariadb-clients}} multiple issues<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000316.html ASA-201505-3] {{pkg|mariadb}} multiple issues<br />
* [03 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000315.html ASA-201505-2] {{pkg|clamav}} multiple issues<br />
* [01 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000314.html ASA-201505-1] {{pkg|squid}} weak certificate validation<br />
<br />
=== Apr 2015 ===<br />
* [30 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000313.html ASA-201504-32] {{pkg|perl-xml-libxml}} xml external entity injection<br />
* [29 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000312.html ASA-201504-31] {{pkg|dovecot}} denial of service<br />
* [29 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000311.html ASA-201504-30] {{pkg|chromium}} multiple issues<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000310.html ASA-201504-29] {{pkg|wpa_supplicant}} arbitrary code execution<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000309.html ASA-201504-28] {{pkg|curl}} multiple issues<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000308.html ASA-201504-27] {{pkg|powerdns-recursor}} denial of service<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000307.html ASA-201504-26] {{pkg|powerdns}} denial of service<br />
* [23 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000305.html ASA-201504-25] {{pkg|glibc}} arbitrary code execution<br />
* [22 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000304.html ASA-201504-24] {{pkg|firefox}} arbitrary code execution<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000302.html ASA-201504-23] {{pkg|jre8-openjdk-headless}} multiple issues<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000301.html ASA-201504-22] {{pkg|jre8-openjdk}} multiple issues<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000300.html ASA-201504-21] {{pkg|jdk8-openjdk}} multiple issues<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000299.html ASA-201504-20] {{pkg|tcpdump}} denial of service<br />
* [18 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000298.html ASA-201504-19] {{pkg|chromium}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000297.html ASA-201504-18] {{pkg|flashplugin}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000296.html ASA-201504-17] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000295.html ASA-201504-16] {{pkg|jre7-openjdk}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000294.html ASA-201504-15] {{pkg|jdk7-openjdk}} multiple issues<br />
* [15 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000291.html ASA-201504-14] {{pkg|php}} multiple issues<br />
* [14 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000282.html ASA-201504-13] {{pkg|ruby}} permissive certificate matching<br />
* [11 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000281.html ASA-201504-12] {{pkg|icecast}} denial of service<br />
* [10 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000280.html ASA-201504-11] {{pkg|mediawiki}} multiple issues<br />
* [09 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000279.html ASA-201504-10] {{pkg|libssh2}} out-of-bounds read<br />
* [08 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000278.html ASA-201504-9] {{pkg|chrony}} denial of service<br />
* [08 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000275.html ASA-201504-8] {{pkg|ntp}} multiple issues<br />
* [07 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000274.html ASA-201504-7] {{pkg|tor}} multiple issues<br />
* [04 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000272.html ASA-201504-6] {{pkg|thunderbird}} multiple issues<br />
* [04 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000273.html ASA-201504-5] {{pkg|java-batik}} xml external entity injection<br />
* [04 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000271.html ASA-201504-4] {{pkg|firefox}} certificate verification bypass<br />
* [03 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000270.html ASA-201504-3] {{pkg|libtasn1}} stack overflow<br />
* [02 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000269.html ASA-201504-2] {{pkg|chromium}} remote code execution<br />
* [01 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000268.html ASA-201504-1] {{pkg|firefox}} multiple issues<br />
<br />
=== Mar 2015 ===<br />
* [31 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000267.html ASA-201503-26] {{pkg|musl}} arbitrary code execution<br />
* [28 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000266.html ASA-201503-25] {{pkg|php}} zip integer overflow<br />
* [25 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000265.html ASA-201503-24] {{pkg|vorbis-tools}} denial of service<br />
* [24 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000264.html ASA-201503-23] {{pkg|util-linux}} command injection<br />
* [23 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000263.html ASA-201503-22] {{pkg|cpio}} directory traversal<br />
* [21 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000262.html ASA-201503-21] {{pkg|firefox}} multiple issues<br />
* [20 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000261.html ASA-201503-20] {{pkg|tcpdump}} multiple issues<br />
* [20 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000260.html ASA-201503-19] {{pkg|xerces-c}} denial of service<br />
* [20 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000259.html ASA-201503-18] {{pkg|drupal}} multiple issues<br />
* [19 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000258.html ASA-201503-17] {{pkg|lib32-openssl}} multiple issues<br />
* [19 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000257.html ASA-201503-16] {{pkg|openssl}} multiple issues<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000256.html ASA-201503-15] {{pkg|libxfont}} multiple issues<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000255.html ASA-201503-14] {{pkg|ecryptfs-utils}} hard-coded passphrase salt<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000254.html ASA-201503-13] {{pkg|ettercap-gtk}} multiple issues<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000253.html ASA-201503-12] {{pkg|ettercap}} multiple issues<br />
* [16 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000252.html ASA-201503-11] {{pkg|flashplugin}} multiple issues<br />
* [16 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000251.html ASA-201503-10] {{pkg|librsync}} checksum collision<br />
* [15 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000250.html ASA-201503-9] {{pkg|unzip}} arbitrary code execution<br />
* [12 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000249.html ASA-201503-8] {{pkg|e2fsprogs}} arbitrary code execution<br />
* [11 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000248.html ASA-201503-7] {{pkg|python2-django}} {{pkg|python-django}} cross site scripting<br />
* [09 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000247.html ASA-201503-6] {{pkg|mutt}} denial of service<br />
* [05 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000245.html ASA-201503-5] {{pkg|chromium}} multiple issues<br />
* [05 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000244.html ASA-201503-4] {{pkg|grep}} denial of service<br />
* [02 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000243.html ASA-201503-3] {{pkg|lib32-elfutils}} directory traversal<br />
* [02 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000242.html ASA-201503-2] {{pkg|elfutils}} directory traversal<br />
* [02 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000241.html ASA-201503-1] {{pkg|putty}} information disclosure<br />
<br />
=== Feb 2015 ===<br />
* [25 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000238.html ASA-201502-15] {{pkg|thunderbird}} multiple issues<br />
* [25 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000237.html ASA-201502-14] {{pkg|firefox}} multiple issues<br />
* [23 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000236.html ASA-201502-13] {{pkg|samba}} arbitrary code execution<br />
* [17 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000235.html ASA-201502-12] {{pkg|krb5}} multiple issues<br />
* [11 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000234.html ASA-201502-11] {{pkg|xorg-server}} information leak and denial of service<br />
* [10 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000233.html ASA-201502-10] {{pkg|dbus}} denial of service<br />
* [09 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000232.html ASA-201502-9] {{pkg|pigz}} remote write to arbitrary file<br />
* [09 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000231.html ASA-201502-8] {{pkg|glibc}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000230.html ASA-201502-7] {{pkg|ntp}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000229.html ASA-201502-6] {{pkg|clamav}} arbitrary code execution<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000228.html ASA-201502-5] {{pkg|chromium}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000227.html ASA-201502-4] {{pkg|postgresql}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000226.html ASA-201502-3] {{pkg|mantisbt}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000225.html ASA-201502-2] {{pkg|flashplugin}} remote code execution<br />
* [03 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000224.html ASA-201502-1] {{pkg|privoxy}} denial of service<br />
<br />
=== Jan 2015 ===<br />
* [28 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000223.html ASA-201501-24] {{pkg|patch}} multiple issues<br />
* [27 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000222.html ASA-201501-23] {{pkg|jasper}} arbitrary code execution<br />
* [26 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000220.html ASA-201501-22] {{pkg|flashplugin}} multiple issues<br />
* [25 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000219.html ASA-201501-21] {{pkg|chromium}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000218.html ASA-201501-20] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000217.html ASA-201501-19] {{pkg|jre7-openjdk}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000216.html ASA-201501-18] {{pkg|jdk7-openjdk}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000215.html ASA-201501-17] {{pkg|php}} remote code execution<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000212.html ASA-201501-16] {{pkg|jre8-openjdk-headless}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000211.html ASA-201501-15] {{pkg|jre8-openjdk}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000210.html ASA-201501-14] {{pkg|jdk8-openjdk}} multiple issues<br />
* [20 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000209.html ASA-201501-13] {{pkg|polarssl}} remote code execution<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000208.html ASA-201501-12] {{pkg|libssh}} denial of service<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000207.html ASA-201501-11] {{pkg|tinyproxy}} denial of service<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000206.html ASA-201501-10] {{pkg|samba}} privilege elevation<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000205.html ASA-201501-9] {{pkg|curl}} url request injection<br />
* [15 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000204.html ASA-201501-8] {{pkg|flashplugin}} multiple issues<br />
* [14 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000203.html ASA-201501-7] {{pkg|thunderbird}} multiple issues<br />
* [14 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000202.html ASA-201501-6] {{pkg|firefox}} multiple issues<br />
* [14 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000201.html ASA-201501-5] {{pkg|cpio}} heap buffer overflow<br />
* [13 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000200.html ASA-201501-4] {{pkg|libevent}} heap overflow<br />
* [10 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000199.html ASA-201501-3] {{pkg|unzip}} arbitrary code execution<br />
* [09 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000198.html ASA-201501-2] {{pkg|openssl}} multiple issues<br />
* [07 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000192.html ASA-201501-1] {{pkg|imagemagick}} multiple issues<br />
<br />
=== Dec 2014 ===<br />
* [22 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000189.html ASA-201412-24] {{pkg|ntp}} multiple issues<br />
* [18 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000183.html ASA-201412-23] {{pkg|php}} use after free<br />
* [18 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000182.html ASA-201412-22] {{pkg|jasper}} arbitrary code execution<br />
* [18 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000181.html ASA-201412-21] {{pkg|glibc}} arbitrary code execution<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000178.html ASA-201412-20] {{pkg|unrtf}} arbitrary code execution<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000177.html ASA-201412-19] {{pkg|dokuwiki}} cross-site scripting<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000176.html ASA-201412-18] {{pkg|nss}} signature forgery<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000175.html ASA-201412-17] {{pkg|subversion}} denial of service<br />
* [15 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000174.html ASA-201412-16] {{pkg|docker}} multiple issues<br />
* [15 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000173.html ASA-201412-15] {{pkg|python2}} multiple issues<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000172.html ASA-201412-14] {{pkg|xorg-server}} multiple issues<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000171.html ASA-201412-13] {{pkg|flashplugin}} multiple issues<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000170.html ASA-201412-12] {{pkg|nvidia}} arbitrary code execution<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000169.html ASA-201412-11] {{pkg|nvidia-340xx}} arbitrary code execution<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000168.html ASA-201412-10] {{pkg|nvidia-304xx}} arbitrary code execution<br />
* [09 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000167.html ASA-201412-9] {{pkg|powerdns-recursor}} denial of service<br />
* [09 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000166.html ASA-201412-8] {{pkg|unbound}} denial of service<br />
* [08 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000165.html ASA-201412-7] {{pkg|bind}} denial of service<br />
* [08 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000164.html ASA-201412-6] {{pkg|mantisbt}} multiple issues<br />
* [04 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000163.html ASA-201412-5] {{pkg|antiword}} buffer overflow<br />
* [03 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000162.html ASA-201412-4] {{pkg|graphviz}} format string vulnerability<br />
* [03 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000161.html ASA-201412-3] {{pkg|firefox}} multiple issues<br />
* [02 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000160.html ASA-201412-2] {{pkg|openvpn}} denial of service<br />
* [01 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000159.html ASA-201412-1] {{pkg|gnupg}} denial of service<br />
<br />
=== Nov 2014 ===<br />
* [28 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000156.html ASA-201411-31] {{pkg|libksba}} denial of service<br />
* [28 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000157.html ASA-201411-32] {{pkg|icecast}} information leak<br />
* [28 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000158.html ASA-201411-33] {{pkg|libjpeg-turbo}} denial of service <br />
* [26 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000155.html ASA-201411-30] {{pkg|flac}} arbitrary code execution<br />
* [26 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000154.html ASA-201411-29] {{pkg|pcre}} heap buffer overflow<br />
* [23 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000153.html ASA-201411-28] {{pkg|dbus}} denial of service<br />
* [21 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000152.html ASA-201411-27] {{pkg|glibc}} command execution<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000151.html ASA-201411-26] {{pkg|chromium}} multiple issues<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000150.html ASA-201411-25] {{pkg|drupal}} session hijacking and denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000149.html ASA-201411-24] {{pkg|wireshark-qt}} denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000148.html ASA-201411-23] {{pkg|wireshark-gtk}} denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000147.html ASA-201411-22] {{pkg|wireshark-cli}} denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000146.html ASA-201411-21] {{pkg|clamav}} denial of service<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000145.html ASA-201411-20] {{pkg|avr-binutils}} multiple issues<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000144.html ASA-201411-19] {{pkg|mingw-w64-binutils}} multiple issues<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000143.html ASA-201411-18] {{pkg|arm-none-eabi-binutils}} multiple issues<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000142.html ASA-201411-17] {{pkg|binutils}} multiple issues<br />
* [17 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000141.html ASA-201411-16] {{pkg|ruby}} denial of service<br />
* [17 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000140.html ASA-201411-15] {{pkg|linux-lts}} local denial of service, privilege escalation<br />
* [17 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000139.html ASA-201411-14] {{pkg|linux}} local denial of service, privilege escalation<br />
* [13 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000138.html ASA-201411-13] {{pkg|php}} denial of service<br />
* [13 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000137.html ASA-201411-12] {{pkg|imagemagick}} denial of service<br />
* [13 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000136.html ASA-201411-11] {{pkg|flashplugin}} remote code execution<br />
* [12 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000135.html ASA-201411-10] {{pkg|gnutls}} out-of-bounds memory write<br />
* [12 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000134.html ASA-201411-9] {{pkg|file}} denial of service through out-of-bounds read<br />
* [12 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000133.html ASA-201411-8] {{pkg|mantisbt}} arbitrary code execution and unrestricted access<br />
* [11 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000132.html ASA-201411-7] {{pkg|curl}} out-of-bounds read<br />
* [10 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000131.html ASA-201411-6] {{pkg|kdebase-workspace}} local privilege escalation<br />
* [09 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000130.html ASA-201411-5] {{pkg|konversation}} denial of service<br />
* [06 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000129.html ASA-201411-4] {{pkg|polarssl}} multiple issues<br />
* [05 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000128.html ASA-201411-3] {{pkg|mantisbt}} sql injection<br />
* [03 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000127.html ASA-201411-2] {{pkg|aircrack-ng}} multiple vulnerabilities<br />
* [01 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000126.html ASA-201411-1] {{pkg|tnftp}} arbitrary command execution<br />
<br />
=== Oct 2014 ===<br />
<br />
* [29 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000125.html ASA-201410-14] {{pkg|wget}} arbitrary filesystem access<br />
* [27 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000124.html ASA-201410-13] {{pkg|ejabberd}} circumvention of encryption<br />
* [24 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000123.html ASA-201410-12] {{pkg|libxml2}} Denial of service<br />
* [24 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000122.html ASA-201410-11] {{pkg|ctags}} Denial of service<br />
* [23 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000121.html ASA-201410-10] {{pkg|libvncserver}} Remote code execution and Remote DoS<br />
* [22 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000120.html ASA-201410-9] {{pkg|libpurple}} Remote DoS and Information leakage<br />
* [20 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000119.html ASA-201410-8] {{pkg|wpa_supplicant}}, {{pkg|hostapd}} Arbitrary command execution<br />
* [16 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000118.html ASA-201410-7] {{pkg|drupal}} SQL Injection<br />
* [16 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000117.html ASA-201410-6] {{pkg|openssl}} Memory leak and poodle mitigation<br />
* [15 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000116.html ASA-201410-4] {{pkg|zeromq}} Man-in-the-middle downgrade and replay attack<br />
* [8 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000115.html ASA-201410-5] {{pkg|rsyslog}} Denial of service<br />
* [4 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000114.html ASA-201410-3] {{pkg|mediawiki}} Cross-site Scripting (XSS) and UI redressing<br />
* [2 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000113.html ASA-201410-2] {{pkg|jenkins}} Multiple issues<br />
* [1 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000112.html ASA-201410-1] {{pkg|rsyslog}} Remote denial of service<br />
<br />
=== Sep 2014 ===<br />
<br />
* [29 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000111.html ASA-201409-5] {{pkg|libvirt}} Out-of-bounds read access<br />
* [29 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000109.html ASA-201409-4] {{pkg|mediawiki}} Cross-site Scripting (XSS)<br />
* [26 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000102.html ASA-201409-3] {{pkg|python2}} Information leakage through integer overflow<br />
* [26 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000099.html ASA-201409-2] {{pkg|bash}} Remote code execution<br />
* [25 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000097.html ASA-201409-1] {{pkg|nss}} Signature forgery attack<br />
<br />
==Publishing a new advisory==<br />
<br />
We try to always wait for the vulnerability to have been fixed in the corresponding package before issuing an advisory.<br />
In case of an extremely critical vulnerability,<br />
we may issue an advisory before the package has been fixed, but only if a work-around exists. <br />
<br />
If you want to publish a new advisory, please check that:<br />
* the corresponding Arch Linux package is really vulnerable ;<br />
* the tracking [[Arch_CVE_Monitoring_Team#Procedure|Procedure]] has been completed;<br />
* no Arch Linux Security Advisory for this vulnerability has been published yet ;<br />
* no upcoming Security Advisory for this vulnerability has been claimed in the "[[#Scheduled Advisories|Scheduled Advisories]]" list of this page, as it would mean that someone is already working on an advisory ;<br />
* the current maintainer has been notified, either by flagging the package ouf-of-date if an upstream release fixing the issue exists and/or by creating a new [https://bugs.archlinux.org/ bug-tracker] entry (see the exact procedure [[Arch_CVE_Monitoring_Team#Procedure|here]]).<br />
<br />
You may then:<br />
* add a line in the "[[#Scheduled Advisories|Scheduled Advisories]]" list of this page, indicating that you are going to publish an advisory soon ;<br />
* use the following template as an example to write the advisory ;<br />
* ensure that every line in the advisory is properly wrapped after 72 characters<br />
* send the advisory to the [https://mailman.archlinux.org/mailman/listinfo/arch-security arch-security] mailing-list (note that it would be nice if you could send a PGP-signed e-mail, but it is not required).<br />
* move the published advisory from "[[#Scheduled Advisories|Scheduled Advisories]]" to "[[#Recent Advisories|Recent Advisories]]"<br />
* adapt the [[CVE#Documented_CVE.27s|CVE]] tracking page for the fixed package and add a link to the appropriate ASA.<br />
<br />
===Templates===<br />
<br />
{{bc|<nowiki><br />
Subject:<br />
[ASA-<YYYYMM-N>] <Package>: <Vulnerability Type><br />
<br />
Body:<br />
Arch Linux Security Advisory ASA-YYYYMM-N<br />
=========================================<br />
<br />
Severity: Low, Medium, High, Critical<br />
Date : YYYY-MM-DD<br />
CVE-ID : <CVE-ID><br />
Package : <package><br />
Type : <Vulnerability Type><br />
Remote : <Yes/No><br />
Link : https://wiki.archlinux.org/index.php/CVE<br />
<br />
Summary<br />
=======<br />
<br />
The package <package> before version <Arch Linux fixed version> is vulnerable to <Vulnerability type>.<br />
<br />
Resolution<br />
==========<br />
<br />
Upgrade to <Arch Linux fixed version>.<br />
<br />
# pacman -Syu "<package>>=<Arch Linux fixed version>"<br />
<br />
The problem has been fixed upstream in version <upstream fixed version>.<br />
<br />
Workaround<br />
==========<br />
<br />
<Is there a way to mitigate this vulnerability without upgrading?><br />
<br />
Description<br />
===========<br />
<br />
<Long description, for example from original advisory>.<br />
<br />
Impact<br />
======<br />
<br />
<<br />
What is it that an attacker can do? Does this need existing<br />
pre-conditions to be exploited (valid credentials, physical access)?<br />
Is this remotely exploitable?<br />
>.<br />
<br />
References<br />
==========<br />
<br />
<CVE-Link><br />
<Upstream report><br />
<Arch Linux Bug-Tracker><br />
</nowiki>}}<br />
<br />
===Vim-Snippet===<br />
<br />
Vim-Snippet for vim-ultisnips plugin for easy completing the archlinux template. Just install {{pkg|vim-ultisnips}} and copy the text below in your {{ic|~/.vim/UltiSnips/all.snippets}} you can jump through the tabstops with {{ic|CTRL+j}}.<br />
<br />
{{bc|<nowiki><br />
snippet archsec "arch security form" <br />
Arch Linux Security Advisory ASA-`date -I -u | egrep -o '[0-9]{4}'``date -I -u | egrep -o '[0-9]{2}' | sed '3q;d'`-${1}<br />
========================================${1/./=/g} <br />
<br />
Severity: ${2} <br />
Date : `date -I -u` <br />
CVE-ID : $3 <br />
Package : $4 <br />
Type : $5<br />
Remote : ${6} <br />
Link : https://wiki.archlinux.org/index.php/CVE <br />
<br />
Summary<br />
=======<br />
<br />
The package $4 before version $7 is vulnerable to $5 ${8} <br />
<br />
Resolution<br />
==========<br />
<br />
Upgrade to $7.<br />
<br />
# pacman -Syu "$4>=$7" <br />
<br />
${9:The problems have been fixed upstream in version ${7/-\d+$/./}} <br />
<br />
Workaround<br />
========== <br />
<br />
${10:None.} <br />
<br />
Description <br />
=========== <br />
<br />
${3/(CVE-....-....)(\s?)/- $1(?2: : )()\n\n/g} <br />
<br />
Impact<br />
====== <br />
<br />
A${6/(Yes)|(No)/(?1: remote )(?2: local )/}attacker is able to ${12} <br />
<br />
References<br />
========== <br />
<br />
${3/(CVE-....-....)(\s?)/https:\/\/access.redhat.com\/security\/cve\/$1\n/g}<br />
${13}<br />
endsnippet<br />
<br />
</nowiki>}}</div>
Anthraxx
https://wiki.archlinux.org/index.php?title=Security_Advisories&diff=457059
Security Advisories
2016-11-18T16:31:47Z
<p>Anthraxx: adding advisories</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
[[ja:セキュリティアドバイザリ]]<br />
{{Related articles start}}<br />
{{Related|Arch CVE Monitoring Team}}<br />
{{Related|CVE}}<br />
{{Related|Security Advisories/Examples}}<br />
{{Related articles end}}<br />
<br />
Security Advisories are published by the community driven [[Arch CVE Monitoring Team]] to the public [https://mailman.archlinux.org/mailman/listinfo/arch-security arch-security] list.<br />
All published advisories can be found below, however if you want to be up-to-date its recommended to subscribe to the [https://mailman.archlinux.org/mailman/listinfo/arch-security list]. All assigned CVE's are tracked at the relevant CVE page [[CVE]], by the [[Arch_CVE_Monitoring_Team|ACMT]].<br />
<br />
==Scheduled Advisories==<br />
<br />
<br />
<br />
==Recent Advisories==<br />
Here is an archive of security advisories posted to the [https://mailman.archlinux.org/mailman/listinfo/arch-security arch-security] list.<br />
<br />
=== November 2016 ===<br />
* [18 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000766.html ASA-201611-19] {{pkg|php}} arbitrary code execution<br />
* [18 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000765.html ASA-201611-18] {{pkg|w3m}} arbitrary code execution<br />
* [16 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000764.html ASA-201611-17] {{pkg|libgit2}} denial of service<br />
* [16 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000763.html ASA-201611-16] {{pkg|firefox}} multiple issues<br />
* [16 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000762.html ASA-201611-15] {{pkg|python-django}} multiple issues<br />
* [16 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000761.html ASA-201611-14] {{pkg|python2-django}} multiple issues<br />
* [14 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000760.html ASA-201611-13] {{pkg|shutter}} arbitrary code execution<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000759.html ASA-201611-12] {{pkg|lib32-gdk-pixbuf2}} arbitrary code execution<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000758.html ASA-201611-11] {{pkg|tar}} arbitrary file overwrite<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000757.html ASA-201611-10] {{pkg|lib32-libcurl-gnutls}} multiple issues<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000756.html ASA-201611-9] {{pkg|libcurl-gnutls}} multiple issues<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000755.html ASA-201611-8] {{pkg|libcurl-compat}} multiple issues<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000754.html ASA-201611-7] {{pkg|curl}} multiple issues<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000753.html ASA-201611-6] {{pkg|tomcat6}} proxy injection<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000752.html ASA-201611-5] {{pkg|lib32-libcurl-compat}} multiple issues<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000751.html ASA-201611-4] {{pkg|lib32-curl}} multiple issues<br />
* [01 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000750.html ASA-201611-3] {{pkg|bind}} denial of service<br />
* [01 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000749.html ASA-201611-2] {{pkg|libxml2}} arbitrary code execution<br />
* [01 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000748.html ASA-201611-1] {{pkg|memcached}} arbitrary code execution<br />
<br />
=== October 2016 ===<br />
* [26 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000747.html ASA-201610-19] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [26 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000746.html ASA-201610-18] {{pkg|flashplugin}} arbitrary code execution<br />
* [24 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000745.html ASA-201610-17] {{pkg|ocaml}} information disclosure<br />
* [24 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000744.html ASA-201610-16] {{pkg|linux-grsec}} privilege escalation<br />
* [23 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000743.html ASA-201610-15] {{pkg|chromium}} multiple issues<br />
* [22 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000742.html ASA-201610-14] {{pkg|linux}} privilege escalation<br />
* [21 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000741.html ASA-201610-13] {{pkg|python-django}} cross-site request forgery<br />
* [21 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000740.html ASA-201610-12] {{pkg|python2-django}} cross-site request forgery<br />
* [21 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000739.html ASA-201610-11] {{pkg|linux-lts}} privilege escalation<br />
* [16 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000738.html ASA-201610-10] {{pkg|guile}} multiple issues<br />
* [13 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000737.html ASA-201610-9] {{pkg|gdk-pixbuf2}} arbitrary code execution<br />
* [11 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000736.html ASA-201610-8] {{pkg|crypto++}} information disclosure<br />
* [09 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000735.html ASA-201610-7] {{pkg|wpa_supplicant}} multiple issues<br />
* [08 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000734.html ASA-201610-6] {{pkg|imagemagick}} multiple issues<br />
* [07 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000733.html ASA-201610-5] {{pkg|messagelib}} multiple issues<br />
* [07 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000732.html ASA-201610-4] {{pkg|kcoreaddons}} insufficient validation<br />
* [03 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000731.html ASA-201610-3] {{pkg|hostapd}} multiple issues<br />
* [03 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000730.html ASA-201610-2] {{pkg|systemd}} denial of service<br />
* [03 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000729.html ASA-201610-1] {{pkg|chromium}} arbitrary code execution<br />
<br />
=== September 2016 ===<br />
* [30 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000728.html ASA-201609-32] {{pkg|wordpress}} multiple issues<br />
* [30 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000727.html ASA-201609-31] {{pkg|c-ares}} arbitrary code execution<br />
* [28 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000726.html ASA-201609-30] {{pkg|openssl}} denial of service<br />
* [28 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000725.html ASA-201609-29] {{pkg|bind}} denial of service<br />
* [27 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000724.html ASA-201609-28] {{pkg|lib32-openssl}} denial of service<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000723.html ASA-201609-27] {{pkg|wireshark-cli}} denial of service<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000722.html ASA-201609-26] {{pkg|lib32-gnutls}} certificate verification bypass<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000721.html ASA-201609-25] {{pkg|gnutls}} certificate verification bypass<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000720.html ASA-201609-24] {{pkg|lib32-openssl}} multiple issues<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000719.html ASA-201609-23] {{pkg|openssl}} multiple issues<br />
* [22 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000718.html ASA-201609-22] {{pkg|firefox}} multiple issues<br />
* [22 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000717.html ASA-201609-21] {{pkg|tomcat7}} proxy injection<br />
* [22 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000716.html ASA-201609-20] {{pkg|irssi}} arbitrary code execution<br />
* [20 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000715.html ASA-201609-19] {{pkg|curl}} denial of service<br />
* [20 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000714.html ASA-201609-18] {{pkg|lib32-curl}} denial of service<br />
* [20 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000713.html ASA-201609-17] {{pkg|lib32-jansson}} denial of service<br />
* [18 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000712.html ASA-201609-16] {{pkg|php}} multiple issues<br />
* [17 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000711.html ASA-201609-15] {{pkg|jansson}} denial of service<br />
* [17 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000710.html ASA-201609-14] {{pkg|lib32-libgcrypt}} information disclosure<br />
* [17 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000709.html ASA-201609-13] {{pkg|chromium}} multiple issues<br />
* [15 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000708.html ASA-201609-12] {{pkg|lib32-flashplugin}} multiple issues<br />
* [15 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000707.html ASA-201609-11] {{pkg|flashplugin}} multiple issues<br />
* [14 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000706.html ASA-201609-10] {{pkg|mariadb}} multiple issues<br />
* [13 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000705.html ASA-201609-9] {{pkg|powerdns}} denial of service<br />
* [13 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000704.html ASA-201609-8] {{pkg|libtorrent-rasterbar}} denial of service<br />
* [10 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000703.html ASA-201609-7] {{pkg|tomcat8}} proxy injection<br />
* [09 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000702.html ASA-201609-6] {{pkg|graphicsmagick}} multiple issues<br />
* [09 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000701.html ASA-201609-5] {{pkg|file-roller}} directory traversal<br />
* [09 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000700.html ASA-201609-4] {{pkg|wordpress}} multiple issues<br />
* [04 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000699.html ASA-201609-3] {{pkg|thunderbird}} arbitrary code execution<br />
* [01 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000698.html ASA-201609-2] {{pkg|webkit2gtk}} multiple issues<br />
* [01 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000697.html ASA-201609-1] {{pkg|chromium}} multiple issues<br />
<br />
=== August 2016 ===<br />
* [30 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000696.html ASA-201608-22] {{pkg|mupdf}} arbitrary code execution<br />
* [30 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000695.html ASA-201608-21] {{pkg|mupdf}} arbitrary code execution<br />
* [27 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000694.html ASA-201608-20] {{pkg|wireshark-cli}} denial of service<br />
* [26 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000693.html ASA-201608-19] {{pkg|mediawiki}} multiple issues<br />
* [22 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000692.html ASA-201608-18] {{pkg|libgcrypt}} information disclosure<br />
* [21 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000691.html ASA-201608-17] {{pkg|linux-lts}} information disclosure<br />
* [17 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000690.html ASA-201608-16] {{pkg|chromium}} multiple issues<br />
* [17 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000689.html ASA-201608-15] {{pkg|linux-zen}} information disclosure<br />
* [14 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000688.html ASA-201608-14] {{pkg|postgresql}} multiple issues<br />
* [14 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000687.html ASA-201608-13] {{pkg|linux-grsec}} information disclosure<br />
* [14 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000686.html ASA-201608-12] {{pkg|linux}} information disclosure<br />
* [11 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000685.html ASA-201608-11] {{pkg|websvn}} cross-site scripting<br />
* [10 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000684.html ASA-201608-10] {{pkg|jq}} arbitrary code execution<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000683.html ASA-201608-9] {{pkg|curl}} multiple issues<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000682.html ASA-201608-8] {{pkg|libupnp}} arbitrary filesystem access<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000681.html ASA-201608-7] {{pkg|lib32-glibc}} denial of service<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000680.html ASA-201608-6] {{pkg|glibc}} denial of service<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000679.html ASA-201608-5] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000678.html ASA-201608-4] {{pkg|jre7-openjdk}} multiple issues<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000677.html ASA-201608-3] {{pkg|jdk7-openjdk}} multiple issues<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000676.html ASA-201608-2] {{pkg|firefox}} multiple issues<br />
* [02 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000675.html ASA-201608-1] {{pkg|openssh}} information leakage<br />
<br />
=== July 2016 ===<br />
* [30 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000674.html ASA-201607-14] {{pkg|libidn}} denial of service<br />
* [29 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000673.html ASA-201607-13] {{pkg|imagemagick}} information leakage<br />
* [24 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000672.html ASA-201607-12] {{pkg|chromium}} multiple issues<br />
* [22 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000671.html ASA-201607-11] {{pkg|python2-django}} cross site scripting<br />
* [22 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000670.html ASA-201607-10] {{pkg|python-django}} cross site scripting<br />
* [21 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000669.html ASA-201607-9] {{pkg|drupal}} proxy injection<br />
* [20 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000668.html ASA-201607-8] {{pkg|bind}} denial of service<br />
* [18 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000667.html ASA-201607-7] {{pkg|lib32-flashplugin}} multiple issues<br />
* [18 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000666.html ASA-201607-6] {{pkg|flashplugin}} multiple issues<br />
* [17 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000665.html ASA-201607-5] {{pkg|gimp}} arbitrary code execution<br />
* [10 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000664.html ASA-201607-4] {{pkg|thunderbird}} arbitrary code execution<br />
* [05 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000663.html ASA-201607-3] {{pkg|libreoffice-fresh}} arbitrary code execution<br />
* [05 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000662.html ASA-201607-2] {{pkg|xerces-c}} denial of service<br />
* [05 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000661.html ASA-201607-1] {{pkg|libarchive}} arbitrary code execution<br />
<br />
=== June 2016 ===<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000660.html ASA-201606-25] {{pkg|phpmyadmin}} multiple issues<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000659.html ASA-201606-24] {{pkg|libpurple}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000658.html ASA-201606-23] {{pkg|libdwarf}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000657.html ASA-201606-22] {{pkg|xerces-c}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000656.html ASA-201606-21] {{pkg|vlc}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000655.html ASA-201606-20] {{pkg|chromium}} arbitrary code execution<br />
* [20 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000654.html ASA-201606-19] {{pkg|wget}} arbitrary file upload<br />
* [20 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000653.html ASA-201606-18] {{pkg|lib32-flashplugin}} multiple issues<br />
* [19 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000652.html ASA-201606-17] {{pkg|lib32-glibc}} denial of service<br />
* [19 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000651.html ASA-201606-16] {{pkg|glibc}} denial of service<br />
* [19 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000650.html ASA-201606-15] {{pkg|flashplugin}} multiple issues<br />
* [13 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000649.html ASA-201606-14] {{pkg|lib32-expat}} multiple issues<br />
* [13 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000648.html ASA-201606-13] {{pkg|expat}} multiple issues<br />
* [10 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000647.html ASA-201606-12] {{pkg|lib32-gnutls}} arbitrary file overwrite<br />
* [10 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000646.html ASA-201606-11] {{pkg|haproxy}} denial of service<br />
* [10 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000645.html ASA-201606-10] {{pkg|gnutls}} arbitrary file overwrite<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000644.html ASA-201606-9] {{pkg|qemu-arch-extra}} multiple issues<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000643.html ASA-201606-8] {{pkg|qemu}} multiple issues<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000642.html ASA-201606-7] {{pkg|firefox}} multiple issues<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000641.html ASA-201606-6] {{pkg|subversion}} multiple issues<br />
* [5 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000640.html ASA-201606-5] {{pkg|chromium}} multiple issues<br />
* [4 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000639.html ASA-201606-4] {{pkg|ntp}} distributed denial of service amplification<br />
* [4 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000638.html ASA-201606-3] {{pkg|webkit2gtk}} arbitrary code execution<br />
* [1 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000637.html ASA-201606-2] {{pkg|nginx-mainline}} denial of service<br />
* [1 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000636.html ASA-201606-1] {{pkg|nginx}} denial of service<br />
<br />
=== May 2016 ===<br />
<br />
* [28 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000635.html ASA-201605-28] {{pkg|chromium}} multiple issues<br />
* [26 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000634.html ASA-201605-27] {{pkg|libxml2}} multiple issues<br />
* [24 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000633.html ASA-201605-26] {{pkg|libndp}} man-in-the-middle<br />
* [19 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000632.html ASA-201605-25] {{pkg|bugzilla}} cross-site scripting<br />
* [18 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000631.html ASA-201605-24] {{pkg|p7zip}} arbitrary code execution<br />
* [18 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000630.html ASA-201605-23] {{pkg|lib32-expat}} arbitrary code execution<br />
* [18 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000629.html ASA-201605-22] {{pkg|expat}} arbitrary code execution<br />
* [15 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000628.html ASA-201605-21] {{pkg|thunderbird}} arbitrary code execution<br />
* [13 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000627.html ASA-201605-20] {{pkg|lib32-glibc}} multiple issues<br />
* [13 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000626.html ASA-201605-19] {{pkg|glibc}} multiple issues<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000625.html ASA-201605-18] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000624.html ASA-201605-17] {{pkg|libksba}} denial of service<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000623.html ASA-201605-16] {{pkg|flashplugin}} arbitrary code execution<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000622.html ASA-201605-15] {{pkg|chromium}} multiple issues<br />
* [10 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000621.html ASA-201605-14] {{pkg|cacti}} sql injection<br />
* [10 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000620.html ASA-201605-13] {{pkg|squid}} multiple issues<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000619.html ASA-201605-12] {{pkg|mencoder}} denial of service<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000618.html ASA-201605-11] {{pkg|mplayer}} denial of service<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000617.html ASA-201605-10] {{pkg|mercurial}} arbitrary code execution<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000616.html ASA-201605-9] {{pkg|latex2rtf}} arbitrary code execution<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000615.html ASA-201605-8] {{pkg|gd}} arbitrary code execution<br />
* [05 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000614.html ASA-201605-7] {{pkg|chromium}} multiple issues<br />
* [05 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000613.html ASA-201605-6] {{pkg|imagemagick}} arbitrary code execution<br />
* [05 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000612.html ASA-201605-5] {{pkg|quassel-core}} denial of service<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000611.html ASA-201605-4] {{pkg|lib32-openssl}} multiple issues<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000610.html ASA-201605-3] {{pkg|openssl}} multiple issues<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000609.html ASA-201605-2] {{pkg|jasper}} multiple issues<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000608.html ASA-201605-1] {{pkg|imlib2}} multiple issues<br />
<br />
=== April 2016 ===<br />
<br />
* [30 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000607.html ASA-201604-15] {{pkg|firefox}} multiple issues<br />
* [23 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000606.html ASA-201604-14] {{pkg|squid}} multiple issues<br />
* [23 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000605.html ASA-201604-13] {{pkg|samba}} multiple issues<br />
* [23 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000604.html ASA-201604-12] {{pkg|thunderbird}} multiple issues<br />
* [22 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000603.html ASA-201604-11] {{pkg|pgpdump}} denial of service<br />
* [17 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000602.html ASA-201604-10] {{pkg|chromium}} multiple issues<br />
* [17 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000601.html ASA-201604-9] {{pkg|libtasn1}} denial of service<br />
* [14 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000600.html ASA-201604-8] {{pkg|lhasa}} arbitrary code execution<br />
* [10 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000599.html ASA-201604-7] {{pkg|flashplugin}} arbitrary code execution<br />
* [06 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000598.html ASA-201604-6] {{pkg|mercurial}} arbitrary code execution<br />
* [04 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000597.html ASA-201604-5] {{pkg|optipng}} arbitrary code execution<br />
* [02 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000596.html ASA-201604-4] {{pkg|squid}} denial of service<br />
* [01 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000595.html ASA-201604-3] {{pkg|jre7-openjdk-headless}} sandbox escape<br />
* [01 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000594.html ASA-201604-2] {{pkg|jre7-openjdk}} sandbox escape<br />
* [01 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000593.html ASA-201604-1] {{pkg|jdk7-openjdk}} sandbox escape<br />
<br />
=== March 2016 ===<br />
<br />
* [29 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000592.html ASA-201603-27] {{pkg|jre8-openjdk-headless}} sandbox escape<br />
* [29 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000591.html ASA-201603-26] {{pkg|jre8-openjdk}} sandbox escape<br />
* [29 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000590.html ASA-201603-25] {{pkg|jdk8-openjdk}} sandbox escape<br />
* [26 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000589.html ASA-201603-24] {{pkg|chromium}} multiple issues<br />
* [24 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000588.html ASA-201603-23] {{pkg|expat}} arbitrary code execution<br />
* [24 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000587.html ASA-201603-22] {{pkg|botan}} multiple issues<br />
* [20 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000586.html ASA-201603-21] {{pkg|thunderbird}} multiple issues<br />
* [20 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000585.html ASA-201603-20] {{pkg|git}} remote command execution<br />
* [14 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000584.html ASA-201603-19] {{pkg|dropbear}} command injection<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000583.html ASA-201603-18] {{pkg|pcre}} arbitrary code execution<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000582.html ASA-201603-17] {{pkg|wireshark-gtk}} denial of service<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000581.html ASA-201603-16] {{pkg|wireshark-qt}} denial of service<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000580.html ASA-201603-15] {{pkg|wireshark-cli}} denial of service<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000579.html ASA-201603-14] {{pkg|pidgin-otr}} arbitrary code execution<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000578.html ASA-201603-13] {{pkg|bind}} denial of service<br />
* [11 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000577.html ASA-201603-12] {{pkg|openssh}} command injection<br />
* [11 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000576.html ASA-201603-11] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [11 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000575.html ASA-201603-10] {{pkg|flashplugin}} arbitrary code execution<br />
* [10 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000574.html ASA-201603-9] {{pkg|perl}} improper input validation<br />
* [10 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000573.html ASA-201603-8] {{pkg|exim}} privilege escalation<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000572.html ASA-201603-7] {{pkg|bind}} denial of service<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000571.html ASA-201603-6] {{pkg|libotr}} arbitrary code execution<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000570.html ASA-201603-5] {{pkg|chromium}} multiple issues<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000569.html ASA-201603-4] {{pkg|firefox}} multiple issues<br />
* [7 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000568.html ASA-201603-3] {{pkg|lib32-openssl}} multiple issues<br />
* [7 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000567.html ASA-201603-2] {{pkg|openssl}} multiple issues<br />
* [3 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000566.html ASA-201603-1] {{pkg|chromium}} multiple issues<br />
<br />
=== February 2016 ===<br />
<br />
* [28 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000565.html ASA-201602-24] {{pkg|cacti}} SQL injection<br />
* [28 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000564.html ASA-201602-23] {{pkg|lib32-glibc}} unbound stack usage<br />
* [28 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000563.html ASA-201602-22] {{pkg|glibc}} unbound stack usage<br />
* [25 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000562.html ASA-201602-21] {{pkg|lib32-libssh2}} man-in-the-middle<br />
* [25 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000561.html ASA-201602-20] {{pkg|libssh2}} man-in-the-middle<br />
* [24 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000560.html ASA-201602-19] {{pkg|libgcrypt}} secret key extraction<br />
* [23 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000559.html ASA-201602-18] {{pkg|libssh}} man-in-the-middle<br />
* [21 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000558.html ASA-201602-17] {{pkg|chromium}} multiple issues<br />
* [21 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000557.html ASA-201602-16] {{pkg|thunderbird}} multiple issues<br />
* [17 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000555.html ASA-201602-15] {{pkg|lib32-glibc}} multiple issues<br />
* [17 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000554.html ASA-201602-14] {{pkg|glibc}} multiple issues<br />
* [13 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000553.html ASA-201602-13] {{pkg|nghttp2}} denial of service<br />
* [13 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000552.html ASA-201602-12] {{pkg|firefox}} same-origin policy bypass<br />
* [10 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000551.html ASA-201602-11] {{pkg|botan}} multiple issues<br />
* [10 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000550.html ASA-201602-10] {{pkg|kscreenlocker}} access restriction bypass<br />
* [6 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000549.html ASA-201602-9] {{pkg|lib32-libsndfile}} multiple issues<br />
* [6 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000548.html ASA-201602-8] {{pkg|libsndfile}} multiple issues<br />
* [4 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000547.html ASA-201602-7] {{pkg|libbsd}} denial of service<br />
* [3 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000546.html ASA-201602-6] {{pkg|lib32-nettle}} improper cryptographic calculations<br />
* [3 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000545.html ASA-201602-5] {{pkg|nettle}} improper cryptographic calculations<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000544.html ASA-201602-4] {{pkg|lib32-curl}} man-in-the-middle<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000543.html ASA-201602-3] {{pkg|curl}} man-in-the-middle<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000542.html ASA-201602-2] {{pkg|python2-django}} permission bypass<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000540.html ASA-201602-1] {{pkg|python-django}} permission bypass<br />
<br />
=== January 2016 ===<br />
* [29 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000539.html ASA-201601-33] {{pkg|lib32-openssl}} man-in-the-middle<br />
* [29 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000538.html ASA-201601-32] {{pkg|openssl}} man-in-the-middle<br />
* [27 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000536.html ASA-201601-31] {{pkg|nginx}} denial of service<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000535.html ASA-201601-30] {{pkg|blueman}} privilege escalation<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000534.html ASA-201601-29] {{pkg|mbedtls}} man-in-the-middle<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000533.html ASA-201601-28] {{pkg|chromium}} multiple issues<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000532.html ASA-201601-27] {{pkg|privoxy}} denial of service<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000531.html ASA-201601-26] {{pkg|linux-lts}} privilege escalation<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000530.html ASA-201601-25] {{pkg|ecryptfs-utils}} privilege escalation<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000529.html ASA-201601-24] {{pkg|python2-rsa}} signature forgery<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000528.html ASA-201601-23] {{pkg|python-rsa}} signature forgery<br />
* [21 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000527.html ASA-201601-22] {{pkg|libdwarf}} denial of service<br />
* [21 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000526.html ASA-201601-21] {{pkg|bind}} denial of service<br />
* [20 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000525.html ASA-201601-20] {{pkg|linux}} privilege escalation<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000524.html ASA-201601-19] {{pkg|ntp}} time alteration<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000523.html ASA-201601-18] {{pkg|roundcubemail}} remote code execution<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000522.html ASA-201601-17] {{pkg|ffmpeg}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000521.html ASA-201601-16] {{pkg|syncthing}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000520.html ASA-201601-15] {{pkg|keybase}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000519.html ASA-201601-14] {{pkg|hub}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000518.html ASA-201601-13] {{pkg|go-ipfs}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000517.html ASA-201601-12] {{pkg|docker}} information leakage<br />
* [16 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000516.html ASA-201601-11] {{pkg|go}} information leakage<br />
* [14 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000515.html ASA-201601-10] {{pkg|php}} multiple issues<br />
* [14 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000512.html ASA-201601-9] {{pkg|openssh}} multiple issues<br />
* [13 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000487.html ASA-201601-8] {{pkg|libxslt}} denial of service<br />
* [11 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000486.html ASA-201601-7] {{pkg|dhcpcd}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000485.html ASA-201601-6] {{pkg|wireshark-qt}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000484.html ASA-201601-5] {{pkg|wireshark-gtk}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000483.html ASA-201601-4] {{pkg|wireshark-cli}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000482.html ASA-201601-3] {{pkg|gajim}} man-in-the-middle<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000481.html ASA-201601-2] {{pkg|wordpress}} cross-side scripting<br />
* [02 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000480.html ASA-201601-1] {{pkg|rtmpdump}} multiple issues<br />
<br />
=== December 2015 ===<br />
<br />
* [28 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000479.html ASA-201512-19] {{pkg|openvpn}} out-of-bound read<br />
* [28 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000478.html ASA-201512-18] {{pkg|libpng}} buffer overflow<br />
* [28 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000477.html ASA-201512-17] {{pkg|flashplugin}}, {{pkg|lib32-flashplugin}} multiple issues<br />
* [25 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000476.html ASA-201512-16] {{pkg|nghttp2}} use-after-free<br />
* [25 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000475.html ASA-201512-15] {{pkg|mediawiki}} multiple issues<br />
* [25 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000474.html ASA-201512-14] {{pkg|thunderbird}} multiple issues<br />
* [22 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000473.html ASA-201512-13] {{pkg|claws-mail}} buffer overflow<br />
* [17 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000472.html ASA-201512-12] {{pkg|python2-pyamf}} XML external entity injection<br />
* [17 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000471.html ASA-201512-11] {{pkg|ruby}} unsafe tainted string usage<br />
* [16 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000468.html ASA-201512-10] {{pkg|bind}} denial of service<br />
* [15 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000467.html ASA-201512-9] {{pkg|firefox}} multiple issues<br />
* [10 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000466.html ASA-201512-8] {{pkg|keepassx}} information disclosure<br />
* [09 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000465.html ASA-201512-7] {{pkg|flashplugin}} multiple issues<br />
* [09 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000464.html ASA-201512-6] {{pkg|libxml2}} multiple issues<br />
* [09 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000463.html ASA-201512-5] {{pkg|chromium}} multiple issues<br />
* [05 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000462.html ASA-201512-4] {{pkg|nodejs}} denial of service<br />
* [05 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000460.html ASA-201512-3] {{pkg|python-django}} {{pkg|python2-django}} information leakage<br />
* [05 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000459.html ASA-201512-2] {{pkg|openssl}} {{pkg|lib32-openssl}} multiple issues<br />
* [02 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000440.html ASA-201512-1] {{pkg|chromium}} multiple issues<br />
<br />
=== November 2015 ===<br />
<br />
* [18 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000439.html ASA-201511-11] {{pkg|jenkins}} multiple issues<br />
* [17 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000438.html ASA-201511-10] {{pkg|lib32-libpng}} multiple issues<br />
* [17 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000437.html ASA-201511-9] {{pkg|libpng}} multiple issues<br />
* [13 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000436.html ASA-201511-8] {{pkg|chromium}} information leakage<br />
* [12 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000435.html ASA-201511-7] {{pkg|putty}} arbitrary code execution<br />
* [12 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000434.html ASA-201511-6] {{pkg|powerdns}} denial of service<br />
* [11 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000433.html ASA-201511-5] {{pkg|flashplugin}} multiple issues<br />
* [06 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000432.html ASA-201511-4] {{pkg|nspr}} arbitrary code execution<br />
* [06 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000431.html ASA-201511-3] {{pkg|nss}} arbitrary code execution<br />
* [04 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000430.html ASA-201511-2] {{pkg|firefox}} multiple issues<br />
* [03 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000429.html ASA-201511-1] {{pkg|unzip}} multiple issues<br />
<br />
=== October 2015 ===<br />
<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000428.html ASA-201510-26] {{pkg|mariadb}} denial of service<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000427.html ASA-201510-25] {{pkg|lldpd}} denial of service<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000426.html ASA-201510-24] {{pkg|wordpress}} multiple issues<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000425.html ASA-201510-23] {{pkg|phpmyadmin}} content spoofing<br />
* [27 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000424.html ASA-201510-22] {{pkg|vorbis-tools}} denial of service<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000423.html ASA-201510-21] {{pkg|drupal}} open redirect<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000422.html ASA-201510-20] {{pkg|jre8-openjdk-headless}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000421.html ASA-201510-19] {{pkg|jre8-openjdk}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000420.html ASA-201510-18] {{pkg|jdk8-openjdk}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000419.html ASA-201510-17] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000418.html ASA-201510-16] {{pkg|jre7-openjdk}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000417.html ASA-201510-15] {{pkg|jdk7-openjdk}} multiple issues<br />
* [22 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000416.html ASA-201510-14] {{pkg|ntp}} multiple issues<br />
* [19 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000415.html ASA-201510-13] {{pkg|spice}} multiple issues<br />
* [18 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000414.html ASA-201510-12] {{pkg|flashplugin}} arbitrary code execution<br />
* [18 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000413.html ASA-201510-11] {{pkg|miniupnpc}} arbitrary code execution<br />
* [16 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000412.html ASA-201510-10] {{pkg|firefox}} cross-origin restriction bypass<br />
* [15 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000411.html ASA-201510-9] {{pkg|mbedtls}} arbitrary code execution<br />
* [14 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000410.html ASA-201510-8] {{pkg|chromium}} multiple issues<br />
* [14 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000409.html ASA-201510-7] {{pkg|flashplugin}} multiple issues<br />
* [10 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000408.html ASA-201510-6] {{pkg|gdk-pixbuf2}} multiple issues<br />
* [08 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000407.html ASA-201510-5] {{pkg|opensmtpd}} multiple issues<br />
* [08 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000406.html ASA-201510-4] {{pkg|bugzilla}} unauthorized account creation<br />
* [05 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000405.html ASA-201510-3] {{pkg|nodejs}} denial of service<br />
* [05 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000404.html ASA-201510-2] {{pkg|hostapd}} denial of service<br />
* [05 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000403.html ASA-201510-1] {{pkg|libunwind}} denial of service<br />
<br />
=== September 2015 ===<br />
* [28 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000401.html ASA-201509-11] {{pkg|chromium}} cross-origin bypass<br />
* [25 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000400.html ASA-201509-10] {{pkg|rpcbind}} denial of service<br />
* [23 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000399.html ASA-201509-9] {{pkg|firefox}} multiple issues<br />
* [22 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000398.html ASA-201509-8] {{pkg|flashplugin}} multiple issues<br />
* [21 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000397.html ASA-201509-7] {{pkg|wordpress}} multiple issues<br />
* [13 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000395.html ASA-201509-6] {{pkg|icedtea-web}} multiple issues<br />
* [13 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000394.html ASA-201509-5] {{pkg|libvdpau}} {{pkg|lib32-libvdpau}} multiple issues<br />
* [13 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000393.html ASA-201509-4] {{pkg|openldap}} denial of service<br />
* [07 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000392.html ASA-201509-3] {{pkg|powerdns}} denial of service<br />
* [03 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000391.html ASA-201509-2] {{pkg|bind}} denial of service<br />
* [02 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000390.html ASA-201509-1] {{pkg|chromium}} multiple issues<br />
<br />
=== August 2015 ===<br />
* [28 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000389.html ASA-201508-12] {{pkg|firefox}} multiple issues<br />
* [26 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000388.html ASA-201508-11] {{pkg|pcre}} arbitrary code execution<br />
* [26 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000387.html ASA-201508-10] {{pkg|jasper}} denial of service<br />
* [25 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000386.html ASA-201508-9] {{pkg|django}} denial of service<br />
* [25 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000385.html ASA-201508-8] {{pkg|gnutls}} denial of service<br />
* [16 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000384.html ASA-201508-7] {{pkg|glibc}} denial of service<br />
* [14 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000383.html ASA-201508-6] {{pkg|freeradius}} insufficient CRL validation<br />
* [14 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000382.html ASA-201508-5] {{pkg|subversion}} authentication bypass<br />
* [12 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000381.html ASA-201508-4] {{pkg|firefox}} multiple issues<br />
* [11 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000380.html ASA-201508-3] {{pkg|ppp}} denial of service<br />
* [07 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000379.html ASA-201508-2] {{pkg|wordpress}} multiple issues<br />
* [07 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000378.html ASA-201508-1] {{pkg|firefox}} information leakage<br />
<br />
=== July 2015 ===<br />
* [29 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000377.html ASA-201507-23] {{pkg|pacman}} silent downgrade<br />
* [29 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000376.html ASA-201507-22] {{pkg|bind}} denial of service<br />
* [29 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000375.html ASA-201507-21] {{pkg|qemu}} multiple issues<br />
* [24 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000374.html ASA-201507-20] {{pkg|crypto++}} private key recovery<br />
* [24 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000373.html ASA-201507-19] {{pkg|libuser}} privilege escalation<br />
* [23 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000371.html ASA-201507-18] {{pkg|chromium}} multiple issues<br />
* [23 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000372.html ASA-201507-17] {{pkg|openssh}} authentication limits bypass<br />
* [22 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000370.html ASA-201507-16] {{pkg|jre7-openjdk}} multiple issues<br />
* [17 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000369.html ASA-201507-15] {{pkg|apache}} multiple issues<br />
* [16 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000368.html ASA-201507-14] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [16 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000367.html ASA-201507-13] {{pkg|flashplugin}} arbitrary code execution<br />
* [13 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000366.html ASA-201507-12] {{pkg|lib32-openssl}} man-in-the-middle<br />
* [12 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000365.html ASA-201507-11] {{pkg|lib32-krb5}} multiple issues<br />
* [12 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000364.html ASA-201507-10] {{pkg|krb5}} multiple issues<br />
* [11 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000363.html ASA-201507-9] {{pkg|thunderbird}} multiple issues<br />
* [09 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000362.html ASA-201507-8] {{pkg|openssl}} man-in-the-middle<br />
* [08 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000361.html ASA-201507-7] {{pkg|flashplugin}} remote code execution<br />
* [07 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000360.html ASA-201507-6] {{pkg|bind}} denial of service<br />
* [07 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000359.html ASA-201507-5] {{pkg|ntp}} denial of service<br />
* [04 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000358.html ASA-201507-4] {{pkg|openssh}} XSECURITY restrictions bypass<br />
* [04 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000357.html ASA-201507-3] {{pkg|haproxy}} information leakage<br />
* [03 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000356.html ASA-201507-2] {{pkg|firefox}} remote code execution<br />
* [03 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000355.html ASA-201507-1] {{pkg|wesnoth}} information leakage<br />
<br />
=== June 2015 ===<br />
* [24 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000346.html ASA-201506-5] {{pkg|flashplugin}} remote code execution<br />
* [22 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000345.html ASA-201506-4] {{pkg|curl}} information leakage<br />
* [12 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000344.html ASA-201506-3] {{pkg|openssl}} multiple issues<br />
* [10 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000343.html ASA-201506-2] {{pkg|cups}} multiple issues<br />
* [01 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000342.html ASA-201506-1] {{pkg|pcre}} buffer overflow<br />
<br />
=== May 2015 ===<br />
* [28 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000341.html ASA-201505-20] {{pkg|curl}} information leakage<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000340.html ASA-201505-19] {{pkg|webkitgtk2}} man-in-the-middle<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000339.html ASA-201505-18] {{pkg|webkitgtk}} man-in-the-middle<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000338.html ASA-201505-17] {{pkg|postgresql}} multiple issues<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000337.html ASA-201505-16] {{pkg|pgbouncer}} denial of service<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000336.html ASA-201505-15] {{pkg|nbd}} denial of service<br />
* [21 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000335.html ASA-201505-14] {{pkg|chromium}} multiple issues<br />
* [18 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000332.html ASA-201505-13] {{pkg|thunderbird}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000331.html ASA-201505-12] {{pkg|wireshark-gtk}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000330.html ASA-201505-11] {{pkg|wireshark-qt}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000329.html ASA-201505-10] {{pkg|wireshark-cli}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000328.html ASA-201505-9] {{pkg|qemu}} arbitrary code execution<br />
* [13 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000321.html ASA-201505-8] {{pkg|tomcat6}} denial of service<br />
* [13 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000320.html ASA-201505-7] {{pkg|firefox}} multiple issues<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000319.html ASA-201505-6] {{pkg|docker}} multiple issues<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000318.html ASA-201505-5] {{pkg|libtasn1}} arbitrary code execution<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000317.html ASA-201505-4] {{pkg|mariadb-clients}} multiple issues<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000316.html ASA-201505-3] {{pkg|mariadb}} multiple issues<br />
* [03 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000315.html ASA-201505-2] {{pkg|clamav}} multiple issues<br />
* [01 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000314.html ASA-201505-1] {{pkg|squid}} weak certificate validation<br />
<br />
=== Apr 2015 ===<br />
* [30 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000313.html ASA-201504-32] {{pkg|perl-xml-libxml}} xml external entity injection<br />
* [29 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000312.html ASA-201504-31] {{pkg|dovecot}} denial of service<br />
* [29 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000311.html ASA-201504-30] {{pkg|chromium}} multiple issues<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000310.html ASA-201504-29] {{pkg|wpa_supplicant}} arbitrary code execution<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000309.html ASA-201504-28] {{pkg|curl}} multiple issues<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000308.html ASA-201504-27] {{pkg|powerdns-recursor}} denial of service<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000307.html ASA-201504-26] {{pkg|powerdns}} denial of service<br />
* [23 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000305.html ASA-201504-25] {{pkg|glibc}} arbitrary code execution<br />
* [22 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000304.html ASA-201504-24] {{pkg|firefox}} arbitrary code execution<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000302.html ASA-201504-23] {{pkg|jre8-openjdk-headless}} multiple issues<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000301.html ASA-201504-22] {{pkg|jre8-openjdk}} multiple issues<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000300.html ASA-201504-21] {{pkg|jdk8-openjdk}} multiple issues<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000299.html ASA-201504-20] {{pkg|tcpdump}} denial of service<br />
* [18 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000298.html ASA-201504-19] {{pkg|chromium}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000297.html ASA-201504-18] {{pkg|flashplugin}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000296.html ASA-201504-17] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000295.html ASA-201504-16] {{pkg|jre7-openjdk}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000294.html ASA-201504-15] {{pkg|jdk7-openjdk}} multiple issues<br />
* [15 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000291.html ASA-201504-14] {{pkg|php}} multiple issues<br />
* [14 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000282.html ASA-201504-13] {{pkg|ruby}} permissive certificate matching<br />
* [11 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000281.html ASA-201504-12] {{pkg|icecast}} denial of service<br />
* [10 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000280.html ASA-201504-11] {{pkg|mediawiki}} multiple issues<br />
* [09 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000279.html ASA-201504-10] {{pkg|libssh2}} out-of-bounds read<br />
* [08 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000278.html ASA-201504-9] {{pkg|chrony}} denial of service<br />
* [08 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000275.html ASA-201504-8] {{pkg|ntp}} multiple issues<br />
* [07 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000274.html ASA-201504-7] {{pkg|tor}} multiple issues<br />
* [04 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000272.html ASA-201504-6] {{pkg|thunderbird}} multiple issues<br />
* [04 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000273.html ASA-201504-5] {{pkg|java-batik}} xml external entity injection<br />
* [04 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000271.html ASA-201504-4] {{pkg|firefox}} certificate verification bypass<br />
* [03 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000270.html ASA-201504-3] {{pkg|libtasn1}} stack overflow<br />
* [02 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000269.html ASA-201504-2] {{pkg|chromium}} remote code execution<br />
* [01 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000268.html ASA-201504-1] {{pkg|firefox}} multiple issues<br />
<br />
=== Mar 2015 ===<br />
* [31 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000267.html ASA-201503-26] {{pkg|musl}} arbitrary code execution<br />
* [28 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000266.html ASA-201503-25] {{pkg|php}} zip integer overflow<br />
* [25 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000265.html ASA-201503-24] {{pkg|vorbis-tools}} denial of service<br />
* [24 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000264.html ASA-201503-23] {{pkg|util-linux}} command injection<br />
* [23 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000263.html ASA-201503-22] {{pkg|cpio}} directory traversal<br />
* [21 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000262.html ASA-201503-21] {{pkg|firefox}} multiple issues<br />
* [20 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000261.html ASA-201503-20] {{pkg|tcpdump}} multiple issues<br />
* [20 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000260.html ASA-201503-19] {{pkg|xerces-c}} denial of service<br />
* [20 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000259.html ASA-201503-18] {{pkg|drupal}} multiple issues<br />
* [19 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000258.html ASA-201503-17] {{pkg|lib32-openssl}} multiple issues<br />
* [19 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000257.html ASA-201503-16] {{pkg|openssl}} multiple issues<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000256.html ASA-201503-15] {{pkg|libxfont}} multiple issues<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000255.html ASA-201503-14] {{pkg|ecryptfs-utils}} hard-coded passphrase salt<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000254.html ASA-201503-13] {{pkg|ettercap-gtk}} multiple issues<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000253.html ASA-201503-12] {{pkg|ettercap}} multiple issues<br />
* [16 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000252.html ASA-201503-11] {{pkg|flashplugin}} multiple issues<br />
* [16 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000251.html ASA-201503-10] {{pkg|librsync}} checksum collision<br />
* [15 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000250.html ASA-201503-9] {{pkg|unzip}} arbitrary code execution<br />
* [12 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000249.html ASA-201503-8] {{pkg|e2fsprogs}} arbitrary code execution<br />
* [11 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000248.html ASA-201503-7] {{pkg|python2-django}} {{pkg|python-django}} cross site scripting<br />
* [09 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000247.html ASA-201503-6] {{pkg|mutt}} denial of service<br />
* [05 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000245.html ASA-201503-5] {{pkg|chromium}} multiple issues<br />
* [05 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000244.html ASA-201503-4] {{pkg|grep}} denial of service<br />
* [02 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000243.html ASA-201503-3] {{pkg|lib32-elfutils}} directory traversal<br />
* [02 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000242.html ASA-201503-2] {{pkg|elfutils}} directory traversal<br />
* [02 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000241.html ASA-201503-1] {{pkg|putty}} information disclosure<br />
<br />
=== Feb 2015 ===<br />
* [25 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000238.html ASA-201502-15] {{pkg|thunderbird}} multiple issues<br />
* [25 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000237.html ASA-201502-14] {{pkg|firefox}} multiple issues<br />
* [23 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000236.html ASA-201502-13] {{pkg|samba}} arbitrary code execution<br />
* [17 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000235.html ASA-201502-12] {{pkg|krb5}} multiple issues<br />
* [11 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000234.html ASA-201502-11] {{pkg|xorg-server}} information leak and denial of service<br />
* [10 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000233.html ASA-201502-10] {{pkg|dbus}} denial of service<br />
* [09 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000232.html ASA-201502-9] {{pkg|pigz}} remote write to arbitrary file<br />
* [09 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000231.html ASA-201502-8] {{pkg|glibc}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000230.html ASA-201502-7] {{pkg|ntp}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000229.html ASA-201502-6] {{pkg|clamav}} arbitrary code execution<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000228.html ASA-201502-5] {{pkg|chromium}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000227.html ASA-201502-4] {{pkg|postgresql}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000226.html ASA-201502-3] {{pkg|mantisbt}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000225.html ASA-201502-2] {{pkg|flashplugin}} remote code execution<br />
* [03 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000224.html ASA-201502-1] {{pkg|privoxy}} denial of service<br />
<br />
=== Jan 2015 ===<br />
* [28 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000223.html ASA-201501-24] {{pkg|patch}} multiple issues<br />
* [27 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000222.html ASA-201501-23] {{pkg|jasper}} arbitrary code execution<br />
* [26 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000220.html ASA-201501-22] {{pkg|flashplugin}} multiple issues<br />
* [25 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000219.html ASA-201501-21] {{pkg|chromium}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000218.html ASA-201501-20] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000217.html ASA-201501-19] {{pkg|jre7-openjdk}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000216.html ASA-201501-18] {{pkg|jdk7-openjdk}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000215.html ASA-201501-17] {{pkg|php}} remote code execution<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000212.html ASA-201501-16] {{pkg|jre8-openjdk-headless}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000211.html ASA-201501-15] {{pkg|jre8-openjdk}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000210.html ASA-201501-14] {{pkg|jdk8-openjdk}} multiple issues<br />
* [20 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000209.html ASA-201501-13] {{pkg|polarssl}} remote code execution<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000208.html ASA-201501-12] {{pkg|libssh}} denial of service<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000207.html ASA-201501-11] {{pkg|tinyproxy}} denial of service<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000206.html ASA-201501-10] {{pkg|samba}} privilege elevation<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000205.html ASA-201501-9] {{pkg|curl}} url request injection<br />
* [15 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000204.html ASA-201501-8] {{pkg|flashplugin}} multiple issues<br />
* [14 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000203.html ASA-201501-7] {{pkg|thunderbird}} multiple issues<br />
* [14 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000202.html ASA-201501-6] {{pkg|firefox}} multiple issues<br />
* [14 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000201.html ASA-201501-5] {{pkg|cpio}} heap buffer overflow<br />
* [13 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000200.html ASA-201501-4] {{pkg|libevent}} heap overflow<br />
* [10 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000199.html ASA-201501-3] {{pkg|unzip}} arbitrary code execution<br />
* [09 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000198.html ASA-201501-2] {{pkg|openssl}} multiple issues<br />
* [07 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000192.html ASA-201501-1] {{pkg|imagemagick}} multiple issues<br />
<br />
=== Dec 2014 ===<br />
* [22 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000189.html ASA-201412-24] {{pkg|ntp}} multiple issues<br />
* [18 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000183.html ASA-201412-23] {{pkg|php}} use after free<br />
* [18 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000182.html ASA-201412-22] {{pkg|jasper}} arbitrary code execution<br />
* [18 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000181.html ASA-201412-21] {{pkg|glibc}} arbitrary code execution<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000178.html ASA-201412-20] {{pkg|unrtf}} arbitrary code execution<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000177.html ASA-201412-19] {{pkg|dokuwiki}} cross-site scripting<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000176.html ASA-201412-18] {{pkg|nss}} signature forgery<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000175.html ASA-201412-17] {{pkg|subversion}} denial of service<br />
* [15 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000174.html ASA-201412-16] {{pkg|docker}} multiple issues<br />
* [15 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000173.html ASA-201412-15] {{pkg|python2}} multiple issues<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000172.html ASA-201412-14] {{pkg|xorg-server}} multiple issues<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000171.html ASA-201412-13] {{pkg|flashplugin}} multiple issues<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000170.html ASA-201412-12] {{pkg|nvidia}} arbitrary code execution<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000169.html ASA-201412-11] {{pkg|nvidia-340xx}} arbitrary code execution<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000168.html ASA-201412-10] {{pkg|nvidia-304xx}} arbitrary code execution<br />
* [09 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000167.html ASA-201412-9] {{pkg|powerdns-recursor}} denial of service<br />
* [09 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000166.html ASA-201412-8] {{pkg|unbound}} denial of service<br />
* [08 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000165.html ASA-201412-7] {{pkg|bind}} denial of service<br />
* [08 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000164.html ASA-201412-6] {{pkg|mantisbt}} multiple issues<br />
* [04 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000163.html ASA-201412-5] {{pkg|antiword}} buffer overflow<br />
* [03 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000162.html ASA-201412-4] {{pkg|graphviz}} format string vulnerability<br />
* [03 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000161.html ASA-201412-3] {{pkg|firefox}} multiple issues<br />
* [02 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000160.html ASA-201412-2] {{pkg|openvpn}} denial of service<br />
* [01 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000159.html ASA-201412-1] {{pkg|gnupg}} denial of service<br />
<br />
=== Nov 2014 ===<br />
* [28 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000156.html ASA-201411-31] {{pkg|libksba}} denial of service<br />
* [28 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000157.html ASA-201411-32] {{pkg|icecast}} information leak<br />
* [28 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000158.html ASA-201411-33] {{pkg|libjpeg-turbo}} denial of service <br />
* [26 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000155.html ASA-201411-30] {{pkg|flac}} arbitrary code execution<br />
* [26 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000154.html ASA-201411-29] {{pkg|pcre}} heap buffer overflow<br />
* [23 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000153.html ASA-201411-28] {{pkg|dbus}} denial of service<br />
* [21 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000152.html ASA-201411-27] {{pkg|glibc}} command execution<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000151.html ASA-201411-26] {{pkg|chromium}} multiple issues<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000150.html ASA-201411-25] {{pkg|drupal}} session hijacking and denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000149.html ASA-201411-24] {{pkg|wireshark-qt}} denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000148.html ASA-201411-23] {{pkg|wireshark-gtk}} denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000147.html ASA-201411-22] {{pkg|wireshark-cli}} denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000146.html ASA-201411-21] {{pkg|clamav}} denial of service<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000145.html ASA-201411-20] {{pkg|avr-binutils}} multiple issues<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000144.html ASA-201411-19] {{pkg|mingw-w64-binutils}} multiple issues<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000143.html ASA-201411-18] {{pkg|arm-none-eabi-binutils}} multiple issues<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000142.html ASA-201411-17] {{pkg|binutils}} multiple issues<br />
* [17 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000141.html ASA-201411-16] {{pkg|ruby}} denial of service<br />
* [17 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000140.html ASA-201411-15] {{pkg|linux-lts}} local denial of service, privilege escalation<br />
* [17 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000139.html ASA-201411-14] {{pkg|linux}} local denial of service, privilege escalation<br />
* [13 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000138.html ASA-201411-13] {{pkg|php}} denial of service<br />
* [13 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000137.html ASA-201411-12] {{pkg|imagemagick}} denial of service<br />
* [13 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000136.html ASA-201411-11] {{pkg|flashplugin}} remote code execution<br />
* [12 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000135.html ASA-201411-10] {{pkg|gnutls}} out-of-bounds memory write<br />
* [12 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000134.html ASA-201411-9] {{pkg|file}} denial of service through out-of-bounds read<br />
* [12 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000133.html ASA-201411-8] {{pkg|mantisbt}} arbitrary code execution and unrestricted access<br />
* [11 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000132.html ASA-201411-7] {{pkg|curl}} out-of-bounds read<br />
* [10 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000131.html ASA-201411-6] {{pkg|kdebase-workspace}} local privilege escalation<br />
* [09 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000130.html ASA-201411-5] {{pkg|konversation}} denial of service<br />
* [06 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000129.html ASA-201411-4] {{pkg|polarssl}} multiple issues<br />
* [05 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000128.html ASA-201411-3] {{pkg|mantisbt}} sql injection<br />
* [03 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000127.html ASA-201411-2] {{pkg|aircrack-ng}} multiple vulnerabilities<br />
* [01 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000126.html ASA-201411-1] {{pkg|tnftp}} arbitrary command execution<br />
<br />
=== Oct 2014 ===<br />
<br />
* [29 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000125.html ASA-201410-14] {{pkg|wget}} arbitrary filesystem access<br />
* [27 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000124.html ASA-201410-13] {{pkg|ejabberd}} circumvention of encryption<br />
* [24 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000123.html ASA-201410-12] {{pkg|libxml2}} Denial of service<br />
* [24 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000122.html ASA-201410-11] {{pkg|ctags}} Denial of service<br />
* [23 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000121.html ASA-201410-10] {{pkg|libvncserver}} Remote code execution and Remote DoS<br />
* [22 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000120.html ASA-201410-9] {{pkg|libpurple}} Remote DoS and Information leakage<br />
* [20 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000119.html ASA-201410-8] {{pkg|wpa_supplicant}}, {{pkg|hostapd}} Arbitrary command execution<br />
* [16 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000118.html ASA-201410-7] {{pkg|drupal}} SQL Injection<br />
* [16 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000117.html ASA-201410-6] {{pkg|openssl}} Memory leak and poodle mitigation<br />
* [15 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000116.html ASA-201410-4] {{pkg|zeromq}} Man-in-the-middle downgrade and replay attack<br />
* [8 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000115.html ASA-201410-5] {{pkg|rsyslog}} Denial of service<br />
* [4 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000114.html ASA-201410-3] {{pkg|mediawiki}} Cross-site Scripting (XSS) and UI redressing<br />
* [2 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000113.html ASA-201410-2] {{pkg|jenkins}} Multiple issues<br />
* [1 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000112.html ASA-201410-1] {{pkg|rsyslog}} Remote denial of service<br />
<br />
=== Sep 2014 ===<br />
<br />
* [29 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000111.html ASA-201409-5] {{pkg|libvirt}} Out-of-bounds read access<br />
* [29 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000109.html ASA-201409-4] {{pkg|mediawiki}} Cross-site Scripting (XSS)<br />
* [26 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000102.html ASA-201409-3] {{pkg|python2}} Information leakage through integer overflow<br />
* [26 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000099.html ASA-201409-2] {{pkg|bash}} Remote code execution<br />
* [25 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000097.html ASA-201409-1] {{pkg|nss}} Signature forgery attack<br />
<br />
==Publishing a new advisory==<br />
<br />
We try to always wait for the vulnerability to have been fixed in the corresponding package before issuing an advisory.<br />
In case of an extremely critical vulnerability,<br />
we may issue an advisory before the package has been fixed, but only if a work-around exists. <br />
<br />
If you want to publish a new advisory, please check that:<br />
* the corresponding Arch Linux package is really vulnerable ;<br />
* the tracking [[Arch_CVE_Monitoring_Team#Procedure|Procedure]] has been completed;<br />
* no Arch Linux Security Advisory for this vulnerability has been published yet ;<br />
* no upcoming Security Advisory for this vulnerability has been claimed in the "[[#Scheduled Advisories|Scheduled Advisories]]" list of this page, as it would mean that someone is already working on an advisory ;<br />
* the current maintainer has been notified, either by flagging the package ouf-of-date if an upstream release fixing the issue exists and/or by creating a new [https://bugs.archlinux.org/ bug-tracker] entry (see the exact procedure [[Arch_CVE_Monitoring_Team#Procedure|here]]).<br />
<br />
You may then:<br />
* add a line in the "[[#Scheduled Advisories|Scheduled Advisories]]" list of this page, indicating that you are going to publish an advisory soon ;<br />
* use the following template as an example to write the advisory ;<br />
* ensure that every line in the advisory is properly wrapped after 72 characters<br />
* send the advisory to the [https://mailman.archlinux.org/mailman/listinfo/arch-security arch-security] mailing-list (note that it would be nice if you could send a PGP-signed e-mail, but it is not required).<br />
* move the published advisory from "[[#Scheduled Advisories|Scheduled Advisories]]" to "[[#Recent Advisories|Recent Advisories]]"<br />
* adapt the [[CVE#Documented_CVE.27s|CVE]] tracking page for the fixed package and add a link to the appropriate ASA.<br />
<br />
===Templates===<br />
<br />
{{bc|<nowiki><br />
Subject:<br />
[ASA-<YYYYMM-N>] <Package>: <Vulnerability Type><br />
<br />
Body:<br />
Arch Linux Security Advisory ASA-YYYYMM-N<br />
=========================================<br />
<br />
Severity: Low, Medium, High, Critical<br />
Date : YYYY-MM-DD<br />
CVE-ID : <CVE-ID><br />
Package : <package><br />
Type : <Vulnerability Type><br />
Remote : <Yes/No><br />
Link : https://wiki.archlinux.org/index.php/CVE<br />
<br />
Summary<br />
=======<br />
<br />
The package <package> before version <Arch Linux fixed version> is vulnerable to <Vulnerability type>.<br />
<br />
Resolution<br />
==========<br />
<br />
Upgrade to <Arch Linux fixed version>.<br />
<br />
# pacman -Syu "<package>>=<Arch Linux fixed version>"<br />
<br />
The problem has been fixed upstream in version <upstream fixed version>.<br />
<br />
Workaround<br />
==========<br />
<br />
<Is there a way to mitigate this vulnerability without upgrading?><br />
<br />
Description<br />
===========<br />
<br />
<Long description, for example from original advisory>.<br />
<br />
Impact<br />
======<br />
<br />
<<br />
What is it that an attacker can do? Does this need existing<br />
pre-conditions to be exploited (valid credentials, physical access)?<br />
Is this remotely exploitable?<br />
>.<br />
<br />
References<br />
==========<br />
<br />
<CVE-Link><br />
<Upstream report><br />
<Arch Linux Bug-Tracker><br />
</nowiki>}}<br />
<br />
===Vim-Snippet===<br />
<br />
Vim-Snippet for vim-ultisnips plugin for easy completing the archlinux template. Just install {{pkg|vim-ultisnips}} and copy the text below in your {{ic|~/.vim/UltiSnips/all.snippets}} you can jump through the tabstops with {{ic|CTRL+j}}.<br />
<br />
{{bc|<nowiki><br />
snippet archsec "arch security form" <br />
Arch Linux Security Advisory ASA-`date -I -u | egrep -o '[0-9]{4}'``date -I -u | egrep -o '[0-9]{2}' | sed '3q;d'`-${1}<br />
========================================${1/./=/g} <br />
<br />
Severity: ${2} <br />
Date : `date -I -u` <br />
CVE-ID : $3 <br />
Package : $4 <br />
Type : $5<br />
Remote : ${6} <br />
Link : https://wiki.archlinux.org/index.php/CVE <br />
<br />
Summary<br />
=======<br />
<br />
The package $4 before version $7 is vulnerable to $5 ${8} <br />
<br />
Resolution<br />
==========<br />
<br />
Upgrade to $7.<br />
<br />
# pacman -Syu "$4>=$7" <br />
<br />
${9:The problems have been fixed upstream in version ${7/-\d+$/./}} <br />
<br />
Workaround<br />
========== <br />
<br />
${10:None.} <br />
<br />
Description <br />
=========== <br />
<br />
${3/(CVE-....-....)(\s?)/- $1(?2: : )()\n\n/g} <br />
<br />
Impact<br />
====== <br />
<br />
A${6/(Yes)|(No)/(?1: remote )(?2: local )/}attacker is able to ${12} <br />
<br />
References<br />
========== <br />
<br />
${3/(CVE-....-....)(\s?)/https:\/\/access.redhat.com\/security\/cve\/$1\n/g}<br />
${13}<br />
endsnippet<br />
<br />
</nowiki>}}</div>
Anthraxx
https://wiki.archlinux.org/index.php?title=Security_Advisories&diff=456897
Security Advisories
2016-11-16T17:11:17Z
<p>Anthraxx: adding advisories</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
[[ja:セキュリティアドバイザリ]]<br />
{{Related articles start}}<br />
{{Related|Arch CVE Monitoring Team}}<br />
{{Related|CVE}}<br />
{{Related|Security Advisories/Examples}}<br />
{{Related articles end}}<br />
<br />
Security Advisories are published by the community driven [[Arch CVE Monitoring Team]] to the public [https://mailman.archlinux.org/mailman/listinfo/arch-security arch-security] list.<br />
All published advisories can be found below, however if you want to be up-to-date its recommended to subscribe to the [https://mailman.archlinux.org/mailman/listinfo/arch-security list]. All assigned CVE's are tracked at the relevant CVE page [[CVE]], by the [[Arch_CVE_Monitoring_Team|ACMT]].<br />
<br />
==Scheduled Advisories==<br />
<br />
<br />
<br />
==Recent Advisories==<br />
Here is an archive of security advisories posted to the [https://mailman.archlinux.org/mailman/listinfo/arch-security arch-security] list.<br />
<br />
=== November 2016 ===<br />
* [16 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000764.html ASA-201611-17] {{pkg|libgit2}} denial of service<br />
* [16 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000763.html ASA-201611-16] {{pkg|firefox}} multiple issues<br />
* [16 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000762.html ASA-201611-15] {{pkg|python-django}} multiple issues<br />
* [16 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000761.html ASA-201611-14] {{pkg|python2-django}} multiple issues<br />
* [14 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000760.html ASA-201611-13] {{pkg|shutter}} arbitrary code execution<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000759.html ASA-201611-12] {{pkg|lib32-gdk-pixbuf2}} arbitrary code execution<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000758.html ASA-201611-11] {{pkg|tar}} arbitrary file overwrite<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000757.html ASA-201611-10] {{pkg|lib32-libcurl-gnutls}} multiple issues<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000756.html ASA-201611-9] {{pkg|libcurl-gnutls}} multiple issues<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000755.html ASA-201611-8] {{pkg|libcurl-compat}} multiple issues<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000754.html ASA-201611-7] {{pkg|curl}} multiple issues<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000753.html ASA-201611-6] {{pkg|tomcat6}} proxy injection<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000752.html ASA-201611-5] {{pkg|lib32-libcurl-compat}} multiple issues<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000751.html ASA-201611-4] {{pkg|lib32-curl}} multiple issues<br />
* [01 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000750.html ASA-201611-3] {{pkg|bind}} denial of service<br />
* [01 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000749.html ASA-201611-2] {{pkg|libxml2}} arbitrary code execution<br />
* [01 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000748.html ASA-201611-1] {{pkg|memcached}} arbitrary code execution<br />
<br />
=== October 2016 ===<br />
* [26 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000747.html ASA-201610-19] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [26 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000746.html ASA-201610-18] {{pkg|flashplugin}} arbitrary code execution<br />
* [24 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000745.html ASA-201610-17] {{pkg|ocaml}} information disclosure<br />
* [24 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000744.html ASA-201610-16] {{pkg|linux-grsec}} privilege escalation<br />
* [23 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000743.html ASA-201610-15] {{pkg|chromium}} multiple issues<br />
* [22 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000742.html ASA-201610-14] {{pkg|linux}} privilege escalation<br />
* [21 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000741.html ASA-201610-13] {{pkg|python-django}} cross-site request forgery<br />
* [21 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000740.html ASA-201610-12] {{pkg|python2-django}} cross-site request forgery<br />
* [21 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000739.html ASA-201610-11] {{pkg|linux-lts}} privilege escalation<br />
* [16 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000738.html ASA-201610-10] {{pkg|guile}} multiple issues<br />
* [13 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000737.html ASA-201610-9] {{pkg|gdk-pixbuf2}} arbitrary code execution<br />
* [11 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000736.html ASA-201610-8] {{pkg|crypto++}} information disclosure<br />
* [09 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000735.html ASA-201610-7] {{pkg|wpa_supplicant}} multiple issues<br />
* [08 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000734.html ASA-201610-6] {{pkg|imagemagick}} multiple issues<br />
* [07 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000733.html ASA-201610-5] {{pkg|messagelib}} multiple issues<br />
* [07 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000732.html ASA-201610-4] {{pkg|kcoreaddons}} insufficient validation<br />
* [03 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000731.html ASA-201610-3] {{pkg|hostapd}} multiple issues<br />
* [03 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000730.html ASA-201610-2] {{pkg|systemd}} denial of service<br />
* [03 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000729.html ASA-201610-1] {{pkg|chromium}} arbitrary code execution<br />
<br />
=== September 2016 ===<br />
* [30 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000728.html ASA-201609-32] {{pkg|wordpress}} multiple issues<br />
* [30 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000727.html ASA-201609-31] {{pkg|c-ares}} arbitrary code execution<br />
* [28 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000726.html ASA-201609-30] {{pkg|openssl}} denial of service<br />
* [28 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000725.html ASA-201609-29] {{pkg|bind}} denial of service<br />
* [27 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000724.html ASA-201609-28] {{pkg|lib32-openssl}} denial of service<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000723.html ASA-201609-27] {{pkg|wireshark-cli}} denial of service<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000722.html ASA-201609-26] {{pkg|lib32-gnutls}} certificate verification bypass<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000721.html ASA-201609-25] {{pkg|gnutls}} certificate verification bypass<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000720.html ASA-201609-24] {{pkg|lib32-openssl}} multiple issues<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000719.html ASA-201609-23] {{pkg|openssl}} multiple issues<br />
* [22 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000718.html ASA-201609-22] {{pkg|firefox}} multiple issues<br />
* [22 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000717.html ASA-201609-21] {{pkg|tomcat7}} proxy injection<br />
* [22 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000716.html ASA-201609-20] {{pkg|irssi}} arbitrary code execution<br />
* [20 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000715.html ASA-201609-19] {{pkg|curl}} denial of service<br />
* [20 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000714.html ASA-201609-18] {{pkg|lib32-curl}} denial of service<br />
* [20 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000713.html ASA-201609-17] {{pkg|lib32-jansson}} denial of service<br />
* [18 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000712.html ASA-201609-16] {{pkg|php}} multiple issues<br />
* [17 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000711.html ASA-201609-15] {{pkg|jansson}} denial of service<br />
* [17 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000710.html ASA-201609-14] {{pkg|lib32-libgcrypt}} information disclosure<br />
* [17 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000709.html ASA-201609-13] {{pkg|chromium}} multiple issues<br />
* [15 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000708.html ASA-201609-12] {{pkg|lib32-flashplugin}} multiple issues<br />
* [15 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000707.html ASA-201609-11] {{pkg|flashplugin}} multiple issues<br />
* [14 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000706.html ASA-201609-10] {{pkg|mariadb}} multiple issues<br />
* [13 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000705.html ASA-201609-9] {{pkg|powerdns}} denial of service<br />
* [13 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000704.html ASA-201609-8] {{pkg|libtorrent-rasterbar}} denial of service<br />
* [10 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000703.html ASA-201609-7] {{pkg|tomcat8}} proxy injection<br />
* [09 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000702.html ASA-201609-6] {{pkg|graphicsmagick}} multiple issues<br />
* [09 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000701.html ASA-201609-5] {{pkg|file-roller}} directory traversal<br />
* [09 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000700.html ASA-201609-4] {{pkg|wordpress}} multiple issues<br />
* [04 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000699.html ASA-201609-3] {{pkg|thunderbird}} arbitrary code execution<br />
* [01 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000698.html ASA-201609-2] {{pkg|webkit2gtk}} multiple issues<br />
* [01 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000697.html ASA-201609-1] {{pkg|chromium}} multiple issues<br />
<br />
=== August 2016 ===<br />
* [30 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000696.html ASA-201608-22] {{pkg|mupdf}} arbitrary code execution<br />
* [30 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000695.html ASA-201608-21] {{pkg|mupdf}} arbitrary code execution<br />
* [27 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000694.html ASA-201608-20] {{pkg|wireshark-cli}} denial of service<br />
* [26 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000693.html ASA-201608-19] {{pkg|mediawiki}} multiple issues<br />
* [22 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000692.html ASA-201608-18] {{pkg|libgcrypt}} information disclosure<br />
* [21 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000691.html ASA-201608-17] {{pkg|linux-lts}} information disclosure<br />
* [17 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000690.html ASA-201608-16] {{pkg|chromium}} multiple issues<br />
* [17 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000689.html ASA-201608-15] {{pkg|linux-zen}} information disclosure<br />
* [14 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000688.html ASA-201608-14] {{pkg|postgresql}} multiple issues<br />
* [14 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000687.html ASA-201608-13] {{pkg|linux-grsec}} information disclosure<br />
* [14 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000686.html ASA-201608-12] {{pkg|linux}} information disclosure<br />
* [11 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000685.html ASA-201608-11] {{pkg|websvn}} cross-site scripting<br />
* [10 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000684.html ASA-201608-10] {{pkg|jq}} arbitrary code execution<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000683.html ASA-201608-9] {{pkg|curl}} multiple issues<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000682.html ASA-201608-8] {{pkg|libupnp}} arbitrary filesystem access<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000681.html ASA-201608-7] {{pkg|lib32-glibc}} denial of service<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000680.html ASA-201608-6] {{pkg|glibc}} denial of service<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000679.html ASA-201608-5] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000678.html ASA-201608-4] {{pkg|jre7-openjdk}} multiple issues<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000677.html ASA-201608-3] {{pkg|jdk7-openjdk}} multiple issues<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000676.html ASA-201608-2] {{pkg|firefox}} multiple issues<br />
* [02 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000675.html ASA-201608-1] {{pkg|openssh}} information leakage<br />
<br />
=== July 2016 ===<br />
* [30 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000674.html ASA-201607-14] {{pkg|libidn}} denial of service<br />
* [29 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000673.html ASA-201607-13] {{pkg|imagemagick}} information leakage<br />
* [24 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000672.html ASA-201607-12] {{pkg|chromium}} multiple issues<br />
* [22 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000671.html ASA-201607-11] {{pkg|python2-django}} cross site scripting<br />
* [22 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000670.html ASA-201607-10] {{pkg|python-django}} cross site scripting<br />
* [21 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000669.html ASA-201607-9] {{pkg|drupal}} proxy injection<br />
* [20 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000668.html ASA-201607-8] {{pkg|bind}} denial of service<br />
* [18 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000667.html ASA-201607-7] {{pkg|lib32-flashplugin}} multiple issues<br />
* [18 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000666.html ASA-201607-6] {{pkg|flashplugin}} multiple issues<br />
* [17 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000665.html ASA-201607-5] {{pkg|gimp}} arbitrary code execution<br />
* [10 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000664.html ASA-201607-4] {{pkg|thunderbird}} arbitrary code execution<br />
* [05 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000663.html ASA-201607-3] {{pkg|libreoffice-fresh}} arbitrary code execution<br />
* [05 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000662.html ASA-201607-2] {{pkg|xerces-c}} denial of service<br />
* [05 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000661.html ASA-201607-1] {{pkg|libarchive}} arbitrary code execution<br />
<br />
=== June 2016 ===<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000660.html ASA-201606-25] {{pkg|phpmyadmin}} multiple issues<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000659.html ASA-201606-24] {{pkg|libpurple}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000658.html ASA-201606-23] {{pkg|libdwarf}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000657.html ASA-201606-22] {{pkg|xerces-c}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000656.html ASA-201606-21] {{pkg|vlc}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000655.html ASA-201606-20] {{pkg|chromium}} arbitrary code execution<br />
* [20 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000654.html ASA-201606-19] {{pkg|wget}} arbitrary file upload<br />
* [20 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000653.html ASA-201606-18] {{pkg|lib32-flashplugin}} multiple issues<br />
* [19 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000652.html ASA-201606-17] {{pkg|lib32-glibc}} denial of service<br />
* [19 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000651.html ASA-201606-16] {{pkg|glibc}} denial of service<br />
* [19 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000650.html ASA-201606-15] {{pkg|flashplugin}} multiple issues<br />
* [13 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000649.html ASA-201606-14] {{pkg|lib32-expat}} multiple issues<br />
* [13 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000648.html ASA-201606-13] {{pkg|expat}} multiple issues<br />
* [10 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000647.html ASA-201606-12] {{pkg|lib32-gnutls}} arbitrary file overwrite<br />
* [10 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000646.html ASA-201606-11] {{pkg|haproxy}} denial of service<br />
* [10 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000645.html ASA-201606-10] {{pkg|gnutls}} arbitrary file overwrite<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000644.html ASA-201606-9] {{pkg|qemu-arch-extra}} multiple issues<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000643.html ASA-201606-8] {{pkg|qemu}} multiple issues<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000642.html ASA-201606-7] {{pkg|firefox}} multiple issues<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000641.html ASA-201606-6] {{pkg|subversion}} multiple issues<br />
* [5 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000640.html ASA-201606-5] {{pkg|chromium}} multiple issues<br />
* [4 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000639.html ASA-201606-4] {{pkg|ntp}} distributed denial of service amplification<br />
* [4 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000638.html ASA-201606-3] {{pkg|webkit2gtk}} arbitrary code execution<br />
* [1 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000637.html ASA-201606-2] {{pkg|nginx-mainline}} denial of service<br />
* [1 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000636.html ASA-201606-1] {{pkg|nginx}} denial of service<br />
<br />
=== May 2016 ===<br />
<br />
* [28 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000635.html ASA-201605-28] {{pkg|chromium}} multiple issues<br />
* [26 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000634.html ASA-201605-27] {{pkg|libxml2}} multiple issues<br />
* [24 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000633.html ASA-201605-26] {{pkg|libndp}} man-in-the-middle<br />
* [19 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000632.html ASA-201605-25] {{pkg|bugzilla}} cross-site scripting<br />
* [18 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000631.html ASA-201605-24] {{pkg|p7zip}} arbitrary code execution<br />
* [18 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000630.html ASA-201605-23] {{pkg|lib32-expat}} arbitrary code execution<br />
* [18 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000629.html ASA-201605-22] {{pkg|expat}} arbitrary code execution<br />
* [15 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000628.html ASA-201605-21] {{pkg|thunderbird}} arbitrary code execution<br />
* [13 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000627.html ASA-201605-20] {{pkg|lib32-glibc}} multiple issues<br />
* [13 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000626.html ASA-201605-19] {{pkg|glibc}} multiple issues<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000625.html ASA-201605-18] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000624.html ASA-201605-17] {{pkg|libksba}} denial of service<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000623.html ASA-201605-16] {{pkg|flashplugin}} arbitrary code execution<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000622.html ASA-201605-15] {{pkg|chromium}} multiple issues<br />
* [10 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000621.html ASA-201605-14] {{pkg|cacti}} sql injection<br />
* [10 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000620.html ASA-201605-13] {{pkg|squid}} multiple issues<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000619.html ASA-201605-12] {{pkg|mencoder}} denial of service<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000618.html ASA-201605-11] {{pkg|mplayer}} denial of service<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000617.html ASA-201605-10] {{pkg|mercurial}} arbitrary code execution<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000616.html ASA-201605-9] {{pkg|latex2rtf}} arbitrary code execution<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000615.html ASA-201605-8] {{pkg|gd}} arbitrary code execution<br />
* [05 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000614.html ASA-201605-7] {{pkg|chromium}} multiple issues<br />
* [05 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000613.html ASA-201605-6] {{pkg|imagemagick}} arbitrary code execution<br />
* [05 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000612.html ASA-201605-5] {{pkg|quassel-core}} denial of service<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000611.html ASA-201605-4] {{pkg|lib32-openssl}} multiple issues<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000610.html ASA-201605-3] {{pkg|openssl}} multiple issues<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000609.html ASA-201605-2] {{pkg|jasper}} multiple issues<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000608.html ASA-201605-1] {{pkg|imlib2}} multiple issues<br />
<br />
=== April 2016 ===<br />
<br />
* [30 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000607.html ASA-201604-15] {{pkg|firefox}} multiple issues<br />
* [23 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000606.html ASA-201604-14] {{pkg|squid}} multiple issues<br />
* [23 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000605.html ASA-201604-13] {{pkg|samba}} multiple issues<br />
* [23 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000604.html ASA-201604-12] {{pkg|thunderbird}} multiple issues<br />
* [22 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000603.html ASA-201604-11] {{pkg|pgpdump}} denial of service<br />
* [17 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000602.html ASA-201604-10] {{pkg|chromium}} multiple issues<br />
* [17 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000601.html ASA-201604-9] {{pkg|libtasn1}} denial of service<br />
* [14 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000600.html ASA-201604-8] {{pkg|lhasa}} arbitrary code execution<br />
* [10 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000599.html ASA-201604-7] {{pkg|flashplugin}} arbitrary code execution<br />
* [06 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000598.html ASA-201604-6] {{pkg|mercurial}} arbitrary code execution<br />
* [04 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000597.html ASA-201604-5] {{pkg|optipng}} arbitrary code execution<br />
* [02 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000596.html ASA-201604-4] {{pkg|squid}} denial of service<br />
* [01 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000595.html ASA-201604-3] {{pkg|jre7-openjdk-headless}} sandbox escape<br />
* [01 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000594.html ASA-201604-2] {{pkg|jre7-openjdk}} sandbox escape<br />
* [01 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000593.html ASA-201604-1] {{pkg|jdk7-openjdk}} sandbox escape<br />
<br />
=== March 2016 ===<br />
<br />
* [29 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000592.html ASA-201603-27] {{pkg|jre8-openjdk-headless}} sandbox escape<br />
* [29 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000591.html ASA-201603-26] {{pkg|jre8-openjdk}} sandbox escape<br />
* [29 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000590.html ASA-201603-25] {{pkg|jdk8-openjdk}} sandbox escape<br />
* [26 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000589.html ASA-201603-24] {{pkg|chromium}} multiple issues<br />
* [24 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000588.html ASA-201603-23] {{pkg|expat}} arbitrary code execution<br />
* [24 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000587.html ASA-201603-22] {{pkg|botan}} multiple issues<br />
* [20 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000586.html ASA-201603-21] {{pkg|thunderbird}} multiple issues<br />
* [20 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000585.html ASA-201603-20] {{pkg|git}} remote command execution<br />
* [14 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000584.html ASA-201603-19] {{pkg|dropbear}} command injection<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000583.html ASA-201603-18] {{pkg|pcre}} arbitrary code execution<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000582.html ASA-201603-17] {{pkg|wireshark-gtk}} denial of service<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000581.html ASA-201603-16] {{pkg|wireshark-qt}} denial of service<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000580.html ASA-201603-15] {{pkg|wireshark-cli}} denial of service<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000579.html ASA-201603-14] {{pkg|pidgin-otr}} arbitrary code execution<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000578.html ASA-201603-13] {{pkg|bind}} denial of service<br />
* [11 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000577.html ASA-201603-12] {{pkg|openssh}} command injection<br />
* [11 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000576.html ASA-201603-11] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [11 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000575.html ASA-201603-10] {{pkg|flashplugin}} arbitrary code execution<br />
* [10 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000574.html ASA-201603-9] {{pkg|perl}} improper input validation<br />
* [10 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000573.html ASA-201603-8] {{pkg|exim}} privilege escalation<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000572.html ASA-201603-7] {{pkg|bind}} denial of service<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000571.html ASA-201603-6] {{pkg|libotr}} arbitrary code execution<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000570.html ASA-201603-5] {{pkg|chromium}} multiple issues<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000569.html ASA-201603-4] {{pkg|firefox}} multiple issues<br />
* [7 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000568.html ASA-201603-3] {{pkg|lib32-openssl}} multiple issues<br />
* [7 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000567.html ASA-201603-2] {{pkg|openssl}} multiple issues<br />
* [3 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000566.html ASA-201603-1] {{pkg|chromium}} multiple issues<br />
<br />
=== February 2016 ===<br />
<br />
* [28 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000565.html ASA-201602-24] {{pkg|cacti}} SQL injection<br />
* [28 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000564.html ASA-201602-23] {{pkg|lib32-glibc}} unbound stack usage<br />
* [28 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000563.html ASA-201602-22] {{pkg|glibc}} unbound stack usage<br />
* [25 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000562.html ASA-201602-21] {{pkg|lib32-libssh2}} man-in-the-middle<br />
* [25 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000561.html ASA-201602-20] {{pkg|libssh2}} man-in-the-middle<br />
* [24 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000560.html ASA-201602-19] {{pkg|libgcrypt}} secret key extraction<br />
* [23 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000559.html ASA-201602-18] {{pkg|libssh}} man-in-the-middle<br />
* [21 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000558.html ASA-201602-17] {{pkg|chromium}} multiple issues<br />
* [21 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000557.html ASA-201602-16] {{pkg|thunderbird}} multiple issues<br />
* [17 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000555.html ASA-201602-15] {{pkg|lib32-glibc}} multiple issues<br />
* [17 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000554.html ASA-201602-14] {{pkg|glibc}} multiple issues<br />
* [13 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000553.html ASA-201602-13] {{pkg|nghttp2}} denial of service<br />
* [13 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000552.html ASA-201602-12] {{pkg|firefox}} same-origin policy bypass<br />
* [10 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000551.html ASA-201602-11] {{pkg|botan}} multiple issues<br />
* [10 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000550.html ASA-201602-10] {{pkg|kscreenlocker}} access restriction bypass<br />
* [6 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000549.html ASA-201602-9] {{pkg|lib32-libsndfile}} multiple issues<br />
* [6 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000548.html ASA-201602-8] {{pkg|libsndfile}} multiple issues<br />
* [4 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000547.html ASA-201602-7] {{pkg|libbsd}} denial of service<br />
* [3 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000546.html ASA-201602-6] {{pkg|lib32-nettle}} improper cryptographic calculations<br />
* [3 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000545.html ASA-201602-5] {{pkg|nettle}} improper cryptographic calculations<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000544.html ASA-201602-4] {{pkg|lib32-curl}} man-in-the-middle<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000543.html ASA-201602-3] {{pkg|curl}} man-in-the-middle<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000542.html ASA-201602-2] {{pkg|python2-django}} permission bypass<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000540.html ASA-201602-1] {{pkg|python-django}} permission bypass<br />
<br />
=== January 2016 ===<br />
* [29 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000539.html ASA-201601-33] {{pkg|lib32-openssl}} man-in-the-middle<br />
* [29 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000538.html ASA-201601-32] {{pkg|openssl}} man-in-the-middle<br />
* [27 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000536.html ASA-201601-31] {{pkg|nginx}} denial of service<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000535.html ASA-201601-30] {{pkg|blueman}} privilege escalation<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000534.html ASA-201601-29] {{pkg|mbedtls}} man-in-the-middle<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000533.html ASA-201601-28] {{pkg|chromium}} multiple issues<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000532.html ASA-201601-27] {{pkg|privoxy}} denial of service<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000531.html ASA-201601-26] {{pkg|linux-lts}} privilege escalation<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000530.html ASA-201601-25] {{pkg|ecryptfs-utils}} privilege escalation<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000529.html ASA-201601-24] {{pkg|python2-rsa}} signature forgery<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000528.html ASA-201601-23] {{pkg|python-rsa}} signature forgery<br />
* [21 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000527.html ASA-201601-22] {{pkg|libdwarf}} denial of service<br />
* [21 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000526.html ASA-201601-21] {{pkg|bind}} denial of service<br />
* [20 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000525.html ASA-201601-20] {{pkg|linux}} privilege escalation<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000524.html ASA-201601-19] {{pkg|ntp}} time alteration<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000523.html ASA-201601-18] {{pkg|roundcubemail}} remote code execution<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000522.html ASA-201601-17] {{pkg|ffmpeg}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000521.html ASA-201601-16] {{pkg|syncthing}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000520.html ASA-201601-15] {{pkg|keybase}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000519.html ASA-201601-14] {{pkg|hub}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000518.html ASA-201601-13] {{pkg|go-ipfs}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000517.html ASA-201601-12] {{pkg|docker}} information leakage<br />
* [16 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000516.html ASA-201601-11] {{pkg|go}} information leakage<br />
* [14 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000515.html ASA-201601-10] {{pkg|php}} multiple issues<br />
* [14 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000512.html ASA-201601-9] {{pkg|openssh}} multiple issues<br />
* [13 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000487.html ASA-201601-8] {{pkg|libxslt}} denial of service<br />
* [11 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000486.html ASA-201601-7] {{pkg|dhcpcd}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000485.html ASA-201601-6] {{pkg|wireshark-qt}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000484.html ASA-201601-5] {{pkg|wireshark-gtk}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000483.html ASA-201601-4] {{pkg|wireshark-cli}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000482.html ASA-201601-3] {{pkg|gajim}} man-in-the-middle<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000481.html ASA-201601-2] {{pkg|wordpress}} cross-side scripting<br />
* [02 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000480.html ASA-201601-1] {{pkg|rtmpdump}} multiple issues<br />
<br />
=== December 2015 ===<br />
<br />
* [28 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000479.html ASA-201512-19] {{pkg|openvpn}} out-of-bound read<br />
* [28 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000478.html ASA-201512-18] {{pkg|libpng}} buffer overflow<br />
* [28 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000477.html ASA-201512-17] {{pkg|flashplugin}}, {{pkg|lib32-flashplugin}} multiple issues<br />
* [25 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000476.html ASA-201512-16] {{pkg|nghttp2}} use-after-free<br />
* [25 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000475.html ASA-201512-15] {{pkg|mediawiki}} multiple issues<br />
* [25 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000474.html ASA-201512-14] {{pkg|thunderbird}} multiple issues<br />
* [22 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000473.html ASA-201512-13] {{pkg|claws-mail}} buffer overflow<br />
* [17 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000472.html ASA-201512-12] {{pkg|python2-pyamf}} XML external entity injection<br />
* [17 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000471.html ASA-201512-11] {{pkg|ruby}} unsafe tainted string usage<br />
* [16 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000468.html ASA-201512-10] {{pkg|bind}} denial of service<br />
* [15 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000467.html ASA-201512-9] {{pkg|firefox}} multiple issues<br />
* [10 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000466.html ASA-201512-8] {{pkg|keepassx}} information disclosure<br />
* [09 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000465.html ASA-201512-7] {{pkg|flashplugin}} multiple issues<br />
* [09 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000464.html ASA-201512-6] {{pkg|libxml2}} multiple issues<br />
* [09 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000463.html ASA-201512-5] {{pkg|chromium}} multiple issues<br />
* [05 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000462.html ASA-201512-4] {{pkg|nodejs}} denial of service<br />
* [05 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000460.html ASA-201512-3] {{pkg|python-django}} {{pkg|python2-django}} information leakage<br />
* [05 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000459.html ASA-201512-2] {{pkg|openssl}} {{pkg|lib32-openssl}} multiple issues<br />
* [02 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000440.html ASA-201512-1] {{pkg|chromium}} multiple issues<br />
<br />
=== November 2015 ===<br />
<br />
* [18 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000439.html ASA-201511-11] {{pkg|jenkins}} multiple issues<br />
* [17 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000438.html ASA-201511-10] {{pkg|lib32-libpng}} multiple issues<br />
* [17 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000437.html ASA-201511-9] {{pkg|libpng}} multiple issues<br />
* [13 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000436.html ASA-201511-8] {{pkg|chromium}} information leakage<br />
* [12 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000435.html ASA-201511-7] {{pkg|putty}} arbitrary code execution<br />
* [12 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000434.html ASA-201511-6] {{pkg|powerdns}} denial of service<br />
* [11 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000433.html ASA-201511-5] {{pkg|flashplugin}} multiple issues<br />
* [06 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000432.html ASA-201511-4] {{pkg|nspr}} arbitrary code execution<br />
* [06 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000431.html ASA-201511-3] {{pkg|nss}} arbitrary code execution<br />
* [04 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000430.html ASA-201511-2] {{pkg|firefox}} multiple issues<br />
* [03 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000429.html ASA-201511-1] {{pkg|unzip}} multiple issues<br />
<br />
=== October 2015 ===<br />
<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000428.html ASA-201510-26] {{pkg|mariadb}} denial of service<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000427.html ASA-201510-25] {{pkg|lldpd}} denial of service<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000426.html ASA-201510-24] {{pkg|wordpress}} multiple issues<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000425.html ASA-201510-23] {{pkg|phpmyadmin}} content spoofing<br />
* [27 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000424.html ASA-201510-22] {{pkg|vorbis-tools}} denial of service<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000423.html ASA-201510-21] {{pkg|drupal}} open redirect<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000422.html ASA-201510-20] {{pkg|jre8-openjdk-headless}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000421.html ASA-201510-19] {{pkg|jre8-openjdk}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000420.html ASA-201510-18] {{pkg|jdk8-openjdk}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000419.html ASA-201510-17] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000418.html ASA-201510-16] {{pkg|jre7-openjdk}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000417.html ASA-201510-15] {{pkg|jdk7-openjdk}} multiple issues<br />
* [22 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000416.html ASA-201510-14] {{pkg|ntp}} multiple issues<br />
* [19 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000415.html ASA-201510-13] {{pkg|spice}} multiple issues<br />
* [18 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000414.html ASA-201510-12] {{pkg|flashplugin}} arbitrary code execution<br />
* [18 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000413.html ASA-201510-11] {{pkg|miniupnpc}} arbitrary code execution<br />
* [16 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000412.html ASA-201510-10] {{pkg|firefox}} cross-origin restriction bypass<br />
* [15 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000411.html ASA-201510-9] {{pkg|mbedtls}} arbitrary code execution<br />
* [14 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000410.html ASA-201510-8] {{pkg|chromium}} multiple issues<br />
* [14 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000409.html ASA-201510-7] {{pkg|flashplugin}} multiple issues<br />
* [10 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000408.html ASA-201510-6] {{pkg|gdk-pixbuf2}} multiple issues<br />
* [08 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000407.html ASA-201510-5] {{pkg|opensmtpd}} multiple issues<br />
* [08 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000406.html ASA-201510-4] {{pkg|bugzilla}} unauthorized account creation<br />
* [05 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000405.html ASA-201510-3] {{pkg|nodejs}} denial of service<br />
* [05 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000404.html ASA-201510-2] {{pkg|hostapd}} denial of service<br />
* [05 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000403.html ASA-201510-1] {{pkg|libunwind}} denial of service<br />
<br />
=== September 2015 ===<br />
* [28 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000401.html ASA-201509-11] {{pkg|chromium}} cross-origin bypass<br />
* [25 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000400.html ASA-201509-10] {{pkg|rpcbind}} denial of service<br />
* [23 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000399.html ASA-201509-9] {{pkg|firefox}} multiple issues<br />
* [22 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000398.html ASA-201509-8] {{pkg|flashplugin}} multiple issues<br />
* [21 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000397.html ASA-201509-7] {{pkg|wordpress}} multiple issues<br />
* [13 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000395.html ASA-201509-6] {{pkg|icedtea-web}} multiple issues<br />
* [13 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000394.html ASA-201509-5] {{pkg|libvdpau}} {{pkg|lib32-libvdpau}} multiple issues<br />
* [13 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000393.html ASA-201509-4] {{pkg|openldap}} denial of service<br />
* [07 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000392.html ASA-201509-3] {{pkg|powerdns}} denial of service<br />
* [03 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000391.html ASA-201509-2] {{pkg|bind}} denial of service<br />
* [02 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000390.html ASA-201509-1] {{pkg|chromium}} multiple issues<br />
<br />
=== August 2015 ===<br />
* [28 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000389.html ASA-201508-12] {{pkg|firefox}} multiple issues<br />
* [26 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000388.html ASA-201508-11] {{pkg|pcre}} arbitrary code execution<br />
* [26 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000387.html ASA-201508-10] {{pkg|jasper}} denial of service<br />
* [25 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000386.html ASA-201508-9] {{pkg|django}} denial of service<br />
* [25 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000385.html ASA-201508-8] {{pkg|gnutls}} denial of service<br />
* [16 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000384.html ASA-201508-7] {{pkg|glibc}} denial of service<br />
* [14 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000383.html ASA-201508-6] {{pkg|freeradius}} insufficient CRL validation<br />
* [14 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000382.html ASA-201508-5] {{pkg|subversion}} authentication bypass<br />
* [12 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000381.html ASA-201508-4] {{pkg|firefox}} multiple issues<br />
* [11 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000380.html ASA-201508-3] {{pkg|ppp}} denial of service<br />
* [07 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000379.html ASA-201508-2] {{pkg|wordpress}} multiple issues<br />
* [07 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000378.html ASA-201508-1] {{pkg|firefox}} information leakage<br />
<br />
=== July 2015 ===<br />
* [29 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000377.html ASA-201507-23] {{pkg|pacman}} silent downgrade<br />
* [29 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000376.html ASA-201507-22] {{pkg|bind}} denial of service<br />
* [29 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000375.html ASA-201507-21] {{pkg|qemu}} multiple issues<br />
* [24 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000374.html ASA-201507-20] {{pkg|crypto++}} private key recovery<br />
* [24 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000373.html ASA-201507-19] {{pkg|libuser}} privilege escalation<br />
* [23 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000371.html ASA-201507-18] {{pkg|chromium}} multiple issues<br />
* [23 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000372.html ASA-201507-17] {{pkg|openssh}} authentication limits bypass<br />
* [22 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000370.html ASA-201507-16] {{pkg|jre7-openjdk}} multiple issues<br />
* [17 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000369.html ASA-201507-15] {{pkg|apache}} multiple issues<br />
* [16 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000368.html ASA-201507-14] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [16 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000367.html ASA-201507-13] {{pkg|flashplugin}} arbitrary code execution<br />
* [13 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000366.html ASA-201507-12] {{pkg|lib32-openssl}} man-in-the-middle<br />
* [12 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000365.html ASA-201507-11] {{pkg|lib32-krb5}} multiple issues<br />
* [12 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000364.html ASA-201507-10] {{pkg|krb5}} multiple issues<br />
* [11 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000363.html ASA-201507-9] {{pkg|thunderbird}} multiple issues<br />
* [09 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000362.html ASA-201507-8] {{pkg|openssl}} man-in-the-middle<br />
* [08 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000361.html ASA-201507-7] {{pkg|flashplugin}} remote code execution<br />
* [07 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000360.html ASA-201507-6] {{pkg|bind}} denial of service<br />
* [07 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000359.html ASA-201507-5] {{pkg|ntp}} denial of service<br />
* [04 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000358.html ASA-201507-4] {{pkg|openssh}} XSECURITY restrictions bypass<br />
* [04 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000357.html ASA-201507-3] {{pkg|haproxy}} information leakage<br />
* [03 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000356.html ASA-201507-2] {{pkg|firefox}} remote code execution<br />
* [03 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000355.html ASA-201507-1] {{pkg|wesnoth}} information leakage<br />
<br />
=== June 2015 ===<br />
* [24 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000346.html ASA-201506-5] {{pkg|flashplugin}} remote code execution<br />
* [22 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000345.html ASA-201506-4] {{pkg|curl}} information leakage<br />
* [12 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000344.html ASA-201506-3] {{pkg|openssl}} multiple issues<br />
* [10 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000343.html ASA-201506-2] {{pkg|cups}} multiple issues<br />
* [01 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000342.html ASA-201506-1] {{pkg|pcre}} buffer overflow<br />
<br />
=== May 2015 ===<br />
* [28 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000341.html ASA-201505-20] {{pkg|curl}} information leakage<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000340.html ASA-201505-19] {{pkg|webkitgtk2}} man-in-the-middle<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000339.html ASA-201505-18] {{pkg|webkitgtk}} man-in-the-middle<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000338.html ASA-201505-17] {{pkg|postgresql}} multiple issues<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000337.html ASA-201505-16] {{pkg|pgbouncer}} denial of service<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000336.html ASA-201505-15] {{pkg|nbd}} denial of service<br />
* [21 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000335.html ASA-201505-14] {{pkg|chromium}} multiple issues<br />
* [18 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000332.html ASA-201505-13] {{pkg|thunderbird}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000331.html ASA-201505-12] {{pkg|wireshark-gtk}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000330.html ASA-201505-11] {{pkg|wireshark-qt}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000329.html ASA-201505-10] {{pkg|wireshark-cli}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000328.html ASA-201505-9] {{pkg|qemu}} arbitrary code execution<br />
* [13 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000321.html ASA-201505-8] {{pkg|tomcat6}} denial of service<br />
* [13 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000320.html ASA-201505-7] {{pkg|firefox}} multiple issues<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000319.html ASA-201505-6] {{pkg|docker}} multiple issues<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000318.html ASA-201505-5] {{pkg|libtasn1}} arbitrary code execution<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000317.html ASA-201505-4] {{pkg|mariadb-clients}} multiple issues<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000316.html ASA-201505-3] {{pkg|mariadb}} multiple issues<br />
* [03 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000315.html ASA-201505-2] {{pkg|clamav}} multiple issues<br />
* [01 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000314.html ASA-201505-1] {{pkg|squid}} weak certificate validation<br />
<br />
=== Apr 2015 ===<br />
* [30 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000313.html ASA-201504-32] {{pkg|perl-xml-libxml}} xml external entity injection<br />
* [29 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000312.html ASA-201504-31] {{pkg|dovecot}} denial of service<br />
* [29 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000311.html ASA-201504-30] {{pkg|chromium}} multiple issues<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000310.html ASA-201504-29] {{pkg|wpa_supplicant}} arbitrary code execution<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000309.html ASA-201504-28] {{pkg|curl}} multiple issues<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000308.html ASA-201504-27] {{pkg|powerdns-recursor}} denial of service<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000307.html ASA-201504-26] {{pkg|powerdns}} denial of service<br />
* [23 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000305.html ASA-201504-25] {{pkg|glibc}} arbitrary code execution<br />
* [22 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000304.html ASA-201504-24] {{pkg|firefox}} arbitrary code execution<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000302.html ASA-201504-23] {{pkg|jre8-openjdk-headless}} multiple issues<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000301.html ASA-201504-22] {{pkg|jre8-openjdk}} multiple issues<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000300.html ASA-201504-21] {{pkg|jdk8-openjdk}} multiple issues<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000299.html ASA-201504-20] {{pkg|tcpdump}} denial of service<br />
* [18 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000298.html ASA-201504-19] {{pkg|chromium}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000297.html ASA-201504-18] {{pkg|flashplugin}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000296.html ASA-201504-17] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000295.html ASA-201504-16] {{pkg|jre7-openjdk}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000294.html ASA-201504-15] {{pkg|jdk7-openjdk}} multiple issues<br />
* [15 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000291.html ASA-201504-14] {{pkg|php}} multiple issues<br />
* [14 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000282.html ASA-201504-13] {{pkg|ruby}} permissive certificate matching<br />
* [11 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000281.html ASA-201504-12] {{pkg|icecast}} denial of service<br />
* [10 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000280.html ASA-201504-11] {{pkg|mediawiki}} multiple issues<br />
* [09 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000279.html ASA-201504-10] {{pkg|libssh2}} out-of-bounds read<br />
* [08 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000278.html ASA-201504-9] {{pkg|chrony}} denial of service<br />
* [08 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000275.html ASA-201504-8] {{pkg|ntp}} multiple issues<br />
* [07 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000274.html ASA-201504-7] {{pkg|tor}} multiple issues<br />
* [04 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000272.html ASA-201504-6] {{pkg|thunderbird}} multiple issues<br />
* [04 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000273.html ASA-201504-5] {{pkg|java-batik}} xml external entity injection<br />
* [04 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000271.html ASA-201504-4] {{pkg|firefox}} certificate verification bypass<br />
* [03 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000270.html ASA-201504-3] {{pkg|libtasn1}} stack overflow<br />
* [02 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000269.html ASA-201504-2] {{pkg|chromium}} remote code execution<br />
* [01 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000268.html ASA-201504-1] {{pkg|firefox}} multiple issues<br />
<br />
=== Mar 2015 ===<br />
* [31 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000267.html ASA-201503-26] {{pkg|musl}} arbitrary code execution<br />
* [28 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000266.html ASA-201503-25] {{pkg|php}} zip integer overflow<br />
* [25 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000265.html ASA-201503-24] {{pkg|vorbis-tools}} denial of service<br />
* [24 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000264.html ASA-201503-23] {{pkg|util-linux}} command injection<br />
* [23 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000263.html ASA-201503-22] {{pkg|cpio}} directory traversal<br />
* [21 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000262.html ASA-201503-21] {{pkg|firefox}} multiple issues<br />
* [20 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000261.html ASA-201503-20] {{pkg|tcpdump}} multiple issues<br />
* [20 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000260.html ASA-201503-19] {{pkg|xerces-c}} denial of service<br />
* [20 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000259.html ASA-201503-18] {{pkg|drupal}} multiple issues<br />
* [19 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000258.html ASA-201503-17] {{pkg|lib32-openssl}} multiple issues<br />
* [19 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000257.html ASA-201503-16] {{pkg|openssl}} multiple issues<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000256.html ASA-201503-15] {{pkg|libxfont}} multiple issues<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000255.html ASA-201503-14] {{pkg|ecryptfs-utils}} hard-coded passphrase salt<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000254.html ASA-201503-13] {{pkg|ettercap-gtk}} multiple issues<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000253.html ASA-201503-12] {{pkg|ettercap}} multiple issues<br />
* [16 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000252.html ASA-201503-11] {{pkg|flashplugin}} multiple issues<br />
* [16 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000251.html ASA-201503-10] {{pkg|librsync}} checksum collision<br />
* [15 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000250.html ASA-201503-9] {{pkg|unzip}} arbitrary code execution<br />
* [12 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000249.html ASA-201503-8] {{pkg|e2fsprogs}} arbitrary code execution<br />
* [11 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000248.html ASA-201503-7] {{pkg|python2-django}} {{pkg|python-django}} cross site scripting<br />
* [09 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000247.html ASA-201503-6] {{pkg|mutt}} denial of service<br />
* [05 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000245.html ASA-201503-5] {{pkg|chromium}} multiple issues<br />
* [05 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000244.html ASA-201503-4] {{pkg|grep}} denial of service<br />
* [02 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000243.html ASA-201503-3] {{pkg|lib32-elfutils}} directory traversal<br />
* [02 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000242.html ASA-201503-2] {{pkg|elfutils}} directory traversal<br />
* [02 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000241.html ASA-201503-1] {{pkg|putty}} information disclosure<br />
<br />
=== Feb 2015 ===<br />
* [25 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000238.html ASA-201502-15] {{pkg|thunderbird}} multiple issues<br />
* [25 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000237.html ASA-201502-14] {{pkg|firefox}} multiple issues<br />
* [23 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000236.html ASA-201502-13] {{pkg|samba}} arbitrary code execution<br />
* [17 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000235.html ASA-201502-12] {{pkg|krb5}} multiple issues<br />
* [11 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000234.html ASA-201502-11] {{pkg|xorg-server}} information leak and denial of service<br />
* [10 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000233.html ASA-201502-10] {{pkg|dbus}} denial of service<br />
* [09 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000232.html ASA-201502-9] {{pkg|pigz}} remote write to arbitrary file<br />
* [09 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000231.html ASA-201502-8] {{pkg|glibc}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000230.html ASA-201502-7] {{pkg|ntp}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000229.html ASA-201502-6] {{pkg|clamav}} arbitrary code execution<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000228.html ASA-201502-5] {{pkg|chromium}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000227.html ASA-201502-4] {{pkg|postgresql}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000226.html ASA-201502-3] {{pkg|mantisbt}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000225.html ASA-201502-2] {{pkg|flashplugin}} remote code execution<br />
* [03 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000224.html ASA-201502-1] {{pkg|privoxy}} denial of service<br />
<br />
=== Jan 2015 ===<br />
* [28 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000223.html ASA-201501-24] {{pkg|patch}} multiple issues<br />
* [27 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000222.html ASA-201501-23] {{pkg|jasper}} arbitrary code execution<br />
* [26 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000220.html ASA-201501-22] {{pkg|flashplugin}} multiple issues<br />
* [25 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000219.html ASA-201501-21] {{pkg|chromium}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000218.html ASA-201501-20] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000217.html ASA-201501-19] {{pkg|jre7-openjdk}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000216.html ASA-201501-18] {{pkg|jdk7-openjdk}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000215.html ASA-201501-17] {{pkg|php}} remote code execution<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000212.html ASA-201501-16] {{pkg|jre8-openjdk-headless}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000211.html ASA-201501-15] {{pkg|jre8-openjdk}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000210.html ASA-201501-14] {{pkg|jdk8-openjdk}} multiple issues<br />
* [20 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000209.html ASA-201501-13] {{pkg|polarssl}} remote code execution<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000208.html ASA-201501-12] {{pkg|libssh}} denial of service<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000207.html ASA-201501-11] {{pkg|tinyproxy}} denial of service<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000206.html ASA-201501-10] {{pkg|samba}} privilege elevation<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000205.html ASA-201501-9] {{pkg|curl}} url request injection<br />
* [15 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000204.html ASA-201501-8] {{pkg|flashplugin}} multiple issues<br />
* [14 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000203.html ASA-201501-7] {{pkg|thunderbird}} multiple issues<br />
* [14 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000202.html ASA-201501-6] {{pkg|firefox}} multiple issues<br />
* [14 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000201.html ASA-201501-5] {{pkg|cpio}} heap buffer overflow<br />
* [13 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000200.html ASA-201501-4] {{pkg|libevent}} heap overflow<br />
* [10 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000199.html ASA-201501-3] {{pkg|unzip}} arbitrary code execution<br />
* [09 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000198.html ASA-201501-2] {{pkg|openssl}} multiple issues<br />
* [07 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000192.html ASA-201501-1] {{pkg|imagemagick}} multiple issues<br />
<br />
=== Dec 2014 ===<br />
* [22 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000189.html ASA-201412-24] {{pkg|ntp}} multiple issues<br />
* [18 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000183.html ASA-201412-23] {{pkg|php}} use after free<br />
* [18 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000182.html ASA-201412-22] {{pkg|jasper}} arbitrary code execution<br />
* [18 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000181.html ASA-201412-21] {{pkg|glibc}} arbitrary code execution<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000178.html ASA-201412-20] {{pkg|unrtf}} arbitrary code execution<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000177.html ASA-201412-19] {{pkg|dokuwiki}} cross-site scripting<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000176.html ASA-201412-18] {{pkg|nss}} signature forgery<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000175.html ASA-201412-17] {{pkg|subversion}} denial of service<br />
* [15 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000174.html ASA-201412-16] {{pkg|docker}} multiple issues<br />
* [15 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000173.html ASA-201412-15] {{pkg|python2}} multiple issues<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000172.html ASA-201412-14] {{pkg|xorg-server}} multiple issues<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000171.html ASA-201412-13] {{pkg|flashplugin}} multiple issues<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000170.html ASA-201412-12] {{pkg|nvidia}} arbitrary code execution<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000169.html ASA-201412-11] {{pkg|nvidia-340xx}} arbitrary code execution<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000168.html ASA-201412-10] {{pkg|nvidia-304xx}} arbitrary code execution<br />
* [09 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000167.html ASA-201412-9] {{pkg|powerdns-recursor}} denial of service<br />
* [09 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000166.html ASA-201412-8] {{pkg|unbound}} denial of service<br />
* [08 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000165.html ASA-201412-7] {{pkg|bind}} denial of service<br />
* [08 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000164.html ASA-201412-6] {{pkg|mantisbt}} multiple issues<br />
* [04 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000163.html ASA-201412-5] {{pkg|antiword}} buffer overflow<br />
* [03 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000162.html ASA-201412-4] {{pkg|graphviz}} format string vulnerability<br />
* [03 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000161.html ASA-201412-3] {{pkg|firefox}} multiple issues<br />
* [02 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000160.html ASA-201412-2] {{pkg|openvpn}} denial of service<br />
* [01 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000159.html ASA-201412-1] {{pkg|gnupg}} denial of service<br />
<br />
=== Nov 2014 ===<br />
* [28 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000156.html ASA-201411-31] {{pkg|libksba}} denial of service<br />
* [28 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000157.html ASA-201411-32] {{pkg|icecast}} information leak<br />
* [28 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000158.html ASA-201411-33] {{pkg|libjpeg-turbo}} denial of service <br />
* [26 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000155.html ASA-201411-30] {{pkg|flac}} arbitrary code execution<br />
* [26 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000154.html ASA-201411-29] {{pkg|pcre}} heap buffer overflow<br />
* [23 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000153.html ASA-201411-28] {{pkg|dbus}} denial of service<br />
* [21 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000152.html ASA-201411-27] {{pkg|glibc}} command execution<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000151.html ASA-201411-26] {{pkg|chromium}} multiple issues<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000150.html ASA-201411-25] {{pkg|drupal}} session hijacking and denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000149.html ASA-201411-24] {{pkg|wireshark-qt}} denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000148.html ASA-201411-23] {{pkg|wireshark-gtk}} denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000147.html ASA-201411-22] {{pkg|wireshark-cli}} denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000146.html ASA-201411-21] {{pkg|clamav}} denial of service<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000145.html ASA-201411-20] {{pkg|avr-binutils}} multiple issues<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000144.html ASA-201411-19] {{pkg|mingw-w64-binutils}} multiple issues<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000143.html ASA-201411-18] {{pkg|arm-none-eabi-binutils}} multiple issues<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000142.html ASA-201411-17] {{pkg|binutils}} multiple issues<br />
* [17 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000141.html ASA-201411-16] {{pkg|ruby}} denial of service<br />
* [17 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000140.html ASA-201411-15] {{pkg|linux-lts}} local denial of service, privilege escalation<br />
* [17 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000139.html ASA-201411-14] {{pkg|linux}} local denial of service, privilege escalation<br />
* [13 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000138.html ASA-201411-13] {{pkg|php}} denial of service<br />
* [13 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000137.html ASA-201411-12] {{pkg|imagemagick}} denial of service<br />
* [13 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000136.html ASA-201411-11] {{pkg|flashplugin}} remote code execution<br />
* [12 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000135.html ASA-201411-10] {{pkg|gnutls}} out-of-bounds memory write<br />
* [12 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000134.html ASA-201411-9] {{pkg|file}} denial of service through out-of-bounds read<br />
* [12 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000133.html ASA-201411-8] {{pkg|mantisbt}} arbitrary code execution and unrestricted access<br />
* [11 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000132.html ASA-201411-7] {{pkg|curl}} out-of-bounds read<br />
* [10 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000131.html ASA-201411-6] {{pkg|kdebase-workspace}} local privilege escalation<br />
* [09 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000130.html ASA-201411-5] {{pkg|konversation}} denial of service<br />
* [06 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000129.html ASA-201411-4] {{pkg|polarssl}} multiple issues<br />
* [05 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000128.html ASA-201411-3] {{pkg|mantisbt}} sql injection<br />
* [03 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000127.html ASA-201411-2] {{pkg|aircrack-ng}} multiple vulnerabilities<br />
* [01 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000126.html ASA-201411-1] {{pkg|tnftp}} arbitrary command execution<br />
<br />
=== Oct 2014 ===<br />
<br />
* [29 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000125.html ASA-201410-14] {{pkg|wget}} arbitrary filesystem access<br />
* [27 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000124.html ASA-201410-13] {{pkg|ejabberd}} circumvention of encryption<br />
* [24 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000123.html ASA-201410-12] {{pkg|libxml2}} Denial of service<br />
* [24 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000122.html ASA-201410-11] {{pkg|ctags}} Denial of service<br />
* [23 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000121.html ASA-201410-10] {{pkg|libvncserver}} Remote code execution and Remote DoS<br />
* [22 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000120.html ASA-201410-9] {{pkg|libpurple}} Remote DoS and Information leakage<br />
* [20 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000119.html ASA-201410-8] {{pkg|wpa_supplicant}}, {{pkg|hostapd}} Arbitrary command execution<br />
* [16 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000118.html ASA-201410-7] {{pkg|drupal}} SQL Injection<br />
* [16 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000117.html ASA-201410-6] {{pkg|openssl}} Memory leak and poodle mitigation<br />
* [15 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000116.html ASA-201410-4] {{pkg|zeromq}} Man-in-the-middle downgrade and replay attack<br />
* [8 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000115.html ASA-201410-5] {{pkg|rsyslog}} Denial of service<br />
* [4 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000114.html ASA-201410-3] {{pkg|mediawiki}} Cross-site Scripting (XSS) and UI redressing<br />
* [2 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000113.html ASA-201410-2] {{pkg|jenkins}} Multiple issues<br />
* [1 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000112.html ASA-201410-1] {{pkg|rsyslog}} Remote denial of service<br />
<br />
=== Sep 2014 ===<br />
<br />
* [29 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000111.html ASA-201409-5] {{pkg|libvirt}} Out-of-bounds read access<br />
* [29 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000109.html ASA-201409-4] {{pkg|mediawiki}} Cross-site Scripting (XSS)<br />
* [26 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000102.html ASA-201409-3] {{pkg|python2}} Information leakage through integer overflow<br />
* [26 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000099.html ASA-201409-2] {{pkg|bash}} Remote code execution<br />
* [25 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000097.html ASA-201409-1] {{pkg|nss}} Signature forgery attack<br />
<br />
==Publishing a new advisory==<br />
<br />
We try to always wait for the vulnerability to have been fixed in the corresponding package before issuing an advisory.<br />
In case of an extremely critical vulnerability,<br />
we may issue an advisory before the package has been fixed, but only if a work-around exists. <br />
<br />
If you want to publish a new advisory, please check that:<br />
* the corresponding Arch Linux package is really vulnerable ;<br />
* the tracking [[Arch_CVE_Monitoring_Team#Procedure|Procedure]] has been completed;<br />
* no Arch Linux Security Advisory for this vulnerability has been published yet ;<br />
* no upcoming Security Advisory for this vulnerability has been claimed in the "[[#Scheduled Advisories|Scheduled Advisories]]" list of this page, as it would mean that someone is already working on an advisory ;<br />
* the current maintainer has been notified, either by flagging the package ouf-of-date if an upstream release fixing the issue exists and/or by creating a new [https://bugs.archlinux.org/ bug-tracker] entry (see the exact procedure [[Arch_CVE_Monitoring_Team#Procedure|here]]).<br />
<br />
You may then:<br />
* add a line in the "[[#Scheduled Advisories|Scheduled Advisories]]" list of this page, indicating that you are going to publish an advisory soon ;<br />
* use the following template as an example to write the advisory ;<br />
* ensure that every line in the advisory is properly wrapped after 72 characters<br />
* send the advisory to the [https://mailman.archlinux.org/mailman/listinfo/arch-security arch-security] mailing-list (note that it would be nice if you could send a PGP-signed e-mail, but it is not required).<br />
* move the published advisory from "[[#Scheduled Advisories|Scheduled Advisories]]" to "[[#Recent Advisories|Recent Advisories]]"<br />
* adapt the [[CVE#Documented_CVE.27s|CVE]] tracking page for the fixed package and add a link to the appropriate ASA.<br />
<br />
===Templates===<br />
<br />
{{bc|<nowiki><br />
Subject:<br />
[ASA-<YYYYMM-N>] <Package>: <Vulnerability Type><br />
<br />
Body:<br />
Arch Linux Security Advisory ASA-YYYYMM-N<br />
=========================================<br />
<br />
Severity: Low, Medium, High, Critical<br />
Date : YYYY-MM-DD<br />
CVE-ID : <CVE-ID><br />
Package : <package><br />
Type : <Vulnerability Type><br />
Remote : <Yes/No><br />
Link : https://wiki.archlinux.org/index.php/CVE<br />
<br />
Summary<br />
=======<br />
<br />
The package <package> before version <Arch Linux fixed version> is vulnerable to <Vulnerability type>.<br />
<br />
Resolution<br />
==========<br />
<br />
Upgrade to <Arch Linux fixed version>.<br />
<br />
# pacman -Syu "<package>>=<Arch Linux fixed version>"<br />
<br />
The problem has been fixed upstream in version <upstream fixed version>.<br />
<br />
Workaround<br />
==========<br />
<br />
<Is there a way to mitigate this vulnerability without upgrading?><br />
<br />
Description<br />
===========<br />
<br />
<Long description, for example from original advisory>.<br />
<br />
Impact<br />
======<br />
<br />
<<br />
What is it that an attacker can do? Does this need existing<br />
pre-conditions to be exploited (valid credentials, physical access)?<br />
Is this remotely exploitable?<br />
>.<br />
<br />
References<br />
==========<br />
<br />
<CVE-Link><br />
<Upstream report><br />
<Arch Linux Bug-Tracker><br />
</nowiki>}}<br />
<br />
===Vim-Snippet===<br />
<br />
Vim-Snippet for vim-ultisnips plugin for easy completing the archlinux template. Just install {{pkg|vim-ultisnips}} and copy the text below in your {{ic|~/.vim/UltiSnips/all.snippets}} you can jump through the tabstops with {{ic|CTRL+j}}.<br />
<br />
{{bc|<nowiki><br />
snippet archsec "arch security form" <br />
Arch Linux Security Advisory ASA-`date -I -u | egrep -o '[0-9]{4}'``date -I -u | egrep -o '[0-9]{2}' | sed '3q;d'`-${1}<br />
========================================${1/./=/g} <br />
<br />
Severity: ${2} <br />
Date : `date -I -u` <br />
CVE-ID : $3 <br />
Package : $4 <br />
Type : $5<br />
Remote : ${6} <br />
Link : https://wiki.archlinux.org/index.php/CVE <br />
<br />
Summary<br />
=======<br />
<br />
The package $4 before version $7 is vulnerable to $5 ${8} <br />
<br />
Resolution<br />
==========<br />
<br />
Upgrade to $7.<br />
<br />
# pacman -Syu "$4>=$7" <br />
<br />
${9:The problems have been fixed upstream in version ${7/-\d+$/./}} <br />
<br />
Workaround<br />
========== <br />
<br />
${10:None.} <br />
<br />
Description <br />
=========== <br />
<br />
${3/(CVE-....-....)(\s?)/- $1(?2: : )()\n\n/g} <br />
<br />
Impact<br />
====== <br />
<br />
A${6/(Yes)|(No)/(?1: remote )(?2: local )/}attacker is able to ${12} <br />
<br />
References<br />
========== <br />
<br />
${3/(CVE-....-....)(\s?)/https:\/\/access.redhat.com\/security\/cve\/$1\n/g}<br />
${13}<br />
endsnippet<br />
<br />
</nowiki>}}</div>
Anthraxx
https://wiki.archlinux.org/index.php?title=Security_Advisories&diff=456797
Security Advisories
2016-11-14T17:22:41Z
<p>Anthraxx: adding shutter advisory</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
[[ja:セキュリティアドバイザリ]]<br />
{{Related articles start}}<br />
{{Related|Arch CVE Monitoring Team}}<br />
{{Related|CVE}}<br />
{{Related|Security Advisories/Examples}}<br />
{{Related articles end}}<br />
<br />
Security Advisories are published by the community driven [[Arch CVE Monitoring Team]] to the public [https://mailman.archlinux.org/mailman/listinfo/arch-security arch-security] list.<br />
All published advisories can be found below, however if you want to be up-to-date its recommended to subscribe to the [https://mailman.archlinux.org/mailman/listinfo/arch-security list]. All assigned CVE's are tracked at the relevant CVE page [[CVE]], by the [[Arch_CVE_Monitoring_Team|ACMT]].<br />
<br />
==Scheduled Advisories==<br />
<br />
<br />
<br />
==Recent Advisories==<br />
Here is an archive of security advisories posted to the [https://mailman.archlinux.org/mailman/listinfo/arch-security arch-security] list.<br />
<br />
=== November 2016 ===<br />
* [14 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000760.html ASA-201611-13] {{pkg|shutter}} arbitrary code execution<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000759.html ASA-201611-12] {{pkg|lib32-gdk-pixbuf2}} arbitrary code execution<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000758.html ASA-201611-11] {{pkg|tar}} arbitrary file overwrite<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000757.html ASA-201611-10] {{pkg|lib32-libcurl-gnutls}} multiple issues<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000756.html ASA-201611-9] {{pkg|libcurl-gnutls}} multiple issues<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000755.html ASA-201611-8] {{pkg|libcurl-compat}} multiple issues<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000754.html ASA-201611-7] {{pkg|curl}} multiple issues<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000753.html ASA-201611-6] {{pkg|tomcat6}} proxy injection<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000752.html ASA-201611-5] {{pkg|lib32-libcurl-compat}} multiple issues<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000751.html ASA-201611-4] {{pkg|lib32-curl}} multiple issues<br />
* [01 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000750.html ASA-201611-3] {{pkg|bind}} denial of service<br />
* [01 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000749.html ASA-201611-2] {{pkg|libxml2}} arbitrary code execution<br />
* [01 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000748.html ASA-201611-1] {{pkg|memcached}} arbitrary code execution<br />
<br />
=== October 2016 ===<br />
* [26 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000747.html ASA-201610-19] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [26 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000746.html ASA-201610-18] {{pkg|flashplugin}} arbitrary code execution<br />
* [24 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000745.html ASA-201610-17] {{pkg|ocaml}} information disclosure<br />
* [24 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000744.html ASA-201610-16] {{pkg|linux-grsec}} privilege escalation<br />
* [23 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000743.html ASA-201610-15] {{pkg|chromium}} multiple issues<br />
* [22 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000742.html ASA-201610-14] {{pkg|linux}} privilege escalation<br />
* [21 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000741.html ASA-201610-13] {{pkg|python-django}} cross-site request forgery<br />
* [21 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000740.html ASA-201610-12] {{pkg|python2-django}} cross-site request forgery<br />
* [21 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000739.html ASA-201610-11] {{pkg|linux-lts}} privilege escalation<br />
* [16 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000738.html ASA-201610-10] {{pkg|guile}} multiple issues<br />
* [13 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000737.html ASA-201610-9] {{pkg|gdk-pixbuf2}} arbitrary code execution<br />
* [11 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000736.html ASA-201610-8] {{pkg|crypto++}} information disclosure<br />
* [09 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000735.html ASA-201610-7] {{pkg|wpa_supplicant}} multiple issues<br />
* [08 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000734.html ASA-201610-6] {{pkg|imagemagick}} multiple issues<br />
* [07 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000733.html ASA-201610-5] {{pkg|messagelib}} multiple issues<br />
* [07 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000732.html ASA-201610-4] {{pkg|kcoreaddons}} insufficient validation<br />
* [03 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000731.html ASA-201610-3] {{pkg|hostapd}} multiple issues<br />
* [03 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000730.html ASA-201610-2] {{pkg|systemd}} denial of service<br />
* [03 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000729.html ASA-201610-1] {{pkg|chromium}} arbitrary code execution<br />
<br />
=== September 2016 ===<br />
* [30 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000728.html ASA-201609-32] {{pkg|wordpress}} multiple issues<br />
* [30 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000727.html ASA-201609-31] {{pkg|c-ares}} arbitrary code execution<br />
* [28 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000726.html ASA-201609-30] {{pkg|openssl}} denial of service<br />
* [28 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000725.html ASA-201609-29] {{pkg|bind}} denial of service<br />
* [27 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000724.html ASA-201609-28] {{pkg|lib32-openssl}} denial of service<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000723.html ASA-201609-27] {{pkg|wireshark-cli}} denial of service<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000722.html ASA-201609-26] {{pkg|lib32-gnutls}} certificate verification bypass<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000721.html ASA-201609-25] {{pkg|gnutls}} certificate verification bypass<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000720.html ASA-201609-24] {{pkg|lib32-openssl}} multiple issues<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000719.html ASA-201609-23] {{pkg|openssl}} multiple issues<br />
* [22 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000718.html ASA-201609-22] {{pkg|firefox}} multiple issues<br />
* [22 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000717.html ASA-201609-21] {{pkg|tomcat7}} proxy injection<br />
* [22 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000716.html ASA-201609-20] {{pkg|irssi}} arbitrary code execution<br />
* [20 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000715.html ASA-201609-19] {{pkg|curl}} denial of service<br />
* [20 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000714.html ASA-201609-18] {{pkg|lib32-curl}} denial of service<br />
* [20 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000713.html ASA-201609-17] {{pkg|lib32-jansson}} denial of service<br />
* [18 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000712.html ASA-201609-16] {{pkg|php}} multiple issues<br />
* [17 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000711.html ASA-201609-15] {{pkg|jansson}} denial of service<br />
* [17 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000710.html ASA-201609-14] {{pkg|lib32-libgcrypt}} information disclosure<br />
* [17 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000709.html ASA-201609-13] {{pkg|chromium}} multiple issues<br />
* [15 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000708.html ASA-201609-12] {{pkg|lib32-flashplugin}} multiple issues<br />
* [15 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000707.html ASA-201609-11] {{pkg|flashplugin}} multiple issues<br />
* [14 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000706.html ASA-201609-10] {{pkg|mariadb}} multiple issues<br />
* [13 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000705.html ASA-201609-9] {{pkg|powerdns}} denial of service<br />
* [13 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000704.html ASA-201609-8] {{pkg|libtorrent-rasterbar}} denial of service<br />
* [10 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000703.html ASA-201609-7] {{pkg|tomcat8}} proxy injection<br />
* [09 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000702.html ASA-201609-6] {{pkg|graphicsmagick}} multiple issues<br />
* [09 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000701.html ASA-201609-5] {{pkg|file-roller}} directory traversal<br />
* [09 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000700.html ASA-201609-4] {{pkg|wordpress}} multiple issues<br />
* [04 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000699.html ASA-201609-3] {{pkg|thunderbird}} arbitrary code execution<br />
* [01 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000698.html ASA-201609-2] {{pkg|webkit2gtk}} multiple issues<br />
* [01 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000697.html ASA-201609-1] {{pkg|chromium}} multiple issues<br />
<br />
=== August 2016 ===<br />
* [30 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000696.html ASA-201608-22] {{pkg|mupdf}} arbitrary code execution<br />
* [30 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000695.html ASA-201608-21] {{pkg|mupdf}} arbitrary code execution<br />
* [27 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000694.html ASA-201608-20] {{pkg|wireshark-cli}} denial of service<br />
* [26 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000693.html ASA-201608-19] {{pkg|mediawiki}} multiple issues<br />
* [22 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000692.html ASA-201608-18] {{pkg|libgcrypt}} information disclosure<br />
* [21 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000691.html ASA-201608-17] {{pkg|linux-lts}} information disclosure<br />
* [17 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000690.html ASA-201608-16] {{pkg|chromium}} multiple issues<br />
* [17 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000689.html ASA-201608-15] {{pkg|linux-zen}} information disclosure<br />
* [14 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000688.html ASA-201608-14] {{pkg|postgresql}} multiple issues<br />
* [14 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000687.html ASA-201608-13] {{pkg|linux-grsec}} information disclosure<br />
* [14 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000686.html ASA-201608-12] {{pkg|linux}} information disclosure<br />
* [11 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000685.html ASA-201608-11] {{pkg|websvn}} cross-site scripting<br />
* [10 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000684.html ASA-201608-10] {{pkg|jq}} arbitrary code execution<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000683.html ASA-201608-9] {{pkg|curl}} multiple issues<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000682.html ASA-201608-8] {{pkg|libupnp}} arbitrary filesystem access<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000681.html ASA-201608-7] {{pkg|lib32-glibc}} denial of service<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000680.html ASA-201608-6] {{pkg|glibc}} denial of service<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000679.html ASA-201608-5] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000678.html ASA-201608-4] {{pkg|jre7-openjdk}} multiple issues<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000677.html ASA-201608-3] {{pkg|jdk7-openjdk}} multiple issues<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000676.html ASA-201608-2] {{pkg|firefox}} multiple issues<br />
* [02 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000675.html ASA-201608-1] {{pkg|openssh}} information leakage<br />
<br />
=== July 2016 ===<br />
* [30 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000674.html ASA-201607-14] {{pkg|libidn}} denial of service<br />
* [29 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000673.html ASA-201607-13] {{pkg|imagemagick}} information leakage<br />
* [24 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000672.html ASA-201607-12] {{pkg|chromium}} multiple issues<br />
* [22 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000671.html ASA-201607-11] {{pkg|python2-django}} cross site scripting<br />
* [22 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000670.html ASA-201607-10] {{pkg|python-django}} cross site scripting<br />
* [21 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000669.html ASA-201607-9] {{pkg|drupal}} proxy injection<br />
* [20 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000668.html ASA-201607-8] {{pkg|bind}} denial of service<br />
* [18 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000667.html ASA-201607-7] {{pkg|lib32-flashplugin}} multiple issues<br />
* [18 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000666.html ASA-201607-6] {{pkg|flashplugin}} multiple issues<br />
* [17 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000665.html ASA-201607-5] {{pkg|gimp}} arbitrary code execution<br />
* [10 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000664.html ASA-201607-4] {{pkg|thunderbird}} arbitrary code execution<br />
* [05 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000663.html ASA-201607-3] {{pkg|libreoffice-fresh}} arbitrary code execution<br />
* [05 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000662.html ASA-201607-2] {{pkg|xerces-c}} denial of service<br />
* [05 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000661.html ASA-201607-1] {{pkg|libarchive}} arbitrary code execution<br />
<br />
=== June 2016 ===<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000660.html ASA-201606-25] {{pkg|phpmyadmin}} multiple issues<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000659.html ASA-201606-24] {{pkg|libpurple}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000658.html ASA-201606-23] {{pkg|libdwarf}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000657.html ASA-201606-22] {{pkg|xerces-c}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000656.html ASA-201606-21] {{pkg|vlc}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000655.html ASA-201606-20] {{pkg|chromium}} arbitrary code execution<br />
* [20 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000654.html ASA-201606-19] {{pkg|wget}} arbitrary file upload<br />
* [20 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000653.html ASA-201606-18] {{pkg|lib32-flashplugin}} multiple issues<br />
* [19 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000652.html ASA-201606-17] {{pkg|lib32-glibc}} denial of service<br />
* [19 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000651.html ASA-201606-16] {{pkg|glibc}} denial of service<br />
* [19 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000650.html ASA-201606-15] {{pkg|flashplugin}} multiple issues<br />
* [13 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000649.html ASA-201606-14] {{pkg|lib32-expat}} multiple issues<br />
* [13 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000648.html ASA-201606-13] {{pkg|expat}} multiple issues<br />
* [10 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000647.html ASA-201606-12] {{pkg|lib32-gnutls}} arbitrary file overwrite<br />
* [10 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000646.html ASA-201606-11] {{pkg|haproxy}} denial of service<br />
* [10 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000645.html ASA-201606-10] {{pkg|gnutls}} arbitrary file overwrite<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000644.html ASA-201606-9] {{pkg|qemu-arch-extra}} multiple issues<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000643.html ASA-201606-8] {{pkg|qemu}} multiple issues<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000642.html ASA-201606-7] {{pkg|firefox}} multiple issues<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000641.html ASA-201606-6] {{pkg|subversion}} multiple issues<br />
* [5 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000640.html ASA-201606-5] {{pkg|chromium}} multiple issues<br />
* [4 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000639.html ASA-201606-4] {{pkg|ntp}} distributed denial of service amplification<br />
* [4 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000638.html ASA-201606-3] {{pkg|webkit2gtk}} arbitrary code execution<br />
* [1 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000637.html ASA-201606-2] {{pkg|nginx-mainline}} denial of service<br />
* [1 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000636.html ASA-201606-1] {{pkg|nginx}} denial of service<br />
<br />
=== May 2016 ===<br />
<br />
* [28 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000635.html ASA-201605-28] {{pkg|chromium}} multiple issues<br />
* [26 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000634.html ASA-201605-27] {{pkg|libxml2}} multiple issues<br />
* [24 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000633.html ASA-201605-26] {{pkg|libndp}} man-in-the-middle<br />
* [19 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000632.html ASA-201605-25] {{pkg|bugzilla}} cross-site scripting<br />
* [18 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000631.html ASA-201605-24] {{pkg|p7zip}} arbitrary code execution<br />
* [18 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000630.html ASA-201605-23] {{pkg|lib32-expat}} arbitrary code execution<br />
* [18 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000629.html ASA-201605-22] {{pkg|expat}} arbitrary code execution<br />
* [15 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000628.html ASA-201605-21] {{pkg|thunderbird}} arbitrary code execution<br />
* [13 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000627.html ASA-201605-20] {{pkg|lib32-glibc}} multiple issues<br />
* [13 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000626.html ASA-201605-19] {{pkg|glibc}} multiple issues<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000625.html ASA-201605-18] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000624.html ASA-201605-17] {{pkg|libksba}} denial of service<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000623.html ASA-201605-16] {{pkg|flashplugin}} arbitrary code execution<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000622.html ASA-201605-15] {{pkg|chromium}} multiple issues<br />
* [10 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000621.html ASA-201605-14] {{pkg|cacti}} sql injection<br />
* [10 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000620.html ASA-201605-13] {{pkg|squid}} multiple issues<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000619.html ASA-201605-12] {{pkg|mencoder}} denial of service<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000618.html ASA-201605-11] {{pkg|mplayer}} denial of service<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000617.html ASA-201605-10] {{pkg|mercurial}} arbitrary code execution<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000616.html ASA-201605-9] {{pkg|latex2rtf}} arbitrary code execution<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000615.html ASA-201605-8] {{pkg|gd}} arbitrary code execution<br />
* [05 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000614.html ASA-201605-7] {{pkg|chromium}} multiple issues<br />
* [05 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000613.html ASA-201605-6] {{pkg|imagemagick}} arbitrary code execution<br />
* [05 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000612.html ASA-201605-5] {{pkg|quassel-core}} denial of service<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000611.html ASA-201605-4] {{pkg|lib32-openssl}} multiple issues<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000610.html ASA-201605-3] {{pkg|openssl}} multiple issues<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000609.html ASA-201605-2] {{pkg|jasper}} multiple issues<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000608.html ASA-201605-1] {{pkg|imlib2}} multiple issues<br />
<br />
=== April 2016 ===<br />
<br />
* [30 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000607.html ASA-201604-15] {{pkg|firefox}} multiple issues<br />
* [23 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000606.html ASA-201604-14] {{pkg|squid}} multiple issues<br />
* [23 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000605.html ASA-201604-13] {{pkg|samba}} multiple issues<br />
* [23 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000604.html ASA-201604-12] {{pkg|thunderbird}} multiple issues<br />
* [22 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000603.html ASA-201604-11] {{pkg|pgpdump}} denial of service<br />
* [17 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000602.html ASA-201604-10] {{pkg|chromium}} multiple issues<br />
* [17 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000601.html ASA-201604-9] {{pkg|libtasn1}} denial of service<br />
* [14 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000600.html ASA-201604-8] {{pkg|lhasa}} arbitrary code execution<br />
* [10 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000599.html ASA-201604-7] {{pkg|flashplugin}} arbitrary code execution<br />
* [06 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000598.html ASA-201604-6] {{pkg|mercurial}} arbitrary code execution<br />
* [04 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000597.html ASA-201604-5] {{pkg|optipng}} arbitrary code execution<br />
* [02 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000596.html ASA-201604-4] {{pkg|squid}} denial of service<br />
* [01 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000595.html ASA-201604-3] {{pkg|jre7-openjdk-headless}} sandbox escape<br />
* [01 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000594.html ASA-201604-2] {{pkg|jre7-openjdk}} sandbox escape<br />
* [01 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000593.html ASA-201604-1] {{pkg|jdk7-openjdk}} sandbox escape<br />
<br />
=== March 2016 ===<br />
<br />
* [29 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000592.html ASA-201603-27] {{pkg|jre8-openjdk-headless}} sandbox escape<br />
* [29 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000591.html ASA-201603-26] {{pkg|jre8-openjdk}} sandbox escape<br />
* [29 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000590.html ASA-201603-25] {{pkg|jdk8-openjdk}} sandbox escape<br />
* [26 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000589.html ASA-201603-24] {{pkg|chromium}} multiple issues<br />
* [24 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000588.html ASA-201603-23] {{pkg|expat}} arbitrary code execution<br />
* [24 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000587.html ASA-201603-22] {{pkg|botan}} multiple issues<br />
* [20 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000586.html ASA-201603-21] {{pkg|thunderbird}} multiple issues<br />
* [20 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000585.html ASA-201603-20] {{pkg|git}} remote command execution<br />
* [14 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000584.html ASA-201603-19] {{pkg|dropbear}} command injection<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000583.html ASA-201603-18] {{pkg|pcre}} arbitrary code execution<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000582.html ASA-201603-17] {{pkg|wireshark-gtk}} denial of service<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000581.html ASA-201603-16] {{pkg|wireshark-qt}} denial of service<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000580.html ASA-201603-15] {{pkg|wireshark-cli}} denial of service<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000579.html ASA-201603-14] {{pkg|pidgin-otr}} arbitrary code execution<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000578.html ASA-201603-13] {{pkg|bind}} denial of service<br />
* [11 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000577.html ASA-201603-12] {{pkg|openssh}} command injection<br />
* [11 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000576.html ASA-201603-11] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [11 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000575.html ASA-201603-10] {{pkg|flashplugin}} arbitrary code execution<br />
* [10 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000574.html ASA-201603-9] {{pkg|perl}} improper input validation<br />
* [10 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000573.html ASA-201603-8] {{pkg|exim}} privilege escalation<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000572.html ASA-201603-7] {{pkg|bind}} denial of service<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000571.html ASA-201603-6] {{pkg|libotr}} arbitrary code execution<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000570.html ASA-201603-5] {{pkg|chromium}} multiple issues<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000569.html ASA-201603-4] {{pkg|firefox}} multiple issues<br />
* [7 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000568.html ASA-201603-3] {{pkg|lib32-openssl}} multiple issues<br />
* [7 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000567.html ASA-201603-2] {{pkg|openssl}} multiple issues<br />
* [3 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000566.html ASA-201603-1] {{pkg|chromium}} multiple issues<br />
<br />
=== February 2016 ===<br />
<br />
* [28 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000565.html ASA-201602-24] {{pkg|cacti}} SQL injection<br />
* [28 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000564.html ASA-201602-23] {{pkg|lib32-glibc}} unbound stack usage<br />
* [28 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000563.html ASA-201602-22] {{pkg|glibc}} unbound stack usage<br />
* [25 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000562.html ASA-201602-21] {{pkg|lib32-libssh2}} man-in-the-middle<br />
* [25 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000561.html ASA-201602-20] {{pkg|libssh2}} man-in-the-middle<br />
* [24 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000560.html ASA-201602-19] {{pkg|libgcrypt}} secret key extraction<br />
* [23 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000559.html ASA-201602-18] {{pkg|libssh}} man-in-the-middle<br />
* [21 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000558.html ASA-201602-17] {{pkg|chromium}} multiple issues<br />
* [21 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000557.html ASA-201602-16] {{pkg|thunderbird}} multiple issues<br />
* [17 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000555.html ASA-201602-15] {{pkg|lib32-glibc}} multiple issues<br />
* [17 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000554.html ASA-201602-14] {{pkg|glibc}} multiple issues<br />
* [13 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000553.html ASA-201602-13] {{pkg|nghttp2}} denial of service<br />
* [13 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000552.html ASA-201602-12] {{pkg|firefox}} same-origin policy bypass<br />
* [10 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000551.html ASA-201602-11] {{pkg|botan}} multiple issues<br />
* [10 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000550.html ASA-201602-10] {{pkg|kscreenlocker}} access restriction bypass<br />
* [6 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000549.html ASA-201602-9] {{pkg|lib32-libsndfile}} multiple issues<br />
* [6 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000548.html ASA-201602-8] {{pkg|libsndfile}} multiple issues<br />
* [4 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000547.html ASA-201602-7] {{pkg|libbsd}} denial of service<br />
* [3 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000546.html ASA-201602-6] {{pkg|lib32-nettle}} improper cryptographic calculations<br />
* [3 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000545.html ASA-201602-5] {{pkg|nettle}} improper cryptographic calculations<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000544.html ASA-201602-4] {{pkg|lib32-curl}} man-in-the-middle<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000543.html ASA-201602-3] {{pkg|curl}} man-in-the-middle<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000542.html ASA-201602-2] {{pkg|python2-django}} permission bypass<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000540.html ASA-201602-1] {{pkg|python-django}} permission bypass<br />
<br />
=== January 2016 ===<br />
* [29 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000539.html ASA-201601-33] {{pkg|lib32-openssl}} man-in-the-middle<br />
* [29 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000538.html ASA-201601-32] {{pkg|openssl}} man-in-the-middle<br />
* [27 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000536.html ASA-201601-31] {{pkg|nginx}} denial of service<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000535.html ASA-201601-30] {{pkg|blueman}} privilege escalation<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000534.html ASA-201601-29] {{pkg|mbedtls}} man-in-the-middle<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000533.html ASA-201601-28] {{pkg|chromium}} multiple issues<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000532.html ASA-201601-27] {{pkg|privoxy}} denial of service<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000531.html ASA-201601-26] {{pkg|linux-lts}} privilege escalation<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000530.html ASA-201601-25] {{pkg|ecryptfs-utils}} privilege escalation<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000529.html ASA-201601-24] {{pkg|python2-rsa}} signature forgery<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000528.html ASA-201601-23] {{pkg|python-rsa}} signature forgery<br />
* [21 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000527.html ASA-201601-22] {{pkg|libdwarf}} denial of service<br />
* [21 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000526.html ASA-201601-21] {{pkg|bind}} denial of service<br />
* [20 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000525.html ASA-201601-20] {{pkg|linux}} privilege escalation<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000524.html ASA-201601-19] {{pkg|ntp}} time alteration<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000523.html ASA-201601-18] {{pkg|roundcubemail}} remote code execution<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000522.html ASA-201601-17] {{pkg|ffmpeg}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000521.html ASA-201601-16] {{pkg|syncthing}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000520.html ASA-201601-15] {{pkg|keybase}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000519.html ASA-201601-14] {{pkg|hub}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000518.html ASA-201601-13] {{pkg|go-ipfs}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000517.html ASA-201601-12] {{pkg|docker}} information leakage<br />
* [16 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000516.html ASA-201601-11] {{pkg|go}} information leakage<br />
* [14 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000515.html ASA-201601-10] {{pkg|php}} multiple issues<br />
* [14 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000512.html ASA-201601-9] {{pkg|openssh}} multiple issues<br />
* [13 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000487.html ASA-201601-8] {{pkg|libxslt}} denial of service<br />
* [11 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000486.html ASA-201601-7] {{pkg|dhcpcd}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000485.html ASA-201601-6] {{pkg|wireshark-qt}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000484.html ASA-201601-5] {{pkg|wireshark-gtk}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000483.html ASA-201601-4] {{pkg|wireshark-cli}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000482.html ASA-201601-3] {{pkg|gajim}} man-in-the-middle<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000481.html ASA-201601-2] {{pkg|wordpress}} cross-side scripting<br />
* [02 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000480.html ASA-201601-1] {{pkg|rtmpdump}} multiple issues<br />
<br />
=== December 2015 ===<br />
<br />
* [28 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000479.html ASA-201512-19] {{pkg|openvpn}} out-of-bound read<br />
* [28 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000478.html ASA-201512-18] {{pkg|libpng}} buffer overflow<br />
* [28 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000477.html ASA-201512-17] {{pkg|flashplugin}}, {{pkg|lib32-flashplugin}} multiple issues<br />
* [25 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000476.html ASA-201512-16] {{pkg|nghttp2}} use-after-free<br />
* [25 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000475.html ASA-201512-15] {{pkg|mediawiki}} multiple issues<br />
* [25 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000474.html ASA-201512-14] {{pkg|thunderbird}} multiple issues<br />
* [22 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000473.html ASA-201512-13] {{pkg|claws-mail}} buffer overflow<br />
* [17 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000472.html ASA-201512-12] {{pkg|python2-pyamf}} XML external entity injection<br />
* [17 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000471.html ASA-201512-11] {{pkg|ruby}} unsafe tainted string usage<br />
* [16 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000468.html ASA-201512-10] {{pkg|bind}} denial of service<br />
* [15 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000467.html ASA-201512-9] {{pkg|firefox}} multiple issues<br />
* [10 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000466.html ASA-201512-8] {{pkg|keepassx}} information disclosure<br />
* [09 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000465.html ASA-201512-7] {{pkg|flashplugin}} multiple issues<br />
* [09 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000464.html ASA-201512-6] {{pkg|libxml2}} multiple issues<br />
* [09 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000463.html ASA-201512-5] {{pkg|chromium}} multiple issues<br />
* [05 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000462.html ASA-201512-4] {{pkg|nodejs}} denial of service<br />
* [05 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000460.html ASA-201512-3] {{pkg|python-django}} {{pkg|python2-django}} information leakage<br />
* [05 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000459.html ASA-201512-2] {{pkg|openssl}} {{pkg|lib32-openssl}} multiple issues<br />
* [02 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000440.html ASA-201512-1] {{pkg|chromium}} multiple issues<br />
<br />
=== November 2015 ===<br />
<br />
* [18 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000439.html ASA-201511-11] {{pkg|jenkins}} multiple issues<br />
* [17 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000438.html ASA-201511-10] {{pkg|lib32-libpng}} multiple issues<br />
* [17 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000437.html ASA-201511-9] {{pkg|libpng}} multiple issues<br />
* [13 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000436.html ASA-201511-8] {{pkg|chromium}} information leakage<br />
* [12 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000435.html ASA-201511-7] {{pkg|putty}} arbitrary code execution<br />
* [12 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000434.html ASA-201511-6] {{pkg|powerdns}} denial of service<br />
* [11 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000433.html ASA-201511-5] {{pkg|flashplugin}} multiple issues<br />
* [06 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000432.html ASA-201511-4] {{pkg|nspr}} arbitrary code execution<br />
* [06 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000431.html ASA-201511-3] {{pkg|nss}} arbitrary code execution<br />
* [04 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000430.html ASA-201511-2] {{pkg|firefox}} multiple issues<br />
* [03 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000429.html ASA-201511-1] {{pkg|unzip}} multiple issues<br />
<br />
=== October 2015 ===<br />
<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000428.html ASA-201510-26] {{pkg|mariadb}} denial of service<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000427.html ASA-201510-25] {{pkg|lldpd}} denial of service<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000426.html ASA-201510-24] {{pkg|wordpress}} multiple issues<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000425.html ASA-201510-23] {{pkg|phpmyadmin}} content spoofing<br />
* [27 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000424.html ASA-201510-22] {{pkg|vorbis-tools}} denial of service<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000423.html ASA-201510-21] {{pkg|drupal}} open redirect<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000422.html ASA-201510-20] {{pkg|jre8-openjdk-headless}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000421.html ASA-201510-19] {{pkg|jre8-openjdk}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000420.html ASA-201510-18] {{pkg|jdk8-openjdk}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000419.html ASA-201510-17] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000418.html ASA-201510-16] {{pkg|jre7-openjdk}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000417.html ASA-201510-15] {{pkg|jdk7-openjdk}} multiple issues<br />
* [22 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000416.html ASA-201510-14] {{pkg|ntp}} multiple issues<br />
* [19 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000415.html ASA-201510-13] {{pkg|spice}} multiple issues<br />
* [18 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000414.html ASA-201510-12] {{pkg|flashplugin}} arbitrary code execution<br />
* [18 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000413.html ASA-201510-11] {{pkg|miniupnpc}} arbitrary code execution<br />
* [16 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000412.html ASA-201510-10] {{pkg|firefox}} cross-origin restriction bypass<br />
* [15 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000411.html ASA-201510-9] {{pkg|mbedtls}} arbitrary code execution<br />
* [14 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000410.html ASA-201510-8] {{pkg|chromium}} multiple issues<br />
* [14 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000409.html ASA-201510-7] {{pkg|flashplugin}} multiple issues<br />
* [10 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000408.html ASA-201510-6] {{pkg|gdk-pixbuf2}} multiple issues<br />
* [08 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000407.html ASA-201510-5] {{pkg|opensmtpd}} multiple issues<br />
* [08 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000406.html ASA-201510-4] {{pkg|bugzilla}} unauthorized account creation<br />
* [05 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000405.html ASA-201510-3] {{pkg|nodejs}} denial of service<br />
* [05 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000404.html ASA-201510-2] {{pkg|hostapd}} denial of service<br />
* [05 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000403.html ASA-201510-1] {{pkg|libunwind}} denial of service<br />
<br />
=== September 2015 ===<br />
* [28 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000401.html ASA-201509-11] {{pkg|chromium}} cross-origin bypass<br />
* [25 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000400.html ASA-201509-10] {{pkg|rpcbind}} denial of service<br />
* [23 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000399.html ASA-201509-9] {{pkg|firefox}} multiple issues<br />
* [22 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000398.html ASA-201509-8] {{pkg|flashplugin}} multiple issues<br />
* [21 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000397.html ASA-201509-7] {{pkg|wordpress}} multiple issues<br />
* [13 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000395.html ASA-201509-6] {{pkg|icedtea-web}} multiple issues<br />
* [13 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000394.html ASA-201509-5] {{pkg|libvdpau}} {{pkg|lib32-libvdpau}} multiple issues<br />
* [13 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000393.html ASA-201509-4] {{pkg|openldap}} denial of service<br />
* [07 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000392.html ASA-201509-3] {{pkg|powerdns}} denial of service<br />
* [03 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000391.html ASA-201509-2] {{pkg|bind}} denial of service<br />
* [02 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000390.html ASA-201509-1] {{pkg|chromium}} multiple issues<br />
<br />
=== August 2015 ===<br />
* [28 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000389.html ASA-201508-12] {{pkg|firefox}} multiple issues<br />
* [26 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000388.html ASA-201508-11] {{pkg|pcre}} arbitrary code execution<br />
* [26 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000387.html ASA-201508-10] {{pkg|jasper}} denial of service<br />
* [25 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000386.html ASA-201508-9] {{pkg|django}} denial of service<br />
* [25 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000385.html ASA-201508-8] {{pkg|gnutls}} denial of service<br />
* [16 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000384.html ASA-201508-7] {{pkg|glibc}} denial of service<br />
* [14 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000383.html ASA-201508-6] {{pkg|freeradius}} insufficient CRL validation<br />
* [14 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000382.html ASA-201508-5] {{pkg|subversion}} authentication bypass<br />
* [12 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000381.html ASA-201508-4] {{pkg|firefox}} multiple issues<br />
* [11 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000380.html ASA-201508-3] {{pkg|ppp}} denial of service<br />
* [07 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000379.html ASA-201508-2] {{pkg|wordpress}} multiple issues<br />
* [07 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000378.html ASA-201508-1] {{pkg|firefox}} information leakage<br />
<br />
=== July 2015 ===<br />
* [29 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000377.html ASA-201507-23] {{pkg|pacman}} silent downgrade<br />
* [29 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000376.html ASA-201507-22] {{pkg|bind}} denial of service<br />
* [29 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000375.html ASA-201507-21] {{pkg|qemu}} multiple issues<br />
* [24 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000374.html ASA-201507-20] {{pkg|crypto++}} private key recovery<br />
* [24 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000373.html ASA-201507-19] {{pkg|libuser}} privilege escalation<br />
* [23 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000371.html ASA-201507-18] {{pkg|chromium}} multiple issues<br />
* [23 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000372.html ASA-201507-17] {{pkg|openssh}} authentication limits bypass<br />
* [22 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000370.html ASA-201507-16] {{pkg|jre7-openjdk}} multiple issues<br />
* [17 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000369.html ASA-201507-15] {{pkg|apache}} multiple issues<br />
* [16 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000368.html ASA-201507-14] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [16 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000367.html ASA-201507-13] {{pkg|flashplugin}} arbitrary code execution<br />
* [13 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000366.html ASA-201507-12] {{pkg|lib32-openssl}} man-in-the-middle<br />
* [12 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000365.html ASA-201507-11] {{pkg|lib32-krb5}} multiple issues<br />
* [12 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000364.html ASA-201507-10] {{pkg|krb5}} multiple issues<br />
* [11 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000363.html ASA-201507-9] {{pkg|thunderbird}} multiple issues<br />
* [09 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000362.html ASA-201507-8] {{pkg|openssl}} man-in-the-middle<br />
* [08 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000361.html ASA-201507-7] {{pkg|flashplugin}} remote code execution<br />
* [07 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000360.html ASA-201507-6] {{pkg|bind}} denial of service<br />
* [07 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000359.html ASA-201507-5] {{pkg|ntp}} denial of service<br />
* [04 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000358.html ASA-201507-4] {{pkg|openssh}} XSECURITY restrictions bypass<br />
* [04 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000357.html ASA-201507-3] {{pkg|haproxy}} information leakage<br />
* [03 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000356.html ASA-201507-2] {{pkg|firefox}} remote code execution<br />
* [03 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000355.html ASA-201507-1] {{pkg|wesnoth}} information leakage<br />
<br />
=== June 2015 ===<br />
* [24 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000346.html ASA-201506-5] {{pkg|flashplugin}} remote code execution<br />
* [22 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000345.html ASA-201506-4] {{pkg|curl}} information leakage<br />
* [12 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000344.html ASA-201506-3] {{pkg|openssl}} multiple issues<br />
* [10 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000343.html ASA-201506-2] {{pkg|cups}} multiple issues<br />
* [01 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000342.html ASA-201506-1] {{pkg|pcre}} buffer overflow<br />
<br />
=== May 2015 ===<br />
* [28 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000341.html ASA-201505-20] {{pkg|curl}} information leakage<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000340.html ASA-201505-19] {{pkg|webkitgtk2}} man-in-the-middle<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000339.html ASA-201505-18] {{pkg|webkitgtk}} man-in-the-middle<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000338.html ASA-201505-17] {{pkg|postgresql}} multiple issues<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000337.html ASA-201505-16] {{pkg|pgbouncer}} denial of service<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000336.html ASA-201505-15] {{pkg|nbd}} denial of service<br />
* [21 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000335.html ASA-201505-14] {{pkg|chromium}} multiple issues<br />
* [18 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000332.html ASA-201505-13] {{pkg|thunderbird}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000331.html ASA-201505-12] {{pkg|wireshark-gtk}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000330.html ASA-201505-11] {{pkg|wireshark-qt}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000329.html ASA-201505-10] {{pkg|wireshark-cli}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000328.html ASA-201505-9] {{pkg|qemu}} arbitrary code execution<br />
* [13 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000321.html ASA-201505-8] {{pkg|tomcat6}} denial of service<br />
* [13 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000320.html ASA-201505-7] {{pkg|firefox}} multiple issues<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000319.html ASA-201505-6] {{pkg|docker}} multiple issues<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000318.html ASA-201505-5] {{pkg|libtasn1}} arbitrary code execution<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000317.html ASA-201505-4] {{pkg|mariadb-clients}} multiple issues<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000316.html ASA-201505-3] {{pkg|mariadb}} multiple issues<br />
* [03 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000315.html ASA-201505-2] {{pkg|clamav}} multiple issues<br />
* [01 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000314.html ASA-201505-1] {{pkg|squid}} weak certificate validation<br />
<br />
=== Apr 2015 ===<br />
* [30 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000313.html ASA-201504-32] {{pkg|perl-xml-libxml}} xml external entity injection<br />
* [29 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000312.html ASA-201504-31] {{pkg|dovecot}} denial of service<br />
* [29 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000311.html ASA-201504-30] {{pkg|chromium}} multiple issues<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000310.html ASA-201504-29] {{pkg|wpa_supplicant}} arbitrary code execution<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000309.html ASA-201504-28] {{pkg|curl}} multiple issues<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000308.html ASA-201504-27] {{pkg|powerdns-recursor}} denial of service<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000307.html ASA-201504-26] {{pkg|powerdns}} denial of service<br />
* [23 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000305.html ASA-201504-25] {{pkg|glibc}} arbitrary code execution<br />
* [22 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000304.html ASA-201504-24] {{pkg|firefox}} arbitrary code execution<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000302.html ASA-201504-23] {{pkg|jre8-openjdk-headless}} multiple issues<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000301.html ASA-201504-22] {{pkg|jre8-openjdk}} multiple issues<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000300.html ASA-201504-21] {{pkg|jdk8-openjdk}} multiple issues<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000299.html ASA-201504-20] {{pkg|tcpdump}} denial of service<br />
* [18 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000298.html ASA-201504-19] {{pkg|chromium}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000297.html ASA-201504-18] {{pkg|flashplugin}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000296.html ASA-201504-17] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000295.html ASA-201504-16] {{pkg|jre7-openjdk}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000294.html ASA-201504-15] {{pkg|jdk7-openjdk}} multiple issues<br />
* [15 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000291.html ASA-201504-14] {{pkg|php}} multiple issues<br />
* [14 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000282.html ASA-201504-13] {{pkg|ruby}} permissive certificate matching<br />
* [11 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000281.html ASA-201504-12] {{pkg|icecast}} denial of service<br />
* [10 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000280.html ASA-201504-11] {{pkg|mediawiki}} multiple issues<br />
* [09 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000279.html ASA-201504-10] {{pkg|libssh2}} out-of-bounds read<br />
* [08 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000278.html ASA-201504-9] {{pkg|chrony}} denial of service<br />
* [08 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000275.html ASA-201504-8] {{pkg|ntp}} multiple issues<br />
* [07 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000274.html ASA-201504-7] {{pkg|tor}} multiple issues<br />
* [04 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000272.html ASA-201504-6] {{pkg|thunderbird}} multiple issues<br />
* [04 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000273.html ASA-201504-5] {{pkg|java-batik}} xml external entity injection<br />
* [04 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000271.html ASA-201504-4] {{pkg|firefox}} certificate verification bypass<br />
* [03 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000270.html ASA-201504-3] {{pkg|libtasn1}} stack overflow<br />
* [02 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000269.html ASA-201504-2] {{pkg|chromium}} remote code execution<br />
* [01 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000268.html ASA-201504-1] {{pkg|firefox}} multiple issues<br />
<br />
=== Mar 2015 ===<br />
* [31 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000267.html ASA-201503-26] {{pkg|musl}} arbitrary code execution<br />
* [28 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000266.html ASA-201503-25] {{pkg|php}} zip integer overflow<br />
* [25 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000265.html ASA-201503-24] {{pkg|vorbis-tools}} denial of service<br />
* [24 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000264.html ASA-201503-23] {{pkg|util-linux}} command injection<br />
* [23 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000263.html ASA-201503-22] {{pkg|cpio}} directory traversal<br />
* [21 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000262.html ASA-201503-21] {{pkg|firefox}} multiple issues<br />
* [20 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000261.html ASA-201503-20] {{pkg|tcpdump}} multiple issues<br />
* [20 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000260.html ASA-201503-19] {{pkg|xerces-c}} denial of service<br />
* [20 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000259.html ASA-201503-18] {{pkg|drupal}} multiple issues<br />
* [19 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000258.html ASA-201503-17] {{pkg|lib32-openssl}} multiple issues<br />
* [19 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000257.html ASA-201503-16] {{pkg|openssl}} multiple issues<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000256.html ASA-201503-15] {{pkg|libxfont}} multiple issues<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000255.html ASA-201503-14] {{pkg|ecryptfs-utils}} hard-coded passphrase salt<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000254.html ASA-201503-13] {{pkg|ettercap-gtk}} multiple issues<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000253.html ASA-201503-12] {{pkg|ettercap}} multiple issues<br />
* [16 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000252.html ASA-201503-11] {{pkg|flashplugin}} multiple issues<br />
* [16 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000251.html ASA-201503-10] {{pkg|librsync}} checksum collision<br />
* [15 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000250.html ASA-201503-9] {{pkg|unzip}} arbitrary code execution<br />
* [12 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000249.html ASA-201503-8] {{pkg|e2fsprogs}} arbitrary code execution<br />
* [11 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000248.html ASA-201503-7] {{pkg|python2-django}} {{pkg|python-django}} cross site scripting<br />
* [09 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000247.html ASA-201503-6] {{pkg|mutt}} denial of service<br />
* [05 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000245.html ASA-201503-5] {{pkg|chromium}} multiple issues<br />
* [05 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000244.html ASA-201503-4] {{pkg|grep}} denial of service<br />
* [02 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000243.html ASA-201503-3] {{pkg|lib32-elfutils}} directory traversal<br />
* [02 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000242.html ASA-201503-2] {{pkg|elfutils}} directory traversal<br />
* [02 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000241.html ASA-201503-1] {{pkg|putty}} information disclosure<br />
<br />
=== Feb 2015 ===<br />
* [25 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000238.html ASA-201502-15] {{pkg|thunderbird}} multiple issues<br />
* [25 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000237.html ASA-201502-14] {{pkg|firefox}} multiple issues<br />
* [23 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000236.html ASA-201502-13] {{pkg|samba}} arbitrary code execution<br />
* [17 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000235.html ASA-201502-12] {{pkg|krb5}} multiple issues<br />
* [11 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000234.html ASA-201502-11] {{pkg|xorg-server}} information leak and denial of service<br />
* [10 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000233.html ASA-201502-10] {{pkg|dbus}} denial of service<br />
* [09 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000232.html ASA-201502-9] {{pkg|pigz}} remote write to arbitrary file<br />
* [09 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000231.html ASA-201502-8] {{pkg|glibc}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000230.html ASA-201502-7] {{pkg|ntp}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000229.html ASA-201502-6] {{pkg|clamav}} arbitrary code execution<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000228.html ASA-201502-5] {{pkg|chromium}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000227.html ASA-201502-4] {{pkg|postgresql}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000226.html ASA-201502-3] {{pkg|mantisbt}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000225.html ASA-201502-2] {{pkg|flashplugin}} remote code execution<br />
* [03 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000224.html ASA-201502-1] {{pkg|privoxy}} denial of service<br />
<br />
=== Jan 2015 ===<br />
* [28 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000223.html ASA-201501-24] {{pkg|patch}} multiple issues<br />
* [27 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000222.html ASA-201501-23] {{pkg|jasper}} arbitrary code execution<br />
* [26 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000220.html ASA-201501-22] {{pkg|flashplugin}} multiple issues<br />
* [25 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000219.html ASA-201501-21] {{pkg|chromium}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000218.html ASA-201501-20] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000217.html ASA-201501-19] {{pkg|jre7-openjdk}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000216.html ASA-201501-18] {{pkg|jdk7-openjdk}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000215.html ASA-201501-17] {{pkg|php}} remote code execution<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000212.html ASA-201501-16] {{pkg|jre8-openjdk-headless}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000211.html ASA-201501-15] {{pkg|jre8-openjdk}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000210.html ASA-201501-14] {{pkg|jdk8-openjdk}} multiple issues<br />
* [20 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000209.html ASA-201501-13] {{pkg|polarssl}} remote code execution<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000208.html ASA-201501-12] {{pkg|libssh}} denial of service<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000207.html ASA-201501-11] {{pkg|tinyproxy}} denial of service<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000206.html ASA-201501-10] {{pkg|samba}} privilege elevation<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000205.html ASA-201501-9] {{pkg|curl}} url request injection<br />
* [15 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000204.html ASA-201501-8] {{pkg|flashplugin}} multiple issues<br />
* [14 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000203.html ASA-201501-7] {{pkg|thunderbird}} multiple issues<br />
* [14 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000202.html ASA-201501-6] {{pkg|firefox}} multiple issues<br />
* [14 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000201.html ASA-201501-5] {{pkg|cpio}} heap buffer overflow<br />
* [13 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000200.html ASA-201501-4] {{pkg|libevent}} heap overflow<br />
* [10 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000199.html ASA-201501-3] {{pkg|unzip}} arbitrary code execution<br />
* [09 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000198.html ASA-201501-2] {{pkg|openssl}} multiple issues<br />
* [07 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000192.html ASA-201501-1] {{pkg|imagemagick}} multiple issues<br />
<br />
=== Dec 2014 ===<br />
* [22 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000189.html ASA-201412-24] {{pkg|ntp}} multiple issues<br />
* [18 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000183.html ASA-201412-23] {{pkg|php}} use after free<br />
* [18 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000182.html ASA-201412-22] {{pkg|jasper}} arbitrary code execution<br />
* [18 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000181.html ASA-201412-21] {{pkg|glibc}} arbitrary code execution<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000178.html ASA-201412-20] {{pkg|unrtf}} arbitrary code execution<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000177.html ASA-201412-19] {{pkg|dokuwiki}} cross-site scripting<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000176.html ASA-201412-18] {{pkg|nss}} signature forgery<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000175.html ASA-201412-17] {{pkg|subversion}} denial of service<br />
* [15 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000174.html ASA-201412-16] {{pkg|docker}} multiple issues<br />
* [15 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000173.html ASA-201412-15] {{pkg|python2}} multiple issues<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000172.html ASA-201412-14] {{pkg|xorg-server}} multiple issues<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000171.html ASA-201412-13] {{pkg|flashplugin}} multiple issues<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000170.html ASA-201412-12] {{pkg|nvidia}} arbitrary code execution<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000169.html ASA-201412-11] {{pkg|nvidia-340xx}} arbitrary code execution<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000168.html ASA-201412-10] {{pkg|nvidia-304xx}} arbitrary code execution<br />
* [09 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000167.html ASA-201412-9] {{pkg|powerdns-recursor}} denial of service<br />
* [09 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000166.html ASA-201412-8] {{pkg|unbound}} denial of service<br />
* [08 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000165.html ASA-201412-7] {{pkg|bind}} denial of service<br />
* [08 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000164.html ASA-201412-6] {{pkg|mantisbt}} multiple issues<br />
* [04 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000163.html ASA-201412-5] {{pkg|antiword}} buffer overflow<br />
* [03 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000162.html ASA-201412-4] {{pkg|graphviz}} format string vulnerability<br />
* [03 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000161.html ASA-201412-3] {{pkg|firefox}} multiple issues<br />
* [02 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000160.html ASA-201412-2] {{pkg|openvpn}} denial of service<br />
* [01 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000159.html ASA-201412-1] {{pkg|gnupg}} denial of service<br />
<br />
=== Nov 2014 ===<br />
* [28 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000156.html ASA-201411-31] {{pkg|libksba}} denial of service<br />
* [28 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000157.html ASA-201411-32] {{pkg|icecast}} information leak<br />
* [28 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000158.html ASA-201411-33] {{pkg|libjpeg-turbo}} denial of service <br />
* [26 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000155.html ASA-201411-30] {{pkg|flac}} arbitrary code execution<br />
* [26 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000154.html ASA-201411-29] {{pkg|pcre}} heap buffer overflow<br />
* [23 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000153.html ASA-201411-28] {{pkg|dbus}} denial of service<br />
* [21 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000152.html ASA-201411-27] {{pkg|glibc}} command execution<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000151.html ASA-201411-26] {{pkg|chromium}} multiple issues<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000150.html ASA-201411-25] {{pkg|drupal}} session hijacking and denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000149.html ASA-201411-24] {{pkg|wireshark-qt}} denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000148.html ASA-201411-23] {{pkg|wireshark-gtk}} denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000147.html ASA-201411-22] {{pkg|wireshark-cli}} denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000146.html ASA-201411-21] {{pkg|clamav}} denial of service<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000145.html ASA-201411-20] {{pkg|avr-binutils}} multiple issues<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000144.html ASA-201411-19] {{pkg|mingw-w64-binutils}} multiple issues<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000143.html ASA-201411-18] {{pkg|arm-none-eabi-binutils}} multiple issues<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000142.html ASA-201411-17] {{pkg|binutils}} multiple issues<br />
* [17 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000141.html ASA-201411-16] {{pkg|ruby}} denial of service<br />
* [17 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000140.html ASA-201411-15] {{pkg|linux-lts}} local denial of service, privilege escalation<br />
* [17 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000139.html ASA-201411-14] {{pkg|linux}} local denial of service, privilege escalation<br />
* [13 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000138.html ASA-201411-13] {{pkg|php}} denial of service<br />
* [13 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000137.html ASA-201411-12] {{pkg|imagemagick}} denial of service<br />
* [13 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000136.html ASA-201411-11] {{pkg|flashplugin}} remote code execution<br />
* [12 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000135.html ASA-201411-10] {{pkg|gnutls}} out-of-bounds memory write<br />
* [12 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000134.html ASA-201411-9] {{pkg|file}} denial of service through out-of-bounds read<br />
* [12 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000133.html ASA-201411-8] {{pkg|mantisbt}} arbitrary code execution and unrestricted access<br />
* [11 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000132.html ASA-201411-7] {{pkg|curl}} out-of-bounds read<br />
* [10 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000131.html ASA-201411-6] {{pkg|kdebase-workspace}} local privilege escalation<br />
* [09 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000130.html ASA-201411-5] {{pkg|konversation}} denial of service<br />
* [06 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000129.html ASA-201411-4] {{pkg|polarssl}} multiple issues<br />
* [05 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000128.html ASA-201411-3] {{pkg|mantisbt}} sql injection<br />
* [03 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000127.html ASA-201411-2] {{pkg|aircrack-ng}} multiple vulnerabilities<br />
* [01 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000126.html ASA-201411-1] {{pkg|tnftp}} arbitrary command execution<br />
<br />
=== Oct 2014 ===<br />
<br />
* [29 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000125.html ASA-201410-14] {{pkg|wget}} arbitrary filesystem access<br />
* [27 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000124.html ASA-201410-13] {{pkg|ejabberd}} circumvention of encryption<br />
* [24 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000123.html ASA-201410-12] {{pkg|libxml2}} Denial of service<br />
* [24 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000122.html ASA-201410-11] {{pkg|ctags}} Denial of service<br />
* [23 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000121.html ASA-201410-10] {{pkg|libvncserver}} Remote code execution and Remote DoS<br />
* [22 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000120.html ASA-201410-9] {{pkg|libpurple}} Remote DoS and Information leakage<br />
* [20 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000119.html ASA-201410-8] {{pkg|wpa_supplicant}}, {{pkg|hostapd}} Arbitrary command execution<br />
* [16 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000118.html ASA-201410-7] {{pkg|drupal}} SQL Injection<br />
* [16 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000117.html ASA-201410-6] {{pkg|openssl}} Memory leak and poodle mitigation<br />
* [15 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000116.html ASA-201410-4] {{pkg|zeromq}} Man-in-the-middle downgrade and replay attack<br />
* [8 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000115.html ASA-201410-5] {{pkg|rsyslog}} Denial of service<br />
* [4 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000114.html ASA-201410-3] {{pkg|mediawiki}} Cross-site Scripting (XSS) and UI redressing<br />
* [2 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000113.html ASA-201410-2] {{pkg|jenkins}} Multiple issues<br />
* [1 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000112.html ASA-201410-1] {{pkg|rsyslog}} Remote denial of service<br />
<br />
=== Sep 2014 ===<br />
<br />
* [29 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000111.html ASA-201409-5] {{pkg|libvirt}} Out-of-bounds read access<br />
* [29 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000109.html ASA-201409-4] {{pkg|mediawiki}} Cross-site Scripting (XSS)<br />
* [26 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000102.html ASA-201409-3] {{pkg|python2}} Information leakage through integer overflow<br />
* [26 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000099.html ASA-201409-2] {{pkg|bash}} Remote code execution<br />
* [25 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000097.html ASA-201409-1] {{pkg|nss}} Signature forgery attack<br />
<br />
==Publishing a new advisory==<br />
<br />
We try to always wait for the vulnerability to have been fixed in the corresponding package before issuing an advisory.<br />
In case of an extremely critical vulnerability,<br />
we may issue an advisory before the package has been fixed, but only if a work-around exists. <br />
<br />
If you want to publish a new advisory, please check that:<br />
* the corresponding Arch Linux package is really vulnerable ;<br />
* the tracking [[Arch_CVE_Monitoring_Team#Procedure|Procedure]] has been completed;<br />
* no Arch Linux Security Advisory for this vulnerability has been published yet ;<br />
* no upcoming Security Advisory for this vulnerability has been claimed in the "[[#Scheduled Advisories|Scheduled Advisories]]" list of this page, as it would mean that someone is already working on an advisory ;<br />
* the current maintainer has been notified, either by flagging the package ouf-of-date if an upstream release fixing the issue exists and/or by creating a new [https://bugs.archlinux.org/ bug-tracker] entry (see the exact procedure [[Arch_CVE_Monitoring_Team#Procedure|here]]).<br />
<br />
You may then:<br />
* add a line in the "[[#Scheduled Advisories|Scheduled Advisories]]" list of this page, indicating that you are going to publish an advisory soon ;<br />
* use the following template as an example to write the advisory ;<br />
* ensure that every line in the advisory is properly wrapped after 72 characters<br />
* send the advisory to the [https://mailman.archlinux.org/mailman/listinfo/arch-security arch-security] mailing-list (note that it would be nice if you could send a PGP-signed e-mail, but it is not required).<br />
* move the published advisory from "[[#Scheduled Advisories|Scheduled Advisories]]" to "[[#Recent Advisories|Recent Advisories]]"<br />
* adapt the [[CVE#Documented_CVE.27s|CVE]] tracking page for the fixed package and add a link to the appropriate ASA.<br />
<br />
===Templates===<br />
<br />
{{bc|<nowiki><br />
Subject:<br />
[ASA-<YYYYMM-N>] <Package>: <Vulnerability Type><br />
<br />
Body:<br />
Arch Linux Security Advisory ASA-YYYYMM-N<br />
=========================================<br />
<br />
Severity: Low, Medium, High, Critical<br />
Date : YYYY-MM-DD<br />
CVE-ID : <CVE-ID><br />
Package : <package><br />
Type : <Vulnerability Type><br />
Remote : <Yes/No><br />
Link : https://wiki.archlinux.org/index.php/CVE<br />
<br />
Summary<br />
=======<br />
<br />
The package <package> before version <Arch Linux fixed version> is vulnerable to <Vulnerability type>.<br />
<br />
Resolution<br />
==========<br />
<br />
Upgrade to <Arch Linux fixed version>.<br />
<br />
# pacman -Syu "<package>>=<Arch Linux fixed version>"<br />
<br />
The problem has been fixed upstream in version <upstream fixed version>.<br />
<br />
Workaround<br />
==========<br />
<br />
<Is there a way to mitigate this vulnerability without upgrading?><br />
<br />
Description<br />
===========<br />
<br />
<Long description, for example from original advisory>.<br />
<br />
Impact<br />
======<br />
<br />
<<br />
What is it that an attacker can do? Does this need existing<br />
pre-conditions to be exploited (valid credentials, physical access)?<br />
Is this remotely exploitable?<br />
>.<br />
<br />
References<br />
==========<br />
<br />
<CVE-Link><br />
<Upstream report><br />
<Arch Linux Bug-Tracker><br />
</nowiki>}}<br />
<br />
===Vim-Snippet===<br />
<br />
Vim-Snippet for vim-ultisnips plugin for easy completing the archlinux template. Just install {{pkg|vim-ultisnips}} and copy the text below in your {{ic|~/.vim/UltiSnips/all.snippets}} you can jump through the tabstops with {{ic|CTRL+j}}.<br />
<br />
{{bc|<nowiki><br />
snippet archsec "arch security form" <br />
Arch Linux Security Advisory ASA-`date -I -u | egrep -o '[0-9]{4}'``date -I -u | egrep -o '[0-9]{2}' | sed '3q;d'`-${1}<br />
========================================${1/./=/g} <br />
<br />
Severity: ${2} <br />
Date : `date -I -u` <br />
CVE-ID : $3 <br />
Package : $4 <br />
Type : $5<br />
Remote : ${6} <br />
Link : https://wiki.archlinux.org/index.php/CVE <br />
<br />
Summary<br />
=======<br />
<br />
The package $4 before version $7 is vulnerable to $5 ${8} <br />
<br />
Resolution<br />
==========<br />
<br />
Upgrade to $7.<br />
<br />
# pacman -Syu "$4>=$7" <br />
<br />
${9:The problems have been fixed upstream in version ${7/-\d+$/./}} <br />
<br />
Workaround<br />
========== <br />
<br />
${10:None.} <br />
<br />
Description <br />
=========== <br />
<br />
${3/(CVE-....-....)(\s?)/- $1(?2: : )()\n\n/g} <br />
<br />
Impact<br />
====== <br />
<br />
A${6/(Yes)|(No)/(?1: remote )(?2: local )/}attacker is able to ${12} <br />
<br />
References<br />
========== <br />
<br />
${3/(CVE-....-....)(\s?)/https:\/\/access.redhat.com\/security\/cve\/$1\n/g}<br />
${13}<br />
endsnippet<br />
<br />
</nowiki>}}</div>
Anthraxx
https://wiki.archlinux.org/index.php?title=Security_Advisories&diff=455922
Security Advisories
2016-11-03T17:30:46Z
<p>Anthraxx: adding lib32-gdk-pixbuf2</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Related articles start}}<br />
{{Related|Arch CVE Monitoring Team}}<br />
{{Related|CVE}}<br />
{{Related|Security Advisories/Examples}}<br />
{{Related articles end}}<br />
<br />
Security Advisories are published by the community driven [[Arch CVE Monitoring Team]] to the public [https://mailman.archlinux.org/mailman/listinfo/arch-security arch-security] list.<br />
All published advisories can be found below, however if you want to be up-to-date its recommended to subscribe to the [https://mailman.archlinux.org/mailman/listinfo/arch-security list]. All assigned CVE's are tracked at the relevant CVE page [[CVE]], by the [[Arch_CVE_Monitoring_Team|ACMT]].<br />
<br />
==Scheduled Advisories==<br />
<br />
<br />
<br />
==Recent Advisories==<br />
Here is an archive of security advisories posted to the [https://mailman.archlinux.org/mailman/listinfo/arch-security arch-security] list.<br />
<br />
=== November 2016 ===<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000759.html ASA-201611-12] {{pkg|lib32-gdk-pixbuf2}} arbitrary code execution<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000758.html ASA-201611-11] {{pkg|tar}} arbitrary file overwrite<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000757.html ASA-201611-10] {{pkg|lib32-libcurl-gnutls}} multiple issues<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000756.html ASA-201611-9] {{pkg|libcurl-gnutls}} multiple issues<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000755.html ASA-201611-8] {{pkg|libcurl-compat}} multiple issues<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000754.html ASA-201611-7] {{pkg|curl}} multiple issues<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000753.html ASA-201611-6] {{pkg|tomcat6}} proxy injection<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000752.html ASA-201611-5] {{pkg|lib32-libcurl-compat}} multiple issues<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000751.html ASA-201611-4] {{pkg|lib32-curl}} multiple issues<br />
* [01 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000750.html ASA-201611-3] {{pkg|bind}} denial of service<br />
* [01 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000749.html ASA-201611-2] {{pkg|libxml2}} arbitrary code execution<br />
* [01 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000748.html ASA-201611-1] {{pkg|memcached}} arbitrary code execution<br />
<br />
=== October 2016 ===<br />
* [26 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000747.html ASA-201610-19] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [26 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000746.html ASA-201610-18] {{pkg|flashplugin}} arbitrary code execution<br />
* [24 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000745.html ASA-201610-17] {{pkg|ocaml}} information disclosure<br />
* [24 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000744.html ASA-201610-16] {{pkg|linux-grsec}} privilege escalation<br />
* [23 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000743.html ASA-201610-15] {{pkg|chromium}} multiple issues<br />
* [22 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000742.html ASA-201610-14] {{pkg|linux}} privilege escalation<br />
* [21 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000741.html ASA-201610-13] {{pkg|python-django}} cross-site request forgery<br />
* [21 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000740.html ASA-201610-12] {{pkg|python2-django}} cross-site request forgery<br />
* [21 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000739.html ASA-201610-11] {{pkg|linux-lts}} privilege escalation<br />
* [16 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000738.html ASA-201610-10] {{pkg|guile}} multiple issues<br />
* [13 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000737.html ASA-201610-9] {{pkg|gdk-pixbuf2}} arbitrary code execution<br />
* [11 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000736.html ASA-201610-8] {{pkg|crypto++}} information disclosure<br />
* [09 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000735.html ASA-201610-7] {{pkg|wpa_supplicant}} multiple issues<br />
* [08 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000734.html ASA-201610-6] {{pkg|imagemagick}} multiple issues<br />
* [07 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000733.html ASA-201610-5] {{pkg|messagelib}} multiple issues<br />
* [07 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000732.html ASA-201610-4] {{pkg|kcoreaddons}} insufficient validation<br />
* [03 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000731.html ASA-201610-3] {{pkg|hostapd}} multiple issues<br />
* [03 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000730.html ASA-201610-2] {{pkg|systemd}} denial of service<br />
* [03 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000729.html ASA-201610-1] {{pkg|chromium}} arbitrary code execution<br />
<br />
=== September 2016 ===<br />
* [30 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000728.html ASA-201609-32] {{pkg|wordpress}} multiple issues<br />
* [30 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000727.html ASA-201609-31] {{pkg|c-ares}} arbitrary code execution<br />
* [28 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000726.html ASA-201609-30] {{pkg|openssl}} denial of service<br />
* [28 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000725.html ASA-201609-29] {{pkg|bind}} denial of service<br />
* [27 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000724.html ASA-201609-28] {{pkg|lib32-openssl}} denial of service<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000723.html ASA-201609-27] {{pkg|wireshark-cli}} denial of service<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000722.html ASA-201609-26] {{pkg|lib32-gnutls}} certificate verification bypass<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000721.html ASA-201609-25] {{pkg|gnutls}} certificate verification bypass<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000720.html ASA-201609-24] {{pkg|lib32-openssl}} multiple issues<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000719.html ASA-201609-23] {{pkg|openssl}} multiple issues<br />
* [22 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000718.html ASA-201609-22] {{pkg|firefox}} multiple issues<br />
* [22 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000717.html ASA-201609-21] {{pkg|tomcat7}} proxy injection<br />
* [22 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000716.html ASA-201609-20] {{pkg|irssi}} arbitrary code execution<br />
* [20 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000715.html ASA-201609-19] {{pkg|curl}} denial of service<br />
* [20 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000714.html ASA-201609-18] {{pkg|lib32-curl}} denial of service<br />
* [20 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000713.html ASA-201609-17] {{pkg|lib32-jansson}} denial of service<br />
* [18 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000712.html ASA-201609-16] {{pkg|php}} multiple issues<br />
* [17 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000711.html ASA-201609-15] {{pkg|jansson}} denial of service<br />
* [17 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000710.html ASA-201609-14] {{pkg|lib32-libgcrypt}} information disclosure<br />
* [17 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000709.html ASA-201609-13] {{pkg|chromium}} multiple issues<br />
* [15 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000708.html ASA-201609-12] {{pkg|lib32-flashplugin}} multiple issues<br />
* [15 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000707.html ASA-201609-11] {{pkg|flashplugin}} multiple issues<br />
* [14 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000706.html ASA-201609-10] {{pkg|mariadb}} multiple issues<br />
* [13 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000705.html ASA-201609-9] {{pkg|powerdns}} denial of service<br />
* [13 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000704.html ASA-201609-8] {{pkg|libtorrent-rasterbar}} denial of service<br />
* [10 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000703.html ASA-201609-7] {{pkg|tomcat8}} proxy injection<br />
* [09 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000702.html ASA-201609-6] {{pkg|graphicsmagick}} multiple issues<br />
* [09 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000701.html ASA-201609-5] {{pkg|file-roller}} directory traversal<br />
* [09 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000700.html ASA-201609-4] {{pkg|wordpress}} multiple issues<br />
* [04 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000699.html ASA-201609-3] {{pkg|thunderbird}} arbitrary code execution<br />
* [01 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000698.html ASA-201609-2] {{pkg|webkit2gtk}} multiple issues<br />
* [01 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000697.html ASA-201609-1] {{pkg|chromium}} multiple issues<br />
<br />
=== August 2016 ===<br />
* [30 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000696.html ASA-201608-22] {{pkg|mupdf}} arbitrary code execution<br />
* [30 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000695.html ASA-201608-21] {{pkg|mupdf}} arbitrary code execution<br />
* [27 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000694.html ASA-201608-20] {{pkg|wireshark-cli}} denial of service<br />
* [26 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000693.html ASA-201608-19] {{pkg|mediawiki}} multiple issues<br />
* [22 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000692.html ASA-201608-18] {{pkg|libgcrypt}} information disclosure<br />
* [21 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000691.html ASA-201608-17] {{pkg|linux-lts}} information disclosure<br />
* [17 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000690.html ASA-201608-16] {{pkg|chromium}} multiple issues<br />
* [17 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000689.html ASA-201608-15] {{pkg|linux-zen}} information disclosure<br />
* [14 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000688.html ASA-201608-14] {{pkg|postgresql}} multiple issues<br />
* [14 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000687.html ASA-201608-13] {{pkg|linux-grsec}} information disclosure<br />
* [14 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000686.html ASA-201608-12] {{pkg|linux}} information disclosure<br />
* [11 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000685.html ASA-201608-11] {{pkg|websvn}} cross-site scripting<br />
* [10 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000684.html ASA-201608-10] {{pkg|jq}} arbitrary code execution<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000683.html ASA-201608-9] {{pkg|curl}} multiple issues<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000682.html ASA-201608-8] {{pkg|libupnp}} arbitrary filesystem access<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000681.html ASA-201608-7] {{pkg|lib32-glibc}} denial of service<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000680.html ASA-201608-6] {{pkg|glibc}} denial of service<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000679.html ASA-201608-5] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000678.html ASA-201608-4] {{pkg|jre7-openjdk}} multiple issues<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000677.html ASA-201608-3] {{pkg|jdk7-openjdk}} multiple issues<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000676.html ASA-201608-2] {{pkg|firefox}} multiple issues<br />
* [02 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000675.html ASA-201608-1] {{pkg|openssh}} information leakage<br />
<br />
=== July 2016 ===<br />
* [30 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000674.html ASA-201607-14] {{pkg|libidn}} denial of service<br />
* [29 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000673.html ASA-201607-13] {{pkg|imagemagick}} information leakage<br />
* [24 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000672.html ASA-201607-12] {{pkg|chromium}} multiple issues<br />
* [22 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000671.html ASA-201607-11] {{pkg|python2-django}} cross site scripting<br />
* [22 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000670.html ASA-201607-10] {{pkg|python-django}} cross site scripting<br />
* [21 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000669.html ASA-201607-9] {{pkg|drupal}} proxy injection<br />
* [20 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000668.html ASA-201607-8] {{pkg|bind}} denial of service<br />
* [18 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000667.html ASA-201607-7] {{pkg|lib32-flashplugin}} multiple issues<br />
* [18 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000666.html ASA-201607-6] {{pkg|flashplugin}} multiple issues<br />
* [17 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000665.html ASA-201607-5] {{pkg|gimp}} arbitrary code execution<br />
* [10 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000664.html ASA-201607-4] {{pkg|thunderbird}} arbitrary code execution<br />
* [05 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000663.html ASA-201607-3] {{pkg|libreoffice-fresh}} arbitrary code execution<br />
* [05 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000662.html ASA-201607-2] {{pkg|xerces-c}} denial of service<br />
* [05 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000661.html ASA-201607-1] {{pkg|libarchive}} arbitrary code execution<br />
<br />
=== June 2016 ===<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000660.html ASA-201606-25] {{pkg|phpmyadmin}} multiple issues<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000659.html ASA-201606-24] {{pkg|libpurple}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000658.html ASA-201606-23] {{pkg|libdwarf}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000657.html ASA-201606-22] {{pkg|xerces-c}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000656.html ASA-201606-21] {{pkg|vlc}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000655.html ASA-201606-20] {{pkg|chromium}} arbitrary code execution<br />
* [20 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000654.html ASA-201606-19] {{pkg|wget}} arbitrary file upload<br />
* [20 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000653.html ASA-201606-18] {{pkg|lib32-flashplugin}} multiple issues<br />
* [19 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000652.html ASA-201606-17] {{pkg|lib32-glibc}} denial of service<br />
* [19 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000651.html ASA-201606-16] {{pkg|glibc}} denial of service<br />
* [19 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000650.html ASA-201606-15] {{pkg|flashplugin}} multiple issues<br />
* [13 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000649.html ASA-201606-14] {{pkg|lib32-expat}} multiple issues<br />
* [13 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000648.html ASA-201606-13] {{pkg|expat}} multiple issues<br />
* [10 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000647.html ASA-201606-12] {{pkg|lib32-gnutls}} arbitrary file overwrite<br />
* [10 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000646.html ASA-201606-11] {{pkg|haproxy}} denial of service<br />
* [10 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000645.html ASA-201606-10] {{pkg|gnutls}} arbitrary file overwrite<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000644.html ASA-201606-9] {{pkg|qemu-arch-extra}} multiple issues<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000643.html ASA-201606-8] {{pkg|qemu}} multiple issues<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000642.html ASA-201606-7] {{pkg|firefox}} multiple issues<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000641.html ASA-201606-6] {{pkg|subversion}} multiple issues<br />
* [5 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000640.html ASA-201606-5] {{pkg|chromium}} multiple issues<br />
* [4 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000639.html ASA-201606-4] {{pkg|ntp}} distributed denial of service amplification<br />
* [4 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000638.html ASA-201606-3] {{pkg|webkit2gtk}} arbitrary code execution<br />
* [1 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000637.html ASA-201606-2] {{pkg|nginx-mainline}} denial of service<br />
* [1 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000636.html ASA-201606-1] {{pkg|nginx}} denial of service<br />
<br />
=== May 2016 ===<br />
<br />
* [28 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000635.html ASA-201605-28] {{pkg|chromium}} multiple issues<br />
* [26 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000634.html ASA-201605-27] {{pkg|libxml2}} multiple issues<br />
* [24 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000633.html ASA-201605-26] {{pkg|libndp}} man-in-the-middle<br />
* [19 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000632.html ASA-201605-25] {{pkg|bugzilla}} cross-site scripting<br />
* [18 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000631.html ASA-201605-24] {{pkg|p7zip}} arbitrary code execution<br />
* [18 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000630.html ASA-201605-23] {{pkg|lib32-expat}} arbitrary code execution<br />
* [18 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000629.html ASA-201605-22] {{pkg|expat}} arbitrary code execution<br />
* [15 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000628.html ASA-201605-21] {{pkg|thunderbird}} arbitrary code execution<br />
* [13 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000627.html ASA-201605-20] {{pkg|lib32-glibc}} multiple issues<br />
* [13 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000626.html ASA-201605-19] {{pkg|glibc}} multiple issues<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000625.html ASA-201605-18] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000624.html ASA-201605-17] {{pkg|libksba}} denial of service<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000623.html ASA-201605-16] {{pkg|flashplugin}} arbitrary code execution<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000622.html ASA-201605-15] {{pkg|chromium}} multiple issues<br />
* [10 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000621.html ASA-201605-14] {{pkg|cacti}} sql injection<br />
* [10 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000620.html ASA-201605-13] {{pkg|squid}} multiple issues<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000619.html ASA-201605-12] {{pkg|mencoder}} denial of service<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000618.html ASA-201605-11] {{pkg|mplayer}} denial of service<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000617.html ASA-201605-10] {{pkg|mercurial}} arbitrary code execution<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000616.html ASA-201605-9] {{pkg|latex2rtf}} arbitrary code execution<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000615.html ASA-201605-8] {{pkg|gd}} arbitrary code execution<br />
* [05 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000614.html ASA-201605-7] {{pkg|chromium}} multiple issues<br />
* [05 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000613.html ASA-201605-6] {{pkg|imagemagick}} arbitrary code execution<br />
* [05 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000612.html ASA-201605-5] {{pkg|quassel-core}} denial of service<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000611.html ASA-201605-4] {{pkg|lib32-openssl}} multiple issues<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000610.html ASA-201605-3] {{pkg|openssl}} multiple issues<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000609.html ASA-201605-2] {{pkg|jasper}} multiple issues<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000608.html ASA-201605-1] {{pkg|imlib2}} multiple issues<br />
<br />
=== April 2016 ===<br />
<br />
* [30 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000607.html ASA-201604-15] {{pkg|firefox}} multiple issues<br />
* [23 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000606.html ASA-201604-14] {{pkg|squid}} multiple issues<br />
* [23 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000605.html ASA-201604-13] {{pkg|samba}} multiple issues<br />
* [23 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000604.html ASA-201604-12] {{pkg|thunderbird}} multiple issues<br />
* [22 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000603.html ASA-201604-11] {{pkg|pgpdump}} denial of service<br />
* [17 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000602.html ASA-201604-10] {{pkg|chromium}} multiple issues<br />
* [17 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000601.html ASA-201604-9] {{pkg|libtasn1}} denial of service<br />
* [14 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000600.html ASA-201604-8] {{pkg|lhasa}} arbitrary code execution<br />
* [10 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000599.html ASA-201604-7] {{pkg|flashplugin}} arbitrary code execution<br />
* [06 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000598.html ASA-201604-6] {{pkg|mercurial}} arbitrary code execution<br />
* [04 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000597.html ASA-201604-5] {{pkg|optipng}} arbitrary code execution<br />
* [02 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000596.html ASA-201604-4] {{pkg|squid}} denial of service<br />
* [01 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000595.html ASA-201604-3] {{pkg|jre7-openjdk-headless}} sandbox escape<br />
* [01 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000594.html ASA-201604-2] {{pkg|jre7-openjdk}} sandbox escape<br />
* [01 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000593.html ASA-201604-1] {{pkg|jdk7-openjdk}} sandbox escape<br />
<br />
=== March 2016 ===<br />
<br />
* [29 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000592.html ASA-201603-27] {{pkg|jre8-openjdk-headless}} sandbox escape<br />
* [29 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000591.html ASA-201603-26] {{pkg|jre8-openjdk}} sandbox escape<br />
* [29 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000590.html ASA-201603-25] {{pkg|jdk8-openjdk}} sandbox escape<br />
* [26 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000589.html ASA-201603-24] {{pkg|chromium}} multiple issues<br />
* [24 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000588.html ASA-201603-23] {{pkg|expat}} arbitrary code execution<br />
* [24 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000587.html ASA-201603-22] {{pkg|botan}} multiple issues<br />
* [20 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000586.html ASA-201603-21] {{pkg|thunderbird}} multiple issues<br />
* [20 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000585.html ASA-201603-20] {{pkg|git}} remote command execution<br />
* [14 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000584.html ASA-201603-19] {{pkg|dropbear}} command injection<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000583.html ASA-201603-18] {{pkg|pcre}} arbitrary code execution<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000582.html ASA-201603-17] {{pkg|wireshark-gtk}} denial of service<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000581.html ASA-201603-16] {{pkg|wireshark-qt}} denial of service<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000580.html ASA-201603-15] {{pkg|wireshark-cli}} denial of service<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000579.html ASA-201603-14] {{pkg|pidgin-otr}} arbitrary code execution<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000578.html ASA-201603-13] {{pkg|bind}} denial of service<br />
* [11 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000577.html ASA-201603-12] {{pkg|openssh}} command injection<br />
* [11 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000576.html ASA-201603-11] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [11 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000575.html ASA-201603-10] {{pkg|flashplugin}} arbitrary code execution<br />
* [10 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000574.html ASA-201603-9] {{pkg|perl}} improper input validation<br />
* [10 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000573.html ASA-201603-8] {{pkg|exim}} privilege escalation<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000572.html ASA-201603-7] {{pkg|bind}} denial of service<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000571.html ASA-201603-6] {{pkg|libotr}} arbitrary code execution<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000570.html ASA-201603-5] {{pkg|chromium}} multiple issues<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000569.html ASA-201603-4] {{pkg|firefox}} multiple issues<br />
* [7 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000568.html ASA-201603-3] {{pkg|lib32-openssl}} multiple issues<br />
* [7 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000567.html ASA-201603-2] {{pkg|openssl}} multiple issues<br />
* [3 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000566.html ASA-201603-1] {{pkg|chromium}} multiple issues<br />
<br />
=== February 2016 ===<br />
<br />
* [28 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000565.html ASA-201602-24] {{pkg|cacti}} SQL injection<br />
* [28 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000564.html ASA-201602-23] {{pkg|lib32-glibc}} unbound stack usage<br />
* [28 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000563.html ASA-201602-22] {{pkg|glibc}} unbound stack usage<br />
* [25 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000562.html ASA-201602-21] {{pkg|lib32-libssh2}} man-in-the-middle<br />
* [25 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000561.html ASA-201602-20] {{pkg|libssh2}} man-in-the-middle<br />
* [24 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000560.html ASA-201602-19] {{pkg|libgcrypt}} secret key extraction<br />
* [23 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000559.html ASA-201602-18] {{pkg|libssh}} man-in-the-middle<br />
* [21 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000558.html ASA-201602-17] {{pkg|chromium}} multiple issues<br />
* [21 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000557.html ASA-201602-16] {{pkg|thunderbird}} multiple issues<br />
* [17 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000555.html ASA-201602-15] {{pkg|lib32-glibc}} multiple issues<br />
* [17 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000554.html ASA-201602-14] {{pkg|glibc}} multiple issues<br />
* [13 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000553.html ASA-201602-13] {{pkg|nghttp2}} denial of service<br />
* [13 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000552.html ASA-201602-12] {{pkg|firefox}} same-origin policy bypass<br />
* [10 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000551.html ASA-201602-11] {{pkg|botan}} multiple issues<br />
* [10 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000550.html ASA-201602-10] {{pkg|kscreenlocker}} access restriction bypass<br />
* [6 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000549.html ASA-201602-9] {{pkg|lib32-libsndfile}} multiple issues<br />
* [6 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000548.html ASA-201602-8] {{pkg|libsndfile}} multiple issues<br />
* [4 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000547.html ASA-201602-7] {{pkg|libbsd}} denial of service<br />
* [3 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000546.html ASA-201602-6] {{pkg|lib32-nettle}} improper cryptographic calculations<br />
* [3 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000545.html ASA-201602-5] {{pkg|nettle}} improper cryptographic calculations<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000544.html ASA-201602-4] {{pkg|lib32-curl}} man-in-the-middle<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000543.html ASA-201602-3] {{pkg|curl}} man-in-the-middle<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000542.html ASA-201602-2] {{pkg|python2-django}} permission bypass<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000540.html ASA-201602-1] {{pkg|python-django}} permission bypass<br />
<br />
=== January 2016 ===<br />
* [29 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000539.html ASA-201601-33] {{pkg|lib32-openssl}} man-in-the-middle<br />
* [29 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000538.html ASA-201601-32] {{pkg|openssl}} man-in-the-middle<br />
* [27 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000536.html ASA-201601-31] {{pkg|nginx}} denial of service<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000535.html ASA-201601-30] {{pkg|blueman}} privilege escalation<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000534.html ASA-201601-29] {{pkg|mbedtls}} man-in-the-middle<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000533.html ASA-201601-28] {{pkg|chromium}} multiple issues<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000532.html ASA-201601-27] {{pkg|privoxy}} denial of service<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000531.html ASA-201601-26] {{pkg|linux-lts}} privilege escalation<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000530.html ASA-201601-25] {{pkg|ecryptfs-utils}} privilege escalation<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000529.html ASA-201601-24] {{pkg|python2-rsa}} signature forgery<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000528.html ASA-201601-23] {{pkg|python-rsa}} signature forgery<br />
* [21 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000527.html ASA-201601-22] {{pkg|libdwarf}} denial of service<br />
* [21 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000526.html ASA-201601-21] {{pkg|bind}} denial of service<br />
* [20 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000525.html ASA-201601-20] {{pkg|linux}} privilege escalation<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000524.html ASA-201601-19] {{pkg|ntp}} time alteration<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000523.html ASA-201601-18] {{pkg|roundcubemail}} remote code execution<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000522.html ASA-201601-17] {{pkg|ffmpeg}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000521.html ASA-201601-16] {{pkg|syncthing}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000520.html ASA-201601-15] {{pkg|keybase}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000519.html ASA-201601-14] {{pkg|hub}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000518.html ASA-201601-13] {{pkg|go-ipfs}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000517.html ASA-201601-12] {{pkg|docker}} information leakage<br />
* [16 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000516.html ASA-201601-11] {{pkg|go}} information leakage<br />
* [14 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000515.html ASA-201601-10] {{pkg|php}} multiple issues<br />
* [14 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000512.html ASA-201601-9] {{pkg|openssh}} multiple issues<br />
* [13 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000487.html ASA-201601-8] {{pkg|libxslt}} denial of service<br />
* [11 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000486.html ASA-201601-7] {{pkg|dhcpcd}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000485.html ASA-201601-6] {{pkg|wireshark-qt}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000484.html ASA-201601-5] {{pkg|wireshark-gtk}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000483.html ASA-201601-4] {{pkg|wireshark-cli}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000482.html ASA-201601-3] {{pkg|gajim}} man-in-the-middle<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000481.html ASA-201601-2] {{pkg|wordpress}} cross-side scripting<br />
* [02 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000480.html ASA-201601-1] {{pkg|rtmpdump}} multiple issues<br />
<br />
=== December 2015 ===<br />
<br />
* [28 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000479.html ASA-201512-19] {{pkg|openvpn}} out-of-bound read<br />
* [28 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000478.html ASA-201512-18] {{pkg|libpng}} buffer overflow<br />
* [28 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000477.html ASA-201512-17] {{pkg|flashplugin}}, {{pkg|lib32-flashplugin}} multiple issues<br />
* [25 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000476.html ASA-201512-16] {{pkg|nghttp2}} use-after-free<br />
* [25 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000475.html ASA-201512-15] {{pkg|mediawiki}} multiple issues<br />
* [25 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000474.html ASA-201512-14] {{pkg|thunderbird}} multiple issues<br />
* [22 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000473.html ASA-201512-13] {{pkg|claws-mail}} buffer overflow<br />
* [17 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000472.html ASA-201512-12] {{pkg|python2-pyamf}} XML external entity injection<br />
* [17 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000471.html ASA-201512-11] {{pkg|ruby}} unsafe tainted string usage<br />
* [16 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000468.html ASA-201512-10] {{pkg|bind}} denial of service<br />
* [15 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000467.html ASA-201512-9] {{pkg|firefox}} multiple issues<br />
* [10 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000466.html ASA-201512-8] {{pkg|keepassx}} information disclosure<br />
* [09 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000465.html ASA-201512-7] {{pkg|flashplugin}} multiple issues<br />
* [09 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000464.html ASA-201512-6] {{pkg|libxml2}} multiple issues<br />
* [09 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000463.html ASA-201512-5] {{pkg|chromium}} multiple issues<br />
* [05 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000462.html ASA-201512-4] {{pkg|nodejs}} denial of service<br />
* [05 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000460.html ASA-201512-3] {{pkg|python-django}} {{pkg|python2-django}} information leakage<br />
* [05 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000459.html ASA-201512-2] {{pkg|openssl}} {{pkg|lib32-openssl}} multiple issues<br />
* [02 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000440.html ASA-201512-1] {{pkg|chromium}} multiple issues<br />
<br />
=== November 2015 ===<br />
<br />
* [18 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000439.html ASA-201511-11] {{pkg|jenkins}} multiple issues<br />
* [17 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000438.html ASA-201511-10] {{pkg|lib32-libpng}} multiple issues<br />
* [17 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000437.html ASA-201511-9] {{pkg|libpng}} multiple issues<br />
* [13 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000436.html ASA-201511-8] {{pkg|chromium}} information leakage<br />
* [12 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000435.html ASA-201511-7] {{pkg|putty}} arbitrary code execution<br />
* [12 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000434.html ASA-201511-6] {{pkg|powerdns}} denial of service<br />
* [11 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000433.html ASA-201511-5] {{pkg|flashplugin}} multiple issues<br />
* [06 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000432.html ASA-201511-4] {{pkg|nspr}} arbitrary code execution<br />
* [06 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000431.html ASA-201511-3] {{pkg|nss}} arbitrary code execution<br />
* [04 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000430.html ASA-201511-2] {{pkg|firefox}} multiple issues<br />
* [03 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000429.html ASA-201511-1] {{pkg|unzip}} multiple issues<br />
<br />
=== October 2015 ===<br />
<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000428.html ASA-201510-26] {{pkg|mariadb}} denial of service<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000427.html ASA-201510-25] {{pkg|lldpd}} denial of service<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000426.html ASA-201510-24] {{pkg|wordpress}} multiple issues<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000425.html ASA-201510-23] {{pkg|phpmyadmin}} content spoofing<br />
* [27 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000424.html ASA-201510-22] {{pkg|vorbis-tools}} denial of service<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000423.html ASA-201510-21] {{pkg|drupal}} open redirect<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000422.html ASA-201510-20] {{pkg|jre8-openjdk-headless}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000421.html ASA-201510-19] {{pkg|jre8-openjdk}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000420.html ASA-201510-18] {{pkg|jdk8-openjdk}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000419.html ASA-201510-17] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000418.html ASA-201510-16] {{pkg|jre7-openjdk}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000417.html ASA-201510-15] {{pkg|jdk7-openjdk}} multiple issues<br />
* [22 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000416.html ASA-201510-14] {{pkg|ntp}} multiple issues<br />
* [19 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000415.html ASA-201510-13] {{pkg|spice}} multiple issues<br />
* [18 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000414.html ASA-201510-12] {{pkg|flashplugin}} arbitrary code execution<br />
* [18 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000413.html ASA-201510-11] {{pkg|miniupnpc}} arbitrary code execution<br />
* [16 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000412.html ASA-201510-10] {{pkg|firefox}} cross-origin restriction bypass<br />
* [15 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000411.html ASA-201510-9] {{pkg|mbedtls}} arbitrary code execution<br />
* [14 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000410.html ASA-201510-8] {{pkg|chromium}} multiple issues<br />
* [14 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000409.html ASA-201510-7] {{pkg|flashplugin}} multiple issues<br />
* [10 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000408.html ASA-201510-6] {{pkg|gdk-pixbuf2}} multiple issues<br />
* [08 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000407.html ASA-201510-5] {{pkg|opensmtpd}} multiple issues<br />
* [08 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000406.html ASA-201510-4] {{pkg|bugzilla}} unauthorized account creation<br />
* [05 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000405.html ASA-201510-3] {{pkg|nodejs}} denial of service<br />
* [05 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000404.html ASA-201510-2] {{pkg|hostapd}} denial of service<br />
* [05 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000403.html ASA-201510-1] {{pkg|libunwind}} denial of service<br />
<br />
=== September 2015 ===<br />
* [28 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000401.html ASA-201509-11] {{pkg|chromium}} cross-origin bypass<br />
* [25 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000400.html ASA-201509-10] {{pkg|rpcbind}} denial of service<br />
* [23 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000399.html ASA-201509-9] {{pkg|firefox}} multiple issues<br />
* [22 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000398.html ASA-201509-8] {{pkg|flashplugin}} multiple issues<br />
* [21 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000397.html ASA-201509-7] {{pkg|wordpress}} multiple issues<br />
* [13 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000395.html ASA-201509-6] {{pkg|icedtea-web}} multiple issues<br />
* [13 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000394.html ASA-201509-5] {{pkg|libvdpau}} {{pkg|lib32-libvdpau}} multiple issues<br />
* [13 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000393.html ASA-201509-4] {{pkg|openldap}} denial of service<br />
* [07 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000392.html ASA-201509-3] {{pkg|powerdns}} denial of service<br />
* [03 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000391.html ASA-201509-2] {{pkg|bind}} denial of service<br />
* [02 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000390.html ASA-201509-1] {{pkg|chromium}} multiple issues<br />
<br />
=== August 2015 ===<br />
* [28 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000389.html ASA-201508-12] {{pkg|firefox}} multiple issues<br />
* [26 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000388.html ASA-201508-11] {{pkg|pcre}} arbitrary code execution<br />
* [26 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000387.html ASA-201508-10] {{pkg|jasper}} denial of service<br />
* [25 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000386.html ASA-201508-9] {{pkg|django}} denial of service<br />
* [25 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000385.html ASA-201508-8] {{pkg|gnutls}} denial of service<br />
* [16 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000384.html ASA-201508-7] {{pkg|glibc}} denial of service<br />
* [14 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000383.html ASA-201508-6] {{pkg|freeradius}} insufficient CRL validation<br />
* [14 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000382.html ASA-201508-5] {{pkg|subversion}} authentication bypass<br />
* [12 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000381.html ASA-201508-4] {{pkg|firefox}} multiple issues<br />
* [11 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000380.html ASA-201508-3] {{pkg|ppp}} denial of service<br />
* [07 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000379.html ASA-201508-2] {{pkg|wordpress}} multiple issues<br />
* [07 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000378.html ASA-201508-1] {{pkg|firefox}} information leakage<br />
<br />
=== July 2015 ===<br />
* [29 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000377.html ASA-201507-23] {{pkg|pacman}} silent downgrade<br />
* [29 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000376.html ASA-201507-22] {{pkg|bind}} denial of service<br />
* [29 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000375.html ASA-201507-21] {{pkg|qemu}} multiple issues<br />
* [24 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000374.html ASA-201507-20] {{pkg|crypto++}} private key recovery<br />
* [24 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000373.html ASA-201507-19] {{pkg|libuser}} privilege escalation<br />
* [23 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000371.html ASA-201507-18] {{pkg|chromium}} multiple issues<br />
* [23 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000372.html ASA-201507-17] {{pkg|openssh}} authentication limits bypass<br />
* [22 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000370.html ASA-201507-16] {{pkg|jre7-openjdk}} multiple issues<br />
* [17 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000369.html ASA-201507-15] {{pkg|apache}} multiple issues<br />
* [16 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000368.html ASA-201507-14] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [16 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000367.html ASA-201507-13] {{pkg|flashplugin}} arbitrary code execution<br />
* [13 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000366.html ASA-201507-12] {{pkg|lib32-openssl}} man-in-the-middle<br />
* [12 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000365.html ASA-201507-11] {{pkg|lib32-krb5}} multiple issues<br />
* [12 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000364.html ASA-201507-10] {{pkg|krb5}} multiple issues<br />
* [11 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000363.html ASA-201507-9] {{pkg|thunderbird}} multiple issues<br />
* [09 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000362.html ASA-201507-8] {{pkg|openssl}} man-in-the-middle<br />
* [08 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000361.html ASA-201507-7] {{pkg|flashplugin}} remote code execution<br />
* [07 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000360.html ASA-201507-6] {{pkg|bind}} denial of service<br />
* [07 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000359.html ASA-201507-5] {{pkg|ntp}} denial of service<br />
* [04 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000358.html ASA-201507-4] {{pkg|openssh}} XSECURITY restrictions bypass<br />
* [04 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000357.html ASA-201507-3] {{pkg|haproxy}} information leakage<br />
* [03 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000356.html ASA-201507-2] {{pkg|firefox}} remote code execution<br />
* [03 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000355.html ASA-201507-1] {{pkg|wesnoth}} information leakage<br />
<br />
=== June 2015 ===<br />
* [24 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000346.html ASA-201506-5] {{pkg|flashplugin}} remote code execution<br />
* [22 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000345.html ASA-201506-4] {{pkg|curl}} information leakage<br />
* [12 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000344.html ASA-201506-3] {{pkg|openssl}} multiple issues<br />
* [10 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000343.html ASA-201506-2] {{pkg|cups}} multiple issues<br />
* [01 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000342.html ASA-201506-1] {{pkg|pcre}} buffer overflow<br />
<br />
=== May 2015 ===<br />
* [28 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000341.html ASA-201505-20] {{pkg|curl}} information leakage<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000340.html ASA-201505-19] {{pkg|webkitgtk2}} man-in-the-middle<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000339.html ASA-201505-18] {{pkg|webkitgtk}} man-in-the-middle<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000338.html ASA-201505-17] {{pkg|postgresql}} multiple issues<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000337.html ASA-201505-16] {{pkg|pgbouncer}} denial of service<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000336.html ASA-201505-15] {{pkg|nbd}} denial of service<br />
* [21 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000335.html ASA-201505-14] {{pkg|chromium}} multiple issues<br />
* [18 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000332.html ASA-201505-13] {{pkg|thunderbird}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000331.html ASA-201505-12] {{pkg|wireshark-gtk}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000330.html ASA-201505-11] {{pkg|wireshark-qt}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000329.html ASA-201505-10] {{pkg|wireshark-cli}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000328.html ASA-201505-9] {{pkg|qemu}} arbitrary code execution<br />
* [13 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000321.html ASA-201505-8] {{pkg|tomcat6}} denial of service<br />
* [13 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000320.html ASA-201505-7] {{pkg|firefox}} multiple issues<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000319.html ASA-201505-6] {{pkg|docker}} multiple issues<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000318.html ASA-201505-5] {{pkg|libtasn1}} arbitrary code execution<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000317.html ASA-201505-4] {{pkg|mariadb-clients}} multiple issues<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000316.html ASA-201505-3] {{pkg|mariadb}} multiple issues<br />
* [03 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000315.html ASA-201505-2] {{pkg|clamav}} multiple issues<br />
* [01 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000314.html ASA-201505-1] {{pkg|squid}} weak certificate validation<br />
<br />
=== Apr 2015 ===<br />
* [30 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000313.html ASA-201504-32] {{pkg|perl-xml-libxml}} xml external entity injection<br />
* [29 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000312.html ASA-201504-31] {{pkg|dovecot}} denial of service<br />
* [29 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000311.html ASA-201504-30] {{pkg|chromium}} multiple issues<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000310.html ASA-201504-29] {{pkg|wpa_supplicant}} arbitrary code execution<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000309.html ASA-201504-28] {{pkg|curl}} multiple issues<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000308.html ASA-201504-27] {{pkg|powerdns-recursor}} denial of service<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000307.html ASA-201504-26] {{pkg|powerdns}} denial of service<br />
* [23 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000305.html ASA-201504-25] {{pkg|glibc}} arbitrary code execution<br />
* [22 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000304.html ASA-201504-24] {{pkg|firefox}} arbitrary code execution<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000302.html ASA-201504-23] {{pkg|jre8-openjdk-headless}} multiple issues<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000301.html ASA-201504-22] {{pkg|jre8-openjdk}} multiple issues<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000300.html ASA-201504-21] {{pkg|jdk8-openjdk}} multiple issues<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000299.html ASA-201504-20] {{pkg|tcpdump}} denial of service<br />
* [18 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000298.html ASA-201504-19] {{pkg|chromium}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000297.html ASA-201504-18] {{pkg|flashplugin}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000296.html ASA-201504-17] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000295.html ASA-201504-16] {{pkg|jre7-openjdk}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000294.html ASA-201504-15] {{pkg|jdk7-openjdk}} multiple issues<br />
* [15 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000291.html ASA-201504-14] {{pkg|php}} multiple issues<br />
* [14 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000282.html ASA-201504-13] {{pkg|ruby}} permissive certificate matching<br />
* [11 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000281.html ASA-201504-12] {{pkg|icecast}} denial of service<br />
* [10 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000280.html ASA-201504-11] {{pkg|mediawiki}} multiple issues<br />
* [09 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000279.html ASA-201504-10] {{pkg|libssh2}} out-of-bounds read<br />
* [08 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000278.html ASA-201504-9] {{pkg|chrony}} denial of service<br />
* [08 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000275.html ASA-201504-8] {{pkg|ntp}} multiple issues<br />
* [07 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000274.html ASA-201504-7] {{pkg|tor}} multiple issues<br />
* [04 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000272.html ASA-201504-6] {{pkg|thunderbird}} multiple issues<br />
* [04 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000273.html ASA-201504-5] {{pkg|java-batik}} xml external entity injection<br />
* [04 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000271.html ASA-201504-4] {{pkg|firefox}} certificate verification bypass<br />
* [03 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000270.html ASA-201504-3] {{pkg|libtasn1}} stack overflow<br />
* [02 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000269.html ASA-201504-2] {{pkg|chromium}} remote code execution<br />
* [01 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000268.html ASA-201504-1] {{pkg|firefox}} multiple issues<br />
<br />
=== Mar 2015 ===<br />
* [31 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000267.html ASA-201503-26] {{pkg|musl}} arbitrary code execution<br />
* [28 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000266.html ASA-201503-25] {{pkg|php}} zip integer overflow<br />
* [25 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000265.html ASA-201503-24] {{pkg|vorbis-tools}} denial of service<br />
* [24 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000264.html ASA-201503-23] {{pkg|util-linux}} command injection<br />
* [23 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000263.html ASA-201503-22] {{pkg|cpio}} directory traversal<br />
* [21 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000262.html ASA-201503-21] {{pkg|firefox}} multiple issues<br />
* [20 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000261.html ASA-201503-20] {{pkg|tcpdump}} multiple issues<br />
* [20 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000260.html ASA-201503-19] {{pkg|xerces-c}} denial of service<br />
* [20 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000259.html ASA-201503-18] {{pkg|drupal}} multiple issues<br />
* [19 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000258.html ASA-201503-17] {{pkg|lib32-openssl}} multiple issues<br />
* [19 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000257.html ASA-201503-16] {{pkg|openssl}} multiple issues<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000256.html ASA-201503-15] {{pkg|libxfont}} multiple issues<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000255.html ASA-201503-14] {{pkg|ecryptfs-utils}} hard-coded passphrase salt<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000254.html ASA-201503-13] {{pkg|ettercap-gtk}} multiple issues<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000253.html ASA-201503-12] {{pkg|ettercap}} multiple issues<br />
* [16 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000252.html ASA-201503-11] {{pkg|flashplugin}} multiple issues<br />
* [16 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000251.html ASA-201503-10] {{pkg|librsync}} checksum collision<br />
* [15 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000250.html ASA-201503-9] {{pkg|unzip}} arbitrary code execution<br />
* [12 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000249.html ASA-201503-8] {{pkg|e2fsprogs}} arbitrary code execution<br />
* [11 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000248.html ASA-201503-7] {{pkg|python2-django}} {{pkg|python-django}} cross site scripting<br />
* [09 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000247.html ASA-201503-6] {{pkg|mutt}} denial of service<br />
* [05 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000245.html ASA-201503-5] {{pkg|chromium}} multiple issues<br />
* [05 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000244.html ASA-201503-4] {{pkg|grep}} denial of service<br />
* [02 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000243.html ASA-201503-3] {{pkg|lib32-elfutils}} directory traversal<br />
* [02 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000242.html ASA-201503-2] {{pkg|elfutils}} directory traversal<br />
* [02 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000241.html ASA-201503-1] {{pkg|putty}} information disclosure<br />
<br />
=== Feb 2015 ===<br />
* [25 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000238.html ASA-201502-15] {{pkg|thunderbird}} multiple issues<br />
* [25 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000237.html ASA-201502-14] {{pkg|firefox}} multiple issues<br />
* [23 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000236.html ASA-201502-13] {{pkg|samba}} arbitrary code execution<br />
* [17 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000235.html ASA-201502-12] {{pkg|krb5}} multiple issues<br />
* [11 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000234.html ASA-201502-11] {{pkg|xorg-server}} information leak and denial of service<br />
* [10 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000233.html ASA-201502-10] {{pkg|dbus}} denial of service<br />
* [09 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000232.html ASA-201502-9] {{pkg|pigz}} remote write to arbitrary file<br />
* [09 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000231.html ASA-201502-8] {{pkg|glibc}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000230.html ASA-201502-7] {{pkg|ntp}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000229.html ASA-201502-6] {{pkg|clamav}} arbitrary code execution<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000228.html ASA-201502-5] {{pkg|chromium}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000227.html ASA-201502-4] {{pkg|postgresql}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000226.html ASA-201502-3] {{pkg|mantisbt}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000225.html ASA-201502-2] {{pkg|flashplugin}} remote code execution<br />
* [03 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000224.html ASA-201502-1] {{pkg|privoxy}} denial of service<br />
<br />
=== Jan 2015 ===<br />
* [28 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000223.html ASA-201501-24] {{pkg|patch}} multiple issues<br />
* [27 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000222.html ASA-201501-23] {{pkg|jasper}} arbitrary code execution<br />
* [26 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000220.html ASA-201501-22] {{pkg|flashplugin}} multiple issues<br />
* [25 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000219.html ASA-201501-21] {{pkg|chromium}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000218.html ASA-201501-20] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000217.html ASA-201501-19] {{pkg|jre7-openjdk}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000216.html ASA-201501-18] {{pkg|jdk7-openjdk}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000215.html ASA-201501-17] {{pkg|php}} remote code execution<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000212.html ASA-201501-16] {{pkg|jre8-openjdk-headless}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000211.html ASA-201501-15] {{pkg|jre8-openjdk}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000210.html ASA-201501-14] {{pkg|jdk8-openjdk}} multiple issues<br />
* [20 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000209.html ASA-201501-13] {{pkg|polarssl}} remote code execution<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000208.html ASA-201501-12] {{pkg|libssh}} denial of service<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000207.html ASA-201501-11] {{pkg|tinyproxy}} denial of service<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000206.html ASA-201501-10] {{pkg|samba}} privilege elevation<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000205.html ASA-201501-9] {{pkg|curl}} url request injection<br />
* [15 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000204.html ASA-201501-8] {{pkg|flashplugin}} multiple issues<br />
* [14 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000203.html ASA-201501-7] {{pkg|thunderbird}} multiple issues<br />
* [14 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000202.html ASA-201501-6] {{pkg|firefox}} multiple issues<br />
* [14 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000201.html ASA-201501-5] {{pkg|cpio}} heap buffer overflow<br />
* [13 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000200.html ASA-201501-4] {{pkg|libevent}} heap overflow<br />
* [10 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000199.html ASA-201501-3] {{pkg|unzip}} arbitrary code execution<br />
* [09 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000198.html ASA-201501-2] {{pkg|openssl}} multiple issues<br />
* [07 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000192.html ASA-201501-1] {{pkg|imagemagick}} multiple issues<br />
<br />
=== Dec 2014 ===<br />
* [22 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000189.html ASA-201412-24] {{pkg|ntp}} multiple issues<br />
* [18 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000183.html ASA-201412-23] {{pkg|php}} use after free<br />
* [18 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000182.html ASA-201412-22] {{pkg|jasper}} arbitrary code execution<br />
* [18 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000181.html ASA-201412-21] {{pkg|glibc}} arbitrary code execution<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000178.html ASA-201412-20] {{pkg|unrtf}} arbitrary code execution<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000177.html ASA-201412-19] {{pkg|dokuwiki}} cross-site scripting<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000176.html ASA-201412-18] {{pkg|nss}} signature forgery<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000175.html ASA-201412-17] {{pkg|subversion}} denial of service<br />
* [15 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000174.html ASA-201412-16] {{pkg|docker}} multiple issues<br />
* [15 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000173.html ASA-201412-15] {{pkg|python2}} multiple issues<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000172.html ASA-201412-14] {{pkg|xorg-server}} multiple issues<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000171.html ASA-201412-13] {{pkg|flashplugin}} multiple issues<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000170.html ASA-201412-12] {{pkg|nvidia}} arbitrary code execution<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000169.html ASA-201412-11] {{pkg|nvidia-340xx}} arbitrary code execution<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000168.html ASA-201412-10] {{pkg|nvidia-304xx}} arbitrary code execution<br />
* [09 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000167.html ASA-201412-9] {{pkg|powerdns-recursor}} denial of service<br />
* [09 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000166.html ASA-201412-8] {{pkg|unbound}} denial of service<br />
* [08 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000165.html ASA-201412-7] {{pkg|bind}} denial of service<br />
* [08 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000164.html ASA-201412-6] {{pkg|mantisbt}} multiple issues<br />
* [04 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000163.html ASA-201412-5] {{pkg|antiword}} buffer overflow<br />
* [03 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000162.html ASA-201412-4] {{pkg|graphviz}} format string vulnerability<br />
* [03 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000161.html ASA-201412-3] {{pkg|firefox}} multiple issues<br />
* [02 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000160.html ASA-201412-2] {{pkg|openvpn}} denial of service<br />
* [01 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000159.html ASA-201412-1] {{pkg|gnupg}} denial of service<br />
<br />
=== Nov 2014 ===<br />
* [28 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000156.html ASA-201411-31] {{pkg|libksba}} denial of service<br />
* [28 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000157.html ASA-201411-32] {{pkg|icecast}} information leak<br />
* [28 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000158.html ASA-201411-33] {{pkg|libjpeg-turbo}} denial of service <br />
* [26 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000155.html ASA-201411-30] {{pkg|flac}} arbitrary code execution<br />
* [26 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000154.html ASA-201411-29] {{pkg|pcre}} heap buffer overflow<br />
* [23 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000153.html ASA-201411-28] {{pkg|dbus}} denial of service<br />
* [21 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000152.html ASA-201411-27] {{pkg|glibc}} command execution<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000151.html ASA-201411-26] {{pkg|chromium}} multiple issues<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000150.html ASA-201411-25] {{pkg|drupal}} session hijacking and denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000149.html ASA-201411-24] {{pkg|wireshark-qt}} denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000148.html ASA-201411-23] {{pkg|wireshark-gtk}} denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000147.html ASA-201411-22] {{pkg|wireshark-cli}} denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000146.html ASA-201411-21] {{pkg|clamav}} denial of service<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000145.html ASA-201411-20] {{pkg|avr-binutils}} multiple issues<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000144.html ASA-201411-19] {{pkg|mingw-w64-binutils}} multiple issues<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000143.html ASA-201411-18] {{pkg|arm-none-eabi-binutils}} multiple issues<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000142.html ASA-201411-17] {{pkg|binutils}} multiple issues<br />
* [17 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000141.html ASA-201411-16] {{pkg|ruby}} denial of service<br />
* [17 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000140.html ASA-201411-15] {{pkg|linux-lts}} local denial of service, privilege escalation<br />
* [17 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000139.html ASA-201411-14] {{pkg|linux}} local denial of service, privilege escalation<br />
* [13 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000138.html ASA-201411-13] {{pkg|php}} denial of service<br />
* [13 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000137.html ASA-201411-12] {{pkg|imagemagick}} denial of service<br />
* [13 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000136.html ASA-201411-11] {{pkg|flashplugin}} remote code execution<br />
* [12 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000135.html ASA-201411-10] {{pkg|gnutls}} out-of-bounds memory write<br />
* [12 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000134.html ASA-201411-9] {{pkg|file}} denial of service through out-of-bounds read<br />
* [12 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000133.html ASA-201411-8] {{pkg|mantisbt}} arbitrary code execution and unrestricted access<br />
* [11 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000132.html ASA-201411-7] {{pkg|curl}} out-of-bounds read<br />
* [10 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000131.html ASA-201411-6] {{pkg|kdebase-workspace}} local privilege escalation<br />
* [09 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000130.html ASA-201411-5] {{pkg|konversation}} denial of service<br />
* [06 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000129.html ASA-201411-4] {{pkg|polarssl}} multiple issues<br />
* [05 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000128.html ASA-201411-3] {{pkg|mantisbt}} sql injection<br />
* [03 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000127.html ASA-201411-2] {{pkg|aircrack-ng}} multiple vulnerabilities<br />
* [01 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000126.html ASA-201411-1] {{pkg|tnftp}} arbitrary command execution<br />
<br />
=== Oct 2014 ===<br />
<br />
* [29 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000125.html ASA-201410-14] {{pkg|wget}} arbitrary filesystem access<br />
* [27 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000124.html ASA-201410-13] {{pkg|ejabberd}} circumvention of encryption<br />
* [24 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000123.html ASA-201410-12] {{pkg|libxml2}} Denial of service<br />
* [24 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000122.html ASA-201410-11] {{pkg|ctags}} Denial of service<br />
* [23 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000121.html ASA-201410-10] {{pkg|libvncserver}} Remote code execution and Remote DoS<br />
* [22 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000120.html ASA-201410-9] {{pkg|libpurple}} Remote DoS and Information leakage<br />
* [20 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000119.html ASA-201410-8] {{pkg|wpa_supplicant}}, {{pkg|hostapd}} Arbitrary command execution<br />
* [16 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000118.html ASA-201410-7] {{pkg|drupal}} SQL Injection<br />
* [16 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000117.html ASA-201410-6] {{pkg|openssl}} Memory leak and poodle mitigation<br />
* [15 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000116.html ASA-201410-4] {{pkg|zeromq}} Man-in-the-middle downgrade and replay attack<br />
* [8 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000115.html ASA-201410-5] {{pkg|rsyslog}} Denial of service<br />
* [4 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000114.html ASA-201410-3] {{pkg|mediawiki}} Cross-site Scripting (XSS) and UI redressing<br />
* [2 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000113.html ASA-201410-2] {{pkg|jenkins}} Multiple issues<br />
* [1 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000112.html ASA-201410-1] {{pkg|rsyslog}} Remote denial of service<br />
<br />
=== Sep 2014 ===<br />
<br />
* [29 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000111.html ASA-201409-5] {{pkg|libvirt}} Out-of-bounds read access<br />
* [29 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000109.html ASA-201409-4] {{pkg|mediawiki}} Cross-site Scripting (XSS)<br />
* [26 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000102.html ASA-201409-3] {{pkg|python2}} Information leakage through integer overflow<br />
* [26 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000099.html ASA-201409-2] {{pkg|bash}} Remote code execution<br />
* [25 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000097.html ASA-201409-1] {{pkg|nss}} Signature forgery attack<br />
<br />
==Publishing a new advisory==<br />
<br />
We try to always wait for the vulnerability to have been fixed in the corresponding package before issuing an advisory.<br />
In case of an extremely critical vulnerability,<br />
we may issue an advisory before the package has been fixed, but only if a work-around exists. <br />
<br />
If you want to publish a new advisory, please check that:<br />
* the corresponding Arch Linux package is really vulnerable ;<br />
* the tracking [[Arch_CVE_Monitoring_Team#Procedure|Procedure]] has been completed;<br />
* no Arch Linux Security Advisory for this vulnerability has been published yet ;<br />
* no upcoming Security Advisory for this vulnerability has been claimed in the "[[#Scheduled Advisories|Scheduled Advisories]]" list of this page, as it would mean that someone is already working on an advisory ;<br />
* the current maintainer has been notified, either by flagging the package ouf-of-date if an upstream release fixing the issue exists and/or by creating a new [https://bugs.archlinux.org/ bug-tracker] entry (see the exact procedure [[Arch_CVE_Monitoring_Team#Procedure|here]]).<br />
<br />
You may then:<br />
* add a line in the "[[#Scheduled Advisories|Scheduled Advisories]]" list of this page, indicating that you are going to publish an advisory soon ;<br />
* use the following template as an example to write the advisory ;<br />
* ensure that every line in the advisory is properly wrapped after 72 characters<br />
* send the advisory to the [https://mailman.archlinux.org/mailman/listinfo/arch-security arch-security] mailing-list (note that it would be nice if you could send a PGP-signed e-mail, but it is not required).<br />
* move the published advisory from "[[#Scheduled Advisories|Scheduled Advisories]]" to "[[#Recent Advisories|Recent Advisories]]"<br />
* adapt the [[CVE#Documented_CVE.27s|CVE]] tracking page for the fixed package and add a link to the appropriate ASA.<br />
<br />
===Templates===<br />
<br />
{{bc|<nowiki><br />
Subject:<br />
[ASA-<YYYYMM-N>] <Package>: <Vulnerability Type><br />
<br />
Body:<br />
Arch Linux Security Advisory ASA-YYYYMM-N<br />
=========================================<br />
<br />
Severity: Low, Medium, High, Critical<br />
Date : YYYY-MM-DD<br />
CVE-ID : <CVE-ID><br />
Package : <package><br />
Type : <Vulnerability Type><br />
Remote : <Yes/No><br />
Link : https://wiki.archlinux.org/index.php/CVE<br />
<br />
Summary<br />
=======<br />
<br />
The package <package> before version <Arch Linux fixed version> is vulnerable to <Vulnerability type>.<br />
<br />
Resolution<br />
==========<br />
<br />
Upgrade to <Arch Linux fixed version>.<br />
<br />
# pacman -Syu "<package>>=<Arch Linux fixed version>"<br />
<br />
The problem has been fixed upstream in version <upstream fixed version>.<br />
<br />
Workaround<br />
==========<br />
<br />
<Is there a way to mitigate this vulnerability without upgrading?><br />
<br />
Description<br />
===========<br />
<br />
<Long description, for example from original advisory>.<br />
<br />
Impact<br />
======<br />
<br />
<<br />
What is it that an attacker can do? Does this need existing<br />
pre-conditions to be exploited (valid credentials, physical access)?<br />
Is this remotely exploitable?<br />
>.<br />
<br />
References<br />
==========<br />
<br />
<CVE-Link><br />
<Upstream report><br />
<Arch Linux Bug-Tracker><br />
</nowiki>}}<br />
<br />
===Vim-Snippet===<br />
<br />
Vim-Snippet for vim-ultisnips plugin for easy completing the archlinux template. Just install {{pkg|vim-ultisnips}} and copy the text below in your {{ic|~/.vim/UltiSnips/all.snippets}} you can jump through the tabstops with {{ic|CTRL+j}}.<br />
<br />
{{bc|<nowiki><br />
snippet archsec "arch security form" <br />
Arch Linux Security Advisory ASA-`date -I -u | egrep -o '[0-9]{4}'``date -I -u | egrep -o '[0-9]{2}' | sed '3q;d'`-${1}<br />
========================================${1/./=/g} <br />
<br />
Severity: ${2} <br />
Date : `date -I -u` <br />
CVE-ID : $3 <br />
Package : $4 <br />
Type : $5<br />
Remote : ${6} <br />
Link : https://wiki.archlinux.org/index.php/CVE <br />
<br />
Summary<br />
=======<br />
<br />
The package $4 before version $7 is vulnerable to $5 ${8} <br />
<br />
Resolution<br />
==========<br />
<br />
Upgrade to $7.<br />
<br />
# pacman -Syu "$4>=$7" <br />
<br />
${9:The problems have been fixed upstream in version ${7/-\d+$/./}} <br />
<br />
Workaround<br />
========== <br />
<br />
${10:None.} <br />
<br />
Description <br />
=========== <br />
<br />
${3/(CVE-....-....)(\s?)/- $1(?2: : )()\n\n/g} <br />
<br />
Impact<br />
====== <br />
<br />
A${6/(Yes)|(No)/(?1: remote )(?2: local )/}attacker is able to ${12} <br />
<br />
References<br />
========== <br />
<br />
${3/(CVE-....-....)(\s?)/https:\/\/access.redhat.com\/security\/cve\/$1\n/g}<br />
${13}<br />
endsnippet<br />
<br />
</nowiki>}}</div>
Anthraxx
https://wiki.archlinux.org/index.php?title=Security_Advisories&diff=455908
Security Advisories
2016-11-03T15:08:55Z
<p>Anthraxx: adding advisory</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Related articles start}}<br />
{{Related|Arch CVE Monitoring Team}}<br />
{{Related|CVE}}<br />
{{Related|Security Advisories/Examples}}<br />
{{Related articles end}}<br />
<br />
Security Advisories are published by the community driven [[Arch CVE Monitoring Team]] to the public [https://mailman.archlinux.org/mailman/listinfo/arch-security arch-security] list.<br />
All published advisories can be found below, however if you want to be up-to-date its recommended to subscribe to the [https://mailman.archlinux.org/mailman/listinfo/arch-security list]. All assigned CVE's are tracked at the relevant CVE page [[CVE]], by the [[Arch_CVE_Monitoring_Team|ACMT]].<br />
<br />
==Scheduled Advisories==<br />
<br />
<br />
<br />
==Recent Advisories==<br />
Here is an archive of security advisories posted to the [https://mailman.archlinux.org/mailman/listinfo/arch-security arch-security] list.<br />
<br />
=== November 2016 ===<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000758.html ASA-201611-11] {{pkg|tar}} arbitrary file overwrite<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000757.html ASA-201611-10] {{pkg|lib32-libcurl-gnutls}} multiple issues<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000756.html ASA-201611-9] {{pkg|libcurl-gnutls}} multiple issues<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000755.html ASA-201611-8] {{pkg|libcurl-compat}} multiple issues<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000754.html ASA-201611-7] {{pkg|curl}} multiple issues<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000753.html ASA-201611-6] {{pkg|tomcat6}} proxy injection<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000752.html ASA-201611-5] {{pkg|lib32-libcurl-compat}} multiple issues<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000751.html ASA-201611-4] {{pkg|lib32-curl}} multiple issues<br />
* [01 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000750.html ASA-201611-3] {{pkg|bind}} denial of service<br />
* [01 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000749.html ASA-201611-2] {{pkg|libxml2}} arbitrary code execution<br />
* [01 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000748.html ASA-201611-1] {{pkg|memcached}} arbitrary code execution<br />
<br />
=== October 2016 ===<br />
* [26 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000747.html ASA-201610-19] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [26 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000746.html ASA-201610-18] {{pkg|flashplugin}} arbitrary code execution<br />
* [24 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000745.html ASA-201610-17] {{pkg|ocaml}} information disclosure<br />
* [24 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000744.html ASA-201610-16] {{pkg|linux-grsec}} privilege escalation<br />
* [23 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000743.html ASA-201610-15] {{pkg|chromium}} multiple issues<br />
* [22 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000742.html ASA-201610-14] {{pkg|linux}} privilege escalation<br />
* [21 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000741.html ASA-201610-13] {{pkg|python-django}} cross-site request forgery<br />
* [21 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000740.html ASA-201610-12] {{pkg|python2-django}} cross-site request forgery<br />
* [21 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000739.html ASA-201610-11] {{pkg|linux-lts}} privilege escalation<br />
* [16 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000738.html ASA-201610-10] {{pkg|guile}} multiple issues<br />
* [13 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000737.html ASA-201610-9] {{pkg|gdk-pixbuf2}} arbitrary code execution<br />
* [11 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000736.html ASA-201610-8] {{pkg|crypto++}} information disclosure<br />
* [09 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000735.html ASA-201610-7] {{pkg|wpa_supplicant}} multiple issues<br />
* [08 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000734.html ASA-201610-6] {{pkg|imagemagick}} multiple issues<br />
* [07 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000733.html ASA-201610-5] {{pkg|messagelib}} multiple issues<br />
* [07 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000732.html ASA-201610-4] {{pkg|kcoreaddons}} insufficient validation<br />
* [03 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000731.html ASA-201610-3] {{pkg|hostapd}} multiple issues<br />
* [03 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000730.html ASA-201610-2] {{pkg|systemd}} denial of service<br />
* [03 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000729.html ASA-201610-1] {{pkg|chromium}} arbitrary code execution<br />
<br />
=== September 2016 ===<br />
* [30 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000728.html ASA-201609-32] {{pkg|wordpress}} multiple issues<br />
* [30 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000727.html ASA-201609-31] {{pkg|c-ares}} arbitrary code execution<br />
* [28 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000726.html ASA-201609-30] {{pkg|openssl}} denial of service<br />
* [28 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000725.html ASA-201609-29] {{pkg|bind}} denial of service<br />
* [27 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000724.html ASA-201609-28] {{pkg|lib32-openssl}} denial of service<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000723.html ASA-201609-27] {{pkg|wireshark-cli}} denial of service<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000722.html ASA-201609-26] {{pkg|lib32-gnutls}} certificate verification bypass<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000721.html ASA-201609-25] {{pkg|gnutls}} certificate verification bypass<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000720.html ASA-201609-24] {{pkg|lib32-openssl}} multiple issues<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000719.html ASA-201609-23] {{pkg|openssl}} multiple issues<br />
* [22 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000718.html ASA-201609-22] {{pkg|firefox}} multiple issues<br />
* [22 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000717.html ASA-201609-21] {{pkg|tomcat7}} proxy injection<br />
* [22 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000716.html ASA-201609-20] {{pkg|irssi}} arbitrary code execution<br />
* [20 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000715.html ASA-201609-19] {{pkg|curl}} denial of service<br />
* [20 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000714.html ASA-201609-18] {{pkg|lib32-curl}} denial of service<br />
* [20 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000713.html ASA-201609-17] {{pkg|lib32-jansson}} denial of service<br />
* [18 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000712.html ASA-201609-16] {{pkg|php}} multiple issues<br />
* [17 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000711.html ASA-201609-15] {{pkg|jansson}} denial of service<br />
* [17 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000710.html ASA-201609-14] {{pkg|lib32-libgcrypt}} information disclosure<br />
* [17 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000709.html ASA-201609-13] {{pkg|chromium}} multiple issues<br />
* [15 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000708.html ASA-201609-12] {{pkg|lib32-flashplugin}} multiple issues<br />
* [15 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000707.html ASA-201609-11] {{pkg|flashplugin}} multiple issues<br />
* [14 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000706.html ASA-201609-10] {{pkg|mariadb}} multiple issues<br />
* [13 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000705.html ASA-201609-9] {{pkg|powerdns}} denial of service<br />
* [13 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000704.html ASA-201609-8] {{pkg|libtorrent-rasterbar}} denial of service<br />
* [10 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000703.html ASA-201609-7] {{pkg|tomcat8}} proxy injection<br />
* [09 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000702.html ASA-201609-6] {{pkg|graphicsmagick}} multiple issues<br />
* [09 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000701.html ASA-201609-5] {{pkg|file-roller}} directory traversal<br />
* [09 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000700.html ASA-201609-4] {{pkg|wordpress}} multiple issues<br />
* [04 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000699.html ASA-201609-3] {{pkg|thunderbird}} arbitrary code execution<br />
* [01 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000698.html ASA-201609-2] {{pkg|webkit2gtk}} multiple issues<br />
* [01 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000697.html ASA-201609-1] {{pkg|chromium}} multiple issues<br />
<br />
=== August 2016 ===<br />
* [30 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000696.html ASA-201608-22] {{pkg|mupdf}} arbitrary code execution<br />
* [30 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000695.html ASA-201608-21] {{pkg|mupdf}} arbitrary code execution<br />
* [27 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000694.html ASA-201608-20] {{pkg|wireshark-cli}} denial of service<br />
* [26 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000693.html ASA-201608-19] {{pkg|mediawiki}} multiple issues<br />
* [22 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000692.html ASA-201608-18] {{pkg|libgcrypt}} information disclosure<br />
* [21 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000691.html ASA-201608-17] {{pkg|linux-lts}} information disclosure<br />
* [17 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000690.html ASA-201608-16] {{pkg|chromium}} multiple issues<br />
* [17 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000689.html ASA-201608-15] {{pkg|linux-zen}} information disclosure<br />
* [14 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000688.html ASA-201608-14] {{pkg|postgresql}} multiple issues<br />
* [14 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000687.html ASA-201608-13] {{pkg|linux-grsec}} information disclosure<br />
* [14 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000686.html ASA-201608-12] {{pkg|linux}} information disclosure<br />
* [11 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000685.html ASA-201608-11] {{pkg|websvn}} cross-site scripting<br />
* [10 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000684.html ASA-201608-10] {{pkg|jq}} arbitrary code execution<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000683.html ASA-201608-9] {{pkg|curl}} multiple issues<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000682.html ASA-201608-8] {{pkg|libupnp}} arbitrary filesystem access<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000681.html ASA-201608-7] {{pkg|lib32-glibc}} denial of service<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000680.html ASA-201608-6] {{pkg|glibc}} denial of service<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000679.html ASA-201608-5] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000678.html ASA-201608-4] {{pkg|jre7-openjdk}} multiple issues<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000677.html ASA-201608-3] {{pkg|jdk7-openjdk}} multiple issues<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000676.html ASA-201608-2] {{pkg|firefox}} multiple issues<br />
* [02 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000675.html ASA-201608-1] {{pkg|openssh}} information leakage<br />
<br />
=== July 2016 ===<br />
* [30 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000674.html ASA-201607-14] {{pkg|libidn}} denial of service<br />
* [29 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000673.html ASA-201607-13] {{pkg|imagemagick}} information leakage<br />
* [24 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000672.html ASA-201607-12] {{pkg|chromium}} multiple issues<br />
* [22 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000671.html ASA-201607-11] {{pkg|python2-django}} cross site scripting<br />
* [22 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000670.html ASA-201607-10] {{pkg|python-django}} cross site scripting<br />
* [21 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000669.html ASA-201607-9] {{pkg|drupal}} proxy injection<br />
* [20 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000668.html ASA-201607-8] {{pkg|bind}} denial of service<br />
* [18 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000667.html ASA-201607-7] {{pkg|lib32-flashplugin}} multiple issues<br />
* [18 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000666.html ASA-201607-6] {{pkg|flashplugin}} multiple issues<br />
* [17 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000665.html ASA-201607-5] {{pkg|gimp}} arbitrary code execution<br />
* [10 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000664.html ASA-201607-4] {{pkg|thunderbird}} arbitrary code execution<br />
* [05 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000663.html ASA-201607-3] {{pkg|libreoffice-fresh}} arbitrary code execution<br />
* [05 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000662.html ASA-201607-2] {{pkg|xerces-c}} denial of service<br />
* [05 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000661.html ASA-201607-1] {{pkg|libarchive}} arbitrary code execution<br />
<br />
=== June 2016 ===<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000660.html ASA-201606-25] {{pkg|phpmyadmin}} multiple issues<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000659.html ASA-201606-24] {{pkg|libpurple}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000658.html ASA-201606-23] {{pkg|libdwarf}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000657.html ASA-201606-22] {{pkg|xerces-c}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000656.html ASA-201606-21] {{pkg|vlc}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000655.html ASA-201606-20] {{pkg|chromium}} arbitrary code execution<br />
* [20 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000654.html ASA-201606-19] {{pkg|wget}} arbitrary file upload<br />
* [20 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000653.html ASA-201606-18] {{pkg|lib32-flashplugin}} multiple issues<br />
* [19 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000652.html ASA-201606-17] {{pkg|lib32-glibc}} denial of service<br />
* [19 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000651.html ASA-201606-16] {{pkg|glibc}} denial of service<br />
* [19 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000650.html ASA-201606-15] {{pkg|flashplugin}} multiple issues<br />
* [13 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000649.html ASA-201606-14] {{pkg|lib32-expat}} multiple issues<br />
* [13 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000648.html ASA-201606-13] {{pkg|expat}} multiple issues<br />
* [10 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000647.html ASA-201606-12] {{pkg|lib32-gnutls}} arbitrary file overwrite<br />
* [10 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000646.html ASA-201606-11] {{pkg|haproxy}} denial of service<br />
* [10 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000645.html ASA-201606-10] {{pkg|gnutls}} arbitrary file overwrite<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000644.html ASA-201606-9] {{pkg|qemu-arch-extra}} multiple issues<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000643.html ASA-201606-8] {{pkg|qemu}} multiple issues<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000642.html ASA-201606-7] {{pkg|firefox}} multiple issues<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000641.html ASA-201606-6] {{pkg|subversion}} multiple issues<br />
* [5 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000640.html ASA-201606-5] {{pkg|chromium}} multiple issues<br />
* [4 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000639.html ASA-201606-4] {{pkg|ntp}} distributed denial of service amplification<br />
* [4 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000638.html ASA-201606-3] {{pkg|webkit2gtk}} arbitrary code execution<br />
* [1 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000637.html ASA-201606-2] {{pkg|nginx-mainline}} denial of service<br />
* [1 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000636.html ASA-201606-1] {{pkg|nginx}} denial of service<br />
<br />
=== May 2016 ===<br />
<br />
* [28 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000635.html ASA-201605-28] {{pkg|chromium}} multiple issues<br />
* [26 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000634.html ASA-201605-27] {{pkg|libxml2}} multiple issues<br />
* [24 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000633.html ASA-201605-26] {{pkg|libndp}} man-in-the-middle<br />
* [19 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000632.html ASA-201605-25] {{pkg|bugzilla}} cross-site scripting<br />
* [18 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000631.html ASA-201605-24] {{pkg|p7zip}} arbitrary code execution<br />
* [18 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000630.html ASA-201605-23] {{pkg|lib32-expat}} arbitrary code execution<br />
* [18 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000629.html ASA-201605-22] {{pkg|expat}} arbitrary code execution<br />
* [15 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000628.html ASA-201605-21] {{pkg|thunderbird}} arbitrary code execution<br />
* [13 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000627.html ASA-201605-20] {{pkg|lib32-glibc}} multiple issues<br />
* [13 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000626.html ASA-201605-19] {{pkg|glibc}} multiple issues<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000625.html ASA-201605-18] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000624.html ASA-201605-17] {{pkg|libksba}} denial of service<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000623.html ASA-201605-16] {{pkg|flashplugin}} arbitrary code execution<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000622.html ASA-201605-15] {{pkg|chromium}} multiple issues<br />
* [10 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000621.html ASA-201605-14] {{pkg|cacti}} sql injection<br />
* [10 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000620.html ASA-201605-13] {{pkg|squid}} multiple issues<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000619.html ASA-201605-12] {{pkg|mencoder}} denial of service<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000618.html ASA-201605-11] {{pkg|mplayer}} denial of service<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000617.html ASA-201605-10] {{pkg|mercurial}} arbitrary code execution<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000616.html ASA-201605-9] {{pkg|latex2rtf}} arbitrary code execution<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000615.html ASA-201605-8] {{pkg|gd}} arbitrary code execution<br />
* [05 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000614.html ASA-201605-7] {{pkg|chromium}} multiple issues<br />
* [05 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000613.html ASA-201605-6] {{pkg|imagemagick}} arbitrary code execution<br />
* [05 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000612.html ASA-201605-5] {{pkg|quassel-core}} denial of service<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000611.html ASA-201605-4] {{pkg|lib32-openssl}} multiple issues<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000610.html ASA-201605-3] {{pkg|openssl}} multiple issues<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000609.html ASA-201605-2] {{pkg|jasper}} multiple issues<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000608.html ASA-201605-1] {{pkg|imlib2}} multiple issues<br />
<br />
=== April 2016 ===<br />
<br />
* [30 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000607.html ASA-201604-15] {{pkg|firefox}} multiple issues<br />
* [23 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000606.html ASA-201604-14] {{pkg|squid}} multiple issues<br />
* [23 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000605.html ASA-201604-13] {{pkg|samba}} multiple issues<br />
* [23 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000604.html ASA-201604-12] {{pkg|thunderbird}} multiple issues<br />
* [22 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000603.html ASA-201604-11] {{pkg|pgpdump}} denial of service<br />
* [17 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000602.html ASA-201604-10] {{pkg|chromium}} multiple issues<br />
* [17 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000601.html ASA-201604-9] {{pkg|libtasn1}} denial of service<br />
* [14 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000600.html ASA-201604-8] {{pkg|lhasa}} arbitrary code execution<br />
* [10 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000599.html ASA-201604-7] {{pkg|flashplugin}} arbitrary code execution<br />
* [06 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000598.html ASA-201604-6] {{pkg|mercurial}} arbitrary code execution<br />
* [04 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000597.html ASA-201604-5] {{pkg|optipng}} arbitrary code execution<br />
* [02 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000596.html ASA-201604-4] {{pkg|squid}} denial of service<br />
* [01 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000595.html ASA-201604-3] {{pkg|jre7-openjdk-headless}} sandbox escape<br />
* [01 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000594.html ASA-201604-2] {{pkg|jre7-openjdk}} sandbox escape<br />
* [01 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000593.html ASA-201604-1] {{pkg|jdk7-openjdk}} sandbox escape<br />
<br />
=== March 2016 ===<br />
<br />
* [29 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000592.html ASA-201603-27] {{pkg|jre8-openjdk-headless}} sandbox escape<br />
* [29 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000591.html ASA-201603-26] {{pkg|jre8-openjdk}} sandbox escape<br />
* [29 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000590.html ASA-201603-25] {{pkg|jdk8-openjdk}} sandbox escape<br />
* [26 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000589.html ASA-201603-24] {{pkg|chromium}} multiple issues<br />
* [24 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000588.html ASA-201603-23] {{pkg|expat}} arbitrary code execution<br />
* [24 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000587.html ASA-201603-22] {{pkg|botan}} multiple issues<br />
* [20 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000586.html ASA-201603-21] {{pkg|thunderbird}} multiple issues<br />
* [20 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000585.html ASA-201603-20] {{pkg|git}} remote command execution<br />
* [14 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000584.html ASA-201603-19] {{pkg|dropbear}} command injection<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000583.html ASA-201603-18] {{pkg|pcre}} arbitrary code execution<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000582.html ASA-201603-17] {{pkg|wireshark-gtk}} denial of service<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000581.html ASA-201603-16] {{pkg|wireshark-qt}} denial of service<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000580.html ASA-201603-15] {{pkg|wireshark-cli}} denial of service<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000579.html ASA-201603-14] {{pkg|pidgin-otr}} arbitrary code execution<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000578.html ASA-201603-13] {{pkg|bind}} denial of service<br />
* [11 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000577.html ASA-201603-12] {{pkg|openssh}} command injection<br />
* [11 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000576.html ASA-201603-11] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [11 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000575.html ASA-201603-10] {{pkg|flashplugin}} arbitrary code execution<br />
* [10 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000574.html ASA-201603-9] {{pkg|perl}} improper input validation<br />
* [10 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000573.html ASA-201603-8] {{pkg|exim}} privilege escalation<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000572.html ASA-201603-7] {{pkg|bind}} denial of service<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000571.html ASA-201603-6] {{pkg|libotr}} arbitrary code execution<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000570.html ASA-201603-5] {{pkg|chromium}} multiple issues<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000569.html ASA-201603-4] {{pkg|firefox}} multiple issues<br />
* [7 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000568.html ASA-201603-3] {{pkg|lib32-openssl}} multiple issues<br />
* [7 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000567.html ASA-201603-2] {{pkg|openssl}} multiple issues<br />
* [3 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000566.html ASA-201603-1] {{pkg|chromium}} multiple issues<br />
<br />
=== February 2016 ===<br />
<br />
* [28 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000565.html ASA-201602-24] {{pkg|cacti}} SQL injection<br />
* [28 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000564.html ASA-201602-23] {{pkg|lib32-glibc}} unbound stack usage<br />
* [28 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000563.html ASA-201602-22] {{pkg|glibc}} unbound stack usage<br />
* [25 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000562.html ASA-201602-21] {{pkg|lib32-libssh2}} man-in-the-middle<br />
* [25 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000561.html ASA-201602-20] {{pkg|libssh2}} man-in-the-middle<br />
* [24 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000560.html ASA-201602-19] {{pkg|libgcrypt}} secret key extraction<br />
* [23 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000559.html ASA-201602-18] {{pkg|libssh}} man-in-the-middle<br />
* [21 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000558.html ASA-201602-17] {{pkg|chromium}} multiple issues<br />
* [21 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000557.html ASA-201602-16] {{pkg|thunderbird}} multiple issues<br />
* [17 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000555.html ASA-201602-15] {{pkg|lib32-glibc}} multiple issues<br />
* [17 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000554.html ASA-201602-14] {{pkg|glibc}} multiple issues<br />
* [13 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000553.html ASA-201602-13] {{pkg|nghttp2}} denial of service<br />
* [13 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000552.html ASA-201602-12] {{pkg|firefox}} same-origin policy bypass<br />
* [10 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000551.html ASA-201602-11] {{pkg|botan}} multiple issues<br />
* [10 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000550.html ASA-201602-10] {{pkg|kscreenlocker}} access restriction bypass<br />
* [6 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000549.html ASA-201602-9] {{pkg|lib32-libsndfile}} multiple issues<br />
* [6 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000548.html ASA-201602-8] {{pkg|libsndfile}} multiple issues<br />
* [4 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000547.html ASA-201602-7] {{pkg|libbsd}} denial of service<br />
* [3 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000546.html ASA-201602-6] {{pkg|lib32-nettle}} improper cryptographic calculations<br />
* [3 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000545.html ASA-201602-5] {{pkg|nettle}} improper cryptographic calculations<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000544.html ASA-201602-4] {{pkg|lib32-curl}} man-in-the-middle<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000543.html ASA-201602-3] {{pkg|curl}} man-in-the-middle<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000542.html ASA-201602-2] {{pkg|python2-django}} permission bypass<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000540.html ASA-201602-1] {{pkg|python-django}} permission bypass<br />
<br />
=== January 2016 ===<br />
* [29 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000539.html ASA-201601-33] {{pkg|lib32-openssl}} man-in-the-middle<br />
* [29 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000538.html ASA-201601-32] {{pkg|openssl}} man-in-the-middle<br />
* [27 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000536.html ASA-201601-31] {{pkg|nginx}} denial of service<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000535.html ASA-201601-30] {{pkg|blueman}} privilege escalation<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000534.html ASA-201601-29] {{pkg|mbedtls}} man-in-the-middle<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000533.html ASA-201601-28] {{pkg|chromium}} multiple issues<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000532.html ASA-201601-27] {{pkg|privoxy}} denial of service<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000531.html ASA-201601-26] {{pkg|linux-lts}} privilege escalation<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000530.html ASA-201601-25] {{pkg|ecryptfs-utils}} privilege escalation<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000529.html ASA-201601-24] {{pkg|python2-rsa}} signature forgery<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000528.html ASA-201601-23] {{pkg|python-rsa}} signature forgery<br />
* [21 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000527.html ASA-201601-22] {{pkg|libdwarf}} denial of service<br />
* [21 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000526.html ASA-201601-21] {{pkg|bind}} denial of service<br />
* [20 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000525.html ASA-201601-20] {{pkg|linux}} privilege escalation<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000524.html ASA-201601-19] {{pkg|ntp}} time alteration<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000523.html ASA-201601-18] {{pkg|roundcubemail}} remote code execution<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000522.html ASA-201601-17] {{pkg|ffmpeg}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000521.html ASA-201601-16] {{pkg|syncthing}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000520.html ASA-201601-15] {{pkg|keybase}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000519.html ASA-201601-14] {{pkg|hub}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000518.html ASA-201601-13] {{pkg|go-ipfs}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000517.html ASA-201601-12] {{pkg|docker}} information leakage<br />
* [16 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000516.html ASA-201601-11] {{pkg|go}} information leakage<br />
* [14 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000515.html ASA-201601-10] {{pkg|php}} multiple issues<br />
* [14 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000512.html ASA-201601-9] {{pkg|openssh}} multiple issues<br />
* [13 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000487.html ASA-201601-8] {{pkg|libxslt}} denial of service<br />
* [11 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000486.html ASA-201601-7] {{pkg|dhcpcd}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000485.html ASA-201601-6] {{pkg|wireshark-qt}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000484.html ASA-201601-5] {{pkg|wireshark-gtk}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000483.html ASA-201601-4] {{pkg|wireshark-cli}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000482.html ASA-201601-3] {{pkg|gajim}} man-in-the-middle<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000481.html ASA-201601-2] {{pkg|wordpress}} cross-side scripting<br />
* [02 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000480.html ASA-201601-1] {{pkg|rtmpdump}} multiple issues<br />
<br />
=== December 2015 ===<br />
<br />
* [28 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000479.html ASA-201512-19] {{pkg|openvpn}} out-of-bound read<br />
* [28 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000478.html ASA-201512-18] {{pkg|libpng}} buffer overflow<br />
* [28 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000477.html ASA-201512-17] {{pkg|flashplugin}}, {{pkg|lib32-flashplugin}} multiple issues<br />
* [25 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000476.html ASA-201512-16] {{pkg|nghttp2}} use-after-free<br />
* [25 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000475.html ASA-201512-15] {{pkg|mediawiki}} multiple issues<br />
* [25 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000474.html ASA-201512-14] {{pkg|thunderbird}} multiple issues<br />
* [22 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000473.html ASA-201512-13] {{pkg|claws-mail}} buffer overflow<br />
* [17 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000472.html ASA-201512-12] {{pkg|python2-pyamf}} XML external entity injection<br />
* [17 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000471.html ASA-201512-11] {{pkg|ruby}} unsafe tainted string usage<br />
* [16 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000468.html ASA-201512-10] {{pkg|bind}} denial of service<br />
* [15 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000467.html ASA-201512-9] {{pkg|firefox}} multiple issues<br />
* [10 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000466.html ASA-201512-8] {{pkg|keepassx}} information disclosure<br />
* [09 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000465.html ASA-201512-7] {{pkg|flashplugin}} multiple issues<br />
* [09 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000464.html ASA-201512-6] {{pkg|libxml2}} multiple issues<br />
* [09 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000463.html ASA-201512-5] {{pkg|chromium}} multiple issues<br />
* [05 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000462.html ASA-201512-4] {{pkg|nodejs}} denial of service<br />
* [05 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000460.html ASA-201512-3] {{pkg|python-django}} {{pkg|python2-django}} information leakage<br />
* [05 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000459.html ASA-201512-2] {{pkg|openssl}} {{pkg|lib32-openssl}} multiple issues<br />
* [02 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000440.html ASA-201512-1] {{pkg|chromium}} multiple issues<br />
<br />
=== November 2015 ===<br />
<br />
* [18 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000439.html ASA-201511-11] {{pkg|jenkins}} multiple issues<br />
* [17 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000438.html ASA-201511-10] {{pkg|lib32-libpng}} multiple issues<br />
* [17 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000437.html ASA-201511-9] {{pkg|libpng}} multiple issues<br />
* [13 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000436.html ASA-201511-8] {{pkg|chromium}} information leakage<br />
* [12 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000435.html ASA-201511-7] {{pkg|putty}} arbitrary code execution<br />
* [12 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000434.html ASA-201511-6] {{pkg|powerdns}} denial of service<br />
* [11 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000433.html ASA-201511-5] {{pkg|flashplugin}} multiple issues<br />
* [06 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000432.html ASA-201511-4] {{pkg|nspr}} arbitrary code execution<br />
* [06 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000431.html ASA-201511-3] {{pkg|nss}} arbitrary code execution<br />
* [04 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000430.html ASA-201511-2] {{pkg|firefox}} multiple issues<br />
* [03 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000429.html ASA-201511-1] {{pkg|unzip}} multiple issues<br />
<br />
=== October 2015 ===<br />
<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000428.html ASA-201510-26] {{pkg|mariadb}} denial of service<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000427.html ASA-201510-25] {{pkg|lldpd}} denial of service<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000426.html ASA-201510-24] {{pkg|wordpress}} multiple issues<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000425.html ASA-201510-23] {{pkg|phpmyadmin}} content spoofing<br />
* [27 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000424.html ASA-201510-22] {{pkg|vorbis-tools}} denial of service<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000423.html ASA-201510-21] {{pkg|drupal}} open redirect<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000422.html ASA-201510-20] {{pkg|jre8-openjdk-headless}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000421.html ASA-201510-19] {{pkg|jre8-openjdk}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000420.html ASA-201510-18] {{pkg|jdk8-openjdk}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000419.html ASA-201510-17] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000418.html ASA-201510-16] {{pkg|jre7-openjdk}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000417.html ASA-201510-15] {{pkg|jdk7-openjdk}} multiple issues<br />
* [22 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000416.html ASA-201510-14] {{pkg|ntp}} multiple issues<br />
* [19 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000415.html ASA-201510-13] {{pkg|spice}} multiple issues<br />
* [18 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000414.html ASA-201510-12] {{pkg|flashplugin}} arbitrary code execution<br />
* [18 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000413.html ASA-201510-11] {{pkg|miniupnpc}} arbitrary code execution<br />
* [16 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000412.html ASA-201510-10] {{pkg|firefox}} cross-origin restriction bypass<br />
* [15 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000411.html ASA-201510-9] {{pkg|mbedtls}} arbitrary code execution<br />
* [14 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000410.html ASA-201510-8] {{pkg|chromium}} multiple issues<br />
* [14 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000409.html ASA-201510-7] {{pkg|flashplugin}} multiple issues<br />
* [10 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000408.html ASA-201510-6] {{pkg|gdk-pixbuf2}} multiple issues<br />
* [08 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000407.html ASA-201510-5] {{pkg|opensmtpd}} multiple issues<br />
* [08 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000406.html ASA-201510-4] {{pkg|bugzilla}} unauthorized account creation<br />
* [05 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000405.html ASA-201510-3] {{pkg|nodejs}} denial of service<br />
* [05 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000404.html ASA-201510-2] {{pkg|hostapd}} denial of service<br />
* [05 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000403.html ASA-201510-1] {{pkg|libunwind}} denial of service<br />
<br />
=== September 2015 ===<br />
* [28 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000401.html ASA-201509-11] {{pkg|chromium}} cross-origin bypass<br />
* [25 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000400.html ASA-201509-10] {{pkg|rpcbind}} denial of service<br />
* [23 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000399.html ASA-201509-9] {{pkg|firefox}} multiple issues<br />
* [22 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000398.html ASA-201509-8] {{pkg|flashplugin}} multiple issues<br />
* [21 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000397.html ASA-201509-7] {{pkg|wordpress}} multiple issues<br />
* [13 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000395.html ASA-201509-6] {{pkg|icedtea-web}} multiple issues<br />
* [13 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000394.html ASA-201509-5] {{pkg|libvdpau}} {{pkg|lib32-libvdpau}} multiple issues<br />
* [13 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000393.html ASA-201509-4] {{pkg|openldap}} denial of service<br />
* [07 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000392.html ASA-201509-3] {{pkg|powerdns}} denial of service<br />
* [03 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000391.html ASA-201509-2] {{pkg|bind}} denial of service<br />
* [02 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000390.html ASA-201509-1] {{pkg|chromium}} multiple issues<br />
<br />
=== August 2015 ===<br />
* [28 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000389.html ASA-201508-12] {{pkg|firefox}} multiple issues<br />
* [26 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000388.html ASA-201508-11] {{pkg|pcre}} arbitrary code execution<br />
* [26 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000387.html ASA-201508-10] {{pkg|jasper}} denial of service<br />
* [25 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000386.html ASA-201508-9] {{pkg|django}} denial of service<br />
* [25 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000385.html ASA-201508-8] {{pkg|gnutls}} denial of service<br />
* [16 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000384.html ASA-201508-7] {{pkg|glibc}} denial of service<br />
* [14 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000383.html ASA-201508-6] {{pkg|freeradius}} insufficient CRL validation<br />
* [14 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000382.html ASA-201508-5] {{pkg|subversion}} authentication bypass<br />
* [12 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000381.html ASA-201508-4] {{pkg|firefox}} multiple issues<br />
* [11 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000380.html ASA-201508-3] {{pkg|ppp}} denial of service<br />
* [07 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000379.html ASA-201508-2] {{pkg|wordpress}} multiple issues<br />
* [07 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000378.html ASA-201508-1] {{pkg|firefox}} information leakage<br />
<br />
=== July 2015 ===<br />
* [29 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000377.html ASA-201507-23] {{pkg|pacman}} silent downgrade<br />
* [29 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000376.html ASA-201507-22] {{pkg|bind}} denial of service<br />
* [29 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000375.html ASA-201507-21] {{pkg|qemu}} multiple issues<br />
* [24 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000374.html ASA-201507-20] {{pkg|crypto++}} private key recovery<br />
* [24 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000373.html ASA-201507-19] {{pkg|libuser}} privilege escalation<br />
* [23 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000371.html ASA-201507-18] {{pkg|chromium}} multiple issues<br />
* [23 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000372.html ASA-201507-17] {{pkg|openssh}} authentication limits bypass<br />
* [22 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000370.html ASA-201507-16] {{pkg|jre7-openjdk}} multiple issues<br />
* [17 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000369.html ASA-201507-15] {{pkg|apache}} multiple issues<br />
* [16 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000368.html ASA-201507-14] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [16 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000367.html ASA-201507-13] {{pkg|flashplugin}} arbitrary code execution<br />
* [13 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000366.html ASA-201507-12] {{pkg|lib32-openssl}} man-in-the-middle<br />
* [12 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000365.html ASA-201507-11] {{pkg|lib32-krb5}} multiple issues<br />
* [12 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000364.html ASA-201507-10] {{pkg|krb5}} multiple issues<br />
* [11 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000363.html ASA-201507-9] {{pkg|thunderbird}} multiple issues<br />
* [09 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000362.html ASA-201507-8] {{pkg|openssl}} man-in-the-middle<br />
* [08 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000361.html ASA-201507-7] {{pkg|flashplugin}} remote code execution<br />
* [07 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000360.html ASA-201507-6] {{pkg|bind}} denial of service<br />
* [07 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000359.html ASA-201507-5] {{pkg|ntp}} denial of service<br />
* [04 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000358.html ASA-201507-4] {{pkg|openssh}} XSECURITY restrictions bypass<br />
* [04 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000357.html ASA-201507-3] {{pkg|haproxy}} information leakage<br />
* [03 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000356.html ASA-201507-2] {{pkg|firefox}} remote code execution<br />
* [03 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000355.html ASA-201507-1] {{pkg|wesnoth}} information leakage<br />
<br />
=== June 2015 ===<br />
* [24 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000346.html ASA-201506-5] {{pkg|flashplugin}} remote code execution<br />
* [22 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000345.html ASA-201506-4] {{pkg|curl}} information leakage<br />
* [12 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000344.html ASA-201506-3] {{pkg|openssl}} multiple issues<br />
* [10 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000343.html ASA-201506-2] {{pkg|cups}} multiple issues<br />
* [01 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000342.html ASA-201506-1] {{pkg|pcre}} buffer overflow<br />
<br />
=== May 2015 ===<br />
* [28 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000341.html ASA-201505-20] {{pkg|curl}} information leakage<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000340.html ASA-201505-19] {{pkg|webkitgtk2}} man-in-the-middle<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000339.html ASA-201505-18] {{pkg|webkitgtk}} man-in-the-middle<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000338.html ASA-201505-17] {{pkg|postgresql}} multiple issues<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000337.html ASA-201505-16] {{pkg|pgbouncer}} denial of service<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000336.html ASA-201505-15] {{pkg|nbd}} denial of service<br />
* [21 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000335.html ASA-201505-14] {{pkg|chromium}} multiple issues<br />
* [18 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000332.html ASA-201505-13] {{pkg|thunderbird}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000331.html ASA-201505-12] {{pkg|wireshark-gtk}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000330.html ASA-201505-11] {{pkg|wireshark-qt}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000329.html ASA-201505-10] {{pkg|wireshark-cli}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000328.html ASA-201505-9] {{pkg|qemu}} arbitrary code execution<br />
* [13 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000321.html ASA-201505-8] {{pkg|tomcat6}} denial of service<br />
* [13 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000320.html ASA-201505-7] {{pkg|firefox}} multiple issues<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000319.html ASA-201505-6] {{pkg|docker}} multiple issues<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000318.html ASA-201505-5] {{pkg|libtasn1}} arbitrary code execution<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000317.html ASA-201505-4] {{pkg|mariadb-clients}} multiple issues<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000316.html ASA-201505-3] {{pkg|mariadb}} multiple issues<br />
* [03 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000315.html ASA-201505-2] {{pkg|clamav}} multiple issues<br />
* [01 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000314.html ASA-201505-1] {{pkg|squid}} weak certificate validation<br />
<br />
=== Apr 2015 ===<br />
* [30 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000313.html ASA-201504-32] {{pkg|perl-xml-libxml}} xml external entity injection<br />
* [29 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000312.html ASA-201504-31] {{pkg|dovecot}} denial of service<br />
* [29 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000311.html ASA-201504-30] {{pkg|chromium}} multiple issues<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000310.html ASA-201504-29] {{pkg|wpa_supplicant}} arbitrary code execution<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000309.html ASA-201504-28] {{pkg|curl}} multiple issues<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000308.html ASA-201504-27] {{pkg|powerdns-recursor}} denial of service<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000307.html ASA-201504-26] {{pkg|powerdns}} denial of service<br />
* [23 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000305.html ASA-201504-25] {{pkg|glibc}} arbitrary code execution<br />
* [22 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000304.html ASA-201504-24] {{pkg|firefox}} arbitrary code execution<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000302.html ASA-201504-23] {{pkg|jre8-openjdk-headless}} multiple issues<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000301.html ASA-201504-22] {{pkg|jre8-openjdk}} multiple issues<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000300.html ASA-201504-21] {{pkg|jdk8-openjdk}} multiple issues<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000299.html ASA-201504-20] {{pkg|tcpdump}} denial of service<br />
* [18 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000298.html ASA-201504-19] {{pkg|chromium}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000297.html ASA-201504-18] {{pkg|flashplugin}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000296.html ASA-201504-17] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000295.html ASA-201504-16] {{pkg|jre7-openjdk}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000294.html ASA-201504-15] {{pkg|jdk7-openjdk}} multiple issues<br />
* [15 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000291.html ASA-201504-14] {{pkg|php}} multiple issues<br />
* [14 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000282.html ASA-201504-13] {{pkg|ruby}} permissive certificate matching<br />
* [11 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000281.html ASA-201504-12] {{pkg|icecast}} denial of service<br />
* [10 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000280.html ASA-201504-11] {{pkg|mediawiki}} multiple issues<br />
* [09 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000279.html ASA-201504-10] {{pkg|libssh2}} out-of-bounds read<br />
* [08 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000278.html ASA-201504-9] {{pkg|chrony}} denial of service<br />
* [08 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000275.html ASA-201504-8] {{pkg|ntp}} multiple issues<br />
* [07 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000274.html ASA-201504-7] {{pkg|tor}} multiple issues<br />
* [04 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000272.html ASA-201504-6] {{pkg|thunderbird}} multiple issues<br />
* [04 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000273.html ASA-201504-5] {{pkg|java-batik}} xml external entity injection<br />
* [04 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000271.html ASA-201504-4] {{pkg|firefox}} certificate verification bypass<br />
* [03 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000270.html ASA-201504-3] {{pkg|libtasn1}} stack overflow<br />
* [02 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000269.html ASA-201504-2] {{pkg|chromium}} remote code execution<br />
* [01 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000268.html ASA-201504-1] {{pkg|firefox}} multiple issues<br />
<br />
=== Mar 2015 ===<br />
* [31 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000267.html ASA-201503-26] {{pkg|musl}} arbitrary code execution<br />
* [28 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000266.html ASA-201503-25] {{pkg|php}} zip integer overflow<br />
* [25 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000265.html ASA-201503-24] {{pkg|vorbis-tools}} denial of service<br />
* [24 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000264.html ASA-201503-23] {{pkg|util-linux}} command injection<br />
* [23 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000263.html ASA-201503-22] {{pkg|cpio}} directory traversal<br />
* [21 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000262.html ASA-201503-21] {{pkg|firefox}} multiple issues<br />
* [20 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000261.html ASA-201503-20] {{pkg|tcpdump}} multiple issues<br />
* [20 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000260.html ASA-201503-19] {{pkg|xerces-c}} denial of service<br />
* [20 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000259.html ASA-201503-18] {{pkg|drupal}} multiple issues<br />
* [19 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000258.html ASA-201503-17] {{pkg|lib32-openssl}} multiple issues<br />
* [19 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000257.html ASA-201503-16] {{pkg|openssl}} multiple issues<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000256.html ASA-201503-15] {{pkg|libxfont}} multiple issues<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000255.html ASA-201503-14] {{pkg|ecryptfs-utils}} hard-coded passphrase salt<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000254.html ASA-201503-13] {{pkg|ettercap-gtk}} multiple issues<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000253.html ASA-201503-12] {{pkg|ettercap}} multiple issues<br />
* [16 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000252.html ASA-201503-11] {{pkg|flashplugin}} multiple issues<br />
* [16 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000251.html ASA-201503-10] {{pkg|librsync}} checksum collision<br />
* [15 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000250.html ASA-201503-9] {{pkg|unzip}} arbitrary code execution<br />
* [12 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000249.html ASA-201503-8] {{pkg|e2fsprogs}} arbitrary code execution<br />
* [11 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000248.html ASA-201503-7] {{pkg|python2-django}} {{pkg|python-django}} cross site scripting<br />
* [09 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000247.html ASA-201503-6] {{pkg|mutt}} denial of service<br />
* [05 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000245.html ASA-201503-5] {{pkg|chromium}} multiple issues<br />
* [05 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000244.html ASA-201503-4] {{pkg|grep}} denial of service<br />
* [02 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000243.html ASA-201503-3] {{pkg|lib32-elfutils}} directory traversal<br />
* [02 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000242.html ASA-201503-2] {{pkg|elfutils}} directory traversal<br />
* [02 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000241.html ASA-201503-1] {{pkg|putty}} information disclosure<br />
<br />
=== Feb 2015 ===<br />
* [25 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000238.html ASA-201502-15] {{pkg|thunderbird}} multiple issues<br />
* [25 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000237.html ASA-201502-14] {{pkg|firefox}} multiple issues<br />
* [23 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000236.html ASA-201502-13] {{pkg|samba}} arbitrary code execution<br />
* [17 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000235.html ASA-201502-12] {{pkg|krb5}} multiple issues<br />
* [11 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000234.html ASA-201502-11] {{pkg|xorg-server}} information leak and denial of service<br />
* [10 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000233.html ASA-201502-10] {{pkg|dbus}} denial of service<br />
* [09 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000232.html ASA-201502-9] {{pkg|pigz}} remote write to arbitrary file<br />
* [09 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000231.html ASA-201502-8] {{pkg|glibc}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000230.html ASA-201502-7] {{pkg|ntp}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000229.html ASA-201502-6] {{pkg|clamav}} arbitrary code execution<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000228.html ASA-201502-5] {{pkg|chromium}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000227.html ASA-201502-4] {{pkg|postgresql}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000226.html ASA-201502-3] {{pkg|mantisbt}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000225.html ASA-201502-2] {{pkg|flashplugin}} remote code execution<br />
* [03 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000224.html ASA-201502-1] {{pkg|privoxy}} denial of service<br />
<br />
=== Jan 2015 ===<br />
* [28 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000223.html ASA-201501-24] {{pkg|patch}} multiple issues<br />
* [27 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000222.html ASA-201501-23] {{pkg|jasper}} arbitrary code execution<br />
* [26 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000220.html ASA-201501-22] {{pkg|flashplugin}} multiple issues<br />
* [25 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000219.html ASA-201501-21] {{pkg|chromium}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000218.html ASA-201501-20] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000217.html ASA-201501-19] {{pkg|jre7-openjdk}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000216.html ASA-201501-18] {{pkg|jdk7-openjdk}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000215.html ASA-201501-17] {{pkg|php}} remote code execution<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000212.html ASA-201501-16] {{pkg|jre8-openjdk-headless}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000211.html ASA-201501-15] {{pkg|jre8-openjdk}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000210.html ASA-201501-14] {{pkg|jdk8-openjdk}} multiple issues<br />
* [20 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000209.html ASA-201501-13] {{pkg|polarssl}} remote code execution<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000208.html ASA-201501-12] {{pkg|libssh}} denial of service<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000207.html ASA-201501-11] {{pkg|tinyproxy}} denial of service<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000206.html ASA-201501-10] {{pkg|samba}} privilege elevation<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000205.html ASA-201501-9] {{pkg|curl}} url request injection<br />
* [15 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000204.html ASA-201501-8] {{pkg|flashplugin}} multiple issues<br />
* [14 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000203.html ASA-201501-7] {{pkg|thunderbird}} multiple issues<br />
* [14 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000202.html ASA-201501-6] {{pkg|firefox}} multiple issues<br />
* [14 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000201.html ASA-201501-5] {{pkg|cpio}} heap buffer overflow<br />
* [13 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000200.html ASA-201501-4] {{pkg|libevent}} heap overflow<br />
* [10 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000199.html ASA-201501-3] {{pkg|unzip}} arbitrary code execution<br />
* [09 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000198.html ASA-201501-2] {{pkg|openssl}} multiple issues<br />
* [07 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000192.html ASA-201501-1] {{pkg|imagemagick}} multiple issues<br />
<br />
=== Dec 2014 ===<br />
* [22 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000189.html ASA-201412-24] {{pkg|ntp}} multiple issues<br />
* [18 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000183.html ASA-201412-23] {{pkg|php}} use after free<br />
* [18 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000182.html ASA-201412-22] {{pkg|jasper}} arbitrary code execution<br />
* [18 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000181.html ASA-201412-21] {{pkg|glibc}} arbitrary code execution<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000178.html ASA-201412-20] {{pkg|unrtf}} arbitrary code execution<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000177.html ASA-201412-19] {{pkg|dokuwiki}} cross-site scripting<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000176.html ASA-201412-18] {{pkg|nss}} signature forgery<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000175.html ASA-201412-17] {{pkg|subversion}} denial of service<br />
* [15 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000174.html ASA-201412-16] {{pkg|docker}} multiple issues<br />
* [15 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000173.html ASA-201412-15] {{pkg|python2}} multiple issues<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000172.html ASA-201412-14] {{pkg|xorg-server}} multiple issues<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000171.html ASA-201412-13] {{pkg|flashplugin}} multiple issues<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000170.html ASA-201412-12] {{pkg|nvidia}} arbitrary code execution<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000169.html ASA-201412-11] {{pkg|nvidia-340xx}} arbitrary code execution<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000168.html ASA-201412-10] {{pkg|nvidia-304xx}} arbitrary code execution<br />
* [09 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000167.html ASA-201412-9] {{pkg|powerdns-recursor}} denial of service<br />
* [09 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000166.html ASA-201412-8] {{pkg|unbound}} denial of service<br />
* [08 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000165.html ASA-201412-7] {{pkg|bind}} denial of service<br />
* [08 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000164.html ASA-201412-6] {{pkg|mantisbt}} multiple issues<br />
* [04 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000163.html ASA-201412-5] {{pkg|antiword}} buffer overflow<br />
* [03 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000162.html ASA-201412-4] {{pkg|graphviz}} format string vulnerability<br />
* [03 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000161.html ASA-201412-3] {{pkg|firefox}} multiple issues<br />
* [02 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000160.html ASA-201412-2] {{pkg|openvpn}} denial of service<br />
* [01 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000159.html ASA-201412-1] {{pkg|gnupg}} denial of service<br />
<br />
=== Nov 2014 ===<br />
* [28 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000156.html ASA-201411-31] {{pkg|libksba}} denial of service<br />
* [28 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000157.html ASA-201411-32] {{pkg|icecast}} information leak<br />
* [28 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000158.html ASA-201411-33] {{pkg|libjpeg-turbo}} denial of service <br />
* [26 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000155.html ASA-201411-30] {{pkg|flac}} arbitrary code execution<br />
* [26 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000154.html ASA-201411-29] {{pkg|pcre}} heap buffer overflow<br />
* [23 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000153.html ASA-201411-28] {{pkg|dbus}} denial of service<br />
* [21 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000152.html ASA-201411-27] {{pkg|glibc}} command execution<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000151.html ASA-201411-26] {{pkg|chromium}} multiple issues<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000150.html ASA-201411-25] {{pkg|drupal}} session hijacking and denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000149.html ASA-201411-24] {{pkg|wireshark-qt}} denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000148.html ASA-201411-23] {{pkg|wireshark-gtk}} denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000147.html ASA-201411-22] {{pkg|wireshark-cli}} denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000146.html ASA-201411-21] {{pkg|clamav}} denial of service<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000145.html ASA-201411-20] {{pkg|avr-binutils}} multiple issues<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000144.html ASA-201411-19] {{pkg|mingw-w64-binutils}} multiple issues<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000143.html ASA-201411-18] {{pkg|arm-none-eabi-binutils}} multiple issues<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000142.html ASA-201411-17] {{pkg|binutils}} multiple issues<br />
* [17 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000141.html ASA-201411-16] {{pkg|ruby}} denial of service<br />
* [17 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000140.html ASA-201411-15] {{pkg|linux-lts}} local denial of service, privilege escalation<br />
* [17 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000139.html ASA-201411-14] {{pkg|linux}} local denial of service, privilege escalation<br />
* [13 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000138.html ASA-201411-13] {{pkg|php}} denial of service<br />
* [13 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000137.html ASA-201411-12] {{pkg|imagemagick}} denial of service<br />
* [13 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000136.html ASA-201411-11] {{pkg|flashplugin}} remote code execution<br />
* [12 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000135.html ASA-201411-10] {{pkg|gnutls}} out-of-bounds memory write<br />
* [12 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000134.html ASA-201411-9] {{pkg|file}} denial of service through out-of-bounds read<br />
* [12 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000133.html ASA-201411-8] {{pkg|mantisbt}} arbitrary code execution and unrestricted access<br />
* [11 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000132.html ASA-201411-7] {{pkg|curl}} out-of-bounds read<br />
* [10 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000131.html ASA-201411-6] {{pkg|kdebase-workspace}} local privilege escalation<br />
* [09 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000130.html ASA-201411-5] {{pkg|konversation}} denial of service<br />
* [06 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000129.html ASA-201411-4] {{pkg|polarssl}} multiple issues<br />
* [05 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000128.html ASA-201411-3] {{pkg|mantisbt}} sql injection<br />
* [03 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000127.html ASA-201411-2] {{pkg|aircrack-ng}} multiple vulnerabilities<br />
* [01 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000126.html ASA-201411-1] {{pkg|tnftp}} arbitrary command execution<br />
<br />
=== Oct 2014 ===<br />
<br />
* [29 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000125.html ASA-201410-14] {{pkg|wget}} arbitrary filesystem access<br />
* [27 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000124.html ASA-201410-13] {{pkg|ejabberd}} circumvention of encryption<br />
* [24 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000123.html ASA-201410-12] {{pkg|libxml2}} Denial of service<br />
* [24 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000122.html ASA-201410-11] {{pkg|ctags}} Denial of service<br />
* [23 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000121.html ASA-201410-10] {{pkg|libvncserver}} Remote code execution and Remote DoS<br />
* [22 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000120.html ASA-201410-9] {{pkg|libpurple}} Remote DoS and Information leakage<br />
* [20 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000119.html ASA-201410-8] {{pkg|wpa_supplicant}}, {{pkg|hostapd}} Arbitrary command execution<br />
* [16 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000118.html ASA-201410-7] {{pkg|drupal}} SQL Injection<br />
* [16 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000117.html ASA-201410-6] {{pkg|openssl}} Memory leak and poodle mitigation<br />
* [15 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000116.html ASA-201410-4] {{pkg|zeromq}} Man-in-the-middle downgrade and replay attack<br />
* [8 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000115.html ASA-201410-5] {{pkg|rsyslog}} Denial of service<br />
* [4 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000114.html ASA-201410-3] {{pkg|mediawiki}} Cross-site Scripting (XSS) and UI redressing<br />
* [2 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000113.html ASA-201410-2] {{pkg|jenkins}} Multiple issues<br />
* [1 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000112.html ASA-201410-1] {{pkg|rsyslog}} Remote denial of service<br />
<br />
=== Sep 2014 ===<br />
<br />
* [29 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000111.html ASA-201409-5] {{pkg|libvirt}} Out-of-bounds read access<br />
* [29 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000109.html ASA-201409-4] {{pkg|mediawiki}} Cross-site Scripting (XSS)<br />
* [26 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000102.html ASA-201409-3] {{pkg|python2}} Information leakage through integer overflow<br />
* [26 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000099.html ASA-201409-2] {{pkg|bash}} Remote code execution<br />
* [25 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000097.html ASA-201409-1] {{pkg|nss}} Signature forgery attack<br />
<br />
==Publishing a new advisory==<br />
<br />
We try to always wait for the vulnerability to have been fixed in the corresponding package before issuing an advisory.<br />
In case of an extremely critical vulnerability,<br />
we may issue an advisory before the package has been fixed, but only if a work-around exists. <br />
<br />
If you want to publish a new advisory, please check that:<br />
* the corresponding Arch Linux package is really vulnerable ;<br />
* the tracking [[Arch_CVE_Monitoring_Team#Procedure|Procedure]] has been completed;<br />
* no Arch Linux Security Advisory for this vulnerability has been published yet ;<br />
* no upcoming Security Advisory for this vulnerability has been claimed in the "[[#Scheduled Advisories|Scheduled Advisories]]" list of this page, as it would mean that someone is already working on an advisory ;<br />
* the current maintainer has been notified, either by flagging the package ouf-of-date if an upstream release fixing the issue exists and/or by creating a new [https://bugs.archlinux.org/ bug-tracker] entry (see the exact procedure [[Arch_CVE_Monitoring_Team#Procedure|here]]).<br />
<br />
You may then:<br />
* add a line in the "[[#Scheduled Advisories|Scheduled Advisories]]" list of this page, indicating that you are going to publish an advisory soon ;<br />
* use the following template as an example to write the advisory ;<br />
* ensure that every line in the advisory is properly wrapped after 72 characters<br />
* send the advisory to the [https://mailman.archlinux.org/mailman/listinfo/arch-security arch-security] mailing-list (note that it would be nice if you could send a PGP-signed e-mail, but it is not required).<br />
* move the published advisory from "[[#Scheduled Advisories|Scheduled Advisories]]" to "[[#Recent Advisories|Recent Advisories]]"<br />
* adapt the [[CVE#Documented_CVE.27s|CVE]] tracking page for the fixed package and add a link to the appropriate ASA.<br />
<br />
===Templates===<br />
<br />
{{bc|<nowiki><br />
Subject:<br />
[ASA-<YYYYMM-N>] <Package>: <Vulnerability Type><br />
<br />
Body:<br />
Arch Linux Security Advisory ASA-YYYYMM-N<br />
=========================================<br />
<br />
Severity: Low, Medium, High, Critical<br />
Date : YYYY-MM-DD<br />
CVE-ID : <CVE-ID><br />
Package : <package><br />
Type : <Vulnerability Type><br />
Remote : <Yes/No><br />
Link : https://wiki.archlinux.org/index.php/CVE<br />
<br />
Summary<br />
=======<br />
<br />
The package <package> before version <Arch Linux fixed version> is vulnerable to <Vulnerability type>.<br />
<br />
Resolution<br />
==========<br />
<br />
Upgrade to <Arch Linux fixed version>.<br />
<br />
# pacman -Syu "<package>>=<Arch Linux fixed version>"<br />
<br />
The problem has been fixed upstream in version <upstream fixed version>.<br />
<br />
Workaround<br />
==========<br />
<br />
<Is there a way to mitigate this vulnerability without upgrading?><br />
<br />
Description<br />
===========<br />
<br />
<Long description, for example from original advisory>.<br />
<br />
Impact<br />
======<br />
<br />
<<br />
What is it that an attacker can do? Does this need existing<br />
pre-conditions to be exploited (valid credentials, physical access)?<br />
Is this remotely exploitable?<br />
>.<br />
<br />
References<br />
==========<br />
<br />
<CVE-Link><br />
<Upstream report><br />
<Arch Linux Bug-Tracker><br />
</nowiki>}}<br />
<br />
===Vim-Snippet===<br />
<br />
Vim-Snippet for vim-ultisnips plugin for easy completing the archlinux template. Just install {{pkg|vim-ultisnips}} and copy the text below in your {{ic|~/.vim/UltiSnips/all.snippets}} you can jump through the tabstops with {{ic|CTRL+j}}.<br />
<br />
{{bc|<nowiki><br />
snippet archsec "arch security form" <br />
Arch Linux Security Advisory ASA-`date -I -u | egrep -o '[0-9]{4}'``date -I -u | egrep -o '[0-9]{2}' | sed '3q;d'`-${1}<br />
========================================${1/./=/g} <br />
<br />
Severity: ${2} <br />
Date : `date -I -u` <br />
CVE-ID : $3 <br />
Package : $4 <br />
Type : $5<br />
Remote : ${6} <br />
Link : https://wiki.archlinux.org/index.php/CVE <br />
<br />
Summary<br />
=======<br />
<br />
The package $4 before version $7 is vulnerable to $5 ${8} <br />
<br />
Resolution<br />
==========<br />
<br />
Upgrade to $7.<br />
<br />
# pacman -Syu "$4>=$7" <br />
<br />
${9:The problems have been fixed upstream in version ${7/-\d+$/./}} <br />
<br />
Workaround<br />
========== <br />
<br />
${10:None.} <br />
<br />
Description <br />
=========== <br />
<br />
${3/(CVE-....-....)(\s?)/- $1(?2: : )()\n\n/g} <br />
<br />
Impact<br />
====== <br />
<br />
A${6/(Yes)|(No)/(?1: remote )(?2: local )/}attacker is able to ${12} <br />
<br />
References<br />
========== <br />
<br />
${3/(CVE-....-....)(\s?)/https:\/\/access.redhat.com\/security\/cve\/$1\n/g}<br />
${13}<br />
endsnippet<br />
<br />
</nowiki>}}</div>
Anthraxx
https://wiki.archlinux.org/index.php?title=Security_Advisories&diff=455844
Security Advisories
2016-11-02T18:16:37Z
<p>Anthraxx: published tomcat6 advisory</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Related articles start}}<br />
{{Related|Arch CVE Monitoring Team}}<br />
{{Related|CVE}}<br />
{{Related|Security Advisories/Examples}}<br />
{{Related articles end}}<br />
<br />
Security Advisories are published by the community driven [[Arch CVE Monitoring Team]] to the public [https://mailman.archlinux.org/mailman/listinfo/arch-security arch-security] list.<br />
All published advisories can be found below, however if you want to be up-to-date its recommended to subscribe to the [https://mailman.archlinux.org/mailman/listinfo/arch-security list]. All assigned CVE's are tracked at the relevant CVE page [[CVE]], by the [[Arch_CVE_Monitoring_Team|ACMT]].<br />
<br />
==Scheduled Advisories==<br />
<br />
<br />
<br />
==Recent Advisories==<br />
Here is an archive of security advisories posted to the [https://mailman.archlinux.org/mailman/listinfo/arch-security arch-security] list.<br />
<br />
=== November 2016 ===<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000753.html ASA-201611-6] {{pkg|tomcat6}} proxy injection<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000752.html ASA-201611-5] {{pkg|lib32-libcurl-compat}} multiple issues<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000751.html ASA-201611-4] {{pkg|lib32-curl}} multiple issues<br />
* [01 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000750.html ASA-201611-3] {{pkg|bind}} denial of service<br />
* [01 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000749.html ASA-201611-2] {{pkg|libxml2}} arbitrary code execution<br />
* [01 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000748.html ASA-201611-1] {{pkg|memcached}} arbitrary code execution<br />
<br />
=== October 2016 ===<br />
* [26 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000747.html ASA-201610-19] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [26 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000746.html ASA-201610-18] {{pkg|flashplugin}} arbitrary code execution<br />
* [24 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000745.html ASA-201610-17] {{pkg|ocaml}} information disclosure<br />
* [24 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000744.html ASA-201610-16] {{pkg|linux-grsec}} privilege escalation<br />
* [23 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000743.html ASA-201610-15] {{pkg|chromium}} multiple issues<br />
* [22 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000742.html ASA-201610-14] {{pkg|linux}} privilege escalation<br />
* [21 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000741.html ASA-201610-13] {{pkg|python-django}} cross-site request forgery<br />
* [21 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000740.html ASA-201610-12] {{pkg|python2-django}} cross-site request forgery<br />
* [21 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000739.html ASA-201610-11] {{pkg|linux-lts}} privilege escalation<br />
* [16 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000738.html ASA-201610-10] {{pkg|guile}} multiple issues<br />
* [13 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000737.html ASA-201610-9] {{pkg|gdk-pixbuf2}} arbitrary code execution<br />
* [11 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000736.html ASA-201610-8] {{pkg|crypto++}} information disclosure<br />
* [09 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000735.html ASA-201610-7] {{pkg|wpa_supplicant}} multiple issues<br />
* [08 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000734.html ASA-201610-6] {{pkg|imagemagick}} multiple issues<br />
* [07 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000733.html ASA-201610-5] {{pkg|messagelib}} multiple issues<br />
* [07 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000732.html ASA-201610-4] {{pkg|kcoreaddons}} insufficient validation<br />
* [03 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000731.html ASA-201610-3] {{pkg|hostapd}} multiple issues<br />
* [03 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000730.html ASA-201610-2] {{pkg|systemd}} denial of service<br />
* [03 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000729.html ASA-201610-1] {{pkg|chromium}} arbitrary code execution<br />
<br />
=== September 2016 ===<br />
* [30 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000728.html ASA-201609-32] {{pkg|wordpress}} multiple issues<br />
* [30 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000727.html ASA-201609-31] {{pkg|c-ares}} arbitrary code execution<br />
* [28 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000726.html ASA-201609-30] {{pkg|openssl}} denial of service<br />
* [28 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000725.html ASA-201609-29] {{pkg|bind}} denial of service<br />
* [27 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000724.html ASA-201609-28] {{pkg|lib32-openssl}} denial of service<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000723.html ASA-201609-27] {{pkg|wireshark-cli}} denial of service<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000722.html ASA-201609-26] {{pkg|lib32-gnutls}} certificate verification bypass<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000721.html ASA-201609-25] {{pkg|gnutls}} certificate verification bypass<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000720.html ASA-201609-24] {{pkg|lib32-openssl}} multiple issues<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000719.html ASA-201609-23] {{pkg|openssl}} multiple issues<br />
* [22 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000718.html ASA-201609-22] {{pkg|firefox}} multiple issues<br />
* [22 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000717.html ASA-201609-21] {{pkg|tomcat7}} proxy injection<br />
* [22 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000716.html ASA-201609-20] {{pkg|irssi}} arbitrary code execution<br />
* [20 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000715.html ASA-201609-19] {{pkg|curl}} denial of service<br />
* [20 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000714.html ASA-201609-18] {{pkg|lib32-curl}} denial of service<br />
* [20 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000713.html ASA-201609-17] {{pkg|lib32-jansson}} denial of service<br />
* [18 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000712.html ASA-201609-16] {{pkg|php}} multiple issues<br />
* [17 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000711.html ASA-201609-15] {{pkg|jansson}} denial of service<br />
* [17 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000710.html ASA-201609-14] {{pkg|lib32-libgcrypt}} information disclosure<br />
* [17 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000709.html ASA-201609-13] {{pkg|chromium}} multiple issues<br />
* [15 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000708.html ASA-201609-12] {{pkg|lib32-flashplugin}} multiple issues<br />
* [15 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000707.html ASA-201609-11] {{pkg|flashplugin}} multiple issues<br />
* [14 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000706.html ASA-201609-10] {{pkg|mariadb}} multiple issues<br />
* [13 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000705.html ASA-201609-9] {{pkg|powerdns}} denial of service<br />
* [13 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000704.html ASA-201609-8] {{pkg|libtorrent-rasterbar}} denial of service<br />
* [10 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000703.html ASA-201609-7] {{pkg|tomcat8}} proxy injection<br />
* [09 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000702.html ASA-201609-6] {{pkg|graphicsmagick}} multiple issues<br />
* [09 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000701.html ASA-201609-5] {{pkg|file-roller}} directory traversal<br />
* [09 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000700.html ASA-201609-4] {{pkg|wordpress}} multiple issues<br />
* [04 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000699.html ASA-201609-3] {{pkg|thunderbird}} arbitrary code execution<br />
* [01 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000698.html ASA-201609-2] {{pkg|webkit2gtk}} multiple issues<br />
* [01 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000697.html ASA-201609-1] {{pkg|chromium}} multiple issues<br />
<br />
=== August 2016 ===<br />
* [30 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000696.html ASA-201608-22] {{pkg|mupdf}} arbitrary code execution<br />
* [30 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000695.html ASA-201608-21] {{pkg|mupdf}} arbitrary code execution<br />
* [27 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000694.html ASA-201608-20] {{pkg|wireshark-cli}} denial of service<br />
* [26 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000693.html ASA-201608-19] {{pkg|mediawiki}} multiple issues<br />
* [22 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000692.html ASA-201608-18] {{pkg|libgcrypt}} information disclosure<br />
* [21 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000691.html ASA-201608-17] {{pkg|linux-lts}} information disclosure<br />
* [17 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000690.html ASA-201608-16] {{pkg|chromium}} multiple issues<br />
* [17 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000689.html ASA-201608-15] {{pkg|linux-zen}} information disclosure<br />
* [14 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000688.html ASA-201608-14] {{pkg|postgresql}} multiple issues<br />
* [14 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000687.html ASA-201608-13] {{pkg|linux-grsec}} information disclosure<br />
* [14 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000686.html ASA-201608-12] {{pkg|linux}} information disclosure<br />
* [11 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000685.html ASA-201608-11] {{pkg|websvn}} cross-site scripting<br />
* [10 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000684.html ASA-201608-10] {{pkg|jq}} arbitrary code execution<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000683.html ASA-201608-9] {{pkg|curl}} multiple issues<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000682.html ASA-201608-8] {{pkg|libupnp}} arbitrary filesystem access<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000681.html ASA-201608-7] {{pkg|lib32-glibc}} denial of service<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000680.html ASA-201608-6] {{pkg|glibc}} denial of service<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000679.html ASA-201608-5] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000678.html ASA-201608-4] {{pkg|jre7-openjdk}} multiple issues<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000677.html ASA-201608-3] {{pkg|jdk7-openjdk}} multiple issues<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000676.html ASA-201608-2] {{pkg|firefox}} multiple issues<br />
* [02 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000675.html ASA-201608-1] {{pkg|openssh}} information leakage<br />
<br />
=== July 2016 ===<br />
* [30 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000674.html ASA-201607-14] {{pkg|libidn}} denial of service<br />
* [29 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000673.html ASA-201607-13] {{pkg|imagemagick}} information leakage<br />
* [24 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000672.html ASA-201607-12] {{pkg|chromium}} multiple issues<br />
* [22 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000671.html ASA-201607-11] {{pkg|python2-django}} cross site scripting<br />
* [22 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000670.html ASA-201607-10] {{pkg|python-django}} cross site scripting<br />
* [21 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000669.html ASA-201607-9] {{pkg|drupal}} proxy injection<br />
* [20 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000668.html ASA-201607-8] {{pkg|bind}} denial of service<br />
* [18 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000667.html ASA-201607-7] {{pkg|lib32-flashplugin}} multiple issues<br />
* [18 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000666.html ASA-201607-6] {{pkg|flashplugin}} multiple issues<br />
* [17 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000665.html ASA-201607-5] {{pkg|gimp}} arbitrary code execution<br />
* [10 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000664.html ASA-201607-4] {{pkg|thunderbird}} arbitrary code execution<br />
* [05 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000663.html ASA-201607-3] {{pkg|libreoffice-fresh}} arbitrary code execution<br />
* [05 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000662.html ASA-201607-2] {{pkg|xerces-c}} denial of service<br />
* [05 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000661.html ASA-201607-1] {{pkg|libarchive}} arbitrary code execution<br />
<br />
=== June 2016 ===<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000660.html ASA-201606-25] {{pkg|phpmyadmin}} multiple issues<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000659.html ASA-201606-24] {{pkg|libpurple}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000658.html ASA-201606-23] {{pkg|libdwarf}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000657.html ASA-201606-22] {{pkg|xerces-c}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000656.html ASA-201606-21] {{pkg|vlc}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000655.html ASA-201606-20] {{pkg|chromium}} arbitrary code execution<br />
* [20 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000654.html ASA-201606-19] {{pkg|wget}} arbitrary file upload<br />
* [20 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000653.html ASA-201606-18] {{pkg|lib32-flashplugin}} multiple issues<br />
* [19 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000652.html ASA-201606-17] {{pkg|lib32-glibc}} denial of service<br />
* [19 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000651.html ASA-201606-16] {{pkg|glibc}} denial of service<br />
* [19 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000650.html ASA-201606-15] {{pkg|flashplugin}} multiple issues<br />
* [13 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000649.html ASA-201606-14] {{pkg|lib32-expat}} multiple issues<br />
* [13 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000648.html ASA-201606-13] {{pkg|expat}} multiple issues<br />
* [10 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000647.html ASA-201606-12] {{pkg|lib32-gnutls}} arbitrary file overwrite<br />
* [10 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000646.html ASA-201606-11] {{pkg|haproxy}} denial of service<br />
* [10 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000645.html ASA-201606-10] {{pkg|gnutls}} arbitrary file overwrite<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000644.html ASA-201606-9] {{pkg|qemu-arch-extra}} multiple issues<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000643.html ASA-201606-8] {{pkg|qemu}} multiple issues<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000642.html ASA-201606-7] {{pkg|firefox}} multiple issues<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000641.html ASA-201606-6] {{pkg|subversion}} multiple issues<br />
* [5 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000640.html ASA-201606-5] {{pkg|chromium}} multiple issues<br />
* [4 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000639.html ASA-201606-4] {{pkg|ntp}} distributed denial of service amplification<br />
* [4 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000638.html ASA-201606-3] {{pkg|webkit2gtk}} arbitrary code execution<br />
* [1 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000637.html ASA-201606-2] {{pkg|nginx-mainline}} denial of service<br />
* [1 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000636.html ASA-201606-1] {{pkg|nginx}} denial of service<br />
<br />
=== May 2016 ===<br />
<br />
* [28 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000635.html ASA-201605-28] {{pkg|chromium}} multiple issues<br />
* [26 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000634.html ASA-201605-27] {{pkg|libxml2}} multiple issues<br />
* [24 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000633.html ASA-201605-26] {{pkg|libndp}} man-in-the-middle<br />
* [19 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000632.html ASA-201605-25] {{pkg|bugzilla}} cross-site scripting<br />
* [18 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000631.html ASA-201605-24] {{pkg|p7zip}} arbitrary code execution<br />
* [18 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000630.html ASA-201605-23] {{pkg|lib32-expat}} arbitrary code execution<br />
* [18 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000629.html ASA-201605-22] {{pkg|expat}} arbitrary code execution<br />
* [15 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000628.html ASA-201605-21] {{pkg|thunderbird}} arbitrary code execution<br />
* [13 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000627.html ASA-201605-20] {{pkg|lib32-glibc}} multiple issues<br />
* [13 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000626.html ASA-201605-19] {{pkg|glibc}} multiple issues<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000625.html ASA-201605-18] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000624.html ASA-201605-17] {{pkg|libksba}} denial of service<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000623.html ASA-201605-16] {{pkg|flashplugin}} arbitrary code execution<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000622.html ASA-201605-15] {{pkg|chromium}} multiple issues<br />
* [10 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000621.html ASA-201605-14] {{pkg|cacti}} sql injection<br />
* [10 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000620.html ASA-201605-13] {{pkg|squid}} multiple issues<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000619.html ASA-201605-12] {{pkg|mencoder}} denial of service<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000618.html ASA-201605-11] {{pkg|mplayer}} denial of service<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000617.html ASA-201605-10] {{pkg|mercurial}} arbitrary code execution<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000616.html ASA-201605-9] {{pkg|latex2rtf}} arbitrary code execution<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000615.html ASA-201605-8] {{pkg|gd}} arbitrary code execution<br />
* [05 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000614.html ASA-201605-7] {{pkg|chromium}} multiple issues<br />
* [05 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000613.html ASA-201605-6] {{pkg|imagemagick}} arbitrary code execution<br />
* [05 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000612.html ASA-201605-5] {{pkg|quassel-core}} denial of service<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000611.html ASA-201605-4] {{pkg|lib32-openssl}} multiple issues<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000610.html ASA-201605-3] {{pkg|openssl}} multiple issues<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000609.html ASA-201605-2] {{pkg|jasper}} multiple issues<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000608.html ASA-201605-1] {{pkg|imlib2}} multiple issues<br />
<br />
=== April 2016 ===<br />
<br />
* [30 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000607.html ASA-201604-15] {{pkg|firefox}} multiple issues<br />
* [23 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000606.html ASA-201604-14] {{pkg|squid}} multiple issues<br />
* [23 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000605.html ASA-201604-13] {{pkg|samba}} multiple issues<br />
* [23 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000604.html ASA-201604-12] {{pkg|thunderbird}} multiple issues<br />
* [22 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000603.html ASA-201604-11] {{pkg|pgpdump}} denial of service<br />
* [17 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000602.html ASA-201604-10] {{pkg|chromium}} multiple issues<br />
* [17 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000601.html ASA-201604-9] {{pkg|libtasn1}} denial of service<br />
* [14 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000600.html ASA-201604-8] {{pkg|lhasa}} arbitrary code execution<br />
* [10 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000599.html ASA-201604-7] {{pkg|flashplugin}} arbitrary code execution<br />
* [06 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000598.html ASA-201604-6] {{pkg|mercurial}} arbitrary code execution<br />
* [04 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000597.html ASA-201604-5] {{pkg|optipng}} arbitrary code execution<br />
* [02 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000596.html ASA-201604-4] {{pkg|squid}} denial of service<br />
* [01 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000595.html ASA-201604-3] {{pkg|jre7-openjdk-headless}} sandbox escape<br />
* [01 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000594.html ASA-201604-2] {{pkg|jre7-openjdk}} sandbox escape<br />
* [01 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000593.html ASA-201604-1] {{pkg|jdk7-openjdk}} sandbox escape<br />
<br />
=== March 2016 ===<br />
<br />
* [29 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000592.html ASA-201603-27] {{pkg|jre8-openjdk-headless}} sandbox escape<br />
* [29 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000591.html ASA-201603-26] {{pkg|jre8-openjdk}} sandbox escape<br />
* [29 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000590.html ASA-201603-25] {{pkg|jdk8-openjdk}} sandbox escape<br />
* [26 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000589.html ASA-201603-24] {{pkg|chromium}} multiple issues<br />
* [24 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000588.html ASA-201603-23] {{pkg|expat}} arbitrary code execution<br />
* [24 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000587.html ASA-201603-22] {{pkg|botan}} multiple issues<br />
* [20 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000586.html ASA-201603-21] {{pkg|thunderbird}} multiple issues<br />
* [20 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000585.html ASA-201603-20] {{pkg|git}} remote command execution<br />
* [14 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000584.html ASA-201603-19] {{pkg|dropbear}} command injection<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000583.html ASA-201603-18] {{pkg|pcre}} arbitrary code execution<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000582.html ASA-201603-17] {{pkg|wireshark-gtk}} denial of service<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000581.html ASA-201603-16] {{pkg|wireshark-qt}} denial of service<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000580.html ASA-201603-15] {{pkg|wireshark-cli}} denial of service<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000579.html ASA-201603-14] {{pkg|pidgin-otr}} arbitrary code execution<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000578.html ASA-201603-13] {{pkg|bind}} denial of service<br />
* [11 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000577.html ASA-201603-12] {{pkg|openssh}} command injection<br />
* [11 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000576.html ASA-201603-11] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [11 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000575.html ASA-201603-10] {{pkg|flashplugin}} arbitrary code execution<br />
* [10 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000574.html ASA-201603-9] {{pkg|perl}} improper input validation<br />
* [10 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000573.html ASA-201603-8] {{pkg|exim}} privilege escalation<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000572.html ASA-201603-7] {{pkg|bind}} denial of service<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000571.html ASA-201603-6] {{pkg|libotr}} arbitrary code execution<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000570.html ASA-201603-5] {{pkg|chromium}} multiple issues<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000569.html ASA-201603-4] {{pkg|firefox}} multiple issues<br />
* [7 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000568.html ASA-201603-3] {{pkg|lib32-openssl}} multiple issues<br />
* [7 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000567.html ASA-201603-2] {{pkg|openssl}} multiple issues<br />
* [3 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000566.html ASA-201603-1] {{pkg|chromium}} multiple issues<br />
<br />
=== February 2016 ===<br />
<br />
* [28 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000565.html ASA-201602-24] {{pkg|cacti}} SQL injection<br />
* [28 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000564.html ASA-201602-23] {{pkg|lib32-glibc}} unbound stack usage<br />
* [28 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000563.html ASA-201602-22] {{pkg|glibc}} unbound stack usage<br />
* [25 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000562.html ASA-201602-21] {{pkg|lib32-libssh2}} man-in-the-middle<br />
* [25 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000561.html ASA-201602-20] {{pkg|libssh2}} man-in-the-middle<br />
* [24 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000560.html ASA-201602-19] {{pkg|libgcrypt}} secret key extraction<br />
* [23 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000559.html ASA-201602-18] {{pkg|libssh}} man-in-the-middle<br />
* [21 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000558.html ASA-201602-17] {{pkg|chromium}} multiple issues<br />
* [21 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000557.html ASA-201602-16] {{pkg|thunderbird}} multiple issues<br />
* [17 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000555.html ASA-201602-15] {{pkg|lib32-glibc}} multiple issues<br />
* [17 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000554.html ASA-201602-14] {{pkg|glibc}} multiple issues<br />
* [13 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000553.html ASA-201602-13] {{pkg|nghttp2}} denial of service<br />
* [13 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000552.html ASA-201602-12] {{pkg|firefox}} same-origin policy bypass<br />
* [10 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000551.html ASA-201602-11] {{pkg|botan}} multiple issues<br />
* [10 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000550.html ASA-201602-10] {{pkg|kscreenlocker}} access restriction bypass<br />
* [6 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000549.html ASA-201602-9] {{pkg|lib32-libsndfile}} multiple issues<br />
* [6 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000548.html ASA-201602-8] {{pkg|libsndfile}} multiple issues<br />
* [4 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000547.html ASA-201602-7] {{pkg|libbsd}} denial of service<br />
* [3 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000546.html ASA-201602-6] {{pkg|lib32-nettle}} improper cryptographic calculations<br />
* [3 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000545.html ASA-201602-5] {{pkg|nettle}} improper cryptographic calculations<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000544.html ASA-201602-4] {{pkg|lib32-curl}} man-in-the-middle<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000543.html ASA-201602-3] {{pkg|curl}} man-in-the-middle<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000542.html ASA-201602-2] {{pkg|python2-django}} permission bypass<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000540.html ASA-201602-1] {{pkg|python-django}} permission bypass<br />
<br />
=== January 2016 ===<br />
* [29 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000539.html ASA-201601-33] {{pkg|lib32-openssl}} man-in-the-middle<br />
* [29 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000538.html ASA-201601-32] {{pkg|openssl}} man-in-the-middle<br />
* [27 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000536.html ASA-201601-31] {{pkg|nginx}} denial of service<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000535.html ASA-201601-30] {{pkg|blueman}} privilege escalation<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000534.html ASA-201601-29] {{pkg|mbedtls}} man-in-the-middle<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000533.html ASA-201601-28] {{pkg|chromium}} multiple issues<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000532.html ASA-201601-27] {{pkg|privoxy}} denial of service<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000531.html ASA-201601-26] {{pkg|linux-lts}} privilege escalation<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000530.html ASA-201601-25] {{pkg|ecryptfs-utils}} privilege escalation<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000529.html ASA-201601-24] {{pkg|python2-rsa}} signature forgery<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000528.html ASA-201601-23] {{pkg|python-rsa}} signature forgery<br />
* [21 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000527.html ASA-201601-22] {{pkg|libdwarf}} denial of service<br />
* [21 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000526.html ASA-201601-21] {{pkg|bind}} denial of service<br />
* [20 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000525.html ASA-201601-20] {{pkg|linux}} privilege escalation<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000524.html ASA-201601-19] {{pkg|ntp}} time alteration<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000523.html ASA-201601-18] {{pkg|roundcubemail}} remote code execution<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000522.html ASA-201601-17] {{pkg|ffmpeg}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000521.html ASA-201601-16] {{pkg|syncthing}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000520.html ASA-201601-15] {{pkg|keybase}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000519.html ASA-201601-14] {{pkg|hub}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000518.html ASA-201601-13] {{pkg|go-ipfs}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000517.html ASA-201601-12] {{pkg|docker}} information leakage<br />
* [16 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000516.html ASA-201601-11] {{pkg|go}} information leakage<br />
* [14 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000515.html ASA-201601-10] {{pkg|php}} multiple issues<br />
* [14 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000512.html ASA-201601-9] {{pkg|openssh}} multiple issues<br />
* [13 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000487.html ASA-201601-8] {{pkg|libxslt}} denial of service<br />
* [11 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000486.html ASA-201601-7] {{pkg|dhcpcd}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000485.html ASA-201601-6] {{pkg|wireshark-qt}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000484.html ASA-201601-5] {{pkg|wireshark-gtk}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000483.html ASA-201601-4] {{pkg|wireshark-cli}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000482.html ASA-201601-3] {{pkg|gajim}} man-in-the-middle<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000481.html ASA-201601-2] {{pkg|wordpress}} cross-side scripting<br />
* [02 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000480.html ASA-201601-1] {{pkg|rtmpdump}} multiple issues<br />
<br />
=== December 2015 ===<br />
<br />
* [28 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000479.html ASA-201512-19] {{pkg|openvpn}} out-of-bound read<br />
* [28 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000478.html ASA-201512-18] {{pkg|libpng}} buffer overflow<br />
* [28 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000477.html ASA-201512-17] {{pkg|flashplugin}}, {{pkg|lib32-flashplugin}} multiple issues<br />
* [25 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000476.html ASA-201512-16] {{pkg|nghttp2}} use-after-free<br />
* [25 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000475.html ASA-201512-15] {{pkg|mediawiki}} multiple issues<br />
* [25 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000474.html ASA-201512-14] {{pkg|thunderbird}} multiple issues<br />
* [22 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000473.html ASA-201512-13] {{pkg|claws-mail}} buffer overflow<br />
* [17 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000472.html ASA-201512-12] {{pkg|python2-pyamf}} XML external entity injection<br />
* [17 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000471.html ASA-201512-11] {{pkg|ruby}} unsafe tainted string usage<br />
* [16 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000468.html ASA-201512-10] {{pkg|bind}} denial of service<br />
* [15 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000467.html ASA-201512-9] {{pkg|firefox}} multiple issues<br />
* [10 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000466.html ASA-201512-8] {{pkg|keepassx}} information disclosure<br />
* [09 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000465.html ASA-201512-7] {{pkg|flashplugin}} multiple issues<br />
* [09 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000464.html ASA-201512-6] {{pkg|libxml2}} multiple issues<br />
* [09 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000463.html ASA-201512-5] {{pkg|chromium}} multiple issues<br />
* [05 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000462.html ASA-201512-4] {{pkg|nodejs}} denial of service<br />
* [05 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000460.html ASA-201512-3] {{pkg|python-django}} {{pkg|python2-django}} information leakage<br />
* [05 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000459.html ASA-201512-2] {{pkg|openssl}} {{pkg|lib32-openssl}} multiple issues<br />
* [02 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000440.html ASA-201512-1] {{pkg|chromium}} multiple issues<br />
<br />
=== November 2015 ===<br />
<br />
* [18 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000439.html ASA-201511-11] {{pkg|jenkins}} multiple issues<br />
* [17 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000438.html ASA-201511-10] {{pkg|lib32-libpng}} multiple issues<br />
* [17 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000437.html ASA-201511-9] {{pkg|libpng}} multiple issues<br />
* [13 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000436.html ASA-201511-8] {{pkg|chromium}} information leakage<br />
* [12 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000435.html ASA-201511-7] {{pkg|putty}} arbitrary code execution<br />
* [12 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000434.html ASA-201511-6] {{pkg|powerdns}} denial of service<br />
* [11 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000433.html ASA-201511-5] {{pkg|flashplugin}} multiple issues<br />
* [06 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000432.html ASA-201511-4] {{pkg|nspr}} arbitrary code execution<br />
* [06 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000431.html ASA-201511-3] {{pkg|nss}} arbitrary code execution<br />
* [04 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000430.html ASA-201511-2] {{pkg|firefox}} multiple issues<br />
* [03 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000429.html ASA-201511-1] {{pkg|unzip}} multiple issues<br />
<br />
=== October 2015 ===<br />
<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000428.html ASA-201510-26] {{pkg|mariadb}} denial of service<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000427.html ASA-201510-25] {{pkg|lldpd}} denial of service<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000426.html ASA-201510-24] {{pkg|wordpress}} multiple issues<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000425.html ASA-201510-23] {{pkg|phpmyadmin}} content spoofing<br />
* [27 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000424.html ASA-201510-22] {{pkg|vorbis-tools}} denial of service<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000423.html ASA-201510-21] {{pkg|drupal}} open redirect<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000422.html ASA-201510-20] {{pkg|jre8-openjdk-headless}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000421.html ASA-201510-19] {{pkg|jre8-openjdk}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000420.html ASA-201510-18] {{pkg|jdk8-openjdk}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000419.html ASA-201510-17] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000418.html ASA-201510-16] {{pkg|jre7-openjdk}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000417.html ASA-201510-15] {{pkg|jdk7-openjdk}} multiple issues<br />
* [22 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000416.html ASA-201510-14] {{pkg|ntp}} multiple issues<br />
* [19 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000415.html ASA-201510-13] {{pkg|spice}} multiple issues<br />
* [18 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000414.html ASA-201510-12] {{pkg|flashplugin}} arbitrary code execution<br />
* [18 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000413.html ASA-201510-11] {{pkg|miniupnpc}} arbitrary code execution<br />
* [16 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000412.html ASA-201510-10] {{pkg|firefox}} cross-origin restriction bypass<br />
* [15 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000411.html ASA-201510-9] {{pkg|mbedtls}} arbitrary code execution<br />
* [14 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000410.html ASA-201510-8] {{pkg|chromium}} multiple issues<br />
* [14 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000409.html ASA-201510-7] {{pkg|flashplugin}} multiple issues<br />
* [10 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000408.html ASA-201510-6] {{pkg|gdk-pixbuf2}} multiple issues<br />
* [08 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000407.html ASA-201510-5] {{pkg|opensmtpd}} multiple issues<br />
* [08 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000406.html ASA-201510-4] {{pkg|bugzilla}} unauthorized account creation<br />
* [05 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000405.html ASA-201510-3] {{pkg|nodejs}} denial of service<br />
* [05 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000404.html ASA-201510-2] {{pkg|hostapd}} denial of service<br />
* [05 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000403.html ASA-201510-1] {{pkg|libunwind}} denial of service<br />
<br />
=== September 2015 ===<br />
* [28 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000401.html ASA-201509-11] {{pkg|chromium}} cross-origin bypass<br />
* [25 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000400.html ASA-201509-10] {{pkg|rpcbind}} denial of service<br />
* [23 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000399.html ASA-201509-9] {{pkg|firefox}} multiple issues<br />
* [22 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000398.html ASA-201509-8] {{pkg|flashplugin}} multiple issues<br />
* [21 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000397.html ASA-201509-7] {{pkg|wordpress}} multiple issues<br />
* [13 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000395.html ASA-201509-6] {{pkg|icedtea-web}} multiple issues<br />
* [13 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000394.html ASA-201509-5] {{pkg|libvdpau}} {{pkg|lib32-libvdpau}} multiple issues<br />
* [13 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000393.html ASA-201509-4] {{pkg|openldap}} denial of service<br />
* [07 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000392.html ASA-201509-3] {{pkg|powerdns}} denial of service<br />
* [03 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000391.html ASA-201509-2] {{pkg|bind}} denial of service<br />
* [02 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000390.html ASA-201509-1] {{pkg|chromium}} multiple issues<br />
<br />
=== August 2015 ===<br />
* [28 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000389.html ASA-201508-12] {{pkg|firefox}} multiple issues<br />
* [26 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000388.html ASA-201508-11] {{pkg|pcre}} arbitrary code execution<br />
* [26 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000387.html ASA-201508-10] {{pkg|jasper}} denial of service<br />
* [25 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000386.html ASA-201508-9] {{pkg|django}} denial of service<br />
* [25 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000385.html ASA-201508-8] {{pkg|gnutls}} denial of service<br />
* [16 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000384.html ASA-201508-7] {{pkg|glibc}} denial of service<br />
* [14 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000383.html ASA-201508-6] {{pkg|freeradius}} insufficient CRL validation<br />
* [14 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000382.html ASA-201508-5] {{pkg|subversion}} authentication bypass<br />
* [12 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000381.html ASA-201508-4] {{pkg|firefox}} multiple issues<br />
* [11 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000380.html ASA-201508-3] {{pkg|ppp}} denial of service<br />
* [07 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000379.html ASA-201508-2] {{pkg|wordpress}} multiple issues<br />
* [07 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000378.html ASA-201508-1] {{pkg|firefox}} information leakage<br />
<br />
=== July 2015 ===<br />
* [29 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000377.html ASA-201507-23] {{pkg|pacman}} silent downgrade<br />
* [29 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000376.html ASA-201507-22] {{pkg|bind}} denial of service<br />
* [29 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000375.html ASA-201507-21] {{pkg|qemu}} multiple issues<br />
* [24 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000374.html ASA-201507-20] {{pkg|crypto++}} private key recovery<br />
* [24 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000373.html ASA-201507-19] {{pkg|libuser}} privilege escalation<br />
* [23 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000371.html ASA-201507-18] {{pkg|chromium}} multiple issues<br />
* [23 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000372.html ASA-201507-17] {{pkg|openssh}} authentication limits bypass<br />
* [22 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000370.html ASA-201507-16] {{pkg|jre7-openjdk}} multiple issues<br />
* [17 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000369.html ASA-201507-15] {{pkg|apache}} multiple issues<br />
* [16 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000368.html ASA-201507-14] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [16 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000367.html ASA-201507-13] {{pkg|flashplugin}} arbitrary code execution<br />
* [13 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000366.html ASA-201507-12] {{pkg|lib32-openssl}} man-in-the-middle<br />
* [12 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000365.html ASA-201507-11] {{pkg|lib32-krb5}} multiple issues<br />
* [12 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000364.html ASA-201507-10] {{pkg|krb5}} multiple issues<br />
* [11 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000363.html ASA-201507-9] {{pkg|thunderbird}} multiple issues<br />
* [09 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000362.html ASA-201507-8] {{pkg|openssl}} man-in-the-middle<br />
* [08 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000361.html ASA-201507-7] {{pkg|flashplugin}} remote code execution<br />
* [07 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000360.html ASA-201507-6] {{pkg|bind}} denial of service<br />
* [07 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000359.html ASA-201507-5] {{pkg|ntp}} denial of service<br />
* [04 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000358.html ASA-201507-4] {{pkg|openssh}} XSECURITY restrictions bypass<br />
* [04 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000357.html ASA-201507-3] {{pkg|haproxy}} information leakage<br />
* [03 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000356.html ASA-201507-2] {{pkg|firefox}} remote code execution<br />
* [03 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000355.html ASA-201507-1] {{pkg|wesnoth}} information leakage<br />
<br />
=== June 2015 ===<br />
* [24 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000346.html ASA-201506-5] {{pkg|flashplugin}} remote code execution<br />
* [22 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000345.html ASA-201506-4] {{pkg|curl}} information leakage<br />
* [12 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000344.html ASA-201506-3] {{pkg|openssl}} multiple issues<br />
* [10 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000343.html ASA-201506-2] {{pkg|cups}} multiple issues<br />
* [01 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000342.html ASA-201506-1] {{pkg|pcre}} buffer overflow<br />
<br />
=== May 2015 ===<br />
* [28 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000341.html ASA-201505-20] {{pkg|curl}} information leakage<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000340.html ASA-201505-19] {{pkg|webkitgtk2}} man-in-the-middle<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000339.html ASA-201505-18] {{pkg|webkitgtk}} man-in-the-middle<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000338.html ASA-201505-17] {{pkg|postgresql}} multiple issues<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000337.html ASA-201505-16] {{pkg|pgbouncer}} denial of service<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000336.html ASA-201505-15] {{pkg|nbd}} denial of service<br />
* [21 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000335.html ASA-201505-14] {{pkg|chromium}} multiple issues<br />
* [18 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000332.html ASA-201505-13] {{pkg|thunderbird}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000331.html ASA-201505-12] {{pkg|wireshark-gtk}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000330.html ASA-201505-11] {{pkg|wireshark-qt}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000329.html ASA-201505-10] {{pkg|wireshark-cli}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000328.html ASA-201505-9] {{pkg|qemu}} arbitrary code execution<br />
* [13 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000321.html ASA-201505-8] {{pkg|tomcat6}} denial of service<br />
* [13 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000320.html ASA-201505-7] {{pkg|firefox}} multiple issues<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000319.html ASA-201505-6] {{pkg|docker}} multiple issues<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000318.html ASA-201505-5] {{pkg|libtasn1}} arbitrary code execution<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000317.html ASA-201505-4] {{pkg|mariadb-clients}} multiple issues<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000316.html ASA-201505-3] {{pkg|mariadb}} multiple issues<br />
* [03 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000315.html ASA-201505-2] {{pkg|clamav}} multiple issues<br />
* [01 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000314.html ASA-201505-1] {{pkg|squid}} weak certificate validation<br />
<br />
=== Apr 2015 ===<br />
* [30 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000313.html ASA-201504-32] {{pkg|perl-xml-libxml}} xml external entity injection<br />
* [29 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000312.html ASA-201504-31] {{pkg|dovecot}} denial of service<br />
* [29 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000311.html ASA-201504-30] {{pkg|chromium}} multiple issues<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000310.html ASA-201504-29] {{pkg|wpa_supplicant}} arbitrary code execution<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000309.html ASA-201504-28] {{pkg|curl}} multiple issues<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000308.html ASA-201504-27] {{pkg|powerdns-recursor}} denial of service<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000307.html ASA-201504-26] {{pkg|powerdns}} denial of service<br />
* [23 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000305.html ASA-201504-25] {{pkg|glibc}} arbitrary code execution<br />
* [22 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000304.html ASA-201504-24] {{pkg|firefox}} arbitrary code execution<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000302.html ASA-201504-23] {{pkg|jre8-openjdk-headless}} multiple issues<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000301.html ASA-201504-22] {{pkg|jre8-openjdk}} multiple issues<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000300.html ASA-201504-21] {{pkg|jdk8-openjdk}} multiple issues<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000299.html ASA-201504-20] {{pkg|tcpdump}} denial of service<br />
* [18 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000298.html ASA-201504-19] {{pkg|chromium}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000297.html ASA-201504-18] {{pkg|flashplugin}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000296.html ASA-201504-17] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000295.html ASA-201504-16] {{pkg|jre7-openjdk}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000294.html ASA-201504-15] {{pkg|jdk7-openjdk}} multiple issues<br />
* [15 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000291.html ASA-201504-14] {{pkg|php}} multiple issues<br />
* [14 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000282.html ASA-201504-13] {{pkg|ruby}} permissive certificate matching<br />
* [11 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000281.html ASA-201504-12] {{pkg|icecast}} denial of service<br />
* [10 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000280.html ASA-201504-11] {{pkg|mediawiki}} multiple issues<br />
* [09 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000279.html ASA-201504-10] {{pkg|libssh2}} out-of-bounds read<br />
* [08 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000278.html ASA-201504-9] {{pkg|chrony}} denial of service<br />
* [08 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000275.html ASA-201504-8] {{pkg|ntp}} multiple issues<br />
* [07 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000274.html ASA-201504-7] {{pkg|tor}} multiple issues<br />
* [04 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000272.html ASA-201504-6] {{pkg|thunderbird}} multiple issues<br />
* [04 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000273.html ASA-201504-5] {{pkg|java-batik}} xml external entity injection<br />
* [04 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000271.html ASA-201504-4] {{pkg|firefox}} certificate verification bypass<br />
* [03 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000270.html ASA-201504-3] {{pkg|libtasn1}} stack overflow<br />
* [02 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000269.html ASA-201504-2] {{pkg|chromium}} remote code execution<br />
* [01 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000268.html ASA-201504-1] {{pkg|firefox}} multiple issues<br />
<br />
=== Mar 2015 ===<br />
* [31 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000267.html ASA-201503-26] {{pkg|musl}} arbitrary code execution<br />
* [28 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000266.html ASA-201503-25] {{pkg|php}} zip integer overflow<br />
* [25 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000265.html ASA-201503-24] {{pkg|vorbis-tools}} denial of service<br />
* [24 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000264.html ASA-201503-23] {{pkg|util-linux}} command injection<br />
* [23 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000263.html ASA-201503-22] {{pkg|cpio}} directory traversal<br />
* [21 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000262.html ASA-201503-21] {{pkg|firefox}} multiple issues<br />
* [20 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000261.html ASA-201503-20] {{pkg|tcpdump}} multiple issues<br />
* [20 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000260.html ASA-201503-19] {{pkg|xerces-c}} denial of service<br />
* [20 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000259.html ASA-201503-18] {{pkg|drupal}} multiple issues<br />
* [19 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000258.html ASA-201503-17] {{pkg|lib32-openssl}} multiple issues<br />
* [19 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000257.html ASA-201503-16] {{pkg|openssl}} multiple issues<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000256.html ASA-201503-15] {{pkg|libxfont}} multiple issues<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000255.html ASA-201503-14] {{pkg|ecryptfs-utils}} hard-coded passphrase salt<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000254.html ASA-201503-13] {{pkg|ettercap-gtk}} multiple issues<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000253.html ASA-201503-12] {{pkg|ettercap}} multiple issues<br />
* [16 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000252.html ASA-201503-11] {{pkg|flashplugin}} multiple issues<br />
* [16 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000251.html ASA-201503-10] {{pkg|librsync}} checksum collision<br />
* [15 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000250.html ASA-201503-9] {{pkg|unzip}} arbitrary code execution<br />
* [12 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000249.html ASA-201503-8] {{pkg|e2fsprogs}} arbitrary code execution<br />
* [11 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000248.html ASA-201503-7] {{pkg|python2-django}} {{pkg|python-django}} cross site scripting<br />
* [09 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000247.html ASA-201503-6] {{pkg|mutt}} denial of service<br />
* [05 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000245.html ASA-201503-5] {{pkg|chromium}} multiple issues<br />
* [05 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000244.html ASA-201503-4] {{pkg|grep}} denial of service<br />
* [02 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000243.html ASA-201503-3] {{pkg|lib32-elfutils}} directory traversal<br />
* [02 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000242.html ASA-201503-2] {{pkg|elfutils}} directory traversal<br />
* [02 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000241.html ASA-201503-1] {{pkg|putty}} information disclosure<br />
<br />
=== Feb 2015 ===<br />
* [25 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000238.html ASA-201502-15] {{pkg|thunderbird}} multiple issues<br />
* [25 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000237.html ASA-201502-14] {{pkg|firefox}} multiple issues<br />
* [23 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000236.html ASA-201502-13] {{pkg|samba}} arbitrary code execution<br />
* [17 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000235.html ASA-201502-12] {{pkg|krb5}} multiple issues<br />
* [11 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000234.html ASA-201502-11] {{pkg|xorg-server}} information leak and denial of service<br />
* [10 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000233.html ASA-201502-10] {{pkg|dbus}} denial of service<br />
* [09 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000232.html ASA-201502-9] {{pkg|pigz}} remote write to arbitrary file<br />
* [09 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000231.html ASA-201502-8] {{pkg|glibc}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000230.html ASA-201502-7] {{pkg|ntp}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000229.html ASA-201502-6] {{pkg|clamav}} arbitrary code execution<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000228.html ASA-201502-5] {{pkg|chromium}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000227.html ASA-201502-4] {{pkg|postgresql}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000226.html ASA-201502-3] {{pkg|mantisbt}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000225.html ASA-201502-2] {{pkg|flashplugin}} remote code execution<br />
* [03 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000224.html ASA-201502-1] {{pkg|privoxy}} denial of service<br />
<br />
=== Jan 2015 ===<br />
* [28 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000223.html ASA-201501-24] {{pkg|patch}} multiple issues<br />
* [27 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000222.html ASA-201501-23] {{pkg|jasper}} arbitrary code execution<br />
* [26 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000220.html ASA-201501-22] {{pkg|flashplugin}} multiple issues<br />
* [25 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000219.html ASA-201501-21] {{pkg|chromium}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000218.html ASA-201501-20] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000217.html ASA-201501-19] {{pkg|jre7-openjdk}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000216.html ASA-201501-18] {{pkg|jdk7-openjdk}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000215.html ASA-201501-17] {{pkg|php}} remote code execution<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000212.html ASA-201501-16] {{pkg|jre8-openjdk-headless}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000211.html ASA-201501-15] {{pkg|jre8-openjdk}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000210.html ASA-201501-14] {{pkg|jdk8-openjdk}} multiple issues<br />
* [20 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000209.html ASA-201501-13] {{pkg|polarssl}} remote code execution<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000208.html ASA-201501-12] {{pkg|libssh}} denial of service<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000207.html ASA-201501-11] {{pkg|tinyproxy}} denial of service<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000206.html ASA-201501-10] {{pkg|samba}} privilege elevation<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000205.html ASA-201501-9] {{pkg|curl}} url request injection<br />
* [15 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000204.html ASA-201501-8] {{pkg|flashplugin}} multiple issues<br />
* [14 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000203.html ASA-201501-7] {{pkg|thunderbird}} multiple issues<br />
* [14 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000202.html ASA-201501-6] {{pkg|firefox}} multiple issues<br />
* [14 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000201.html ASA-201501-5] {{pkg|cpio}} heap buffer overflow<br />
* [13 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000200.html ASA-201501-4] {{pkg|libevent}} heap overflow<br />
* [10 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000199.html ASA-201501-3] {{pkg|unzip}} arbitrary code execution<br />
* [09 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000198.html ASA-201501-2] {{pkg|openssl}} multiple issues<br />
* [07 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000192.html ASA-201501-1] {{pkg|imagemagick}} multiple issues<br />
<br />
=== Dec 2014 ===<br />
* [22 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000189.html ASA-201412-24] {{pkg|ntp}} multiple issues<br />
* [18 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000183.html ASA-201412-23] {{pkg|php}} use after free<br />
* [18 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000182.html ASA-201412-22] {{pkg|jasper}} arbitrary code execution<br />
* [18 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000181.html ASA-201412-21] {{pkg|glibc}} arbitrary code execution<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000178.html ASA-201412-20] {{pkg|unrtf}} arbitrary code execution<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000177.html ASA-201412-19] {{pkg|dokuwiki}} cross-site scripting<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000176.html ASA-201412-18] {{pkg|nss}} signature forgery<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000175.html ASA-201412-17] {{pkg|subversion}} denial of service<br />
* [15 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000174.html ASA-201412-16] {{pkg|docker}} multiple issues<br />
* [15 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000173.html ASA-201412-15] {{pkg|python2}} multiple issues<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000172.html ASA-201412-14] {{pkg|xorg-server}} multiple issues<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000171.html ASA-201412-13] {{pkg|flashplugin}} multiple issues<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000170.html ASA-201412-12] {{pkg|nvidia}} arbitrary code execution<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000169.html ASA-201412-11] {{pkg|nvidia-340xx}} arbitrary code execution<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000168.html ASA-201412-10] {{pkg|nvidia-304xx}} arbitrary code execution<br />
* [09 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000167.html ASA-201412-9] {{pkg|powerdns-recursor}} denial of service<br />
* [09 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000166.html ASA-201412-8] {{pkg|unbound}} denial of service<br />
* [08 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000165.html ASA-201412-7] {{pkg|bind}} denial of service<br />
* [08 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000164.html ASA-201412-6] {{pkg|mantisbt}} multiple issues<br />
* [04 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000163.html ASA-201412-5] {{pkg|antiword}} buffer overflow<br />
* [03 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000162.html ASA-201412-4] {{pkg|graphviz}} format string vulnerability<br />
* [03 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000161.html ASA-201412-3] {{pkg|firefox}} multiple issues<br />
* [02 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000160.html ASA-201412-2] {{pkg|openvpn}} denial of service<br />
* [01 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000159.html ASA-201412-1] {{pkg|gnupg}} denial of service<br />
<br />
=== Nov 2014 ===<br />
* [28 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000156.html ASA-201411-31] {{pkg|libksba}} denial of service<br />
* [28 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000157.html ASA-201411-32] {{pkg|icecast}} information leak<br />
* [28 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000158.html ASA-201411-33] {{pkg|libjpeg-turbo}} denial of service <br />
* [26 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000155.html ASA-201411-30] {{pkg|flac}} arbitrary code execution<br />
* [26 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000154.html ASA-201411-29] {{pkg|pcre}} heap buffer overflow<br />
* [23 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000153.html ASA-201411-28] {{pkg|dbus}} denial of service<br />
* [21 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000152.html ASA-201411-27] {{pkg|glibc}} command execution<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000151.html ASA-201411-26] {{pkg|chromium}} multiple issues<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000150.html ASA-201411-25] {{pkg|drupal}} session hijacking and denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000149.html ASA-201411-24] {{pkg|wireshark-qt}} denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000148.html ASA-201411-23] {{pkg|wireshark-gtk}} denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000147.html ASA-201411-22] {{pkg|wireshark-cli}} denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000146.html ASA-201411-21] {{pkg|clamav}} denial of service<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000145.html ASA-201411-20] {{pkg|avr-binutils}} multiple issues<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000144.html ASA-201411-19] {{pkg|mingw-w64-binutils}} multiple issues<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000143.html ASA-201411-18] {{pkg|arm-none-eabi-binutils}} multiple issues<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000142.html ASA-201411-17] {{pkg|binutils}} multiple issues<br />
* [17 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000141.html ASA-201411-16] {{pkg|ruby}} denial of service<br />
* [17 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000140.html ASA-201411-15] {{pkg|linux-lts}} local denial of service, privilege escalation<br />
* [17 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000139.html ASA-201411-14] {{pkg|linux}} local denial of service, privilege escalation<br />
* [13 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000138.html ASA-201411-13] {{pkg|php}} denial of service<br />
* [13 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000137.html ASA-201411-12] {{pkg|imagemagick}} denial of service<br />
* [13 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000136.html ASA-201411-11] {{pkg|flashplugin}} remote code execution<br />
* [12 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000135.html ASA-201411-10] {{pkg|gnutls}} out-of-bounds memory write<br />
* [12 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000134.html ASA-201411-9] {{pkg|file}} denial of service through out-of-bounds read<br />
* [12 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000133.html ASA-201411-8] {{pkg|mantisbt}} arbitrary code execution and unrestricted access<br />
* [11 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000132.html ASA-201411-7] {{pkg|curl}} out-of-bounds read<br />
* [10 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000131.html ASA-201411-6] {{pkg|kdebase-workspace}} local privilege escalation<br />
* [09 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000130.html ASA-201411-5] {{pkg|konversation}} denial of service<br />
* [06 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000129.html ASA-201411-4] {{pkg|polarssl}} multiple issues<br />
* [05 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000128.html ASA-201411-3] {{pkg|mantisbt}} sql injection<br />
* [03 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000127.html ASA-201411-2] {{pkg|aircrack-ng}} multiple vulnerabilities<br />
* [01 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000126.html ASA-201411-1] {{pkg|tnftp}} arbitrary command execution<br />
<br />
=== Oct 2014 ===<br />
<br />
* [29 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000125.html ASA-201410-14] {{pkg|wget}} arbitrary filesystem access<br />
* [27 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000124.html ASA-201410-13] {{pkg|ejabberd}} circumvention of encryption<br />
* [24 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000123.html ASA-201410-12] {{pkg|libxml2}} Denial of service<br />
* [24 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000122.html ASA-201410-11] {{pkg|ctags}} Denial of service<br />
* [23 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000121.html ASA-201410-10] {{pkg|libvncserver}} Remote code execution and Remote DoS<br />
* [22 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000120.html ASA-201410-9] {{pkg|libpurple}} Remote DoS and Information leakage<br />
* [20 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000119.html ASA-201410-8] {{pkg|wpa_supplicant}}, {{pkg|hostapd}} Arbitrary command execution<br />
* [16 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000118.html ASA-201410-7] {{pkg|drupal}} SQL Injection<br />
* [16 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000117.html ASA-201410-6] {{pkg|openssl}} Memory leak and poodle mitigation<br />
* [15 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000116.html ASA-201410-4] {{pkg|zeromq}} Man-in-the-middle downgrade and replay attack<br />
* [8 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000115.html ASA-201410-5] {{pkg|rsyslog}} Denial of service<br />
* [4 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000114.html ASA-201410-3] {{pkg|mediawiki}} Cross-site Scripting (XSS) and UI redressing<br />
* [2 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000113.html ASA-201410-2] {{pkg|jenkins}} Multiple issues<br />
* [1 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000112.html ASA-201410-1] {{pkg|rsyslog}} Remote denial of service<br />
<br />
=== Sep 2014 ===<br />
<br />
* [29 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000111.html ASA-201409-5] {{pkg|libvirt}} Out-of-bounds read access<br />
* [29 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000109.html ASA-201409-4] {{pkg|mediawiki}} Cross-site Scripting (XSS)<br />
* [26 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000102.html ASA-201409-3] {{pkg|python2}} Information leakage through integer overflow<br />
* [26 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000099.html ASA-201409-2] {{pkg|bash}} Remote code execution<br />
* [25 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000097.html ASA-201409-1] {{pkg|nss}} Signature forgery attack<br />
<br />
==Publishing a new advisory==<br />
<br />
We try to always wait for the vulnerability to have been fixed in the corresponding package before issuing an advisory.<br />
In case of an extremely critical vulnerability,<br />
we may issue an advisory before the package has been fixed, but only if a work-around exists. <br />
<br />
If you want to publish a new advisory, please check that:<br />
* the corresponding Arch Linux package is really vulnerable ;<br />
* the tracking [[Arch_CVE_Monitoring_Team#Procedure|Procedure]] has been completed;<br />
* no Arch Linux Security Advisory for this vulnerability has been published yet ;<br />
* no upcoming Security Advisory for this vulnerability has been claimed in the "[[#Scheduled Advisories|Scheduled Advisories]]" list of this page, as it would mean that someone is already working on an advisory ;<br />
* the current maintainer has been notified, either by flagging the package ouf-of-date if an upstream release fixing the issue exists and/or by creating a new [https://bugs.archlinux.org/ bug-tracker] entry (see the exact procedure [[Arch_CVE_Monitoring_Team#Procedure|here]]).<br />
<br />
You may then:<br />
* add a line in the "[[#Scheduled Advisories|Scheduled Advisories]]" list of this page, indicating that you are going to publish an advisory soon ;<br />
* use the following template as an example to write the advisory ;<br />
* ensure that every line in the advisory is properly wrapped after 72 characters<br />
* send the advisory to the [https://mailman.archlinux.org/mailman/listinfo/arch-security arch-security] mailing-list (note that it would be nice if you could send a PGP-signed e-mail, but it is not required).<br />
* move the published advisory from "[[#Scheduled Advisories|Scheduled Advisories]]" to "[[#Recent Advisories|Recent Advisories]]"<br />
* adapt the [[CVE#Documented_CVE.27s|CVE]] tracking page for the fixed package and add a link to the appropriate ASA.<br />
<br />
===Templates===<br />
<br />
{{bc|<nowiki><br />
Subject:<br />
[ASA-<YYYYMM-N>] <Package>: <Vulnerability Type><br />
<br />
Body:<br />
Arch Linux Security Advisory ASA-YYYYMM-N<br />
=========================================<br />
<br />
Severity: Low, Medium, High, Critical<br />
Date : YYYY-MM-DD<br />
CVE-ID : <CVE-ID><br />
Package : <package><br />
Type : <Vulnerability Type><br />
Remote : <Yes/No><br />
Link : https://wiki.archlinux.org/index.php/CVE<br />
<br />
Summary<br />
=======<br />
<br />
The package <package> before version <Arch Linux fixed version> is vulnerable to <Vulnerability type>.<br />
<br />
Resolution<br />
==========<br />
<br />
Upgrade to <Arch Linux fixed version>.<br />
<br />
# pacman -Syu "<package>>=<Arch Linux fixed version>"<br />
<br />
The problem has been fixed upstream in version <upstream fixed version>.<br />
<br />
Workaround<br />
==========<br />
<br />
<Is there a way to mitigate this vulnerability without upgrading?><br />
<br />
Description<br />
===========<br />
<br />
<Long description, for example from original advisory>.<br />
<br />
Impact<br />
======<br />
<br />
<<br />
What is it that an attacker can do? Does this need existing<br />
pre-conditions to be exploited (valid credentials, physical access)?<br />
Is this remotely exploitable?<br />
>.<br />
<br />
References<br />
==========<br />
<br />
<CVE-Link><br />
<Upstream report><br />
<Arch Linux Bug-Tracker><br />
</nowiki>}}<br />
<br />
===Vim-Snippet===<br />
<br />
Vim-Snippet for vim-ultisnips plugin for easy completing the archlinux template. Just install {{pkg|vim-ultisnips}} and copy the text below in your {{ic|~/.vim/UltiSnips/all.snippets}} you can jump through the tabstops with {{ic|CTRL+j}}.<br />
<br />
{{bc|<nowiki><br />
snippet archsec "arch security form" <br />
Arch Linux Security Advisory ASA-`date -I -u | egrep -o '[0-9]{4}'``date -I -u | egrep -o '[0-9]{2}' | sed '3q;d'`-${1}<br />
========================================${1/./=/g} <br />
<br />
Severity: ${2} <br />
Date : `date -I -u` <br />
CVE-ID : $3 <br />
Package : $4 <br />
Type : $5<br />
Remote : ${6} <br />
Link : https://wiki.archlinux.org/index.php/CVE <br />
<br />
Summary<br />
=======<br />
<br />
The package $4 before version $7 is vulnerable to $5 ${8} <br />
<br />
Resolution<br />
==========<br />
<br />
Upgrade to $7.<br />
<br />
# pacman -Syu "$4>=$7" <br />
<br />
${9:The problems have been fixed upstream in version ${7/-\d+$/./}} <br />
<br />
Workaround<br />
========== <br />
<br />
${10:None.} <br />
<br />
Description <br />
=========== <br />
<br />
${3/(CVE-....-....)(\s?)/- $1(?2: : )()\n\n/g} <br />
<br />
Impact<br />
====== <br />
<br />
A${6/(Yes)|(No)/(?1: remote )(?2: local )/}attacker is able to ${12} <br />
<br />
References<br />
========== <br />
<br />
${3/(CVE-....-....)(\s?)/https:\/\/access.redhat.com\/security\/cve\/$1\n/g}<br />
${13}<br />
endsnippet<br />
<br />
</nowiki>}}</div>
Anthraxx
https://wiki.archlinux.org/index.php?title=Security_Advisories&diff=455843
Security Advisories
2016-11-02T17:43:40Z
<p>Anthraxx: adding curl advisories</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Related articles start}}<br />
{{Related|Arch CVE Monitoring Team}}<br />
{{Related|CVE}}<br />
{{Related|Security Advisories/Examples}}<br />
{{Related articles end}}<br />
<br />
Security Advisories are published by the community driven [[Arch CVE Monitoring Team]] to the public [https://mailman.archlinux.org/mailman/listinfo/arch-security arch-security] list.<br />
All published advisories can be found below, however if you want to be up-to-date its recommended to subscribe to the [https://mailman.archlinux.org/mailman/listinfo/arch-security list]. All assigned CVE's are tracked at the relevant CVE page [[CVE]], by the [[Arch_CVE_Monitoring_Team|ACMT]].<br />
<br />
==Scheduled Advisories==<br />
<br />
<br />
<br />
==Recent Advisories==<br />
Here is an archive of security advisories posted to the [https://mailman.archlinux.org/mailman/listinfo/arch-security arch-security] list.<br />
<br />
=== November 2016 ===<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000752.html ASA-201611-5] {{pkg|lib32-libcurl-compat}} multiple issues<br />
* [02 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000751.html ASA-201611-4] {{pkg|lib32-curl}} multiple issues<br />
* [01 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000750.html ASA-201611-3] {{pkg|bind}} denial of service<br />
* [01 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000749.html ASA-201611-2] {{pkg|libxml2}} arbitrary code execution<br />
* [01 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000748.html ASA-201611-1] {{pkg|memcached}} arbitrary code execution<br />
<br />
=== October 2016 ===<br />
* [26 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000747.html ASA-201610-19] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [26 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000746.html ASA-201610-18] {{pkg|flashplugin}} arbitrary code execution<br />
* [24 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000745.html ASA-201610-17] {{pkg|ocaml}} information disclosure<br />
* [24 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000744.html ASA-201610-16] {{pkg|linux-grsec}} privilege escalation<br />
* [23 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000743.html ASA-201610-15] {{pkg|chromium}} multiple issues<br />
* [22 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000742.html ASA-201610-14] {{pkg|linux}} privilege escalation<br />
* [21 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000741.html ASA-201610-13] {{pkg|python-django}} cross-site request forgery<br />
* [21 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000740.html ASA-201610-12] {{pkg|python2-django}} cross-site request forgery<br />
* [21 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000739.html ASA-201610-11] {{pkg|linux-lts}} privilege escalation<br />
* [16 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000738.html ASA-201610-10] {{pkg|guile}} multiple issues<br />
* [13 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000737.html ASA-201610-9] {{pkg|gdk-pixbuf2}} arbitrary code execution<br />
* [11 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000736.html ASA-201610-8] {{pkg|crypto++}} information disclosure<br />
* [09 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000735.html ASA-201610-7] {{pkg|wpa_supplicant}} multiple issues<br />
* [08 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000734.html ASA-201610-6] {{pkg|imagemagick}} multiple issues<br />
* [07 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000733.html ASA-201610-5] {{pkg|messagelib}} multiple issues<br />
* [07 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000732.html ASA-201610-4] {{pkg|kcoreaddons}} insufficient validation<br />
* [03 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000731.html ASA-201610-3] {{pkg|hostapd}} multiple issues<br />
* [03 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000730.html ASA-201610-2] {{pkg|systemd}} denial of service<br />
* [03 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000729.html ASA-201610-1] {{pkg|chromium}} arbitrary code execution<br />
<br />
=== September 2016 ===<br />
* [30 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000728.html ASA-201609-32] {{pkg|wordpress}} multiple issues<br />
* [30 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000727.html ASA-201609-31] {{pkg|c-ares}} arbitrary code execution<br />
* [28 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000726.html ASA-201609-30] {{pkg|openssl}} denial of service<br />
* [28 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000725.html ASA-201609-29] {{pkg|bind}} denial of service<br />
* [27 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000724.html ASA-201609-28] {{pkg|lib32-openssl}} denial of service<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000723.html ASA-201609-27] {{pkg|wireshark-cli}} denial of service<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000722.html ASA-201609-26] {{pkg|lib32-gnutls}} certificate verification bypass<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000721.html ASA-201609-25] {{pkg|gnutls}} certificate verification bypass<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000720.html ASA-201609-24] {{pkg|lib32-openssl}} multiple issues<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000719.html ASA-201609-23] {{pkg|openssl}} multiple issues<br />
* [22 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000718.html ASA-201609-22] {{pkg|firefox}} multiple issues<br />
* [22 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000717.html ASA-201609-21] {{pkg|tomcat7}} proxy injection<br />
* [22 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000716.html ASA-201609-20] {{pkg|irssi}} arbitrary code execution<br />
* [20 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000715.html ASA-201609-19] {{pkg|curl}} denial of service<br />
* [20 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000714.html ASA-201609-18] {{pkg|lib32-curl}} denial of service<br />
* [20 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000713.html ASA-201609-17] {{pkg|lib32-jansson}} denial of service<br />
* [18 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000712.html ASA-201609-16] {{pkg|php}} multiple issues<br />
* [17 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000711.html ASA-201609-15] {{pkg|jansson}} denial of service<br />
* [17 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000710.html ASA-201609-14] {{pkg|lib32-libgcrypt}} information disclosure<br />
* [17 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000709.html ASA-201609-13] {{pkg|chromium}} multiple issues<br />
* [15 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000708.html ASA-201609-12] {{pkg|lib32-flashplugin}} multiple issues<br />
* [15 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000707.html ASA-201609-11] {{pkg|flashplugin}} multiple issues<br />
* [14 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000706.html ASA-201609-10] {{pkg|mariadb}} multiple issues<br />
* [13 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000705.html ASA-201609-9] {{pkg|powerdns}} denial of service<br />
* [13 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000704.html ASA-201609-8] {{pkg|libtorrent-rasterbar}} denial of service<br />
* [10 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000703.html ASA-201609-7] {{pkg|tomcat8}} proxy injection<br />
* [09 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000702.html ASA-201609-6] {{pkg|graphicsmagick}} multiple issues<br />
* [09 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000701.html ASA-201609-5] {{pkg|file-roller}} directory traversal<br />
* [09 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000700.html ASA-201609-4] {{pkg|wordpress}} multiple issues<br />
* [04 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000699.html ASA-201609-3] {{pkg|thunderbird}} arbitrary code execution<br />
* [01 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000698.html ASA-201609-2] {{pkg|webkit2gtk}} multiple issues<br />
* [01 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000697.html ASA-201609-1] {{pkg|chromium}} multiple issues<br />
<br />
=== August 2016 ===<br />
* [30 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000696.html ASA-201608-22] {{pkg|mupdf}} arbitrary code execution<br />
* [30 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000695.html ASA-201608-21] {{pkg|mupdf}} arbitrary code execution<br />
* [27 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000694.html ASA-201608-20] {{pkg|wireshark-cli}} denial of service<br />
* [26 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000693.html ASA-201608-19] {{pkg|mediawiki}} multiple issues<br />
* [22 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000692.html ASA-201608-18] {{pkg|libgcrypt}} information disclosure<br />
* [21 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000691.html ASA-201608-17] {{pkg|linux-lts}} information disclosure<br />
* [17 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000690.html ASA-201608-16] {{pkg|chromium}} multiple issues<br />
* [17 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000689.html ASA-201608-15] {{pkg|linux-zen}} information disclosure<br />
* [14 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000688.html ASA-201608-14] {{pkg|postgresql}} multiple issues<br />
* [14 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000687.html ASA-201608-13] {{pkg|linux-grsec}} information disclosure<br />
* [14 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000686.html ASA-201608-12] {{pkg|linux}} information disclosure<br />
* [11 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000685.html ASA-201608-11] {{pkg|websvn}} cross-site scripting<br />
* [10 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000684.html ASA-201608-10] {{pkg|jq}} arbitrary code execution<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000683.html ASA-201608-9] {{pkg|curl}} multiple issues<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000682.html ASA-201608-8] {{pkg|libupnp}} arbitrary filesystem access<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000681.html ASA-201608-7] {{pkg|lib32-glibc}} denial of service<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000680.html ASA-201608-6] {{pkg|glibc}} denial of service<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000679.html ASA-201608-5] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000678.html ASA-201608-4] {{pkg|jre7-openjdk}} multiple issues<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000677.html ASA-201608-3] {{pkg|jdk7-openjdk}} multiple issues<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000676.html ASA-201608-2] {{pkg|firefox}} multiple issues<br />
* [02 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000675.html ASA-201608-1] {{pkg|openssh}} information leakage<br />
<br />
=== July 2016 ===<br />
* [30 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000674.html ASA-201607-14] {{pkg|libidn}} denial of service<br />
* [29 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000673.html ASA-201607-13] {{pkg|imagemagick}} information leakage<br />
* [24 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000672.html ASA-201607-12] {{pkg|chromium}} multiple issues<br />
* [22 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000671.html ASA-201607-11] {{pkg|python2-django}} cross site scripting<br />
* [22 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000670.html ASA-201607-10] {{pkg|python-django}} cross site scripting<br />
* [21 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000669.html ASA-201607-9] {{pkg|drupal}} proxy injection<br />
* [20 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000668.html ASA-201607-8] {{pkg|bind}} denial of service<br />
* [18 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000667.html ASA-201607-7] {{pkg|lib32-flashplugin}} multiple issues<br />
* [18 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000666.html ASA-201607-6] {{pkg|flashplugin}} multiple issues<br />
* [17 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000665.html ASA-201607-5] {{pkg|gimp}} arbitrary code execution<br />
* [10 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000664.html ASA-201607-4] {{pkg|thunderbird}} arbitrary code execution<br />
* [05 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000663.html ASA-201607-3] {{pkg|libreoffice-fresh}} arbitrary code execution<br />
* [05 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000662.html ASA-201607-2] {{pkg|xerces-c}} denial of service<br />
* [05 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000661.html ASA-201607-1] {{pkg|libarchive}} arbitrary code execution<br />
<br />
=== June 2016 ===<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000660.html ASA-201606-25] {{pkg|phpmyadmin}} multiple issues<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000659.html ASA-201606-24] {{pkg|libpurple}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000658.html ASA-201606-23] {{pkg|libdwarf}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000657.html ASA-201606-22] {{pkg|xerces-c}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000656.html ASA-201606-21] {{pkg|vlc}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000655.html ASA-201606-20] {{pkg|chromium}} arbitrary code execution<br />
* [20 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000654.html ASA-201606-19] {{pkg|wget}} arbitrary file upload<br />
* [20 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000653.html ASA-201606-18] {{pkg|lib32-flashplugin}} multiple issues<br />
* [19 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000652.html ASA-201606-17] {{pkg|lib32-glibc}} denial of service<br />
* [19 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000651.html ASA-201606-16] {{pkg|glibc}} denial of service<br />
* [19 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000650.html ASA-201606-15] {{pkg|flashplugin}} multiple issues<br />
* [13 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000649.html ASA-201606-14] {{pkg|lib32-expat}} multiple issues<br />
* [13 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000648.html ASA-201606-13] {{pkg|expat}} multiple issues<br />
* [10 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000647.html ASA-201606-12] {{pkg|lib32-gnutls}} arbitrary file overwrite<br />
* [10 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000646.html ASA-201606-11] {{pkg|haproxy}} denial of service<br />
* [10 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000645.html ASA-201606-10] {{pkg|gnutls}} arbitrary file overwrite<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000644.html ASA-201606-9] {{pkg|qemu-arch-extra}} multiple issues<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000643.html ASA-201606-8] {{pkg|qemu}} multiple issues<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000642.html ASA-201606-7] {{pkg|firefox}} multiple issues<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000641.html ASA-201606-6] {{pkg|subversion}} multiple issues<br />
* [5 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000640.html ASA-201606-5] {{pkg|chromium}} multiple issues<br />
* [4 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000639.html ASA-201606-4] {{pkg|ntp}} distributed denial of service amplification<br />
* [4 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000638.html ASA-201606-3] {{pkg|webkit2gtk}} arbitrary code execution<br />
* [1 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000637.html ASA-201606-2] {{pkg|nginx-mainline}} denial of service<br />
* [1 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000636.html ASA-201606-1] {{pkg|nginx}} denial of service<br />
<br />
=== May 2016 ===<br />
<br />
* [28 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000635.html ASA-201605-28] {{pkg|chromium}} multiple issues<br />
* [26 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000634.html ASA-201605-27] {{pkg|libxml2}} multiple issues<br />
* [24 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000633.html ASA-201605-26] {{pkg|libndp}} man-in-the-middle<br />
* [19 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000632.html ASA-201605-25] {{pkg|bugzilla}} cross-site scripting<br />
* [18 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000631.html ASA-201605-24] {{pkg|p7zip}} arbitrary code execution<br />
* [18 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000630.html ASA-201605-23] {{pkg|lib32-expat}} arbitrary code execution<br />
* [18 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000629.html ASA-201605-22] {{pkg|expat}} arbitrary code execution<br />
* [15 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000628.html ASA-201605-21] {{pkg|thunderbird}} arbitrary code execution<br />
* [13 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000627.html ASA-201605-20] {{pkg|lib32-glibc}} multiple issues<br />
* [13 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000626.html ASA-201605-19] {{pkg|glibc}} multiple issues<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000625.html ASA-201605-18] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000624.html ASA-201605-17] {{pkg|libksba}} denial of service<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000623.html ASA-201605-16] {{pkg|flashplugin}} arbitrary code execution<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000622.html ASA-201605-15] {{pkg|chromium}} multiple issues<br />
* [10 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000621.html ASA-201605-14] {{pkg|cacti}} sql injection<br />
* [10 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000620.html ASA-201605-13] {{pkg|squid}} multiple issues<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000619.html ASA-201605-12] {{pkg|mencoder}} denial of service<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000618.html ASA-201605-11] {{pkg|mplayer}} denial of service<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000617.html ASA-201605-10] {{pkg|mercurial}} arbitrary code execution<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000616.html ASA-201605-9] {{pkg|latex2rtf}} arbitrary code execution<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000615.html ASA-201605-8] {{pkg|gd}} arbitrary code execution<br />
* [05 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000614.html ASA-201605-7] {{pkg|chromium}} multiple issues<br />
* [05 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000613.html ASA-201605-6] {{pkg|imagemagick}} arbitrary code execution<br />
* [05 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000612.html ASA-201605-5] {{pkg|quassel-core}} denial of service<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000611.html ASA-201605-4] {{pkg|lib32-openssl}} multiple issues<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000610.html ASA-201605-3] {{pkg|openssl}} multiple issues<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000609.html ASA-201605-2] {{pkg|jasper}} multiple issues<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000608.html ASA-201605-1] {{pkg|imlib2}} multiple issues<br />
<br />
=== April 2016 ===<br />
<br />
* [30 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000607.html ASA-201604-15] {{pkg|firefox}} multiple issues<br />
* [23 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000606.html ASA-201604-14] {{pkg|squid}} multiple issues<br />
* [23 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000605.html ASA-201604-13] {{pkg|samba}} multiple issues<br />
* [23 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000604.html ASA-201604-12] {{pkg|thunderbird}} multiple issues<br />
* [22 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000603.html ASA-201604-11] {{pkg|pgpdump}} denial of service<br />
* [17 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000602.html ASA-201604-10] {{pkg|chromium}} multiple issues<br />
* [17 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000601.html ASA-201604-9] {{pkg|libtasn1}} denial of service<br />
* [14 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000600.html ASA-201604-8] {{pkg|lhasa}} arbitrary code execution<br />
* [10 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000599.html ASA-201604-7] {{pkg|flashplugin}} arbitrary code execution<br />
* [06 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000598.html ASA-201604-6] {{pkg|mercurial}} arbitrary code execution<br />
* [04 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000597.html ASA-201604-5] {{pkg|optipng}} arbitrary code execution<br />
* [02 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000596.html ASA-201604-4] {{pkg|squid}} denial of service<br />
* [01 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000595.html ASA-201604-3] {{pkg|jre7-openjdk-headless}} sandbox escape<br />
* [01 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000594.html ASA-201604-2] {{pkg|jre7-openjdk}} sandbox escape<br />
* [01 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000593.html ASA-201604-1] {{pkg|jdk7-openjdk}} sandbox escape<br />
<br />
=== March 2016 ===<br />
<br />
* [29 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000592.html ASA-201603-27] {{pkg|jre8-openjdk-headless}} sandbox escape<br />
* [29 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000591.html ASA-201603-26] {{pkg|jre8-openjdk}} sandbox escape<br />
* [29 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000590.html ASA-201603-25] {{pkg|jdk8-openjdk}} sandbox escape<br />
* [26 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000589.html ASA-201603-24] {{pkg|chromium}} multiple issues<br />
* [24 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000588.html ASA-201603-23] {{pkg|expat}} arbitrary code execution<br />
* [24 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000587.html ASA-201603-22] {{pkg|botan}} multiple issues<br />
* [20 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000586.html ASA-201603-21] {{pkg|thunderbird}} multiple issues<br />
* [20 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000585.html ASA-201603-20] {{pkg|git}} remote command execution<br />
* [14 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000584.html ASA-201603-19] {{pkg|dropbear}} command injection<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000583.html ASA-201603-18] {{pkg|pcre}} arbitrary code execution<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000582.html ASA-201603-17] {{pkg|wireshark-gtk}} denial of service<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000581.html ASA-201603-16] {{pkg|wireshark-qt}} denial of service<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000580.html ASA-201603-15] {{pkg|wireshark-cli}} denial of service<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000579.html ASA-201603-14] {{pkg|pidgin-otr}} arbitrary code execution<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000578.html ASA-201603-13] {{pkg|bind}} denial of service<br />
* [11 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000577.html ASA-201603-12] {{pkg|openssh}} command injection<br />
* [11 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000576.html ASA-201603-11] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [11 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000575.html ASA-201603-10] {{pkg|flashplugin}} arbitrary code execution<br />
* [10 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000574.html ASA-201603-9] {{pkg|perl}} improper input validation<br />
* [10 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000573.html ASA-201603-8] {{pkg|exim}} privilege escalation<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000572.html ASA-201603-7] {{pkg|bind}} denial of service<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000571.html ASA-201603-6] {{pkg|libotr}} arbitrary code execution<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000570.html ASA-201603-5] {{pkg|chromium}} multiple issues<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000569.html ASA-201603-4] {{pkg|firefox}} multiple issues<br />
* [7 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000568.html ASA-201603-3] {{pkg|lib32-openssl}} multiple issues<br />
* [7 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000567.html ASA-201603-2] {{pkg|openssl}} multiple issues<br />
* [3 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000566.html ASA-201603-1] {{pkg|chromium}} multiple issues<br />
<br />
=== February 2016 ===<br />
<br />
* [28 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000565.html ASA-201602-24] {{pkg|cacti}} SQL injection<br />
* [28 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000564.html ASA-201602-23] {{pkg|lib32-glibc}} unbound stack usage<br />
* [28 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000563.html ASA-201602-22] {{pkg|glibc}} unbound stack usage<br />
* [25 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000562.html ASA-201602-21] {{pkg|lib32-libssh2}} man-in-the-middle<br />
* [25 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000561.html ASA-201602-20] {{pkg|libssh2}} man-in-the-middle<br />
* [24 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000560.html ASA-201602-19] {{pkg|libgcrypt}} secret key extraction<br />
* [23 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000559.html ASA-201602-18] {{pkg|libssh}} man-in-the-middle<br />
* [21 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000558.html ASA-201602-17] {{pkg|chromium}} multiple issues<br />
* [21 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000557.html ASA-201602-16] {{pkg|thunderbird}} multiple issues<br />
* [17 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000555.html ASA-201602-15] {{pkg|lib32-glibc}} multiple issues<br />
* [17 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000554.html ASA-201602-14] {{pkg|glibc}} multiple issues<br />
* [13 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000553.html ASA-201602-13] {{pkg|nghttp2}} denial of service<br />
* [13 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000552.html ASA-201602-12] {{pkg|firefox}} same-origin policy bypass<br />
* [10 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000551.html ASA-201602-11] {{pkg|botan}} multiple issues<br />
* [10 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000550.html ASA-201602-10] {{pkg|kscreenlocker}} access restriction bypass<br />
* [6 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000549.html ASA-201602-9] {{pkg|lib32-libsndfile}} multiple issues<br />
* [6 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000548.html ASA-201602-8] {{pkg|libsndfile}} multiple issues<br />
* [4 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000547.html ASA-201602-7] {{pkg|libbsd}} denial of service<br />
* [3 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000546.html ASA-201602-6] {{pkg|lib32-nettle}} improper cryptographic calculations<br />
* [3 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000545.html ASA-201602-5] {{pkg|nettle}} improper cryptographic calculations<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000544.html ASA-201602-4] {{pkg|lib32-curl}} man-in-the-middle<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000543.html ASA-201602-3] {{pkg|curl}} man-in-the-middle<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000542.html ASA-201602-2] {{pkg|python2-django}} permission bypass<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000540.html ASA-201602-1] {{pkg|python-django}} permission bypass<br />
<br />
=== January 2016 ===<br />
* [29 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000539.html ASA-201601-33] {{pkg|lib32-openssl}} man-in-the-middle<br />
* [29 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000538.html ASA-201601-32] {{pkg|openssl}} man-in-the-middle<br />
* [27 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000536.html ASA-201601-31] {{pkg|nginx}} denial of service<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000535.html ASA-201601-30] {{pkg|blueman}} privilege escalation<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000534.html ASA-201601-29] {{pkg|mbedtls}} man-in-the-middle<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000533.html ASA-201601-28] {{pkg|chromium}} multiple issues<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000532.html ASA-201601-27] {{pkg|privoxy}} denial of service<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000531.html ASA-201601-26] {{pkg|linux-lts}} privilege escalation<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000530.html ASA-201601-25] {{pkg|ecryptfs-utils}} privilege escalation<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000529.html ASA-201601-24] {{pkg|python2-rsa}} signature forgery<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000528.html ASA-201601-23] {{pkg|python-rsa}} signature forgery<br />
* [21 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000527.html ASA-201601-22] {{pkg|libdwarf}} denial of service<br />
* [21 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000526.html ASA-201601-21] {{pkg|bind}} denial of service<br />
* [20 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000525.html ASA-201601-20] {{pkg|linux}} privilege escalation<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000524.html ASA-201601-19] {{pkg|ntp}} time alteration<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000523.html ASA-201601-18] {{pkg|roundcubemail}} remote code execution<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000522.html ASA-201601-17] {{pkg|ffmpeg}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000521.html ASA-201601-16] {{pkg|syncthing}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000520.html ASA-201601-15] {{pkg|keybase}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000519.html ASA-201601-14] {{pkg|hub}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000518.html ASA-201601-13] {{pkg|go-ipfs}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000517.html ASA-201601-12] {{pkg|docker}} information leakage<br />
* [16 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000516.html ASA-201601-11] {{pkg|go}} information leakage<br />
* [14 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000515.html ASA-201601-10] {{pkg|php}} multiple issues<br />
* [14 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000512.html ASA-201601-9] {{pkg|openssh}} multiple issues<br />
* [13 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000487.html ASA-201601-8] {{pkg|libxslt}} denial of service<br />
* [11 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000486.html ASA-201601-7] {{pkg|dhcpcd}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000485.html ASA-201601-6] {{pkg|wireshark-qt}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000484.html ASA-201601-5] {{pkg|wireshark-gtk}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000483.html ASA-201601-4] {{pkg|wireshark-cli}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000482.html ASA-201601-3] {{pkg|gajim}} man-in-the-middle<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000481.html ASA-201601-2] {{pkg|wordpress}} cross-side scripting<br />
* [02 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000480.html ASA-201601-1] {{pkg|rtmpdump}} multiple issues<br />
<br />
=== December 2015 ===<br />
<br />
* [28 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000479.html ASA-201512-19] {{pkg|openvpn}} out-of-bound read<br />
* [28 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000478.html ASA-201512-18] {{pkg|libpng}} buffer overflow<br />
* [28 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000477.html ASA-201512-17] {{pkg|flashplugin}}, {{pkg|lib32-flashplugin}} multiple issues<br />
* [25 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000476.html ASA-201512-16] {{pkg|nghttp2}} use-after-free<br />
* [25 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000475.html ASA-201512-15] {{pkg|mediawiki}} multiple issues<br />
* [25 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000474.html ASA-201512-14] {{pkg|thunderbird}} multiple issues<br />
* [22 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000473.html ASA-201512-13] {{pkg|claws-mail}} buffer overflow<br />
* [17 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000472.html ASA-201512-12] {{pkg|python2-pyamf}} XML external entity injection<br />
* [17 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000471.html ASA-201512-11] {{pkg|ruby}} unsafe tainted string usage<br />
* [16 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000468.html ASA-201512-10] {{pkg|bind}} denial of service<br />
* [15 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000467.html ASA-201512-9] {{pkg|firefox}} multiple issues<br />
* [10 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000466.html ASA-201512-8] {{pkg|keepassx}} information disclosure<br />
* [09 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000465.html ASA-201512-7] {{pkg|flashplugin}} multiple issues<br />
* [09 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000464.html ASA-201512-6] {{pkg|libxml2}} multiple issues<br />
* [09 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000463.html ASA-201512-5] {{pkg|chromium}} multiple issues<br />
* [05 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000462.html ASA-201512-4] {{pkg|nodejs}} denial of service<br />
* [05 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000460.html ASA-201512-3] {{pkg|python-django}} {{pkg|python2-django}} information leakage<br />
* [05 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000459.html ASA-201512-2] {{pkg|openssl}} {{pkg|lib32-openssl}} multiple issues<br />
* [02 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000440.html ASA-201512-1] {{pkg|chromium}} multiple issues<br />
<br />
=== November 2015 ===<br />
<br />
* [18 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000439.html ASA-201511-11] {{pkg|jenkins}} multiple issues<br />
* [17 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000438.html ASA-201511-10] {{pkg|lib32-libpng}} multiple issues<br />
* [17 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000437.html ASA-201511-9] {{pkg|libpng}} multiple issues<br />
* [13 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000436.html ASA-201511-8] {{pkg|chromium}} information leakage<br />
* [12 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000435.html ASA-201511-7] {{pkg|putty}} arbitrary code execution<br />
* [12 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000434.html ASA-201511-6] {{pkg|powerdns}} denial of service<br />
* [11 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000433.html ASA-201511-5] {{pkg|flashplugin}} multiple issues<br />
* [06 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000432.html ASA-201511-4] {{pkg|nspr}} arbitrary code execution<br />
* [06 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000431.html ASA-201511-3] {{pkg|nss}} arbitrary code execution<br />
* [04 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000430.html ASA-201511-2] {{pkg|firefox}} multiple issues<br />
* [03 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000429.html ASA-201511-1] {{pkg|unzip}} multiple issues<br />
<br />
=== October 2015 ===<br />
<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000428.html ASA-201510-26] {{pkg|mariadb}} denial of service<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000427.html ASA-201510-25] {{pkg|lldpd}} denial of service<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000426.html ASA-201510-24] {{pkg|wordpress}} multiple issues<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000425.html ASA-201510-23] {{pkg|phpmyadmin}} content spoofing<br />
* [27 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000424.html ASA-201510-22] {{pkg|vorbis-tools}} denial of service<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000423.html ASA-201510-21] {{pkg|drupal}} open redirect<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000422.html ASA-201510-20] {{pkg|jre8-openjdk-headless}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000421.html ASA-201510-19] {{pkg|jre8-openjdk}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000420.html ASA-201510-18] {{pkg|jdk8-openjdk}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000419.html ASA-201510-17] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000418.html ASA-201510-16] {{pkg|jre7-openjdk}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000417.html ASA-201510-15] {{pkg|jdk7-openjdk}} multiple issues<br />
* [22 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000416.html ASA-201510-14] {{pkg|ntp}} multiple issues<br />
* [19 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000415.html ASA-201510-13] {{pkg|spice}} multiple issues<br />
* [18 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000414.html ASA-201510-12] {{pkg|flashplugin}} arbitrary code execution<br />
* [18 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000413.html ASA-201510-11] {{pkg|miniupnpc}} arbitrary code execution<br />
* [16 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000412.html ASA-201510-10] {{pkg|firefox}} cross-origin restriction bypass<br />
* [15 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000411.html ASA-201510-9] {{pkg|mbedtls}} arbitrary code execution<br />
* [14 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000410.html ASA-201510-8] {{pkg|chromium}} multiple issues<br />
* [14 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000409.html ASA-201510-7] {{pkg|flashplugin}} multiple issues<br />
* [10 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000408.html ASA-201510-6] {{pkg|gdk-pixbuf2}} multiple issues<br />
* [08 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000407.html ASA-201510-5] {{pkg|opensmtpd}} multiple issues<br />
* [08 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000406.html ASA-201510-4] {{pkg|bugzilla}} unauthorized account creation<br />
* [05 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000405.html ASA-201510-3] {{pkg|nodejs}} denial of service<br />
* [05 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000404.html ASA-201510-2] {{pkg|hostapd}} denial of service<br />
* [05 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000403.html ASA-201510-1] {{pkg|libunwind}} denial of service<br />
<br />
=== September 2015 ===<br />
* [28 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000401.html ASA-201509-11] {{pkg|chromium}} cross-origin bypass<br />
* [25 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000400.html ASA-201509-10] {{pkg|rpcbind}} denial of service<br />
* [23 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000399.html ASA-201509-9] {{pkg|firefox}} multiple issues<br />
* [22 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000398.html ASA-201509-8] {{pkg|flashplugin}} multiple issues<br />
* [21 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000397.html ASA-201509-7] {{pkg|wordpress}} multiple issues<br />
* [13 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000395.html ASA-201509-6] {{pkg|icedtea-web}} multiple issues<br />
* [13 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000394.html ASA-201509-5] {{pkg|libvdpau}} {{pkg|lib32-libvdpau}} multiple issues<br />
* [13 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000393.html ASA-201509-4] {{pkg|openldap}} denial of service<br />
* [07 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000392.html ASA-201509-3] {{pkg|powerdns}} denial of service<br />
* [03 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000391.html ASA-201509-2] {{pkg|bind}} denial of service<br />
* [02 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000390.html ASA-201509-1] {{pkg|chromium}} multiple issues<br />
<br />
=== August 2015 ===<br />
* [28 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000389.html ASA-201508-12] {{pkg|firefox}} multiple issues<br />
* [26 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000388.html ASA-201508-11] {{pkg|pcre}} arbitrary code execution<br />
* [26 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000387.html ASA-201508-10] {{pkg|jasper}} denial of service<br />
* [25 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000386.html ASA-201508-9] {{pkg|django}} denial of service<br />
* [25 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000385.html ASA-201508-8] {{pkg|gnutls}} denial of service<br />
* [16 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000384.html ASA-201508-7] {{pkg|glibc}} denial of service<br />
* [14 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000383.html ASA-201508-6] {{pkg|freeradius}} insufficient CRL validation<br />
* [14 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000382.html ASA-201508-5] {{pkg|subversion}} authentication bypass<br />
* [12 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000381.html ASA-201508-4] {{pkg|firefox}} multiple issues<br />
* [11 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000380.html ASA-201508-3] {{pkg|ppp}} denial of service<br />
* [07 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000379.html ASA-201508-2] {{pkg|wordpress}} multiple issues<br />
* [07 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000378.html ASA-201508-1] {{pkg|firefox}} information leakage<br />
<br />
=== July 2015 ===<br />
* [29 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000377.html ASA-201507-23] {{pkg|pacman}} silent downgrade<br />
* [29 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000376.html ASA-201507-22] {{pkg|bind}} denial of service<br />
* [29 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000375.html ASA-201507-21] {{pkg|qemu}} multiple issues<br />
* [24 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000374.html ASA-201507-20] {{pkg|crypto++}} private key recovery<br />
* [24 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000373.html ASA-201507-19] {{pkg|libuser}} privilege escalation<br />
* [23 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000371.html ASA-201507-18] {{pkg|chromium}} multiple issues<br />
* [23 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000372.html ASA-201507-17] {{pkg|openssh}} authentication limits bypass<br />
* [22 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000370.html ASA-201507-16] {{pkg|jre7-openjdk}} multiple issues<br />
* [17 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000369.html ASA-201507-15] {{pkg|apache}} multiple issues<br />
* [16 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000368.html ASA-201507-14] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [16 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000367.html ASA-201507-13] {{pkg|flashplugin}} arbitrary code execution<br />
* [13 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000366.html ASA-201507-12] {{pkg|lib32-openssl}} man-in-the-middle<br />
* [12 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000365.html ASA-201507-11] {{pkg|lib32-krb5}} multiple issues<br />
* [12 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000364.html ASA-201507-10] {{pkg|krb5}} multiple issues<br />
* [11 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000363.html ASA-201507-9] {{pkg|thunderbird}} multiple issues<br />
* [09 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000362.html ASA-201507-8] {{pkg|openssl}} man-in-the-middle<br />
* [08 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000361.html ASA-201507-7] {{pkg|flashplugin}} remote code execution<br />
* [07 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000360.html ASA-201507-6] {{pkg|bind}} denial of service<br />
* [07 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000359.html ASA-201507-5] {{pkg|ntp}} denial of service<br />
* [04 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000358.html ASA-201507-4] {{pkg|openssh}} XSECURITY restrictions bypass<br />
* [04 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000357.html ASA-201507-3] {{pkg|haproxy}} information leakage<br />
* [03 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000356.html ASA-201507-2] {{pkg|firefox}} remote code execution<br />
* [03 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000355.html ASA-201507-1] {{pkg|wesnoth}} information leakage<br />
<br />
=== June 2015 ===<br />
* [24 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000346.html ASA-201506-5] {{pkg|flashplugin}} remote code execution<br />
* [22 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000345.html ASA-201506-4] {{pkg|curl}} information leakage<br />
* [12 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000344.html ASA-201506-3] {{pkg|openssl}} multiple issues<br />
* [10 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000343.html ASA-201506-2] {{pkg|cups}} multiple issues<br />
* [01 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000342.html ASA-201506-1] {{pkg|pcre}} buffer overflow<br />
<br />
=== May 2015 ===<br />
* [28 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000341.html ASA-201505-20] {{pkg|curl}} information leakage<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000340.html ASA-201505-19] {{pkg|webkitgtk2}} man-in-the-middle<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000339.html ASA-201505-18] {{pkg|webkitgtk}} man-in-the-middle<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000338.html ASA-201505-17] {{pkg|postgresql}} multiple issues<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000337.html ASA-201505-16] {{pkg|pgbouncer}} denial of service<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000336.html ASA-201505-15] {{pkg|nbd}} denial of service<br />
* [21 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000335.html ASA-201505-14] {{pkg|chromium}} multiple issues<br />
* [18 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000332.html ASA-201505-13] {{pkg|thunderbird}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000331.html ASA-201505-12] {{pkg|wireshark-gtk}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000330.html ASA-201505-11] {{pkg|wireshark-qt}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000329.html ASA-201505-10] {{pkg|wireshark-cli}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000328.html ASA-201505-9] {{pkg|qemu}} arbitrary code execution<br />
* [13 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000321.html ASA-201505-8] {{pkg|tomcat6}} denial of service<br />
* [13 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000320.html ASA-201505-7] {{pkg|firefox}} multiple issues<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000319.html ASA-201505-6] {{pkg|docker}} multiple issues<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000318.html ASA-201505-5] {{pkg|libtasn1}} arbitrary code execution<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000317.html ASA-201505-4] {{pkg|mariadb-clients}} multiple issues<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000316.html ASA-201505-3] {{pkg|mariadb}} multiple issues<br />
* [03 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000315.html ASA-201505-2] {{pkg|clamav}} multiple issues<br />
* [01 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000314.html ASA-201505-1] {{pkg|squid}} weak certificate validation<br />
<br />
=== Apr 2015 ===<br />
* [30 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000313.html ASA-201504-32] {{pkg|perl-xml-libxml}} xml external entity injection<br />
* [29 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000312.html ASA-201504-31] {{pkg|dovecot}} denial of service<br />
* [29 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000311.html ASA-201504-30] {{pkg|chromium}} multiple issues<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000310.html ASA-201504-29] {{pkg|wpa_supplicant}} arbitrary code execution<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000309.html ASA-201504-28] {{pkg|curl}} multiple issues<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000308.html ASA-201504-27] {{pkg|powerdns-recursor}} denial of service<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000307.html ASA-201504-26] {{pkg|powerdns}} denial of service<br />
* [23 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000305.html ASA-201504-25] {{pkg|glibc}} arbitrary code execution<br />
* [22 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000304.html ASA-201504-24] {{pkg|firefox}} arbitrary code execution<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000302.html ASA-201504-23] {{pkg|jre8-openjdk-headless}} multiple issues<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000301.html ASA-201504-22] {{pkg|jre8-openjdk}} multiple issues<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000300.html ASA-201504-21] {{pkg|jdk8-openjdk}} multiple issues<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000299.html ASA-201504-20] {{pkg|tcpdump}} denial of service<br />
* [18 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000298.html ASA-201504-19] {{pkg|chromium}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000297.html ASA-201504-18] {{pkg|flashplugin}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000296.html ASA-201504-17] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000295.html ASA-201504-16] {{pkg|jre7-openjdk}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000294.html ASA-201504-15] {{pkg|jdk7-openjdk}} multiple issues<br />
* [15 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000291.html ASA-201504-14] {{pkg|php}} multiple issues<br />
* [14 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000282.html ASA-201504-13] {{pkg|ruby}} permissive certificate matching<br />
* [11 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000281.html ASA-201504-12] {{pkg|icecast}} denial of service<br />
* [10 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000280.html ASA-201504-11] {{pkg|mediawiki}} multiple issues<br />
* [09 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000279.html ASA-201504-10] {{pkg|libssh2}} out-of-bounds read<br />
* [08 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000278.html ASA-201504-9] {{pkg|chrony}} denial of service<br />
* [08 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000275.html ASA-201504-8] {{pkg|ntp}} multiple issues<br />
* [07 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000274.html ASA-201504-7] {{pkg|tor}} multiple issues<br />
* [04 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000272.html ASA-201504-6] {{pkg|thunderbird}} multiple issues<br />
* [04 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000273.html ASA-201504-5] {{pkg|java-batik}} xml external entity injection<br />
* [04 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000271.html ASA-201504-4] {{pkg|firefox}} certificate verification bypass<br />
* [03 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000270.html ASA-201504-3] {{pkg|libtasn1}} stack overflow<br />
* [02 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000269.html ASA-201504-2] {{pkg|chromium}} remote code execution<br />
* [01 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000268.html ASA-201504-1] {{pkg|firefox}} multiple issues<br />
<br />
=== Mar 2015 ===<br />
* [31 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000267.html ASA-201503-26] {{pkg|musl}} arbitrary code execution<br />
* [28 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000266.html ASA-201503-25] {{pkg|php}} zip integer overflow<br />
* [25 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000265.html ASA-201503-24] {{pkg|vorbis-tools}} denial of service<br />
* [24 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000264.html ASA-201503-23] {{pkg|util-linux}} command injection<br />
* [23 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000263.html ASA-201503-22] {{pkg|cpio}} directory traversal<br />
* [21 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000262.html ASA-201503-21] {{pkg|firefox}} multiple issues<br />
* [20 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000261.html ASA-201503-20] {{pkg|tcpdump}} multiple issues<br />
* [20 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000260.html ASA-201503-19] {{pkg|xerces-c}} denial of service<br />
* [20 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000259.html ASA-201503-18] {{pkg|drupal}} multiple issues<br />
* [19 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000258.html ASA-201503-17] {{pkg|lib32-openssl}} multiple issues<br />
* [19 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000257.html ASA-201503-16] {{pkg|openssl}} multiple issues<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000256.html ASA-201503-15] {{pkg|libxfont}} multiple issues<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000255.html ASA-201503-14] {{pkg|ecryptfs-utils}} hard-coded passphrase salt<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000254.html ASA-201503-13] {{pkg|ettercap-gtk}} multiple issues<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000253.html ASA-201503-12] {{pkg|ettercap}} multiple issues<br />
* [16 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000252.html ASA-201503-11] {{pkg|flashplugin}} multiple issues<br />
* [16 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000251.html ASA-201503-10] {{pkg|librsync}} checksum collision<br />
* [15 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000250.html ASA-201503-9] {{pkg|unzip}} arbitrary code execution<br />
* [12 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000249.html ASA-201503-8] {{pkg|e2fsprogs}} arbitrary code execution<br />
* [11 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000248.html ASA-201503-7] {{pkg|python2-django}} {{pkg|python-django}} cross site scripting<br />
* [09 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000247.html ASA-201503-6] {{pkg|mutt}} denial of service<br />
* [05 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000245.html ASA-201503-5] {{pkg|chromium}} multiple issues<br />
* [05 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000244.html ASA-201503-4] {{pkg|grep}} denial of service<br />
* [02 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000243.html ASA-201503-3] {{pkg|lib32-elfutils}} directory traversal<br />
* [02 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000242.html ASA-201503-2] {{pkg|elfutils}} directory traversal<br />
* [02 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000241.html ASA-201503-1] {{pkg|putty}} information disclosure<br />
<br />
=== Feb 2015 ===<br />
* [25 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000238.html ASA-201502-15] {{pkg|thunderbird}} multiple issues<br />
* [25 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000237.html ASA-201502-14] {{pkg|firefox}} multiple issues<br />
* [23 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000236.html ASA-201502-13] {{pkg|samba}} arbitrary code execution<br />
* [17 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000235.html ASA-201502-12] {{pkg|krb5}} multiple issues<br />
* [11 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000234.html ASA-201502-11] {{pkg|xorg-server}} information leak and denial of service<br />
* [10 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000233.html ASA-201502-10] {{pkg|dbus}} denial of service<br />
* [09 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000232.html ASA-201502-9] {{pkg|pigz}} remote write to arbitrary file<br />
* [09 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000231.html ASA-201502-8] {{pkg|glibc}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000230.html ASA-201502-7] {{pkg|ntp}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000229.html ASA-201502-6] {{pkg|clamav}} arbitrary code execution<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000228.html ASA-201502-5] {{pkg|chromium}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000227.html ASA-201502-4] {{pkg|postgresql}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000226.html ASA-201502-3] {{pkg|mantisbt}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000225.html ASA-201502-2] {{pkg|flashplugin}} remote code execution<br />
* [03 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000224.html ASA-201502-1] {{pkg|privoxy}} denial of service<br />
<br />
=== Jan 2015 ===<br />
* [28 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000223.html ASA-201501-24] {{pkg|patch}} multiple issues<br />
* [27 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000222.html ASA-201501-23] {{pkg|jasper}} arbitrary code execution<br />
* [26 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000220.html ASA-201501-22] {{pkg|flashplugin}} multiple issues<br />
* [25 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000219.html ASA-201501-21] {{pkg|chromium}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000218.html ASA-201501-20] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000217.html ASA-201501-19] {{pkg|jre7-openjdk}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000216.html ASA-201501-18] {{pkg|jdk7-openjdk}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000215.html ASA-201501-17] {{pkg|php}} remote code execution<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000212.html ASA-201501-16] {{pkg|jre8-openjdk-headless}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000211.html ASA-201501-15] {{pkg|jre8-openjdk}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000210.html ASA-201501-14] {{pkg|jdk8-openjdk}} multiple issues<br />
* [20 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000209.html ASA-201501-13] {{pkg|polarssl}} remote code execution<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000208.html ASA-201501-12] {{pkg|libssh}} denial of service<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000207.html ASA-201501-11] {{pkg|tinyproxy}} denial of service<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000206.html ASA-201501-10] {{pkg|samba}} privilege elevation<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000205.html ASA-201501-9] {{pkg|curl}} url request injection<br />
* [15 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000204.html ASA-201501-8] {{pkg|flashplugin}} multiple issues<br />
* [14 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000203.html ASA-201501-7] {{pkg|thunderbird}} multiple issues<br />
* [14 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000202.html ASA-201501-6] {{pkg|firefox}} multiple issues<br />
* [14 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000201.html ASA-201501-5] {{pkg|cpio}} heap buffer overflow<br />
* [13 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000200.html ASA-201501-4] {{pkg|libevent}} heap overflow<br />
* [10 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000199.html ASA-201501-3] {{pkg|unzip}} arbitrary code execution<br />
* [09 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000198.html ASA-201501-2] {{pkg|openssl}} multiple issues<br />
* [07 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000192.html ASA-201501-1] {{pkg|imagemagick}} multiple issues<br />
<br />
=== Dec 2014 ===<br />
* [22 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000189.html ASA-201412-24] {{pkg|ntp}} multiple issues<br />
* [18 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000183.html ASA-201412-23] {{pkg|php}} use after free<br />
* [18 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000182.html ASA-201412-22] {{pkg|jasper}} arbitrary code execution<br />
* [18 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000181.html ASA-201412-21] {{pkg|glibc}} arbitrary code execution<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000178.html ASA-201412-20] {{pkg|unrtf}} arbitrary code execution<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000177.html ASA-201412-19] {{pkg|dokuwiki}} cross-site scripting<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000176.html ASA-201412-18] {{pkg|nss}} signature forgery<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000175.html ASA-201412-17] {{pkg|subversion}} denial of service<br />
* [15 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000174.html ASA-201412-16] {{pkg|docker}} multiple issues<br />
* [15 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000173.html ASA-201412-15] {{pkg|python2}} multiple issues<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000172.html ASA-201412-14] {{pkg|xorg-server}} multiple issues<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000171.html ASA-201412-13] {{pkg|flashplugin}} multiple issues<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000170.html ASA-201412-12] {{pkg|nvidia}} arbitrary code execution<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000169.html ASA-201412-11] {{pkg|nvidia-340xx}} arbitrary code execution<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000168.html ASA-201412-10] {{pkg|nvidia-304xx}} arbitrary code execution<br />
* [09 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000167.html ASA-201412-9] {{pkg|powerdns-recursor}} denial of service<br />
* [09 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000166.html ASA-201412-8] {{pkg|unbound}} denial of service<br />
* [08 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000165.html ASA-201412-7] {{pkg|bind}} denial of service<br />
* [08 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000164.html ASA-201412-6] {{pkg|mantisbt}} multiple issues<br />
* [04 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000163.html ASA-201412-5] {{pkg|antiword}} buffer overflow<br />
* [03 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000162.html ASA-201412-4] {{pkg|graphviz}} format string vulnerability<br />
* [03 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000161.html ASA-201412-3] {{pkg|firefox}} multiple issues<br />
* [02 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000160.html ASA-201412-2] {{pkg|openvpn}} denial of service<br />
* [01 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000159.html ASA-201412-1] {{pkg|gnupg}} denial of service<br />
<br />
=== Nov 2014 ===<br />
* [28 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000156.html ASA-201411-31] {{pkg|libksba}} denial of service<br />
* [28 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000157.html ASA-201411-32] {{pkg|icecast}} information leak<br />
* [28 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000158.html ASA-201411-33] {{pkg|libjpeg-turbo}} denial of service <br />
* [26 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000155.html ASA-201411-30] {{pkg|flac}} arbitrary code execution<br />
* [26 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000154.html ASA-201411-29] {{pkg|pcre}} heap buffer overflow<br />
* [23 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000153.html ASA-201411-28] {{pkg|dbus}} denial of service<br />
* [21 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000152.html ASA-201411-27] {{pkg|glibc}} command execution<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000151.html ASA-201411-26] {{pkg|chromium}} multiple issues<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000150.html ASA-201411-25] {{pkg|drupal}} session hijacking and denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000149.html ASA-201411-24] {{pkg|wireshark-qt}} denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000148.html ASA-201411-23] {{pkg|wireshark-gtk}} denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000147.html ASA-201411-22] {{pkg|wireshark-cli}} denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000146.html ASA-201411-21] {{pkg|clamav}} denial of service<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000145.html ASA-201411-20] {{pkg|avr-binutils}} multiple issues<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000144.html ASA-201411-19] {{pkg|mingw-w64-binutils}} multiple issues<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000143.html ASA-201411-18] {{pkg|arm-none-eabi-binutils}} multiple issues<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000142.html ASA-201411-17] {{pkg|binutils}} multiple issues<br />
* [17 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000141.html ASA-201411-16] {{pkg|ruby}} denial of service<br />
* [17 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000140.html ASA-201411-15] {{pkg|linux-lts}} local denial of service, privilege escalation<br />
* [17 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000139.html ASA-201411-14] {{pkg|linux}} local denial of service, privilege escalation<br />
* [13 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000138.html ASA-201411-13] {{pkg|php}} denial of service<br />
* [13 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000137.html ASA-201411-12] {{pkg|imagemagick}} denial of service<br />
* [13 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000136.html ASA-201411-11] {{pkg|flashplugin}} remote code execution<br />
* [12 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000135.html ASA-201411-10] {{pkg|gnutls}} out-of-bounds memory write<br />
* [12 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000134.html ASA-201411-9] {{pkg|file}} denial of service through out-of-bounds read<br />
* [12 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000133.html ASA-201411-8] {{pkg|mantisbt}} arbitrary code execution and unrestricted access<br />
* [11 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000132.html ASA-201411-7] {{pkg|curl}} out-of-bounds read<br />
* [10 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000131.html ASA-201411-6] {{pkg|kdebase-workspace}} local privilege escalation<br />
* [09 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000130.html ASA-201411-5] {{pkg|konversation}} denial of service<br />
* [06 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000129.html ASA-201411-4] {{pkg|polarssl}} multiple issues<br />
* [05 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000128.html ASA-201411-3] {{pkg|mantisbt}} sql injection<br />
* [03 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000127.html ASA-201411-2] {{pkg|aircrack-ng}} multiple vulnerabilities<br />
* [01 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000126.html ASA-201411-1] {{pkg|tnftp}} arbitrary command execution<br />
<br />
=== Oct 2014 ===<br />
<br />
* [29 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000125.html ASA-201410-14] {{pkg|wget}} arbitrary filesystem access<br />
* [27 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000124.html ASA-201410-13] {{pkg|ejabberd}} circumvention of encryption<br />
* [24 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000123.html ASA-201410-12] {{pkg|libxml2}} Denial of service<br />
* [24 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000122.html ASA-201410-11] {{pkg|ctags}} Denial of service<br />
* [23 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000121.html ASA-201410-10] {{pkg|libvncserver}} Remote code execution and Remote DoS<br />
* [22 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000120.html ASA-201410-9] {{pkg|libpurple}} Remote DoS and Information leakage<br />
* [20 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000119.html ASA-201410-8] {{pkg|wpa_supplicant}}, {{pkg|hostapd}} Arbitrary command execution<br />
* [16 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000118.html ASA-201410-7] {{pkg|drupal}} SQL Injection<br />
* [16 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000117.html ASA-201410-6] {{pkg|openssl}} Memory leak and poodle mitigation<br />
* [15 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000116.html ASA-201410-4] {{pkg|zeromq}} Man-in-the-middle downgrade and replay attack<br />
* [8 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000115.html ASA-201410-5] {{pkg|rsyslog}} Denial of service<br />
* [4 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000114.html ASA-201410-3] {{pkg|mediawiki}} Cross-site Scripting (XSS) and UI redressing<br />
* [2 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000113.html ASA-201410-2] {{pkg|jenkins}} Multiple issues<br />
* [1 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000112.html ASA-201410-1] {{pkg|rsyslog}} Remote denial of service<br />
<br />
=== Sep 2014 ===<br />
<br />
* [29 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000111.html ASA-201409-5] {{pkg|libvirt}} Out-of-bounds read access<br />
* [29 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000109.html ASA-201409-4] {{pkg|mediawiki}} Cross-site Scripting (XSS)<br />
* [26 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000102.html ASA-201409-3] {{pkg|python2}} Information leakage through integer overflow<br />
* [26 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000099.html ASA-201409-2] {{pkg|bash}} Remote code execution<br />
* [25 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000097.html ASA-201409-1] {{pkg|nss}} Signature forgery attack<br />
<br />
==Publishing a new advisory==<br />
<br />
We try to always wait for the vulnerability to have been fixed in the corresponding package before issuing an advisory.<br />
In case of an extremely critical vulnerability,<br />
we may issue an advisory before the package has been fixed, but only if a work-around exists. <br />
<br />
If you want to publish a new advisory, please check that:<br />
* the corresponding Arch Linux package is really vulnerable ;<br />
* the tracking [[Arch_CVE_Monitoring_Team#Procedure|Procedure]] has been completed;<br />
* no Arch Linux Security Advisory for this vulnerability has been published yet ;<br />
* no upcoming Security Advisory for this vulnerability has been claimed in the "[[#Scheduled Advisories|Scheduled Advisories]]" list of this page, as it would mean that someone is already working on an advisory ;<br />
* the current maintainer has been notified, either by flagging the package ouf-of-date if an upstream release fixing the issue exists and/or by creating a new [https://bugs.archlinux.org/ bug-tracker] entry (see the exact procedure [[Arch_CVE_Monitoring_Team#Procedure|here]]).<br />
<br />
You may then:<br />
* add a line in the "[[#Scheduled Advisories|Scheduled Advisories]]" list of this page, indicating that you are going to publish an advisory soon ;<br />
* use the following template as an example to write the advisory ;<br />
* ensure that every line in the advisory is properly wrapped after 72 characters<br />
* send the advisory to the [https://mailman.archlinux.org/mailman/listinfo/arch-security arch-security] mailing-list (note that it would be nice if you could send a PGP-signed e-mail, but it is not required).<br />
* move the published advisory from "[[#Scheduled Advisories|Scheduled Advisories]]" to "[[#Recent Advisories|Recent Advisories]]"<br />
* adapt the [[CVE#Documented_CVE.27s|CVE]] tracking page for the fixed package and add a link to the appropriate ASA.<br />
<br />
===Templates===<br />
<br />
{{bc|<nowiki><br />
Subject:<br />
[ASA-<YYYYMM-N>] <Package>: <Vulnerability Type><br />
<br />
Body:<br />
Arch Linux Security Advisory ASA-YYYYMM-N<br />
=========================================<br />
<br />
Severity: Low, Medium, High, Critical<br />
Date : YYYY-MM-DD<br />
CVE-ID : <CVE-ID><br />
Package : <package><br />
Type : <Vulnerability Type><br />
Remote : <Yes/No><br />
Link : https://wiki.archlinux.org/index.php/CVE<br />
<br />
Summary<br />
=======<br />
<br />
The package <package> before version <Arch Linux fixed version> is vulnerable to <Vulnerability type>.<br />
<br />
Resolution<br />
==========<br />
<br />
Upgrade to <Arch Linux fixed version>.<br />
<br />
# pacman -Syu "<package>>=<Arch Linux fixed version>"<br />
<br />
The problem has been fixed upstream in version <upstream fixed version>.<br />
<br />
Workaround<br />
==========<br />
<br />
<Is there a way to mitigate this vulnerability without upgrading?><br />
<br />
Description<br />
===========<br />
<br />
<Long description, for example from original advisory>.<br />
<br />
Impact<br />
======<br />
<br />
<<br />
What is it that an attacker can do? Does this need existing<br />
pre-conditions to be exploited (valid credentials, physical access)?<br />
Is this remotely exploitable?<br />
>.<br />
<br />
References<br />
==========<br />
<br />
<CVE-Link><br />
<Upstream report><br />
<Arch Linux Bug-Tracker><br />
</nowiki>}}<br />
<br />
===Vim-Snippet===<br />
<br />
Vim-Snippet for vim-ultisnips plugin for easy completing the archlinux template. Just install {{pkg|vim-ultisnips}} and copy the text below in your {{ic|~/.vim/UltiSnips/all.snippets}} you can jump through the tabstops with {{ic|CTRL+j}}.<br />
<br />
{{bc|<nowiki><br />
snippet archsec "arch security form" <br />
Arch Linux Security Advisory ASA-`date -I -u | egrep -o '[0-9]{4}'``date -I -u | egrep -o '[0-9]{2}' | sed '3q;d'`-${1}<br />
========================================${1/./=/g} <br />
<br />
Severity: ${2} <br />
Date : `date -I -u` <br />
CVE-ID : $3 <br />
Package : $4 <br />
Type : $5<br />
Remote : ${6} <br />
Link : https://wiki.archlinux.org/index.php/CVE <br />
<br />
Summary<br />
=======<br />
<br />
The package $4 before version $7 is vulnerable to $5 ${8} <br />
<br />
Resolution<br />
==========<br />
<br />
Upgrade to $7.<br />
<br />
# pacman -Syu "$4>=$7" <br />
<br />
${9:The problems have been fixed upstream in version ${7/-\d+$/./}} <br />
<br />
Workaround<br />
========== <br />
<br />
${10:None.} <br />
<br />
Description <br />
=========== <br />
<br />
${3/(CVE-....-....)(\s?)/- $1(?2: : )()\n\n/g} <br />
<br />
Impact<br />
====== <br />
<br />
A${6/(Yes)|(No)/(?1: remote )(?2: local )/}attacker is able to ${12} <br />
<br />
References<br />
========== <br />
<br />
${3/(CVE-....-....)(\s?)/https:\/\/access.redhat.com\/security\/cve\/$1\n/g}<br />
${13}<br />
endsnippet<br />
<br />
</nowiki>}}</div>
Anthraxx
https://wiki.archlinux.org/index.php?title=Security_Advisories&diff=455794
Security Advisories
2016-11-02T00:13:15Z
<p>Anthraxx: adding missing advisories</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Related articles start}}<br />
{{Related|Arch CVE Monitoring Team}}<br />
{{Related|CVE}}<br />
{{Related|Security Advisories/Examples}}<br />
{{Related articles end}}<br />
<br />
Security Advisories are published by the community driven [[Arch CVE Monitoring Team]] to the public [https://mailman.archlinux.org/mailman/listinfo/arch-security arch-security] list.<br />
All published advisories can be found below, however if you want to be up-to-date its recommended to subscribe to the [https://mailman.archlinux.org/mailman/listinfo/arch-security list]. All assigned CVE's are tracked at the relevant CVE page [[CVE]], by the [[Arch_CVE_Monitoring_Team|ACMT]].<br />
<br />
==Scheduled Advisories==<br />
<br />
<br />
<br />
==Recent Advisories==<br />
Here is an archive of security advisories posted to the [https://mailman.archlinux.org/mailman/listinfo/arch-security arch-security] list.<br />
<br />
=== November 2016 ===<br />
* [01 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000750.html ASA-201611-3] {{pkg|bind}} denial of service<br />
* [01 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000749.html ASA-201611-2] {{pkg|libxml2}} arbitrary code execution<br />
* [01 November 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-November/000748.html ASA-201611-1] {{pkg|memcached}} arbitrary code execution<br />
<br />
=== October 2016 ===<br />
* [26 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000747.html ASA-201610-19] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [26 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000746.html ASA-201610-18] {{pkg|flashplugin}} arbitrary code execution<br />
* [24 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000745.html ASA-201610-17] {{pkg|ocaml}} information disclosure<br />
* [24 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000744.html ASA-201610-16] {{pkg|linux-grsec}} privilege escalation<br />
* [23 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000743.html ASA-201610-15] {{pkg|chromium}} multiple issues<br />
* [22 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000742.html ASA-201610-14] {{pkg|linux}} privilege escalation<br />
* [21 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000741.html ASA-201610-13] {{pkg|python-django}} cross-site request forgery<br />
* [21 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000740.html ASA-201610-12] {{pkg|python2-django}} cross-site request forgery<br />
* [21 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000739.html ASA-201610-11] {{pkg|linux-lts}} privilege escalation<br />
* [16 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000738.html ASA-201610-10] {{pkg|guile}} multiple issues<br />
* [13 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000737.html ASA-201610-9] {{pkg|gdk-pixbuf2}} arbitrary code execution<br />
* [11 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000736.html ASA-201610-8] {{pkg|crypto++}} information disclosure<br />
* [09 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000735.html ASA-201610-7] {{pkg|wpa_supplicant}} multiple issues<br />
* [08 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000734.html ASA-201610-6] {{pkg|imagemagick}} multiple issues<br />
* [07 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000733.html ASA-201610-5] {{pkg|messagelib}} multiple issues<br />
* [07 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000732.html ASA-201610-4] {{pkg|kcoreaddons}} insufficient validation<br />
* [03 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000731.html ASA-201610-3] {{pkg|hostapd}} multiple issues<br />
* [03 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000730.html ASA-201610-2] {{pkg|systemd}} denial of service<br />
* [03 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000729.html ASA-201610-1] {{pkg|chromium}} arbitrary code execution<br />
<br />
=== September 2016 ===<br />
* [30 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000728.html ASA-201609-32] {{pkg|wordpress}} multiple issues<br />
* [30 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000727.html ASA-201609-31] {{pkg|c-ares}} arbitrary code execution<br />
* [28 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000726.html ASA-201609-30] {{pkg|openssl}} denial of service<br />
* [28 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000725.html ASA-201609-29] {{pkg|bind}} denial of service<br />
* [27 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000724.html ASA-201609-28] {{pkg|lib32-openssl}} denial of service<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000723.html ASA-201609-27] {{pkg|wireshark-cli}} denial of service<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000722.html ASA-201609-26] {{pkg|lib32-gnutls}} certificate verification bypass<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000721.html ASA-201609-25] {{pkg|gnutls}} certificate verification bypass<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000720.html ASA-201609-24] {{pkg|lib32-openssl}} multiple issues<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000719.html ASA-201609-23] {{pkg|openssl}} multiple issues<br />
* [22 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000718.html ASA-201609-22] {{pkg|firefox}} multiple issues<br />
* [22 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000717.html ASA-201609-21] {{pkg|tomcat7}} proxy injection<br />
* [22 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000716.html ASA-201609-20] {{pkg|irssi}} arbitrary code execution<br />
* [20 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000715.html ASA-201609-19] {{pkg|curl}} denial of service<br />
* [20 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000714.html ASA-201609-18] {{pkg|lib32-curl}} denial of service<br />
* [20 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000713.html ASA-201609-17] {{pkg|lib32-jansson}} denial of service<br />
* [18 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000712.html ASA-201609-16] {{pkg|php}} multiple issues<br />
* [17 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000711.html ASA-201609-15] {{pkg|jansson}} denial of service<br />
* [17 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000710.html ASA-201609-14] {{pkg|lib32-libgcrypt}} information disclosure<br />
* [17 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000709.html ASA-201609-13] {{pkg|chromium}} multiple issues<br />
* [15 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000708.html ASA-201609-12] {{pkg|lib32-flashplugin}} multiple issues<br />
* [15 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000707.html ASA-201609-11] {{pkg|flashplugin}} multiple issues<br />
* [14 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000706.html ASA-201609-10] {{pkg|mariadb}} multiple issues<br />
* [13 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000705.html ASA-201609-9] {{pkg|powerdns}} denial of service<br />
* [13 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000704.html ASA-201609-8] {{pkg|libtorrent-rasterbar}} denial of service<br />
* [10 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000703.html ASA-201609-7] {{pkg|tomcat8}} proxy injection<br />
* [09 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000702.html ASA-201609-6] {{pkg|graphicsmagick}} multiple issues<br />
* [09 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000701.html ASA-201609-5] {{pkg|file-roller}} directory traversal<br />
* [09 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000700.html ASA-201609-4] {{pkg|wordpress}} multiple issues<br />
* [04 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000699.html ASA-201609-3] {{pkg|thunderbird}} arbitrary code execution<br />
* [01 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000698.html ASA-201609-2] {{pkg|webkit2gtk}} multiple issues<br />
* [01 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000697.html ASA-201609-1] {{pkg|chromium}} multiple issues<br />
<br />
=== August 2016 ===<br />
* [30 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000696.html ASA-201608-22] {{pkg|mupdf}} arbitrary code execution<br />
* [30 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000695.html ASA-201608-21] {{pkg|mupdf}} arbitrary code execution<br />
* [27 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000694.html ASA-201608-20] {{pkg|wireshark-cli}} denial of service<br />
* [26 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000693.html ASA-201608-19] {{pkg|mediawiki}} multiple issues<br />
* [22 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000692.html ASA-201608-18] {{pkg|libgcrypt}} information disclosure<br />
* [21 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000691.html ASA-201608-17] {{pkg|linux-lts}} information disclosure<br />
* [17 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000690.html ASA-201608-16] {{pkg|chromium}} multiple issues<br />
* [17 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000689.html ASA-201608-15] {{pkg|linux-zen}} information disclosure<br />
* [14 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000688.html ASA-201608-14] {{pkg|postgresql}} multiple issues<br />
* [14 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000687.html ASA-201608-13] {{pkg|linux-grsec}} information disclosure<br />
* [14 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000686.html ASA-201608-12] {{pkg|linux}} information disclosure<br />
* [11 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000685.html ASA-201608-11] {{pkg|websvn}} cross-site scripting<br />
* [10 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000684.html ASA-201608-10] {{pkg|jq}} arbitrary code execution<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000683.html ASA-201608-9] {{pkg|curl}} multiple issues<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000682.html ASA-201608-8] {{pkg|libupnp}} arbitrary filesystem access<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000681.html ASA-201608-7] {{pkg|lib32-glibc}} denial of service<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000680.html ASA-201608-6] {{pkg|glibc}} denial of service<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000679.html ASA-201608-5] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000678.html ASA-201608-4] {{pkg|jre7-openjdk}} multiple issues<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000677.html ASA-201608-3] {{pkg|jdk7-openjdk}} multiple issues<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000676.html ASA-201608-2] {{pkg|firefox}} multiple issues<br />
* [02 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000675.html ASA-201608-1] {{pkg|openssh}} information leakage<br />
<br />
=== July 2016 ===<br />
* [30 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000674.html ASA-201607-14] {{pkg|libidn}} denial of service<br />
* [29 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000673.html ASA-201607-13] {{pkg|imagemagick}} information leakage<br />
* [24 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000672.html ASA-201607-12] {{pkg|chromium}} multiple issues<br />
* [22 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000671.html ASA-201607-11] {{pkg|python2-django}} cross site scripting<br />
* [22 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000670.html ASA-201607-10] {{pkg|python-django}} cross site scripting<br />
* [21 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000669.html ASA-201607-9] {{pkg|drupal}} proxy injection<br />
* [20 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000668.html ASA-201607-8] {{pkg|bind}} denial of service<br />
* [18 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000667.html ASA-201607-7] {{pkg|lib32-flashplugin}} multiple issues<br />
* [18 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000666.html ASA-201607-6] {{pkg|flashplugin}} multiple issues<br />
* [17 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000665.html ASA-201607-5] {{pkg|gimp}} arbitrary code execution<br />
* [10 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000664.html ASA-201607-4] {{pkg|thunderbird}} arbitrary code execution<br />
* [05 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000663.html ASA-201607-3] {{pkg|libreoffice-fresh}} arbitrary code execution<br />
* [05 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000662.html ASA-201607-2] {{pkg|xerces-c}} denial of service<br />
* [05 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000661.html ASA-201607-1] {{pkg|libarchive}} arbitrary code execution<br />
<br />
=== June 2016 ===<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000660.html ASA-201606-25] {{pkg|phpmyadmin}} multiple issues<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000659.html ASA-201606-24] {{pkg|libpurple}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000658.html ASA-201606-23] {{pkg|libdwarf}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000657.html ASA-201606-22] {{pkg|xerces-c}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000656.html ASA-201606-21] {{pkg|vlc}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000655.html ASA-201606-20] {{pkg|chromium}} arbitrary code execution<br />
* [20 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000654.html ASA-201606-19] {{pkg|wget}} arbitrary file upload<br />
* [20 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000653.html ASA-201606-18] {{pkg|lib32-flashplugin}} multiple issues<br />
* [19 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000652.html ASA-201606-17] {{pkg|lib32-glibc}} denial of service<br />
* [19 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000651.html ASA-201606-16] {{pkg|glibc}} denial of service<br />
* [19 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000650.html ASA-201606-15] {{pkg|flashplugin}} multiple issues<br />
* [13 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000649.html ASA-201606-14] {{pkg|lib32-expat}} multiple issues<br />
* [13 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000648.html ASA-201606-13] {{pkg|expat}} multiple issues<br />
* [10 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000647.html ASA-201606-12] {{pkg|lib32-gnutls}} arbitrary file overwrite<br />
* [10 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000646.html ASA-201606-11] {{pkg|haproxy}} denial of service<br />
* [10 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000645.html ASA-201606-10] {{pkg|gnutls}} arbitrary file overwrite<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000644.html ASA-201606-9] {{pkg|qemu-arch-extra}} multiple issues<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000643.html ASA-201606-8] {{pkg|qemu}} multiple issues<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000642.html ASA-201606-7] {{pkg|firefox}} multiple issues<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000641.html ASA-201606-6] {{pkg|subversion}} multiple issues<br />
* [5 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000640.html ASA-201606-5] {{pkg|chromium}} multiple issues<br />
* [4 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000639.html ASA-201606-4] {{pkg|ntp}} distributed denial of service amplification<br />
* [4 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000638.html ASA-201606-3] {{pkg|webkit2gtk}} arbitrary code execution<br />
* [1 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000637.html ASA-201606-2] {{pkg|nginx-mainline}} denial of service<br />
* [1 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000636.html ASA-201606-1] {{pkg|nginx}} denial of service<br />
<br />
=== May 2016 ===<br />
<br />
* [28 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000635.html ASA-201605-28] {{pkg|chromium}} multiple issues<br />
* [26 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000634.html ASA-201605-27] {{pkg|libxml2}} multiple issues<br />
* [24 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000633.html ASA-201605-26] {{pkg|libndp}} man-in-the-middle<br />
* [19 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000632.html ASA-201605-25] {{pkg|bugzilla}} cross-site scripting<br />
* [18 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000631.html ASA-201605-24] {{pkg|p7zip}} arbitrary code execution<br />
* [18 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000630.html ASA-201605-23] {{pkg|lib32-expat}} arbitrary code execution<br />
* [18 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000629.html ASA-201605-22] {{pkg|expat}} arbitrary code execution<br />
* [15 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000628.html ASA-201605-21] {{pkg|thunderbird}} arbitrary code execution<br />
* [13 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000627.html ASA-201605-20] {{pkg|lib32-glibc}} multiple issues<br />
* [13 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000626.html ASA-201605-19] {{pkg|glibc}} multiple issues<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000625.html ASA-201605-18] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000624.html ASA-201605-17] {{pkg|libksba}} denial of service<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000623.html ASA-201605-16] {{pkg|flashplugin}} arbitrary code execution<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000622.html ASA-201605-15] {{pkg|chromium}} multiple issues<br />
* [10 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000621.html ASA-201605-14] {{pkg|cacti}} sql injection<br />
* [10 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000620.html ASA-201605-13] {{pkg|squid}} multiple issues<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000619.html ASA-201605-12] {{pkg|mencoder}} denial of service<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000618.html ASA-201605-11] {{pkg|mplayer}} denial of service<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000617.html ASA-201605-10] {{pkg|mercurial}} arbitrary code execution<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000616.html ASA-201605-9] {{pkg|latex2rtf}} arbitrary code execution<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000615.html ASA-201605-8] {{pkg|gd}} arbitrary code execution<br />
* [05 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000614.html ASA-201605-7] {{pkg|chromium}} multiple issues<br />
* [05 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000613.html ASA-201605-6] {{pkg|imagemagick}} arbitrary code execution<br />
* [05 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000612.html ASA-201605-5] {{pkg|quassel-core}} denial of service<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000611.html ASA-201605-4] {{pkg|lib32-openssl}} multiple issues<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000610.html ASA-201605-3] {{pkg|openssl}} multiple issues<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000609.html ASA-201605-2] {{pkg|jasper}} multiple issues<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000608.html ASA-201605-1] {{pkg|imlib2}} multiple issues<br />
<br />
=== April 2016 ===<br />
<br />
* [30 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000607.html ASA-201604-15] {{pkg|firefox}} multiple issues<br />
* [23 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000606.html ASA-201604-14] {{pkg|squid}} multiple issues<br />
* [23 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000605.html ASA-201604-13] {{pkg|samba}} multiple issues<br />
* [23 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000604.html ASA-201604-12] {{pkg|thunderbird}} multiple issues<br />
* [22 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000603.html ASA-201604-11] {{pkg|pgpdump}} denial of service<br />
* [17 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000602.html ASA-201604-10] {{pkg|chromium}} multiple issues<br />
* [17 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000601.html ASA-201604-9] {{pkg|libtasn1}} denial of service<br />
* [14 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000600.html ASA-201604-8] {{pkg|lhasa}} arbitrary code execution<br />
* [10 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000599.html ASA-201604-7] {{pkg|flashplugin}} arbitrary code execution<br />
* [06 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000598.html ASA-201604-6] {{pkg|mercurial}} arbitrary code execution<br />
* [04 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000597.html ASA-201604-5] {{pkg|optipng}} arbitrary code execution<br />
* [02 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000596.html ASA-201604-4] {{pkg|squid}} denial of service<br />
* [01 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000595.html ASA-201604-3] {{pkg|jre7-openjdk-headless}} sandbox escape<br />
* [01 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000594.html ASA-201604-2] {{pkg|jre7-openjdk}} sandbox escape<br />
* [01 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000593.html ASA-201604-1] {{pkg|jdk7-openjdk}} sandbox escape<br />
<br />
=== March 2016 ===<br />
<br />
* [29 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000592.html ASA-201603-27] {{pkg|jre8-openjdk-headless}} sandbox escape<br />
* [29 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000591.html ASA-201603-26] {{pkg|jre8-openjdk}} sandbox escape<br />
* [29 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000590.html ASA-201603-25] {{pkg|jdk8-openjdk}} sandbox escape<br />
* [26 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000589.html ASA-201603-24] {{pkg|chromium}} multiple issues<br />
* [24 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000588.html ASA-201603-23] {{pkg|expat}} arbitrary code execution<br />
* [24 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000587.html ASA-201603-22] {{pkg|botan}} multiple issues<br />
* [20 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000586.html ASA-201603-21] {{pkg|thunderbird}} multiple issues<br />
* [20 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000585.html ASA-201603-20] {{pkg|git}} remote command execution<br />
* [14 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000584.html ASA-201603-19] {{pkg|dropbear}} command injection<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000583.html ASA-201603-18] {{pkg|pcre}} arbitrary code execution<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000582.html ASA-201603-17] {{pkg|wireshark-gtk}} denial of service<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000581.html ASA-201603-16] {{pkg|wireshark-qt}} denial of service<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000580.html ASA-201603-15] {{pkg|wireshark-cli}} denial of service<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000579.html ASA-201603-14] {{pkg|pidgin-otr}} arbitrary code execution<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000578.html ASA-201603-13] {{pkg|bind}} denial of service<br />
* [11 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000577.html ASA-201603-12] {{pkg|openssh}} command injection<br />
* [11 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000576.html ASA-201603-11] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [11 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000575.html ASA-201603-10] {{pkg|flashplugin}} arbitrary code execution<br />
* [10 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000574.html ASA-201603-9] {{pkg|perl}} improper input validation<br />
* [10 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000573.html ASA-201603-8] {{pkg|exim}} privilege escalation<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000572.html ASA-201603-7] {{pkg|bind}} denial of service<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000571.html ASA-201603-6] {{pkg|libotr}} arbitrary code execution<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000570.html ASA-201603-5] {{pkg|chromium}} multiple issues<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000569.html ASA-201603-4] {{pkg|firefox}} multiple issues<br />
* [7 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000568.html ASA-201603-3] {{pkg|lib32-openssl}} multiple issues<br />
* [7 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000567.html ASA-201603-2] {{pkg|openssl}} multiple issues<br />
* [3 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000566.html ASA-201603-1] {{pkg|chromium}} multiple issues<br />
<br />
=== February 2016 ===<br />
<br />
* [28 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000565.html ASA-201602-24] {{pkg|cacti}} SQL injection<br />
* [28 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000564.html ASA-201602-23] {{pkg|lib32-glibc}} unbound stack usage<br />
* [28 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000563.html ASA-201602-22] {{pkg|glibc}} unbound stack usage<br />
* [25 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000562.html ASA-201602-21] {{pkg|lib32-libssh2}} man-in-the-middle<br />
* [25 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000561.html ASA-201602-20] {{pkg|libssh2}} man-in-the-middle<br />
* [24 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000560.html ASA-201602-19] {{pkg|libgcrypt}} secret key extraction<br />
* [23 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000559.html ASA-201602-18] {{pkg|libssh}} man-in-the-middle<br />
* [21 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000558.html ASA-201602-17] {{pkg|chromium}} multiple issues<br />
* [21 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000557.html ASA-201602-16] {{pkg|thunderbird}} multiple issues<br />
* [17 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000555.html ASA-201602-15] {{pkg|lib32-glibc}} multiple issues<br />
* [17 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000554.html ASA-201602-14] {{pkg|glibc}} multiple issues<br />
* [13 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000553.html ASA-201602-13] {{pkg|nghttp2}} denial of service<br />
* [13 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000552.html ASA-201602-12] {{pkg|firefox}} same-origin policy bypass<br />
* [10 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000551.html ASA-201602-11] {{pkg|botan}} multiple issues<br />
* [10 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000550.html ASA-201602-10] {{pkg|kscreenlocker}} access restriction bypass<br />
* [6 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000549.html ASA-201602-9] {{pkg|lib32-libsndfile}} multiple issues<br />
* [6 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000548.html ASA-201602-8] {{pkg|libsndfile}} multiple issues<br />
* [4 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000547.html ASA-201602-7] {{pkg|libbsd}} denial of service<br />
* [3 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000546.html ASA-201602-6] {{pkg|lib32-nettle}} improper cryptographic calculations<br />
* [3 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000545.html ASA-201602-5] {{pkg|nettle}} improper cryptographic calculations<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000544.html ASA-201602-4] {{pkg|lib32-curl}} man-in-the-middle<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000543.html ASA-201602-3] {{pkg|curl}} man-in-the-middle<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000542.html ASA-201602-2] {{pkg|python2-django}} permission bypass<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000540.html ASA-201602-1] {{pkg|python-django}} permission bypass<br />
<br />
=== January 2016 ===<br />
* [29 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000539.html ASA-201601-33] {{pkg|lib32-openssl}} man-in-the-middle<br />
* [29 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000538.html ASA-201601-32] {{pkg|openssl}} man-in-the-middle<br />
* [27 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000536.html ASA-201601-31] {{pkg|nginx}} denial of service<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000535.html ASA-201601-30] {{pkg|blueman}} privilege escalation<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000534.html ASA-201601-29] {{pkg|mbedtls}} man-in-the-middle<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000533.html ASA-201601-28] {{pkg|chromium}} multiple issues<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000532.html ASA-201601-27] {{pkg|privoxy}} denial of service<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000531.html ASA-201601-26] {{pkg|linux-lts}} privilege escalation<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000530.html ASA-201601-25] {{pkg|ecryptfs-utils}} privilege escalation<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000529.html ASA-201601-24] {{pkg|python2-rsa}} signature forgery<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000528.html ASA-201601-23] {{pkg|python-rsa}} signature forgery<br />
* [21 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000527.html ASA-201601-22] {{pkg|libdwarf}} denial of service<br />
* [21 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000526.html ASA-201601-21] {{pkg|bind}} denial of service<br />
* [20 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000525.html ASA-201601-20] {{pkg|linux}} privilege escalation<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000524.html ASA-201601-19] {{pkg|ntp}} time alteration<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000523.html ASA-201601-18] {{pkg|roundcubemail}} remote code execution<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000522.html ASA-201601-17] {{pkg|ffmpeg}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000521.html ASA-201601-16] {{pkg|syncthing}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000520.html ASA-201601-15] {{pkg|keybase}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000519.html ASA-201601-14] {{pkg|hub}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000518.html ASA-201601-13] {{pkg|go-ipfs}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000517.html ASA-201601-12] {{pkg|docker}} information leakage<br />
* [16 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000516.html ASA-201601-11] {{pkg|go}} information leakage<br />
* [14 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000515.html ASA-201601-10] {{pkg|php}} multiple issues<br />
* [14 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000512.html ASA-201601-9] {{pkg|openssh}} multiple issues<br />
* [13 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000487.html ASA-201601-8] {{pkg|libxslt}} denial of service<br />
* [11 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000486.html ASA-201601-7] {{pkg|dhcpcd}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000485.html ASA-201601-6] {{pkg|wireshark-qt}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000484.html ASA-201601-5] {{pkg|wireshark-gtk}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000483.html ASA-201601-4] {{pkg|wireshark-cli}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000482.html ASA-201601-3] {{pkg|gajim}} man-in-the-middle<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000481.html ASA-201601-2] {{pkg|wordpress}} cross-side scripting<br />
* [02 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000480.html ASA-201601-1] {{pkg|rtmpdump}} multiple issues<br />
<br />
=== December 2015 ===<br />
<br />
* [28 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000479.html ASA-201512-19] {{pkg|openvpn}} out-of-bound read<br />
* [28 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000478.html ASA-201512-18] {{pkg|libpng}} buffer overflow<br />
* [28 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000477.html ASA-201512-17] {{pkg|flashplugin}}, {{pkg|lib32-flashplugin}} multiple issues<br />
* [25 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000476.html ASA-201512-16] {{pkg|nghttp2}} use-after-free<br />
* [25 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000475.html ASA-201512-15] {{pkg|mediawiki}} multiple issues<br />
* [25 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000474.html ASA-201512-14] {{pkg|thunderbird}} multiple issues<br />
* [22 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000473.html ASA-201512-13] {{pkg|claws-mail}} buffer overflow<br />
* [17 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000472.html ASA-201512-12] {{pkg|python2-pyamf}} XML external entity injection<br />
* [17 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000471.html ASA-201512-11] {{pkg|ruby}} unsafe tainted string usage<br />
* [16 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000468.html ASA-201512-10] {{pkg|bind}} denial of service<br />
* [15 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000467.html ASA-201512-9] {{pkg|firefox}} multiple issues<br />
* [10 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000466.html ASA-201512-8] {{pkg|keepassx}} information disclosure<br />
* [09 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000465.html ASA-201512-7] {{pkg|flashplugin}} multiple issues<br />
* [09 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000464.html ASA-201512-6] {{pkg|libxml2}} multiple issues<br />
* [09 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000463.html ASA-201512-5] {{pkg|chromium}} multiple issues<br />
* [05 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000462.html ASA-201512-4] {{pkg|nodejs}} denial of service<br />
* [05 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000460.html ASA-201512-3] {{pkg|python-django}} {{pkg|python2-django}} information leakage<br />
* [05 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000459.html ASA-201512-2] {{pkg|openssl}} {{pkg|lib32-openssl}} multiple issues<br />
* [02 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000440.html ASA-201512-1] {{pkg|chromium}} multiple issues<br />
<br />
=== November 2015 ===<br />
<br />
* [18 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000439.html ASA-201511-11] {{pkg|jenkins}} multiple issues<br />
* [17 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000438.html ASA-201511-10] {{pkg|lib32-libpng}} multiple issues<br />
* [17 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000437.html ASA-201511-9] {{pkg|libpng}} multiple issues<br />
* [13 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000436.html ASA-201511-8] {{pkg|chromium}} information leakage<br />
* [12 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000435.html ASA-201511-7] {{pkg|putty}} arbitrary code execution<br />
* [12 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000434.html ASA-201511-6] {{pkg|powerdns}} denial of service<br />
* [11 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000433.html ASA-201511-5] {{pkg|flashplugin}} multiple issues<br />
* [06 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000432.html ASA-201511-4] {{pkg|nspr}} arbitrary code execution<br />
* [06 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000431.html ASA-201511-3] {{pkg|nss}} arbitrary code execution<br />
* [04 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000430.html ASA-201511-2] {{pkg|firefox}} multiple issues<br />
* [03 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000429.html ASA-201511-1] {{pkg|unzip}} multiple issues<br />
<br />
=== October 2015 ===<br />
<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000428.html ASA-201510-26] {{pkg|mariadb}} denial of service<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000427.html ASA-201510-25] {{pkg|lldpd}} denial of service<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000426.html ASA-201510-24] {{pkg|wordpress}} multiple issues<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000425.html ASA-201510-23] {{pkg|phpmyadmin}} content spoofing<br />
* [27 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000424.html ASA-201510-22] {{pkg|vorbis-tools}} denial of service<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000423.html ASA-201510-21] {{pkg|drupal}} open redirect<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000422.html ASA-201510-20] {{pkg|jre8-openjdk-headless}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000421.html ASA-201510-19] {{pkg|jre8-openjdk}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000420.html ASA-201510-18] {{pkg|jdk8-openjdk}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000419.html ASA-201510-17] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000418.html ASA-201510-16] {{pkg|jre7-openjdk}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000417.html ASA-201510-15] {{pkg|jdk7-openjdk}} multiple issues<br />
* [22 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000416.html ASA-201510-14] {{pkg|ntp}} multiple issues<br />
* [19 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000415.html ASA-201510-13] {{pkg|spice}} multiple issues<br />
* [18 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000414.html ASA-201510-12] {{pkg|flashplugin}} arbitrary code execution<br />
* [18 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000413.html ASA-201510-11] {{pkg|miniupnpc}} arbitrary code execution<br />
* [16 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000412.html ASA-201510-10] {{pkg|firefox}} cross-origin restriction bypass<br />
* [15 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000411.html ASA-201510-9] {{pkg|mbedtls}} arbitrary code execution<br />
* [14 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000410.html ASA-201510-8] {{pkg|chromium}} multiple issues<br />
* [14 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000409.html ASA-201510-7] {{pkg|flashplugin}} multiple issues<br />
* [10 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000408.html ASA-201510-6] {{pkg|gdk-pixbuf2}} multiple issues<br />
* [08 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000407.html ASA-201510-5] {{pkg|opensmtpd}} multiple issues<br />
* [08 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000406.html ASA-201510-4] {{pkg|bugzilla}} unauthorized account creation<br />
* [05 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000405.html ASA-201510-3] {{pkg|nodejs}} denial of service<br />
* [05 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000404.html ASA-201510-2] {{pkg|hostapd}} denial of service<br />
* [05 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000403.html ASA-201510-1] {{pkg|libunwind}} denial of service<br />
<br />
=== September 2015 ===<br />
* [28 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000401.html ASA-201509-11] {{pkg|chromium}} cross-origin bypass<br />
* [25 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000400.html ASA-201509-10] {{pkg|rpcbind}} denial of service<br />
* [23 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000399.html ASA-201509-9] {{pkg|firefox}} multiple issues<br />
* [22 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000398.html ASA-201509-8] {{pkg|flashplugin}} multiple issues<br />
* [21 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000397.html ASA-201509-7] {{pkg|wordpress}} multiple issues<br />
* [13 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000395.html ASA-201509-6] {{pkg|icedtea-web}} multiple issues<br />
* [13 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000394.html ASA-201509-5] {{pkg|libvdpau}} {{pkg|lib32-libvdpau}} multiple issues<br />
* [13 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000393.html ASA-201509-4] {{pkg|openldap}} denial of service<br />
* [07 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000392.html ASA-201509-3] {{pkg|powerdns}} denial of service<br />
* [03 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000391.html ASA-201509-2] {{pkg|bind}} denial of service<br />
* [02 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000390.html ASA-201509-1] {{pkg|chromium}} multiple issues<br />
<br />
=== August 2015 ===<br />
* [28 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000389.html ASA-201508-12] {{pkg|firefox}} multiple issues<br />
* [26 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000388.html ASA-201508-11] {{pkg|pcre}} arbitrary code execution<br />
* [26 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000387.html ASA-201508-10] {{pkg|jasper}} denial of service<br />
* [25 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000386.html ASA-201508-9] {{pkg|django}} denial of service<br />
* [25 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000385.html ASA-201508-8] {{pkg|gnutls}} denial of service<br />
* [16 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000384.html ASA-201508-7] {{pkg|glibc}} denial of service<br />
* [14 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000383.html ASA-201508-6] {{pkg|freeradius}} insufficient CRL validation<br />
* [14 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000382.html ASA-201508-5] {{pkg|subversion}} authentication bypass<br />
* [12 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000381.html ASA-201508-4] {{pkg|firefox}} multiple issues<br />
* [11 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000380.html ASA-201508-3] {{pkg|ppp}} denial of service<br />
* [07 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000379.html ASA-201508-2] {{pkg|wordpress}} multiple issues<br />
* [07 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000378.html ASA-201508-1] {{pkg|firefox}} information leakage<br />
<br />
=== July 2015 ===<br />
* [29 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000377.html ASA-201507-23] {{pkg|pacman}} silent downgrade<br />
* [29 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000376.html ASA-201507-22] {{pkg|bind}} denial of service<br />
* [29 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000375.html ASA-201507-21] {{pkg|qemu}} multiple issues<br />
* [24 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000374.html ASA-201507-20] {{pkg|crypto++}} private key recovery<br />
* [24 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000373.html ASA-201507-19] {{pkg|libuser}} privilege escalation<br />
* [23 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000371.html ASA-201507-18] {{pkg|chromium}} multiple issues<br />
* [23 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000372.html ASA-201507-17] {{pkg|openssh}} authentication limits bypass<br />
* [22 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000370.html ASA-201507-16] {{pkg|jre7-openjdk}} multiple issues<br />
* [17 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000369.html ASA-201507-15] {{pkg|apache}} multiple issues<br />
* [16 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000368.html ASA-201507-14] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [16 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000367.html ASA-201507-13] {{pkg|flashplugin}} arbitrary code execution<br />
* [13 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000366.html ASA-201507-12] {{pkg|lib32-openssl}} man-in-the-middle<br />
* [12 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000365.html ASA-201507-11] {{pkg|lib32-krb5}} multiple issues<br />
* [12 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000364.html ASA-201507-10] {{pkg|krb5}} multiple issues<br />
* [11 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000363.html ASA-201507-9] {{pkg|thunderbird}} multiple issues<br />
* [09 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000362.html ASA-201507-8] {{pkg|openssl}} man-in-the-middle<br />
* [08 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000361.html ASA-201507-7] {{pkg|flashplugin}} remote code execution<br />
* [07 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000360.html ASA-201507-6] {{pkg|bind}} denial of service<br />
* [07 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000359.html ASA-201507-5] {{pkg|ntp}} denial of service<br />
* [04 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000358.html ASA-201507-4] {{pkg|openssh}} XSECURITY restrictions bypass<br />
* [04 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000357.html ASA-201507-3] {{pkg|haproxy}} information leakage<br />
* [03 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000356.html ASA-201507-2] {{pkg|firefox}} remote code execution<br />
* [03 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000355.html ASA-201507-1] {{pkg|wesnoth}} information leakage<br />
<br />
=== June 2015 ===<br />
* [24 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000346.html ASA-201506-5] {{pkg|flashplugin}} remote code execution<br />
* [22 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000345.html ASA-201506-4] {{pkg|curl}} information leakage<br />
* [12 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000344.html ASA-201506-3] {{pkg|openssl}} multiple issues<br />
* [10 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000343.html ASA-201506-2] {{pkg|cups}} multiple issues<br />
* [01 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000342.html ASA-201506-1] {{pkg|pcre}} buffer overflow<br />
<br />
=== May 2015 ===<br />
* [28 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000341.html ASA-201505-20] {{pkg|curl}} information leakage<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000340.html ASA-201505-19] {{pkg|webkitgtk2}} man-in-the-middle<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000339.html ASA-201505-18] {{pkg|webkitgtk}} man-in-the-middle<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000338.html ASA-201505-17] {{pkg|postgresql}} multiple issues<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000337.html ASA-201505-16] {{pkg|pgbouncer}} denial of service<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000336.html ASA-201505-15] {{pkg|nbd}} denial of service<br />
* [21 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000335.html ASA-201505-14] {{pkg|chromium}} multiple issues<br />
* [18 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000332.html ASA-201505-13] {{pkg|thunderbird}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000331.html ASA-201505-12] {{pkg|wireshark-gtk}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000330.html ASA-201505-11] {{pkg|wireshark-qt}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000329.html ASA-201505-10] {{pkg|wireshark-cli}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000328.html ASA-201505-9] {{pkg|qemu}} arbitrary code execution<br />
* [13 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000321.html ASA-201505-8] {{pkg|tomcat6}} denial of service<br />
* [13 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000320.html ASA-201505-7] {{pkg|firefox}} multiple issues<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000319.html ASA-201505-6] {{pkg|docker}} multiple issues<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000318.html ASA-201505-5] {{pkg|libtasn1}} arbitrary code execution<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000317.html ASA-201505-4] {{pkg|mariadb-clients}} multiple issues<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000316.html ASA-201505-3] {{pkg|mariadb}} multiple issues<br />
* [03 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000315.html ASA-201505-2] {{pkg|clamav}} multiple issues<br />
* [01 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000314.html ASA-201505-1] {{pkg|squid}} weak certificate validation<br />
<br />
=== Apr 2015 ===<br />
* [30 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000313.html ASA-201504-32] {{pkg|perl-xml-libxml}} xml external entity injection<br />
* [29 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000312.html ASA-201504-31] {{pkg|dovecot}} denial of service<br />
* [29 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000311.html ASA-201504-30] {{pkg|chromium}} multiple issues<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000310.html ASA-201504-29] {{pkg|wpa_supplicant}} arbitrary code execution<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000309.html ASA-201504-28] {{pkg|curl}} multiple issues<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000308.html ASA-201504-27] {{pkg|powerdns-recursor}} denial of service<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000307.html ASA-201504-26] {{pkg|powerdns}} denial of service<br />
* [23 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000305.html ASA-201504-25] {{pkg|glibc}} arbitrary code execution<br />
* [22 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000304.html ASA-201504-24] {{pkg|firefox}} arbitrary code execution<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000302.html ASA-201504-23] {{pkg|jre8-openjdk-headless}} multiple issues<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000301.html ASA-201504-22] {{pkg|jre8-openjdk}} multiple issues<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000300.html ASA-201504-21] {{pkg|jdk8-openjdk}} multiple issues<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000299.html ASA-201504-20] {{pkg|tcpdump}} denial of service<br />
* [18 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000298.html ASA-201504-19] {{pkg|chromium}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000297.html ASA-201504-18] {{pkg|flashplugin}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000296.html ASA-201504-17] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000295.html ASA-201504-16] {{pkg|jre7-openjdk}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000294.html ASA-201504-15] {{pkg|jdk7-openjdk}} multiple issues<br />
* [15 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000291.html ASA-201504-14] {{pkg|php}} multiple issues<br />
* [14 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000282.html ASA-201504-13] {{pkg|ruby}} permissive certificate matching<br />
* [11 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000281.html ASA-201504-12] {{pkg|icecast}} denial of service<br />
* [10 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000280.html ASA-201504-11] {{pkg|mediawiki}} multiple issues<br />
* [09 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000279.html ASA-201504-10] {{pkg|libssh2}} out-of-bounds read<br />
* [08 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000278.html ASA-201504-9] {{pkg|chrony}} denial of service<br />
* [08 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000275.html ASA-201504-8] {{pkg|ntp}} multiple issues<br />
* [07 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000274.html ASA-201504-7] {{pkg|tor}} multiple issues<br />
* [04 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000272.html ASA-201504-6] {{pkg|thunderbird}} multiple issues<br />
* [04 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000273.html ASA-201504-5] {{pkg|java-batik}} xml external entity injection<br />
* [04 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000271.html ASA-201504-4] {{pkg|firefox}} certificate verification bypass<br />
* [03 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000270.html ASA-201504-3] {{pkg|libtasn1}} stack overflow<br />
* [02 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000269.html ASA-201504-2] {{pkg|chromium}} remote code execution<br />
* [01 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000268.html ASA-201504-1] {{pkg|firefox}} multiple issues<br />
<br />
=== Mar 2015 ===<br />
* [31 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000267.html ASA-201503-26] {{pkg|musl}} arbitrary code execution<br />
* [28 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000266.html ASA-201503-25] {{pkg|php}} zip integer overflow<br />
* [25 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000265.html ASA-201503-24] {{pkg|vorbis-tools}} denial of service<br />
* [24 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000264.html ASA-201503-23] {{pkg|util-linux}} command injection<br />
* [23 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000263.html ASA-201503-22] {{pkg|cpio}} directory traversal<br />
* [21 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000262.html ASA-201503-21] {{pkg|firefox}} multiple issues<br />
* [20 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000261.html ASA-201503-20] {{pkg|tcpdump}} multiple issues<br />
* [20 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000260.html ASA-201503-19] {{pkg|xerces-c}} denial of service<br />
* [20 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000259.html ASA-201503-18] {{pkg|drupal}} multiple issues<br />
* [19 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000258.html ASA-201503-17] {{pkg|lib32-openssl}} multiple issues<br />
* [19 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000257.html ASA-201503-16] {{pkg|openssl}} multiple issues<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000256.html ASA-201503-15] {{pkg|libxfont}} multiple issues<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000255.html ASA-201503-14] {{pkg|ecryptfs-utils}} hard-coded passphrase salt<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000254.html ASA-201503-13] {{pkg|ettercap-gtk}} multiple issues<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000253.html ASA-201503-12] {{pkg|ettercap}} multiple issues<br />
* [16 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000252.html ASA-201503-11] {{pkg|flashplugin}} multiple issues<br />
* [16 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000251.html ASA-201503-10] {{pkg|librsync}} checksum collision<br />
* [15 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000250.html ASA-201503-9] {{pkg|unzip}} arbitrary code execution<br />
* [12 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000249.html ASA-201503-8] {{pkg|e2fsprogs}} arbitrary code execution<br />
* [11 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000248.html ASA-201503-7] {{pkg|python2-django}} {{pkg|python-django}} cross site scripting<br />
* [09 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000247.html ASA-201503-6] {{pkg|mutt}} denial of service<br />
* [05 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000245.html ASA-201503-5] {{pkg|chromium}} multiple issues<br />
* [05 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000244.html ASA-201503-4] {{pkg|grep}} denial of service<br />
* [02 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000243.html ASA-201503-3] {{pkg|lib32-elfutils}} directory traversal<br />
* [02 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000242.html ASA-201503-2] {{pkg|elfutils}} directory traversal<br />
* [02 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000241.html ASA-201503-1] {{pkg|putty}} information disclosure<br />
<br />
=== Feb 2015 ===<br />
* [25 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000238.html ASA-201502-15] {{pkg|thunderbird}} multiple issues<br />
* [25 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000237.html ASA-201502-14] {{pkg|firefox}} multiple issues<br />
* [23 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000236.html ASA-201502-13] {{pkg|samba}} arbitrary code execution<br />
* [17 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000235.html ASA-201502-12] {{pkg|krb5}} multiple issues<br />
* [11 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000234.html ASA-201502-11] {{pkg|xorg-server}} information leak and denial of service<br />
* [10 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000233.html ASA-201502-10] {{pkg|dbus}} denial of service<br />
* [09 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000232.html ASA-201502-9] {{pkg|pigz}} remote write to arbitrary file<br />
* [09 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000231.html ASA-201502-8] {{pkg|glibc}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000230.html ASA-201502-7] {{pkg|ntp}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000229.html ASA-201502-6] {{pkg|clamav}} arbitrary code execution<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000228.html ASA-201502-5] {{pkg|chromium}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000227.html ASA-201502-4] {{pkg|postgresql}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000226.html ASA-201502-3] {{pkg|mantisbt}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000225.html ASA-201502-2] {{pkg|flashplugin}} remote code execution<br />
* [03 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000224.html ASA-201502-1] {{pkg|privoxy}} denial of service<br />
<br />
=== Jan 2015 ===<br />
* [28 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000223.html ASA-201501-24] {{pkg|patch}} multiple issues<br />
* [27 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000222.html ASA-201501-23] {{pkg|jasper}} arbitrary code execution<br />
* [26 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000220.html ASA-201501-22] {{pkg|flashplugin}} multiple issues<br />
* [25 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000219.html ASA-201501-21] {{pkg|chromium}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000218.html ASA-201501-20] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000217.html ASA-201501-19] {{pkg|jre7-openjdk}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000216.html ASA-201501-18] {{pkg|jdk7-openjdk}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000215.html ASA-201501-17] {{pkg|php}} remote code execution<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000212.html ASA-201501-16] {{pkg|jre8-openjdk-headless}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000211.html ASA-201501-15] {{pkg|jre8-openjdk}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000210.html ASA-201501-14] {{pkg|jdk8-openjdk}} multiple issues<br />
* [20 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000209.html ASA-201501-13] {{pkg|polarssl}} remote code execution<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000208.html ASA-201501-12] {{pkg|libssh}} denial of service<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000207.html ASA-201501-11] {{pkg|tinyproxy}} denial of service<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000206.html ASA-201501-10] {{pkg|samba}} privilege elevation<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000205.html ASA-201501-9] {{pkg|curl}} url request injection<br />
* [15 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000204.html ASA-201501-8] {{pkg|flashplugin}} multiple issues<br />
* [14 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000203.html ASA-201501-7] {{pkg|thunderbird}} multiple issues<br />
* [14 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000202.html ASA-201501-6] {{pkg|firefox}} multiple issues<br />
* [14 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000201.html ASA-201501-5] {{pkg|cpio}} heap buffer overflow<br />
* [13 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000200.html ASA-201501-4] {{pkg|libevent}} heap overflow<br />
* [10 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000199.html ASA-201501-3] {{pkg|unzip}} arbitrary code execution<br />
* [09 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000198.html ASA-201501-2] {{pkg|openssl}} multiple issues<br />
* [07 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000192.html ASA-201501-1] {{pkg|imagemagick}} multiple issues<br />
<br />
=== Dec 2014 ===<br />
* [22 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000189.html ASA-201412-24] {{pkg|ntp}} multiple issues<br />
* [18 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000183.html ASA-201412-23] {{pkg|php}} use after free<br />
* [18 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000182.html ASA-201412-22] {{pkg|jasper}} arbitrary code execution<br />
* [18 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000181.html ASA-201412-21] {{pkg|glibc}} arbitrary code execution<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000178.html ASA-201412-20] {{pkg|unrtf}} arbitrary code execution<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000177.html ASA-201412-19] {{pkg|dokuwiki}} cross-site scripting<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000176.html ASA-201412-18] {{pkg|nss}} signature forgery<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000175.html ASA-201412-17] {{pkg|subversion}} denial of service<br />
* [15 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000174.html ASA-201412-16] {{pkg|docker}} multiple issues<br />
* [15 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000173.html ASA-201412-15] {{pkg|python2}} multiple issues<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000172.html ASA-201412-14] {{pkg|xorg-server}} multiple issues<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000171.html ASA-201412-13] {{pkg|flashplugin}} multiple issues<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000170.html ASA-201412-12] {{pkg|nvidia}} arbitrary code execution<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000169.html ASA-201412-11] {{pkg|nvidia-340xx}} arbitrary code execution<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000168.html ASA-201412-10] {{pkg|nvidia-304xx}} arbitrary code execution<br />
* [09 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000167.html ASA-201412-9] {{pkg|powerdns-recursor}} denial of service<br />
* [09 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000166.html ASA-201412-8] {{pkg|unbound}} denial of service<br />
* [08 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000165.html ASA-201412-7] {{pkg|bind}} denial of service<br />
* [08 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000164.html ASA-201412-6] {{pkg|mantisbt}} multiple issues<br />
* [04 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000163.html ASA-201412-5] {{pkg|antiword}} buffer overflow<br />
* [03 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000162.html ASA-201412-4] {{pkg|graphviz}} format string vulnerability<br />
* [03 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000161.html ASA-201412-3] {{pkg|firefox}} multiple issues<br />
* [02 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000160.html ASA-201412-2] {{pkg|openvpn}} denial of service<br />
* [01 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000159.html ASA-201412-1] {{pkg|gnupg}} denial of service<br />
<br />
=== Nov 2014 ===<br />
* [28 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000156.html ASA-201411-31] {{pkg|libksba}} denial of service<br />
* [28 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000157.html ASA-201411-32] {{pkg|icecast}} information leak<br />
* [28 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000158.html ASA-201411-33] {{pkg|libjpeg-turbo}} denial of service <br />
* [26 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000155.html ASA-201411-30] {{pkg|flac}} arbitrary code execution<br />
* [26 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000154.html ASA-201411-29] {{pkg|pcre}} heap buffer overflow<br />
* [23 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000153.html ASA-201411-28] {{pkg|dbus}} denial of service<br />
* [21 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000152.html ASA-201411-27] {{pkg|glibc}} command execution<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000151.html ASA-201411-26] {{pkg|chromium}} multiple issues<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000150.html ASA-201411-25] {{pkg|drupal}} session hijacking and denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000149.html ASA-201411-24] {{pkg|wireshark-qt}} denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000148.html ASA-201411-23] {{pkg|wireshark-gtk}} denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000147.html ASA-201411-22] {{pkg|wireshark-cli}} denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000146.html ASA-201411-21] {{pkg|clamav}} denial of service<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000145.html ASA-201411-20] {{pkg|avr-binutils}} multiple issues<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000144.html ASA-201411-19] {{pkg|mingw-w64-binutils}} multiple issues<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000143.html ASA-201411-18] {{pkg|arm-none-eabi-binutils}} multiple issues<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000142.html ASA-201411-17] {{pkg|binutils}} multiple issues<br />
* [17 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000141.html ASA-201411-16] {{pkg|ruby}} denial of service<br />
* [17 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000140.html ASA-201411-15] {{pkg|linux-lts}} local denial of service, privilege escalation<br />
* [17 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000139.html ASA-201411-14] {{pkg|linux}} local denial of service, privilege escalation<br />
* [13 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000138.html ASA-201411-13] {{pkg|php}} denial of service<br />
* [13 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000137.html ASA-201411-12] {{pkg|imagemagick}} denial of service<br />
* [13 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000136.html ASA-201411-11] {{pkg|flashplugin}} remote code execution<br />
* [12 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000135.html ASA-201411-10] {{pkg|gnutls}} out-of-bounds memory write<br />
* [12 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000134.html ASA-201411-9] {{pkg|file}} denial of service through out-of-bounds read<br />
* [12 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000133.html ASA-201411-8] {{pkg|mantisbt}} arbitrary code execution and unrestricted access<br />
* [11 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000132.html ASA-201411-7] {{pkg|curl}} out-of-bounds read<br />
* [10 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000131.html ASA-201411-6] {{pkg|kdebase-workspace}} local privilege escalation<br />
* [09 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000130.html ASA-201411-5] {{pkg|konversation}} denial of service<br />
* [06 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000129.html ASA-201411-4] {{pkg|polarssl}} multiple issues<br />
* [05 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000128.html ASA-201411-3] {{pkg|mantisbt}} sql injection<br />
* [03 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000127.html ASA-201411-2] {{pkg|aircrack-ng}} multiple vulnerabilities<br />
* [01 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000126.html ASA-201411-1] {{pkg|tnftp}} arbitrary command execution<br />
<br />
=== Oct 2014 ===<br />
<br />
* [29 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000125.html ASA-201410-14] {{pkg|wget}} arbitrary filesystem access<br />
* [27 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000124.html ASA-201410-13] {{pkg|ejabberd}} circumvention of encryption<br />
* [24 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000123.html ASA-201410-12] {{pkg|libxml2}} Denial of service<br />
* [24 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000122.html ASA-201410-11] {{pkg|ctags}} Denial of service<br />
* [23 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000121.html ASA-201410-10] {{pkg|libvncserver}} Remote code execution and Remote DoS<br />
* [22 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000120.html ASA-201410-9] {{pkg|libpurple}} Remote DoS and Information leakage<br />
* [20 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000119.html ASA-201410-8] {{pkg|wpa_supplicant}}, {{pkg|hostapd}} Arbitrary command execution<br />
* [16 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000118.html ASA-201410-7] {{pkg|drupal}} SQL Injection<br />
* [16 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000117.html ASA-201410-6] {{pkg|openssl}} Memory leak and poodle mitigation<br />
* [15 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000116.html ASA-201410-4] {{pkg|zeromq}} Man-in-the-middle downgrade and replay attack<br />
* [8 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000115.html ASA-201410-5] {{pkg|rsyslog}} Denial of service<br />
* [4 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000114.html ASA-201410-3] {{pkg|mediawiki}} Cross-site Scripting (XSS) and UI redressing<br />
* [2 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000113.html ASA-201410-2] {{pkg|jenkins}} Multiple issues<br />
* [1 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000112.html ASA-201410-1] {{pkg|rsyslog}} Remote denial of service<br />
<br />
=== Sep 2014 ===<br />
<br />
* [29 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000111.html ASA-201409-5] {{pkg|libvirt}} Out-of-bounds read access<br />
* [29 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000109.html ASA-201409-4] {{pkg|mediawiki}} Cross-site Scripting (XSS)<br />
* [26 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000102.html ASA-201409-3] {{pkg|python2}} Information leakage through integer overflow<br />
* [26 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000099.html ASA-201409-2] {{pkg|bash}} Remote code execution<br />
* [25 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000097.html ASA-201409-1] {{pkg|nss}} Signature forgery attack<br />
<br />
==Publishing a new advisory==<br />
<br />
We try to always wait for the vulnerability to have been fixed in the corresponding package before issuing an advisory.<br />
In case of an extremely critical vulnerability,<br />
we may issue an advisory before the package has been fixed, but only if a work-around exists. <br />
<br />
If you want to publish a new advisory, please check that:<br />
* the corresponding Arch Linux package is really vulnerable ;<br />
* the tracking [[Arch_CVE_Monitoring_Team#Procedure|Procedure]] has been completed;<br />
* no Arch Linux Security Advisory for this vulnerability has been published yet ;<br />
* no upcoming Security Advisory for this vulnerability has been claimed in the "[[#Scheduled Advisories|Scheduled Advisories]]" list of this page, as it would mean that someone is already working on an advisory ;<br />
* the current maintainer has been notified, either by flagging the package ouf-of-date if an upstream release fixing the issue exists and/or by creating a new [https://bugs.archlinux.org/ bug-tracker] entry (see the exact procedure [[Arch_CVE_Monitoring_Team#Procedure|here]]).<br />
<br />
You may then:<br />
* add a line in the "[[#Scheduled Advisories|Scheduled Advisories]]" list of this page, indicating that you are going to publish an advisory soon ;<br />
* use the following template as an example to write the advisory ;<br />
* ensure that every line in the advisory is properly wrapped after 72 characters<br />
* send the advisory to the [https://mailman.archlinux.org/mailman/listinfo/arch-security arch-security] mailing-list (note that it would be nice if you could send a PGP-signed e-mail, but it is not required).<br />
* move the published advisory from "[[#Scheduled Advisories|Scheduled Advisories]]" to "[[#Recent Advisories|Recent Advisories]]"<br />
* adapt the [[CVE#Documented_CVE.27s|CVE]] tracking page for the fixed package and add a link to the appropriate ASA.<br />
<br />
===Templates===<br />
<br />
{{bc|<nowiki><br />
Subject:<br />
[ASA-<YYYYMM-N>] <Package>: <Vulnerability Type><br />
<br />
Body:<br />
Arch Linux Security Advisory ASA-YYYYMM-N<br />
=========================================<br />
<br />
Severity: Low, Medium, High, Critical<br />
Date : YYYY-MM-DD<br />
CVE-ID : <CVE-ID><br />
Package : <package><br />
Type : <Vulnerability Type><br />
Remote : <Yes/No><br />
Link : https://wiki.archlinux.org/index.php/CVE<br />
<br />
Summary<br />
=======<br />
<br />
The package <package> before version <Arch Linux fixed version> is vulnerable to <Vulnerability type>.<br />
<br />
Resolution<br />
==========<br />
<br />
Upgrade to <Arch Linux fixed version>.<br />
<br />
# pacman -Syu "<package>>=<Arch Linux fixed version>"<br />
<br />
The problem has been fixed upstream in version <upstream fixed version>.<br />
<br />
Workaround<br />
==========<br />
<br />
<Is there a way to mitigate this vulnerability without upgrading?><br />
<br />
Description<br />
===========<br />
<br />
<Long description, for example from original advisory>.<br />
<br />
Impact<br />
======<br />
<br />
<<br />
What is it that an attacker can do? Does this need existing<br />
pre-conditions to be exploited (valid credentials, physical access)?<br />
Is this remotely exploitable?<br />
>.<br />
<br />
References<br />
==========<br />
<br />
<CVE-Link><br />
<Upstream report><br />
<Arch Linux Bug-Tracker><br />
</nowiki>}}<br />
<br />
===Vim-Snippet===<br />
<br />
Vim-Snippet for vim-ultisnips plugin for easy completing the archlinux template. Just install {{pkg|vim-ultisnips}} and copy the text below in your {{ic|~/.vim/UltiSnips/all.snippets}} you can jump through the tabstops with {{ic|CTRL+j}}.<br />
<br />
{{bc|<nowiki><br />
snippet archsec "arch security form" <br />
Arch Linux Security Advisory ASA-`date -I -u | egrep -o '[0-9]{4}'``date -I -u | egrep -o '[0-9]{2}' | sed '3q;d'`-${1}<br />
========================================${1/./=/g} <br />
<br />
Severity: ${2} <br />
Date : `date -I -u` <br />
CVE-ID : $3 <br />
Package : $4 <br />
Type : $5<br />
Remote : ${6} <br />
Link : https://wiki.archlinux.org/index.php/CVE <br />
<br />
Summary<br />
=======<br />
<br />
The package $4 before version $7 is vulnerable to $5 ${8} <br />
<br />
Resolution<br />
==========<br />
<br />
Upgrade to $7.<br />
<br />
# pacman -Syu "$4>=$7" <br />
<br />
${9:The problems have been fixed upstream in version ${7/-\d+$/./}} <br />
<br />
Workaround<br />
========== <br />
<br />
${10:None.} <br />
<br />
Description <br />
=========== <br />
<br />
${3/(CVE-....-....)(\s?)/- $1(?2: : )()\n\n/g} <br />
<br />
Impact<br />
====== <br />
<br />
A${6/(Yes)|(No)/(?1: remote )(?2: local )/}attacker is able to ${12} <br />
<br />
References<br />
========== <br />
<br />
${3/(CVE-....-....)(\s?)/https:\/\/access.redhat.com\/security\/cve\/$1\n/g}<br />
${13}<br />
endsnippet<br />
<br />
</nowiki>}}</div>
Anthraxx
https://wiki.archlinux.org/index.php?title=CVE&diff=454772
CVE
2016-10-22T12:06:07Z
<p>Anthraxx: /* Documented CVE's */ linux advisory</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Related articles start}}<br />
{{Related|Arch CVE Monitoring Team}}<br />
{{Related|Security Advisories}}<br />
{{Related|Security Advisories/Examples}}<br />
{{Related articles end}}<br />
This article documents [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's) that are found and fixed in Arch Linux. <br />
<br />
== Introduction ==<br />
<br />
CVE's represent critical security vulnerabilities which must be addressed as quickly as possible. <br />
<br />
Once a CVE has been located and fixed, it is added to the CVE documentation table below.<br />
<br />
== Helping ==<br />
<br />
This is a community driven project. Please consider joining the [[Arch CVE Monitoring Team]]. <br />
<br />
Also, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch security mailing list]. There is an IRC on irc://irc.freenode.net/archlinux-security.<br />
<br />
== Procedure ==<br />
<br />
When adding a CVE to the table, add it to the TOP of the table. Use Wiki markup to create links in the "CVE-ID", "Package", and "Status" columns. The following template may be used to ease the process of adding CVE entries into the table. The first line, "|-" represents the creation of a new row in the table, while the second line should be modified per CVE:<br />
<br />
{{hc|CVE Table Addition Template|<nowiki><br />
|-<br />
| {{CVE|CVE-2016-????}} || {{Pkg|pkgname}} || Disclosure date || Affected versions || Fixed in version || Arch Linux response time || Status(Fixed|Pending|Invalid) (Bug reports) || {{ASA|ASA-??????-??}}<br />
</nowiki>}}<br />
<br />
{{Note|<br />
* If the CVE is not found in [http://nvd.nist.gov/home.cfm NVD], just include a link to different database in the first column: {{ic|<nowiki>[http://link.to.cve CVE-2014-????]</nowiki>}}<br />
* The "Disclosure date" field should be expressed in [[Wikipedia:ISO 8601|ISO 8601 format]] to avoid any confusion. Example: 2014-03-22.<br />
* The "Arch Linux response time" field corresponds to the time between the public release of a vulnerability and the date the package update fixing the vulnerability is made available in the official stable repositories. The "Time really vulnerable" is potentially much lengthier but is harder to estimate.<br />
}}<br />
<br />
The above "CVE-template" should be added after the line:<br />
<br />
{{bc|<nowiki>! scope="col" width="125px" data-sort-type="text" | CVE-ID !! Package !! Disclosure date !! Affected versions !! Fixed in version !! Arch Linux response time !! Status (and related bug reports) !! ASA-ID</nowiki>}}<br />
<br />
== Response time ==<br />
<br />
The response time is the time taken to get a fixed package to the stable repositories.<br />
<br />
== Documented CVE's ==<br />
<br />
{{Note|Refer to the [[#Procedure]] section when adding new entries.}}<br />
<br />
{| class="wikitable sortable" style="margin: 1em auto 1em auto; text-align: center;" width="100%"<br />
! height="50px" colspan="8" style="font-size: 125%;"| '''TRACKED CVE's'''<br />
|-<br />
! scope="col" width="130px" data-sort-type="text" | CVE-ID !! Package !! Disclosure date !! Affected versions !! Fixed in Arch Linux package version !! Arch Linux response time !! Status (and related bug reports) !! ASA-ID<br />
|-<br />
| {{CVE|CVE-2016-7401}} || {{pkg|python-django}} {{pkg|python2-django}} || 2016-10-21 || <= 1.9.9-1 || 1.10.1-1 || || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-October/000741.html ASA-201610-13] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000740.html ASA-201610-12]<br />
|-<br />
| {{CVE|CVE-2016-5195}} [https://github.com/dirtycow/dirtycow.github.io/wiki/VulnerabilityDetails] || {{pkg|linux}} || 2016-10-21 || <= 4.8.2-1 || 4.8.3-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-October/000742.html ASA-201610-14]<br />
|-<br />
| {{CVE|CVE-2016-5195}} [https://github.com/dirtycow/dirtycow.github.io/wiki/VulnerabilityDetails] || {{pkg|linux-grsec}} || 2016-10-21 || <= 1:4.7.8.r201610161720-1 || || || '''Vulnerable''' || <br />
|-<br />
| {{CVE|CVE-2016-5195}} [https://github.com/dirtycow/dirtycow.github.io/wiki/VulnerabilityDetails] || {{pkg|linux-lts}} || 2016-10-21 || <= 4.4.25-1 || 4.4.26-1 || <3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-October/000739.html ASA-201610-11]<br />
|-<br />
| {{CVE|CVE-2016-8605}} {{CVE|CVE-2016-8606}} [http://www.openwall.com/lists/oss-security/2016/10/11/1] [http://www.openwall.com/lists/oss-security/2016/10/12/2] || {{pkg|guile}} || 2016-10-11 || <= 2.0.12-1 || 2.0.13-1 || <3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-October/000738.html ASA-201610-10]<br />
|-<br />
| {{CVE|CVE-2016-7906}} {{CVE|CVE-2016-7799}} [http://www.openwall.com/lists/oss-security/2016/10/02/3] [http://www.openwall.com/lists/oss-security/2016/10/01/6] || {{pkg|imagemagick}} || 2016-10-02 || <= 6.9.5.10-1 || 6.9.6.0-1 || <5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-October/000734.html ASA-201610-6]<br />
|-<br />
| {{CVE|CVE-2016-7967}} {{CVE|CVE-2016-7968}} [https://www.kde.org/info/security/advisory-20161006-2.txt] [https://www.kde.org/info/security/advisory-20161006-3.txt] [http://seclists.org/oss-sec/2016/q4/23] || {{pkg|messagelib}} || 2016-10-06 || <= 16.08.1-1 || 16.08.1-2 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-October/000733.html ASA-201610-5]<br />
|- <br />
| {{CVE|CVE-2016-7966}} [https://www.kde.org/info/security/advisory-20161006-1.txt] [http://seclists.org/oss-sec/2016/q4/23] || {{pkg|kcoreaddons}} || 2016-10-06 || <= 5.26.0-1 || 5.26.0-2 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-October/000732.html ASA-201610-4]<br />
|- <br />
| {{CVE|CVE-2016-7795}} || {{pkg|systemd}} || 2016-09-29 || <= 231-1 || 231-2 || 6d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-October/000730.html ASA-201610-2]<br />
|- <br />
| {{CVE|CVE-2016-5177}} {{CVE|CVE-2016-5178}} [https://googlechromereleases.blogspot.fr/2016/09/stable-channel-update-for-desktop_29.html] || {{pkg|chromium}} || 2016-09-29 || <= 53.0.2785.116-1 || 53.0.2785.143-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-October/000729.html ASA-201610-1]<br />
|- <br />
| {{CVE|CVE-2016-7168}} {{CVE|CVE-2016-7169}} [https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/] || {{pkg|wordpress}} || 2016-09-29 || <= 4.6.0-1 || 4.6.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000728.html ASA-201609-32]<br />
|- <br />
| {{CVE|CVE-2016-5180}} [https://c-ares.haxx.se/adv_20160929.html] || {{pkg|c-ares}} || 2016-09-29 || <= 1.11.0-1 || 1.12.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000727.html ASA-201609-31]<br />
|- <br />
| {{CVE|CVE-2016-2776}} [https://kb.isc.org/article/AA-01419/0] || {{pkg|bind}} || 2016-07-27 || <= 9.10.4.P2-1 || 9.10.4.P3-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000725.html ASA-201607-29]<br />
|-<br />
| {{CVE|CVE-2016-7052}} [https://www.openssl.org/news/secadv/20160926.txt] || {{pkg|lib32-openssl}} || 2016-09-26 || <= 1:1.0.2.i-1 || 1:1.0.2.j-1 || || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000724.html ASA-201609-28]<br />
|- <br />
| {{CVE|CVE-2016-7052}} [https://www.openssl.org/news/secadv/20160926.txt] || {{pkg|openssl}} || 2016-09-26 || <= 1.0.2.i-1 || 1.0.2.j-1 || || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000726.html ASA-201609-30]<br />
|- <br />
| {{CVE|CVE-2016-6309}} [https://www.openssl.org/news/secadv/20160926.txt] || {{pkg|lib32-openssl}} || 2016-09-26 || <= 1:1.0.2.i-1 || || || Not Affected || None<br />
|- <br />
| {{CVE|CVE-2016-6309}} [https://www.openssl.org/news/secadv/20160926.txt] || {{pkg|openssl}} || 2016-09-26 || <= 1.0.2.i-1 || || || Not Affected || None<br />
|- <br />
| {{CVE|CVE-2016-2177}} {{CVE|CVE-2016-2178}} {{CVE|CVE-2016-2179}} {{CVE|CVE-2016-2180}} {{CVE|CVE-2016-2181}} {{CVE|CVE-2016-2182}} {{CVE|CVE-2016-2183}} {{CVE|CVE-2016-6302}} {{CVE|CVE-2016-6303}} {{CVE|CVE-2016-6304}} {{CVE|CVE-2016-6306}} [http://eprint.iacr.org/2016/594] [https://www.openssl.org/news/secadv/20160922.txt] || {{pkg|openssl}} || 2016-09-22 || <= 1.0.2.h-1 || 1.0.2.i-1 || <1d || Fixed ({{bug|49616}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000719.html ASA-201609-23]<br />
|- <br />
| {{CVE|CVE-2016-2177}} {{CVE|CVE-2016-2178}} {{CVE|CVE-2016-2179}} {{CVE|CVE-2016-2180}} {{CVE|CVE-2016-2181}} {{CVE|CVE-2016-2182}} {{CVE|CVE-2016-2183}} {{CVE|CVE-2016-6302}} {{CVE|CVE-2016-6303}} {{CVE|CVE-2016-6304}} {{CVE|CVE-2016-6306}} [http://eprint.iacr.org/2016/594] [https://www.openssl.org/news/secadv/20160922.txt] || {{pkg|lib32-openssl}} || 2016-09-22 || <= 1:1.0.2.h-1 || 1:1.0.2.i-1 || <1d || Fixed ({{bug|49616}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000720.html ASA-201609-24]<br />
|- <br />
| {{CVE|CVE-2016-7044}} {{CVE|CVE-2016-7045}} [https://irssi.org/security/irssi_sa_2016.txt] || {{pkg|irssi}} || 2016-09-21 || <= 0.8.19-2 || 0.8.20-1 || || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000716.html ASA-201609-20]<br />
|- <br />
| {{CVE|CVE-2016-5270}} {{CVE|CVE-2016-5271}} {{CVE|CVE-2016-5272}} {{CVE|CVE-2016-5273}} {{CVE|CVE-2016-5276}} {{CVE|CVE-2016-5274}} {{CVE|CVE-2016-5277}} {{CVE|CVE-2016-5275}} {{CVE|CVE-2016-5278}} {{CVE|CVE-2016-5279}} {{CVE|CVE-2016-5280}} {{CVE|CVE-2016-5281}} {{CVE|CVE-2016-5282}} {{CVE|CVE-2016-5283}} {{CVE|CVE-2016-5284}} {{CVE|CVE-2016-5256}} {{CVE|CVE-2016-5257}} [https://www.mozilla.org/en-US/security/advisories/mfsa2016-85/] || {{pkg|firefox}} || 2016-09-13 || <= 48.0.2-1 || 49.0-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000718.html ASA-201609-22]<br />
|- <br />
| {{CVE|CVE-2016-5388}} || {{pkg|tomcat7}} || 2016-09-18 || <= 7.0.70-1 || 7.0.72-1 || || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000717.html ASA-201609-21]<br />
|- <br />
| {{CVE|CVE-2016-7420}} [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7420] || {{pkg|crypto++}} || 2016-09-18 || <= 5.6.4-2 || 5.6.5-1 || <24d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-October/000736.html ASA-201610-8 ]<br />
|- <br />
| {{CVE|CVE-2016-7444}} [http://seclists.org/oss-sec/2016/q3/545] [https://www.gnutls.org/security.html#GNUTLS-SA-2016-3] || {{pkg|gnutls}} || 2016-09-08 || <= 3.4.14-1 || 3.4.15-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000721.html ASA-201609-25]<br />
|- <br />
| {{CVE|CVE-2016-7444}} [http://seclists.org/oss-sec/2016/q3/545] [https://www.gnutls.org/security.html#GNUTLS-SA-2016-3] || {{pkg|lib32-gnutls}} || 2016-09-08 || <= 3.4.14-1 || 3.4.15-1 || 13d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000722.html ASA-201609-26]<br />
|- <br />
| {{CVE|CVE-2016-5170}} {{CVE|CVE-2016-5171}} {{CVE|CVE-2016-5172}} {{CVE|CVE-2016-5173}} {{CVE|CVE-2016-5174}} {{CVE|CVE-2016-5175}} [https://googlechromereleases.blogspot.fr/2016/09/stable-channel-update-for-desktop_13.html] || {{pkg|chromium}} || 2016-09-13 || <= 53.0.2785.101-1 || 53.0.2785.116-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000709.html ASA-201609-13]<br />
|- <br />
| {{CVE|CVE-2016-7412}} {{CVE|CVE-2016-7413}} {{CVE|CVE-2016-7414}} {{CVE|CVE-2016-7416}} {{CVE|CVE-2016-7417}} {{CVE|CVE-2016-7418}} [http://www.openwall.com/lists/oss-security/2016/09/15/10] || {{pkg|php}} || 2016-09-15 || <= 7.0.10-1 || 7.0.11-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000712.html ASA-201609-16]<br />
|- <br />
| {{CVE|CVE-2016-6352}} [https://bugzilla.redhat.com/show_bug.cgi?id=1349751] || {{pkg|lib32-gdk-pixbuf2}} || 2016-08-31 || <= 2.34.0-1 || || || '''Vulnerable''' ||<br />
|- <br />
| {{CVE|CVE-2016-6352}} [https://bugzilla.redhat.com/show_bug.cgi?id=1349751] || {{pkg|gdk-pixbuf2}} || 2016-08-31 || <= 2.34.0-2 || 2.36.0+2+ga7c869a-1 || 50d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-October/000737.html ASA-201610-9]<br />
|- <br />
| {{CVE|CVE-2016-7167}} [https://curl.haxx.se/docs/adv_20160914.html] || {{pkg|curl}} || 2016-09-14 || <= 7.50.2-1 || 7.50.3-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000715.html ASA-201609-19]<br />
|- <br />
| {{CVE|CVE-2016-7167}} [https://curl.haxx.se/docs/adv_20160914.html] || {{pkg|lib32-curl}} || 2016-09-14 || <= 7.50.0-1 || 7.50.3-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000714.html ASA-201609-18]<br />
|- <br />
| {{CVE|CVE-2016-4271}} {{CVE|CVE-2016-4272}} {{CVE|CVE-2016-4274}} {{CVE|CVE-2016-4275}} {{CVE|CVE-2016-4276}} {{CVE|CVE-2016-4277}} {{CVE|CVE-2016-4278}} {{CVE|CVE-2016-4279}} {{CVE|CVE-2016-4280}} {{CVE|CVE-2016-4281}} {{CVE|CVE-2016-4282}} {{CVE|CVE-2016-4283}} {{CVE|CVE-2016-4284}} {{CVE|CVE-2016-4285}} {{CVE|CVE-2016-4287}} {{CVE|CVE-2016-6921}} {{CVE|CVE-2016-6922}} {{CVE|CVE-2016-6923}} {{CVE|CVE-2016-6924}} {{CVE|CVE-2016-6925}} {{CVE|CVE-2016-6926}} {{CVE|CVE-2016-6927}} {{CVE|CVE-2016-6929}} {{CVE|CVE-2016-6930}} {{CVE|CVE-2016-6931}} {{CVE|CVE-2016-6932}} [https://helpx.adobe.com/security/products/flash-player/apsb16-29.html] || {{pkg|flashplugin}} {{pkg|lib32-flashplugin}} || 2016-09-13 || <= 11.2.202.632-1 || 11.2.202.635-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000707.html ASA-201609-11] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000708.html ASA-201609-12]<br />
|- <br />
| {{CVE|CVE-2016-6662}} {{CVE|CVE-2016-6663}} [https://mariadb.org/mariadb-server-versions-remote-root-code-execution-vulnerability-cve-2016-6662/] [https://jira.mariadb.org/browse/MDEV-10465] [http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html] || {{Pkg|mariadb}} || 2016-09-13 || <= 10.1.16-2 || 10.1.17-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000706.html ASA-201609-10]<br />
|-<br />
| {{CVE|CVE-2016-7180}} {{CVE|CVE-2016-7175}} {{CVE|CVE-2016-7176}} {{CVE|CVE-2016-7177}} {{CVE|CVE-2016-7178}} {{CVE|CVE-2016-7179}} [https://www.wireshark.org/security/wnpa-sec-2016-50.html] [https://www.wireshark.org/security/wnpa-sec-2016-51.html] [https://www.wireshark.org/security/wnpa-sec-2016-52.html] [https://www.wireshark.org/security/wnpa-sec-2016-53.html] [https://www.wireshark.org/security/wnpa-sec-2016-54.html] [https://www.wireshark.org/security/wnpa-sec-2016-55.html] || {{pkg|wireshark-cli}} || 2016-09-09 || <= 2.0.5-1 || 2.2.0-1 || 15d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000723.html ASA-201609-27]<br />
|- <br />
| {{CVE|CVE-2016-5388}} [https://www.apache.org/security/asf-httpoxy-response.txt] || {{pkg|tomcat8}} || 2016-07-18 || <= 8.0.36-1 || 8.0.37-1 || 52d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000703.html ASA-201609-7] <br />
|-<br />
| {{CVE|CVE-2016-7164}} [http://ftp.gnome.org/mirror/gnome.org/sources/file-roller/3.20/file-roller-3.20.3.news] || {{pkg|file-roller}} || 2016-09-08 || <= 3.20.2-1 || 3.20.3-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000701.html ASA-201609-5]<br />
|-<br />
| {{CVE|CVE-2016-5426}} {{CVE|CVE-2016-5427}} [http://seclists.org/oss-sec/2016/q3/464] [https://doc.powerdns.com/md/security/powerdns-advisory-2016-01/] || {{pkg|powerdns}} || 2016-09-08 || 3.4.9-1 || 4.0.1-3 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000705.html ASA-201609-9]<br />
|-<br />
| {{CVE|CVE-2016-7164}} [http://seclists.org/oss-sec/2016/q3/443] || {{pkg|libtorrent-rasterbar}} || 2016-09-08 || <= 1:1.1-3 || 1:1.1.1-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000704.html ASA-201609-8]<br />
|-<br />
| {{CVE|CVE-2016-7141}} [https://curl.haxx.se/docs/adv_20160907.html] || {{pkg|curl}} || 2016-09-07 || N/A || N/A || - || Not Affected || None<br />
|-<br />
| {{CVE|CVE-2016-2835}} {{CVE|CVE-2016-2836}} [https://www.mozilla.org/en-US/security/advisories/mfsa2016-62/] || {{pkg|thunderbird}} || 2016-08-30 || <= 45.2.0-2 || 45.3.0-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000699.html ASA-201609-3]<br />
|-<br />
| {{CVE|CVE-2016-7134}} {{CVE|CVE-2016-7133}} {{CVE|CVE-2016-7132}} {{CVE|CVE-2016-7131}} {{CVE|CVE-2016-7130}} {{CVE|CVE-2016-7129}} {{CVE|CVE-2016-7128}} {{CVE|CVE-2016-7127}} {{CVE|CVE-2016-7126}} {{CVE|CVE-2016-7125}} {{CVE|CVE-2016-7124}} [http://www.openwall.com/lists/oss-security/2016/09/02/9] || {{pkg|php}} || 2016-09-03 || <= 7.0.10-1 || 7.0.11-1 || || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-5147}} {{CVE|CVE-2016-5148}} {{CVE|CVE-2016-5149}} {{CVE|CVE-2016-5150}} {{CVE|CVE-2016-5151}} {{CVE|CVE-2016-5152}} {{CVE|CVE-2016-5153}} {{CVE|CVE-2016-5154}} {{CVE|CVE-2016-5155}} {{CVE|CVE-2016-5156}} {{CVE|CVE-2016-5157}} {{CVE|CVE-2016-5158}} {{CVE|CVE-2016-5159}} {{CVE|CVE-2016-5160}} {{CVE|CVE-2016-5161}} {{CVE|CVE-2016-5162}} {{CVE|CVE-2016-5163}} {{CVE|CVE-2016-5164}} {{CVE|CVE-2016-5165}} {{CVE|CVE-2016-5166}} {{CVE|CVE-2016-5167}} [https://googlechromereleases.blogspot.fr/2016/08/stable-channel-update-for-desktop_31.html] || {{pkg|chromium}} || 2016-08-31 || <= 52.0.2743.116-1 || 53.0.2785.89-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000697.html ASA-201609-1]<br />
|-<br />
| {{CVE|CVE-2016-6525}} [http://bugs.ghostscript.com/show_bug.cgi?id=696954] || {{Pkg|mupdf}} || 2016-07-19 || <= 1.9a-4 || 1.9a-5 || 1d || Fixed ([https://bugs.archlinux.org/task/50590 FS#50590 ]) || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000696.html ASA-201608-22] <br />
|-<br />
| {{CVE|CVE-2016-6265}} [http://bugs.ghostscript.com/show_bug.cgi?id=696941] || {{Pkg|mupdf}} || 2016-07-19 || <= 1.9a-3 || 1.9a-4 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000695.html ASA-201608-21] <br />
|-<br />
| {{CVE|CVE-2016-4590}} {{CVE|CVE-2016-4591}} {{CVE|CVE-2016-4622}} {{CVE|CVE-2016-4624}} [https://webkitgtk.org/2016/08/24/webkitgtk2.12.4-released.html] [https://webkitgtk.org/security/WSA-2016-0005.html] || {{pkg|webkit2gtk}} || 2016-08-24 || <= 2.12.3-1 || 2.12.4-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000698.html ASA-201609-2]<br />
|-<br />
| {{CVE|CVE-2016-6331}} {{CVE|CVE-2016-6332}} {{CVE|CVE-2016-6333}} {{CVE|CVE-2016-6334}} {{CVE|CVE-2016-6335}} {{CVE|CVE-2016-6336}} {{CVE|CVE-2016-6337}} [https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html] || {{pkg|mediawiki}} || 2016-08-23 || <= 1.27.0-1 || 1.27.1-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000693.html ASA-201608-19] <br />
|-<br />
| {{CVE|CVE-2016-6313}} [https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html] || {{pkg|lib32-libgcrypt}} || 2016-08-17 || <= 1.7.2-1 || 1.7.3-1 || 31d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000710.html ASA-201609-14]<br />
|-<br />
| {{CVE|CVE-2016-6313}} [https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html] || {{pkg|libgcrypt}} || 2016-08-17 || <= 1.7.2-1 || 1.7.3-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000692.html ASA-201608-18]<br />
|-<br />
| {{CVE|CVE-2016-5423}} {{CVE|CVE-2016-5424}} [https://www.postgresql.org/about/news/1688/] || {{pkg|postgresql}} {{pkg|postgresql-libs}} || 2016-08-11 || <= 9.5.3-1 || 9.5.4-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000688.html ASA-201608-14]<br />
|-<br />
| {{CVE|CVE-2016-5696}} [http://seclists.org/oss-sec/2016/q3/44] [https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=75ff39ccc1bd5d3c455b6822ab09e533c551f758] || {{pkg|linux}} || 2016-07-12 || <= 4.6.4-1 || 4.7-1 || 31d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000686.html ASA-201608-12]<br />
|-<br />
| {{CVE|CVE-2016-5696}} [http://seclists.org/oss-sec/2016/q3/44] [https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=75ff39ccc1bd5d3c455b6822ab09e533c551f758] || {{pkg|linux-grsec}} || 2016-07-12 || <= 4.6.5.201607312210-1 || 4.7.201608131240-1 || 33d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000687.html ASA-201608-13]<br />
|-<br />
| {{CVE|CVE-2016-5696}} [http://seclists.org/oss-sec/2016/q3/44] [https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=75ff39ccc1bd5d3c455b6822ab09e533c551f758] || {{pkg|linux-lts}} || 2016-07-12 || <= 4.4.16-1 || 4.4.19-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000691.html ASA-201608-17]<br />
|-<br />
| {{CVE|CVE-2016-5696}} [http://seclists.org/oss-sec/2016/q3/44] [https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=75ff39ccc1bd5d3c455b6822ab09e533c551f758] || {{pkg|linux-zen}} || 2016-07-12 || <= 4.6.5-1 || 4.7-1 || 35d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000689.html ASA-201608-15]<br />
|-<br />
| {{CVE|CVE-2016-5139}} {{CVE|CVE-2016-5140}} {{CVE|CVE-2016-5141}} {{CVE|CVE-2016-5142}} {{CVE|CVE-2016-5143}} {{CVE|CVE-2016-5144}} {{CVE|CVE-2016-5145}} {{CVE|CVE-2016-5146}} [https://googlechromereleases.blogspot.fr/2016/08/stable-channel-update-for-desktop.html] || {{pkg|chromium}} || 2016-08-03 || <= 52.0.2743.85-2 || 52.0.2743.116-1 || 14d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000690.html ASA-201608-16]<br />
|-<br />
| {{CVE|CVE-2016-6255}} || {{pkg|libupnp}} || 2016-08-08 || <= 1.6.19-1 || 1.6.20-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000682.html ASA-201608-8]<br />
|-<br />
| {{CVE|CVE-2016-3075}} {{CVE|CVE-2016-5417}} [https://sourceware.org/bugzilla/show_bug.cgi?id=19879] [https://sourceware.org/bugzilla/show_bug.cgi?id=19257] || {{pkg|glibc}} {{pkg|lib32-glibc}} || 2016-08-02 || <= 2.23-5 || 2.24-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000680.html ASA-201608-6] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000681.html ASA-201608-7]<br />
|-<br />
| {{CVE|CVE-2016-3458}} {{CVE|CVE-2016-3500}} {{CVE|CVE-2016-3508}} {{CVE|CVE-2016-3550}} {{CVE|CVE-2016-3598}} {{CVE|CVE-2016-3606}} {{CVE|CVE-2016-3610}} [http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2016-July/036560.html] || {{pkg|jdk7-openjdk}} {{pkg|jre7-openjdk}} {{pkg|jre7-openjdk-headless}} || 2016-07-29 || <= 7.u101_2.6.6 || 7.u111_2.6.7 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000677.html ASA-201608-3] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000678.html ASA-201608-4] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000679.html ASA-201608-5]<br />
|-<br />
| {{CVE|CVE-2016-0718}} {{CVE|CVE-2016-2830}} {{CVE|CVE-2016-2835}} {{CVE|CVE-2016-2836}} {{CVE|CVE-2016-2837}} {{CVE|CVE-2016-2838}} {{CVE|CVE-2016-2839}} {{CVE|CVE-2016-5250}} {{CVE|CVE-2016-5251}} {{CVE|CVE-2016-5252}} {{CVE|CVE-2016-5254}} {{CVE|CVE-2016-5255}} {{CVE|CVE-2016-5258}} {{CVE|CVE-2016-5259}} {{CVE|CVE-2016-5260}} {{CVE|CVE-2016-5261}} {{CVE|CVE-2016-5262}} {{CVE|CVE-2016-5263}} {{CVE|CVE-2016-5264}} {{CVE|CVE-2016-5265}} {{CVE|CVE-2016-5266}} {{CVE|CVE-2016-5268}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox48] || {{pkg|firefox}} || 2016-08-02 || <= 47.0.1-1 || 48.0-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000676.html ASA-201608-2]<br />
|-<br />
| {{CVE|CVE-2016-5419}} {{CVE|CVE-2016-5420}} {{CVE|CVE-2016-5421}} [https://curl.haxx.se/docs/adv_20160803A.html] [https://curl.haxx.se/docs/adv_20160803B.html] [https://curl.haxx.se/docs/adv_20160803C.html] || {{pkg|curl}} || 2016-08-03 || <= 7.50.0-1 || 7.50.1-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000683.html ASA-201608-9]<br />
|-<br />
| {{CVE|CVE-2016-6210}} [http://www.openssh.com/txt/release-7.3] [http://seclists.org/fulldisclosure/2016/Jul/51] || {{pkg|openssh}} || 2016-07-14 || <= 7.2p2-2 || 7.3p1-1 || 16d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000675.html ASA-201608-1]<br />
|-<br />
| {{CVE|CVE-2016-6503}} {CVE|CVE-2016-6504}} {{CVE|CVE-2016-6507}} [http://seclists.org/oss-sec/2016/q3/217] [[http://www.wireshark.org/security/wnpa-sec-2016-39.html] [http://www.wireshark.org/security/wnpa-sec-2016-40.html] [http://www.wireshark.org/security/wnpa-sec-2016-43.html] || {{pkg|wireshark-cli}} || 2016-07-28 || <= 2.0.4-1 || - || - || Not Affected || None<br />
|-<br />
| {{CVE|CVE-2016-6505}} {{CVE|CVE-2016-6506}} {{CVE|CVE-2016-6508}} {{CVE|CVE-2016-6509}} {{CVE|CVE-2016-6510}} {{CVE|CVE-2016-6511}} {{CVE|CVE-2016-6512}} {{CVE|CVE-2016-6513}} [http://seclists.org/oss-sec/2016/q3/217] [http://www.wireshark.org/security/wnpa-sec-2016-41.html] [http://www.wireshark.org/security/wnpa-sec-2016-42.html] [http://www.wireshark.org/security/wnpa-sec-2016-44.html] [http://www.wireshark.org/security/wnpa-sec-2016-45.html] [http://www.wireshark.org/security/wnpa-sec-2016-46.html] [http://www.wireshark.org/security/wnpa-sec-2016-47.html] [http://www.wireshark.org/security/wnpa-sec-2016-48.html] [http://www.wireshark.org/security/wnpa-sec-2016-49.html] || {{pkg|wireshark-cli}} || 2016-07-28 || <= 2.0.4-1 || 2.0.5-1 || 26d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000694.html ASA-201608-20]<br />
|-<br />
| {{CVE|CVE-2016-6491}} [http://seclists.org/oss-sec/2016/q3/194] [http://git.imagemagick.org/repos/ImageMagick/commit/5cb6c1acd3e3b12f9260daf207db432df7f792c2] || {{pkg|imagemagick}} || 2016-07-27 || <= 6.9.5.2-1 || 6.9.5.3-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000673.html ASA-201607-13]<br />
|-<br />
| {{CVE|CVE-2015-8948}} {{CVE|CVE-2016-6261}} {{CVE|CVE-2016-6262}} {{CVE|CVE-2016-6263}} || {{Pkg|libidn}} || 2016-07-20 || <= 1.32-1 || 1.33-1 || 10d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000674.html ASA-201607-14]<br />
|-<br />
| {{CVE|CVE-2016-6186}} || {{Pkg|python-django}} {{Pkg|python2-django}}|| 2016-07-18 || <= 1.9.8-1 || 1.9.8-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000670.html ASA-201607-10] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000671.html ASA-201607-11]<br />
|-<br />
| {{CVE|CVE-2016-1705}} {{CVE|CVE-2016-1706}} {{CVE|CVE-2016-1708}} {{CVE|CVE-2016-1709}} {{CVE|CVE-2016-1710}} {{CVE|CVE-2016-1711}} {{CVE|CVE-2016-5127}} {{CVE|CVE-2016-5128}} {{CVE|CVE-2016-5129}} {{CVE|CVE-2016-5130}} {{CVE|CVE-2016-5131}} {{CVE|CVE-2016-5132}} {{CVE|CVE-2016-5133}} {{CVE|CVE-2016-5134}} {{CVE|CVE-2016-5135}} {{CVE|CVE-2016-5136}} {{CVE|CVE-2016-5137}} [https://googlechromereleases.blogspot.fr/2016/07/stable-channel-update.html] || {{pkg|chromium}} || 2016-07-20 || <= 51.0.2704.106-1 || 52.0.2743.82-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000672.html ASA-201607-12]<br />
|-<br />
| {{CVE|CVE-2016-5385}} [https://www.drupal.org/SA-CORE-2016-003] || {{pkg|drupal}} || 2016-07-18 || <= 8.1.6-1 || 8.1.7-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000669.html ASA-201607-9]<br />
|-<br />
| {{CVE|CVE-2016-2775}} [https://kb.isc.org/article/AA-01393/74/CVE-2016-2775] || {{pkg|bind}} || 2016-07-19 || <= 9.10.4.P1-2 || 9.10.4.P2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000668.html ASA-201607-8]<br />
|-<br />
|{{CVE|CVE-2016-4173}} {{CVE|CVE-2016-4174}} {{CVE|CVE-2016-4175}} {{CVE|CVE-2016-4176}} {{CVE|CVE-2016-4177}} {{CVE|CVE-2016-4179}} {{CVE|CVE-2016-4180}} {{CVE|CVE-2016-4181}} {{CVE|CVE-2016-4182}} {{CVE|CVE-2016-4183}} {{CVE|CVE-2016-4184}} {{CVE|CVE-2016-4185}} {{CVE|CVE-2016-4186}} {{CVE|CVE-2016-4187}} {{CVE|CVE-2016-4188}} {{CVE|CVE-2016-4189}} {{CVE|CVE-2016-4190}} {{CVE|CVE-2016-4217}} {{CVE|CVE-2016-4218}} {{CVE|CVE-2016-4219}} {{CVE|CVE-2016-4220}} {{CVE|CVE-2016-4221}} {{CVE|CVE-2016-4222}} {{CVE|CVE-2016-4223}} {{CVE|CVE-2016-4224}} {{CVE|CVE-2016-4225}} {{CVE|CVE-2016-4226}} {{CVE|CVE-2016-4227}} {{CVE|CVE-2016-4228}} {{CVE|CVE-2016-4229}} {{CVE|CVE-2016-4230}} {{CVE|CVE-2016-4231}} {{CVE|CVE-2016-4232}} {{CVE|CVE-2016-4233}} {{CVE|CVE-2016-4234}} {{CVE|CVE-2016-4235}} {{CVE|CVE-2016-4236}} {{CVE|CVE-2016-4237}} {{CVE|CVE-2016-4238}} {{CVE|CVE-2016-4239}} {{CVE|CVE-2016-4240}} {{CVE|CVE-2016-4241}} {{CVE|CVE-2016-4242}} {{CVE|CVE-2016-4243}} {{CVE|CVE-2016-4244}} {{CVE|CVE-2016-4245}} {{CVE|CVE-2016-4246}} {{CVE|CVE-2016-4247}} {{CVE|CVE-2016-4248}} || {{pkg|flashplugin}} {{pkg|lib32-flashplugin}} || 2016-07-12 || <= 11.2.202.626-1 || 11.2.202.632-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000666.html ASA-201607-6] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000667.html ASA-201607-7]<br />
|-<br />
| {{CVE|CVE-2016-2815}} {{CVE|CVE-2016-2818}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird45.2] || {{pkg|thunderbird}} || 2016-06-30 || <= 45.1.1-2 || 45.2.0-1 || 10d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000664.html ASA-201607-4]<br />
|-<br />
| {{CVE|CVE-2016-4979}} [https://httpd.apache.org/security/vulnerabilities_24.html] || {{pkg|apache}} || 2016-07-05 || 2.4.18-2.4.20 || 2.4.23-1 || || Fixed ({{bug|49958}}) || None<br />
|-<br />
| {{CVE|CVE-2016-4994}} [https://bugzilla.gnome.org/show_bug.cgi?id=767873] || {{pkg|gimp}} || 2016-06-21 || <= 2.8.16-2 || 2.8.18-1 || 26d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000665.html ASA-201607-5]<br />
|-<br />
| {{CVE|CVE-2016-4472}} [https://bugzilla.redhat.com/show_bug.cgi?id=1344251] || {{pkg|expat}} || 2016-06-30 || <= 2.1.1-3 || 2.2.0-1 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-3189}} [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3189] || {{pkg|bzip2}} || 2016-06-30 || <= 1.0.6-5 || || || '''Vulnerable''' ||<br />
|-<br />
| {{CVE|CVE-2016-4463}} [http://seclists.org/bugtraq/2016/Jun/115] || {{pkg|xerces-c}} || 2016-06-29 || <= 3.1.3-2 || 3.1.4-1 || <3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000662.html ASA-201607-2]<br />
|-<br />
| {{CVE|CVE-2016-4324}} [http://www.talosintelligence.com/reports/TALOS-2016-0126/] || {{pkg|libreoffice-fresh}} || 2016-06-27 || <= 5.1.3-2 || 5.1.4-1 || <0d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000663.html ASA-201607-3]<br />
|-<br />
| {{CVE|CVE-2016-5701}} {{CVE|CVE-2016-5702}} {{CVE|CVE-2016-5703}} {{CVE|CVE-2016-5704}} {{CVE|CVE-2016-5705}} {{CVE|CVE-2016-5706}} {{CVE|CVE-2016-5730}} {{CVE|CVE-2016-5731}} {{CVE|CVE-2016-5732}} {{CVE|CVE-2016-5733}} {{CVE|CVE-2016-5734}} {{CVE|CVE-2016-5739}} [https://www.phpmyadmin.net/security/PMASA-2016-17/] [https://www.phpmyadmin.net/security/PMASA-2016-18/] [https://www.phpmyadmin.net/security/PMASA-2016-19/] [https://www.phpmyadmin.net/security/PMASA-2016-20/] [https://www.phpmyadmin.net/security/PMASA-2016-21/] [https://www.phpmyadmin.net/security/PMASA-2016-22/] [https://www.phpmyadmin.net/security/PMASA-2016-23/] [https://www.phpmyadmin.net/security/PMASA-2016-24/] [https://www.phpmyadmin.net/security/PMASA-2016-25/] [https://www.phpmyadmin.net/security/PMASA-2016-26/] [https://www.phpmyadmin.net/security/PMASA-2016-27/] [https://www.phpmyadmin.net/security/PMASA-2016-28/] || {{pkg|phpmyadmin}} || 2016-06-23 || <= 4.6.2-1 || 4.6.3-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000660.html ASA-201606-25]<br />
|-<br />
| {{CVE|CVE-2016-1704}} [https://googlechromereleases.blogspot.fr/2016/06/stable-channel-update_16.html] || {{pkg|chromium}} || 2016-01-16 || <= 51.0.2704.84-1 || 51.0.2704.103-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000655.html ASA-201606-20]<br />
|-<br />
| {{CVE|CVE-2016-2365}} {{CVE|CVE-2016-2366}} {{CVE|CVE-2016-2367}} {{CVE|CVE-2016-2368}} {{CVE|CVE-2016-2369}} {{CVE|CVE-2016-2370}} {{CVE|CVE-2016-2371}} {{CVE|CVE-2016-2372}} {{CVE|CVE-2016-2373}} {{CVE|CVE-2016-2374}} {{CVE|CVE-2016-2375}} {{CVE|CVE-2016-2376}} {{CVE|CVE-2016-2377}} {{CVE|CVE-2016-2378}} {{CVE|CVE-2016-2380}} {{CVE|CVE-2016-4323}} [http://blog.talosintel.com/2016/06/vulnerability-spotlight-pidgin.html] || {{pkg|libpurple}} || 2016-01-21 || <= 2.10.12-4 || 2.11.0-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000659.html ASA-201606-24]<br />
|-<br />
| {{CVE|CVE-2016-1541}} [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1541] || {{pkg|libarchive}} || 2016-01-17 || <= 3.1.2-8 || 3.2.0-1 || 47d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000661.html ASA-201607-1]<br />
|-<br />
| {{CVE|CVE-2016-5875}} {{CVE|CVE-2016-5314}} {{CVE|CVE-2016-5315}} {{CVE|CVE-2016-5316}} {{CVE|CVE-2016-5317}} {{CVE|CVE-2016-5320}} {{CVE|CVE-2016-5321}} {{CVE|CVE-2016-5322}} {{CVE|CVE-2016-5323}} {{CVE|CVE-2016-5102}} {{CVE|CVE-2016-3991}} {{CVE|CVE-2016-3990}} {{CVE|CVE-2016-3945}} {{CVE|CVE-2016-3658}} {{CVE|CVE-2016-3634}} {{CVE|CVE-2016-3633}} {{CVE|CVE-2016-3632}} {{CVE|CVE-2016-3631}} {{CVE|CVE-2016-3625}} {{CVE|CVE-2016-3624}} {{CVE|CVE-2016-3623}} {{CVE|CVE-2016-3622}} {{CVE|CVE-2016-3621}} {{CVE|CVE-2016-3620}} {{CVE|CVE-2016-3619}} {{CVE|CVE-2016-3186}} {{CVE|CVE-2015-8668}} {{CVE|CVE-2015-7313}} {{CVE|CVE-2014-8130}} {{CVE|CVE-2014-8127}} {{CVE|CVE-2010-2596}} {{CVE|CVE-2016-6223}} [http://www.openwall.com/lists/oss-security/2016/06/15/1] [http://www.openwall.com/lists/oss-security/2016/06/15/2] [http://www.openwall.com/lists/oss-security/2016/06/15/3] [http://www.openwall.com/lists/oss-security/2016/06/15/5] [http://www.openwall.com/lists/oss-security/2016/06/15/6] [http://www.openwall.com/lists/oss-security/2016/06/15/7] [http://www.openwall.com/lists/oss-security/2016/06/15/8] [http://www.openwall.com/lists/oss-security/2016/06/15/9] [https://security-tracker.debian.org/tracker/source-package/tiff] [http://www.openwall.com/lists/oss-security/2016/07/13/3] || {{pkg|libtiff}} || 2016-06-19 || <= 4.0.6-2 || || || '''Vulnerable''' ||<br />
|-<br />
| {{CVE|CVE-2016-4122}} {{CVE|CVE-2016-4123}} {{CVE|CVE-2016-4124}} {{CVE|CVE-2016-4125}} {{CVE|CVE-2016-4127}} {{CVE|CVE-2016-4128}} {{CVE|CVE-2016-4129}} {{CVE|CVE-2016-4130}} {{CVE|CVE-2016-4131}} {{CVE|CVE-2016-4132}} {{CVE|CVE-2016-4133}} {{CVE|CVE-2016-4134}} {{CVE|CVE-2016-4135}} {{CVE|CVE-2016-4136}} {{CVE|CVE-2016-4137}} {{CVE|CVE-2016-4138}} {{CVE|CVE-2016-4139}} {{CVE|CVE-2016-4140}} {{CVE|CVE-2016-4141}} {{CVE|CVE-2016-4142}} {{CVE|CVE-2016-4143}} {{CVE|CVE-2016-4144}} {{CVE|CVE-2016-4145}} {{CVE|CVE-2016-4146}} {{CVE|CVE-2016-4147}} {{CVE|CVE-2016-4148}} {{CVE|CVE-2016-4149}} {{CVE|CVE-2016-4150}} {{CVE|CVE-2016-4151}} {{CVE|CVE-2016-4152}} {{CVE|CVE-2016-4153}} {{CVE|CVE-2016-4154}} {{CVE|CVE-2016-4155}} {{CVE|CVE-2016-4156}} {{CVE|CVE-2016-4166}} {{CVE|CVE-2016-4171}} [https://helpx.adobe.com/security/products/flash-player/apsb16-18.html] || {{pkg|flashplugin}} {{pkg|lib32-flashplugin}} || 2016-06-16 || <= 11.2.202.621-1 || 11.2.202.626-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000650.html ASA-201606-15] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000653.html ASA-201606-18]<br />
|-<br />
| {{CVE|CVE-2016-4971}} [https://lists.gnu.org/archive/html/bug-wget/2016-06/msg00033.html] || {{pkg|wget}} || 2016-06-09 || <= 1.17.1-2 || 1.18-1 || 11d || Fixed ({{bug|49730}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000654.html ASA-201606-19]<br />
|-<br />
| {{CVE|CVE-2012-6702}} {{CVE|CVE-2016-5300}} || {{pkg|expat}} {{pkg|lib32-expat}} || 2016-06-07 || <= 2.1.1-2 || 2.1.1-3 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000648.html ASA-201606-13] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000649.html ASA-201606-14]<br />
|-<br />
| {{CVE|CVE-2016-5360}} [http://seclists.org/oss-sec/2016/q2/512] || {{pkg|haproxy}} || 2016-06-09 || <= 1.6.5-3 || 1.6.5-4 || 1d || Fixed ({{bug|49638}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000646.html ASA-201606-11]<br />
|-<br />
| {{CVE|CVE-2016-2815}} {{CVE|CVE-2016-2818}} {{CVE|CVE-2016-2819}} {{CVE|CVE-2016-2821}} {{CVE|CVE-2016-2822}} {{CVE|CVE-2016-2825}} {{CVE|CVE-2016-2828}} {{CVE|CVE-2016-2829}} {{CVE|CVE-2016-2831}} {{CVE|CVE-2016-2832}} {{CVE|CVE-2016-2833}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox47] || {{pkg|firefox}} || 2016-06-07 || <= 46.0.1-1 || 47.0-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000642.html ASA-201606-7]<br />
|-<br />
| {{CVE|CVE-2016-4456}} [https://marc.ttias.be/oss-security/2016-06/msg00043.php] [http://gnutls.org/security.html#GNUTLS-SA-2016-1] || {{pkg|gnutls}} {{pkg|lib32-gnutls}} || 2016-06-06 || <= 3.4.12-1 || 3.4.13-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000645.html ASA-201606-10] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000647.html ASA-201606-12]<br />
|-<br />
| {{CVE|CVE-2015-8899}} [http://www.openwall.com/lists/oss-security/2016/06/04/2] || {{pkg|dnsmasq}} || 2016-06-04 || <= 2.75-1 || 2.76-1 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-4953}} {{CVE|CVE-2016-4954}} {{CVE|CVE-2016-4955}} {{CVE|CVE-2016-4956}} {{CVE|CVE-2016-4957}} [http://support.ntp.org/bin/view/Main/SecurityNotice#June_2016_ntp_4_2_8p8_NTP_Securi] || {{pkg|ntp}} || 2016-06-02 || <= 4.2.8.p7-1 || 4.2.8.p8-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000639.html ASA-201606-4]<br />
|-<br />
| {{CVE|CVE-2016-4429}} [https://sourceware.org/bugzilla/show_bug.cgi?id=20112] || {{pkg|glibc}} {{pkg|lib32-glibc}} || 2016-05-18 || <= 2.23-4 || 2.23-5 || 25d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000651.html ASA-201606-16] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000652.html ASA-201606-17]<br />
|-<br />
| {{CVE|CVE-2016-5244}} {{CVE|CVE-2016-5243}} [http://www.openwall.com/lists/oss-security/2016/06/03/5] [http://www.openwall.com/lists/oss-security/2016/06/03/4] || {{pkg|linux}} || 2016-06-03 || <= 4.6.1 || || || Not Affected ||<br />
|-<br />
| {{CVE|CVE-2016-1696}} {{CVE|CVE-2016-1697}} {{CVE|CVE-2016-1698}} {{CVE|CVE-2016-1699}} {{CVE|CVE-2016-1700}} {{CVE|CVE-2016-1701}} {{CVE|CVE-2016-1702}} {{CVE|CVE-2016-1703}} [http://googlechromereleases.blogspot.fr/2016/06/stable-channel-update.html] || {{pkg|chromium}} || 2016-06-01 || <= 51.0.2704.63-1 || 51.0.2704.79-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000640.html ASA-201606-5]<br />
|-<br />
| {{CVE|CVE-2016-4450}} [http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html] [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4450] || {{pkg|nginx-mainline}} || 2016-05-31 || <= 1.11-1 || 1.11.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000637.html ASA-201606-2]<br />
|-<br />
| {{CVE|CVE-2016-4450}} [http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html] [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4450] || {{pkg|nginx}} || 2016-05-31 || <= 1.10-1 || 1.10.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000636.html ASA-201606-1]<br />
|-<br />
| {{CVE|CVE-2016-1857}} [http://webkitgtk.org/security/WSA-2016-0004.html] || {{pkg|webkit2gtk}} || 2016-05-30 || <= 2.12.2-1 || 2.12.3-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000638.html ASA-201606-3]<br />
|-<br />
| {{CVE|CVE-2016-5108}} [http://www.openwall.com/lists/oss-security/2016/05/27/7] || {{pkg|vlc}} || 2016-05-27 || <= 2.2.3-3 || 2.2.4-1 || 11d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000656.html ASA-201606-21]<br />
|-<br />
| {{CVE|CVE-2016-5104}} [http://www.openwall.com/lists/oss-security/2016/05/26/6] || {{pkg|libusbmuxd}} || 2016-05-26 || <= 1.0.10-1 || || || '''Vulnerable''' ||<br />
|-<br />
| {{CVE|CVE-2016-5104}} [http://www.openwall.com/lists/oss-security/2016/05/26/6] || {{pkg|libimobiledevice}} || 2016-05-26 || <= 1.2.0-3 || || || '''Vulnerable''' ||<br />
|-<br />
| {{CVE|CVE-2016-5103}} [http://www.openwall.com/lists/oss-security/2016/05/26/5] || {{pkg|roundcubemail}} || 2016-05-26 || <= 1.2rc-1 || 1.2.0-1 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-1762}} {{CVE|CVE-2016-1833}} {{CVE|CVE-2016-1834}} {{CVE|CVE-2016-1835}} {{CVE|CVE-2016-1836}} {{CVE|CVE-2016-1837}} {{CVE|CVE-2016-1838}} {{CVE|CVE-2016-1839}} {{CVE|CVE-2016-1840}} {{CVE|CVE-2016-3627}} {{CVE|CVE-2016-3705}} {{CVE|CVE-2016-4483}} [https://git.gnome.org/browse/libxml2/log/] || {{pkg|libxml2}} || 2016-05-23 || <= 2.9.3-2 || 2.9.4+0+gbdec218-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000634.html ASA-201605-27]<br />
|-<br />
| {{CVE|CVE-2016-1672}} {{CVE|CVE-2016-1673}} {{CVE|CVE-2016-1674}} {{CVE|CVE-2016-1675}} {{CVE|CVE-2016-1676}} {{CVE|CVE-2016-1677}} {{CVE|CVE-2016-1678}} {{CVE|CVE-2016-1679}} {{CVE|CVE-2016-1680}} {{CVE|CVE-2016-1681}} {{CVE|CVE-2016-1682}} {{CVE|CVE-2016-1683}} {{CVE|CVE-2016-1684}} {{CVE|CVE-2016-1685}} {{CVE|CVE-2016-1686}} {{CVE|CVE-2016-1687}} {{CVE|CVE-2016-1688}} {{CVE|CVE-2016-1689}} {{CVE|CVE-2016-1690}} {{CVE|CVE-2016-1691}} {{CVE|CVE-2016-1692}} {{CVE|CVE-2016-1693}} {{CVE|CVE-2016-1694}} {{CVE|CVE-2016-1695}} [http://googlechromereleases.blogspot.fr/2016/05/stable-channel-update_25.html] || {{pkg|chromium}} || 2016-05-25 || <= 50.0.2661.102-1 || 51.0.2704.63-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000635.html ASA-201605-28]<br />
|-<br />
| {{CVE|CVE-2016-5027}} {{CVE|CVE-2016-5028}} {{CVE|CVE-2016-5029}} {{CVE|CVE-2016-5030}} {{CVE|CVE-2016-5031}} {{CVE|CVE-2016-5032}} {{CVE|CVE-2016-5033}} {{CVE|CVE-2016-5034}} {{CVE|CVE-2016-5035}} {{CVE|CVE-2016-5036}} {{CVE|CVE-2016-5037}} {{CVE|CVE-2016-5038}} {{CVE|CVE-2016-5039}} {{CVE|CVE-2016-5040}} {{CVE|CVE-2016-5041}} {{CVE|CVE-2016-5042}} {{CVE|CVE-2016-5043}} {{CVE|CVE-2016-5044}} [http://seclists.org/oss-sec/2016/q2/393] [https://www.prevanders.net/dwarfbug.html] || {{pkg|libdwarf}} || 2016-05-24 || <= 20160507-1 || 20160613-1 || 27d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000658.html ASA-201606-23]<br />
|-<br />
| {{CVE|CVE-2015-1283}} {{CVE|CVE-2016-0718}} [http://seclists.org/oss-sec/2016/q2/360] || {{pkg|expat}} {{pkg|lib32-expat}} || 2016-05-17 || <= 2.1.1-1 || 2.1.1-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000629.html ASA-201605-22] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000630.html ASA-201605-23]<br />
|-<br />
| {{CVE|CVE-2016-2334}} {{CVE|CVE-2016-2335}} [http://www.talosintel.com/reports/TALOS-2016-0093/] [http://www.talosintel.com/reports/TALOS-2016-0094/] || {{pkg|p7zip}} || 2016-05-10 || <= 15.14.1-1 || 15.14.1-2 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000631.html ASA-201605-24]<br />
|-<br />
| {{CVE|CVE-2016-3698}} [https://github.com/jpirko/libndp/commit/2af9a55b38b55abbf05fd116ec097d4029115839] || {{pkg|libndp}} || 2016-05-17 || <= 1.5-1 || 1.6-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000633.html ASA-201605-26]<br />
|-<br />
| {{CVE|CVE-2016-2803}} [http://seclists.org/bugtraq/2016/May/72] || {{pkg|bugzilla}} || 2016-05-16 || <= 5.0.2-1 || 5.0.3-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000632.html ASA-201605-25]<br />
|-<br />
| {{CVE|CVE-2016-2099}} [https://issues.apache.org/jira/browse/XERCESC-2066] [http://www.openwall.com/lists/oss-security/2016/05/09/7] || {{pkg|xerces-c}} || 2016-05-09 || <= 3.1.3-1 || 3.1.3-2 || 46d || Fixed ({{bug|49353}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000656.html ASA-201606-22]<br />
|-<br />
| [http://blog.jetbrains.com/blog/2016/05/11/security-update-for-intellij-based-ides-v2016-1-and-older-versions/] || {{pkg|intellij-idea-community-edition}} {{pkg|intellij-idea-libs}} || 2016-05-11 || <= 1:2016.1.1-1 || 1:2016.1.2-1 || 3d || Fixed ({{bug|49329}}) || None<br />
|-<br />
| {{CVE|CVE-2016-2804}} {{CVE|CVE-2016-2805}} {{CVE|CVE-2016-2806}} {{CVE|CVE-2016-2807}} [https://www.mozilla.org/en-US/security/advisories/mfsa2016-39/] || {{pkg|thunderbird}} || 2016-05-10 || <= 45.0-1 || 45.1.0-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000628.html ASA-201605-21]<br />
|-<br />
| {{CVE|CVE-2016-1667}} {{CVE|CVE-2016-1668}} {{CVE|CVE-2016-1669}} {{CVE|CVE-2016-1670}} [http://googlechromereleases.blogspot.fr/2016/05/stable-channel-update.html] || {{pkg|chromium}} || 2016-05-11 || <= 50.0.2661.94-1 || 50.0.2661.102-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000622.html ASA-201605-15] <br />
|-<br />
| {{CVE|CVE-2016-3706}} {{CVE|CVE-2016-1234}} [https://sourceware.org/bugzilla/show_bug.cgi?id=20010] || {{pkg|glibc}} {{pkg|lib32-glibc}} || 2016-04-27 || <= 2.23-2 || 2.23-4 || 17d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000626.html ASA-201605-19] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000627.html ASA-201605-20]<br />
|-<br />
| {{CVE|CVE-2016-1096}} {{CVE|CVE-2016-1097}} {{CVE|CVE-2016-1098}} {{CVE|CVE-2016-1099}} {{CVE|CVE-2016-1100}} {{CVE|CVE-2016-1101}} {{CVE|CVE-2016-1102}} {{CVE|CVE-2016-1103}} {{CVE|CVE-2016-1104}} {{CVE|CVE-2016-1105}} {{CVE|CVE-2016-1106}} {{CVE|CVE-2016-1107}} {{CVE|CVE-2016-1108}} {{CVE|CVE-2016-1109}} {{CVE|CVE-2016-1110}} {{CVE|CVE-2016-4108}} {{CVE|CVE-2016-4109}} {{CVE|CVE-2016-4110}} {{CVE|CVE-2016-4111}} {{CVE|CVE-2016-4112}} {{CVE|CVE-2016-4113}} {{CVE|CVE-2016-4114}} {{CVE|CVE-2016-4115}} {{CVE|CVE-2016-4116}} {{CVE|CVE-2016-4117}} [https://helpx.adobe.com/security/products/flash-player/apsa16-02.html] || {{pkg|flashplugin}} {{pkg|lib32-flashplugin}} || 2016-05-10 || <= 11.2.202.616-2 || 11.2.202.621-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000623.html ASA-201605-16] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000625.html ASA-201605-18]<br />
|-<br />
| {{CVE|CVE-2015-8558}} {{CVE|CVE-2016-3710}} {{CVE|CVE-2016-3712}} {{CVE|CVE-2016-5105}} {{CVE|CVE-2016-5107}} {{CVE|CVE-2016-5106}} [http://xenbits.xen.org/xsa/advisory-179.html] [http://www.openwall.com/lists/oss-security/2016/05/25/7] || {{pkg|qemu}} {{pkg|qemu-arch-extra}} || 2016-05-10 || <= 2.5.1-1 || 2.6.0-1 || 28d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000643.html ASA-201606-8] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000644.html ASA-201606-9]<br />
|-<br />
| {{CVE|CVE-2015-8558}} {{CVE|CVE-2016-3710}} {{CVE|CVE-2016-3712}} {{CVE|CVE-2016-5105}} {{CVE|CVE-2016-5107}} {{CVE|CVE-2016-5106}} [http://xenbits.xen.org/xsa/advisory-179.html] [http://www.openwall.com/lists/oss-security/2016/05/25/7] || {{pkg|qemu-guest-agent}} {{pkg|qemu-block-gluster}} {{pkg|qemu-block-iscsi}} {{pkg|qemu-block-rbd}} || 2016-05-10 || <= 2.5.1-1 || - || - || Not Affected || None<br />
|-<br />
| {{CVE|CVE-2016-1926}} [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1926] [http://www.openvas.org/OVSA20160113.html] || {{pkg|greenbone-security-assistant}} || 2016-01-16 || <= 6.0.6-2 || || || '''Vulnerable''' || <br />
|-<br />
| {{CVE|CVE-2016-3659}} [http://bugs.cacti.net/view.php?id=2673] || {{pkg|cacti}} || 2016-03-31 || <= 0.8.8_g-3 || 0.8.8_h-1 || 40d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000621.html ASA-201605-14]<br />
|-<br />
| {{CVE|CVE-2016-4554}} {{CVE|CVE-2016-4555}} {{CVE|CVE-2016-4556}} [http://www.squid-cache.org/Advisories/SQUID-2016_8.txt] [http://www.squid-cache.org/Advisories/SQUID-2016_9.txt] || {{pkg|squid}} || 2016-05-09 || <= 3.5.17-1 || 3.5.19-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000620.html ASA-201605-13]<br />
|-<br />
| {{CVE|CVE-2015-8106}} [http://www.openwall.com/lists/oss-security/2015/11/16/39] || {{pkg|latex2rtf}} || 2015-11-16 || <= 2.3.8-1 || 2.3.10-1 || ~6m || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000616.html ASA-201605-9]<br />
|-<br />
| {{CVE|CVE-2016-3105}} [https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.8_.2F_3.8.1_.282016-5-1.29] || {{pkg|mercurial}} || 2016-05-01 || <= 3.7.3-1 || 3.8.1-1 || 5d || Fixed ({{bug|49239}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000617.html ASA-201605-10] <br />
|-<br />
| {{CVE|CVE-2016-1236}} [http://www.openwall.com/lists/oss-security/2016/05/05/22] || {{pkg|websvn}} || 2016-05-05 || <= 2.3.3-6 || 2.3.3-7 || 98d || Fixed ({{bug|50344}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000685.html ASA-201608-11]<br />
|-<br />
| {{CVE|CVE-2016-4414}} [http://marc.info/?l=oss-security&m=146204310020229&w=2] || {{pkg|quassel-client}} {{pkg|quassel-monolithic}} || 2016-04-30 || <= 0.12.3-1 || - || - || Not Affected || None<br />
|-<br />
| {{CVE|CVE-2016-4352}} [http://www.openwall.com/lists/oss-security/2016/04/29/7] || {{pkg|mencoder}} {{pkg|mplayer}} || 2016-05-03 || <= 37379-7 || 37857-1 || 3d || Fixed ({{bug|49195}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000618.html ASA-201605-11] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000619.html ASA-201605-12]<br />
|-<br />
| {{CVE|CVE-2016-4574}} [http://www.openwall.com/lists/oss-security/2016/05/10/4] || {{pkg|libksba}} || 2016-05-03 || <= 1.3.3-1 || 1.3.4-1 || 9d || Fixed ({{bug|49289}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000624.html ASA-201605-17]<br />
|-<br />
| {{CVE|CVE-2016-4354}} {{CVE|CVE-2016-4353}} {{CVE|CVE-2016-4355}} {{CVE|CVE-2016-4356}} [http://www.openwall.com/lists/oss-security/2016/04/29/8] || {{pkg|libksba}} || 2016-04-10 || <= 1.3.2-1 || 1.3.3-1 || 18d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-4348}} {{CVE|CVE-2016-4347}} [http://www.openwall.com/lists/oss-security/2016/04/30/3] || {{pkg|librsvg}} || 2016-05-03 || <= 2:2.40.2-2 || 2:2.40.15-2 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-4415}} {{CVE|CVE-2016-4416}} {{CVE|CVE-2016-4417}} {{CVE|CVE-2016-4418}} {{CVE|CVE-2016-4419}} {{CVE|CVE-2016-4420}} {{CVE|CVE-2016-4421}} {{CVE|CVE-2016-4076}} {{CVE|CVE-2016-4077}} {{CVE|CVE-2016-4078}} {{CVE|CVE-2016-4079}} {{CVE|CVE-2016-4080}} {{CVE|CVE-2016-4081}} {{CVE|CVE-2016-4006}} {{CVE|CVE-2016-4082}} {{CVE|CVE-2016-4083}} {{CVE|CVE-2016-4084}} {{CVE|CVE-2016-4085}} [http://www.openwall.com/lists/oss-security/2016/04/25/2] || {{pkg|wireshark-cli}} {{pkg|wireshark-qt}} {{pkg|wireshark-gtk}} || 2016-05-03 || <= 2.0.2-1 || 2.0.3-1 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-3714}} [http://www.openwall.com/lists/oss-security/2016/05/03/13] [http://www.openwall.com/lists/oss-security/2016/05/03/14]|| {{pkg|imagemagick}} || 2016-05-03 || <= 6.9.3.8-1 || 6.9.3.10-1 || 3d || Fixed ({{bug|49203}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000613.html ASA-201605-6]<br />
|-<br />
| {{CVE|CVE-2016-4477}} {{CVE|CVE-2016-4476}} [http://www.openwall.com/lists/oss-security/2016/05/03/2] || {{pkg|hostapd}} || 2016-05-03 || <= 2.5-2 || 2.6-1 || 90d || Fixed ({{bug|49196}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-October/000731.html ASA-201610-3]<br />
|-<br />
| {{CVE|CVE-2016-4477}} {{CVE|CVE-2016-4476}} [http://www.openwall.com/lists/oss-security/2016/05/03/2] || {{pkg|wpa_supplicant}} || 2016-05-03 || <= 1:2.5-3 || 1:2.6-1 || >90d || Fixed ({{bug|49196}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-October/000735.html ASA-201610-7]<br />
|-<br />
| {{CVE|CVE-2016-2105}} {{CVE|CVE-2016-2106}} {{CVE|CVE-2016-2107}} {{CVE|CVE-2016-2109}} {{CVE|CVE-2016-2176}} [https://www.openssl.org/news/secadv/20160503.txt] || {{pkg|openssl}} {{pkg|lib32-openssl}} || 2016-05-03 || <= 1.0.2.g-3 || 1.0.2.h-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000610.html ASA-201605-3] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000611.html ASA-201605-4]<br />
|-<br />
| {{CVE|CVE-2016-4425}} [https://github.com/akheron/jansson/issues/282] [http://marc.info/?l=oss-security&m=146219323703639&w=2] || {{pkg|jansson}} || 2016-05-02 || <= 2.7-1 || 2.8-1 || 137d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000711.html ASA-201609-15]<br />
|-<br />
| {{CVE|CVE-2016-4425}} [https://github.com/akheron/jansson/issues/282] [http://marc.info/?l=oss-security&m=146219323703639&w=2] || {{pkg|lib32-jansson}} || 2016-05-02 || <= 2.7-2 || 2.8-1 || 140d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000713.html ASA-201609-17]<br />
|-<br />
| {{CVE|CVE-2016-1660}} {{CVE|CVE-2016-1661}} {{CVE|CVE-2016-1662}} {{CVE|CVE-2016-1663}} {{CVE|CVE-2016-1664}} {{CVE|CVE-2016-1665}} {{CVE|CVE-2016-1666}} [http://googlechromereleases.blogspot.fr/2016/04/stable-channel-update_28.html] || {{pkg|chromium}} || 2016-04-28 || <= 50.0.2661.75-1 || 50.0.2661.94-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000614.html ASA-201605-7]<br />
|-<br />
| {{CVE|CVE-2015-8869}} || {{pkg|ocaml}} || 2016-04-29 || <= 4.02.3-2 || || || '''Vulnerable''' || <br />
|-<br />
| {{CVE|CVE-2016-4414}} [http://marc.info/?l=oss-security&m=146204310020229&w=2] || {{pkg|quassel-core}} || 2016-04-30 || <= 0.12.3-1 || 0.12.4-1 || 6d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000612.html ASA-201605-5]<br />
|-<br />
| {{CVE|CVE-2016-2167}} {{CVE|CVE-2016-2168}} [https://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgfn1iKueW51EpmXzXi_URNfGNofZSgOyW1_jnSeNm5DQ@mail.gmail.com%3E] || {{pkg|subversion}} || 2016-04-28 || <= 1.9.3-2 || 1.9.4-1 || 38d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000641.html ASA-201606-6]<br />
|-<br />
| {{CVE|CVE-2015-7704}} {{CVE|CVE-2015-8138}} {{CVE|CVE-2016-1547}} {{CVE|CVE-2016-1548}} {{CVE|CVE-2016-1549}} {{CVE|CVE-2016-1550}} {{CVE|CVE-2016-1551}} {{CVE|CVE-2016-2516}} {{CVE|CVE-2016-2517}} {{CVE|CVE-2016-2518}} {{CVE|CVE-2016-2519}} [http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security] || {{pkg|ntp}} || 2016-04-26 || <= 4.2.8.p6-3 || 4.2.8.p7-1 || 6d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-2804}} {{CVE|CVE-2016-2805}} {{CVE|CVE-2016-2806}} {{CVE|CVE-2016-2807}} {{CVE|CVE-2016-2808}} {{CVE|CVE-2016-2811}} {{CVE|CVE-2016-2812}} {{CVE|CVE-2016-2814}} {{CVE|CVE-2016-2816}} {{CVE|CVE-2016-2817}} {{CVE|CVE-2016-2820}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox46] || {{pkg|firefox}} || 2016-04-26 || <= 45.0.2-1 || 46.0-2 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000607.html ASA-201604-15]<br />
|-<br />
| {{CVE|CVE-2015-8863}} [http://seclists.org/oss-sec/2016/q2/134] || {{pkg|jq}} || 2016-04-23 || <= 1.5-3 || 1.5-4 || 109d || Fixed ({{bug|50330}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000684.html ASA-201608-10]<br />
|-<br />
| {{CVE|CVE-2016-3074}} [http://seclists.org/oss-sec/2016/q2/128] || {{pkg|gd}} || 2016-04-21 || <= 2.1.1-3 || 2.1.1-4 || 15d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000615.html ASA-201605-8]<br />
|-<br />
| {{CVE|CVE-2016-4051}} {{CVE|CVE-2016-4052}} {{CVE|CVE-2016-4053}} {{CVE|CVE-2016-4054}} [http://www.squid-cache.org/Advisories/SQUID-2016_5.txt] [http://www.squid-cache.org/Advisories/SQUID-2016_6.txt] || {{pkg|squid}} || 2016-04-20 || <= 3.5.16-1 || 3.5.17-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000606.html ASA-201604-14]<br />
|-<br />
| {{CVE|CVE-2016-4021}} [https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2016-030.txt] || {{pkg|pgpdump}} || 2016-04-12 || <= 0.29-2 || 0.30-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000603.html ASA-201604-11]<br />
|-<br />
| {{CVE|CVE-2016-1955}} {{CVE|CVE-2016-1956}} [https://www.mozilla.org/en-US/security/advisories/mfsa2016-18/] [https://www.mozilla.org/en-US/security/advisories/mfsa2016-19/] || {{pkg|thunderbird}} || 2016-04-12 || <= 38.7.2-1 || 45.0-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000604.html ASA-201604-12]<br />
|-<br />
| {{CVE|CVE-2016-2347}} [http://www.talosintel.com/reports/TALOS-2016-0095/] || {{pkg|lhasa}} || 2016-04-14 || <= 0.3.0-1 || 0.3.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000600.html ASA-201604-8]<br />
|-<br />
| {{CVE|CVE-2016-1651}} {{CVE|CVE-2016-1652}} {{CVE|CVE-2016-1653}} {{CVE|CVE-2016-1654}} {{CVE|CVE-2016-1655}} {{CVE|CVE-2016-1656}} {{CVE|CVE-2016-1657}} {{CVE|CVE-2016-1658}} {{CVE|CVE-2016-1659}} [http://googlechromereleases.blogspot.fr/2016/04/stable-channel-update_13.html] || {{pkg|chromium}} || 2016-04-13|| <= 49.0.2623.112-1 || 50.0.2661.75-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000602.html ASA-201604-10]<br />
|-<br />
| {{CVE|CVE-2015-5370}} {{CVE|CVE-2016-2110}} {{CVE|CVE-2016-2111}} {{CVE|CVE-2016-2112}} {{CVE|CVE-2016-2113}} {{CVE|CVE-2016-2114}} {{CVE|CVE-2016-2115}} {{CVE|CVE-2016-2118}} [https://www.samba.org/samba/history/security.html] [http://badlock.org/] || {{pkg|samba}} || 2016-04-12|| <= 4.4.0-1 || 4.4.2-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000605.html ASA-201604-13]<br />
|-<br />
| {{CVE|CVE-2016-4008}} [http://article.gmane.org/gmane.comp.security.oss.general/19286] || {{pkg|libtasn1}} || 2016-04-11|| <= 4.7-1 || 4.8-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000601.html ASA-201604-9]<br />
|-<br />
| {{CVE|CVE-2011-5326}} {{CVE|CVE-2016-3993}} {{CVE|CVE-2016-3994}} {{CVE|CVE-2016-4024}} [https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=785369] [http://article.gmane.org/gmane.comp.security.oss.general/19276] || {{pkg|imlib2}} || 2016-04-09 || <= 1.4.8-1 || 1.4.9-1 || 23d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000608.html ASA-201605-1]<br />
|-<br />
| {{CVE|CVE-2014-9771}} [http://www.openwall.com/lists/oss-security/2016/04/09/3] || {{pkg|imlib2}} || 2016-04-09 || <= 1.4.5-6 || 1.4.6-1 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-1006}} {{CVE|CVE-2016-1011}} {{CVE|CVE-2016-1012}} {{CVE|CVE-2016-1013}} {{CVE|CVE-2016-1014}} {{CVE|CVE-2016-1015}} {{CVE|CVE-2016-1016}} {{CVE|CVE-2016-1017}} {{CVE|CVE-2016-1018}} {{CVE|CVE-2016-1019}} {{CVE|CVE-2016-1020}} {{CVE|CVE-2016-1021}} {{CVE|CVE-2016-1022}} {{CVE|CVE-2016-1023}} {{CVE|CVE-2016-1024}} {{CVE|CVE-2016-1025}} {{CVE|CVE-2016-1026}} {{CVE|CVE-2016-1027}} {{CVE|CVE-2016-1028}} {{CVE|CVE-2016-1029}} {{CVE|CVE-2016-1030}} {{CVE|CVE-2016-1031}} {{CVE|CVE-2016-1032}} {{CVE|CVE-2016-1033}} [https://helpx.adobe.com/security/products/flash-player/apsa16-01.html] [https://helpx.adobe.com/security/products/flash-player/apsb16-10.html] || {{pkg|flashplugin}} || 2016-04-05 || <= 11.2.202.577-1 || 11.2.202.616-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000599.html ASA-201604-7]<br />
|-<br />
| {{CVE|CVE-2016-3630}} {{CVE|CVE-2016-3068}} {{CVE|CVE-2016-3069}} [https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.29] || {{pkg|mercurial}} || 2016-03-29 || <= 3.7.2-1 || 3.7.3-1 || 8d || Fixed ({{bug|48821}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000598.html ASA-201604-6]<br />
|-<br />
| {{CVE|CVE-2016-2191}} [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2191] [https://sourceforge.net/p/optipng/bugs/59/] [http://www.openwall.com/lists/oss-security/2016/04/04/2]|| {{Pkg|optipng}} || 2016-04-04 || <= 0.7.5-2 || 0.7.6-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000597.html ASA-201604-5]<br />
|-<br />
| {{CVE|CVE-2016-3947}} [http://www.squid-cache.org/Advisories/SQUID-2016_3.txt] || {{Pkg|squid}} || 2016-04-01 || <= 3.5.15-2 || 3.5.16 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000596.html ASA-201604-4]<br />
|-<br />
| {{CVE|CVE-2016-0636}} [http://www.oracle.com/technetwork/topics/security/alert-cve-2016-0636-2949497.html] [http://blog.fuseyism.com/index.php/2016/03/25/security-icedtea-2-6-5-for-openjdk-7-released/] || {{pkg|jdk7-openjdk}} {{pkg|jre7-openjdk}} {{pkg|jre7-openjdk-headless}} || 2016-03-24 || <= 7.u95_2.6.4-1 || 7.u99_2.6.5-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000593.html ASA-201604-1] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000594.html ASA-201604-2] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000595.html ASA-201604-3]<br />
|-<br />
| {{CVE|CVE-2016-0636}} [http://www.oracle.com/technetwork/topics/security/alert-cve-2016-0636-2949497.html] || {{pkg|jdk8-openjdk}} {{pkg|jre8-openjdk}} {{pkg|jre8-openjdk-headless}} || 2016-03-23 || <= 8.u74-1 || 8.u77-1 || 6d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000590.html ASA-201603-25] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000591.html ASA-201603-26] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000592.html ASA-201603-27]<br />
|-<br />
| {{CVE|CVE-2016-1646}} {{CVE|CVE-2016-1647}} {{CVE|CVE-2016-1648}} {{CVE|CVE-2016-1649}} {{CVE|CVE-2016-1650}} [http://googlechromereleases.blogspot.fr/2016/03/stable-channel-update_24.html] || {{pkg|chromium}} || 2016-03-24 || <= 49.0.2623.87-1 || 49.0.2623.108-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000589.html ASA-201603-24]<br />
|-<br />
| {{CVE|CVE-2016-2849}} {{CVE|CVE-2016-2850}} [http://botan.randombit.net/security.html#id1] || {{pkg|botan}} || 2016-03-20 || <= 1.11.28-1 || 1.11.29-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000587.html ASA-201603-22]<br />
|-<br />
| {{CVE|CVE-2016-1952}} {{CVE|CVE-2016-1953}} {{CVE|CVE-2016-1954}} {{CVE|CVE-2016-1957}} {{CVE|CVE-2016-1960}} {{CVE|CVE-2016-1961}} {{CVE|CVE-2016-1964}} {{CVE|CVE-2016-1966}} {{CVE|CVE-2016-1974}} {{CVE|CVE-2016-1977}} {{CVE|CVE-2016-2790}} {{CVE|CVE-2016-2791}} {{CVE|CVE-2016-2792}} {{CVE|CVE-2016-2793}} {{CVE|CVE-2016-2794}} {{CVE|CVE-2016-2795}} {{CVE|CVE-2016-2796}} {{CVE|CVE-2016-2797}} {{CVE|CVE-2016-2798}} {{CVE|CVE-2016-2799}} {{CVE|CVE-2016-2800}} {{CVE|CVE-2016-2801}} {{CVE|CVE-2016-2802}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird38.7] || {{pkg|thunderbird}} || 2016-03-14 || <= 38.6.0-1 || 38.7.0-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000586.html ASA-201603-21]<br />
|-<br />
| {{CVE|CVE-2016-2324}} [http://seclists.org/oss-sec/2016/q1/653] || {{pkg|git}} || 2016-03-15 || <= 2.7.3-1 || 2.7.4-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000585.html ASA-201603-20]<br />
|-<br />
| {{CVE|CVE-2016-3116}} [https://matt.ucc.asn.au/dropbear/CHANGES] || {{pkg|dropbear}} || 2016-03-13 || <= 2015.71-1 || 2016.72-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000584.html ASA-201603-19]<br />
|-<br />
| {{CVE|CVE-2015-1283}} [https://sourceforge.net/p/expat/bugs/528/] || {{pkg|expat}} || 2016-03-12 || <= 2.1.0-4 || 2.1.1-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000588.html ASA-201603-23]<br />
|-<br />
| {{CVE|CVE-2016-2088}} [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2088] {{CVE|CVE-2016-1286}} [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1286] {{CVE|CVE-2016-1285}} [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1285] || {{pkg|bind}} || 2016-03-10 || <= 9.10.3.P3-3 || 9.10.3.P4-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000578.html ASA-201603-13]<br />
|-<br />
| {{CVE|CVE-2016-0960}} {{CVE|CVE-2016-0961}} {{CVE|CVE-2016-0962}} {{CVE|CVE-2016-0963}} {{CVE|CVE-2016-0986}} {{CVE|CVE-2016-0987}} {{CVE|CVE-2016-0988}} {{CVE|CVE-2016-0989}} {{CVE|CVE-2016-0990}} {{CVE|CVE-2016-0991}} {{CVE|CVE-2016-0992}} {{CVE|CVE-2016-0993}} {{CVE|CVE-2016-0994}} {{CVE|CVE-2016-0995}} {{CVE|CVE-2016-0996}} {{CVE|CVE-2016-0997}} {{CVE|CVE-2016-0998}} {{CVE|CVE-2016-0999}} {{CVE|CVE-2016-1000}} {{CVE|CVE-2016-1001}} {{CVE|CVE-2016-1002}} {{CVE|CVE-2016-1005}} {{CVE|CVE-2016-1010}} [https://helpx.adobe.com/security/products/flash-player/apsb16-08.html] || {{pkg|lib32-flashplugin}} || 2016-03-10 || <= 11.2.202.569-1 || 11.2.202.577-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000576.html ASA-201603-11]<br />
|-<br />
| {{CVE|CVE-2016-0960}} {{CVE|CVE-2016-0961}} {{CVE|CVE-2016-0962}} {{CVE|CVE-2016-0963}} {{CVE|CVE-2016-0986}} {{CVE|CVE-2016-0987}} {{CVE|CVE-2016-0988}} {{CVE|CVE-2016-0989}} {{CVE|CVE-2016-0990}} {{CVE|CVE-2016-0991}} {{CVE|CVE-2016-0992}} {{CVE|CVE-2016-0993}} {{CVE|CVE-2016-0994}} {{CVE|CVE-2016-0995}} {{CVE|CVE-2016-0996}} {{CVE|CVE-2016-0997}} {{CVE|CVE-2016-0998}} {{CVE|CVE-2016-0999}} {{CVE|CVE-2016-1000}} {{CVE|CVE-2016-1001}} {{CVE|CVE-2016-1002}} {{CVE|CVE-2016-1005}} {{CVE|CVE-2016-1010}} [https://helpx.adobe.com/security/products/flash-player/apsb16-08.html] || {{pkg|flashplugin}} || 2016-03-10 || <= 11.2.202.569-1 || 11.2.202.577-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000575.html ASA-201603-10]<br />
|-<br />
| {{CVE|CVE-2016-3115}} [http://www.openssh.com/txt/x11fwd.adv] || {{pkg|openssh}} || 2016-03-10 || <= 7.2p1-1 || 7.2p2-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000577.html ASA-201603-12]<br />
|-<br />
| {{CVE|CVE-2015-8833}} [http://seclists.org/oss-sec/2016/q1/572] || {{pkg|pidgin-otr}} || 2016-03-09 || <= 4.0.1-2 || 4.0.2-1 || 3d || Fixed ({{bug|48537}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000579.html ASA-201603-14]<br />
|-<br />
| {{CVE|CVE-2016-2774}} [https://kb.isc.org/article/AA-01354] || {{pkg|dhcp}} || 2016-03-09 || <= 4.3.3.p1-1 || 4.3.4-1 || 21d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-1531}} [http://www.exim.org/static/doc/CVE-2016-1531.txt] || {{pkg|exim}} || 2016-03-06 || <= 4.86.1-1 || 4.86.2-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000573.html ASA-201603-8]<br />
|-<br />
| {{CVE|CVE-2016-1577}} {{CVE|CVE-2016-2089}} {{CVE|CVE-2016-2116}} || {{pkg|jasper}} || 2016-03-06 || <= 1.900.1-14 || 1.900.1-15 || ~2m || Fixed ({{bug|48511}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000609.html ASA-201605-2]<br />
|-<br />
| {{CVE|CVE-2016-1285}} {{CVE|CVE-2016-1286}} [https://kb.isc.org/article/AA-01352/] [https://kb.isc.org/article/AA-01353/] || {{pkg|bind}} || 2016-03-09 || <= 9.10.3.P3-3 || 9.10.3.P4-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000572.html ASA-201603-7]<br />
|-<br />
| {{CVE|CVE-2016-2851}} [https://otr.cypherpunks.ca/] || {{pkg|libotr}} || 2016-03-09 || <= 4.1.0-1 || 4.1.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000571.html ASA-201603-6]<br />
|-<br />
| {{CVE|CVE-2016-1643}} {{CVE|CVE-2016-1644}} {{CVE|CVE-2016-1645}} || {{pkg|chromium}} || 2016-03-09 || <= 49.0.2623.75-1 || 49.0.2623.87-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000570.html ASA-201603-5]<br />
|-<br />
| {{CVE|CVE-2016-1952}} {{CVE|CVE-2016-1953}} {{CVE|CVE-2016-1954}} {{CVE|CVE-2016-1955}} {{CVE|CVE-2016-1956}} {{CVE|CVE-2016-1957}} {{CVE|CVE-2016-1958}} {{CVE|CVE-2016-1959}} {{CVE|CVE-2016-1960}} {{CVE|CVE-2016-1961}} {{CVE|CVE-2016-1962}} {{CVE|CVE-2016-1963}} {{CVE|CVE-2016-1964}} {{CVE|CVE-2016-1965}} {{CVE|CVE-2016-1966}} {{CVE|CVE-2016-1967}} {{CVE|CVE-2016-1968}} {{CVE|CVE-2016-1970}} {{CVE|CVE-2016-1971}} {{CVE|CVE-2016-1972}} {{CVE|CVE-2016-1973}} {{CVE|CVE-2016-1974}} {{CVE|CVE-2016-1975}} {{CVE|CVE-2016-1976}} {{CVE|CVE-2016-1977}} {{CVE|CVE-2016-2790}} {{CVE|CVE-2016-2791}} {{CVE|CVE-2016-2792}} {{CVE|CVE-2016-2793}} {{CVE|CVE-2016-2794}} {{CVE|CVE-2016-2795}} {{CVE|CVE-2016-2796}} {{CVE|CVE-2016-2797}} {{CVE|CVE-2016-2798}} {{CVE|CVE-2016-2799}} {{CVE|CVE-2016-2800}} {{CVE|CVE-2016-2801}} {{CVE|CVE-2016-2802}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox45] || {{pkg|firefox}} || 2016-03-08 || <= 44.0.2-2 || 45.0-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000569.html ASA-201603-4]<br />
|-<br />
| {{CVE|CVE-2016-2532}} {{CVE|CVE-2016-2531}} {{CVE|CVE-2016-2530}} {{CVE|CVE-2016-2529}} {{CVE|CVE-2016-2528}} {{CVE|CVE-2016-2527}} {{CVE|CVE-2016-2526}} {{CVE|CVE-2016-2525}} {{CVE|CVE-2016-2524}} {{CVE|CVE-2016-2523}} {{CVE|CVE-2016-2522}} {{CVE|CVE-2016-2521}} || {{pkg|wireshark-cli}} {{pkg|wireshark-qt}} {{pkg|wireshark-gtk}} || 2016-03-07 || <= 2.0.1-2 || 2.0.2-1 || 5d || Fixed ({{bug|48536}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000580.html ASA-201603-15] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000581.html ASA-201603-16] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000582.html ASA-201603-17]<br />
|-<br />
| {{CVE|CVE-2016-2381}} [https://www.debian.org/security/2016/dsa-3501] || {{pkg|perl}} || 2016-03-07 || <= 5.22.1-1 || 5.22.1-2 || 3d || Fixed ({{Bug|48482}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000574.html ASA-201603-9]<br />
|-<br />
| {{CVE|CVE-2015-8126}} {{CVE|CVE-2016-1630}} {{CVE|CVE-2016-1631}} {{CVE|CVE-2016-1632}} {{CVE|CVE-2016-1633}} {{CVE|CVE-2016-1634}} {{CVE|CVE-2016-1635}} {{CVE|CVE-2016-1636}} {{CVE|CVE-2016-1637}} {{CVE|CVE-2016-1638}} {{CVE|CVE-2016-1639}} {{CVE|CVE-2016-1640}} {{CVE|CVE-2016-1641}} {{CVE|CVE-2016-1642}} [http://googlechromereleases.blogspot.fr/2016/03/stable-channel-update.html] || {{pkg|chromium}} || 2016-03-02 || <= 48.0.2564.116-1 || 49.0.2623.75-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000566.html ASA-201603-1]<br />
|-<br />
| {{CVE|CVE-2016-0702}} {{CVE|CVE-2016-0705}} {{CVE|CVE-2016-0797}} {{CVE|CVE-2016-0798}} {{CVE|CVE-2016-0799}} {{CVE|CVE-2016-0800}} [https://www.openssl.org/news/secadv/20160301.txt] || {{pkg|openssl}} || 2016-03-01 || <= 1.0.2.f-1 || 1.0.2.g-3 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000567.html ASA-201603-2]<br />
|-<br />
| {{CVE|CVE-2016-0702}} {{CVE|CVE-2016-0705}} {{CVE|CVE-2016-0797}} {{CVE|CVE-2016-0798}} {{CVE|CVE-2016-0799}} {{CVE|CVE-2016-0800}} [https://www.openssl.org/news/secadv/20160301.txt] || {{pkg|lib32-openssl}} || 2016-03-01 || <= 1.0.2.f-1 || 1.0.2.g-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000568.html ASA-201603-3]<br />
|-<br />
| {{CVE|CVE-2015-7511}} [https://lists.gnupg.org/pipermail/gnupg-announce/2016q1/000384.html] || {{pkg|libgcrypt}} || 2016-02-09 || <= 1.6.4-1 || 1.6.5-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000560.html ASA-201602-19]<br />
|-<br />
| {{CVE|CVE-2016-0739}} [https://www.libssh.org/2016/02/23/libssh-0-7-3-security-and-bugfix-release/] || {{pkg|libssh}} || 2016-02-23 || <= 0.7.2-1 || 0.7.3-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000559.html ASA-201602-18]<br />
|-<br />
| {{CVE|CVE-2016-0787}} [https://www.libssh2.org/adv_20160223.html] || {{pkg|libssh2}} || 2016-02-23 || <= 1.6.0-1 || 1.7.0-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000561.html ASA-201602-20]<br />
|-<br />
| {{CVE|CVE-2016-0787}} [https://www.libssh2.org/adv_20160223.html] || {{pkg|lib32-libssh2}} || 2016-02-23 || <= 1.6.0-1 || 1.7.0-1 ||3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000562.html ASA-201602-21]<br />
|-<br />
| {{CVE|CVE-2016-1629}} [http://googlechromereleases.blogspot.fr/2016/02/stable-channel-update_18.html] || {{pkg|chromium}} || 2016-02-18 || <= 48.0.2564.109-1 || 48.0.2564.116-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000558.html ASA-201602-17]<br />
|-<br />
| {{CVE|CVE-2015-7575}} {{CVE|CVE-2016-1523}} {{CVE|CVE-2016-1930}} {{CVE|CVE-2016-1931}} {{CVE|CVE-2016-1935}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird38.6] || {{pkg|thunderbird}} || 2016-02-11 || <= 38.5.1-1 || 38.6.0-1 || 6d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000557.html ASA-201602-16]<br />
|-<br />
| {{CVE|CVE-2015-7547}} {{CVE|CVE-2015-8776}} {{CVE|CVE-2015-8777}} {{CVE|CVE-2015-8778}} {{CVE|CVE-2015-8779}} [https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html] [https://googleonlinesecurity.blogspot.de/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html] || {{pkg|glibc}} || 2016-02-16 || <= 2.22-3 || 2.22-4 || 1d || Fixed ({{Bug|48213}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000555.html ASA-201602-15]<br />
|-<br />
| {{CVE|CVE-2015-7547}} {{CVE|CVE-2015-8776}} {{CVE|CVE-2015-8777}} {{CVE|CVE-2015-8778}} {{CVE|CVE-2015-8779}} [https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html] [https://googleonlinesecurity.blogspot.de/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html] || {{pkg|lib32-glibc}} || 2016-02-16 || <= 2.22-3.1 || 2.22-4 || 1d || Fixed ({{Bug|48213}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000554.html ASA-201602-14]<br />
|-<br />
| {{CVE|CVE-2016-1622}} {{CVE|CVE-2016-1623}} {{CVE|CVE-2016-1624}} {{CVE|CVE-2016-1625}} {{CVE|CVE-2016-1626}} {{CVE|CVE-2016-1627}} [http://googlechromereleases.blogspot.fr/2016/02/stable-channel-update_9.html]|| {{pkg|chromium}} || 2016-02-09 || <= 48.0.2564.103-1 || 48.0.2564.109-1 || 6d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-1949}} [https://www.mozilla.org/en-US/security/advisories/mfsa2016-13/]|| {{pkg|firefox}} || 2016-02-11 || <= 44.0.1-1 || 44.0.2-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000552.html ASA-201602-12]<br />
|-<br />
| {{CVE|CVE-2016-1544}} [https://nghttp2.org/blog/2016/02/11/nghttp2-v1-7-1/]|| {{pkg|nghttp2}} || 2016-02-11 || <= 1.7.0-1 || 1.7.1-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000553.html ASA-201602-13]<br />
|-<br />
| {{CVE|CVE-2014-2312}} [https://www.kde.org/info/security/advisory-20160209-1.txt]|| {{pkg|kscreenlocker}} || 2016-02-10 || <= 5.5.4-1 || 5.5.4-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000550.html ASA-201602-10]<br />
|-<br />
| {{CVE|CVE-2014-9496}} {{CVE|CVE-2014-9756}} {{CVE|CVE-2015-7805}} || {{pkg|libsndfile}} {{pkg|lib32-libsndfile}} || 2016-02-01 || <= 1.0.25-3 || 1.0.26-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000548.html ASA-201602-8] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000549.html ASA-201602-9]<br />
|-<br />
| {{CVE|CVE-2015-8803}} {{CVE|CVE-2015-8804}} {{CVE|CVE-2015-8805}} [https://blog.fuzzing-project.org/38-Miscomputations-of-elliptic-curve-scalar-multiplications-in-Nettle.html] || {{pkg|nettle}} {{pkg|lib32-nettle}} || 2016-02-03 || <= 3.1-1 || 3.2-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000545.html ASA-201602-5] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000546.html ASA-201602-6]<br />
|-<br />
| {{CVE|CVE-2016-2194}} {{CVE|CVE-2016-2195}} {{CVE|CVE-2016-2196}} [http://botan.randombit.net/security.html#id1] || {{pkg|botan}} || 2016-02-01 || <= 1.11.25-2 || 1.11.28-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000551.html ASA-201602-11]<br />
|-<br />
| {{CVE|CVE-2014-9761}} [http://seclists.org/oss-sec/2016/q1/153] || {{pkg|lib32-glibc}} || 2016-02-01 || <= 2.22-4 || 2.23-1 || 27d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000564.html ASA-201602-23]<br />
|-<br />
| {{CVE|CVE-2014-9761}} [http://seclists.org/oss-sec/2016/q1/153] || {{pkg|glibc}} || 2016-02-01 || <= 2.22-4 || 2.23-1 || 27d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000563.html ASA-201602-22]<br />
|-<br />
| {{CVE|CVE-2016-2048}} [https://www.djangoproject.com/weblog/2016/feb/01/releases-192-and-189/] || {{pkg|python-django}} {{pkg|python2-django}} || 2016-02-01 || <= 1.9.1-1 || 1.9.2-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000540.html ASA-201602-1] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000542.html ASA-201602-2]<br />
|-<br />
| {{CVE|CVE-2016-2090}} [http://article.gmane.org/gmane.comp.security.oss.general/18715] [http://cgit.freedesktop.org/libbsd/commit/?id=c8f0723d2b4520bdd6b9eb7c3e7976de726d7ff7] [https://bugs.freedesktop.org/show_bug.cgi?id=93881] [https://blog.fuzzing-project.org/36-Heap-buffer-overflow-in-fgetwln-function-of-libbsd.html] || {{pkg|libbsd}} || 2016-01-27 || <= 0.8.1-1 || 0.8.2-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000547.html ASA-201602-7]<br />
|-<br />
| {{CVE|CVE-2015-3197}} {{CVE|CVE-2015-4000}} {{CVE|CVE-2016-0701}} [https://openssl.org/news/secadv/20160128.txt] || {{pkg|openssl}} {{pkg|lib32-openssl}} || 2016-01-28 || <= 1.0.2.e-1 || 1.0.2.f-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000538.html ASA-201601-32] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000539.html ASA-201601-33]<br />
|-<br />
| {{CVE|CVE-2016-0755}} [http://curl.haxx.se/docs/adv_20160127A.html] || {{pkg|curl}} {{pkg|lib32-curl}} || 2016-01-27 || <= 7.46.0-1 || 7.47.0-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000543.html ASA-201602-3] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000544.html ASA-201602-4]<br />
|-<br />
| {{CVE|CVE-2016-0742}} {{CVE|CVE-2016-0746}} {{CVE|CVE-2016-0747}} [http://mailman.nginx.org/pipermail/nginx-announce/2016/000168.html] || {{pkg|nginx}} || 2016-01-26 || <= 1.8.0-2 || 1.8.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000536.html ASA-201601-31]<br />
|-<br />
| {{CVE|CVE-2016-1982}} {{CVE|CVE-2016-1983}} [http://seclists.org/oss-sec/2016/q1/179] || {{pkg|privoxy}} || 2016-01-21 || <= 3.0.23-1 || 3.0.24-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000532.html ASA-201601-27]<br />
|-<br />
| {{CVE|CVE-2016-1572}} [https://bugs.launchpad.net/ecryptfs/+bug/1530566] || {{pkg|ecryptfs-utils}} || 2016-01-21 || <= 108-1 || 108-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000530.html ASA-201601-25]<br />
|-<br />
| {{CVE|CVE-2016-1612}} {{CVE|CVE-2016-1613}} {{CVE|CVE-2016-1614}} {{CVE|CVE-2016-1615}} {{CVE|CVE-2016-1616}} {{CVE|CVE-2016-1617}} {{CVE|CVE-2016-1618}} {{CVE|CVE-2016-1619}} {{CVE|CVE-2016-1620}} [http://googlechromereleases.blogspot.fr/2016/01/stable-channel-update_20.html] || {{pkg|chromium}} || 2016-01-20 || <= 47.0.2526.111-1 || 48.0.2564.82-1 || 1d|| Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000533.html ASA-201601-28]<br />
|-<br />
| {{CVE|CVE-2015-8704}} {{CVE|CVE-2015-8705}} [https://kb.isc.org/article/AA-01335] [https://kb.isc.org/article/AA-01336] || {{pkg|bind}} || 2016-01-19 || <= 9.10.3.P2-1 || 9.10.3.P3-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000526.html ASA-201601-21]<br />
|-<br />
| {{CVE|CVE-2016-0728}} [http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/] || {{pkg|linux-lts}} || 2016-01-19 || <= 4.1.15-1 || 4.1.16-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000531.html ASA-201601-26]<br />
|-<br />
| {{CVE|CVE-2016-0728}} [http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/] || {{pkg|linux}} || 2016-01-19 || <= 4.3.3-2 || 4.3.3-3 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000525.html ASA-201601-20]<br />
|-<br />
| {{CVE|CVE-2015-5300}} [http://support.ntp.org/bin/view/Main/NtpBug2956] || {{pkg|ntp}} || 2016-01-07 || <= 4.2.8.p4-1 || 4.2.8.p5-1 || 10d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000524.html ASA-201601-19]<br />
|-<br />
| {{CVE|CVE-2015-8618}} [https://groups.google.com/forum/#!topic/golang-dev/MEATuOi_ei4] || {{pkg|syncthing}} || 2016-01-13 || <= 0.12.14-1 || 0.12.14-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000521.html ASA-201601-16]<br />
|-<br />
| {{CVE|CVE-2015-8618}} [https://groups.google.com/forum/#!topic/golang-dev/MEATuOi_ei4] || {{pkg|keybase}} || 2016-01-13 || <= 1.0.8.0-1 || 1.0.8.0-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000520.html ASA-201601-15]<br />
|-<br />
| {{CVE|CVE-2015-8618}} [https://groups.google.com/forum/#!topic/golang-dev/MEATuOi_ei4] || {{pkg|hub}} || 2016-01-13 || <= 2.2.2-1 || 2.2.2-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000519.html ASA-201601-14]<br />
|-<br />
| {{CVE|CVE-2015-8618}} [https://groups.google.com/forum/#!topic/golang-dev/MEATuOi_ei4] || {{pkg|go-ipfs}} || 2016-01-13 || <= 0.3.11-1 || 0.3.11-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000518.html ASA-201601-13]<br />
|-<br />
| {{CVE|CVE-2015-8618}} [https://groups.google.com/forum/#!topic/golang-dev/MEATuOi_ei4] || {{pkg|docker}} || 2016-01-13 || <= 1:1.9.1-1 || 1:1.9.1-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000517.html ASA-201601-12]<br />
|-<br />
| {{CVE|CVE-2015-8770}} [http://seclists.org/bugtraq/2016/Jan/60] || {{pkg|roundcubemail}} || 2015-12-26 || <= 1.2beta-1 || 1.2beta-2 || 20d || Fixed ({{bug|47764}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000523.html ASA-201601-18]<br />
|-<br />
| {{CVE|CVE-2016-1903}} {{CVE|CVE-2016-1904}} [http://seclists.org/oss-sec/2016/q1/100] || {{pkg|php}} || 2016-01-14 || <= 7.0.1-1 || 7.0.2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000515.html ASA-201601-10]<br />
|-<br />
| {{CVE|CVE-2016-0777}} {{CVE|CVE-2016-0778}} [http://www.openssh.com/txt/release-7.1p2] || {{pkg|openssh}} || 2016-01-14 || <= 7.1p1-1 || 7.1p2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000512.html ASA-201601-9]<br />
|-<br />
| {{CVE|CVE-2016-2213}} [http://www.openwall.com/lists/oss-security/2016/02/03/2] || {{pkg|ffmpeg}} || 2016-02-03 || <= 2.8.4-1 || 2.8.5-1 || 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-1897}} {{CVE|CVE-2016-1898}} [http://seclists.org/oss-sec/2016/q1/85] || {{pkg|ffmpeg}} || 2016-01-13 || <= 1:2.8.4-2 || 1:2.8.4-3 || <1d || Fixed ({{Bug|47738}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000522.html ASA-201601-17]<br />
|-<br />
| {{CVE|CVE-2016-1897}} {{CVE|CVE-2016-1898}} [http://seclists.org/oss-sec/2016/q1/85] || {{pkg|mplayer}} || 2016-01-13 || <= 37379-6 || 37379-7 || 17d || Fixed ({{Bug|47944}}) || None<br />
|-<br />
| {{CVE|CVE-2015-8618}} [https://groups.google.com/forum/#!topic/golang-dev/MEATuOi_ei4] || {{pkg|go}} || 2016-01-13 || <= 2:1.5.2-1 || 2:1.5.3-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000516.html ASA-201601-11]<br />
|-<br />
|{{CVE|CVE-2015-8742}} {{CVE|CVE-2015-8741}} {{CVE|CVE-2015-8740}} {{CVE|CVE-2015-8738}} {{CVE|CVE-2015-8739}} {{CVE|CVE-2015-8737}} {{CVE|CVE-2015-8736}} {{CVE|CVE-2015-8735}} {{CVE|CVE-2015-8734}} {{CVE|CVE-2015-8733}} {{CVE|CVE-2015-8732}} {{CVE|CVE-2015-8730}} {{CVE|CVE-2015-8731}} {{CVE|CVE-2015-8729}} {{CVE|CVE-2015-8728}} {{CVE|CVE-2015-8727}} {{CVE|CVE-2015-8726}} {{CVE|CVE-2015-8725}} {{CVE|CVE-2015-8724}} {{CVE|CVE-2015-8723}} {{CVE|CVE-2015-8722}} {{CVE|CVE-2015-8721}} {{CVE|CVE-2015-8720}} {{CVE|CVE-2015-8718}} {{CVE|CVE-2015-8711}} || {{Pkg|wireshark-cli}} {{Pkg|wireshark-gtk}} {{Pkg|wireshark-qt}} || 2016-01-04 || <= 2.0.0 || 2.0.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000483.html ASA-201601-4] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000484.html ASA-201601-5] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000485.html ASA-201601-6]<br />
|-<br />
| {{CVE|CVE-2016-1564}} [http://article.gmane.org/gmane.comp.security.oss.general/18527] || {{Pkg|wordpress}} || 2016-01-08 || <= 4.4-1 || 4.4.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000481.html ASA-201601-2]<br />
|-<br />
| {{CVE|CVE-2015-8751}} [https://bugzilla.redhat.com/show_bug.cgi?id=1294039] [http://article.gmane.org/gmane.comp.security.oss.general/18523] || {{Pkg|jasper}} || 2016-01-07 || 1.900.1-15 || || || '''Vulnerable''' || <br />
|-<br />
| {{CVE|CVE-2015-8750}} [https://bugzilla.redhat.com/show_bug.cgi?id=1294264] [https://github.com/tomhughes/libdwarf/commit/11750a2838e52953013e3114ef27b3c7b1780697] || {{Pkg|libdwarf}} || 2016-01-07 || 20150507-1 || 20160115-1 || 13d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000527.html ASA-201601-22]<br />
|-<br />
| {{CVE|CVE-2016-1503}} {{CVE|CVE-2016-1504}} [http://article.gmane.org/gmane.comp.security.oss.general/18516] || {{Pkg|dhcpcd}} || 2016-01-07 || <= 6.9.4-1 || 6.10.0-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000486.html ASA-201601-7]<br />
|-<br />
| {{CVE|CVE-2015-7575}} [http://www.mitls.org/pages/attacks/SLOTH] [https://tls.mbed.org/tech-updates/releases/mbedtls-2.2.1-2.1.4-1.3.16-and-polarssl.1.2.19-released] || {{pkg|mbedtls}} || 2016-01-04 || 2.2.0-1 || 2.2.1-1 || 21d || Fixed ({{bug|47783}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000534.html ASA-201601-29]<br />
|-<br />
| {{CVE|CVE-2015-8688}} [http://gultsch.de/gajim_roster_push_and_message_interception.html] || {{pkg|gajim}} || 2015-12-20 || <= 0.16.4-1 || 0.16.5-1 || 20d || Fixed ({{bug|47647}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000482.html ASA-201601-3]<br />
|-<br />
| {{CVE|CVE-2016-1494}} [https://bitbucket.org/sybren/python-rsa/pull-requests/14/security-fix-bb06-attack-in-verify-by/diff] [https://blog.filippo.io/bleichenbacher-06-signature-forgery-in-python-rsa/] || {{pkg|python-rsa}} {{pkg|python2-rsa}} || 2016-01-05 || <= 3.2.3-1 || 3.3-1 || 13d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000528.html ASA-201601-23] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000529.html ASA-201601-24]<br />
|-<br />
| {{CVE|CVE-2016-1283}} [https://bugs.exim.org/show_bug.cgi?id=1767] [http://article.gmane.org/gmane.comp.security.oss.general/18481] || {{pkg|pcre}} || 2016-01-02 || <= 8.38-2 || 8.38-3 || 71d|| Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000583.html ASA-201603-18]<br />
|-<br />
|[http://article.gmane.org/gmane.comp.security.oss.general/18466] || {{Pkg|rtmpdump}} || 2015-12-23 || <= 20140918-2 || 1:2.4.r96.fa8646d-1 || 7d || Fixed ({{bug|47564}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000480.html ASA-201601-1]<br />
|-<br />
| {{CVE|CVE-2015-8472}} [http://seclists.org/oss-sec/2015/q4/439] || {{pkg|libpng}} || 2015-12-03 || <= 1.6.19-1 || 1.6.20-1 || 25d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000477.html ASA-201512-18]<br />
|-<br />
| {{CVE|CVE-2015-8459}} {{CVE|CVE-2015-8460}} {{CVE|CVE-2015-8634}} {{CVE|CVE-2015-8635}} {{CVE|CVE-2015-8636}} {{CVE|CVE-2015-8638}} {{CVE|CVE-2015-8639}} {{CVE|CVE-2015-8640}} {{CVE|CVE-2015-8641}} {{CVE|CVE-2015-8642}} {{CVE|CVE-2015-8643}} {{CVE|CVE-2015-8644}} {{CVE|CVE-2015-8645}} {{CVE|CVE-2015-8646}} {{CVE|CVE-2015-8647}} {{CVE|CVE-2015-8648}} {{CVE|CVE-2015-8649}} {{CVE|CVE-2015-8650}} {{CVE|CVE-2015-8651}} [https://helpx.adobe.com/security/products/flash-player/apsb16-01.html] || {{pkg|flashplugin}} {{pkg|lib32-flashplugin}} || 2015-12-28 || <= 11.2.202.554-1 || 11.2.202.559-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000477.html ASA-201512-17]<br />
|-<br />
| {{CVE|CVE-2015-7554}} {{CVE|CVE-2015-8683}} [http://seclists.org/oss-sec/2015/q4/584] [http://seclists.org/oss-sec/2015/q4/590] || {{pkg|libtiff}} || 2015-12-25 || <= 4.0.6-2 || || || '''Vulnerable''' || <br />
|-<br />
| {{CVE|CVE-2015-7201}} {{CVE|CVE-2015-7205}} {{CVE|CVE-2015-7212}} {{CVE|CVE-2015-7213}} {{CVE|CVE-2015-7214}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird38.5] || {{pkg|thunderbird}} || 2015-12-23 || <= 38.4.0-2 || 38.5.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000474.html ASA-201512-14]<br />
|-<br />
| {{CVE|CVE-2015-8612}} [http://seclists.org/oss-sec/2015/q4/541] || {{pkg|blueman}} || 2015-12-18 || <= 2.0.2-1 || 2.0.3-1 || 38d || Fixed ({{bug|47784}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000535.html ASA-201601-30]<br />
|-<br />
| {{CVE|CVE-2015-8659}} [http://seclists.org/oss-sec/2015/q4/576] || {{pkg|nghttp2}} || 2015-12-23 || <= 1.5.0-2 || 1.6.0-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000476.html ASA-201512-16]<br />
|-<br />
| {{CVE|CVE-2015-7555}} [http://seclists.org/oss-sec/2015/q4/548] || {{pkg|giflib}} || 2015-12-21 || <= 5.1.1-1 || 5.1.2-1 || 43d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-7557}} {{CVE|CVE-2015-7558}} [http://seclists.org/oss-sec/2015/q4/549] || {{pkg|librsvg}} || 2015-12-21 || <= 2:2.40.11-1 || 2:2.40.13-1 || 45d || Fixed ({{bug|47785}}) || None<br />
|-<br />
| {{CVE|CVE-2015-8622}} {{CVE|CVE-2015-8623}} {{CVE|CVE-2015-8624}} {{CVE|CVE-2015-8625}} {{CVE|CVE-2015-8626}} {{CVE|CVE-2015-8627}} {{CVE|CVE-2015-8628}} [http://seclists.org/oss-sec/2015/q4/552] || {{pkg|mediawiki}} || 2015-12-17 || <= 1.26.0-1 || 1.26.2-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000475.html ASA-201512-15]<br />
|-<br />
| {{CVE|CVE-2015-8614}} [http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3557] || {{pkg|claws-mail}} || 2015-12-21 || <= 3.13.0-1 || 3.13.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000473.html ASA-201512-13]<br />
|-<br />
| {{CVE|CVE-2015-8369}} {{CVE|CVE-2015-8604}} {{CVE|CVE-2015-8377}} {{CVE|CVE-2016-2313}} [http://www.openwall.com/lists/oss-security/2016/02/09/3] [https://bugs.mageia.org/show_bug.cgi?id=17352] [http://www.openwall.com/lists/oss-security/2016/01/04/8] || {{pkg|cacti}} || 2015-12-17 || <= 0.8.8_f-3 || 0.8.8_g-2 || 72d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000565.html ASA-201602-24]<br />
|-<br />
| [https://blog.fuzzing-project.org/32-Out-of-bounds-read-in-OpenVPN.html] || {{pkg|openvpn}} || 2015-12-18 || <= 2.3.8-2 || 2.3.9-1 || 9d || Fixed ({{bug|47498}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000479.html ASA-201512-19]<br />
|-<br />
| {{CVE|CVE-2015-8549}} [http://www.ocert.org/advisories/ocert-2015-011.html] || {{pkg|python2-pyamf}} || 2015-12-17 || <= 0.7.2-1 || 0.8.0-2 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000472.html ASA-201512-12]<br />
|-<br />
| {{CVE|CVE-2015-7551}} [https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/] || {{pkg|ruby}} || 2015-12-16 || <= 2.2.3-1 || 2.2.4-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000471.html ASA-201512-11]<br />
|-<br />
| {{CVE|CVE-2015-7201}} {{CVE|CVE-2015-7202}} {{CVE|CVE-2015-7203}} {{CVE|CVE-2015-7204}} {{CVE|CVE-2015-7205}} {{CVE|CVE-2015-7207}} {{CVE|CVE-2015-7208}} {{CVE|CVE-2015-7210}} {{CVE|CVE-2015-7211}} {{CVE|CVE-2015-7212}} {{CVE|CVE-2015-7213}} {{CVE|CVE-2015-7214}} {{CVE|CVE-2015-7215}} {{CVE|CVE-2015-7216}} {{CVE|CVE-2015-7217}} {{CVE|CVE-2015-7218}} {{CVE|CVE-2015-7219}} {{CVE|CVE-2015-7220}} {{CVE|CVE-2015-7221}} {{CVE|CVE-2015-7222}} {{CVE|CVE-2015-7223}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox43] || {{pkg|firefox}} || 2015-12-15 || <= 42.0-3 || 43.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000467.html ASA-201512-9]<br />
|-<br />
| {{CVE|CVE-2015-8000}} [https://kb.isc.org/article/AA-01317] || {{pkg|bind}} || 2015-12-15 || <= 9.10.3-2 || 9.10.3.P2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000468.html ASA-201512-10]<br />
|-<br />
| {{CVE|CVE-2015-8370}} [http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html#fix] || {{pkg|grub}} || 2015-12-15 || <= 1:2.02.beta2-5 || 1:2.02.beta2-6 || 3d || Fixed ({{bug|47386}}) || None<br />
|-<br />
| {{CVE|CVE-2015-8378}} [https://www.keepassx.org/news/2015/12/551] || {{pkg|keepassx}} || 2015-12-08 || <= 0.4.3-7 || 0.4.4-1 || <2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000466.html ASA-201512-8]<br />
|-<br />
| {{CVE|CVE-2015-8045}} {{CVE|CVE-2015-8047}} {{CVE|CVE-2015-8048}} {{CVE|CVE-2015-8049}} {{CVE|CVE-2015-8050}} {{CVE|CVE-2015-8055}} {{CVE|CVE-2015-8056}} {{CVE|CVE-2015-8057}} {{CVE|CVE-2015-8058}} {{CVE|CVE-2015-8059}} {{CVE|CVE-2015-8060}} {{CVE|CVE-2015-8061}} {{CVE|CVE-2015-8062}} {{CVE|CVE-2015-8063}} {{CVE|CVE-2015-8064}} {{CVE|CVE-2015-8065}} {{CVE|CVE-2015-8066}} {{CVE|CVE-2015-8067}} {{CVE|CVE-2015-8068}} {{CVE|CVE-2015-8069}} {{CVE|CVE-2015-8070}} {{CVE|CVE-2015-8071}} {{CVE|CVE-2015-8401}} {{CVE|CVE-2015-8402}} {{CVE|CVE-2015-8403}} {{CVE|CVE-2015-8404}} {{CVE|CVE-2015-8405}} {{CVE|CVE-2015-8406}} {{CVE|CVE-2015-8407}} {{CVE|CVE-2015-8408}} {{CVE|CVE-2015-8409}} {{CVE|CVE-2015-8410}} {{CVE|CVE-2015-8411}} {{CVE|CVE-2015-8412}} {{CVE|CVE-2015-8413}} {{CVE|CVE-2015-8414}} {{CVE|CVE-2015-8415}} {{CVE|CVE-2015-8416}} {{CVE|CVE-2015-8417}} {{CVE|CVE-2015-8418}} {{CVE|CVE-2015-8419}} {{CVE|CVE-2015-8420}} {{CVE|CVE-2015-8421}} {{CVE|CVE-2015-8422}} {{CVE|CVE-2015-8423}} {{CVE|CVE-2015-8424}} {{CVE|CVE-2015-8425}} {{CVE|CVE-2015-8426}} {{CVE|CVE-2015-8427}} {{CVE|CVE-2015-8428}} {{CVE|CVE-2015-8429}} {{CVE|CVE-2015-8430}} {{CVE|CVE-2015-8431}} {{CVE|CVE-2015-8432}} {{CVE|CVE-2015-8433}} {{CVE|CVE-2015-8434}} {{CVE|CVE-2015-8435}} {{CVE|CVE-2015-8436}} {{CVE|CVE-2015-8437}} {{CVE|CVE-2015-8438}} {{CVE|CVE-2015-8439}} {{CVE|CVE-2015-8440}} {{CVE|CVE-2015-8441}} {{CVE|CVE-2015-8442}} {{CVE|CVE-2015-8443}} {{CVE|CVE-2015-8444}} {{CVE|CVE-2015-8445}} {{CVE|CVE-2015-8446}} {{CVE|CVE-2015-8447}} {{CVE|CVE-2015-8448}} {{CVE|CVE-2015-8449}} {{CVE|CVE-2015-8450}} {{CVE|CVE-2015-8451}} {{CVE|CVE-2015-8452}} {{CVE|CVE-2015-8453}} {{CVE|CVE-2015-8454}} {{CVE|CVE-2015-8455}} [https://helpx.adobe.com/security/products/flash-player/apsb15-32.html] || {{pkg|flashplugin}} || 2015-12-08 || <= 11.2.202.548-1 || 11.2.202.554-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000465.html ASA-201512-7]<br />
|-<br />
| {{CVE|CVE-2015-6788}} {{CVE|CVE-2015-6789}} {{CVE|CVE-2015-6790}} {{CVE|CVE-2015-6791}} [http://googlechromereleases.blogspot.fr/2015/12/stable-channel-update_8.html] || {{pkg|chromium}} || 2015-12-08 || <= 47.0.2526.73-1 || 47.0.2526.80-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000463.html ASA-201512-5]<br />
|-<br />
| {{CVE|CVE-2015-3193}} {{CVE|CVE-2015-3194}} {{CVE|CVE-2015-3195}} {{CVE|CVE-2015-3196}} {{CVE|CVE-2015-1794}} [https://www.openssl.org/news/secadv/20151203.txt] || {{pkg|openssl}} {{pkg|lib32-openssl}} || 2015-12-03 || <= 1.0.2.d-1 || 1.0.2.e-1 || <3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000459.html ASA-201512-2]<br />
|-<br />
| {{CVE|CVE-2015-6764}} {{CVE|CVE-2015-6765}} {{CVE|CVE-2015-6766}} {{CVE|CVE-2015-6767}} {{CVE|CVE-2015-6768}} {{CVE|CVE-2015-6769}} {{CVE|CVE-2015-6770}} {{CVE|CVE-2015-6771}} {{CVE|CVE-2015-6772}} {{CVE|CVE-2015-6773}} {{CVE|CVE-2015-6774}} {{CVE|CVE-2015-6775}} {{CVE|CVE-2015-6776}} {{CVE|CVE-2015-6777}} {{CVE|CVE-2015-6778}} {{CVE|CVE-2015-6779}} {{CVE|CVE-2015-6780}} {{CVE|CVE-2015-6781}} {{CVE|CVE-2015-6782}} {{CVE|CVE-2015-6783}} {{CVE|CVE-2015-6784}} {{CVE|CVE-2015-6785}} {{CVE|CVE-2015-6786}} {{CVE|CVE-2015-6787}} [http://googlechromereleases.blogspot.fr/2015/12/stable-channel-update.html] || {{pkg|chromium}} || 2015-12-01 || <= 46.0.2490.86-1 || 47.0.2526.73-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000440.html ASA-201512-1]<br />
|-<br />
| {{CVE|CVE-2015-6764}} {{CVE|CVE-2015-8027}} [https://nodejs.org/en/blog/vulnerability/cve-2015-8027_cve-2015-6764/] || {{pkg|nodejs}} || 2015-11-25 || <= 5.1.0-1 || 5.1.1-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000462.html ASA-201512-4]<br />
|-<br />
| {{CVE|CVE-2015-8213}} [https://www.djangoproject.com/weblog/2015/nov/24/security-releases-issued/ templink] || {{pkg|python-django}} {{pkg|python2-django}} || 2015-11-24 || <= 1.8.6-1 || 1.8.7-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000460.html ASA-201512-3]<br />
|-<br />
| {{CVE|CVE-2015-1819}} {{CVE|CVE-2015-5312}} {{CVE|CVE-2015-7941}} {{CVE|CVE-2015-7942}} {{CVE|CVE-2015-7497}} {{CVE|CVE-2015-7498}} {{CVE|CVE-2015-7499}} {{CVE|CVE-2015-7500}} {{CVE|CVE-2015-8035}} {{CVE|CVE-2015-8242}} [https://mail.gnome.org/archives/xml/2015-November/msg00012.html templink] || {{pkg|libxml2}} || 2015-11-20 || <= 2.9.2-2 || 2.9.3-1 || 19d || Fixed ({{bug|47095}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000464.html ASA-201512-6]<br />
|-<br />
| {{CVE|CVE-2015-7981}} {{CVE|CVE-2015-8126}} [http://seclists.org/oss-sec/2015/q4/264 templink] [http://seclists.org/oss-sec/2015/q4/161 templink] || {{pkg|libpng}} {{pkg|lib32-libpng}} || 2015-11-12 || <= 1.6.18-1 || 1.6.19-1 || 5d || Fixed ({{bug|47069}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000437.html ASA-201511-9] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000438.html ASA-201511-10]<br />
|-<br />
| {{CVE|CVE-2015-5309}} [http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-ech-overflow.html templink] || {{pkg|putty}} || 2015-11-12 || <= 0.65-1 || 0.66-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000435.html ASA-201511-7]<br />
|-<br />
| {{CVE|CVE-2015-7651}} {{CVE|CVE-2015-7652}} {{CVE|CVE-2015-7653}} {{CVE|CVE-2015-7654}} {{CVE|CVE-2015-7655}} {{CVE|CVE-2015-7656}} {{CVE|CVE-2015-7657}} {{CVE|CVE-2015-7658}} {{CVE|CVE-2015-7659}} {{CVE|CVE-2015-7660}} {{CVE|CVE-2015-7661}} {{CVE|CVE-2015-7662}} {{CVE|CVE-2015-7663}} {{CVE|CVE-2015-8042}} {{CVE|CVE-2015-8043}} {{CVE|CVE-2015-8044}} {{CVE|CVE-2015-8046}} [https://helpx.adobe.com/security/products/flash-player/apsb15-28.html templink] || {{pkg|flashplugin}} || 2015-11-10 || <= 11.2.202.540-1 || 11.2.202.548-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000433.html ASA-201511-5]<br />
|-<br />
| {{CVE|CVE-2015-1302}} [http://googlechromereleases.blogspot.fr/2015/11/stable-channel-update.html templink] || {{pkg|chromium}} || 2015-11-10 || <= 46.0.2490.80-2 || 46.0.2490.86-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000436.html ASA-201511-8]<br />
|-<br />
| {{CVE|CVE-2015-5311}} [https://doc.powerdns.com/md/security/powerdns-advisory-2015-03/ templink] || {{pkg|powerdns}} || 2015-11-09 || <= 3.4.6-2 || 3.4.7-1 || 3d || Fixed ({{bug|47014}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000434.html ASA-201511-6]<br />
|-<br />
| {{CVE|CVE-2015-4513}} {{CVE|CVE-2015-4514}} {{CVE|CVE-2015-4515}} {{CVE|CVE-2015-4518}} {{CVE|CVE-2015-7181}} {{CVE|CVE-2015-7182}} {{CVE|CVE-2015-7183}} {{CVE|CVE-2015-7187}} {{CVE|CVE-2015-7188}} {{CVE|CVE-2015-7189}} {{CVE|CVE-2015-7193}} {{CVE|CVE-2015-7194}} {{CVE|CVE-2015-7195}} {{CVE|CVE-2015-7196}} {{CVE|CVE-2015-7197}} {{CVE|CVE-2015-7198}} {{CVE|CVE-2015-7199}} {{CVE|CVE-2015-7200}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2015-11-03 || <= 41.0.2-2 || 42.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000430.html ASA-201511-2]<br />
|-<br />
| {{CVE|CVE-2015-7183}} [http://www.mail-archive.com/dev-tech-crypto@lists.mozilla.org/msg12386.html templink] || {{pkg|nspr}} || 2015-11-03 || <= 4.10.9-1 || 4.10.10-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000432.html ASA-201511-4]<br />
|-<br />
| {{CVE|CVE-2015-7181}} {{CVE|CVE-2015-7182}} [http://www.mail-archive.com/dev-tech-crypto@lists.mozilla.org/msg12386.html templink] || {{pkg|nss}} || 2015-11-03 || <= 3.20-1 || 3.20.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000431.html ASA-201511-3]<br />
|-<br />
| {{CVE|CVE-2015-7696}} {{CVE|CVE-2015-7697}} [http://seclists.org/oss-sec/2015/q3/512 templink] || {{pkg|unzip}} || 2015-10-30 || <= 6.0-10 || 6.0-11 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000429.html ASA-201511-1]<br />
|-<br />
| {{CVE|CVE-2015-8011}} {{CVE|CVE-2015-8012}} [http://seclists.org/oss-sec/2015/q4/198 templink] || {{pkg|lldpd}} || 2015-10-17 || <= 0.7.18-1 || 0.7.19-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000427.html ASA-201510-25]<br />
|-<br />
| {{CVE|CVE-2015-5714}} {{CVE|CVE-2015-5715}} {{CVE|CVE-2015-7989}} [https://codex.wordpress.org/Version_4.3.1 templink] || {{pkg|wordpress}} || 2015-10-18 || <= 4.3.0-1 || 4.3.1-1 || 11d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000426.html ASA-201510-24]<br />
|-<br />
| {{CVE|CVE-2015-7873}} [https://www.phpmyadmin.net/security/PMASA-2015-5/ templink] || {{pkg|phpmyadmin}} || 2015-10-23 || <= 4.5.0-1 || 4.5.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000425.html ASA-201510-23]<br />
|-<br />
| {{CVE|CVE-2015-7995}} [https://bugzilla.redhat.com/show_bug.cgi?id=1257962 templink] || {{pkg|libxslt}} || 2015-10-27 || <= 1.1.28-3 || 1.1.28-4 || 73d || Fixed ({{bug|47681}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000487.html ASA-201601-8]<br />
|-<br />
| {{CVE|CVE-2015-7943}} [https://www.drupal.org/SA-CORE-2015-004 templink] || {{pkg|drupal}} || 2015-10-21 || <= 7.40-1 || 7.41-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000423.html ASA-201510-21]<br />
|-<br />
| {{CVE|CVE-2015-4913}} {{CVE|CVE-2015-4870}} {{CVE|CVE-2015-4861}} {{CVE|CVE-2015-4858}} {{CVE|CVE-2015-4836}} {{CVE|CVE-2015-4830}} {{CVE|CVE-2015-4826}} {{CVE|CVE-2015-4815}} {{CVE|CVE-2015-4802}} {{CVE|CVE-2015-4792}} || {{pkg|mariadb}} || 2015-10-22 || <= 10.0.21-3 || 10.0.22-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000428.html ASA-201510-26] <br />
|-<br />
| {{CVE|CVE-2015-4734}} {{CVE|CVE-2015-4803}} {{CVE|CVE-2015-4805}} {{CVE|CVE-2015-4806}} {{CVE|CVE-2015-4810}} {{CVE|CVE-2015-4835}} {{CVE|CVE-2015-4840}} {{CVE|CVE-2015-4842}} {{CVE|CVE-2015-4843}} {{CVE|CVE-2015-4844}} {{CVE|CVE-2015-4860}} {{CVE|CVE-2015-4868}} {{CVE|CVE-2015-4872}} {{CVE|CVE-2015-4881}} {{CVE|CVE-2015-4882}} {{CVE|CVE-2015-4883}} {{CVE|CVE-2015-4893}} {{CVE|CVE-2015-4901}} {{CVE|CVE-2015-4902}} {{CVE|CVE-2015-4903}} {{CVE|CVE-2015-4906}} {{CVE|CVE-2015-4908}} {{CVE|CVE-2015-4911}} {{CVE|CVE-2015-4916}} || {{pkg|jdk8-openjdk}} {{pkg|jre8-openjdk}} {{pkg|jre8-openjdk-headless}} || 2015-09-22 || <= 8.u60-1 || 8.u65-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000420.html ASA-201510-18] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000421.html ASA-201510-19] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000422.html ASA-201510-20]<br />
|-<br />
| {{CVE|CVE-2015-4734}} {{CVE|CVE-2015-4803}} {{CVE|CVE-2015-4805}} {{CVE|CVE-2015-4806}} {{CVE|CVE-2015-4810}} {{CVE|CVE-2015-4835}} {{CVE|CVE-2015-4840}} {{CVE|CVE-2015-4842}} {{CVE|CVE-2015-4843}} {{CVE|CVE-2015-4844}} {{CVE|CVE-2015-4860}} {{CVE|CVE-2015-4871}} {{CVE|CVE-2015-4872}} {{CVE|CVE-2015-4881}} {{CVE|CVE-2015-4882}} {{CVE|CVE-2015-4883}} {{CVE|CVE-2015-4893}} {{CVE|CVE-2015-4902}} {{CVE|CVE-2015-4903}} {{CVE|CVE-2015-4911}} || {{pkg|jdk7-openjdk}} {{pkg|jre7-openjdk}} {{pkg|jre7-openjdk-headless}} || 2015-09-22 || <= 7.u85_2.6.1-2 || 7.u91_2.6.2-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000417.html ASA-201510-15] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000418.html ASA-201510-16] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000419.html ASA-201510-17]<br />
|-<br />
| {{CVE|CVE-2015-7691}} {{CVE|CVE-2015-7692}} {{CVE|CVE-2015-7701}} {{CVE|CVE-2015-7702}} {{CVE|CVE-2015-7703}} {{CVE|CVE-2015-7704}} {{CVE|CVE-2015-7705}} {{CVE|CVE-2015-7848}} {{CVE|CVE-2015-7849}} {{CVE|CVE-2015-7850}} {{CVE|CVE-2015-7851}} {{CVE|CVE-2015-7852}} {{CVE|CVE-2015-7853}} {{CVE|CVE-2015-7854}} {{CVE|CVE-2015-7855}} {{CVE|CVE-2015-7871}} [http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities templink] [http://blog.talosintel.com/2015/10/ntpd-vulnerabilities.html templink] || {{pkg|ntp}} || 2015-10-21 || <= 4.2.8.p3-1 || 4.2.8.p4-1 || 1d || Fixed ({{bug|46826}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000416.html ASA-201510-14]<br />
|-<br />
| {{CVE|CVE-2015-6031}} [http://talosintel.com/reports/TALOS-2015-0035/ templink] || {{pkg|miniupnpc}} || 2015-09-15 || <= 1.9.20150730-1 || 1.9.20151008-1 || 30d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000413.html ASA-201510-11]<br />
|-<br />
| {{CVE|CVE-2015-7645}} {{CVE|CVE-2015-7647}} {{CVE|CVE-2015-7648}} [https://helpx.adobe.com/security/products/flash-player/apsa15-05.html templink] [https://helpx.adobe.com/security/products/flash-player/apsb15-27.html templink] || {{pkg|flashplugin}} || 2015-10-14 || <= 11.2.202.535-1 || 11.2.202.540-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000414.html ASA-201510-12]<br />
|-<br />
| {{CVE|CVE-2015-7184}} [https://www.mozilla.org/en-US/security/advisories/mfsa2015-115/ templink] || {{pkg|firefox}} || 2015-10-15 || <= 41.0.1-1 || 41.0.2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000412.html ASA-201510-10]<br />
|-<br />
| {{CVE|CVE-2015-5260}} {{CVE|CVE-2015-5261}} {{CVE|CVE-2015-3247}} [http://lists.freedesktop.org/archives/spice-devel/2015-October/022168.html templink] [https://bugzilla.redhat.com/show_bug.cgi?id=1260822 templink] [https://bugzilla.redhat.com/show_bug.cgi?id=1261889 templink] [https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797976;msg=21 templink] || {{pkg|spice}} || 2015-09-08 || <= 0.12.5-1 || 0.12.6-1 || 41d || Fixed ({{bug|46738}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000415.html ASA-201510-13]<br />
|-<br />
| {{CVE|CVE-2015-6755}} {{CVE|CVE-2015-6756}} {{CVE|CVE-2015-6757}} {{CVE|CVE-2015-6758}} {{CVE|CVE-2015-6759}} {{CVE|CVE-2015-6760}} {{CVE|CVE-2015-6761}} {{CVE|CVE-2015-6762}} {{CVE|CVE-2015-6763}} [http://googlechromereleases.blogspot.fr/2015/10/stable-channel-update.html templink] || {{pkg|chromium}} || 2015-10-13 || <= 45.0.2454.101-2 || 46.0.2490.71-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000410.html ASA-201510-8]<br />
|-<br />
| {{CVE|CVE-2015-5569}} {{CVE|CVE-2015-7625}} {{CVE|CVE-2015-7626}} {{CVE|CVE-2015-7627}} {{CVE|CVE-2015-7628}} {{CVE|CVE-2015-7629}} {{CVE|CVE-2015-7630}} {{CVE|CVE-2015-7631}} {{CVE|CVE-2015-7632}} {{CVE|CVE-2015-7633}} {{CVE|CVE-2015-7634}} {{CVE|CVE-2015-7643}} {{CVE|CVE-2015-7644}} [https://helpx.adobe.com/security/products/flash-player/apsb15-25.html templink] || {{pkg|flashplugin}} || 2015-10-13 || <= 11.2.202.521-1 || 11.2.202.535-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000409.html ASA-201510-7]<br />
|-<br />
| {{CVE|CVE-2015-5291}} [https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2015-01 templink] || {{pkg|mbedtls}} || 2015-10-05 || <= 2.1.1-1 || 2.1.2-1 || 10d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000411.html ASA-201510-9]<br />
|-<br />
| {{CVE|CVE-2015-7384}} [https://nodejs.org/en/blog/release/v4.1.2/ templink] || {{pkg|nodejs}} || 2015-10-05 || <= 4.1.1-1 || 4.1.2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000405.html ASA-201510-3]<br />
|-<br />
| {{CVE|CVE-2015-7687}} [http://seclists.org/oss-sec/2015/q4/17 templink] [https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3f8e2fe24f3ff174d8515b82607e951e054f68f6 templink] || {{pkg|opensmtpd}} || 2015-10-02 || <= 5.7.1p1-1 || 5.7.3p1-1 || 6d || Fixed ({{bug|46605}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000407.html ASA-201510-5]<br />
|-<br />
| {{CVE|CVE-2015-7673}} {{CVE|CVE-2015-7674}} [http://seclists.org/oss-sec/2015/q4/18 templink] [http://seclists.org/oss-sec/2015/q4/19 templink] || {{pkg|gdk-pixbuf2}} || 2015-10-01 || <= 2.31.7-1 || 2.32.1-1 || 9d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000408.html ASA-201510-6]<br />
|-<br />
| {{CVE|CVE-2015-1335}} [https://github.com/lxc/lxc/commit/6de26af93d3dd87c8b21a42fdf20f30fa1c1948d templink] || {{pkg|lxc}} || 2015-09-29 || <= 1:1.1.3-2 || - || - || Not Affected ({{bug|46574}}) || None<br />
|-<br />
| {{CVE|CVE-2015-6972}} {{CVE|CVE-2015-6973}} [http://hyp3rlinx.altervista.org/advisories/AS-OPENFIRE-XSS.txt templink] [http://hyp3rlinx.altervista.org/advisories/AS-OPENFIRE-CSRF.txt templink] [https://igniterealtime.org/issues/browse/OF-942] || {{pkg|openfire}} || 2015-09-14 || <= 4.0.3-1 || || || '''Vulnerable''' ||<br />
|-<br />
| {{CVE|CVE-2015-4499}} [https://www.bugzilla.org/security/4.2.14/ templink] || {{pkg|bugzilla}} || 2015-09-10 || <= 5.0-1 || 5.0.1-1 || 28d || Fixed ({{bug|46573}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000406.html ASA-201510-4]<br />
|-<br />
| {{CVE|CVE-2015-4141}} {{CVE|CVE-2015-4142}} {{CVE|CVE-2015-4143}} {{CVE|CVE-2015-4144}} {{CVE|CVE-2015-4145}} {{CVE|CVE-2015-4146}} [http://w1.fi/security/2015-2/ templink] [http://w1.fi/security/2015-3/ templink] [http://w1.fi/security/2015-4/ templink] [http://w1.fi/security/2015-5/ templink] || {{pkg|hostapd}} || 2015-05-04 || <= 2.4-2 || 2.5-1 || ~150d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000404.html ASA-201510-2]<br />
|-<br />
| {{CVE|CVE-2015-3239}} [https://bugzilla.redhat.com/show_bug.cgi?id=1232265 templink] || {{pkg|libunwind}} || 2015-06-16 || <= 1.1-2 || 1.1-3 || ~110d || Fixed ({{bug|46474}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000403.html ASA-201510-1]<br />
|-<br />
| {{CVE|CVE-2015-1303}} {{CVE|CVE-2015-1304}} [http://googlechromereleases.blogspot.fr/2015/09/stable-channel-update_24.html templink] || {{pkg|chromium}} || 2015-09-24 || <= 45.0.2454.99-1 || 45.0.2454.101-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000401.html ASA-201509-11]<br />
|-<br />
| {{CVE|CVE-2015-4500}} {{CVE|CVE-2015-4501}} {{CVE|CVE-2015-4502}} {{CVE|CVE-2015-4504}} {{CVE|CVE-2015-4506}} {{CVE|CVE-2015-4507}} {{CVE|CVE-2015-4508}} {{CVE|CVE-2015-4509}} {{CVE|CVE-2015-4510}} {{CVE|CVE-2015-4511}} {{CVE|CVE-2015-4512}} {{CVE|CVE-2015-4516}} {{CVE|CVE-2015-4517}} {{CVE|CVE-2015-4519}} {{CVE|CVE-2015-4520}} {{CVE|CVE-2015-4521}} {{CVE|CVE-2015-4522}} {{CVE|CVE-2015-7174}} {{CVE|CVE-2015-7175}} {{CVE|CVE-2015-7176}} {{CVE|CVE-2015-7177}} {{CVE|CVE-2015-7180}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox41 templink] || {{pkg|firefox}} || 2015-09-22 || <= 40.0.3-1 || 41.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000399.html ASA-201509-9]<br />
|-<br />
| {{CVE|CVE-2015-5567}} {{CVE|CVE-2015-5568}} {{CVE|CVE-2015-5570}} {{CVE|CVE-2015-5571}} {{CVE|CVE-2015-5572}} {{CVE|CVE-2015-5573}} {{CVE|CVE-2015-5574}} {{CVE|CVE-2015-5575}} {{CVE|CVE-2015-5576}} {{CVE|CVE-2015-5577}} {{CVE|CVE-2015-5578}} {{CVE|CVE-2015-5579}} {{CVE|CVE-2015-5580}} {{CVE|CVE-2015-5581}} {{CVE|CVE-2015-5582}} {{CVE|CVE-2015-5584}} {{CVE|CVE-2015-5587}} {{CVE|CVE-2015-5588}} {{CVE|CVE-2015-6676}} {{CVE|CVE-2015-6677}} {{CVE|CVE-2015-6678}} {{CVE|CVE-2015-6679}} {{CVE|CVE-2015-6682}} [https://helpx.adobe.com/security/products/flash-player/apsb15-23.html templink] || {{pkg|flashplugin}} || 2015-09-21 || <= 11.2.202.508-1 || 11.2.202.521-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000398.html ASA-201510-8]<br />
|-<br />
| {{CVE|CVE-2015-7236}} [http://seclists.org/oss-sec/2015/q3/561 templink] || {{pkg|rpcbind}} || 2015-09-17 || <= 0.2.3-1 || 0.2.3-2 || 7d || Fixed ({{bug|46341}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000400.html ASA-201509-10]<br />
|-<br />
| {{CVE|CVE-2015-5714}} {{CVE|CVE-2015-5715}} [https://wordpress.org/news/2015/09/wordpress-4-3-1/ templink] || {{pkg|wordpress}} || 2015-09-15 || <= 4.3-1 || 4.3.1-1 || 5d || Fixed ({{bug|46340}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000397.html ASA-201510-7]<br />
|-<br />
| {{CVE|CVE-2015-6908}} [http://www.openwall.com/lists/oss-security/2015/09/11/5 templink] || {{pkg|openldap}} || 2015-09-09 || <= 2.4.42-1 || 2.4.42-2 || 3d || Fixed ({{bug|46265}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000393.html ASA-201509-4]<br />
|-<br />
| {{CVE|CVE-2015-5722}} {{CVE|CVE-2015-5986}} [https://www.isc.org/blogs/cve-2015-5986-an-incorrect-boundary-check-can-trigger-a-require-assertion-failure-in-openpgpkey_61-c/ templink] [https://www.isc.org/blogs/cve-2015-5722-parsing-malformed-keys-may-cause-bind-to-exit-due-to-a-failed-assertion-in-buffer-c/ templink] || {{pkg|bind}} || 2015-09-02 || <= 9.10.2.P3-1 || 9.10.2.P4-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000391.html ASA-201509-2]<br />
|-<br />
| {{CVE|CVE-2015-5198}} {{CVE|CVE-2015-5199}} {{CVE|CVE-2015-5200}} [http://lists.x.org/archives/xorg-announce/2015-August/002630.html templink] || {{pkg|libvdpau}} {{pkg|lib32-libvdpau}} || 2015-08-31 || <= 1.1-1 || 1.1.1-1 || 13d || Fixed ({{bug|46266}}) ({{bug|46267}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000394.html ASA-201509-5]<br />
|-<br />
| {{CVE|CVE-2015-1291}} {{CVE|CVE-2015-1292}} {{CVE|CVE-2015-1293}} {{CVE|CVE-2015-1294}} {{CVE|CVE-2015-1295}} {{CVE|CVE-2015-1296}} {{CVE|CVE-2015-1297}} {{CVE|CVE-2015-1298}} {{CVE|CVE-2015-1299}} {{CVE|CVE-2015-1300}} {{CVE|CVE-2015-1301}} [http://googlechromereleases.blogspot.fr/2015/09/stable-channel-update.html templink] || {{pkg|chromium}} || 2015-09-01 || <= 44.0.2403.157-1 || 45.0.2454.85-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000390.html ASA-201509-1]<br />
|-<br />
| {{CVE|CVE-2015-5230}} [https://doc.powerdns.com/md/security/powerdns-advisory-2015-02/ templink] || {{pkg|powerdns}} || 2015-09-02 || <= 3.4.5-1 || 3.4.6-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000392.html ASA-201509-3]<br />
|-<br />
| {{CVE|CVE-2015-5317}} {{CVE|CVE-2015-5318}} {{CVE|CVE-2015-5319}} {{CVE|CVE-2015-5320}} {{CVE|CVE-2015-5321}} {{CVE|CVE-2015-5322}} {{CVE|CVE-2015-5323}} {{CVE|CVE-2015-5324}} {{CVE|CVE-2015-5325}} {{CVE|CVE-2015-5326}} {{CVE|CVE-2015-8103}} [https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11 templink] [http://seclists.org/bugtraq/2015/Aug/161 templink] || {{pkg|jenkins}} || 2015-08-28 || <= 1.627-1 || 1.638-1 || 60d || Fixed ({{bug|46268}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000439.html ASA-201511-11]<br />
|-<br />
| {{CVE|CVE-2015-6749}} [http://seclists.org/oss-sec/2015/q3/457 templink] || {{pkg|vorbis-tools}} || 2015-08-30 || <= 1.4.0-5 || 1.4.0-6 || >60d || Fixed ({{bug|46269}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000424.html ASA-201510-22]<br />
|-<br />
| {{CVE|CVE-2015-4497}} {{CVE|CVE-2015-4498}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox40.0.3 templink] || {{pkg|firefox}} || 2015-08-27 || <= 40.0.2-1 || 40.0.3-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000389.html ASA-201508-12]<br />
|-<br />
| {{CVE|CVE-2015-5949}} [http://www.ocert.org/advisories/ocert-2015-009.html templink] || {{pkg|vlc}} || 2015-08-20 || <= 2.2.1-6 || 2.2.2-1 || 179d || Fixed ({{bug|46037}}) || None<br />
|-<br />
| {{CVE|CVE-2015-5963}} [https://www.djangoproject.com/weblog/2015/aug/18/security-releases/ templink] || {{pkg|python-django}} {{pkg|python2-django}} || 2015-08-18 || <= 1.8.3-1 || 1.8.4-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000386.html ASA-201508-9]<br />
|-<br />
| {{CVE|CVE-2015-5221}} [http://seclists.org/oss-sec/2015/q3/408 templink] || {{pkg|jasper}} || 2015-08-16 || <= 1.900.1-15 || || || '''Vulnerable''' || <br />
|-<br />
| {{CVE|CVE-2015-5203}} [http://seclists.org/oss-sec/2015/q3/366 templink] || {{pkg|jasper}} || 2015-08-16 || <= 1.900.1-15 || || || '''Vulnerable''' || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000387.html ASA-201508-10]<br />
|-<br />
| CVE Pending [http://seclists.org/oss-sec/2015/q3/295 templink] || {{pkg|pcre}} || 2015-08-05 || <= 8.37-2 || 8.37-3 || 12d || Fixed ({{bug|45945}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000388.html ASA-201508-11]<br />
|-<br />
| {{CVE|CVE-2015-4473}} {{CVE|CVE-2015-4474}} {{CVE|CVE-2015-4475}} {{CVE|CVE-2015-4477}} {{CVE|CVE-2015-4478}} {{CVE|CVE-2015-4479}} {{CVE|CVE-2015-4480}} {{CVE|CVE-2015-4482}} {{CVE|CVE-2015-4483}} {{CVE|CVE-2015-4484}} {{CVE|CVE-2015-4485}} {{CVE|CVE-2015-4486}} {{CVE|CVE-2015-4487}} {{CVE|CVE-2015-4488}} {{CVE|CVE-2015-4489}} {{CVE|CVE-2015-4490}} {{CVE|CVE-2015-4491}} {{CVE|CVE-2015-4492}} {{CVE|CVE-2015-4493}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox40 templink] || {{pkg|firefox}} || 2015-08-11 || <= 39.0.3-1 || 40.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000381.html ASA-201508-4]<br />
|-<br />
| {{CVE|CVE-2014-8121}} [https://access.redhat.com/security/cve/CVE-2014-8121 templink] || {{pkg|glibc}} || 2015-02-23 || <= 2.21-4 || 2.22-1 || ~180d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000384.html ASA-201508-7]<br />
|-<br />
| {{CVE|CVE-2015-4680}} [http://www.ocert.org/advisories/ocert-2015-008.html templink] || {{pkg|freeradius}} || 2015-06-22 || <= 3.0.8-2 || 3.0.9-1 || ~50d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000383.html ASA-201508-6]<br />
|-<br />
| {{CVE|CVE-2015-3184}} {{CVE|CVE-2015-3187}} [https://subversion.apache.org/security/CVE-2015-3184-advisory.txt templink] [https://subversion.apache.org/security/CVE-2015-3187-advisory.txt templink] || {{pkg|subversion}} || 2015-08-05 || <= 1.8.13-2 || 1.9.0-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000382.html ASA-201508-5]<br />
|-<br />
| {{CVE|CVE-2015-6251}} [http://www.gnutls.org/security.html#GNUTLS-SA-2015-3 templink] || {{pkg|gnutls}} || 2015-08-10 || <= 3.4.3-1 || 3.4.4.1-1 || 10d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000385.html ASA-201508-8]<br />
|-<br />
| {{CVE|CVE-2015-4495}} [https://www.mozilla.org/en-US/security/advisories/mfsa2015-78/ templink] || {{pkg|firefox}} || 2015-08-06 || <= 39.0-1 || 39.0.3-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000378.html ASA-201508-1]<br />
|-<br />
| {{CVE|CVE-2015-2213}} {{CVE|CVE-2015-5730}} {{CVE|CVE-2015-5731}} {{CVE|CVE-2015-5732}} {{CVE|CVE-2015-5733}} {{CVE|CVE-2015-5734}} [https://codex.wordpress.org/Version_4.2.4 templink] || {{pkg|wordpress}} || 2015-08-04 || <= 4.2.3-1 || 4.2.4.-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000379.html ASA-201508-2]<br />
|-<br />
| {{CVE|CVE-2015-3245}} {{CVE|CVE-2015-3246}} [http://seclists.org/oss-sec/2015/q3/185 templink] || {{pkg|libuser}} || 2015-07-22 || <= 0.61-1 || 0.62-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000373.html ASA-201507-19]<br />
|-<br />
| {{CVE|CVE-2015-5600}} [https://kingcope.wordpress.com/2015/07/16/openssh-keyboard-interactive-authentication-brute-force-vulnerability-maxauthtries-bypass/ templink] || {{pkg|openssh}} || 2015-07-22 || <= 6.9p1-1 || 6.9p1-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000372.html ASA-201507-17]<br />
|-<br />
| {{CVE|CVE-2015-1270}} {{CVE|CVE-2015-1271}} {{CVE|CVE-2015-1272}} {{CVE|CVE-2015-1273}} {{CVE|CVE-2015-1274}} {{CVE|CVE-2015-1276}} {{CVE|CVE-2015-1277}} {{CVE|CVE-2015-1278}} {{CVE|CVE-2015-1279}} {{CVE|CVE-2015-1280}} {{CVE|CVE-2015-1281}} {{CVE|CVE-2015-1282}} {{CVE|CVE-2015-1283}} {{CVE|CVE-2015-1284}} {{CVE|CVE-2015-1285}} {{CVE|CVE-2015-1286}} {{CVE|CVE-2015-1287}} {{CVE|CVE-2015-1288}} {{CVE|CVE-2015-1289}} [http://googlechromereleases.blogspot.fr/2015/07/stable-channel-update_21.html templink] || {{pkg|chromium}} || 2015-07-21 || <= 43.0.2357.134-1 || 44.0.2403.89-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000371.html ASA-201507-18]<br />
|-<br />
| {{CVE|CVE-2015-2590}} {{CVE|CVE-2015-2601}} {{CVE|CVE-2015-2613}} {{CVE|CVE-2015-2621}} {{CVE|CVE-2015-2625}} {{CVE|CVE-2015-2628}} {{CVE|CVE-2015-2632}} {{CVE|CVE-2015-2808}} {{CVE|CVE-2015-4000}} {{CVE|CVE-2015-4731}} {{CVE|CVE-2015-4732}} {{CVE|CVE-2015-4733}} {{CVE|CVE-2015-4748}} {{CVE|CVE-2015-4749}} {{CVE|CVE-2015-4760}} [http://blog.fuseyism.com/index.php/2015/07/21/security-icedtea-2-6-1-for-openjdk-7-released/ templink] || {{pkg|jre7-openjdk}} || 2015-07-21 || <= 7.u80_2.6.0-1 || 7.u85_2.6.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000370.html ASA-201507-16]<br />
|-<br />
| {{CVE|CVE-2015-5122}} {{CVE|CVE-2015-5123}} [https://helpx.adobe.com/security/products/flash-player/apsb15-18.html templink] || {{pkg|lib32-flashplugin}} || 2015-07-09 || <= 11.2.202.481-1 || 11.2.202.491-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000368.html ASA-201507-14]<br />
|-<br />
| {{CVE|CVE-2015-5122}} {{CVE|CVE-2015-5123}} [https://helpx.adobe.com/security/products/flash-player/apsb15-18.html templink] || {{pkg|flashplugin}} || 2015-07-09 || <= 11.2.202.481-1 || 11.2.202.491-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000367.html ASA-201507-13]<br />
|-<br />
| {{CVE|CVE-2015-0228}} {{CVE|CVE-2015-0253}} {{CVE|CVE-2015-3183}} {{CVE|CVE-2015-3185}} [http://www.apache.org/dist/httpd/CHANGES_2.4.16 templink] || {{pkg|apache}} || 2015-07-15 || <= 2.4.12-4 || 2.4.16-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000369.html ASA-201507-15]<br />
|-<br />
| {{CVE|CVE-2015-2724}} {{CVE|CVE-2015-2725}} {{CVE|CVE-2015-2726}} {{CVE|CVE-2015-2731}} {{CVE|CVE-2015-2734}} {{CVE|CVE-2015-2735}} {{CVE|CVE-2015-2736}} {{CVE|CVE-2015-2737}} {{CVE|CVE-2015-2738}} {{CVE|CVE-2015-2739}} {{CVE|CVE-2015-2740}} {{CVE|CVE-2015-2741}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird38.1 templink] || {{pkg|thunderbird}} || 2015-07-09 || <= 38.0.1-1 || 38.1.0-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000363.html ASA-201507-9]<br />
|-<br />
| {{CVE|CVE-2015-1793}} [https://openssl.org/news/secadv_20150709.txt templink] || {{pkg|lib32-openssl}} || 2015-07-09 || <= 1.0.2.c-1 || 1.0.2.d-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000366.html ASA-201507-12]<br />
|-<br />
| {{CVE|CVE-2015-1793}} [https://openssl.org/news/secadv_20150709.txt templink] || {{pkg|openssl}} || 2015-07-09 || <= 1.0.2.c-1 || 1.0.2.d-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000362.html ASA-201507-8]<br />
|-<br />
| {{CVE|CVE-2014-0578}} {{CVE|CVE-2015-3114}} {{CVE|CVE-2015-3115}} {{CVE|CVE-2015-3116}} {{CVE|CVE-2015-3117}} {{CVE|CVE-2015-3118}} {{CVE|CVE-2015-3119}} {{CVE|CVE-2015-3120}} {{CVE|CVE-2015-3121}} {{CVE|CVE-2015-3122}} {{CVE|CVE-2015-3123}} {{CVE|CVE-2015-3124}} {{CVE|CVE-2015-3125}} {{CVE|CVE-2015-3126}} {{CVE|CVE-2015-3127}} {{CVE|CVE-2015-3128}} {{CVE|CVE-2015-3129}} {{CVE|CVE-2015-3130}} {{CVE|CVE-2015-3131}} {{CVE|CVE-2015-3132}} {{CVE|CVE-2015-3133}} {{CVE|CVE-2015-3134}} {{CVE|CVE-2015-3135}} {{CVE|CVE-2015-3136}} {{CVE|CVE-2015-3137}} {{CVE|CVE-2015-4428}} {{CVE|CVE-2015-4429}} {{CVE|CVE-2015-4430}} {{CVE|CVE-2015-4431}} {{CVE|CVE-2015-4432}} {{CVE|CVE-2015-4433}} {{CVE|CVE-2015-5116}} {{CVE|CVE-2015-5117}} {{CVE|CVE-2015-5118}} {{CVE|CVE-2015-5119}} [https://helpx.adobe.com/security/products/flash-player/apsb15-16.html templink] [https://www.kb.cert.org/vuls/id/561288 templink] || {{pkg|flashplugin}} || 2015-07-07 || <= 11.2.202.468-1 || 11.2.202.481-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000361.html ASA-201507-7]<br />
|-<br />
| {{CVE|CVE-2015-4620}} [https://kb.isc.org/article/AA-01267/ templink] || {{pkg|bind}} || 2015-07-07 || <= 9.10.2.P1-1 || 9.10.2.P2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000360.html ASA-201507-6]<br />
|-<br />
| {{CVE|CVE-2015-5382}} [http://www.openwall.com/lists/oss-security/2015/07/07/3 templink] || {{pkg|roundcubemail}} || 2015-07-06 || <= 1.1.1-1 || 1.1.2-1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-5355}} {{CVE|CVE-2015-2694}} [http://krbdev.mit.edu/rt/NoAuth/krb5-1.13/fixed-1.13.2.html templink] || {{pkg|lib32-krb5}} || 2015-05-08 || <= 1.13.1-1 || 1.13.2-1 || 63d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000365.html ASA-201507-11]<br />
|-<br />
| {{CVE|CVE-2014-5355}} {{CVE|CVE-2015-2694}} [http://krbdev.mit.edu/rt/NoAuth/krb5-1.13/fixed-1.13.2.html templink] || {{pkg|krb5}} || 2015-05-08 || <= 1.13.1-1 || 1.13.2-1 || 63d || Fixed ({{bug|45575}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000364.html ASA-201507-10]<br />
|-<br />
| {{CVE|CVE-2015-3281}} [http://marc.info/?l=haproxy&m=143593901506748&w=2 templink] || {{pkg|haproxy}} || 2015-07-03 || <= 1.5.12-1 || 1.5.14-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000357.html ASA-201507-3]<br />
|-<br />
| {{CVE|CVE-2015-2722}} {{CVE|CVE-2015-2724}} {{CVE|CVE-2015-2725}} {{CVE|CVE-2015-2726}} {{CVE|CVE-2015-2727}} {{CVE|CVE-2015-2728}} {{CVE|CVE-2015-2729}} {{CVE|CVE-2015-2731}} {{CVE|CVE-2015-2733}} {{CVE|CVE-2015-2734}} {{CVE|CVE-2015-2735}} {{CVE|CVE-2015-2736}} {{CVE|CVE-2015-2737}} {{CVE|CVE-2015-2739}} {{CVE|CVE-2015-2740}} {{CVE|CVE-2015-2741}} {{CVE|CVE-2015-2743}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2015-07-02 || <= 38.0.5 || 39.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000356.html ASA-201507-2]<br />
|- <br />
| {{CVE|CVE-2015-5352}} [http://www.openwall.com/lists/oss-security/2015/07/01/10 templink] || {{pkg|openssh}} || 2015-06-29 || <= 6.8p1-3 || 6.9p1-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000358.html ASA-201507-4]<br />
|-<br />
| {{CVE|CVE-2015-5146}} [http://support.ntp.org/bin/view/Main/SecurityNotice#June_2015_NTP_Security_Vulnerabi templink] || {{pkg|ntp}} || 2015-06-29 || <= 4.2.8p2-1 || 4.2.8p3-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000359.html ASA-201507-5]<br />
|-<br />
| {{CVE|CVE-2015-2141}} [https://lists.ubuntu.com/archives/ubuntu-devel-discuss/2015-June/015585.html templink] [https://github.com/weidai11/cryptopp/commit/9425e16437439e68c7d96abef922167d68fafaff commit] || {{pkg|crypto++}} || 2015-06-28 || <= 5.6.2-2 || 5.6.2-3 || 28d || Fixed ({{bug|45498}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000374.html ASA-201507-20]<br />
|-<br />
| {{CVE|CVE-2015-5073}} [https://bugs.exim.org/show_bug.cgi?id=1651 templink] [http://vcs.pcre.org/pcre?view=revision&revision=1571 commit] || {{pkg|pcre}} || 2015-06-26 || <= 8.37-2 || 8.37-3 || ~52d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-5069}} {{CVE|CVE-2015-5070}} [http://www.openwall.com/lists/oss-security/2015/06/25/12 templink] || {{pkg|wesnoth}} || 2015-06-24 || <= 1.12.2-3 || 1.12.4-1 || < 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000355.html ASA-201507-1]<br />
|-<br />
| {{CVE|CVE-2015-3113}} [https://helpx.adobe.com/security/products/flash-player/apsb15-14.html templink] || {{pkg|flashplugin}} || 2015-06-23 || <= 11.2.202.466-1 || 11.2.202.468-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-June/000346.html ASA-201506-5]<br />
|-<br />
| {{CVE|CVE-2015-3236}} {{CVE|CVE-2015-3237}} [http://curl.haxx.se/docs/adv_20150617A.html templink] [http://curl.haxx.se/docs/adv_20150617B.html templink] || {{pkg|lib32-curl}} || 2015-06-17 || <= 7.42.1-1 || 7.43.0-1 || 47d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-June/000345.html ASA-201506-4]<br />
|-<br />
| {{CVE|CVE-2015-3236}} {{CVE|CVE-2015-3237}} [http://curl.haxx.se/docs/adv_20150617A.html templink] [http://curl.haxx.se/docs/adv_20150617B.html templink] || {{pkg|curl}} || 2015-06-17 || <= 7.42.1-1 || 7.43.0-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-June/000345.html ASA-201506-4]<br />
|-<br />
| {{CVE|CVE-2009-1364}} {{CVE|CVE-2006-3376}} {{CVE|CVE-2007-0455}} {{CVE|CVE-2007-2756}} {{CVE|CVE-2007-3472}} {{CVE|CVE-2007-3473}} {{CVE|CVE-2007-3477}} {{CVE|CVE-2009-3546}} {{CVE|CVE-2015-0848}} {{CVE|CVE-2015-4588}} {{CVE|CVE-2015-4695}} {{CVE|CVE-2015-4696}} [http://www.openwall.com/lists/oss-security/2015/06/16/4 templink] || {{pkg|libwmf}} || 2015-06-01 || <= 0.2.8.4-13 || || || '''Vulnerable''' ({{bug|49162}}) ||<br />
|-<br />
| {{CVE|CVE-2015-2325}} {{CVE|CVE-2015-2326}} {{CVE|CVE-2015-3414}} {{CVE|CVE-2015-3415}} {{CVE|CVE-2015-3416}} [http://php.net/ChangeLog-5.php#5.6.10 templink] || {{pkg|php}} || 2015-06-11 || <= 5.6.9-2 || 5.6.10-1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-3885}} [http://www.ocert.org/advisories/ocert-2015-006.html templink] || {{pkg|libraw}} || 2015-05-11 || <= 0.16.0-3 || 0.16.1 || 5d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-3885}} [http://www.ocert.org/advisories/ocert-2015-006.html templink] || {{pkg|dcraw}} || 2015-05-11 || <= 9.25.0-1 || 9.26.0-1 || ~1m || Fixed || None <br />
|-<br />
| {{CVE|CVE-2015-3885}} [http://www.ocert.org/advisories/ocert-2015-006.html templink] || {{pkg|gimp-ufraw}} || 2015-05-11 || <= 0.21-1 || 0.22-1 || 45d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-3885}} [http://www.ocert.org/advisories/ocert-2015-006.html templink] || {{pkg|rawtherapee}} || 2015-05-11 || <= 1:4.2-1 || 1:4.2+448.g26d182d-1 || ~5m || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-3885}} [http://www.ocert.org/advisories/ocert-2015-006.html templink] || {{pkg|rawstudio}} || 2015-05-11 || <= 2.0-12 || 2.0_git20160107-1 || ~11m || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-1158}} {{CVE|CVE-2015-1159}} [http://www.cups.org/str.php?L4609 templink] || {{pkg|cups}} || 2015-06-08 || <= 2.0.2-4 || 2.0.3-1 || 1d || Fixed ({{bug|45279}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-June/000343.html ASA-201506-2]<br />
|-<br />
| {{CVE|CVE-2015-1788}} {{CVE|CVE-2015-1789}} {{CVE|CVE-2015-1790}} {{CVE|CVE-2015-1791}} {{CVE|CVE-2015-1792}} {{CVE|CVE-2015-4000}} [https://www.openssl.org/news/secadv_20150611.txt templink] [https://git.openssl.org/?p=openssl.git;a=commit;h=98ece4eebfb6cd45cc8d550c6ac0022965071afc templink] || {{pkg|openssl}} || 2015-06-11 || <= 1.0.2.a-1 || 1.0.2.b-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-June/000344.html ASA-201506-3]<br />
|-<br />
| {{CVE|CVE-2015-3210}} [https://bugs.exim.org/show_bug.cgi?id=1636 templink] || {{pkg|pcre}} || 2015-05-29 || <= 8.37-1 || 8.37-2 || 7d || Fixed ({{bug|45207}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-June/000342.html ASA-201506-1]<br />
|-<br />
| {{CVE|CVE-2015-3165}} {{CVE|CVE-2015-3166}} {{CVE|CVE-2015-3167}} [http://www.postgresql.org/about/news/1587/ templink] || {{pkg|postgresql}} || 2015-05-22 || <= 9.4.1-1 || 9.4.2-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000338.html ASA-201505-17]<br />
|-<br />
| {{CVE|CVE-2015-4054}} [http://www.openwall.com/lists/oss-security/2015/05/22/5 templink] || {{pkg|pgbouncer}} || 2015-04-09 || <= 1.5.4-6 || 1.5.5-1 || 26d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000337.html ASA-201505-16]<br />
|-<br />
| {{CVE|CVE-2015-1251}} {{CVE|CVE-2015-1252}} {{CVE|CVE-2015-1253}} {{CVE|CVE-2015-1254}} {{CVE|CVE-2015-1255}} {{CVE|CVE-2015-1256}} {{CVE|CVE-2015-1257}} {{CVE|CVE-2015-1258}} {{CVE|CVE-2015-1259}} {{CVE|CVE-2015-1260}} {{CVE|CVE-2015-1263}} {{CVE|CVE-2015-1264}} {{CVE|CVE-2015-1265}} [http://googlechromereleases.blogspot.fr/2015/05/stable-channel-update_19.html templink] || {{pkg|chromium}} || 2015-05-19 || <= 42.0.2311.135-1 || 43.0.2357.65-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000335.html ASA-201505-14]<br />
|-<br />
| {{CVE|CVE-2015-3808}} {{CVE|CVE-2015-3809}} {{CVE|CVE-2015-3810}} {{CVE|CVE-2015-3811}} {{CVE|CVE-2015-3812}} {{CVE|CVE-2015-3813}} {{CVE|CVE-2015-3814}} {{CVE|CVE-2015-3815}} [https://wireshark.org/docs/relnotes/wireshark-1.12.5.html templink] || {{pkg|wireshark-cli}} {{pkg|wireshark-qt}} {{pkg|wireshark-gtk}} || 2015-05-11 || <= 1.12.4-4 || 1.12.5-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000329.html ASA-201505-10] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000330.html ASA-201505-11] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000331.html ASA-201505-12]<br />
|-<br />
| {{CVE|CVE-2015-3456}} [https://securityblog.redhat.com/2015/05/13/venom-dont-get-bitten/ templink] || {{pkg|qemu}} || 2015-05-13 || <= 2.2.1-4 || 2.2.1-5 || 1d || Fixed ({{bug|44958}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000328.html ASA-201505-9]<br />
|-<br />
| {{CVE|CVE-2014-0230}} [https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.44 templink] || {{pkg|tomcat6}} || 2015-04-09 || <= 6.0.43-2 || 6.0.44-1 || 34d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000321.html ASA-201505-8]<br />
|-<br />
| {{CVE|CVE-2015-2708}} {{CVE|CVE-2015-2709}} {{CVE|CVE-2015-2710}} {{CVE|CVE-2015-2713}} {{CVE|CVE-2015-2716}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird31.7 templink] || {{pkg|thunderbird}} || 2015-05-12 || <= 31.6.0-2 || 31.7.0-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000332.html ASA-201505-13]<br />
|-<br />
| {{CVE|CVE-2015-2708}} {{CVE|CVE-2015-2709}} {{CVE|CVE-2015-2710}} {{CVE|CVE-2015-2711}} {{CVE|CVE-2015-2712}} {{CVE|CVE-2015-2713}} {{CVE|CVE-2015-2715}} {{CVE|CVE-2015-2716}} {{CVE|CVE-2015-2717}} {{CVE|CVE-2015-2718}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox38 templink] || {{pkg|firefox}} || 2015-05-12 || <= 37.0.2-1 || 38.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000320.html ASA-201505-7] <br />
|-<br />
| {{CVE|CVE-2015-3622}} [http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commitdiff;h=f979435 templink] || {{pkg|libtasn1}} || 2015-04-20 || <= 4.5-1 || 4.4-1 || 16d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000318.html ASA-201505-5]<br />
|-<br />
| {{CVE|CVE-2014-8964}} [https://mariadb.com/kb/en/mariadb/mariadb-10018-release-notes/ templink] || {{pkg|mariadb-clients}} || 2015-05-07 || <= 10.0.17-1 || 10.0.18-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000317.html ASA-201505-4]<br />
|-<br />
| {{CVE|CVE-2014-8964}} {{CVE|CVE-2015-0499}} {{CVE|CVE-2015-0501}} {{CVE|CVE-2015-0505}} {{CVE|CVE-2015-2571}} [https://mariadb.com/kb/en/mariadb/mariadb-10018-release-notes/ templink] || {{pkg|mariadb}} || 2015-05-07 || <= 10.0.17-1 || 10.0.18-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000316.html ASA-201505-3]<br />
|-<br />
| {{CVE|CVE-2015-3627}} {{CVE|CVE-2015-3629}} {{CVE|CVE-2015-3630}} {{CVE|CVE-2015-3631}} [http://seclists.org/oss-sec/2015/q2/389 templink] || {{pkg|docker}} || 2015-05-07 || <= 1:1.6.0-1 || 1:1.6.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000319.html ASA-201505-6]<br />
|-<br />
| {{CVE|CVE-2015-0847}} [http://sourceforge.net/p/nbd/mailman/message/34091218/ templink] || {{pkg|nbd}} || 2015-05-07 || <= 3.10-1 || 3.11-1 || 19d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000336.html ASA-201505-15]<br />
|-<br />
| {{CVE|CVE-2015-1858}} {{CVE|CVE-2015-1859}} {{CVE|CVE-2015-1860}} [http://lists.qt-project.org/pipermail/announce/2015-April/000067.html templink] || {{pkg|qt5-base}} || 2015-04-13 || <= 5.4.1-5 || 5.4.2-1 || 50d || Fixed || None <br />
|-<br />
| {{CVE|CVE-2015-1858}} {{CVE|CVE-2015-1859}} {{CVE|CVE-2015-1860}} [http://lists.qt-project.org/pipermail/announce/2015-April/000067.html templink] || {{pkg|qt4}} || 2015-04-13 || <= 4.8.6-6 || 4.8.7-1 || 50d || Fixed || None <br />
|-<br />
| {{CVE|CVE-2015-3414}} {{CVE|CVE-2015-3415}} {{CVE|CVE-2015-3416}} [http://seclists.org/fulldisclosure/2015/Apr/31 templink] || {{pkg|sqlite}} || 2015-04-24 || <= 3.8.8.3-1 || 3.8.9-1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-2170}} {{CVE|CVE-2015-2221}} {{CVE|CVE-2015-2222}} {{CVE|CVE-2015-2305}} {{CVE|CVE-2015-2668}} [http://blog.clamav.net/2015/04/clamav-0987-has-been-released.html templink] || {{pkg|clamav}} || 2015-04-29 || <= 0.98.6-1 || 0.98.7-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000315.html ASA-201505-2]<br />
|-<br />
| {{CVE|CVE-2015-3455}} [http://www.openwall.com/lists/oss-security/2015/04/30/2 templink] || {{pkg|squid}} || 2015-04-29 || <= 3.5.3-2 || 3.5.4-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000314.html ASA-201505-1]<br />
|-<br />
| {{CVE|CVE-2015-3451}} [http://www.openwall.com/lists/oss-security/2015/04/30/1 templink] || {{pkg|perl-xml-libxml}} || 2015-04-30 || <= 2.0118-3 || 2.0119-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000313.html ASA-201504-32]<br />
|-<br />
| {{CVE|CVE-2015-3152}} [http://www.openwall.com/lists/oss-security/2015/04/29/4 templink] || {{pkg|mariadb}} {{pkg|mariadb-clients}} || 2015-04-29 || <= 10.0.17-2 || 10.0.20-1 || 52d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-3153}} [http://curl.haxx.se/docs/adv_20150429.html templink] || {{pkg|curl}} || 2015-04-29 || <= 7.42.0-1 || 7.42.1-1 || 29d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000341.html ASA-201505-20]<br />
|-<br />
| {{CVE|CVE-2015-1243}} {{CVE|CVE-2015-1250}} [http://googlechromereleases.blogspot.fr/2015/04/stable-channel-update_28.html templink] || {{pkg|chromium}} || 2015-04-28 || <= 42.0.2311.90-1 || 42.0.2311.135-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000311.html ASA-201504-30]<br />
|-<br />
| {{CVE|CVE-2015-3420}} [http://seclists.org/oss-sec/2015/q2/288 templink] || {{pkg|dovecot}} || 2015-04-24 || <= 2.2.16-1 || 2.2.16-2 || 4d || Fixed ({{bug|44757}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000312.html ASA-201504-31]<br />
|-<br />
| {{CVE|CVE-2015-1868}} [https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/ templink] || {{pkg|powerdns-recursor}} || 2015-04-23 || <= 3.7.1-1 || 3.7.2-1 || 1d || Fixed ({{Bug|44708}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000308.html ASA-201504-27]<br />
|-<br />
| {{CVE|CVE-2015-1868}} [https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/ templink] || {{pkg|powerdns}} || 2015-04-23 || <= 3.4.3-2 || 3.4.4-1 || 1d || Fixed ({{Bug|44708}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000307.html ASA-201504-26]<br />
|-<br />
| {{CVE|CVE-2015-1863}} [http://w1.fi/security/2015-1/wpa_supplicant-p2p-ssid-overflow.txt templink] || {{pkg|wpa_supplicant}} || 2015-04-22 || <= 2.3-1 || 2.4-1 (1:2.3-1) || 2d || Fixed ({{Bug|44695}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000310.html ASA-201504-29]<br />
|-<br />
| {{CVE|CVE-2015-1781}} [https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=2959eda9272a033863c271aff62095abd01bd4e3;hp=7bf8fb104226407b75103b95525364c4667c869f templink] || {{pkg|glibc}} || 2015-04-21 || <= 2.21-2 || 2.21-3 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000305.html ASA-201504-25]<br />
|-<br />
| {{CVE|CVE-2015-3143}} {{CVE|CVE-2015-3144}} {{CVE|CVE-2015-3145}} {{CVE|CVE-2015-3148}} [http://curl.haxx.se/docs/vuln-7.41.0.html templink] || {{pkg|curl}} || 2015-04-22 || <= 7.41.0-1 || 7.42.0-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000309.html ASA-201504-28]<br />
|-<br />
| {{CVE|CVE-2015-2706}} [https://www.mozilla.org/en-US/security/advisories/mfsa2015-45/ templink] || {{pkg|firefox}} || 2015-04-20 || <= 37.0.1-3 || 37.0.2-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000304.html ASA-201504-24]<br />
|-<br />
| {{CVE|CVE-2015-3138}} [https://github.com/the-tcpdump-group/tcpdump/issues/446 templink] || {{pkg|tcpdump}} || 2015-03-24 || <= 4.7.3-1 || 4.7.3-2 || 26d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000299.html ASA-201504-20]<br />
|-<br />
| {{CVE|CVE-2015-0346}} {{CVE|CVE-2015-0347}} {{CVE|CVE-2015-0348}} {{CVE|CVE-2015-0349}} {{CVE|CVE-2015-0350}} {{CVE|CVE-2015-0351}} {{CVE|CVE-2015-0352}} {{CVE|CVE-2015-0353}} {{CVE|CVE-2015-0354}} {{CVE|CVE-2015-0355}} {{CVE|CVE-2015-0356}} {{CVE|CVE-2015-0357}} {{CVE|CVE-2015-0358}} {{CVE|CVE-2015-0359}} {{CVE|CVE-2015-0360}} {{CVE|CVE-2015-3038}} {{CVE|CVE-2015-3039}} {{CVE|CVE-2015-3040}} {{CVE|CVE-2015-3041}} {{CVE|CVE-2015-3042}} {{CVE|CVE-2015-3043}} {{CVE|CVE-2015-3044}} [https://helpx.adobe.com/security/products/flash-player/apsb15-06.html templink] || {{pkg|flashplugin}} || 2015-04-14 || <= 11.2.202.451-1 || 11.2.202.457-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000297.html ASA-201504-18]<br />
|-<br />
| {{CVE|CVE-2015-1351}} {{CVE|CVE-2015-1352}} {{CVE|CVE-2015-2783}} {{CVE|CVE-2015-3330}} {{CVE|CVE-2015-3329}} [https://php.net/ChangeLog-5.php#5.6.8 templink] || {{pkg|php}} || 2015-04-17 || <= 5.6.7.-2 || 5.6.8-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000291.html ASA-201504-14]<br />
|-<br />
| {{CVE|CVE-2015-0460}} {{CVE|CVE-2015-0469}} {{CVE|CVE-2015-0470}} {{CVE|CVE-2015-0477}} {{CVE|CVE-2015-0478}} {{CVE|CVE-2015-0480}} {{CVE|CVE-2015-0488}} || {{pkg|jdk8-openjdk}} {{pkg|jre8-openjdk}} {{pkg|jre8-openjdk-headless}} || 2015-04-14 || <= 8.u40-1 || 8.u45-1 || 6d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000300.html ASA-201504-21] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000301.html ASA-201504-22] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000302.html ASA-201504-23]<br />
|-<br />
| {{CVE|CVE-2015-0460}} {{CVE|CVE-2015-0469}} {{CVE|CVE-2015-0477}} {{CVE|CVE-2015-0478}} {{CVE|CVE-2015-0480}} {{CVE|CVE-2015-0488}} [http://blog.fuseyism.com/index.php/2015/04/15/security-icedtea-2-5-5-for-openjdk-7-released/ templink] || {{pkg|jdk7-openjdk}} {{pkg|jre7-openjdk}} {{pkg|jre7-openjdk-headless}} || 2015-04-14 || <= 7.u75_2.5.4-1 || 7.u79_2.5.5-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000294.html ASA-201504-15] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000295.html ASA-201504-16] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000296.html ASA-201504-17]<br />
|-<br />
| {{CVE|CVE-2015-3310}} [http://www.openwall.com/lists/oss-security/2015/04/16/7 templink] || {{pkg|ppp}} || 2015-04-13 || <= 2.4.7-1 || 2.4.7-2 || ~4m || Fixed ({{bug|44607}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000380.html ASA-201508-3]<br />
|-<br />
| {{CVE|CVE-2015-3308}} [http://www.openwall.com/lists/oss-security/2015/04/16/6 templink] || {{pkg|gnutls}} || 2015-03-30 || <= 3.3.13-1 || 3.3.14-1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-1235}} {{CVE|CVE-2015-1236}} {{CVE|CVE-2015-1237}} {{CVE|CVE-2015-1238}} {{CVE|CVE-2015-1240}} {{CVE|CVE-2015-1241}} {{CVE|CVE-2015-1242}} {{CVE|CVE-2015-1244}} {{CVE|CVE-2015-1245}} {{CVE|CVE-2015-1246}} {{CVE|CVE-2015-1247}} {{CVE|CVE-2015-1248}} {{CVE|CVE-2015-1249}} [http://googlechromereleases.blogspot.fr/2015/04/stable-channel-update_14.html templink] || {{pkg|chromium}} || 2015-04-14 || <= 41.0.2272.118-2 || 42.0.2311.90-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000298.html ASA-201504-19]<br />
|-<br />
| {{CVE|CVE-2015-1855}} [https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/ templink] || {{pkg|ruby}} || 2015-04-13 || <= 2.2.1-1 || 2.2.2-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000282.html ASA-201504-13]<br />
|-<br />
| {{CVE|CVE-2015-3026}} [http://seclists.org/oss-sec/2015/q2/80 templink] || {{pkg|icecast}} || 2015-04-08 || <= 2.4.1-1 || 2.4.2-1 || 3d || Fixed ({{bug|44503}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000281.html ASA-201504-12]<br />
|-<br />
| {{CVE|CVE-2015-1798}} [http://seclists.org/oss-sec/2015/q2/63 templink] || {{pkg|chrony}} || 2015-04-08 || <= 1.31-2 || 1.31.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000278.html ASA-201504-9]<br />
|-<br />
| {{CVE|CVE-2015-1798}} {{CVE|CVE-2015-1799}} [http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities templink] || {{pkg|ntp}} || 2015-04-07 || <= 4.2.8p1 || 4.2.8p2-1 || <1d || Fixed ({{bug|44492}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000275.html ASA-201504-8]<br />
|-<br />
| {{CVE|CVE-2015-2931}} {{CVE|CVE-2015-2932}} {{CVE|CVE-2015-2933}} {{CVE|CVE-2015-2934}} {{CVE|CVE-2015-2935}} {{CVE|CVE-2015-2936}} {{CVE|CVE-2015-2937}} {{CVE|CVE-2015-2938}} {{CVE|CVE-2015-2939}} {{CVE|CVE-2015-2940}} {{CVE|CVE-2015-2941}} {{CVE|CVE-2015-2942}} [http://seclists.org/oss-sec/2015/q2/61 templink] || {{pkg|mediawiki}} || 2015-04-07 || <= 1.24.1-1 || 1.24.2-1 || 0d || Fixed ({{bug|44489}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000280.html ASA-201504-11]<br />
|-<br />
| {{CVE|CVE-2015-2928}} {{CVE|CVE-2015-2929}} [http://seclists.org/oss-sec/2015/q2/56 templink] || {{pkg|tor}} || 2015-04-06 || <= 0.2.5.11-1 || 0.2.5.12-1 || <1d || Fixed ({{bug|44482}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000274.html ASA-201504-7]<br />
|-<br />
| {{CVE|CVE-2015-0799}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2015-04-03 || <= 37.0-1 || 37.0.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000271.html ASA-201504-4]<br />
|-<br />
| {{CVE|CVE-2015-1233}} {{CVE|CVE-2015-1234}} [http://googlechromereleases.blogspot.fr/2015/04/stable-channel-update.html templink] || {{pkg|chromium}} || 2015-04-01 || <= 41.0.2272.101-1 || 41.0.2272.118-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000269.html ASA-201504-2]<br />
|-<br />
| {{CVE|CVE-2015-0801}} {{CVE|CVE-2015-0807}} {{CVE|CVE-2015-0813}} {{CVE|CVE-2015-0814}} {{CVE|CVE-2015-0815}} {{CVE|CVE-2015-0816}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/ templink] || {{pkg|thunderbird}} || 2015-03-31 || <= 31.5.0-1 || 31.6.0-1|| 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000272.html ASA-201504-6]<br />
|-<br />
| {{CVE|CVE-2015-0801}} {{CVE|CVE-2015-0802}} {{CVE|CVE-2015-0803}} {{CVE|CVE-2015-0804}} {{CVE|CVE-2015-0805}} {{CVE|CVE-2015-0806}} {{CVE|CVE-2015-0807}} {{CVE|CVE-2015-0808}} {{CVE|CVE-2015-0811}} {{CVE|CVE-2015-0812}} {{CVE|CVE-2015-0813}} {{CVE|CVE-2015-0814}} {{CVE|CVE-2015-0815}} {{CVE|CVE-2015-0816}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2015-03-31 || <= 36.0.4-1 || 37.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000268.html ASA-201504-1]<br />
|-<br />
| {{CVE|CVE-2015-1817}} [http://www.openwall.com/lists/oss-security/2015/03/30/3 templink] || {{pkg|musl}} || 2015-03-29 || <= 1.1.7-1 || 1.1.8-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000267.html ASA-201503-26]<br />
|-<br />
| {{CVE|CVE-2015-2782}} {{CVE|CVE-2015-0556}} {{CVE|CVE-2015-0557}} [http://www.openwall.com/lists/oss-security/2015/03/29/1 templink] || {{pkg|arj}} || 2015-03-28 || <= 3.10.22-8 || 3.10.22-10 || 10d || Fixed ({{bug|44411}}) ({{bug|44488}}) || None<br />
|-<br />
| {{CVE|CVE-2015-0250}} [http://seclists.org/fulldisclosure/2015/Mar/142 templink] || {{pkg|java-batik}} || 2015-03-17 || <= 1.7-12 || 1.8-1 || 17d || Fixed ({{bug|44410}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000273.html ASA-201504-5]<br />
|-<br />
| {{CVE|CVE-2015-2806}} [http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=4d4f992826a4962790ecd0cce6fbba4a415ce149 templink] || {{pkg|libtasn1}} || 2015-03-29 || <= 4.3-1 || 4.4-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000270.html ASA-201504-3]<br />
|-<br />
| {{CVE|CVE-2015-0817}} {{CVE|CVE-2015-0818}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2015-03-20 || <= 36.0.1-1 || 36.0.3-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000262.html ASA-201503-21]<br />
|-<br />
| {{CVE|CVE-2015-2559}} [https://www.drupal.org/SA-CORE-2015-001 templink] || {{pkg|drupal}} || 2015-03-19 || <= 7.34-1 || 7.35-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000259.html ASA-201503-18]<br />
|-<br />
| {{CVE|CVE-2015-0252}} [https://xerces.apache.org/xerces-c/secadv/CVE-2015-0252.txt templink] || {{pkg|xerces-c}} || 2015-03-19 || <= 3.1.1-5 || 3.1.2-1 || 1d || Fixed ({{bug|44272}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000260.html ASA-201503-19]<br />
|-<br />
| {{CVE|CVE-2015-2330}} [http://www.openwall.com/lists/oss-security/2015/03/18/4 templink] || {{pkg|webkitgtk}} {{pkg|webkitgtk2}} || 2015-03-17 || <= 2.4.8-1 || 2.4.9-1 || 30d || Fixed ({{bug|44237}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000339.html ASA-201505-18] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000340.html ASA-201505-19]<br />
|-<br />
| {{CVE|CVE-2015-2305}} {{CVE|CVE-2015-2331}} {{CVE|CVE-2015-2348}} {{CVE|CVE-2015-2787}} [https://bugs.php.net/bug.php?id=69253 templink] || {{pkg|php}} || 2015-03-18 || <= 5.6.6-1 || 5.6.7-1 || 10d || Fixed ({{bug|44236}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000266.html ASA-201503-25]<br />
|-<br />
| {{CVE|CVE-2015-0204}} {{CVE|CVE-2015-0207}} {{CVE|CVE-2015-0208}} {{CVE|CVE-2015-0209}} {{CVE|CVE-2015-0285}} {{CVE|CVE-2015-0286}} {{CVE|CVE-2015-0287}} {{CVE|CVE-2015-0288}} {{CVE|CVE-2015-0289}} {{CVE|CVE-2015-0290}} {{CVE|CVE-2015-0291}} {{CVE|CVE-2015-0293}} {{CVE|CVE-2015-1787}} [https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=28a00bcd8e318da18031b2ac8778c64147cd54f9 commit-0288] [https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2b31fcc0b5e7329e13806822a5709dbd51c5c8a4 commit-0285] [https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ba5d0113e8bcb26857ae58a11b219aeb7bc2408a commit-0209] [https://security-tracker.debian.org/tracker/CVE-2015-0288 Debian-Bug-tracker] [https://www.openssl.org/news/secadv_20150319.txt advisory] || {{pkg|openssl}} {{pkg|lib32-openssl}} || 2015-03-17 || <= 1.0.2-1 || 1.0.2.a-1 || 2d || Fixed ({{bug|44227}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000257.html ASA-201503-16] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000258.html ASA-201503-17]<br />
|-<br />
| {{CVE|CVE-2015-1802}} {{CVE|CVE-2015-1803}} {{CVE|CVE-2015-1804}} [http://www.openwall.com/lists/oss-security/2015/03/17/5 templink] || {{pkg|libxfont}} || 2015-03-17 || <= 1.5.0-1 || 1.5.1-1 || <1d || Fixed ({{bug|44226}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000256.html ASA-201503-15]<br />
|-<br />
| {{CVE|CVE-2015-0332}} {{CVE|CVE-2015-0333}} {{CVE|CVE-2015-0334}} {{CVE|CVE-2015-0335}} {{CVE|CVE-2015-0336}} {{CVE|CVE-2015-0337}} {{CVE|CVE-2015-0338}} {{CVE|CVE-2015-0339}} {{CVE|CVE-2015-0340}} {{CVE|CVE-2015-0341}} {{CVE|CVE-2015-0342}} [https://helpx.adobe.com/security/products/flash-player/apsb15-05.html templink] || {{pkg|flashplugin}} || 2015-03-12 || <= 11.2.202.442-1 || 11.2.202.451-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000252.html ASA-201503-11]<br />
|-<br />
| {{CVE|CVE-2014-9687}} [http://www.openwall.com/lists/oss-security/2015/02/10/10 templink] || {{pkg|ecryptfs-utils}} || 2015-02-10 || <= 104-1 || 106-1 || 37d || Fixed ({{bug|44157}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000255.html ASA-201503-14]<br />
|-<br />
| {{CVE|CVE-2015-1782}} [http://www.libssh2.org/adv_20150311.html templink] || {{pkg|libssh2}} || 2015-03-11 || <= 1.4.3-1 || 1.5.0-1 || 29d || Fixed ({{bug|44146}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000279.html ASA-201504-10]<br />
|-<br />
| {{CVE|CVE-2015-2241}} [https://www.djangoproject.com/weblog/2015/mar/09/security-releases/ templink] || {{pkg|python-django}} {{pkg|python2-django}} || 2015-03-09 || <= 1.7.5-1 || 1.7.6-1 || 2d || Fixed ({{bug|44122}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000248.html ASA-201503-7]<br />
|-<br />
| {{CVE|CVE-2015-1212}} {{CVE|CVE-2015-1213}} {{CVE|CVE-2015-1214}} {{CVE|CVE-2015-1215}} {{CVE|CVE-2015-1216}} {{CVE|CVE-2015-1217}} {{CVE|CVE-2015-1218}} {{CVE|CVE-2015-1219}} {{CVE|CVE-2015-1220}} {{CVE|CVE-2015-1221}} {{CVE|CVE-2015-1222}} {{CVE|CVE-2015-1223}} {{CVE|CVE-2015-1224}} {{CVE|CVE-2015-1225}} {{CVE|CVE-2015-1226}} {{CVE|CVE-2015-1227}} {{CVE|CVE-2015-1228}} {{CVE|CVE-2015-1229}} {{CVE|CVE-2015-1230}} {{CVE|CVE-2015-1231}} [http://googlechromereleases.blogspot.fr/2015/03/stable-channel-update.html templink] || {{pkg|chromium}} || 2015-03-03 || <= 40.0.2214.115-1 || 41.0.2272.76-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000245.html ASA-201503-5]<br />
|-<br />
| {{CVE|CVE-2015-1572}} [https://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=49d0fe2a14f2a23da2fe299643379b8c1d37df73 templink] || {{pkg|e2fsprogs}} || 2015-02-06 || <= 1.42.12-1 || 1.42.12-2 || 6d || Fixed ({{bug|44015}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000249.html ASA-201503-8]<br />
|-<br />
| {{CVE|CVE-2015-2157}} [http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/private-key-not-wiped-2.html templink] || {{pkg|putty}} || 2015-03-02 || <= 0.63-1 || 0.64-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000241.html ASA-201503-1]<br />
|-<br />
| {{CVE|CVE-2015-0822}} {{CVE|CVE-2015-0827}} {{CVE|CVE-2015-0831}} {{CVE|CVE-2015-0835}} {{CVE|CVE-2015-0836}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/ templink] || {{pkg|thunderbird}} || 2015-02-24 || <= 31.4.0-1 || 31.5.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000238.html ASA-201502-15]<br />
|-<br />
| {{CVE|CVE-2015-0819}} {{CVE|CVE-2015-0821}} {{CVE|CVE-2015-0822}} {{CVE|CVE-2015-0823}} {{CVE|CVE-2015-0824}} {{CVE|CVE-2015-0825}} {{CVE|CVE-2015-0826}} {{CVE|CVE-2015-0827}} {{CVE|CVE-2015-0829}} {{CVE|CVE-2015-0830}} {{CVE|CVE-2015-0831}} {{CVE|CVE-2015-0832}} {{CVE|CVE-2015-0834}} {{CVE|CVE-2015-0835}} {{CVE|CVE-2015-0836}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2015-02-24 || <= 35.0.1-1 || 36.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000237.html ASA-201502-14]<br />
|-<br />
| {{CVE|CVE-2015-0240}} [https://www.samba.org/samba/history/samba-4.1.17.html templink] || {{pkg|samba}} || 2015-02-23 || <= 4.1.16-1 || 4.1.17-1 || <1d || Fixed ({{bug|43923}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000236.html ASA-201502-13]<br />
|-<br />
| {{CVE|CVE-2014-9636}} [http://www.openwall.com/lists/oss-security/2014/11/02/2 templink] || {{pkg|unzip}} || 2014-11-02 || <= 6.0-9 || 6.0-10 || 75d || Fixed ({{bug|44171}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000250.html ASA-201503-9]<br />
|-<br />
| {{CVE|CVE-2015-1315}} [http://www.openwall.com/lists/oss-security/2015/02/17/4 templink] || {{pkg|unzip}} || 2014-11-02 || <= 6.0-9 || 6.0-9 || - || Not Affected || None<br />
|-<br />
| {{CVE|CVE-2014-9680}} [http://www.sudo.ws/sudo/alerts/tz.html templink] || {{pkg|sudo}} || 2015-02-09 || <= 1.8.12-1 || 1.8.12-1 || 4d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-5352}} {{CVE|CVE-2014-5353}} {{CVE|CVE-2014-5354}} {{CVE|CVE-2014-9421}} {{CVE|CVE-2014-9422}} {{CVE|CVE-2014-9423}} [http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2015-001.txt templink] [http://www.openwall.com/lists/oss-security/2014/12/16/1 templink] || {{pkg|krb5}} || 2015-02-03 || <= 1.13-1 || 1.13.1-1 || 14d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000235.html ASA-201502-12] <br />
|-<br />
| {{CVE|CVE-2015-0255}} [http://www.x.org/wiki/Development/Security/Advisory-2015-02-10/ templink] || {{pkg|xorg-server}} || 2015-02-10 || <= 1.16.3-2|| 1.16.4-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000234.html ASA-201502-11]<br />
|-<br />
| {{CVE|CVE-2015-1191}} [http://www.openwall.com/lists/oss-security/2015/01/18/3 templink] || {{pkg|pigz}} || 2015-01-18 || <= 2.3.1-1 || 2.3.3-1 || 21d || Fixed ({{bug|43748}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000232.html ASA-201502-9]<br />
|-<br />
| {{CVE|CVE-2015-0245}} [http://lists.freedesktop.org/archives/dbus/2015-February/016553.html templink] || {{pkg|dbus}} || 2015-02-09 || <= 1.8.14-1 || 1.8.16-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000233.html ASA-201502-10]<br />
|-<br />
| {{CVE|CVE-2015-1472}} {{CVE|CVE-2015-1473}} || {{pkg|glibc}} || 2015-02-05 || <= 2.20-6 || 2.21-1 ||4d || Fixed ({{bug|43747}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000231.html ASA-201502-8]<br />
|-<br />
| {{CVE|CVE-2014-9297}} {{CVE|CVE-2014-9298}} [http://support.ntp.org/bin/view/Main/SecurityNotice#vallen_is_not_validated_in_sever templink] [http://support.ntp.org/bin/view/Main/SecurityNotice#1_can_be_spoofed_on_some_OSes_so templink]|| {{pkg|ntp}} || 2015-02-04 || <= 4.2.8-1 || 4.2.8.p1-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000230.html ASA-201502-7]<br />
|-<br />
| {{CVE|CVE-2014-9328}} || {{pkg|clamav}} || 2015-01-28 || <= 0.98.5-1 || 0.98.6-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000229.html ASA-201502-6]<br />
|-<br />
| {{CVE|CVE-2015-1209}} {{CVE|CVE-2015-1210}} {{CVE|CVE-2015-1211}} {{CVE|CVE-2015-1212}} [http://googlechromereleases.blogspot.fr/2015/02/stable-channel-update.html templink] || {{pkg|chromium}} || 2015-02-05 || <= 40.0.2214.94-1 || 40.0.2214.111-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000228.html ASA-201502-5]<br />
|-<br />
| {{CVE|CVE-2015-0313}} {{CVE|CVE-2015-0314}} {{CVE|CVE-2015-0315}} {{CVE|CVE-2015-0316}} {{CVE|CVE-2015-0317}} {{CVE|CVE-2015-0318}} {{CVE|CVE-2015-0319}} {{CVE|CVE-2015-0320}} {{CVE|CVE-2015-0321}} {{CVE|CVE-2015-0322}} {{CVE|CVE-2015-0323}} {{CVE|CVE-2015-0324}} {{CVE|CVE-2015-0325}} {{CVE|CVE-2015-0326}} {{CVE|CVE-2015-0327}} {{CVE|CVE-2015-0328}} {{CVE|CVE-2015-0329}} {{CVE|CVE-2015-0330}} [https://helpx.adobe.com/security/products/flash-player/apsb15-04.html templink] || {{pkg|flashplugin}} || 2015-02-05 || <= 11.2.202.440-1 || 11.2.202.442-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000225.html ASA-201502-2]<br />
|-<br />
| {{CVE|CVE-2014-8161}} {{CVE|CVE-2015-0241}} {{CVE|CVE-2015-0243}} {{CVE|CVE-2015-0244}} [http://www.postgresql.org/docs/9.4/static/release-9-4-1.html templink] || {{pkg|postgresql}} || 2015-02-05 || <= 9.4.0-1 || 9.4.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000227.html ASA-201502-4]<br />
|-<br />
| {{CVE|CVE-2015-1380}} {{CVE|CVE-2015-1381}} {{CVE|CVE-2015-1382}} [http://seclists.org/oss-sec/2015/q1/285 templink] || {{pkg|privoxy}} || 2015-01-26 || <= 3.0.22-1 || 3.0.23-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000224.html ASA-201502-1]<br />
|-<br />
| {{CVE|CVE-2015-0235}} [https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-0235 templink] || {{pkg|glibc}} || 2015-01-27 || < 2.18-1 || 2.18-1 || < 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-0311}} {{CVE|CVE-2015-0301}} {{CVE|CVE-2015-0302}} {{CVE|CVE-2015-0303}} {{CVE|CVE-2015-0304}} {{CVE|CVE-2015-0305}} {{CVE|CVE-2015-0306}} {{CVE|CVE-2015-0307}} {{CVE|CVE-2015-0308}} {{CVE|CVE-2015-0309}} [https://helpx.adobe.com/security/products/flash-player/apsb15-01.html templink] || {{pkg|flashplugin}} || 2015-01-23 || <= 11.2.202.438-1 || 11.2.202.440-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000220.html ASA-201501-22]<br />
|-<br />
| {{CVE|CVE-2015-0231}} {{CVE|CVE-2014-9427}} {{CVE|CVE-2015-0232}} [https://bugs.php.net/bug.php?id=68710 templink] [https://bugs.php.net/bug.php?id=68618 templink] [https://bugs.php.net/bug.php?id=68799 templink] || {{pkg|php}} || 2015-01-22 || <= 5.6.4-1 || 5.6.5-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000215.html ASA-201501-17]<br />
|-<br />
| {{CVE|CVE-2014-9638}} {{CVE|CVE-2014-9639}} {{CVE|CVE-2014-9640}} [http://www.openwall.com/lists/oss-security/2015/01/22/9 templink] || {{pkg|vorbis-tools}} || 2015-01-21 || <= 1.4.0-4 || 1.4.0-5 || 64d || Fixed ({{bug|44172}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000265.html ASA-201503-24]<br />
|-<br />
| {{CVE|CVE-2015-1345}} [http://seclists.org/oss-sec/2015/q1/179 templink] || {{pkg|grep}} || 2015-01-18 || <= 2.21-1 || 2.21-2 || 46d || Fixed ({{bug|44017}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000244.html ASA-201503-4]<br />
|-<br />
| {{CVE|CVE-2014-7923}} {{CVE|CVE-2014-7924}} {{CVE|CVE-2014-7925}} {{CVE|CVE-2014-7926}} {{CVE|CVE-2014-7927}} {{CVE|CVE-2014-7928}} {{CVE|CVE-2014-7930}} {{CVE|CVE-2014-7931}} {{CVE|CVE-2014-7929}} {{CVE|CVE-2014-7932}} {{CVE|CVE-2014-7933}} {{CVE|CVE-2014-7934}} {{CVE|CVE-2014-7935}} {{CVE|CVE-2014-7936}} {{CVE|CVE-2014-7937}} {{CVE|CVE-2014-7938}} {{CVE|CVE-2014-7939}} {{CVE|CVE-2014-7940}} {{CVE|CVE-2014-7941}} {{CVE|CVE-2014-7942}} {{CVE|CVE-2014-7943}} {{CVE|CVE-2014-7944}} {{CVE|CVE-2014-7945}} {{CVE|CVE-2014-7946}} {{CVE|CVE-2014-7947}} {{CVE|CVE-2014-7948}} {{CVE|CVE-2015-1205}} [http://googlechromereleases.blogspot.fr/2015/01/stable-update.html templink] || {{pkg|chromium}} || 2015-01-22 || <= 39.0.2171.99-1 || 40.0.2214.91-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000219.html ASA-201501-21]<br />
|-<br />
| {{CVE|CVE-2014-3566}} {{CVE|CVE-2014-6549}} {{CVE|CVE-2014-6585}} {{CVE|CVE-2014-6587}} {{CVE|CVE-2014-6591}} {{CVE|CVE-2014-6593}} {{CVE|CVE-2014-6601}} {{CVE|CVE-2015-0383}} {{CVE|CVE-2015-0395}} {{CVE|CVE-2015-0400}} {{CVE|CVE-2015-0403}} {{CVE|CVE-2015-0406}} {{CVE|CVE-2015-0407}} {{CVE|CVE-2015-0408}} {{CVE|CVE-2015-0410}} {{CVE|CVE-2015-0412}} {{CVE|CVE-2015-0413}} {{CVE|CVE-2015-0421}} {{CVE|CVE-2015-0437}} [http://www.oracle.com/technetwork/topics/security/cpujan2015verbose-1972976.html#JAVA templink] || {{pkg|jdk8-openjdk}} {{pkg|jre8-openjdk}} {{pkg|jre8-openjdk-headless}} || 2015-01-22 || <= 8.u25-2 || 8.u31-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000210.html ASA-201501-14] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000211.html ASA-201501-15] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000212.html ASA-201501-16]<br />
|-<br />
| {{CVE|CVE-2014-3566}} {{CVE|CVE-2014-6585}} {{CVE|CVE-2014-6587}} {{CVE|CVE-2014-6591}} {{CVE|CVE-2014-6593}} {{CVE|CVE-2014-6601}} {{CVE|CVE-2015-0383}} {{CVE|CVE-2015-0395}} {{CVE|CVE-2015-0407}} {{CVE|CVE-2015-0408}} {{CVE|CVE-2015-0410}} {{CVE|CVE-2015-0412}} [http://www.oracle.com/technetwork/topics/security/cpujan2015verbose-1972976.html#JAVA templink] || {{pkg|jdk7-openjdk}} {{pkg|jre7-openjdk}} {{pkg|jre7-openjdk-headless}} || 2015-01-22 || <= 7.u71_2.5.3-3 || 7.u75_2.5.4-1 || || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000216.html ASA-201501-18] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000217.html ASA-201501-19] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000218.html ASA-201501-20]<br />
|-<br />
| {{CVE|CVE-2014-8157}} {{CVE|CVE-2014-8158}} [http://seclists.org/oss-sec/2015/q1/210 templink] || {{pkg|jasper}} || 2015-01-22 || <= 1.900.1-12 || 1.900.1-13 || 5d || Fixed ({{bug|43592}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000222.html ASA-201501-23]<br />
|-<br />
| {{CVE|CVE-2014-8132}} [http://www.libssh.org/2014/12/19/libssh-0-6-4-security-and-bugfix-release/ templink] || {{pkg|libssh}} || 2014-12-19 || <= 0.6.3-1 || 0.6.4-1 || 26d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000208.html ASA-201501-12]<br />
|-<br />
| {{CVE|CVE-2015-1182}} [https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-04 templink] || {{pkg|polarssl}} || 2012-09-19 || <= 1.3.9-1 || 1.3.9-2 || 1d || Fixed ({{bug|43508}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000209.html ASA-201501-13]<br />
|-<br />
| {{CVE|CVE-2012-3505}} [http://www.openwall.com/lists/oss-security/2012/08/18/1 templink] || {{pkg|tinyproxy}} || 2012-09-10 || <= 1.8.3-1 || 1.8.4-1 || > 740d || Fixed ({{bug|38400}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000207.html ASA-201501-11]<br />
|-<br />
| {{CVE|CVE-2014-9447}} [https://git.fedorahosted.org/cgit/elfutils.git/commit/?id=147018e729e7c22eeabf15b82d26e4bf68a0d18e templink] || {{pkg|elfutils}} || 2015-01-19 || <= 0.161-2 || 0.161-3 || 42d || Fixed ({{bug|44019}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000242.html ASA-201503-2]<br />
|-<br />
| {{CVE|CVE-2014-9447}} [https://git.fedorahosted.org/cgit/elfutils.git/commit/?id=147018e729e7c22eeabf15b82d26e4bf68a0d18e templink] || {{pkg|lib32-elfutils}} || 2015-01-19 || <= 0.161-1 || 0.161-2 || 42d || Fixed ({{bug|44020}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000243.html ASA-201503-3]<br />
|-<br />
| {{CVE|CVE-2014-8143}} [https://www.samba.org/samba/security/CVE-2014-8143 templink] || {{pkg|samba}} || 2015-01-15 || <= 4.1.15-1 || 4.1.16-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000206.html ASA-201501-10]<br />
|-<br />
| {{CVE|CVE-2015-1197}} [http://www.openwall.com/lists/oss-security/2015/01/18/7 templink] || {{pkg|cpio}} || 2015-01-16 || <= 2.11-5 || 2.11-6 || 65d || Fixed ({{bug|44173}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000263.html ASA-201503-22]<br />
|-<br />
| {{CVE|CVE-2015-1196}} {{CVE|CVE-2014-9637}} [http://www.openwall.com/lists/oss-security/2015/01/18/6 templink] [https://savannah.gnu.org/bugs/?44051 templink] || {{pkg|patch}} || 2015-01-14 || <= 2.7.1-3 || 2.7.3-1 || 14d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000223.html ASA-201501-24]<br />
|-<br />
| {{CVE|CVE-2014-9571}} {{CVE|CVE-2014-9572}} {{CVE|CVE-2014-9573}} {{CVE|CVE-2014-9624}} {{CVE|CVE-2015-1042}} [http://www.openwall.com/lists/oss-security/2015/01/17/1 templink] [http://www.openwall.com/lists/oss-security/2015/01/17/3 templink] [http://www.openwall.com/lists/oss-security/2015/01/17/2 templink] [http://www.openwall.com/lists/oss-security/2015/01/18/11 templink] || {{pkg|mantisbt}} || 2015-01-17 || <= 1.2.18-1 || 1.2.19-1 || 20d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000226.html ASA-201502-3]<br />
|-<br />
| {{CVE|CVE-2014-8634}} {{CVE|CVE-2014-8635}} {{CVE|CVE-2014-8638}} {{CVE|CVE-2014-8639}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/ templink] || {{pkg|thunderbird}} || 2015-01-13 || <= 31.3.0-1 || 31.4.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000203.html ASA-201501-7]<br />
|-<br />
| {{CVE|CVE-2014-8634}} {{CVE|CVE-2014-8635}} {{CVE|CVE-2014-8636}} {{CVE|CVE-2014-8637}} {{CVE|CVE-2014-8638}} {{CVE|CVE-2014-8639}} {{CVE|CVE-2014-8640}} {{CVE|CVE-2014-8641}} {{CVE|CVE-2014-8642}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2015-01-13 || <= 34.0.5-1 || 35.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000202.html ASA-201501-6]<br />
|-<br />
| {{CVE|CVE-2014-3571}} {{CVE|CVE-2015-0206}} {{CVE|CVE-2014-3569}} {{CVE|CVE-2014-3572}} {{CVE|CVE-2015-0205}} {{CVE|CVE-2014-8275}} {{CVE|CVE-2014-3570}} [https://www.openssl.org/news/secadv_20150108.txt templink] || {{pkg|openssl}} || 2015-01-08 || <= 1.0.1.j-1 || 1.0.1.k-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000198.html ASA-201501-2]<br />
|-<br />
| {{CVE|CVE-2014-8150}} [http://curl.haxx.se/docs/adv_20150108B.html templink] || {{pkg|curl}} || 2015-01-08 || <= 7.39.0-1 || 7.40.0-1 || 10d || Fixed ({{bug|43379}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000205.html ASA-201501-9]<br />
|-<br />
| {{CVE|CVE-2014-6272}} [http://archives.seul.org/libevent/users/Jan-2015/msg00010.html templink] || {{pkg|libevent}} || 2015-01-05 || <= 2.0.21-3 || 2.0.22-1 || 7d || Fixed ({{bug|43366}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000200.html ASA-201501-4] <br />
|-<br />
| {{CVE|CVE-2014-8139}} {{CVE|CVE-2014-8140}} {{CVE|CVE-2014-8141}} [http://www.ocert.org/advisories/ocert-2014-011.html templink] || {{pkg|unzip}} || 2014-12-22 || <= 6.0-7 || 6.0-9 || 17d || Fixed ({{bug|43300}}) ({{bug|43391}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000199.html ASA-201501-3]<br />
|-<br />
| {{CVE|CVE-2014-6395}} {{CVE|CVE-2014-6396}} {{CVE|CVE-2014-9376}} {{CVE|CVE-2014-9377}} {{CVE|CVE-2014-9378}} {{CVE|CVE-2014-9379}} {{CVE|CVE-2014-9380}} {{CVE|CVE-2014-9381}} [https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/ templink] || {{pkg|ettercap}} {{pkg|ettercap-gtk}} || 2014-12-16 || <= 0.8.1-2 || 0.8.2-1 || 89d || Fixed ({{bug|44174}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000253.html ASA-201503-12] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000254.html ASA-201503-13]<br />
|-<br />
| {{CVE|CVE-2014-9425}} [https://bugs.php.net/bug.php?id=68676 templink] || {{pkg|php}} || 2014-12-29 || <= 5.6.4-1 || 5.6.5-1 || 6d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-9295}} {{CVE|CVE-2014-9296}} [http://support.ntp.org/bin/view/Main/SecurityNotice#Buffer_overflow_in_ctl_putdata templink] || {{pkg|ntp}} || 2014-12-19 || < 4.2.8-1 || 4.2.8-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000189.html ASA-201412-24]<br />
|-<br />
| {{CVE|CVE-2014-8142}} [https://bugzilla.redhat.com/show_bug.cgi?id=1175718 templink] || {{pkg|php}} || 2014-12-18 || <= 5.6.3-1 || 5.6.4-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000183.html ASA-201412-23]<br />
|-<br />
| {{CVE|CVE-2014-8137}} {{CVE|CVE-2011-4516}} {{CVE|CVE-2011-4517}} [https://marc.info/?l=oss-security&m=141891163026757&w=2 templink] || {{pkg|jasper}} || 2014-12-18 || <= 1.900.1-11 || 1.900.1-12 || 1d || Fixed ({{bug|43155}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000182.html ASA-201412-22]<br />
|-<br />
| {{CVE|CVE-2014-9029}} [https://marc.info/?l=oss-security&m=141770163916268&w=2 templink] || {{pkg|jasper}} || 2014-12-04 || <= 1.900.1-10 || 1.900.1-12 || 6d || Fixed ({{bug|43044}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000182.html ASA-201412-22]<br />
|-<br />
| {{CVE|CVE-2012-3406}} {{CVE|CVE-2014-9402}} [http://www.openwall.com/lists/oss-security/2014/12/18/1 templink] || {{pkg|glibc}} {{pkg|lib32-glibc}} || 2014-12-17 || <= 2.20-4 || 2.20-5 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000181.html ASA-201412-21]<br />
|-<br />
| {{CVE|CVE-2014-9253}} [http://seclists.org/oss-sec/2014/q4/1050 templink] || {{pkg|dokuwiki}} || 2014-12-15 || <= 20140929_a-1 || 20140929_b-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000177.html ASA-201412-19]<br />
|-<br />
| {{CVE|CVE-2014-3580}} {{CVE|CVE-2014-8108}} [https://subversion.apache.org/security/CVE-2014-3580-advisory.txt templink] [https://subversion.apache.org/security/CVE-2014-8108-advisory.txt templink] || {{pkg|subversion}} || 2014-12-16 || <= 1.8.10-1 || 1.8.11-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000175.html ASA-201412-17]<br />
|-<br />
| {{CVE|CVE-2014-9356}} {{CVE|CVE-2014-9357}} {{CVE|CVE-2014-9358}} [http://www.securityfocus.com/archive/1/534215 templink] || {{pkg|docker}} || 2014-12-12 || <= 1:1.3.2-1 || 1:1.4.0-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000174.html ASA-201412-16]<br />
|-<br />
| {{CVE|CVE-2013-1752}} {{CVE|CVE-2013-1753}} {{CVE|CVE-2014-9365}} [https://hg.python.org/cpython/raw-file/v2.7.9/Misc/NEWS templink] || {{pkg|python2}} || 2014-12-11 || <= 2.7.8-1 || 2.7.9-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000173.html ASA-201412-15]<br />
|-<br />
| {{CVE|CVE-2014-0580}} {{CVE|CVE-2014-0587}} {{CVE|CVE-2014-8443}} {{CVE|CVE-2014-9162}} {{CVE|CVE-2014-9163}} {{CVE|CVE-2014-9164}} [https://helpx.adobe.com/security/products/flash-player/apsb14-27.html templink] || {{pkg|flashplugin}} || 2014-12-09 || <= 11.2.202.424-1 || 11.2.202.425-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000171.html ASA-201412-13]<br />
|-<br />
| {{CVE|CVE-2014-8091}} {{CVE|CVE-2014-8092}} {{CVE|CVE-2014-8093}} {{CVE|CVE-2014-8094}} {{CVE|CVE-2014-8095}} {{CVE|CVE-2014-8096}} {{CVE|CVE-2014-8097}} {{CVE|CVE-2014-8098}} {{CVE|CVE-2014-8099}} {{CVE|CVE-2014-8100}} {{CVE|CVE-2014-8101}} {{CVE|CVE-2014-8102}} {{CVE|CVE-2014-8103}} [http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/ templink] || {{pkg|xorg-server}} || 2014-12-09 || <= 1.16.2-1 || 1.16.2.901-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000172.html ASA-201412-14]<br />
|-<br />
| {{CVE|CVE-2014-8093}} {{CVE|CVE-2014-8098}} {{CVE|CVE-2014-8298}} [https://nvidia.custhelp.com/app/answers/detail/a_id/3610 templink] || {{pkg|nvidia}} {{pkg|nvidia-lts}} || 2014-12-09 || <= 343.22-6 || 343.36-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000170.html ASA-201412-12]<br />
|-<br />
| {{CVE|CVE-2014-8093}} {{CVE|CVE-2014-8098}} {{CVE|CVE-2014-8298}} [https://nvidia.custhelp.com/app/answers/detail/a_id/3610 templink] || {{pkg|nvidia-340xx}} {{pkg|nvidia-340xx-lts}} || 2014-12-09 || <= 340.58-3 || 340.65-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000169.html ASA-201412-11]<br />
|-<br />
| {{CVE|CVE-2014-8093}} {{CVE|CVE-2014-8098}} {{CVE|CVE-2014-8298}} [https://nvidia.custhelp.com/app/answers/detail/a_id/3610 templink] || {{pkg|nvidia-304xx}} {{pkg|nvidia-304xx-lts}} || 2014-12-09 || < 304.125-1 || 304.125-1 || < 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000168.html ASA-201412-10]<br />
|-<br />
| {{CVE|CVE-2014-8601}} [http://doc.powerdns.com/md/security/powerdns-advisory-2014-02/ templink] || {{pkg|powerdns-recursor}} || 2014-12-09 || <= 3.6.1-1 || 3.6.2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000167.html ASA-201412-9]<br />
|-<br />
| {{CVE|CVE-2014-8602}} [https://unbound.net/downloads/CVE-2014-8602.txt templink] || {{pkg|unbound}} || 2014-12-09 || <= 1.5.0-1 || 1.5.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000166.html ASA-201412-8]<br />
|-<br />
| {{CVE|CVE-2014-8500}} {{CVE|CVE-2014-8680}} [http://svnweb.freebsd.org/ports?view=revision&revision=374305 templink] || {{pkg|bind}} || 2014-12-08 || <= 9.10.1-2 || 9.10.1.P1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000165.html ASA-201412-7]<br />
|-<br />
| {{CVE|CVE-2014-9274}} {{CVE|CVE-2014-9275}} [http://seclists.org/oss-sec/2014/q4/904 templink] || {{pkg|unrtf}} || 2014-12-04 || <= 0.21.5-1 || 0.21.7-1 || 10d || Fixed ({{bug|43131}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000178.html ASA-201412-20]<br />
|-<br />
| {{CVE|CVE-2014-1587}} {{CVE|CVE-2014-1588}} {{CVE|CVE-2014-1589}} {{CVE|CVE-2014-1590}} {{CVE|CVE-2014-1591}} {{CVE|CVE-2014-1592}} {{CVE|CVE-2014-1593}} {{CVE|CVE-2014-1594}} {{CVE|CVE-2014-8631}} {{CVE|CVE-2014-8632}} [https://www.mozilla.org/fr/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2014-12-02 || <= 33.1.1-1 || 34.0.5-1 || < 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000161.html ASA-201412-3]<br />
|-<br />
| {{CVE|CVE-2014-9157}} [http://seclists.org/oss-sec/2014/q4/872 templink] || {{pkg|graphviz}} || 2014-11-25 || <= 2.38.0-2 || 2.38.0-3 || 8d || Fixed ({{bug|42983}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000162.html ASA-201412-4]<br />
|-<br />
| {{CVE|CVE-2014-8123}} [http://seclists.org/oss-sec/2014/q4/874 templink] || {{pkg|antiword}} || 2014-12-01 || <= 0.37-4 || 0.37-5 || 3d || Fixed ({{bug|42982}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000163.html ASA-201412-5]<br />
|-<br />
| {{CVE|CVE-2014-8104}} [https://forums.openvpn.net/topic17625.html templink] || {{pkg|openvpn}} || 2014-11-30 || <= 2.3.5-1 || 2.3.6-1 || 4d || Fixed ({{bug|42975}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000160.html ASA-201412-2]<br />
|-<br />
| {{CVE|CVE-2014-9087}} [http://seclists.org/oss-sec/2014/q4/801 templink] || {{pkg|gnupg}} || 2014-11-25 || <= 2.1.0-5 || 2.1.0-6 || 4d || Fixed ({{bug|42943}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000159.html ASA-201412-1]<br />
|-<br />
| {{CVE|CVE-2014-9087}} [http://seclists.org/oss-sec/2014/q4/801 templink] || {{pkg|libksba}} || 2014-11-25 || <= 1.3.1-1 || 1.3.2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000156.html ASA-201411-31]<br />
|-<br />
| {{CVE|CVE-2014-9114}} [http://seclists.org/oss-sec/2014/q4/819 templink] || {{pkg|util-linux}} || 2014-11-27 || <= 2.25.2-1 || 2.26.1-3 || 117d || Fixed ({{bug|43886}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000264.html ASA-201503-23]<br />
|-<br />
| {{CVE|CVE-2014-9112}} [http://seclists.org/oss-sec/2014/q4/818 templink] || {{pkg|cpio}} || 2014-11-26 || <= 2.11-4 || 2.11-5 || 20d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000201.html ASA-201501-5]<br />
|-<br />
| {{CVE|CVE-2014-9116}} [http://seclists.org/oss-sec/2014/q4/835 templink] || {{pkg|mutt}} || 2014-11-27 || <= 1.5.23-1 || 1.5.23-2 || 71d || Fixed ({{bug|44110}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000247.html ASA-201503-6]<br />
|-<br />
| {{CVE|CVE-2014-9093}} [https://bugs.freedesktop.org/show_bug.cgi?id=86449 templink] || {{pkg|libreoffice-fresh}} || 2014-11-19 || <= 4.3.4-1 ||4.3.5-1 || 31d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-9092}} [https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768369#114 templink] || {{pkg|libjpeg-turbo}} || 2014-11-26 || <= 1.3.1-2 || 1.3.1-3 || 2d || Fixed ({{bug|42922}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000158.html ASA-201411-33]<br />
|-<br />
| {{CVE|CVE-2014-9272}} {{CVE|CVE-2014-9270}} {{CVE|CVE-2014-8987}} {{CVE|CVE-2014-9271}} {{CVE|CVE-2014-9281}} {{CVE|CVE-2014-8986}} {{CVE|CVE-2014-9269}} {{CVE|CVE-2014-9280}} {{CVE|CVE-2014-9089}} {{CVE|CVE-2014-9279}} {{CVE|CVE-2014-8988}} {{CVE|CVE-2014-8553}} {{CVE|CVE-2014-6387}} {{CVE|CVE-2014-6316}} {{CVE|CVE-2014-9117}} [https://www.mantisbt.org/bugs/view.php?id=17841 templink] [https://www.mantisbt.org/bugs/view.php?id=17811 templink] [http://seclists.org/oss-sec/2014/q4/955 templink] || {{pkg|mantisbt}} || 2014-11-25 || <= 1.2.17-4 || 1.2.18-1 || 13d || Fixed ({{bug|42920}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000164.html ASA-201412-6]<br />
|-<br />
| {{CVE|CVE-2014-9090}} [https://marc.info/?l=oss-security&m=141698775601426&w=2 templink] || {{pkg|linux}} {{pkg|linux-lts}} || 2014-11-26 || <= 3.18-rc6 || 3.19 || - || Not Affected || None<br />
|-<br />
| {{CVE|CVE-2014-9018}} {{CVE|CVE-2014-9091}} [http://seclists.org/oss-sec/2014/q4/694 templink] || {{pkg|icecast}} || 2014-11-20 || <= 2.4.0-1 || 2.4.1-1 || 8d || Fixed ({{bug|42912}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000157.html ASA-201411-32]<br />
|-<br />
| {{CVE|CVE-2014-8964}} [http://bugs.exim.org/show_bug.cgi?id=1546 templink] || {{pkg|pcre}} || 2014-11-18 || <= 8.36-1 || 8.36-2 || 8d || Fixed ({{bug|42860}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000154.html ASA-201411-29]<br />
|-<br />
| {{CVE|CVE-2014-8962}} {{CVE|CVE-2014-9028}} [http://www.ocert.org/advisories/ocert-2014-008.html templink] || {{pkg|flac}} || 2014-11-25 || <= 1.3.0-4 || 1.3.0-5 || < 1d || Fixed ({{bug|42898}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000155.html ASA-201411-30]<br />
|-<br />
| {{CVE|CVE-2014-7899}} {{CVE|CVE-2014-7900}} {{CVE|CVE-2014-7901}} {{CVE|CVE-2014-7902}} {{CVE|CVE-2014-7903}} {{CVE|CVE-2014-7904}} {{CVE|CVE-2014-7906}} {{CVE|CVE-2014-7907}} {{CVE|CVE-2014-7908}} {{CVE|CVE-2014-7909}} {{CVE|CVE-2014-7910}} [http://googlechromereleases.blogspot.in/2014/11/stable-channel-update_18.html templink] || {{pkg|chromium}} || 2014-11-20 || <= 38.0.2125.122-1 || 39.0.2171.65-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000151.html ASA-201411-26]<br />
|-<br />
| {{CVE|CVE-2014-9015}} {{CVE|CVE-2014-9016}} [http://seclists.org/oss-sec/2014/q4/697 templink] || {{pkg|drupal}} || 2014-11-19 || <= 7.33-1 || 7.34-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000150.html ASA-201411-25]<br />
|-<br />
| {{CVE|CVE-2013-6497}} [http://seclists.org/oss-sec/2014/q4/673 templink] || {{pkg|clamav}} || 2014-11-18 || <= 0.98.4-1 || 0.98.5-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000146.html ASA-201411-21]<br />
|-<br />
| {{CVE|CVE-2014-7817}} [https://sourceware.org/bugzilla/show_bug.cgi?id=17625 templink] || {{pkg|glibc}} {{pkg|lib32-glibc}} || 2014-11-19 || <= 2.20-2 || 2.20.3 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000152.html ASA-201411-27]<br />
|-<br />
| {{CVE|CVE-2014-8600}} [https://www.kde.org/info/security/advisory-20141113-1.txt templink] || {{pkg|kwebkitpart}} || 2014-11-18 || <= 1.3.4-2 || 1.3.4-3 || 4d || Fixed ({{bug|44170}} {{bug|42775}}) || None<br />
|-<br />
| {{CVE|CVE-2014-8767}} {{CVE|CVE-2014-8768}} {{CVE|CVE-2014-8769}} {{CVE|CVE-2014-9140}} {{CVE|CVE-2015-0261}} {{CVE|CVE-2015-2153}} {{CVE|CVE-2015-2154}} {{CVE|CVE-2015-2155}} [http://www.securityfocus.com/archive/1/534011/30/0/threaded templink] [http://www.securityfocus.com/archive/1/534010/30/0/threaded templink] [http://www.securityfocus.com/archive/1/534009/30/0/threaded templink] [https://github.com/the-tcpdump-group/tcpdump/commit/0f95d441e4b5d7512cc5c326c8668a120e048eda templink] || {{pkg|tcpdump}} || 2014-11-18 || <= 4.6.2-1 || 4.7.3-1 || 88d || Fixed ({{bug|44153}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000261.html ASA-201503-20]<br />
|-<br />
| {{CVE|CVE-2014-8090}} || {{pkg|ruby}} || 2014-11-13 || <= 2.1.4-1 || 2.1.5-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000141.html ASA-201411-16]<br />
|-<br />
| {{CVE|CVE-2014-7823}} || {{pkg|libvirt}} || 2014-11-13 || <= 1.2.10-1 ||1.2.11-1 ||33d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-8710}} {{CVE|CVE-2014-8711}} {{CVE|CVE-2014-8712}} {{CVE|CVE-2014-8713}} {{CVE|CVE-2014-8714}} [https://www.wireshark.org/security/wnpa-sec-2014-20.html templink] [https://www.wireshark.org/security/wnpa-sec-2014-21.html templink] [https://www.wireshark.org/security/wnpa-sec-2014-22.html templink] || {{pkg|wireshark-cli}} {{pkg|wireshark-gtk}} {{pkg|wireshark-qt}} || 2014-11-13 || <= 1.12.1-1 || 1.12.2-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000147.html ASA-201411-22] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000148.html ASA-201411-23] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000149.html ASA-201411-24]<br />
|-<br />
| {{CVE|CVE-2014-0573}} {{CVE|CVE-2014-0574}} {{CVE|CVE-2014-0576}} {{CVE|CVE-2014-0577}} {{CVE|CVE-2014-0581}} {{CVE|CVE-2014-0582}} {{CVE|CVE-2014-0583}} {{CVE|CVE-2014-0584}} {{CVE|CVE-2014-0585}} {{CVE|CVE-2014-0586}} {{CVE|CVE-2014-0588}} {{CVE|CVE-2014-0589}} {{CVE|CVE-2014-0590}} {{CVE|CVE-2014-8437}} {{CVE|CVE-2014-8438}} {{CVE|CVE-2014-8440}} {{CVE|CVE-2014-8441}} {{CVE|CVE-2014-8442}} [https://helpx.adobe.com/security/products/flash-player/apsb14-24.html templink] || {{pkg|flashplugin}} || 2014-11-11 || <= 11.2.202.411-1 || 11.2.202.418-1 || <1d || Fixed ({{bug|42769}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000136.html ASA-201411-11]<br />
|-<br />
| {{CVE|CVE-2014-3710}} [https://bugzilla.redhat.com/show_bug.cgi?id=1155071 templink] || {{pkg|php}} || 2014-10-29 || <= 5.6.2-2 || 5.6.3-1 || 14d || Fixed ({{bug|42764}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000138.html ASA-201411-13]<br />
|-<br />
| {{CVE|CVE-2014-8564}} [http://www.gnutls.org/security.html#GNUTLS-SA-2014-5 templink]|| {{pkg|gnutls}} || 2014-11-10 || <= 3.3.9-1 ||3.3.10-1 ||<1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000135.html ASA-201411-10]<br />
|-<br />
| {{CVE|CVE-2014-8716}} [http://seclists.org/oss-sec/2014/q4/591 templink]|| {{pkg|imagemagick}} || 2014-11-12 || <= 6.8.9.9-1 || 6.8.9.10-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000137.html ASA-201411-12]<br />
|-<br />
| {{CVE|CVE-2014-3710}} [https://bugzilla.redhat.com/show_bug.cgi?id=1155071 templink] || {{pkg|file}} || 2014-10-29 || <= 5.20-1 || 5.20-2 || 12d || Fixed ({{bug|42759}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000134.html ASA-201411-9]<br />
|-<br />
| {{CVE|CVE-2014-1569}} [https://bugzilla.mozilla.org/show_bug.cgi?id=1064670 templink] || {{pkg|nss}} || 2014-11-07 || <= 3.17.2-1 || 3.17.3-1 || 22d || Fixed ({{bug|42760}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000176.html ASA-201412-18]<br />
|-<br />
| {{CVE|CVE-2014-7824}} [http://www.openwall.com/lists/oss-security/2014/11/10/2 templink] || {{pkg|dbus}} || 2014-11-10 || <= 1.8.8-1 || 1.8.10-1 || 14d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000153.html ASA-201411-28]<br />
|-<br />
| {{CVE|CVE-2014-8598}} {{CVE|CVE-2014-7146}} [http://www.openwall.com/lists/oss-security/2014/11/07/27 templink] [http://www.openwall.com/lists/oss-security/2014/11/07/28 templink]|| {{pkg|mantisbt}} || 2014-11-08 || <= 1.2.17-3 || 1.2.17-4 || <4d || Fixed ({{bug|42761}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000133.html ASA-201411-8]<br />
|-<br />
| {{CVE|CVE-2014-8483}} [https://www.kde.org/info/security/advisory-20141104-1.txt templink] || {{pkg|konversation}} || 2014-11-04 || <= 1.5-1 || 1.5.1-1 || <4d || Fixed ({{bug|42698}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000130.html ASA-201411-5]<br />
|-<br />
| {{CVE|CVE-2014-3707}} [http://curl.haxx.se/docs/adv_20141105.html templink]|| {{pkg|curl}} || 2014-11-05 || <= 7.38.0-3 || 7.39.0-1 || 6d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000132.html ASA-201411-7]<br />
|-<br />
| {{CVE|CVE-2014-8651}} [http://seclists.org/oss-sec/2014/q4/520 templink]|| {{pkg|kdebase-workspace}} || 2014-11-04 || <= 4.11.13-1 || 4.11.13-2 || 6d || Fixed ({{bug|42679}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000131.html ASA-201411-6]<br />
|-<br />
| {{CVE|CVE-2014-8627}} {{CVE|CVE-2014-8628}} [http://www.openwall.com/lists/oss-security/2014/11/04/6 templink]|| {{pkg|polarssl}} || 2014-10-23 || <= 1.3.8-3 || 1.3.9-1 || 11d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000129.html ASA-201411-4]<br />
|-<br />
| {{CVE|CVE-2014-8321}} {{CVE|CVE-2014-8322}} {{CVE|CVE-2014-8323}} {{CVE|CVE-2014-8324}} [http://www.securityfocus.com/archive/1/533869/30/0/threaded templink]|| {{pkg|aircrack-ng}} || 2014-11-02 || <= 1.2beta3-1 || 1.2rc1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000127.html ASA-201411-2]<br />
|-<br />
| {{CVE|CVE-2014-8554}} [http://www.openwall.com/lists/oss-security/2014/10/30/9 templink]|| {{pkg|mantisbt}} || 2014-10-30 || <= 1.2.17-2 || 1.2.17-3 || 5d || Fixed ({{bug|42683}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000128.html ASA-201411-3]<br />
|-<br />
| {{CVE|CVE-2014-8354}} {{CVE|CVE-2014-8355}} {{CVE|CVE-2014-8561}} {{CVE|CVE-2014-8562}} [http://seclists.org/oss-sec/2014/q4/466 templink]|| {{pkg|imagemagick}} || 2014-10-29 || <= 6.8.9.8-1 || 6.8.9.9-1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-8517}} [http://seclists.org/oss-sec/2014/q4/459 templink]|| {{pkg|tnftp}} || 2014-10-28 || <= 20130505-2 || 20141031-1 || 4d || Fixed ({{bug|42646}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000126.html ASA-201411-1]<br />
|-<br />
| {{CVE|CVE-2014-4877}} [http://git.savannah.gnu.org/cgit/wget.git/commit/?id=18b0979357ed7dc4e11d4f2b1d7e0f5932d82aa7 templink]|| {{pkg|wget}} || 2014-10-27 || <= 1.15-1 || 1.16-1 || <2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000125.html ASA-201410-14]<br />
|-<br />
| {{CVE|CVE-2014-8484}} {{CVE|CVE-2014-8485}} {{CVE|CVE-2014-8501}} {{CVE|CVE-2014-8502}} {{CVE|CVE-2014-8503}} {{CVE|CVE-2014-8504}} {{CVE|CVE-2014-8737}} {{CVE|CVE-2014-8738}} [http://seclists.org/oss-sec/2014/q4/424 templink] [http://seclists.org/oss-sec/2014/q4/599 tmplink] [http://seclists.org/oss-sec/2014/q4/600 templink] || {{pkg|avr-binutils}} || 2014-10-23 || <= 2.24-2 || 2.24-3 || 27d || Fixed ({{bug|42773}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000145.html ASA-201411-20]<br />
|-<br />
| {{CVE|CVE-2014-8484}} {{CVE|CVE-2014-8485}} {{CVE|CVE-2014-8501}} {{CVE|CVE-2014-8502}} {{CVE|CVE-2014-8503}} {{CVE|CVE-2014-8504}} {{CVE|CVE-2014-8737}} {{CVE|CVE-2014-8738}} [http://seclists.org/oss-sec/2014/q4/424 templink] [http://seclists.org/oss-sec/2014/q4/599 tmplink] [http://seclists.org/oss-sec/2014/q4/600 templink] || {{pkg|mingw-w64-binutils}} || 2014-10-23 || <= 2.24-1 || 2.24-2 || 26d || Fixed ({{bug|42773}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000144.html ASA-201411-19]<br />
|-<br />
| {{CVE|CVE-2014-8484}} {{CVE|CVE-2014-8485}} {{CVE|CVE-2014-8501}} {{CVE|CVE-2014-8502}} {{CVE|CVE-2014-8503}} {{CVE|CVE-2014-8504}} {{CVE|CVE-2014-8737}} {{CVE|CVE-2014-8738}} [http://seclists.org/oss-sec/2014/q4/424 templink] [http://seclists.org/oss-sec/2014/q4/599 tmplink] [http://seclists.org/oss-sec/2014/q4/600 templink] || {{pkg|arm-none-eabi-binutils}} || 2014-10-23 || <= 2.24-2 || 2.24-3 || 26d || Fixed ({{bug|42773}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000143.html ASA-201411-18]<br />
|-<br />
| {{CVE|CVE-2014-8484}} {{CVE|CVE-2014-8485}} {{CVE|CVE-2014-8501}} {{CVE|CVE-2014-8502}} {{CVE|CVE-2014-8503}} {{CVE|CVE-2014-8504}} {{CVE|CVE-2014-8737}} {{CVE|CVE-2014-8738}} [http://seclists.org/oss-sec/2014/q4/424 templink] [http://seclists.org/oss-sec/2014/q4/599 tmplink] [http://seclists.org/oss-sec/2014/q4/600 templink] || {{pkg|binutils}} || 2014-10-23 || <= 2.24-7 || 2.24-8 || 26d || Fixed ({{bug|42773}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000142.html ASA-201411-17]<br />
|-<br />
| {{CVE|CVE-2014-8559}} [http://www.openwall.com/lists/oss-security/2014/10/30/7 templink] || {{pkg|linux}}, {{pkg|linux-lts}} || 2014-10-30 || <= 3.17.3-1, <= 3.14.24-1 ||3.17.4-1 3.14.25-1 || ~23d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-3610}} {{CVE|CVE-2014-3611}} {{CVE|CVE-2014-3646}} {{CVE|CVE-2014-3647}} {{CVE|CVE-2014-7825}} {{CVE|CVE-2014-7826}} {{CVE|CVE-2014-8369}} [http://permalink.gmane.org/gmane.comp.security.oss.general/14526 templink] [http://seclists.org/oss-sec/2014/q4/548 templink] || {{pkg|linux}}, {{pkg|linux-lts}} || 2014-10-21 || <= 3.17.2-1, <= 3.14.23-1 || 3.17.3-1, 3.14.24-1 || || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000139.html ASA-201411-14] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000140.html ASA-201411-15]<br />
|-<br />
| {{CVE|CVE-2014-8480}} {{CVE|CVE-2014-8481}} [http://permalink.gmane.org/gmane.comp.security.oss.general/14526 templink] || {{pkg|linux}} || 2014-10-21 || <= 3.17.2-1 || 3.17.3-1 || || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000139.html ASA-201411-14]<br />
|-<br />
| {{CVE|CVE-2014-3695}} {{CVE|CVE-2014-3696}} {{CVE|CVE-2014-3698}} [https://pidgin.im/news/security/ templink] || {{pkg|libpurple}} || 2014-10-22 || <= 2.10.9-2 || 2.10.10-1 || < 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000120.html ASA-201410-9]<br />
|-<br />
| {{CVE|CVE-2014-8760}} || {{pkg|ejabberd}} || 2014-10-13 || <= 14.07-1 || 14.07-2 || 14d || Fixed ({{bug|42541}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000124.html ASA-201410-13]<br />
|-<br />
| {{CVE|CVE-2014-3686}} || {{pkg|wpa_supplicant}}, {{pkg|hostapd}} || 2014-10-09 || <= 2.2-2 || 2.3-1 || ~10d || Fixed ({{bug|42401}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000119.html ASA-201410-8]<br />
|-<br />
| {{CVE|CVE-2014-0191}} {{CVE|CVE-2014-3660}} || {{pkg|libxml2}} || 2014-10-16 || <= 2.9.1-5 || 2.9.2-1 || 8d || Fixed ({{bug|40790}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000123.html ASA-201410-12]<br />
|-<br />
| {{CVE|CVE-2014-3704}} [https://www.drupal.org/SA-CORE-2014-005 templink] || {{pkg|drupal}} || 2014-10-15 || <= 7.31-2 || 7.32-1 || 1d || Fixed ({{bug|42388}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000118.html ASA-201410-7]<br />
|-<br />
| {{CVE|CVE-2014-3513}} {{CVE|CVE-2014-3566}} {{CVE|CVE-2014-3567}} {{CVE|CVE-2014-3568}} [https://www.openssl.org/news/secadv_20141015.txt templink] [https://www.openssl.org/~bodo/ssl-poodle.pdf temp link] || {{pkg|openssl}} || 2014-10-15 || <= 1.0.1.i-1 || 1.0.1.j-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000117.html ASA-201410-6]<br />
|-<br />
| {{CVE|CVE-2014-8242}} [http://www.openwall.com/lists/oss-security/2014/10/13/2 temp link] || {{pkg|librsync}} || 2014-10-12 || <= 0.9.7-7 || 1.0.0-1 || 166d || Fixed ({{bug|44175}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000251.html ASA-201503-10]<br />
|-<br />
| {{CVE|CVE-2014-7203}} {{CVE|CVE-2014-7202}} [http://seclists.org/oss-sec/2014/q3/776 temp link] || {{pkg|zeromq}} || 2014-09-27 || <= 4.0.4-4 || 4.0.5-1 || 18d || Fixed ({{bug|42381}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000116.html ASA-201410-4]<br />
|-<br />
| {{CVE|CVE-2014-6051}} {{CVE|CVE-2014-6052}} {{CVE|CVE-2014-6053}} {{CVE|CVE-2014-6054}} {{CVE|CVE-2014-6055}} [http://seclists.org/oss-sec/2014/q3/639 temp link] || {{pkg|libvncserver}} || 2014-09-23 || <= 0.9.9-3 || 0.9.10-1 || 31d || Fixed ({{bug|42321}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000121.html ASA-201410-10]<br />
|-<br />
| {{CVE|CVE-2014-3683}} [http://www.rsyslog.com/remote-syslog-pri-vulnerability-cve-2014-3683/ temp link] || {{pkg|rsyslog}} || 2014-10-02 || <= 8.4.1-1 || 8.4.2-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000115.html ASA-201410-5]<br />
|-<br />
| {{CVE|CVE-2014-7204}} [http://seclists.org/oss-sec/2014/q3/842 temp link] || {{pkg|ctags}} || 2014-09-29 || <= 5.8-4 || 5.8-5 || 26d || Fixed ({{bug|42246}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000122.html ASA-201410-11]<br />
|-<br />
| {{CVE|CVE-2014-7295}} [https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-October/000163.html temp link] || {{pkg|mediawiki}} || 2014-10-02 || <= 1.23.4-1 || 1.23.5-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000114.html ASA-201410-3]<br />
|-<br />
| {{CVE|CVE-2014-3661}} {{CVE|CVE-2014-3662}} {{CVE|CVE-2014-3663}} {{CVE|CVE-2014-3664}} {{CVE|CVE-2014-3680}} {{CVE|CVE-2014-3681}} {{CVE|CVE-2014-3666}} {{CVE|CVE-2014-3667}} {{CVE|CVE-2013-2186}} {{CVE|CVE-2014-1869}} {{CVE|CVE-2014-3678}} {{CVE|CVE-2014-3679}} [https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01 temp link] || {{pkg|jenkins}} || 2014-10-01 || <= 1.582-1 || 1.583-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000113.html ASA-201410-2]<br />
|-<br />
| {{CVE|CVE-2014-3634}} [http://www.rsyslog.com/remote-syslog-pri-vulnerability/ temp link] || {{pkg|rsyslog}} || 2014-09-30 || <= 8.4.0-1 || 8.4.1-1 || 1d || Fixed ({{bug|42200}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000112.html ASA-201410-1]<br />
|-<br />
| {{CVE|CVE-2014-3657}} {{CVE|CVE-2014-3633}} [https://www.debian.org/security/2014/dsa-3038 temp link] || {{pkg|libvirt}} || 2014-09-26 || <= 1.2.8-1 || 1.2.8-2 || 3d || Fixed ({{bug|42159}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-September/000111.html ASA-201409-5]<br />
|-<br />
| {{CVE|CVE-2014-7199}} [https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-September/000161.html temp link] || {{pkg|mediawiki}} || 2014-09-24 || <= 1.23.3-1 || 1.23.4-1 || 5d || Fixed ({{bug|42161}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-September/000109.html ASA-201409-4]<br />
|-<br />
| {{CVE|CVE-2014-7185}} [http://bugs.python.org/issue21831 temp link] || {{pkg|python2}} || 2014-09-24 || < 2.7.8 || 2.7.8-1 || < 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-September/000102.html ASA-201409-3]<br />
|-<br />
| {{CVE|CVE-2014-1568}} [https://www.mozilla.org/security/announce/2014/mfsa2014-73.html temp link] || {{pkg|nss}} || 2014-09-24 || < 3.17.1 || 3.17.1-1 || < 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-September/000097.html ASA-201409-1]<br />
|-<br />
| {{CVE|CVE-2014-6271}} {{CVE|CVE-2014-7169}} {{CVE|CVE-2014-7186}} {{CVE|CVE-2014-7187}} {{CVE|CVE-2014-6277}} {{CVE|CVE-2014-6278}} [http://seclists.org/oss-sec/2014/q3/649 temp link] || {{pkg|bash}} || 2014-09-24 || <= 4.3.024-1 || 4.3.026-1 || 2d || Fixed ({{bug|42109}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-September/000099.html ASA-201409-2]<br />
|-<br />
| {{CVE|CVE-2014-3635}} {{CVE|CVE-2014-3636}} {{CVE|CVE-2014-3637}} {{CVE|CVE-2014-3638}} {{CVE|CVE-2014-3639}} [http://www.openwall.com/lists/oss-security/2014/09/16/9 temp link] || {{pkg|dbus}} {{pkg|libdbus}} {{pkg|lib32-libdbus}} || 2014-09-16 || < 1.8.8 || 1.8.8-1 || 1d || Fixed ({{bug|41993}}) || None<br />
|-<br />
| {{CVE|CVE-2014-3613}} {{CVE|CVE-2014-3620}} [http://curl.haxx.se/docs/security.html temp link] || {{pkg|curl}} {{pkg|lib32-curl}}|| 2014-09-10 || < 7.38.0 || 7.38.0-1 || 5d ({{pkg|curl}}), 7d ({{pkg|lib32-curl}}) || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-3609}} [http://www.squid-cache.org/Advisories/SQUID-2014_2.txt temp link] || {{pkg|squid}} || 2014-08-28 || < 3.4.7 || 3.4.7-1 || < 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-5119}} [https://sourceware.org/bugzilla/show_bug.cgi?id=17187 temp link] || {{pkg|glibc}} || 2014-07-21 || <= 2.19 || 2.20-2 || 55d || Fixed ({{bug|41713}}) || None<br />
|-<br />
| {{CVE|CVE-2014-3508}} {{CVE|CVE-2014-5139}} {{CVE|CVE-2014-3509}} {{CVE|CVE-2014-3505}} {{CVE|CVE-2014-3506}} {{CVE|CVE-2014-3507}} {{CVE|CVE-2014-3510}} {{CVE|CVE-2014-3511}} {{CVE|CVE-2014-3512}} [https://www.openssl.org/news/secadv_20140806.txt temp link] || {{pkg|openssl}} || 2014-08-06 || < 1.0.1.i || 1.0.1.i-1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0226}} [http://www.zerodayinitiative.com/advisories/ZDI-14-236/ temp link] || {{pkg|apache}} || 2014-07-15 || < 2.4.10 || 2.4.10-1 || ~7d || Fixed ({{bug|41244}}) || None<br />
|-<br />
| {{CVE|CVE-2014-4943}} [http://www.openwall.com/lists/oss-security/2014/07/17/1 temp link] || {{pkg|linux}}, {{pkg|linux-lts}}, {{pkg|linux-grsec}} || 2014-07-16 || || 3.15.5.201407170639-1 {{pkg|linux-grsec}}, 3.14.16 ({{pkg|linux-lts}}), 3.16 ({{pkg|linux}}) || 1d ({{pkg|linux-grsec}}), 23d ({{pkg|linux-lts}}), 27d {{pkg|linux}} || Fixed in {{pkg|linux}}, {{pkg|linux-lts}} ({{bug|41231}}), Fixed in {{pkg|linux-grsec}} || None<br />
|-<br />
| {{CVE|CVE-2014-0475}} [http://www.openwall.com/lists/oss-security/2014/07/10/7 temp link] || {{pkg|glibc}} || 2014-07-10 || <=2.19 || 2.20-2 || 66d || Fixed ({{bug|41166}}) || None<br />
|-<br />
| {{CVE|CVE-2014-4699}} [http://www.openwall.com/lists/oss-security/2014/07/04/4 temp link] || {{Pkg|linux}}, {{pkg|linux-lts}}, {{pkg|linux-grsec}} || 2014-07-04 || || 3.15.3.201407060933-1 {{pkg|linux-grsec}}, 3.15.4-1 {{pkg|linux}}, 3.14.11-1 {{pkg|linux-lts}} || 2d ({{pkg|linux-grsec}}), 3d ({{pkg|linux}}, {{pkg|linux-lts}}) || Fixed ({{bug|41115}}) || None<br />
|-<br />
| {{CVE|CVE-2014-4715}} [http://www.openwall.com/lists/oss-security/2014/07/02/13 temp link] || {{Pkg|lz4}} || 2014-07-02 || || 119-1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-4611}} [http://www.openwall.com/lists/oss-security/2014/06/26/25 temp link] || {{Pkg|linux}}, {{pkg|linux-grsec}}, {{pkg|lz4}} || 2014-06-26 || || 3.15.2-1 ({{pkg|linux}}), 3.15.2.201406262058-1 ({{pkg|linux-grsec}}), 118-1 {{pkg|lz4}} || <1d ({{pkg|linux}}, {{pkg|linux-grsec}}, {{pkg|lz4}}) || Fixed in {{pkg|linux}} ({{bug|40992}}), Fixed in {{pkg|linux-grsec}}, Fixed in {{pkg|lz4}} ({{bug|40997}}) || None<br />
|-<br />
| {{CVE|CVE-2014-4610}} [http://www.openwall.com/lists/oss-security/2014/06/26/23 temp link] || {{Pkg|ffmpeg}} || 2014-06-26 || || 1:2.2.4-1 || <2d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-4609}} [http://www.openwall.com/lists/oss-security/2014/06/26/22 temp link] || {{Pkg|gst-libav}} || 2014-06-26 || 1.2.4-1 || 1.2.4-2 (with libav 9.14) || 2d || Fixed ({{bug|40995}}) || None<br />
|-<br />
| {{CVE|CVE-2014-4608}} [http://www.openwall.com/lists/oss-security/2014/06/26/21 temp link] || {{Pkg|linux}}, {{pkg|linux-lts}}, {{pkg|linux-grsec}} || 2014-06-26 || || 3.15.2-1 ({{pkg|linux}}), 3.10.45-1 ({{pkg|linux-lts}}), 3.15.2.201406262058-1 ({{pkg|linux-grsec}}) || <1d ({{pkg|linux}}, {{pkg|linux-lts}}, {{pkg|linux-grsec}}) || Fixed in {{pkg|linux}} and {{pkg|linux-lts}} ({{bug|40992}}), Fixed in {{pkg|linux-grsec}} || None<br />
|-<br />
| {{CVE|CVE-2014-4607}} [http://www.openwall.com/lists/oss-security/2014/06/26/20 temp link] || {{Pkg|lzo2}} || 2014-06-26 || || 2.07-2 || 3d || Fixed ({{bug|40993}}) || None<br />
|-<br />
| {{CVE|CVE-2014-4617}} [http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000345.html temp link] || {{Pkg|gnupg}} || 2014-06-24 || < 2.0.24 || 2.0.24 || 7d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0244}} {{CVE|CVE-2014-3493}} [https://www.samba.org/samba/history/samba-4.1.9.html temp link] || {{Pkg|samba}} || 2014-06-23 || < 4.1.9 || 4.1.9 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1545}} [https://www.mozilla.org/security/announce/2014/mfsa2014-55.html temp link] || {{Pkg|nspr}} || 2014-06-10 || < 4.10.6 || 4.10.6 || ~1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-3859}} || {{Pkg|bind}} || 2014-06-11 || 9.10.0, 9.10.0-P1 || 9.10.0-P2 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-3477}} || {{Pkg|dbus}} || 2014-06-10 || <= 1.8.2 || 1.8.4 || 3d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0195}} {{CVE|CVE-2014-0198}} {{CVE|CVE-2010-5298}} {{CVE|CVE-2014-3470}} {{CVE|CVE-2014-0224}} {{CVE|CVE-2014-0221}} [http://www.openssl.org/news/secadv_20140605.txt temp link] || {{Pkg|openssl}} || 2014-06-05 || 1.0.1 - 1.0.1g || 1.0.1h || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-3153}} [http://seclists.org/oss-sec/2014/q2/467 temp link]|| {{Pkg|linux}}, {{pkg|linux-lts}}, {{Pkg|linux-grsec}} || 2014-06-05 || ? || 3.14.6 ({{pkg|linux}}), 3.10.42-1 ({{pkg|linux-lts}}), 3.14.5.201406051310-1 ({{pkg|linux-grsec}})|| 3d ({{pkg|linux}}, {{pkg|linux-lts}}), <1d ({{pkg|linux-grsec}}) || Fixed in {{pkg|linux}} ({{bug|40715}}), Fixed in {{pkg|linux-lts}}, Fixed in {{pkg|linux-grsec}} || None<br />
|-<br />
| {{CVE|CVE-2014-3466}} [https://bugzilla.redhat.com/show_bug.cgi?id=1101932 temp link]|| {{Pkg|gnutls}} || 2014-05-30 || < 3.3.3 || 3.3.3 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0209}} {{CVE|CVE-2014-0210}} {{CVE|CVE-2014-0211}}|| {{Pkg|libxfont}} || 2014-05-13 || < 1.4.18 || 1.4.18 || 3d || Fixed ({{Bug|40409 }}) || None<br />
|-<br />
| {{CVE|CVE-2014-0196}} [https://bugzilla.redhat.com/show_bug.cgi?id=1094232 temp-link] || {{Pkg|linux}}, {{Pkg|linux-lts}}, {{pkg|linux-grsec}} || 2014-05-05 || 2.6.31 - 3.14 || 3.14.3-2 ({{pkg|linux}}), 3.10.39-2 ({{pkg|linux-lts}}), 3.14.3.201405121814-1 ({{pkg|linux-grsec}}) || 7d ({{pkg|linux}}), 8d {{pkg|linux-lts}}, <1d ({{pkg|linux-grsec}}) || Fixed in {{pkg|linux}} ({{Bug|40232}}), Fixed in {{pkg|linux-lts}}, Fixed in {{pkg|linux-grsec}} || None<br />
|-<br />
| {{CVE|CVE-2014-2905}} {{CVE|CVE-2014-2906}} {{CVE|CVE-2014-2914}} [https://bugzilla.redhat.com/show_bug.cgi?id=1092091 temp-link] || {{Pkg|fish}} || 2014-04-28 || 1.16.0 - 2.1.0 || 2.2.1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0160}} || {{Pkg|openssl}} || 2014-04-07 || 1.0.1 - 1.0.1f || 1.0.1g || ~1d || Fixed ({{Bug|39775}}) || None<br />
|-<br />
| {{CVE|CVE-2014-1700}} {{CVE|CVE-2014-1701}} {{CVE|CVE-2014-1702}} {{CVE|CVE-2014-1703}} {{CVE|CVE-2014-1704}} {{CVE|CVE-2014-1705}} {{CVE|CVE-2014-1713}} {{CVE|CVE-2014-1715}} || {{Pkg|chromium}} {{Pkg|v8}} || 2014-03-11 || 32 || 33 || 4d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0098}} {{CVE|CVE-2013-6438}}|| {{Pkg|apache}} || 2014-03-17 || 2.4.8 || 2.4.9 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1492}} || {{Pkg|nss}} || 2014-03-18 || 3.15.5 || 3.16 || 22d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1493}} {{CVE|CVE-2014-1494}} {{CVE|CVE-2014-1497}} {{CVE|CVE-2014-1498}} {{CVE|CVE-2014-1499}} {{CVE|CVE-2014-1500}} {{CVE|CVE-2014-1502}} {{CVE|CVE-2014-1504}} {{CVE|CVE-2014-1505}} {{CVE|CVE-2014-1508}} {{CVE|CVE-2014-1509}} {{CVE|CVE-2014-1510}} {{CVE|CVE-2014-1511}} {{CVE|CVE-2014-1512}} {{CVE|CVE-2014-1513}} {{CVE|CVE-2014-1514}} || {{Pkg|firefox}} {{Pkg|thunderbird}} || 2014-03-18 || 27 || 28 || 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-2240}} {{CVE|CVE-2014-2241}}|| {{Pkg|freetype2}} || ? || 2.5.2 || 2.5.3 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-2029}}|| {{Pkg|xtrabackup}} || 2014-02-16 || 2.1.7 || 2.1.8 || 28d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1958}} {{CVE|CVE-2014-2030}}|| {{Pkg|imagemagick}} || ? || ? || 6.8.8.9-1 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1943}} {{CVE|CVE-2014-2270}}|| {{Pkg|php}} || 2014-03-06 || 5.5.9 || 5.5.110 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0404}} {{CVE|CVE-2014-0406}} {{CVE|CVE-2014-0407}} || {{Pkg|virtualbox}} || 2014-02-28 || 4.3.4 || 4.3.6 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-2323}} {{CVE|CVE-2014-2324}} || {{Pkg|lighttpd}} || 2014-03-12 || 1.4.34 || 1.4.35 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0333}} || {{Pkg|libpng}} || 2014-02-28 || 1.6.9 || 1.6.10 || 9d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0017}} || {{Pkg|libssh}} || 2014-03-04 || ? || 0.5.5-3 || 5d || Fixed || None<br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/628 CVE-2013-7339] || {{Pkg|linux}} || 2014-03-20 || < 3.5.7.29 || 3.5.7.29 || 0d || Fixed || None<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2568 CVE-2014-2568] || {{Pkg|linux}} || 2014-03-18 || ? || ? || ? || Not Affected ({{Bug|39566}}) ||<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2524 CVE-2014-2524] || {{Pkg|tigervnc}} || 2014-03-19 || ? || 1.3.1 || 1d || Fixed || None<br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/595 CVE-2013-7338] || {{Pkg|python}} || 2014-03-19 || 3.4beta || 3.4 || ? || Fixed ({{Bug|39540}}) || None<br />
|-<br />
| [http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html CVE-2014-0133 ] || {{Pkg|nginx}} || 2014-03-18 || ? || 1.4.7 || 0d || Fixed || None<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2013-7336 CVE-2013-7336 ] || {{Pkg|libvirt}} || 2013-09-19 || ? || 1.1.1-7 (in RHEL 7) || 0d || Fixed || None<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2523 CVE-2014-2523 ] || {{Pkg|linux}} || 2014-03-17 || ? || 3.13-rc5 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0004}} || {{Pkg|udisks2}} & {{Pkg|udisks}} || 2014-03-10 || 2.1.3 / 1.0.5 || 2.1.3 / 1.0.5 || 3d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-2281}} {{CVE|CVE-2014-2282}} {{CVE|CVE-2014-2283}} {{CVE|CVE-2014-2299}} || {{Pkg|wireshark-cli}} || 2014-03-10 || 1.10.6 || 1.10.6 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0050}} || {{Pkg|tomcat7}} || 2014-02-06 || 7.0.51 || 7.0.51 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0033}} || {{Pkg|tomcat6}} || 2014-01-10 || 6.0.37 || 6.0.37 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0032}} || {{Pkg|subversion}} || 2014-01-10 || 1.8.6 || 1.8.6 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0060}} {{CVE|CVE-2014-0061}} {{CVE|CVE-2014-0062}} {{CVE|CVE-2014-0063}} {{CVE|CVE-2014-0064}} {{CVE|CVE-2014-0065}} {{CVE|CVE-2014-0066}} {{CVE|CVE-2014-0067}} || {{Pkg|postgresql}} || 2014-02-20 || <=9.3.3 || 9.3.3-1 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1912}} || {{Pkg|python}} {{Pkg|python2}} || 2014-02-07 || ? || 2.7.6-3 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2013-4496}} {{CVE|CVE-2013-6442}} || {{Pkg|samba}} || 2014-03-14 || ? || 4.1.6 || 2d || Fixed ({{Bug|39424}}) || None<br />
|-<br />
| {{CVE|CVE-2014-0504}} || {{Pkg|flashplugin}} || 2014-03-12 || ? || 11.2.202.346 || 1d || Fixed ({{Bug|39385}}) || None<br />
|-<br />
| {{CVE|CVE-2014-0106}} || {{Pkg|sudo}} || || 1.8.9.p5 || 1.8.10 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-2285}} {{CVE|CVE-2014-2284}} || {{Pkg|net-snmp}} || 2014-03-05 || ? || 5.7.2.1-2 || 8d || Fixed ({{Bug|39190}}) || None<br />
|-<br />
| {{CVE|CVE-2014-0092}} || {{Pkg|gnutls}} || 2014-03-04 || <3.2.12 || 3.2.12-1 || 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-2242}} {{CVE|CVE-2014-2243}} {{CVE|CVE-2014-2244}} || {{Pkg|mediawiki}} || 2014-03-14 || <1.22.3 || 1.22.3 || 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-2093}} {{CVE|CVE-2014-2094}} {{CVE|CVE-2014-2095}} {{CVE|CVE-2014-2096}} || {{Pkg|catfish}} || 2014-02-25 || <1.0.1 || 1.0.1 || 8d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0497}} || {{Pkg|flashplugin}} || 2014-02-04 || ? || 11.2.202.346 || 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0015}} || {{Pkg|curl}} || 2014-01-29 || <7.35 || 7.35 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1610}} || {{Pkg|mediawiki}} || 2014-01-29 || <1.22.2 || 1.22.2 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0021}} || {{Pkg|chrony}} || 2014-01-17 || <1.29.1-1 || 1.29.1-1 || 14d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1875}} || {{Pkg|perl-capture-tiny}} || 2014-02-06 || ? || 0.24-1 || 4d || Fixed ({{Bug|38862}}) || None<br />
|-<br />
| {{CVE|CVE-2013-6493}} || {{Pkg|icedtea-web-java7}} || 2014-02-05 || <1.4.2 || 1.4.2 || 0d || Fixed || None<br />
|- <br />
| {{CVE|CVE-2014-1858}} {{CVE|CVE-2014-1859}} || {{Pkg|python-numpy}} || 2014-02-06 || ? || 1.8.0-2 || 4d || Fixed ({{Bug|38863}}) || None<br />
|-<br />
| {{CVE|CVE-2014-1932}} {{CVE|CVE-2014-1933}} || {{Pkg|python-pillow}} || 2014-02-10 || <2.3.1 || 2.3.1 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1935}} || {{Pkg|9base}} || 2014-02-10 || ? || ? || ? || ? ||<br />
|-<br />
| {{CVE|CVE-2014-1949}} [http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-1949.html temp link] || {{Pkg|cinnamon-screensaver}} || 2014-02-12 || 2.0.3 || ? || ? || ? ||<br />
|-<br />
| {{CVE|CVE-2014-1959}} || {{Pkg|gnutls}} || 2014-02-13 || <3.2.11 || 3.2.11 || 2d || Fixed || None<br />
|- <br />
| {{CVE|CVE-2014-1943}} {{CVE|CVE-2014-2270}} || {{Pkg|file}} || 2014-02-10 || <5.17 || 5.17-1 || 3d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0001}} {{CVE|CVE-2014-0412}} {{CVE|CVE-2014-0437}} {{CVE|CVE-2014-0420}} {{CVE|CVE-2014-0393}} {{CVE|CVE-2014-0386}} {{CVE|CVE-2014-0401}} {{CVE|CVE-2014-0402}} || {{Pkg|mariadb}} || 2014-01-31 || <5.5.35 || 5.5.35-1 || 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1447}} || {{Pkg|libvirt}} || 2014-01-16 || <1.2.1 || 1.2.1 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0979}} || lightdm-gtk* || 2014-01-07 || ? || ? || 25d || Fixed ({{Bug|38715}}) || None<br />
|-<br />
| {{CVE|CVE-2014-1475}} {{CVE|CVE-2014-1476}} || {{Pkg|drupal}} || 2014-01-15 || <7.26 || 7.26-1 || 12d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0019}} || {{Pkg|socat}} || 2014-01-29 || <1.7.2.3 || 1.7.2.3 || 0d || Fixed || None<br />
|- <br />
| {{CVE|CVE-2014-1838}} {{CVE|CVE-2014-1839}} || {{Pkg|python-logilab-common}} || 2014-01-31 || ? || ? || 3d || Fixed [https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737051] || None<br />
|-<br />
| {{CVE|CVE-2014-0368}} {{CVE|CVE-2014-0373}} {{CVE|CVE-2014-0376}} {{CVE|CVE-2014-0411}} {{CVE|CVE-2014-0416}} {{CVE|CVE-2014-0422}} {{CVE|CVE-2014-0423}} {{CVE|CVE-2014-0428}} || *-openjdk-* || 2014-01-15 || ? || ? || 2d || ? ||<br />
|-<br />
| {{CVE|CVE-2014-1402}} || {{Pkg|python-jinja}} || 2014-01-10 || <2.7.2 || 2.7.2 || 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2013-6462}} || {{Pkg|libxfont}} || 2014-01-07 || <1.4.7 || 1.4.7 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1235}} || {{Pkg|graphviz}} || 2014-01-07 || <2.36.0 || 2.34.0-3 || 3d || Fixed ({{Bug|38441}}) || None<br />
|-<br />
| {{CVE|CVE-2014-0978}} || {{Pkg|freerdp}} || 2014-01-10 || <1.0.2 || 1.0.2-5 || 67d || Fixed ({{Bug|38802}}) || None<br />
|-<br />
|}</div>
Anthraxx
https://wiki.archlinux.org/index.php?title=Security_Advisories&diff=454771
Security Advisories
2016-10-22T12:05:41Z
<p>Anthraxx: /* Recent Advisories */ linux advisory</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Related articles start}}<br />
{{Related|Arch CVE Monitoring Team}}<br />
{{Related|CVE}}<br />
{{Related|Security Advisories/Examples}}<br />
{{Related articles end}}<br />
<br />
Security Advisories are published by the community driven [[Arch CVE Monitoring Team]] to the public [https://mailman.archlinux.org/mailman/listinfo/arch-security arch-security] list.<br />
All published advisories can be found below, however if you want to be up-to-date its recommended to subscribe to the [https://mailman.archlinux.org/mailman/listinfo/arch-security list]. All assigned CVE's are tracked at the relevant CVE page [[CVE]], by the [[Arch_CVE_Monitoring_Team|ACMT]].<br />
<br />
==Scheduled Advisories==<br />
<br />
==Recent Advisories==<br />
Here is an archive of security advisories posted to the [https://mailman.archlinux.org/mailman/listinfo/arch-security arch-security] list.<br />
<br />
=== October 2016 ===<br />
* [22 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000742.html ASA-201610-14] {{pkg|linux}} privilege escalation<br />
* [21 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000741.html ASA-201610-13] {{pkg|python-django}} cross-site request forgery<br />
* [21 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000740.html ASA-201610-12] {{pkg|python2-django}} cross-site request forgery<br />
* [21 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000739.html ASA-201610-11] {{pkg|linux-lts}} privilege escalation<br />
* [16 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000738.html ASA-201610-10] {{pkg|guile}} multiple issues<br />
* [13 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000737.html ASA-201610-9] {{pkg|gdk-pixbuf2}} arbitrary code execution<br />
* [11 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000736.html ASA-201610-8] {{pkg|crypto++}} information disclosure<br />
* [09 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000735.html ASA-201610-7] {{pkg|wpa_supplicant}} multiple issues<br />
* [08 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000734.html ASA-201610-6] {{pkg|imagemagick}} multiple issues<br />
* [07 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000733.html ASA-201610-5] {{pkg|messagelib}} multiple issues<br />
* [07 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000732.html ASA-201610-4] {{pkg|kcoreaddons}} insufficient validation<br />
* [03 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000731.html ASA-201610-3] {{pkg|hostapd}} multiple issues<br />
* [03 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000730.html ASA-201610-2] {{pkg|systemd}} denial of service<br />
* [03 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000729.html ASA-201610-1] {{pkg|chromium}} arbitrary code execution<br />
<br />
=== September 2016 ===<br />
* [30 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000728.html ASA-201609-32] {{pkg|wordpress}} multiple issues<br />
* [30 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000727.html ASA-201609-31] {{pkg|c-ares}} arbitrary code execution<br />
* [28 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000726.html ASA-201609-30] {{pkg|openssl}} denial of service<br />
* [28 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000725.html ASA-201609-29] {{pkg|bind}} denial of service<br />
* [27 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000724.html ASA-201609-28] {{pkg|lib32-openssl}} denial of service<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000723.html ASA-201609-27] {{pkg|wireshark-cli}} denial of service<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000722.html ASA-201609-26] {{pkg|lib32-gnutls}} certificate verification bypass<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000721.html ASA-201609-25] {{pkg|gnutls}} certificate verification bypass<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000720.html ASA-201609-24] {{pkg|lib32-openssl}} multiple issues<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000719.html ASA-201609-23] {{pkg|openssl}} multiple issues<br />
* [22 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000718.html ASA-201609-22] {{pkg|firefox}} multiple issues<br />
* [22 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000717.html ASA-201609-21] {{pkg|tomcat7}} proxy injection<br />
* [22 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000716.html ASA-201609-20] {{pkg|irssi}} arbitrary code execution<br />
* [20 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000715.html ASA-201609-19] {{pkg|curl}} denial of service<br />
* [20 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000714.html ASA-201609-18] {{pkg|lib32-curl}} denial of service<br />
* [20 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000713.html ASA-201609-17] {{pkg|lib32-jansson}} denial of service<br />
* [18 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000712.html ASA-201609-16] {{pkg|php}} multiple issues<br />
* [17 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000711.html ASA-201609-15] {{pkg|jansson}} denial of service<br />
* [17 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000710.html ASA-201609-14] {{pkg|lib32-libgcrypt}} information disclosure<br />
* [17 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000709.html ASA-201609-13] {{pkg|chromium}} multiple issues<br />
* [15 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000708.html ASA-201609-12] {{pkg|lib32-flashplugin}} multiple issues<br />
* [15 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000707.html ASA-201609-11] {{pkg|flashplugin}} multiple issues<br />
* [14 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000706.html ASA-201609-10] {{pkg|mariadb}} multiple issues<br />
* [13 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000705.html ASA-201609-9] {{pkg|powerdns}} denial of service<br />
* [13 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000704.html ASA-201609-8] {{pkg|libtorrent-rasterbar}} denial of service<br />
* [10 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000703.html ASA-201609-7] {{pkg|tomcat8}} proxy injection<br />
* [09 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000702.html ASA-201609-6] {{pkg|graphicsmagick}} multiple issues<br />
* [09 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000701.html ASA-201609-5] {{pkg|file-roller}} directory traversal<br />
* [09 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000700.html ASA-201609-4] {{pkg|wordpress}} multiple issues<br />
* [04 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000699.html ASA-201609-3] {{pkg|thunderbird}} arbitrary code execution<br />
* [01 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000698.html ASA-201609-2] {{pkg|webkit2gtk}} multiple issues<br />
* [01 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000697.html ASA-201609-1] {{pkg|chromium}} multiple issues<br />
<br />
=== August 2016 ===<br />
* [30 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000696.html ASA-201608-22] {{pkg|mupdf}} arbitrary code execution<br />
* [30 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000695.html ASA-201608-21] {{pkg|mupdf}} arbitrary code execution<br />
* [27 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000694.html ASA-201608-20] {{pkg|wireshark-cli}} denial of service<br />
* [26 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000693.html ASA-201608-19] {{pkg|mediawiki}} multiple issues<br />
* [22 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000692.html ASA-201608-18] {{pkg|libgcrypt}} information disclosure<br />
* [21 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000691.html ASA-201608-17] {{pkg|linux-lts}} information disclosure<br />
* [17 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000690.html ASA-201608-16] {{pkg|chromium}} multiple issues<br />
* [17 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000689.html ASA-201608-15] {{pkg|linux-zen}} information disclosure<br />
* [14 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000688.html ASA-201608-14] {{pkg|postgresql}} multiple issues<br />
* [14 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000687.html ASA-201608-13] {{pkg|linux-grsec}} information disclosure<br />
* [14 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000686.html ASA-201608-12] {{pkg|linux}} information disclosure<br />
* [11 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000685.html ASA-201608-11] {{pkg|websvn}} cross-site scripting<br />
* [10 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000684.html ASA-201608-10] {{pkg|jq}} arbitrary code execution<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000683.html ASA-201608-9] {{pkg|curl}} multiple issues<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000682.html ASA-201608-8] {{pkg|libupnp}} arbitrary filesystem access<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000681.html ASA-201608-7] {{pkg|lib32-glibc}} denial of service<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000680.html ASA-201608-6] {{pkg|glibc}} denial of service<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000679.html ASA-201608-5] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000678.html ASA-201608-4] {{pkg|jre7-openjdk}} multiple issues<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000677.html ASA-201608-3] {{pkg|jdk7-openjdk}} multiple issues<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000676.html ASA-201608-2] {{pkg|firefox}} multiple issues<br />
* [02 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000675.html ASA-201608-1] {{pkg|openssh}} information leakage<br />
<br />
=== July 2016 ===<br />
* [30 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000674.html ASA-201607-14] {{pkg|libidn}} denial of service<br />
* [29 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000673.html ASA-201607-13] {{pkg|imagemagick}} information leakage<br />
* [24 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000672.html ASA-201607-12] {{pkg|chromium}} multiple issues<br />
* [22 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000671.html ASA-201607-11] {{pkg|python2-django}} cross site scripting<br />
* [22 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000670.html ASA-201607-10] {{pkg|python-django}} cross site scripting<br />
* [21 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000669.html ASA-201607-9] {{pkg|drupal}} proxy injection<br />
* [20 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000668.html ASA-201607-8] {{pkg|bind}} denial of service<br />
* [18 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000667.html ASA-201607-7] {{pkg|lib32-flashplugin}} multiple issues<br />
* [18 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000666.html ASA-201607-6] {{pkg|flashplugin}} multiple issues<br />
* [17 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000665.html ASA-201607-5] {{pkg|gimp}} arbitrary code execution<br />
* [10 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000664.html ASA-201607-4] {{pkg|thunderbird}} arbitrary code execution<br />
* [05 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000663.html ASA-201607-3] {{pkg|libreoffice-fresh}} arbitrary code execution<br />
* [05 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000662.html ASA-201607-2] {{pkg|xerces-c}} denial of service<br />
* [05 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000661.html ASA-201607-1] {{pkg|libarchive}} arbitrary code execution<br />
<br />
=== June 2016 ===<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000660.html ASA-201606-25] {{pkg|phpmyadmin}} multiple issues<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000659.html ASA-201606-24] {{pkg|libpurple}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000658.html ASA-201606-23] {{pkg|libdwarf}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000657.html ASA-201606-22] {{pkg|xerces-c}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000656.html ASA-201606-21] {{pkg|vlc}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000655.html ASA-201606-20] {{pkg|chromium}} arbitrary code execution<br />
* [20 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000654.html ASA-201606-19] {{pkg|wget}} arbitrary file upload<br />
* [20 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000653.html ASA-201606-18] {{pkg|lib32-flashplugin}} multiple issues<br />
* [19 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000652.html ASA-201606-17] {{pkg|lib32-glibc}} denial of service<br />
* [19 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000651.html ASA-201606-16] {{pkg|glibc}} denial of service<br />
* [19 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000650.html ASA-201606-15] {{pkg|flashplugin}} multiple issues<br />
* [13 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000649.html ASA-201606-14] {{pkg|lib32-expat}} multiple issues<br />
* [13 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000648.html ASA-201606-13] {{pkg|expat}} multiple issues<br />
* [10 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000647.html ASA-201606-12] {{pkg|lib32-gnutls}} arbitrary file overwrite<br />
* [10 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000646.html ASA-201606-11] {{pkg|haproxy}} denial of service<br />
* [10 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000645.html ASA-201606-10] {{pkg|gnutls}} arbitrary file overwrite<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000644.html ASA-201606-9] {{pkg|qemu-arch-extra}} multiple issues<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000643.html ASA-201606-8] {{pkg|qemu}} multiple issues<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000642.html ASA-201606-7] {{pkg|firefox}} multiple issues<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000641.html ASA-201606-6] {{pkg|subversion}} multiple issues<br />
* [5 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000640.html ASA-201606-5] {{pkg|chromium}} multiple issues<br />
* [4 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000639.html ASA-201606-4] {{pkg|ntp}} distributed denial of service amplification<br />
* [4 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000638.html ASA-201606-3] {{pkg|webkit2gtk}} arbitrary code execution<br />
* [1 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000637.html ASA-201606-2] {{pkg|nginx-mainline}} denial of service<br />
* [1 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000636.html ASA-201606-1] {{pkg|nginx}} denial of service<br />
<br />
=== May 2016 ===<br />
<br />
* [28 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000635.html ASA-201605-28] {{pkg|chromium}} multiple issues<br />
* [26 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000634.html ASA-201605-27] {{pkg|libxml2}} multiple issues<br />
* [24 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000633.html ASA-201605-26] {{pkg|libndp}} man-in-the-middle<br />
* [19 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000632.html ASA-201605-25] {{pkg|bugzilla}} cross-site scripting<br />
* [18 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000631.html ASA-201605-24] {{pkg|p7zip}} arbitrary code execution<br />
* [18 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000630.html ASA-201605-23] {{pkg|lib32-expat}} arbitrary code execution<br />
* [18 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000629.html ASA-201605-22] {{pkg|expat}} arbitrary code execution<br />
* [15 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000628.html ASA-201605-21] {{pkg|thunderbird}} arbitrary code execution<br />
* [13 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000627.html ASA-201605-20] {{pkg|lib32-glibc}} multiple issues<br />
* [13 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000626.html ASA-201605-19] {{pkg|glibc}} multiple issues<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000625.html ASA-201605-18] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000624.html ASA-201605-17] {{pkg|libksba}} denial of service<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000623.html ASA-201605-16] {{pkg|flashplugin}} arbitrary code execution<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000622.html ASA-201605-15] {{pkg|chromium}} multiple issues<br />
* [10 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000621.html ASA-201605-14] {{pkg|cacti}} sql injection<br />
* [10 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000620.html ASA-201605-13] {{pkg|squid}} multiple issues<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000619.html ASA-201605-12] {{pkg|mencoder}} denial of service<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000618.html ASA-201605-11] {{pkg|mplayer}} denial of service<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000617.html ASA-201605-10] {{pkg|mercurial}} arbitrary code execution<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000616.html ASA-201605-9] {{pkg|latex2rtf}} arbitrary code execution<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000615.html ASA-201605-8] {{pkg|gd}} arbitrary code execution<br />
* [05 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000614.html ASA-201605-7] {{pkg|chromium}} multiple issues<br />
* [05 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000613.html ASA-201605-6] {{pkg|imagemagick}} arbitrary code execution<br />
* [05 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000612.html ASA-201605-5] {{pkg|quassel-core}} denial of service<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000611.html ASA-201605-4] {{pkg|lib32-openssl}} multiple issues<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000610.html ASA-201605-3] {{pkg|openssl}} multiple issues<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000609.html ASA-201605-2] {{pkg|jasper}} multiple issues<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000608.html ASA-201605-1] {{pkg|imlib2}} multiple issues<br />
<br />
=== April 2016 ===<br />
<br />
* [30 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000607.html ASA-201604-15] {{pkg|firefox}} multiple issues<br />
* [23 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000606.html ASA-201604-14] {{pkg|squid}} multiple issues<br />
* [23 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000605.html ASA-201604-13] {{pkg|samba}} multiple issues<br />
* [23 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000604.html ASA-201604-12] {{pkg|thunderbird}} multiple issues<br />
* [22 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000603.html ASA-201604-11] {{pkg|pgpdump}} denial of service<br />
* [17 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000602.html ASA-201604-10] {{pkg|chromium}} multiple issues<br />
* [17 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000601.html ASA-201604-9] {{pkg|libtasn1}} denial of service<br />
* [14 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000600.html ASA-201604-8] {{pkg|lhasa}} arbitrary code execution<br />
* [10 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000599.html ASA-201604-7] {{pkg|flashplugin}} arbitrary code execution<br />
* [06 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000598.html ASA-201604-6] {{pkg|mercurial}} arbitrary code execution<br />
* [04 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000597.html ASA-201604-5] {{pkg|optipng}} arbitrary code execution<br />
* [02 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000596.html ASA-201604-4] {{pkg|squid}} denial of service<br />
* [01 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000595.html ASA-201604-3] {{pkg|jre7-openjdk-headless}} sandbox escape<br />
* [01 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000594.html ASA-201604-2] {{pkg|jre7-openjdk}} sandbox escape<br />
* [01 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000593.html ASA-201604-1] {{pkg|jdk7-openjdk}} sandbox escape<br />
<br />
=== March 2016 ===<br />
<br />
* [29 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000592.html ASA-201603-27] {{pkg|jre8-openjdk-headless}} sandbox escape<br />
* [29 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000591.html ASA-201603-26] {{pkg|jre8-openjdk}} sandbox escape<br />
* [29 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000590.html ASA-201603-25] {{pkg|jdk8-openjdk}} sandbox escape<br />
* [26 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000589.html ASA-201603-24] {{pkg|chromium}} multiple issues<br />
* [24 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000588.html ASA-201603-23] {{pkg|expat}} arbitrary code execution<br />
* [24 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000587.html ASA-201603-22] {{pkg|botan}} multiple issues<br />
* [20 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000586.html ASA-201603-21] {{pkg|thunderbird}} multiple issues<br />
* [20 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000585.html ASA-201603-20] {{pkg|git}} remote command execution<br />
* [14 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000584.html ASA-201603-19] {{pkg|dropbear}} command injection<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000583.html ASA-201603-18] {{pkg|pcre}} arbitrary code execution<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000582.html ASA-201603-17] {{pkg|wireshark-gtk}} denial of service<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000581.html ASA-201603-16] {{pkg|wireshark-qt}} denial of service<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000580.html ASA-201603-15] {{pkg|wireshark-cli}} denial of service<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000579.html ASA-201603-14] {{pkg|pidgin-otr}} arbitrary code execution<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000578.html ASA-201603-13] {{pkg|bind}} denial of service<br />
* [11 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000577.html ASA-201603-12] {{pkg|openssh}} command injection<br />
* [11 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000576.html ASA-201603-11] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [11 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000575.html ASA-201603-10] {{pkg|flashplugin}} arbitrary code execution<br />
* [10 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000574.html ASA-201603-9] {{pkg|perl}} improper input validation<br />
* [10 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000573.html ASA-201603-8] {{pkg|exim}} privilege escalation<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000572.html ASA-201603-7] {{pkg|bind}} denial of service<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000571.html ASA-201603-6] {{pkg|libotr}} arbitrary code execution<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000570.html ASA-201603-5] {{pkg|chromium}} multiple issues<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000569.html ASA-201603-4] {{pkg|firefox}} multiple issues<br />
* [7 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000568.html ASA-201603-3] {{pkg|lib32-openssl}} multiple issues<br />
* [7 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000567.html ASA-201603-2] {{pkg|openssl}} multiple issues<br />
* [3 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000566.html ASA-201603-1] {{pkg|chromium}} multiple issues<br />
<br />
=== February 2016 ===<br />
<br />
* [28 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000565.html ASA-201602-24] {{pkg|cacti}} SQL injection<br />
* [28 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000564.html ASA-201602-23] {{pkg|lib32-glibc}} unbound stack usage<br />
* [28 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000563.html ASA-201602-22] {{pkg|glibc}} unbound stack usage<br />
* [25 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000562.html ASA-201602-21] {{pkg|lib32-libssh2}} man-in-the-middle<br />
* [25 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000561.html ASA-201602-20] {{pkg|libssh2}} man-in-the-middle<br />
* [24 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000560.html ASA-201602-19] {{pkg|libgcrypt}} secret key extraction<br />
* [23 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000559.html ASA-201602-18] {{pkg|libssh}} man-in-the-middle<br />
* [21 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000558.html ASA-201602-17] {{pkg|chromium}} multiple issues<br />
* [21 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000557.html ASA-201602-16] {{pkg|thunderbird}} multiple issues<br />
* [17 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000555.html ASA-201602-15] {{pkg|lib32-glibc}} multiple issues<br />
* [17 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000554.html ASA-201602-14] {{pkg|glibc}} multiple issues<br />
* [13 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000553.html ASA-201602-13] {{pkg|nghttp2}} denial of service<br />
* [13 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000552.html ASA-201602-12] {{pkg|firefox}} same-origin policy bypass<br />
* [10 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000551.html ASA-201602-11] {{pkg|botan}} multiple issues<br />
* [10 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000550.html ASA-201602-10] {{pkg|kscreenlocker}} access restriction bypass<br />
* [6 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000549.html ASA-201602-9] {{pkg|lib32-libsndfile}} multiple issues<br />
* [6 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000548.html ASA-201602-8] {{pkg|libsndfile}} multiple issues<br />
* [4 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000547.html ASA-201602-7] {{pkg|libbsd}} denial of service<br />
* [3 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000546.html ASA-201602-6] {{pkg|lib32-nettle}} improper cryptographic calculations<br />
* [3 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000545.html ASA-201602-5] {{pkg|nettle}} improper cryptographic calculations<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000544.html ASA-201602-4] {{pkg|lib32-curl}} man-in-the-middle<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000543.html ASA-201602-3] {{pkg|curl}} man-in-the-middle<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000542.html ASA-201602-2] {{pkg|python2-django}} permission bypass<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000540.html ASA-201602-1] {{pkg|python-django}} permission bypass<br />
<br />
=== January 2016 ===<br />
* [29 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000539.html ASA-201601-33] {{pkg|lib32-openssl}} man-in-the-middle<br />
* [29 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000538.html ASA-201601-32] {{pkg|openssl}} man-in-the-middle<br />
* [27 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000536.html ASA-201601-31] {{pkg|nginx}} denial of service<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000535.html ASA-201601-30] {{pkg|blueman}} privilege escalation<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000534.html ASA-201601-29] {{pkg|mbedtls}} man-in-the-middle<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000533.html ASA-201601-28] {{pkg|chromium}} multiple issues<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000532.html ASA-201601-27] {{pkg|privoxy}} denial of service<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000531.html ASA-201601-26] {{pkg|linux-lts}} privilege escalation<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000530.html ASA-201601-25] {{pkg|ecryptfs-utils}} privilege escalation<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000529.html ASA-201601-24] {{pkg|python2-rsa}} signature forgery<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000528.html ASA-201601-23] {{pkg|python-rsa}} signature forgery<br />
* [21 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000527.html ASA-201601-22] {{pkg|libdwarf}} denial of service<br />
* [21 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000526.html ASA-201601-21] {{pkg|bind}} denial of service<br />
* [20 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000525.html ASA-201601-20] {{pkg|linux}} privilege escalation<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000524.html ASA-201601-19] {{pkg|ntp}} time alteration<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000523.html ASA-201601-18] {{pkg|roundcubemail}} remote code execution<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000522.html ASA-201601-17] {{pkg|ffmpeg}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000521.html ASA-201601-16] {{pkg|syncthing}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000520.html ASA-201601-15] {{pkg|keybase}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000519.html ASA-201601-14] {{pkg|hub}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000518.html ASA-201601-13] {{pkg|go-ipfs}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000517.html ASA-201601-12] {{pkg|docker}} information leakage<br />
* [16 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000516.html ASA-201601-11] {{pkg|go}} information leakage<br />
* [14 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000515.html ASA-201601-10] {{pkg|php}} multiple issues<br />
* [14 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000512.html ASA-201601-9] {{pkg|openssh}} multiple issues<br />
* [13 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000487.html ASA-201601-8] {{pkg|libxslt}} denial of service<br />
* [11 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000486.html ASA-201601-7] {{pkg|dhcpcd}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000485.html ASA-201601-6] {{pkg|wireshark-qt}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000484.html ASA-201601-5] {{pkg|wireshark-gtk}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000483.html ASA-201601-4] {{pkg|wireshark-cli}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000482.html ASA-201601-3] {{pkg|gajim}} man-in-the-middle<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000481.html ASA-201601-2] {{pkg|wordpress}} cross-side scripting<br />
* [02 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000480.html ASA-201601-1] {{pkg|rtmpdump}} multiple issues<br />
<br />
=== December 2015 ===<br />
<br />
* [28 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000479.html ASA-201512-19] {{pkg|openvpn}} out-of-bound read<br />
* [28 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000478.html ASA-201512-18] {{pkg|libpng}} buffer overflow<br />
* [28 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000477.html ASA-201512-17] {{pkg|flashplugin}}, {{pkg|lib32-flashplugin}} multiple issues<br />
* [25 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000476.html ASA-201512-16] {{pkg|nghttp2}} use-after-free<br />
* [25 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000475.html ASA-201512-15] {{pkg|mediawiki}} multiple issues<br />
* [25 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000474.html ASA-201512-14] {{pkg|thunderbird}} multiple issues<br />
* [22 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000473.html ASA-201512-13] {{pkg|claws-mail}} buffer overflow<br />
* [17 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000472.html ASA-201512-12] {{pkg|python2-pyamf}} XML external entity injection<br />
* [17 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000471.html ASA-201512-11] {{pkg|ruby}} unsafe tainted string usage<br />
* [16 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000468.html ASA-201512-10] {{pkg|bind}} denial of service<br />
* [15 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000467.html ASA-201512-9] {{pkg|firefox}} multiple issues<br />
* [10 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000466.html ASA-201512-8] {{pkg|keepassx}} information disclosure<br />
* [09 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000465.html ASA-201512-7] {{pkg|flashplugin}} multiple issues<br />
* [09 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000464.html ASA-201512-6] {{pkg|libxml2}} multiple issues<br />
* [09 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000463.html ASA-201512-5] {{pkg|chromium}} multiple issues<br />
* [05 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000462.html ASA-201512-4] {{pkg|nodejs}} denial of service<br />
* [05 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000460.html ASA-201512-3] {{pkg|python-django}} {{pkg|python2-django}} information leakage<br />
* [05 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000459.html ASA-201512-2] {{pkg|openssl}} {{pkg|lib32-openssl}} multiple issues<br />
* [02 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000440.html ASA-201512-1] {{pkg|chromium}} multiple issues<br />
<br />
=== November 2015 ===<br />
<br />
* [18 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000439.html ASA-201511-11] {{pkg|jenkins}} multiple issues<br />
* [17 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000438.html ASA-201511-10] {{pkg|lib32-libpng}} multiple issues<br />
* [17 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000437.html ASA-201511-9] {{pkg|libpng}} multiple issues<br />
* [13 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000436.html ASA-201511-8] {{pkg|chromium}} information leakage<br />
* [12 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000435.html ASA-201511-7] {{pkg|putty}} arbitrary code execution<br />
* [12 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000434.html ASA-201511-6] {{pkg|powerdns}} denial of service<br />
* [11 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000433.html ASA-201511-5] {{pkg|flashplugin}} multiple issues<br />
* [06 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000432.html ASA-201511-4] {{pkg|nspr}} arbitrary code execution<br />
* [06 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000431.html ASA-201511-3] {{pkg|nss}} arbitrary code execution<br />
* [04 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000430.html ASA-201511-2] {{pkg|firefox}} multiple issues<br />
* [03 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000429.html ASA-201511-1] {{pkg|unzip}} multiple issues<br />
<br />
=== October 2015 ===<br />
<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000428.html ASA-201510-26] {{pkg|mariadb}} denial of service<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000427.html ASA-201510-25] {{pkg|lldpd}} denial of service<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000426.html ASA-201510-24] {{pkg|wordpress}} multiple issues<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000425.html ASA-201510-23] {{pkg|phpmyadmin}} content spoofing<br />
* [27 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000424.html ASA-201510-22] {{pkg|vorbis-tools}} denial of service<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000423.html ASA-201510-21] {{pkg|drupal}} open redirect<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000422.html ASA-201510-20] {{pkg|jre8-openjdk-headless}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000421.html ASA-201510-19] {{pkg|jre8-openjdk}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000420.html ASA-201510-18] {{pkg|jdk8-openjdk}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000419.html ASA-201510-17] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000418.html ASA-201510-16] {{pkg|jre7-openjdk}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000417.html ASA-201510-15] {{pkg|jdk7-openjdk}} multiple issues<br />
* [22 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000416.html ASA-201510-14] {{pkg|ntp}} multiple issues<br />
* [19 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000415.html ASA-201510-13] {{pkg|spice}} multiple issues<br />
* [18 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000414.html ASA-201510-12] {{pkg|flashplugin}} arbitrary code execution<br />
* [18 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000413.html ASA-201510-11] {{pkg|miniupnpc}} arbitrary code execution<br />
* [16 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000412.html ASA-201510-10] {{pkg|firefox}} cross-origin restriction bypass<br />
* [15 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000411.html ASA-201510-9] {{pkg|mbedtls}} arbitrary code execution<br />
* [14 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000410.html ASA-201510-8] {{pkg|chromium}} multiple issues<br />
* [14 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000409.html ASA-201510-7] {{pkg|flashplugin}} multiple issues<br />
* [10 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000408.html ASA-201510-6] {{pkg|gdk-pixbuf2}} multiple issues<br />
* [08 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000407.html ASA-201510-5] {{pkg|opensmtpd}} multiple issues<br />
* [08 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000406.html ASA-201510-4] {{pkg|bugzilla}} unauthorized account creation<br />
* [05 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000405.html ASA-201510-3] {{pkg|nodejs}} denial of service<br />
* [05 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000404.html ASA-201510-2] {{pkg|hostapd}} denial of service<br />
* [05 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000403.html ASA-201510-1] {{pkg|libunwind}} denial of service<br />
<br />
=== September 2015 ===<br />
* [28 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000401.html ASA-201509-11] {{pkg|chromium}} cross-origin bypass<br />
* [25 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000400.html ASA-201509-10] {{pkg|rpcbind}} denial of service<br />
* [23 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000399.html ASA-201509-9] {{pkg|firefox}} multiple issues<br />
* [22 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000398.html ASA-201509-8] {{pkg|flashplugin}} multiple issues<br />
* [21 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000397.html ASA-201509-7] {{pkg|wordpress}} multiple issues<br />
* [13 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000395.html ASA-201509-6] {{pkg|icedtea-web}} multiple issues<br />
* [13 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000394.html ASA-201509-5] {{pkg|libvdpau}} {{pkg|lib32-libvdpau}} multiple issues<br />
* [13 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000393.html ASA-201509-4] {{pkg|openldap}} denial of service<br />
* [07 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000392.html ASA-201509-3] {{pkg|powerdns}} denial of service<br />
* [03 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000391.html ASA-201509-2] {{pkg|bind}} denial of service<br />
* [02 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000390.html ASA-201509-1] {{pkg|chromium}} multiple issues<br />
<br />
=== August 2015 ===<br />
* [28 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000389.html ASA-201508-12] {{pkg|firefox}} multiple issues<br />
* [26 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000388.html ASA-201508-11] {{pkg|pcre}} arbitrary code execution<br />
* [26 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000387.html ASA-201508-10] {{pkg|jasper}} denial of service<br />
* [25 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000386.html ASA-201508-9] {{pkg|django}} denial of service<br />
* [25 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000385.html ASA-201508-8] {{pkg|gnutls}} denial of service<br />
* [16 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000384.html ASA-201508-7] {{pkg|glibc}} denial of service<br />
* [14 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000383.html ASA-201508-6] {{pkg|freeradius}} insufficient CRL validation<br />
* [14 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000382.html ASA-201508-5] {{pkg|subversion}} authentication bypass<br />
* [12 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000381.html ASA-201508-4] {{pkg|firefox}} multiple issues<br />
* [11 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000380.html ASA-201508-3] {{pkg|ppp}} denial of service<br />
* [07 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000379.html ASA-201508-2] {{pkg|wordpress}} multiple issues<br />
* [07 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000378.html ASA-201508-1] {{pkg|firefox}} information leakage<br />
<br />
=== July 2015 ===<br />
* [29 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000377.html ASA-201507-23] {{pkg|pacman}} silent downgrade<br />
* [29 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000376.html ASA-201507-22] {{pkg|bind}} denial of service<br />
* [29 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000375.html ASA-201507-21] {{pkg|qemu}} multiple issues<br />
* [24 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000374.html ASA-201507-20] {{pkg|crypto++}} private key recovery<br />
* [24 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000373.html ASA-201507-19] {{pkg|libuser}} privilege escalation<br />
* [23 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000371.html ASA-201507-18] {{pkg|chromium}} multiple issues<br />
* [23 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000372.html ASA-201507-17] {{pkg|openssh}} authentication limits bypass<br />
* [22 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000370.html ASA-201507-16] {{pkg|jre7-openjdk}} multiple issues<br />
* [17 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000369.html ASA-201507-15] {{pkg|apache}} multiple issues<br />
* [16 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000368.html ASA-201507-14] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [16 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000367.html ASA-201507-13] {{pkg|flashplugin}} arbitrary code execution<br />
* [13 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000366.html ASA-201507-12] {{pkg|lib32-openssl}} man-in-the-middle<br />
* [12 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000365.html ASA-201507-11] {{pkg|lib32-krb5}} multiple issues<br />
* [12 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000364.html ASA-201507-10] {{pkg|krb5}} multiple issues<br />
* [11 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000363.html ASA-201507-9] {{pkg|thunderbird}} multiple issues<br />
* [09 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000362.html ASA-201507-8] {{pkg|openssl}} man-in-the-middle<br />
* [08 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000361.html ASA-201507-7] {{pkg|flashplugin}} remote code execution<br />
* [07 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000360.html ASA-201507-6] {{pkg|bind}} denial of service<br />
* [07 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000359.html ASA-201507-5] {{pkg|ntp}} denial of service<br />
* [04 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000358.html ASA-201507-4] {{pkg|openssh}} XSECURITY restrictions bypass<br />
* [04 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000357.html ASA-201507-3] {{pkg|haproxy}} information leakage<br />
* [03 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000356.html ASA-201507-2] {{pkg|firefox}} remote code execution<br />
* [03 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000355.html ASA-201507-1] {{pkg|wesnoth}} information leakage<br />
<br />
=== June 2015 ===<br />
* [24 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000346.html ASA-201506-5] {{pkg|flashplugin}} remote code execution<br />
* [22 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000345.html ASA-201506-4] {{pkg|curl}} information leakage<br />
* [12 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000344.html ASA-201506-3] {{pkg|openssl}} multiple issues<br />
* [10 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000343.html ASA-201506-2] {{pkg|cups}} multiple issues<br />
* [01 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000342.html ASA-201506-1] {{pkg|pcre}} buffer overflow<br />
<br />
=== May 2015 ===<br />
* [28 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000341.html ASA-201505-20] {{pkg|curl}} information leakage<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000340.html ASA-201505-19] {{pkg|webkitgtk2}} man-in-the-middle<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000339.html ASA-201505-18] {{pkg|webkitgtk}} man-in-the-middle<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000338.html ASA-201505-17] {{pkg|postgresql}} multiple issues<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000337.html ASA-201505-16] {{pkg|pgbouncer}} denial of service<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000336.html ASA-201505-15] {{pkg|nbd}} denial of service<br />
* [21 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000335.html ASA-201505-14] {{pkg|chromium}} multiple issues<br />
* [18 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000332.html ASA-201505-13] {{pkg|thunderbird}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000331.html ASA-201505-12] {{pkg|wireshark-gtk}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000330.html ASA-201505-11] {{pkg|wireshark-qt}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000329.html ASA-201505-10] {{pkg|wireshark-cli}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000328.html ASA-201505-9] {{pkg|qemu}} arbitrary code execution<br />
* [13 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000321.html ASA-201505-8] {{pkg|tomcat6}} denial of service<br />
* [13 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000320.html ASA-201505-7] {{pkg|firefox}} multiple issues<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000319.html ASA-201505-6] {{pkg|docker}} multiple issues<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000318.html ASA-201505-5] {{pkg|libtasn1}} arbitrary code execution<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000317.html ASA-201505-4] {{pkg|mariadb-clients}} multiple issues<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000316.html ASA-201505-3] {{pkg|mariadb}} multiple issues<br />
* [03 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000315.html ASA-201505-2] {{pkg|clamav}} multiple issues<br />
* [01 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000314.html ASA-201505-1] {{pkg|squid}} weak certificate validation<br />
<br />
=== Apr 2015 ===<br />
* [30 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000313.html ASA-201504-32] {{pkg|perl-xml-libxml}} xml external entity injection<br />
* [29 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000312.html ASA-201504-31] {{pkg|dovecot}} denial of service<br />
* [29 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000311.html ASA-201504-30] {{pkg|chromium}} multiple issues<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000310.html ASA-201504-29] {{pkg|wpa_supplicant}} arbitrary code execution<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000309.html ASA-201504-28] {{pkg|curl}} multiple issues<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000308.html ASA-201504-27] {{pkg|powerdns-recursor}} denial of service<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000307.html ASA-201504-26] {{pkg|powerdns}} denial of service<br />
* [23 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000305.html ASA-201504-25] {{pkg|glibc}} arbitrary code execution<br />
* [22 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000304.html ASA-201504-24] {{pkg|firefox}} arbitrary code execution<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000302.html ASA-201504-23] {{pkg|jre8-openjdk-headless}} multiple issues<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000301.html ASA-201504-22] {{pkg|jre8-openjdk}} multiple issues<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000300.html ASA-201504-21] {{pkg|jdk8-openjdk}} multiple issues<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000299.html ASA-201504-20] {{pkg|tcpdump}} denial of service<br />
* [18 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000298.html ASA-201504-19] {{pkg|chromium}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000297.html ASA-201504-18] {{pkg|flashplugin}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000296.html ASA-201504-17] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000295.html ASA-201504-16] {{pkg|jre7-openjdk}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000294.html ASA-201504-15] {{pkg|jdk7-openjdk}} multiple issues<br />
* [15 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000291.html ASA-201504-14] {{pkg|php}} multiple issues<br />
* [14 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000282.html ASA-201504-13] {{pkg|ruby}} permissive certificate matching<br />
* [11 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000281.html ASA-201504-12] {{pkg|icecast}} denial of service<br />
* [10 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000280.html ASA-201504-11] {{pkg|mediawiki}} multiple issues<br />
* [09 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000279.html ASA-201504-10] {{pkg|libssh2}} out-of-bounds read<br />
* [08 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000278.html ASA-201504-9] {{pkg|chrony}} denial of service<br />
* [08 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000275.html ASA-201504-8] {{pkg|ntp}} multiple issues<br />
* [07 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000274.html ASA-201504-7] {{pkg|tor}} multiple issues<br />
* [04 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000272.html ASA-201504-6] {{pkg|thunderbird}} multiple issues<br />
* [04 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000273.html ASA-201504-5] {{pkg|java-batik}} xml external entity injection<br />
* [04 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000271.html ASA-201504-4] {{pkg|firefox}} certificate verification bypass<br />
* [03 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000270.html ASA-201504-3] {{pkg|libtasn1}} stack overflow<br />
* [02 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000269.html ASA-201504-2] {{pkg|chromium}} remote code execution<br />
* [01 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000268.html ASA-201504-1] {{pkg|firefox}} multiple issues<br />
<br />
=== Mar 2015 ===<br />
* [31 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000267.html ASA-201503-26] {{pkg|musl}} arbitrary code execution<br />
* [28 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000266.html ASA-201503-25] {{pkg|php}} zip integer overflow<br />
* [25 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000265.html ASA-201503-24] {{pkg|vorbis-tools}} denial of service<br />
* [24 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000264.html ASA-201503-23] {{pkg|util-linux}} command injection<br />
* [23 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000263.html ASA-201503-22] {{pkg|cpio}} directory traversal<br />
* [21 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000262.html ASA-201503-21] {{pkg|firefox}} multiple issues<br />
* [20 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000261.html ASA-201503-20] {{pkg|tcpdump}} multiple issues<br />
* [20 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000260.html ASA-201503-19] {{pkg|xerces-c}} denial of service<br />
* [20 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000259.html ASA-201503-18] {{pkg|drupal}} multiple issues<br />
* [19 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000258.html ASA-201503-17] {{pkg|lib32-openssl}} multiple issues<br />
* [19 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000257.html ASA-201503-16] {{pkg|openssl}} multiple issues<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000256.html ASA-201503-15] {{pkg|libxfont}} multiple issues<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000255.html ASA-201503-14] {{pkg|ecryptfs-utils}} hard-coded passphrase salt<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000254.html ASA-201503-13] {{pkg|ettercap-gtk}} multiple issues<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000253.html ASA-201503-12] {{pkg|ettercap}} multiple issues<br />
* [16 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000252.html ASA-201503-11] {{pkg|flashplugin}} multiple issues<br />
* [16 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000251.html ASA-201503-10] {{pkg|librsync}} checksum collision<br />
* [15 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000250.html ASA-201503-9] {{pkg|unzip}} arbitrary code execution<br />
* [12 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000249.html ASA-201503-8] {{pkg|e2fsprogs}} arbitrary code execution<br />
* [11 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000248.html ASA-201503-7] {{pkg|python2-django}} {{pkg|python-django}} cross site scripting<br />
* [09 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000247.html ASA-201503-6] {{pkg|mutt}} denial of service<br />
* [05 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000245.html ASA-201503-5] {{pkg|chromium}} multiple issues<br />
* [05 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000244.html ASA-201503-4] {{pkg|grep}} denial of service<br />
* [02 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000243.html ASA-201503-3] {{pkg|lib32-elfutils}} directory traversal<br />
* [02 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000242.html ASA-201503-2] {{pkg|elfutils}} directory traversal<br />
* [02 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000241.html ASA-201503-1] {{pkg|putty}} information disclosure<br />
<br />
=== Feb 2015 ===<br />
* [25 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000238.html ASA-201502-15] {{pkg|thunderbird}} multiple issues<br />
* [25 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000237.html ASA-201502-14] {{pkg|firefox}} multiple issues<br />
* [23 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000236.html ASA-201502-13] {{pkg|samba}} arbitrary code execution<br />
* [17 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000235.html ASA-201502-12] {{pkg|krb5}} multiple issues<br />
* [11 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000234.html ASA-201502-11] {{pkg|xorg-server}} information leak and denial of service<br />
* [10 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000233.html ASA-201502-10] {{pkg|dbus}} denial of service<br />
* [09 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000232.html ASA-201502-9] {{pkg|pigz}} remote write to arbitrary file<br />
* [09 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000231.html ASA-201502-8] {{pkg|glibc}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000230.html ASA-201502-7] {{pkg|ntp}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000229.html ASA-201502-6] {{pkg|clamav}} arbitrary code execution<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000228.html ASA-201502-5] {{pkg|chromium}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000227.html ASA-201502-4] {{pkg|postgresql}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000226.html ASA-201502-3] {{pkg|mantisbt}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000225.html ASA-201502-2] {{pkg|flashplugin}} remote code execution<br />
* [03 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000224.html ASA-201502-1] {{pkg|privoxy}} denial of service<br />
<br />
=== Jan 2015 ===<br />
* [28 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000223.html ASA-201501-24] {{pkg|patch}} multiple issues<br />
* [27 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000222.html ASA-201501-23] {{pkg|jasper}} arbitrary code execution<br />
* [26 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000220.html ASA-201501-22] {{pkg|flashplugin}} multiple issues<br />
* [25 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000219.html ASA-201501-21] {{pkg|chromium}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000218.html ASA-201501-20] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000217.html ASA-201501-19] {{pkg|jre7-openjdk}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000216.html ASA-201501-18] {{pkg|jdk7-openjdk}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000215.html ASA-201501-17] {{pkg|php}} remote code execution<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000212.html ASA-201501-16] {{pkg|jre8-openjdk-headless}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000211.html ASA-201501-15] {{pkg|jre8-openjdk}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000210.html ASA-201501-14] {{pkg|jdk8-openjdk}} multiple issues<br />
* [20 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000209.html ASA-201501-13] {{pkg|polarssl}} remote code execution<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000208.html ASA-201501-12] {{pkg|libssh}} denial of service<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000207.html ASA-201501-11] {{pkg|tinyproxy}} denial of service<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000206.html ASA-201501-10] {{pkg|samba}} privilege elevation<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000205.html ASA-201501-9] {{pkg|curl}} url request injection<br />
* [15 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000204.html ASA-201501-8] {{pkg|flashplugin}} multiple issues<br />
* [14 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000203.html ASA-201501-7] {{pkg|thunderbird}} multiple issues<br />
* [14 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000202.html ASA-201501-6] {{pkg|firefox}} multiple issues<br />
* [14 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000201.html ASA-201501-5] {{pkg|cpio}} heap buffer overflow<br />
* [13 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000200.html ASA-201501-4] {{pkg|libevent}} heap overflow<br />
* [10 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000199.html ASA-201501-3] {{pkg|unzip}} arbitrary code execution<br />
* [09 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000198.html ASA-201501-2] {{pkg|openssl}} multiple issues<br />
* [07 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000192.html ASA-201501-1] {{pkg|imagemagick}} multiple issues<br />
<br />
=== Dec 2014 ===<br />
* [22 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000189.html ASA-201412-24] {{pkg|ntp}} multiple issues<br />
* [18 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000183.html ASA-201412-23] {{pkg|php}} use after free<br />
* [18 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000182.html ASA-201412-22] {{pkg|jasper}} arbitrary code execution<br />
* [18 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000181.html ASA-201412-21] {{pkg|glibc}} arbitrary code execution<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000178.html ASA-201412-20] {{pkg|unrtf}} arbitrary code execution<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000177.html ASA-201412-19] {{pkg|dokuwiki}} cross-site scripting<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000176.html ASA-201412-18] {{pkg|nss}} signature forgery<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000175.html ASA-201412-17] {{pkg|subversion}} denial of service<br />
* [15 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000174.html ASA-201412-16] {{pkg|docker}} multiple issues<br />
* [15 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000173.html ASA-201412-15] {{pkg|python2}} multiple issues<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000172.html ASA-201412-14] {{pkg|xorg-server}} multiple issues<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000171.html ASA-201412-13] {{pkg|flashplugin}} multiple issues<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000170.html ASA-201412-12] {{pkg|nvidia}} arbitrary code execution<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000169.html ASA-201412-11] {{pkg|nvidia-340xx}} arbitrary code execution<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000168.html ASA-201412-10] {{pkg|nvidia-304xx}} arbitrary code execution<br />
* [09 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000167.html ASA-201412-9] {{pkg|powerdns-recursor}} denial of service<br />
* [09 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000166.html ASA-201412-8] {{pkg|unbound}} denial of service<br />
* [08 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000165.html ASA-201412-7] {{pkg|bind}} denial of service<br />
* [08 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000164.html ASA-201412-6] {{pkg|mantisbt}} multiple issues<br />
* [04 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000163.html ASA-201412-5] {{pkg|antiword}} buffer overflow<br />
* [03 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000162.html ASA-201412-4] {{pkg|graphviz}} format string vulnerability<br />
* [03 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000161.html ASA-201412-3] {{pkg|firefox}} multiple issues<br />
* [02 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000160.html ASA-201412-2] {{pkg|openvpn}} denial of service<br />
* [01 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000159.html ASA-201412-1] {{pkg|gnupg}} denial of service<br />
<br />
=== Nov 2014 ===<br />
* [28 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000156.html ASA-201411-31] {{pkg|libksba}} denial of service<br />
* [28 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000157.html ASA-201411-32] {{pkg|icecast}} information leak<br />
* [28 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000158.html ASA-201411-33] {{pkg|libjpeg-turbo}} denial of service <br />
* [26 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000155.html ASA-201411-30] {{pkg|flac}} arbitrary code execution<br />
* [26 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000154.html ASA-201411-29] {{pkg|pcre}} heap buffer overflow<br />
* [23 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000153.html ASA-201411-28] {{pkg|dbus}} denial of service<br />
* [21 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000152.html ASA-201411-27] {{pkg|glibc}} command execution<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000151.html ASA-201411-26] {{pkg|chromium}} multiple issues<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000150.html ASA-201411-25] {{pkg|drupal}} session hijacking and denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000149.html ASA-201411-24] {{pkg|wireshark-qt}} denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000148.html ASA-201411-23] {{pkg|wireshark-gtk}} denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000147.html ASA-201411-22] {{pkg|wireshark-cli}} denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000146.html ASA-201411-21] {{pkg|clamav}} denial of service<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000145.html ASA-201411-20] {{pkg|avr-binutils}} multiple issues<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000144.html ASA-201411-19] {{pkg|mingw-w64-binutils}} multiple issues<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000143.html ASA-201411-18] {{pkg|arm-none-eabi-binutils}} multiple issues<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000142.html ASA-201411-17] {{pkg|binutils}} multiple issues<br />
* [17 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000141.html ASA-201411-16] {{pkg|ruby}} denial of service<br />
* [17 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000140.html ASA-201411-15] {{pkg|linux-lts}} local denial of service, privilege escalation<br />
* [17 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000139.html ASA-201411-14] {{pkg|linux}} local denial of service, privilege escalation<br />
* [13 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000138.html ASA-201411-13] {{pkg|php}} denial of service<br />
* [13 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000137.html ASA-201411-12] {{pkg|imagemagick}} denial of service<br />
* [13 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000136.html ASA-201411-11] {{pkg|flashplugin}} remote code execution<br />
* [12 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000135.html ASA-201411-10] {{pkg|gnutls}} out-of-bounds memory write<br />
* [12 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000134.html ASA-201411-9] {{pkg|file}} denial of service through out-of-bounds read<br />
* [12 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000133.html ASA-201411-8] {{pkg|mantisbt}} arbitrary code execution and unrestricted access<br />
* [11 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000132.html ASA-201411-7] {{pkg|curl}} out-of-bounds read<br />
* [10 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000131.html ASA-201411-6] {{pkg|kdebase-workspace}} local privilege escalation<br />
* [09 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000130.html ASA-201411-5] {{pkg|konversation}} denial of service<br />
* [06 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000129.html ASA-201411-4] {{pkg|polarssl}} multiple issues<br />
* [05 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000128.html ASA-201411-3] {{pkg|mantisbt}} sql injection<br />
* [03 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000127.html ASA-201411-2] {{pkg|aircrack-ng}} multiple vulnerabilities<br />
* [01 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000126.html ASA-201411-1] {{pkg|tnftp}} arbitrary command execution<br />
<br />
=== Oct 2014 ===<br />
<br />
* [29 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000125.html ASA-201410-14] {{pkg|wget}} arbitrary filesystem access<br />
* [27 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000124.html ASA-201410-13] {{pkg|ejabberd}} circumvention of encryption<br />
* [24 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000123.html ASA-201410-12] {{pkg|libxml2}} Denial of service<br />
* [24 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000122.html ASA-201410-11] {{pkg|ctags}} Denial of service<br />
* [23 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000121.html ASA-201410-10] {{pkg|libvncserver}} Remote code execution and Remote DoS<br />
* [22 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000120.html ASA-201410-9] {{pkg|libpurple}} Remote DoS and Information leakage<br />
* [20 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000119.html ASA-201410-8] {{pkg|wpa_supplicant}}, {{pkg|hostapd}} Arbitrary command execution<br />
* [16 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000118.html ASA-201410-7] {{pkg|drupal}} SQL Injection<br />
* [16 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000117.html ASA-201410-6] {{pkg|openssl}} Memory leak and poodle mitigation<br />
* [15 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000116.html ASA-201410-4] {{pkg|zeromq}} Man-in-the-middle downgrade and replay attack<br />
* [8 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000115.html ASA-201410-5] {{pkg|rsyslog}} Denial of service<br />
* [4 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000114.html ASA-201410-3] {{pkg|mediawiki}} Cross-site Scripting (XSS) and UI redressing<br />
* [2 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000113.html ASA-201410-2] {{pkg|jenkins}} Multiple issues<br />
* [1 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000112.html ASA-201410-1] {{pkg|rsyslog}} Remote denial of service<br />
<br />
=== Sep 2014 ===<br />
<br />
* [29 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000111.html ASA-201409-5] {{pkg|libvirt}} Out-of-bounds read access<br />
* [29 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000109.html ASA-201409-4] {{pkg|mediawiki}} Cross-site Scripting (XSS)<br />
* [26 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000102.html ASA-201409-3] {{pkg|python2}} Information leakage through integer overflow<br />
* [26 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000099.html ASA-201409-2] {{pkg|bash}} Remote code execution<br />
* [25 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000097.html ASA-201409-1] {{pkg|nss}} Signature forgery attack<br />
<br />
==Publishing a new advisory==<br />
<br />
We try to always wait for the vulnerability to have been fixed in the corresponding package before issuing an advisory.<br />
In case of an extremely critical vulnerability,<br />
we may issue an advisory before the package has been fixed, but only if a work-around exists. <br />
<br />
If you want to publish a new advisory, please check that:<br />
* the corresponding Arch Linux package is really vulnerable ;<br />
* the tracking [[Arch_CVE_Monitoring_Team#Procedure|Procedure]] has been completed;<br />
* no Arch Linux Security Advisory for this vulnerability has been published yet ;<br />
* no upcoming Security Advisory for this vulnerability has been claimed in the "[[#Scheduled Advisories|Scheduled Advisories]]" list of this page, as it would mean that someone is already working on an advisory ;<br />
* the current maintainer has been notified, either by flagging the package ouf-of-date if an upstream release fixing the issue exists and/or by creating a new [https://bugs.archlinux.org/ bug-tracker] entry (see the exact procedure [[Arch_CVE_Monitoring_Team#Procedure|here]]).<br />
<br />
You may then:<br />
* add a line in the "[[#Scheduled Advisories|Scheduled Advisories]]" list of this page, indicating that you are going to publish an advisory soon ;<br />
* use the following template as an example to write the advisory ;<br />
* ensure that every line in the advisory is properly wrapped after 72 characters<br />
* send the advisory to the [https://mailman.archlinux.org/mailman/listinfo/arch-security arch-security] mailing-list (note that it would be nice if you could send a PGP-signed e-mail, but it is not required).<br />
* move the published advisory from "[[#Scheduled Advisories|Scheduled Advisories]]" to "[[#Recent Advisories|Recent Advisories]]"<br />
* adapt the [[CVE#Documented_CVE.27s|CVE]] tracking page for the fixed package and add a link to the appropriate ASA.<br />
<br />
===Templates===<br />
<br />
{{bc|<nowiki><br />
Subject:<br />
[ASA-<YYYYMM-N>] <Package>: <Vulnerability Type><br />
<br />
Body:<br />
Arch Linux Security Advisory ASA-YYYYMM-N<br />
=========================================<br />
<br />
Severity: Low, Medium, High, Critical<br />
Date : YYYY-MM-DD<br />
CVE-ID : <CVE-ID><br />
Package : <package><br />
Type : <Vulnerability Type><br />
Remote : <Yes/No><br />
Link : https://wiki.archlinux.org/index.php/CVE<br />
<br />
Summary<br />
=======<br />
<br />
The package <package> before version <Arch Linux fixed version> is vulnerable to <Vulnerability type>.<br />
<br />
Resolution<br />
==========<br />
<br />
Upgrade to <Arch Linux fixed version>.<br />
<br />
# pacman -Syu "<package>>=<Arch Linux fixed version>"<br />
<br />
The problem has been fixed upstream in version <upstream fixed version>.<br />
<br />
Workaround<br />
==========<br />
<br />
<Is there a way to mitigate this vulnerability without upgrading?><br />
<br />
Description<br />
===========<br />
<br />
<Long description, for example from original advisory>.<br />
<br />
Impact<br />
======<br />
<br />
<<br />
What is it that an attacker can do? Does this need existing<br />
pre-conditions to be exploited (valid credentials, physical access)?<br />
Is this remotely exploitable?<br />
>.<br />
<br />
References<br />
==========<br />
<br />
<CVE-Link><br />
<Upstream report><br />
<Arch Linux Bug-Tracker><br />
</nowiki>}}<br />
<br />
===Vim-Snippet===<br />
<br />
Vim-Snippet for vim-ultisnips plugin for easy completing the archlinux template. Just install {{pkg|vim-ultisnips}} and copy the text below in your {{ic|~/.vim/UltiSnips/all.snippets}} you can jump through the tabstops with {{ic|CTRL+j}}.<br />
<br />
{{bc|<nowiki><br />
snippet archsec "arch security form" <br />
Arch Linux Security Advisory ASA-`date -I -u | egrep -o '[0-9]{4}'``date -I -u | egrep -o '[0-9]{2}' | sed '3q;d'`-${1}<br />
========================================${1/./=/g} <br />
<br />
Severity: ${2} <br />
Date : `date -I -u` <br />
CVE-ID : $3 <br />
Package : $4 <br />
Type : $5<br />
Remote : ${6} <br />
Link : https://wiki.archlinux.org/index.php/CVE <br />
<br />
Summary<br />
=======<br />
<br />
The package $4 before version $7 is vulnerable to $5 ${8} <br />
<br />
Resolution<br />
==========<br />
<br />
Upgrade to $7.<br />
<br />
# pacman -Syu "$4>=$7" <br />
<br />
${9:The problems have been fixed upstream in version ${7/-\d+$/./}} <br />
<br />
Workaround<br />
========== <br />
<br />
${10:None.} <br />
<br />
Description <br />
=========== <br />
<br />
${3/(CVE-....-....)(\s?)/- $1(?2: : )()\n\n/g} <br />
<br />
Impact<br />
====== <br />
<br />
A${6/(Yes)|(No)/(?1: remote )(?2: local )/}attacker is able to ${12} <br />
<br />
References<br />
========== <br />
<br />
${3/(CVE-....-....)(\s?)/https:\/\/access.redhat.com\/security\/cve\/$1\n/g}<br />
${13}<br />
endsnippet<br />
<br />
</nowiki>}}</div>
Anthraxx
https://wiki.archlinux.org/index.php?title=CVE&diff=454720
CVE
2016-10-21T14:36:56Z
<p>Anthraxx: /* Documented CVE's */ swap django py2 advisory numbers</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Related articles start}}<br />
{{Related|Arch CVE Monitoring Team}}<br />
{{Related|Security Advisories}}<br />
{{Related|Security Advisories/Examples}}<br />
{{Related articles end}}<br />
This article documents [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's) that are found and fixed in Arch Linux. <br />
<br />
== Introduction ==<br />
<br />
CVE's represent critical security vulnerabilities which must be addressed as quickly as possible. <br />
<br />
Once a CVE has been located and fixed, it is added to the CVE documentation table below.<br />
<br />
== Helping ==<br />
<br />
This is a community driven project. Please consider joining the [[Arch CVE Monitoring Team]]. <br />
<br />
Also, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch security mailing list]. There is an IRC on irc://irc.freenode.net/archlinux-security.<br />
<br />
== Procedure ==<br />
<br />
When adding a CVE to the table, add it to the TOP of the table. Use Wiki markup to create links in the "CVE-ID", "Package", and "Status" columns. The following template may be used to ease the process of adding CVE entries into the table. The first line, "|-" represents the creation of a new row in the table, while the second line should be modified per CVE:<br />
<br />
{{hc|CVE Table Addition Template|<nowiki><br />
|-<br />
| {{CVE|CVE-2016-????}} || {{Pkg|pkgname}} || Disclosure date || Affected versions || Fixed in version || Arch Linux response time || Status(Fixed|Pending|Invalid) (Bug reports) || {{ASA|ASA-??????-??}}<br />
</nowiki>}}<br />
<br />
{{Note|<br />
* If the CVE is not found in [http://nvd.nist.gov/home.cfm NVD], just include a link to different database in the first column: {{ic|<nowiki>[http://link.to.cve CVE-2014-????]</nowiki>}}<br />
* The "Disclosure date" field should be expressed in [[Wikipedia:ISO 8601|ISO 8601 format]] to avoid any confusion. Example: 2014-03-22.<br />
* The "Arch Linux response time" field corresponds to the time between the public release of a vulnerability and the date the package update fixing the vulnerability is made available in the official stable repositories. The "Time really vulnerable" is potentially much lengthier but is harder to estimate.<br />
}}<br />
<br />
The above "CVE-template" should be added after the line:<br />
<br />
{{bc|<nowiki>! scope="col" width="125px" data-sort-type="text" | CVE-ID !! Package !! Disclosure date !! Affected versions !! Fixed in version !! Arch Linux response time !! Status (and related bug reports) !! ASA-ID</nowiki>}}<br />
<br />
== Response time ==<br />
<br />
The response time is the time taken to get a fixed package to the stable repositories.<br />
<br />
== Documented CVE's ==<br />
<br />
{{Note|Refer to the [[#Procedure]] section when adding new entries.}}<br />
<br />
{| class="wikitable sortable" style="margin: 1em auto 1em auto; text-align: center;" width="100%"<br />
! height="50px" colspan="8" style="font-size: 125%;"| '''TRACKED CVE's'''<br />
|-<br />
! scope="col" width="130px" data-sort-type="text" | CVE-ID !! Package !! Disclosure date !! Affected versions !! Fixed in Arch Linux package version !! Arch Linux response time !! Status (and related bug reports) !! ASA-ID<br />
|-<br />
| {{CVE|CVE-2016-7401}} || {{pkg|python-django}} {{pkg|python2-django}} || 2016-10-21 || <= 1.9.9-1 || 1.10.1-1 || || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-October/000741.html ASA-201610-13] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000740.html ASA-201610-12]<br />
|-<br />
| {{CVE|CVE-2016-5195}} [https://github.com/dirtycow/dirtycow.github.io/wiki/VulnerabilityDetails] || {{pkg|linux}} || 2016-10-21 || <= 4.8.2-1 || 4.8.3-1 || || '''Vulnerable''' || <br />
|-<br />
| {{CVE|CVE-2016-5195}} [https://github.com/dirtycow/dirtycow.github.io/wiki/VulnerabilityDetails] || {{pkg|linux-grsec}} || 2016-10-21 || <= 1:4.7.8.r201610161720-1 || || || '''Vulnerable''' || <br />
|-<br />
| {{CVE|CVE-2016-5195}} [https://github.com/dirtycow/dirtycow.github.io/wiki/VulnerabilityDetails] || {{pkg|linux-lts}} || 2016-10-21 || <= 4.4.25-1 || 4.4.26-1 || <3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-October/000739.html ASA-201610-11]<br />
|-<br />
| {{CVE|CVE-2016-8605}} {{CVE|CVE-2016-8606}} [http://www.openwall.com/lists/oss-security/2016/10/11/1] [http://www.openwall.com/lists/oss-security/2016/10/12/2] || {{pkg|guile}} || 2016-10-11 || <= 2.0.12-1 || 2.0.13-1 || <3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-October/000738.html ASA-201610-10]<br />
|-<br />
| {{CVE|CVE-2016-7906}} {{CVE|CVE-2016-7799}} [http://www.openwall.com/lists/oss-security/2016/10/02/3] [http://www.openwall.com/lists/oss-security/2016/10/01/6] || {{pkg|imagemagick}} || 2016-10-02 || <= 6.9.5.10-1 || 6.9.6.0-1 || <5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-October/000734.html ASA-201610-6]<br />
|-<br />
| {{CVE|CVE-2016-7967}} {{CVE|CVE-2016-7968}} [https://www.kde.org/info/security/advisory-20161006-2.txt] [https://www.kde.org/info/security/advisory-20161006-3.txt] [http://seclists.org/oss-sec/2016/q4/23] || {{pkg|messagelib}} || 2016-10-06 || <= 16.08.1-1 || 16.08.1-2 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-October/000733.html ASA-201610-5]<br />
|- <br />
| {{CVE|CVE-2016-7966}} [https://www.kde.org/info/security/advisory-20161006-1.txt] [http://seclists.org/oss-sec/2016/q4/23] || {{pkg|kcoreaddons}} || 2016-10-06 || <= 5.26.0-1 || 5.26.0-2 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-October/000732.html ASA-201610-4]<br />
|- <br />
| {{CVE|CVE-2016-7795}} || {{pkg|systemd}} || 2016-09-29 || <= 231-1 || 231-2 || 6d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-October/000730.html ASA-201610-2]<br />
|- <br />
| {{CVE|CVE-2016-5177}} {{CVE|CVE-2016-5178}} [https://googlechromereleases.blogspot.fr/2016/09/stable-channel-update-for-desktop_29.html] || {{pkg|chromium}} || 2016-09-29 || <= 53.0.2785.116-1 || 53.0.2785.143-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-October/000729.html ASA-201610-1]<br />
|- <br />
| {{CVE|CVE-2016-7168}} {{CVE|CVE-2016-7169}} [https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/] || {{pkg|wordpress}} || 2016-09-29 || <= 4.6.0-1 || 4.6.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000728.html ASA-201609-32]<br />
|- <br />
| {{CVE|CVE-2016-5180}} [https://c-ares.haxx.se/adv_20160929.html] || {{pkg|c-ares}} || 2016-09-29 || <= 1.11.0-1 || 1.12.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000727.html ASA-201609-31]<br />
|- <br />
| {{CVE|CVE-2016-2776}} [https://kb.isc.org/article/AA-01419/0] || {{pkg|bind}} || 2016-07-27 || <= 9.10.4.P2-1 || 9.10.4.P3-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000725.html ASA-201607-29]<br />
|-<br />
| {{CVE|CVE-2016-7052}} [https://www.openssl.org/news/secadv/20160926.txt] || {{pkg|lib32-openssl}} || 2016-09-26 || <= 1:1.0.2.i-1 || 1:1.0.2.j-1 || || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000724.html ASA-201609-28]<br />
|- <br />
| {{CVE|CVE-2016-7052}} [https://www.openssl.org/news/secadv/20160926.txt] || {{pkg|openssl}} || 2016-09-26 || <= 1.0.2.i-1 || 1.0.2.j-1 || || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000726.html ASA-201609-30]<br />
|- <br />
| {{CVE|CVE-2016-6309}} [https://www.openssl.org/news/secadv/20160926.txt] || {{pkg|lib32-openssl}} || 2016-09-26 || <= 1:1.0.2.i-1 || || || Not Affected || None<br />
|- <br />
| {{CVE|CVE-2016-6309}} [https://www.openssl.org/news/secadv/20160926.txt] || {{pkg|openssl}} || 2016-09-26 || <= 1.0.2.i-1 || || || Not Affected || None<br />
|- <br />
| {{CVE|CVE-2016-2177}} {{CVE|CVE-2016-2178}} {{CVE|CVE-2016-2179}} {{CVE|CVE-2016-2180}} {{CVE|CVE-2016-2181}} {{CVE|CVE-2016-2182}} {{CVE|CVE-2016-2183}} {{CVE|CVE-2016-6302}} {{CVE|CVE-2016-6303}} {{CVE|CVE-2016-6304}} {{CVE|CVE-2016-6306}} [http://eprint.iacr.org/2016/594] [https://www.openssl.org/news/secadv/20160922.txt] || {{pkg|openssl}} || 2016-09-22 || <= 1.0.2.h-1 || 1.0.2.i-1 || <1d || Fixed ({{bug|49616}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000719.html ASA-201609-23]<br />
|- <br />
| {{CVE|CVE-2016-2177}} {{CVE|CVE-2016-2178}} {{CVE|CVE-2016-2179}} {{CVE|CVE-2016-2180}} {{CVE|CVE-2016-2181}} {{CVE|CVE-2016-2182}} {{CVE|CVE-2016-2183}} {{CVE|CVE-2016-6302}} {{CVE|CVE-2016-6303}} {{CVE|CVE-2016-6304}} {{CVE|CVE-2016-6306}} [http://eprint.iacr.org/2016/594] [https://www.openssl.org/news/secadv/20160922.txt] || {{pkg|lib32-openssl}} || 2016-09-22 || <= 1:1.0.2.h-1 || 1:1.0.2.i-1 || <1d || Fixed ({{bug|49616}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000720.html ASA-201609-24]<br />
|- <br />
| {{CVE|CVE-2016-7044}} {{CVE|CVE-2016-7045}} [https://irssi.org/security/irssi_sa_2016.txt] || {{pkg|irssi}} || 2016-09-21 || <= 0.8.19-2 || 0.8.20-1 || || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000716.html ASA-201609-20]<br />
|- <br />
| {{CVE|CVE-2016-5270}} {{CVE|CVE-2016-5271}} {{CVE|CVE-2016-5272}} {{CVE|CVE-2016-5273}} {{CVE|CVE-2016-5276}} {{CVE|CVE-2016-5274}} {{CVE|CVE-2016-5277}} {{CVE|CVE-2016-5275}} {{CVE|CVE-2016-5278}} {{CVE|CVE-2016-5279}} {{CVE|CVE-2016-5280}} {{CVE|CVE-2016-5281}} {{CVE|CVE-2016-5282}} {{CVE|CVE-2016-5283}} {{CVE|CVE-2016-5284}} {{CVE|CVE-2016-5256}} {{CVE|CVE-2016-5257}} [https://www.mozilla.org/en-US/security/advisories/mfsa2016-85/] || {{pkg|firefox}} || 2016-09-13 || <= 48.0.2-1 || 49.0-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000718.html ASA-201609-22]<br />
|- <br />
| {{CVE|CVE-2016-5388}} || {{pkg|tomcat7}} || 2016-09-18 || <= 7.0.70-1 || 7.0.72-1 || || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000717.html ASA-201609-21]<br />
|- <br />
| {{CVE|CVE-2016-7420}} [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7420] || {{pkg|crypto++}} || 2016-09-18 || <= 5.6.4-2 || 5.6.5-1 || <24d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-October/000736.html ASA-201610-8 ]<br />
|- <br />
| {{CVE|CVE-2016-7444}} [http://seclists.org/oss-sec/2016/q3/545] [https://www.gnutls.org/security.html#GNUTLS-SA-2016-3] || {{pkg|gnutls}} || 2016-09-08 || <= 3.4.14-1 || 3.4.15-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000721.html ASA-201609-25]<br />
|- <br />
| {{CVE|CVE-2016-7444}} [http://seclists.org/oss-sec/2016/q3/545] [https://www.gnutls.org/security.html#GNUTLS-SA-2016-3] || {{pkg|lib32-gnutls}} || 2016-09-08 || <= 3.4.14-1 || 3.4.15-1 || 13d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000722.html ASA-201609-26]<br />
|- <br />
| {{CVE|CVE-2016-5170}} {{CVE|CVE-2016-5171}} {{CVE|CVE-2016-5172}} {{CVE|CVE-2016-5173}} {{CVE|CVE-2016-5174}} {{CVE|CVE-2016-5175}} [https://googlechromereleases.blogspot.fr/2016/09/stable-channel-update-for-desktop_13.html] || {{pkg|chromium}} || 2016-09-13 || <= 53.0.2785.101-1 || 53.0.2785.116-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000709.html ASA-201609-13]<br />
|- <br />
| {{CVE|CVE-2016-7412}} {{CVE|CVE-2016-7413}} {{CVE|CVE-2016-7414}} {{CVE|CVE-2016-7416}} {{CVE|CVE-2016-7417}} {{CVE|CVE-2016-7418}} [http://www.openwall.com/lists/oss-security/2016/09/15/10] || {{pkg|php}} || 2016-09-15 || <= 7.0.10-1 || 7.0.11-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000712.html ASA-201609-16]<br />
|- <br />
| {{CVE|CVE-2016-6352}} [https://bugzilla.redhat.com/show_bug.cgi?id=1349751] || {{pkg|lib32-gdk-pixbuf2}} || 2016-08-31 || <= 2.34.0-1 || || || '''Vulnerable''' ||<br />
|- <br />
| {{CVE|CVE-2016-6352}} [https://bugzilla.redhat.com/show_bug.cgi?id=1349751] || {{pkg|gdk-pixbuf2}} || 2016-08-31 || <= 2.34.0-2 || 2.36.0+2+ga7c869a-1 || 50d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-October/000737.html ASA-201610-9]<br />
|- <br />
| {{CVE|CVE-2016-7167}} [https://curl.haxx.se/docs/adv_20160914.html] || {{pkg|curl}} || 2016-09-14 || <= 7.50.2-1 || 7.50.3-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000715.html ASA-201609-19]<br />
|- <br />
| {{CVE|CVE-2016-7167}} [https://curl.haxx.se/docs/adv_20160914.html] || {{pkg|lib32-curl}} || 2016-09-14 || <= 7.50.0-1 || 7.50.3-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000714.html ASA-201609-18]<br />
|- <br />
| {{CVE|CVE-2016-4271}} {{CVE|CVE-2016-4272}} {{CVE|CVE-2016-4274}} {{CVE|CVE-2016-4275}} {{CVE|CVE-2016-4276}} {{CVE|CVE-2016-4277}} {{CVE|CVE-2016-4278}} {{CVE|CVE-2016-4279}} {{CVE|CVE-2016-4280}} {{CVE|CVE-2016-4281}} {{CVE|CVE-2016-4282}} {{CVE|CVE-2016-4283}} {{CVE|CVE-2016-4284}} {{CVE|CVE-2016-4285}} {{CVE|CVE-2016-4287}} {{CVE|CVE-2016-6921}} {{CVE|CVE-2016-6922}} {{CVE|CVE-2016-6923}} {{CVE|CVE-2016-6924}} {{CVE|CVE-2016-6925}} {{CVE|CVE-2016-6926}} {{CVE|CVE-2016-6927}} {{CVE|CVE-2016-6929}} {{CVE|CVE-2016-6930}} {{CVE|CVE-2016-6931}} {{CVE|CVE-2016-6932}} [https://helpx.adobe.com/security/products/flash-player/apsb16-29.html] || {{pkg|flashplugin}} {{pkg|lib32-flashplugin}} || 2016-09-13 || <= 11.2.202.632-1 || 11.2.202.635-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000707.html ASA-201609-11] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000708.html ASA-201609-12]<br />
|- <br />
| {{CVE|CVE-2016-6662}} {{CVE|CVE-2016-6663}} [https://mariadb.org/mariadb-server-versions-remote-root-code-execution-vulnerability-cve-2016-6662/] [https://jira.mariadb.org/browse/MDEV-10465] [http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html] || {{Pkg|mariadb}} || 2016-09-13 || <= 10.1.16-2 || 10.1.17-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000706.html ASA-201609-10]<br />
|-<br />
| {{CVE|CVE-2016-7180}} {{CVE|CVE-2016-7175}} {{CVE|CVE-2016-7176}} {{CVE|CVE-2016-7177}} {{CVE|CVE-2016-7178}} {{CVE|CVE-2016-7179}} [https://www.wireshark.org/security/wnpa-sec-2016-50.html] [https://www.wireshark.org/security/wnpa-sec-2016-51.html] [https://www.wireshark.org/security/wnpa-sec-2016-52.html] [https://www.wireshark.org/security/wnpa-sec-2016-53.html] [https://www.wireshark.org/security/wnpa-sec-2016-54.html] [https://www.wireshark.org/security/wnpa-sec-2016-55.html] || {{pkg|wireshark-cli}} || 2016-09-09 || <= 2.0.5-1 || 2.2.0-1 || 15d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000723.html ASA-201609-27]<br />
|- <br />
| {{CVE|CVE-2016-5388}} [https://www.apache.org/security/asf-httpoxy-response.txt] || {{pkg|tomcat8}} || 2016-07-18 || <= 8.0.36-1 || 8.0.37-1 || 52d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000703.html ASA-201609-7] <br />
|-<br />
| {{CVE|CVE-2016-7164}} [http://ftp.gnome.org/mirror/gnome.org/sources/file-roller/3.20/file-roller-3.20.3.news] || {{pkg|file-roller}} || 2016-09-08 || <= 3.20.2-1 || 3.20.3-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000701.html ASA-201609-5]<br />
|-<br />
| {{CVE|CVE-2016-5426}} {{CVE|CVE-2016-5427}} [http://seclists.org/oss-sec/2016/q3/464] [https://doc.powerdns.com/md/security/powerdns-advisory-2016-01/] || {{pkg|powerdns}} || 2016-09-08 || 3.4.9-1 || 4.0.1-3 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000705.html ASA-201609-9]<br />
|-<br />
| {{CVE|CVE-2016-7164}} [http://seclists.org/oss-sec/2016/q3/443] || {{pkg|libtorrent-rasterbar}} || 2016-09-08 || <= 1:1.1-3 || 1:1.1.1-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000704.html ASA-201609-8]<br />
|-<br />
| {{CVE|CVE-2016-7141}} [https://curl.haxx.se/docs/adv_20160907.html] || {{pkg|curl}} || 2016-09-07 || N/A || N/A || - || Not Affected || None<br />
|-<br />
| {{CVE|CVE-2016-2835}} {{CVE|CVE-2016-2836}} [https://www.mozilla.org/en-US/security/advisories/mfsa2016-62/] || {{pkg|thunderbird}} || 2016-08-30 || <= 45.2.0-2 || 45.3.0-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000699.html ASA-201609-3]<br />
|-<br />
| {{CVE|CVE-2016-7134}} {{CVE|CVE-2016-7133}} {{CVE|CVE-2016-7132}} {{CVE|CVE-2016-7131}} {{CVE|CVE-2016-7130}} {{CVE|CVE-2016-7129}} {{CVE|CVE-2016-7128}} {{CVE|CVE-2016-7127}} {{CVE|CVE-2016-7126}} {{CVE|CVE-2016-7125}} {{CVE|CVE-2016-7124}} [http://www.openwall.com/lists/oss-security/2016/09/02/9] || {{pkg|php}} || 2016-09-03 || <= 7.0.10-1 || 7.0.11-1 || || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-5147}} {{CVE|CVE-2016-5148}} {{CVE|CVE-2016-5149}} {{CVE|CVE-2016-5150}} {{CVE|CVE-2016-5151}} {{CVE|CVE-2016-5152}} {{CVE|CVE-2016-5153}} {{CVE|CVE-2016-5154}} {{CVE|CVE-2016-5155}} {{CVE|CVE-2016-5156}} {{CVE|CVE-2016-5157}} {{CVE|CVE-2016-5158}} {{CVE|CVE-2016-5159}} {{CVE|CVE-2016-5160}} {{CVE|CVE-2016-5161}} {{CVE|CVE-2016-5162}} {{CVE|CVE-2016-5163}} {{CVE|CVE-2016-5164}} {{CVE|CVE-2016-5165}} {{CVE|CVE-2016-5166}} {{CVE|CVE-2016-5167}} [https://googlechromereleases.blogspot.fr/2016/08/stable-channel-update-for-desktop_31.html] || {{pkg|chromium}} || 2016-08-31 || <= 52.0.2743.116-1 || 53.0.2785.89-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000697.html ASA-201609-1]<br />
|-<br />
| {{CVE|CVE-2016-6525}} [http://bugs.ghostscript.com/show_bug.cgi?id=696954] || {{Pkg|mupdf}} || 2016-07-19 || <= 1.9a-4 || 1.9a-5 || 1d || Fixed ([https://bugs.archlinux.org/task/50590 FS#50590 ]) || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000696.html ASA-201608-22] <br />
|-<br />
| {{CVE|CVE-2016-6265}} [http://bugs.ghostscript.com/show_bug.cgi?id=696941] || {{Pkg|mupdf}} || 2016-07-19 || <= 1.9a-3 || 1.9a-4 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000695.html ASA-201608-21] <br />
|-<br />
| {{CVE|CVE-2016-4590}} {{CVE|CVE-2016-4591}} {{CVE|CVE-2016-4622}} {{CVE|CVE-2016-4624}} [https://webkitgtk.org/2016/08/24/webkitgtk2.12.4-released.html] [https://webkitgtk.org/security/WSA-2016-0005.html] || {{pkg|webkit2gtk}} || 2016-08-24 || <= 2.12.3-1 || 2.12.4-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000698.html ASA-201609-2]<br />
|-<br />
| {{CVE|CVE-2016-6331}} {{CVE|CVE-2016-6332}} {{CVE|CVE-2016-6333}} {{CVE|CVE-2016-6334}} {{CVE|CVE-2016-6335}} {{CVE|CVE-2016-6336}} {{CVE|CVE-2016-6337}} [https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html] || {{pkg|mediawiki}} || 2016-08-23 || <= 1.27.0-1 || 1.27.1-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000693.html ASA-201608-19] <br />
|-<br />
| {{CVE|CVE-2016-6313}} [https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html] || {{pkg|lib32-libgcrypt}} || 2016-08-17 || <= 1.7.2-1 || 1.7.3-1 || 31d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000710.html ASA-201609-14]<br />
|-<br />
| {{CVE|CVE-2016-6313}} [https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html] || {{pkg|libgcrypt}} || 2016-08-17 || <= 1.7.2-1 || 1.7.3-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000692.html ASA-201608-18]<br />
|-<br />
| {{CVE|CVE-2016-5423}} {{CVE|CVE-2016-5424}} [https://www.postgresql.org/about/news/1688/] || {{pkg|postgresql}} {{pkg|postgresql-libs}} || 2016-08-11 || <= 9.5.3-1 || 9.5.4-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000688.html ASA-201608-14]<br />
|-<br />
| {{CVE|CVE-2016-5696}} [http://seclists.org/oss-sec/2016/q3/44] [https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=75ff39ccc1bd5d3c455b6822ab09e533c551f758] || {{pkg|linux}} || 2016-07-12 || <= 4.6.4-1 || 4.7-1 || 31d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000686.html ASA-201608-12]<br />
|-<br />
| {{CVE|CVE-2016-5696}} [http://seclists.org/oss-sec/2016/q3/44] [https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=75ff39ccc1bd5d3c455b6822ab09e533c551f758] || {{pkg|linux-grsec}} || 2016-07-12 || <= 4.6.5.201607312210-1 || 4.7.201608131240-1 || 33d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000687.html ASA-201608-13]<br />
|-<br />
| {{CVE|CVE-2016-5696}} [http://seclists.org/oss-sec/2016/q3/44] [https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=75ff39ccc1bd5d3c455b6822ab09e533c551f758] || {{pkg|linux-lts}} || 2016-07-12 || <= 4.4.16-1 || 4.4.19-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000691.html ASA-201608-17]<br />
|-<br />
| {{CVE|CVE-2016-5696}} [http://seclists.org/oss-sec/2016/q3/44] [https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=75ff39ccc1bd5d3c455b6822ab09e533c551f758] || {{pkg|linux-zen}} || 2016-07-12 || <= 4.6.5-1 || 4.7-1 || 35d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000689.html ASA-201608-15]<br />
|-<br />
| {{CVE|CVE-2016-5139}} {{CVE|CVE-2016-5140}} {{CVE|CVE-2016-5141}} {{CVE|CVE-2016-5142}} {{CVE|CVE-2016-5143}} {{CVE|CVE-2016-5144}} {{CVE|CVE-2016-5145}} {{CVE|CVE-2016-5146}} [https://googlechromereleases.blogspot.fr/2016/08/stable-channel-update-for-desktop.html] || {{pkg|chromium}} || 2016-08-03 || <= 52.0.2743.85-2 || 52.0.2743.116-1 || 14d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000690.html ASA-201608-16]<br />
|-<br />
| {{CVE|CVE-2016-6255}} || {{pkg|libupnp}} || 2016-08-08 || <= 1.6.19-1 || 1.6.20-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000682.html ASA-201608-8]<br />
|-<br />
| {{CVE|CVE-2016-3075}} {{CVE|CVE-2016-5417}} [https://sourceware.org/bugzilla/show_bug.cgi?id=19879] [https://sourceware.org/bugzilla/show_bug.cgi?id=19257] || {{pkg|glibc}} {{pkg|lib32-glibc}} || 2016-08-02 || <= 2.23-5 || 2.24-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000680.html ASA-201608-6] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000681.html ASA-201608-7]<br />
|-<br />
| {{CVE|CVE-2016-3458}} {{CVE|CVE-2016-3500}} {{CVE|CVE-2016-3508}} {{CVE|CVE-2016-3550}} {{CVE|CVE-2016-3598}} {{CVE|CVE-2016-3606}} {{CVE|CVE-2016-3610}} [http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2016-July/036560.html] || {{pkg|jdk7-openjdk}} {{pkg|jre7-openjdk}} {{pkg|jre7-openjdk-headless}} || 2016-07-29 || <= 7.u101_2.6.6 || 7.u111_2.6.7 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000677.html ASA-201608-3] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000678.html ASA-201608-4] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000679.html ASA-201608-5]<br />
|-<br />
| {{CVE|CVE-2016-0718}} {{CVE|CVE-2016-2830}} {{CVE|CVE-2016-2835}} {{CVE|CVE-2016-2836}} {{CVE|CVE-2016-2837}} {{CVE|CVE-2016-2838}} {{CVE|CVE-2016-2839}} {{CVE|CVE-2016-5250}} {{CVE|CVE-2016-5251}} {{CVE|CVE-2016-5252}} {{CVE|CVE-2016-5254}} {{CVE|CVE-2016-5255}} {{CVE|CVE-2016-5258}} {{CVE|CVE-2016-5259}} {{CVE|CVE-2016-5260}} {{CVE|CVE-2016-5261}} {{CVE|CVE-2016-5262}} {{CVE|CVE-2016-5263}} {{CVE|CVE-2016-5264}} {{CVE|CVE-2016-5265}} {{CVE|CVE-2016-5266}} {{CVE|CVE-2016-5268}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox48] || {{pkg|firefox}} || 2016-08-02 || <= 47.0.1-1 || 48.0-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000676.html ASA-201608-2]<br />
|-<br />
| {{CVE|CVE-2016-5419}} {{CVE|CVE-2016-5420}} {{CVE|CVE-2016-5421}} [https://curl.haxx.se/docs/adv_20160803A.html] [https://curl.haxx.se/docs/adv_20160803B.html] [https://curl.haxx.se/docs/adv_20160803C.html] || {{pkg|curl}} || 2016-08-03 || <= 7.50.0-1 || 7.50.1-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000683.html ASA-201608-9]<br />
|-<br />
| {{CVE|CVE-2016-6210}} [http://www.openssh.com/txt/release-7.3] [http://seclists.org/fulldisclosure/2016/Jul/51] || {{pkg|openssh}} || 2016-07-14 || <= 7.2p2-2 || 7.3p1-1 || 16d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000675.html ASA-201608-1]<br />
|-<br />
| {{CVE|CVE-2016-6503}} {CVE|CVE-2016-6504}} {{CVE|CVE-2016-6507}} [http://seclists.org/oss-sec/2016/q3/217] [[http://www.wireshark.org/security/wnpa-sec-2016-39.html] [http://www.wireshark.org/security/wnpa-sec-2016-40.html] [http://www.wireshark.org/security/wnpa-sec-2016-43.html] || {{pkg|wireshark-cli}} || 2016-07-28 || <= 2.0.4-1 || - || - || Not Affected || None<br />
|-<br />
| {{CVE|CVE-2016-6505}} {{CVE|CVE-2016-6506}} {{CVE|CVE-2016-6508}} {{CVE|CVE-2016-6509}} {{CVE|CVE-2016-6510}} {{CVE|CVE-2016-6511}} {{CVE|CVE-2016-6512}} {{CVE|CVE-2016-6513}} [http://seclists.org/oss-sec/2016/q3/217] [http://www.wireshark.org/security/wnpa-sec-2016-41.html] [http://www.wireshark.org/security/wnpa-sec-2016-42.html] [http://www.wireshark.org/security/wnpa-sec-2016-44.html] [http://www.wireshark.org/security/wnpa-sec-2016-45.html] [http://www.wireshark.org/security/wnpa-sec-2016-46.html] [http://www.wireshark.org/security/wnpa-sec-2016-47.html] [http://www.wireshark.org/security/wnpa-sec-2016-48.html] [http://www.wireshark.org/security/wnpa-sec-2016-49.html] || {{pkg|wireshark-cli}} || 2016-07-28 || <= 2.0.4-1 || 2.0.5-1 || 26d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000694.html ASA-201608-20]<br />
|-<br />
| {{CVE|CVE-2016-6491}} [http://seclists.org/oss-sec/2016/q3/194] [http://git.imagemagick.org/repos/ImageMagick/commit/5cb6c1acd3e3b12f9260daf207db432df7f792c2] || {{pkg|imagemagick}} || 2016-07-27 || <= 6.9.5.2-1 || 6.9.5.3-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000673.html ASA-201607-13]<br />
|-<br />
| {{CVE|CVE-2015-8948}} {{CVE|CVE-2016-6261}} {{CVE|CVE-2016-6262}} {{CVE|CVE-2016-6263}} || {{Pkg|libidn}} || 2016-07-20 || <= 1.32-1 || 1.33-1 || 10d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000674.html ASA-201607-14]<br />
|-<br />
| {{CVE|CVE-2016-6186}} || {{Pkg|python-django}} {{Pkg|python2-django}}|| 2016-07-18 || <= 1.9.8-1 || 1.9.8-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000670.html ASA-201607-10] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000671.html ASA-201607-11]<br />
|-<br />
| {{CVE|CVE-2016-1705}} {{CVE|CVE-2016-1706}} {{CVE|CVE-2016-1708}} {{CVE|CVE-2016-1709}} {{CVE|CVE-2016-1710}} {{CVE|CVE-2016-1711}} {{CVE|CVE-2016-5127}} {{CVE|CVE-2016-5128}} {{CVE|CVE-2016-5129}} {{CVE|CVE-2016-5130}} {{CVE|CVE-2016-5131}} {{CVE|CVE-2016-5132}} {{CVE|CVE-2016-5133}} {{CVE|CVE-2016-5134}} {{CVE|CVE-2016-5135}} {{CVE|CVE-2016-5136}} {{CVE|CVE-2016-5137}} [https://googlechromereleases.blogspot.fr/2016/07/stable-channel-update.html] || {{pkg|chromium}} || 2016-07-20 || <= 51.0.2704.106-1 || 52.0.2743.82-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000672.html ASA-201607-12]<br />
|-<br />
| {{CVE|CVE-2016-5385}} [https://www.drupal.org/SA-CORE-2016-003] || {{pkg|drupal}} || 2016-07-18 || <= 8.1.6-1 || 8.1.7-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000669.html ASA-201607-9]<br />
|-<br />
| {{CVE|CVE-2016-2775}} [https://kb.isc.org/article/AA-01393/74/CVE-2016-2775] || {{pkg|bind}} || 2016-07-19 || <= 9.10.4.P1-2 || 9.10.4.P2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000668.html ASA-201607-8]<br />
|-<br />
|{{CVE|CVE-2016-4173}} {{CVE|CVE-2016-4174}} {{CVE|CVE-2016-4175}} {{CVE|CVE-2016-4176}} {{CVE|CVE-2016-4177}} {{CVE|CVE-2016-4179}} {{CVE|CVE-2016-4180}} {{CVE|CVE-2016-4181}} {{CVE|CVE-2016-4182}} {{CVE|CVE-2016-4183}} {{CVE|CVE-2016-4184}} {{CVE|CVE-2016-4185}} {{CVE|CVE-2016-4186}} {{CVE|CVE-2016-4187}} {{CVE|CVE-2016-4188}} {{CVE|CVE-2016-4189}} {{CVE|CVE-2016-4190}} {{CVE|CVE-2016-4217}} {{CVE|CVE-2016-4218}} {{CVE|CVE-2016-4219}} {{CVE|CVE-2016-4220}} {{CVE|CVE-2016-4221}} {{CVE|CVE-2016-4222}} {{CVE|CVE-2016-4223}} {{CVE|CVE-2016-4224}} {{CVE|CVE-2016-4225}} {{CVE|CVE-2016-4226}} {{CVE|CVE-2016-4227}} {{CVE|CVE-2016-4228}} {{CVE|CVE-2016-4229}} {{CVE|CVE-2016-4230}} {{CVE|CVE-2016-4231}} {{CVE|CVE-2016-4232}} {{CVE|CVE-2016-4233}} {{CVE|CVE-2016-4234}} {{CVE|CVE-2016-4235}} {{CVE|CVE-2016-4236}} {{CVE|CVE-2016-4237}} {{CVE|CVE-2016-4238}} {{CVE|CVE-2016-4239}} {{CVE|CVE-2016-4240}} {{CVE|CVE-2016-4241}} {{CVE|CVE-2016-4242}} {{CVE|CVE-2016-4243}} {{CVE|CVE-2016-4244}} {{CVE|CVE-2016-4245}} {{CVE|CVE-2016-4246}} {{CVE|CVE-2016-4247}} {{CVE|CVE-2016-4248}} || {{pkg|flashplugin}} {{pkg|lib32-flashplugin}} || 2016-07-12 || <= 11.2.202.626-1 || 11.2.202.632-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000666.html ASA-201607-6] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000667.html ASA-201607-7]<br />
|-<br />
| {{CVE|CVE-2016-2815}} {{CVE|CVE-2016-2818}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird45.2] || {{pkg|thunderbird}} || 2016-06-30 || <= 45.1.1-2 || 45.2.0-1 || 10d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000664.html ASA-201607-4]<br />
|-<br />
| {{CVE|CVE-2016-4979}} [https://httpd.apache.org/security/vulnerabilities_24.html] || {{pkg|apache}} || 2016-07-05 || 2.4.18-2.4.20 || 2.4.23-1 || || Fixed ({{bug|49958}}) || None<br />
|-<br />
| {{CVE|CVE-2016-4994}} [https://bugzilla.gnome.org/show_bug.cgi?id=767873] || {{pkg|gimp}} || 2016-06-21 || <= 2.8.16-2 || 2.8.18-1 || 26d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000665.html ASA-201607-5]<br />
|-<br />
| {{CVE|CVE-2016-4472}} [https://bugzilla.redhat.com/show_bug.cgi?id=1344251] || {{pkg|expat}} || 2016-06-30 || <= 2.1.1-3 || 2.2.0-1 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-3189}} [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3189] || {{pkg|bzip2}} || 2016-06-30 || <= 1.0.6-5 || || || '''Vulnerable''' ||<br />
|-<br />
| {{CVE|CVE-2016-4463}} [http://seclists.org/bugtraq/2016/Jun/115] || {{pkg|xerces-c}} || 2016-06-29 || <= 3.1.3-2 || 3.1.4-1 || <3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000662.html ASA-201607-2]<br />
|-<br />
| {{CVE|CVE-2016-4324}} [http://www.talosintelligence.com/reports/TALOS-2016-0126/] || {{pkg|libreoffice-fresh}} || 2016-06-27 || <= 5.1.3-2 || 5.1.4-1 || <0d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000663.html ASA-201607-3]<br />
|-<br />
| {{CVE|CVE-2016-5701}} {{CVE|CVE-2016-5702}} {{CVE|CVE-2016-5703}} {{CVE|CVE-2016-5704}} {{CVE|CVE-2016-5705}} {{CVE|CVE-2016-5706}} {{CVE|CVE-2016-5730}} {{CVE|CVE-2016-5731}} {{CVE|CVE-2016-5732}} {{CVE|CVE-2016-5733}} {{CVE|CVE-2016-5734}} {{CVE|CVE-2016-5739}} [https://www.phpmyadmin.net/security/PMASA-2016-17/] [https://www.phpmyadmin.net/security/PMASA-2016-18/] [https://www.phpmyadmin.net/security/PMASA-2016-19/] [https://www.phpmyadmin.net/security/PMASA-2016-20/] [https://www.phpmyadmin.net/security/PMASA-2016-21/] [https://www.phpmyadmin.net/security/PMASA-2016-22/] [https://www.phpmyadmin.net/security/PMASA-2016-23/] [https://www.phpmyadmin.net/security/PMASA-2016-24/] [https://www.phpmyadmin.net/security/PMASA-2016-25/] [https://www.phpmyadmin.net/security/PMASA-2016-26/] [https://www.phpmyadmin.net/security/PMASA-2016-27/] [https://www.phpmyadmin.net/security/PMASA-2016-28/] || {{pkg|phpmyadmin}} || 2016-06-23 || <= 4.6.2-1 || 4.6.3-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000660.html ASA-201606-25]<br />
|-<br />
| {{CVE|CVE-2016-1704}} [https://googlechromereleases.blogspot.fr/2016/06/stable-channel-update_16.html] || {{pkg|chromium}} || 2016-01-16 || <= 51.0.2704.84-1 || 51.0.2704.103-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000655.html ASA-201606-20]<br />
|-<br />
| {{CVE|CVE-2016-2365}} {{CVE|CVE-2016-2366}} {{CVE|CVE-2016-2367}} {{CVE|CVE-2016-2368}} {{CVE|CVE-2016-2369}} {{CVE|CVE-2016-2370}} {{CVE|CVE-2016-2371}} {{CVE|CVE-2016-2372}} {{CVE|CVE-2016-2373}} {{CVE|CVE-2016-2374}} {{CVE|CVE-2016-2375}} {{CVE|CVE-2016-2376}} {{CVE|CVE-2016-2377}} {{CVE|CVE-2016-2378}} {{CVE|CVE-2016-2380}} {{CVE|CVE-2016-4323}} [http://blog.talosintel.com/2016/06/vulnerability-spotlight-pidgin.html] || {{pkg|libpurple}} || 2016-01-21 || <= 2.10.12-4 || 2.11.0-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000659.html ASA-201606-24]<br />
|-<br />
| {{CVE|CVE-2016-1541}} [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1541] || {{pkg|libarchive}} || 2016-01-17 || <= 3.1.2-8 || 3.2.0-1 || 47d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000661.html ASA-201607-1]<br />
|-<br />
| {{CVE|CVE-2016-5875}} {{CVE|CVE-2016-5314}} {{CVE|CVE-2016-5315}} {{CVE|CVE-2016-5316}} {{CVE|CVE-2016-5317}} {{CVE|CVE-2016-5320}} {{CVE|CVE-2016-5321}} {{CVE|CVE-2016-5322}} {{CVE|CVE-2016-5323}} {{CVE|CVE-2016-5102}} {{CVE|CVE-2016-3991}} {{CVE|CVE-2016-3990}} {{CVE|CVE-2016-3945}} {{CVE|CVE-2016-3658}} {{CVE|CVE-2016-3634}} {{CVE|CVE-2016-3633}} {{CVE|CVE-2016-3632}} {{CVE|CVE-2016-3631}} {{CVE|CVE-2016-3625}} {{CVE|CVE-2016-3624}} {{CVE|CVE-2016-3623}} {{CVE|CVE-2016-3622}} {{CVE|CVE-2016-3621}} {{CVE|CVE-2016-3620}} {{CVE|CVE-2016-3619}} {{CVE|CVE-2016-3186}} {{CVE|CVE-2015-8668}} {{CVE|CVE-2015-7313}} {{CVE|CVE-2014-8130}} {{CVE|CVE-2014-8127}} {{CVE|CVE-2010-2596}} {{CVE|CVE-2016-6223}} [http://www.openwall.com/lists/oss-security/2016/06/15/1] [http://www.openwall.com/lists/oss-security/2016/06/15/2] [http://www.openwall.com/lists/oss-security/2016/06/15/3] [http://www.openwall.com/lists/oss-security/2016/06/15/5] [http://www.openwall.com/lists/oss-security/2016/06/15/6] [http://www.openwall.com/lists/oss-security/2016/06/15/7] [http://www.openwall.com/lists/oss-security/2016/06/15/8] [http://www.openwall.com/lists/oss-security/2016/06/15/9] [https://security-tracker.debian.org/tracker/source-package/tiff] [http://www.openwall.com/lists/oss-security/2016/07/13/3] || {{pkg|libtiff}} || 2016-06-19 || <= 4.0.6-2 || || || '''Vulnerable''' ||<br />
|-<br />
| {{CVE|CVE-2016-4122}} {{CVE|CVE-2016-4123}} {{CVE|CVE-2016-4124}} {{CVE|CVE-2016-4125}} {{CVE|CVE-2016-4127}} {{CVE|CVE-2016-4128}} {{CVE|CVE-2016-4129}} {{CVE|CVE-2016-4130}} {{CVE|CVE-2016-4131}} {{CVE|CVE-2016-4132}} {{CVE|CVE-2016-4133}} {{CVE|CVE-2016-4134}} {{CVE|CVE-2016-4135}} {{CVE|CVE-2016-4136}} {{CVE|CVE-2016-4137}} {{CVE|CVE-2016-4138}} {{CVE|CVE-2016-4139}} {{CVE|CVE-2016-4140}} {{CVE|CVE-2016-4141}} {{CVE|CVE-2016-4142}} {{CVE|CVE-2016-4143}} {{CVE|CVE-2016-4144}} {{CVE|CVE-2016-4145}} {{CVE|CVE-2016-4146}} {{CVE|CVE-2016-4147}} {{CVE|CVE-2016-4148}} {{CVE|CVE-2016-4149}} {{CVE|CVE-2016-4150}} {{CVE|CVE-2016-4151}} {{CVE|CVE-2016-4152}} {{CVE|CVE-2016-4153}} {{CVE|CVE-2016-4154}} {{CVE|CVE-2016-4155}} {{CVE|CVE-2016-4156}} {{CVE|CVE-2016-4166}} {{CVE|CVE-2016-4171}} [https://helpx.adobe.com/security/products/flash-player/apsb16-18.html] || {{pkg|flashplugin}} {{pkg|lib32-flashplugin}} || 2016-06-16 || <= 11.2.202.621-1 || 11.2.202.626-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000650.html ASA-201606-15] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000653.html ASA-201606-18]<br />
|-<br />
| {{CVE|CVE-2016-4971}} [https://lists.gnu.org/archive/html/bug-wget/2016-06/msg00033.html] || {{pkg|wget}} || 2016-06-09 || <= 1.17.1-2 || 1.18-1 || 11d || Fixed ({{bug|49730}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000654.html ASA-201606-19]<br />
|-<br />
| {{CVE|CVE-2012-6702}} {{CVE|CVE-2016-5300}} || {{pkg|expat}} {{pkg|lib32-expat}} || 2016-06-07 || <= 2.1.1-2 || 2.1.1-3 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000648.html ASA-201606-13] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000649.html ASA-201606-14]<br />
|-<br />
| {{CVE|CVE-2016-5360}} [http://seclists.org/oss-sec/2016/q2/512] || {{pkg|haproxy}} || 2016-06-09 || <= 1.6.5-3 || 1.6.5-4 || 1d || Fixed ({{bug|49638}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000646.html ASA-201606-11]<br />
|-<br />
| {{CVE|CVE-2016-2815}} {{CVE|CVE-2016-2818}} {{CVE|CVE-2016-2819}} {{CVE|CVE-2016-2821}} {{CVE|CVE-2016-2822}} {{CVE|CVE-2016-2825}} {{CVE|CVE-2016-2828}} {{CVE|CVE-2016-2829}} {{CVE|CVE-2016-2831}} {{CVE|CVE-2016-2832}} {{CVE|CVE-2016-2833}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox47] || {{pkg|firefox}} || 2016-06-07 || <= 46.0.1-1 || 47.0-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000642.html ASA-201606-7]<br />
|-<br />
| {{CVE|CVE-2016-4456}} [https://marc.ttias.be/oss-security/2016-06/msg00043.php] [http://gnutls.org/security.html#GNUTLS-SA-2016-1] || {{pkg|gnutls}} {{pkg|lib32-gnutls}} || 2016-06-06 || <= 3.4.12-1 || 3.4.13-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000645.html ASA-201606-10] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000647.html ASA-201606-12]<br />
|-<br />
| {{CVE|CVE-2015-8899}} [http://www.openwall.com/lists/oss-security/2016/06/04/2] || {{pkg|dnsmasq}} || 2016-06-04 || <= 2.75-1 || 2.76-1 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-4953}} {{CVE|CVE-2016-4954}} {{CVE|CVE-2016-4955}} {{CVE|CVE-2016-4956}} {{CVE|CVE-2016-4957}} [http://support.ntp.org/bin/view/Main/SecurityNotice#June_2016_ntp_4_2_8p8_NTP_Securi] || {{pkg|ntp}} || 2016-06-02 || <= 4.2.8.p7-1 || 4.2.8.p8-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000639.html ASA-201606-4]<br />
|-<br />
| {{CVE|CVE-2016-4429}} [https://sourceware.org/bugzilla/show_bug.cgi?id=20112] || {{pkg|glibc}} {{pkg|lib32-glibc}} || 2016-05-18 || <= 2.23-4 || 2.23-5 || 25d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000651.html ASA-201606-16] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000652.html ASA-201606-17]<br />
|-<br />
| {{CVE|CVE-2016-5244}} {{CVE|CVE-2016-5243}} [http://www.openwall.com/lists/oss-security/2016/06/03/5] [http://www.openwall.com/lists/oss-security/2016/06/03/4] || {{pkg|linux}} || 2016-06-03 || <= 4.6.1 || || || Not Affected ||<br />
|-<br />
| {{CVE|CVE-2016-1696}} {{CVE|CVE-2016-1697}} {{CVE|CVE-2016-1698}} {{CVE|CVE-2016-1699}} {{CVE|CVE-2016-1700}} {{CVE|CVE-2016-1701}} {{CVE|CVE-2016-1702}} {{CVE|CVE-2016-1703}} [http://googlechromereleases.blogspot.fr/2016/06/stable-channel-update.html] || {{pkg|chromium}} || 2016-06-01 || <= 51.0.2704.63-1 || 51.0.2704.79-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000640.html ASA-201606-5]<br />
|-<br />
| {{CVE|CVE-2016-4450}} [http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html] [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4450] || {{pkg|nginx-mainline}} || 2016-05-31 || <= 1.11-1 || 1.11.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000637.html ASA-201606-2]<br />
|-<br />
| {{CVE|CVE-2016-4450}} [http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html] [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4450] || {{pkg|nginx}} || 2016-05-31 || <= 1.10-1 || 1.10.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000636.html ASA-201606-1]<br />
|-<br />
| {{CVE|CVE-2016-1857}} [http://webkitgtk.org/security/WSA-2016-0004.html] || {{pkg|webkit2gtk}} || 2016-05-30 || <= 2.12.2-1 || 2.12.3-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000638.html ASA-201606-3]<br />
|-<br />
| {{CVE|CVE-2016-5108}} [http://www.openwall.com/lists/oss-security/2016/05/27/7] || {{pkg|vlc}} || 2016-05-27 || <= 2.2.3-3 || 2.2.4-1 || 11d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000656.html ASA-201606-21]<br />
|-<br />
| {{CVE|CVE-2016-5104}} [http://www.openwall.com/lists/oss-security/2016/05/26/6] || {{pkg|libusbmuxd}} || 2016-05-26 || <= 1.0.10-1 || || || '''Vulnerable''' ||<br />
|-<br />
| {{CVE|CVE-2016-5104}} [http://www.openwall.com/lists/oss-security/2016/05/26/6] || {{pkg|libimobiledevice}} || 2016-05-26 || <= 1.2.0-3 || || || '''Vulnerable''' ||<br />
|-<br />
| {{CVE|CVE-2016-5103}} [http://www.openwall.com/lists/oss-security/2016/05/26/5] || {{pkg|roundcubemail}} || 2016-05-26 || <= 1.2rc-1 || 1.2.0-1 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-1762}} {{CVE|CVE-2016-1833}} {{CVE|CVE-2016-1834}} {{CVE|CVE-2016-1835}} {{CVE|CVE-2016-1836}} {{CVE|CVE-2016-1837}} {{CVE|CVE-2016-1838}} {{CVE|CVE-2016-1839}} {{CVE|CVE-2016-1840}} {{CVE|CVE-2016-3627}} {{CVE|CVE-2016-3705}} {{CVE|CVE-2016-4483}} [https://git.gnome.org/browse/libxml2/log/] || {{pkg|libxml2}} || 2016-05-23 || <= 2.9.3-2 || 2.9.4+0+gbdec218-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000634.html ASA-201605-27]<br />
|-<br />
| {{CVE|CVE-2016-1672}} {{CVE|CVE-2016-1673}} {{CVE|CVE-2016-1674}} {{CVE|CVE-2016-1675}} {{CVE|CVE-2016-1676}} {{CVE|CVE-2016-1677}} {{CVE|CVE-2016-1678}} {{CVE|CVE-2016-1679}} {{CVE|CVE-2016-1680}} {{CVE|CVE-2016-1681}} {{CVE|CVE-2016-1682}} {{CVE|CVE-2016-1683}} {{CVE|CVE-2016-1684}} {{CVE|CVE-2016-1685}} {{CVE|CVE-2016-1686}} {{CVE|CVE-2016-1687}} {{CVE|CVE-2016-1688}} {{CVE|CVE-2016-1689}} {{CVE|CVE-2016-1690}} {{CVE|CVE-2016-1691}} {{CVE|CVE-2016-1692}} {{CVE|CVE-2016-1693}} {{CVE|CVE-2016-1694}} {{CVE|CVE-2016-1695}} [http://googlechromereleases.blogspot.fr/2016/05/stable-channel-update_25.html] || {{pkg|chromium}} || 2016-05-25 || <= 50.0.2661.102-1 || 51.0.2704.63-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000635.html ASA-201605-28]<br />
|-<br />
| {{CVE|CVE-2016-5027}} {{CVE|CVE-2016-5028}} {{CVE|CVE-2016-5029}} {{CVE|CVE-2016-5030}} {{CVE|CVE-2016-5031}} {{CVE|CVE-2016-5032}} {{CVE|CVE-2016-5033}} {{CVE|CVE-2016-5034}} {{CVE|CVE-2016-5035}} {{CVE|CVE-2016-5036}} {{CVE|CVE-2016-5037}} {{CVE|CVE-2016-5038}} {{CVE|CVE-2016-5039}} {{CVE|CVE-2016-5040}} {{CVE|CVE-2016-5041}} {{CVE|CVE-2016-5042}} {{CVE|CVE-2016-5043}} {{CVE|CVE-2016-5044}} [http://seclists.org/oss-sec/2016/q2/393] [https://www.prevanders.net/dwarfbug.html] || {{pkg|libdwarf}} || 2016-05-24 || <= 20160507-1 || 20160613-1 || 27d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000658.html ASA-201606-23]<br />
|-<br />
| {{CVE|CVE-2015-1283}} {{CVE|CVE-2016-0718}} [http://seclists.org/oss-sec/2016/q2/360] || {{pkg|expat}} {{pkg|lib32-expat}} || 2016-05-17 || <= 2.1.1-1 || 2.1.1-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000629.html ASA-201605-22] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000630.html ASA-201605-23]<br />
|-<br />
| {{CVE|CVE-2016-2334}} {{CVE|CVE-2016-2335}} [http://www.talosintel.com/reports/TALOS-2016-0093/] [http://www.talosintel.com/reports/TALOS-2016-0094/] || {{pkg|p7zip}} || 2016-05-10 || <= 15.14.1-1 || 15.14.1-2 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000631.html ASA-201605-24]<br />
|-<br />
| {{CVE|CVE-2016-3698}} [https://github.com/jpirko/libndp/commit/2af9a55b38b55abbf05fd116ec097d4029115839] || {{pkg|libndp}} || 2016-05-17 || <= 1.5-1 || 1.6-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000633.html ASA-201605-26]<br />
|-<br />
| {{CVE|CVE-2016-2803}} [http://seclists.org/bugtraq/2016/May/72] || {{pkg|bugzilla}} || 2016-05-16 || <= 5.0.2-1 || 5.0.3-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000632.html ASA-201605-25]<br />
|-<br />
| {{CVE|CVE-2016-2099}} [https://issues.apache.org/jira/browse/XERCESC-2066] [http://www.openwall.com/lists/oss-security/2016/05/09/7] || {{pkg|xerces-c}} || 2016-05-09 || <= 3.1.3-1 || 3.1.3-2 || 46d || Fixed ({{bug|49353}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000656.html ASA-201606-22]<br />
|-<br />
| [http://blog.jetbrains.com/blog/2016/05/11/security-update-for-intellij-based-ides-v2016-1-and-older-versions/] || {{pkg|intellij-idea-community-edition}} {{pkg|intellij-idea-libs}} || 2016-05-11 || <= 1:2016.1.1-1 || 1:2016.1.2-1 || 3d || Fixed ({{bug|49329}}) || None<br />
|-<br />
| {{CVE|CVE-2016-2804}} {{CVE|CVE-2016-2805}} {{CVE|CVE-2016-2806}} {{CVE|CVE-2016-2807}} [https://www.mozilla.org/en-US/security/advisories/mfsa2016-39/] || {{pkg|thunderbird}} || 2016-05-10 || <= 45.0-1 || 45.1.0-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000628.html ASA-201605-21]<br />
|-<br />
| {{CVE|CVE-2016-1667}} {{CVE|CVE-2016-1668}} {{CVE|CVE-2016-1669}} {{CVE|CVE-2016-1670}} [http://googlechromereleases.blogspot.fr/2016/05/stable-channel-update.html] || {{pkg|chromium}} || 2016-05-11 || <= 50.0.2661.94-1 || 50.0.2661.102-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000622.html ASA-201605-15] <br />
|-<br />
| {{CVE|CVE-2016-3706}} {{CVE|CVE-2016-1234}} [https://sourceware.org/bugzilla/show_bug.cgi?id=20010] || {{pkg|glibc}} {{pkg|lib32-glibc}} || 2016-04-27 || <= 2.23-2 || 2.23-4 || 17d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000626.html ASA-201605-19] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000627.html ASA-201605-20]<br />
|-<br />
| {{CVE|CVE-2016-1096}} {{CVE|CVE-2016-1097}} {{CVE|CVE-2016-1098}} {{CVE|CVE-2016-1099}} {{CVE|CVE-2016-1100}} {{CVE|CVE-2016-1101}} {{CVE|CVE-2016-1102}} {{CVE|CVE-2016-1103}} {{CVE|CVE-2016-1104}} {{CVE|CVE-2016-1105}} {{CVE|CVE-2016-1106}} {{CVE|CVE-2016-1107}} {{CVE|CVE-2016-1108}} {{CVE|CVE-2016-1109}} {{CVE|CVE-2016-1110}} {{CVE|CVE-2016-4108}} {{CVE|CVE-2016-4109}} {{CVE|CVE-2016-4110}} {{CVE|CVE-2016-4111}} {{CVE|CVE-2016-4112}} {{CVE|CVE-2016-4113}} {{CVE|CVE-2016-4114}} {{CVE|CVE-2016-4115}} {{CVE|CVE-2016-4116}} {{CVE|CVE-2016-4117}} [https://helpx.adobe.com/security/products/flash-player/apsa16-02.html] || {{pkg|flashplugin}} {{pkg|lib32-flashplugin}} || 2016-05-10 || <= 11.2.202.616-2 || 11.2.202.621-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000623.html ASA-201605-16] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000625.html ASA-201605-18]<br />
|-<br />
| {{CVE|CVE-2015-8558}} {{CVE|CVE-2016-3710}} {{CVE|CVE-2016-3712}} {{CVE|CVE-2016-5105}} {{CVE|CVE-2016-5107}} {{CVE|CVE-2016-5106}} [http://xenbits.xen.org/xsa/advisory-179.html] [http://www.openwall.com/lists/oss-security/2016/05/25/7] || {{pkg|qemu}} {{pkg|qemu-arch-extra}} || 2016-05-10 || <= 2.5.1-1 || 2.6.0-1 || 28d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000643.html ASA-201606-8] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000644.html ASA-201606-9]<br />
|-<br />
| {{CVE|CVE-2015-8558}} {{CVE|CVE-2016-3710}} {{CVE|CVE-2016-3712}} {{CVE|CVE-2016-5105}} {{CVE|CVE-2016-5107}} {{CVE|CVE-2016-5106}} [http://xenbits.xen.org/xsa/advisory-179.html] [http://www.openwall.com/lists/oss-security/2016/05/25/7] || {{pkg|qemu-guest-agent}} {{pkg|qemu-block-gluster}} {{pkg|qemu-block-iscsi}} {{pkg|qemu-block-rbd}} || 2016-05-10 || <= 2.5.1-1 || - || - || Not Affected || None<br />
|-<br />
| {{CVE|CVE-2016-1926}} [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1926] [http://www.openvas.org/OVSA20160113.html] || {{pkg|greenbone-security-assistant}} || 2016-01-16 || <= 6.0.6-2 || || || '''Vulnerable''' || <br />
|-<br />
| {{CVE|CVE-2016-3659}} [http://bugs.cacti.net/view.php?id=2673] || {{pkg|cacti}} || 2016-03-31 || <= 0.8.8_g-3 || 0.8.8_h-1 || 40d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000621.html ASA-201605-14]<br />
|-<br />
| {{CVE|CVE-2016-4554}} {{CVE|CVE-2016-4555}} {{CVE|CVE-2016-4556}} [http://www.squid-cache.org/Advisories/SQUID-2016_8.txt] [http://www.squid-cache.org/Advisories/SQUID-2016_9.txt] || {{pkg|squid}} || 2016-05-09 || <= 3.5.17-1 || 3.5.19-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000620.html ASA-201605-13]<br />
|-<br />
| {{CVE|CVE-2015-8106}} [http://www.openwall.com/lists/oss-security/2015/11/16/39] || {{pkg|latex2rtf}} || 2015-11-16 || <= 2.3.8-1 || 2.3.10-1 || ~6m || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000616.html ASA-201605-9]<br />
|-<br />
| {{CVE|CVE-2016-3105}} [https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.8_.2F_3.8.1_.282016-5-1.29] || {{pkg|mercurial}} || 2016-05-01 || <= 3.7.3-1 || 3.8.1-1 || 5d || Fixed ({{bug|49239}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000617.html ASA-201605-10] <br />
|-<br />
| {{CVE|CVE-2016-1236}} [http://www.openwall.com/lists/oss-security/2016/05/05/22] || {{pkg|websvn}} || 2016-05-05 || <= 2.3.3-6 || 2.3.3-7 || 98d || Fixed ({{bug|50344}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000685.html ASA-201608-11]<br />
|-<br />
| {{CVE|CVE-2016-4414}} [http://marc.info/?l=oss-security&m=146204310020229&w=2] || {{pkg|quassel-client}} {{pkg|quassel-monolithic}} || 2016-04-30 || <= 0.12.3-1 || - || - || Not Affected || None<br />
|-<br />
| {{CVE|CVE-2016-4352}} [http://www.openwall.com/lists/oss-security/2016/04/29/7] || {{pkg|mencoder}} {{pkg|mplayer}} || 2016-05-03 || <= 37379-7 || 37857-1 || 3d || Fixed ({{bug|49195}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000618.html ASA-201605-11] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000619.html ASA-201605-12]<br />
|-<br />
| {{CVE|CVE-2016-4574}} [http://www.openwall.com/lists/oss-security/2016/05/10/4] || {{pkg|libksba}} || 2016-05-03 || <= 1.3.3-1 || 1.3.4-1 || 9d || Fixed ({{bug|49289}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000624.html ASA-201605-17]<br />
|-<br />
| {{CVE|CVE-2016-4354}} {{CVE|CVE-2016-4353}} {{CVE|CVE-2016-4355}} {{CVE|CVE-2016-4356}} [http://www.openwall.com/lists/oss-security/2016/04/29/8] || {{pkg|libksba}} || 2016-04-10 || <= 1.3.2-1 || 1.3.3-1 || 18d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-4348}} {{CVE|CVE-2016-4347}} [http://www.openwall.com/lists/oss-security/2016/04/30/3] || {{pkg|librsvg}} || 2016-05-03 || <= 2:2.40.2-2 || 2:2.40.15-2 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-4415}} {{CVE|CVE-2016-4416}} {{CVE|CVE-2016-4417}} {{CVE|CVE-2016-4418}} {{CVE|CVE-2016-4419}} {{CVE|CVE-2016-4420}} {{CVE|CVE-2016-4421}} {{CVE|CVE-2016-4076}} {{CVE|CVE-2016-4077}} {{CVE|CVE-2016-4078}} {{CVE|CVE-2016-4079}} {{CVE|CVE-2016-4080}} {{CVE|CVE-2016-4081}} {{CVE|CVE-2016-4006}} {{CVE|CVE-2016-4082}} {{CVE|CVE-2016-4083}} {{CVE|CVE-2016-4084}} {{CVE|CVE-2016-4085}} [http://www.openwall.com/lists/oss-security/2016/04/25/2] || {{pkg|wireshark-cli}} {{pkg|wireshark-qt}} {{pkg|wireshark-gtk}} || 2016-05-03 || <= 2.0.2-1 || 2.0.3-1 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-3714}} [http://www.openwall.com/lists/oss-security/2016/05/03/13] [http://www.openwall.com/lists/oss-security/2016/05/03/14]|| {{pkg|imagemagick}} || 2016-05-03 || <= 6.9.3.8-1 || 6.9.3.10-1 || 3d || Fixed ({{bug|49203}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000613.html ASA-201605-6]<br />
|-<br />
| {{CVE|CVE-2016-4477}} {{CVE|CVE-2016-4476}} [http://www.openwall.com/lists/oss-security/2016/05/03/2] || {{pkg|hostapd}} || 2016-05-03 || <= 2.5-2 || 2.6-1 || 90d || Fixed ({{bug|49196}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-October/000731.html ASA-201610-3]<br />
|-<br />
| {{CVE|CVE-2016-4477}} {{CVE|CVE-2016-4476}} [http://www.openwall.com/lists/oss-security/2016/05/03/2] || {{pkg|wpa_supplicant}} || 2016-05-03 || <= 1:2.5-3 || 1:2.6-1 || >90d || Fixed ({{bug|49196}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-October/000735.html ASA-201610-7]<br />
|-<br />
| {{CVE|CVE-2016-2105}} {{CVE|CVE-2016-2106}} {{CVE|CVE-2016-2107}} {{CVE|CVE-2016-2109}} {{CVE|CVE-2016-2176}} [https://www.openssl.org/news/secadv/20160503.txt] || {{pkg|openssl}} {{pkg|lib32-openssl}} || 2016-05-03 || <= 1.0.2.g-3 || 1.0.2.h-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000610.html ASA-201605-3] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000611.html ASA-201605-4]<br />
|-<br />
| {{CVE|CVE-2016-4425}} [https://github.com/akheron/jansson/issues/282] [http://marc.info/?l=oss-security&m=146219323703639&w=2] || {{pkg|jansson}} || 2016-05-02 || <= 2.7-1 || 2.8-1 || 137d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000711.html ASA-201609-15]<br />
|-<br />
| {{CVE|CVE-2016-4425}} [https://github.com/akheron/jansson/issues/282] [http://marc.info/?l=oss-security&m=146219323703639&w=2] || {{pkg|lib32-jansson}} || 2016-05-02 || <= 2.7-2 || 2.8-1 || 140d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000713.html ASA-201609-17]<br />
|-<br />
| {{CVE|CVE-2016-1660}} {{CVE|CVE-2016-1661}} {{CVE|CVE-2016-1662}} {{CVE|CVE-2016-1663}} {{CVE|CVE-2016-1664}} {{CVE|CVE-2016-1665}} {{CVE|CVE-2016-1666}} [http://googlechromereleases.blogspot.fr/2016/04/stable-channel-update_28.html] || {{pkg|chromium}} || 2016-04-28 || <= 50.0.2661.75-1 || 50.0.2661.94-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000614.html ASA-201605-7]<br />
|-<br />
| {{CVE|CVE-2015-8869}} || {{pkg|ocaml}} || 2016-04-29 || <= 4.02.3-2 || || || '''Vulnerable''' || <br />
|-<br />
| {{CVE|CVE-2016-4414}} [http://marc.info/?l=oss-security&m=146204310020229&w=2] || {{pkg|quassel-core}} || 2016-04-30 || <= 0.12.3-1 || 0.12.4-1 || 6d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000612.html ASA-201605-5]<br />
|-<br />
| {{CVE|CVE-2016-2167}} {{CVE|CVE-2016-2168}} [https://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgfn1iKueW51EpmXzXi_URNfGNofZSgOyW1_jnSeNm5DQ@mail.gmail.com%3E] || {{pkg|subversion}} || 2016-04-28 || <= 1.9.3-2 || 1.9.4-1 || 38d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000641.html ASA-201606-6]<br />
|-<br />
| {{CVE|CVE-2015-7704}} {{CVE|CVE-2015-8138}} {{CVE|CVE-2016-1547}} {{CVE|CVE-2016-1548}} {{CVE|CVE-2016-1549}} {{CVE|CVE-2016-1550}} {{CVE|CVE-2016-1551}} {{CVE|CVE-2016-2516}} {{CVE|CVE-2016-2517}} {{CVE|CVE-2016-2518}} {{CVE|CVE-2016-2519}} [http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security] || {{pkg|ntp}} || 2016-04-26 || <= 4.2.8.p6-3 || 4.2.8.p7-1 || 6d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-2804}} {{CVE|CVE-2016-2805}} {{CVE|CVE-2016-2806}} {{CVE|CVE-2016-2807}} {{CVE|CVE-2016-2808}} {{CVE|CVE-2016-2811}} {{CVE|CVE-2016-2812}} {{CVE|CVE-2016-2814}} {{CVE|CVE-2016-2816}} {{CVE|CVE-2016-2817}} {{CVE|CVE-2016-2820}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox46] || {{pkg|firefox}} || 2016-04-26 || <= 45.0.2-1 || 46.0-2 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000607.html ASA-201604-15]<br />
|-<br />
| {{CVE|CVE-2015-8863}} [http://seclists.org/oss-sec/2016/q2/134] || {{pkg|jq}} || 2016-04-23 || <= 1.5-3 || 1.5-4 || 109d || Fixed ({{bug|50330}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000684.html ASA-201608-10]<br />
|-<br />
| {{CVE|CVE-2016-3074}} [http://seclists.org/oss-sec/2016/q2/128] || {{pkg|gd}} || 2016-04-21 || <= 2.1.1-3 || 2.1.1-4 || 15d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000615.html ASA-201605-8]<br />
|-<br />
| {{CVE|CVE-2016-4051}} {{CVE|CVE-2016-4052}} {{CVE|CVE-2016-4053}} {{CVE|CVE-2016-4054}} [http://www.squid-cache.org/Advisories/SQUID-2016_5.txt] [http://www.squid-cache.org/Advisories/SQUID-2016_6.txt] || {{pkg|squid}} || 2016-04-20 || <= 3.5.16-1 || 3.5.17-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000606.html ASA-201604-14]<br />
|-<br />
| {{CVE|CVE-2016-4021}} [https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2016-030.txt] || {{pkg|pgpdump}} || 2016-04-12 || <= 0.29-2 || 0.30-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000603.html ASA-201604-11]<br />
|-<br />
| {{CVE|CVE-2016-1955}} {{CVE|CVE-2016-1956}} [https://www.mozilla.org/en-US/security/advisories/mfsa2016-18/] [https://www.mozilla.org/en-US/security/advisories/mfsa2016-19/] || {{pkg|thunderbird}} || 2016-04-12 || <= 38.7.2-1 || 45.0-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000604.html ASA-201604-12]<br />
|-<br />
| {{CVE|CVE-2016-2347}} [http://www.talosintel.com/reports/TALOS-2016-0095/] || {{pkg|lhasa}} || 2016-04-14 || <= 0.3.0-1 || 0.3.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000600.html ASA-201604-8]<br />
|-<br />
| {{CVE|CVE-2016-1651}} {{CVE|CVE-2016-1652}} {{CVE|CVE-2016-1653}} {{CVE|CVE-2016-1654}} {{CVE|CVE-2016-1655}} {{CVE|CVE-2016-1656}} {{CVE|CVE-2016-1657}} {{CVE|CVE-2016-1658}} {{CVE|CVE-2016-1659}} [http://googlechromereleases.blogspot.fr/2016/04/stable-channel-update_13.html] || {{pkg|chromium}} || 2016-04-13|| <= 49.0.2623.112-1 || 50.0.2661.75-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000602.html ASA-201604-10]<br />
|-<br />
| {{CVE|CVE-2015-5370}} {{CVE|CVE-2016-2110}} {{CVE|CVE-2016-2111}} {{CVE|CVE-2016-2112}} {{CVE|CVE-2016-2113}} {{CVE|CVE-2016-2114}} {{CVE|CVE-2016-2115}} {{CVE|CVE-2016-2118}} [https://www.samba.org/samba/history/security.html] [http://badlock.org/] || {{pkg|samba}} || 2016-04-12|| <= 4.4.0-1 || 4.4.2-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000605.html ASA-201604-13]<br />
|-<br />
| {{CVE|CVE-2016-4008}} [http://article.gmane.org/gmane.comp.security.oss.general/19286] || {{pkg|libtasn1}} || 2016-04-11|| <= 4.7-1 || 4.8-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000601.html ASA-201604-9]<br />
|-<br />
| {{CVE|CVE-2011-5326}} {{CVE|CVE-2016-3993}} {{CVE|CVE-2016-3994}} {{CVE|CVE-2016-4024}} [https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=785369] [http://article.gmane.org/gmane.comp.security.oss.general/19276] || {{pkg|imlib2}} || 2016-04-09 || <= 1.4.8-1 || 1.4.9-1 || 23d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000608.html ASA-201605-1]<br />
|-<br />
| {{CVE|CVE-2014-9771}} [http://www.openwall.com/lists/oss-security/2016/04/09/3] || {{pkg|imlib2}} || 2016-04-09 || <= 1.4.5-6 || 1.4.6-1 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-1006}} {{CVE|CVE-2016-1011}} {{CVE|CVE-2016-1012}} {{CVE|CVE-2016-1013}} {{CVE|CVE-2016-1014}} {{CVE|CVE-2016-1015}} {{CVE|CVE-2016-1016}} {{CVE|CVE-2016-1017}} {{CVE|CVE-2016-1018}} {{CVE|CVE-2016-1019}} {{CVE|CVE-2016-1020}} {{CVE|CVE-2016-1021}} {{CVE|CVE-2016-1022}} {{CVE|CVE-2016-1023}} {{CVE|CVE-2016-1024}} {{CVE|CVE-2016-1025}} {{CVE|CVE-2016-1026}} {{CVE|CVE-2016-1027}} {{CVE|CVE-2016-1028}} {{CVE|CVE-2016-1029}} {{CVE|CVE-2016-1030}} {{CVE|CVE-2016-1031}} {{CVE|CVE-2016-1032}} {{CVE|CVE-2016-1033}} [https://helpx.adobe.com/security/products/flash-player/apsa16-01.html] [https://helpx.adobe.com/security/products/flash-player/apsb16-10.html] || {{pkg|flashplugin}} || 2016-04-05 || <= 11.2.202.577-1 || 11.2.202.616-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000599.html ASA-201604-7]<br />
|-<br />
| {{CVE|CVE-2016-3630}} {{CVE|CVE-2016-3068}} {{CVE|CVE-2016-3069}} [https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.29] || {{pkg|mercurial}} || 2016-03-29 || <= 3.7.2-1 || 3.7.3-1 || 8d || Fixed ({{bug|48821}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000598.html ASA-201604-6]<br />
|-<br />
| {{CVE|CVE-2016-2191}} [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2191] [https://sourceforge.net/p/optipng/bugs/59/] [http://www.openwall.com/lists/oss-security/2016/04/04/2]|| {{Pkg|optipng}} || 2016-04-04 || <= 0.7.5-2 || 0.7.6-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000597.html ASA-201604-5]<br />
|-<br />
| {{CVE|CVE-2016-3947}} [http://www.squid-cache.org/Advisories/SQUID-2016_3.txt] || {{Pkg|squid}} || 2016-04-01 || <= 3.5.15-2 || 3.5.16 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000596.html ASA-201604-4]<br />
|-<br />
| {{CVE|CVE-2016-0636}} [http://www.oracle.com/technetwork/topics/security/alert-cve-2016-0636-2949497.html] [http://blog.fuseyism.com/index.php/2016/03/25/security-icedtea-2-6-5-for-openjdk-7-released/] || {{pkg|jdk7-openjdk}} {{pkg|jre7-openjdk}} {{pkg|jre7-openjdk-headless}} || 2016-03-24 || <= 7.u95_2.6.4-1 || 7.u99_2.6.5-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000593.html ASA-201604-1] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000594.html ASA-201604-2] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000595.html ASA-201604-3]<br />
|-<br />
| {{CVE|CVE-2016-0636}} [http://www.oracle.com/technetwork/topics/security/alert-cve-2016-0636-2949497.html] || {{pkg|jdk8-openjdk}} {{pkg|jre8-openjdk}} {{pkg|jre8-openjdk-headless}} || 2016-03-23 || <= 8.u74-1 || 8.u77-1 || 6d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000590.html ASA-201603-25] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000591.html ASA-201603-26] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000592.html ASA-201603-27]<br />
|-<br />
| {{CVE|CVE-2016-1646}} {{CVE|CVE-2016-1647}} {{CVE|CVE-2016-1648}} {{CVE|CVE-2016-1649}} {{CVE|CVE-2016-1650}} [http://googlechromereleases.blogspot.fr/2016/03/stable-channel-update_24.html] || {{pkg|chromium}} || 2016-03-24 || <= 49.0.2623.87-1 || 49.0.2623.108-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000589.html ASA-201603-24]<br />
|-<br />
| {{CVE|CVE-2016-2849}} {{CVE|CVE-2016-2850}} [http://botan.randombit.net/security.html#id1] || {{pkg|botan}} || 2016-03-20 || <= 1.11.28-1 || 1.11.29-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000587.html ASA-201603-22]<br />
|-<br />
| {{CVE|CVE-2016-1952}} {{CVE|CVE-2016-1953}} {{CVE|CVE-2016-1954}} {{CVE|CVE-2016-1957}} {{CVE|CVE-2016-1960}} {{CVE|CVE-2016-1961}} {{CVE|CVE-2016-1964}} {{CVE|CVE-2016-1966}} {{CVE|CVE-2016-1974}} {{CVE|CVE-2016-1977}} {{CVE|CVE-2016-2790}} {{CVE|CVE-2016-2791}} {{CVE|CVE-2016-2792}} {{CVE|CVE-2016-2793}} {{CVE|CVE-2016-2794}} {{CVE|CVE-2016-2795}} {{CVE|CVE-2016-2796}} {{CVE|CVE-2016-2797}} {{CVE|CVE-2016-2798}} {{CVE|CVE-2016-2799}} {{CVE|CVE-2016-2800}} {{CVE|CVE-2016-2801}} {{CVE|CVE-2016-2802}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird38.7] || {{pkg|thunderbird}} || 2016-03-14 || <= 38.6.0-1 || 38.7.0-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000586.html ASA-201603-21]<br />
|-<br />
| {{CVE|CVE-2016-2324}} [http://seclists.org/oss-sec/2016/q1/653] || {{pkg|git}} || 2016-03-15 || <= 2.7.3-1 || 2.7.4-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000585.html ASA-201603-20]<br />
|-<br />
| {{CVE|CVE-2016-3116}} [https://matt.ucc.asn.au/dropbear/CHANGES] || {{pkg|dropbear}} || 2016-03-13 || <= 2015.71-1 || 2016.72-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000584.html ASA-201603-19]<br />
|-<br />
| {{CVE|CVE-2015-1283}} [https://sourceforge.net/p/expat/bugs/528/] || {{pkg|expat}} || 2016-03-12 || <= 2.1.0-4 || 2.1.1-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000588.html ASA-201603-23]<br />
|-<br />
| {{CVE|CVE-2016-2088}} [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2088] {{CVE|CVE-2016-1286}} [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1286] {{CVE|CVE-2016-1285}} [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1285] || {{pkg|bind}} || 2016-03-10 || <= 9.10.3.P3-3 || 9.10.3.P4-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000578.html ASA-201603-13]<br />
|-<br />
| {{CVE|CVE-2016-0960}} {{CVE|CVE-2016-0961}} {{CVE|CVE-2016-0962}} {{CVE|CVE-2016-0963}} {{CVE|CVE-2016-0986}} {{CVE|CVE-2016-0987}} {{CVE|CVE-2016-0988}} {{CVE|CVE-2016-0989}} {{CVE|CVE-2016-0990}} {{CVE|CVE-2016-0991}} {{CVE|CVE-2016-0992}} {{CVE|CVE-2016-0993}} {{CVE|CVE-2016-0994}} {{CVE|CVE-2016-0995}} {{CVE|CVE-2016-0996}} {{CVE|CVE-2016-0997}} {{CVE|CVE-2016-0998}} {{CVE|CVE-2016-0999}} {{CVE|CVE-2016-1000}} {{CVE|CVE-2016-1001}} {{CVE|CVE-2016-1002}} {{CVE|CVE-2016-1005}} {{CVE|CVE-2016-1010}} [https://helpx.adobe.com/security/products/flash-player/apsb16-08.html] || {{pkg|lib32-flashplugin}} || 2016-03-10 || <= 11.2.202.569-1 || 11.2.202.577-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000576.html ASA-201603-11]<br />
|-<br />
| {{CVE|CVE-2016-0960}} {{CVE|CVE-2016-0961}} {{CVE|CVE-2016-0962}} {{CVE|CVE-2016-0963}} {{CVE|CVE-2016-0986}} {{CVE|CVE-2016-0987}} {{CVE|CVE-2016-0988}} {{CVE|CVE-2016-0989}} {{CVE|CVE-2016-0990}} {{CVE|CVE-2016-0991}} {{CVE|CVE-2016-0992}} {{CVE|CVE-2016-0993}} {{CVE|CVE-2016-0994}} {{CVE|CVE-2016-0995}} {{CVE|CVE-2016-0996}} {{CVE|CVE-2016-0997}} {{CVE|CVE-2016-0998}} {{CVE|CVE-2016-0999}} {{CVE|CVE-2016-1000}} {{CVE|CVE-2016-1001}} {{CVE|CVE-2016-1002}} {{CVE|CVE-2016-1005}} {{CVE|CVE-2016-1010}} [https://helpx.adobe.com/security/products/flash-player/apsb16-08.html] || {{pkg|flashplugin}} || 2016-03-10 || <= 11.2.202.569-1 || 11.2.202.577-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000575.html ASA-201603-10]<br />
|-<br />
| {{CVE|CVE-2016-3115}} [http://www.openssh.com/txt/x11fwd.adv] || {{pkg|openssh}} || 2016-03-10 || <= 7.2p1-1 || 7.2p2-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000577.html ASA-201603-12]<br />
|-<br />
| {{CVE|CVE-2015-8833}} [http://seclists.org/oss-sec/2016/q1/572] || {{pkg|pidgin-otr}} || 2016-03-09 || <= 4.0.1-2 || 4.0.2-1 || 3d || Fixed ({{bug|48537}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000579.html ASA-201603-14]<br />
|-<br />
| {{CVE|CVE-2016-2774}} [https://kb.isc.org/article/AA-01354] || {{pkg|dhcp}} || 2016-03-09 || <= 4.3.3.p1-1 || 4.3.4-1 || 21d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-1531}} [http://www.exim.org/static/doc/CVE-2016-1531.txt] || {{pkg|exim}} || 2016-03-06 || <= 4.86.1-1 || 4.86.2-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000573.html ASA-201603-8]<br />
|-<br />
| {{CVE|CVE-2016-1577}} {{CVE|CVE-2016-2089}} {{CVE|CVE-2016-2116}} || {{pkg|jasper}} || 2016-03-06 || <= 1.900.1-14 || 1.900.1-15 || ~2m || Fixed ({{bug|48511}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000609.html ASA-201605-2]<br />
|-<br />
| {{CVE|CVE-2016-1285}} {{CVE|CVE-2016-1286}} [https://kb.isc.org/article/AA-01352/] [https://kb.isc.org/article/AA-01353/] || {{pkg|bind}} || 2016-03-09 || <= 9.10.3.P3-3 || 9.10.3.P4-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000572.html ASA-201603-7]<br />
|-<br />
| {{CVE|CVE-2016-2851}} [https://otr.cypherpunks.ca/] || {{pkg|libotr}} || 2016-03-09 || <= 4.1.0-1 || 4.1.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000571.html ASA-201603-6]<br />
|-<br />
| {{CVE|CVE-2016-1643}} {{CVE|CVE-2016-1644}} {{CVE|CVE-2016-1645}} || {{pkg|chromium}} || 2016-03-09 || <= 49.0.2623.75-1 || 49.0.2623.87-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000570.html ASA-201603-5]<br />
|-<br />
| {{CVE|CVE-2016-1952}} {{CVE|CVE-2016-1953}} {{CVE|CVE-2016-1954}} {{CVE|CVE-2016-1955}} {{CVE|CVE-2016-1956}} {{CVE|CVE-2016-1957}} {{CVE|CVE-2016-1958}} {{CVE|CVE-2016-1959}} {{CVE|CVE-2016-1960}} {{CVE|CVE-2016-1961}} {{CVE|CVE-2016-1962}} {{CVE|CVE-2016-1963}} {{CVE|CVE-2016-1964}} {{CVE|CVE-2016-1965}} {{CVE|CVE-2016-1966}} {{CVE|CVE-2016-1967}} {{CVE|CVE-2016-1968}} {{CVE|CVE-2016-1970}} {{CVE|CVE-2016-1971}} {{CVE|CVE-2016-1972}} {{CVE|CVE-2016-1973}} {{CVE|CVE-2016-1974}} {{CVE|CVE-2016-1975}} {{CVE|CVE-2016-1976}} {{CVE|CVE-2016-1977}} {{CVE|CVE-2016-2790}} {{CVE|CVE-2016-2791}} {{CVE|CVE-2016-2792}} {{CVE|CVE-2016-2793}} {{CVE|CVE-2016-2794}} {{CVE|CVE-2016-2795}} {{CVE|CVE-2016-2796}} {{CVE|CVE-2016-2797}} {{CVE|CVE-2016-2798}} {{CVE|CVE-2016-2799}} {{CVE|CVE-2016-2800}} {{CVE|CVE-2016-2801}} {{CVE|CVE-2016-2802}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox45] || {{pkg|firefox}} || 2016-03-08 || <= 44.0.2-2 || 45.0-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000569.html ASA-201603-4]<br />
|-<br />
| {{CVE|CVE-2016-2532}} {{CVE|CVE-2016-2531}} {{CVE|CVE-2016-2530}} {{CVE|CVE-2016-2529}} {{CVE|CVE-2016-2528}} {{CVE|CVE-2016-2527}} {{CVE|CVE-2016-2526}} {{CVE|CVE-2016-2525}} {{CVE|CVE-2016-2524}} {{CVE|CVE-2016-2523}} {{CVE|CVE-2016-2522}} {{CVE|CVE-2016-2521}} || {{pkg|wireshark-cli}} {{pkg|wireshark-qt}} {{pkg|wireshark-gtk}} || 2016-03-07 || <= 2.0.1-2 || 2.0.2-1 || 5d || Fixed ({{bug|48536}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000580.html ASA-201603-15] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000581.html ASA-201603-16] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000582.html ASA-201603-17]<br />
|-<br />
| {{CVE|CVE-2016-2381}} [https://www.debian.org/security/2016/dsa-3501] || {{pkg|perl}} || 2016-03-07 || <= 5.22.1-1 || 5.22.1-2 || 3d || Fixed ({{Bug|48482}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000574.html ASA-201603-9]<br />
|-<br />
| {{CVE|CVE-2015-8126}} {{CVE|CVE-2016-1630}} {{CVE|CVE-2016-1631}} {{CVE|CVE-2016-1632}} {{CVE|CVE-2016-1633}} {{CVE|CVE-2016-1634}} {{CVE|CVE-2016-1635}} {{CVE|CVE-2016-1636}} {{CVE|CVE-2016-1637}} {{CVE|CVE-2016-1638}} {{CVE|CVE-2016-1639}} {{CVE|CVE-2016-1640}} {{CVE|CVE-2016-1641}} {{CVE|CVE-2016-1642}} [http://googlechromereleases.blogspot.fr/2016/03/stable-channel-update.html] || {{pkg|chromium}} || 2016-03-02 || <= 48.0.2564.116-1 || 49.0.2623.75-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000566.html ASA-201603-1]<br />
|-<br />
| {{CVE|CVE-2016-0702}} {{CVE|CVE-2016-0705}} {{CVE|CVE-2016-0797}} {{CVE|CVE-2016-0798}} {{CVE|CVE-2016-0799}} {{CVE|CVE-2016-0800}} [https://www.openssl.org/news/secadv/20160301.txt] || {{pkg|openssl}} || 2016-03-01 || <= 1.0.2.f-1 || 1.0.2.g-3 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000567.html ASA-201603-2]<br />
|-<br />
| {{CVE|CVE-2016-0702}} {{CVE|CVE-2016-0705}} {{CVE|CVE-2016-0797}} {{CVE|CVE-2016-0798}} {{CVE|CVE-2016-0799}} {{CVE|CVE-2016-0800}} [https://www.openssl.org/news/secadv/20160301.txt] || {{pkg|lib32-openssl}} || 2016-03-01 || <= 1.0.2.f-1 || 1.0.2.g-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000568.html ASA-201603-3]<br />
|-<br />
| {{CVE|CVE-2015-7511}} [https://lists.gnupg.org/pipermail/gnupg-announce/2016q1/000384.html] || {{pkg|libgcrypt}} || 2016-02-09 || <= 1.6.4-1 || 1.6.5-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000560.html ASA-201602-19]<br />
|-<br />
| {{CVE|CVE-2016-0739}} [https://www.libssh.org/2016/02/23/libssh-0-7-3-security-and-bugfix-release/] || {{pkg|libssh}} || 2016-02-23 || <= 0.7.2-1 || 0.7.3-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000559.html ASA-201602-18]<br />
|-<br />
| {{CVE|CVE-2016-0787}} [https://www.libssh2.org/adv_20160223.html] || {{pkg|libssh2}} || 2016-02-23 || <= 1.6.0-1 || 1.7.0-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000561.html ASA-201602-20]<br />
|-<br />
| {{CVE|CVE-2016-0787}} [https://www.libssh2.org/adv_20160223.html] || {{pkg|lib32-libssh2}} || 2016-02-23 || <= 1.6.0-1 || 1.7.0-1 ||3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000562.html ASA-201602-21]<br />
|-<br />
| {{CVE|CVE-2016-1629}} [http://googlechromereleases.blogspot.fr/2016/02/stable-channel-update_18.html] || {{pkg|chromium}} || 2016-02-18 || <= 48.0.2564.109-1 || 48.0.2564.116-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000558.html ASA-201602-17]<br />
|-<br />
| {{CVE|CVE-2015-7575}} {{CVE|CVE-2016-1523}} {{CVE|CVE-2016-1930}} {{CVE|CVE-2016-1931}} {{CVE|CVE-2016-1935}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird38.6] || {{pkg|thunderbird}} || 2016-02-11 || <= 38.5.1-1 || 38.6.0-1 || 6d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000557.html ASA-201602-16]<br />
|-<br />
| {{CVE|CVE-2015-7547}} {{CVE|CVE-2015-8776}} {{CVE|CVE-2015-8777}} {{CVE|CVE-2015-8778}} {{CVE|CVE-2015-8779}} [https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html] [https://googleonlinesecurity.blogspot.de/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html] || {{pkg|glibc}} || 2016-02-16 || <= 2.22-3 || 2.22-4 || 1d || Fixed ({{Bug|48213}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000555.html ASA-201602-15]<br />
|-<br />
| {{CVE|CVE-2015-7547}} {{CVE|CVE-2015-8776}} {{CVE|CVE-2015-8777}} {{CVE|CVE-2015-8778}} {{CVE|CVE-2015-8779}} [https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html] [https://googleonlinesecurity.blogspot.de/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html] || {{pkg|lib32-glibc}} || 2016-02-16 || <= 2.22-3.1 || 2.22-4 || 1d || Fixed ({{Bug|48213}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000554.html ASA-201602-14]<br />
|-<br />
| {{CVE|CVE-2016-1622}} {{CVE|CVE-2016-1623}} {{CVE|CVE-2016-1624}} {{CVE|CVE-2016-1625}} {{CVE|CVE-2016-1626}} {{CVE|CVE-2016-1627}} [http://googlechromereleases.blogspot.fr/2016/02/stable-channel-update_9.html]|| {{pkg|chromium}} || 2016-02-09 || <= 48.0.2564.103-1 || 48.0.2564.109-1 || 6d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-1949}} [https://www.mozilla.org/en-US/security/advisories/mfsa2016-13/]|| {{pkg|firefox}} || 2016-02-11 || <= 44.0.1-1 || 44.0.2-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000552.html ASA-201602-12]<br />
|-<br />
| {{CVE|CVE-2016-1544}} [https://nghttp2.org/blog/2016/02/11/nghttp2-v1-7-1/]|| {{pkg|nghttp2}} || 2016-02-11 || <= 1.7.0-1 || 1.7.1-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000553.html ASA-201602-13]<br />
|-<br />
| {{CVE|CVE-2014-2312}} [https://www.kde.org/info/security/advisory-20160209-1.txt]|| {{pkg|kscreenlocker}} || 2016-02-10 || <= 5.5.4-1 || 5.5.4-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000550.html ASA-201602-10]<br />
|-<br />
| {{CVE|CVE-2014-9496}} {{CVE|CVE-2014-9756}} {{CVE|CVE-2015-7805}} || {{pkg|libsndfile}} {{pkg|lib32-libsndfile}} || 2016-02-01 || <= 1.0.25-3 || 1.0.26-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000548.html ASA-201602-8] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000549.html ASA-201602-9]<br />
|-<br />
| {{CVE|CVE-2015-8803}} {{CVE|CVE-2015-8804}} {{CVE|CVE-2015-8805}} [https://blog.fuzzing-project.org/38-Miscomputations-of-elliptic-curve-scalar-multiplications-in-Nettle.html] || {{pkg|nettle}} {{pkg|lib32-nettle}} || 2016-02-03 || <= 3.1-1 || 3.2-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000545.html ASA-201602-5] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000546.html ASA-201602-6]<br />
|-<br />
| {{CVE|CVE-2016-2194}} {{CVE|CVE-2016-2195}} {{CVE|CVE-2016-2196}} [http://botan.randombit.net/security.html#id1] || {{pkg|botan}} || 2016-02-01 || <= 1.11.25-2 || 1.11.28-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000551.html ASA-201602-11]<br />
|-<br />
| {{CVE|CVE-2014-9761}} [http://seclists.org/oss-sec/2016/q1/153] || {{pkg|lib32-glibc}} || 2016-02-01 || <= 2.22-4 || 2.23-1 || 27d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000564.html ASA-201602-23]<br />
|-<br />
| {{CVE|CVE-2014-9761}} [http://seclists.org/oss-sec/2016/q1/153] || {{pkg|glibc}} || 2016-02-01 || <= 2.22-4 || 2.23-1 || 27d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000563.html ASA-201602-22]<br />
|-<br />
| {{CVE|CVE-2016-2048}} [https://www.djangoproject.com/weblog/2016/feb/01/releases-192-and-189/] || {{pkg|python-django}} {{pkg|python2-django}} || 2016-02-01 || <= 1.9.1-1 || 1.9.2-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000540.html ASA-201602-1] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000542.html ASA-201602-2]<br />
|-<br />
| {{CVE|CVE-2016-2090}} [http://article.gmane.org/gmane.comp.security.oss.general/18715] [http://cgit.freedesktop.org/libbsd/commit/?id=c8f0723d2b4520bdd6b9eb7c3e7976de726d7ff7] [https://bugs.freedesktop.org/show_bug.cgi?id=93881] [https://blog.fuzzing-project.org/36-Heap-buffer-overflow-in-fgetwln-function-of-libbsd.html] || {{pkg|libbsd}} || 2016-01-27 || <= 0.8.1-1 || 0.8.2-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000547.html ASA-201602-7]<br />
|-<br />
| {{CVE|CVE-2015-3197}} {{CVE|CVE-2015-4000}} {{CVE|CVE-2016-0701}} [https://openssl.org/news/secadv/20160128.txt] || {{pkg|openssl}} {{pkg|lib32-openssl}} || 2016-01-28 || <= 1.0.2.e-1 || 1.0.2.f-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000538.html ASA-201601-32] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000539.html ASA-201601-33]<br />
|-<br />
| {{CVE|CVE-2016-0755}} [http://curl.haxx.se/docs/adv_20160127A.html] || {{pkg|curl}} {{pkg|lib32-curl}} || 2016-01-27 || <= 7.46.0-1 || 7.47.0-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000543.html ASA-201602-3] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000544.html ASA-201602-4]<br />
|-<br />
| {{CVE|CVE-2016-0742}} {{CVE|CVE-2016-0746}} {{CVE|CVE-2016-0747}} [http://mailman.nginx.org/pipermail/nginx-announce/2016/000168.html] || {{pkg|nginx}} || 2016-01-26 || <= 1.8.0-2 || 1.8.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000536.html ASA-201601-31]<br />
|-<br />
| {{CVE|CVE-2016-1982}} {{CVE|CVE-2016-1983}} [http://seclists.org/oss-sec/2016/q1/179] || {{pkg|privoxy}} || 2016-01-21 || <= 3.0.23-1 || 3.0.24-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000532.html ASA-201601-27]<br />
|-<br />
| {{CVE|CVE-2016-1572}} [https://bugs.launchpad.net/ecryptfs/+bug/1530566] || {{pkg|ecryptfs-utils}} || 2016-01-21 || <= 108-1 || 108-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000530.html ASA-201601-25]<br />
|-<br />
| {{CVE|CVE-2016-1612}} {{CVE|CVE-2016-1613}} {{CVE|CVE-2016-1614}} {{CVE|CVE-2016-1615}} {{CVE|CVE-2016-1616}} {{CVE|CVE-2016-1617}} {{CVE|CVE-2016-1618}} {{CVE|CVE-2016-1619}} {{CVE|CVE-2016-1620}} [http://googlechromereleases.blogspot.fr/2016/01/stable-channel-update_20.html] || {{pkg|chromium}} || 2016-01-20 || <= 47.0.2526.111-1 || 48.0.2564.82-1 || 1d|| Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000533.html ASA-201601-28]<br />
|-<br />
| {{CVE|CVE-2015-8704}} {{CVE|CVE-2015-8705}} [https://kb.isc.org/article/AA-01335] [https://kb.isc.org/article/AA-01336] || {{pkg|bind}} || 2016-01-19 || <= 9.10.3.P2-1 || 9.10.3.P3-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000526.html ASA-201601-21]<br />
|-<br />
| {{CVE|CVE-2016-0728}} [http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/] || {{pkg|linux-lts}} || 2016-01-19 || <= 4.1.15-1 || 4.1.16-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000531.html ASA-201601-26]<br />
|-<br />
| {{CVE|CVE-2016-0728}} [http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/] || {{pkg|linux}} || 2016-01-19 || <= 4.3.3-2 || 4.3.3-3 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000525.html ASA-201601-20]<br />
|-<br />
| {{CVE|CVE-2015-5300}} [http://support.ntp.org/bin/view/Main/NtpBug2956] || {{pkg|ntp}} || 2016-01-07 || <= 4.2.8.p4-1 || 4.2.8.p5-1 || 10d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000524.html ASA-201601-19]<br />
|-<br />
| {{CVE|CVE-2015-8618}} [https://groups.google.com/forum/#!topic/golang-dev/MEATuOi_ei4] || {{pkg|syncthing}} || 2016-01-13 || <= 0.12.14-1 || 0.12.14-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000521.html ASA-201601-16]<br />
|-<br />
| {{CVE|CVE-2015-8618}} [https://groups.google.com/forum/#!topic/golang-dev/MEATuOi_ei4] || {{pkg|keybase}} || 2016-01-13 || <= 1.0.8.0-1 || 1.0.8.0-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000520.html ASA-201601-15]<br />
|-<br />
| {{CVE|CVE-2015-8618}} [https://groups.google.com/forum/#!topic/golang-dev/MEATuOi_ei4] || {{pkg|hub}} || 2016-01-13 || <= 2.2.2-1 || 2.2.2-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000519.html ASA-201601-14]<br />
|-<br />
| {{CVE|CVE-2015-8618}} [https://groups.google.com/forum/#!topic/golang-dev/MEATuOi_ei4] || {{pkg|go-ipfs}} || 2016-01-13 || <= 0.3.11-1 || 0.3.11-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000518.html ASA-201601-13]<br />
|-<br />
| {{CVE|CVE-2015-8618}} [https://groups.google.com/forum/#!topic/golang-dev/MEATuOi_ei4] || {{pkg|docker}} || 2016-01-13 || <= 1:1.9.1-1 || 1:1.9.1-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000517.html ASA-201601-12]<br />
|-<br />
| {{CVE|CVE-2015-8770}} [http://seclists.org/bugtraq/2016/Jan/60] || {{pkg|roundcubemail}} || 2015-12-26 || <= 1.2beta-1 || 1.2beta-2 || 20d || Fixed ({{bug|47764}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000523.html ASA-201601-18]<br />
|-<br />
| {{CVE|CVE-2016-1903}} {{CVE|CVE-2016-1904}} [http://seclists.org/oss-sec/2016/q1/100] || {{pkg|php}} || 2016-01-14 || <= 7.0.1-1 || 7.0.2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000515.html ASA-201601-10]<br />
|-<br />
| {{CVE|CVE-2016-0777}} {{CVE|CVE-2016-0778}} [http://www.openssh.com/txt/release-7.1p2] || {{pkg|openssh}} || 2016-01-14 || <= 7.1p1-1 || 7.1p2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000512.html ASA-201601-9]<br />
|-<br />
| {{CVE|CVE-2016-2213}} [http://www.openwall.com/lists/oss-security/2016/02/03/2] || {{pkg|ffmpeg}} || 2016-02-03 || <= 2.8.4-1 || 2.8.5-1 || 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-1897}} {{CVE|CVE-2016-1898}} [http://seclists.org/oss-sec/2016/q1/85] || {{pkg|ffmpeg}} || 2016-01-13 || <= 1:2.8.4-2 || 1:2.8.4-3 || <1d || Fixed ({{Bug|47738}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000522.html ASA-201601-17]<br />
|-<br />
| {{CVE|CVE-2016-1897}} {{CVE|CVE-2016-1898}} [http://seclists.org/oss-sec/2016/q1/85] || {{pkg|mplayer}} || 2016-01-13 || <= 37379-6 || 37379-7 || 17d || Fixed ({{Bug|47944}}) || None<br />
|-<br />
| {{CVE|CVE-2015-8618}} [https://groups.google.com/forum/#!topic/golang-dev/MEATuOi_ei4] || {{pkg|go}} || 2016-01-13 || <= 2:1.5.2-1 || 2:1.5.3-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000516.html ASA-201601-11]<br />
|-<br />
|{{CVE|CVE-2015-8742}} {{CVE|CVE-2015-8741}} {{CVE|CVE-2015-8740}} {{CVE|CVE-2015-8738}} {{CVE|CVE-2015-8739}} {{CVE|CVE-2015-8737}} {{CVE|CVE-2015-8736}} {{CVE|CVE-2015-8735}} {{CVE|CVE-2015-8734}} {{CVE|CVE-2015-8733}} {{CVE|CVE-2015-8732}} {{CVE|CVE-2015-8730}} {{CVE|CVE-2015-8731}} {{CVE|CVE-2015-8729}} {{CVE|CVE-2015-8728}} {{CVE|CVE-2015-8727}} {{CVE|CVE-2015-8726}} {{CVE|CVE-2015-8725}} {{CVE|CVE-2015-8724}} {{CVE|CVE-2015-8723}} {{CVE|CVE-2015-8722}} {{CVE|CVE-2015-8721}} {{CVE|CVE-2015-8720}} {{CVE|CVE-2015-8718}} {{CVE|CVE-2015-8711}} || {{Pkg|wireshark-cli}} {{Pkg|wireshark-gtk}} {{Pkg|wireshark-qt}} || 2016-01-04 || <= 2.0.0 || 2.0.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000483.html ASA-201601-4] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000484.html ASA-201601-5] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000485.html ASA-201601-6]<br />
|-<br />
| {{CVE|CVE-2016-1564}} [http://article.gmane.org/gmane.comp.security.oss.general/18527] || {{Pkg|wordpress}} || 2016-01-08 || <= 4.4-1 || 4.4.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000481.html ASA-201601-2]<br />
|-<br />
| {{CVE|CVE-2015-8751}} [https://bugzilla.redhat.com/show_bug.cgi?id=1294039] [http://article.gmane.org/gmane.comp.security.oss.general/18523] || {{Pkg|jasper}} || 2016-01-07 || 1.900.1-15 || || || '''Vulnerable''' || <br />
|-<br />
| {{CVE|CVE-2015-8750}} [https://bugzilla.redhat.com/show_bug.cgi?id=1294264] [https://github.com/tomhughes/libdwarf/commit/11750a2838e52953013e3114ef27b3c7b1780697] || {{Pkg|libdwarf}} || 2016-01-07 || 20150507-1 || 20160115-1 || 13d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000527.html ASA-201601-22]<br />
|-<br />
| {{CVE|CVE-2016-1503}} {{CVE|CVE-2016-1504}} [http://article.gmane.org/gmane.comp.security.oss.general/18516] || {{Pkg|dhcpcd}} || 2016-01-07 || <= 6.9.4-1 || 6.10.0-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000486.html ASA-201601-7]<br />
|-<br />
| {{CVE|CVE-2015-7575}} [http://www.mitls.org/pages/attacks/SLOTH] [https://tls.mbed.org/tech-updates/releases/mbedtls-2.2.1-2.1.4-1.3.16-and-polarssl.1.2.19-released] || {{pkg|mbedtls}} || 2016-01-04 || 2.2.0-1 || 2.2.1-1 || 21d || Fixed ({{bug|47783}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000534.html ASA-201601-29]<br />
|-<br />
| {{CVE|CVE-2015-8688}} [http://gultsch.de/gajim_roster_push_and_message_interception.html] || {{pkg|gajim}} || 2015-12-20 || <= 0.16.4-1 || 0.16.5-1 || 20d || Fixed ({{bug|47647}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000482.html ASA-201601-3]<br />
|-<br />
| {{CVE|CVE-2016-1494}} [https://bitbucket.org/sybren/python-rsa/pull-requests/14/security-fix-bb06-attack-in-verify-by/diff] [https://blog.filippo.io/bleichenbacher-06-signature-forgery-in-python-rsa/] || {{pkg|python-rsa}} {{pkg|python2-rsa}} || 2016-01-05 || <= 3.2.3-1 || 3.3-1 || 13d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000528.html ASA-201601-23] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000529.html ASA-201601-24]<br />
|-<br />
| {{CVE|CVE-2016-1283}} [https://bugs.exim.org/show_bug.cgi?id=1767] [http://article.gmane.org/gmane.comp.security.oss.general/18481] || {{pkg|pcre}} || 2016-01-02 || <= 8.38-2 || 8.38-3 || 71d|| Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000583.html ASA-201603-18]<br />
|-<br />
|[http://article.gmane.org/gmane.comp.security.oss.general/18466] || {{Pkg|rtmpdump}} || 2015-12-23 || <= 20140918-2 || 1:2.4.r96.fa8646d-1 || 7d || Fixed ({{bug|47564}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000480.html ASA-201601-1]<br />
|-<br />
| {{CVE|CVE-2015-8472}} [http://seclists.org/oss-sec/2015/q4/439] || {{pkg|libpng}} || 2015-12-03 || <= 1.6.19-1 || 1.6.20-1 || 25d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000477.html ASA-201512-18]<br />
|-<br />
| {{CVE|CVE-2015-8459}} {{CVE|CVE-2015-8460}} {{CVE|CVE-2015-8634}} {{CVE|CVE-2015-8635}} {{CVE|CVE-2015-8636}} {{CVE|CVE-2015-8638}} {{CVE|CVE-2015-8639}} {{CVE|CVE-2015-8640}} {{CVE|CVE-2015-8641}} {{CVE|CVE-2015-8642}} {{CVE|CVE-2015-8643}} {{CVE|CVE-2015-8644}} {{CVE|CVE-2015-8645}} {{CVE|CVE-2015-8646}} {{CVE|CVE-2015-8647}} {{CVE|CVE-2015-8648}} {{CVE|CVE-2015-8649}} {{CVE|CVE-2015-8650}} {{CVE|CVE-2015-8651}} [https://helpx.adobe.com/security/products/flash-player/apsb16-01.html] || {{pkg|flashplugin}} {{pkg|lib32-flashplugin}} || 2015-12-28 || <= 11.2.202.554-1 || 11.2.202.559-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000477.html ASA-201512-17]<br />
|-<br />
| {{CVE|CVE-2015-7554}} {{CVE|CVE-2015-8683}} [http://seclists.org/oss-sec/2015/q4/584] [http://seclists.org/oss-sec/2015/q4/590] || {{pkg|libtiff}} || 2015-12-25 || <= 4.0.6-2 || || || '''Vulnerable''' || <br />
|-<br />
| {{CVE|CVE-2015-7201}} {{CVE|CVE-2015-7205}} {{CVE|CVE-2015-7212}} {{CVE|CVE-2015-7213}} {{CVE|CVE-2015-7214}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird38.5] || {{pkg|thunderbird}} || 2015-12-23 || <= 38.4.0-2 || 38.5.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000474.html ASA-201512-14]<br />
|-<br />
| {{CVE|CVE-2015-8612}} [http://seclists.org/oss-sec/2015/q4/541] || {{pkg|blueman}} || 2015-12-18 || <= 2.0.2-1 || 2.0.3-1 || 38d || Fixed ({{bug|47784}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000535.html ASA-201601-30]<br />
|-<br />
| {{CVE|CVE-2015-8659}} [http://seclists.org/oss-sec/2015/q4/576] || {{pkg|nghttp2}} || 2015-12-23 || <= 1.5.0-2 || 1.6.0-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000476.html ASA-201512-16]<br />
|-<br />
| {{CVE|CVE-2015-7555}} [http://seclists.org/oss-sec/2015/q4/548] || {{pkg|giflib}} || 2015-12-21 || <= 5.1.1-1 || 5.1.2-1 || 43d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-7557}} {{CVE|CVE-2015-7558}} [http://seclists.org/oss-sec/2015/q4/549] || {{pkg|librsvg}} || 2015-12-21 || <= 2:2.40.11-1 || 2:2.40.13-1 || 45d || Fixed ({{bug|47785}}) || None<br />
|-<br />
| {{CVE|CVE-2015-8622}} {{CVE|CVE-2015-8623}} {{CVE|CVE-2015-8624}} {{CVE|CVE-2015-8625}} {{CVE|CVE-2015-8626}} {{CVE|CVE-2015-8627}} {{CVE|CVE-2015-8628}} [http://seclists.org/oss-sec/2015/q4/552] || {{pkg|mediawiki}} || 2015-12-17 || <= 1.26.0-1 || 1.26.2-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000475.html ASA-201512-15]<br />
|-<br />
| {{CVE|CVE-2015-8614}} [http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3557] || {{pkg|claws-mail}} || 2015-12-21 || <= 3.13.0-1 || 3.13.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000473.html ASA-201512-13]<br />
|-<br />
| {{CVE|CVE-2015-8369}} {{CVE|CVE-2015-8604}} {{CVE|CVE-2015-8377}} {{CVE|CVE-2016-2313}} [http://www.openwall.com/lists/oss-security/2016/02/09/3] [https://bugs.mageia.org/show_bug.cgi?id=17352] [http://www.openwall.com/lists/oss-security/2016/01/04/8] || {{pkg|cacti}} || 2015-12-17 || <= 0.8.8_f-3 || 0.8.8_g-2 || 72d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000565.html ASA-201602-24]<br />
|-<br />
| [https://blog.fuzzing-project.org/32-Out-of-bounds-read-in-OpenVPN.html] || {{pkg|openvpn}} || 2015-12-18 || <= 2.3.8-2 || 2.3.9-1 || 9d || Fixed ({{bug|47498}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000479.html ASA-201512-19]<br />
|-<br />
| {{CVE|CVE-2015-8549}} [http://www.ocert.org/advisories/ocert-2015-011.html] || {{pkg|python2-pyamf}} || 2015-12-17 || <= 0.7.2-1 || 0.8.0-2 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000472.html ASA-201512-12]<br />
|-<br />
| {{CVE|CVE-2015-7551}} [https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/] || {{pkg|ruby}} || 2015-12-16 || <= 2.2.3-1 || 2.2.4-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000471.html ASA-201512-11]<br />
|-<br />
| {{CVE|CVE-2015-7201}} {{CVE|CVE-2015-7202}} {{CVE|CVE-2015-7203}} {{CVE|CVE-2015-7204}} {{CVE|CVE-2015-7205}} {{CVE|CVE-2015-7207}} {{CVE|CVE-2015-7208}} {{CVE|CVE-2015-7210}} {{CVE|CVE-2015-7211}} {{CVE|CVE-2015-7212}} {{CVE|CVE-2015-7213}} {{CVE|CVE-2015-7214}} {{CVE|CVE-2015-7215}} {{CVE|CVE-2015-7216}} {{CVE|CVE-2015-7217}} {{CVE|CVE-2015-7218}} {{CVE|CVE-2015-7219}} {{CVE|CVE-2015-7220}} {{CVE|CVE-2015-7221}} {{CVE|CVE-2015-7222}} {{CVE|CVE-2015-7223}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox43] || {{pkg|firefox}} || 2015-12-15 || <= 42.0-3 || 43.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000467.html ASA-201512-9]<br />
|-<br />
| {{CVE|CVE-2015-8000}} [https://kb.isc.org/article/AA-01317] || {{pkg|bind}} || 2015-12-15 || <= 9.10.3-2 || 9.10.3.P2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000468.html ASA-201512-10]<br />
|-<br />
| {{CVE|CVE-2015-8370}} [http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html#fix] || {{pkg|grub}} || 2015-12-15 || <= 1:2.02.beta2-5 || 1:2.02.beta2-6 || 3d || Fixed ({{bug|47386}}) || None<br />
|-<br />
| {{CVE|CVE-2015-8378}} [https://www.keepassx.org/news/2015/12/551] || {{pkg|keepassx}} || 2015-12-08 || <= 0.4.3-7 || 0.4.4-1 || <2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000466.html ASA-201512-8]<br />
|-<br />
| {{CVE|CVE-2015-8045}} {{CVE|CVE-2015-8047}} {{CVE|CVE-2015-8048}} {{CVE|CVE-2015-8049}} {{CVE|CVE-2015-8050}} {{CVE|CVE-2015-8055}} {{CVE|CVE-2015-8056}} {{CVE|CVE-2015-8057}} {{CVE|CVE-2015-8058}} {{CVE|CVE-2015-8059}} {{CVE|CVE-2015-8060}} {{CVE|CVE-2015-8061}} {{CVE|CVE-2015-8062}} {{CVE|CVE-2015-8063}} {{CVE|CVE-2015-8064}} {{CVE|CVE-2015-8065}} {{CVE|CVE-2015-8066}} {{CVE|CVE-2015-8067}} {{CVE|CVE-2015-8068}} {{CVE|CVE-2015-8069}} {{CVE|CVE-2015-8070}} {{CVE|CVE-2015-8071}} {{CVE|CVE-2015-8401}} {{CVE|CVE-2015-8402}} {{CVE|CVE-2015-8403}} {{CVE|CVE-2015-8404}} {{CVE|CVE-2015-8405}} {{CVE|CVE-2015-8406}} {{CVE|CVE-2015-8407}} {{CVE|CVE-2015-8408}} {{CVE|CVE-2015-8409}} {{CVE|CVE-2015-8410}} {{CVE|CVE-2015-8411}} {{CVE|CVE-2015-8412}} {{CVE|CVE-2015-8413}} {{CVE|CVE-2015-8414}} {{CVE|CVE-2015-8415}} {{CVE|CVE-2015-8416}} {{CVE|CVE-2015-8417}} {{CVE|CVE-2015-8418}} {{CVE|CVE-2015-8419}} {{CVE|CVE-2015-8420}} {{CVE|CVE-2015-8421}} {{CVE|CVE-2015-8422}} {{CVE|CVE-2015-8423}} {{CVE|CVE-2015-8424}} {{CVE|CVE-2015-8425}} {{CVE|CVE-2015-8426}} {{CVE|CVE-2015-8427}} {{CVE|CVE-2015-8428}} {{CVE|CVE-2015-8429}} {{CVE|CVE-2015-8430}} {{CVE|CVE-2015-8431}} {{CVE|CVE-2015-8432}} {{CVE|CVE-2015-8433}} {{CVE|CVE-2015-8434}} {{CVE|CVE-2015-8435}} {{CVE|CVE-2015-8436}} {{CVE|CVE-2015-8437}} {{CVE|CVE-2015-8438}} {{CVE|CVE-2015-8439}} {{CVE|CVE-2015-8440}} {{CVE|CVE-2015-8441}} {{CVE|CVE-2015-8442}} {{CVE|CVE-2015-8443}} {{CVE|CVE-2015-8444}} {{CVE|CVE-2015-8445}} {{CVE|CVE-2015-8446}} {{CVE|CVE-2015-8447}} {{CVE|CVE-2015-8448}} {{CVE|CVE-2015-8449}} {{CVE|CVE-2015-8450}} {{CVE|CVE-2015-8451}} {{CVE|CVE-2015-8452}} {{CVE|CVE-2015-8453}} {{CVE|CVE-2015-8454}} {{CVE|CVE-2015-8455}} [https://helpx.adobe.com/security/products/flash-player/apsb15-32.html] || {{pkg|flashplugin}} || 2015-12-08 || <= 11.2.202.548-1 || 11.2.202.554-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000465.html ASA-201512-7]<br />
|-<br />
| {{CVE|CVE-2015-6788}} {{CVE|CVE-2015-6789}} {{CVE|CVE-2015-6790}} {{CVE|CVE-2015-6791}} [http://googlechromereleases.blogspot.fr/2015/12/stable-channel-update_8.html] || {{pkg|chromium}} || 2015-12-08 || <= 47.0.2526.73-1 || 47.0.2526.80-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000463.html ASA-201512-5]<br />
|-<br />
| {{CVE|CVE-2015-3193}} {{CVE|CVE-2015-3194}} {{CVE|CVE-2015-3195}} {{CVE|CVE-2015-3196}} {{CVE|CVE-2015-1794}} [https://www.openssl.org/news/secadv/20151203.txt] || {{pkg|openssl}} {{pkg|lib32-openssl}} || 2015-12-03 || <= 1.0.2.d-1 || 1.0.2.e-1 || <3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000459.html ASA-201512-2]<br />
|-<br />
| {{CVE|CVE-2015-6764}} {{CVE|CVE-2015-6765}} {{CVE|CVE-2015-6766}} {{CVE|CVE-2015-6767}} {{CVE|CVE-2015-6768}} {{CVE|CVE-2015-6769}} {{CVE|CVE-2015-6770}} {{CVE|CVE-2015-6771}} {{CVE|CVE-2015-6772}} {{CVE|CVE-2015-6773}} {{CVE|CVE-2015-6774}} {{CVE|CVE-2015-6775}} {{CVE|CVE-2015-6776}} {{CVE|CVE-2015-6777}} {{CVE|CVE-2015-6778}} {{CVE|CVE-2015-6779}} {{CVE|CVE-2015-6780}} {{CVE|CVE-2015-6781}} {{CVE|CVE-2015-6782}} {{CVE|CVE-2015-6783}} {{CVE|CVE-2015-6784}} {{CVE|CVE-2015-6785}} {{CVE|CVE-2015-6786}} {{CVE|CVE-2015-6787}} [http://googlechromereleases.blogspot.fr/2015/12/stable-channel-update.html] || {{pkg|chromium}} || 2015-12-01 || <= 46.0.2490.86-1 || 47.0.2526.73-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000440.html ASA-201512-1]<br />
|-<br />
| {{CVE|CVE-2015-6764}} {{CVE|CVE-2015-8027}} [https://nodejs.org/en/blog/vulnerability/cve-2015-8027_cve-2015-6764/] || {{pkg|nodejs}} || 2015-11-25 || <= 5.1.0-1 || 5.1.1-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000462.html ASA-201512-4]<br />
|-<br />
| {{CVE|CVE-2015-8213}} [https://www.djangoproject.com/weblog/2015/nov/24/security-releases-issued/ templink] || {{pkg|python-django}} {{pkg|python2-django}} || 2015-11-24 || <= 1.8.6-1 || 1.8.7-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000460.html ASA-201512-3]<br />
|-<br />
| {{CVE|CVE-2015-1819}} {{CVE|CVE-2015-5312}} {{CVE|CVE-2015-7941}} {{CVE|CVE-2015-7942}} {{CVE|CVE-2015-7497}} {{CVE|CVE-2015-7498}} {{CVE|CVE-2015-7499}} {{CVE|CVE-2015-7500}} {{CVE|CVE-2015-8035}} {{CVE|CVE-2015-8242}} [https://mail.gnome.org/archives/xml/2015-November/msg00012.html templink] || {{pkg|libxml2}} || 2015-11-20 || <= 2.9.2-2 || 2.9.3-1 || 19d || Fixed ({{bug|47095}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000464.html ASA-201512-6]<br />
|-<br />
| {{CVE|CVE-2015-7981}} {{CVE|CVE-2015-8126}} [http://seclists.org/oss-sec/2015/q4/264 templink] [http://seclists.org/oss-sec/2015/q4/161 templink] || {{pkg|libpng}} {{pkg|lib32-libpng}} || 2015-11-12 || <= 1.6.18-1 || 1.6.19-1 || 5d || Fixed ({{bug|47069}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000437.html ASA-201511-9] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000438.html ASA-201511-10]<br />
|-<br />
| {{CVE|CVE-2015-5309}} [http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-ech-overflow.html templink] || {{pkg|putty}} || 2015-11-12 || <= 0.65-1 || 0.66-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000435.html ASA-201511-7]<br />
|-<br />
| {{CVE|CVE-2015-7651}} {{CVE|CVE-2015-7652}} {{CVE|CVE-2015-7653}} {{CVE|CVE-2015-7654}} {{CVE|CVE-2015-7655}} {{CVE|CVE-2015-7656}} {{CVE|CVE-2015-7657}} {{CVE|CVE-2015-7658}} {{CVE|CVE-2015-7659}} {{CVE|CVE-2015-7660}} {{CVE|CVE-2015-7661}} {{CVE|CVE-2015-7662}} {{CVE|CVE-2015-7663}} {{CVE|CVE-2015-8042}} {{CVE|CVE-2015-8043}} {{CVE|CVE-2015-8044}} {{CVE|CVE-2015-8046}} [https://helpx.adobe.com/security/products/flash-player/apsb15-28.html templink] || {{pkg|flashplugin}} || 2015-11-10 || <= 11.2.202.540-1 || 11.2.202.548-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000433.html ASA-201511-5]<br />
|-<br />
| {{CVE|CVE-2015-1302}} [http://googlechromereleases.blogspot.fr/2015/11/stable-channel-update.html templink] || {{pkg|chromium}} || 2015-11-10 || <= 46.0.2490.80-2 || 46.0.2490.86-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000436.html ASA-201511-8]<br />
|-<br />
| {{CVE|CVE-2015-5311}} [https://doc.powerdns.com/md/security/powerdns-advisory-2015-03/ templink] || {{pkg|powerdns}} || 2015-11-09 || <= 3.4.6-2 || 3.4.7-1 || 3d || Fixed ({{bug|47014}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000434.html ASA-201511-6]<br />
|-<br />
| {{CVE|CVE-2015-4513}} {{CVE|CVE-2015-4514}} {{CVE|CVE-2015-4515}} {{CVE|CVE-2015-4518}} {{CVE|CVE-2015-7181}} {{CVE|CVE-2015-7182}} {{CVE|CVE-2015-7183}} {{CVE|CVE-2015-7187}} {{CVE|CVE-2015-7188}} {{CVE|CVE-2015-7189}} {{CVE|CVE-2015-7193}} {{CVE|CVE-2015-7194}} {{CVE|CVE-2015-7195}} {{CVE|CVE-2015-7196}} {{CVE|CVE-2015-7197}} {{CVE|CVE-2015-7198}} {{CVE|CVE-2015-7199}} {{CVE|CVE-2015-7200}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2015-11-03 || <= 41.0.2-2 || 42.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000430.html ASA-201511-2]<br />
|-<br />
| {{CVE|CVE-2015-7183}} [http://www.mail-archive.com/dev-tech-crypto@lists.mozilla.org/msg12386.html templink] || {{pkg|nspr}} || 2015-11-03 || <= 4.10.9-1 || 4.10.10-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000432.html ASA-201511-4]<br />
|-<br />
| {{CVE|CVE-2015-7181}} {{CVE|CVE-2015-7182}} [http://www.mail-archive.com/dev-tech-crypto@lists.mozilla.org/msg12386.html templink] || {{pkg|nss}} || 2015-11-03 || <= 3.20-1 || 3.20.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000431.html ASA-201511-3]<br />
|-<br />
| {{CVE|CVE-2015-7696}} {{CVE|CVE-2015-7697}} [http://seclists.org/oss-sec/2015/q3/512 templink] || {{pkg|unzip}} || 2015-10-30 || <= 6.0-10 || 6.0-11 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000429.html ASA-201511-1]<br />
|-<br />
| {{CVE|CVE-2015-8011}} {{CVE|CVE-2015-8012}} [http://seclists.org/oss-sec/2015/q4/198 templink] || {{pkg|lldpd}} || 2015-10-17 || <= 0.7.18-1 || 0.7.19-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000427.html ASA-201510-25]<br />
|-<br />
| {{CVE|CVE-2015-5714}} {{CVE|CVE-2015-5715}} {{CVE|CVE-2015-7989}} [https://codex.wordpress.org/Version_4.3.1 templink] || {{pkg|wordpress}} || 2015-10-18 || <= 4.3.0-1 || 4.3.1-1 || 11d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000426.html ASA-201510-24]<br />
|-<br />
| {{CVE|CVE-2015-7873}} [https://www.phpmyadmin.net/security/PMASA-2015-5/ templink] || {{pkg|phpmyadmin}} || 2015-10-23 || <= 4.5.0-1 || 4.5.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000425.html ASA-201510-23]<br />
|-<br />
| {{CVE|CVE-2015-7995}} [https://bugzilla.redhat.com/show_bug.cgi?id=1257962 templink] || {{pkg|libxslt}} || 2015-10-27 || <= 1.1.28-3 || 1.1.28-4 || 73d || Fixed ({{bug|47681}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000487.html ASA-201601-8]<br />
|-<br />
| {{CVE|CVE-2015-7943}} [https://www.drupal.org/SA-CORE-2015-004 templink] || {{pkg|drupal}} || 2015-10-21 || <= 7.40-1 || 7.41-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000423.html ASA-201510-21]<br />
|-<br />
| {{CVE|CVE-2015-4913}} {{CVE|CVE-2015-4870}} {{CVE|CVE-2015-4861}} {{CVE|CVE-2015-4858}} {{CVE|CVE-2015-4836}} {{CVE|CVE-2015-4830}} {{CVE|CVE-2015-4826}} {{CVE|CVE-2015-4815}} {{CVE|CVE-2015-4802}} {{CVE|CVE-2015-4792}} || {{pkg|mariadb}} || 2015-10-22 || <= 10.0.21-3 || 10.0.22-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000428.html ASA-201510-26] <br />
|-<br />
| {{CVE|CVE-2015-4734}} {{CVE|CVE-2015-4803}} {{CVE|CVE-2015-4805}} {{CVE|CVE-2015-4806}} {{CVE|CVE-2015-4810}} {{CVE|CVE-2015-4835}} {{CVE|CVE-2015-4840}} {{CVE|CVE-2015-4842}} {{CVE|CVE-2015-4843}} {{CVE|CVE-2015-4844}} {{CVE|CVE-2015-4860}} {{CVE|CVE-2015-4868}} {{CVE|CVE-2015-4872}} {{CVE|CVE-2015-4881}} {{CVE|CVE-2015-4882}} {{CVE|CVE-2015-4883}} {{CVE|CVE-2015-4893}} {{CVE|CVE-2015-4901}} {{CVE|CVE-2015-4902}} {{CVE|CVE-2015-4903}} {{CVE|CVE-2015-4906}} {{CVE|CVE-2015-4908}} {{CVE|CVE-2015-4911}} {{CVE|CVE-2015-4916}} || {{pkg|jdk8-openjdk}} {{pkg|jre8-openjdk}} {{pkg|jre8-openjdk-headless}} || 2015-09-22 || <= 8.u60-1 || 8.u65-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000420.html ASA-201510-18] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000421.html ASA-201510-19] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000422.html ASA-201510-20]<br />
|-<br />
| {{CVE|CVE-2015-4734}} {{CVE|CVE-2015-4803}} {{CVE|CVE-2015-4805}} {{CVE|CVE-2015-4806}} {{CVE|CVE-2015-4810}} {{CVE|CVE-2015-4835}} {{CVE|CVE-2015-4840}} {{CVE|CVE-2015-4842}} {{CVE|CVE-2015-4843}} {{CVE|CVE-2015-4844}} {{CVE|CVE-2015-4860}} {{CVE|CVE-2015-4871}} {{CVE|CVE-2015-4872}} {{CVE|CVE-2015-4881}} {{CVE|CVE-2015-4882}} {{CVE|CVE-2015-4883}} {{CVE|CVE-2015-4893}} {{CVE|CVE-2015-4902}} {{CVE|CVE-2015-4903}} {{CVE|CVE-2015-4911}} || {{pkg|jdk7-openjdk}} {{pkg|jre7-openjdk}} {{pkg|jre7-openjdk-headless}} || 2015-09-22 || <= 7.u85_2.6.1-2 || 7.u91_2.6.2-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000417.html ASA-201510-15] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000418.html ASA-201510-16] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000419.html ASA-201510-17]<br />
|-<br />
| {{CVE|CVE-2015-7691}} {{CVE|CVE-2015-7692}} {{CVE|CVE-2015-7701}} {{CVE|CVE-2015-7702}} {{CVE|CVE-2015-7703}} {{CVE|CVE-2015-7704}} {{CVE|CVE-2015-7705}} {{CVE|CVE-2015-7848}} {{CVE|CVE-2015-7849}} {{CVE|CVE-2015-7850}} {{CVE|CVE-2015-7851}} {{CVE|CVE-2015-7852}} {{CVE|CVE-2015-7853}} {{CVE|CVE-2015-7854}} {{CVE|CVE-2015-7855}} {{CVE|CVE-2015-7871}} [http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities templink] [http://blog.talosintel.com/2015/10/ntpd-vulnerabilities.html templink] || {{pkg|ntp}} || 2015-10-21 || <= 4.2.8.p3-1 || 4.2.8.p4-1 || 1d || Fixed ({{bug|46826}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000416.html ASA-201510-14]<br />
|-<br />
| {{CVE|CVE-2015-6031}} [http://talosintel.com/reports/TALOS-2015-0035/ templink] || {{pkg|miniupnpc}} || 2015-09-15 || <= 1.9.20150730-1 || 1.9.20151008-1 || 30d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000413.html ASA-201510-11]<br />
|-<br />
| {{CVE|CVE-2015-7645}} {{CVE|CVE-2015-7647}} {{CVE|CVE-2015-7648}} [https://helpx.adobe.com/security/products/flash-player/apsa15-05.html templink] [https://helpx.adobe.com/security/products/flash-player/apsb15-27.html templink] || {{pkg|flashplugin}} || 2015-10-14 || <= 11.2.202.535-1 || 11.2.202.540-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000414.html ASA-201510-12]<br />
|-<br />
| {{CVE|CVE-2015-7184}} [https://www.mozilla.org/en-US/security/advisories/mfsa2015-115/ templink] || {{pkg|firefox}} || 2015-10-15 || <= 41.0.1-1 || 41.0.2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000412.html ASA-201510-10]<br />
|-<br />
| {{CVE|CVE-2015-5260}} {{CVE|CVE-2015-5261}} {{CVE|CVE-2015-3247}} [http://lists.freedesktop.org/archives/spice-devel/2015-October/022168.html templink] [https://bugzilla.redhat.com/show_bug.cgi?id=1260822 templink] [https://bugzilla.redhat.com/show_bug.cgi?id=1261889 templink] [https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797976;msg=21 templink] || {{pkg|spice}} || 2015-09-08 || <= 0.12.5-1 || 0.12.6-1 || 41d || Fixed ({{bug|46738}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000415.html ASA-201510-13]<br />
|-<br />
| {{CVE|CVE-2015-6755}} {{CVE|CVE-2015-6756}} {{CVE|CVE-2015-6757}} {{CVE|CVE-2015-6758}} {{CVE|CVE-2015-6759}} {{CVE|CVE-2015-6760}} {{CVE|CVE-2015-6761}} {{CVE|CVE-2015-6762}} {{CVE|CVE-2015-6763}} [http://googlechromereleases.blogspot.fr/2015/10/stable-channel-update.html templink] || {{pkg|chromium}} || 2015-10-13 || <= 45.0.2454.101-2 || 46.0.2490.71-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000410.html ASA-201510-8]<br />
|-<br />
| {{CVE|CVE-2015-5569}} {{CVE|CVE-2015-7625}} {{CVE|CVE-2015-7626}} {{CVE|CVE-2015-7627}} {{CVE|CVE-2015-7628}} {{CVE|CVE-2015-7629}} {{CVE|CVE-2015-7630}} {{CVE|CVE-2015-7631}} {{CVE|CVE-2015-7632}} {{CVE|CVE-2015-7633}} {{CVE|CVE-2015-7634}} {{CVE|CVE-2015-7643}} {{CVE|CVE-2015-7644}} [https://helpx.adobe.com/security/products/flash-player/apsb15-25.html templink] || {{pkg|flashplugin}} || 2015-10-13 || <= 11.2.202.521-1 || 11.2.202.535-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000409.html ASA-201510-7]<br />
|-<br />
| {{CVE|CVE-2015-5291}} [https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2015-01 templink] || {{pkg|mbedtls}} || 2015-10-05 || <= 2.1.1-1 || 2.1.2-1 || 10d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000411.html ASA-201510-9]<br />
|-<br />
| {{CVE|CVE-2015-7384}} [https://nodejs.org/en/blog/release/v4.1.2/ templink] || {{pkg|nodejs}} || 2015-10-05 || <= 4.1.1-1 || 4.1.2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000405.html ASA-201510-3]<br />
|-<br />
| {{CVE|CVE-2015-7687}} [http://seclists.org/oss-sec/2015/q4/17 templink] [https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3f8e2fe24f3ff174d8515b82607e951e054f68f6 templink] || {{pkg|opensmtpd}} || 2015-10-02 || <= 5.7.1p1-1 || 5.7.3p1-1 || 6d || Fixed ({{bug|46605}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000407.html ASA-201510-5]<br />
|-<br />
| {{CVE|CVE-2015-7673}} {{CVE|CVE-2015-7674}} [http://seclists.org/oss-sec/2015/q4/18 templink] [http://seclists.org/oss-sec/2015/q4/19 templink] || {{pkg|gdk-pixbuf2}} || 2015-10-01 || <= 2.31.7-1 || 2.32.1-1 || 9d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000408.html ASA-201510-6]<br />
|-<br />
| {{CVE|CVE-2015-1335}} [https://github.com/lxc/lxc/commit/6de26af93d3dd87c8b21a42fdf20f30fa1c1948d templink] || {{pkg|lxc}} || 2015-09-29 || <= 1:1.1.3-2 || - || - || Not Affected ({{bug|46574}}) || None<br />
|-<br />
| {{CVE|CVE-2015-6972}} {{CVE|CVE-2015-6973}} [http://hyp3rlinx.altervista.org/advisories/AS-OPENFIRE-XSS.txt templink] [http://hyp3rlinx.altervista.org/advisories/AS-OPENFIRE-CSRF.txt templink] [https://igniterealtime.org/issues/browse/OF-942] || {{pkg|openfire}} || 2015-09-14 || <= 4.0.3-1 || || || '''Vulnerable''' ||<br />
|-<br />
| {{CVE|CVE-2015-4499}} [https://www.bugzilla.org/security/4.2.14/ templink] || {{pkg|bugzilla}} || 2015-09-10 || <= 5.0-1 || 5.0.1-1 || 28d || Fixed ({{bug|46573}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000406.html ASA-201510-4]<br />
|-<br />
| {{CVE|CVE-2015-4141}} {{CVE|CVE-2015-4142}} {{CVE|CVE-2015-4143}} {{CVE|CVE-2015-4144}} {{CVE|CVE-2015-4145}} {{CVE|CVE-2015-4146}} [http://w1.fi/security/2015-2/ templink] [http://w1.fi/security/2015-3/ templink] [http://w1.fi/security/2015-4/ templink] [http://w1.fi/security/2015-5/ templink] || {{pkg|hostapd}} || 2015-05-04 || <= 2.4-2 || 2.5-1 || ~150d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000404.html ASA-201510-2]<br />
|-<br />
| {{CVE|CVE-2015-3239}} [https://bugzilla.redhat.com/show_bug.cgi?id=1232265 templink] || {{pkg|libunwind}} || 2015-06-16 || <= 1.1-2 || 1.1-3 || ~110d || Fixed ({{bug|46474}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000403.html ASA-201510-1]<br />
|-<br />
| {{CVE|CVE-2015-1303}} {{CVE|CVE-2015-1304}} [http://googlechromereleases.blogspot.fr/2015/09/stable-channel-update_24.html templink] || {{pkg|chromium}} || 2015-09-24 || <= 45.0.2454.99-1 || 45.0.2454.101-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000401.html ASA-201509-11]<br />
|-<br />
| {{CVE|CVE-2015-4500}} {{CVE|CVE-2015-4501}} {{CVE|CVE-2015-4502}} {{CVE|CVE-2015-4504}} {{CVE|CVE-2015-4506}} {{CVE|CVE-2015-4507}} {{CVE|CVE-2015-4508}} {{CVE|CVE-2015-4509}} {{CVE|CVE-2015-4510}} {{CVE|CVE-2015-4511}} {{CVE|CVE-2015-4512}} {{CVE|CVE-2015-4516}} {{CVE|CVE-2015-4517}} {{CVE|CVE-2015-4519}} {{CVE|CVE-2015-4520}} {{CVE|CVE-2015-4521}} {{CVE|CVE-2015-4522}} {{CVE|CVE-2015-7174}} {{CVE|CVE-2015-7175}} {{CVE|CVE-2015-7176}} {{CVE|CVE-2015-7177}} {{CVE|CVE-2015-7180}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox41 templink] || {{pkg|firefox}} || 2015-09-22 || <= 40.0.3-1 || 41.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000399.html ASA-201509-9]<br />
|-<br />
| {{CVE|CVE-2015-5567}} {{CVE|CVE-2015-5568}} {{CVE|CVE-2015-5570}} {{CVE|CVE-2015-5571}} {{CVE|CVE-2015-5572}} {{CVE|CVE-2015-5573}} {{CVE|CVE-2015-5574}} {{CVE|CVE-2015-5575}} {{CVE|CVE-2015-5576}} {{CVE|CVE-2015-5577}} {{CVE|CVE-2015-5578}} {{CVE|CVE-2015-5579}} {{CVE|CVE-2015-5580}} {{CVE|CVE-2015-5581}} {{CVE|CVE-2015-5582}} {{CVE|CVE-2015-5584}} {{CVE|CVE-2015-5587}} {{CVE|CVE-2015-5588}} {{CVE|CVE-2015-6676}} {{CVE|CVE-2015-6677}} {{CVE|CVE-2015-6678}} {{CVE|CVE-2015-6679}} {{CVE|CVE-2015-6682}} [https://helpx.adobe.com/security/products/flash-player/apsb15-23.html templink] || {{pkg|flashplugin}} || 2015-09-21 || <= 11.2.202.508-1 || 11.2.202.521-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000398.html ASA-201510-8]<br />
|-<br />
| {{CVE|CVE-2015-7236}} [http://seclists.org/oss-sec/2015/q3/561 templink] || {{pkg|rpcbind}} || 2015-09-17 || <= 0.2.3-1 || 0.2.3-2 || 7d || Fixed ({{bug|46341}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000400.html ASA-201509-10]<br />
|-<br />
| {{CVE|CVE-2015-5714}} {{CVE|CVE-2015-5715}} [https://wordpress.org/news/2015/09/wordpress-4-3-1/ templink] || {{pkg|wordpress}} || 2015-09-15 || <= 4.3-1 || 4.3.1-1 || 5d || Fixed ({{bug|46340}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000397.html ASA-201510-7]<br />
|-<br />
| {{CVE|CVE-2015-6908}} [http://www.openwall.com/lists/oss-security/2015/09/11/5 templink] || {{pkg|openldap}} || 2015-09-09 || <= 2.4.42-1 || 2.4.42-2 || 3d || Fixed ({{bug|46265}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000393.html ASA-201509-4]<br />
|-<br />
| {{CVE|CVE-2015-5722}} {{CVE|CVE-2015-5986}} [https://www.isc.org/blogs/cve-2015-5986-an-incorrect-boundary-check-can-trigger-a-require-assertion-failure-in-openpgpkey_61-c/ templink] [https://www.isc.org/blogs/cve-2015-5722-parsing-malformed-keys-may-cause-bind-to-exit-due-to-a-failed-assertion-in-buffer-c/ templink] || {{pkg|bind}} || 2015-09-02 || <= 9.10.2.P3-1 || 9.10.2.P4-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000391.html ASA-201509-2]<br />
|-<br />
| {{CVE|CVE-2015-5198}} {{CVE|CVE-2015-5199}} {{CVE|CVE-2015-5200}} [http://lists.x.org/archives/xorg-announce/2015-August/002630.html templink] || {{pkg|libvdpau}} {{pkg|lib32-libvdpau}} || 2015-08-31 || <= 1.1-1 || 1.1.1-1 || 13d || Fixed ({{bug|46266}}) ({{bug|46267}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000394.html ASA-201509-5]<br />
|-<br />
| {{CVE|CVE-2015-1291}} {{CVE|CVE-2015-1292}} {{CVE|CVE-2015-1293}} {{CVE|CVE-2015-1294}} {{CVE|CVE-2015-1295}} {{CVE|CVE-2015-1296}} {{CVE|CVE-2015-1297}} {{CVE|CVE-2015-1298}} {{CVE|CVE-2015-1299}} {{CVE|CVE-2015-1300}} {{CVE|CVE-2015-1301}} [http://googlechromereleases.blogspot.fr/2015/09/stable-channel-update.html templink] || {{pkg|chromium}} || 2015-09-01 || <= 44.0.2403.157-1 || 45.0.2454.85-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000390.html ASA-201509-1]<br />
|-<br />
| {{CVE|CVE-2015-5230}} [https://doc.powerdns.com/md/security/powerdns-advisory-2015-02/ templink] || {{pkg|powerdns}} || 2015-09-02 || <= 3.4.5-1 || 3.4.6-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000392.html ASA-201509-3]<br />
|-<br />
| {{CVE|CVE-2015-5317}} {{CVE|CVE-2015-5318}} {{CVE|CVE-2015-5319}} {{CVE|CVE-2015-5320}} {{CVE|CVE-2015-5321}} {{CVE|CVE-2015-5322}} {{CVE|CVE-2015-5323}} {{CVE|CVE-2015-5324}} {{CVE|CVE-2015-5325}} {{CVE|CVE-2015-5326}} {{CVE|CVE-2015-8103}} [https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11 templink] [http://seclists.org/bugtraq/2015/Aug/161 templink] || {{pkg|jenkins}} || 2015-08-28 || <= 1.627-1 || 1.638-1 || 60d || Fixed ({{bug|46268}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000439.html ASA-201511-11]<br />
|-<br />
| {{CVE|CVE-2015-6749}} [http://seclists.org/oss-sec/2015/q3/457 templink] || {{pkg|vorbis-tools}} || 2015-08-30 || <= 1.4.0-5 || 1.4.0-6 || >60d || Fixed ({{bug|46269}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000424.html ASA-201510-22]<br />
|-<br />
| {{CVE|CVE-2015-4497}} {{CVE|CVE-2015-4498}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox40.0.3 templink] || {{pkg|firefox}} || 2015-08-27 || <= 40.0.2-1 || 40.0.3-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000389.html ASA-201508-12]<br />
|-<br />
| {{CVE|CVE-2015-5949}} [http://www.ocert.org/advisories/ocert-2015-009.html templink] || {{pkg|vlc}} || 2015-08-20 || <= 2.2.1-6 || 2.2.2-1 || 179d || Fixed ({{bug|46037}}) || None<br />
|-<br />
| {{CVE|CVE-2015-5963}} [https://www.djangoproject.com/weblog/2015/aug/18/security-releases/ templink] || {{pkg|python-django}} {{pkg|python2-django}} || 2015-08-18 || <= 1.8.3-1 || 1.8.4-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000386.html ASA-201508-9]<br />
|-<br />
| {{CVE|CVE-2015-5221}} [http://seclists.org/oss-sec/2015/q3/408 templink] || {{pkg|jasper}} || 2015-08-16 || <= 1.900.1-15 || || || '''Vulnerable''' || <br />
|-<br />
| {{CVE|CVE-2015-5203}} [http://seclists.org/oss-sec/2015/q3/366 templink] || {{pkg|jasper}} || 2015-08-16 || <= 1.900.1-15 || || || '''Vulnerable''' || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000387.html ASA-201508-10]<br />
|-<br />
| CVE Pending [http://seclists.org/oss-sec/2015/q3/295 templink] || {{pkg|pcre}} || 2015-08-05 || <= 8.37-2 || 8.37-3 || 12d || Fixed ({{bug|45945}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000388.html ASA-201508-11]<br />
|-<br />
| {{CVE|CVE-2015-4473}} {{CVE|CVE-2015-4474}} {{CVE|CVE-2015-4475}} {{CVE|CVE-2015-4477}} {{CVE|CVE-2015-4478}} {{CVE|CVE-2015-4479}} {{CVE|CVE-2015-4480}} {{CVE|CVE-2015-4482}} {{CVE|CVE-2015-4483}} {{CVE|CVE-2015-4484}} {{CVE|CVE-2015-4485}} {{CVE|CVE-2015-4486}} {{CVE|CVE-2015-4487}} {{CVE|CVE-2015-4488}} {{CVE|CVE-2015-4489}} {{CVE|CVE-2015-4490}} {{CVE|CVE-2015-4491}} {{CVE|CVE-2015-4492}} {{CVE|CVE-2015-4493}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox40 templink] || {{pkg|firefox}} || 2015-08-11 || <= 39.0.3-1 || 40.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000381.html ASA-201508-4]<br />
|-<br />
| {{CVE|CVE-2014-8121}} [https://access.redhat.com/security/cve/CVE-2014-8121 templink] || {{pkg|glibc}} || 2015-02-23 || <= 2.21-4 || 2.22-1 || ~180d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000384.html ASA-201508-7]<br />
|-<br />
| {{CVE|CVE-2015-4680}} [http://www.ocert.org/advisories/ocert-2015-008.html templink] || {{pkg|freeradius}} || 2015-06-22 || <= 3.0.8-2 || 3.0.9-1 || ~50d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000383.html ASA-201508-6]<br />
|-<br />
| {{CVE|CVE-2015-3184}} {{CVE|CVE-2015-3187}} [https://subversion.apache.org/security/CVE-2015-3184-advisory.txt templink] [https://subversion.apache.org/security/CVE-2015-3187-advisory.txt templink] || {{pkg|subversion}} || 2015-08-05 || <= 1.8.13-2 || 1.9.0-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000382.html ASA-201508-5]<br />
|-<br />
| {{CVE|CVE-2015-6251}} [http://www.gnutls.org/security.html#GNUTLS-SA-2015-3 templink] || {{pkg|gnutls}} || 2015-08-10 || <= 3.4.3-1 || 3.4.4.1-1 || 10d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000385.html ASA-201508-8]<br />
|-<br />
| {{CVE|CVE-2015-4495}} [https://www.mozilla.org/en-US/security/advisories/mfsa2015-78/ templink] || {{pkg|firefox}} || 2015-08-06 || <= 39.0-1 || 39.0.3-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000378.html ASA-201508-1]<br />
|-<br />
| {{CVE|CVE-2015-2213}} {{CVE|CVE-2015-5730}} {{CVE|CVE-2015-5731}} {{CVE|CVE-2015-5732}} {{CVE|CVE-2015-5733}} {{CVE|CVE-2015-5734}} [https://codex.wordpress.org/Version_4.2.4 templink] || {{pkg|wordpress}} || 2015-08-04 || <= 4.2.3-1 || 4.2.4.-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000379.html ASA-201508-2]<br />
|-<br />
| {{CVE|CVE-2015-3245}} {{CVE|CVE-2015-3246}} [http://seclists.org/oss-sec/2015/q3/185 templink] || {{pkg|libuser}} || 2015-07-22 || <= 0.61-1 || 0.62-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000373.html ASA-201507-19]<br />
|-<br />
| {{CVE|CVE-2015-5600}} [https://kingcope.wordpress.com/2015/07/16/openssh-keyboard-interactive-authentication-brute-force-vulnerability-maxauthtries-bypass/ templink] || {{pkg|openssh}} || 2015-07-22 || <= 6.9p1-1 || 6.9p1-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000372.html ASA-201507-17]<br />
|-<br />
| {{CVE|CVE-2015-1270}} {{CVE|CVE-2015-1271}} {{CVE|CVE-2015-1272}} {{CVE|CVE-2015-1273}} {{CVE|CVE-2015-1274}} {{CVE|CVE-2015-1276}} {{CVE|CVE-2015-1277}} {{CVE|CVE-2015-1278}} {{CVE|CVE-2015-1279}} {{CVE|CVE-2015-1280}} {{CVE|CVE-2015-1281}} {{CVE|CVE-2015-1282}} {{CVE|CVE-2015-1283}} {{CVE|CVE-2015-1284}} {{CVE|CVE-2015-1285}} {{CVE|CVE-2015-1286}} {{CVE|CVE-2015-1287}} {{CVE|CVE-2015-1288}} {{CVE|CVE-2015-1289}} [http://googlechromereleases.blogspot.fr/2015/07/stable-channel-update_21.html templink] || {{pkg|chromium}} || 2015-07-21 || <= 43.0.2357.134-1 || 44.0.2403.89-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000371.html ASA-201507-18]<br />
|-<br />
| {{CVE|CVE-2015-2590}} {{CVE|CVE-2015-2601}} {{CVE|CVE-2015-2613}} {{CVE|CVE-2015-2621}} {{CVE|CVE-2015-2625}} {{CVE|CVE-2015-2628}} {{CVE|CVE-2015-2632}} {{CVE|CVE-2015-2808}} {{CVE|CVE-2015-4000}} {{CVE|CVE-2015-4731}} {{CVE|CVE-2015-4732}} {{CVE|CVE-2015-4733}} {{CVE|CVE-2015-4748}} {{CVE|CVE-2015-4749}} {{CVE|CVE-2015-4760}} [http://blog.fuseyism.com/index.php/2015/07/21/security-icedtea-2-6-1-for-openjdk-7-released/ templink] || {{pkg|jre7-openjdk}} || 2015-07-21 || <= 7.u80_2.6.0-1 || 7.u85_2.6.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000370.html ASA-201507-16]<br />
|-<br />
| {{CVE|CVE-2015-5122}} {{CVE|CVE-2015-5123}} [https://helpx.adobe.com/security/products/flash-player/apsb15-18.html templink] || {{pkg|lib32-flashplugin}} || 2015-07-09 || <= 11.2.202.481-1 || 11.2.202.491-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000368.html ASA-201507-14]<br />
|-<br />
| {{CVE|CVE-2015-5122}} {{CVE|CVE-2015-5123}} [https://helpx.adobe.com/security/products/flash-player/apsb15-18.html templink] || {{pkg|flashplugin}} || 2015-07-09 || <= 11.2.202.481-1 || 11.2.202.491-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000367.html ASA-201507-13]<br />
|-<br />
| {{CVE|CVE-2015-0228}} {{CVE|CVE-2015-0253}} {{CVE|CVE-2015-3183}} {{CVE|CVE-2015-3185}} [http://www.apache.org/dist/httpd/CHANGES_2.4.16 templink] || {{pkg|apache}} || 2015-07-15 || <= 2.4.12-4 || 2.4.16-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000369.html ASA-201507-15]<br />
|-<br />
| {{CVE|CVE-2015-2724}} {{CVE|CVE-2015-2725}} {{CVE|CVE-2015-2726}} {{CVE|CVE-2015-2731}} {{CVE|CVE-2015-2734}} {{CVE|CVE-2015-2735}} {{CVE|CVE-2015-2736}} {{CVE|CVE-2015-2737}} {{CVE|CVE-2015-2738}} {{CVE|CVE-2015-2739}} {{CVE|CVE-2015-2740}} {{CVE|CVE-2015-2741}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird38.1 templink] || {{pkg|thunderbird}} || 2015-07-09 || <= 38.0.1-1 || 38.1.0-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000363.html ASA-201507-9]<br />
|-<br />
| {{CVE|CVE-2015-1793}} [https://openssl.org/news/secadv_20150709.txt templink] || {{pkg|lib32-openssl}} || 2015-07-09 || <= 1.0.2.c-1 || 1.0.2.d-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000366.html ASA-201507-12]<br />
|-<br />
| {{CVE|CVE-2015-1793}} [https://openssl.org/news/secadv_20150709.txt templink] || {{pkg|openssl}} || 2015-07-09 || <= 1.0.2.c-1 || 1.0.2.d-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000362.html ASA-201507-8]<br />
|-<br />
| {{CVE|CVE-2014-0578}} {{CVE|CVE-2015-3114}} {{CVE|CVE-2015-3115}} {{CVE|CVE-2015-3116}} {{CVE|CVE-2015-3117}} {{CVE|CVE-2015-3118}} {{CVE|CVE-2015-3119}} {{CVE|CVE-2015-3120}} {{CVE|CVE-2015-3121}} {{CVE|CVE-2015-3122}} {{CVE|CVE-2015-3123}} {{CVE|CVE-2015-3124}} {{CVE|CVE-2015-3125}} {{CVE|CVE-2015-3126}} {{CVE|CVE-2015-3127}} {{CVE|CVE-2015-3128}} {{CVE|CVE-2015-3129}} {{CVE|CVE-2015-3130}} {{CVE|CVE-2015-3131}} {{CVE|CVE-2015-3132}} {{CVE|CVE-2015-3133}} {{CVE|CVE-2015-3134}} {{CVE|CVE-2015-3135}} {{CVE|CVE-2015-3136}} {{CVE|CVE-2015-3137}} {{CVE|CVE-2015-4428}} {{CVE|CVE-2015-4429}} {{CVE|CVE-2015-4430}} {{CVE|CVE-2015-4431}} {{CVE|CVE-2015-4432}} {{CVE|CVE-2015-4433}} {{CVE|CVE-2015-5116}} {{CVE|CVE-2015-5117}} {{CVE|CVE-2015-5118}} {{CVE|CVE-2015-5119}} [https://helpx.adobe.com/security/products/flash-player/apsb15-16.html templink] [https://www.kb.cert.org/vuls/id/561288 templink] || {{pkg|flashplugin}} || 2015-07-07 || <= 11.2.202.468-1 || 11.2.202.481-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000361.html ASA-201507-7]<br />
|-<br />
| {{CVE|CVE-2015-4620}} [https://kb.isc.org/article/AA-01267/ templink] || {{pkg|bind}} || 2015-07-07 || <= 9.10.2.P1-1 || 9.10.2.P2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000360.html ASA-201507-6]<br />
|-<br />
| {{CVE|CVE-2015-5382}} [http://www.openwall.com/lists/oss-security/2015/07/07/3 templink] || {{pkg|roundcubemail}} || 2015-07-06 || <= 1.1.1-1 || 1.1.2-1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-5355}} {{CVE|CVE-2015-2694}} [http://krbdev.mit.edu/rt/NoAuth/krb5-1.13/fixed-1.13.2.html templink] || {{pkg|lib32-krb5}} || 2015-05-08 || <= 1.13.1-1 || 1.13.2-1 || 63d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000365.html ASA-201507-11]<br />
|-<br />
| {{CVE|CVE-2014-5355}} {{CVE|CVE-2015-2694}} [http://krbdev.mit.edu/rt/NoAuth/krb5-1.13/fixed-1.13.2.html templink] || {{pkg|krb5}} || 2015-05-08 || <= 1.13.1-1 || 1.13.2-1 || 63d || Fixed ({{bug|45575}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000364.html ASA-201507-10]<br />
|-<br />
| {{CVE|CVE-2015-3281}} [http://marc.info/?l=haproxy&m=143593901506748&w=2 templink] || {{pkg|haproxy}} || 2015-07-03 || <= 1.5.12-1 || 1.5.14-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000357.html ASA-201507-3]<br />
|-<br />
| {{CVE|CVE-2015-2722}} {{CVE|CVE-2015-2724}} {{CVE|CVE-2015-2725}} {{CVE|CVE-2015-2726}} {{CVE|CVE-2015-2727}} {{CVE|CVE-2015-2728}} {{CVE|CVE-2015-2729}} {{CVE|CVE-2015-2731}} {{CVE|CVE-2015-2733}} {{CVE|CVE-2015-2734}} {{CVE|CVE-2015-2735}} {{CVE|CVE-2015-2736}} {{CVE|CVE-2015-2737}} {{CVE|CVE-2015-2739}} {{CVE|CVE-2015-2740}} {{CVE|CVE-2015-2741}} {{CVE|CVE-2015-2743}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2015-07-02 || <= 38.0.5 || 39.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000356.html ASA-201507-2]<br />
|- <br />
| {{CVE|CVE-2015-5352}} [http://www.openwall.com/lists/oss-security/2015/07/01/10 templink] || {{pkg|openssh}} || 2015-06-29 || <= 6.8p1-3 || 6.9p1-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000358.html ASA-201507-4]<br />
|-<br />
| {{CVE|CVE-2015-5146}} [http://support.ntp.org/bin/view/Main/SecurityNotice#June_2015_NTP_Security_Vulnerabi templink] || {{pkg|ntp}} || 2015-06-29 || <= 4.2.8p2-1 || 4.2.8p3-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000359.html ASA-201507-5]<br />
|-<br />
| {{CVE|CVE-2015-2141}} [https://lists.ubuntu.com/archives/ubuntu-devel-discuss/2015-June/015585.html templink] [https://github.com/weidai11/cryptopp/commit/9425e16437439e68c7d96abef922167d68fafaff commit] || {{pkg|crypto++}} || 2015-06-28 || <= 5.6.2-2 || 5.6.2-3 || 28d || Fixed ({{bug|45498}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000374.html ASA-201507-20]<br />
|-<br />
| {{CVE|CVE-2015-5073}} [https://bugs.exim.org/show_bug.cgi?id=1651 templink] [http://vcs.pcre.org/pcre?view=revision&revision=1571 commit] || {{pkg|pcre}} || 2015-06-26 || <= 8.37-2 || 8.37-3 || ~52d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-5069}} {{CVE|CVE-2015-5070}} [http://www.openwall.com/lists/oss-security/2015/06/25/12 templink] || {{pkg|wesnoth}} || 2015-06-24 || <= 1.12.2-3 || 1.12.4-1 || < 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000355.html ASA-201507-1]<br />
|-<br />
| {{CVE|CVE-2015-3113}} [https://helpx.adobe.com/security/products/flash-player/apsb15-14.html templink] || {{pkg|flashplugin}} || 2015-06-23 || <= 11.2.202.466-1 || 11.2.202.468-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-June/000346.html ASA-201506-5]<br />
|-<br />
| {{CVE|CVE-2015-3236}} {{CVE|CVE-2015-3237}} [http://curl.haxx.se/docs/adv_20150617A.html templink] [http://curl.haxx.se/docs/adv_20150617B.html templink] || {{pkg|lib32-curl}} || 2015-06-17 || <= 7.42.1-1 || 7.43.0-1 || 47d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-June/000345.html ASA-201506-4]<br />
|-<br />
| {{CVE|CVE-2015-3236}} {{CVE|CVE-2015-3237}} [http://curl.haxx.se/docs/adv_20150617A.html templink] [http://curl.haxx.se/docs/adv_20150617B.html templink] || {{pkg|curl}} || 2015-06-17 || <= 7.42.1-1 || 7.43.0-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-June/000345.html ASA-201506-4]<br />
|-<br />
| {{CVE|CVE-2009-1364}} {{CVE|CVE-2006-3376}} {{CVE|CVE-2007-0455}} {{CVE|CVE-2007-2756}} {{CVE|CVE-2007-3472}} {{CVE|CVE-2007-3473}} {{CVE|CVE-2007-3477}} {{CVE|CVE-2009-3546}} {{CVE|CVE-2015-0848}} {{CVE|CVE-2015-4588}} {{CVE|CVE-2015-4695}} {{CVE|CVE-2015-4696}} [http://www.openwall.com/lists/oss-security/2015/06/16/4 templink] || {{pkg|libwmf}} || 2015-06-01 || <= 0.2.8.4-13 || || || '''Vulnerable''' ({{bug|49162}}) ||<br />
|-<br />
| {{CVE|CVE-2015-2325}} {{CVE|CVE-2015-2326}} {{CVE|CVE-2015-3414}} {{CVE|CVE-2015-3415}} {{CVE|CVE-2015-3416}} [http://php.net/ChangeLog-5.php#5.6.10 templink] || {{pkg|php}} || 2015-06-11 || <= 5.6.9-2 || 5.6.10-1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-3885}} [http://www.ocert.org/advisories/ocert-2015-006.html templink] || {{pkg|libraw}} || 2015-05-11 || <= 0.16.0-3 || 0.16.1 || 5d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-3885}} [http://www.ocert.org/advisories/ocert-2015-006.html templink] || {{pkg|dcraw}} || 2015-05-11 || <= 9.25.0-1 || 9.26.0-1 || ~1m || Fixed || None <br />
|-<br />
| {{CVE|CVE-2015-3885}} [http://www.ocert.org/advisories/ocert-2015-006.html templink] || {{pkg|gimp-ufraw}} || 2015-05-11 || <= 0.21-1 || 0.22-1 || 45d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-3885}} [http://www.ocert.org/advisories/ocert-2015-006.html templink] || {{pkg|rawtherapee}} || 2015-05-11 || <= 1:4.2-1 || 1:4.2+448.g26d182d-1 || ~5m || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-3885}} [http://www.ocert.org/advisories/ocert-2015-006.html templink] || {{pkg|rawstudio}} || 2015-05-11 || <= 2.0-12 || 2.0_git20160107-1 || ~11m || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-1158}} {{CVE|CVE-2015-1159}} [http://www.cups.org/str.php?L4609 templink] || {{pkg|cups}} || 2015-06-08 || <= 2.0.2-4 || 2.0.3-1 || 1d || Fixed ({{bug|45279}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-June/000343.html ASA-201506-2]<br />
|-<br />
| {{CVE|CVE-2015-1788}} {{CVE|CVE-2015-1789}} {{CVE|CVE-2015-1790}} {{CVE|CVE-2015-1791}} {{CVE|CVE-2015-1792}} {{CVE|CVE-2015-4000}} [https://www.openssl.org/news/secadv_20150611.txt templink] [https://git.openssl.org/?p=openssl.git;a=commit;h=98ece4eebfb6cd45cc8d550c6ac0022965071afc templink] || {{pkg|openssl}} || 2015-06-11 || <= 1.0.2.a-1 || 1.0.2.b-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-June/000344.html ASA-201506-3]<br />
|-<br />
| {{CVE|CVE-2015-3210}} [https://bugs.exim.org/show_bug.cgi?id=1636 templink] || {{pkg|pcre}} || 2015-05-29 || <= 8.37-1 || 8.37-2 || 7d || Fixed ({{bug|45207}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-June/000342.html ASA-201506-1]<br />
|-<br />
| {{CVE|CVE-2015-3165}} {{CVE|CVE-2015-3166}} {{CVE|CVE-2015-3167}} [http://www.postgresql.org/about/news/1587/ templink] || {{pkg|postgresql}} || 2015-05-22 || <= 9.4.1-1 || 9.4.2-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000338.html ASA-201505-17]<br />
|-<br />
| {{CVE|CVE-2015-4054}} [http://www.openwall.com/lists/oss-security/2015/05/22/5 templink] || {{pkg|pgbouncer}} || 2015-04-09 || <= 1.5.4-6 || 1.5.5-1 || 26d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000337.html ASA-201505-16]<br />
|-<br />
| {{CVE|CVE-2015-1251}} {{CVE|CVE-2015-1252}} {{CVE|CVE-2015-1253}} {{CVE|CVE-2015-1254}} {{CVE|CVE-2015-1255}} {{CVE|CVE-2015-1256}} {{CVE|CVE-2015-1257}} {{CVE|CVE-2015-1258}} {{CVE|CVE-2015-1259}} {{CVE|CVE-2015-1260}} {{CVE|CVE-2015-1263}} {{CVE|CVE-2015-1264}} {{CVE|CVE-2015-1265}} [http://googlechromereleases.blogspot.fr/2015/05/stable-channel-update_19.html templink] || {{pkg|chromium}} || 2015-05-19 || <= 42.0.2311.135-1 || 43.0.2357.65-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000335.html ASA-201505-14]<br />
|-<br />
| {{CVE|CVE-2015-3808}} {{CVE|CVE-2015-3809}} {{CVE|CVE-2015-3810}} {{CVE|CVE-2015-3811}} {{CVE|CVE-2015-3812}} {{CVE|CVE-2015-3813}} {{CVE|CVE-2015-3814}} {{CVE|CVE-2015-3815}} [https://wireshark.org/docs/relnotes/wireshark-1.12.5.html templink] || {{pkg|wireshark-cli}} {{pkg|wireshark-qt}} {{pkg|wireshark-gtk}} || 2015-05-11 || <= 1.12.4-4 || 1.12.5-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000329.html ASA-201505-10] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000330.html ASA-201505-11] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000331.html ASA-201505-12]<br />
|-<br />
| {{CVE|CVE-2015-3456}} [https://securityblog.redhat.com/2015/05/13/venom-dont-get-bitten/ templink] || {{pkg|qemu}} || 2015-05-13 || <= 2.2.1-4 || 2.2.1-5 || 1d || Fixed ({{bug|44958}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000328.html ASA-201505-9]<br />
|-<br />
| {{CVE|CVE-2014-0230}} [https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.44 templink] || {{pkg|tomcat6}} || 2015-04-09 || <= 6.0.43-2 || 6.0.44-1 || 34d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000321.html ASA-201505-8]<br />
|-<br />
| {{CVE|CVE-2015-2708}} {{CVE|CVE-2015-2709}} {{CVE|CVE-2015-2710}} {{CVE|CVE-2015-2713}} {{CVE|CVE-2015-2716}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird31.7 templink] || {{pkg|thunderbird}} || 2015-05-12 || <= 31.6.0-2 || 31.7.0-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000332.html ASA-201505-13]<br />
|-<br />
| {{CVE|CVE-2015-2708}} {{CVE|CVE-2015-2709}} {{CVE|CVE-2015-2710}} {{CVE|CVE-2015-2711}} {{CVE|CVE-2015-2712}} {{CVE|CVE-2015-2713}} {{CVE|CVE-2015-2715}} {{CVE|CVE-2015-2716}} {{CVE|CVE-2015-2717}} {{CVE|CVE-2015-2718}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox38 templink] || {{pkg|firefox}} || 2015-05-12 || <= 37.0.2-1 || 38.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000320.html ASA-201505-7] <br />
|-<br />
| {{CVE|CVE-2015-3622}} [http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commitdiff;h=f979435 templink] || {{pkg|libtasn1}} || 2015-04-20 || <= 4.5-1 || 4.4-1 || 16d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000318.html ASA-201505-5]<br />
|-<br />
| {{CVE|CVE-2014-8964}} [https://mariadb.com/kb/en/mariadb/mariadb-10018-release-notes/ templink] || {{pkg|mariadb-clients}} || 2015-05-07 || <= 10.0.17-1 || 10.0.18-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000317.html ASA-201505-4]<br />
|-<br />
| {{CVE|CVE-2014-8964}} {{CVE|CVE-2015-0499}} {{CVE|CVE-2015-0501}} {{CVE|CVE-2015-0505}} {{CVE|CVE-2015-2571}} [https://mariadb.com/kb/en/mariadb/mariadb-10018-release-notes/ templink] || {{pkg|mariadb}} || 2015-05-07 || <= 10.0.17-1 || 10.0.18-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000316.html ASA-201505-3]<br />
|-<br />
| {{CVE|CVE-2015-3627}} {{CVE|CVE-2015-3629}} {{CVE|CVE-2015-3630}} {{CVE|CVE-2015-3631}} [http://seclists.org/oss-sec/2015/q2/389 templink] || {{pkg|docker}} || 2015-05-07 || <= 1:1.6.0-1 || 1:1.6.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000319.html ASA-201505-6]<br />
|-<br />
| {{CVE|CVE-2015-0847}} [http://sourceforge.net/p/nbd/mailman/message/34091218/ templink] || {{pkg|nbd}} || 2015-05-07 || <= 3.10-1 || 3.11-1 || 19d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000336.html ASA-201505-15]<br />
|-<br />
| {{CVE|CVE-2015-1858}} {{CVE|CVE-2015-1859}} {{CVE|CVE-2015-1860}} [http://lists.qt-project.org/pipermail/announce/2015-April/000067.html templink] || {{pkg|qt5-base}} || 2015-04-13 || <= 5.4.1-5 || 5.4.2-1 || 50d || Fixed || None <br />
|-<br />
| {{CVE|CVE-2015-1858}} {{CVE|CVE-2015-1859}} {{CVE|CVE-2015-1860}} [http://lists.qt-project.org/pipermail/announce/2015-April/000067.html templink] || {{pkg|qt4}} || 2015-04-13 || <= 4.8.6-6 || 4.8.7-1 || 50d || Fixed || None <br />
|-<br />
| {{CVE|CVE-2015-3414}} {{CVE|CVE-2015-3415}} {{CVE|CVE-2015-3416}} [http://seclists.org/fulldisclosure/2015/Apr/31 templink] || {{pkg|sqlite}} || 2015-04-24 || <= 3.8.8.3-1 || 3.8.9-1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-2170}} {{CVE|CVE-2015-2221}} {{CVE|CVE-2015-2222}} {{CVE|CVE-2015-2305}} {{CVE|CVE-2015-2668}} [http://blog.clamav.net/2015/04/clamav-0987-has-been-released.html templink] || {{pkg|clamav}} || 2015-04-29 || <= 0.98.6-1 || 0.98.7-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000315.html ASA-201505-2]<br />
|-<br />
| {{CVE|CVE-2015-3455}} [http://www.openwall.com/lists/oss-security/2015/04/30/2 templink] || {{pkg|squid}} || 2015-04-29 || <= 3.5.3-2 || 3.5.4-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000314.html ASA-201505-1]<br />
|-<br />
| {{CVE|CVE-2015-3451}} [http://www.openwall.com/lists/oss-security/2015/04/30/1 templink] || {{pkg|perl-xml-libxml}} || 2015-04-30 || <= 2.0118-3 || 2.0119-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000313.html ASA-201504-32]<br />
|-<br />
| {{CVE|CVE-2015-3152}} [http://www.openwall.com/lists/oss-security/2015/04/29/4 templink] || {{pkg|mariadb}} {{pkg|mariadb-clients}} || 2015-04-29 || <= 10.0.17-2 || 10.0.20-1 || 52d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-3153}} [http://curl.haxx.se/docs/adv_20150429.html templink] || {{pkg|curl}} || 2015-04-29 || <= 7.42.0-1 || 7.42.1-1 || 29d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000341.html ASA-201505-20]<br />
|-<br />
| {{CVE|CVE-2015-1243}} {{CVE|CVE-2015-1250}} [http://googlechromereleases.blogspot.fr/2015/04/stable-channel-update_28.html templink] || {{pkg|chromium}} || 2015-04-28 || <= 42.0.2311.90-1 || 42.0.2311.135-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000311.html ASA-201504-30]<br />
|-<br />
| {{CVE|CVE-2015-3420}} [http://seclists.org/oss-sec/2015/q2/288 templink] || {{pkg|dovecot}} || 2015-04-24 || <= 2.2.16-1 || 2.2.16-2 || 4d || Fixed ({{bug|44757}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000312.html ASA-201504-31]<br />
|-<br />
| {{CVE|CVE-2015-1868}} [https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/ templink] || {{pkg|powerdns-recursor}} || 2015-04-23 || <= 3.7.1-1 || 3.7.2-1 || 1d || Fixed ({{Bug|44708}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000308.html ASA-201504-27]<br />
|-<br />
| {{CVE|CVE-2015-1868}} [https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/ templink] || {{pkg|powerdns}} || 2015-04-23 || <= 3.4.3-2 || 3.4.4-1 || 1d || Fixed ({{Bug|44708}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000307.html ASA-201504-26]<br />
|-<br />
| {{CVE|CVE-2015-1863}} [http://w1.fi/security/2015-1/wpa_supplicant-p2p-ssid-overflow.txt templink] || {{pkg|wpa_supplicant}} || 2015-04-22 || <= 2.3-1 || 2.4-1 (1:2.3-1) || 2d || Fixed ({{Bug|44695}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000310.html ASA-201504-29]<br />
|-<br />
| {{CVE|CVE-2015-1781}} [https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=2959eda9272a033863c271aff62095abd01bd4e3;hp=7bf8fb104226407b75103b95525364c4667c869f templink] || {{pkg|glibc}} || 2015-04-21 || <= 2.21-2 || 2.21-3 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000305.html ASA-201504-25]<br />
|-<br />
| {{CVE|CVE-2015-3143}} {{CVE|CVE-2015-3144}} {{CVE|CVE-2015-3145}} {{CVE|CVE-2015-3148}} [http://curl.haxx.se/docs/vuln-7.41.0.html templink] || {{pkg|curl}} || 2015-04-22 || <= 7.41.0-1 || 7.42.0-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000309.html ASA-201504-28]<br />
|-<br />
| {{CVE|CVE-2015-2706}} [https://www.mozilla.org/en-US/security/advisories/mfsa2015-45/ templink] || {{pkg|firefox}} || 2015-04-20 || <= 37.0.1-3 || 37.0.2-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000304.html ASA-201504-24]<br />
|-<br />
| {{CVE|CVE-2015-3138}} [https://github.com/the-tcpdump-group/tcpdump/issues/446 templink] || {{pkg|tcpdump}} || 2015-03-24 || <= 4.7.3-1 || 4.7.3-2 || 26d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000299.html ASA-201504-20]<br />
|-<br />
| {{CVE|CVE-2015-0346}} {{CVE|CVE-2015-0347}} {{CVE|CVE-2015-0348}} {{CVE|CVE-2015-0349}} {{CVE|CVE-2015-0350}} {{CVE|CVE-2015-0351}} {{CVE|CVE-2015-0352}} {{CVE|CVE-2015-0353}} {{CVE|CVE-2015-0354}} {{CVE|CVE-2015-0355}} {{CVE|CVE-2015-0356}} {{CVE|CVE-2015-0357}} {{CVE|CVE-2015-0358}} {{CVE|CVE-2015-0359}} {{CVE|CVE-2015-0360}} {{CVE|CVE-2015-3038}} {{CVE|CVE-2015-3039}} {{CVE|CVE-2015-3040}} {{CVE|CVE-2015-3041}} {{CVE|CVE-2015-3042}} {{CVE|CVE-2015-3043}} {{CVE|CVE-2015-3044}} [https://helpx.adobe.com/security/products/flash-player/apsb15-06.html templink] || {{pkg|flashplugin}} || 2015-04-14 || <= 11.2.202.451-1 || 11.2.202.457-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000297.html ASA-201504-18]<br />
|-<br />
| {{CVE|CVE-2015-1351}} {{CVE|CVE-2015-1352}} {{CVE|CVE-2015-2783}} {{CVE|CVE-2015-3330}} {{CVE|CVE-2015-3329}} [https://php.net/ChangeLog-5.php#5.6.8 templink] || {{pkg|php}} || 2015-04-17 || <= 5.6.7.-2 || 5.6.8-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000291.html ASA-201504-14]<br />
|-<br />
| {{CVE|CVE-2015-0460}} {{CVE|CVE-2015-0469}} {{CVE|CVE-2015-0470}} {{CVE|CVE-2015-0477}} {{CVE|CVE-2015-0478}} {{CVE|CVE-2015-0480}} {{CVE|CVE-2015-0488}} || {{pkg|jdk8-openjdk}} {{pkg|jre8-openjdk}} {{pkg|jre8-openjdk-headless}} || 2015-04-14 || <= 8.u40-1 || 8.u45-1 || 6d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000300.html ASA-201504-21] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000301.html ASA-201504-22] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000302.html ASA-201504-23]<br />
|-<br />
| {{CVE|CVE-2015-0460}} {{CVE|CVE-2015-0469}} {{CVE|CVE-2015-0477}} {{CVE|CVE-2015-0478}} {{CVE|CVE-2015-0480}} {{CVE|CVE-2015-0488}} [http://blog.fuseyism.com/index.php/2015/04/15/security-icedtea-2-5-5-for-openjdk-7-released/ templink] || {{pkg|jdk7-openjdk}} {{pkg|jre7-openjdk}} {{pkg|jre7-openjdk-headless}} || 2015-04-14 || <= 7.u75_2.5.4-1 || 7.u79_2.5.5-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000294.html ASA-201504-15] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000295.html ASA-201504-16] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000296.html ASA-201504-17]<br />
|-<br />
| {{CVE|CVE-2015-3310}} [http://www.openwall.com/lists/oss-security/2015/04/16/7 templink] || {{pkg|ppp}} || 2015-04-13 || <= 2.4.7-1 || 2.4.7-2 || ~4m || Fixed ({{bug|44607}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000380.html ASA-201508-3]<br />
|-<br />
| {{CVE|CVE-2015-3308}} [http://www.openwall.com/lists/oss-security/2015/04/16/6 templink] || {{pkg|gnutls}} || 2015-03-30 || <= 3.3.13-1 || 3.3.14-1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-1235}} {{CVE|CVE-2015-1236}} {{CVE|CVE-2015-1237}} {{CVE|CVE-2015-1238}} {{CVE|CVE-2015-1240}} {{CVE|CVE-2015-1241}} {{CVE|CVE-2015-1242}} {{CVE|CVE-2015-1244}} {{CVE|CVE-2015-1245}} {{CVE|CVE-2015-1246}} {{CVE|CVE-2015-1247}} {{CVE|CVE-2015-1248}} {{CVE|CVE-2015-1249}} [http://googlechromereleases.blogspot.fr/2015/04/stable-channel-update_14.html templink] || {{pkg|chromium}} || 2015-04-14 || <= 41.0.2272.118-2 || 42.0.2311.90-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000298.html ASA-201504-19]<br />
|-<br />
| {{CVE|CVE-2015-1855}} [https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/ templink] || {{pkg|ruby}} || 2015-04-13 || <= 2.2.1-1 || 2.2.2-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000282.html ASA-201504-13]<br />
|-<br />
| {{CVE|CVE-2015-3026}} [http://seclists.org/oss-sec/2015/q2/80 templink] || {{pkg|icecast}} || 2015-04-08 || <= 2.4.1-1 || 2.4.2-1 || 3d || Fixed ({{bug|44503}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000281.html ASA-201504-12]<br />
|-<br />
| {{CVE|CVE-2015-1798}} [http://seclists.org/oss-sec/2015/q2/63 templink] || {{pkg|chrony}} || 2015-04-08 || <= 1.31-2 || 1.31.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000278.html ASA-201504-9]<br />
|-<br />
| {{CVE|CVE-2015-1798}} {{CVE|CVE-2015-1799}} [http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities templink] || {{pkg|ntp}} || 2015-04-07 || <= 4.2.8p1 || 4.2.8p2-1 || <1d || Fixed ({{bug|44492}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000275.html ASA-201504-8]<br />
|-<br />
| {{CVE|CVE-2015-2931}} {{CVE|CVE-2015-2932}} {{CVE|CVE-2015-2933}} {{CVE|CVE-2015-2934}} {{CVE|CVE-2015-2935}} {{CVE|CVE-2015-2936}} {{CVE|CVE-2015-2937}} {{CVE|CVE-2015-2938}} {{CVE|CVE-2015-2939}} {{CVE|CVE-2015-2940}} {{CVE|CVE-2015-2941}} {{CVE|CVE-2015-2942}} [http://seclists.org/oss-sec/2015/q2/61 templink] || {{pkg|mediawiki}} || 2015-04-07 || <= 1.24.1-1 || 1.24.2-1 || 0d || Fixed ({{bug|44489}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000280.html ASA-201504-11]<br />
|-<br />
| {{CVE|CVE-2015-2928}} {{CVE|CVE-2015-2929}} [http://seclists.org/oss-sec/2015/q2/56 templink] || {{pkg|tor}} || 2015-04-06 || <= 0.2.5.11-1 || 0.2.5.12-1 || <1d || Fixed ({{bug|44482}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000274.html ASA-201504-7]<br />
|-<br />
| {{CVE|CVE-2015-0799}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2015-04-03 || <= 37.0-1 || 37.0.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000271.html ASA-201504-4]<br />
|-<br />
| {{CVE|CVE-2015-1233}} {{CVE|CVE-2015-1234}} [http://googlechromereleases.blogspot.fr/2015/04/stable-channel-update.html templink] || {{pkg|chromium}} || 2015-04-01 || <= 41.0.2272.101-1 || 41.0.2272.118-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000269.html ASA-201504-2]<br />
|-<br />
| {{CVE|CVE-2015-0801}} {{CVE|CVE-2015-0807}} {{CVE|CVE-2015-0813}} {{CVE|CVE-2015-0814}} {{CVE|CVE-2015-0815}} {{CVE|CVE-2015-0816}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/ templink] || {{pkg|thunderbird}} || 2015-03-31 || <= 31.5.0-1 || 31.6.0-1|| 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000272.html ASA-201504-6]<br />
|-<br />
| {{CVE|CVE-2015-0801}} {{CVE|CVE-2015-0802}} {{CVE|CVE-2015-0803}} {{CVE|CVE-2015-0804}} {{CVE|CVE-2015-0805}} {{CVE|CVE-2015-0806}} {{CVE|CVE-2015-0807}} {{CVE|CVE-2015-0808}} {{CVE|CVE-2015-0811}} {{CVE|CVE-2015-0812}} {{CVE|CVE-2015-0813}} {{CVE|CVE-2015-0814}} {{CVE|CVE-2015-0815}} {{CVE|CVE-2015-0816}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2015-03-31 || <= 36.0.4-1 || 37.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000268.html ASA-201504-1]<br />
|-<br />
| {{CVE|CVE-2015-1817}} [http://www.openwall.com/lists/oss-security/2015/03/30/3 templink] || {{pkg|musl}} || 2015-03-29 || <= 1.1.7-1 || 1.1.8-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000267.html ASA-201503-26]<br />
|-<br />
| {{CVE|CVE-2015-2782}} {{CVE|CVE-2015-0556}} {{CVE|CVE-2015-0557}} [http://www.openwall.com/lists/oss-security/2015/03/29/1 templink] || {{pkg|arj}} || 2015-03-28 || <= 3.10.22-8 || 3.10.22-10 || 10d || Fixed ({{bug|44411}}) ({{bug|44488}}) || None<br />
|-<br />
| {{CVE|CVE-2015-0250}} [http://seclists.org/fulldisclosure/2015/Mar/142 templink] || {{pkg|java-batik}} || 2015-03-17 || <= 1.7-12 || 1.8-1 || 17d || Fixed ({{bug|44410}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000273.html ASA-201504-5]<br />
|-<br />
| {{CVE|CVE-2015-2806}} [http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=4d4f992826a4962790ecd0cce6fbba4a415ce149 templink] || {{pkg|libtasn1}} || 2015-03-29 || <= 4.3-1 || 4.4-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000270.html ASA-201504-3]<br />
|-<br />
| {{CVE|CVE-2015-0817}} {{CVE|CVE-2015-0818}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2015-03-20 || <= 36.0.1-1 || 36.0.3-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000262.html ASA-201503-21]<br />
|-<br />
| {{CVE|CVE-2015-2559}} [https://www.drupal.org/SA-CORE-2015-001 templink] || {{pkg|drupal}} || 2015-03-19 || <= 7.34-1 || 7.35-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000259.html ASA-201503-18]<br />
|-<br />
| {{CVE|CVE-2015-0252}} [https://xerces.apache.org/xerces-c/secadv/CVE-2015-0252.txt templink] || {{pkg|xerces-c}} || 2015-03-19 || <= 3.1.1-5 || 3.1.2-1 || 1d || Fixed ({{bug|44272}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000260.html ASA-201503-19]<br />
|-<br />
| {{CVE|CVE-2015-2330}} [http://www.openwall.com/lists/oss-security/2015/03/18/4 templink] || {{pkg|webkitgtk}} {{pkg|webkitgtk2}} || 2015-03-17 || <= 2.4.8-1 || 2.4.9-1 || 30d || Fixed ({{bug|44237}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000339.html ASA-201505-18] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000340.html ASA-201505-19]<br />
|-<br />
| {{CVE|CVE-2015-2305}} {{CVE|CVE-2015-2331}} {{CVE|CVE-2015-2348}} {{CVE|CVE-2015-2787}} [https://bugs.php.net/bug.php?id=69253 templink] || {{pkg|php}} || 2015-03-18 || <= 5.6.6-1 || 5.6.7-1 || 10d || Fixed ({{bug|44236}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000266.html ASA-201503-25]<br />
|-<br />
| {{CVE|CVE-2015-0204}} {{CVE|CVE-2015-0207}} {{CVE|CVE-2015-0208}} {{CVE|CVE-2015-0209}} {{CVE|CVE-2015-0285}} {{CVE|CVE-2015-0286}} {{CVE|CVE-2015-0287}} {{CVE|CVE-2015-0288}} {{CVE|CVE-2015-0289}} {{CVE|CVE-2015-0290}} {{CVE|CVE-2015-0291}} {{CVE|CVE-2015-0293}} {{CVE|CVE-2015-1787}} [https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=28a00bcd8e318da18031b2ac8778c64147cd54f9 commit-0288] [https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2b31fcc0b5e7329e13806822a5709dbd51c5c8a4 commit-0285] [https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ba5d0113e8bcb26857ae58a11b219aeb7bc2408a commit-0209] [https://security-tracker.debian.org/tracker/CVE-2015-0288 Debian-Bug-tracker] [https://www.openssl.org/news/secadv_20150319.txt advisory] || {{pkg|openssl}} {{pkg|lib32-openssl}} || 2015-03-17 || <= 1.0.2-1 || 1.0.2.a-1 || 2d || Fixed ({{bug|44227}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000257.html ASA-201503-16] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000258.html ASA-201503-17]<br />
|-<br />
| {{CVE|CVE-2015-1802}} {{CVE|CVE-2015-1803}} {{CVE|CVE-2015-1804}} [http://www.openwall.com/lists/oss-security/2015/03/17/5 templink] || {{pkg|libxfont}} || 2015-03-17 || <= 1.5.0-1 || 1.5.1-1 || <1d || Fixed ({{bug|44226}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000256.html ASA-201503-15]<br />
|-<br />
| {{CVE|CVE-2015-0332}} {{CVE|CVE-2015-0333}} {{CVE|CVE-2015-0334}} {{CVE|CVE-2015-0335}} {{CVE|CVE-2015-0336}} {{CVE|CVE-2015-0337}} {{CVE|CVE-2015-0338}} {{CVE|CVE-2015-0339}} {{CVE|CVE-2015-0340}} {{CVE|CVE-2015-0341}} {{CVE|CVE-2015-0342}} [https://helpx.adobe.com/security/products/flash-player/apsb15-05.html templink] || {{pkg|flashplugin}} || 2015-03-12 || <= 11.2.202.442-1 || 11.2.202.451-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000252.html ASA-201503-11]<br />
|-<br />
| {{CVE|CVE-2014-9687}} [http://www.openwall.com/lists/oss-security/2015/02/10/10 templink] || {{pkg|ecryptfs-utils}} || 2015-02-10 || <= 104-1 || 106-1 || 37d || Fixed ({{bug|44157}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000255.html ASA-201503-14]<br />
|-<br />
| {{CVE|CVE-2015-1782}} [http://www.libssh2.org/adv_20150311.html templink] || {{pkg|libssh2}} || 2015-03-11 || <= 1.4.3-1 || 1.5.0-1 || 29d || Fixed ({{bug|44146}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000279.html ASA-201504-10]<br />
|-<br />
| {{CVE|CVE-2015-2241}} [https://www.djangoproject.com/weblog/2015/mar/09/security-releases/ templink] || {{pkg|python-django}} {{pkg|python2-django}} || 2015-03-09 || <= 1.7.5-1 || 1.7.6-1 || 2d || Fixed ({{bug|44122}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000248.html ASA-201503-7]<br />
|-<br />
| {{CVE|CVE-2015-1212}} {{CVE|CVE-2015-1213}} {{CVE|CVE-2015-1214}} {{CVE|CVE-2015-1215}} {{CVE|CVE-2015-1216}} {{CVE|CVE-2015-1217}} {{CVE|CVE-2015-1218}} {{CVE|CVE-2015-1219}} {{CVE|CVE-2015-1220}} {{CVE|CVE-2015-1221}} {{CVE|CVE-2015-1222}} {{CVE|CVE-2015-1223}} {{CVE|CVE-2015-1224}} {{CVE|CVE-2015-1225}} {{CVE|CVE-2015-1226}} {{CVE|CVE-2015-1227}} {{CVE|CVE-2015-1228}} {{CVE|CVE-2015-1229}} {{CVE|CVE-2015-1230}} {{CVE|CVE-2015-1231}} [http://googlechromereleases.blogspot.fr/2015/03/stable-channel-update.html templink] || {{pkg|chromium}} || 2015-03-03 || <= 40.0.2214.115-1 || 41.0.2272.76-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000245.html ASA-201503-5]<br />
|-<br />
| {{CVE|CVE-2015-1572}} [https://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=49d0fe2a14f2a23da2fe299643379b8c1d37df73 templink] || {{pkg|e2fsprogs}} || 2015-02-06 || <= 1.42.12-1 || 1.42.12-2 || 6d || Fixed ({{bug|44015}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000249.html ASA-201503-8]<br />
|-<br />
| {{CVE|CVE-2015-2157}} [http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/private-key-not-wiped-2.html templink] || {{pkg|putty}} || 2015-03-02 || <= 0.63-1 || 0.64-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000241.html ASA-201503-1]<br />
|-<br />
| {{CVE|CVE-2015-0822}} {{CVE|CVE-2015-0827}} {{CVE|CVE-2015-0831}} {{CVE|CVE-2015-0835}} {{CVE|CVE-2015-0836}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/ templink] || {{pkg|thunderbird}} || 2015-02-24 || <= 31.4.0-1 || 31.5.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000238.html ASA-201502-15]<br />
|-<br />
| {{CVE|CVE-2015-0819}} {{CVE|CVE-2015-0821}} {{CVE|CVE-2015-0822}} {{CVE|CVE-2015-0823}} {{CVE|CVE-2015-0824}} {{CVE|CVE-2015-0825}} {{CVE|CVE-2015-0826}} {{CVE|CVE-2015-0827}} {{CVE|CVE-2015-0829}} {{CVE|CVE-2015-0830}} {{CVE|CVE-2015-0831}} {{CVE|CVE-2015-0832}} {{CVE|CVE-2015-0834}} {{CVE|CVE-2015-0835}} {{CVE|CVE-2015-0836}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2015-02-24 || <= 35.0.1-1 || 36.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000237.html ASA-201502-14]<br />
|-<br />
| {{CVE|CVE-2015-0240}} [https://www.samba.org/samba/history/samba-4.1.17.html templink] || {{pkg|samba}} || 2015-02-23 || <= 4.1.16-1 || 4.1.17-1 || <1d || Fixed ({{bug|43923}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000236.html ASA-201502-13]<br />
|-<br />
| {{CVE|CVE-2014-9636}} [http://www.openwall.com/lists/oss-security/2014/11/02/2 templink] || {{pkg|unzip}} || 2014-11-02 || <= 6.0-9 || 6.0-10 || 75d || Fixed ({{bug|44171}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000250.html ASA-201503-9]<br />
|-<br />
| {{CVE|CVE-2015-1315}} [http://www.openwall.com/lists/oss-security/2015/02/17/4 templink] || {{pkg|unzip}} || 2014-11-02 || <= 6.0-9 || 6.0-9 || - || Not Affected || None<br />
|-<br />
| {{CVE|CVE-2014-9680}} [http://www.sudo.ws/sudo/alerts/tz.html templink] || {{pkg|sudo}} || 2015-02-09 || <= 1.8.12-1 || 1.8.12-1 || 4d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-5352}} {{CVE|CVE-2014-5353}} {{CVE|CVE-2014-5354}} {{CVE|CVE-2014-9421}} {{CVE|CVE-2014-9422}} {{CVE|CVE-2014-9423}} [http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2015-001.txt templink] [http://www.openwall.com/lists/oss-security/2014/12/16/1 templink] || {{pkg|krb5}} || 2015-02-03 || <= 1.13-1 || 1.13.1-1 || 14d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000235.html ASA-201502-12] <br />
|-<br />
| {{CVE|CVE-2015-0255}} [http://www.x.org/wiki/Development/Security/Advisory-2015-02-10/ templink] || {{pkg|xorg-server}} || 2015-02-10 || <= 1.16.3-2|| 1.16.4-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000234.html ASA-201502-11]<br />
|-<br />
| {{CVE|CVE-2015-1191}} [http://www.openwall.com/lists/oss-security/2015/01/18/3 templink] || {{pkg|pigz}} || 2015-01-18 || <= 2.3.1-1 || 2.3.3-1 || 21d || Fixed ({{bug|43748}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000232.html ASA-201502-9]<br />
|-<br />
| {{CVE|CVE-2015-0245}} [http://lists.freedesktop.org/archives/dbus/2015-February/016553.html templink] || {{pkg|dbus}} || 2015-02-09 || <= 1.8.14-1 || 1.8.16-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000233.html ASA-201502-10]<br />
|-<br />
| {{CVE|CVE-2015-1472}} {{CVE|CVE-2015-1473}} || {{pkg|glibc}} || 2015-02-05 || <= 2.20-6 || 2.21-1 ||4d || Fixed ({{bug|43747}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000231.html ASA-201502-8]<br />
|-<br />
| {{CVE|CVE-2014-9297}} {{CVE|CVE-2014-9298}} [http://support.ntp.org/bin/view/Main/SecurityNotice#vallen_is_not_validated_in_sever templink] [http://support.ntp.org/bin/view/Main/SecurityNotice#1_can_be_spoofed_on_some_OSes_so templink]|| {{pkg|ntp}} || 2015-02-04 || <= 4.2.8-1 || 4.2.8.p1-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000230.html ASA-201502-7]<br />
|-<br />
| {{CVE|CVE-2014-9328}} || {{pkg|clamav}} || 2015-01-28 || <= 0.98.5-1 || 0.98.6-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000229.html ASA-201502-6]<br />
|-<br />
| {{CVE|CVE-2015-1209}} {{CVE|CVE-2015-1210}} {{CVE|CVE-2015-1211}} {{CVE|CVE-2015-1212}} [http://googlechromereleases.blogspot.fr/2015/02/stable-channel-update.html templink] || {{pkg|chromium}} || 2015-02-05 || <= 40.0.2214.94-1 || 40.0.2214.111-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000228.html ASA-201502-5]<br />
|-<br />
| {{CVE|CVE-2015-0313}} {{CVE|CVE-2015-0314}} {{CVE|CVE-2015-0315}} {{CVE|CVE-2015-0316}} {{CVE|CVE-2015-0317}} {{CVE|CVE-2015-0318}} {{CVE|CVE-2015-0319}} {{CVE|CVE-2015-0320}} {{CVE|CVE-2015-0321}} {{CVE|CVE-2015-0322}} {{CVE|CVE-2015-0323}} {{CVE|CVE-2015-0324}} {{CVE|CVE-2015-0325}} {{CVE|CVE-2015-0326}} {{CVE|CVE-2015-0327}} {{CVE|CVE-2015-0328}} {{CVE|CVE-2015-0329}} {{CVE|CVE-2015-0330}} [https://helpx.adobe.com/security/products/flash-player/apsb15-04.html templink] || {{pkg|flashplugin}} || 2015-02-05 || <= 11.2.202.440-1 || 11.2.202.442-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000225.html ASA-201502-2]<br />
|-<br />
| {{CVE|CVE-2014-8161}} {{CVE|CVE-2015-0241}} {{CVE|CVE-2015-0243}} {{CVE|CVE-2015-0244}} [http://www.postgresql.org/docs/9.4/static/release-9-4-1.html templink] || {{pkg|postgresql}} || 2015-02-05 || <= 9.4.0-1 || 9.4.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000227.html ASA-201502-4]<br />
|-<br />
| {{CVE|CVE-2015-1380}} {{CVE|CVE-2015-1381}} {{CVE|CVE-2015-1382}} [http://seclists.org/oss-sec/2015/q1/285 templink] || {{pkg|privoxy}} || 2015-01-26 || <= 3.0.22-1 || 3.0.23-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000224.html ASA-201502-1]<br />
|-<br />
| {{CVE|CVE-2015-0235}} [https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-0235 templink] || {{pkg|glibc}} || 2015-01-27 || < 2.18-1 || 2.18-1 || < 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-0311}} {{CVE|CVE-2015-0301}} {{CVE|CVE-2015-0302}} {{CVE|CVE-2015-0303}} {{CVE|CVE-2015-0304}} {{CVE|CVE-2015-0305}} {{CVE|CVE-2015-0306}} {{CVE|CVE-2015-0307}} {{CVE|CVE-2015-0308}} {{CVE|CVE-2015-0309}} [https://helpx.adobe.com/security/products/flash-player/apsb15-01.html templink] || {{pkg|flashplugin}} || 2015-01-23 || <= 11.2.202.438-1 || 11.2.202.440-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000220.html ASA-201501-22]<br />
|-<br />
| {{CVE|CVE-2015-0231}} {{CVE|CVE-2014-9427}} {{CVE|CVE-2015-0232}} [https://bugs.php.net/bug.php?id=68710 templink] [https://bugs.php.net/bug.php?id=68618 templink] [https://bugs.php.net/bug.php?id=68799 templink] || {{pkg|php}} || 2015-01-22 || <= 5.6.4-1 || 5.6.5-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000215.html ASA-201501-17]<br />
|-<br />
| {{CVE|CVE-2014-9638}} {{CVE|CVE-2014-9639}} {{CVE|CVE-2014-9640}} [http://www.openwall.com/lists/oss-security/2015/01/22/9 templink] || {{pkg|vorbis-tools}} || 2015-01-21 || <= 1.4.0-4 || 1.4.0-5 || 64d || Fixed ({{bug|44172}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000265.html ASA-201503-24]<br />
|-<br />
| {{CVE|CVE-2015-1345}} [http://seclists.org/oss-sec/2015/q1/179 templink] || {{pkg|grep}} || 2015-01-18 || <= 2.21-1 || 2.21-2 || 46d || Fixed ({{bug|44017}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000244.html ASA-201503-4]<br />
|-<br />
| {{CVE|CVE-2014-7923}} {{CVE|CVE-2014-7924}} {{CVE|CVE-2014-7925}} {{CVE|CVE-2014-7926}} {{CVE|CVE-2014-7927}} {{CVE|CVE-2014-7928}} {{CVE|CVE-2014-7930}} {{CVE|CVE-2014-7931}} {{CVE|CVE-2014-7929}} {{CVE|CVE-2014-7932}} {{CVE|CVE-2014-7933}} {{CVE|CVE-2014-7934}} {{CVE|CVE-2014-7935}} {{CVE|CVE-2014-7936}} {{CVE|CVE-2014-7937}} {{CVE|CVE-2014-7938}} {{CVE|CVE-2014-7939}} {{CVE|CVE-2014-7940}} {{CVE|CVE-2014-7941}} {{CVE|CVE-2014-7942}} {{CVE|CVE-2014-7943}} {{CVE|CVE-2014-7944}} {{CVE|CVE-2014-7945}} {{CVE|CVE-2014-7946}} {{CVE|CVE-2014-7947}} {{CVE|CVE-2014-7948}} {{CVE|CVE-2015-1205}} [http://googlechromereleases.blogspot.fr/2015/01/stable-update.html templink] || {{pkg|chromium}} || 2015-01-22 || <= 39.0.2171.99-1 || 40.0.2214.91-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000219.html ASA-201501-21]<br />
|-<br />
| {{CVE|CVE-2014-3566}} {{CVE|CVE-2014-6549}} {{CVE|CVE-2014-6585}} {{CVE|CVE-2014-6587}} {{CVE|CVE-2014-6591}} {{CVE|CVE-2014-6593}} {{CVE|CVE-2014-6601}} {{CVE|CVE-2015-0383}} {{CVE|CVE-2015-0395}} {{CVE|CVE-2015-0400}} {{CVE|CVE-2015-0403}} {{CVE|CVE-2015-0406}} {{CVE|CVE-2015-0407}} {{CVE|CVE-2015-0408}} {{CVE|CVE-2015-0410}} {{CVE|CVE-2015-0412}} {{CVE|CVE-2015-0413}} {{CVE|CVE-2015-0421}} {{CVE|CVE-2015-0437}} [http://www.oracle.com/technetwork/topics/security/cpujan2015verbose-1972976.html#JAVA templink] || {{pkg|jdk8-openjdk}} {{pkg|jre8-openjdk}} {{pkg|jre8-openjdk-headless}} || 2015-01-22 || <= 8.u25-2 || 8.u31-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000210.html ASA-201501-14] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000211.html ASA-201501-15] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000212.html ASA-201501-16]<br />
|-<br />
| {{CVE|CVE-2014-3566}} {{CVE|CVE-2014-6585}} {{CVE|CVE-2014-6587}} {{CVE|CVE-2014-6591}} {{CVE|CVE-2014-6593}} {{CVE|CVE-2014-6601}} {{CVE|CVE-2015-0383}} {{CVE|CVE-2015-0395}} {{CVE|CVE-2015-0407}} {{CVE|CVE-2015-0408}} {{CVE|CVE-2015-0410}} {{CVE|CVE-2015-0412}} [http://www.oracle.com/technetwork/topics/security/cpujan2015verbose-1972976.html#JAVA templink] || {{pkg|jdk7-openjdk}} {{pkg|jre7-openjdk}} {{pkg|jre7-openjdk-headless}} || 2015-01-22 || <= 7.u71_2.5.3-3 || 7.u75_2.5.4-1 || || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000216.html ASA-201501-18] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000217.html ASA-201501-19] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000218.html ASA-201501-20]<br />
|-<br />
| {{CVE|CVE-2014-8157}} {{CVE|CVE-2014-8158}} [http://seclists.org/oss-sec/2015/q1/210 templink] || {{pkg|jasper}} || 2015-01-22 || <= 1.900.1-12 || 1.900.1-13 || 5d || Fixed ({{bug|43592}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000222.html ASA-201501-23]<br />
|-<br />
| {{CVE|CVE-2014-8132}} [http://www.libssh.org/2014/12/19/libssh-0-6-4-security-and-bugfix-release/ templink] || {{pkg|libssh}} || 2014-12-19 || <= 0.6.3-1 || 0.6.4-1 || 26d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000208.html ASA-201501-12]<br />
|-<br />
| {{CVE|CVE-2015-1182}} [https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-04 templink] || {{pkg|polarssl}} || 2012-09-19 || <= 1.3.9-1 || 1.3.9-2 || 1d || Fixed ({{bug|43508}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000209.html ASA-201501-13]<br />
|-<br />
| {{CVE|CVE-2012-3505}} [http://www.openwall.com/lists/oss-security/2012/08/18/1 templink] || {{pkg|tinyproxy}} || 2012-09-10 || <= 1.8.3-1 || 1.8.4-1 || > 740d || Fixed ({{bug|38400}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000207.html ASA-201501-11]<br />
|-<br />
| {{CVE|CVE-2014-9447}} [https://git.fedorahosted.org/cgit/elfutils.git/commit/?id=147018e729e7c22eeabf15b82d26e4bf68a0d18e templink] || {{pkg|elfutils}} || 2015-01-19 || <= 0.161-2 || 0.161-3 || 42d || Fixed ({{bug|44019}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000242.html ASA-201503-2]<br />
|-<br />
| {{CVE|CVE-2014-9447}} [https://git.fedorahosted.org/cgit/elfutils.git/commit/?id=147018e729e7c22eeabf15b82d26e4bf68a0d18e templink] || {{pkg|lib32-elfutils}} || 2015-01-19 || <= 0.161-1 || 0.161-2 || 42d || Fixed ({{bug|44020}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000243.html ASA-201503-3]<br />
|-<br />
| {{CVE|CVE-2014-8143}} [https://www.samba.org/samba/security/CVE-2014-8143 templink] || {{pkg|samba}} || 2015-01-15 || <= 4.1.15-1 || 4.1.16-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000206.html ASA-201501-10]<br />
|-<br />
| {{CVE|CVE-2015-1197}} [http://www.openwall.com/lists/oss-security/2015/01/18/7 templink] || {{pkg|cpio}} || 2015-01-16 || <= 2.11-5 || 2.11-6 || 65d || Fixed ({{bug|44173}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000263.html ASA-201503-22]<br />
|-<br />
| {{CVE|CVE-2015-1196}} {{CVE|CVE-2014-9637}} [http://www.openwall.com/lists/oss-security/2015/01/18/6 templink] [https://savannah.gnu.org/bugs/?44051 templink] || {{pkg|patch}} || 2015-01-14 || <= 2.7.1-3 || 2.7.3-1 || 14d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000223.html ASA-201501-24]<br />
|-<br />
| {{CVE|CVE-2014-9571}} {{CVE|CVE-2014-9572}} {{CVE|CVE-2014-9573}} {{CVE|CVE-2014-9624}} {{CVE|CVE-2015-1042}} [http://www.openwall.com/lists/oss-security/2015/01/17/1 templink] [http://www.openwall.com/lists/oss-security/2015/01/17/3 templink] [http://www.openwall.com/lists/oss-security/2015/01/17/2 templink] [http://www.openwall.com/lists/oss-security/2015/01/18/11 templink] || {{pkg|mantisbt}} || 2015-01-17 || <= 1.2.18-1 || 1.2.19-1 || 20d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000226.html ASA-201502-3]<br />
|-<br />
| {{CVE|CVE-2014-8634}} {{CVE|CVE-2014-8635}} {{CVE|CVE-2014-8638}} {{CVE|CVE-2014-8639}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/ templink] || {{pkg|thunderbird}} || 2015-01-13 || <= 31.3.0-1 || 31.4.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000203.html ASA-201501-7]<br />
|-<br />
| {{CVE|CVE-2014-8634}} {{CVE|CVE-2014-8635}} {{CVE|CVE-2014-8636}} {{CVE|CVE-2014-8637}} {{CVE|CVE-2014-8638}} {{CVE|CVE-2014-8639}} {{CVE|CVE-2014-8640}} {{CVE|CVE-2014-8641}} {{CVE|CVE-2014-8642}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2015-01-13 || <= 34.0.5-1 || 35.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000202.html ASA-201501-6]<br />
|-<br />
| {{CVE|CVE-2014-3571}} {{CVE|CVE-2015-0206}} {{CVE|CVE-2014-3569}} {{CVE|CVE-2014-3572}} {{CVE|CVE-2015-0205}} {{CVE|CVE-2014-8275}} {{CVE|CVE-2014-3570}} [https://www.openssl.org/news/secadv_20150108.txt templink] || {{pkg|openssl}} || 2015-01-08 || <= 1.0.1.j-1 || 1.0.1.k-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000198.html ASA-201501-2]<br />
|-<br />
| {{CVE|CVE-2014-8150}} [http://curl.haxx.se/docs/adv_20150108B.html templink] || {{pkg|curl}} || 2015-01-08 || <= 7.39.0-1 || 7.40.0-1 || 10d || Fixed ({{bug|43379}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000205.html ASA-201501-9]<br />
|-<br />
| {{CVE|CVE-2014-6272}} [http://archives.seul.org/libevent/users/Jan-2015/msg00010.html templink] || {{pkg|libevent}} || 2015-01-05 || <= 2.0.21-3 || 2.0.22-1 || 7d || Fixed ({{bug|43366}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000200.html ASA-201501-4] <br />
|-<br />
| {{CVE|CVE-2014-8139}} {{CVE|CVE-2014-8140}} {{CVE|CVE-2014-8141}} [http://www.ocert.org/advisories/ocert-2014-011.html templink] || {{pkg|unzip}} || 2014-12-22 || <= 6.0-7 || 6.0-9 || 17d || Fixed ({{bug|43300}}) ({{bug|43391}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000199.html ASA-201501-3]<br />
|-<br />
| {{CVE|CVE-2014-6395}} {{CVE|CVE-2014-6396}} {{CVE|CVE-2014-9376}} {{CVE|CVE-2014-9377}} {{CVE|CVE-2014-9378}} {{CVE|CVE-2014-9379}} {{CVE|CVE-2014-9380}} {{CVE|CVE-2014-9381}} [https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/ templink] || {{pkg|ettercap}} {{pkg|ettercap-gtk}} || 2014-12-16 || <= 0.8.1-2 || 0.8.2-1 || 89d || Fixed ({{bug|44174}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000253.html ASA-201503-12] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000254.html ASA-201503-13]<br />
|-<br />
| {{CVE|CVE-2014-9425}} [https://bugs.php.net/bug.php?id=68676 templink] || {{pkg|php}} || 2014-12-29 || <= 5.6.4-1 || 5.6.5-1 || 6d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-9295}} {{CVE|CVE-2014-9296}} [http://support.ntp.org/bin/view/Main/SecurityNotice#Buffer_overflow_in_ctl_putdata templink] || {{pkg|ntp}} || 2014-12-19 || < 4.2.8-1 || 4.2.8-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000189.html ASA-201412-24]<br />
|-<br />
| {{CVE|CVE-2014-8142}} [https://bugzilla.redhat.com/show_bug.cgi?id=1175718 templink] || {{pkg|php}} || 2014-12-18 || <= 5.6.3-1 || 5.6.4-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000183.html ASA-201412-23]<br />
|-<br />
| {{CVE|CVE-2014-8137}} {{CVE|CVE-2011-4516}} {{CVE|CVE-2011-4517}} [https://marc.info/?l=oss-security&m=141891163026757&w=2 templink] || {{pkg|jasper}} || 2014-12-18 || <= 1.900.1-11 || 1.900.1-12 || 1d || Fixed ({{bug|43155}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000182.html ASA-201412-22]<br />
|-<br />
| {{CVE|CVE-2014-9029}} [https://marc.info/?l=oss-security&m=141770163916268&w=2 templink] || {{pkg|jasper}} || 2014-12-04 || <= 1.900.1-10 || 1.900.1-12 || 6d || Fixed ({{bug|43044}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000182.html ASA-201412-22]<br />
|-<br />
| {{CVE|CVE-2012-3406}} {{CVE|CVE-2014-9402}} [http://www.openwall.com/lists/oss-security/2014/12/18/1 templink] || {{pkg|glibc}} {{pkg|lib32-glibc}} || 2014-12-17 || <= 2.20-4 || 2.20-5 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000181.html ASA-201412-21]<br />
|-<br />
| {{CVE|CVE-2014-9253}} [http://seclists.org/oss-sec/2014/q4/1050 templink] || {{pkg|dokuwiki}} || 2014-12-15 || <= 20140929_a-1 || 20140929_b-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000177.html ASA-201412-19]<br />
|-<br />
| {{CVE|CVE-2014-3580}} {{CVE|CVE-2014-8108}} [https://subversion.apache.org/security/CVE-2014-3580-advisory.txt templink] [https://subversion.apache.org/security/CVE-2014-8108-advisory.txt templink] || {{pkg|subversion}} || 2014-12-16 || <= 1.8.10-1 || 1.8.11-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000175.html ASA-201412-17]<br />
|-<br />
| {{CVE|CVE-2014-9356}} {{CVE|CVE-2014-9357}} {{CVE|CVE-2014-9358}} [http://www.securityfocus.com/archive/1/534215 templink] || {{pkg|docker}} || 2014-12-12 || <= 1:1.3.2-1 || 1:1.4.0-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000174.html ASA-201412-16]<br />
|-<br />
| {{CVE|CVE-2013-1752}} {{CVE|CVE-2013-1753}} {{CVE|CVE-2014-9365}} [https://hg.python.org/cpython/raw-file/v2.7.9/Misc/NEWS templink] || {{pkg|python2}} || 2014-12-11 || <= 2.7.8-1 || 2.7.9-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000173.html ASA-201412-15]<br />
|-<br />
| {{CVE|CVE-2014-0580}} {{CVE|CVE-2014-0587}} {{CVE|CVE-2014-8443}} {{CVE|CVE-2014-9162}} {{CVE|CVE-2014-9163}} {{CVE|CVE-2014-9164}} [https://helpx.adobe.com/security/products/flash-player/apsb14-27.html templink] || {{pkg|flashplugin}} || 2014-12-09 || <= 11.2.202.424-1 || 11.2.202.425-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000171.html ASA-201412-13]<br />
|-<br />
| {{CVE|CVE-2014-8091}} {{CVE|CVE-2014-8092}} {{CVE|CVE-2014-8093}} {{CVE|CVE-2014-8094}} {{CVE|CVE-2014-8095}} {{CVE|CVE-2014-8096}} {{CVE|CVE-2014-8097}} {{CVE|CVE-2014-8098}} {{CVE|CVE-2014-8099}} {{CVE|CVE-2014-8100}} {{CVE|CVE-2014-8101}} {{CVE|CVE-2014-8102}} {{CVE|CVE-2014-8103}} [http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/ templink] || {{pkg|xorg-server}} || 2014-12-09 || <= 1.16.2-1 || 1.16.2.901-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000172.html ASA-201412-14]<br />
|-<br />
| {{CVE|CVE-2014-8093}} {{CVE|CVE-2014-8098}} {{CVE|CVE-2014-8298}} [https://nvidia.custhelp.com/app/answers/detail/a_id/3610 templink] || {{pkg|nvidia}} {{pkg|nvidia-lts}} || 2014-12-09 || <= 343.22-6 || 343.36-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000170.html ASA-201412-12]<br />
|-<br />
| {{CVE|CVE-2014-8093}} {{CVE|CVE-2014-8098}} {{CVE|CVE-2014-8298}} [https://nvidia.custhelp.com/app/answers/detail/a_id/3610 templink] || {{pkg|nvidia-340xx}} {{pkg|nvidia-340xx-lts}} || 2014-12-09 || <= 340.58-3 || 340.65-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000169.html ASA-201412-11]<br />
|-<br />
| {{CVE|CVE-2014-8093}} {{CVE|CVE-2014-8098}} {{CVE|CVE-2014-8298}} [https://nvidia.custhelp.com/app/answers/detail/a_id/3610 templink] || {{pkg|nvidia-304xx}} {{pkg|nvidia-304xx-lts}} || 2014-12-09 || < 304.125-1 || 304.125-1 || < 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000168.html ASA-201412-10]<br />
|-<br />
| {{CVE|CVE-2014-8601}} [http://doc.powerdns.com/md/security/powerdns-advisory-2014-02/ templink] || {{pkg|powerdns-recursor}} || 2014-12-09 || <= 3.6.1-1 || 3.6.2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000167.html ASA-201412-9]<br />
|-<br />
| {{CVE|CVE-2014-8602}} [https://unbound.net/downloads/CVE-2014-8602.txt templink] || {{pkg|unbound}} || 2014-12-09 || <= 1.5.0-1 || 1.5.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000166.html ASA-201412-8]<br />
|-<br />
| {{CVE|CVE-2014-8500}} {{CVE|CVE-2014-8680}} [http://svnweb.freebsd.org/ports?view=revision&revision=374305 templink] || {{pkg|bind}} || 2014-12-08 || <= 9.10.1-2 || 9.10.1.P1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000165.html ASA-201412-7]<br />
|-<br />
| {{CVE|CVE-2014-9274}} {{CVE|CVE-2014-9275}} [http://seclists.org/oss-sec/2014/q4/904 templink] || {{pkg|unrtf}} || 2014-12-04 || <= 0.21.5-1 || 0.21.7-1 || 10d || Fixed ({{bug|43131}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000178.html ASA-201412-20]<br />
|-<br />
| {{CVE|CVE-2014-1587}} {{CVE|CVE-2014-1588}} {{CVE|CVE-2014-1589}} {{CVE|CVE-2014-1590}} {{CVE|CVE-2014-1591}} {{CVE|CVE-2014-1592}} {{CVE|CVE-2014-1593}} {{CVE|CVE-2014-1594}} {{CVE|CVE-2014-8631}} {{CVE|CVE-2014-8632}} [https://www.mozilla.org/fr/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2014-12-02 || <= 33.1.1-1 || 34.0.5-1 || < 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000161.html ASA-201412-3]<br />
|-<br />
| {{CVE|CVE-2014-9157}} [http://seclists.org/oss-sec/2014/q4/872 templink] || {{pkg|graphviz}} || 2014-11-25 || <= 2.38.0-2 || 2.38.0-3 || 8d || Fixed ({{bug|42983}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000162.html ASA-201412-4]<br />
|-<br />
| {{CVE|CVE-2014-8123}} [http://seclists.org/oss-sec/2014/q4/874 templink] || {{pkg|antiword}} || 2014-12-01 || <= 0.37-4 || 0.37-5 || 3d || Fixed ({{bug|42982}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000163.html ASA-201412-5]<br />
|-<br />
| {{CVE|CVE-2014-8104}} [https://forums.openvpn.net/topic17625.html templink] || {{pkg|openvpn}} || 2014-11-30 || <= 2.3.5-1 || 2.3.6-1 || 4d || Fixed ({{bug|42975}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000160.html ASA-201412-2]<br />
|-<br />
| {{CVE|CVE-2014-9087}} [http://seclists.org/oss-sec/2014/q4/801 templink] || {{pkg|gnupg}} || 2014-11-25 || <= 2.1.0-5 || 2.1.0-6 || 4d || Fixed ({{bug|42943}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000159.html ASA-201412-1]<br />
|-<br />
| {{CVE|CVE-2014-9087}} [http://seclists.org/oss-sec/2014/q4/801 templink] || {{pkg|libksba}} || 2014-11-25 || <= 1.3.1-1 || 1.3.2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000156.html ASA-201411-31]<br />
|-<br />
| {{CVE|CVE-2014-9114}} [http://seclists.org/oss-sec/2014/q4/819 templink] || {{pkg|util-linux}} || 2014-11-27 || <= 2.25.2-1 || 2.26.1-3 || 117d || Fixed ({{bug|43886}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000264.html ASA-201503-23]<br />
|-<br />
| {{CVE|CVE-2014-9112}} [http://seclists.org/oss-sec/2014/q4/818 templink] || {{pkg|cpio}} || 2014-11-26 || <= 2.11-4 || 2.11-5 || 20d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000201.html ASA-201501-5]<br />
|-<br />
| {{CVE|CVE-2014-9116}} [http://seclists.org/oss-sec/2014/q4/835 templink] || {{pkg|mutt}} || 2014-11-27 || <= 1.5.23-1 || 1.5.23-2 || 71d || Fixed ({{bug|44110}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000247.html ASA-201503-6]<br />
|-<br />
| {{CVE|CVE-2014-9093}} [https://bugs.freedesktop.org/show_bug.cgi?id=86449 templink] || {{pkg|libreoffice-fresh}} || 2014-11-19 || <= 4.3.4-1 ||4.3.5-1 || 31d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-9092}} [https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768369#114 templink] || {{pkg|libjpeg-turbo}} || 2014-11-26 || <= 1.3.1-2 || 1.3.1-3 || 2d || Fixed ({{bug|42922}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000158.html ASA-201411-33]<br />
|-<br />
| {{CVE|CVE-2014-9272}} {{CVE|CVE-2014-9270}} {{CVE|CVE-2014-8987}} {{CVE|CVE-2014-9271}} {{CVE|CVE-2014-9281}} {{CVE|CVE-2014-8986}} {{CVE|CVE-2014-9269}} {{CVE|CVE-2014-9280}} {{CVE|CVE-2014-9089}} {{CVE|CVE-2014-9279}} {{CVE|CVE-2014-8988}} {{CVE|CVE-2014-8553}} {{CVE|CVE-2014-6387}} {{CVE|CVE-2014-6316}} {{CVE|CVE-2014-9117}} [https://www.mantisbt.org/bugs/view.php?id=17841 templink] [https://www.mantisbt.org/bugs/view.php?id=17811 templink] [http://seclists.org/oss-sec/2014/q4/955 templink] || {{pkg|mantisbt}} || 2014-11-25 || <= 1.2.17-4 || 1.2.18-1 || 13d || Fixed ({{bug|42920}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000164.html ASA-201412-6]<br />
|-<br />
| {{CVE|CVE-2014-9090}} [https://marc.info/?l=oss-security&m=141698775601426&w=2 templink] || {{pkg|linux}} {{pkg|linux-lts}} || 2014-11-26 || <= 3.18-rc6 || 3.19 || - || Not Affected || None<br />
|-<br />
| {{CVE|CVE-2014-9018}} {{CVE|CVE-2014-9091}} [http://seclists.org/oss-sec/2014/q4/694 templink] || {{pkg|icecast}} || 2014-11-20 || <= 2.4.0-1 || 2.4.1-1 || 8d || Fixed ({{bug|42912}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000157.html ASA-201411-32]<br />
|-<br />
| {{CVE|CVE-2014-8964}} [http://bugs.exim.org/show_bug.cgi?id=1546 templink] || {{pkg|pcre}} || 2014-11-18 || <= 8.36-1 || 8.36-2 || 8d || Fixed ({{bug|42860}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000154.html ASA-201411-29]<br />
|-<br />
| {{CVE|CVE-2014-8962}} {{CVE|CVE-2014-9028}} [http://www.ocert.org/advisories/ocert-2014-008.html templink] || {{pkg|flac}} || 2014-11-25 || <= 1.3.0-4 || 1.3.0-5 || < 1d || Fixed ({{bug|42898}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000155.html ASA-201411-30]<br />
|-<br />
| {{CVE|CVE-2014-7899}} {{CVE|CVE-2014-7900}} {{CVE|CVE-2014-7901}} {{CVE|CVE-2014-7902}} {{CVE|CVE-2014-7903}} {{CVE|CVE-2014-7904}} {{CVE|CVE-2014-7906}} {{CVE|CVE-2014-7907}} {{CVE|CVE-2014-7908}} {{CVE|CVE-2014-7909}} {{CVE|CVE-2014-7910}} [http://googlechromereleases.blogspot.in/2014/11/stable-channel-update_18.html templink] || {{pkg|chromium}} || 2014-11-20 || <= 38.0.2125.122-1 || 39.0.2171.65-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000151.html ASA-201411-26]<br />
|-<br />
| {{CVE|CVE-2014-9015}} {{CVE|CVE-2014-9016}} [http://seclists.org/oss-sec/2014/q4/697 templink] || {{pkg|drupal}} || 2014-11-19 || <= 7.33-1 || 7.34-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000150.html ASA-201411-25]<br />
|-<br />
| {{CVE|CVE-2013-6497}} [http://seclists.org/oss-sec/2014/q4/673 templink] || {{pkg|clamav}} || 2014-11-18 || <= 0.98.4-1 || 0.98.5-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000146.html ASA-201411-21]<br />
|-<br />
| {{CVE|CVE-2014-7817}} [https://sourceware.org/bugzilla/show_bug.cgi?id=17625 templink] || {{pkg|glibc}} {{pkg|lib32-glibc}} || 2014-11-19 || <= 2.20-2 || 2.20.3 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000152.html ASA-201411-27]<br />
|-<br />
| {{CVE|CVE-2014-8600}} [https://www.kde.org/info/security/advisory-20141113-1.txt templink] || {{pkg|kwebkitpart}} || 2014-11-18 || <= 1.3.4-2 || 1.3.4-3 || 4d || Fixed ({{bug|44170}} {{bug|42775}}) || None<br />
|-<br />
| {{CVE|CVE-2014-8767}} {{CVE|CVE-2014-8768}} {{CVE|CVE-2014-8769}} {{CVE|CVE-2014-9140}} {{CVE|CVE-2015-0261}} {{CVE|CVE-2015-2153}} {{CVE|CVE-2015-2154}} {{CVE|CVE-2015-2155}} [http://www.securityfocus.com/archive/1/534011/30/0/threaded templink] [http://www.securityfocus.com/archive/1/534010/30/0/threaded templink] [http://www.securityfocus.com/archive/1/534009/30/0/threaded templink] [https://github.com/the-tcpdump-group/tcpdump/commit/0f95d441e4b5d7512cc5c326c8668a120e048eda templink] || {{pkg|tcpdump}} || 2014-11-18 || <= 4.6.2-1 || 4.7.3-1 || 88d || Fixed ({{bug|44153}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000261.html ASA-201503-20]<br />
|-<br />
| {{CVE|CVE-2014-8090}} || {{pkg|ruby}} || 2014-11-13 || <= 2.1.4-1 || 2.1.5-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000141.html ASA-201411-16]<br />
|-<br />
| {{CVE|CVE-2014-7823}} || {{pkg|libvirt}} || 2014-11-13 || <= 1.2.10-1 ||1.2.11-1 ||33d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-8710}} {{CVE|CVE-2014-8711}} {{CVE|CVE-2014-8712}} {{CVE|CVE-2014-8713}} {{CVE|CVE-2014-8714}} [https://www.wireshark.org/security/wnpa-sec-2014-20.html templink] [https://www.wireshark.org/security/wnpa-sec-2014-21.html templink] [https://www.wireshark.org/security/wnpa-sec-2014-22.html templink] || {{pkg|wireshark-cli}} {{pkg|wireshark-gtk}} {{pkg|wireshark-qt}} || 2014-11-13 || <= 1.12.1-1 || 1.12.2-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000147.html ASA-201411-22] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000148.html ASA-201411-23] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000149.html ASA-201411-24]<br />
|-<br />
| {{CVE|CVE-2014-0573}} {{CVE|CVE-2014-0574}} {{CVE|CVE-2014-0576}} {{CVE|CVE-2014-0577}} {{CVE|CVE-2014-0581}} {{CVE|CVE-2014-0582}} {{CVE|CVE-2014-0583}} {{CVE|CVE-2014-0584}} {{CVE|CVE-2014-0585}} {{CVE|CVE-2014-0586}} {{CVE|CVE-2014-0588}} {{CVE|CVE-2014-0589}} {{CVE|CVE-2014-0590}} {{CVE|CVE-2014-8437}} {{CVE|CVE-2014-8438}} {{CVE|CVE-2014-8440}} {{CVE|CVE-2014-8441}} {{CVE|CVE-2014-8442}} [https://helpx.adobe.com/security/products/flash-player/apsb14-24.html templink] || {{pkg|flashplugin}} || 2014-11-11 || <= 11.2.202.411-1 || 11.2.202.418-1 || <1d || Fixed ({{bug|42769}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000136.html ASA-201411-11]<br />
|-<br />
| {{CVE|CVE-2014-3710}} [https://bugzilla.redhat.com/show_bug.cgi?id=1155071 templink] || {{pkg|php}} || 2014-10-29 || <= 5.6.2-2 || 5.6.3-1 || 14d || Fixed ({{bug|42764}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000138.html ASA-201411-13]<br />
|-<br />
| {{CVE|CVE-2014-8564}} [http://www.gnutls.org/security.html#GNUTLS-SA-2014-5 templink]|| {{pkg|gnutls}} || 2014-11-10 || <= 3.3.9-1 ||3.3.10-1 ||<1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000135.html ASA-201411-10]<br />
|-<br />
| {{CVE|CVE-2014-8716}} [http://seclists.org/oss-sec/2014/q4/591 templink]|| {{pkg|imagemagick}} || 2014-11-12 || <= 6.8.9.9-1 || 6.8.9.10-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000137.html ASA-201411-12]<br />
|-<br />
| {{CVE|CVE-2014-3710}} [https://bugzilla.redhat.com/show_bug.cgi?id=1155071 templink] || {{pkg|file}} || 2014-10-29 || <= 5.20-1 || 5.20-2 || 12d || Fixed ({{bug|42759}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000134.html ASA-201411-9]<br />
|-<br />
| {{CVE|CVE-2014-1569}} [https://bugzilla.mozilla.org/show_bug.cgi?id=1064670 templink] || {{pkg|nss}} || 2014-11-07 || <= 3.17.2-1 || 3.17.3-1 || 22d || Fixed ({{bug|42760}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000176.html ASA-201412-18]<br />
|-<br />
| {{CVE|CVE-2014-7824}} [http://www.openwall.com/lists/oss-security/2014/11/10/2 templink] || {{pkg|dbus}} || 2014-11-10 || <= 1.8.8-1 || 1.8.10-1 || 14d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000153.html ASA-201411-28]<br />
|-<br />
| {{CVE|CVE-2014-8598}} {{CVE|CVE-2014-7146}} [http://www.openwall.com/lists/oss-security/2014/11/07/27 templink] [http://www.openwall.com/lists/oss-security/2014/11/07/28 templink]|| {{pkg|mantisbt}} || 2014-11-08 || <= 1.2.17-3 || 1.2.17-4 || <4d || Fixed ({{bug|42761}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000133.html ASA-201411-8]<br />
|-<br />
| {{CVE|CVE-2014-8483}} [https://www.kde.org/info/security/advisory-20141104-1.txt templink] || {{pkg|konversation}} || 2014-11-04 || <= 1.5-1 || 1.5.1-1 || <4d || Fixed ({{bug|42698}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000130.html ASA-201411-5]<br />
|-<br />
| {{CVE|CVE-2014-3707}} [http://curl.haxx.se/docs/adv_20141105.html templink]|| {{pkg|curl}} || 2014-11-05 || <= 7.38.0-3 || 7.39.0-1 || 6d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000132.html ASA-201411-7]<br />
|-<br />
| {{CVE|CVE-2014-8651}} [http://seclists.org/oss-sec/2014/q4/520 templink]|| {{pkg|kdebase-workspace}} || 2014-11-04 || <= 4.11.13-1 || 4.11.13-2 || 6d || Fixed ({{bug|42679}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000131.html ASA-201411-6]<br />
|-<br />
| {{CVE|CVE-2014-8627}} {{CVE|CVE-2014-8628}} [http://www.openwall.com/lists/oss-security/2014/11/04/6 templink]|| {{pkg|polarssl}} || 2014-10-23 || <= 1.3.8-3 || 1.3.9-1 || 11d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000129.html ASA-201411-4]<br />
|-<br />
| {{CVE|CVE-2014-8321}} {{CVE|CVE-2014-8322}} {{CVE|CVE-2014-8323}} {{CVE|CVE-2014-8324}} [http://www.securityfocus.com/archive/1/533869/30/0/threaded templink]|| {{pkg|aircrack-ng}} || 2014-11-02 || <= 1.2beta3-1 || 1.2rc1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000127.html ASA-201411-2]<br />
|-<br />
| {{CVE|CVE-2014-8554}} [http://www.openwall.com/lists/oss-security/2014/10/30/9 templink]|| {{pkg|mantisbt}} || 2014-10-30 || <= 1.2.17-2 || 1.2.17-3 || 5d || Fixed ({{bug|42683}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000128.html ASA-201411-3]<br />
|-<br />
| {{CVE|CVE-2014-8354}} {{CVE|CVE-2014-8355}} {{CVE|CVE-2014-8561}} {{CVE|CVE-2014-8562}} [http://seclists.org/oss-sec/2014/q4/466 templink]|| {{pkg|imagemagick}} || 2014-10-29 || <= 6.8.9.8-1 || 6.8.9.9-1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-8517}} [http://seclists.org/oss-sec/2014/q4/459 templink]|| {{pkg|tnftp}} || 2014-10-28 || <= 20130505-2 || 20141031-1 || 4d || Fixed ({{bug|42646}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000126.html ASA-201411-1]<br />
|-<br />
| {{CVE|CVE-2014-4877}} [http://git.savannah.gnu.org/cgit/wget.git/commit/?id=18b0979357ed7dc4e11d4f2b1d7e0f5932d82aa7 templink]|| {{pkg|wget}} || 2014-10-27 || <= 1.15-1 || 1.16-1 || <2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000125.html ASA-201410-14]<br />
|-<br />
| {{CVE|CVE-2014-8484}} {{CVE|CVE-2014-8485}} {{CVE|CVE-2014-8501}} {{CVE|CVE-2014-8502}} {{CVE|CVE-2014-8503}} {{CVE|CVE-2014-8504}} {{CVE|CVE-2014-8737}} {{CVE|CVE-2014-8738}} [http://seclists.org/oss-sec/2014/q4/424 templink] [http://seclists.org/oss-sec/2014/q4/599 tmplink] [http://seclists.org/oss-sec/2014/q4/600 templink] || {{pkg|avr-binutils}} || 2014-10-23 || <= 2.24-2 || 2.24-3 || 27d || Fixed ({{bug|42773}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000145.html ASA-201411-20]<br />
|-<br />
| {{CVE|CVE-2014-8484}} {{CVE|CVE-2014-8485}} {{CVE|CVE-2014-8501}} {{CVE|CVE-2014-8502}} {{CVE|CVE-2014-8503}} {{CVE|CVE-2014-8504}} {{CVE|CVE-2014-8737}} {{CVE|CVE-2014-8738}} [http://seclists.org/oss-sec/2014/q4/424 templink] [http://seclists.org/oss-sec/2014/q4/599 tmplink] [http://seclists.org/oss-sec/2014/q4/600 templink] || {{pkg|mingw-w64-binutils}} || 2014-10-23 || <= 2.24-1 || 2.24-2 || 26d || Fixed ({{bug|42773}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000144.html ASA-201411-19]<br />
|-<br />
| {{CVE|CVE-2014-8484}} {{CVE|CVE-2014-8485}} {{CVE|CVE-2014-8501}} {{CVE|CVE-2014-8502}} {{CVE|CVE-2014-8503}} {{CVE|CVE-2014-8504}} {{CVE|CVE-2014-8737}} {{CVE|CVE-2014-8738}} [http://seclists.org/oss-sec/2014/q4/424 templink] [http://seclists.org/oss-sec/2014/q4/599 tmplink] [http://seclists.org/oss-sec/2014/q4/600 templink] || {{pkg|arm-none-eabi-binutils}} || 2014-10-23 || <= 2.24-2 || 2.24-3 || 26d || Fixed ({{bug|42773}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000143.html ASA-201411-18]<br />
|-<br />
| {{CVE|CVE-2014-8484}} {{CVE|CVE-2014-8485}} {{CVE|CVE-2014-8501}} {{CVE|CVE-2014-8502}} {{CVE|CVE-2014-8503}} {{CVE|CVE-2014-8504}} {{CVE|CVE-2014-8737}} {{CVE|CVE-2014-8738}} [http://seclists.org/oss-sec/2014/q4/424 templink] [http://seclists.org/oss-sec/2014/q4/599 tmplink] [http://seclists.org/oss-sec/2014/q4/600 templink] || {{pkg|binutils}} || 2014-10-23 || <= 2.24-7 || 2.24-8 || 26d || Fixed ({{bug|42773}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000142.html ASA-201411-17]<br />
|-<br />
| {{CVE|CVE-2014-8559}} [http://www.openwall.com/lists/oss-security/2014/10/30/7 templink] || {{pkg|linux}}, {{pkg|linux-lts}} || 2014-10-30 || <= 3.17.3-1, <= 3.14.24-1 ||3.17.4-1 3.14.25-1 || ~23d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-3610}} {{CVE|CVE-2014-3611}} {{CVE|CVE-2014-3646}} {{CVE|CVE-2014-3647}} {{CVE|CVE-2014-7825}} {{CVE|CVE-2014-7826}} {{CVE|CVE-2014-8369}} [http://permalink.gmane.org/gmane.comp.security.oss.general/14526 templink] [http://seclists.org/oss-sec/2014/q4/548 templink] || {{pkg|linux}}, {{pkg|linux-lts}} || 2014-10-21 || <= 3.17.2-1, <= 3.14.23-1 || 3.17.3-1, 3.14.24-1 || || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000139.html ASA-201411-14] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000140.html ASA-201411-15]<br />
|-<br />
| {{CVE|CVE-2014-8480}} {{CVE|CVE-2014-8481}} [http://permalink.gmane.org/gmane.comp.security.oss.general/14526 templink] || {{pkg|linux}} || 2014-10-21 || <= 3.17.2-1 || 3.17.3-1 || || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000139.html ASA-201411-14]<br />
|-<br />
| {{CVE|CVE-2014-3695}} {{CVE|CVE-2014-3696}} {{CVE|CVE-2014-3698}} [https://pidgin.im/news/security/ templink] || {{pkg|libpurple}} || 2014-10-22 || <= 2.10.9-2 || 2.10.10-1 || < 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000120.html ASA-201410-9]<br />
|-<br />
| {{CVE|CVE-2014-8760}} || {{pkg|ejabberd}} || 2014-10-13 || <= 14.07-1 || 14.07-2 || 14d || Fixed ({{bug|42541}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000124.html ASA-201410-13]<br />
|-<br />
| {{CVE|CVE-2014-3686}} || {{pkg|wpa_supplicant}}, {{pkg|hostapd}} || 2014-10-09 || <= 2.2-2 || 2.3-1 || ~10d || Fixed ({{bug|42401}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000119.html ASA-201410-8]<br />
|-<br />
| {{CVE|CVE-2014-0191}} {{CVE|CVE-2014-3660}} || {{pkg|libxml2}} || 2014-10-16 || <= 2.9.1-5 || 2.9.2-1 || 8d || Fixed ({{bug|40790}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000123.html ASA-201410-12]<br />
|-<br />
| {{CVE|CVE-2014-3704}} [https://www.drupal.org/SA-CORE-2014-005 templink] || {{pkg|drupal}} || 2014-10-15 || <= 7.31-2 || 7.32-1 || 1d || Fixed ({{bug|42388}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000118.html ASA-201410-7]<br />
|-<br />
| {{CVE|CVE-2014-3513}} {{CVE|CVE-2014-3566}} {{CVE|CVE-2014-3567}} {{CVE|CVE-2014-3568}} [https://www.openssl.org/news/secadv_20141015.txt templink] [https://www.openssl.org/~bodo/ssl-poodle.pdf temp link] || {{pkg|openssl}} || 2014-10-15 || <= 1.0.1.i-1 || 1.0.1.j-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000117.html ASA-201410-6]<br />
|-<br />
| {{CVE|CVE-2014-8242}} [http://www.openwall.com/lists/oss-security/2014/10/13/2 temp link] || {{pkg|librsync}} || 2014-10-12 || <= 0.9.7-7 || 1.0.0-1 || 166d || Fixed ({{bug|44175}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000251.html ASA-201503-10]<br />
|-<br />
| {{CVE|CVE-2014-7203}} {{CVE|CVE-2014-7202}} [http://seclists.org/oss-sec/2014/q3/776 temp link] || {{pkg|zeromq}} || 2014-09-27 || <= 4.0.4-4 || 4.0.5-1 || 18d || Fixed ({{bug|42381}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000116.html ASA-201410-4]<br />
|-<br />
| {{CVE|CVE-2014-6051}} {{CVE|CVE-2014-6052}} {{CVE|CVE-2014-6053}} {{CVE|CVE-2014-6054}} {{CVE|CVE-2014-6055}} [http://seclists.org/oss-sec/2014/q3/639 temp link] || {{pkg|libvncserver}} || 2014-09-23 || <= 0.9.9-3 || 0.9.10-1 || 31d || Fixed ({{bug|42321}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000121.html ASA-201410-10]<br />
|-<br />
| {{CVE|CVE-2014-3683}} [http://www.rsyslog.com/remote-syslog-pri-vulnerability-cve-2014-3683/ temp link] || {{pkg|rsyslog}} || 2014-10-02 || <= 8.4.1-1 || 8.4.2-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000115.html ASA-201410-5]<br />
|-<br />
| {{CVE|CVE-2014-7204}} [http://seclists.org/oss-sec/2014/q3/842 temp link] || {{pkg|ctags}} || 2014-09-29 || <= 5.8-4 || 5.8-5 || 26d || Fixed ({{bug|42246}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000122.html ASA-201410-11]<br />
|-<br />
| {{CVE|CVE-2014-7295}} [https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-October/000163.html temp link] || {{pkg|mediawiki}} || 2014-10-02 || <= 1.23.4-1 || 1.23.5-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000114.html ASA-201410-3]<br />
|-<br />
| {{CVE|CVE-2014-3661}} {{CVE|CVE-2014-3662}} {{CVE|CVE-2014-3663}} {{CVE|CVE-2014-3664}} {{CVE|CVE-2014-3680}} {{CVE|CVE-2014-3681}} {{CVE|CVE-2014-3666}} {{CVE|CVE-2014-3667}} {{CVE|CVE-2013-2186}} {{CVE|CVE-2014-1869}} {{CVE|CVE-2014-3678}} {{CVE|CVE-2014-3679}} [https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01 temp link] || {{pkg|jenkins}} || 2014-10-01 || <= 1.582-1 || 1.583-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000113.html ASA-201410-2]<br />
|-<br />
| {{CVE|CVE-2014-3634}} [http://www.rsyslog.com/remote-syslog-pri-vulnerability/ temp link] || {{pkg|rsyslog}} || 2014-09-30 || <= 8.4.0-1 || 8.4.1-1 || 1d || Fixed ({{bug|42200}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000112.html ASA-201410-1]<br />
|-<br />
| {{CVE|CVE-2014-3657}} {{CVE|CVE-2014-3633}} [https://www.debian.org/security/2014/dsa-3038 temp link] || {{pkg|libvirt}} || 2014-09-26 || <= 1.2.8-1 || 1.2.8-2 || 3d || Fixed ({{bug|42159}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-September/000111.html ASA-201409-5]<br />
|-<br />
| {{CVE|CVE-2014-7199}} [https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-September/000161.html temp link] || {{pkg|mediawiki}} || 2014-09-24 || <= 1.23.3-1 || 1.23.4-1 || 5d || Fixed ({{bug|42161}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-September/000109.html ASA-201409-4]<br />
|-<br />
| {{CVE|CVE-2014-7185}} [http://bugs.python.org/issue21831 temp link] || {{pkg|python2}} || 2014-09-24 || < 2.7.8 || 2.7.8-1 || < 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-September/000102.html ASA-201409-3]<br />
|-<br />
| {{CVE|CVE-2014-1568}} [https://www.mozilla.org/security/announce/2014/mfsa2014-73.html temp link] || {{pkg|nss}} || 2014-09-24 || < 3.17.1 || 3.17.1-1 || < 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-September/000097.html ASA-201409-1]<br />
|-<br />
| {{CVE|CVE-2014-6271}} {{CVE|CVE-2014-7169}} {{CVE|CVE-2014-7186}} {{CVE|CVE-2014-7187}} {{CVE|CVE-2014-6277}} {{CVE|CVE-2014-6278}} [http://seclists.org/oss-sec/2014/q3/649 temp link] || {{pkg|bash}} || 2014-09-24 || <= 4.3.024-1 || 4.3.026-1 || 2d || Fixed ({{bug|42109}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-September/000099.html ASA-201409-2]<br />
|-<br />
| {{CVE|CVE-2014-3635}} {{CVE|CVE-2014-3636}} {{CVE|CVE-2014-3637}} {{CVE|CVE-2014-3638}} {{CVE|CVE-2014-3639}} [http://www.openwall.com/lists/oss-security/2014/09/16/9 temp link] || {{pkg|dbus}} {{pkg|libdbus}} {{pkg|lib32-libdbus}} || 2014-09-16 || < 1.8.8 || 1.8.8-1 || 1d || Fixed ({{bug|41993}}) || None<br />
|-<br />
| {{CVE|CVE-2014-3613}} {{CVE|CVE-2014-3620}} [http://curl.haxx.se/docs/security.html temp link] || {{pkg|curl}} {{pkg|lib32-curl}}|| 2014-09-10 || < 7.38.0 || 7.38.0-1 || 5d ({{pkg|curl}}), 7d ({{pkg|lib32-curl}}) || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-3609}} [http://www.squid-cache.org/Advisories/SQUID-2014_2.txt temp link] || {{pkg|squid}} || 2014-08-28 || < 3.4.7 || 3.4.7-1 || < 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-5119}} [https://sourceware.org/bugzilla/show_bug.cgi?id=17187 temp link] || {{pkg|glibc}} || 2014-07-21 || <= 2.19 || 2.20-2 || 55d || Fixed ({{bug|41713}}) || None<br />
|-<br />
| {{CVE|CVE-2014-3508}} {{CVE|CVE-2014-5139}} {{CVE|CVE-2014-3509}} {{CVE|CVE-2014-3505}} {{CVE|CVE-2014-3506}} {{CVE|CVE-2014-3507}} {{CVE|CVE-2014-3510}} {{CVE|CVE-2014-3511}} {{CVE|CVE-2014-3512}} [https://www.openssl.org/news/secadv_20140806.txt temp link] || {{pkg|openssl}} || 2014-08-06 || < 1.0.1.i || 1.0.1.i-1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0226}} [http://www.zerodayinitiative.com/advisories/ZDI-14-236/ temp link] || {{pkg|apache}} || 2014-07-15 || < 2.4.10 || 2.4.10-1 || ~7d || Fixed ({{bug|41244}}) || None<br />
|-<br />
| {{CVE|CVE-2014-4943}} [http://www.openwall.com/lists/oss-security/2014/07/17/1 temp link] || {{pkg|linux}}, {{pkg|linux-lts}}, {{pkg|linux-grsec}} || 2014-07-16 || || 3.15.5.201407170639-1 {{pkg|linux-grsec}}, 3.14.16 ({{pkg|linux-lts}}), 3.16 ({{pkg|linux}}) || 1d ({{pkg|linux-grsec}}), 23d ({{pkg|linux-lts}}), 27d {{pkg|linux}} || Fixed in {{pkg|linux}}, {{pkg|linux-lts}} ({{bug|41231}}), Fixed in {{pkg|linux-grsec}} || None<br />
|-<br />
| {{CVE|CVE-2014-0475}} [http://www.openwall.com/lists/oss-security/2014/07/10/7 temp link] || {{pkg|glibc}} || 2014-07-10 || <=2.19 || 2.20-2 || 66d || Fixed ({{bug|41166}}) || None<br />
|-<br />
| {{CVE|CVE-2014-4699}} [http://www.openwall.com/lists/oss-security/2014/07/04/4 temp link] || {{Pkg|linux}}, {{pkg|linux-lts}}, {{pkg|linux-grsec}} || 2014-07-04 || || 3.15.3.201407060933-1 {{pkg|linux-grsec}}, 3.15.4-1 {{pkg|linux}}, 3.14.11-1 {{pkg|linux-lts}} || 2d ({{pkg|linux-grsec}}), 3d ({{pkg|linux}}, {{pkg|linux-lts}}) || Fixed ({{bug|41115}}) || None<br />
|-<br />
| {{CVE|CVE-2014-4715}} [http://www.openwall.com/lists/oss-security/2014/07/02/13 temp link] || {{Pkg|lz4}} || 2014-07-02 || || 119-1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-4611}} [http://www.openwall.com/lists/oss-security/2014/06/26/25 temp link] || {{Pkg|linux}}, {{pkg|linux-grsec}}, {{pkg|lz4}} || 2014-06-26 || || 3.15.2-1 ({{pkg|linux}}), 3.15.2.201406262058-1 ({{pkg|linux-grsec}}), 118-1 {{pkg|lz4}} || <1d ({{pkg|linux}}, {{pkg|linux-grsec}}, {{pkg|lz4}}) || Fixed in {{pkg|linux}} ({{bug|40992}}), Fixed in {{pkg|linux-grsec}}, Fixed in {{pkg|lz4}} ({{bug|40997}}) || None<br />
|-<br />
| {{CVE|CVE-2014-4610}} [http://www.openwall.com/lists/oss-security/2014/06/26/23 temp link] || {{Pkg|ffmpeg}} || 2014-06-26 || || 1:2.2.4-1 || <2d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-4609}} [http://www.openwall.com/lists/oss-security/2014/06/26/22 temp link] || {{Pkg|gst-libav}} || 2014-06-26 || 1.2.4-1 || 1.2.4-2 (with libav 9.14) || 2d || Fixed ({{bug|40995}}) || None<br />
|-<br />
| {{CVE|CVE-2014-4608}} [http://www.openwall.com/lists/oss-security/2014/06/26/21 temp link] || {{Pkg|linux}}, {{pkg|linux-lts}}, {{pkg|linux-grsec}} || 2014-06-26 || || 3.15.2-1 ({{pkg|linux}}), 3.10.45-1 ({{pkg|linux-lts}}), 3.15.2.201406262058-1 ({{pkg|linux-grsec}}) || <1d ({{pkg|linux}}, {{pkg|linux-lts}}, {{pkg|linux-grsec}}) || Fixed in {{pkg|linux}} and {{pkg|linux-lts}} ({{bug|40992}}), Fixed in {{pkg|linux-grsec}} || None<br />
|-<br />
| {{CVE|CVE-2014-4607}} [http://www.openwall.com/lists/oss-security/2014/06/26/20 temp link] || {{Pkg|lzo2}} || 2014-06-26 || || 2.07-2 || 3d || Fixed ({{bug|40993}}) || None<br />
|-<br />
| {{CVE|CVE-2014-4617}} [http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000345.html temp link] || {{Pkg|gnupg}} || 2014-06-24 || < 2.0.24 || 2.0.24 || 7d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0244}} {{CVE|CVE-2014-3493}} [https://www.samba.org/samba/history/samba-4.1.9.html temp link] || {{Pkg|samba}} || 2014-06-23 || < 4.1.9 || 4.1.9 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1545}} [https://www.mozilla.org/security/announce/2014/mfsa2014-55.html temp link] || {{Pkg|nspr}} || 2014-06-10 || < 4.10.6 || 4.10.6 || ~1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-3859}} || {{Pkg|bind}} || 2014-06-11 || 9.10.0, 9.10.0-P1 || 9.10.0-P2 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-3477}} || {{Pkg|dbus}} || 2014-06-10 || <= 1.8.2 || 1.8.4 || 3d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0195}} {{CVE|CVE-2014-0198}} {{CVE|CVE-2010-5298}} {{CVE|CVE-2014-3470}} {{CVE|CVE-2014-0224}} {{CVE|CVE-2014-0221}} [http://www.openssl.org/news/secadv_20140605.txt temp link] || {{Pkg|openssl}} || 2014-06-05 || 1.0.1 - 1.0.1g || 1.0.1h || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-3153}} [http://seclists.org/oss-sec/2014/q2/467 temp link]|| {{Pkg|linux}}, {{pkg|linux-lts}}, {{Pkg|linux-grsec}} || 2014-06-05 || ? || 3.14.6 ({{pkg|linux}}), 3.10.42-1 ({{pkg|linux-lts}}), 3.14.5.201406051310-1 ({{pkg|linux-grsec}})|| 3d ({{pkg|linux}}, {{pkg|linux-lts}}), <1d ({{pkg|linux-grsec}}) || Fixed in {{pkg|linux}} ({{bug|40715}}), Fixed in {{pkg|linux-lts}}, Fixed in {{pkg|linux-grsec}} || None<br />
|-<br />
| {{CVE|CVE-2014-3466}} [https://bugzilla.redhat.com/show_bug.cgi?id=1101932 temp link]|| {{Pkg|gnutls}} || 2014-05-30 || < 3.3.3 || 3.3.3 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0209}} {{CVE|CVE-2014-0210}} {{CVE|CVE-2014-0211}}|| {{Pkg|libxfont}} || 2014-05-13 || < 1.4.18 || 1.4.18 || 3d || Fixed ({{Bug|40409 }}) || None<br />
|-<br />
| {{CVE|CVE-2014-0196}} [https://bugzilla.redhat.com/show_bug.cgi?id=1094232 temp-link] || {{Pkg|linux}}, {{Pkg|linux-lts}}, {{pkg|linux-grsec}} || 2014-05-05 || 2.6.31 - 3.14 || 3.14.3-2 ({{pkg|linux}}), 3.10.39-2 ({{pkg|linux-lts}}), 3.14.3.201405121814-1 ({{pkg|linux-grsec}}) || 7d ({{pkg|linux}}), 8d {{pkg|linux-lts}}, <1d ({{pkg|linux-grsec}}) || Fixed in {{pkg|linux}} ({{Bug|40232}}), Fixed in {{pkg|linux-lts}}, Fixed in {{pkg|linux-grsec}} || None<br />
|-<br />
| {{CVE|CVE-2014-2905}} {{CVE|CVE-2014-2906}} {{CVE|CVE-2014-2914}} [https://bugzilla.redhat.com/show_bug.cgi?id=1092091 temp-link] || {{Pkg|fish}} || 2014-04-28 || 1.16.0 - 2.1.0 || 2.2.1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0160}} || {{Pkg|openssl}} || 2014-04-07 || 1.0.1 - 1.0.1f || 1.0.1g || ~1d || Fixed ({{Bug|39775}}) || None<br />
|-<br />
| {{CVE|CVE-2014-1700}} {{CVE|CVE-2014-1701}} {{CVE|CVE-2014-1702}} {{CVE|CVE-2014-1703}} {{CVE|CVE-2014-1704}} {{CVE|CVE-2014-1705}} {{CVE|CVE-2014-1713}} {{CVE|CVE-2014-1715}} || {{Pkg|chromium}} {{Pkg|v8}} || 2014-03-11 || 32 || 33 || 4d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0098}} {{CVE|CVE-2013-6438}}|| {{Pkg|apache}} || 2014-03-17 || 2.4.8 || 2.4.9 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1492}} || {{Pkg|nss}} || 2014-03-18 || 3.15.5 || 3.16 || 22d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1493}} {{CVE|CVE-2014-1494}} {{CVE|CVE-2014-1497}} {{CVE|CVE-2014-1498}} {{CVE|CVE-2014-1499}} {{CVE|CVE-2014-1500}} {{CVE|CVE-2014-1502}} {{CVE|CVE-2014-1504}} {{CVE|CVE-2014-1505}} {{CVE|CVE-2014-1508}} {{CVE|CVE-2014-1509}} {{CVE|CVE-2014-1510}} {{CVE|CVE-2014-1511}} {{CVE|CVE-2014-1512}} {{CVE|CVE-2014-1513}} {{CVE|CVE-2014-1514}} || {{Pkg|firefox}} {{Pkg|thunderbird}} || 2014-03-18 || 27 || 28 || 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-2240}} {{CVE|CVE-2014-2241}}|| {{Pkg|freetype2}} || ? || 2.5.2 || 2.5.3 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-2029}}|| {{Pkg|xtrabackup}} || 2014-02-16 || 2.1.7 || 2.1.8 || 28d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1958}} {{CVE|CVE-2014-2030}}|| {{Pkg|imagemagick}} || ? || ? || 6.8.8.9-1 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1943}} {{CVE|CVE-2014-2270}}|| {{Pkg|php}} || 2014-03-06 || 5.5.9 || 5.5.110 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0404}} {{CVE|CVE-2014-0406}} {{CVE|CVE-2014-0407}} || {{Pkg|virtualbox}} || 2014-02-28 || 4.3.4 || 4.3.6 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-2323}} {{CVE|CVE-2014-2324}} || {{Pkg|lighttpd}} || 2014-03-12 || 1.4.34 || 1.4.35 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0333}} || {{Pkg|libpng}} || 2014-02-28 || 1.6.9 || 1.6.10 || 9d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0017}} || {{Pkg|libssh}} || 2014-03-04 || ? || 0.5.5-3 || 5d || Fixed || None<br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/628 CVE-2013-7339] || {{Pkg|linux}} || 2014-03-20 || < 3.5.7.29 || 3.5.7.29 || 0d || Fixed || None<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2568 CVE-2014-2568] || {{Pkg|linux}} || 2014-03-18 || ? || ? || ? || Not Affected ({{Bug|39566}}) ||<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2524 CVE-2014-2524] || {{Pkg|tigervnc}} || 2014-03-19 || ? || 1.3.1 || 1d || Fixed || None<br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/595 CVE-2013-7338] || {{Pkg|python}} || 2014-03-19 || 3.4beta || 3.4 || ? || Fixed ({{Bug|39540}}) || None<br />
|-<br />
| [http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html CVE-2014-0133 ] || {{Pkg|nginx}} || 2014-03-18 || ? || 1.4.7 || 0d || Fixed || None<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2013-7336 CVE-2013-7336 ] || {{Pkg|libvirt}} || 2013-09-19 || ? || 1.1.1-7 (in RHEL 7) || 0d || Fixed || None<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2523 CVE-2014-2523 ] || {{Pkg|linux}} || 2014-03-17 || ? || 3.13-rc5 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0004}} || {{Pkg|udisks2}} & {{Pkg|udisks}} || 2014-03-10 || 2.1.3 / 1.0.5 || 2.1.3 / 1.0.5 || 3d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-2281}} {{CVE|CVE-2014-2282}} {{CVE|CVE-2014-2283}} {{CVE|CVE-2014-2299}} || {{Pkg|wireshark-cli}} || 2014-03-10 || 1.10.6 || 1.10.6 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0050}} || {{Pkg|tomcat7}} || 2014-02-06 || 7.0.51 || 7.0.51 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0033}} || {{Pkg|tomcat6}} || 2014-01-10 || 6.0.37 || 6.0.37 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0032}} || {{Pkg|subversion}} || 2014-01-10 || 1.8.6 || 1.8.6 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0060}} {{CVE|CVE-2014-0061}} {{CVE|CVE-2014-0062}} {{CVE|CVE-2014-0063}} {{CVE|CVE-2014-0064}} {{CVE|CVE-2014-0065}} {{CVE|CVE-2014-0066}} {{CVE|CVE-2014-0067}} || {{Pkg|postgresql}} || 2014-02-20 || <=9.3.3 || 9.3.3-1 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1912}} || {{Pkg|python}} {{Pkg|python2}} || 2014-02-07 || ? || 2.7.6-3 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2013-4496}} {{CVE|CVE-2013-6442}} || {{Pkg|samba}} || 2014-03-14 || ? || 4.1.6 || 2d || Fixed ({{Bug|39424}}) || None<br />
|-<br />
| {{CVE|CVE-2014-0504}} || {{Pkg|flashplugin}} || 2014-03-12 || ? || 11.2.202.346 || 1d || Fixed ({{Bug|39385}}) || None<br />
|-<br />
| {{CVE|CVE-2014-0106}} || {{Pkg|sudo}} || || 1.8.9.p5 || 1.8.10 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-2285}} {{CVE|CVE-2014-2284}} || {{Pkg|net-snmp}} || 2014-03-05 || ? || 5.7.2.1-2 || 8d || Fixed ({{Bug|39190}}) || None<br />
|-<br />
| {{CVE|CVE-2014-0092}} || {{Pkg|gnutls}} || 2014-03-04 || <3.2.12 || 3.2.12-1 || 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-2242}} {{CVE|CVE-2014-2243}} {{CVE|CVE-2014-2244}} || {{Pkg|mediawiki}} || 2014-03-14 || <1.22.3 || 1.22.3 || 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-2093}} {{CVE|CVE-2014-2094}} {{CVE|CVE-2014-2095}} {{CVE|CVE-2014-2096}} || {{Pkg|catfish}} || 2014-02-25 || <1.0.1 || 1.0.1 || 8d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0497}} || {{Pkg|flashplugin}} || 2014-02-04 || ? || 11.2.202.346 || 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0015}} || {{Pkg|curl}} || 2014-01-29 || <7.35 || 7.35 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1610}} || {{Pkg|mediawiki}} || 2014-01-29 || <1.22.2 || 1.22.2 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0021}} || {{Pkg|chrony}} || 2014-01-17 || <1.29.1-1 || 1.29.1-1 || 14d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1875}} || {{Pkg|perl-capture-tiny}} || 2014-02-06 || ? || 0.24-1 || 4d || Fixed ({{Bug|38862}}) || None<br />
|-<br />
| {{CVE|CVE-2013-6493}} || {{Pkg|icedtea-web-java7}} || 2014-02-05 || <1.4.2 || 1.4.2 || 0d || Fixed || None<br />
|- <br />
| {{CVE|CVE-2014-1858}} {{CVE|CVE-2014-1859}} || {{Pkg|python-numpy}} || 2014-02-06 || ? || 1.8.0-2 || 4d || Fixed ({{Bug|38863}}) || None<br />
|-<br />
| {{CVE|CVE-2014-1932}} {{CVE|CVE-2014-1933}} || {{Pkg|python-pillow}} || 2014-02-10 || <2.3.1 || 2.3.1 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1935}} || {{Pkg|9base}} || 2014-02-10 || ? || ? || ? || ? ||<br />
|-<br />
| {{CVE|CVE-2014-1949}} [http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-1949.html temp link] || {{Pkg|cinnamon-screensaver}} || 2014-02-12 || 2.0.3 || ? || ? || ? ||<br />
|-<br />
| {{CVE|CVE-2014-1959}} || {{Pkg|gnutls}} || 2014-02-13 || <3.2.11 || 3.2.11 || 2d || Fixed || None<br />
|- <br />
| {{CVE|CVE-2014-1943}} {{CVE|CVE-2014-2270}} || {{Pkg|file}} || 2014-02-10 || <5.17 || 5.17-1 || 3d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0001}} {{CVE|CVE-2014-0412}} {{CVE|CVE-2014-0437}} {{CVE|CVE-2014-0420}} {{CVE|CVE-2014-0393}} {{CVE|CVE-2014-0386}} {{CVE|CVE-2014-0401}} {{CVE|CVE-2014-0402}} || {{Pkg|mariadb}} || 2014-01-31 || <5.5.35 || 5.5.35-1 || 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1447}} || {{Pkg|libvirt}} || 2014-01-16 || <1.2.1 || 1.2.1 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0979}} || lightdm-gtk* || 2014-01-07 || ? || ? || 25d || Fixed ({{Bug|38715}}) || None<br />
|-<br />
| {{CVE|CVE-2014-1475}} {{CVE|CVE-2014-1476}} || {{Pkg|drupal}} || 2014-01-15 || <7.26 || 7.26-1 || 12d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0019}} || {{Pkg|socat}} || 2014-01-29 || <1.7.2.3 || 1.7.2.3 || 0d || Fixed || None<br />
|- <br />
| {{CVE|CVE-2014-1838}} {{CVE|CVE-2014-1839}} || {{Pkg|python-logilab-common}} || 2014-01-31 || ? || ? || 3d || Fixed [https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737051] || None<br />
|-<br />
| {{CVE|CVE-2014-0368}} {{CVE|CVE-2014-0373}} {{CVE|CVE-2014-0376}} {{CVE|CVE-2014-0411}} {{CVE|CVE-2014-0416}} {{CVE|CVE-2014-0422}} {{CVE|CVE-2014-0423}} {{CVE|CVE-2014-0428}} || *-openjdk-* || 2014-01-15 || ? || ? || 2d || ? ||<br />
|-<br />
| {{CVE|CVE-2014-1402}} || {{Pkg|python-jinja}} || 2014-01-10 || <2.7.2 || 2.7.2 || 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2013-6462}} || {{Pkg|libxfont}} || 2014-01-07 || <1.4.7 || 1.4.7 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1235}} || {{Pkg|graphviz}} || 2014-01-07 || <2.36.0 || 2.34.0-3 || 3d || Fixed ({{Bug|38441}}) || None<br />
|-<br />
| {{CVE|CVE-2014-0978}} || {{Pkg|freerdp}} || 2014-01-10 || <1.0.2 || 1.0.2-5 || 67d || Fixed ({{Bug|38802}}) || None<br />
|-<br />
|}</div>
Anthraxx
https://wiki.archlinux.org/index.php?title=Security_Advisories&diff=454719
Security Advisories
2016-10-21T14:36:27Z
<p>Anthraxx: /* Recent Advisories */ swap django advisory numbers</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Related articles start}}<br />
{{Related|Arch CVE Monitoring Team}}<br />
{{Related|CVE}}<br />
{{Related|Security Advisories/Examples}}<br />
{{Related articles end}}<br />
<br />
Security Advisories are published by the community driven [[Arch CVE Monitoring Team]] to the public [https://mailman.archlinux.org/mailman/listinfo/arch-security arch-security] list.<br />
All published advisories can be found below, however if you want to be up-to-date its recommended to subscribe to the [https://mailman.archlinux.org/mailman/listinfo/arch-security list]. All assigned CVE's are tracked at the relevant CVE page [[CVE]], by the [[Arch_CVE_Monitoring_Team|ACMT]].<br />
<br />
==Scheduled Advisories==<br />
<br />
==Recent Advisories==<br />
Here is an archive of security advisories posted to the [https://mailman.archlinux.org/mailman/listinfo/arch-security arch-security] list.<br />
<br />
=== October 2016 ===<br />
* [21 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000741.html ASA-201610-13] {{pkg|python-django}} cross-site request forgery<br />
* [21 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000740.html ASA-201610-12] {{pkg|python2-django}} cross-site request forgery<br />
* [21 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000739.html ASA-201610-11] {{pkg|linux-lts}} privilege escalation<br />
* [16 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000738.html ASA-201610-10] {{pkg|guile}} multiple issues<br />
* [13 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000737.html ASA-201610-9] {{pkg|gdk-pixbuf2}} arbitrary code execution<br />
* [11 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000736.html ASA-201610-8] {{pkg|crypto++}} information disclosure<br />
* [09 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000735.html ASA-201610-7] {{pkg|wpa_supplicant}} multiple issues<br />
* [08 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000734.html ASA-201610-6] {{pkg|imagemagick}} multiple issues<br />
* [07 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000733.html ASA-201610-5] {{pkg|messagelib}} multiple issues<br />
* [07 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000732.html ASA-201610-4] {{pkg|kcoreaddons}} insufficient validation<br />
* [03 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000731.html ASA-201610-3] {{pkg|hostapd}} multiple issues<br />
* [03 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000730.html ASA-201610-2] {{pkg|systemd}} denial of service<br />
* [03 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000729.html ASA-201610-1] {{pkg|chromium}} arbitrary code execution<br />
<br />
=== September 2016 ===<br />
* [30 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000728.html ASA-201609-32] {{pkg|wordpress}} multiple issues<br />
* [30 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000727.html ASA-201609-31] {{pkg|c-ares}} arbitrary code execution<br />
* [28 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000726.html ASA-201609-30] {{pkg|openssl}} denial of service<br />
* [28 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000725.html ASA-201609-29] {{pkg|bind}} denial of service<br />
* [27 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000724.html ASA-201609-28] {{pkg|lib32-openssl}} denial of service<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000723.html ASA-201609-27] {{pkg|wireshark-cli}} denial of service<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000722.html ASA-201609-26] {{pkg|lib32-gnutls}} certificate verification bypass<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000721.html ASA-201609-25] {{pkg|gnutls}} certificate verification bypass<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000720.html ASA-201609-24] {{pkg|lib32-openssl}} multiple issues<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000719.html ASA-201609-23] {{pkg|openssl}} multiple issues<br />
* [22 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000718.html ASA-201609-22] {{pkg|firefox}} multiple issues<br />
* [22 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000717.html ASA-201609-21] {{pkg|tomcat7}} proxy injection<br />
* [22 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000716.html ASA-201609-20] {{pkg|irssi}} arbitrary code execution<br />
* [20 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000715.html ASA-201609-19] {{pkg|curl}} denial of service<br />
* [20 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000714.html ASA-201609-18] {{pkg|lib32-curl}} denial of service<br />
* [20 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000713.html ASA-201609-17] {{pkg|lib32-jansson}} denial of service<br />
* [18 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000712.html ASA-201609-16] {{pkg|php}} multiple issues<br />
* [17 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000711.html ASA-201609-15] {{pkg|jansson}} denial of service<br />
* [17 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000710.html ASA-201609-14] {{pkg|lib32-libgcrypt}} information disclosure<br />
* [17 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000709.html ASA-201609-13] {{pkg|chromium}} multiple issues<br />
* [15 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000708.html ASA-201609-12] {{pkg|lib32-flashplugin}} multiple issues<br />
* [15 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000707.html ASA-201609-11] {{pkg|flashplugin}} multiple issues<br />
* [14 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000706.html ASA-201609-10] {{pkg|mariadb}} multiple issues<br />
* [13 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000705.html ASA-201609-9] {{pkg|powerdns}} denial of service<br />
* [13 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000704.html ASA-201609-8] {{pkg|libtorrent-rasterbar}} denial of service<br />
* [10 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000703.html ASA-201609-7] {{pkg|tomcat8}} proxy injection<br />
* [09 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000702.html ASA-201609-6] {{pkg|graphicsmagick}} multiple issues<br />
* [09 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000701.html ASA-201609-5] {{pkg|file-roller}} directory traversal<br />
* [09 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000700.html ASA-201609-4] {{pkg|wordpress}} multiple issues<br />
* [04 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000699.html ASA-201609-3] {{pkg|thunderbird}} arbitrary code execution<br />
* [01 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000698.html ASA-201609-2] {{pkg|webkit2gtk}} multiple issues<br />
* [01 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000697.html ASA-201609-1] {{pkg|chromium}} multiple issues<br />
<br />
=== August 2016 ===<br />
* [30 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000696.html ASA-201608-22] {{pkg|mupdf}} arbitrary code execution<br />
* [30 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000695.html ASA-201608-21] {{pkg|mupdf}} arbitrary code execution<br />
* [27 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000694.html ASA-201608-20] {{pkg|wireshark-cli}} denial of service<br />
* [26 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000693.html ASA-201608-19] {{pkg|mediawiki}} multiple issues<br />
* [22 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000692.html ASA-201608-18] {{pkg|libgcrypt}} information disclosure<br />
* [21 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000691.html ASA-201608-17] {{pkg|linux-lts}} information disclosure<br />
* [17 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000690.html ASA-201608-16] {{pkg|chromium}} multiple issues<br />
* [17 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000689.html ASA-201608-15] {{pkg|linux-zen}} information disclosure<br />
* [14 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000688.html ASA-201608-14] {{pkg|postgresql}} multiple issues<br />
* [14 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000687.html ASA-201608-13] {{pkg|linux-grsec}} information disclosure<br />
* [14 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000686.html ASA-201608-12] {{pkg|linux}} information disclosure<br />
* [11 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000685.html ASA-201608-11] {{pkg|websvn}} cross-site scripting<br />
* [10 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000684.html ASA-201608-10] {{pkg|jq}} arbitrary code execution<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000683.html ASA-201608-9] {{pkg|curl}} multiple issues<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000682.html ASA-201608-8] {{pkg|libupnp}} arbitrary filesystem access<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000681.html ASA-201608-7] {{pkg|lib32-glibc}} denial of service<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000680.html ASA-201608-6] {{pkg|glibc}} denial of service<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000679.html ASA-201608-5] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000678.html ASA-201608-4] {{pkg|jre7-openjdk}} multiple issues<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000677.html ASA-201608-3] {{pkg|jdk7-openjdk}} multiple issues<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000676.html ASA-201608-2] {{pkg|firefox}} multiple issues<br />
* [02 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000675.html ASA-201608-1] {{pkg|openssh}} information leakage<br />
<br />
=== July 2016 ===<br />
* [30 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000674.html ASA-201607-14] {{pkg|libidn}} denial of service<br />
* [29 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000673.html ASA-201607-13] {{pkg|imagemagick}} information leakage<br />
* [24 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000672.html ASA-201607-12] {{pkg|chromium}} multiple issues<br />
* [22 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000671.html ASA-201607-11] {{pkg|python2-django}} cross site scripting<br />
* [22 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000670.html ASA-201607-10] {{pkg|python-django}} cross site scripting<br />
* [21 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000669.html ASA-201607-9] {{pkg|drupal}} proxy injection<br />
* [20 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000668.html ASA-201607-8] {{pkg|bind}} denial of service<br />
* [18 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000667.html ASA-201607-7] {{pkg|lib32-flashplugin}} multiple issues<br />
* [18 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000666.html ASA-201607-6] {{pkg|flashplugin}} multiple issues<br />
* [17 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000665.html ASA-201607-5] {{pkg|gimp}} arbitrary code execution<br />
* [10 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000664.html ASA-201607-4] {{pkg|thunderbird}} arbitrary code execution<br />
* [05 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000663.html ASA-201607-3] {{pkg|libreoffice-fresh}} arbitrary code execution<br />
* [05 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000662.html ASA-201607-2] {{pkg|xerces-c}} denial of service<br />
* [05 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000661.html ASA-201607-1] {{pkg|libarchive}} arbitrary code execution<br />
<br />
=== June 2016 ===<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000660.html ASA-201606-25] {{pkg|phpmyadmin}} multiple issues<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000659.html ASA-201606-24] {{pkg|libpurple}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000658.html ASA-201606-23] {{pkg|libdwarf}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000657.html ASA-201606-22] {{pkg|xerces-c}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000656.html ASA-201606-21] {{pkg|vlc}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000655.html ASA-201606-20] {{pkg|chromium}} arbitrary code execution<br />
* [20 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000654.html ASA-201606-19] {{pkg|wget}} arbitrary file upload<br />
* [20 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000653.html ASA-201606-18] {{pkg|lib32-flashplugin}} multiple issues<br />
* [19 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000652.html ASA-201606-17] {{pkg|lib32-glibc}} denial of service<br />
* [19 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000651.html ASA-201606-16] {{pkg|glibc}} denial of service<br />
* [19 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000650.html ASA-201606-15] {{pkg|flashplugin}} multiple issues<br />
* [13 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000649.html ASA-201606-14] {{pkg|lib32-expat}} multiple issues<br />
* [13 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000648.html ASA-201606-13] {{pkg|expat}} multiple issues<br />
* [10 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000647.html ASA-201606-12] {{pkg|lib32-gnutls}} arbitrary file overwrite<br />
* [10 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000646.html ASA-201606-11] {{pkg|haproxy}} denial of service<br />
* [10 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000645.html ASA-201606-10] {{pkg|gnutls}} arbitrary file overwrite<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000644.html ASA-201606-9] {{pkg|qemu-arch-extra}} multiple issues<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000643.html ASA-201606-8] {{pkg|qemu}} multiple issues<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000642.html ASA-201606-7] {{pkg|firefox}} multiple issues<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000641.html ASA-201606-6] {{pkg|subversion}} multiple issues<br />
* [5 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000640.html ASA-201606-5] {{pkg|chromium}} multiple issues<br />
* [4 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000639.html ASA-201606-4] {{pkg|ntp}} distributed denial of service amplification<br />
* [4 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000638.html ASA-201606-3] {{pkg|webkit2gtk}} arbitrary code execution<br />
* [1 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000637.html ASA-201606-2] {{pkg|nginx-mainline}} denial of service<br />
* [1 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000636.html ASA-201606-1] {{pkg|nginx}} denial of service<br />
<br />
=== May 2016 ===<br />
<br />
* [28 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000635.html ASA-201605-28] {{pkg|chromium}} multiple issues<br />
* [26 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000634.html ASA-201605-27] {{pkg|libxml2}} multiple issues<br />
* [24 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000633.html ASA-201605-26] {{pkg|libndp}} man-in-the-middle<br />
* [19 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000632.html ASA-201605-25] {{pkg|bugzilla}} cross-site scripting<br />
* [18 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000631.html ASA-201605-24] {{pkg|p7zip}} arbitrary code execution<br />
* [18 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000630.html ASA-201605-23] {{pkg|lib32-expat}} arbitrary code execution<br />
* [18 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000629.html ASA-201605-22] {{pkg|expat}} arbitrary code execution<br />
* [15 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000628.html ASA-201605-21] {{pkg|thunderbird}} arbitrary code execution<br />
* [13 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000627.html ASA-201605-20] {{pkg|lib32-glibc}} multiple issues<br />
* [13 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000626.html ASA-201605-19] {{pkg|glibc}} multiple issues<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000625.html ASA-201605-18] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000624.html ASA-201605-17] {{pkg|libksba}} denial of service<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000623.html ASA-201605-16] {{pkg|flashplugin}} arbitrary code execution<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000622.html ASA-201605-15] {{pkg|chromium}} multiple issues<br />
* [10 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000621.html ASA-201605-14] {{pkg|cacti}} sql injection<br />
* [10 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000620.html ASA-201605-13] {{pkg|squid}} multiple issues<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000619.html ASA-201605-12] {{pkg|mencoder}} denial of service<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000618.html ASA-201605-11] {{pkg|mplayer}} denial of service<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000617.html ASA-201605-10] {{pkg|mercurial}} arbitrary code execution<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000616.html ASA-201605-9] {{pkg|latex2rtf}} arbitrary code execution<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000615.html ASA-201605-8] {{pkg|gd}} arbitrary code execution<br />
* [05 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000614.html ASA-201605-7] {{pkg|chromium}} multiple issues<br />
* [05 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000613.html ASA-201605-6] {{pkg|imagemagick}} arbitrary code execution<br />
* [05 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000612.html ASA-201605-5] {{pkg|quassel-core}} denial of service<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000611.html ASA-201605-4] {{pkg|lib32-openssl}} multiple issues<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000610.html ASA-201605-3] {{pkg|openssl}} multiple issues<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000609.html ASA-201605-2] {{pkg|jasper}} multiple issues<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000608.html ASA-201605-1] {{pkg|imlib2}} multiple issues<br />
<br />
=== April 2016 ===<br />
<br />
* [30 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000607.html ASA-201604-15] {{pkg|firefox}} multiple issues<br />
* [23 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000606.html ASA-201604-14] {{pkg|squid}} multiple issues<br />
* [23 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000605.html ASA-201604-13] {{pkg|samba}} multiple issues<br />
* [23 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000604.html ASA-201604-12] {{pkg|thunderbird}} multiple issues<br />
* [22 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000603.html ASA-201604-11] {{pkg|pgpdump}} denial of service<br />
* [17 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000602.html ASA-201604-10] {{pkg|chromium}} multiple issues<br />
* [17 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000601.html ASA-201604-9] {{pkg|libtasn1}} denial of service<br />
* [14 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000600.html ASA-201604-8] {{pkg|lhasa}} arbitrary code execution<br />
* [10 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000599.html ASA-201604-7] {{pkg|flashplugin}} arbitrary code execution<br />
* [06 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000598.html ASA-201604-6] {{pkg|mercurial}} arbitrary code execution<br />
* [04 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000597.html ASA-201604-5] {{pkg|optipng}} arbitrary code execution<br />
* [02 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000596.html ASA-201604-4] {{pkg|squid}} denial of service<br />
* [01 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000595.html ASA-201604-3] {{pkg|jre7-openjdk-headless}} sandbox escape<br />
* [01 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000594.html ASA-201604-2] {{pkg|jre7-openjdk}} sandbox escape<br />
* [01 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000593.html ASA-201604-1] {{pkg|jdk7-openjdk}} sandbox escape<br />
<br />
=== March 2016 ===<br />
<br />
* [29 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000592.html ASA-201603-27] {{pkg|jre8-openjdk-headless}} sandbox escape<br />
* [29 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000591.html ASA-201603-26] {{pkg|jre8-openjdk}} sandbox escape<br />
* [29 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000590.html ASA-201603-25] {{pkg|jdk8-openjdk}} sandbox escape<br />
* [26 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000589.html ASA-201603-24] {{pkg|chromium}} multiple issues<br />
* [24 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000588.html ASA-201603-23] {{pkg|expat}} arbitrary code execution<br />
* [24 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000587.html ASA-201603-22] {{pkg|botan}} multiple issues<br />
* [20 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000586.html ASA-201603-21] {{pkg|thunderbird}} multiple issues<br />
* [20 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000585.html ASA-201603-20] {{pkg|git}} remote command execution<br />
* [14 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000584.html ASA-201603-19] {{pkg|dropbear}} command injection<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000583.html ASA-201603-18] {{pkg|pcre}} arbitrary code execution<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000582.html ASA-201603-17] {{pkg|wireshark-gtk}} denial of service<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000581.html ASA-201603-16] {{pkg|wireshark-qt}} denial of service<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000580.html ASA-201603-15] {{pkg|wireshark-cli}} denial of service<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000579.html ASA-201603-14] {{pkg|pidgin-otr}} arbitrary code execution<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000578.html ASA-201603-13] {{pkg|bind}} denial of service<br />
* [11 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000577.html ASA-201603-12] {{pkg|openssh}} command injection<br />
* [11 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000576.html ASA-201603-11] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [11 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000575.html ASA-201603-10] {{pkg|flashplugin}} arbitrary code execution<br />
* [10 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000574.html ASA-201603-9] {{pkg|perl}} improper input validation<br />
* [10 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000573.html ASA-201603-8] {{pkg|exim}} privilege escalation<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000572.html ASA-201603-7] {{pkg|bind}} denial of service<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000571.html ASA-201603-6] {{pkg|libotr}} arbitrary code execution<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000570.html ASA-201603-5] {{pkg|chromium}} multiple issues<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000569.html ASA-201603-4] {{pkg|firefox}} multiple issues<br />
* [7 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000568.html ASA-201603-3] {{pkg|lib32-openssl}} multiple issues<br />
* [7 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000567.html ASA-201603-2] {{pkg|openssl}} multiple issues<br />
* [3 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000566.html ASA-201603-1] {{pkg|chromium}} multiple issues<br />
<br />
=== February 2016 ===<br />
<br />
* [28 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000565.html ASA-201602-24] {{pkg|cacti}} SQL injection<br />
* [28 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000564.html ASA-201602-23] {{pkg|lib32-glibc}} unbound stack usage<br />
* [28 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000563.html ASA-201602-22] {{pkg|glibc}} unbound stack usage<br />
* [25 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000562.html ASA-201602-21] {{pkg|lib32-libssh2}} man-in-the-middle<br />
* [25 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000561.html ASA-201602-20] {{pkg|libssh2}} man-in-the-middle<br />
* [24 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000560.html ASA-201602-19] {{pkg|libgcrypt}} secret key extraction<br />
* [23 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000559.html ASA-201602-18] {{pkg|libssh}} man-in-the-middle<br />
* [21 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000558.html ASA-201602-17] {{pkg|chromium}} multiple issues<br />
* [21 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000557.html ASA-201602-16] {{pkg|thunderbird}} multiple issues<br />
* [17 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000555.html ASA-201602-15] {{pkg|lib32-glibc}} multiple issues<br />
* [17 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000554.html ASA-201602-14] {{pkg|glibc}} multiple issues<br />
* [13 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000553.html ASA-201602-13] {{pkg|nghttp2}} denial of service<br />
* [13 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000552.html ASA-201602-12] {{pkg|firefox}} same-origin policy bypass<br />
* [10 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000551.html ASA-201602-11] {{pkg|botan}} multiple issues<br />
* [10 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000550.html ASA-201602-10] {{pkg|kscreenlocker}} access restriction bypass<br />
* [6 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000549.html ASA-201602-9] {{pkg|lib32-libsndfile}} multiple issues<br />
* [6 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000548.html ASA-201602-8] {{pkg|libsndfile}} multiple issues<br />
* [4 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000547.html ASA-201602-7] {{pkg|libbsd}} denial of service<br />
* [3 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000546.html ASA-201602-6] {{pkg|lib32-nettle}} improper cryptographic calculations<br />
* [3 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000545.html ASA-201602-5] {{pkg|nettle}} improper cryptographic calculations<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000544.html ASA-201602-4] {{pkg|lib32-curl}} man-in-the-middle<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000543.html ASA-201602-3] {{pkg|curl}} man-in-the-middle<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000542.html ASA-201602-2] {{pkg|python2-django}} permission bypass<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000540.html ASA-201602-1] {{pkg|python-django}} permission bypass<br />
<br />
=== January 2016 ===<br />
* [29 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000539.html ASA-201601-33] {{pkg|lib32-openssl}} man-in-the-middle<br />
* [29 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000538.html ASA-201601-32] {{pkg|openssl}} man-in-the-middle<br />
* [27 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000536.html ASA-201601-31] {{pkg|nginx}} denial of service<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000535.html ASA-201601-30] {{pkg|blueman}} privilege escalation<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000534.html ASA-201601-29] {{pkg|mbedtls}} man-in-the-middle<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000533.html ASA-201601-28] {{pkg|chromium}} multiple issues<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000532.html ASA-201601-27] {{pkg|privoxy}} denial of service<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000531.html ASA-201601-26] {{pkg|linux-lts}} privilege escalation<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000530.html ASA-201601-25] {{pkg|ecryptfs-utils}} privilege escalation<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000529.html ASA-201601-24] {{pkg|python2-rsa}} signature forgery<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000528.html ASA-201601-23] {{pkg|python-rsa}} signature forgery<br />
* [21 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000527.html ASA-201601-22] {{pkg|libdwarf}} denial of service<br />
* [21 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000526.html ASA-201601-21] {{pkg|bind}} denial of service<br />
* [20 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000525.html ASA-201601-20] {{pkg|linux}} privilege escalation<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000524.html ASA-201601-19] {{pkg|ntp}} time alteration<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000523.html ASA-201601-18] {{pkg|roundcubemail}} remote code execution<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000522.html ASA-201601-17] {{pkg|ffmpeg}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000521.html ASA-201601-16] {{pkg|syncthing}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000520.html ASA-201601-15] {{pkg|keybase}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000519.html ASA-201601-14] {{pkg|hub}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000518.html ASA-201601-13] {{pkg|go-ipfs}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000517.html ASA-201601-12] {{pkg|docker}} information leakage<br />
* [16 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000516.html ASA-201601-11] {{pkg|go}} information leakage<br />
* [14 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000515.html ASA-201601-10] {{pkg|php}} multiple issues<br />
* [14 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000512.html ASA-201601-9] {{pkg|openssh}} multiple issues<br />
* [13 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000487.html ASA-201601-8] {{pkg|libxslt}} denial of service<br />
* [11 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000486.html ASA-201601-7] {{pkg|dhcpcd}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000485.html ASA-201601-6] {{pkg|wireshark-qt}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000484.html ASA-201601-5] {{pkg|wireshark-gtk}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000483.html ASA-201601-4] {{pkg|wireshark-cli}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000482.html ASA-201601-3] {{pkg|gajim}} man-in-the-middle<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000481.html ASA-201601-2] {{pkg|wordpress}} cross-side scripting<br />
* [02 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000480.html ASA-201601-1] {{pkg|rtmpdump}} multiple issues<br />
<br />
=== December 2015 ===<br />
<br />
* [28 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000479.html ASA-201512-19] {{pkg|openvpn}} out-of-bound read<br />
* [28 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000478.html ASA-201512-18] {{pkg|libpng}} buffer overflow<br />
* [28 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000477.html ASA-201512-17] {{pkg|flashplugin}}, {{pkg|lib32-flashplugin}} multiple issues<br />
* [25 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000476.html ASA-201512-16] {{pkg|nghttp2}} use-after-free<br />
* [25 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000475.html ASA-201512-15] {{pkg|mediawiki}} multiple issues<br />
* [25 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000474.html ASA-201512-14] {{pkg|thunderbird}} multiple issues<br />
* [22 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000473.html ASA-201512-13] {{pkg|claws-mail}} buffer overflow<br />
* [17 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000472.html ASA-201512-12] {{pkg|python2-pyamf}} XML external entity injection<br />
* [17 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000471.html ASA-201512-11] {{pkg|ruby}} unsafe tainted string usage<br />
* [16 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000468.html ASA-201512-10] {{pkg|bind}} denial of service<br />
* [15 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000467.html ASA-201512-9] {{pkg|firefox}} multiple issues<br />
* [10 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000466.html ASA-201512-8] {{pkg|keepassx}} information disclosure<br />
* [09 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000465.html ASA-201512-7] {{pkg|flashplugin}} multiple issues<br />
* [09 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000464.html ASA-201512-6] {{pkg|libxml2}} multiple issues<br />
* [09 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000463.html ASA-201512-5] {{pkg|chromium}} multiple issues<br />
* [05 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000462.html ASA-201512-4] {{pkg|nodejs}} denial of service<br />
* [05 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000460.html ASA-201512-3] {{pkg|python-django}} {{pkg|python2-django}} information leakage<br />
* [05 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000459.html ASA-201512-2] {{pkg|openssl}} {{pkg|lib32-openssl}} multiple issues<br />
* [02 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000440.html ASA-201512-1] {{pkg|chromium}} multiple issues<br />
<br />
=== November 2015 ===<br />
<br />
* [18 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000439.html ASA-201511-11] {{pkg|jenkins}} multiple issues<br />
* [17 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000438.html ASA-201511-10] {{pkg|lib32-libpng}} multiple issues<br />
* [17 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000437.html ASA-201511-9] {{pkg|libpng}} multiple issues<br />
* [13 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000436.html ASA-201511-8] {{pkg|chromium}} information leakage<br />
* [12 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000435.html ASA-201511-7] {{pkg|putty}} arbitrary code execution<br />
* [12 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000434.html ASA-201511-6] {{pkg|powerdns}} denial of service<br />
* [11 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000433.html ASA-201511-5] {{pkg|flashplugin}} multiple issues<br />
* [06 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000432.html ASA-201511-4] {{pkg|nspr}} arbitrary code execution<br />
* [06 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000431.html ASA-201511-3] {{pkg|nss}} arbitrary code execution<br />
* [04 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000430.html ASA-201511-2] {{pkg|firefox}} multiple issues<br />
* [03 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000429.html ASA-201511-1] {{pkg|unzip}} multiple issues<br />
<br />
=== October 2015 ===<br />
<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000428.html ASA-201510-26] {{pkg|mariadb}} denial of service<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000427.html ASA-201510-25] {{pkg|lldpd}} denial of service<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000426.html ASA-201510-24] {{pkg|wordpress}} multiple issues<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000425.html ASA-201510-23] {{pkg|phpmyadmin}} content spoofing<br />
* [27 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000424.html ASA-201510-22] {{pkg|vorbis-tools}} denial of service<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000423.html ASA-201510-21] {{pkg|drupal}} open redirect<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000422.html ASA-201510-20] {{pkg|jre8-openjdk-headless}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000421.html ASA-201510-19] {{pkg|jre8-openjdk}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000420.html ASA-201510-18] {{pkg|jdk8-openjdk}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000419.html ASA-201510-17] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000418.html ASA-201510-16] {{pkg|jre7-openjdk}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000417.html ASA-201510-15] {{pkg|jdk7-openjdk}} multiple issues<br />
* [22 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000416.html ASA-201510-14] {{pkg|ntp}} multiple issues<br />
* [19 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000415.html ASA-201510-13] {{pkg|spice}} multiple issues<br />
* [18 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000414.html ASA-201510-12] {{pkg|flashplugin}} arbitrary code execution<br />
* [18 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000413.html ASA-201510-11] {{pkg|miniupnpc}} arbitrary code execution<br />
* [16 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000412.html ASA-201510-10] {{pkg|firefox}} cross-origin restriction bypass<br />
* [15 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000411.html ASA-201510-9] {{pkg|mbedtls}} arbitrary code execution<br />
* [14 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000410.html ASA-201510-8] {{pkg|chromium}} multiple issues<br />
* [14 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000409.html ASA-201510-7] {{pkg|flashplugin}} multiple issues<br />
* [10 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000408.html ASA-201510-6] {{pkg|gdk-pixbuf2}} multiple issues<br />
* [08 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000407.html ASA-201510-5] {{pkg|opensmtpd}} multiple issues<br />
* [08 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000406.html ASA-201510-4] {{pkg|bugzilla}} unauthorized account creation<br />
* [05 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000405.html ASA-201510-3] {{pkg|nodejs}} denial of service<br />
* [05 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000404.html ASA-201510-2] {{pkg|hostapd}} denial of service<br />
* [05 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000403.html ASA-201510-1] {{pkg|libunwind}} denial of service<br />
<br />
=== September 2015 ===<br />
* [28 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000401.html ASA-201509-11] {{pkg|chromium}} cross-origin bypass<br />
* [25 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000400.html ASA-201509-10] {{pkg|rpcbind}} denial of service<br />
* [23 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000399.html ASA-201509-9] {{pkg|firefox}} multiple issues<br />
* [22 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000398.html ASA-201509-8] {{pkg|flashplugin}} multiple issues<br />
* [21 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000397.html ASA-201509-7] {{pkg|wordpress}} multiple issues<br />
* [13 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000395.html ASA-201509-6] {{pkg|icedtea-web}} multiple issues<br />
* [13 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000394.html ASA-201509-5] {{pkg|libvdpau}} {{pkg|lib32-libvdpau}} multiple issues<br />
* [13 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000393.html ASA-201509-4] {{pkg|openldap}} denial of service<br />
* [07 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000392.html ASA-201509-3] {{pkg|powerdns}} denial of service<br />
* [03 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000391.html ASA-201509-2] {{pkg|bind}} denial of service<br />
* [02 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000390.html ASA-201509-1] {{pkg|chromium}} multiple issues<br />
<br />
=== August 2015 ===<br />
* [28 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000389.html ASA-201508-12] {{pkg|firefox}} multiple issues<br />
* [26 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000388.html ASA-201508-11] {{pkg|pcre}} arbitrary code execution<br />
* [26 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000387.html ASA-201508-10] {{pkg|jasper}} denial of service<br />
* [25 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000386.html ASA-201508-9] {{pkg|django}} denial of service<br />
* [25 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000385.html ASA-201508-8] {{pkg|gnutls}} denial of service<br />
* [16 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000384.html ASA-201508-7] {{pkg|glibc}} denial of service<br />
* [14 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000383.html ASA-201508-6] {{pkg|freeradius}} insufficient CRL validation<br />
* [14 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000382.html ASA-201508-5] {{pkg|subversion}} authentication bypass<br />
* [12 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000381.html ASA-201508-4] {{pkg|firefox}} multiple issues<br />
* [11 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000380.html ASA-201508-3] {{pkg|ppp}} denial of service<br />
* [07 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000379.html ASA-201508-2] {{pkg|wordpress}} multiple issues<br />
* [07 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000378.html ASA-201508-1] {{pkg|firefox}} information leakage<br />
<br />
=== July 2015 ===<br />
* [29 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000377.html ASA-201507-23] {{pkg|pacman}} silent downgrade<br />
* [29 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000376.html ASA-201507-22] {{pkg|bind}} denial of service<br />
* [29 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000375.html ASA-201507-21] {{pkg|qemu}} multiple issues<br />
* [24 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000374.html ASA-201507-20] {{pkg|crypto++}} private key recovery<br />
* [24 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000373.html ASA-201507-19] {{pkg|libuser}} privilege escalation<br />
* [23 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000371.html ASA-201507-18] {{pkg|chromium}} multiple issues<br />
* [23 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000372.html ASA-201507-17] {{pkg|openssh}} authentication limits bypass<br />
* [22 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000370.html ASA-201507-16] {{pkg|jre7-openjdk}} multiple issues<br />
* [17 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000369.html ASA-201507-15] {{pkg|apache}} multiple issues<br />
* [16 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000368.html ASA-201507-14] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [16 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000367.html ASA-201507-13] {{pkg|flashplugin}} arbitrary code execution<br />
* [13 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000366.html ASA-201507-12] {{pkg|lib32-openssl}} man-in-the-middle<br />
* [12 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000365.html ASA-201507-11] {{pkg|lib32-krb5}} multiple issues<br />
* [12 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000364.html ASA-201507-10] {{pkg|krb5}} multiple issues<br />
* [11 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000363.html ASA-201507-9] {{pkg|thunderbird}} multiple issues<br />
* [09 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000362.html ASA-201507-8] {{pkg|openssl}} man-in-the-middle<br />
* [08 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000361.html ASA-201507-7] {{pkg|flashplugin}} remote code execution<br />
* [07 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000360.html ASA-201507-6] {{pkg|bind}} denial of service<br />
* [07 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000359.html ASA-201507-5] {{pkg|ntp}} denial of service<br />
* [04 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000358.html ASA-201507-4] {{pkg|openssh}} XSECURITY restrictions bypass<br />
* [04 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000357.html ASA-201507-3] {{pkg|haproxy}} information leakage<br />
* [03 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000356.html ASA-201507-2] {{pkg|firefox}} remote code execution<br />
* [03 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000355.html ASA-201507-1] {{pkg|wesnoth}} information leakage<br />
<br />
=== June 2015 ===<br />
* [24 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000346.html ASA-201506-5] {{pkg|flashplugin}} remote code execution<br />
* [22 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000345.html ASA-201506-4] {{pkg|curl}} information leakage<br />
* [12 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000344.html ASA-201506-3] {{pkg|openssl}} multiple issues<br />
* [10 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000343.html ASA-201506-2] {{pkg|cups}} multiple issues<br />
* [01 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000342.html ASA-201506-1] {{pkg|pcre}} buffer overflow<br />
<br />
=== May 2015 ===<br />
* [28 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000341.html ASA-201505-20] {{pkg|curl}} information leakage<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000340.html ASA-201505-19] {{pkg|webkitgtk2}} man-in-the-middle<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000339.html ASA-201505-18] {{pkg|webkitgtk}} man-in-the-middle<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000338.html ASA-201505-17] {{pkg|postgresql}} multiple issues<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000337.html ASA-201505-16] {{pkg|pgbouncer}} denial of service<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000336.html ASA-201505-15] {{pkg|nbd}} denial of service<br />
* [21 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000335.html ASA-201505-14] {{pkg|chromium}} multiple issues<br />
* [18 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000332.html ASA-201505-13] {{pkg|thunderbird}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000331.html ASA-201505-12] {{pkg|wireshark-gtk}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000330.html ASA-201505-11] {{pkg|wireshark-qt}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000329.html ASA-201505-10] {{pkg|wireshark-cli}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000328.html ASA-201505-9] {{pkg|qemu}} arbitrary code execution<br />
* [13 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000321.html ASA-201505-8] {{pkg|tomcat6}} denial of service<br />
* [13 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000320.html ASA-201505-7] {{pkg|firefox}} multiple issues<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000319.html ASA-201505-6] {{pkg|docker}} multiple issues<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000318.html ASA-201505-5] {{pkg|libtasn1}} arbitrary code execution<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000317.html ASA-201505-4] {{pkg|mariadb-clients}} multiple issues<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000316.html ASA-201505-3] {{pkg|mariadb}} multiple issues<br />
* [03 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000315.html ASA-201505-2] {{pkg|clamav}} multiple issues<br />
* [01 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000314.html ASA-201505-1] {{pkg|squid}} weak certificate validation<br />
<br />
=== Apr 2015 ===<br />
* [30 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000313.html ASA-201504-32] {{pkg|perl-xml-libxml}} xml external entity injection<br />
* [29 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000312.html ASA-201504-31] {{pkg|dovecot}} denial of service<br />
* [29 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000311.html ASA-201504-30] {{pkg|chromium}} multiple issues<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000310.html ASA-201504-29] {{pkg|wpa_supplicant}} arbitrary code execution<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000309.html ASA-201504-28] {{pkg|curl}} multiple issues<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000308.html ASA-201504-27] {{pkg|powerdns-recursor}} denial of service<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000307.html ASA-201504-26] {{pkg|powerdns}} denial of service<br />
* [23 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000305.html ASA-201504-25] {{pkg|glibc}} arbitrary code execution<br />
* [22 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000304.html ASA-201504-24] {{pkg|firefox}} arbitrary code execution<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000302.html ASA-201504-23] {{pkg|jre8-openjdk-headless}} multiple issues<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000301.html ASA-201504-22] {{pkg|jre8-openjdk}} multiple issues<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000300.html ASA-201504-21] {{pkg|jdk8-openjdk}} multiple issues<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000299.html ASA-201504-20] {{pkg|tcpdump}} denial of service<br />
* [18 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000298.html ASA-201504-19] {{pkg|chromium}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000297.html ASA-201504-18] {{pkg|flashplugin}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000296.html ASA-201504-17] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000295.html ASA-201504-16] {{pkg|jre7-openjdk}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000294.html ASA-201504-15] {{pkg|jdk7-openjdk}} multiple issues<br />
* [15 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000291.html ASA-201504-14] {{pkg|php}} multiple issues<br />
* [14 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000282.html ASA-201504-13] {{pkg|ruby}} permissive certificate matching<br />
* [11 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000281.html ASA-201504-12] {{pkg|icecast}} denial of service<br />
* [10 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000280.html ASA-201504-11] {{pkg|mediawiki}} multiple issues<br />
* [09 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000279.html ASA-201504-10] {{pkg|libssh2}} out-of-bounds read<br />
* [08 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000278.html ASA-201504-9] {{pkg|chrony}} denial of service<br />
* [08 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000275.html ASA-201504-8] {{pkg|ntp}} multiple issues<br />
* [07 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000274.html ASA-201504-7] {{pkg|tor}} multiple issues<br />
* [04 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000272.html ASA-201504-6] {{pkg|thunderbird}} multiple issues<br />
* [04 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000273.html ASA-201504-5] {{pkg|java-batik}} xml external entity injection<br />
* [04 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000271.html ASA-201504-4] {{pkg|firefox}} certificate verification bypass<br />
* [03 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000270.html ASA-201504-3] {{pkg|libtasn1}} stack overflow<br />
* [02 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000269.html ASA-201504-2] {{pkg|chromium}} remote code execution<br />
* [01 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000268.html ASA-201504-1] {{pkg|firefox}} multiple issues<br />
<br />
=== Mar 2015 ===<br />
* [31 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000267.html ASA-201503-26] {{pkg|musl}} arbitrary code execution<br />
* [28 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000266.html ASA-201503-25] {{pkg|php}} zip integer overflow<br />
* [25 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000265.html ASA-201503-24] {{pkg|vorbis-tools}} denial of service<br />
* [24 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000264.html ASA-201503-23] {{pkg|util-linux}} command injection<br />
* [23 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000263.html ASA-201503-22] {{pkg|cpio}} directory traversal<br />
* [21 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000262.html ASA-201503-21] {{pkg|firefox}} multiple issues<br />
* [20 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000261.html ASA-201503-20] {{pkg|tcpdump}} multiple issues<br />
* [20 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000260.html ASA-201503-19] {{pkg|xerces-c}} denial of service<br />
* [20 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000259.html ASA-201503-18] {{pkg|drupal}} multiple issues<br />
* [19 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000258.html ASA-201503-17] {{pkg|lib32-openssl}} multiple issues<br />
* [19 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000257.html ASA-201503-16] {{pkg|openssl}} multiple issues<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000256.html ASA-201503-15] {{pkg|libxfont}} multiple issues<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000255.html ASA-201503-14] {{pkg|ecryptfs-utils}} hard-coded passphrase salt<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000254.html ASA-201503-13] {{pkg|ettercap-gtk}} multiple issues<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000253.html ASA-201503-12] {{pkg|ettercap}} multiple issues<br />
* [16 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000252.html ASA-201503-11] {{pkg|flashplugin}} multiple issues<br />
* [16 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000251.html ASA-201503-10] {{pkg|librsync}} checksum collision<br />
* [15 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000250.html ASA-201503-9] {{pkg|unzip}} arbitrary code execution<br />
* [12 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000249.html ASA-201503-8] {{pkg|e2fsprogs}} arbitrary code execution<br />
* [11 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000248.html ASA-201503-7] {{pkg|python2-django}} {{pkg|python-django}} cross site scripting<br />
* [09 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000247.html ASA-201503-6] {{pkg|mutt}} denial of service<br />
* [05 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000245.html ASA-201503-5] {{pkg|chromium}} multiple issues<br />
* [05 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000244.html ASA-201503-4] {{pkg|grep}} denial of service<br />
* [02 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000243.html ASA-201503-3] {{pkg|lib32-elfutils}} directory traversal<br />
* [02 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000242.html ASA-201503-2] {{pkg|elfutils}} directory traversal<br />
* [02 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000241.html ASA-201503-1] {{pkg|putty}} information disclosure<br />
<br />
=== Feb 2015 ===<br />
* [25 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000238.html ASA-201502-15] {{pkg|thunderbird}} multiple issues<br />
* [25 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000237.html ASA-201502-14] {{pkg|firefox}} multiple issues<br />
* [23 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000236.html ASA-201502-13] {{pkg|samba}} arbitrary code execution<br />
* [17 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000235.html ASA-201502-12] {{pkg|krb5}} multiple issues<br />
* [11 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000234.html ASA-201502-11] {{pkg|xorg-server}} information leak and denial of service<br />
* [10 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000233.html ASA-201502-10] {{pkg|dbus}} denial of service<br />
* [09 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000232.html ASA-201502-9] {{pkg|pigz}} remote write to arbitrary file<br />
* [09 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000231.html ASA-201502-8] {{pkg|glibc}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000230.html ASA-201502-7] {{pkg|ntp}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000229.html ASA-201502-6] {{pkg|clamav}} arbitrary code execution<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000228.html ASA-201502-5] {{pkg|chromium}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000227.html ASA-201502-4] {{pkg|postgresql}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000226.html ASA-201502-3] {{pkg|mantisbt}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000225.html ASA-201502-2] {{pkg|flashplugin}} remote code execution<br />
* [03 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000224.html ASA-201502-1] {{pkg|privoxy}} denial of service<br />
<br />
=== Jan 2015 ===<br />
* [28 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000223.html ASA-201501-24] {{pkg|patch}} multiple issues<br />
* [27 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000222.html ASA-201501-23] {{pkg|jasper}} arbitrary code execution<br />
* [26 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000220.html ASA-201501-22] {{pkg|flashplugin}} multiple issues<br />
* [25 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000219.html ASA-201501-21] {{pkg|chromium}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000218.html ASA-201501-20] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000217.html ASA-201501-19] {{pkg|jre7-openjdk}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000216.html ASA-201501-18] {{pkg|jdk7-openjdk}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000215.html ASA-201501-17] {{pkg|php}} remote code execution<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000212.html ASA-201501-16] {{pkg|jre8-openjdk-headless}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000211.html ASA-201501-15] {{pkg|jre8-openjdk}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000210.html ASA-201501-14] {{pkg|jdk8-openjdk}} multiple issues<br />
* [20 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000209.html ASA-201501-13] {{pkg|polarssl}} remote code execution<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000208.html ASA-201501-12] {{pkg|libssh}} denial of service<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000207.html ASA-201501-11] {{pkg|tinyproxy}} denial of service<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000206.html ASA-201501-10] {{pkg|samba}} privilege elevation<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000205.html ASA-201501-9] {{pkg|curl}} url request injection<br />
* [15 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000204.html ASA-201501-8] {{pkg|flashplugin}} multiple issues<br />
* [14 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000203.html ASA-201501-7] {{pkg|thunderbird}} multiple issues<br />
* [14 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000202.html ASA-201501-6] {{pkg|firefox}} multiple issues<br />
* [14 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000201.html ASA-201501-5] {{pkg|cpio}} heap buffer overflow<br />
* [13 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000200.html ASA-201501-4] {{pkg|libevent}} heap overflow<br />
* [10 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000199.html ASA-201501-3] {{pkg|unzip}} arbitrary code execution<br />
* [09 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000198.html ASA-201501-2] {{pkg|openssl}} multiple issues<br />
* [07 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000192.html ASA-201501-1] {{pkg|imagemagick}} multiple issues<br />
<br />
=== Dec 2014 ===<br />
* [22 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000189.html ASA-201412-24] {{pkg|ntp}} multiple issues<br />
* [18 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000183.html ASA-201412-23] {{pkg|php}} use after free<br />
* [18 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000182.html ASA-201412-22] {{pkg|jasper}} arbitrary code execution<br />
* [18 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000181.html ASA-201412-21] {{pkg|glibc}} arbitrary code execution<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000178.html ASA-201412-20] {{pkg|unrtf}} arbitrary code execution<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000177.html ASA-201412-19] {{pkg|dokuwiki}} cross-site scripting<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000176.html ASA-201412-18] {{pkg|nss}} signature forgery<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000175.html ASA-201412-17] {{pkg|subversion}} denial of service<br />
* [15 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000174.html ASA-201412-16] {{pkg|docker}} multiple issues<br />
* [15 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000173.html ASA-201412-15] {{pkg|python2}} multiple issues<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000172.html ASA-201412-14] {{pkg|xorg-server}} multiple issues<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000171.html ASA-201412-13] {{pkg|flashplugin}} multiple issues<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000170.html ASA-201412-12] {{pkg|nvidia}} arbitrary code execution<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000169.html ASA-201412-11] {{pkg|nvidia-340xx}} arbitrary code execution<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000168.html ASA-201412-10] {{pkg|nvidia-304xx}} arbitrary code execution<br />
* [09 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000167.html ASA-201412-9] {{pkg|powerdns-recursor}} denial of service<br />
* [09 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000166.html ASA-201412-8] {{pkg|unbound}} denial of service<br />
* [08 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000165.html ASA-201412-7] {{pkg|bind}} denial of service<br />
* [08 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000164.html ASA-201412-6] {{pkg|mantisbt}} multiple issues<br />
* [04 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000163.html ASA-201412-5] {{pkg|antiword}} buffer overflow<br />
* [03 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000162.html ASA-201412-4] {{pkg|graphviz}} format string vulnerability<br />
* [03 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000161.html ASA-201412-3] {{pkg|firefox}} multiple issues<br />
* [02 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000160.html ASA-201412-2] {{pkg|openvpn}} denial of service<br />
* [01 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000159.html ASA-201412-1] {{pkg|gnupg}} denial of service<br />
<br />
=== Nov 2014 ===<br />
* [28 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000156.html ASA-201411-31] {{pkg|libksba}} denial of service<br />
* [28 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000157.html ASA-201411-32] {{pkg|icecast}} information leak<br />
* [28 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000158.html ASA-201411-33] {{pkg|libjpeg-turbo}} denial of service <br />
* [26 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000155.html ASA-201411-30] {{pkg|flac}} arbitrary code execution<br />
* [26 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000154.html ASA-201411-29] {{pkg|pcre}} heap buffer overflow<br />
* [23 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000153.html ASA-201411-28] {{pkg|dbus}} denial of service<br />
* [21 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000152.html ASA-201411-27] {{pkg|glibc}} command execution<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000151.html ASA-201411-26] {{pkg|chromium}} multiple issues<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000150.html ASA-201411-25] {{pkg|drupal}} session hijacking and denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000149.html ASA-201411-24] {{pkg|wireshark-qt}} denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000148.html ASA-201411-23] {{pkg|wireshark-gtk}} denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000147.html ASA-201411-22] {{pkg|wireshark-cli}} denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000146.html ASA-201411-21] {{pkg|clamav}} denial of service<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000145.html ASA-201411-20] {{pkg|avr-binutils}} multiple issues<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000144.html ASA-201411-19] {{pkg|mingw-w64-binutils}} multiple issues<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000143.html ASA-201411-18] {{pkg|arm-none-eabi-binutils}} multiple issues<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000142.html ASA-201411-17] {{pkg|binutils}} multiple issues<br />
* [17 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000141.html ASA-201411-16] {{pkg|ruby}} denial of service<br />
* [17 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000140.html ASA-201411-15] {{pkg|linux-lts}} local denial of service, privilege escalation<br />
* [17 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000139.html ASA-201411-14] {{pkg|linux}} local denial of service, privilege escalation<br />
* [13 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000138.html ASA-201411-13] {{pkg|php}} denial of service<br />
* [13 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000137.html ASA-201411-12] {{pkg|imagemagick}} denial of service<br />
* [13 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000136.html ASA-201411-11] {{pkg|flashplugin}} remote code execution<br />
* [12 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000135.html ASA-201411-10] {{pkg|gnutls}} out-of-bounds memory write<br />
* [12 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000134.html ASA-201411-9] {{pkg|file}} denial of service through out-of-bounds read<br />
* [12 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000133.html ASA-201411-8] {{pkg|mantisbt}} arbitrary code execution and unrestricted access<br />
* [11 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000132.html ASA-201411-7] {{pkg|curl}} out-of-bounds read<br />
* [10 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000131.html ASA-201411-6] {{pkg|kdebase-workspace}} local privilege escalation<br />
* [09 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000130.html ASA-201411-5] {{pkg|konversation}} denial of service<br />
* [06 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000129.html ASA-201411-4] {{pkg|polarssl}} multiple issues<br />
* [05 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000128.html ASA-201411-3] {{pkg|mantisbt}} sql injection<br />
* [03 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000127.html ASA-201411-2] {{pkg|aircrack-ng}} multiple vulnerabilities<br />
* [01 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000126.html ASA-201411-1] {{pkg|tnftp}} arbitrary command execution<br />
<br />
=== Oct 2014 ===<br />
<br />
* [29 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000125.html ASA-201410-14] {{pkg|wget}} arbitrary filesystem access<br />
* [27 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000124.html ASA-201410-13] {{pkg|ejabberd}} circumvention of encryption<br />
* [24 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000123.html ASA-201410-12] {{pkg|libxml2}} Denial of service<br />
* [24 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000122.html ASA-201410-11] {{pkg|ctags}} Denial of service<br />
* [23 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000121.html ASA-201410-10] {{pkg|libvncserver}} Remote code execution and Remote DoS<br />
* [22 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000120.html ASA-201410-9] {{pkg|libpurple}} Remote DoS and Information leakage<br />
* [20 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000119.html ASA-201410-8] {{pkg|wpa_supplicant}}, {{pkg|hostapd}} Arbitrary command execution<br />
* [16 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000118.html ASA-201410-7] {{pkg|drupal}} SQL Injection<br />
* [16 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000117.html ASA-201410-6] {{pkg|openssl}} Memory leak and poodle mitigation<br />
* [15 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000116.html ASA-201410-4] {{pkg|zeromq}} Man-in-the-middle downgrade and replay attack<br />
* [8 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000115.html ASA-201410-5] {{pkg|rsyslog}} Denial of service<br />
* [4 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000114.html ASA-201410-3] {{pkg|mediawiki}} Cross-site Scripting (XSS) and UI redressing<br />
* [2 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000113.html ASA-201410-2] {{pkg|jenkins}} Multiple issues<br />
* [1 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000112.html ASA-201410-1] {{pkg|rsyslog}} Remote denial of service<br />
<br />
=== Sep 2014 ===<br />
<br />
* [29 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000111.html ASA-201409-5] {{pkg|libvirt}} Out-of-bounds read access<br />
* [29 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000109.html ASA-201409-4] {{pkg|mediawiki}} Cross-site Scripting (XSS)<br />
* [26 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000102.html ASA-201409-3] {{pkg|python2}} Information leakage through integer overflow<br />
* [26 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000099.html ASA-201409-2] {{pkg|bash}} Remote code execution<br />
* [25 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000097.html ASA-201409-1] {{pkg|nss}} Signature forgery attack<br />
<br />
==Publishing a new advisory==<br />
<br />
We try to always wait for the vulnerability to have been fixed in the corresponding package before issuing an advisory.<br />
In case of an extremely critical vulnerability,<br />
we may issue an advisory before the package has been fixed, but only if a work-around exists. <br />
<br />
If you want to publish a new advisory, please check that:<br />
* the corresponding Arch Linux package is really vulnerable ;<br />
* the tracking [[Arch_CVE_Monitoring_Team#Procedure|Procedure]] has been completed;<br />
* no Arch Linux Security Advisory for this vulnerability has been published yet ;<br />
* no upcoming Security Advisory for this vulnerability has been claimed in the "[[#Scheduled Advisories|Scheduled Advisories]]" list of this page, as it would mean that someone is already working on an advisory ;<br />
* the current maintainer has been notified, either by flagging the package ouf-of-date if an upstream release fixing the issue exists and/or by creating a new [https://bugs.archlinux.org/ bug-tracker] entry (see the exact procedure [[Arch_CVE_Monitoring_Team#Procedure|here]]).<br />
<br />
You may then:<br />
* add a line in the "[[#Scheduled Advisories|Scheduled Advisories]]" list of this page, indicating that you are going to publish an advisory soon ;<br />
* use the following template as an example to write the advisory ;<br />
* ensure that every line in the advisory is properly wrapped after 72 characters<br />
* send the advisory to the [https://mailman.archlinux.org/mailman/listinfo/arch-security arch-security] mailing-list (note that it would be nice if you could send a PGP-signed e-mail, but it is not required).<br />
* move the published advisory from "[[#Scheduled Advisories|Scheduled Advisories]]" to "[[#Recent Advisories|Recent Advisories]]"<br />
* adapt the [[CVE#Documented_CVE.27s|CVE]] tracking page for the fixed package and add a link to the appropriate ASA.<br />
<br />
===Templates===<br />
<br />
{{bc|<nowiki><br />
Subject:<br />
[ASA-<YYYYMM-N>] <Package>: <Vulnerability Type><br />
<br />
Body:<br />
Arch Linux Security Advisory ASA-YYYYMM-N<br />
=========================================<br />
<br />
Severity: Low, Medium, High, Critical<br />
Date : YYYY-MM-DD<br />
CVE-ID : <CVE-ID><br />
Package : <package><br />
Type : <Vulnerability Type><br />
Remote : <Yes/No><br />
Link : https://wiki.archlinux.org/index.php/CVE<br />
<br />
Summary<br />
=======<br />
<br />
The package <package> before version <Arch Linux fixed version> is vulnerable to <Vulnerability type>.<br />
<br />
Resolution<br />
==========<br />
<br />
Upgrade to <Arch Linux fixed version>.<br />
<br />
# pacman -Syu "<package>>=<Arch Linux fixed version>"<br />
<br />
The problem has been fixed upstream in version <upstream fixed version>.<br />
<br />
Workaround<br />
==========<br />
<br />
<Is there a way to mitigate this vulnerability without upgrading?><br />
<br />
Description<br />
===========<br />
<br />
<Long description, for example from original advisory>.<br />
<br />
Impact<br />
======<br />
<br />
<<br />
What is it that an attacker can do? Does this need existing<br />
pre-conditions to be exploited (valid credentials, physical access)?<br />
Is this remotely exploitable?<br />
>.<br />
<br />
References<br />
==========<br />
<br />
<CVE-Link><br />
<Upstream report><br />
<Arch Linux Bug-Tracker><br />
</nowiki>}}<br />
<br />
===Vim-Snippet===<br />
<br />
Vim-Snippet for vim-ultisnips plugin for easy completing the archlinux template. Just install {{pkg|vim-ultisnips}} and copy the text below in your {{ic|~/.vim/UltiSnips/all.snippets}} you can jump through the tabstops with {{ic|CTRL+j}}.<br />
<br />
{{bc|<nowiki><br />
snippet archsec "arch security form" <br />
Arch Linux Security Advisory ASA-`date -I -u | egrep -o '[0-9]{4}'``date -I -u | egrep -o '[0-9]{2}' | sed '3q;d'`-${1}<br />
========================================${1/./=/g} <br />
<br />
Severity: ${2} <br />
Date : `date -I -u` <br />
CVE-ID : $3 <br />
Package : $4 <br />
Type : $5<br />
Remote : ${6} <br />
Link : https://wiki.archlinux.org/index.php/CVE <br />
<br />
Summary<br />
=======<br />
<br />
The package $4 before version $7 is vulnerable to $5 ${8} <br />
<br />
Resolution<br />
==========<br />
<br />
Upgrade to $7.<br />
<br />
# pacman -Syu "$4>=$7" <br />
<br />
${9:The problems have been fixed upstream in version ${7/-\d+$/./}} <br />
<br />
Workaround<br />
========== <br />
<br />
${10:None.} <br />
<br />
Description <br />
=========== <br />
<br />
${3/(CVE-....-....)(\s?)/- $1(?2: : )()\n\n/g} <br />
<br />
Impact<br />
====== <br />
<br />
A${6/(Yes)|(No)/(?1: remote )(?2: local )/}attacker is able to ${12} <br />
<br />
References<br />
========== <br />
<br />
${3/(CVE-....-....)(\s?)/https:\/\/access.redhat.com\/security\/cve\/$1\n/g}<br />
${13}<br />
endsnippet<br />
<br />
</nowiki>}}</div>
Anthraxx
https://wiki.archlinux.org/index.php?title=CVE&diff=454716
CVE
2016-10-21T14:33:34Z
<p>Anthraxx: /* Documented CVE's */ adding second django advisory for python2 variant</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Related articles start}}<br />
{{Related|Arch CVE Monitoring Team}}<br />
{{Related|Security Advisories}}<br />
{{Related|Security Advisories/Examples}}<br />
{{Related articles end}}<br />
This article documents [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's) that are found and fixed in Arch Linux. <br />
<br />
== Introduction ==<br />
<br />
CVE's represent critical security vulnerabilities which must be addressed as quickly as possible. <br />
<br />
Once a CVE has been located and fixed, it is added to the CVE documentation table below.<br />
<br />
== Helping ==<br />
<br />
This is a community driven project. Please consider joining the [[Arch CVE Monitoring Team]]. <br />
<br />
Also, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch security mailing list]. There is an IRC on irc://irc.freenode.net/archlinux-security.<br />
<br />
== Procedure ==<br />
<br />
When adding a CVE to the table, add it to the TOP of the table. Use Wiki markup to create links in the "CVE-ID", "Package", and "Status" columns. The following template may be used to ease the process of adding CVE entries into the table. The first line, "|-" represents the creation of a new row in the table, while the second line should be modified per CVE:<br />
<br />
{{hc|CVE Table Addition Template|<nowiki><br />
|-<br />
| {{CVE|CVE-2016-????}} || {{Pkg|pkgname}} || Disclosure date || Affected versions || Fixed in version || Arch Linux response time || Status(Fixed|Pending|Invalid) (Bug reports) || {{ASA|ASA-??????-??}}<br />
</nowiki>}}<br />
<br />
{{Note|<br />
* If the CVE is not found in [http://nvd.nist.gov/home.cfm NVD], just include a link to different database in the first column: {{ic|<nowiki>[http://link.to.cve CVE-2014-????]</nowiki>}}<br />
* The "Disclosure date" field should be expressed in [[Wikipedia:ISO 8601|ISO 8601 format]] to avoid any confusion. Example: 2014-03-22.<br />
* The "Arch Linux response time" field corresponds to the time between the public release of a vulnerability and the date the package update fixing the vulnerability is made available in the official stable repositories. The "Time really vulnerable" is potentially much lengthier but is harder to estimate.<br />
}}<br />
<br />
The above "CVE-template" should be added after the line:<br />
<br />
{{bc|<nowiki>! scope="col" width="125px" data-sort-type="text" | CVE-ID !! Package !! Disclosure date !! Affected versions !! Fixed in version !! Arch Linux response time !! Status (and related bug reports) !! ASA-ID</nowiki>}}<br />
<br />
== Response time ==<br />
<br />
The response time is the time taken to get a fixed package to the stable repositories.<br />
<br />
== Documented CVE's ==<br />
<br />
{{Note|Refer to the [[#Procedure]] section when adding new entries.}}<br />
<br />
{| class="wikitable sortable" style="margin: 1em auto 1em auto; text-align: center;" width="100%"<br />
! height="50px" colspan="8" style="font-size: 125%;"| '''TRACKED CVE's'''<br />
|-<br />
! scope="col" width="130px" data-sort-type="text" | CVE-ID !! Package !! Disclosure date !! Affected versions !! Fixed in Arch Linux package version !! Arch Linux response time !! Status (and related bug reports) !! ASA-ID<br />
|-<br />
| {{CVE|CVE-2016-7401}} || {{pkg|python-django}} {{pkg|python2-django}} || 2016-10-21 || <= 1.9.9-1 || 1.10.1-1 || || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-October/000740.html ASA-201610-12] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000741.html ASA-201610-13]<br />
|-<br />
| {{CVE|CVE-2016-5195}} [https://github.com/dirtycow/dirtycow.github.io/wiki/VulnerabilityDetails] || {{pkg|linux}} || 2016-10-21 || <= 4.8.2-1 || 4.8.3-1 || || '''Vulnerable''' || <br />
|-<br />
| {{CVE|CVE-2016-5195}} [https://github.com/dirtycow/dirtycow.github.io/wiki/VulnerabilityDetails] || {{pkg|linux-grsec}} || 2016-10-21 || <= 1:4.7.8.r201610161720-1 || || || '''Vulnerable''' || <br />
|-<br />
| {{CVE|CVE-2016-5195}} [https://github.com/dirtycow/dirtycow.github.io/wiki/VulnerabilityDetails] || {{pkg|linux-lts}} || 2016-10-21 || <= 4.4.25-1 || 4.4.26-1 || <3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-October/000739.html ASA-201610-11]<br />
|-<br />
| {{CVE|CVE-2016-8605}} {{CVE|CVE-2016-8606}} [http://www.openwall.com/lists/oss-security/2016/10/11/1] [http://www.openwall.com/lists/oss-security/2016/10/12/2] || {{pkg|guile}} || 2016-10-11 || <= 2.0.12-1 || 2.0.13-1 || <3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-October/000738.html ASA-201610-10]<br />
|-<br />
| {{CVE|CVE-2016-7906}} {{CVE|CVE-2016-7799}} [http://www.openwall.com/lists/oss-security/2016/10/02/3] [http://www.openwall.com/lists/oss-security/2016/10/01/6] || {{pkg|imagemagick}} || 2016-10-02 || <= 6.9.5.10-1 || 6.9.6.0-1 || <5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-October/000734.html ASA-201610-6]<br />
|-<br />
| {{CVE|CVE-2016-7967}} {{CVE|CVE-2016-7968}} [https://www.kde.org/info/security/advisory-20161006-2.txt] [https://www.kde.org/info/security/advisory-20161006-3.txt] [http://seclists.org/oss-sec/2016/q4/23] || {{pkg|messagelib}} || 2016-10-06 || <= 16.08.1-1 || 16.08.1-2 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-October/000733.html ASA-201610-5]<br />
|- <br />
| {{CVE|CVE-2016-7966}} [https://www.kde.org/info/security/advisory-20161006-1.txt] [http://seclists.org/oss-sec/2016/q4/23] || {{pkg|kcoreaddons}} || 2016-10-06 || <= 5.26.0-1 || 5.26.0-2 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-October/000732.html ASA-201610-4]<br />
|- <br />
| {{CVE|CVE-2016-7795}} || {{pkg|systemd}} || 2016-09-29 || <= 231-1 || 231-2 || 6d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-October/000730.html ASA-201610-2]<br />
|- <br />
| {{CVE|CVE-2016-5177}} {{CVE|CVE-2016-5178}} [https://googlechromereleases.blogspot.fr/2016/09/stable-channel-update-for-desktop_29.html] || {{pkg|chromium}} || 2016-09-29 || <= 53.0.2785.116-1 || 53.0.2785.143-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-October/000729.html ASA-201610-1]<br />
|- <br />
| {{CVE|CVE-2016-7168}} {{CVE|CVE-2016-7169}} [https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/] || {{pkg|wordpress}} || 2016-09-29 || <= 4.6.0-1 || 4.6.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000728.html ASA-201609-32]<br />
|- <br />
| {{CVE|CVE-2016-5180}} [https://c-ares.haxx.se/adv_20160929.html] || {{pkg|c-ares}} || 2016-09-29 || <= 1.11.0-1 || 1.12.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000727.html ASA-201609-31]<br />
|- <br />
| {{CVE|CVE-2016-2776}} [https://kb.isc.org/article/AA-01419/0] || {{pkg|bind}} || 2016-07-27 || <= 9.10.4.P2-1 || 9.10.4.P3-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000725.html ASA-201607-29]<br />
|-<br />
| {{CVE|CVE-2016-7052}} [https://www.openssl.org/news/secadv/20160926.txt] || {{pkg|lib32-openssl}} || 2016-09-26 || <= 1:1.0.2.i-1 || 1:1.0.2.j-1 || || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000724.html ASA-201609-28]<br />
|- <br />
| {{CVE|CVE-2016-7052}} [https://www.openssl.org/news/secadv/20160926.txt] || {{pkg|openssl}} || 2016-09-26 || <= 1.0.2.i-1 || 1.0.2.j-1 || || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000726.html ASA-201609-30]<br />
|- <br />
| {{CVE|CVE-2016-6309}} [https://www.openssl.org/news/secadv/20160926.txt] || {{pkg|lib32-openssl}} || 2016-09-26 || <= 1:1.0.2.i-1 || || || Not Affected || None<br />
|- <br />
| {{CVE|CVE-2016-6309}} [https://www.openssl.org/news/secadv/20160926.txt] || {{pkg|openssl}} || 2016-09-26 || <= 1.0.2.i-1 || || || Not Affected || None<br />
|- <br />
| {{CVE|CVE-2016-2177}} {{CVE|CVE-2016-2178}} {{CVE|CVE-2016-2179}} {{CVE|CVE-2016-2180}} {{CVE|CVE-2016-2181}} {{CVE|CVE-2016-2182}} {{CVE|CVE-2016-2183}} {{CVE|CVE-2016-6302}} {{CVE|CVE-2016-6303}} {{CVE|CVE-2016-6304}} {{CVE|CVE-2016-6306}} [http://eprint.iacr.org/2016/594] [https://www.openssl.org/news/secadv/20160922.txt] || {{pkg|openssl}} || 2016-09-22 || <= 1.0.2.h-1 || 1.0.2.i-1 || <1d || Fixed ({{bug|49616}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000719.html ASA-201609-23]<br />
|- <br />
| {{CVE|CVE-2016-2177}} {{CVE|CVE-2016-2178}} {{CVE|CVE-2016-2179}} {{CVE|CVE-2016-2180}} {{CVE|CVE-2016-2181}} {{CVE|CVE-2016-2182}} {{CVE|CVE-2016-2183}} {{CVE|CVE-2016-6302}} {{CVE|CVE-2016-6303}} {{CVE|CVE-2016-6304}} {{CVE|CVE-2016-6306}} [http://eprint.iacr.org/2016/594] [https://www.openssl.org/news/secadv/20160922.txt] || {{pkg|lib32-openssl}} || 2016-09-22 || <= 1:1.0.2.h-1 || 1:1.0.2.i-1 || <1d || Fixed ({{bug|49616}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000720.html ASA-201609-24]<br />
|- <br />
| {{CVE|CVE-2016-7044}} {{CVE|CVE-2016-7045}} [https://irssi.org/security/irssi_sa_2016.txt] || {{pkg|irssi}} || 2016-09-21 || <= 0.8.19-2 || 0.8.20-1 || || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000716.html ASA-201609-20]<br />
|- <br />
| {{CVE|CVE-2016-5270}} {{CVE|CVE-2016-5271}} {{CVE|CVE-2016-5272}} {{CVE|CVE-2016-5273}} {{CVE|CVE-2016-5276}} {{CVE|CVE-2016-5274}} {{CVE|CVE-2016-5277}} {{CVE|CVE-2016-5275}} {{CVE|CVE-2016-5278}} {{CVE|CVE-2016-5279}} {{CVE|CVE-2016-5280}} {{CVE|CVE-2016-5281}} {{CVE|CVE-2016-5282}} {{CVE|CVE-2016-5283}} {{CVE|CVE-2016-5284}} {{CVE|CVE-2016-5256}} {{CVE|CVE-2016-5257}} [https://www.mozilla.org/en-US/security/advisories/mfsa2016-85/] || {{pkg|firefox}} || 2016-09-13 || <= 48.0.2-1 || 49.0-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000718.html ASA-201609-22]<br />
|- <br />
| {{CVE|CVE-2016-5388}} || {{pkg|tomcat7}} || 2016-09-18 || <= 7.0.70-1 || 7.0.72-1 || || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000717.html ASA-201609-21]<br />
|- <br />
| {{CVE|CVE-2016-7420}} [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7420] || {{pkg|crypto++}} || 2016-09-18 || <= 5.6.4-2 || 5.6.5-1 || <24d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-October/000736.html ASA-201610-8 ]<br />
|- <br />
| {{CVE|CVE-2016-7444}} [http://seclists.org/oss-sec/2016/q3/545] [https://www.gnutls.org/security.html#GNUTLS-SA-2016-3] || {{pkg|gnutls}} || 2016-09-08 || <= 3.4.14-1 || 3.4.15-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000721.html ASA-201609-25]<br />
|- <br />
| {{CVE|CVE-2016-7444}} [http://seclists.org/oss-sec/2016/q3/545] [https://www.gnutls.org/security.html#GNUTLS-SA-2016-3] || {{pkg|lib32-gnutls}} || 2016-09-08 || <= 3.4.14-1 || 3.4.15-1 || 13d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000722.html ASA-201609-26]<br />
|- <br />
| {{CVE|CVE-2016-5170}} {{CVE|CVE-2016-5171}} {{CVE|CVE-2016-5172}} {{CVE|CVE-2016-5173}} {{CVE|CVE-2016-5174}} {{CVE|CVE-2016-5175}} [https://googlechromereleases.blogspot.fr/2016/09/stable-channel-update-for-desktop_13.html] || {{pkg|chromium}} || 2016-09-13 || <= 53.0.2785.101-1 || 53.0.2785.116-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000709.html ASA-201609-13]<br />
|- <br />
| {{CVE|CVE-2016-7412}} {{CVE|CVE-2016-7413}} {{CVE|CVE-2016-7414}} {{CVE|CVE-2016-7416}} {{CVE|CVE-2016-7417}} {{CVE|CVE-2016-7418}} [http://www.openwall.com/lists/oss-security/2016/09/15/10] || {{pkg|php}} || 2016-09-15 || <= 7.0.10-1 || 7.0.11-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000712.html ASA-201609-16]<br />
|- <br />
| {{CVE|CVE-2016-6352}} [https://bugzilla.redhat.com/show_bug.cgi?id=1349751] || {{pkg|lib32-gdk-pixbuf2}} || 2016-08-31 || <= 2.34.0-1 || || || '''Vulnerable''' ||<br />
|- <br />
| {{CVE|CVE-2016-6352}} [https://bugzilla.redhat.com/show_bug.cgi?id=1349751] || {{pkg|gdk-pixbuf2}} || 2016-08-31 || <= 2.34.0-2 || 2.36.0+2+ga7c869a-1 || 50d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-October/000737.html ASA-201610-9]<br />
|- <br />
| {{CVE|CVE-2016-7167}} [https://curl.haxx.se/docs/adv_20160914.html] || {{pkg|curl}} || 2016-09-14 || <= 7.50.2-1 || 7.50.3-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000715.html ASA-201609-19]<br />
|- <br />
| {{CVE|CVE-2016-7167}} [https://curl.haxx.se/docs/adv_20160914.html] || {{pkg|lib32-curl}} || 2016-09-14 || <= 7.50.0-1 || 7.50.3-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000714.html ASA-201609-18]<br />
|- <br />
| {{CVE|CVE-2016-4271}} {{CVE|CVE-2016-4272}} {{CVE|CVE-2016-4274}} {{CVE|CVE-2016-4275}} {{CVE|CVE-2016-4276}} {{CVE|CVE-2016-4277}} {{CVE|CVE-2016-4278}} {{CVE|CVE-2016-4279}} {{CVE|CVE-2016-4280}} {{CVE|CVE-2016-4281}} {{CVE|CVE-2016-4282}} {{CVE|CVE-2016-4283}} {{CVE|CVE-2016-4284}} {{CVE|CVE-2016-4285}} {{CVE|CVE-2016-4287}} {{CVE|CVE-2016-6921}} {{CVE|CVE-2016-6922}} {{CVE|CVE-2016-6923}} {{CVE|CVE-2016-6924}} {{CVE|CVE-2016-6925}} {{CVE|CVE-2016-6926}} {{CVE|CVE-2016-6927}} {{CVE|CVE-2016-6929}} {{CVE|CVE-2016-6930}} {{CVE|CVE-2016-6931}} {{CVE|CVE-2016-6932}} [https://helpx.adobe.com/security/products/flash-player/apsb16-29.html] || {{pkg|flashplugin}} {{pkg|lib32-flashplugin}} || 2016-09-13 || <= 11.2.202.632-1 || 11.2.202.635-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000707.html ASA-201609-11] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000708.html ASA-201609-12]<br />
|- <br />
| {{CVE|CVE-2016-6662}} {{CVE|CVE-2016-6663}} [https://mariadb.org/mariadb-server-versions-remote-root-code-execution-vulnerability-cve-2016-6662/] [https://jira.mariadb.org/browse/MDEV-10465] [http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html] || {{Pkg|mariadb}} || 2016-09-13 || <= 10.1.16-2 || 10.1.17-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000706.html ASA-201609-10]<br />
|-<br />
| {{CVE|CVE-2016-7180}} {{CVE|CVE-2016-7175}} {{CVE|CVE-2016-7176}} {{CVE|CVE-2016-7177}} {{CVE|CVE-2016-7178}} {{CVE|CVE-2016-7179}} [https://www.wireshark.org/security/wnpa-sec-2016-50.html] [https://www.wireshark.org/security/wnpa-sec-2016-51.html] [https://www.wireshark.org/security/wnpa-sec-2016-52.html] [https://www.wireshark.org/security/wnpa-sec-2016-53.html] [https://www.wireshark.org/security/wnpa-sec-2016-54.html] [https://www.wireshark.org/security/wnpa-sec-2016-55.html] || {{pkg|wireshark-cli}} || 2016-09-09 || <= 2.0.5-1 || 2.2.0-1 || 15d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000723.html ASA-201609-27]<br />
|- <br />
| {{CVE|CVE-2016-5388}} [https://www.apache.org/security/asf-httpoxy-response.txt] || {{pkg|tomcat8}} || 2016-07-18 || <= 8.0.36-1 || 8.0.37-1 || 52d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000703.html ASA-201609-7] <br />
|-<br />
| {{CVE|CVE-2016-7164}} [http://ftp.gnome.org/mirror/gnome.org/sources/file-roller/3.20/file-roller-3.20.3.news] || {{pkg|file-roller}} || 2016-09-08 || <= 3.20.2-1 || 3.20.3-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000701.html ASA-201609-5]<br />
|-<br />
| {{CVE|CVE-2016-5426}} {{CVE|CVE-2016-5427}} [http://seclists.org/oss-sec/2016/q3/464] [https://doc.powerdns.com/md/security/powerdns-advisory-2016-01/] || {{pkg|powerdns}} || 2016-09-08 || 3.4.9-1 || 4.0.1-3 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000705.html ASA-201609-9]<br />
|-<br />
| {{CVE|CVE-2016-7164}} [http://seclists.org/oss-sec/2016/q3/443] || {{pkg|libtorrent-rasterbar}} || 2016-09-08 || <= 1:1.1-3 || 1:1.1.1-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000704.html ASA-201609-8]<br />
|-<br />
| {{CVE|CVE-2016-7141}} [https://curl.haxx.se/docs/adv_20160907.html] || {{pkg|curl}} || 2016-09-07 || N/A || N/A || - || Not Affected || None<br />
|-<br />
| {{CVE|CVE-2016-2835}} {{CVE|CVE-2016-2836}} [https://www.mozilla.org/en-US/security/advisories/mfsa2016-62/] || {{pkg|thunderbird}} || 2016-08-30 || <= 45.2.0-2 || 45.3.0-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000699.html ASA-201609-3]<br />
|-<br />
| {{CVE|CVE-2016-7134}} {{CVE|CVE-2016-7133}} {{CVE|CVE-2016-7132}} {{CVE|CVE-2016-7131}} {{CVE|CVE-2016-7130}} {{CVE|CVE-2016-7129}} {{CVE|CVE-2016-7128}} {{CVE|CVE-2016-7127}} {{CVE|CVE-2016-7126}} {{CVE|CVE-2016-7125}} {{CVE|CVE-2016-7124}} [http://www.openwall.com/lists/oss-security/2016/09/02/9] || {{pkg|php}} || 2016-09-03 || <= 7.0.10-1 || 7.0.11-1 || || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-5147}} {{CVE|CVE-2016-5148}} {{CVE|CVE-2016-5149}} {{CVE|CVE-2016-5150}} {{CVE|CVE-2016-5151}} {{CVE|CVE-2016-5152}} {{CVE|CVE-2016-5153}} {{CVE|CVE-2016-5154}} {{CVE|CVE-2016-5155}} {{CVE|CVE-2016-5156}} {{CVE|CVE-2016-5157}} {{CVE|CVE-2016-5158}} {{CVE|CVE-2016-5159}} {{CVE|CVE-2016-5160}} {{CVE|CVE-2016-5161}} {{CVE|CVE-2016-5162}} {{CVE|CVE-2016-5163}} {{CVE|CVE-2016-5164}} {{CVE|CVE-2016-5165}} {{CVE|CVE-2016-5166}} {{CVE|CVE-2016-5167}} [https://googlechromereleases.blogspot.fr/2016/08/stable-channel-update-for-desktop_31.html] || {{pkg|chromium}} || 2016-08-31 || <= 52.0.2743.116-1 || 53.0.2785.89-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000697.html ASA-201609-1]<br />
|-<br />
| {{CVE|CVE-2016-6525}} [http://bugs.ghostscript.com/show_bug.cgi?id=696954] || {{Pkg|mupdf}} || 2016-07-19 || <= 1.9a-4 || 1.9a-5 || 1d || Fixed ([https://bugs.archlinux.org/task/50590 FS#50590 ]) || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000696.html ASA-201608-22] <br />
|-<br />
| {{CVE|CVE-2016-6265}} [http://bugs.ghostscript.com/show_bug.cgi?id=696941] || {{Pkg|mupdf}} || 2016-07-19 || <= 1.9a-3 || 1.9a-4 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000695.html ASA-201608-21] <br />
|-<br />
| {{CVE|CVE-2016-4590}} {{CVE|CVE-2016-4591}} {{CVE|CVE-2016-4622}} {{CVE|CVE-2016-4624}} [https://webkitgtk.org/2016/08/24/webkitgtk2.12.4-released.html] [https://webkitgtk.org/security/WSA-2016-0005.html] || {{pkg|webkit2gtk}} || 2016-08-24 || <= 2.12.3-1 || 2.12.4-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000698.html ASA-201609-2]<br />
|-<br />
| {{CVE|CVE-2016-6331}} {{CVE|CVE-2016-6332}} {{CVE|CVE-2016-6333}} {{CVE|CVE-2016-6334}} {{CVE|CVE-2016-6335}} {{CVE|CVE-2016-6336}} {{CVE|CVE-2016-6337}} [https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html] || {{pkg|mediawiki}} || 2016-08-23 || <= 1.27.0-1 || 1.27.1-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000693.html ASA-201608-19] <br />
|-<br />
| {{CVE|CVE-2016-6313}} [https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html] || {{pkg|lib32-libgcrypt}} || 2016-08-17 || <= 1.7.2-1 || 1.7.3-1 || 31d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000710.html ASA-201609-14]<br />
|-<br />
| {{CVE|CVE-2016-6313}} [https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html] || {{pkg|libgcrypt}} || 2016-08-17 || <= 1.7.2-1 || 1.7.3-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000692.html ASA-201608-18]<br />
|-<br />
| {{CVE|CVE-2016-5423}} {{CVE|CVE-2016-5424}} [https://www.postgresql.org/about/news/1688/] || {{pkg|postgresql}} {{pkg|postgresql-libs}} || 2016-08-11 || <= 9.5.3-1 || 9.5.4-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000688.html ASA-201608-14]<br />
|-<br />
| {{CVE|CVE-2016-5696}} [http://seclists.org/oss-sec/2016/q3/44] [https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=75ff39ccc1bd5d3c455b6822ab09e533c551f758] || {{pkg|linux}} || 2016-07-12 || <= 4.6.4-1 || 4.7-1 || 31d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000686.html ASA-201608-12]<br />
|-<br />
| {{CVE|CVE-2016-5696}} [http://seclists.org/oss-sec/2016/q3/44] [https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=75ff39ccc1bd5d3c455b6822ab09e533c551f758] || {{pkg|linux-grsec}} || 2016-07-12 || <= 4.6.5.201607312210-1 || 4.7.201608131240-1 || 33d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000687.html ASA-201608-13]<br />
|-<br />
| {{CVE|CVE-2016-5696}} [http://seclists.org/oss-sec/2016/q3/44] [https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=75ff39ccc1bd5d3c455b6822ab09e533c551f758] || {{pkg|linux-lts}} || 2016-07-12 || <= 4.4.16-1 || 4.4.19-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000691.html ASA-201608-17]<br />
|-<br />
| {{CVE|CVE-2016-5696}} [http://seclists.org/oss-sec/2016/q3/44] [https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=75ff39ccc1bd5d3c455b6822ab09e533c551f758] || {{pkg|linux-zen}} || 2016-07-12 || <= 4.6.5-1 || 4.7-1 || 35d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000689.html ASA-201608-15]<br />
|-<br />
| {{CVE|CVE-2016-5139}} {{CVE|CVE-2016-5140}} {{CVE|CVE-2016-5141}} {{CVE|CVE-2016-5142}} {{CVE|CVE-2016-5143}} {{CVE|CVE-2016-5144}} {{CVE|CVE-2016-5145}} {{CVE|CVE-2016-5146}} [https://googlechromereleases.blogspot.fr/2016/08/stable-channel-update-for-desktop.html] || {{pkg|chromium}} || 2016-08-03 || <= 52.0.2743.85-2 || 52.0.2743.116-1 || 14d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000690.html ASA-201608-16]<br />
|-<br />
| {{CVE|CVE-2016-6255}} || {{pkg|libupnp}} || 2016-08-08 || <= 1.6.19-1 || 1.6.20-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000682.html ASA-201608-8]<br />
|-<br />
| {{CVE|CVE-2016-3075}} {{CVE|CVE-2016-5417}} [https://sourceware.org/bugzilla/show_bug.cgi?id=19879] [https://sourceware.org/bugzilla/show_bug.cgi?id=19257] || {{pkg|glibc}} {{pkg|lib32-glibc}} || 2016-08-02 || <= 2.23-5 || 2.24-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000680.html ASA-201608-6] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000681.html ASA-201608-7]<br />
|-<br />
| {{CVE|CVE-2016-3458}} {{CVE|CVE-2016-3500}} {{CVE|CVE-2016-3508}} {{CVE|CVE-2016-3550}} {{CVE|CVE-2016-3598}} {{CVE|CVE-2016-3606}} {{CVE|CVE-2016-3610}} [http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2016-July/036560.html] || {{pkg|jdk7-openjdk}} {{pkg|jre7-openjdk}} {{pkg|jre7-openjdk-headless}} || 2016-07-29 || <= 7.u101_2.6.6 || 7.u111_2.6.7 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000677.html ASA-201608-3] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000678.html ASA-201608-4] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000679.html ASA-201608-5]<br />
|-<br />
| {{CVE|CVE-2016-0718}} {{CVE|CVE-2016-2830}} {{CVE|CVE-2016-2835}} {{CVE|CVE-2016-2836}} {{CVE|CVE-2016-2837}} {{CVE|CVE-2016-2838}} {{CVE|CVE-2016-2839}} {{CVE|CVE-2016-5250}} {{CVE|CVE-2016-5251}} {{CVE|CVE-2016-5252}} {{CVE|CVE-2016-5254}} {{CVE|CVE-2016-5255}} {{CVE|CVE-2016-5258}} {{CVE|CVE-2016-5259}} {{CVE|CVE-2016-5260}} {{CVE|CVE-2016-5261}} {{CVE|CVE-2016-5262}} {{CVE|CVE-2016-5263}} {{CVE|CVE-2016-5264}} {{CVE|CVE-2016-5265}} {{CVE|CVE-2016-5266}} {{CVE|CVE-2016-5268}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox48] || {{pkg|firefox}} || 2016-08-02 || <= 47.0.1-1 || 48.0-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000676.html ASA-201608-2]<br />
|-<br />
| {{CVE|CVE-2016-5419}} {{CVE|CVE-2016-5420}} {{CVE|CVE-2016-5421}} [https://curl.haxx.se/docs/adv_20160803A.html] [https://curl.haxx.se/docs/adv_20160803B.html] [https://curl.haxx.se/docs/adv_20160803C.html] || {{pkg|curl}} || 2016-08-03 || <= 7.50.0-1 || 7.50.1-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000683.html ASA-201608-9]<br />
|-<br />
| {{CVE|CVE-2016-6210}} [http://www.openssh.com/txt/release-7.3] [http://seclists.org/fulldisclosure/2016/Jul/51] || {{pkg|openssh}} || 2016-07-14 || <= 7.2p2-2 || 7.3p1-1 || 16d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000675.html ASA-201608-1]<br />
|-<br />
| {{CVE|CVE-2016-6503}} {CVE|CVE-2016-6504}} {{CVE|CVE-2016-6507}} [http://seclists.org/oss-sec/2016/q3/217] [[http://www.wireshark.org/security/wnpa-sec-2016-39.html] [http://www.wireshark.org/security/wnpa-sec-2016-40.html] [http://www.wireshark.org/security/wnpa-sec-2016-43.html] || {{pkg|wireshark-cli}} || 2016-07-28 || <= 2.0.4-1 || - || - || Not Affected || None<br />
|-<br />
| {{CVE|CVE-2016-6505}} {{CVE|CVE-2016-6506}} {{CVE|CVE-2016-6508}} {{CVE|CVE-2016-6509}} {{CVE|CVE-2016-6510}} {{CVE|CVE-2016-6511}} {{CVE|CVE-2016-6512}} {{CVE|CVE-2016-6513}} [http://seclists.org/oss-sec/2016/q3/217] [http://www.wireshark.org/security/wnpa-sec-2016-41.html] [http://www.wireshark.org/security/wnpa-sec-2016-42.html] [http://www.wireshark.org/security/wnpa-sec-2016-44.html] [http://www.wireshark.org/security/wnpa-sec-2016-45.html] [http://www.wireshark.org/security/wnpa-sec-2016-46.html] [http://www.wireshark.org/security/wnpa-sec-2016-47.html] [http://www.wireshark.org/security/wnpa-sec-2016-48.html] [http://www.wireshark.org/security/wnpa-sec-2016-49.html] || {{pkg|wireshark-cli}} || 2016-07-28 || <= 2.0.4-1 || 2.0.5-1 || 26d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000694.html ASA-201608-20]<br />
|-<br />
| {{CVE|CVE-2016-6491}} [http://seclists.org/oss-sec/2016/q3/194] [http://git.imagemagick.org/repos/ImageMagick/commit/5cb6c1acd3e3b12f9260daf207db432df7f792c2] || {{pkg|imagemagick}} || 2016-07-27 || <= 6.9.5.2-1 || 6.9.5.3-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000673.html ASA-201607-13]<br />
|-<br />
| {{CVE|CVE-2015-8948}} {{CVE|CVE-2016-6261}} {{CVE|CVE-2016-6262}} {{CVE|CVE-2016-6263}} || {{Pkg|libidn}} || 2016-07-20 || <= 1.32-1 || 1.33-1 || 10d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000674.html ASA-201607-14]<br />
|-<br />
| {{CVE|CVE-2016-6186}} || {{Pkg|python-django}} {{Pkg|python2-django}}|| 2016-07-18 || <= 1.9.8-1 || 1.9.8-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000670.html ASA-201607-10] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000671.html ASA-201607-11]<br />
|-<br />
| {{CVE|CVE-2016-1705}} {{CVE|CVE-2016-1706}} {{CVE|CVE-2016-1708}} {{CVE|CVE-2016-1709}} {{CVE|CVE-2016-1710}} {{CVE|CVE-2016-1711}} {{CVE|CVE-2016-5127}} {{CVE|CVE-2016-5128}} {{CVE|CVE-2016-5129}} {{CVE|CVE-2016-5130}} {{CVE|CVE-2016-5131}} {{CVE|CVE-2016-5132}} {{CVE|CVE-2016-5133}} {{CVE|CVE-2016-5134}} {{CVE|CVE-2016-5135}} {{CVE|CVE-2016-5136}} {{CVE|CVE-2016-5137}} [https://googlechromereleases.blogspot.fr/2016/07/stable-channel-update.html] || {{pkg|chromium}} || 2016-07-20 || <= 51.0.2704.106-1 || 52.0.2743.82-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000672.html ASA-201607-12]<br />
|-<br />
| {{CVE|CVE-2016-5385}} [https://www.drupal.org/SA-CORE-2016-003] || {{pkg|drupal}} || 2016-07-18 || <= 8.1.6-1 || 8.1.7-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000669.html ASA-201607-9]<br />
|-<br />
| {{CVE|CVE-2016-2775}} [https://kb.isc.org/article/AA-01393/74/CVE-2016-2775] || {{pkg|bind}} || 2016-07-19 || <= 9.10.4.P1-2 || 9.10.4.P2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000668.html ASA-201607-8]<br />
|-<br />
|{{CVE|CVE-2016-4173}} {{CVE|CVE-2016-4174}} {{CVE|CVE-2016-4175}} {{CVE|CVE-2016-4176}} {{CVE|CVE-2016-4177}} {{CVE|CVE-2016-4179}} {{CVE|CVE-2016-4180}} {{CVE|CVE-2016-4181}} {{CVE|CVE-2016-4182}} {{CVE|CVE-2016-4183}} {{CVE|CVE-2016-4184}} {{CVE|CVE-2016-4185}} {{CVE|CVE-2016-4186}} {{CVE|CVE-2016-4187}} {{CVE|CVE-2016-4188}} {{CVE|CVE-2016-4189}} {{CVE|CVE-2016-4190}} {{CVE|CVE-2016-4217}} {{CVE|CVE-2016-4218}} {{CVE|CVE-2016-4219}} {{CVE|CVE-2016-4220}} {{CVE|CVE-2016-4221}} {{CVE|CVE-2016-4222}} {{CVE|CVE-2016-4223}} {{CVE|CVE-2016-4224}} {{CVE|CVE-2016-4225}} {{CVE|CVE-2016-4226}} {{CVE|CVE-2016-4227}} {{CVE|CVE-2016-4228}} {{CVE|CVE-2016-4229}} {{CVE|CVE-2016-4230}} {{CVE|CVE-2016-4231}} {{CVE|CVE-2016-4232}} {{CVE|CVE-2016-4233}} {{CVE|CVE-2016-4234}} {{CVE|CVE-2016-4235}} {{CVE|CVE-2016-4236}} {{CVE|CVE-2016-4237}} {{CVE|CVE-2016-4238}} {{CVE|CVE-2016-4239}} {{CVE|CVE-2016-4240}} {{CVE|CVE-2016-4241}} {{CVE|CVE-2016-4242}} {{CVE|CVE-2016-4243}} {{CVE|CVE-2016-4244}} {{CVE|CVE-2016-4245}} {{CVE|CVE-2016-4246}} {{CVE|CVE-2016-4247}} {{CVE|CVE-2016-4248}} || {{pkg|flashplugin}} {{pkg|lib32-flashplugin}} || 2016-07-12 || <= 11.2.202.626-1 || 11.2.202.632-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000666.html ASA-201607-6] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000667.html ASA-201607-7]<br />
|-<br />
| {{CVE|CVE-2016-2815}} {{CVE|CVE-2016-2818}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird45.2] || {{pkg|thunderbird}} || 2016-06-30 || <= 45.1.1-2 || 45.2.0-1 || 10d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000664.html ASA-201607-4]<br />
|-<br />
| {{CVE|CVE-2016-4979}} [https://httpd.apache.org/security/vulnerabilities_24.html] || {{pkg|apache}} || 2016-07-05 || 2.4.18-2.4.20 || 2.4.23-1 || || Fixed ({{bug|49958}}) || None<br />
|-<br />
| {{CVE|CVE-2016-4994}} [https://bugzilla.gnome.org/show_bug.cgi?id=767873] || {{pkg|gimp}} || 2016-06-21 || <= 2.8.16-2 || 2.8.18-1 || 26d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000665.html ASA-201607-5]<br />
|-<br />
| {{CVE|CVE-2016-4472}} [https://bugzilla.redhat.com/show_bug.cgi?id=1344251] || {{pkg|expat}} || 2016-06-30 || <= 2.1.1-3 || 2.2.0-1 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-3189}} [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3189] || {{pkg|bzip2}} || 2016-06-30 || <= 1.0.6-5 || || || '''Vulnerable''' ||<br />
|-<br />
| {{CVE|CVE-2016-4463}} [http://seclists.org/bugtraq/2016/Jun/115] || {{pkg|xerces-c}} || 2016-06-29 || <= 3.1.3-2 || 3.1.4-1 || <3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000662.html ASA-201607-2]<br />
|-<br />
| {{CVE|CVE-2016-4324}} [http://www.talosintelligence.com/reports/TALOS-2016-0126/] || {{pkg|libreoffice-fresh}} || 2016-06-27 || <= 5.1.3-2 || 5.1.4-1 || <0d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000663.html ASA-201607-3]<br />
|-<br />
| {{CVE|CVE-2016-5701}} {{CVE|CVE-2016-5702}} {{CVE|CVE-2016-5703}} {{CVE|CVE-2016-5704}} {{CVE|CVE-2016-5705}} {{CVE|CVE-2016-5706}} {{CVE|CVE-2016-5730}} {{CVE|CVE-2016-5731}} {{CVE|CVE-2016-5732}} {{CVE|CVE-2016-5733}} {{CVE|CVE-2016-5734}} {{CVE|CVE-2016-5739}} [https://www.phpmyadmin.net/security/PMASA-2016-17/] [https://www.phpmyadmin.net/security/PMASA-2016-18/] [https://www.phpmyadmin.net/security/PMASA-2016-19/] [https://www.phpmyadmin.net/security/PMASA-2016-20/] [https://www.phpmyadmin.net/security/PMASA-2016-21/] [https://www.phpmyadmin.net/security/PMASA-2016-22/] [https://www.phpmyadmin.net/security/PMASA-2016-23/] [https://www.phpmyadmin.net/security/PMASA-2016-24/] [https://www.phpmyadmin.net/security/PMASA-2016-25/] [https://www.phpmyadmin.net/security/PMASA-2016-26/] [https://www.phpmyadmin.net/security/PMASA-2016-27/] [https://www.phpmyadmin.net/security/PMASA-2016-28/] || {{pkg|phpmyadmin}} || 2016-06-23 || <= 4.6.2-1 || 4.6.3-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000660.html ASA-201606-25]<br />
|-<br />
| {{CVE|CVE-2016-1704}} [https://googlechromereleases.blogspot.fr/2016/06/stable-channel-update_16.html] || {{pkg|chromium}} || 2016-01-16 || <= 51.0.2704.84-1 || 51.0.2704.103-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000655.html ASA-201606-20]<br />
|-<br />
| {{CVE|CVE-2016-2365}} {{CVE|CVE-2016-2366}} {{CVE|CVE-2016-2367}} {{CVE|CVE-2016-2368}} {{CVE|CVE-2016-2369}} {{CVE|CVE-2016-2370}} {{CVE|CVE-2016-2371}} {{CVE|CVE-2016-2372}} {{CVE|CVE-2016-2373}} {{CVE|CVE-2016-2374}} {{CVE|CVE-2016-2375}} {{CVE|CVE-2016-2376}} {{CVE|CVE-2016-2377}} {{CVE|CVE-2016-2378}} {{CVE|CVE-2016-2380}} {{CVE|CVE-2016-4323}} [http://blog.talosintel.com/2016/06/vulnerability-spotlight-pidgin.html] || {{pkg|libpurple}} || 2016-01-21 || <= 2.10.12-4 || 2.11.0-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000659.html ASA-201606-24]<br />
|-<br />
| {{CVE|CVE-2016-1541}} [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1541] || {{pkg|libarchive}} || 2016-01-17 || <= 3.1.2-8 || 3.2.0-1 || 47d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000661.html ASA-201607-1]<br />
|-<br />
| {{CVE|CVE-2016-5875}} {{CVE|CVE-2016-5314}} {{CVE|CVE-2016-5315}} {{CVE|CVE-2016-5316}} {{CVE|CVE-2016-5317}} {{CVE|CVE-2016-5320}} {{CVE|CVE-2016-5321}} {{CVE|CVE-2016-5322}} {{CVE|CVE-2016-5323}} {{CVE|CVE-2016-5102}} {{CVE|CVE-2016-3991}} {{CVE|CVE-2016-3990}} {{CVE|CVE-2016-3945}} {{CVE|CVE-2016-3658}} {{CVE|CVE-2016-3634}} {{CVE|CVE-2016-3633}} {{CVE|CVE-2016-3632}} {{CVE|CVE-2016-3631}} {{CVE|CVE-2016-3625}} {{CVE|CVE-2016-3624}} {{CVE|CVE-2016-3623}} {{CVE|CVE-2016-3622}} {{CVE|CVE-2016-3621}} {{CVE|CVE-2016-3620}} {{CVE|CVE-2016-3619}} {{CVE|CVE-2016-3186}} {{CVE|CVE-2015-8668}} {{CVE|CVE-2015-7313}} {{CVE|CVE-2014-8130}} {{CVE|CVE-2014-8127}} {{CVE|CVE-2010-2596}} {{CVE|CVE-2016-6223}} [http://www.openwall.com/lists/oss-security/2016/06/15/1] [http://www.openwall.com/lists/oss-security/2016/06/15/2] [http://www.openwall.com/lists/oss-security/2016/06/15/3] [http://www.openwall.com/lists/oss-security/2016/06/15/5] [http://www.openwall.com/lists/oss-security/2016/06/15/6] [http://www.openwall.com/lists/oss-security/2016/06/15/7] [http://www.openwall.com/lists/oss-security/2016/06/15/8] [http://www.openwall.com/lists/oss-security/2016/06/15/9] [https://security-tracker.debian.org/tracker/source-package/tiff] [http://www.openwall.com/lists/oss-security/2016/07/13/3] || {{pkg|libtiff}} || 2016-06-19 || <= 4.0.6-2 || || || '''Vulnerable''' ||<br />
|-<br />
| {{CVE|CVE-2016-4122}} {{CVE|CVE-2016-4123}} {{CVE|CVE-2016-4124}} {{CVE|CVE-2016-4125}} {{CVE|CVE-2016-4127}} {{CVE|CVE-2016-4128}} {{CVE|CVE-2016-4129}} {{CVE|CVE-2016-4130}} {{CVE|CVE-2016-4131}} {{CVE|CVE-2016-4132}} {{CVE|CVE-2016-4133}} {{CVE|CVE-2016-4134}} {{CVE|CVE-2016-4135}} {{CVE|CVE-2016-4136}} {{CVE|CVE-2016-4137}} {{CVE|CVE-2016-4138}} {{CVE|CVE-2016-4139}} {{CVE|CVE-2016-4140}} {{CVE|CVE-2016-4141}} {{CVE|CVE-2016-4142}} {{CVE|CVE-2016-4143}} {{CVE|CVE-2016-4144}} {{CVE|CVE-2016-4145}} {{CVE|CVE-2016-4146}} {{CVE|CVE-2016-4147}} {{CVE|CVE-2016-4148}} {{CVE|CVE-2016-4149}} {{CVE|CVE-2016-4150}} {{CVE|CVE-2016-4151}} {{CVE|CVE-2016-4152}} {{CVE|CVE-2016-4153}} {{CVE|CVE-2016-4154}} {{CVE|CVE-2016-4155}} {{CVE|CVE-2016-4156}} {{CVE|CVE-2016-4166}} {{CVE|CVE-2016-4171}} [https://helpx.adobe.com/security/products/flash-player/apsb16-18.html] || {{pkg|flashplugin}} {{pkg|lib32-flashplugin}} || 2016-06-16 || <= 11.2.202.621-1 || 11.2.202.626-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000650.html ASA-201606-15] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000653.html ASA-201606-18]<br />
|-<br />
| {{CVE|CVE-2016-4971}} [https://lists.gnu.org/archive/html/bug-wget/2016-06/msg00033.html] || {{pkg|wget}} || 2016-06-09 || <= 1.17.1-2 || 1.18-1 || 11d || Fixed ({{bug|49730}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000654.html ASA-201606-19]<br />
|-<br />
| {{CVE|CVE-2012-6702}} {{CVE|CVE-2016-5300}} || {{pkg|expat}} {{pkg|lib32-expat}} || 2016-06-07 || <= 2.1.1-2 || 2.1.1-3 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000648.html ASA-201606-13] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000649.html ASA-201606-14]<br />
|-<br />
| {{CVE|CVE-2016-5360}} [http://seclists.org/oss-sec/2016/q2/512] || {{pkg|haproxy}} || 2016-06-09 || <= 1.6.5-3 || 1.6.5-4 || 1d || Fixed ({{bug|49638}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000646.html ASA-201606-11]<br />
|-<br />
| {{CVE|CVE-2016-2815}} {{CVE|CVE-2016-2818}} {{CVE|CVE-2016-2819}} {{CVE|CVE-2016-2821}} {{CVE|CVE-2016-2822}} {{CVE|CVE-2016-2825}} {{CVE|CVE-2016-2828}} {{CVE|CVE-2016-2829}} {{CVE|CVE-2016-2831}} {{CVE|CVE-2016-2832}} {{CVE|CVE-2016-2833}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox47] || {{pkg|firefox}} || 2016-06-07 || <= 46.0.1-1 || 47.0-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000642.html ASA-201606-7]<br />
|-<br />
| {{CVE|CVE-2016-4456}} [https://marc.ttias.be/oss-security/2016-06/msg00043.php] [http://gnutls.org/security.html#GNUTLS-SA-2016-1] || {{pkg|gnutls}} {{pkg|lib32-gnutls}} || 2016-06-06 || <= 3.4.12-1 || 3.4.13-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000645.html ASA-201606-10] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000647.html ASA-201606-12]<br />
|-<br />
| {{CVE|CVE-2015-8899}} [http://www.openwall.com/lists/oss-security/2016/06/04/2] || {{pkg|dnsmasq}} || 2016-06-04 || <= 2.75-1 || 2.76-1 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-4953}} {{CVE|CVE-2016-4954}} {{CVE|CVE-2016-4955}} {{CVE|CVE-2016-4956}} {{CVE|CVE-2016-4957}} [http://support.ntp.org/bin/view/Main/SecurityNotice#June_2016_ntp_4_2_8p8_NTP_Securi] || {{pkg|ntp}} || 2016-06-02 || <= 4.2.8.p7-1 || 4.2.8.p8-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000639.html ASA-201606-4]<br />
|-<br />
| {{CVE|CVE-2016-4429}} [https://sourceware.org/bugzilla/show_bug.cgi?id=20112] || {{pkg|glibc}} {{pkg|lib32-glibc}} || 2016-05-18 || <= 2.23-4 || 2.23-5 || 25d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000651.html ASA-201606-16] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000652.html ASA-201606-17]<br />
|-<br />
| {{CVE|CVE-2016-5244}} {{CVE|CVE-2016-5243}} [http://www.openwall.com/lists/oss-security/2016/06/03/5] [http://www.openwall.com/lists/oss-security/2016/06/03/4] || {{pkg|linux}} || 2016-06-03 || <= 4.6.1 || || || Not Affected ||<br />
|-<br />
| {{CVE|CVE-2016-1696}} {{CVE|CVE-2016-1697}} {{CVE|CVE-2016-1698}} {{CVE|CVE-2016-1699}} {{CVE|CVE-2016-1700}} {{CVE|CVE-2016-1701}} {{CVE|CVE-2016-1702}} {{CVE|CVE-2016-1703}} [http://googlechromereleases.blogspot.fr/2016/06/stable-channel-update.html] || {{pkg|chromium}} || 2016-06-01 || <= 51.0.2704.63-1 || 51.0.2704.79-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000640.html ASA-201606-5]<br />
|-<br />
| {{CVE|CVE-2016-4450}} [http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html] [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4450] || {{pkg|nginx-mainline}} || 2016-05-31 || <= 1.11-1 || 1.11.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000637.html ASA-201606-2]<br />
|-<br />
| {{CVE|CVE-2016-4450}} [http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html] [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4450] || {{pkg|nginx}} || 2016-05-31 || <= 1.10-1 || 1.10.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000636.html ASA-201606-1]<br />
|-<br />
| {{CVE|CVE-2016-1857}} [http://webkitgtk.org/security/WSA-2016-0004.html] || {{pkg|webkit2gtk}} || 2016-05-30 || <= 2.12.2-1 || 2.12.3-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000638.html ASA-201606-3]<br />
|-<br />
| {{CVE|CVE-2016-5108}} [http://www.openwall.com/lists/oss-security/2016/05/27/7] || {{pkg|vlc}} || 2016-05-27 || <= 2.2.3-3 || 2.2.4-1 || 11d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000656.html ASA-201606-21]<br />
|-<br />
| {{CVE|CVE-2016-5104}} [http://www.openwall.com/lists/oss-security/2016/05/26/6] || {{pkg|libusbmuxd}} || 2016-05-26 || <= 1.0.10-1 || || || '''Vulnerable''' ||<br />
|-<br />
| {{CVE|CVE-2016-5104}} [http://www.openwall.com/lists/oss-security/2016/05/26/6] || {{pkg|libimobiledevice}} || 2016-05-26 || <= 1.2.0-3 || || || '''Vulnerable''' ||<br />
|-<br />
| {{CVE|CVE-2016-5103}} [http://www.openwall.com/lists/oss-security/2016/05/26/5] || {{pkg|roundcubemail}} || 2016-05-26 || <= 1.2rc-1 || 1.2.0-1 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-1762}} {{CVE|CVE-2016-1833}} {{CVE|CVE-2016-1834}} {{CVE|CVE-2016-1835}} {{CVE|CVE-2016-1836}} {{CVE|CVE-2016-1837}} {{CVE|CVE-2016-1838}} {{CVE|CVE-2016-1839}} {{CVE|CVE-2016-1840}} {{CVE|CVE-2016-3627}} {{CVE|CVE-2016-3705}} {{CVE|CVE-2016-4483}} [https://git.gnome.org/browse/libxml2/log/] || {{pkg|libxml2}} || 2016-05-23 || <= 2.9.3-2 || 2.9.4+0+gbdec218-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000634.html ASA-201605-27]<br />
|-<br />
| {{CVE|CVE-2016-1672}} {{CVE|CVE-2016-1673}} {{CVE|CVE-2016-1674}} {{CVE|CVE-2016-1675}} {{CVE|CVE-2016-1676}} {{CVE|CVE-2016-1677}} {{CVE|CVE-2016-1678}} {{CVE|CVE-2016-1679}} {{CVE|CVE-2016-1680}} {{CVE|CVE-2016-1681}} {{CVE|CVE-2016-1682}} {{CVE|CVE-2016-1683}} {{CVE|CVE-2016-1684}} {{CVE|CVE-2016-1685}} {{CVE|CVE-2016-1686}} {{CVE|CVE-2016-1687}} {{CVE|CVE-2016-1688}} {{CVE|CVE-2016-1689}} {{CVE|CVE-2016-1690}} {{CVE|CVE-2016-1691}} {{CVE|CVE-2016-1692}} {{CVE|CVE-2016-1693}} {{CVE|CVE-2016-1694}} {{CVE|CVE-2016-1695}} [http://googlechromereleases.blogspot.fr/2016/05/stable-channel-update_25.html] || {{pkg|chromium}} || 2016-05-25 || <= 50.0.2661.102-1 || 51.0.2704.63-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000635.html ASA-201605-28]<br />
|-<br />
| {{CVE|CVE-2016-5027}} {{CVE|CVE-2016-5028}} {{CVE|CVE-2016-5029}} {{CVE|CVE-2016-5030}} {{CVE|CVE-2016-5031}} {{CVE|CVE-2016-5032}} {{CVE|CVE-2016-5033}} {{CVE|CVE-2016-5034}} {{CVE|CVE-2016-5035}} {{CVE|CVE-2016-5036}} {{CVE|CVE-2016-5037}} {{CVE|CVE-2016-5038}} {{CVE|CVE-2016-5039}} {{CVE|CVE-2016-5040}} {{CVE|CVE-2016-5041}} {{CVE|CVE-2016-5042}} {{CVE|CVE-2016-5043}} {{CVE|CVE-2016-5044}} [http://seclists.org/oss-sec/2016/q2/393] [https://www.prevanders.net/dwarfbug.html] || {{pkg|libdwarf}} || 2016-05-24 || <= 20160507-1 || 20160613-1 || 27d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000658.html ASA-201606-23]<br />
|-<br />
| {{CVE|CVE-2015-1283}} {{CVE|CVE-2016-0718}} [http://seclists.org/oss-sec/2016/q2/360] || {{pkg|expat}} {{pkg|lib32-expat}} || 2016-05-17 || <= 2.1.1-1 || 2.1.1-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000629.html ASA-201605-22] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000630.html ASA-201605-23]<br />
|-<br />
| {{CVE|CVE-2016-2334}} {{CVE|CVE-2016-2335}} [http://www.talosintel.com/reports/TALOS-2016-0093/] [http://www.talosintel.com/reports/TALOS-2016-0094/] || {{pkg|p7zip}} || 2016-05-10 || <= 15.14.1-1 || 15.14.1-2 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000631.html ASA-201605-24]<br />
|-<br />
| {{CVE|CVE-2016-3698}} [https://github.com/jpirko/libndp/commit/2af9a55b38b55abbf05fd116ec097d4029115839] || {{pkg|libndp}} || 2016-05-17 || <= 1.5-1 || 1.6-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000633.html ASA-201605-26]<br />
|-<br />
| {{CVE|CVE-2016-2803}} [http://seclists.org/bugtraq/2016/May/72] || {{pkg|bugzilla}} || 2016-05-16 || <= 5.0.2-1 || 5.0.3-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000632.html ASA-201605-25]<br />
|-<br />
| {{CVE|CVE-2016-2099}} [https://issues.apache.org/jira/browse/XERCESC-2066] [http://www.openwall.com/lists/oss-security/2016/05/09/7] || {{pkg|xerces-c}} || 2016-05-09 || <= 3.1.3-1 || 3.1.3-2 || 46d || Fixed ({{bug|49353}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000656.html ASA-201606-22]<br />
|-<br />
| [http://blog.jetbrains.com/blog/2016/05/11/security-update-for-intellij-based-ides-v2016-1-and-older-versions/] || {{pkg|intellij-idea-community-edition}} {{pkg|intellij-idea-libs}} || 2016-05-11 || <= 1:2016.1.1-1 || 1:2016.1.2-1 || 3d || Fixed ({{bug|49329}}) || None<br />
|-<br />
| {{CVE|CVE-2016-2804}} {{CVE|CVE-2016-2805}} {{CVE|CVE-2016-2806}} {{CVE|CVE-2016-2807}} [https://www.mozilla.org/en-US/security/advisories/mfsa2016-39/] || {{pkg|thunderbird}} || 2016-05-10 || <= 45.0-1 || 45.1.0-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000628.html ASA-201605-21]<br />
|-<br />
| {{CVE|CVE-2016-1667}} {{CVE|CVE-2016-1668}} {{CVE|CVE-2016-1669}} {{CVE|CVE-2016-1670}} [http://googlechromereleases.blogspot.fr/2016/05/stable-channel-update.html] || {{pkg|chromium}} || 2016-05-11 || <= 50.0.2661.94-1 || 50.0.2661.102-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000622.html ASA-201605-15] <br />
|-<br />
| {{CVE|CVE-2016-3706}} {{CVE|CVE-2016-1234}} [https://sourceware.org/bugzilla/show_bug.cgi?id=20010] || {{pkg|glibc}} {{pkg|lib32-glibc}} || 2016-04-27 || <= 2.23-2 || 2.23-4 || 17d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000626.html ASA-201605-19] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000627.html ASA-201605-20]<br />
|-<br />
| {{CVE|CVE-2016-1096}} {{CVE|CVE-2016-1097}} {{CVE|CVE-2016-1098}} {{CVE|CVE-2016-1099}} {{CVE|CVE-2016-1100}} {{CVE|CVE-2016-1101}} {{CVE|CVE-2016-1102}} {{CVE|CVE-2016-1103}} {{CVE|CVE-2016-1104}} {{CVE|CVE-2016-1105}} {{CVE|CVE-2016-1106}} {{CVE|CVE-2016-1107}} {{CVE|CVE-2016-1108}} {{CVE|CVE-2016-1109}} {{CVE|CVE-2016-1110}} {{CVE|CVE-2016-4108}} {{CVE|CVE-2016-4109}} {{CVE|CVE-2016-4110}} {{CVE|CVE-2016-4111}} {{CVE|CVE-2016-4112}} {{CVE|CVE-2016-4113}} {{CVE|CVE-2016-4114}} {{CVE|CVE-2016-4115}} {{CVE|CVE-2016-4116}} {{CVE|CVE-2016-4117}} [https://helpx.adobe.com/security/products/flash-player/apsa16-02.html] || {{pkg|flashplugin}} {{pkg|lib32-flashplugin}} || 2016-05-10 || <= 11.2.202.616-2 || 11.2.202.621-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000623.html ASA-201605-16] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000625.html ASA-201605-18]<br />
|-<br />
| {{CVE|CVE-2015-8558}} {{CVE|CVE-2016-3710}} {{CVE|CVE-2016-3712}} {{CVE|CVE-2016-5105}} {{CVE|CVE-2016-5107}} {{CVE|CVE-2016-5106}} [http://xenbits.xen.org/xsa/advisory-179.html] [http://www.openwall.com/lists/oss-security/2016/05/25/7] || {{pkg|qemu}} {{pkg|qemu-arch-extra}} || 2016-05-10 || <= 2.5.1-1 || 2.6.0-1 || 28d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000643.html ASA-201606-8] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000644.html ASA-201606-9]<br />
|-<br />
| {{CVE|CVE-2015-8558}} {{CVE|CVE-2016-3710}} {{CVE|CVE-2016-3712}} {{CVE|CVE-2016-5105}} {{CVE|CVE-2016-5107}} {{CVE|CVE-2016-5106}} [http://xenbits.xen.org/xsa/advisory-179.html] [http://www.openwall.com/lists/oss-security/2016/05/25/7] || {{pkg|qemu-guest-agent}} {{pkg|qemu-block-gluster}} {{pkg|qemu-block-iscsi}} {{pkg|qemu-block-rbd}} || 2016-05-10 || <= 2.5.1-1 || - || - || Not Affected || None<br />
|-<br />
| {{CVE|CVE-2016-1926}} [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1926] [http://www.openvas.org/OVSA20160113.html] || {{pkg|greenbone-security-assistant}} || 2016-01-16 || <= 6.0.6-2 || || || '''Vulnerable''' || <br />
|-<br />
| {{CVE|CVE-2016-3659}} [http://bugs.cacti.net/view.php?id=2673] || {{pkg|cacti}} || 2016-03-31 || <= 0.8.8_g-3 || 0.8.8_h-1 || 40d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000621.html ASA-201605-14]<br />
|-<br />
| {{CVE|CVE-2016-4554}} {{CVE|CVE-2016-4555}} {{CVE|CVE-2016-4556}} [http://www.squid-cache.org/Advisories/SQUID-2016_8.txt] [http://www.squid-cache.org/Advisories/SQUID-2016_9.txt] || {{pkg|squid}} || 2016-05-09 || <= 3.5.17-1 || 3.5.19-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000620.html ASA-201605-13]<br />
|-<br />
| {{CVE|CVE-2015-8106}} [http://www.openwall.com/lists/oss-security/2015/11/16/39] || {{pkg|latex2rtf}} || 2015-11-16 || <= 2.3.8-1 || 2.3.10-1 || ~6m || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000616.html ASA-201605-9]<br />
|-<br />
| {{CVE|CVE-2016-3105}} [https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.8_.2F_3.8.1_.282016-5-1.29] || {{pkg|mercurial}} || 2016-05-01 || <= 3.7.3-1 || 3.8.1-1 || 5d || Fixed ({{bug|49239}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000617.html ASA-201605-10] <br />
|-<br />
| {{CVE|CVE-2016-1236}} [http://www.openwall.com/lists/oss-security/2016/05/05/22] || {{pkg|websvn}} || 2016-05-05 || <= 2.3.3-6 || 2.3.3-7 || 98d || Fixed ({{bug|50344}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000685.html ASA-201608-11]<br />
|-<br />
| {{CVE|CVE-2016-4414}} [http://marc.info/?l=oss-security&m=146204310020229&w=2] || {{pkg|quassel-client}} {{pkg|quassel-monolithic}} || 2016-04-30 || <= 0.12.3-1 || - || - || Not Affected || None<br />
|-<br />
| {{CVE|CVE-2016-4352}} [http://www.openwall.com/lists/oss-security/2016/04/29/7] || {{pkg|mencoder}} {{pkg|mplayer}} || 2016-05-03 || <= 37379-7 || 37857-1 || 3d || Fixed ({{bug|49195}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000618.html ASA-201605-11] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000619.html ASA-201605-12]<br />
|-<br />
| {{CVE|CVE-2016-4574}} [http://www.openwall.com/lists/oss-security/2016/05/10/4] || {{pkg|libksba}} || 2016-05-03 || <= 1.3.3-1 || 1.3.4-1 || 9d || Fixed ({{bug|49289}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000624.html ASA-201605-17]<br />
|-<br />
| {{CVE|CVE-2016-4354}} {{CVE|CVE-2016-4353}} {{CVE|CVE-2016-4355}} {{CVE|CVE-2016-4356}} [http://www.openwall.com/lists/oss-security/2016/04/29/8] || {{pkg|libksba}} || 2016-04-10 || <= 1.3.2-1 || 1.3.3-1 || 18d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-4348}} {{CVE|CVE-2016-4347}} [http://www.openwall.com/lists/oss-security/2016/04/30/3] || {{pkg|librsvg}} || 2016-05-03 || <= 2:2.40.2-2 || 2:2.40.15-2 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-4415}} {{CVE|CVE-2016-4416}} {{CVE|CVE-2016-4417}} {{CVE|CVE-2016-4418}} {{CVE|CVE-2016-4419}} {{CVE|CVE-2016-4420}} {{CVE|CVE-2016-4421}} {{CVE|CVE-2016-4076}} {{CVE|CVE-2016-4077}} {{CVE|CVE-2016-4078}} {{CVE|CVE-2016-4079}} {{CVE|CVE-2016-4080}} {{CVE|CVE-2016-4081}} {{CVE|CVE-2016-4006}} {{CVE|CVE-2016-4082}} {{CVE|CVE-2016-4083}} {{CVE|CVE-2016-4084}} {{CVE|CVE-2016-4085}} [http://www.openwall.com/lists/oss-security/2016/04/25/2] || {{pkg|wireshark-cli}} {{pkg|wireshark-qt}} {{pkg|wireshark-gtk}} || 2016-05-03 || <= 2.0.2-1 || 2.0.3-1 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-3714}} [http://www.openwall.com/lists/oss-security/2016/05/03/13] [http://www.openwall.com/lists/oss-security/2016/05/03/14]|| {{pkg|imagemagick}} || 2016-05-03 || <= 6.9.3.8-1 || 6.9.3.10-1 || 3d || Fixed ({{bug|49203}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000613.html ASA-201605-6]<br />
|-<br />
| {{CVE|CVE-2016-4477}} {{CVE|CVE-2016-4476}} [http://www.openwall.com/lists/oss-security/2016/05/03/2] || {{pkg|hostapd}} || 2016-05-03 || <= 2.5-2 || 2.6-1 || 90d || Fixed ({{bug|49196}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-October/000731.html ASA-201610-3]<br />
|-<br />
| {{CVE|CVE-2016-4477}} {{CVE|CVE-2016-4476}} [http://www.openwall.com/lists/oss-security/2016/05/03/2] || {{pkg|wpa_supplicant}} || 2016-05-03 || <= 1:2.5-3 || 1:2.6-1 || >90d || Fixed ({{bug|49196}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-October/000735.html ASA-201610-7]<br />
|-<br />
| {{CVE|CVE-2016-2105}} {{CVE|CVE-2016-2106}} {{CVE|CVE-2016-2107}} {{CVE|CVE-2016-2109}} {{CVE|CVE-2016-2176}} [https://www.openssl.org/news/secadv/20160503.txt] || {{pkg|openssl}} {{pkg|lib32-openssl}} || 2016-05-03 || <= 1.0.2.g-3 || 1.0.2.h-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000610.html ASA-201605-3] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000611.html ASA-201605-4]<br />
|-<br />
| {{CVE|CVE-2016-4425}} [https://github.com/akheron/jansson/issues/282] [http://marc.info/?l=oss-security&m=146219323703639&w=2] || {{pkg|jansson}} || 2016-05-02 || <= 2.7-1 || 2.8-1 || 137d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000711.html ASA-201609-15]<br />
|-<br />
| {{CVE|CVE-2016-4425}} [https://github.com/akheron/jansson/issues/282] [http://marc.info/?l=oss-security&m=146219323703639&w=2] || {{pkg|lib32-jansson}} || 2016-05-02 || <= 2.7-2 || 2.8-1 || 140d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000713.html ASA-201609-17]<br />
|-<br />
| {{CVE|CVE-2016-1660}} {{CVE|CVE-2016-1661}} {{CVE|CVE-2016-1662}} {{CVE|CVE-2016-1663}} {{CVE|CVE-2016-1664}} {{CVE|CVE-2016-1665}} {{CVE|CVE-2016-1666}} [http://googlechromereleases.blogspot.fr/2016/04/stable-channel-update_28.html] || {{pkg|chromium}} || 2016-04-28 || <= 50.0.2661.75-1 || 50.0.2661.94-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000614.html ASA-201605-7]<br />
|-<br />
| {{CVE|CVE-2015-8869}} || {{pkg|ocaml}} || 2016-04-29 || <= 4.02.3-2 || || || '''Vulnerable''' || <br />
|-<br />
| {{CVE|CVE-2016-4414}} [http://marc.info/?l=oss-security&m=146204310020229&w=2] || {{pkg|quassel-core}} || 2016-04-30 || <= 0.12.3-1 || 0.12.4-1 || 6d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000612.html ASA-201605-5]<br />
|-<br />
| {{CVE|CVE-2016-2167}} {{CVE|CVE-2016-2168}} [https://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgfn1iKueW51EpmXzXi_URNfGNofZSgOyW1_jnSeNm5DQ@mail.gmail.com%3E] || {{pkg|subversion}} || 2016-04-28 || <= 1.9.3-2 || 1.9.4-1 || 38d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000641.html ASA-201606-6]<br />
|-<br />
| {{CVE|CVE-2015-7704}} {{CVE|CVE-2015-8138}} {{CVE|CVE-2016-1547}} {{CVE|CVE-2016-1548}} {{CVE|CVE-2016-1549}} {{CVE|CVE-2016-1550}} {{CVE|CVE-2016-1551}} {{CVE|CVE-2016-2516}} {{CVE|CVE-2016-2517}} {{CVE|CVE-2016-2518}} {{CVE|CVE-2016-2519}} [http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security] || {{pkg|ntp}} || 2016-04-26 || <= 4.2.8.p6-3 || 4.2.8.p7-1 || 6d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-2804}} {{CVE|CVE-2016-2805}} {{CVE|CVE-2016-2806}} {{CVE|CVE-2016-2807}} {{CVE|CVE-2016-2808}} {{CVE|CVE-2016-2811}} {{CVE|CVE-2016-2812}} {{CVE|CVE-2016-2814}} {{CVE|CVE-2016-2816}} {{CVE|CVE-2016-2817}} {{CVE|CVE-2016-2820}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox46] || {{pkg|firefox}} || 2016-04-26 || <= 45.0.2-1 || 46.0-2 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000607.html ASA-201604-15]<br />
|-<br />
| {{CVE|CVE-2015-8863}} [http://seclists.org/oss-sec/2016/q2/134] || {{pkg|jq}} || 2016-04-23 || <= 1.5-3 || 1.5-4 || 109d || Fixed ({{bug|50330}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000684.html ASA-201608-10]<br />
|-<br />
| {{CVE|CVE-2016-3074}} [http://seclists.org/oss-sec/2016/q2/128] || {{pkg|gd}} || 2016-04-21 || <= 2.1.1-3 || 2.1.1-4 || 15d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000615.html ASA-201605-8]<br />
|-<br />
| {{CVE|CVE-2016-4051}} {{CVE|CVE-2016-4052}} {{CVE|CVE-2016-4053}} {{CVE|CVE-2016-4054}} [http://www.squid-cache.org/Advisories/SQUID-2016_5.txt] [http://www.squid-cache.org/Advisories/SQUID-2016_6.txt] || {{pkg|squid}} || 2016-04-20 || <= 3.5.16-1 || 3.5.17-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000606.html ASA-201604-14]<br />
|-<br />
| {{CVE|CVE-2016-4021}} [https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2016-030.txt] || {{pkg|pgpdump}} || 2016-04-12 || <= 0.29-2 || 0.30-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000603.html ASA-201604-11]<br />
|-<br />
| {{CVE|CVE-2016-1955}} {{CVE|CVE-2016-1956}} [https://www.mozilla.org/en-US/security/advisories/mfsa2016-18/] [https://www.mozilla.org/en-US/security/advisories/mfsa2016-19/] || {{pkg|thunderbird}} || 2016-04-12 || <= 38.7.2-1 || 45.0-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000604.html ASA-201604-12]<br />
|-<br />
| {{CVE|CVE-2016-2347}} [http://www.talosintel.com/reports/TALOS-2016-0095/] || {{pkg|lhasa}} || 2016-04-14 || <= 0.3.0-1 || 0.3.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000600.html ASA-201604-8]<br />
|-<br />
| {{CVE|CVE-2016-1651}} {{CVE|CVE-2016-1652}} {{CVE|CVE-2016-1653}} {{CVE|CVE-2016-1654}} {{CVE|CVE-2016-1655}} {{CVE|CVE-2016-1656}} {{CVE|CVE-2016-1657}} {{CVE|CVE-2016-1658}} {{CVE|CVE-2016-1659}} [http://googlechromereleases.blogspot.fr/2016/04/stable-channel-update_13.html] || {{pkg|chromium}} || 2016-04-13|| <= 49.0.2623.112-1 || 50.0.2661.75-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000602.html ASA-201604-10]<br />
|-<br />
| {{CVE|CVE-2015-5370}} {{CVE|CVE-2016-2110}} {{CVE|CVE-2016-2111}} {{CVE|CVE-2016-2112}} {{CVE|CVE-2016-2113}} {{CVE|CVE-2016-2114}} {{CVE|CVE-2016-2115}} {{CVE|CVE-2016-2118}} [https://www.samba.org/samba/history/security.html] [http://badlock.org/] || {{pkg|samba}} || 2016-04-12|| <= 4.4.0-1 || 4.4.2-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000605.html ASA-201604-13]<br />
|-<br />
| {{CVE|CVE-2016-4008}} [http://article.gmane.org/gmane.comp.security.oss.general/19286] || {{pkg|libtasn1}} || 2016-04-11|| <= 4.7-1 || 4.8-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000601.html ASA-201604-9]<br />
|-<br />
| {{CVE|CVE-2011-5326}} {{CVE|CVE-2016-3993}} {{CVE|CVE-2016-3994}} {{CVE|CVE-2016-4024}} [https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=785369] [http://article.gmane.org/gmane.comp.security.oss.general/19276] || {{pkg|imlib2}} || 2016-04-09 || <= 1.4.8-1 || 1.4.9-1 || 23d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000608.html ASA-201605-1]<br />
|-<br />
| {{CVE|CVE-2014-9771}} [http://www.openwall.com/lists/oss-security/2016/04/09/3] || {{pkg|imlib2}} || 2016-04-09 || <= 1.4.5-6 || 1.4.6-1 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-1006}} {{CVE|CVE-2016-1011}} {{CVE|CVE-2016-1012}} {{CVE|CVE-2016-1013}} {{CVE|CVE-2016-1014}} {{CVE|CVE-2016-1015}} {{CVE|CVE-2016-1016}} {{CVE|CVE-2016-1017}} {{CVE|CVE-2016-1018}} {{CVE|CVE-2016-1019}} {{CVE|CVE-2016-1020}} {{CVE|CVE-2016-1021}} {{CVE|CVE-2016-1022}} {{CVE|CVE-2016-1023}} {{CVE|CVE-2016-1024}} {{CVE|CVE-2016-1025}} {{CVE|CVE-2016-1026}} {{CVE|CVE-2016-1027}} {{CVE|CVE-2016-1028}} {{CVE|CVE-2016-1029}} {{CVE|CVE-2016-1030}} {{CVE|CVE-2016-1031}} {{CVE|CVE-2016-1032}} {{CVE|CVE-2016-1033}} [https://helpx.adobe.com/security/products/flash-player/apsa16-01.html] [https://helpx.adobe.com/security/products/flash-player/apsb16-10.html] || {{pkg|flashplugin}} || 2016-04-05 || <= 11.2.202.577-1 || 11.2.202.616-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000599.html ASA-201604-7]<br />
|-<br />
| {{CVE|CVE-2016-3630}} {{CVE|CVE-2016-3068}} {{CVE|CVE-2016-3069}} [https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.29] || {{pkg|mercurial}} || 2016-03-29 || <= 3.7.2-1 || 3.7.3-1 || 8d || Fixed ({{bug|48821}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000598.html ASA-201604-6]<br />
|-<br />
| {{CVE|CVE-2016-2191}} [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2191] [https://sourceforge.net/p/optipng/bugs/59/] [http://www.openwall.com/lists/oss-security/2016/04/04/2]|| {{Pkg|optipng}} || 2016-04-04 || <= 0.7.5-2 || 0.7.6-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000597.html ASA-201604-5]<br />
|-<br />
| {{CVE|CVE-2016-3947}} [http://www.squid-cache.org/Advisories/SQUID-2016_3.txt] || {{Pkg|squid}} || 2016-04-01 || <= 3.5.15-2 || 3.5.16 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000596.html ASA-201604-4]<br />
|-<br />
| {{CVE|CVE-2016-0636}} [http://www.oracle.com/technetwork/topics/security/alert-cve-2016-0636-2949497.html] [http://blog.fuseyism.com/index.php/2016/03/25/security-icedtea-2-6-5-for-openjdk-7-released/] || {{pkg|jdk7-openjdk}} {{pkg|jre7-openjdk}} {{pkg|jre7-openjdk-headless}} || 2016-03-24 || <= 7.u95_2.6.4-1 || 7.u99_2.6.5-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000593.html ASA-201604-1] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000594.html ASA-201604-2] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000595.html ASA-201604-3]<br />
|-<br />
| {{CVE|CVE-2016-0636}} [http://www.oracle.com/technetwork/topics/security/alert-cve-2016-0636-2949497.html] || {{pkg|jdk8-openjdk}} {{pkg|jre8-openjdk}} {{pkg|jre8-openjdk-headless}} || 2016-03-23 || <= 8.u74-1 || 8.u77-1 || 6d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000590.html ASA-201603-25] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000591.html ASA-201603-26] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000592.html ASA-201603-27]<br />
|-<br />
| {{CVE|CVE-2016-1646}} {{CVE|CVE-2016-1647}} {{CVE|CVE-2016-1648}} {{CVE|CVE-2016-1649}} {{CVE|CVE-2016-1650}} [http://googlechromereleases.blogspot.fr/2016/03/stable-channel-update_24.html] || {{pkg|chromium}} || 2016-03-24 || <= 49.0.2623.87-1 || 49.0.2623.108-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000589.html ASA-201603-24]<br />
|-<br />
| {{CVE|CVE-2016-2849}} {{CVE|CVE-2016-2850}} [http://botan.randombit.net/security.html#id1] || {{pkg|botan}} || 2016-03-20 || <= 1.11.28-1 || 1.11.29-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000587.html ASA-201603-22]<br />
|-<br />
| {{CVE|CVE-2016-1952}} {{CVE|CVE-2016-1953}} {{CVE|CVE-2016-1954}} {{CVE|CVE-2016-1957}} {{CVE|CVE-2016-1960}} {{CVE|CVE-2016-1961}} {{CVE|CVE-2016-1964}} {{CVE|CVE-2016-1966}} {{CVE|CVE-2016-1974}} {{CVE|CVE-2016-1977}} {{CVE|CVE-2016-2790}} {{CVE|CVE-2016-2791}} {{CVE|CVE-2016-2792}} {{CVE|CVE-2016-2793}} {{CVE|CVE-2016-2794}} {{CVE|CVE-2016-2795}} {{CVE|CVE-2016-2796}} {{CVE|CVE-2016-2797}} {{CVE|CVE-2016-2798}} {{CVE|CVE-2016-2799}} {{CVE|CVE-2016-2800}} {{CVE|CVE-2016-2801}} {{CVE|CVE-2016-2802}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird38.7] || {{pkg|thunderbird}} || 2016-03-14 || <= 38.6.0-1 || 38.7.0-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000586.html ASA-201603-21]<br />
|-<br />
| {{CVE|CVE-2016-2324}} [http://seclists.org/oss-sec/2016/q1/653] || {{pkg|git}} || 2016-03-15 || <= 2.7.3-1 || 2.7.4-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000585.html ASA-201603-20]<br />
|-<br />
| {{CVE|CVE-2016-3116}} [https://matt.ucc.asn.au/dropbear/CHANGES] || {{pkg|dropbear}} || 2016-03-13 || <= 2015.71-1 || 2016.72-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000584.html ASA-201603-19]<br />
|-<br />
| {{CVE|CVE-2015-1283}} [https://sourceforge.net/p/expat/bugs/528/] || {{pkg|expat}} || 2016-03-12 || <= 2.1.0-4 || 2.1.1-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000588.html ASA-201603-23]<br />
|-<br />
| {{CVE|CVE-2016-2088}} [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2088] {{CVE|CVE-2016-1286}} [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1286] {{CVE|CVE-2016-1285}} [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1285] || {{pkg|bind}} || 2016-03-10 || <= 9.10.3.P3-3 || 9.10.3.P4-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000578.html ASA-201603-13]<br />
|-<br />
| {{CVE|CVE-2016-0960}} {{CVE|CVE-2016-0961}} {{CVE|CVE-2016-0962}} {{CVE|CVE-2016-0963}} {{CVE|CVE-2016-0986}} {{CVE|CVE-2016-0987}} {{CVE|CVE-2016-0988}} {{CVE|CVE-2016-0989}} {{CVE|CVE-2016-0990}} {{CVE|CVE-2016-0991}} {{CVE|CVE-2016-0992}} {{CVE|CVE-2016-0993}} {{CVE|CVE-2016-0994}} {{CVE|CVE-2016-0995}} {{CVE|CVE-2016-0996}} {{CVE|CVE-2016-0997}} {{CVE|CVE-2016-0998}} {{CVE|CVE-2016-0999}} {{CVE|CVE-2016-1000}} {{CVE|CVE-2016-1001}} {{CVE|CVE-2016-1002}} {{CVE|CVE-2016-1005}} {{CVE|CVE-2016-1010}} [https://helpx.adobe.com/security/products/flash-player/apsb16-08.html] || {{pkg|lib32-flashplugin}} || 2016-03-10 || <= 11.2.202.569-1 || 11.2.202.577-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000576.html ASA-201603-11]<br />
|-<br />
| {{CVE|CVE-2016-0960}} {{CVE|CVE-2016-0961}} {{CVE|CVE-2016-0962}} {{CVE|CVE-2016-0963}} {{CVE|CVE-2016-0986}} {{CVE|CVE-2016-0987}} {{CVE|CVE-2016-0988}} {{CVE|CVE-2016-0989}} {{CVE|CVE-2016-0990}} {{CVE|CVE-2016-0991}} {{CVE|CVE-2016-0992}} {{CVE|CVE-2016-0993}} {{CVE|CVE-2016-0994}} {{CVE|CVE-2016-0995}} {{CVE|CVE-2016-0996}} {{CVE|CVE-2016-0997}} {{CVE|CVE-2016-0998}} {{CVE|CVE-2016-0999}} {{CVE|CVE-2016-1000}} {{CVE|CVE-2016-1001}} {{CVE|CVE-2016-1002}} {{CVE|CVE-2016-1005}} {{CVE|CVE-2016-1010}} [https://helpx.adobe.com/security/products/flash-player/apsb16-08.html] || {{pkg|flashplugin}} || 2016-03-10 || <= 11.2.202.569-1 || 11.2.202.577-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000575.html ASA-201603-10]<br />
|-<br />
| {{CVE|CVE-2016-3115}} [http://www.openssh.com/txt/x11fwd.adv] || {{pkg|openssh}} || 2016-03-10 || <= 7.2p1-1 || 7.2p2-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000577.html ASA-201603-12]<br />
|-<br />
| {{CVE|CVE-2015-8833}} [http://seclists.org/oss-sec/2016/q1/572] || {{pkg|pidgin-otr}} || 2016-03-09 || <= 4.0.1-2 || 4.0.2-1 || 3d || Fixed ({{bug|48537}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000579.html ASA-201603-14]<br />
|-<br />
| {{CVE|CVE-2016-2774}} [https://kb.isc.org/article/AA-01354] || {{pkg|dhcp}} || 2016-03-09 || <= 4.3.3.p1-1 || 4.3.4-1 || 21d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-1531}} [http://www.exim.org/static/doc/CVE-2016-1531.txt] || {{pkg|exim}} || 2016-03-06 || <= 4.86.1-1 || 4.86.2-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000573.html ASA-201603-8]<br />
|-<br />
| {{CVE|CVE-2016-1577}} {{CVE|CVE-2016-2089}} {{CVE|CVE-2016-2116}} || {{pkg|jasper}} || 2016-03-06 || <= 1.900.1-14 || 1.900.1-15 || ~2m || Fixed ({{bug|48511}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000609.html ASA-201605-2]<br />
|-<br />
| {{CVE|CVE-2016-1285}} {{CVE|CVE-2016-1286}} [https://kb.isc.org/article/AA-01352/] [https://kb.isc.org/article/AA-01353/] || {{pkg|bind}} || 2016-03-09 || <= 9.10.3.P3-3 || 9.10.3.P4-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000572.html ASA-201603-7]<br />
|-<br />
| {{CVE|CVE-2016-2851}} [https://otr.cypherpunks.ca/] || {{pkg|libotr}} || 2016-03-09 || <= 4.1.0-1 || 4.1.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000571.html ASA-201603-6]<br />
|-<br />
| {{CVE|CVE-2016-1643}} {{CVE|CVE-2016-1644}} {{CVE|CVE-2016-1645}} || {{pkg|chromium}} || 2016-03-09 || <= 49.0.2623.75-1 || 49.0.2623.87-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000570.html ASA-201603-5]<br />
|-<br />
| {{CVE|CVE-2016-1952}} {{CVE|CVE-2016-1953}} {{CVE|CVE-2016-1954}} {{CVE|CVE-2016-1955}} {{CVE|CVE-2016-1956}} {{CVE|CVE-2016-1957}} {{CVE|CVE-2016-1958}} {{CVE|CVE-2016-1959}} {{CVE|CVE-2016-1960}} {{CVE|CVE-2016-1961}} {{CVE|CVE-2016-1962}} {{CVE|CVE-2016-1963}} {{CVE|CVE-2016-1964}} {{CVE|CVE-2016-1965}} {{CVE|CVE-2016-1966}} {{CVE|CVE-2016-1967}} {{CVE|CVE-2016-1968}} {{CVE|CVE-2016-1970}} {{CVE|CVE-2016-1971}} {{CVE|CVE-2016-1972}} {{CVE|CVE-2016-1973}} {{CVE|CVE-2016-1974}} {{CVE|CVE-2016-1975}} {{CVE|CVE-2016-1976}} {{CVE|CVE-2016-1977}} {{CVE|CVE-2016-2790}} {{CVE|CVE-2016-2791}} {{CVE|CVE-2016-2792}} {{CVE|CVE-2016-2793}} {{CVE|CVE-2016-2794}} {{CVE|CVE-2016-2795}} {{CVE|CVE-2016-2796}} {{CVE|CVE-2016-2797}} {{CVE|CVE-2016-2798}} {{CVE|CVE-2016-2799}} {{CVE|CVE-2016-2800}} {{CVE|CVE-2016-2801}} {{CVE|CVE-2016-2802}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox45] || {{pkg|firefox}} || 2016-03-08 || <= 44.0.2-2 || 45.0-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000569.html ASA-201603-4]<br />
|-<br />
| {{CVE|CVE-2016-2532}} {{CVE|CVE-2016-2531}} {{CVE|CVE-2016-2530}} {{CVE|CVE-2016-2529}} {{CVE|CVE-2016-2528}} {{CVE|CVE-2016-2527}} {{CVE|CVE-2016-2526}} {{CVE|CVE-2016-2525}} {{CVE|CVE-2016-2524}} {{CVE|CVE-2016-2523}} {{CVE|CVE-2016-2522}} {{CVE|CVE-2016-2521}} || {{pkg|wireshark-cli}} {{pkg|wireshark-qt}} {{pkg|wireshark-gtk}} || 2016-03-07 || <= 2.0.1-2 || 2.0.2-1 || 5d || Fixed ({{bug|48536}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000580.html ASA-201603-15] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000581.html ASA-201603-16] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000582.html ASA-201603-17]<br />
|-<br />
| {{CVE|CVE-2016-2381}} [https://www.debian.org/security/2016/dsa-3501] || {{pkg|perl}} || 2016-03-07 || <= 5.22.1-1 || 5.22.1-2 || 3d || Fixed ({{Bug|48482}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000574.html ASA-201603-9]<br />
|-<br />
| {{CVE|CVE-2015-8126}} {{CVE|CVE-2016-1630}} {{CVE|CVE-2016-1631}} {{CVE|CVE-2016-1632}} {{CVE|CVE-2016-1633}} {{CVE|CVE-2016-1634}} {{CVE|CVE-2016-1635}} {{CVE|CVE-2016-1636}} {{CVE|CVE-2016-1637}} {{CVE|CVE-2016-1638}} {{CVE|CVE-2016-1639}} {{CVE|CVE-2016-1640}} {{CVE|CVE-2016-1641}} {{CVE|CVE-2016-1642}} [http://googlechromereleases.blogspot.fr/2016/03/stable-channel-update.html] || {{pkg|chromium}} || 2016-03-02 || <= 48.0.2564.116-1 || 49.0.2623.75-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000566.html ASA-201603-1]<br />
|-<br />
| {{CVE|CVE-2016-0702}} {{CVE|CVE-2016-0705}} {{CVE|CVE-2016-0797}} {{CVE|CVE-2016-0798}} {{CVE|CVE-2016-0799}} {{CVE|CVE-2016-0800}} [https://www.openssl.org/news/secadv/20160301.txt] || {{pkg|openssl}} || 2016-03-01 || <= 1.0.2.f-1 || 1.0.2.g-3 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000567.html ASA-201603-2]<br />
|-<br />
| {{CVE|CVE-2016-0702}} {{CVE|CVE-2016-0705}} {{CVE|CVE-2016-0797}} {{CVE|CVE-2016-0798}} {{CVE|CVE-2016-0799}} {{CVE|CVE-2016-0800}} [https://www.openssl.org/news/secadv/20160301.txt] || {{pkg|lib32-openssl}} || 2016-03-01 || <= 1.0.2.f-1 || 1.0.2.g-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000568.html ASA-201603-3]<br />
|-<br />
| {{CVE|CVE-2015-7511}} [https://lists.gnupg.org/pipermail/gnupg-announce/2016q1/000384.html] || {{pkg|libgcrypt}} || 2016-02-09 || <= 1.6.4-1 || 1.6.5-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000560.html ASA-201602-19]<br />
|-<br />
| {{CVE|CVE-2016-0739}} [https://www.libssh.org/2016/02/23/libssh-0-7-3-security-and-bugfix-release/] || {{pkg|libssh}} || 2016-02-23 || <= 0.7.2-1 || 0.7.3-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000559.html ASA-201602-18]<br />
|-<br />
| {{CVE|CVE-2016-0787}} [https://www.libssh2.org/adv_20160223.html] || {{pkg|libssh2}} || 2016-02-23 || <= 1.6.0-1 || 1.7.0-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000561.html ASA-201602-20]<br />
|-<br />
| {{CVE|CVE-2016-0787}} [https://www.libssh2.org/adv_20160223.html] || {{pkg|lib32-libssh2}} || 2016-02-23 || <= 1.6.0-1 || 1.7.0-1 ||3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000562.html ASA-201602-21]<br />
|-<br />
| {{CVE|CVE-2016-1629}} [http://googlechromereleases.blogspot.fr/2016/02/stable-channel-update_18.html] || {{pkg|chromium}} || 2016-02-18 || <= 48.0.2564.109-1 || 48.0.2564.116-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000558.html ASA-201602-17]<br />
|-<br />
| {{CVE|CVE-2015-7575}} {{CVE|CVE-2016-1523}} {{CVE|CVE-2016-1930}} {{CVE|CVE-2016-1931}} {{CVE|CVE-2016-1935}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird38.6] || {{pkg|thunderbird}} || 2016-02-11 || <= 38.5.1-1 || 38.6.0-1 || 6d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000557.html ASA-201602-16]<br />
|-<br />
| {{CVE|CVE-2015-7547}} {{CVE|CVE-2015-8776}} {{CVE|CVE-2015-8777}} {{CVE|CVE-2015-8778}} {{CVE|CVE-2015-8779}} [https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html] [https://googleonlinesecurity.blogspot.de/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html] || {{pkg|glibc}} || 2016-02-16 || <= 2.22-3 || 2.22-4 || 1d || Fixed ({{Bug|48213}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000555.html ASA-201602-15]<br />
|-<br />
| {{CVE|CVE-2015-7547}} {{CVE|CVE-2015-8776}} {{CVE|CVE-2015-8777}} {{CVE|CVE-2015-8778}} {{CVE|CVE-2015-8779}} [https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html] [https://googleonlinesecurity.blogspot.de/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html] || {{pkg|lib32-glibc}} || 2016-02-16 || <= 2.22-3.1 || 2.22-4 || 1d || Fixed ({{Bug|48213}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000554.html ASA-201602-14]<br />
|-<br />
| {{CVE|CVE-2016-1622}} {{CVE|CVE-2016-1623}} {{CVE|CVE-2016-1624}} {{CVE|CVE-2016-1625}} {{CVE|CVE-2016-1626}} {{CVE|CVE-2016-1627}} [http://googlechromereleases.blogspot.fr/2016/02/stable-channel-update_9.html]|| {{pkg|chromium}} || 2016-02-09 || <= 48.0.2564.103-1 || 48.0.2564.109-1 || 6d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-1949}} [https://www.mozilla.org/en-US/security/advisories/mfsa2016-13/]|| {{pkg|firefox}} || 2016-02-11 || <= 44.0.1-1 || 44.0.2-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000552.html ASA-201602-12]<br />
|-<br />
| {{CVE|CVE-2016-1544}} [https://nghttp2.org/blog/2016/02/11/nghttp2-v1-7-1/]|| {{pkg|nghttp2}} || 2016-02-11 || <= 1.7.0-1 || 1.7.1-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000553.html ASA-201602-13]<br />
|-<br />
| {{CVE|CVE-2014-2312}} [https://www.kde.org/info/security/advisory-20160209-1.txt]|| {{pkg|kscreenlocker}} || 2016-02-10 || <= 5.5.4-1 || 5.5.4-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000550.html ASA-201602-10]<br />
|-<br />
| {{CVE|CVE-2014-9496}} {{CVE|CVE-2014-9756}} {{CVE|CVE-2015-7805}} || {{pkg|libsndfile}} {{pkg|lib32-libsndfile}} || 2016-02-01 || <= 1.0.25-3 || 1.0.26-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000548.html ASA-201602-8] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000549.html ASA-201602-9]<br />
|-<br />
| {{CVE|CVE-2015-8803}} {{CVE|CVE-2015-8804}} {{CVE|CVE-2015-8805}} [https://blog.fuzzing-project.org/38-Miscomputations-of-elliptic-curve-scalar-multiplications-in-Nettle.html] || {{pkg|nettle}} {{pkg|lib32-nettle}} || 2016-02-03 || <= 3.1-1 || 3.2-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000545.html ASA-201602-5] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000546.html ASA-201602-6]<br />
|-<br />
| {{CVE|CVE-2016-2194}} {{CVE|CVE-2016-2195}} {{CVE|CVE-2016-2196}} [http://botan.randombit.net/security.html#id1] || {{pkg|botan}} || 2016-02-01 || <= 1.11.25-2 || 1.11.28-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000551.html ASA-201602-11]<br />
|-<br />
| {{CVE|CVE-2014-9761}} [http://seclists.org/oss-sec/2016/q1/153] || {{pkg|lib32-glibc}} || 2016-02-01 || <= 2.22-4 || 2.23-1 || 27d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000564.html ASA-201602-23]<br />
|-<br />
| {{CVE|CVE-2014-9761}} [http://seclists.org/oss-sec/2016/q1/153] || {{pkg|glibc}} || 2016-02-01 || <= 2.22-4 || 2.23-1 || 27d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000563.html ASA-201602-22]<br />
|-<br />
| {{CVE|CVE-2016-2048}} [https://www.djangoproject.com/weblog/2016/feb/01/releases-192-and-189/] || {{pkg|python-django}} {{pkg|python2-django}} || 2016-02-01 || <= 1.9.1-1 || 1.9.2-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000540.html ASA-201602-1] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000542.html ASA-201602-2]<br />
|-<br />
| {{CVE|CVE-2016-2090}} [http://article.gmane.org/gmane.comp.security.oss.general/18715] [http://cgit.freedesktop.org/libbsd/commit/?id=c8f0723d2b4520bdd6b9eb7c3e7976de726d7ff7] [https://bugs.freedesktop.org/show_bug.cgi?id=93881] [https://blog.fuzzing-project.org/36-Heap-buffer-overflow-in-fgetwln-function-of-libbsd.html] || {{pkg|libbsd}} || 2016-01-27 || <= 0.8.1-1 || 0.8.2-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000547.html ASA-201602-7]<br />
|-<br />
| {{CVE|CVE-2015-3197}} {{CVE|CVE-2015-4000}} {{CVE|CVE-2016-0701}} [https://openssl.org/news/secadv/20160128.txt] || {{pkg|openssl}} {{pkg|lib32-openssl}} || 2016-01-28 || <= 1.0.2.e-1 || 1.0.2.f-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000538.html ASA-201601-32] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000539.html ASA-201601-33]<br />
|-<br />
| {{CVE|CVE-2016-0755}} [http://curl.haxx.se/docs/adv_20160127A.html] || {{pkg|curl}} {{pkg|lib32-curl}} || 2016-01-27 || <= 7.46.0-1 || 7.47.0-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000543.html ASA-201602-3] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000544.html ASA-201602-4]<br />
|-<br />
| {{CVE|CVE-2016-0742}} {{CVE|CVE-2016-0746}} {{CVE|CVE-2016-0747}} [http://mailman.nginx.org/pipermail/nginx-announce/2016/000168.html] || {{pkg|nginx}} || 2016-01-26 || <= 1.8.0-2 || 1.8.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000536.html ASA-201601-31]<br />
|-<br />
| {{CVE|CVE-2016-1982}} {{CVE|CVE-2016-1983}} [http://seclists.org/oss-sec/2016/q1/179] || {{pkg|privoxy}} || 2016-01-21 || <= 3.0.23-1 || 3.0.24-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000532.html ASA-201601-27]<br />
|-<br />
| {{CVE|CVE-2016-1572}} [https://bugs.launchpad.net/ecryptfs/+bug/1530566] || {{pkg|ecryptfs-utils}} || 2016-01-21 || <= 108-1 || 108-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000530.html ASA-201601-25]<br />
|-<br />
| {{CVE|CVE-2016-1612}} {{CVE|CVE-2016-1613}} {{CVE|CVE-2016-1614}} {{CVE|CVE-2016-1615}} {{CVE|CVE-2016-1616}} {{CVE|CVE-2016-1617}} {{CVE|CVE-2016-1618}} {{CVE|CVE-2016-1619}} {{CVE|CVE-2016-1620}} [http://googlechromereleases.blogspot.fr/2016/01/stable-channel-update_20.html] || {{pkg|chromium}} || 2016-01-20 || <= 47.0.2526.111-1 || 48.0.2564.82-1 || 1d|| Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000533.html ASA-201601-28]<br />
|-<br />
| {{CVE|CVE-2015-8704}} {{CVE|CVE-2015-8705}} [https://kb.isc.org/article/AA-01335] [https://kb.isc.org/article/AA-01336] || {{pkg|bind}} || 2016-01-19 || <= 9.10.3.P2-1 || 9.10.3.P3-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000526.html ASA-201601-21]<br />
|-<br />
| {{CVE|CVE-2016-0728}} [http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/] || {{pkg|linux-lts}} || 2016-01-19 || <= 4.1.15-1 || 4.1.16-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000531.html ASA-201601-26]<br />
|-<br />
| {{CVE|CVE-2016-0728}} [http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/] || {{pkg|linux}} || 2016-01-19 || <= 4.3.3-2 || 4.3.3-3 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000525.html ASA-201601-20]<br />
|-<br />
| {{CVE|CVE-2015-5300}} [http://support.ntp.org/bin/view/Main/NtpBug2956] || {{pkg|ntp}} || 2016-01-07 || <= 4.2.8.p4-1 || 4.2.8.p5-1 || 10d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000524.html ASA-201601-19]<br />
|-<br />
| {{CVE|CVE-2015-8618}} [https://groups.google.com/forum/#!topic/golang-dev/MEATuOi_ei4] || {{pkg|syncthing}} || 2016-01-13 || <= 0.12.14-1 || 0.12.14-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000521.html ASA-201601-16]<br />
|-<br />
| {{CVE|CVE-2015-8618}} [https://groups.google.com/forum/#!topic/golang-dev/MEATuOi_ei4] || {{pkg|keybase}} || 2016-01-13 || <= 1.0.8.0-1 || 1.0.8.0-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000520.html ASA-201601-15]<br />
|-<br />
| {{CVE|CVE-2015-8618}} [https://groups.google.com/forum/#!topic/golang-dev/MEATuOi_ei4] || {{pkg|hub}} || 2016-01-13 || <= 2.2.2-1 || 2.2.2-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000519.html ASA-201601-14]<br />
|-<br />
| {{CVE|CVE-2015-8618}} [https://groups.google.com/forum/#!topic/golang-dev/MEATuOi_ei4] || {{pkg|go-ipfs}} || 2016-01-13 || <= 0.3.11-1 || 0.3.11-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000518.html ASA-201601-13]<br />
|-<br />
| {{CVE|CVE-2015-8618}} [https://groups.google.com/forum/#!topic/golang-dev/MEATuOi_ei4] || {{pkg|docker}} || 2016-01-13 || <= 1:1.9.1-1 || 1:1.9.1-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000517.html ASA-201601-12]<br />
|-<br />
| {{CVE|CVE-2015-8770}} [http://seclists.org/bugtraq/2016/Jan/60] || {{pkg|roundcubemail}} || 2015-12-26 || <= 1.2beta-1 || 1.2beta-2 || 20d || Fixed ({{bug|47764}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000523.html ASA-201601-18]<br />
|-<br />
| {{CVE|CVE-2016-1903}} {{CVE|CVE-2016-1904}} [http://seclists.org/oss-sec/2016/q1/100] || {{pkg|php}} || 2016-01-14 || <= 7.0.1-1 || 7.0.2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000515.html ASA-201601-10]<br />
|-<br />
| {{CVE|CVE-2016-0777}} {{CVE|CVE-2016-0778}} [http://www.openssh.com/txt/release-7.1p2] || {{pkg|openssh}} || 2016-01-14 || <= 7.1p1-1 || 7.1p2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000512.html ASA-201601-9]<br />
|-<br />
| {{CVE|CVE-2016-2213}} [http://www.openwall.com/lists/oss-security/2016/02/03/2] || {{pkg|ffmpeg}} || 2016-02-03 || <= 2.8.4-1 || 2.8.5-1 || 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-1897}} {{CVE|CVE-2016-1898}} [http://seclists.org/oss-sec/2016/q1/85] || {{pkg|ffmpeg}} || 2016-01-13 || <= 1:2.8.4-2 || 1:2.8.4-3 || <1d || Fixed ({{Bug|47738}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000522.html ASA-201601-17]<br />
|-<br />
| {{CVE|CVE-2016-1897}} {{CVE|CVE-2016-1898}} [http://seclists.org/oss-sec/2016/q1/85] || {{pkg|mplayer}} || 2016-01-13 || <= 37379-6 || 37379-7 || 17d || Fixed ({{Bug|47944}}) || None<br />
|-<br />
| {{CVE|CVE-2015-8618}} [https://groups.google.com/forum/#!topic/golang-dev/MEATuOi_ei4] || {{pkg|go}} || 2016-01-13 || <= 2:1.5.2-1 || 2:1.5.3-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000516.html ASA-201601-11]<br />
|-<br />
|{{CVE|CVE-2015-8742}} {{CVE|CVE-2015-8741}} {{CVE|CVE-2015-8740}} {{CVE|CVE-2015-8738}} {{CVE|CVE-2015-8739}} {{CVE|CVE-2015-8737}} {{CVE|CVE-2015-8736}} {{CVE|CVE-2015-8735}} {{CVE|CVE-2015-8734}} {{CVE|CVE-2015-8733}} {{CVE|CVE-2015-8732}} {{CVE|CVE-2015-8730}} {{CVE|CVE-2015-8731}} {{CVE|CVE-2015-8729}} {{CVE|CVE-2015-8728}} {{CVE|CVE-2015-8727}} {{CVE|CVE-2015-8726}} {{CVE|CVE-2015-8725}} {{CVE|CVE-2015-8724}} {{CVE|CVE-2015-8723}} {{CVE|CVE-2015-8722}} {{CVE|CVE-2015-8721}} {{CVE|CVE-2015-8720}} {{CVE|CVE-2015-8718}} {{CVE|CVE-2015-8711}} || {{Pkg|wireshark-cli}} {{Pkg|wireshark-gtk}} {{Pkg|wireshark-qt}} || 2016-01-04 || <= 2.0.0 || 2.0.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000483.html ASA-201601-4] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000484.html ASA-201601-5] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000485.html ASA-201601-6]<br />
|-<br />
| {{CVE|CVE-2016-1564}} [http://article.gmane.org/gmane.comp.security.oss.general/18527] || {{Pkg|wordpress}} || 2016-01-08 || <= 4.4-1 || 4.4.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000481.html ASA-201601-2]<br />
|-<br />
| {{CVE|CVE-2015-8751}} [https://bugzilla.redhat.com/show_bug.cgi?id=1294039] [http://article.gmane.org/gmane.comp.security.oss.general/18523] || {{Pkg|jasper}} || 2016-01-07 || 1.900.1-15 || || || '''Vulnerable''' || <br />
|-<br />
| {{CVE|CVE-2015-8750}} [https://bugzilla.redhat.com/show_bug.cgi?id=1294264] [https://github.com/tomhughes/libdwarf/commit/11750a2838e52953013e3114ef27b3c7b1780697] || {{Pkg|libdwarf}} || 2016-01-07 || 20150507-1 || 20160115-1 || 13d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000527.html ASA-201601-22]<br />
|-<br />
| {{CVE|CVE-2016-1503}} {{CVE|CVE-2016-1504}} [http://article.gmane.org/gmane.comp.security.oss.general/18516] || {{Pkg|dhcpcd}} || 2016-01-07 || <= 6.9.4-1 || 6.10.0-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000486.html ASA-201601-7]<br />
|-<br />
| {{CVE|CVE-2015-7575}} [http://www.mitls.org/pages/attacks/SLOTH] [https://tls.mbed.org/tech-updates/releases/mbedtls-2.2.1-2.1.4-1.3.16-and-polarssl.1.2.19-released] || {{pkg|mbedtls}} || 2016-01-04 || 2.2.0-1 || 2.2.1-1 || 21d || Fixed ({{bug|47783}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000534.html ASA-201601-29]<br />
|-<br />
| {{CVE|CVE-2015-8688}} [http://gultsch.de/gajim_roster_push_and_message_interception.html] || {{pkg|gajim}} || 2015-12-20 || <= 0.16.4-1 || 0.16.5-1 || 20d || Fixed ({{bug|47647}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000482.html ASA-201601-3]<br />
|-<br />
| {{CVE|CVE-2016-1494}} [https://bitbucket.org/sybren/python-rsa/pull-requests/14/security-fix-bb06-attack-in-verify-by/diff] [https://blog.filippo.io/bleichenbacher-06-signature-forgery-in-python-rsa/] || {{pkg|python-rsa}} {{pkg|python2-rsa}} || 2016-01-05 || <= 3.2.3-1 || 3.3-1 || 13d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000528.html ASA-201601-23] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000529.html ASA-201601-24]<br />
|-<br />
| {{CVE|CVE-2016-1283}} [https://bugs.exim.org/show_bug.cgi?id=1767] [http://article.gmane.org/gmane.comp.security.oss.general/18481] || {{pkg|pcre}} || 2016-01-02 || <= 8.38-2 || 8.38-3 || 71d|| Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000583.html ASA-201603-18]<br />
|-<br />
|[http://article.gmane.org/gmane.comp.security.oss.general/18466] || {{Pkg|rtmpdump}} || 2015-12-23 || <= 20140918-2 || 1:2.4.r96.fa8646d-1 || 7d || Fixed ({{bug|47564}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000480.html ASA-201601-1]<br />
|-<br />
| {{CVE|CVE-2015-8472}} [http://seclists.org/oss-sec/2015/q4/439] || {{pkg|libpng}} || 2015-12-03 || <= 1.6.19-1 || 1.6.20-1 || 25d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000477.html ASA-201512-18]<br />
|-<br />
| {{CVE|CVE-2015-8459}} {{CVE|CVE-2015-8460}} {{CVE|CVE-2015-8634}} {{CVE|CVE-2015-8635}} {{CVE|CVE-2015-8636}} {{CVE|CVE-2015-8638}} {{CVE|CVE-2015-8639}} {{CVE|CVE-2015-8640}} {{CVE|CVE-2015-8641}} {{CVE|CVE-2015-8642}} {{CVE|CVE-2015-8643}} {{CVE|CVE-2015-8644}} {{CVE|CVE-2015-8645}} {{CVE|CVE-2015-8646}} {{CVE|CVE-2015-8647}} {{CVE|CVE-2015-8648}} {{CVE|CVE-2015-8649}} {{CVE|CVE-2015-8650}} {{CVE|CVE-2015-8651}} [https://helpx.adobe.com/security/products/flash-player/apsb16-01.html] || {{pkg|flashplugin}} {{pkg|lib32-flashplugin}} || 2015-12-28 || <= 11.2.202.554-1 || 11.2.202.559-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000477.html ASA-201512-17]<br />
|-<br />
| {{CVE|CVE-2015-7554}} {{CVE|CVE-2015-8683}} [http://seclists.org/oss-sec/2015/q4/584] [http://seclists.org/oss-sec/2015/q4/590] || {{pkg|libtiff}} || 2015-12-25 || <= 4.0.6-2 || || || '''Vulnerable''' || <br />
|-<br />
| {{CVE|CVE-2015-7201}} {{CVE|CVE-2015-7205}} {{CVE|CVE-2015-7212}} {{CVE|CVE-2015-7213}} {{CVE|CVE-2015-7214}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird38.5] || {{pkg|thunderbird}} || 2015-12-23 || <= 38.4.0-2 || 38.5.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000474.html ASA-201512-14]<br />
|-<br />
| {{CVE|CVE-2015-8612}} [http://seclists.org/oss-sec/2015/q4/541] || {{pkg|blueman}} || 2015-12-18 || <= 2.0.2-1 || 2.0.3-1 || 38d || Fixed ({{bug|47784}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000535.html ASA-201601-30]<br />
|-<br />
| {{CVE|CVE-2015-8659}} [http://seclists.org/oss-sec/2015/q4/576] || {{pkg|nghttp2}} || 2015-12-23 || <= 1.5.0-2 || 1.6.0-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000476.html ASA-201512-16]<br />
|-<br />
| {{CVE|CVE-2015-7555}} [http://seclists.org/oss-sec/2015/q4/548] || {{pkg|giflib}} || 2015-12-21 || <= 5.1.1-1 || 5.1.2-1 || 43d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-7557}} {{CVE|CVE-2015-7558}} [http://seclists.org/oss-sec/2015/q4/549] || {{pkg|librsvg}} || 2015-12-21 || <= 2:2.40.11-1 || 2:2.40.13-1 || 45d || Fixed ({{bug|47785}}) || None<br />
|-<br />
| {{CVE|CVE-2015-8622}} {{CVE|CVE-2015-8623}} {{CVE|CVE-2015-8624}} {{CVE|CVE-2015-8625}} {{CVE|CVE-2015-8626}} {{CVE|CVE-2015-8627}} {{CVE|CVE-2015-8628}} [http://seclists.org/oss-sec/2015/q4/552] || {{pkg|mediawiki}} || 2015-12-17 || <= 1.26.0-1 || 1.26.2-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000475.html ASA-201512-15]<br />
|-<br />
| {{CVE|CVE-2015-8614}} [http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3557] || {{pkg|claws-mail}} || 2015-12-21 || <= 3.13.0-1 || 3.13.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000473.html ASA-201512-13]<br />
|-<br />
| {{CVE|CVE-2015-8369}} {{CVE|CVE-2015-8604}} {{CVE|CVE-2015-8377}} {{CVE|CVE-2016-2313}} [http://www.openwall.com/lists/oss-security/2016/02/09/3] [https://bugs.mageia.org/show_bug.cgi?id=17352] [http://www.openwall.com/lists/oss-security/2016/01/04/8] || {{pkg|cacti}} || 2015-12-17 || <= 0.8.8_f-3 || 0.8.8_g-2 || 72d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000565.html ASA-201602-24]<br />
|-<br />
| [https://blog.fuzzing-project.org/32-Out-of-bounds-read-in-OpenVPN.html] || {{pkg|openvpn}} || 2015-12-18 || <= 2.3.8-2 || 2.3.9-1 || 9d || Fixed ({{bug|47498}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000479.html ASA-201512-19]<br />
|-<br />
| {{CVE|CVE-2015-8549}} [http://www.ocert.org/advisories/ocert-2015-011.html] || {{pkg|python2-pyamf}} || 2015-12-17 || <= 0.7.2-1 || 0.8.0-2 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000472.html ASA-201512-12]<br />
|-<br />
| {{CVE|CVE-2015-7551}} [https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/] || {{pkg|ruby}} || 2015-12-16 || <= 2.2.3-1 || 2.2.4-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000471.html ASA-201512-11]<br />
|-<br />
| {{CVE|CVE-2015-7201}} {{CVE|CVE-2015-7202}} {{CVE|CVE-2015-7203}} {{CVE|CVE-2015-7204}} {{CVE|CVE-2015-7205}} {{CVE|CVE-2015-7207}} {{CVE|CVE-2015-7208}} {{CVE|CVE-2015-7210}} {{CVE|CVE-2015-7211}} {{CVE|CVE-2015-7212}} {{CVE|CVE-2015-7213}} {{CVE|CVE-2015-7214}} {{CVE|CVE-2015-7215}} {{CVE|CVE-2015-7216}} {{CVE|CVE-2015-7217}} {{CVE|CVE-2015-7218}} {{CVE|CVE-2015-7219}} {{CVE|CVE-2015-7220}} {{CVE|CVE-2015-7221}} {{CVE|CVE-2015-7222}} {{CVE|CVE-2015-7223}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox43] || {{pkg|firefox}} || 2015-12-15 || <= 42.0-3 || 43.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000467.html ASA-201512-9]<br />
|-<br />
| {{CVE|CVE-2015-8000}} [https://kb.isc.org/article/AA-01317] || {{pkg|bind}} || 2015-12-15 || <= 9.10.3-2 || 9.10.3.P2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000468.html ASA-201512-10]<br />
|-<br />
| {{CVE|CVE-2015-8370}} [http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html#fix] || {{pkg|grub}} || 2015-12-15 || <= 1:2.02.beta2-5 || 1:2.02.beta2-6 || 3d || Fixed ({{bug|47386}}) || None<br />
|-<br />
| {{CVE|CVE-2015-8378}} [https://www.keepassx.org/news/2015/12/551] || {{pkg|keepassx}} || 2015-12-08 || <= 0.4.3-7 || 0.4.4-1 || <2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000466.html ASA-201512-8]<br />
|-<br />
| {{CVE|CVE-2015-8045}} {{CVE|CVE-2015-8047}} {{CVE|CVE-2015-8048}} {{CVE|CVE-2015-8049}} {{CVE|CVE-2015-8050}} {{CVE|CVE-2015-8055}} {{CVE|CVE-2015-8056}} {{CVE|CVE-2015-8057}} {{CVE|CVE-2015-8058}} {{CVE|CVE-2015-8059}} {{CVE|CVE-2015-8060}} {{CVE|CVE-2015-8061}} {{CVE|CVE-2015-8062}} {{CVE|CVE-2015-8063}} {{CVE|CVE-2015-8064}} {{CVE|CVE-2015-8065}} {{CVE|CVE-2015-8066}} {{CVE|CVE-2015-8067}} {{CVE|CVE-2015-8068}} {{CVE|CVE-2015-8069}} {{CVE|CVE-2015-8070}} {{CVE|CVE-2015-8071}} {{CVE|CVE-2015-8401}} {{CVE|CVE-2015-8402}} {{CVE|CVE-2015-8403}} {{CVE|CVE-2015-8404}} {{CVE|CVE-2015-8405}} {{CVE|CVE-2015-8406}} {{CVE|CVE-2015-8407}} {{CVE|CVE-2015-8408}} {{CVE|CVE-2015-8409}} {{CVE|CVE-2015-8410}} {{CVE|CVE-2015-8411}} {{CVE|CVE-2015-8412}} {{CVE|CVE-2015-8413}} {{CVE|CVE-2015-8414}} {{CVE|CVE-2015-8415}} {{CVE|CVE-2015-8416}} {{CVE|CVE-2015-8417}} {{CVE|CVE-2015-8418}} {{CVE|CVE-2015-8419}} {{CVE|CVE-2015-8420}} {{CVE|CVE-2015-8421}} {{CVE|CVE-2015-8422}} {{CVE|CVE-2015-8423}} {{CVE|CVE-2015-8424}} {{CVE|CVE-2015-8425}} {{CVE|CVE-2015-8426}} {{CVE|CVE-2015-8427}} {{CVE|CVE-2015-8428}} {{CVE|CVE-2015-8429}} {{CVE|CVE-2015-8430}} {{CVE|CVE-2015-8431}} {{CVE|CVE-2015-8432}} {{CVE|CVE-2015-8433}} {{CVE|CVE-2015-8434}} {{CVE|CVE-2015-8435}} {{CVE|CVE-2015-8436}} {{CVE|CVE-2015-8437}} {{CVE|CVE-2015-8438}} {{CVE|CVE-2015-8439}} {{CVE|CVE-2015-8440}} {{CVE|CVE-2015-8441}} {{CVE|CVE-2015-8442}} {{CVE|CVE-2015-8443}} {{CVE|CVE-2015-8444}} {{CVE|CVE-2015-8445}} {{CVE|CVE-2015-8446}} {{CVE|CVE-2015-8447}} {{CVE|CVE-2015-8448}} {{CVE|CVE-2015-8449}} {{CVE|CVE-2015-8450}} {{CVE|CVE-2015-8451}} {{CVE|CVE-2015-8452}} {{CVE|CVE-2015-8453}} {{CVE|CVE-2015-8454}} {{CVE|CVE-2015-8455}} [https://helpx.adobe.com/security/products/flash-player/apsb15-32.html] || {{pkg|flashplugin}} || 2015-12-08 || <= 11.2.202.548-1 || 11.2.202.554-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000465.html ASA-201512-7]<br />
|-<br />
| {{CVE|CVE-2015-6788}} {{CVE|CVE-2015-6789}} {{CVE|CVE-2015-6790}} {{CVE|CVE-2015-6791}} [http://googlechromereleases.blogspot.fr/2015/12/stable-channel-update_8.html] || {{pkg|chromium}} || 2015-12-08 || <= 47.0.2526.73-1 || 47.0.2526.80-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000463.html ASA-201512-5]<br />
|-<br />
| {{CVE|CVE-2015-3193}} {{CVE|CVE-2015-3194}} {{CVE|CVE-2015-3195}} {{CVE|CVE-2015-3196}} {{CVE|CVE-2015-1794}} [https://www.openssl.org/news/secadv/20151203.txt] || {{pkg|openssl}} {{pkg|lib32-openssl}} || 2015-12-03 || <= 1.0.2.d-1 || 1.0.2.e-1 || <3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000459.html ASA-201512-2]<br />
|-<br />
| {{CVE|CVE-2015-6764}} {{CVE|CVE-2015-6765}} {{CVE|CVE-2015-6766}} {{CVE|CVE-2015-6767}} {{CVE|CVE-2015-6768}} {{CVE|CVE-2015-6769}} {{CVE|CVE-2015-6770}} {{CVE|CVE-2015-6771}} {{CVE|CVE-2015-6772}} {{CVE|CVE-2015-6773}} {{CVE|CVE-2015-6774}} {{CVE|CVE-2015-6775}} {{CVE|CVE-2015-6776}} {{CVE|CVE-2015-6777}} {{CVE|CVE-2015-6778}} {{CVE|CVE-2015-6779}} {{CVE|CVE-2015-6780}} {{CVE|CVE-2015-6781}} {{CVE|CVE-2015-6782}} {{CVE|CVE-2015-6783}} {{CVE|CVE-2015-6784}} {{CVE|CVE-2015-6785}} {{CVE|CVE-2015-6786}} {{CVE|CVE-2015-6787}} [http://googlechromereleases.blogspot.fr/2015/12/stable-channel-update.html] || {{pkg|chromium}} || 2015-12-01 || <= 46.0.2490.86-1 || 47.0.2526.73-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000440.html ASA-201512-1]<br />
|-<br />
| {{CVE|CVE-2015-6764}} {{CVE|CVE-2015-8027}} [https://nodejs.org/en/blog/vulnerability/cve-2015-8027_cve-2015-6764/] || {{pkg|nodejs}} || 2015-11-25 || <= 5.1.0-1 || 5.1.1-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000462.html ASA-201512-4]<br />
|-<br />
| {{CVE|CVE-2015-8213}} [https://www.djangoproject.com/weblog/2015/nov/24/security-releases-issued/ templink] || {{pkg|python-django}} {{pkg|python2-django}} || 2015-11-24 || <= 1.8.6-1 || 1.8.7-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000460.html ASA-201512-3]<br />
|-<br />
| {{CVE|CVE-2015-1819}} {{CVE|CVE-2015-5312}} {{CVE|CVE-2015-7941}} {{CVE|CVE-2015-7942}} {{CVE|CVE-2015-7497}} {{CVE|CVE-2015-7498}} {{CVE|CVE-2015-7499}} {{CVE|CVE-2015-7500}} {{CVE|CVE-2015-8035}} {{CVE|CVE-2015-8242}} [https://mail.gnome.org/archives/xml/2015-November/msg00012.html templink] || {{pkg|libxml2}} || 2015-11-20 || <= 2.9.2-2 || 2.9.3-1 || 19d || Fixed ({{bug|47095}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000464.html ASA-201512-6]<br />
|-<br />
| {{CVE|CVE-2015-7981}} {{CVE|CVE-2015-8126}} [http://seclists.org/oss-sec/2015/q4/264 templink] [http://seclists.org/oss-sec/2015/q4/161 templink] || {{pkg|libpng}} {{pkg|lib32-libpng}} || 2015-11-12 || <= 1.6.18-1 || 1.6.19-1 || 5d || Fixed ({{bug|47069}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000437.html ASA-201511-9] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000438.html ASA-201511-10]<br />
|-<br />
| {{CVE|CVE-2015-5309}} [http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-ech-overflow.html templink] || {{pkg|putty}} || 2015-11-12 || <= 0.65-1 || 0.66-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000435.html ASA-201511-7]<br />
|-<br />
| {{CVE|CVE-2015-7651}} {{CVE|CVE-2015-7652}} {{CVE|CVE-2015-7653}} {{CVE|CVE-2015-7654}} {{CVE|CVE-2015-7655}} {{CVE|CVE-2015-7656}} {{CVE|CVE-2015-7657}} {{CVE|CVE-2015-7658}} {{CVE|CVE-2015-7659}} {{CVE|CVE-2015-7660}} {{CVE|CVE-2015-7661}} {{CVE|CVE-2015-7662}} {{CVE|CVE-2015-7663}} {{CVE|CVE-2015-8042}} {{CVE|CVE-2015-8043}} {{CVE|CVE-2015-8044}} {{CVE|CVE-2015-8046}} [https://helpx.adobe.com/security/products/flash-player/apsb15-28.html templink] || {{pkg|flashplugin}} || 2015-11-10 || <= 11.2.202.540-1 || 11.2.202.548-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000433.html ASA-201511-5]<br />
|-<br />
| {{CVE|CVE-2015-1302}} [http://googlechromereleases.blogspot.fr/2015/11/stable-channel-update.html templink] || {{pkg|chromium}} || 2015-11-10 || <= 46.0.2490.80-2 || 46.0.2490.86-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000436.html ASA-201511-8]<br />
|-<br />
| {{CVE|CVE-2015-5311}} [https://doc.powerdns.com/md/security/powerdns-advisory-2015-03/ templink] || {{pkg|powerdns}} || 2015-11-09 || <= 3.4.6-2 || 3.4.7-1 || 3d || Fixed ({{bug|47014}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000434.html ASA-201511-6]<br />
|-<br />
| {{CVE|CVE-2015-4513}} {{CVE|CVE-2015-4514}} {{CVE|CVE-2015-4515}} {{CVE|CVE-2015-4518}} {{CVE|CVE-2015-7181}} {{CVE|CVE-2015-7182}} {{CVE|CVE-2015-7183}} {{CVE|CVE-2015-7187}} {{CVE|CVE-2015-7188}} {{CVE|CVE-2015-7189}} {{CVE|CVE-2015-7193}} {{CVE|CVE-2015-7194}} {{CVE|CVE-2015-7195}} {{CVE|CVE-2015-7196}} {{CVE|CVE-2015-7197}} {{CVE|CVE-2015-7198}} {{CVE|CVE-2015-7199}} {{CVE|CVE-2015-7200}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2015-11-03 || <= 41.0.2-2 || 42.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000430.html ASA-201511-2]<br />
|-<br />
| {{CVE|CVE-2015-7183}} [http://www.mail-archive.com/dev-tech-crypto@lists.mozilla.org/msg12386.html templink] || {{pkg|nspr}} || 2015-11-03 || <= 4.10.9-1 || 4.10.10-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000432.html ASA-201511-4]<br />
|-<br />
| {{CVE|CVE-2015-7181}} {{CVE|CVE-2015-7182}} [http://www.mail-archive.com/dev-tech-crypto@lists.mozilla.org/msg12386.html templink] || {{pkg|nss}} || 2015-11-03 || <= 3.20-1 || 3.20.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000431.html ASA-201511-3]<br />
|-<br />
| {{CVE|CVE-2015-7696}} {{CVE|CVE-2015-7697}} [http://seclists.org/oss-sec/2015/q3/512 templink] || {{pkg|unzip}} || 2015-10-30 || <= 6.0-10 || 6.0-11 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000429.html ASA-201511-1]<br />
|-<br />
| {{CVE|CVE-2015-8011}} {{CVE|CVE-2015-8012}} [http://seclists.org/oss-sec/2015/q4/198 templink] || {{pkg|lldpd}} || 2015-10-17 || <= 0.7.18-1 || 0.7.19-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000427.html ASA-201510-25]<br />
|-<br />
| {{CVE|CVE-2015-5714}} {{CVE|CVE-2015-5715}} {{CVE|CVE-2015-7989}} [https://codex.wordpress.org/Version_4.3.1 templink] || {{pkg|wordpress}} || 2015-10-18 || <= 4.3.0-1 || 4.3.1-1 || 11d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000426.html ASA-201510-24]<br />
|-<br />
| {{CVE|CVE-2015-7873}} [https://www.phpmyadmin.net/security/PMASA-2015-5/ templink] || {{pkg|phpmyadmin}} || 2015-10-23 || <= 4.5.0-1 || 4.5.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000425.html ASA-201510-23]<br />
|-<br />
| {{CVE|CVE-2015-7995}} [https://bugzilla.redhat.com/show_bug.cgi?id=1257962 templink] || {{pkg|libxslt}} || 2015-10-27 || <= 1.1.28-3 || 1.1.28-4 || 73d || Fixed ({{bug|47681}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000487.html ASA-201601-8]<br />
|-<br />
| {{CVE|CVE-2015-7943}} [https://www.drupal.org/SA-CORE-2015-004 templink] || {{pkg|drupal}} || 2015-10-21 || <= 7.40-1 || 7.41-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000423.html ASA-201510-21]<br />
|-<br />
| {{CVE|CVE-2015-4913}} {{CVE|CVE-2015-4870}} {{CVE|CVE-2015-4861}} {{CVE|CVE-2015-4858}} {{CVE|CVE-2015-4836}} {{CVE|CVE-2015-4830}} {{CVE|CVE-2015-4826}} {{CVE|CVE-2015-4815}} {{CVE|CVE-2015-4802}} {{CVE|CVE-2015-4792}} || {{pkg|mariadb}} || 2015-10-22 || <= 10.0.21-3 || 10.0.22-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000428.html ASA-201510-26] <br />
|-<br />
| {{CVE|CVE-2015-4734}} {{CVE|CVE-2015-4803}} {{CVE|CVE-2015-4805}} {{CVE|CVE-2015-4806}} {{CVE|CVE-2015-4810}} {{CVE|CVE-2015-4835}} {{CVE|CVE-2015-4840}} {{CVE|CVE-2015-4842}} {{CVE|CVE-2015-4843}} {{CVE|CVE-2015-4844}} {{CVE|CVE-2015-4860}} {{CVE|CVE-2015-4868}} {{CVE|CVE-2015-4872}} {{CVE|CVE-2015-4881}} {{CVE|CVE-2015-4882}} {{CVE|CVE-2015-4883}} {{CVE|CVE-2015-4893}} {{CVE|CVE-2015-4901}} {{CVE|CVE-2015-4902}} {{CVE|CVE-2015-4903}} {{CVE|CVE-2015-4906}} {{CVE|CVE-2015-4908}} {{CVE|CVE-2015-4911}} {{CVE|CVE-2015-4916}} || {{pkg|jdk8-openjdk}} {{pkg|jre8-openjdk}} {{pkg|jre8-openjdk-headless}} || 2015-09-22 || <= 8.u60-1 || 8.u65-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000420.html ASA-201510-18] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000421.html ASA-201510-19] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000422.html ASA-201510-20]<br />
|-<br />
| {{CVE|CVE-2015-4734}} {{CVE|CVE-2015-4803}} {{CVE|CVE-2015-4805}} {{CVE|CVE-2015-4806}} {{CVE|CVE-2015-4810}} {{CVE|CVE-2015-4835}} {{CVE|CVE-2015-4840}} {{CVE|CVE-2015-4842}} {{CVE|CVE-2015-4843}} {{CVE|CVE-2015-4844}} {{CVE|CVE-2015-4860}} {{CVE|CVE-2015-4871}} {{CVE|CVE-2015-4872}} {{CVE|CVE-2015-4881}} {{CVE|CVE-2015-4882}} {{CVE|CVE-2015-4883}} {{CVE|CVE-2015-4893}} {{CVE|CVE-2015-4902}} {{CVE|CVE-2015-4903}} {{CVE|CVE-2015-4911}} || {{pkg|jdk7-openjdk}} {{pkg|jre7-openjdk}} {{pkg|jre7-openjdk-headless}} || 2015-09-22 || <= 7.u85_2.6.1-2 || 7.u91_2.6.2-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000417.html ASA-201510-15] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000418.html ASA-201510-16] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000419.html ASA-201510-17]<br />
|-<br />
| {{CVE|CVE-2015-7691}} {{CVE|CVE-2015-7692}} {{CVE|CVE-2015-7701}} {{CVE|CVE-2015-7702}} {{CVE|CVE-2015-7703}} {{CVE|CVE-2015-7704}} {{CVE|CVE-2015-7705}} {{CVE|CVE-2015-7848}} {{CVE|CVE-2015-7849}} {{CVE|CVE-2015-7850}} {{CVE|CVE-2015-7851}} {{CVE|CVE-2015-7852}} {{CVE|CVE-2015-7853}} {{CVE|CVE-2015-7854}} {{CVE|CVE-2015-7855}} {{CVE|CVE-2015-7871}} [http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities templink] [http://blog.talosintel.com/2015/10/ntpd-vulnerabilities.html templink] || {{pkg|ntp}} || 2015-10-21 || <= 4.2.8.p3-1 || 4.2.8.p4-1 || 1d || Fixed ({{bug|46826}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000416.html ASA-201510-14]<br />
|-<br />
| {{CVE|CVE-2015-6031}} [http://talosintel.com/reports/TALOS-2015-0035/ templink] || {{pkg|miniupnpc}} || 2015-09-15 || <= 1.9.20150730-1 || 1.9.20151008-1 || 30d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000413.html ASA-201510-11]<br />
|-<br />
| {{CVE|CVE-2015-7645}} {{CVE|CVE-2015-7647}} {{CVE|CVE-2015-7648}} [https://helpx.adobe.com/security/products/flash-player/apsa15-05.html templink] [https://helpx.adobe.com/security/products/flash-player/apsb15-27.html templink] || {{pkg|flashplugin}} || 2015-10-14 || <= 11.2.202.535-1 || 11.2.202.540-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000414.html ASA-201510-12]<br />
|-<br />
| {{CVE|CVE-2015-7184}} [https://www.mozilla.org/en-US/security/advisories/mfsa2015-115/ templink] || {{pkg|firefox}} || 2015-10-15 || <= 41.0.1-1 || 41.0.2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000412.html ASA-201510-10]<br />
|-<br />
| {{CVE|CVE-2015-5260}} {{CVE|CVE-2015-5261}} {{CVE|CVE-2015-3247}} [http://lists.freedesktop.org/archives/spice-devel/2015-October/022168.html templink] [https://bugzilla.redhat.com/show_bug.cgi?id=1260822 templink] [https://bugzilla.redhat.com/show_bug.cgi?id=1261889 templink] [https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797976;msg=21 templink] || {{pkg|spice}} || 2015-09-08 || <= 0.12.5-1 || 0.12.6-1 || 41d || Fixed ({{bug|46738}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000415.html ASA-201510-13]<br />
|-<br />
| {{CVE|CVE-2015-6755}} {{CVE|CVE-2015-6756}} {{CVE|CVE-2015-6757}} {{CVE|CVE-2015-6758}} {{CVE|CVE-2015-6759}} {{CVE|CVE-2015-6760}} {{CVE|CVE-2015-6761}} {{CVE|CVE-2015-6762}} {{CVE|CVE-2015-6763}} [http://googlechromereleases.blogspot.fr/2015/10/stable-channel-update.html templink] || {{pkg|chromium}} || 2015-10-13 || <= 45.0.2454.101-2 || 46.0.2490.71-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000410.html ASA-201510-8]<br />
|-<br />
| {{CVE|CVE-2015-5569}} {{CVE|CVE-2015-7625}} {{CVE|CVE-2015-7626}} {{CVE|CVE-2015-7627}} {{CVE|CVE-2015-7628}} {{CVE|CVE-2015-7629}} {{CVE|CVE-2015-7630}} {{CVE|CVE-2015-7631}} {{CVE|CVE-2015-7632}} {{CVE|CVE-2015-7633}} {{CVE|CVE-2015-7634}} {{CVE|CVE-2015-7643}} {{CVE|CVE-2015-7644}} [https://helpx.adobe.com/security/products/flash-player/apsb15-25.html templink] || {{pkg|flashplugin}} || 2015-10-13 || <= 11.2.202.521-1 || 11.2.202.535-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000409.html ASA-201510-7]<br />
|-<br />
| {{CVE|CVE-2015-5291}} [https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2015-01 templink] || {{pkg|mbedtls}} || 2015-10-05 || <= 2.1.1-1 || 2.1.2-1 || 10d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000411.html ASA-201510-9]<br />
|-<br />
| {{CVE|CVE-2015-7384}} [https://nodejs.org/en/blog/release/v4.1.2/ templink] || {{pkg|nodejs}} || 2015-10-05 || <= 4.1.1-1 || 4.1.2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000405.html ASA-201510-3]<br />
|-<br />
| {{CVE|CVE-2015-7687}} [http://seclists.org/oss-sec/2015/q4/17 templink] [https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3f8e2fe24f3ff174d8515b82607e951e054f68f6 templink] || {{pkg|opensmtpd}} || 2015-10-02 || <= 5.7.1p1-1 || 5.7.3p1-1 || 6d || Fixed ({{bug|46605}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000407.html ASA-201510-5]<br />
|-<br />
| {{CVE|CVE-2015-7673}} {{CVE|CVE-2015-7674}} [http://seclists.org/oss-sec/2015/q4/18 templink] [http://seclists.org/oss-sec/2015/q4/19 templink] || {{pkg|gdk-pixbuf2}} || 2015-10-01 || <= 2.31.7-1 || 2.32.1-1 || 9d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000408.html ASA-201510-6]<br />
|-<br />
| {{CVE|CVE-2015-1335}} [https://github.com/lxc/lxc/commit/6de26af93d3dd87c8b21a42fdf20f30fa1c1948d templink] || {{pkg|lxc}} || 2015-09-29 || <= 1:1.1.3-2 || - || - || Not Affected ({{bug|46574}}) || None<br />
|-<br />
| {{CVE|CVE-2015-6972}} {{CVE|CVE-2015-6973}} [http://hyp3rlinx.altervista.org/advisories/AS-OPENFIRE-XSS.txt templink] [http://hyp3rlinx.altervista.org/advisories/AS-OPENFIRE-CSRF.txt templink] [https://igniterealtime.org/issues/browse/OF-942] || {{pkg|openfire}} || 2015-09-14 || <= 4.0.3-1 || || || '''Vulnerable''' ||<br />
|-<br />
| {{CVE|CVE-2015-4499}} [https://www.bugzilla.org/security/4.2.14/ templink] || {{pkg|bugzilla}} || 2015-09-10 || <= 5.0-1 || 5.0.1-1 || 28d || Fixed ({{bug|46573}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000406.html ASA-201510-4]<br />
|-<br />
| {{CVE|CVE-2015-4141}} {{CVE|CVE-2015-4142}} {{CVE|CVE-2015-4143}} {{CVE|CVE-2015-4144}} {{CVE|CVE-2015-4145}} {{CVE|CVE-2015-4146}} [http://w1.fi/security/2015-2/ templink] [http://w1.fi/security/2015-3/ templink] [http://w1.fi/security/2015-4/ templink] [http://w1.fi/security/2015-5/ templink] || {{pkg|hostapd}} || 2015-05-04 || <= 2.4-2 || 2.5-1 || ~150d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000404.html ASA-201510-2]<br />
|-<br />
| {{CVE|CVE-2015-3239}} [https://bugzilla.redhat.com/show_bug.cgi?id=1232265 templink] || {{pkg|libunwind}} || 2015-06-16 || <= 1.1-2 || 1.1-3 || ~110d || Fixed ({{bug|46474}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000403.html ASA-201510-1]<br />
|-<br />
| {{CVE|CVE-2015-1303}} {{CVE|CVE-2015-1304}} [http://googlechromereleases.blogspot.fr/2015/09/stable-channel-update_24.html templink] || {{pkg|chromium}} || 2015-09-24 || <= 45.0.2454.99-1 || 45.0.2454.101-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000401.html ASA-201509-11]<br />
|-<br />
| {{CVE|CVE-2015-4500}} {{CVE|CVE-2015-4501}} {{CVE|CVE-2015-4502}} {{CVE|CVE-2015-4504}} {{CVE|CVE-2015-4506}} {{CVE|CVE-2015-4507}} {{CVE|CVE-2015-4508}} {{CVE|CVE-2015-4509}} {{CVE|CVE-2015-4510}} {{CVE|CVE-2015-4511}} {{CVE|CVE-2015-4512}} {{CVE|CVE-2015-4516}} {{CVE|CVE-2015-4517}} {{CVE|CVE-2015-4519}} {{CVE|CVE-2015-4520}} {{CVE|CVE-2015-4521}} {{CVE|CVE-2015-4522}} {{CVE|CVE-2015-7174}} {{CVE|CVE-2015-7175}} {{CVE|CVE-2015-7176}} {{CVE|CVE-2015-7177}} {{CVE|CVE-2015-7180}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox41 templink] || {{pkg|firefox}} || 2015-09-22 || <= 40.0.3-1 || 41.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000399.html ASA-201509-9]<br />
|-<br />
| {{CVE|CVE-2015-5567}} {{CVE|CVE-2015-5568}} {{CVE|CVE-2015-5570}} {{CVE|CVE-2015-5571}} {{CVE|CVE-2015-5572}} {{CVE|CVE-2015-5573}} {{CVE|CVE-2015-5574}} {{CVE|CVE-2015-5575}} {{CVE|CVE-2015-5576}} {{CVE|CVE-2015-5577}} {{CVE|CVE-2015-5578}} {{CVE|CVE-2015-5579}} {{CVE|CVE-2015-5580}} {{CVE|CVE-2015-5581}} {{CVE|CVE-2015-5582}} {{CVE|CVE-2015-5584}} {{CVE|CVE-2015-5587}} {{CVE|CVE-2015-5588}} {{CVE|CVE-2015-6676}} {{CVE|CVE-2015-6677}} {{CVE|CVE-2015-6678}} {{CVE|CVE-2015-6679}} {{CVE|CVE-2015-6682}} [https://helpx.adobe.com/security/products/flash-player/apsb15-23.html templink] || {{pkg|flashplugin}} || 2015-09-21 || <= 11.2.202.508-1 || 11.2.202.521-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000398.html ASA-201510-8]<br />
|-<br />
| {{CVE|CVE-2015-7236}} [http://seclists.org/oss-sec/2015/q3/561 templink] || {{pkg|rpcbind}} || 2015-09-17 || <= 0.2.3-1 || 0.2.3-2 || 7d || Fixed ({{bug|46341}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000400.html ASA-201509-10]<br />
|-<br />
| {{CVE|CVE-2015-5714}} {{CVE|CVE-2015-5715}} [https://wordpress.org/news/2015/09/wordpress-4-3-1/ templink] || {{pkg|wordpress}} || 2015-09-15 || <= 4.3-1 || 4.3.1-1 || 5d || Fixed ({{bug|46340}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000397.html ASA-201510-7]<br />
|-<br />
| {{CVE|CVE-2015-6908}} [http://www.openwall.com/lists/oss-security/2015/09/11/5 templink] || {{pkg|openldap}} || 2015-09-09 || <= 2.4.42-1 || 2.4.42-2 || 3d || Fixed ({{bug|46265}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000393.html ASA-201509-4]<br />
|-<br />
| {{CVE|CVE-2015-5722}} {{CVE|CVE-2015-5986}} [https://www.isc.org/blogs/cve-2015-5986-an-incorrect-boundary-check-can-trigger-a-require-assertion-failure-in-openpgpkey_61-c/ templink] [https://www.isc.org/blogs/cve-2015-5722-parsing-malformed-keys-may-cause-bind-to-exit-due-to-a-failed-assertion-in-buffer-c/ templink] || {{pkg|bind}} || 2015-09-02 || <= 9.10.2.P3-1 || 9.10.2.P4-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000391.html ASA-201509-2]<br />
|-<br />
| {{CVE|CVE-2015-5198}} {{CVE|CVE-2015-5199}} {{CVE|CVE-2015-5200}} [http://lists.x.org/archives/xorg-announce/2015-August/002630.html templink] || {{pkg|libvdpau}} {{pkg|lib32-libvdpau}} || 2015-08-31 || <= 1.1-1 || 1.1.1-1 || 13d || Fixed ({{bug|46266}}) ({{bug|46267}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000394.html ASA-201509-5]<br />
|-<br />
| {{CVE|CVE-2015-1291}} {{CVE|CVE-2015-1292}} {{CVE|CVE-2015-1293}} {{CVE|CVE-2015-1294}} {{CVE|CVE-2015-1295}} {{CVE|CVE-2015-1296}} {{CVE|CVE-2015-1297}} {{CVE|CVE-2015-1298}} {{CVE|CVE-2015-1299}} {{CVE|CVE-2015-1300}} {{CVE|CVE-2015-1301}} [http://googlechromereleases.blogspot.fr/2015/09/stable-channel-update.html templink] || {{pkg|chromium}} || 2015-09-01 || <= 44.0.2403.157-1 || 45.0.2454.85-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000390.html ASA-201509-1]<br />
|-<br />
| {{CVE|CVE-2015-5230}} [https://doc.powerdns.com/md/security/powerdns-advisory-2015-02/ templink] || {{pkg|powerdns}} || 2015-09-02 || <= 3.4.5-1 || 3.4.6-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000392.html ASA-201509-3]<br />
|-<br />
| {{CVE|CVE-2015-5317}} {{CVE|CVE-2015-5318}} {{CVE|CVE-2015-5319}} {{CVE|CVE-2015-5320}} {{CVE|CVE-2015-5321}} {{CVE|CVE-2015-5322}} {{CVE|CVE-2015-5323}} {{CVE|CVE-2015-5324}} {{CVE|CVE-2015-5325}} {{CVE|CVE-2015-5326}} {{CVE|CVE-2015-8103}} [https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11 templink] [http://seclists.org/bugtraq/2015/Aug/161 templink] || {{pkg|jenkins}} || 2015-08-28 || <= 1.627-1 || 1.638-1 || 60d || Fixed ({{bug|46268}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000439.html ASA-201511-11]<br />
|-<br />
| {{CVE|CVE-2015-6749}} [http://seclists.org/oss-sec/2015/q3/457 templink] || {{pkg|vorbis-tools}} || 2015-08-30 || <= 1.4.0-5 || 1.4.0-6 || >60d || Fixed ({{bug|46269}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000424.html ASA-201510-22]<br />
|-<br />
| {{CVE|CVE-2015-4497}} {{CVE|CVE-2015-4498}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox40.0.3 templink] || {{pkg|firefox}} || 2015-08-27 || <= 40.0.2-1 || 40.0.3-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000389.html ASA-201508-12]<br />
|-<br />
| {{CVE|CVE-2015-5949}} [http://www.ocert.org/advisories/ocert-2015-009.html templink] || {{pkg|vlc}} || 2015-08-20 || <= 2.2.1-6 || 2.2.2-1 || 179d || Fixed ({{bug|46037}}) || None<br />
|-<br />
| {{CVE|CVE-2015-5963}} [https://www.djangoproject.com/weblog/2015/aug/18/security-releases/ templink] || {{pkg|python-django}} {{pkg|python2-django}} || 2015-08-18 || <= 1.8.3-1 || 1.8.4-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000386.html ASA-201508-9]<br />
|-<br />
| {{CVE|CVE-2015-5221}} [http://seclists.org/oss-sec/2015/q3/408 templink] || {{pkg|jasper}} || 2015-08-16 || <= 1.900.1-15 || || || '''Vulnerable''' || <br />
|-<br />
| {{CVE|CVE-2015-5203}} [http://seclists.org/oss-sec/2015/q3/366 templink] || {{pkg|jasper}} || 2015-08-16 || <= 1.900.1-15 || || || '''Vulnerable''' || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000387.html ASA-201508-10]<br />
|-<br />
| CVE Pending [http://seclists.org/oss-sec/2015/q3/295 templink] || {{pkg|pcre}} || 2015-08-05 || <= 8.37-2 || 8.37-3 || 12d || Fixed ({{bug|45945}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000388.html ASA-201508-11]<br />
|-<br />
| {{CVE|CVE-2015-4473}} {{CVE|CVE-2015-4474}} {{CVE|CVE-2015-4475}} {{CVE|CVE-2015-4477}} {{CVE|CVE-2015-4478}} {{CVE|CVE-2015-4479}} {{CVE|CVE-2015-4480}} {{CVE|CVE-2015-4482}} {{CVE|CVE-2015-4483}} {{CVE|CVE-2015-4484}} {{CVE|CVE-2015-4485}} {{CVE|CVE-2015-4486}} {{CVE|CVE-2015-4487}} {{CVE|CVE-2015-4488}} {{CVE|CVE-2015-4489}} {{CVE|CVE-2015-4490}} {{CVE|CVE-2015-4491}} {{CVE|CVE-2015-4492}} {{CVE|CVE-2015-4493}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox40 templink] || {{pkg|firefox}} || 2015-08-11 || <= 39.0.3-1 || 40.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000381.html ASA-201508-4]<br />
|-<br />
| {{CVE|CVE-2014-8121}} [https://access.redhat.com/security/cve/CVE-2014-8121 templink] || {{pkg|glibc}} || 2015-02-23 || <= 2.21-4 || 2.22-1 || ~180d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000384.html ASA-201508-7]<br />
|-<br />
| {{CVE|CVE-2015-4680}} [http://www.ocert.org/advisories/ocert-2015-008.html templink] || {{pkg|freeradius}} || 2015-06-22 || <= 3.0.8-2 || 3.0.9-1 || ~50d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000383.html ASA-201508-6]<br />
|-<br />
| {{CVE|CVE-2015-3184}} {{CVE|CVE-2015-3187}} [https://subversion.apache.org/security/CVE-2015-3184-advisory.txt templink] [https://subversion.apache.org/security/CVE-2015-3187-advisory.txt templink] || {{pkg|subversion}} || 2015-08-05 || <= 1.8.13-2 || 1.9.0-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000382.html ASA-201508-5]<br />
|-<br />
| {{CVE|CVE-2015-6251}} [http://www.gnutls.org/security.html#GNUTLS-SA-2015-3 templink] || {{pkg|gnutls}} || 2015-08-10 || <= 3.4.3-1 || 3.4.4.1-1 || 10d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000385.html ASA-201508-8]<br />
|-<br />
| {{CVE|CVE-2015-4495}} [https://www.mozilla.org/en-US/security/advisories/mfsa2015-78/ templink] || {{pkg|firefox}} || 2015-08-06 || <= 39.0-1 || 39.0.3-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000378.html ASA-201508-1]<br />
|-<br />
| {{CVE|CVE-2015-2213}} {{CVE|CVE-2015-5730}} {{CVE|CVE-2015-5731}} {{CVE|CVE-2015-5732}} {{CVE|CVE-2015-5733}} {{CVE|CVE-2015-5734}} [https://codex.wordpress.org/Version_4.2.4 templink] || {{pkg|wordpress}} || 2015-08-04 || <= 4.2.3-1 || 4.2.4.-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000379.html ASA-201508-2]<br />
|-<br />
| {{CVE|CVE-2015-3245}} {{CVE|CVE-2015-3246}} [http://seclists.org/oss-sec/2015/q3/185 templink] || {{pkg|libuser}} || 2015-07-22 || <= 0.61-1 || 0.62-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000373.html ASA-201507-19]<br />
|-<br />
| {{CVE|CVE-2015-5600}} [https://kingcope.wordpress.com/2015/07/16/openssh-keyboard-interactive-authentication-brute-force-vulnerability-maxauthtries-bypass/ templink] || {{pkg|openssh}} || 2015-07-22 || <= 6.9p1-1 || 6.9p1-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000372.html ASA-201507-17]<br />
|-<br />
| {{CVE|CVE-2015-1270}} {{CVE|CVE-2015-1271}} {{CVE|CVE-2015-1272}} {{CVE|CVE-2015-1273}} {{CVE|CVE-2015-1274}} {{CVE|CVE-2015-1276}} {{CVE|CVE-2015-1277}} {{CVE|CVE-2015-1278}} {{CVE|CVE-2015-1279}} {{CVE|CVE-2015-1280}} {{CVE|CVE-2015-1281}} {{CVE|CVE-2015-1282}} {{CVE|CVE-2015-1283}} {{CVE|CVE-2015-1284}} {{CVE|CVE-2015-1285}} {{CVE|CVE-2015-1286}} {{CVE|CVE-2015-1287}} {{CVE|CVE-2015-1288}} {{CVE|CVE-2015-1289}} [http://googlechromereleases.blogspot.fr/2015/07/stable-channel-update_21.html templink] || {{pkg|chromium}} || 2015-07-21 || <= 43.0.2357.134-1 || 44.0.2403.89-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000371.html ASA-201507-18]<br />
|-<br />
| {{CVE|CVE-2015-2590}} {{CVE|CVE-2015-2601}} {{CVE|CVE-2015-2613}} {{CVE|CVE-2015-2621}} {{CVE|CVE-2015-2625}} {{CVE|CVE-2015-2628}} {{CVE|CVE-2015-2632}} {{CVE|CVE-2015-2808}} {{CVE|CVE-2015-4000}} {{CVE|CVE-2015-4731}} {{CVE|CVE-2015-4732}} {{CVE|CVE-2015-4733}} {{CVE|CVE-2015-4748}} {{CVE|CVE-2015-4749}} {{CVE|CVE-2015-4760}} [http://blog.fuseyism.com/index.php/2015/07/21/security-icedtea-2-6-1-for-openjdk-7-released/ templink] || {{pkg|jre7-openjdk}} || 2015-07-21 || <= 7.u80_2.6.0-1 || 7.u85_2.6.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000370.html ASA-201507-16]<br />
|-<br />
| {{CVE|CVE-2015-5122}} {{CVE|CVE-2015-5123}} [https://helpx.adobe.com/security/products/flash-player/apsb15-18.html templink] || {{pkg|lib32-flashplugin}} || 2015-07-09 || <= 11.2.202.481-1 || 11.2.202.491-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000368.html ASA-201507-14]<br />
|-<br />
| {{CVE|CVE-2015-5122}} {{CVE|CVE-2015-5123}} [https://helpx.adobe.com/security/products/flash-player/apsb15-18.html templink] || {{pkg|flashplugin}} || 2015-07-09 || <= 11.2.202.481-1 || 11.2.202.491-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000367.html ASA-201507-13]<br />
|-<br />
| {{CVE|CVE-2015-0228}} {{CVE|CVE-2015-0253}} {{CVE|CVE-2015-3183}} {{CVE|CVE-2015-3185}} [http://www.apache.org/dist/httpd/CHANGES_2.4.16 templink] || {{pkg|apache}} || 2015-07-15 || <= 2.4.12-4 || 2.4.16-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000369.html ASA-201507-15]<br />
|-<br />
| {{CVE|CVE-2015-2724}} {{CVE|CVE-2015-2725}} {{CVE|CVE-2015-2726}} {{CVE|CVE-2015-2731}} {{CVE|CVE-2015-2734}} {{CVE|CVE-2015-2735}} {{CVE|CVE-2015-2736}} {{CVE|CVE-2015-2737}} {{CVE|CVE-2015-2738}} {{CVE|CVE-2015-2739}} {{CVE|CVE-2015-2740}} {{CVE|CVE-2015-2741}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird38.1 templink] || {{pkg|thunderbird}} || 2015-07-09 || <= 38.0.1-1 || 38.1.0-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000363.html ASA-201507-9]<br />
|-<br />
| {{CVE|CVE-2015-1793}} [https://openssl.org/news/secadv_20150709.txt templink] || {{pkg|lib32-openssl}} || 2015-07-09 || <= 1.0.2.c-1 || 1.0.2.d-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000366.html ASA-201507-12]<br />
|-<br />
| {{CVE|CVE-2015-1793}} [https://openssl.org/news/secadv_20150709.txt templink] || {{pkg|openssl}} || 2015-07-09 || <= 1.0.2.c-1 || 1.0.2.d-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000362.html ASA-201507-8]<br />
|-<br />
| {{CVE|CVE-2014-0578}} {{CVE|CVE-2015-3114}} {{CVE|CVE-2015-3115}} {{CVE|CVE-2015-3116}} {{CVE|CVE-2015-3117}} {{CVE|CVE-2015-3118}} {{CVE|CVE-2015-3119}} {{CVE|CVE-2015-3120}} {{CVE|CVE-2015-3121}} {{CVE|CVE-2015-3122}} {{CVE|CVE-2015-3123}} {{CVE|CVE-2015-3124}} {{CVE|CVE-2015-3125}} {{CVE|CVE-2015-3126}} {{CVE|CVE-2015-3127}} {{CVE|CVE-2015-3128}} {{CVE|CVE-2015-3129}} {{CVE|CVE-2015-3130}} {{CVE|CVE-2015-3131}} {{CVE|CVE-2015-3132}} {{CVE|CVE-2015-3133}} {{CVE|CVE-2015-3134}} {{CVE|CVE-2015-3135}} {{CVE|CVE-2015-3136}} {{CVE|CVE-2015-3137}} {{CVE|CVE-2015-4428}} {{CVE|CVE-2015-4429}} {{CVE|CVE-2015-4430}} {{CVE|CVE-2015-4431}} {{CVE|CVE-2015-4432}} {{CVE|CVE-2015-4433}} {{CVE|CVE-2015-5116}} {{CVE|CVE-2015-5117}} {{CVE|CVE-2015-5118}} {{CVE|CVE-2015-5119}} [https://helpx.adobe.com/security/products/flash-player/apsb15-16.html templink] [https://www.kb.cert.org/vuls/id/561288 templink] || {{pkg|flashplugin}} || 2015-07-07 || <= 11.2.202.468-1 || 11.2.202.481-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000361.html ASA-201507-7]<br />
|-<br />
| {{CVE|CVE-2015-4620}} [https://kb.isc.org/article/AA-01267/ templink] || {{pkg|bind}} || 2015-07-07 || <= 9.10.2.P1-1 || 9.10.2.P2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000360.html ASA-201507-6]<br />
|-<br />
| {{CVE|CVE-2015-5382}} [http://www.openwall.com/lists/oss-security/2015/07/07/3 templink] || {{pkg|roundcubemail}} || 2015-07-06 || <= 1.1.1-1 || 1.1.2-1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-5355}} {{CVE|CVE-2015-2694}} [http://krbdev.mit.edu/rt/NoAuth/krb5-1.13/fixed-1.13.2.html templink] || {{pkg|lib32-krb5}} || 2015-05-08 || <= 1.13.1-1 || 1.13.2-1 || 63d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000365.html ASA-201507-11]<br />
|-<br />
| {{CVE|CVE-2014-5355}} {{CVE|CVE-2015-2694}} [http://krbdev.mit.edu/rt/NoAuth/krb5-1.13/fixed-1.13.2.html templink] || {{pkg|krb5}} || 2015-05-08 || <= 1.13.1-1 || 1.13.2-1 || 63d || Fixed ({{bug|45575}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000364.html ASA-201507-10]<br />
|-<br />
| {{CVE|CVE-2015-3281}} [http://marc.info/?l=haproxy&m=143593901506748&w=2 templink] || {{pkg|haproxy}} || 2015-07-03 || <= 1.5.12-1 || 1.5.14-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000357.html ASA-201507-3]<br />
|-<br />
| {{CVE|CVE-2015-2722}} {{CVE|CVE-2015-2724}} {{CVE|CVE-2015-2725}} {{CVE|CVE-2015-2726}} {{CVE|CVE-2015-2727}} {{CVE|CVE-2015-2728}} {{CVE|CVE-2015-2729}} {{CVE|CVE-2015-2731}} {{CVE|CVE-2015-2733}} {{CVE|CVE-2015-2734}} {{CVE|CVE-2015-2735}} {{CVE|CVE-2015-2736}} {{CVE|CVE-2015-2737}} {{CVE|CVE-2015-2739}} {{CVE|CVE-2015-2740}} {{CVE|CVE-2015-2741}} {{CVE|CVE-2015-2743}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2015-07-02 || <= 38.0.5 || 39.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000356.html ASA-201507-2]<br />
|- <br />
| {{CVE|CVE-2015-5352}} [http://www.openwall.com/lists/oss-security/2015/07/01/10 templink] || {{pkg|openssh}} || 2015-06-29 || <= 6.8p1-3 || 6.9p1-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000358.html ASA-201507-4]<br />
|-<br />
| {{CVE|CVE-2015-5146}} [http://support.ntp.org/bin/view/Main/SecurityNotice#June_2015_NTP_Security_Vulnerabi templink] || {{pkg|ntp}} || 2015-06-29 || <= 4.2.8p2-1 || 4.2.8p3-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000359.html ASA-201507-5]<br />
|-<br />
| {{CVE|CVE-2015-2141}} [https://lists.ubuntu.com/archives/ubuntu-devel-discuss/2015-June/015585.html templink] [https://github.com/weidai11/cryptopp/commit/9425e16437439e68c7d96abef922167d68fafaff commit] || {{pkg|crypto++}} || 2015-06-28 || <= 5.6.2-2 || 5.6.2-3 || 28d || Fixed ({{bug|45498}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000374.html ASA-201507-20]<br />
|-<br />
| {{CVE|CVE-2015-5073}} [https://bugs.exim.org/show_bug.cgi?id=1651 templink] [http://vcs.pcre.org/pcre?view=revision&revision=1571 commit] || {{pkg|pcre}} || 2015-06-26 || <= 8.37-2 || 8.37-3 || ~52d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-5069}} {{CVE|CVE-2015-5070}} [http://www.openwall.com/lists/oss-security/2015/06/25/12 templink] || {{pkg|wesnoth}} || 2015-06-24 || <= 1.12.2-3 || 1.12.4-1 || < 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000355.html ASA-201507-1]<br />
|-<br />
| {{CVE|CVE-2015-3113}} [https://helpx.adobe.com/security/products/flash-player/apsb15-14.html templink] || {{pkg|flashplugin}} || 2015-06-23 || <= 11.2.202.466-1 || 11.2.202.468-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-June/000346.html ASA-201506-5]<br />
|-<br />
| {{CVE|CVE-2015-3236}} {{CVE|CVE-2015-3237}} [http://curl.haxx.se/docs/adv_20150617A.html templink] [http://curl.haxx.se/docs/adv_20150617B.html templink] || {{pkg|lib32-curl}} || 2015-06-17 || <= 7.42.1-1 || 7.43.0-1 || 47d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-June/000345.html ASA-201506-4]<br />
|-<br />
| {{CVE|CVE-2015-3236}} {{CVE|CVE-2015-3237}} [http://curl.haxx.se/docs/adv_20150617A.html templink] [http://curl.haxx.se/docs/adv_20150617B.html templink] || {{pkg|curl}} || 2015-06-17 || <= 7.42.1-1 || 7.43.0-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-June/000345.html ASA-201506-4]<br />
|-<br />
| {{CVE|CVE-2009-1364}} {{CVE|CVE-2006-3376}} {{CVE|CVE-2007-0455}} {{CVE|CVE-2007-2756}} {{CVE|CVE-2007-3472}} {{CVE|CVE-2007-3473}} {{CVE|CVE-2007-3477}} {{CVE|CVE-2009-3546}} {{CVE|CVE-2015-0848}} {{CVE|CVE-2015-4588}} {{CVE|CVE-2015-4695}} {{CVE|CVE-2015-4696}} [http://www.openwall.com/lists/oss-security/2015/06/16/4 templink] || {{pkg|libwmf}} || 2015-06-01 || <= 0.2.8.4-13 || || || '''Vulnerable''' ({{bug|49162}}) ||<br />
|-<br />
| {{CVE|CVE-2015-2325}} {{CVE|CVE-2015-2326}} {{CVE|CVE-2015-3414}} {{CVE|CVE-2015-3415}} {{CVE|CVE-2015-3416}} [http://php.net/ChangeLog-5.php#5.6.10 templink] || {{pkg|php}} || 2015-06-11 || <= 5.6.9-2 || 5.6.10-1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-3885}} [http://www.ocert.org/advisories/ocert-2015-006.html templink] || {{pkg|libraw}} || 2015-05-11 || <= 0.16.0-3 || 0.16.1 || 5d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-3885}} [http://www.ocert.org/advisories/ocert-2015-006.html templink] || {{pkg|dcraw}} || 2015-05-11 || <= 9.25.0-1 || 9.26.0-1 || ~1m || Fixed || None <br />
|-<br />
| {{CVE|CVE-2015-3885}} [http://www.ocert.org/advisories/ocert-2015-006.html templink] || {{pkg|gimp-ufraw}} || 2015-05-11 || <= 0.21-1 || 0.22-1 || 45d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-3885}} [http://www.ocert.org/advisories/ocert-2015-006.html templink] || {{pkg|rawtherapee}} || 2015-05-11 || <= 1:4.2-1 || 1:4.2+448.g26d182d-1 || ~5m || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-3885}} [http://www.ocert.org/advisories/ocert-2015-006.html templink] || {{pkg|rawstudio}} || 2015-05-11 || <= 2.0-12 || 2.0_git20160107-1 || ~11m || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-1158}} {{CVE|CVE-2015-1159}} [http://www.cups.org/str.php?L4609 templink] || {{pkg|cups}} || 2015-06-08 || <= 2.0.2-4 || 2.0.3-1 || 1d || Fixed ({{bug|45279}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-June/000343.html ASA-201506-2]<br />
|-<br />
| {{CVE|CVE-2015-1788}} {{CVE|CVE-2015-1789}} {{CVE|CVE-2015-1790}} {{CVE|CVE-2015-1791}} {{CVE|CVE-2015-1792}} {{CVE|CVE-2015-4000}} [https://www.openssl.org/news/secadv_20150611.txt templink] [https://git.openssl.org/?p=openssl.git;a=commit;h=98ece4eebfb6cd45cc8d550c6ac0022965071afc templink] || {{pkg|openssl}} || 2015-06-11 || <= 1.0.2.a-1 || 1.0.2.b-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-June/000344.html ASA-201506-3]<br />
|-<br />
| {{CVE|CVE-2015-3210}} [https://bugs.exim.org/show_bug.cgi?id=1636 templink] || {{pkg|pcre}} || 2015-05-29 || <= 8.37-1 || 8.37-2 || 7d || Fixed ({{bug|45207}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-June/000342.html ASA-201506-1]<br />
|-<br />
| {{CVE|CVE-2015-3165}} {{CVE|CVE-2015-3166}} {{CVE|CVE-2015-3167}} [http://www.postgresql.org/about/news/1587/ templink] || {{pkg|postgresql}} || 2015-05-22 || <= 9.4.1-1 || 9.4.2-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000338.html ASA-201505-17]<br />
|-<br />
| {{CVE|CVE-2015-4054}} [http://www.openwall.com/lists/oss-security/2015/05/22/5 templink] || {{pkg|pgbouncer}} || 2015-04-09 || <= 1.5.4-6 || 1.5.5-1 || 26d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000337.html ASA-201505-16]<br />
|-<br />
| {{CVE|CVE-2015-1251}} {{CVE|CVE-2015-1252}} {{CVE|CVE-2015-1253}} {{CVE|CVE-2015-1254}} {{CVE|CVE-2015-1255}} {{CVE|CVE-2015-1256}} {{CVE|CVE-2015-1257}} {{CVE|CVE-2015-1258}} {{CVE|CVE-2015-1259}} {{CVE|CVE-2015-1260}} {{CVE|CVE-2015-1263}} {{CVE|CVE-2015-1264}} {{CVE|CVE-2015-1265}} [http://googlechromereleases.blogspot.fr/2015/05/stable-channel-update_19.html templink] || {{pkg|chromium}} || 2015-05-19 || <= 42.0.2311.135-1 || 43.0.2357.65-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000335.html ASA-201505-14]<br />
|-<br />
| {{CVE|CVE-2015-3808}} {{CVE|CVE-2015-3809}} {{CVE|CVE-2015-3810}} {{CVE|CVE-2015-3811}} {{CVE|CVE-2015-3812}} {{CVE|CVE-2015-3813}} {{CVE|CVE-2015-3814}} {{CVE|CVE-2015-3815}} [https://wireshark.org/docs/relnotes/wireshark-1.12.5.html templink] || {{pkg|wireshark-cli}} {{pkg|wireshark-qt}} {{pkg|wireshark-gtk}} || 2015-05-11 || <= 1.12.4-4 || 1.12.5-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000329.html ASA-201505-10] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000330.html ASA-201505-11] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000331.html ASA-201505-12]<br />
|-<br />
| {{CVE|CVE-2015-3456}} [https://securityblog.redhat.com/2015/05/13/venom-dont-get-bitten/ templink] || {{pkg|qemu}} || 2015-05-13 || <= 2.2.1-4 || 2.2.1-5 || 1d || Fixed ({{bug|44958}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000328.html ASA-201505-9]<br />
|-<br />
| {{CVE|CVE-2014-0230}} [https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.44 templink] || {{pkg|tomcat6}} || 2015-04-09 || <= 6.0.43-2 || 6.0.44-1 || 34d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000321.html ASA-201505-8]<br />
|-<br />
| {{CVE|CVE-2015-2708}} {{CVE|CVE-2015-2709}} {{CVE|CVE-2015-2710}} {{CVE|CVE-2015-2713}} {{CVE|CVE-2015-2716}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird31.7 templink] || {{pkg|thunderbird}} || 2015-05-12 || <= 31.6.0-2 || 31.7.0-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000332.html ASA-201505-13]<br />
|-<br />
| {{CVE|CVE-2015-2708}} {{CVE|CVE-2015-2709}} {{CVE|CVE-2015-2710}} {{CVE|CVE-2015-2711}} {{CVE|CVE-2015-2712}} {{CVE|CVE-2015-2713}} {{CVE|CVE-2015-2715}} {{CVE|CVE-2015-2716}} {{CVE|CVE-2015-2717}} {{CVE|CVE-2015-2718}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox38 templink] || {{pkg|firefox}} || 2015-05-12 || <= 37.0.2-1 || 38.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000320.html ASA-201505-7] <br />
|-<br />
| {{CVE|CVE-2015-3622}} [http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commitdiff;h=f979435 templink] || {{pkg|libtasn1}} || 2015-04-20 || <= 4.5-1 || 4.4-1 || 16d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000318.html ASA-201505-5]<br />
|-<br />
| {{CVE|CVE-2014-8964}} [https://mariadb.com/kb/en/mariadb/mariadb-10018-release-notes/ templink] || {{pkg|mariadb-clients}} || 2015-05-07 || <= 10.0.17-1 || 10.0.18-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000317.html ASA-201505-4]<br />
|-<br />
| {{CVE|CVE-2014-8964}} {{CVE|CVE-2015-0499}} {{CVE|CVE-2015-0501}} {{CVE|CVE-2015-0505}} {{CVE|CVE-2015-2571}} [https://mariadb.com/kb/en/mariadb/mariadb-10018-release-notes/ templink] || {{pkg|mariadb}} || 2015-05-07 || <= 10.0.17-1 || 10.0.18-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000316.html ASA-201505-3]<br />
|-<br />
| {{CVE|CVE-2015-3627}} {{CVE|CVE-2015-3629}} {{CVE|CVE-2015-3630}} {{CVE|CVE-2015-3631}} [http://seclists.org/oss-sec/2015/q2/389 templink] || {{pkg|docker}} || 2015-05-07 || <= 1:1.6.0-1 || 1:1.6.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000319.html ASA-201505-6]<br />
|-<br />
| {{CVE|CVE-2015-0847}} [http://sourceforge.net/p/nbd/mailman/message/34091218/ templink] || {{pkg|nbd}} || 2015-05-07 || <= 3.10-1 || 3.11-1 || 19d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000336.html ASA-201505-15]<br />
|-<br />
| {{CVE|CVE-2015-1858}} {{CVE|CVE-2015-1859}} {{CVE|CVE-2015-1860}} [http://lists.qt-project.org/pipermail/announce/2015-April/000067.html templink] || {{pkg|qt5-base}} || 2015-04-13 || <= 5.4.1-5 || 5.4.2-1 || 50d || Fixed || None <br />
|-<br />
| {{CVE|CVE-2015-1858}} {{CVE|CVE-2015-1859}} {{CVE|CVE-2015-1860}} [http://lists.qt-project.org/pipermail/announce/2015-April/000067.html templink] || {{pkg|qt4}} || 2015-04-13 || <= 4.8.6-6 || 4.8.7-1 || 50d || Fixed || None <br />
|-<br />
| {{CVE|CVE-2015-3414}} {{CVE|CVE-2015-3415}} {{CVE|CVE-2015-3416}} [http://seclists.org/fulldisclosure/2015/Apr/31 templink] || {{pkg|sqlite}} || 2015-04-24 || <= 3.8.8.3-1 || 3.8.9-1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-2170}} {{CVE|CVE-2015-2221}} {{CVE|CVE-2015-2222}} {{CVE|CVE-2015-2305}} {{CVE|CVE-2015-2668}} [http://blog.clamav.net/2015/04/clamav-0987-has-been-released.html templink] || {{pkg|clamav}} || 2015-04-29 || <= 0.98.6-1 || 0.98.7-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000315.html ASA-201505-2]<br />
|-<br />
| {{CVE|CVE-2015-3455}} [http://www.openwall.com/lists/oss-security/2015/04/30/2 templink] || {{pkg|squid}} || 2015-04-29 || <= 3.5.3-2 || 3.5.4-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000314.html ASA-201505-1]<br />
|-<br />
| {{CVE|CVE-2015-3451}} [http://www.openwall.com/lists/oss-security/2015/04/30/1 templink] || {{pkg|perl-xml-libxml}} || 2015-04-30 || <= 2.0118-3 || 2.0119-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000313.html ASA-201504-32]<br />
|-<br />
| {{CVE|CVE-2015-3152}} [http://www.openwall.com/lists/oss-security/2015/04/29/4 templink] || {{pkg|mariadb}} {{pkg|mariadb-clients}} || 2015-04-29 || <= 10.0.17-2 || 10.0.20-1 || 52d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-3153}} [http://curl.haxx.se/docs/adv_20150429.html templink] || {{pkg|curl}} || 2015-04-29 || <= 7.42.0-1 || 7.42.1-1 || 29d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000341.html ASA-201505-20]<br />
|-<br />
| {{CVE|CVE-2015-1243}} {{CVE|CVE-2015-1250}} [http://googlechromereleases.blogspot.fr/2015/04/stable-channel-update_28.html templink] || {{pkg|chromium}} || 2015-04-28 || <= 42.0.2311.90-1 || 42.0.2311.135-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000311.html ASA-201504-30]<br />
|-<br />
| {{CVE|CVE-2015-3420}} [http://seclists.org/oss-sec/2015/q2/288 templink] || {{pkg|dovecot}} || 2015-04-24 || <= 2.2.16-1 || 2.2.16-2 || 4d || Fixed ({{bug|44757}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000312.html ASA-201504-31]<br />
|-<br />
| {{CVE|CVE-2015-1868}} [https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/ templink] || {{pkg|powerdns-recursor}} || 2015-04-23 || <= 3.7.1-1 || 3.7.2-1 || 1d || Fixed ({{Bug|44708}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000308.html ASA-201504-27]<br />
|-<br />
| {{CVE|CVE-2015-1868}} [https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/ templink] || {{pkg|powerdns}} || 2015-04-23 || <= 3.4.3-2 || 3.4.4-1 || 1d || Fixed ({{Bug|44708}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000307.html ASA-201504-26]<br />
|-<br />
| {{CVE|CVE-2015-1863}} [http://w1.fi/security/2015-1/wpa_supplicant-p2p-ssid-overflow.txt templink] || {{pkg|wpa_supplicant}} || 2015-04-22 || <= 2.3-1 || 2.4-1 (1:2.3-1) || 2d || Fixed ({{Bug|44695}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000310.html ASA-201504-29]<br />
|-<br />
| {{CVE|CVE-2015-1781}} [https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=2959eda9272a033863c271aff62095abd01bd4e3;hp=7bf8fb104226407b75103b95525364c4667c869f templink] || {{pkg|glibc}} || 2015-04-21 || <= 2.21-2 || 2.21-3 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000305.html ASA-201504-25]<br />
|-<br />
| {{CVE|CVE-2015-3143}} {{CVE|CVE-2015-3144}} {{CVE|CVE-2015-3145}} {{CVE|CVE-2015-3148}} [http://curl.haxx.se/docs/vuln-7.41.0.html templink] || {{pkg|curl}} || 2015-04-22 || <= 7.41.0-1 || 7.42.0-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000309.html ASA-201504-28]<br />
|-<br />
| {{CVE|CVE-2015-2706}} [https://www.mozilla.org/en-US/security/advisories/mfsa2015-45/ templink] || {{pkg|firefox}} || 2015-04-20 || <= 37.0.1-3 || 37.0.2-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000304.html ASA-201504-24]<br />
|-<br />
| {{CVE|CVE-2015-3138}} [https://github.com/the-tcpdump-group/tcpdump/issues/446 templink] || {{pkg|tcpdump}} || 2015-03-24 || <= 4.7.3-1 || 4.7.3-2 || 26d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000299.html ASA-201504-20]<br />
|-<br />
| {{CVE|CVE-2015-0346}} {{CVE|CVE-2015-0347}} {{CVE|CVE-2015-0348}} {{CVE|CVE-2015-0349}} {{CVE|CVE-2015-0350}} {{CVE|CVE-2015-0351}} {{CVE|CVE-2015-0352}} {{CVE|CVE-2015-0353}} {{CVE|CVE-2015-0354}} {{CVE|CVE-2015-0355}} {{CVE|CVE-2015-0356}} {{CVE|CVE-2015-0357}} {{CVE|CVE-2015-0358}} {{CVE|CVE-2015-0359}} {{CVE|CVE-2015-0360}} {{CVE|CVE-2015-3038}} {{CVE|CVE-2015-3039}} {{CVE|CVE-2015-3040}} {{CVE|CVE-2015-3041}} {{CVE|CVE-2015-3042}} {{CVE|CVE-2015-3043}} {{CVE|CVE-2015-3044}} [https://helpx.adobe.com/security/products/flash-player/apsb15-06.html templink] || {{pkg|flashplugin}} || 2015-04-14 || <= 11.2.202.451-1 || 11.2.202.457-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000297.html ASA-201504-18]<br />
|-<br />
| {{CVE|CVE-2015-1351}} {{CVE|CVE-2015-1352}} {{CVE|CVE-2015-2783}} {{CVE|CVE-2015-3330}} {{CVE|CVE-2015-3329}} [https://php.net/ChangeLog-5.php#5.6.8 templink] || {{pkg|php}} || 2015-04-17 || <= 5.6.7.-2 || 5.6.8-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000291.html ASA-201504-14]<br />
|-<br />
| {{CVE|CVE-2015-0460}} {{CVE|CVE-2015-0469}} {{CVE|CVE-2015-0470}} {{CVE|CVE-2015-0477}} {{CVE|CVE-2015-0478}} {{CVE|CVE-2015-0480}} {{CVE|CVE-2015-0488}} || {{pkg|jdk8-openjdk}} {{pkg|jre8-openjdk}} {{pkg|jre8-openjdk-headless}} || 2015-04-14 || <= 8.u40-1 || 8.u45-1 || 6d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000300.html ASA-201504-21] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000301.html ASA-201504-22] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000302.html ASA-201504-23]<br />
|-<br />
| {{CVE|CVE-2015-0460}} {{CVE|CVE-2015-0469}} {{CVE|CVE-2015-0477}} {{CVE|CVE-2015-0478}} {{CVE|CVE-2015-0480}} {{CVE|CVE-2015-0488}} [http://blog.fuseyism.com/index.php/2015/04/15/security-icedtea-2-5-5-for-openjdk-7-released/ templink] || {{pkg|jdk7-openjdk}} {{pkg|jre7-openjdk}} {{pkg|jre7-openjdk-headless}} || 2015-04-14 || <= 7.u75_2.5.4-1 || 7.u79_2.5.5-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000294.html ASA-201504-15] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000295.html ASA-201504-16] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000296.html ASA-201504-17]<br />
|-<br />
| {{CVE|CVE-2015-3310}} [http://www.openwall.com/lists/oss-security/2015/04/16/7 templink] || {{pkg|ppp}} || 2015-04-13 || <= 2.4.7-1 || 2.4.7-2 || ~4m || Fixed ({{bug|44607}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000380.html ASA-201508-3]<br />
|-<br />
| {{CVE|CVE-2015-3308}} [http://www.openwall.com/lists/oss-security/2015/04/16/6 templink] || {{pkg|gnutls}} || 2015-03-30 || <= 3.3.13-1 || 3.3.14-1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-1235}} {{CVE|CVE-2015-1236}} {{CVE|CVE-2015-1237}} {{CVE|CVE-2015-1238}} {{CVE|CVE-2015-1240}} {{CVE|CVE-2015-1241}} {{CVE|CVE-2015-1242}} {{CVE|CVE-2015-1244}} {{CVE|CVE-2015-1245}} {{CVE|CVE-2015-1246}} {{CVE|CVE-2015-1247}} {{CVE|CVE-2015-1248}} {{CVE|CVE-2015-1249}} [http://googlechromereleases.blogspot.fr/2015/04/stable-channel-update_14.html templink] || {{pkg|chromium}} || 2015-04-14 || <= 41.0.2272.118-2 || 42.0.2311.90-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000298.html ASA-201504-19]<br />
|-<br />
| {{CVE|CVE-2015-1855}} [https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/ templink] || {{pkg|ruby}} || 2015-04-13 || <= 2.2.1-1 || 2.2.2-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000282.html ASA-201504-13]<br />
|-<br />
| {{CVE|CVE-2015-3026}} [http://seclists.org/oss-sec/2015/q2/80 templink] || {{pkg|icecast}} || 2015-04-08 || <= 2.4.1-1 || 2.4.2-1 || 3d || Fixed ({{bug|44503}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000281.html ASA-201504-12]<br />
|-<br />
| {{CVE|CVE-2015-1798}} [http://seclists.org/oss-sec/2015/q2/63 templink] || {{pkg|chrony}} || 2015-04-08 || <= 1.31-2 || 1.31.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000278.html ASA-201504-9]<br />
|-<br />
| {{CVE|CVE-2015-1798}} {{CVE|CVE-2015-1799}} [http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities templink] || {{pkg|ntp}} || 2015-04-07 || <= 4.2.8p1 || 4.2.8p2-1 || <1d || Fixed ({{bug|44492}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000275.html ASA-201504-8]<br />
|-<br />
| {{CVE|CVE-2015-2931}} {{CVE|CVE-2015-2932}} {{CVE|CVE-2015-2933}} {{CVE|CVE-2015-2934}} {{CVE|CVE-2015-2935}} {{CVE|CVE-2015-2936}} {{CVE|CVE-2015-2937}} {{CVE|CVE-2015-2938}} {{CVE|CVE-2015-2939}} {{CVE|CVE-2015-2940}} {{CVE|CVE-2015-2941}} {{CVE|CVE-2015-2942}} [http://seclists.org/oss-sec/2015/q2/61 templink] || {{pkg|mediawiki}} || 2015-04-07 || <= 1.24.1-1 || 1.24.2-1 || 0d || Fixed ({{bug|44489}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000280.html ASA-201504-11]<br />
|-<br />
| {{CVE|CVE-2015-2928}} {{CVE|CVE-2015-2929}} [http://seclists.org/oss-sec/2015/q2/56 templink] || {{pkg|tor}} || 2015-04-06 || <= 0.2.5.11-1 || 0.2.5.12-1 || <1d || Fixed ({{bug|44482}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000274.html ASA-201504-7]<br />
|-<br />
| {{CVE|CVE-2015-0799}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2015-04-03 || <= 37.0-1 || 37.0.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000271.html ASA-201504-4]<br />
|-<br />
| {{CVE|CVE-2015-1233}} {{CVE|CVE-2015-1234}} [http://googlechromereleases.blogspot.fr/2015/04/stable-channel-update.html templink] || {{pkg|chromium}} || 2015-04-01 || <= 41.0.2272.101-1 || 41.0.2272.118-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000269.html ASA-201504-2]<br />
|-<br />
| {{CVE|CVE-2015-0801}} {{CVE|CVE-2015-0807}} {{CVE|CVE-2015-0813}} {{CVE|CVE-2015-0814}} {{CVE|CVE-2015-0815}} {{CVE|CVE-2015-0816}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/ templink] || {{pkg|thunderbird}} || 2015-03-31 || <= 31.5.0-1 || 31.6.0-1|| 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000272.html ASA-201504-6]<br />
|-<br />
| {{CVE|CVE-2015-0801}} {{CVE|CVE-2015-0802}} {{CVE|CVE-2015-0803}} {{CVE|CVE-2015-0804}} {{CVE|CVE-2015-0805}} {{CVE|CVE-2015-0806}} {{CVE|CVE-2015-0807}} {{CVE|CVE-2015-0808}} {{CVE|CVE-2015-0811}} {{CVE|CVE-2015-0812}} {{CVE|CVE-2015-0813}} {{CVE|CVE-2015-0814}} {{CVE|CVE-2015-0815}} {{CVE|CVE-2015-0816}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2015-03-31 || <= 36.0.4-1 || 37.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000268.html ASA-201504-1]<br />
|-<br />
| {{CVE|CVE-2015-1817}} [http://www.openwall.com/lists/oss-security/2015/03/30/3 templink] || {{pkg|musl}} || 2015-03-29 || <= 1.1.7-1 || 1.1.8-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000267.html ASA-201503-26]<br />
|-<br />
| {{CVE|CVE-2015-2782}} {{CVE|CVE-2015-0556}} {{CVE|CVE-2015-0557}} [http://www.openwall.com/lists/oss-security/2015/03/29/1 templink] || {{pkg|arj}} || 2015-03-28 || <= 3.10.22-8 || 3.10.22-10 || 10d || Fixed ({{bug|44411}}) ({{bug|44488}}) || None<br />
|-<br />
| {{CVE|CVE-2015-0250}} [http://seclists.org/fulldisclosure/2015/Mar/142 templink] || {{pkg|java-batik}} || 2015-03-17 || <= 1.7-12 || 1.8-1 || 17d || Fixed ({{bug|44410}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000273.html ASA-201504-5]<br />
|-<br />
| {{CVE|CVE-2015-2806}} [http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=4d4f992826a4962790ecd0cce6fbba4a415ce149 templink] || {{pkg|libtasn1}} || 2015-03-29 || <= 4.3-1 || 4.4-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000270.html ASA-201504-3]<br />
|-<br />
| {{CVE|CVE-2015-0817}} {{CVE|CVE-2015-0818}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2015-03-20 || <= 36.0.1-1 || 36.0.3-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000262.html ASA-201503-21]<br />
|-<br />
| {{CVE|CVE-2015-2559}} [https://www.drupal.org/SA-CORE-2015-001 templink] || {{pkg|drupal}} || 2015-03-19 || <= 7.34-1 || 7.35-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000259.html ASA-201503-18]<br />
|-<br />
| {{CVE|CVE-2015-0252}} [https://xerces.apache.org/xerces-c/secadv/CVE-2015-0252.txt templink] || {{pkg|xerces-c}} || 2015-03-19 || <= 3.1.1-5 || 3.1.2-1 || 1d || Fixed ({{bug|44272}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000260.html ASA-201503-19]<br />
|-<br />
| {{CVE|CVE-2015-2330}} [http://www.openwall.com/lists/oss-security/2015/03/18/4 templink] || {{pkg|webkitgtk}} {{pkg|webkitgtk2}} || 2015-03-17 || <= 2.4.8-1 || 2.4.9-1 || 30d || Fixed ({{bug|44237}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000339.html ASA-201505-18] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000340.html ASA-201505-19]<br />
|-<br />
| {{CVE|CVE-2015-2305}} {{CVE|CVE-2015-2331}} {{CVE|CVE-2015-2348}} {{CVE|CVE-2015-2787}} [https://bugs.php.net/bug.php?id=69253 templink] || {{pkg|php}} || 2015-03-18 || <= 5.6.6-1 || 5.6.7-1 || 10d || Fixed ({{bug|44236}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000266.html ASA-201503-25]<br />
|-<br />
| {{CVE|CVE-2015-0204}} {{CVE|CVE-2015-0207}} {{CVE|CVE-2015-0208}} {{CVE|CVE-2015-0209}} {{CVE|CVE-2015-0285}} {{CVE|CVE-2015-0286}} {{CVE|CVE-2015-0287}} {{CVE|CVE-2015-0288}} {{CVE|CVE-2015-0289}} {{CVE|CVE-2015-0290}} {{CVE|CVE-2015-0291}} {{CVE|CVE-2015-0293}} {{CVE|CVE-2015-1787}} [https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=28a00bcd8e318da18031b2ac8778c64147cd54f9 commit-0288] [https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2b31fcc0b5e7329e13806822a5709dbd51c5c8a4 commit-0285] [https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ba5d0113e8bcb26857ae58a11b219aeb7bc2408a commit-0209] [https://security-tracker.debian.org/tracker/CVE-2015-0288 Debian-Bug-tracker] [https://www.openssl.org/news/secadv_20150319.txt advisory] || {{pkg|openssl}} {{pkg|lib32-openssl}} || 2015-03-17 || <= 1.0.2-1 || 1.0.2.a-1 || 2d || Fixed ({{bug|44227}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000257.html ASA-201503-16] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000258.html ASA-201503-17]<br />
|-<br />
| {{CVE|CVE-2015-1802}} {{CVE|CVE-2015-1803}} {{CVE|CVE-2015-1804}} [http://www.openwall.com/lists/oss-security/2015/03/17/5 templink] || {{pkg|libxfont}} || 2015-03-17 || <= 1.5.0-1 || 1.5.1-1 || <1d || Fixed ({{bug|44226}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000256.html ASA-201503-15]<br />
|-<br />
| {{CVE|CVE-2015-0332}} {{CVE|CVE-2015-0333}} {{CVE|CVE-2015-0334}} {{CVE|CVE-2015-0335}} {{CVE|CVE-2015-0336}} {{CVE|CVE-2015-0337}} {{CVE|CVE-2015-0338}} {{CVE|CVE-2015-0339}} {{CVE|CVE-2015-0340}} {{CVE|CVE-2015-0341}} {{CVE|CVE-2015-0342}} [https://helpx.adobe.com/security/products/flash-player/apsb15-05.html templink] || {{pkg|flashplugin}} || 2015-03-12 || <= 11.2.202.442-1 || 11.2.202.451-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000252.html ASA-201503-11]<br />
|-<br />
| {{CVE|CVE-2014-9687}} [http://www.openwall.com/lists/oss-security/2015/02/10/10 templink] || {{pkg|ecryptfs-utils}} || 2015-02-10 || <= 104-1 || 106-1 || 37d || Fixed ({{bug|44157}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000255.html ASA-201503-14]<br />
|-<br />
| {{CVE|CVE-2015-1782}} [http://www.libssh2.org/adv_20150311.html templink] || {{pkg|libssh2}} || 2015-03-11 || <= 1.4.3-1 || 1.5.0-1 || 29d || Fixed ({{bug|44146}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000279.html ASA-201504-10]<br />
|-<br />
| {{CVE|CVE-2015-2241}} [https://www.djangoproject.com/weblog/2015/mar/09/security-releases/ templink] || {{pkg|python-django}} {{pkg|python2-django}} || 2015-03-09 || <= 1.7.5-1 || 1.7.6-1 || 2d || Fixed ({{bug|44122}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000248.html ASA-201503-7]<br />
|-<br />
| {{CVE|CVE-2015-1212}} {{CVE|CVE-2015-1213}} {{CVE|CVE-2015-1214}} {{CVE|CVE-2015-1215}} {{CVE|CVE-2015-1216}} {{CVE|CVE-2015-1217}} {{CVE|CVE-2015-1218}} {{CVE|CVE-2015-1219}} {{CVE|CVE-2015-1220}} {{CVE|CVE-2015-1221}} {{CVE|CVE-2015-1222}} {{CVE|CVE-2015-1223}} {{CVE|CVE-2015-1224}} {{CVE|CVE-2015-1225}} {{CVE|CVE-2015-1226}} {{CVE|CVE-2015-1227}} {{CVE|CVE-2015-1228}} {{CVE|CVE-2015-1229}} {{CVE|CVE-2015-1230}} {{CVE|CVE-2015-1231}} [http://googlechromereleases.blogspot.fr/2015/03/stable-channel-update.html templink] || {{pkg|chromium}} || 2015-03-03 || <= 40.0.2214.115-1 || 41.0.2272.76-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000245.html ASA-201503-5]<br />
|-<br />
| {{CVE|CVE-2015-1572}} [https://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=49d0fe2a14f2a23da2fe299643379b8c1d37df73 templink] || {{pkg|e2fsprogs}} || 2015-02-06 || <= 1.42.12-1 || 1.42.12-2 || 6d || Fixed ({{bug|44015}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000249.html ASA-201503-8]<br />
|-<br />
| {{CVE|CVE-2015-2157}} [http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/private-key-not-wiped-2.html templink] || {{pkg|putty}} || 2015-03-02 || <= 0.63-1 || 0.64-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000241.html ASA-201503-1]<br />
|-<br />
| {{CVE|CVE-2015-0822}} {{CVE|CVE-2015-0827}} {{CVE|CVE-2015-0831}} {{CVE|CVE-2015-0835}} {{CVE|CVE-2015-0836}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/ templink] || {{pkg|thunderbird}} || 2015-02-24 || <= 31.4.0-1 || 31.5.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000238.html ASA-201502-15]<br />
|-<br />
| {{CVE|CVE-2015-0819}} {{CVE|CVE-2015-0821}} {{CVE|CVE-2015-0822}} {{CVE|CVE-2015-0823}} {{CVE|CVE-2015-0824}} {{CVE|CVE-2015-0825}} {{CVE|CVE-2015-0826}} {{CVE|CVE-2015-0827}} {{CVE|CVE-2015-0829}} {{CVE|CVE-2015-0830}} {{CVE|CVE-2015-0831}} {{CVE|CVE-2015-0832}} {{CVE|CVE-2015-0834}} {{CVE|CVE-2015-0835}} {{CVE|CVE-2015-0836}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2015-02-24 || <= 35.0.1-1 || 36.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000237.html ASA-201502-14]<br />
|-<br />
| {{CVE|CVE-2015-0240}} [https://www.samba.org/samba/history/samba-4.1.17.html templink] || {{pkg|samba}} || 2015-02-23 || <= 4.1.16-1 || 4.1.17-1 || <1d || Fixed ({{bug|43923}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000236.html ASA-201502-13]<br />
|-<br />
| {{CVE|CVE-2014-9636}} [http://www.openwall.com/lists/oss-security/2014/11/02/2 templink] || {{pkg|unzip}} || 2014-11-02 || <= 6.0-9 || 6.0-10 || 75d || Fixed ({{bug|44171}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000250.html ASA-201503-9]<br />
|-<br />
| {{CVE|CVE-2015-1315}} [http://www.openwall.com/lists/oss-security/2015/02/17/4 templink] || {{pkg|unzip}} || 2014-11-02 || <= 6.0-9 || 6.0-9 || - || Not Affected || None<br />
|-<br />
| {{CVE|CVE-2014-9680}} [http://www.sudo.ws/sudo/alerts/tz.html templink] || {{pkg|sudo}} || 2015-02-09 || <= 1.8.12-1 || 1.8.12-1 || 4d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-5352}} {{CVE|CVE-2014-5353}} {{CVE|CVE-2014-5354}} {{CVE|CVE-2014-9421}} {{CVE|CVE-2014-9422}} {{CVE|CVE-2014-9423}} [http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2015-001.txt templink] [http://www.openwall.com/lists/oss-security/2014/12/16/1 templink] || {{pkg|krb5}} || 2015-02-03 || <= 1.13-1 || 1.13.1-1 || 14d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000235.html ASA-201502-12] <br />
|-<br />
| {{CVE|CVE-2015-0255}} [http://www.x.org/wiki/Development/Security/Advisory-2015-02-10/ templink] || {{pkg|xorg-server}} || 2015-02-10 || <= 1.16.3-2|| 1.16.4-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000234.html ASA-201502-11]<br />
|-<br />
| {{CVE|CVE-2015-1191}} [http://www.openwall.com/lists/oss-security/2015/01/18/3 templink] || {{pkg|pigz}} || 2015-01-18 || <= 2.3.1-1 || 2.3.3-1 || 21d || Fixed ({{bug|43748}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000232.html ASA-201502-9]<br />
|-<br />
| {{CVE|CVE-2015-0245}} [http://lists.freedesktop.org/archives/dbus/2015-February/016553.html templink] || {{pkg|dbus}} || 2015-02-09 || <= 1.8.14-1 || 1.8.16-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000233.html ASA-201502-10]<br />
|-<br />
| {{CVE|CVE-2015-1472}} {{CVE|CVE-2015-1473}} || {{pkg|glibc}} || 2015-02-05 || <= 2.20-6 || 2.21-1 ||4d || Fixed ({{bug|43747}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000231.html ASA-201502-8]<br />
|-<br />
| {{CVE|CVE-2014-9297}} {{CVE|CVE-2014-9298}} [http://support.ntp.org/bin/view/Main/SecurityNotice#vallen_is_not_validated_in_sever templink] [http://support.ntp.org/bin/view/Main/SecurityNotice#1_can_be_spoofed_on_some_OSes_so templink]|| {{pkg|ntp}} || 2015-02-04 || <= 4.2.8-1 || 4.2.8.p1-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000230.html ASA-201502-7]<br />
|-<br />
| {{CVE|CVE-2014-9328}} || {{pkg|clamav}} || 2015-01-28 || <= 0.98.5-1 || 0.98.6-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000229.html ASA-201502-6]<br />
|-<br />
| {{CVE|CVE-2015-1209}} {{CVE|CVE-2015-1210}} {{CVE|CVE-2015-1211}} {{CVE|CVE-2015-1212}} [http://googlechromereleases.blogspot.fr/2015/02/stable-channel-update.html templink] || {{pkg|chromium}} || 2015-02-05 || <= 40.0.2214.94-1 || 40.0.2214.111-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000228.html ASA-201502-5]<br />
|-<br />
| {{CVE|CVE-2015-0313}} {{CVE|CVE-2015-0314}} {{CVE|CVE-2015-0315}} {{CVE|CVE-2015-0316}} {{CVE|CVE-2015-0317}} {{CVE|CVE-2015-0318}} {{CVE|CVE-2015-0319}} {{CVE|CVE-2015-0320}} {{CVE|CVE-2015-0321}} {{CVE|CVE-2015-0322}} {{CVE|CVE-2015-0323}} {{CVE|CVE-2015-0324}} {{CVE|CVE-2015-0325}} {{CVE|CVE-2015-0326}} {{CVE|CVE-2015-0327}} {{CVE|CVE-2015-0328}} {{CVE|CVE-2015-0329}} {{CVE|CVE-2015-0330}} [https://helpx.adobe.com/security/products/flash-player/apsb15-04.html templink] || {{pkg|flashplugin}} || 2015-02-05 || <= 11.2.202.440-1 || 11.2.202.442-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000225.html ASA-201502-2]<br />
|-<br />
| {{CVE|CVE-2014-8161}} {{CVE|CVE-2015-0241}} {{CVE|CVE-2015-0243}} {{CVE|CVE-2015-0244}} [http://www.postgresql.org/docs/9.4/static/release-9-4-1.html templink] || {{pkg|postgresql}} || 2015-02-05 || <= 9.4.0-1 || 9.4.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000227.html ASA-201502-4]<br />
|-<br />
| {{CVE|CVE-2015-1380}} {{CVE|CVE-2015-1381}} {{CVE|CVE-2015-1382}} [http://seclists.org/oss-sec/2015/q1/285 templink] || {{pkg|privoxy}} || 2015-01-26 || <= 3.0.22-1 || 3.0.23-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000224.html ASA-201502-1]<br />
|-<br />
| {{CVE|CVE-2015-0235}} [https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-0235 templink] || {{pkg|glibc}} || 2015-01-27 || < 2.18-1 || 2.18-1 || < 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-0311}} {{CVE|CVE-2015-0301}} {{CVE|CVE-2015-0302}} {{CVE|CVE-2015-0303}} {{CVE|CVE-2015-0304}} {{CVE|CVE-2015-0305}} {{CVE|CVE-2015-0306}} {{CVE|CVE-2015-0307}} {{CVE|CVE-2015-0308}} {{CVE|CVE-2015-0309}} [https://helpx.adobe.com/security/products/flash-player/apsb15-01.html templink] || {{pkg|flashplugin}} || 2015-01-23 || <= 11.2.202.438-1 || 11.2.202.440-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000220.html ASA-201501-22]<br />
|-<br />
| {{CVE|CVE-2015-0231}} {{CVE|CVE-2014-9427}} {{CVE|CVE-2015-0232}} [https://bugs.php.net/bug.php?id=68710 templink] [https://bugs.php.net/bug.php?id=68618 templink] [https://bugs.php.net/bug.php?id=68799 templink] || {{pkg|php}} || 2015-01-22 || <= 5.6.4-1 || 5.6.5-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000215.html ASA-201501-17]<br />
|-<br />
| {{CVE|CVE-2014-9638}} {{CVE|CVE-2014-9639}} {{CVE|CVE-2014-9640}} [http://www.openwall.com/lists/oss-security/2015/01/22/9 templink] || {{pkg|vorbis-tools}} || 2015-01-21 || <= 1.4.0-4 || 1.4.0-5 || 64d || Fixed ({{bug|44172}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000265.html ASA-201503-24]<br />
|-<br />
| {{CVE|CVE-2015-1345}} [http://seclists.org/oss-sec/2015/q1/179 templink] || {{pkg|grep}} || 2015-01-18 || <= 2.21-1 || 2.21-2 || 46d || Fixed ({{bug|44017}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000244.html ASA-201503-4]<br />
|-<br />
| {{CVE|CVE-2014-7923}} {{CVE|CVE-2014-7924}} {{CVE|CVE-2014-7925}} {{CVE|CVE-2014-7926}} {{CVE|CVE-2014-7927}} {{CVE|CVE-2014-7928}} {{CVE|CVE-2014-7930}} {{CVE|CVE-2014-7931}} {{CVE|CVE-2014-7929}} {{CVE|CVE-2014-7932}} {{CVE|CVE-2014-7933}} {{CVE|CVE-2014-7934}} {{CVE|CVE-2014-7935}} {{CVE|CVE-2014-7936}} {{CVE|CVE-2014-7937}} {{CVE|CVE-2014-7938}} {{CVE|CVE-2014-7939}} {{CVE|CVE-2014-7940}} {{CVE|CVE-2014-7941}} {{CVE|CVE-2014-7942}} {{CVE|CVE-2014-7943}} {{CVE|CVE-2014-7944}} {{CVE|CVE-2014-7945}} {{CVE|CVE-2014-7946}} {{CVE|CVE-2014-7947}} {{CVE|CVE-2014-7948}} {{CVE|CVE-2015-1205}} [http://googlechromereleases.blogspot.fr/2015/01/stable-update.html templink] || {{pkg|chromium}} || 2015-01-22 || <= 39.0.2171.99-1 || 40.0.2214.91-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000219.html ASA-201501-21]<br />
|-<br />
| {{CVE|CVE-2014-3566}} {{CVE|CVE-2014-6549}} {{CVE|CVE-2014-6585}} {{CVE|CVE-2014-6587}} {{CVE|CVE-2014-6591}} {{CVE|CVE-2014-6593}} {{CVE|CVE-2014-6601}} {{CVE|CVE-2015-0383}} {{CVE|CVE-2015-0395}} {{CVE|CVE-2015-0400}} {{CVE|CVE-2015-0403}} {{CVE|CVE-2015-0406}} {{CVE|CVE-2015-0407}} {{CVE|CVE-2015-0408}} {{CVE|CVE-2015-0410}} {{CVE|CVE-2015-0412}} {{CVE|CVE-2015-0413}} {{CVE|CVE-2015-0421}} {{CVE|CVE-2015-0437}} [http://www.oracle.com/technetwork/topics/security/cpujan2015verbose-1972976.html#JAVA templink] || {{pkg|jdk8-openjdk}} {{pkg|jre8-openjdk}} {{pkg|jre8-openjdk-headless}} || 2015-01-22 || <= 8.u25-2 || 8.u31-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000210.html ASA-201501-14] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000211.html ASA-201501-15] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000212.html ASA-201501-16]<br />
|-<br />
| {{CVE|CVE-2014-3566}} {{CVE|CVE-2014-6585}} {{CVE|CVE-2014-6587}} {{CVE|CVE-2014-6591}} {{CVE|CVE-2014-6593}} {{CVE|CVE-2014-6601}} {{CVE|CVE-2015-0383}} {{CVE|CVE-2015-0395}} {{CVE|CVE-2015-0407}} {{CVE|CVE-2015-0408}} {{CVE|CVE-2015-0410}} {{CVE|CVE-2015-0412}} [http://www.oracle.com/technetwork/topics/security/cpujan2015verbose-1972976.html#JAVA templink] || {{pkg|jdk7-openjdk}} {{pkg|jre7-openjdk}} {{pkg|jre7-openjdk-headless}} || 2015-01-22 || <= 7.u71_2.5.3-3 || 7.u75_2.5.4-1 || || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000216.html ASA-201501-18] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000217.html ASA-201501-19] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000218.html ASA-201501-20]<br />
|-<br />
| {{CVE|CVE-2014-8157}} {{CVE|CVE-2014-8158}} [http://seclists.org/oss-sec/2015/q1/210 templink] || {{pkg|jasper}} || 2015-01-22 || <= 1.900.1-12 || 1.900.1-13 || 5d || Fixed ({{bug|43592}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000222.html ASA-201501-23]<br />
|-<br />
| {{CVE|CVE-2014-8132}} [http://www.libssh.org/2014/12/19/libssh-0-6-4-security-and-bugfix-release/ templink] || {{pkg|libssh}} || 2014-12-19 || <= 0.6.3-1 || 0.6.4-1 || 26d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000208.html ASA-201501-12]<br />
|-<br />
| {{CVE|CVE-2015-1182}} [https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-04 templink] || {{pkg|polarssl}} || 2012-09-19 || <= 1.3.9-1 || 1.3.9-2 || 1d || Fixed ({{bug|43508}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000209.html ASA-201501-13]<br />
|-<br />
| {{CVE|CVE-2012-3505}} [http://www.openwall.com/lists/oss-security/2012/08/18/1 templink] || {{pkg|tinyproxy}} || 2012-09-10 || <= 1.8.3-1 || 1.8.4-1 || > 740d || Fixed ({{bug|38400}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000207.html ASA-201501-11]<br />
|-<br />
| {{CVE|CVE-2014-9447}} [https://git.fedorahosted.org/cgit/elfutils.git/commit/?id=147018e729e7c22eeabf15b82d26e4bf68a0d18e templink] || {{pkg|elfutils}} || 2015-01-19 || <= 0.161-2 || 0.161-3 || 42d || Fixed ({{bug|44019}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000242.html ASA-201503-2]<br />
|-<br />
| {{CVE|CVE-2014-9447}} [https://git.fedorahosted.org/cgit/elfutils.git/commit/?id=147018e729e7c22eeabf15b82d26e4bf68a0d18e templink] || {{pkg|lib32-elfutils}} || 2015-01-19 || <= 0.161-1 || 0.161-2 || 42d || Fixed ({{bug|44020}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000243.html ASA-201503-3]<br />
|-<br />
| {{CVE|CVE-2014-8143}} [https://www.samba.org/samba/security/CVE-2014-8143 templink] || {{pkg|samba}} || 2015-01-15 || <= 4.1.15-1 || 4.1.16-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000206.html ASA-201501-10]<br />
|-<br />
| {{CVE|CVE-2015-1197}} [http://www.openwall.com/lists/oss-security/2015/01/18/7 templink] || {{pkg|cpio}} || 2015-01-16 || <= 2.11-5 || 2.11-6 || 65d || Fixed ({{bug|44173}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000263.html ASA-201503-22]<br />
|-<br />
| {{CVE|CVE-2015-1196}} {{CVE|CVE-2014-9637}} [http://www.openwall.com/lists/oss-security/2015/01/18/6 templink] [https://savannah.gnu.org/bugs/?44051 templink] || {{pkg|patch}} || 2015-01-14 || <= 2.7.1-3 || 2.7.3-1 || 14d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000223.html ASA-201501-24]<br />
|-<br />
| {{CVE|CVE-2014-9571}} {{CVE|CVE-2014-9572}} {{CVE|CVE-2014-9573}} {{CVE|CVE-2014-9624}} {{CVE|CVE-2015-1042}} [http://www.openwall.com/lists/oss-security/2015/01/17/1 templink] [http://www.openwall.com/lists/oss-security/2015/01/17/3 templink] [http://www.openwall.com/lists/oss-security/2015/01/17/2 templink] [http://www.openwall.com/lists/oss-security/2015/01/18/11 templink] || {{pkg|mantisbt}} || 2015-01-17 || <= 1.2.18-1 || 1.2.19-1 || 20d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000226.html ASA-201502-3]<br />
|-<br />
| {{CVE|CVE-2014-8634}} {{CVE|CVE-2014-8635}} {{CVE|CVE-2014-8638}} {{CVE|CVE-2014-8639}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/ templink] || {{pkg|thunderbird}} || 2015-01-13 || <= 31.3.0-1 || 31.4.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000203.html ASA-201501-7]<br />
|-<br />
| {{CVE|CVE-2014-8634}} {{CVE|CVE-2014-8635}} {{CVE|CVE-2014-8636}} {{CVE|CVE-2014-8637}} {{CVE|CVE-2014-8638}} {{CVE|CVE-2014-8639}} {{CVE|CVE-2014-8640}} {{CVE|CVE-2014-8641}} {{CVE|CVE-2014-8642}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2015-01-13 || <= 34.0.5-1 || 35.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000202.html ASA-201501-6]<br />
|-<br />
| {{CVE|CVE-2014-3571}} {{CVE|CVE-2015-0206}} {{CVE|CVE-2014-3569}} {{CVE|CVE-2014-3572}} {{CVE|CVE-2015-0205}} {{CVE|CVE-2014-8275}} {{CVE|CVE-2014-3570}} [https://www.openssl.org/news/secadv_20150108.txt templink] || {{pkg|openssl}} || 2015-01-08 || <= 1.0.1.j-1 || 1.0.1.k-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000198.html ASA-201501-2]<br />
|-<br />
| {{CVE|CVE-2014-8150}} [http://curl.haxx.se/docs/adv_20150108B.html templink] || {{pkg|curl}} || 2015-01-08 || <= 7.39.0-1 || 7.40.0-1 || 10d || Fixed ({{bug|43379}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000205.html ASA-201501-9]<br />
|-<br />
| {{CVE|CVE-2014-6272}} [http://archives.seul.org/libevent/users/Jan-2015/msg00010.html templink] || {{pkg|libevent}} || 2015-01-05 || <= 2.0.21-3 || 2.0.22-1 || 7d || Fixed ({{bug|43366}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000200.html ASA-201501-4] <br />
|-<br />
| {{CVE|CVE-2014-8139}} {{CVE|CVE-2014-8140}} {{CVE|CVE-2014-8141}} [http://www.ocert.org/advisories/ocert-2014-011.html templink] || {{pkg|unzip}} || 2014-12-22 || <= 6.0-7 || 6.0-9 || 17d || Fixed ({{bug|43300}}) ({{bug|43391}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000199.html ASA-201501-3]<br />
|-<br />
| {{CVE|CVE-2014-6395}} {{CVE|CVE-2014-6396}} {{CVE|CVE-2014-9376}} {{CVE|CVE-2014-9377}} {{CVE|CVE-2014-9378}} {{CVE|CVE-2014-9379}} {{CVE|CVE-2014-9380}} {{CVE|CVE-2014-9381}} [https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/ templink] || {{pkg|ettercap}} {{pkg|ettercap-gtk}} || 2014-12-16 || <= 0.8.1-2 || 0.8.2-1 || 89d || Fixed ({{bug|44174}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000253.html ASA-201503-12] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000254.html ASA-201503-13]<br />
|-<br />
| {{CVE|CVE-2014-9425}} [https://bugs.php.net/bug.php?id=68676 templink] || {{pkg|php}} || 2014-12-29 || <= 5.6.4-1 || 5.6.5-1 || 6d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-9295}} {{CVE|CVE-2014-9296}} [http://support.ntp.org/bin/view/Main/SecurityNotice#Buffer_overflow_in_ctl_putdata templink] || {{pkg|ntp}} || 2014-12-19 || < 4.2.8-1 || 4.2.8-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000189.html ASA-201412-24]<br />
|-<br />
| {{CVE|CVE-2014-8142}} [https://bugzilla.redhat.com/show_bug.cgi?id=1175718 templink] || {{pkg|php}} || 2014-12-18 || <= 5.6.3-1 || 5.6.4-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000183.html ASA-201412-23]<br />
|-<br />
| {{CVE|CVE-2014-8137}} {{CVE|CVE-2011-4516}} {{CVE|CVE-2011-4517}} [https://marc.info/?l=oss-security&m=141891163026757&w=2 templink] || {{pkg|jasper}} || 2014-12-18 || <= 1.900.1-11 || 1.900.1-12 || 1d || Fixed ({{bug|43155}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000182.html ASA-201412-22]<br />
|-<br />
| {{CVE|CVE-2014-9029}} [https://marc.info/?l=oss-security&m=141770163916268&w=2 templink] || {{pkg|jasper}} || 2014-12-04 || <= 1.900.1-10 || 1.900.1-12 || 6d || Fixed ({{bug|43044}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000182.html ASA-201412-22]<br />
|-<br />
| {{CVE|CVE-2012-3406}} {{CVE|CVE-2014-9402}} [http://www.openwall.com/lists/oss-security/2014/12/18/1 templink] || {{pkg|glibc}} {{pkg|lib32-glibc}} || 2014-12-17 || <= 2.20-4 || 2.20-5 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000181.html ASA-201412-21]<br />
|-<br />
| {{CVE|CVE-2014-9253}} [http://seclists.org/oss-sec/2014/q4/1050 templink] || {{pkg|dokuwiki}} || 2014-12-15 || <= 20140929_a-1 || 20140929_b-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000177.html ASA-201412-19]<br />
|-<br />
| {{CVE|CVE-2014-3580}} {{CVE|CVE-2014-8108}} [https://subversion.apache.org/security/CVE-2014-3580-advisory.txt templink] [https://subversion.apache.org/security/CVE-2014-8108-advisory.txt templink] || {{pkg|subversion}} || 2014-12-16 || <= 1.8.10-1 || 1.8.11-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000175.html ASA-201412-17]<br />
|-<br />
| {{CVE|CVE-2014-9356}} {{CVE|CVE-2014-9357}} {{CVE|CVE-2014-9358}} [http://www.securityfocus.com/archive/1/534215 templink] || {{pkg|docker}} || 2014-12-12 || <= 1:1.3.2-1 || 1:1.4.0-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000174.html ASA-201412-16]<br />
|-<br />
| {{CVE|CVE-2013-1752}} {{CVE|CVE-2013-1753}} {{CVE|CVE-2014-9365}} [https://hg.python.org/cpython/raw-file/v2.7.9/Misc/NEWS templink] || {{pkg|python2}} || 2014-12-11 || <= 2.7.8-1 || 2.7.9-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000173.html ASA-201412-15]<br />
|-<br />
| {{CVE|CVE-2014-0580}} {{CVE|CVE-2014-0587}} {{CVE|CVE-2014-8443}} {{CVE|CVE-2014-9162}} {{CVE|CVE-2014-9163}} {{CVE|CVE-2014-9164}} [https://helpx.adobe.com/security/products/flash-player/apsb14-27.html templink] || {{pkg|flashplugin}} || 2014-12-09 || <= 11.2.202.424-1 || 11.2.202.425-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000171.html ASA-201412-13]<br />
|-<br />
| {{CVE|CVE-2014-8091}} {{CVE|CVE-2014-8092}} {{CVE|CVE-2014-8093}} {{CVE|CVE-2014-8094}} {{CVE|CVE-2014-8095}} {{CVE|CVE-2014-8096}} {{CVE|CVE-2014-8097}} {{CVE|CVE-2014-8098}} {{CVE|CVE-2014-8099}} {{CVE|CVE-2014-8100}} {{CVE|CVE-2014-8101}} {{CVE|CVE-2014-8102}} {{CVE|CVE-2014-8103}} [http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/ templink] || {{pkg|xorg-server}} || 2014-12-09 || <= 1.16.2-1 || 1.16.2.901-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000172.html ASA-201412-14]<br />
|-<br />
| {{CVE|CVE-2014-8093}} {{CVE|CVE-2014-8098}} {{CVE|CVE-2014-8298}} [https://nvidia.custhelp.com/app/answers/detail/a_id/3610 templink] || {{pkg|nvidia}} {{pkg|nvidia-lts}} || 2014-12-09 || <= 343.22-6 || 343.36-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000170.html ASA-201412-12]<br />
|-<br />
| {{CVE|CVE-2014-8093}} {{CVE|CVE-2014-8098}} {{CVE|CVE-2014-8298}} [https://nvidia.custhelp.com/app/answers/detail/a_id/3610 templink] || {{pkg|nvidia-340xx}} {{pkg|nvidia-340xx-lts}} || 2014-12-09 || <= 340.58-3 || 340.65-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000169.html ASA-201412-11]<br />
|-<br />
| {{CVE|CVE-2014-8093}} {{CVE|CVE-2014-8098}} {{CVE|CVE-2014-8298}} [https://nvidia.custhelp.com/app/answers/detail/a_id/3610 templink] || {{pkg|nvidia-304xx}} {{pkg|nvidia-304xx-lts}} || 2014-12-09 || < 304.125-1 || 304.125-1 || < 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000168.html ASA-201412-10]<br />
|-<br />
| {{CVE|CVE-2014-8601}} [http://doc.powerdns.com/md/security/powerdns-advisory-2014-02/ templink] || {{pkg|powerdns-recursor}} || 2014-12-09 || <= 3.6.1-1 || 3.6.2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000167.html ASA-201412-9]<br />
|-<br />
| {{CVE|CVE-2014-8602}} [https://unbound.net/downloads/CVE-2014-8602.txt templink] || {{pkg|unbound}} || 2014-12-09 || <= 1.5.0-1 || 1.5.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000166.html ASA-201412-8]<br />
|-<br />
| {{CVE|CVE-2014-8500}} {{CVE|CVE-2014-8680}} [http://svnweb.freebsd.org/ports?view=revision&revision=374305 templink] || {{pkg|bind}} || 2014-12-08 || <= 9.10.1-2 || 9.10.1.P1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000165.html ASA-201412-7]<br />
|-<br />
| {{CVE|CVE-2014-9274}} {{CVE|CVE-2014-9275}} [http://seclists.org/oss-sec/2014/q4/904 templink] || {{pkg|unrtf}} || 2014-12-04 || <= 0.21.5-1 || 0.21.7-1 || 10d || Fixed ({{bug|43131}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000178.html ASA-201412-20]<br />
|-<br />
| {{CVE|CVE-2014-1587}} {{CVE|CVE-2014-1588}} {{CVE|CVE-2014-1589}} {{CVE|CVE-2014-1590}} {{CVE|CVE-2014-1591}} {{CVE|CVE-2014-1592}} {{CVE|CVE-2014-1593}} {{CVE|CVE-2014-1594}} {{CVE|CVE-2014-8631}} {{CVE|CVE-2014-8632}} [https://www.mozilla.org/fr/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2014-12-02 || <= 33.1.1-1 || 34.0.5-1 || < 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000161.html ASA-201412-3]<br />
|-<br />
| {{CVE|CVE-2014-9157}} [http://seclists.org/oss-sec/2014/q4/872 templink] || {{pkg|graphviz}} || 2014-11-25 || <= 2.38.0-2 || 2.38.0-3 || 8d || Fixed ({{bug|42983}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000162.html ASA-201412-4]<br />
|-<br />
| {{CVE|CVE-2014-8123}} [http://seclists.org/oss-sec/2014/q4/874 templink] || {{pkg|antiword}} || 2014-12-01 || <= 0.37-4 || 0.37-5 || 3d || Fixed ({{bug|42982}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000163.html ASA-201412-5]<br />
|-<br />
| {{CVE|CVE-2014-8104}} [https://forums.openvpn.net/topic17625.html templink] || {{pkg|openvpn}} || 2014-11-30 || <= 2.3.5-1 || 2.3.6-1 || 4d || Fixed ({{bug|42975}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000160.html ASA-201412-2]<br />
|-<br />
| {{CVE|CVE-2014-9087}} [http://seclists.org/oss-sec/2014/q4/801 templink] || {{pkg|gnupg}} || 2014-11-25 || <= 2.1.0-5 || 2.1.0-6 || 4d || Fixed ({{bug|42943}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000159.html ASA-201412-1]<br />
|-<br />
| {{CVE|CVE-2014-9087}} [http://seclists.org/oss-sec/2014/q4/801 templink] || {{pkg|libksba}} || 2014-11-25 || <= 1.3.1-1 || 1.3.2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000156.html ASA-201411-31]<br />
|-<br />
| {{CVE|CVE-2014-9114}} [http://seclists.org/oss-sec/2014/q4/819 templink] || {{pkg|util-linux}} || 2014-11-27 || <= 2.25.2-1 || 2.26.1-3 || 117d || Fixed ({{bug|43886}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000264.html ASA-201503-23]<br />
|-<br />
| {{CVE|CVE-2014-9112}} [http://seclists.org/oss-sec/2014/q4/818 templink] || {{pkg|cpio}} || 2014-11-26 || <= 2.11-4 || 2.11-5 || 20d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000201.html ASA-201501-5]<br />
|-<br />
| {{CVE|CVE-2014-9116}} [http://seclists.org/oss-sec/2014/q4/835 templink] || {{pkg|mutt}} || 2014-11-27 || <= 1.5.23-1 || 1.5.23-2 || 71d || Fixed ({{bug|44110}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000247.html ASA-201503-6]<br />
|-<br />
| {{CVE|CVE-2014-9093}} [https://bugs.freedesktop.org/show_bug.cgi?id=86449 templink] || {{pkg|libreoffice-fresh}} || 2014-11-19 || <= 4.3.4-1 ||4.3.5-1 || 31d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-9092}} [https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768369#114 templink] || {{pkg|libjpeg-turbo}} || 2014-11-26 || <= 1.3.1-2 || 1.3.1-3 || 2d || Fixed ({{bug|42922}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000158.html ASA-201411-33]<br />
|-<br />
| {{CVE|CVE-2014-9272}} {{CVE|CVE-2014-9270}} {{CVE|CVE-2014-8987}} {{CVE|CVE-2014-9271}} {{CVE|CVE-2014-9281}} {{CVE|CVE-2014-8986}} {{CVE|CVE-2014-9269}} {{CVE|CVE-2014-9280}} {{CVE|CVE-2014-9089}} {{CVE|CVE-2014-9279}} {{CVE|CVE-2014-8988}} {{CVE|CVE-2014-8553}} {{CVE|CVE-2014-6387}} {{CVE|CVE-2014-6316}} {{CVE|CVE-2014-9117}} [https://www.mantisbt.org/bugs/view.php?id=17841 templink] [https://www.mantisbt.org/bugs/view.php?id=17811 templink] [http://seclists.org/oss-sec/2014/q4/955 templink] || {{pkg|mantisbt}} || 2014-11-25 || <= 1.2.17-4 || 1.2.18-1 || 13d || Fixed ({{bug|42920}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000164.html ASA-201412-6]<br />
|-<br />
| {{CVE|CVE-2014-9090}} [https://marc.info/?l=oss-security&m=141698775601426&w=2 templink] || {{pkg|linux}} {{pkg|linux-lts}} || 2014-11-26 || <= 3.18-rc6 || 3.19 || - || Not Affected || None<br />
|-<br />
| {{CVE|CVE-2014-9018}} {{CVE|CVE-2014-9091}} [http://seclists.org/oss-sec/2014/q4/694 templink] || {{pkg|icecast}} || 2014-11-20 || <= 2.4.0-1 || 2.4.1-1 || 8d || Fixed ({{bug|42912}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000157.html ASA-201411-32]<br />
|-<br />
| {{CVE|CVE-2014-8964}} [http://bugs.exim.org/show_bug.cgi?id=1546 templink] || {{pkg|pcre}} || 2014-11-18 || <= 8.36-1 || 8.36-2 || 8d || Fixed ({{bug|42860}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000154.html ASA-201411-29]<br />
|-<br />
| {{CVE|CVE-2014-8962}} {{CVE|CVE-2014-9028}} [http://www.ocert.org/advisories/ocert-2014-008.html templink] || {{pkg|flac}} || 2014-11-25 || <= 1.3.0-4 || 1.3.0-5 || < 1d || Fixed ({{bug|42898}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000155.html ASA-201411-30]<br />
|-<br />
| {{CVE|CVE-2014-7899}} {{CVE|CVE-2014-7900}} {{CVE|CVE-2014-7901}} {{CVE|CVE-2014-7902}} {{CVE|CVE-2014-7903}} {{CVE|CVE-2014-7904}} {{CVE|CVE-2014-7906}} {{CVE|CVE-2014-7907}} {{CVE|CVE-2014-7908}} {{CVE|CVE-2014-7909}} {{CVE|CVE-2014-7910}} [http://googlechromereleases.blogspot.in/2014/11/stable-channel-update_18.html templink] || {{pkg|chromium}} || 2014-11-20 || <= 38.0.2125.122-1 || 39.0.2171.65-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000151.html ASA-201411-26]<br />
|-<br />
| {{CVE|CVE-2014-9015}} {{CVE|CVE-2014-9016}} [http://seclists.org/oss-sec/2014/q4/697 templink] || {{pkg|drupal}} || 2014-11-19 || <= 7.33-1 || 7.34-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000150.html ASA-201411-25]<br />
|-<br />
| {{CVE|CVE-2013-6497}} [http://seclists.org/oss-sec/2014/q4/673 templink] || {{pkg|clamav}} || 2014-11-18 || <= 0.98.4-1 || 0.98.5-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000146.html ASA-201411-21]<br />
|-<br />
| {{CVE|CVE-2014-7817}} [https://sourceware.org/bugzilla/show_bug.cgi?id=17625 templink] || {{pkg|glibc}} {{pkg|lib32-glibc}} || 2014-11-19 || <= 2.20-2 || 2.20.3 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000152.html ASA-201411-27]<br />
|-<br />
| {{CVE|CVE-2014-8600}} [https://www.kde.org/info/security/advisory-20141113-1.txt templink] || {{pkg|kwebkitpart}} || 2014-11-18 || <= 1.3.4-2 || 1.3.4-3 || 4d || Fixed ({{bug|44170}} {{bug|42775}}) || None<br />
|-<br />
| {{CVE|CVE-2014-8767}} {{CVE|CVE-2014-8768}} {{CVE|CVE-2014-8769}} {{CVE|CVE-2014-9140}} {{CVE|CVE-2015-0261}} {{CVE|CVE-2015-2153}} {{CVE|CVE-2015-2154}} {{CVE|CVE-2015-2155}} [http://www.securityfocus.com/archive/1/534011/30/0/threaded templink] [http://www.securityfocus.com/archive/1/534010/30/0/threaded templink] [http://www.securityfocus.com/archive/1/534009/30/0/threaded templink] [https://github.com/the-tcpdump-group/tcpdump/commit/0f95d441e4b5d7512cc5c326c8668a120e048eda templink] || {{pkg|tcpdump}} || 2014-11-18 || <= 4.6.2-1 || 4.7.3-1 || 88d || Fixed ({{bug|44153}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000261.html ASA-201503-20]<br />
|-<br />
| {{CVE|CVE-2014-8090}} || {{pkg|ruby}} || 2014-11-13 || <= 2.1.4-1 || 2.1.5-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000141.html ASA-201411-16]<br />
|-<br />
| {{CVE|CVE-2014-7823}} || {{pkg|libvirt}} || 2014-11-13 || <= 1.2.10-1 ||1.2.11-1 ||33d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-8710}} {{CVE|CVE-2014-8711}} {{CVE|CVE-2014-8712}} {{CVE|CVE-2014-8713}} {{CVE|CVE-2014-8714}} [https://www.wireshark.org/security/wnpa-sec-2014-20.html templink] [https://www.wireshark.org/security/wnpa-sec-2014-21.html templink] [https://www.wireshark.org/security/wnpa-sec-2014-22.html templink] || {{pkg|wireshark-cli}} {{pkg|wireshark-gtk}} {{pkg|wireshark-qt}} || 2014-11-13 || <= 1.12.1-1 || 1.12.2-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000147.html ASA-201411-22] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000148.html ASA-201411-23] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000149.html ASA-201411-24]<br />
|-<br />
| {{CVE|CVE-2014-0573}} {{CVE|CVE-2014-0574}} {{CVE|CVE-2014-0576}} {{CVE|CVE-2014-0577}} {{CVE|CVE-2014-0581}} {{CVE|CVE-2014-0582}} {{CVE|CVE-2014-0583}} {{CVE|CVE-2014-0584}} {{CVE|CVE-2014-0585}} {{CVE|CVE-2014-0586}} {{CVE|CVE-2014-0588}} {{CVE|CVE-2014-0589}} {{CVE|CVE-2014-0590}} {{CVE|CVE-2014-8437}} {{CVE|CVE-2014-8438}} {{CVE|CVE-2014-8440}} {{CVE|CVE-2014-8441}} {{CVE|CVE-2014-8442}} [https://helpx.adobe.com/security/products/flash-player/apsb14-24.html templink] || {{pkg|flashplugin}} || 2014-11-11 || <= 11.2.202.411-1 || 11.2.202.418-1 || <1d || Fixed ({{bug|42769}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000136.html ASA-201411-11]<br />
|-<br />
| {{CVE|CVE-2014-3710}} [https://bugzilla.redhat.com/show_bug.cgi?id=1155071 templink] || {{pkg|php}} || 2014-10-29 || <= 5.6.2-2 || 5.6.3-1 || 14d || Fixed ({{bug|42764}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000138.html ASA-201411-13]<br />
|-<br />
| {{CVE|CVE-2014-8564}} [http://www.gnutls.org/security.html#GNUTLS-SA-2014-5 templink]|| {{pkg|gnutls}} || 2014-11-10 || <= 3.3.9-1 ||3.3.10-1 ||<1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000135.html ASA-201411-10]<br />
|-<br />
| {{CVE|CVE-2014-8716}} [http://seclists.org/oss-sec/2014/q4/591 templink]|| {{pkg|imagemagick}} || 2014-11-12 || <= 6.8.9.9-1 || 6.8.9.10-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000137.html ASA-201411-12]<br />
|-<br />
| {{CVE|CVE-2014-3710}} [https://bugzilla.redhat.com/show_bug.cgi?id=1155071 templink] || {{pkg|file}} || 2014-10-29 || <= 5.20-1 || 5.20-2 || 12d || Fixed ({{bug|42759}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000134.html ASA-201411-9]<br />
|-<br />
| {{CVE|CVE-2014-1569}} [https://bugzilla.mozilla.org/show_bug.cgi?id=1064670 templink] || {{pkg|nss}} || 2014-11-07 || <= 3.17.2-1 || 3.17.3-1 || 22d || Fixed ({{bug|42760}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000176.html ASA-201412-18]<br />
|-<br />
| {{CVE|CVE-2014-7824}} [http://www.openwall.com/lists/oss-security/2014/11/10/2 templink] || {{pkg|dbus}} || 2014-11-10 || <= 1.8.8-1 || 1.8.10-1 || 14d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000153.html ASA-201411-28]<br />
|-<br />
| {{CVE|CVE-2014-8598}} {{CVE|CVE-2014-7146}} [http://www.openwall.com/lists/oss-security/2014/11/07/27 templink] [http://www.openwall.com/lists/oss-security/2014/11/07/28 templink]|| {{pkg|mantisbt}} || 2014-11-08 || <= 1.2.17-3 || 1.2.17-4 || <4d || Fixed ({{bug|42761}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000133.html ASA-201411-8]<br />
|-<br />
| {{CVE|CVE-2014-8483}} [https://www.kde.org/info/security/advisory-20141104-1.txt templink] || {{pkg|konversation}} || 2014-11-04 || <= 1.5-1 || 1.5.1-1 || <4d || Fixed ({{bug|42698}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000130.html ASA-201411-5]<br />
|-<br />
| {{CVE|CVE-2014-3707}} [http://curl.haxx.se/docs/adv_20141105.html templink]|| {{pkg|curl}} || 2014-11-05 || <= 7.38.0-3 || 7.39.0-1 || 6d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000132.html ASA-201411-7]<br />
|-<br />
| {{CVE|CVE-2014-8651}} [http://seclists.org/oss-sec/2014/q4/520 templink]|| {{pkg|kdebase-workspace}} || 2014-11-04 || <= 4.11.13-1 || 4.11.13-2 || 6d || Fixed ({{bug|42679}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000131.html ASA-201411-6]<br />
|-<br />
| {{CVE|CVE-2014-8627}} {{CVE|CVE-2014-8628}} [http://www.openwall.com/lists/oss-security/2014/11/04/6 templink]|| {{pkg|polarssl}} || 2014-10-23 || <= 1.3.8-3 || 1.3.9-1 || 11d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000129.html ASA-201411-4]<br />
|-<br />
| {{CVE|CVE-2014-8321}} {{CVE|CVE-2014-8322}} {{CVE|CVE-2014-8323}} {{CVE|CVE-2014-8324}} [http://www.securityfocus.com/archive/1/533869/30/0/threaded templink]|| {{pkg|aircrack-ng}} || 2014-11-02 || <= 1.2beta3-1 || 1.2rc1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000127.html ASA-201411-2]<br />
|-<br />
| {{CVE|CVE-2014-8554}} [http://www.openwall.com/lists/oss-security/2014/10/30/9 templink]|| {{pkg|mantisbt}} || 2014-10-30 || <= 1.2.17-2 || 1.2.17-3 || 5d || Fixed ({{bug|42683}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000128.html ASA-201411-3]<br />
|-<br />
| {{CVE|CVE-2014-8354}} {{CVE|CVE-2014-8355}} {{CVE|CVE-2014-8561}} {{CVE|CVE-2014-8562}} [http://seclists.org/oss-sec/2014/q4/466 templink]|| {{pkg|imagemagick}} || 2014-10-29 || <= 6.8.9.8-1 || 6.8.9.9-1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-8517}} [http://seclists.org/oss-sec/2014/q4/459 templink]|| {{pkg|tnftp}} || 2014-10-28 || <= 20130505-2 || 20141031-1 || 4d || Fixed ({{bug|42646}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000126.html ASA-201411-1]<br />
|-<br />
| {{CVE|CVE-2014-4877}} [http://git.savannah.gnu.org/cgit/wget.git/commit/?id=18b0979357ed7dc4e11d4f2b1d7e0f5932d82aa7 templink]|| {{pkg|wget}} || 2014-10-27 || <= 1.15-1 || 1.16-1 || <2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000125.html ASA-201410-14]<br />
|-<br />
| {{CVE|CVE-2014-8484}} {{CVE|CVE-2014-8485}} {{CVE|CVE-2014-8501}} {{CVE|CVE-2014-8502}} {{CVE|CVE-2014-8503}} {{CVE|CVE-2014-8504}} {{CVE|CVE-2014-8737}} {{CVE|CVE-2014-8738}} [http://seclists.org/oss-sec/2014/q4/424 templink] [http://seclists.org/oss-sec/2014/q4/599 tmplink] [http://seclists.org/oss-sec/2014/q4/600 templink] || {{pkg|avr-binutils}} || 2014-10-23 || <= 2.24-2 || 2.24-3 || 27d || Fixed ({{bug|42773}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000145.html ASA-201411-20]<br />
|-<br />
| {{CVE|CVE-2014-8484}} {{CVE|CVE-2014-8485}} {{CVE|CVE-2014-8501}} {{CVE|CVE-2014-8502}} {{CVE|CVE-2014-8503}} {{CVE|CVE-2014-8504}} {{CVE|CVE-2014-8737}} {{CVE|CVE-2014-8738}} [http://seclists.org/oss-sec/2014/q4/424 templink] [http://seclists.org/oss-sec/2014/q4/599 tmplink] [http://seclists.org/oss-sec/2014/q4/600 templink] || {{pkg|mingw-w64-binutils}} || 2014-10-23 || <= 2.24-1 || 2.24-2 || 26d || Fixed ({{bug|42773}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000144.html ASA-201411-19]<br />
|-<br />
| {{CVE|CVE-2014-8484}} {{CVE|CVE-2014-8485}} {{CVE|CVE-2014-8501}} {{CVE|CVE-2014-8502}} {{CVE|CVE-2014-8503}} {{CVE|CVE-2014-8504}} {{CVE|CVE-2014-8737}} {{CVE|CVE-2014-8738}} [http://seclists.org/oss-sec/2014/q4/424 templink] [http://seclists.org/oss-sec/2014/q4/599 tmplink] [http://seclists.org/oss-sec/2014/q4/600 templink] || {{pkg|arm-none-eabi-binutils}} || 2014-10-23 || <= 2.24-2 || 2.24-3 || 26d || Fixed ({{bug|42773}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000143.html ASA-201411-18]<br />
|-<br />
| {{CVE|CVE-2014-8484}} {{CVE|CVE-2014-8485}} {{CVE|CVE-2014-8501}} {{CVE|CVE-2014-8502}} {{CVE|CVE-2014-8503}} {{CVE|CVE-2014-8504}} {{CVE|CVE-2014-8737}} {{CVE|CVE-2014-8738}} [http://seclists.org/oss-sec/2014/q4/424 templink] [http://seclists.org/oss-sec/2014/q4/599 tmplink] [http://seclists.org/oss-sec/2014/q4/600 templink] || {{pkg|binutils}} || 2014-10-23 || <= 2.24-7 || 2.24-8 || 26d || Fixed ({{bug|42773}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000142.html ASA-201411-17]<br />
|-<br />
| {{CVE|CVE-2014-8559}} [http://www.openwall.com/lists/oss-security/2014/10/30/7 templink] || {{pkg|linux}}, {{pkg|linux-lts}} || 2014-10-30 || <= 3.17.3-1, <= 3.14.24-1 ||3.17.4-1 3.14.25-1 || ~23d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-3610}} {{CVE|CVE-2014-3611}} {{CVE|CVE-2014-3646}} {{CVE|CVE-2014-3647}} {{CVE|CVE-2014-7825}} {{CVE|CVE-2014-7826}} {{CVE|CVE-2014-8369}} [http://permalink.gmane.org/gmane.comp.security.oss.general/14526 templink] [http://seclists.org/oss-sec/2014/q4/548 templink] || {{pkg|linux}}, {{pkg|linux-lts}} || 2014-10-21 || <= 3.17.2-1, <= 3.14.23-1 || 3.17.3-1, 3.14.24-1 || || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000139.html ASA-201411-14] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000140.html ASA-201411-15]<br />
|-<br />
| {{CVE|CVE-2014-8480}} {{CVE|CVE-2014-8481}} [http://permalink.gmane.org/gmane.comp.security.oss.general/14526 templink] || {{pkg|linux}} || 2014-10-21 || <= 3.17.2-1 || 3.17.3-1 || || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000139.html ASA-201411-14]<br />
|-<br />
| {{CVE|CVE-2014-3695}} {{CVE|CVE-2014-3696}} {{CVE|CVE-2014-3698}} [https://pidgin.im/news/security/ templink] || {{pkg|libpurple}} || 2014-10-22 || <= 2.10.9-2 || 2.10.10-1 || < 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000120.html ASA-201410-9]<br />
|-<br />
| {{CVE|CVE-2014-8760}} || {{pkg|ejabberd}} || 2014-10-13 || <= 14.07-1 || 14.07-2 || 14d || Fixed ({{bug|42541}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000124.html ASA-201410-13]<br />
|-<br />
| {{CVE|CVE-2014-3686}} || {{pkg|wpa_supplicant}}, {{pkg|hostapd}} || 2014-10-09 || <= 2.2-2 || 2.3-1 || ~10d || Fixed ({{bug|42401}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000119.html ASA-201410-8]<br />
|-<br />
| {{CVE|CVE-2014-0191}} {{CVE|CVE-2014-3660}} || {{pkg|libxml2}} || 2014-10-16 || <= 2.9.1-5 || 2.9.2-1 || 8d || Fixed ({{bug|40790}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000123.html ASA-201410-12]<br />
|-<br />
| {{CVE|CVE-2014-3704}} [https://www.drupal.org/SA-CORE-2014-005 templink] || {{pkg|drupal}} || 2014-10-15 || <= 7.31-2 || 7.32-1 || 1d || Fixed ({{bug|42388}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000118.html ASA-201410-7]<br />
|-<br />
| {{CVE|CVE-2014-3513}} {{CVE|CVE-2014-3566}} {{CVE|CVE-2014-3567}} {{CVE|CVE-2014-3568}} [https://www.openssl.org/news/secadv_20141015.txt templink] [https://www.openssl.org/~bodo/ssl-poodle.pdf temp link] || {{pkg|openssl}} || 2014-10-15 || <= 1.0.1.i-1 || 1.0.1.j-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000117.html ASA-201410-6]<br />
|-<br />
| {{CVE|CVE-2014-8242}} [http://www.openwall.com/lists/oss-security/2014/10/13/2 temp link] || {{pkg|librsync}} || 2014-10-12 || <= 0.9.7-7 || 1.0.0-1 || 166d || Fixed ({{bug|44175}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000251.html ASA-201503-10]<br />
|-<br />
| {{CVE|CVE-2014-7203}} {{CVE|CVE-2014-7202}} [http://seclists.org/oss-sec/2014/q3/776 temp link] || {{pkg|zeromq}} || 2014-09-27 || <= 4.0.4-4 || 4.0.5-1 || 18d || Fixed ({{bug|42381}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000116.html ASA-201410-4]<br />
|-<br />
| {{CVE|CVE-2014-6051}} {{CVE|CVE-2014-6052}} {{CVE|CVE-2014-6053}} {{CVE|CVE-2014-6054}} {{CVE|CVE-2014-6055}} [http://seclists.org/oss-sec/2014/q3/639 temp link] || {{pkg|libvncserver}} || 2014-09-23 || <= 0.9.9-3 || 0.9.10-1 || 31d || Fixed ({{bug|42321}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000121.html ASA-201410-10]<br />
|-<br />
| {{CVE|CVE-2014-3683}} [http://www.rsyslog.com/remote-syslog-pri-vulnerability-cve-2014-3683/ temp link] || {{pkg|rsyslog}} || 2014-10-02 || <= 8.4.1-1 || 8.4.2-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000115.html ASA-201410-5]<br />
|-<br />
| {{CVE|CVE-2014-7204}} [http://seclists.org/oss-sec/2014/q3/842 temp link] || {{pkg|ctags}} || 2014-09-29 || <= 5.8-4 || 5.8-5 || 26d || Fixed ({{bug|42246}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000122.html ASA-201410-11]<br />
|-<br />
| {{CVE|CVE-2014-7295}} [https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-October/000163.html temp link] || {{pkg|mediawiki}} || 2014-10-02 || <= 1.23.4-1 || 1.23.5-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000114.html ASA-201410-3]<br />
|-<br />
| {{CVE|CVE-2014-3661}} {{CVE|CVE-2014-3662}} {{CVE|CVE-2014-3663}} {{CVE|CVE-2014-3664}} {{CVE|CVE-2014-3680}} {{CVE|CVE-2014-3681}} {{CVE|CVE-2014-3666}} {{CVE|CVE-2014-3667}} {{CVE|CVE-2013-2186}} {{CVE|CVE-2014-1869}} {{CVE|CVE-2014-3678}} {{CVE|CVE-2014-3679}} [https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01 temp link] || {{pkg|jenkins}} || 2014-10-01 || <= 1.582-1 || 1.583-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000113.html ASA-201410-2]<br />
|-<br />
| {{CVE|CVE-2014-3634}} [http://www.rsyslog.com/remote-syslog-pri-vulnerability/ temp link] || {{pkg|rsyslog}} || 2014-09-30 || <= 8.4.0-1 || 8.4.1-1 || 1d || Fixed ({{bug|42200}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000112.html ASA-201410-1]<br />
|-<br />
| {{CVE|CVE-2014-3657}} {{CVE|CVE-2014-3633}} [https://www.debian.org/security/2014/dsa-3038 temp link] || {{pkg|libvirt}} || 2014-09-26 || <= 1.2.8-1 || 1.2.8-2 || 3d || Fixed ({{bug|42159}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-September/000111.html ASA-201409-5]<br />
|-<br />
| {{CVE|CVE-2014-7199}} [https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-September/000161.html temp link] || {{pkg|mediawiki}} || 2014-09-24 || <= 1.23.3-1 || 1.23.4-1 || 5d || Fixed ({{bug|42161}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-September/000109.html ASA-201409-4]<br />
|-<br />
| {{CVE|CVE-2014-7185}} [http://bugs.python.org/issue21831 temp link] || {{pkg|python2}} || 2014-09-24 || < 2.7.8 || 2.7.8-1 || < 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-September/000102.html ASA-201409-3]<br />
|-<br />
| {{CVE|CVE-2014-1568}} [https://www.mozilla.org/security/announce/2014/mfsa2014-73.html temp link] || {{pkg|nss}} || 2014-09-24 || < 3.17.1 || 3.17.1-1 || < 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-September/000097.html ASA-201409-1]<br />
|-<br />
| {{CVE|CVE-2014-6271}} {{CVE|CVE-2014-7169}} {{CVE|CVE-2014-7186}} {{CVE|CVE-2014-7187}} {{CVE|CVE-2014-6277}} {{CVE|CVE-2014-6278}} [http://seclists.org/oss-sec/2014/q3/649 temp link] || {{pkg|bash}} || 2014-09-24 || <= 4.3.024-1 || 4.3.026-1 || 2d || Fixed ({{bug|42109}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-September/000099.html ASA-201409-2]<br />
|-<br />
| {{CVE|CVE-2014-3635}} {{CVE|CVE-2014-3636}} {{CVE|CVE-2014-3637}} {{CVE|CVE-2014-3638}} {{CVE|CVE-2014-3639}} [http://www.openwall.com/lists/oss-security/2014/09/16/9 temp link] || {{pkg|dbus}} {{pkg|libdbus}} {{pkg|lib32-libdbus}} || 2014-09-16 || < 1.8.8 || 1.8.8-1 || 1d || Fixed ({{bug|41993}}) || None<br />
|-<br />
| {{CVE|CVE-2014-3613}} {{CVE|CVE-2014-3620}} [http://curl.haxx.se/docs/security.html temp link] || {{pkg|curl}} {{pkg|lib32-curl}}|| 2014-09-10 || < 7.38.0 || 7.38.0-1 || 5d ({{pkg|curl}}), 7d ({{pkg|lib32-curl}}) || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-3609}} [http://www.squid-cache.org/Advisories/SQUID-2014_2.txt temp link] || {{pkg|squid}} || 2014-08-28 || < 3.4.7 || 3.4.7-1 || < 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-5119}} [https://sourceware.org/bugzilla/show_bug.cgi?id=17187 temp link] || {{pkg|glibc}} || 2014-07-21 || <= 2.19 || 2.20-2 || 55d || Fixed ({{bug|41713}}) || None<br />
|-<br />
| {{CVE|CVE-2014-3508}} {{CVE|CVE-2014-5139}} {{CVE|CVE-2014-3509}} {{CVE|CVE-2014-3505}} {{CVE|CVE-2014-3506}} {{CVE|CVE-2014-3507}} {{CVE|CVE-2014-3510}} {{CVE|CVE-2014-3511}} {{CVE|CVE-2014-3512}} [https://www.openssl.org/news/secadv_20140806.txt temp link] || {{pkg|openssl}} || 2014-08-06 || < 1.0.1.i || 1.0.1.i-1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0226}} [http://www.zerodayinitiative.com/advisories/ZDI-14-236/ temp link] || {{pkg|apache}} || 2014-07-15 || < 2.4.10 || 2.4.10-1 || ~7d || Fixed ({{bug|41244}}) || None<br />
|-<br />
| {{CVE|CVE-2014-4943}} [http://www.openwall.com/lists/oss-security/2014/07/17/1 temp link] || {{pkg|linux}}, {{pkg|linux-lts}}, {{pkg|linux-grsec}} || 2014-07-16 || || 3.15.5.201407170639-1 {{pkg|linux-grsec}}, 3.14.16 ({{pkg|linux-lts}}), 3.16 ({{pkg|linux}}) || 1d ({{pkg|linux-grsec}}), 23d ({{pkg|linux-lts}}), 27d {{pkg|linux}} || Fixed in {{pkg|linux}}, {{pkg|linux-lts}} ({{bug|41231}}), Fixed in {{pkg|linux-grsec}} || None<br />
|-<br />
| {{CVE|CVE-2014-0475}} [http://www.openwall.com/lists/oss-security/2014/07/10/7 temp link] || {{pkg|glibc}} || 2014-07-10 || <=2.19 || 2.20-2 || 66d || Fixed ({{bug|41166}}) || None<br />
|-<br />
| {{CVE|CVE-2014-4699}} [http://www.openwall.com/lists/oss-security/2014/07/04/4 temp link] || {{Pkg|linux}}, {{pkg|linux-lts}}, {{pkg|linux-grsec}} || 2014-07-04 || || 3.15.3.201407060933-1 {{pkg|linux-grsec}}, 3.15.4-1 {{pkg|linux}}, 3.14.11-1 {{pkg|linux-lts}} || 2d ({{pkg|linux-grsec}}), 3d ({{pkg|linux}}, {{pkg|linux-lts}}) || Fixed ({{bug|41115}}) || None<br />
|-<br />
| {{CVE|CVE-2014-4715}} [http://www.openwall.com/lists/oss-security/2014/07/02/13 temp link] || {{Pkg|lz4}} || 2014-07-02 || || 119-1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-4611}} [http://www.openwall.com/lists/oss-security/2014/06/26/25 temp link] || {{Pkg|linux}}, {{pkg|linux-grsec}}, {{pkg|lz4}} || 2014-06-26 || || 3.15.2-1 ({{pkg|linux}}), 3.15.2.201406262058-1 ({{pkg|linux-grsec}}), 118-1 {{pkg|lz4}} || <1d ({{pkg|linux}}, {{pkg|linux-grsec}}, {{pkg|lz4}}) || Fixed in {{pkg|linux}} ({{bug|40992}}), Fixed in {{pkg|linux-grsec}}, Fixed in {{pkg|lz4}} ({{bug|40997}}) || None<br />
|-<br />
| {{CVE|CVE-2014-4610}} [http://www.openwall.com/lists/oss-security/2014/06/26/23 temp link] || {{Pkg|ffmpeg}} || 2014-06-26 || || 1:2.2.4-1 || <2d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-4609}} [http://www.openwall.com/lists/oss-security/2014/06/26/22 temp link] || {{Pkg|gst-libav}} || 2014-06-26 || 1.2.4-1 || 1.2.4-2 (with libav 9.14) || 2d || Fixed ({{bug|40995}}) || None<br />
|-<br />
| {{CVE|CVE-2014-4608}} [http://www.openwall.com/lists/oss-security/2014/06/26/21 temp link] || {{Pkg|linux}}, {{pkg|linux-lts}}, {{pkg|linux-grsec}} || 2014-06-26 || || 3.15.2-1 ({{pkg|linux}}), 3.10.45-1 ({{pkg|linux-lts}}), 3.15.2.201406262058-1 ({{pkg|linux-grsec}}) || <1d ({{pkg|linux}}, {{pkg|linux-lts}}, {{pkg|linux-grsec}}) || Fixed in {{pkg|linux}} and {{pkg|linux-lts}} ({{bug|40992}}), Fixed in {{pkg|linux-grsec}} || None<br />
|-<br />
| {{CVE|CVE-2014-4607}} [http://www.openwall.com/lists/oss-security/2014/06/26/20 temp link] || {{Pkg|lzo2}} || 2014-06-26 || || 2.07-2 || 3d || Fixed ({{bug|40993}}) || None<br />
|-<br />
| {{CVE|CVE-2014-4617}} [http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000345.html temp link] || {{Pkg|gnupg}} || 2014-06-24 || < 2.0.24 || 2.0.24 || 7d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0244}} {{CVE|CVE-2014-3493}} [https://www.samba.org/samba/history/samba-4.1.9.html temp link] || {{Pkg|samba}} || 2014-06-23 || < 4.1.9 || 4.1.9 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1545}} [https://www.mozilla.org/security/announce/2014/mfsa2014-55.html temp link] || {{Pkg|nspr}} || 2014-06-10 || < 4.10.6 || 4.10.6 || ~1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-3859}} || {{Pkg|bind}} || 2014-06-11 || 9.10.0, 9.10.0-P1 || 9.10.0-P2 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-3477}} || {{Pkg|dbus}} || 2014-06-10 || <= 1.8.2 || 1.8.4 || 3d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0195}} {{CVE|CVE-2014-0198}} {{CVE|CVE-2010-5298}} {{CVE|CVE-2014-3470}} {{CVE|CVE-2014-0224}} {{CVE|CVE-2014-0221}} [http://www.openssl.org/news/secadv_20140605.txt temp link] || {{Pkg|openssl}} || 2014-06-05 || 1.0.1 - 1.0.1g || 1.0.1h || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-3153}} [http://seclists.org/oss-sec/2014/q2/467 temp link]|| {{Pkg|linux}}, {{pkg|linux-lts}}, {{Pkg|linux-grsec}} || 2014-06-05 || ? || 3.14.6 ({{pkg|linux}}), 3.10.42-1 ({{pkg|linux-lts}}), 3.14.5.201406051310-1 ({{pkg|linux-grsec}})|| 3d ({{pkg|linux}}, {{pkg|linux-lts}}), <1d ({{pkg|linux-grsec}}) || Fixed in {{pkg|linux}} ({{bug|40715}}), Fixed in {{pkg|linux-lts}}, Fixed in {{pkg|linux-grsec}} || None<br />
|-<br />
| {{CVE|CVE-2014-3466}} [https://bugzilla.redhat.com/show_bug.cgi?id=1101932 temp link]|| {{Pkg|gnutls}} || 2014-05-30 || < 3.3.3 || 3.3.3 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0209}} {{CVE|CVE-2014-0210}} {{CVE|CVE-2014-0211}}|| {{Pkg|libxfont}} || 2014-05-13 || < 1.4.18 || 1.4.18 || 3d || Fixed ({{Bug|40409 }}) || None<br />
|-<br />
| {{CVE|CVE-2014-0196}} [https://bugzilla.redhat.com/show_bug.cgi?id=1094232 temp-link] || {{Pkg|linux}}, {{Pkg|linux-lts}}, {{pkg|linux-grsec}} || 2014-05-05 || 2.6.31 - 3.14 || 3.14.3-2 ({{pkg|linux}}), 3.10.39-2 ({{pkg|linux-lts}}), 3.14.3.201405121814-1 ({{pkg|linux-grsec}}) || 7d ({{pkg|linux}}), 8d {{pkg|linux-lts}}, <1d ({{pkg|linux-grsec}}) || Fixed in {{pkg|linux}} ({{Bug|40232}}), Fixed in {{pkg|linux-lts}}, Fixed in {{pkg|linux-grsec}} || None<br />
|-<br />
| {{CVE|CVE-2014-2905}} {{CVE|CVE-2014-2906}} {{CVE|CVE-2014-2914}} [https://bugzilla.redhat.com/show_bug.cgi?id=1092091 temp-link] || {{Pkg|fish}} || 2014-04-28 || 1.16.0 - 2.1.0 || 2.2.1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0160}} || {{Pkg|openssl}} || 2014-04-07 || 1.0.1 - 1.0.1f || 1.0.1g || ~1d || Fixed ({{Bug|39775}}) || None<br />
|-<br />
| {{CVE|CVE-2014-1700}} {{CVE|CVE-2014-1701}} {{CVE|CVE-2014-1702}} {{CVE|CVE-2014-1703}} {{CVE|CVE-2014-1704}} {{CVE|CVE-2014-1705}} {{CVE|CVE-2014-1713}} {{CVE|CVE-2014-1715}} || {{Pkg|chromium}} {{Pkg|v8}} || 2014-03-11 || 32 || 33 || 4d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0098}} {{CVE|CVE-2013-6438}}|| {{Pkg|apache}} || 2014-03-17 || 2.4.8 || 2.4.9 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1492}} || {{Pkg|nss}} || 2014-03-18 || 3.15.5 || 3.16 || 22d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1493}} {{CVE|CVE-2014-1494}} {{CVE|CVE-2014-1497}} {{CVE|CVE-2014-1498}} {{CVE|CVE-2014-1499}} {{CVE|CVE-2014-1500}} {{CVE|CVE-2014-1502}} {{CVE|CVE-2014-1504}} {{CVE|CVE-2014-1505}} {{CVE|CVE-2014-1508}} {{CVE|CVE-2014-1509}} {{CVE|CVE-2014-1510}} {{CVE|CVE-2014-1511}} {{CVE|CVE-2014-1512}} {{CVE|CVE-2014-1513}} {{CVE|CVE-2014-1514}} || {{Pkg|firefox}} {{Pkg|thunderbird}} || 2014-03-18 || 27 || 28 || 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-2240}} {{CVE|CVE-2014-2241}}|| {{Pkg|freetype2}} || ? || 2.5.2 || 2.5.3 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-2029}}|| {{Pkg|xtrabackup}} || 2014-02-16 || 2.1.7 || 2.1.8 || 28d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1958}} {{CVE|CVE-2014-2030}}|| {{Pkg|imagemagick}} || ? || ? || 6.8.8.9-1 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1943}} {{CVE|CVE-2014-2270}}|| {{Pkg|php}} || 2014-03-06 || 5.5.9 || 5.5.110 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0404}} {{CVE|CVE-2014-0406}} {{CVE|CVE-2014-0407}} || {{Pkg|virtualbox}} || 2014-02-28 || 4.3.4 || 4.3.6 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-2323}} {{CVE|CVE-2014-2324}} || {{Pkg|lighttpd}} || 2014-03-12 || 1.4.34 || 1.4.35 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0333}} || {{Pkg|libpng}} || 2014-02-28 || 1.6.9 || 1.6.10 || 9d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0017}} || {{Pkg|libssh}} || 2014-03-04 || ? || 0.5.5-3 || 5d || Fixed || None<br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/628 CVE-2013-7339] || {{Pkg|linux}} || 2014-03-20 || < 3.5.7.29 || 3.5.7.29 || 0d || Fixed || None<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2568 CVE-2014-2568] || {{Pkg|linux}} || 2014-03-18 || ? || ? || ? || Not Affected ({{Bug|39566}}) ||<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2524 CVE-2014-2524] || {{Pkg|tigervnc}} || 2014-03-19 || ? || 1.3.1 || 1d || Fixed || None<br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/595 CVE-2013-7338] || {{Pkg|python}} || 2014-03-19 || 3.4beta || 3.4 || ? || Fixed ({{Bug|39540}}) || None<br />
|-<br />
| [http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html CVE-2014-0133 ] || {{Pkg|nginx}} || 2014-03-18 || ? || 1.4.7 || 0d || Fixed || None<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2013-7336 CVE-2013-7336 ] || {{Pkg|libvirt}} || 2013-09-19 || ? || 1.1.1-7 (in RHEL 7) || 0d || Fixed || None<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2523 CVE-2014-2523 ] || {{Pkg|linux}} || 2014-03-17 || ? || 3.13-rc5 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0004}} || {{Pkg|udisks2}} & {{Pkg|udisks}} || 2014-03-10 || 2.1.3 / 1.0.5 || 2.1.3 / 1.0.5 || 3d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-2281}} {{CVE|CVE-2014-2282}} {{CVE|CVE-2014-2283}} {{CVE|CVE-2014-2299}} || {{Pkg|wireshark-cli}} || 2014-03-10 || 1.10.6 || 1.10.6 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0050}} || {{Pkg|tomcat7}} || 2014-02-06 || 7.0.51 || 7.0.51 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0033}} || {{Pkg|tomcat6}} || 2014-01-10 || 6.0.37 || 6.0.37 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0032}} || {{Pkg|subversion}} || 2014-01-10 || 1.8.6 || 1.8.6 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0060}} {{CVE|CVE-2014-0061}} {{CVE|CVE-2014-0062}} {{CVE|CVE-2014-0063}} {{CVE|CVE-2014-0064}} {{CVE|CVE-2014-0065}} {{CVE|CVE-2014-0066}} {{CVE|CVE-2014-0067}} || {{Pkg|postgresql}} || 2014-02-20 || <=9.3.3 || 9.3.3-1 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1912}} || {{Pkg|python}} {{Pkg|python2}} || 2014-02-07 || ? || 2.7.6-3 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2013-4496}} {{CVE|CVE-2013-6442}} || {{Pkg|samba}} || 2014-03-14 || ? || 4.1.6 || 2d || Fixed ({{Bug|39424}}) || None<br />
|-<br />
| {{CVE|CVE-2014-0504}} || {{Pkg|flashplugin}} || 2014-03-12 || ? || 11.2.202.346 || 1d || Fixed ({{Bug|39385}}) || None<br />
|-<br />
| {{CVE|CVE-2014-0106}} || {{Pkg|sudo}} || || 1.8.9.p5 || 1.8.10 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-2285}} {{CVE|CVE-2014-2284}} || {{Pkg|net-snmp}} || 2014-03-05 || ? || 5.7.2.1-2 || 8d || Fixed ({{Bug|39190}}) || None<br />
|-<br />
| {{CVE|CVE-2014-0092}} || {{Pkg|gnutls}} || 2014-03-04 || <3.2.12 || 3.2.12-1 || 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-2242}} {{CVE|CVE-2014-2243}} {{CVE|CVE-2014-2244}} || {{Pkg|mediawiki}} || 2014-03-14 || <1.22.3 || 1.22.3 || 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-2093}} {{CVE|CVE-2014-2094}} {{CVE|CVE-2014-2095}} {{CVE|CVE-2014-2096}} || {{Pkg|catfish}} || 2014-02-25 || <1.0.1 || 1.0.1 || 8d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0497}} || {{Pkg|flashplugin}} || 2014-02-04 || ? || 11.2.202.346 || 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0015}} || {{Pkg|curl}} || 2014-01-29 || <7.35 || 7.35 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1610}} || {{Pkg|mediawiki}} || 2014-01-29 || <1.22.2 || 1.22.2 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0021}} || {{Pkg|chrony}} || 2014-01-17 || <1.29.1-1 || 1.29.1-1 || 14d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1875}} || {{Pkg|perl-capture-tiny}} || 2014-02-06 || ? || 0.24-1 || 4d || Fixed ({{Bug|38862}}) || None<br />
|-<br />
| {{CVE|CVE-2013-6493}} || {{Pkg|icedtea-web-java7}} || 2014-02-05 || <1.4.2 || 1.4.2 || 0d || Fixed || None<br />
|- <br />
| {{CVE|CVE-2014-1858}} {{CVE|CVE-2014-1859}} || {{Pkg|python-numpy}} || 2014-02-06 || ? || 1.8.0-2 || 4d || Fixed ({{Bug|38863}}) || None<br />
|-<br />
| {{CVE|CVE-2014-1932}} {{CVE|CVE-2014-1933}} || {{Pkg|python-pillow}} || 2014-02-10 || <2.3.1 || 2.3.1 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1935}} || {{Pkg|9base}} || 2014-02-10 || ? || ? || ? || ? ||<br />
|-<br />
| {{CVE|CVE-2014-1949}} [http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-1949.html temp link] || {{Pkg|cinnamon-screensaver}} || 2014-02-12 || 2.0.3 || ? || ? || ? ||<br />
|-<br />
| {{CVE|CVE-2014-1959}} || {{Pkg|gnutls}} || 2014-02-13 || <3.2.11 || 3.2.11 || 2d || Fixed || None<br />
|- <br />
| {{CVE|CVE-2014-1943}} {{CVE|CVE-2014-2270}} || {{Pkg|file}} || 2014-02-10 || <5.17 || 5.17-1 || 3d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0001}} {{CVE|CVE-2014-0412}} {{CVE|CVE-2014-0437}} {{CVE|CVE-2014-0420}} {{CVE|CVE-2014-0393}} {{CVE|CVE-2014-0386}} {{CVE|CVE-2014-0401}} {{CVE|CVE-2014-0402}} || {{Pkg|mariadb}} || 2014-01-31 || <5.5.35 || 5.5.35-1 || 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1447}} || {{Pkg|libvirt}} || 2014-01-16 || <1.2.1 || 1.2.1 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0979}} || lightdm-gtk* || 2014-01-07 || ? || ? || 25d || Fixed ({{Bug|38715}}) || None<br />
|-<br />
| {{CVE|CVE-2014-1475}} {{CVE|CVE-2014-1476}} || {{Pkg|drupal}} || 2014-01-15 || <7.26 || 7.26-1 || 12d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0019}} || {{Pkg|socat}} || 2014-01-29 || <1.7.2.3 || 1.7.2.3 || 0d || Fixed || None<br />
|- <br />
| {{CVE|CVE-2014-1838}} {{CVE|CVE-2014-1839}} || {{Pkg|python-logilab-common}} || 2014-01-31 || ? || ? || 3d || Fixed [https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737051] || None<br />
|-<br />
| {{CVE|CVE-2014-0368}} {{CVE|CVE-2014-0373}} {{CVE|CVE-2014-0376}} {{CVE|CVE-2014-0411}} {{CVE|CVE-2014-0416}} {{CVE|CVE-2014-0422}} {{CVE|CVE-2014-0423}} {{CVE|CVE-2014-0428}} || *-openjdk-* || 2014-01-15 || ? || ? || 2d || ? ||<br />
|-<br />
| {{CVE|CVE-2014-1402}} || {{Pkg|python-jinja}} || 2014-01-10 || <2.7.2 || 2.7.2 || 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2013-6462}} || {{Pkg|libxfont}} || 2014-01-07 || <1.4.7 || 1.4.7 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1235}} || {{Pkg|graphviz}} || 2014-01-07 || <2.36.0 || 2.34.0-3 || 3d || Fixed ({{Bug|38441}}) || None<br />
|-<br />
| {{CVE|CVE-2014-0978}} || {{Pkg|freerdp}} || 2014-01-10 || <1.0.2 || 1.0.2-5 || 67d || Fixed ({{Bug|38802}}) || None<br />
|-<br />
|}</div>
Anthraxx
https://wiki.archlinux.org/index.php?title=Security_Advisories&diff=454715
Security Advisories
2016-10-21T14:33:07Z
<p>Anthraxx: /* Recent Advisories */ adding django advisories</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Related articles start}}<br />
{{Related|Arch CVE Monitoring Team}}<br />
{{Related|CVE}}<br />
{{Related|Security Advisories/Examples}}<br />
{{Related articles end}}<br />
<br />
Security Advisories are published by the community driven [[Arch CVE Monitoring Team]] to the public [https://mailman.archlinux.org/mailman/listinfo/arch-security arch-security] list.<br />
All published advisories can be found below, however if you want to be up-to-date its recommended to subscribe to the [https://mailman.archlinux.org/mailman/listinfo/arch-security list]. All assigned CVE's are tracked at the relevant CVE page [[CVE]], by the [[Arch_CVE_Monitoring_Team|ACMT]].<br />
<br />
==Scheduled Advisories==<br />
<br />
==Recent Advisories==<br />
Here is an archive of security advisories posted to the [https://mailman.archlinux.org/mailman/listinfo/arch-security arch-security] list.<br />
<br />
=== October 2016 ===<br />
* [21 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000741.html ASA-201610-13] {{pkg|python2-django}} cross-site request forgery<br />
* [21 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000740.html ASA-201610-12] {{pkg|python-django}} cross-site request forgery<br />
* [21 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000739.html ASA-201610-11] {{pkg|linux-lts}} privilege escalation<br />
* [16 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000738.html ASA-201610-10] {{pkg|guile}} multiple issues<br />
* [13 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000737.html ASA-201610-9] {{pkg|gdk-pixbuf2}} arbitrary code execution<br />
* [11 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000736.html ASA-201610-8] {{pkg|crypto++}} information disclosure<br />
* [09 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000735.html ASA-201610-7] {{pkg|wpa_supplicant}} multiple issues<br />
* [08 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000734.html ASA-201610-6] {{pkg|imagemagick}} multiple issues<br />
* [07 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000733.html ASA-201610-5] {{pkg|messagelib}} multiple issues<br />
* [07 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000732.html ASA-201610-4] {{pkg|kcoreaddons}} insufficient validation<br />
* [03 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000731.html ASA-201610-3] {{pkg|hostapd}} multiple issues<br />
* [03 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000730.html ASA-201610-2] {{pkg|systemd}} denial of service<br />
* [03 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000729.html ASA-201610-1] {{pkg|chromium}} arbitrary code execution<br />
<br />
=== September 2016 ===<br />
* [30 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000728.html ASA-201609-32] {{pkg|wordpress}} multiple issues<br />
* [30 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000727.html ASA-201609-31] {{pkg|c-ares}} arbitrary code execution<br />
* [28 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000726.html ASA-201609-30] {{pkg|openssl}} denial of service<br />
* [28 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000725.html ASA-201609-29] {{pkg|bind}} denial of service<br />
* [27 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000724.html ASA-201609-28] {{pkg|lib32-openssl}} denial of service<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000723.html ASA-201609-27] {{pkg|wireshark-cli}} denial of service<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000722.html ASA-201609-26] {{pkg|lib32-gnutls}} certificate verification bypass<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000721.html ASA-201609-25] {{pkg|gnutls}} certificate verification bypass<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000720.html ASA-201609-24] {{pkg|lib32-openssl}} multiple issues<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000719.html ASA-201609-23] {{pkg|openssl}} multiple issues<br />
* [22 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000718.html ASA-201609-22] {{pkg|firefox}} multiple issues<br />
* [22 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000717.html ASA-201609-21] {{pkg|tomcat7}} proxy injection<br />
* [22 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000716.html ASA-201609-20] {{pkg|irssi}} arbitrary code execution<br />
* [20 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000715.html ASA-201609-19] {{pkg|curl}} denial of service<br />
* [20 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000714.html ASA-201609-18] {{pkg|lib32-curl}} denial of service<br />
* [20 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000713.html ASA-201609-17] {{pkg|lib32-jansson}} denial of service<br />
* [18 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000712.html ASA-201609-16] {{pkg|php}} multiple issues<br />
* [17 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000711.html ASA-201609-15] {{pkg|jansson}} denial of service<br />
* [17 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000710.html ASA-201609-14] {{pkg|lib32-libgcrypt}} information disclosure<br />
* [17 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000709.html ASA-201609-13] {{pkg|chromium}} multiple issues<br />
* [15 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000708.html ASA-201609-12] {{pkg|lib32-flashplugin}} multiple issues<br />
* [15 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000707.html ASA-201609-11] {{pkg|flashplugin}} multiple issues<br />
* [14 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000706.html ASA-201609-10] {{pkg|mariadb}} multiple issues<br />
* [13 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000705.html ASA-201609-9] {{pkg|powerdns}} denial of service<br />
* [13 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000704.html ASA-201609-8] {{pkg|libtorrent-rasterbar}} denial of service<br />
* [10 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000703.html ASA-201609-7] {{pkg|tomcat8}} proxy injection<br />
* [09 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000702.html ASA-201609-6] {{pkg|graphicsmagick}} multiple issues<br />
* [09 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000701.html ASA-201609-5] {{pkg|file-roller}} directory traversal<br />
* [09 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000700.html ASA-201609-4] {{pkg|wordpress}} multiple issues<br />
* [04 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000699.html ASA-201609-3] {{pkg|thunderbird}} arbitrary code execution<br />
* [01 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000698.html ASA-201609-2] {{pkg|webkit2gtk}} multiple issues<br />
* [01 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000697.html ASA-201609-1] {{pkg|chromium}} multiple issues<br />
<br />
=== August 2016 ===<br />
* [30 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000696.html ASA-201608-22] {{pkg|mupdf}} arbitrary code execution<br />
* [30 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000695.html ASA-201608-21] {{pkg|mupdf}} arbitrary code execution<br />
* [27 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000694.html ASA-201608-20] {{pkg|wireshark-cli}} denial of service<br />
* [26 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000693.html ASA-201608-19] {{pkg|mediawiki}} multiple issues<br />
* [22 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000692.html ASA-201608-18] {{pkg|libgcrypt}} information disclosure<br />
* [21 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000691.html ASA-201608-17] {{pkg|linux-lts}} information disclosure<br />
* [17 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000690.html ASA-201608-16] {{pkg|chromium}} multiple issues<br />
* [17 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000689.html ASA-201608-15] {{pkg|linux-zen}} information disclosure<br />
* [14 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000688.html ASA-201608-14] {{pkg|postgresql}} multiple issues<br />
* [14 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000687.html ASA-201608-13] {{pkg|linux-grsec}} information disclosure<br />
* [14 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000686.html ASA-201608-12] {{pkg|linux}} information disclosure<br />
* [11 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000685.html ASA-201608-11] {{pkg|websvn}} cross-site scripting<br />
* [10 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000684.html ASA-201608-10] {{pkg|jq}} arbitrary code execution<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000683.html ASA-201608-9] {{pkg|curl}} multiple issues<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000682.html ASA-201608-8] {{pkg|libupnp}} arbitrary filesystem access<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000681.html ASA-201608-7] {{pkg|lib32-glibc}} denial of service<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000680.html ASA-201608-6] {{pkg|glibc}} denial of service<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000679.html ASA-201608-5] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000678.html ASA-201608-4] {{pkg|jre7-openjdk}} multiple issues<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000677.html ASA-201608-3] {{pkg|jdk7-openjdk}} multiple issues<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000676.html ASA-201608-2] {{pkg|firefox}} multiple issues<br />
* [02 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000675.html ASA-201608-1] {{pkg|openssh}} information leakage<br />
<br />
=== July 2016 ===<br />
* [30 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000674.html ASA-201607-14] {{pkg|libidn}} denial of service<br />
* [29 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000673.html ASA-201607-13] {{pkg|imagemagick}} information leakage<br />
* [24 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000672.html ASA-201607-12] {{pkg|chromium}} multiple issues<br />
* [22 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000671.html ASA-201607-11] {{pkg|python2-django}} cross site scripting<br />
* [22 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000670.html ASA-201607-10] {{pkg|python-django}} cross site scripting<br />
* [21 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000669.html ASA-201607-9] {{pkg|drupal}} proxy injection<br />
* [20 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000668.html ASA-201607-8] {{pkg|bind}} denial of service<br />
* [18 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000667.html ASA-201607-7] {{pkg|lib32-flashplugin}} multiple issues<br />
* [18 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000666.html ASA-201607-6] {{pkg|flashplugin}} multiple issues<br />
* [17 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000665.html ASA-201607-5] {{pkg|gimp}} arbitrary code execution<br />
* [10 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000664.html ASA-201607-4] {{pkg|thunderbird}} arbitrary code execution<br />
* [05 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000663.html ASA-201607-3] {{pkg|libreoffice-fresh}} arbitrary code execution<br />
* [05 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000662.html ASA-201607-2] {{pkg|xerces-c}} denial of service<br />
* [05 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000661.html ASA-201607-1] {{pkg|libarchive}} arbitrary code execution<br />
<br />
=== June 2016 ===<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000660.html ASA-201606-25] {{pkg|phpmyadmin}} multiple issues<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000659.html ASA-201606-24] {{pkg|libpurple}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000658.html ASA-201606-23] {{pkg|libdwarf}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000657.html ASA-201606-22] {{pkg|xerces-c}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000656.html ASA-201606-21] {{pkg|vlc}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000655.html ASA-201606-20] {{pkg|chromium}} arbitrary code execution<br />
* [20 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000654.html ASA-201606-19] {{pkg|wget}} arbitrary file upload<br />
* [20 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000653.html ASA-201606-18] {{pkg|lib32-flashplugin}} multiple issues<br />
* [19 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000652.html ASA-201606-17] {{pkg|lib32-glibc}} denial of service<br />
* [19 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000651.html ASA-201606-16] {{pkg|glibc}} denial of service<br />
* [19 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000650.html ASA-201606-15] {{pkg|flashplugin}} multiple issues<br />
* [13 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000649.html ASA-201606-14] {{pkg|lib32-expat}} multiple issues<br />
* [13 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000648.html ASA-201606-13] {{pkg|expat}} multiple issues<br />
* [10 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000647.html ASA-201606-12] {{pkg|lib32-gnutls}} arbitrary file overwrite<br />
* [10 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000646.html ASA-201606-11] {{pkg|haproxy}} denial of service<br />
* [10 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000645.html ASA-201606-10] {{pkg|gnutls}} arbitrary file overwrite<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000644.html ASA-201606-9] {{pkg|qemu-arch-extra}} multiple issues<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000643.html ASA-201606-8] {{pkg|qemu}} multiple issues<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000642.html ASA-201606-7] {{pkg|firefox}} multiple issues<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000641.html ASA-201606-6] {{pkg|subversion}} multiple issues<br />
* [5 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000640.html ASA-201606-5] {{pkg|chromium}} multiple issues<br />
* [4 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000639.html ASA-201606-4] {{pkg|ntp}} distributed denial of service amplification<br />
* [4 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000638.html ASA-201606-3] {{pkg|webkit2gtk}} arbitrary code execution<br />
* [1 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000637.html ASA-201606-2] {{pkg|nginx-mainline}} denial of service<br />
* [1 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000636.html ASA-201606-1] {{pkg|nginx}} denial of service<br />
<br />
=== May 2016 ===<br />
<br />
* [28 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000635.html ASA-201605-28] {{pkg|chromium}} multiple issues<br />
* [26 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000634.html ASA-201605-27] {{pkg|libxml2}} multiple issues<br />
* [24 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000633.html ASA-201605-26] {{pkg|libndp}} man-in-the-middle<br />
* [19 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000632.html ASA-201605-25] {{pkg|bugzilla}} cross-site scripting<br />
* [18 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000631.html ASA-201605-24] {{pkg|p7zip}} arbitrary code execution<br />
* [18 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000630.html ASA-201605-23] {{pkg|lib32-expat}} arbitrary code execution<br />
* [18 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000629.html ASA-201605-22] {{pkg|expat}} arbitrary code execution<br />
* [15 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000628.html ASA-201605-21] {{pkg|thunderbird}} arbitrary code execution<br />
* [13 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000627.html ASA-201605-20] {{pkg|lib32-glibc}} multiple issues<br />
* [13 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000626.html ASA-201605-19] {{pkg|glibc}} multiple issues<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000625.html ASA-201605-18] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000624.html ASA-201605-17] {{pkg|libksba}} denial of service<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000623.html ASA-201605-16] {{pkg|flashplugin}} arbitrary code execution<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000622.html ASA-201605-15] {{pkg|chromium}} multiple issues<br />
* [10 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000621.html ASA-201605-14] {{pkg|cacti}} sql injection<br />
* [10 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000620.html ASA-201605-13] {{pkg|squid}} multiple issues<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000619.html ASA-201605-12] {{pkg|mencoder}} denial of service<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000618.html ASA-201605-11] {{pkg|mplayer}} denial of service<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000617.html ASA-201605-10] {{pkg|mercurial}} arbitrary code execution<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000616.html ASA-201605-9] {{pkg|latex2rtf}} arbitrary code execution<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000615.html ASA-201605-8] {{pkg|gd}} arbitrary code execution<br />
* [05 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000614.html ASA-201605-7] {{pkg|chromium}} multiple issues<br />
* [05 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000613.html ASA-201605-6] {{pkg|imagemagick}} arbitrary code execution<br />
* [05 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000612.html ASA-201605-5] {{pkg|quassel-core}} denial of service<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000611.html ASA-201605-4] {{pkg|lib32-openssl}} multiple issues<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000610.html ASA-201605-3] {{pkg|openssl}} multiple issues<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000609.html ASA-201605-2] {{pkg|jasper}} multiple issues<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000608.html ASA-201605-1] {{pkg|imlib2}} multiple issues<br />
<br />
=== April 2016 ===<br />
<br />
* [30 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000607.html ASA-201604-15] {{pkg|firefox}} multiple issues<br />
* [23 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000606.html ASA-201604-14] {{pkg|squid}} multiple issues<br />
* [23 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000605.html ASA-201604-13] {{pkg|samba}} multiple issues<br />
* [23 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000604.html ASA-201604-12] {{pkg|thunderbird}} multiple issues<br />
* [22 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000603.html ASA-201604-11] {{pkg|pgpdump}} denial of service<br />
* [17 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000602.html ASA-201604-10] {{pkg|chromium}} multiple issues<br />
* [17 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000601.html ASA-201604-9] {{pkg|libtasn1}} denial of service<br />
* [14 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000600.html ASA-201604-8] {{pkg|lhasa}} arbitrary code execution<br />
* [10 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000599.html ASA-201604-7] {{pkg|flashplugin}} arbitrary code execution<br />
* [06 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000598.html ASA-201604-6] {{pkg|mercurial}} arbitrary code execution<br />
* [04 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000597.html ASA-201604-5] {{pkg|optipng}} arbitrary code execution<br />
* [02 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000596.html ASA-201604-4] {{pkg|squid}} denial of service<br />
* [01 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000595.html ASA-201604-3] {{pkg|jre7-openjdk-headless}} sandbox escape<br />
* [01 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000594.html ASA-201604-2] {{pkg|jre7-openjdk}} sandbox escape<br />
* [01 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000593.html ASA-201604-1] {{pkg|jdk7-openjdk}} sandbox escape<br />
<br />
=== March 2016 ===<br />
<br />
* [29 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000592.html ASA-201603-27] {{pkg|jre8-openjdk-headless}} sandbox escape<br />
* [29 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000591.html ASA-201603-26] {{pkg|jre8-openjdk}} sandbox escape<br />
* [29 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000590.html ASA-201603-25] {{pkg|jdk8-openjdk}} sandbox escape<br />
* [26 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000589.html ASA-201603-24] {{pkg|chromium}} multiple issues<br />
* [24 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000588.html ASA-201603-23] {{pkg|expat}} arbitrary code execution<br />
* [24 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000587.html ASA-201603-22] {{pkg|botan}} multiple issues<br />
* [20 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000586.html ASA-201603-21] {{pkg|thunderbird}} multiple issues<br />
* [20 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000585.html ASA-201603-20] {{pkg|git}} remote command execution<br />
* [14 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000584.html ASA-201603-19] {{pkg|dropbear}} command injection<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000583.html ASA-201603-18] {{pkg|pcre}} arbitrary code execution<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000582.html ASA-201603-17] {{pkg|wireshark-gtk}} denial of service<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000581.html ASA-201603-16] {{pkg|wireshark-qt}} denial of service<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000580.html ASA-201603-15] {{pkg|wireshark-cli}} denial of service<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000579.html ASA-201603-14] {{pkg|pidgin-otr}} arbitrary code execution<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000578.html ASA-201603-13] {{pkg|bind}} denial of service<br />
* [11 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000577.html ASA-201603-12] {{pkg|openssh}} command injection<br />
* [11 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000576.html ASA-201603-11] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [11 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000575.html ASA-201603-10] {{pkg|flashplugin}} arbitrary code execution<br />
* [10 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000574.html ASA-201603-9] {{pkg|perl}} improper input validation<br />
* [10 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000573.html ASA-201603-8] {{pkg|exim}} privilege escalation<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000572.html ASA-201603-7] {{pkg|bind}} denial of service<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000571.html ASA-201603-6] {{pkg|libotr}} arbitrary code execution<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000570.html ASA-201603-5] {{pkg|chromium}} multiple issues<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000569.html ASA-201603-4] {{pkg|firefox}} multiple issues<br />
* [7 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000568.html ASA-201603-3] {{pkg|lib32-openssl}} multiple issues<br />
* [7 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000567.html ASA-201603-2] {{pkg|openssl}} multiple issues<br />
* [3 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000566.html ASA-201603-1] {{pkg|chromium}} multiple issues<br />
<br />
=== February 2016 ===<br />
<br />
* [28 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000565.html ASA-201602-24] {{pkg|cacti}} SQL injection<br />
* [28 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000564.html ASA-201602-23] {{pkg|lib32-glibc}} unbound stack usage<br />
* [28 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000563.html ASA-201602-22] {{pkg|glibc}} unbound stack usage<br />
* [25 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000562.html ASA-201602-21] {{pkg|lib32-libssh2}} man-in-the-middle<br />
* [25 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000561.html ASA-201602-20] {{pkg|libssh2}} man-in-the-middle<br />
* [24 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000560.html ASA-201602-19] {{pkg|libgcrypt}} secret key extraction<br />
* [23 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000559.html ASA-201602-18] {{pkg|libssh}} man-in-the-middle<br />
* [21 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000558.html ASA-201602-17] {{pkg|chromium}} multiple issues<br />
* [21 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000557.html ASA-201602-16] {{pkg|thunderbird}} multiple issues<br />
* [17 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000555.html ASA-201602-15] {{pkg|lib32-glibc}} multiple issues<br />
* [17 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000554.html ASA-201602-14] {{pkg|glibc}} multiple issues<br />
* [13 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000553.html ASA-201602-13] {{pkg|nghttp2}} denial of service<br />
* [13 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000552.html ASA-201602-12] {{pkg|firefox}} same-origin policy bypass<br />
* [10 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000551.html ASA-201602-11] {{pkg|botan}} multiple issues<br />
* [10 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000550.html ASA-201602-10] {{pkg|kscreenlocker}} access restriction bypass<br />
* [6 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000549.html ASA-201602-9] {{pkg|lib32-libsndfile}} multiple issues<br />
* [6 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000548.html ASA-201602-8] {{pkg|libsndfile}} multiple issues<br />
* [4 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000547.html ASA-201602-7] {{pkg|libbsd}} denial of service<br />
* [3 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000546.html ASA-201602-6] {{pkg|lib32-nettle}} improper cryptographic calculations<br />
* [3 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000545.html ASA-201602-5] {{pkg|nettle}} improper cryptographic calculations<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000544.html ASA-201602-4] {{pkg|lib32-curl}} man-in-the-middle<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000543.html ASA-201602-3] {{pkg|curl}} man-in-the-middle<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000542.html ASA-201602-2] {{pkg|python2-django}} permission bypass<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000540.html ASA-201602-1] {{pkg|python-django}} permission bypass<br />
<br />
=== January 2016 ===<br />
* [29 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000539.html ASA-201601-33] {{pkg|lib32-openssl}} man-in-the-middle<br />
* [29 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000538.html ASA-201601-32] {{pkg|openssl}} man-in-the-middle<br />
* [27 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000536.html ASA-201601-31] {{pkg|nginx}} denial of service<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000535.html ASA-201601-30] {{pkg|blueman}} privilege escalation<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000534.html ASA-201601-29] {{pkg|mbedtls}} man-in-the-middle<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000533.html ASA-201601-28] {{pkg|chromium}} multiple issues<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000532.html ASA-201601-27] {{pkg|privoxy}} denial of service<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000531.html ASA-201601-26] {{pkg|linux-lts}} privilege escalation<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000530.html ASA-201601-25] {{pkg|ecryptfs-utils}} privilege escalation<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000529.html ASA-201601-24] {{pkg|python2-rsa}} signature forgery<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000528.html ASA-201601-23] {{pkg|python-rsa}} signature forgery<br />
* [21 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000527.html ASA-201601-22] {{pkg|libdwarf}} denial of service<br />
* [21 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000526.html ASA-201601-21] {{pkg|bind}} denial of service<br />
* [20 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000525.html ASA-201601-20] {{pkg|linux}} privilege escalation<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000524.html ASA-201601-19] {{pkg|ntp}} time alteration<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000523.html ASA-201601-18] {{pkg|roundcubemail}} remote code execution<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000522.html ASA-201601-17] {{pkg|ffmpeg}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000521.html ASA-201601-16] {{pkg|syncthing}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000520.html ASA-201601-15] {{pkg|keybase}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000519.html ASA-201601-14] {{pkg|hub}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000518.html ASA-201601-13] {{pkg|go-ipfs}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000517.html ASA-201601-12] {{pkg|docker}} information leakage<br />
* [16 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000516.html ASA-201601-11] {{pkg|go}} information leakage<br />
* [14 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000515.html ASA-201601-10] {{pkg|php}} multiple issues<br />
* [14 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000512.html ASA-201601-9] {{pkg|openssh}} multiple issues<br />
* [13 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000487.html ASA-201601-8] {{pkg|libxslt}} denial of service<br />
* [11 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000486.html ASA-201601-7] {{pkg|dhcpcd}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000485.html ASA-201601-6] {{pkg|wireshark-qt}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000484.html ASA-201601-5] {{pkg|wireshark-gtk}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000483.html ASA-201601-4] {{pkg|wireshark-cli}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000482.html ASA-201601-3] {{pkg|gajim}} man-in-the-middle<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000481.html ASA-201601-2] {{pkg|wordpress}} cross-side scripting<br />
* [02 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000480.html ASA-201601-1] {{pkg|rtmpdump}} multiple issues<br />
<br />
=== December 2015 ===<br />
<br />
* [28 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000479.html ASA-201512-19] {{pkg|openvpn}} out-of-bound read<br />
* [28 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000478.html ASA-201512-18] {{pkg|libpng}} buffer overflow<br />
* [28 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000477.html ASA-201512-17] {{pkg|flashplugin}}, {{pkg|lib32-flashplugin}} multiple issues<br />
* [25 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000476.html ASA-201512-16] {{pkg|nghttp2}} use-after-free<br />
* [25 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000475.html ASA-201512-15] {{pkg|mediawiki}} multiple issues<br />
* [25 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000474.html ASA-201512-14] {{pkg|thunderbird}} multiple issues<br />
* [22 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000473.html ASA-201512-13] {{pkg|claws-mail}} buffer overflow<br />
* [17 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000472.html ASA-201512-12] {{pkg|python2-pyamf}} XML external entity injection<br />
* [17 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000471.html ASA-201512-11] {{pkg|ruby}} unsafe tainted string usage<br />
* [16 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000468.html ASA-201512-10] {{pkg|bind}} denial of service<br />
* [15 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000467.html ASA-201512-9] {{pkg|firefox}} multiple issues<br />
* [10 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000466.html ASA-201512-8] {{pkg|keepassx}} information disclosure<br />
* [09 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000465.html ASA-201512-7] {{pkg|flashplugin}} multiple issues<br />
* [09 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000464.html ASA-201512-6] {{pkg|libxml2}} multiple issues<br />
* [09 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000463.html ASA-201512-5] {{pkg|chromium}} multiple issues<br />
* [05 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000462.html ASA-201512-4] {{pkg|nodejs}} denial of service<br />
* [05 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000460.html ASA-201512-3] {{pkg|python-django}} {{pkg|python2-django}} information leakage<br />
* [05 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000459.html ASA-201512-2] {{pkg|openssl}} {{pkg|lib32-openssl}} multiple issues<br />
* [02 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000440.html ASA-201512-1] {{pkg|chromium}} multiple issues<br />
<br />
=== November 2015 ===<br />
<br />
* [18 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000439.html ASA-201511-11] {{pkg|jenkins}} multiple issues<br />
* [17 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000438.html ASA-201511-10] {{pkg|lib32-libpng}} multiple issues<br />
* [17 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000437.html ASA-201511-9] {{pkg|libpng}} multiple issues<br />
* [13 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000436.html ASA-201511-8] {{pkg|chromium}} information leakage<br />
* [12 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000435.html ASA-201511-7] {{pkg|putty}} arbitrary code execution<br />
* [12 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000434.html ASA-201511-6] {{pkg|powerdns}} denial of service<br />
* [11 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000433.html ASA-201511-5] {{pkg|flashplugin}} multiple issues<br />
* [06 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000432.html ASA-201511-4] {{pkg|nspr}} arbitrary code execution<br />
* [06 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000431.html ASA-201511-3] {{pkg|nss}} arbitrary code execution<br />
* [04 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000430.html ASA-201511-2] {{pkg|firefox}} multiple issues<br />
* [03 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000429.html ASA-201511-1] {{pkg|unzip}} multiple issues<br />
<br />
=== October 2015 ===<br />
<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000428.html ASA-201510-26] {{pkg|mariadb}} denial of service<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000427.html ASA-201510-25] {{pkg|lldpd}} denial of service<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000426.html ASA-201510-24] {{pkg|wordpress}} multiple issues<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000425.html ASA-201510-23] {{pkg|phpmyadmin}} content spoofing<br />
* [27 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000424.html ASA-201510-22] {{pkg|vorbis-tools}} denial of service<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000423.html ASA-201510-21] {{pkg|drupal}} open redirect<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000422.html ASA-201510-20] {{pkg|jre8-openjdk-headless}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000421.html ASA-201510-19] {{pkg|jre8-openjdk}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000420.html ASA-201510-18] {{pkg|jdk8-openjdk}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000419.html ASA-201510-17] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000418.html ASA-201510-16] {{pkg|jre7-openjdk}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000417.html ASA-201510-15] {{pkg|jdk7-openjdk}} multiple issues<br />
* [22 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000416.html ASA-201510-14] {{pkg|ntp}} multiple issues<br />
* [19 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000415.html ASA-201510-13] {{pkg|spice}} multiple issues<br />
* [18 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000414.html ASA-201510-12] {{pkg|flashplugin}} arbitrary code execution<br />
* [18 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000413.html ASA-201510-11] {{pkg|miniupnpc}} arbitrary code execution<br />
* [16 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000412.html ASA-201510-10] {{pkg|firefox}} cross-origin restriction bypass<br />
* [15 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000411.html ASA-201510-9] {{pkg|mbedtls}} arbitrary code execution<br />
* [14 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000410.html ASA-201510-8] {{pkg|chromium}} multiple issues<br />
* [14 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000409.html ASA-201510-7] {{pkg|flashplugin}} multiple issues<br />
* [10 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000408.html ASA-201510-6] {{pkg|gdk-pixbuf2}} multiple issues<br />
* [08 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000407.html ASA-201510-5] {{pkg|opensmtpd}} multiple issues<br />
* [08 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000406.html ASA-201510-4] {{pkg|bugzilla}} unauthorized account creation<br />
* [05 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000405.html ASA-201510-3] {{pkg|nodejs}} denial of service<br />
* [05 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000404.html ASA-201510-2] {{pkg|hostapd}} denial of service<br />
* [05 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000403.html ASA-201510-1] {{pkg|libunwind}} denial of service<br />
<br />
=== September 2015 ===<br />
* [28 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000401.html ASA-201509-11] {{pkg|chromium}} cross-origin bypass<br />
* [25 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000400.html ASA-201509-10] {{pkg|rpcbind}} denial of service<br />
* [23 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000399.html ASA-201509-9] {{pkg|firefox}} multiple issues<br />
* [22 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000398.html ASA-201509-8] {{pkg|flashplugin}} multiple issues<br />
* [21 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000397.html ASA-201509-7] {{pkg|wordpress}} multiple issues<br />
* [13 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000395.html ASA-201509-6] {{pkg|icedtea-web}} multiple issues<br />
* [13 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000394.html ASA-201509-5] {{pkg|libvdpau}} {{pkg|lib32-libvdpau}} multiple issues<br />
* [13 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000393.html ASA-201509-4] {{pkg|openldap}} denial of service<br />
* [07 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000392.html ASA-201509-3] {{pkg|powerdns}} denial of service<br />
* [03 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000391.html ASA-201509-2] {{pkg|bind}} denial of service<br />
* [02 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000390.html ASA-201509-1] {{pkg|chromium}} multiple issues<br />
<br />
=== August 2015 ===<br />
* [28 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000389.html ASA-201508-12] {{pkg|firefox}} multiple issues<br />
* [26 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000388.html ASA-201508-11] {{pkg|pcre}} arbitrary code execution<br />
* [26 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000387.html ASA-201508-10] {{pkg|jasper}} denial of service<br />
* [25 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000386.html ASA-201508-9] {{pkg|django}} denial of service<br />
* [25 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000385.html ASA-201508-8] {{pkg|gnutls}} denial of service<br />
* [16 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000384.html ASA-201508-7] {{pkg|glibc}} denial of service<br />
* [14 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000383.html ASA-201508-6] {{pkg|freeradius}} insufficient CRL validation<br />
* [14 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000382.html ASA-201508-5] {{pkg|subversion}} authentication bypass<br />
* [12 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000381.html ASA-201508-4] {{pkg|firefox}} multiple issues<br />
* [11 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000380.html ASA-201508-3] {{pkg|ppp}} denial of service<br />
* [07 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000379.html ASA-201508-2] {{pkg|wordpress}} multiple issues<br />
* [07 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000378.html ASA-201508-1] {{pkg|firefox}} information leakage<br />
<br />
=== July 2015 ===<br />
* [29 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000377.html ASA-201507-23] {{pkg|pacman}} silent downgrade<br />
* [29 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000376.html ASA-201507-22] {{pkg|bind}} denial of service<br />
* [29 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000375.html ASA-201507-21] {{pkg|qemu}} multiple issues<br />
* [24 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000374.html ASA-201507-20] {{pkg|crypto++}} private key recovery<br />
* [24 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000373.html ASA-201507-19] {{pkg|libuser}} privilege escalation<br />
* [23 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000371.html ASA-201507-18] {{pkg|chromium}} multiple issues<br />
* [23 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000372.html ASA-201507-17] {{pkg|openssh}} authentication limits bypass<br />
* [22 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000370.html ASA-201507-16] {{pkg|jre7-openjdk}} multiple issues<br />
* [17 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000369.html ASA-201507-15] {{pkg|apache}} multiple issues<br />
* [16 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000368.html ASA-201507-14] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [16 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000367.html ASA-201507-13] {{pkg|flashplugin}} arbitrary code execution<br />
* [13 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000366.html ASA-201507-12] {{pkg|lib32-openssl}} man-in-the-middle<br />
* [12 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000365.html ASA-201507-11] {{pkg|lib32-krb5}} multiple issues<br />
* [12 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000364.html ASA-201507-10] {{pkg|krb5}} multiple issues<br />
* [11 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000363.html ASA-201507-9] {{pkg|thunderbird}} multiple issues<br />
* [09 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000362.html ASA-201507-8] {{pkg|openssl}} man-in-the-middle<br />
* [08 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000361.html ASA-201507-7] {{pkg|flashplugin}} remote code execution<br />
* [07 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000360.html ASA-201507-6] {{pkg|bind}} denial of service<br />
* [07 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000359.html ASA-201507-5] {{pkg|ntp}} denial of service<br />
* [04 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000358.html ASA-201507-4] {{pkg|openssh}} XSECURITY restrictions bypass<br />
* [04 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000357.html ASA-201507-3] {{pkg|haproxy}} information leakage<br />
* [03 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000356.html ASA-201507-2] {{pkg|firefox}} remote code execution<br />
* [03 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000355.html ASA-201507-1] {{pkg|wesnoth}} information leakage<br />
<br />
=== June 2015 ===<br />
* [24 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000346.html ASA-201506-5] {{pkg|flashplugin}} remote code execution<br />
* [22 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000345.html ASA-201506-4] {{pkg|curl}} information leakage<br />
* [12 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000344.html ASA-201506-3] {{pkg|openssl}} multiple issues<br />
* [10 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000343.html ASA-201506-2] {{pkg|cups}} multiple issues<br />
* [01 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000342.html ASA-201506-1] {{pkg|pcre}} buffer overflow<br />
<br />
=== May 2015 ===<br />
* [28 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000341.html ASA-201505-20] {{pkg|curl}} information leakage<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000340.html ASA-201505-19] {{pkg|webkitgtk2}} man-in-the-middle<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000339.html ASA-201505-18] {{pkg|webkitgtk}} man-in-the-middle<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000338.html ASA-201505-17] {{pkg|postgresql}} multiple issues<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000337.html ASA-201505-16] {{pkg|pgbouncer}} denial of service<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000336.html ASA-201505-15] {{pkg|nbd}} denial of service<br />
* [21 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000335.html ASA-201505-14] {{pkg|chromium}} multiple issues<br />
* [18 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000332.html ASA-201505-13] {{pkg|thunderbird}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000331.html ASA-201505-12] {{pkg|wireshark-gtk}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000330.html ASA-201505-11] {{pkg|wireshark-qt}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000329.html ASA-201505-10] {{pkg|wireshark-cli}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000328.html ASA-201505-9] {{pkg|qemu}} arbitrary code execution<br />
* [13 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000321.html ASA-201505-8] {{pkg|tomcat6}} denial of service<br />
* [13 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000320.html ASA-201505-7] {{pkg|firefox}} multiple issues<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000319.html ASA-201505-6] {{pkg|docker}} multiple issues<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000318.html ASA-201505-5] {{pkg|libtasn1}} arbitrary code execution<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000317.html ASA-201505-4] {{pkg|mariadb-clients}} multiple issues<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000316.html ASA-201505-3] {{pkg|mariadb}} multiple issues<br />
* [03 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000315.html ASA-201505-2] {{pkg|clamav}} multiple issues<br />
* [01 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000314.html ASA-201505-1] {{pkg|squid}} weak certificate validation<br />
<br />
=== Apr 2015 ===<br />
* [30 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000313.html ASA-201504-32] {{pkg|perl-xml-libxml}} xml external entity injection<br />
* [29 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000312.html ASA-201504-31] {{pkg|dovecot}} denial of service<br />
* [29 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000311.html ASA-201504-30] {{pkg|chromium}} multiple issues<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000310.html ASA-201504-29] {{pkg|wpa_supplicant}} arbitrary code execution<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000309.html ASA-201504-28] {{pkg|curl}} multiple issues<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000308.html ASA-201504-27] {{pkg|powerdns-recursor}} denial of service<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000307.html ASA-201504-26] {{pkg|powerdns}} denial of service<br />
* [23 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000305.html ASA-201504-25] {{pkg|glibc}} arbitrary code execution<br />
* [22 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000304.html ASA-201504-24] {{pkg|firefox}} arbitrary code execution<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000302.html ASA-201504-23] {{pkg|jre8-openjdk-headless}} multiple issues<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000301.html ASA-201504-22] {{pkg|jre8-openjdk}} multiple issues<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000300.html ASA-201504-21] {{pkg|jdk8-openjdk}} multiple issues<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000299.html ASA-201504-20] {{pkg|tcpdump}} denial of service<br />
* [18 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000298.html ASA-201504-19] {{pkg|chromium}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000297.html ASA-201504-18] {{pkg|flashplugin}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000296.html ASA-201504-17] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000295.html ASA-201504-16] {{pkg|jre7-openjdk}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000294.html ASA-201504-15] {{pkg|jdk7-openjdk}} multiple issues<br />
* [15 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000291.html ASA-201504-14] {{pkg|php}} multiple issues<br />
* [14 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000282.html ASA-201504-13] {{pkg|ruby}} permissive certificate matching<br />
* [11 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000281.html ASA-201504-12] {{pkg|icecast}} denial of service<br />
* [10 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000280.html ASA-201504-11] {{pkg|mediawiki}} multiple issues<br />
* [09 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000279.html ASA-201504-10] {{pkg|libssh2}} out-of-bounds read<br />
* [08 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000278.html ASA-201504-9] {{pkg|chrony}} denial of service<br />
* [08 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000275.html ASA-201504-8] {{pkg|ntp}} multiple issues<br />
* [07 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000274.html ASA-201504-7] {{pkg|tor}} multiple issues<br />
* [04 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000272.html ASA-201504-6] {{pkg|thunderbird}} multiple issues<br />
* [04 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000273.html ASA-201504-5] {{pkg|java-batik}} xml external entity injection<br />
* [04 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000271.html ASA-201504-4] {{pkg|firefox}} certificate verification bypass<br />
* [03 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000270.html ASA-201504-3] {{pkg|libtasn1}} stack overflow<br />
* [02 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000269.html ASA-201504-2] {{pkg|chromium}} remote code execution<br />
* [01 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000268.html ASA-201504-1] {{pkg|firefox}} multiple issues<br />
<br />
=== Mar 2015 ===<br />
* [31 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000267.html ASA-201503-26] {{pkg|musl}} arbitrary code execution<br />
* [28 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000266.html ASA-201503-25] {{pkg|php}} zip integer overflow<br />
* [25 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000265.html ASA-201503-24] {{pkg|vorbis-tools}} denial of service<br />
* [24 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000264.html ASA-201503-23] {{pkg|util-linux}} command injection<br />
* [23 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000263.html ASA-201503-22] {{pkg|cpio}} directory traversal<br />
* [21 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000262.html ASA-201503-21] {{pkg|firefox}} multiple issues<br />
* [20 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000261.html ASA-201503-20] {{pkg|tcpdump}} multiple issues<br />
* [20 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000260.html ASA-201503-19] {{pkg|xerces-c}} denial of service<br />
* [20 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000259.html ASA-201503-18] {{pkg|drupal}} multiple issues<br />
* [19 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000258.html ASA-201503-17] {{pkg|lib32-openssl}} multiple issues<br />
* [19 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000257.html ASA-201503-16] {{pkg|openssl}} multiple issues<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000256.html ASA-201503-15] {{pkg|libxfont}} multiple issues<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000255.html ASA-201503-14] {{pkg|ecryptfs-utils}} hard-coded passphrase salt<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000254.html ASA-201503-13] {{pkg|ettercap-gtk}} multiple issues<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000253.html ASA-201503-12] {{pkg|ettercap}} multiple issues<br />
* [16 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000252.html ASA-201503-11] {{pkg|flashplugin}} multiple issues<br />
* [16 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000251.html ASA-201503-10] {{pkg|librsync}} checksum collision<br />
* [15 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000250.html ASA-201503-9] {{pkg|unzip}} arbitrary code execution<br />
* [12 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000249.html ASA-201503-8] {{pkg|e2fsprogs}} arbitrary code execution<br />
* [11 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000248.html ASA-201503-7] {{pkg|python2-django}} {{pkg|python-django}} cross site scripting<br />
* [09 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000247.html ASA-201503-6] {{pkg|mutt}} denial of service<br />
* [05 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000245.html ASA-201503-5] {{pkg|chromium}} multiple issues<br />
* [05 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000244.html ASA-201503-4] {{pkg|grep}} denial of service<br />
* [02 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000243.html ASA-201503-3] {{pkg|lib32-elfutils}} directory traversal<br />
* [02 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000242.html ASA-201503-2] {{pkg|elfutils}} directory traversal<br />
* [02 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000241.html ASA-201503-1] {{pkg|putty}} information disclosure<br />
<br />
=== Feb 2015 ===<br />
* [25 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000238.html ASA-201502-15] {{pkg|thunderbird}} multiple issues<br />
* [25 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000237.html ASA-201502-14] {{pkg|firefox}} multiple issues<br />
* [23 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000236.html ASA-201502-13] {{pkg|samba}} arbitrary code execution<br />
* [17 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000235.html ASA-201502-12] {{pkg|krb5}} multiple issues<br />
* [11 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000234.html ASA-201502-11] {{pkg|xorg-server}} information leak and denial of service<br />
* [10 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000233.html ASA-201502-10] {{pkg|dbus}} denial of service<br />
* [09 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000232.html ASA-201502-9] {{pkg|pigz}} remote write to arbitrary file<br />
* [09 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000231.html ASA-201502-8] {{pkg|glibc}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000230.html ASA-201502-7] {{pkg|ntp}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000229.html ASA-201502-6] {{pkg|clamav}} arbitrary code execution<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000228.html ASA-201502-5] {{pkg|chromium}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000227.html ASA-201502-4] {{pkg|postgresql}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000226.html ASA-201502-3] {{pkg|mantisbt}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000225.html ASA-201502-2] {{pkg|flashplugin}} remote code execution<br />
* [03 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000224.html ASA-201502-1] {{pkg|privoxy}} denial of service<br />
<br />
=== Jan 2015 ===<br />
* [28 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000223.html ASA-201501-24] {{pkg|patch}} multiple issues<br />
* [27 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000222.html ASA-201501-23] {{pkg|jasper}} arbitrary code execution<br />
* [26 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000220.html ASA-201501-22] {{pkg|flashplugin}} multiple issues<br />
* [25 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000219.html ASA-201501-21] {{pkg|chromium}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000218.html ASA-201501-20] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000217.html ASA-201501-19] {{pkg|jre7-openjdk}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000216.html ASA-201501-18] {{pkg|jdk7-openjdk}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000215.html ASA-201501-17] {{pkg|php}} remote code execution<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000212.html ASA-201501-16] {{pkg|jre8-openjdk-headless}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000211.html ASA-201501-15] {{pkg|jre8-openjdk}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000210.html ASA-201501-14] {{pkg|jdk8-openjdk}} multiple issues<br />
* [20 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000209.html ASA-201501-13] {{pkg|polarssl}} remote code execution<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000208.html ASA-201501-12] {{pkg|libssh}} denial of service<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000207.html ASA-201501-11] {{pkg|tinyproxy}} denial of service<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000206.html ASA-201501-10] {{pkg|samba}} privilege elevation<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000205.html ASA-201501-9] {{pkg|curl}} url request injection<br />
* [15 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000204.html ASA-201501-8] {{pkg|flashplugin}} multiple issues<br />
* [14 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000203.html ASA-201501-7] {{pkg|thunderbird}} multiple issues<br />
* [14 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000202.html ASA-201501-6] {{pkg|firefox}} multiple issues<br />
* [14 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000201.html ASA-201501-5] {{pkg|cpio}} heap buffer overflow<br />
* [13 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000200.html ASA-201501-4] {{pkg|libevent}} heap overflow<br />
* [10 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000199.html ASA-201501-3] {{pkg|unzip}} arbitrary code execution<br />
* [09 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000198.html ASA-201501-2] {{pkg|openssl}} multiple issues<br />
* [07 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000192.html ASA-201501-1] {{pkg|imagemagick}} multiple issues<br />
<br />
=== Dec 2014 ===<br />
* [22 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000189.html ASA-201412-24] {{pkg|ntp}} multiple issues<br />
* [18 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000183.html ASA-201412-23] {{pkg|php}} use after free<br />
* [18 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000182.html ASA-201412-22] {{pkg|jasper}} arbitrary code execution<br />
* [18 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000181.html ASA-201412-21] {{pkg|glibc}} arbitrary code execution<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000178.html ASA-201412-20] {{pkg|unrtf}} arbitrary code execution<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000177.html ASA-201412-19] {{pkg|dokuwiki}} cross-site scripting<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000176.html ASA-201412-18] {{pkg|nss}} signature forgery<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000175.html ASA-201412-17] {{pkg|subversion}} denial of service<br />
* [15 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000174.html ASA-201412-16] {{pkg|docker}} multiple issues<br />
* [15 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000173.html ASA-201412-15] {{pkg|python2}} multiple issues<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000172.html ASA-201412-14] {{pkg|xorg-server}} multiple issues<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000171.html ASA-201412-13] {{pkg|flashplugin}} multiple issues<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000170.html ASA-201412-12] {{pkg|nvidia}} arbitrary code execution<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000169.html ASA-201412-11] {{pkg|nvidia-340xx}} arbitrary code execution<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000168.html ASA-201412-10] {{pkg|nvidia-304xx}} arbitrary code execution<br />
* [09 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000167.html ASA-201412-9] {{pkg|powerdns-recursor}} denial of service<br />
* [09 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000166.html ASA-201412-8] {{pkg|unbound}} denial of service<br />
* [08 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000165.html ASA-201412-7] {{pkg|bind}} denial of service<br />
* [08 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000164.html ASA-201412-6] {{pkg|mantisbt}} multiple issues<br />
* [04 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000163.html ASA-201412-5] {{pkg|antiword}} buffer overflow<br />
* [03 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000162.html ASA-201412-4] {{pkg|graphviz}} format string vulnerability<br />
* [03 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000161.html ASA-201412-3] {{pkg|firefox}} multiple issues<br />
* [02 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000160.html ASA-201412-2] {{pkg|openvpn}} denial of service<br />
* [01 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000159.html ASA-201412-1] {{pkg|gnupg}} denial of service<br />
<br />
=== Nov 2014 ===<br />
* [28 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000156.html ASA-201411-31] {{pkg|libksba}} denial of service<br />
* [28 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000157.html ASA-201411-32] {{pkg|icecast}} information leak<br />
* [28 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000158.html ASA-201411-33] {{pkg|libjpeg-turbo}} denial of service <br />
* [26 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000155.html ASA-201411-30] {{pkg|flac}} arbitrary code execution<br />
* [26 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000154.html ASA-201411-29] {{pkg|pcre}} heap buffer overflow<br />
* [23 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000153.html ASA-201411-28] {{pkg|dbus}} denial of service<br />
* [21 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000152.html ASA-201411-27] {{pkg|glibc}} command execution<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000151.html ASA-201411-26] {{pkg|chromium}} multiple issues<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000150.html ASA-201411-25] {{pkg|drupal}} session hijacking and denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000149.html ASA-201411-24] {{pkg|wireshark-qt}} denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000148.html ASA-201411-23] {{pkg|wireshark-gtk}} denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000147.html ASA-201411-22] {{pkg|wireshark-cli}} denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000146.html ASA-201411-21] {{pkg|clamav}} denial of service<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000145.html ASA-201411-20] {{pkg|avr-binutils}} multiple issues<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000144.html ASA-201411-19] {{pkg|mingw-w64-binutils}} multiple issues<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000143.html ASA-201411-18] {{pkg|arm-none-eabi-binutils}} multiple issues<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000142.html ASA-201411-17] {{pkg|binutils}} multiple issues<br />
* [17 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000141.html ASA-201411-16] {{pkg|ruby}} denial of service<br />
* [17 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000140.html ASA-201411-15] {{pkg|linux-lts}} local denial of service, privilege escalation<br />
* [17 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000139.html ASA-201411-14] {{pkg|linux}} local denial of service, privilege escalation<br />
* [13 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000138.html ASA-201411-13] {{pkg|php}} denial of service<br />
* [13 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000137.html ASA-201411-12] {{pkg|imagemagick}} denial of service<br />
* [13 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000136.html ASA-201411-11] {{pkg|flashplugin}} remote code execution<br />
* [12 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000135.html ASA-201411-10] {{pkg|gnutls}} out-of-bounds memory write<br />
* [12 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000134.html ASA-201411-9] {{pkg|file}} denial of service through out-of-bounds read<br />
* [12 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000133.html ASA-201411-8] {{pkg|mantisbt}} arbitrary code execution and unrestricted access<br />
* [11 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000132.html ASA-201411-7] {{pkg|curl}} out-of-bounds read<br />
* [10 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000131.html ASA-201411-6] {{pkg|kdebase-workspace}} local privilege escalation<br />
* [09 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000130.html ASA-201411-5] {{pkg|konversation}} denial of service<br />
* [06 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000129.html ASA-201411-4] {{pkg|polarssl}} multiple issues<br />
* [05 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000128.html ASA-201411-3] {{pkg|mantisbt}} sql injection<br />
* [03 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000127.html ASA-201411-2] {{pkg|aircrack-ng}} multiple vulnerabilities<br />
* [01 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000126.html ASA-201411-1] {{pkg|tnftp}} arbitrary command execution<br />
<br />
=== Oct 2014 ===<br />
<br />
* [29 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000125.html ASA-201410-14] {{pkg|wget}} arbitrary filesystem access<br />
* [27 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000124.html ASA-201410-13] {{pkg|ejabberd}} circumvention of encryption<br />
* [24 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000123.html ASA-201410-12] {{pkg|libxml2}} Denial of service<br />
* [24 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000122.html ASA-201410-11] {{pkg|ctags}} Denial of service<br />
* [23 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000121.html ASA-201410-10] {{pkg|libvncserver}} Remote code execution and Remote DoS<br />
* [22 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000120.html ASA-201410-9] {{pkg|libpurple}} Remote DoS and Information leakage<br />
* [20 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000119.html ASA-201410-8] {{pkg|wpa_supplicant}}, {{pkg|hostapd}} Arbitrary command execution<br />
* [16 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000118.html ASA-201410-7] {{pkg|drupal}} SQL Injection<br />
* [16 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000117.html ASA-201410-6] {{pkg|openssl}} Memory leak and poodle mitigation<br />
* [15 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000116.html ASA-201410-4] {{pkg|zeromq}} Man-in-the-middle downgrade and replay attack<br />
* [8 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000115.html ASA-201410-5] {{pkg|rsyslog}} Denial of service<br />
* [4 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000114.html ASA-201410-3] {{pkg|mediawiki}} Cross-site Scripting (XSS) and UI redressing<br />
* [2 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000113.html ASA-201410-2] {{pkg|jenkins}} Multiple issues<br />
* [1 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000112.html ASA-201410-1] {{pkg|rsyslog}} Remote denial of service<br />
<br />
=== Sep 2014 ===<br />
<br />
* [29 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000111.html ASA-201409-5] {{pkg|libvirt}} Out-of-bounds read access<br />
* [29 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000109.html ASA-201409-4] {{pkg|mediawiki}} Cross-site Scripting (XSS)<br />
* [26 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000102.html ASA-201409-3] {{pkg|python2}} Information leakage through integer overflow<br />
* [26 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000099.html ASA-201409-2] {{pkg|bash}} Remote code execution<br />
* [25 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000097.html ASA-201409-1] {{pkg|nss}} Signature forgery attack<br />
<br />
==Publishing a new advisory==<br />
<br />
We try to always wait for the vulnerability to have been fixed in the corresponding package before issuing an advisory.<br />
In case of an extremely critical vulnerability,<br />
we may issue an advisory before the package has been fixed, but only if a work-around exists. <br />
<br />
If you want to publish a new advisory, please check that:<br />
* the corresponding Arch Linux package is really vulnerable ;<br />
* the tracking [[Arch_CVE_Monitoring_Team#Procedure|Procedure]] has been completed;<br />
* no Arch Linux Security Advisory for this vulnerability has been published yet ;<br />
* no upcoming Security Advisory for this vulnerability has been claimed in the "[[#Scheduled Advisories|Scheduled Advisories]]" list of this page, as it would mean that someone is already working on an advisory ;<br />
* the current maintainer has been notified, either by flagging the package ouf-of-date if an upstream release fixing the issue exists and/or by creating a new [https://bugs.archlinux.org/ bug-tracker] entry (see the exact procedure [[Arch_CVE_Monitoring_Team#Procedure|here]]).<br />
<br />
You may then:<br />
* add a line in the "[[#Scheduled Advisories|Scheduled Advisories]]" list of this page, indicating that you are going to publish an advisory soon ;<br />
* use the following template as an example to write the advisory ;<br />
* ensure that every line in the advisory is properly wrapped after 72 characters<br />
* send the advisory to the [https://mailman.archlinux.org/mailman/listinfo/arch-security arch-security] mailing-list (note that it would be nice if you could send a PGP-signed e-mail, but it is not required).<br />
* move the published advisory from "[[#Scheduled Advisories|Scheduled Advisories]]" to "[[#Recent Advisories|Recent Advisories]]"<br />
* adapt the [[CVE#Documented_CVE.27s|CVE]] tracking page for the fixed package and add a link to the appropriate ASA.<br />
<br />
===Templates===<br />
<br />
{{bc|<nowiki><br />
Subject:<br />
[ASA-<YYYYMM-N>] <Package>: <Vulnerability Type><br />
<br />
Body:<br />
Arch Linux Security Advisory ASA-YYYYMM-N<br />
=========================================<br />
<br />
Severity: Low, Medium, High, Critical<br />
Date : YYYY-MM-DD<br />
CVE-ID : <CVE-ID><br />
Package : <package><br />
Type : <Vulnerability Type><br />
Remote : <Yes/No><br />
Link : https://wiki.archlinux.org/index.php/CVE<br />
<br />
Summary<br />
=======<br />
<br />
The package <package> before version <Arch Linux fixed version> is vulnerable to <Vulnerability type>.<br />
<br />
Resolution<br />
==========<br />
<br />
Upgrade to <Arch Linux fixed version>.<br />
<br />
# pacman -Syu "<package>>=<Arch Linux fixed version>"<br />
<br />
The problem has been fixed upstream in version <upstream fixed version>.<br />
<br />
Workaround<br />
==========<br />
<br />
<Is there a way to mitigate this vulnerability without upgrading?><br />
<br />
Description<br />
===========<br />
<br />
<Long description, for example from original advisory>.<br />
<br />
Impact<br />
======<br />
<br />
<<br />
What is it that an attacker can do? Does this need existing<br />
pre-conditions to be exploited (valid credentials, physical access)?<br />
Is this remotely exploitable?<br />
>.<br />
<br />
References<br />
==========<br />
<br />
<CVE-Link><br />
<Upstream report><br />
<Arch Linux Bug-Tracker><br />
</nowiki>}}<br />
<br />
===Vim-Snippet===<br />
<br />
Vim-Snippet for vim-ultisnips plugin for easy completing the archlinux template. Just install {{pkg|vim-ultisnips}} and copy the text below in your {{ic|~/.vim/UltiSnips/all.snippets}} you can jump through the tabstops with {{ic|CTRL+j}}.<br />
<br />
{{bc|<nowiki><br />
snippet archsec "arch security form" <br />
Arch Linux Security Advisory ASA-`date -I -u | egrep -o '[0-9]{4}'``date -I -u | egrep -o '[0-9]{2}' | sed '3q;d'`-${1}<br />
========================================${1/./=/g} <br />
<br />
Severity: ${2} <br />
Date : `date -I -u` <br />
CVE-ID : $3 <br />
Package : $4 <br />
Type : $5<br />
Remote : ${6} <br />
Link : https://wiki.archlinux.org/index.php/CVE <br />
<br />
Summary<br />
=======<br />
<br />
The package $4 before version $7 is vulnerable to $5 ${8} <br />
<br />
Resolution<br />
==========<br />
<br />
Upgrade to $7.<br />
<br />
# pacman -Syu "$4>=$7" <br />
<br />
${9:The problems have been fixed upstream in version ${7/-\d+$/./}} <br />
<br />
Workaround<br />
========== <br />
<br />
${10:None.} <br />
<br />
Description <br />
=========== <br />
<br />
${3/(CVE-....-....)(\s?)/- $1(?2: : )()\n\n/g} <br />
<br />
Impact<br />
====== <br />
<br />
A${6/(Yes)|(No)/(?1: remote )(?2: local )/}attacker is able to ${12} <br />
<br />
References<br />
========== <br />
<br />
${3/(CVE-....-....)(\s?)/https:\/\/access.redhat.com\/security\/cve\/$1\n/g}<br />
${13}<br />
endsnippet<br />
<br />
</nowiki>}}</div>
Anthraxx
https://wiki.archlinux.org/index.php?title=CVE&diff=454714
CVE
2016-10-21T14:32:14Z
<p>Anthraxx: /* Documented CVE's */ adding django CVE</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Related articles start}}<br />
{{Related|Arch CVE Monitoring Team}}<br />
{{Related|Security Advisories}}<br />
{{Related|Security Advisories/Examples}}<br />
{{Related articles end}}<br />
This article documents [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's) that are found and fixed in Arch Linux. <br />
<br />
== Introduction ==<br />
<br />
CVE's represent critical security vulnerabilities which must be addressed as quickly as possible. <br />
<br />
Once a CVE has been located and fixed, it is added to the CVE documentation table below.<br />
<br />
== Helping ==<br />
<br />
This is a community driven project. Please consider joining the [[Arch CVE Monitoring Team]]. <br />
<br />
Also, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch security mailing list]. There is an IRC on irc://irc.freenode.net/archlinux-security.<br />
<br />
== Procedure ==<br />
<br />
When adding a CVE to the table, add it to the TOP of the table. Use Wiki markup to create links in the "CVE-ID", "Package", and "Status" columns. The following template may be used to ease the process of adding CVE entries into the table. The first line, "|-" represents the creation of a new row in the table, while the second line should be modified per CVE:<br />
<br />
{{hc|CVE Table Addition Template|<nowiki><br />
|-<br />
| {{CVE|CVE-2016-????}} || {{Pkg|pkgname}} || Disclosure date || Affected versions || Fixed in version || Arch Linux response time || Status(Fixed|Pending|Invalid) (Bug reports) || {{ASA|ASA-??????-??}}<br />
</nowiki>}}<br />
<br />
{{Note|<br />
* If the CVE is not found in [http://nvd.nist.gov/home.cfm NVD], just include a link to different database in the first column: {{ic|<nowiki>[http://link.to.cve CVE-2014-????]</nowiki>}}<br />
* The "Disclosure date" field should be expressed in [[Wikipedia:ISO 8601|ISO 8601 format]] to avoid any confusion. Example: 2014-03-22.<br />
* The "Arch Linux response time" field corresponds to the time between the public release of a vulnerability and the date the package update fixing the vulnerability is made available in the official stable repositories. The "Time really vulnerable" is potentially much lengthier but is harder to estimate.<br />
}}<br />
<br />
The above "CVE-template" should be added after the line:<br />
<br />
{{bc|<nowiki>! scope="col" width="125px" data-sort-type="text" | CVE-ID !! Package !! Disclosure date !! Affected versions !! Fixed in version !! Arch Linux response time !! Status (and related bug reports) !! ASA-ID</nowiki>}}<br />
<br />
== Response time ==<br />
<br />
The response time is the time taken to get a fixed package to the stable repositories.<br />
<br />
== Documented CVE's ==<br />
<br />
{{Note|Refer to the [[#Procedure]] section when adding new entries.}}<br />
<br />
{| class="wikitable sortable" style="margin: 1em auto 1em auto; text-align: center;" width="100%"<br />
! height="50px" colspan="8" style="font-size: 125%;"| '''TRACKED CVE's'''<br />
|-<br />
! scope="col" width="130px" data-sort-type="text" | CVE-ID !! Package !! Disclosure date !! Affected versions !! Fixed in Arch Linux package version !! Arch Linux response time !! Status (and related bug reports) !! ASA-ID<br />
|-<br />
| {{CVE|CVE-2016-7401}} || {{pkg|python-django}} {{pkg|python2-django}} || 2016-10-21 || <= 1.9.9-1 || 1.10.1-1 || || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-October/000740.html ASA-201610-12]<br />
|-<br />
| {{CVE|CVE-2016-5195}} [https://github.com/dirtycow/dirtycow.github.io/wiki/VulnerabilityDetails] || {{pkg|linux}} || 2016-10-21 || <= 4.8.2-1 || 4.8.3-1 || || '''Vulnerable''' || <br />
|-<br />
| {{CVE|CVE-2016-5195}} [https://github.com/dirtycow/dirtycow.github.io/wiki/VulnerabilityDetails] || {{pkg|linux-grsec}} || 2016-10-21 || <= 1:4.7.8.r201610161720-1 || || || '''Vulnerable''' || <br />
|-<br />
| {{CVE|CVE-2016-5195}} [https://github.com/dirtycow/dirtycow.github.io/wiki/VulnerabilityDetails] || {{pkg|linux-lts}} || 2016-10-21 || <= 4.4.25-1 || 4.4.26-1 || <3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-October/000739.html ASA-201610-11]<br />
|-<br />
| {{CVE|CVE-2016-8605}} {{CVE|CVE-2016-8606}} [http://www.openwall.com/lists/oss-security/2016/10/11/1] [http://www.openwall.com/lists/oss-security/2016/10/12/2] || {{pkg|guile}} || 2016-10-11 || <= 2.0.12-1 || 2.0.13-1 || <3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-October/000738.html ASA-201610-10]<br />
|-<br />
| {{CVE|CVE-2016-7906}} {{CVE|CVE-2016-7799}} [http://www.openwall.com/lists/oss-security/2016/10/02/3] [http://www.openwall.com/lists/oss-security/2016/10/01/6] || {{pkg|imagemagick}} || 2016-10-02 || <= 6.9.5.10-1 || 6.9.6.0-1 || <5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-October/000734.html ASA-201610-6]<br />
|-<br />
| {{CVE|CVE-2016-7967}} {{CVE|CVE-2016-7968}} [https://www.kde.org/info/security/advisory-20161006-2.txt] [https://www.kde.org/info/security/advisory-20161006-3.txt] [http://seclists.org/oss-sec/2016/q4/23] || {{pkg|messagelib}} || 2016-10-06 || <= 16.08.1-1 || 16.08.1-2 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-October/000733.html ASA-201610-5]<br />
|- <br />
| {{CVE|CVE-2016-7966}} [https://www.kde.org/info/security/advisory-20161006-1.txt] [http://seclists.org/oss-sec/2016/q4/23] || {{pkg|kcoreaddons}} || 2016-10-06 || <= 5.26.0-1 || 5.26.0-2 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-October/000732.html ASA-201610-4]<br />
|- <br />
| {{CVE|CVE-2016-7795}} || {{pkg|systemd}} || 2016-09-29 || <= 231-1 || 231-2 || 6d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-October/000730.html ASA-201610-2]<br />
|- <br />
| {{CVE|CVE-2016-5177}} {{CVE|CVE-2016-5178}} [https://googlechromereleases.blogspot.fr/2016/09/stable-channel-update-for-desktop_29.html] || {{pkg|chromium}} || 2016-09-29 || <= 53.0.2785.116-1 || 53.0.2785.143-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-October/000729.html ASA-201610-1]<br />
|- <br />
| {{CVE|CVE-2016-7168}} {{CVE|CVE-2016-7169}} [https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/] || {{pkg|wordpress}} || 2016-09-29 || <= 4.6.0-1 || 4.6.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000728.html ASA-201609-32]<br />
|- <br />
| {{CVE|CVE-2016-5180}} [https://c-ares.haxx.se/adv_20160929.html] || {{pkg|c-ares}} || 2016-09-29 || <= 1.11.0-1 || 1.12.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000727.html ASA-201609-31]<br />
|- <br />
| {{CVE|CVE-2016-2776}} [https://kb.isc.org/article/AA-01419/0] || {{pkg|bind}} || 2016-07-27 || <= 9.10.4.P2-1 || 9.10.4.P3-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000725.html ASA-201607-29]<br />
|-<br />
| {{CVE|CVE-2016-7052}} [https://www.openssl.org/news/secadv/20160926.txt] || {{pkg|lib32-openssl}} || 2016-09-26 || <= 1:1.0.2.i-1 || 1:1.0.2.j-1 || || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000724.html ASA-201609-28]<br />
|- <br />
| {{CVE|CVE-2016-7052}} [https://www.openssl.org/news/secadv/20160926.txt] || {{pkg|openssl}} || 2016-09-26 || <= 1.0.2.i-1 || 1.0.2.j-1 || || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000726.html ASA-201609-30]<br />
|- <br />
| {{CVE|CVE-2016-6309}} [https://www.openssl.org/news/secadv/20160926.txt] || {{pkg|lib32-openssl}} || 2016-09-26 || <= 1:1.0.2.i-1 || || || Not Affected || None<br />
|- <br />
| {{CVE|CVE-2016-6309}} [https://www.openssl.org/news/secadv/20160926.txt] || {{pkg|openssl}} || 2016-09-26 || <= 1.0.2.i-1 || || || Not Affected || None<br />
|- <br />
| {{CVE|CVE-2016-2177}} {{CVE|CVE-2016-2178}} {{CVE|CVE-2016-2179}} {{CVE|CVE-2016-2180}} {{CVE|CVE-2016-2181}} {{CVE|CVE-2016-2182}} {{CVE|CVE-2016-2183}} {{CVE|CVE-2016-6302}} {{CVE|CVE-2016-6303}} {{CVE|CVE-2016-6304}} {{CVE|CVE-2016-6306}} [http://eprint.iacr.org/2016/594] [https://www.openssl.org/news/secadv/20160922.txt] || {{pkg|openssl}} || 2016-09-22 || <= 1.0.2.h-1 || 1.0.2.i-1 || <1d || Fixed ({{bug|49616}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000719.html ASA-201609-23]<br />
|- <br />
| {{CVE|CVE-2016-2177}} {{CVE|CVE-2016-2178}} {{CVE|CVE-2016-2179}} {{CVE|CVE-2016-2180}} {{CVE|CVE-2016-2181}} {{CVE|CVE-2016-2182}} {{CVE|CVE-2016-2183}} {{CVE|CVE-2016-6302}} {{CVE|CVE-2016-6303}} {{CVE|CVE-2016-6304}} {{CVE|CVE-2016-6306}} [http://eprint.iacr.org/2016/594] [https://www.openssl.org/news/secadv/20160922.txt] || {{pkg|lib32-openssl}} || 2016-09-22 || <= 1:1.0.2.h-1 || 1:1.0.2.i-1 || <1d || Fixed ({{bug|49616}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000720.html ASA-201609-24]<br />
|- <br />
| {{CVE|CVE-2016-7044}} {{CVE|CVE-2016-7045}} [https://irssi.org/security/irssi_sa_2016.txt] || {{pkg|irssi}} || 2016-09-21 || <= 0.8.19-2 || 0.8.20-1 || || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000716.html ASA-201609-20]<br />
|- <br />
| {{CVE|CVE-2016-5270}} {{CVE|CVE-2016-5271}} {{CVE|CVE-2016-5272}} {{CVE|CVE-2016-5273}} {{CVE|CVE-2016-5276}} {{CVE|CVE-2016-5274}} {{CVE|CVE-2016-5277}} {{CVE|CVE-2016-5275}} {{CVE|CVE-2016-5278}} {{CVE|CVE-2016-5279}} {{CVE|CVE-2016-5280}} {{CVE|CVE-2016-5281}} {{CVE|CVE-2016-5282}} {{CVE|CVE-2016-5283}} {{CVE|CVE-2016-5284}} {{CVE|CVE-2016-5256}} {{CVE|CVE-2016-5257}} [https://www.mozilla.org/en-US/security/advisories/mfsa2016-85/] || {{pkg|firefox}} || 2016-09-13 || <= 48.0.2-1 || 49.0-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000718.html ASA-201609-22]<br />
|- <br />
| {{CVE|CVE-2016-5388}} || {{pkg|tomcat7}} || 2016-09-18 || <= 7.0.70-1 || 7.0.72-1 || || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000717.html ASA-201609-21]<br />
|- <br />
| {{CVE|CVE-2016-7420}} [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7420] || {{pkg|crypto++}} || 2016-09-18 || <= 5.6.4-2 || 5.6.5-1 || <24d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-October/000736.html ASA-201610-8 ]<br />
|- <br />
| {{CVE|CVE-2016-7444}} [http://seclists.org/oss-sec/2016/q3/545] [https://www.gnutls.org/security.html#GNUTLS-SA-2016-3] || {{pkg|gnutls}} || 2016-09-08 || <= 3.4.14-1 || 3.4.15-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000721.html ASA-201609-25]<br />
|- <br />
| {{CVE|CVE-2016-7444}} [http://seclists.org/oss-sec/2016/q3/545] [https://www.gnutls.org/security.html#GNUTLS-SA-2016-3] || {{pkg|lib32-gnutls}} || 2016-09-08 || <= 3.4.14-1 || 3.4.15-1 || 13d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000722.html ASA-201609-26]<br />
|- <br />
| {{CVE|CVE-2016-5170}} {{CVE|CVE-2016-5171}} {{CVE|CVE-2016-5172}} {{CVE|CVE-2016-5173}} {{CVE|CVE-2016-5174}} {{CVE|CVE-2016-5175}} [https://googlechromereleases.blogspot.fr/2016/09/stable-channel-update-for-desktop_13.html] || {{pkg|chromium}} || 2016-09-13 || <= 53.0.2785.101-1 || 53.0.2785.116-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000709.html ASA-201609-13]<br />
|- <br />
| {{CVE|CVE-2016-7412}} {{CVE|CVE-2016-7413}} {{CVE|CVE-2016-7414}} {{CVE|CVE-2016-7416}} {{CVE|CVE-2016-7417}} {{CVE|CVE-2016-7418}} [http://www.openwall.com/lists/oss-security/2016/09/15/10] || {{pkg|php}} || 2016-09-15 || <= 7.0.10-1 || 7.0.11-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000712.html ASA-201609-16]<br />
|- <br />
| {{CVE|CVE-2016-6352}} [https://bugzilla.redhat.com/show_bug.cgi?id=1349751] || {{pkg|lib32-gdk-pixbuf2}} || 2016-08-31 || <= 2.34.0-1 || || || '''Vulnerable''' ||<br />
|- <br />
| {{CVE|CVE-2016-6352}} [https://bugzilla.redhat.com/show_bug.cgi?id=1349751] || {{pkg|gdk-pixbuf2}} || 2016-08-31 || <= 2.34.0-2 || 2.36.0+2+ga7c869a-1 || 50d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-October/000737.html ASA-201610-9]<br />
|- <br />
| {{CVE|CVE-2016-7167}} [https://curl.haxx.se/docs/adv_20160914.html] || {{pkg|curl}} || 2016-09-14 || <= 7.50.2-1 || 7.50.3-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000715.html ASA-201609-19]<br />
|- <br />
| {{CVE|CVE-2016-7167}} [https://curl.haxx.se/docs/adv_20160914.html] || {{pkg|lib32-curl}} || 2016-09-14 || <= 7.50.0-1 || 7.50.3-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000714.html ASA-201609-18]<br />
|- <br />
| {{CVE|CVE-2016-4271}} {{CVE|CVE-2016-4272}} {{CVE|CVE-2016-4274}} {{CVE|CVE-2016-4275}} {{CVE|CVE-2016-4276}} {{CVE|CVE-2016-4277}} {{CVE|CVE-2016-4278}} {{CVE|CVE-2016-4279}} {{CVE|CVE-2016-4280}} {{CVE|CVE-2016-4281}} {{CVE|CVE-2016-4282}} {{CVE|CVE-2016-4283}} {{CVE|CVE-2016-4284}} {{CVE|CVE-2016-4285}} {{CVE|CVE-2016-4287}} {{CVE|CVE-2016-6921}} {{CVE|CVE-2016-6922}} {{CVE|CVE-2016-6923}} {{CVE|CVE-2016-6924}} {{CVE|CVE-2016-6925}} {{CVE|CVE-2016-6926}} {{CVE|CVE-2016-6927}} {{CVE|CVE-2016-6929}} {{CVE|CVE-2016-6930}} {{CVE|CVE-2016-6931}} {{CVE|CVE-2016-6932}} [https://helpx.adobe.com/security/products/flash-player/apsb16-29.html] || {{pkg|flashplugin}} {{pkg|lib32-flashplugin}} || 2016-09-13 || <= 11.2.202.632-1 || 11.2.202.635-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000707.html ASA-201609-11] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000708.html ASA-201609-12]<br />
|- <br />
| {{CVE|CVE-2016-6662}} {{CVE|CVE-2016-6663}} [https://mariadb.org/mariadb-server-versions-remote-root-code-execution-vulnerability-cve-2016-6662/] [https://jira.mariadb.org/browse/MDEV-10465] [http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html] || {{Pkg|mariadb}} || 2016-09-13 || <= 10.1.16-2 || 10.1.17-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000706.html ASA-201609-10]<br />
|-<br />
| {{CVE|CVE-2016-7180}} {{CVE|CVE-2016-7175}} {{CVE|CVE-2016-7176}} {{CVE|CVE-2016-7177}} {{CVE|CVE-2016-7178}} {{CVE|CVE-2016-7179}} [https://www.wireshark.org/security/wnpa-sec-2016-50.html] [https://www.wireshark.org/security/wnpa-sec-2016-51.html] [https://www.wireshark.org/security/wnpa-sec-2016-52.html] [https://www.wireshark.org/security/wnpa-sec-2016-53.html] [https://www.wireshark.org/security/wnpa-sec-2016-54.html] [https://www.wireshark.org/security/wnpa-sec-2016-55.html] || {{pkg|wireshark-cli}} || 2016-09-09 || <= 2.0.5-1 || 2.2.0-1 || 15d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000723.html ASA-201609-27]<br />
|- <br />
| {{CVE|CVE-2016-5388}} [https://www.apache.org/security/asf-httpoxy-response.txt] || {{pkg|tomcat8}} || 2016-07-18 || <= 8.0.36-1 || 8.0.37-1 || 52d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000703.html ASA-201609-7] <br />
|-<br />
| {{CVE|CVE-2016-7164}} [http://ftp.gnome.org/mirror/gnome.org/sources/file-roller/3.20/file-roller-3.20.3.news] || {{pkg|file-roller}} || 2016-09-08 || <= 3.20.2-1 || 3.20.3-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000701.html ASA-201609-5]<br />
|-<br />
| {{CVE|CVE-2016-5426}} {{CVE|CVE-2016-5427}} [http://seclists.org/oss-sec/2016/q3/464] [https://doc.powerdns.com/md/security/powerdns-advisory-2016-01/] || {{pkg|powerdns}} || 2016-09-08 || 3.4.9-1 || 4.0.1-3 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000705.html ASA-201609-9]<br />
|-<br />
| {{CVE|CVE-2016-7164}} [http://seclists.org/oss-sec/2016/q3/443] || {{pkg|libtorrent-rasterbar}} || 2016-09-08 || <= 1:1.1-3 || 1:1.1.1-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000704.html ASA-201609-8]<br />
|-<br />
| {{CVE|CVE-2016-7141}} [https://curl.haxx.se/docs/adv_20160907.html] || {{pkg|curl}} || 2016-09-07 || N/A || N/A || - || Not Affected || None<br />
|-<br />
| {{CVE|CVE-2016-2835}} {{CVE|CVE-2016-2836}} [https://www.mozilla.org/en-US/security/advisories/mfsa2016-62/] || {{pkg|thunderbird}} || 2016-08-30 || <= 45.2.0-2 || 45.3.0-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000699.html ASA-201609-3]<br />
|-<br />
| {{CVE|CVE-2016-7134}} {{CVE|CVE-2016-7133}} {{CVE|CVE-2016-7132}} {{CVE|CVE-2016-7131}} {{CVE|CVE-2016-7130}} {{CVE|CVE-2016-7129}} {{CVE|CVE-2016-7128}} {{CVE|CVE-2016-7127}} {{CVE|CVE-2016-7126}} {{CVE|CVE-2016-7125}} {{CVE|CVE-2016-7124}} [http://www.openwall.com/lists/oss-security/2016/09/02/9] || {{pkg|php}} || 2016-09-03 || <= 7.0.10-1 || 7.0.11-1 || || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-5147}} {{CVE|CVE-2016-5148}} {{CVE|CVE-2016-5149}} {{CVE|CVE-2016-5150}} {{CVE|CVE-2016-5151}} {{CVE|CVE-2016-5152}} {{CVE|CVE-2016-5153}} {{CVE|CVE-2016-5154}} {{CVE|CVE-2016-5155}} {{CVE|CVE-2016-5156}} {{CVE|CVE-2016-5157}} {{CVE|CVE-2016-5158}} {{CVE|CVE-2016-5159}} {{CVE|CVE-2016-5160}} {{CVE|CVE-2016-5161}} {{CVE|CVE-2016-5162}} {{CVE|CVE-2016-5163}} {{CVE|CVE-2016-5164}} {{CVE|CVE-2016-5165}} {{CVE|CVE-2016-5166}} {{CVE|CVE-2016-5167}} [https://googlechromereleases.blogspot.fr/2016/08/stable-channel-update-for-desktop_31.html] || {{pkg|chromium}} || 2016-08-31 || <= 52.0.2743.116-1 || 53.0.2785.89-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000697.html ASA-201609-1]<br />
|-<br />
| {{CVE|CVE-2016-6525}} [http://bugs.ghostscript.com/show_bug.cgi?id=696954] || {{Pkg|mupdf}} || 2016-07-19 || <= 1.9a-4 || 1.9a-5 || 1d || Fixed ([https://bugs.archlinux.org/task/50590 FS#50590 ]) || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000696.html ASA-201608-22] <br />
|-<br />
| {{CVE|CVE-2016-6265}} [http://bugs.ghostscript.com/show_bug.cgi?id=696941] || {{Pkg|mupdf}} || 2016-07-19 || <= 1.9a-3 || 1.9a-4 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000695.html ASA-201608-21] <br />
|-<br />
| {{CVE|CVE-2016-4590}} {{CVE|CVE-2016-4591}} {{CVE|CVE-2016-4622}} {{CVE|CVE-2016-4624}} [https://webkitgtk.org/2016/08/24/webkitgtk2.12.4-released.html] [https://webkitgtk.org/security/WSA-2016-0005.html] || {{pkg|webkit2gtk}} || 2016-08-24 || <= 2.12.3-1 || 2.12.4-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000698.html ASA-201609-2]<br />
|-<br />
| {{CVE|CVE-2016-6331}} {{CVE|CVE-2016-6332}} {{CVE|CVE-2016-6333}} {{CVE|CVE-2016-6334}} {{CVE|CVE-2016-6335}} {{CVE|CVE-2016-6336}} {{CVE|CVE-2016-6337}} [https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html] || {{pkg|mediawiki}} || 2016-08-23 || <= 1.27.0-1 || 1.27.1-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000693.html ASA-201608-19] <br />
|-<br />
| {{CVE|CVE-2016-6313}} [https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html] || {{pkg|lib32-libgcrypt}} || 2016-08-17 || <= 1.7.2-1 || 1.7.3-1 || 31d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000710.html ASA-201609-14]<br />
|-<br />
| {{CVE|CVE-2016-6313}} [https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html] || {{pkg|libgcrypt}} || 2016-08-17 || <= 1.7.2-1 || 1.7.3-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000692.html ASA-201608-18]<br />
|-<br />
| {{CVE|CVE-2016-5423}} {{CVE|CVE-2016-5424}} [https://www.postgresql.org/about/news/1688/] || {{pkg|postgresql}} {{pkg|postgresql-libs}} || 2016-08-11 || <= 9.5.3-1 || 9.5.4-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000688.html ASA-201608-14]<br />
|-<br />
| {{CVE|CVE-2016-5696}} [http://seclists.org/oss-sec/2016/q3/44] [https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=75ff39ccc1bd5d3c455b6822ab09e533c551f758] || {{pkg|linux}} || 2016-07-12 || <= 4.6.4-1 || 4.7-1 || 31d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000686.html ASA-201608-12]<br />
|-<br />
| {{CVE|CVE-2016-5696}} [http://seclists.org/oss-sec/2016/q3/44] [https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=75ff39ccc1bd5d3c455b6822ab09e533c551f758] || {{pkg|linux-grsec}} || 2016-07-12 || <= 4.6.5.201607312210-1 || 4.7.201608131240-1 || 33d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000687.html ASA-201608-13]<br />
|-<br />
| {{CVE|CVE-2016-5696}} [http://seclists.org/oss-sec/2016/q3/44] [https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=75ff39ccc1bd5d3c455b6822ab09e533c551f758] || {{pkg|linux-lts}} || 2016-07-12 || <= 4.4.16-1 || 4.4.19-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000691.html ASA-201608-17]<br />
|-<br />
| {{CVE|CVE-2016-5696}} [http://seclists.org/oss-sec/2016/q3/44] [https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=75ff39ccc1bd5d3c455b6822ab09e533c551f758] || {{pkg|linux-zen}} || 2016-07-12 || <= 4.6.5-1 || 4.7-1 || 35d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000689.html ASA-201608-15]<br />
|-<br />
| {{CVE|CVE-2016-5139}} {{CVE|CVE-2016-5140}} {{CVE|CVE-2016-5141}} {{CVE|CVE-2016-5142}} {{CVE|CVE-2016-5143}} {{CVE|CVE-2016-5144}} {{CVE|CVE-2016-5145}} {{CVE|CVE-2016-5146}} [https://googlechromereleases.blogspot.fr/2016/08/stable-channel-update-for-desktop.html] || {{pkg|chromium}} || 2016-08-03 || <= 52.0.2743.85-2 || 52.0.2743.116-1 || 14d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000690.html ASA-201608-16]<br />
|-<br />
| {{CVE|CVE-2016-6255}} || {{pkg|libupnp}} || 2016-08-08 || <= 1.6.19-1 || 1.6.20-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000682.html ASA-201608-8]<br />
|-<br />
| {{CVE|CVE-2016-3075}} {{CVE|CVE-2016-5417}} [https://sourceware.org/bugzilla/show_bug.cgi?id=19879] [https://sourceware.org/bugzilla/show_bug.cgi?id=19257] || {{pkg|glibc}} {{pkg|lib32-glibc}} || 2016-08-02 || <= 2.23-5 || 2.24-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000680.html ASA-201608-6] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000681.html ASA-201608-7]<br />
|-<br />
| {{CVE|CVE-2016-3458}} {{CVE|CVE-2016-3500}} {{CVE|CVE-2016-3508}} {{CVE|CVE-2016-3550}} {{CVE|CVE-2016-3598}} {{CVE|CVE-2016-3606}} {{CVE|CVE-2016-3610}} [http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2016-July/036560.html] || {{pkg|jdk7-openjdk}} {{pkg|jre7-openjdk}} {{pkg|jre7-openjdk-headless}} || 2016-07-29 || <= 7.u101_2.6.6 || 7.u111_2.6.7 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000677.html ASA-201608-3] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000678.html ASA-201608-4] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000679.html ASA-201608-5]<br />
|-<br />
| {{CVE|CVE-2016-0718}} {{CVE|CVE-2016-2830}} {{CVE|CVE-2016-2835}} {{CVE|CVE-2016-2836}} {{CVE|CVE-2016-2837}} {{CVE|CVE-2016-2838}} {{CVE|CVE-2016-2839}} {{CVE|CVE-2016-5250}} {{CVE|CVE-2016-5251}} {{CVE|CVE-2016-5252}} {{CVE|CVE-2016-5254}} {{CVE|CVE-2016-5255}} {{CVE|CVE-2016-5258}} {{CVE|CVE-2016-5259}} {{CVE|CVE-2016-5260}} {{CVE|CVE-2016-5261}} {{CVE|CVE-2016-5262}} {{CVE|CVE-2016-5263}} {{CVE|CVE-2016-5264}} {{CVE|CVE-2016-5265}} {{CVE|CVE-2016-5266}} {{CVE|CVE-2016-5268}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox48] || {{pkg|firefox}} || 2016-08-02 || <= 47.0.1-1 || 48.0-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000676.html ASA-201608-2]<br />
|-<br />
| {{CVE|CVE-2016-5419}} {{CVE|CVE-2016-5420}} {{CVE|CVE-2016-5421}} [https://curl.haxx.se/docs/adv_20160803A.html] [https://curl.haxx.se/docs/adv_20160803B.html] [https://curl.haxx.se/docs/adv_20160803C.html] || {{pkg|curl}} || 2016-08-03 || <= 7.50.0-1 || 7.50.1-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000683.html ASA-201608-9]<br />
|-<br />
| {{CVE|CVE-2016-6210}} [http://www.openssh.com/txt/release-7.3] [http://seclists.org/fulldisclosure/2016/Jul/51] || {{pkg|openssh}} || 2016-07-14 || <= 7.2p2-2 || 7.3p1-1 || 16d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000675.html ASA-201608-1]<br />
|-<br />
| {{CVE|CVE-2016-6503}} {CVE|CVE-2016-6504}} {{CVE|CVE-2016-6507}} [http://seclists.org/oss-sec/2016/q3/217] [[http://www.wireshark.org/security/wnpa-sec-2016-39.html] [http://www.wireshark.org/security/wnpa-sec-2016-40.html] [http://www.wireshark.org/security/wnpa-sec-2016-43.html] || {{pkg|wireshark-cli}} || 2016-07-28 || <= 2.0.4-1 || - || - || Not Affected || None<br />
|-<br />
| {{CVE|CVE-2016-6505}} {{CVE|CVE-2016-6506}} {{CVE|CVE-2016-6508}} {{CVE|CVE-2016-6509}} {{CVE|CVE-2016-6510}} {{CVE|CVE-2016-6511}} {{CVE|CVE-2016-6512}} {{CVE|CVE-2016-6513}} [http://seclists.org/oss-sec/2016/q3/217] [http://www.wireshark.org/security/wnpa-sec-2016-41.html] [http://www.wireshark.org/security/wnpa-sec-2016-42.html] [http://www.wireshark.org/security/wnpa-sec-2016-44.html] [http://www.wireshark.org/security/wnpa-sec-2016-45.html] [http://www.wireshark.org/security/wnpa-sec-2016-46.html] [http://www.wireshark.org/security/wnpa-sec-2016-47.html] [http://www.wireshark.org/security/wnpa-sec-2016-48.html] [http://www.wireshark.org/security/wnpa-sec-2016-49.html] || {{pkg|wireshark-cli}} || 2016-07-28 || <= 2.0.4-1 || 2.0.5-1 || 26d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000694.html ASA-201608-20]<br />
|-<br />
| {{CVE|CVE-2016-6491}} [http://seclists.org/oss-sec/2016/q3/194] [http://git.imagemagick.org/repos/ImageMagick/commit/5cb6c1acd3e3b12f9260daf207db432df7f792c2] || {{pkg|imagemagick}} || 2016-07-27 || <= 6.9.5.2-1 || 6.9.5.3-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000673.html ASA-201607-13]<br />
|-<br />
| {{CVE|CVE-2015-8948}} {{CVE|CVE-2016-6261}} {{CVE|CVE-2016-6262}} {{CVE|CVE-2016-6263}} || {{Pkg|libidn}} || 2016-07-20 || <= 1.32-1 || 1.33-1 || 10d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000674.html ASA-201607-14]<br />
|-<br />
| {{CVE|CVE-2016-6186}} || {{Pkg|python-django}} {{Pkg|python2-django}}|| 2016-07-18 || <= 1.9.8-1 || 1.9.8-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000670.html ASA-201607-10] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000671.html ASA-201607-11]<br />
|-<br />
| {{CVE|CVE-2016-1705}} {{CVE|CVE-2016-1706}} {{CVE|CVE-2016-1708}} {{CVE|CVE-2016-1709}} {{CVE|CVE-2016-1710}} {{CVE|CVE-2016-1711}} {{CVE|CVE-2016-5127}} {{CVE|CVE-2016-5128}} {{CVE|CVE-2016-5129}} {{CVE|CVE-2016-5130}} {{CVE|CVE-2016-5131}} {{CVE|CVE-2016-5132}} {{CVE|CVE-2016-5133}} {{CVE|CVE-2016-5134}} {{CVE|CVE-2016-5135}} {{CVE|CVE-2016-5136}} {{CVE|CVE-2016-5137}} [https://googlechromereleases.blogspot.fr/2016/07/stable-channel-update.html] || {{pkg|chromium}} || 2016-07-20 || <= 51.0.2704.106-1 || 52.0.2743.82-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000672.html ASA-201607-12]<br />
|-<br />
| {{CVE|CVE-2016-5385}} [https://www.drupal.org/SA-CORE-2016-003] || {{pkg|drupal}} || 2016-07-18 || <= 8.1.6-1 || 8.1.7-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000669.html ASA-201607-9]<br />
|-<br />
| {{CVE|CVE-2016-2775}} [https://kb.isc.org/article/AA-01393/74/CVE-2016-2775] || {{pkg|bind}} || 2016-07-19 || <= 9.10.4.P1-2 || 9.10.4.P2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000668.html ASA-201607-8]<br />
|-<br />
|{{CVE|CVE-2016-4173}} {{CVE|CVE-2016-4174}} {{CVE|CVE-2016-4175}} {{CVE|CVE-2016-4176}} {{CVE|CVE-2016-4177}} {{CVE|CVE-2016-4179}} {{CVE|CVE-2016-4180}} {{CVE|CVE-2016-4181}} {{CVE|CVE-2016-4182}} {{CVE|CVE-2016-4183}} {{CVE|CVE-2016-4184}} {{CVE|CVE-2016-4185}} {{CVE|CVE-2016-4186}} {{CVE|CVE-2016-4187}} {{CVE|CVE-2016-4188}} {{CVE|CVE-2016-4189}} {{CVE|CVE-2016-4190}} {{CVE|CVE-2016-4217}} {{CVE|CVE-2016-4218}} {{CVE|CVE-2016-4219}} {{CVE|CVE-2016-4220}} {{CVE|CVE-2016-4221}} {{CVE|CVE-2016-4222}} {{CVE|CVE-2016-4223}} {{CVE|CVE-2016-4224}} {{CVE|CVE-2016-4225}} {{CVE|CVE-2016-4226}} {{CVE|CVE-2016-4227}} {{CVE|CVE-2016-4228}} {{CVE|CVE-2016-4229}} {{CVE|CVE-2016-4230}} {{CVE|CVE-2016-4231}} {{CVE|CVE-2016-4232}} {{CVE|CVE-2016-4233}} {{CVE|CVE-2016-4234}} {{CVE|CVE-2016-4235}} {{CVE|CVE-2016-4236}} {{CVE|CVE-2016-4237}} {{CVE|CVE-2016-4238}} {{CVE|CVE-2016-4239}} {{CVE|CVE-2016-4240}} {{CVE|CVE-2016-4241}} {{CVE|CVE-2016-4242}} {{CVE|CVE-2016-4243}} {{CVE|CVE-2016-4244}} {{CVE|CVE-2016-4245}} {{CVE|CVE-2016-4246}} {{CVE|CVE-2016-4247}} {{CVE|CVE-2016-4248}} || {{pkg|flashplugin}} {{pkg|lib32-flashplugin}} || 2016-07-12 || <= 11.2.202.626-1 || 11.2.202.632-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000666.html ASA-201607-6] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000667.html ASA-201607-7]<br />
|-<br />
| {{CVE|CVE-2016-2815}} {{CVE|CVE-2016-2818}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird45.2] || {{pkg|thunderbird}} || 2016-06-30 || <= 45.1.1-2 || 45.2.0-1 || 10d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000664.html ASA-201607-4]<br />
|-<br />
| {{CVE|CVE-2016-4979}} [https://httpd.apache.org/security/vulnerabilities_24.html] || {{pkg|apache}} || 2016-07-05 || 2.4.18-2.4.20 || 2.4.23-1 || || Fixed ({{bug|49958}}) || None<br />
|-<br />
| {{CVE|CVE-2016-4994}} [https://bugzilla.gnome.org/show_bug.cgi?id=767873] || {{pkg|gimp}} || 2016-06-21 || <= 2.8.16-2 || 2.8.18-1 || 26d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000665.html ASA-201607-5]<br />
|-<br />
| {{CVE|CVE-2016-4472}} [https://bugzilla.redhat.com/show_bug.cgi?id=1344251] || {{pkg|expat}} || 2016-06-30 || <= 2.1.1-3 || 2.2.0-1 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-3189}} [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3189] || {{pkg|bzip2}} || 2016-06-30 || <= 1.0.6-5 || || || '''Vulnerable''' ||<br />
|-<br />
| {{CVE|CVE-2016-4463}} [http://seclists.org/bugtraq/2016/Jun/115] || {{pkg|xerces-c}} || 2016-06-29 || <= 3.1.3-2 || 3.1.4-1 || <3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000662.html ASA-201607-2]<br />
|-<br />
| {{CVE|CVE-2016-4324}} [http://www.talosintelligence.com/reports/TALOS-2016-0126/] || {{pkg|libreoffice-fresh}} || 2016-06-27 || <= 5.1.3-2 || 5.1.4-1 || <0d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000663.html ASA-201607-3]<br />
|-<br />
| {{CVE|CVE-2016-5701}} {{CVE|CVE-2016-5702}} {{CVE|CVE-2016-5703}} {{CVE|CVE-2016-5704}} {{CVE|CVE-2016-5705}} {{CVE|CVE-2016-5706}} {{CVE|CVE-2016-5730}} {{CVE|CVE-2016-5731}} {{CVE|CVE-2016-5732}} {{CVE|CVE-2016-5733}} {{CVE|CVE-2016-5734}} {{CVE|CVE-2016-5739}} [https://www.phpmyadmin.net/security/PMASA-2016-17/] [https://www.phpmyadmin.net/security/PMASA-2016-18/] [https://www.phpmyadmin.net/security/PMASA-2016-19/] [https://www.phpmyadmin.net/security/PMASA-2016-20/] [https://www.phpmyadmin.net/security/PMASA-2016-21/] [https://www.phpmyadmin.net/security/PMASA-2016-22/] [https://www.phpmyadmin.net/security/PMASA-2016-23/] [https://www.phpmyadmin.net/security/PMASA-2016-24/] [https://www.phpmyadmin.net/security/PMASA-2016-25/] [https://www.phpmyadmin.net/security/PMASA-2016-26/] [https://www.phpmyadmin.net/security/PMASA-2016-27/] [https://www.phpmyadmin.net/security/PMASA-2016-28/] || {{pkg|phpmyadmin}} || 2016-06-23 || <= 4.6.2-1 || 4.6.3-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000660.html ASA-201606-25]<br />
|-<br />
| {{CVE|CVE-2016-1704}} [https://googlechromereleases.blogspot.fr/2016/06/stable-channel-update_16.html] || {{pkg|chromium}} || 2016-01-16 || <= 51.0.2704.84-1 || 51.0.2704.103-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000655.html ASA-201606-20]<br />
|-<br />
| {{CVE|CVE-2016-2365}} {{CVE|CVE-2016-2366}} {{CVE|CVE-2016-2367}} {{CVE|CVE-2016-2368}} {{CVE|CVE-2016-2369}} {{CVE|CVE-2016-2370}} {{CVE|CVE-2016-2371}} {{CVE|CVE-2016-2372}} {{CVE|CVE-2016-2373}} {{CVE|CVE-2016-2374}} {{CVE|CVE-2016-2375}} {{CVE|CVE-2016-2376}} {{CVE|CVE-2016-2377}} {{CVE|CVE-2016-2378}} {{CVE|CVE-2016-2380}} {{CVE|CVE-2016-4323}} [http://blog.talosintel.com/2016/06/vulnerability-spotlight-pidgin.html] || {{pkg|libpurple}} || 2016-01-21 || <= 2.10.12-4 || 2.11.0-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000659.html ASA-201606-24]<br />
|-<br />
| {{CVE|CVE-2016-1541}} [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1541] || {{pkg|libarchive}} || 2016-01-17 || <= 3.1.2-8 || 3.2.0-1 || 47d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000661.html ASA-201607-1]<br />
|-<br />
| {{CVE|CVE-2016-5875}} {{CVE|CVE-2016-5314}} {{CVE|CVE-2016-5315}} {{CVE|CVE-2016-5316}} {{CVE|CVE-2016-5317}} {{CVE|CVE-2016-5320}} {{CVE|CVE-2016-5321}} {{CVE|CVE-2016-5322}} {{CVE|CVE-2016-5323}} {{CVE|CVE-2016-5102}} {{CVE|CVE-2016-3991}} {{CVE|CVE-2016-3990}} {{CVE|CVE-2016-3945}} {{CVE|CVE-2016-3658}} {{CVE|CVE-2016-3634}} {{CVE|CVE-2016-3633}} {{CVE|CVE-2016-3632}} {{CVE|CVE-2016-3631}} {{CVE|CVE-2016-3625}} {{CVE|CVE-2016-3624}} {{CVE|CVE-2016-3623}} {{CVE|CVE-2016-3622}} {{CVE|CVE-2016-3621}} {{CVE|CVE-2016-3620}} {{CVE|CVE-2016-3619}} {{CVE|CVE-2016-3186}} {{CVE|CVE-2015-8668}} {{CVE|CVE-2015-7313}} {{CVE|CVE-2014-8130}} {{CVE|CVE-2014-8127}} {{CVE|CVE-2010-2596}} {{CVE|CVE-2016-6223}} [http://www.openwall.com/lists/oss-security/2016/06/15/1] [http://www.openwall.com/lists/oss-security/2016/06/15/2] [http://www.openwall.com/lists/oss-security/2016/06/15/3] [http://www.openwall.com/lists/oss-security/2016/06/15/5] [http://www.openwall.com/lists/oss-security/2016/06/15/6] [http://www.openwall.com/lists/oss-security/2016/06/15/7] [http://www.openwall.com/lists/oss-security/2016/06/15/8] [http://www.openwall.com/lists/oss-security/2016/06/15/9] [https://security-tracker.debian.org/tracker/source-package/tiff] [http://www.openwall.com/lists/oss-security/2016/07/13/3] || {{pkg|libtiff}} || 2016-06-19 || <= 4.0.6-2 || || || '''Vulnerable''' ||<br />
|-<br />
| {{CVE|CVE-2016-4122}} {{CVE|CVE-2016-4123}} {{CVE|CVE-2016-4124}} {{CVE|CVE-2016-4125}} {{CVE|CVE-2016-4127}} {{CVE|CVE-2016-4128}} {{CVE|CVE-2016-4129}} {{CVE|CVE-2016-4130}} {{CVE|CVE-2016-4131}} {{CVE|CVE-2016-4132}} {{CVE|CVE-2016-4133}} {{CVE|CVE-2016-4134}} {{CVE|CVE-2016-4135}} {{CVE|CVE-2016-4136}} {{CVE|CVE-2016-4137}} {{CVE|CVE-2016-4138}} {{CVE|CVE-2016-4139}} {{CVE|CVE-2016-4140}} {{CVE|CVE-2016-4141}} {{CVE|CVE-2016-4142}} {{CVE|CVE-2016-4143}} {{CVE|CVE-2016-4144}} {{CVE|CVE-2016-4145}} {{CVE|CVE-2016-4146}} {{CVE|CVE-2016-4147}} {{CVE|CVE-2016-4148}} {{CVE|CVE-2016-4149}} {{CVE|CVE-2016-4150}} {{CVE|CVE-2016-4151}} {{CVE|CVE-2016-4152}} {{CVE|CVE-2016-4153}} {{CVE|CVE-2016-4154}} {{CVE|CVE-2016-4155}} {{CVE|CVE-2016-4156}} {{CVE|CVE-2016-4166}} {{CVE|CVE-2016-4171}} [https://helpx.adobe.com/security/products/flash-player/apsb16-18.html] || {{pkg|flashplugin}} {{pkg|lib32-flashplugin}} || 2016-06-16 || <= 11.2.202.621-1 || 11.2.202.626-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000650.html ASA-201606-15] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000653.html ASA-201606-18]<br />
|-<br />
| {{CVE|CVE-2016-4971}} [https://lists.gnu.org/archive/html/bug-wget/2016-06/msg00033.html] || {{pkg|wget}} || 2016-06-09 || <= 1.17.1-2 || 1.18-1 || 11d || Fixed ({{bug|49730}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000654.html ASA-201606-19]<br />
|-<br />
| {{CVE|CVE-2012-6702}} {{CVE|CVE-2016-5300}} || {{pkg|expat}} {{pkg|lib32-expat}} || 2016-06-07 || <= 2.1.1-2 || 2.1.1-3 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000648.html ASA-201606-13] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000649.html ASA-201606-14]<br />
|-<br />
| {{CVE|CVE-2016-5360}} [http://seclists.org/oss-sec/2016/q2/512] || {{pkg|haproxy}} || 2016-06-09 || <= 1.6.5-3 || 1.6.5-4 || 1d || Fixed ({{bug|49638}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000646.html ASA-201606-11]<br />
|-<br />
| {{CVE|CVE-2016-2815}} {{CVE|CVE-2016-2818}} {{CVE|CVE-2016-2819}} {{CVE|CVE-2016-2821}} {{CVE|CVE-2016-2822}} {{CVE|CVE-2016-2825}} {{CVE|CVE-2016-2828}} {{CVE|CVE-2016-2829}} {{CVE|CVE-2016-2831}} {{CVE|CVE-2016-2832}} {{CVE|CVE-2016-2833}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox47] || {{pkg|firefox}} || 2016-06-07 || <= 46.0.1-1 || 47.0-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000642.html ASA-201606-7]<br />
|-<br />
| {{CVE|CVE-2016-4456}} [https://marc.ttias.be/oss-security/2016-06/msg00043.php] [http://gnutls.org/security.html#GNUTLS-SA-2016-1] || {{pkg|gnutls}} {{pkg|lib32-gnutls}} || 2016-06-06 || <= 3.4.12-1 || 3.4.13-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000645.html ASA-201606-10] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000647.html ASA-201606-12]<br />
|-<br />
| {{CVE|CVE-2015-8899}} [http://www.openwall.com/lists/oss-security/2016/06/04/2] || {{pkg|dnsmasq}} || 2016-06-04 || <= 2.75-1 || 2.76-1 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-4953}} {{CVE|CVE-2016-4954}} {{CVE|CVE-2016-4955}} {{CVE|CVE-2016-4956}} {{CVE|CVE-2016-4957}} [http://support.ntp.org/bin/view/Main/SecurityNotice#June_2016_ntp_4_2_8p8_NTP_Securi] || {{pkg|ntp}} || 2016-06-02 || <= 4.2.8.p7-1 || 4.2.8.p8-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000639.html ASA-201606-4]<br />
|-<br />
| {{CVE|CVE-2016-4429}} [https://sourceware.org/bugzilla/show_bug.cgi?id=20112] || {{pkg|glibc}} {{pkg|lib32-glibc}} || 2016-05-18 || <= 2.23-4 || 2.23-5 || 25d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000651.html ASA-201606-16] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000652.html ASA-201606-17]<br />
|-<br />
| {{CVE|CVE-2016-5244}} {{CVE|CVE-2016-5243}} [http://www.openwall.com/lists/oss-security/2016/06/03/5] [http://www.openwall.com/lists/oss-security/2016/06/03/4] || {{pkg|linux}} || 2016-06-03 || <= 4.6.1 || || || Not Affected ||<br />
|-<br />
| {{CVE|CVE-2016-1696}} {{CVE|CVE-2016-1697}} {{CVE|CVE-2016-1698}} {{CVE|CVE-2016-1699}} {{CVE|CVE-2016-1700}} {{CVE|CVE-2016-1701}} {{CVE|CVE-2016-1702}} {{CVE|CVE-2016-1703}} [http://googlechromereleases.blogspot.fr/2016/06/stable-channel-update.html] || {{pkg|chromium}} || 2016-06-01 || <= 51.0.2704.63-1 || 51.0.2704.79-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000640.html ASA-201606-5]<br />
|-<br />
| {{CVE|CVE-2016-4450}} [http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html] [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4450] || {{pkg|nginx-mainline}} || 2016-05-31 || <= 1.11-1 || 1.11.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000637.html ASA-201606-2]<br />
|-<br />
| {{CVE|CVE-2016-4450}} [http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html] [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4450] || {{pkg|nginx}} || 2016-05-31 || <= 1.10-1 || 1.10.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000636.html ASA-201606-1]<br />
|-<br />
| {{CVE|CVE-2016-1857}} [http://webkitgtk.org/security/WSA-2016-0004.html] || {{pkg|webkit2gtk}} || 2016-05-30 || <= 2.12.2-1 || 2.12.3-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000638.html ASA-201606-3]<br />
|-<br />
| {{CVE|CVE-2016-5108}} [http://www.openwall.com/lists/oss-security/2016/05/27/7] || {{pkg|vlc}} || 2016-05-27 || <= 2.2.3-3 || 2.2.4-1 || 11d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000656.html ASA-201606-21]<br />
|-<br />
| {{CVE|CVE-2016-5104}} [http://www.openwall.com/lists/oss-security/2016/05/26/6] || {{pkg|libusbmuxd}} || 2016-05-26 || <= 1.0.10-1 || || || '''Vulnerable''' ||<br />
|-<br />
| {{CVE|CVE-2016-5104}} [http://www.openwall.com/lists/oss-security/2016/05/26/6] || {{pkg|libimobiledevice}} || 2016-05-26 || <= 1.2.0-3 || || || '''Vulnerable''' ||<br />
|-<br />
| {{CVE|CVE-2016-5103}} [http://www.openwall.com/lists/oss-security/2016/05/26/5] || {{pkg|roundcubemail}} || 2016-05-26 || <= 1.2rc-1 || 1.2.0-1 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-1762}} {{CVE|CVE-2016-1833}} {{CVE|CVE-2016-1834}} {{CVE|CVE-2016-1835}} {{CVE|CVE-2016-1836}} {{CVE|CVE-2016-1837}} {{CVE|CVE-2016-1838}} {{CVE|CVE-2016-1839}} {{CVE|CVE-2016-1840}} {{CVE|CVE-2016-3627}} {{CVE|CVE-2016-3705}} {{CVE|CVE-2016-4483}} [https://git.gnome.org/browse/libxml2/log/] || {{pkg|libxml2}} || 2016-05-23 || <= 2.9.3-2 || 2.9.4+0+gbdec218-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000634.html ASA-201605-27]<br />
|-<br />
| {{CVE|CVE-2016-1672}} {{CVE|CVE-2016-1673}} {{CVE|CVE-2016-1674}} {{CVE|CVE-2016-1675}} {{CVE|CVE-2016-1676}} {{CVE|CVE-2016-1677}} {{CVE|CVE-2016-1678}} {{CVE|CVE-2016-1679}} {{CVE|CVE-2016-1680}} {{CVE|CVE-2016-1681}} {{CVE|CVE-2016-1682}} {{CVE|CVE-2016-1683}} {{CVE|CVE-2016-1684}} {{CVE|CVE-2016-1685}} {{CVE|CVE-2016-1686}} {{CVE|CVE-2016-1687}} {{CVE|CVE-2016-1688}} {{CVE|CVE-2016-1689}} {{CVE|CVE-2016-1690}} {{CVE|CVE-2016-1691}} {{CVE|CVE-2016-1692}} {{CVE|CVE-2016-1693}} {{CVE|CVE-2016-1694}} {{CVE|CVE-2016-1695}} [http://googlechromereleases.blogspot.fr/2016/05/stable-channel-update_25.html] || {{pkg|chromium}} || 2016-05-25 || <= 50.0.2661.102-1 || 51.0.2704.63-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000635.html ASA-201605-28]<br />
|-<br />
| {{CVE|CVE-2016-5027}} {{CVE|CVE-2016-5028}} {{CVE|CVE-2016-5029}} {{CVE|CVE-2016-5030}} {{CVE|CVE-2016-5031}} {{CVE|CVE-2016-5032}} {{CVE|CVE-2016-5033}} {{CVE|CVE-2016-5034}} {{CVE|CVE-2016-5035}} {{CVE|CVE-2016-5036}} {{CVE|CVE-2016-5037}} {{CVE|CVE-2016-5038}} {{CVE|CVE-2016-5039}} {{CVE|CVE-2016-5040}} {{CVE|CVE-2016-5041}} {{CVE|CVE-2016-5042}} {{CVE|CVE-2016-5043}} {{CVE|CVE-2016-5044}} [http://seclists.org/oss-sec/2016/q2/393] [https://www.prevanders.net/dwarfbug.html] || {{pkg|libdwarf}} || 2016-05-24 || <= 20160507-1 || 20160613-1 || 27d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000658.html ASA-201606-23]<br />
|-<br />
| {{CVE|CVE-2015-1283}} {{CVE|CVE-2016-0718}} [http://seclists.org/oss-sec/2016/q2/360] || {{pkg|expat}} {{pkg|lib32-expat}} || 2016-05-17 || <= 2.1.1-1 || 2.1.1-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000629.html ASA-201605-22] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000630.html ASA-201605-23]<br />
|-<br />
| {{CVE|CVE-2016-2334}} {{CVE|CVE-2016-2335}} [http://www.talosintel.com/reports/TALOS-2016-0093/] [http://www.talosintel.com/reports/TALOS-2016-0094/] || {{pkg|p7zip}} || 2016-05-10 || <= 15.14.1-1 || 15.14.1-2 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000631.html ASA-201605-24]<br />
|-<br />
| {{CVE|CVE-2016-3698}} [https://github.com/jpirko/libndp/commit/2af9a55b38b55abbf05fd116ec097d4029115839] || {{pkg|libndp}} || 2016-05-17 || <= 1.5-1 || 1.6-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000633.html ASA-201605-26]<br />
|-<br />
| {{CVE|CVE-2016-2803}} [http://seclists.org/bugtraq/2016/May/72] || {{pkg|bugzilla}} || 2016-05-16 || <= 5.0.2-1 || 5.0.3-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000632.html ASA-201605-25]<br />
|-<br />
| {{CVE|CVE-2016-2099}} [https://issues.apache.org/jira/browse/XERCESC-2066] [http://www.openwall.com/lists/oss-security/2016/05/09/7] || {{pkg|xerces-c}} || 2016-05-09 || <= 3.1.3-1 || 3.1.3-2 || 46d || Fixed ({{bug|49353}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000656.html ASA-201606-22]<br />
|-<br />
| [http://blog.jetbrains.com/blog/2016/05/11/security-update-for-intellij-based-ides-v2016-1-and-older-versions/] || {{pkg|intellij-idea-community-edition}} {{pkg|intellij-idea-libs}} || 2016-05-11 || <= 1:2016.1.1-1 || 1:2016.1.2-1 || 3d || Fixed ({{bug|49329}}) || None<br />
|-<br />
| {{CVE|CVE-2016-2804}} {{CVE|CVE-2016-2805}} {{CVE|CVE-2016-2806}} {{CVE|CVE-2016-2807}} [https://www.mozilla.org/en-US/security/advisories/mfsa2016-39/] || {{pkg|thunderbird}} || 2016-05-10 || <= 45.0-1 || 45.1.0-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000628.html ASA-201605-21]<br />
|-<br />
| {{CVE|CVE-2016-1667}} {{CVE|CVE-2016-1668}} {{CVE|CVE-2016-1669}} {{CVE|CVE-2016-1670}} [http://googlechromereleases.blogspot.fr/2016/05/stable-channel-update.html] || {{pkg|chromium}} || 2016-05-11 || <= 50.0.2661.94-1 || 50.0.2661.102-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000622.html ASA-201605-15] <br />
|-<br />
| {{CVE|CVE-2016-3706}} {{CVE|CVE-2016-1234}} [https://sourceware.org/bugzilla/show_bug.cgi?id=20010] || {{pkg|glibc}} {{pkg|lib32-glibc}} || 2016-04-27 || <= 2.23-2 || 2.23-4 || 17d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000626.html ASA-201605-19] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000627.html ASA-201605-20]<br />
|-<br />
| {{CVE|CVE-2016-1096}} {{CVE|CVE-2016-1097}} {{CVE|CVE-2016-1098}} {{CVE|CVE-2016-1099}} {{CVE|CVE-2016-1100}} {{CVE|CVE-2016-1101}} {{CVE|CVE-2016-1102}} {{CVE|CVE-2016-1103}} {{CVE|CVE-2016-1104}} {{CVE|CVE-2016-1105}} {{CVE|CVE-2016-1106}} {{CVE|CVE-2016-1107}} {{CVE|CVE-2016-1108}} {{CVE|CVE-2016-1109}} {{CVE|CVE-2016-1110}} {{CVE|CVE-2016-4108}} {{CVE|CVE-2016-4109}} {{CVE|CVE-2016-4110}} {{CVE|CVE-2016-4111}} {{CVE|CVE-2016-4112}} {{CVE|CVE-2016-4113}} {{CVE|CVE-2016-4114}} {{CVE|CVE-2016-4115}} {{CVE|CVE-2016-4116}} {{CVE|CVE-2016-4117}} [https://helpx.adobe.com/security/products/flash-player/apsa16-02.html] || {{pkg|flashplugin}} {{pkg|lib32-flashplugin}} || 2016-05-10 || <= 11.2.202.616-2 || 11.2.202.621-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000623.html ASA-201605-16] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000625.html ASA-201605-18]<br />
|-<br />
| {{CVE|CVE-2015-8558}} {{CVE|CVE-2016-3710}} {{CVE|CVE-2016-3712}} {{CVE|CVE-2016-5105}} {{CVE|CVE-2016-5107}} {{CVE|CVE-2016-5106}} [http://xenbits.xen.org/xsa/advisory-179.html] [http://www.openwall.com/lists/oss-security/2016/05/25/7] || {{pkg|qemu}} {{pkg|qemu-arch-extra}} || 2016-05-10 || <= 2.5.1-1 || 2.6.0-1 || 28d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000643.html ASA-201606-8] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000644.html ASA-201606-9]<br />
|-<br />
| {{CVE|CVE-2015-8558}} {{CVE|CVE-2016-3710}} {{CVE|CVE-2016-3712}} {{CVE|CVE-2016-5105}} {{CVE|CVE-2016-5107}} {{CVE|CVE-2016-5106}} [http://xenbits.xen.org/xsa/advisory-179.html] [http://www.openwall.com/lists/oss-security/2016/05/25/7] || {{pkg|qemu-guest-agent}} {{pkg|qemu-block-gluster}} {{pkg|qemu-block-iscsi}} {{pkg|qemu-block-rbd}} || 2016-05-10 || <= 2.5.1-1 || - || - || Not Affected || None<br />
|-<br />
| {{CVE|CVE-2016-1926}} [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1926] [http://www.openvas.org/OVSA20160113.html] || {{pkg|greenbone-security-assistant}} || 2016-01-16 || <= 6.0.6-2 || || || '''Vulnerable''' || <br />
|-<br />
| {{CVE|CVE-2016-3659}} [http://bugs.cacti.net/view.php?id=2673] || {{pkg|cacti}} || 2016-03-31 || <= 0.8.8_g-3 || 0.8.8_h-1 || 40d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000621.html ASA-201605-14]<br />
|-<br />
| {{CVE|CVE-2016-4554}} {{CVE|CVE-2016-4555}} {{CVE|CVE-2016-4556}} [http://www.squid-cache.org/Advisories/SQUID-2016_8.txt] [http://www.squid-cache.org/Advisories/SQUID-2016_9.txt] || {{pkg|squid}} || 2016-05-09 || <= 3.5.17-1 || 3.5.19-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000620.html ASA-201605-13]<br />
|-<br />
| {{CVE|CVE-2015-8106}} [http://www.openwall.com/lists/oss-security/2015/11/16/39] || {{pkg|latex2rtf}} || 2015-11-16 || <= 2.3.8-1 || 2.3.10-1 || ~6m || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000616.html ASA-201605-9]<br />
|-<br />
| {{CVE|CVE-2016-3105}} [https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.8_.2F_3.8.1_.282016-5-1.29] || {{pkg|mercurial}} || 2016-05-01 || <= 3.7.3-1 || 3.8.1-1 || 5d || Fixed ({{bug|49239}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000617.html ASA-201605-10] <br />
|-<br />
| {{CVE|CVE-2016-1236}} [http://www.openwall.com/lists/oss-security/2016/05/05/22] || {{pkg|websvn}} || 2016-05-05 || <= 2.3.3-6 || 2.3.3-7 || 98d || Fixed ({{bug|50344}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000685.html ASA-201608-11]<br />
|-<br />
| {{CVE|CVE-2016-4414}} [http://marc.info/?l=oss-security&m=146204310020229&w=2] || {{pkg|quassel-client}} {{pkg|quassel-monolithic}} || 2016-04-30 || <= 0.12.3-1 || - || - || Not Affected || None<br />
|-<br />
| {{CVE|CVE-2016-4352}} [http://www.openwall.com/lists/oss-security/2016/04/29/7] || {{pkg|mencoder}} {{pkg|mplayer}} || 2016-05-03 || <= 37379-7 || 37857-1 || 3d || Fixed ({{bug|49195}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000618.html ASA-201605-11] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000619.html ASA-201605-12]<br />
|-<br />
| {{CVE|CVE-2016-4574}} [http://www.openwall.com/lists/oss-security/2016/05/10/4] || {{pkg|libksba}} || 2016-05-03 || <= 1.3.3-1 || 1.3.4-1 || 9d || Fixed ({{bug|49289}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000624.html ASA-201605-17]<br />
|-<br />
| {{CVE|CVE-2016-4354}} {{CVE|CVE-2016-4353}} {{CVE|CVE-2016-4355}} {{CVE|CVE-2016-4356}} [http://www.openwall.com/lists/oss-security/2016/04/29/8] || {{pkg|libksba}} || 2016-04-10 || <= 1.3.2-1 || 1.3.3-1 || 18d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-4348}} {{CVE|CVE-2016-4347}} [http://www.openwall.com/lists/oss-security/2016/04/30/3] || {{pkg|librsvg}} || 2016-05-03 || <= 2:2.40.2-2 || 2:2.40.15-2 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-4415}} {{CVE|CVE-2016-4416}} {{CVE|CVE-2016-4417}} {{CVE|CVE-2016-4418}} {{CVE|CVE-2016-4419}} {{CVE|CVE-2016-4420}} {{CVE|CVE-2016-4421}} {{CVE|CVE-2016-4076}} {{CVE|CVE-2016-4077}} {{CVE|CVE-2016-4078}} {{CVE|CVE-2016-4079}} {{CVE|CVE-2016-4080}} {{CVE|CVE-2016-4081}} {{CVE|CVE-2016-4006}} {{CVE|CVE-2016-4082}} {{CVE|CVE-2016-4083}} {{CVE|CVE-2016-4084}} {{CVE|CVE-2016-4085}} [http://www.openwall.com/lists/oss-security/2016/04/25/2] || {{pkg|wireshark-cli}} {{pkg|wireshark-qt}} {{pkg|wireshark-gtk}} || 2016-05-03 || <= 2.0.2-1 || 2.0.3-1 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-3714}} [http://www.openwall.com/lists/oss-security/2016/05/03/13] [http://www.openwall.com/lists/oss-security/2016/05/03/14]|| {{pkg|imagemagick}} || 2016-05-03 || <= 6.9.3.8-1 || 6.9.3.10-1 || 3d || Fixed ({{bug|49203}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000613.html ASA-201605-6]<br />
|-<br />
| {{CVE|CVE-2016-4477}} {{CVE|CVE-2016-4476}} [http://www.openwall.com/lists/oss-security/2016/05/03/2] || {{pkg|hostapd}} || 2016-05-03 || <= 2.5-2 || 2.6-1 || 90d || Fixed ({{bug|49196}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-October/000731.html ASA-201610-3]<br />
|-<br />
| {{CVE|CVE-2016-4477}} {{CVE|CVE-2016-4476}} [http://www.openwall.com/lists/oss-security/2016/05/03/2] || {{pkg|wpa_supplicant}} || 2016-05-03 || <= 1:2.5-3 || 1:2.6-1 || >90d || Fixed ({{bug|49196}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-October/000735.html ASA-201610-7]<br />
|-<br />
| {{CVE|CVE-2016-2105}} {{CVE|CVE-2016-2106}} {{CVE|CVE-2016-2107}} {{CVE|CVE-2016-2109}} {{CVE|CVE-2016-2176}} [https://www.openssl.org/news/secadv/20160503.txt] || {{pkg|openssl}} {{pkg|lib32-openssl}} || 2016-05-03 || <= 1.0.2.g-3 || 1.0.2.h-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000610.html ASA-201605-3] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000611.html ASA-201605-4]<br />
|-<br />
| {{CVE|CVE-2016-4425}} [https://github.com/akheron/jansson/issues/282] [http://marc.info/?l=oss-security&m=146219323703639&w=2] || {{pkg|jansson}} || 2016-05-02 || <= 2.7-1 || 2.8-1 || 137d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000711.html ASA-201609-15]<br />
|-<br />
| {{CVE|CVE-2016-4425}} [https://github.com/akheron/jansson/issues/282] [http://marc.info/?l=oss-security&m=146219323703639&w=2] || {{pkg|lib32-jansson}} || 2016-05-02 || <= 2.7-2 || 2.8-1 || 140d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000713.html ASA-201609-17]<br />
|-<br />
| {{CVE|CVE-2016-1660}} {{CVE|CVE-2016-1661}} {{CVE|CVE-2016-1662}} {{CVE|CVE-2016-1663}} {{CVE|CVE-2016-1664}} {{CVE|CVE-2016-1665}} {{CVE|CVE-2016-1666}} [http://googlechromereleases.blogspot.fr/2016/04/stable-channel-update_28.html] || {{pkg|chromium}} || 2016-04-28 || <= 50.0.2661.75-1 || 50.0.2661.94-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000614.html ASA-201605-7]<br />
|-<br />
| {{CVE|CVE-2015-8869}} || {{pkg|ocaml}} || 2016-04-29 || <= 4.02.3-2 || || || '''Vulnerable''' || <br />
|-<br />
| {{CVE|CVE-2016-4414}} [http://marc.info/?l=oss-security&m=146204310020229&w=2] || {{pkg|quassel-core}} || 2016-04-30 || <= 0.12.3-1 || 0.12.4-1 || 6d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000612.html ASA-201605-5]<br />
|-<br />
| {{CVE|CVE-2016-2167}} {{CVE|CVE-2016-2168}} [https://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgfn1iKueW51EpmXzXi_URNfGNofZSgOyW1_jnSeNm5DQ@mail.gmail.com%3E] || {{pkg|subversion}} || 2016-04-28 || <= 1.9.3-2 || 1.9.4-1 || 38d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000641.html ASA-201606-6]<br />
|-<br />
| {{CVE|CVE-2015-7704}} {{CVE|CVE-2015-8138}} {{CVE|CVE-2016-1547}} {{CVE|CVE-2016-1548}} {{CVE|CVE-2016-1549}} {{CVE|CVE-2016-1550}} {{CVE|CVE-2016-1551}} {{CVE|CVE-2016-2516}} {{CVE|CVE-2016-2517}} {{CVE|CVE-2016-2518}} {{CVE|CVE-2016-2519}} [http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security] || {{pkg|ntp}} || 2016-04-26 || <= 4.2.8.p6-3 || 4.2.8.p7-1 || 6d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-2804}} {{CVE|CVE-2016-2805}} {{CVE|CVE-2016-2806}} {{CVE|CVE-2016-2807}} {{CVE|CVE-2016-2808}} {{CVE|CVE-2016-2811}} {{CVE|CVE-2016-2812}} {{CVE|CVE-2016-2814}} {{CVE|CVE-2016-2816}} {{CVE|CVE-2016-2817}} {{CVE|CVE-2016-2820}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox46] || {{pkg|firefox}} || 2016-04-26 || <= 45.0.2-1 || 46.0-2 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000607.html ASA-201604-15]<br />
|-<br />
| {{CVE|CVE-2015-8863}} [http://seclists.org/oss-sec/2016/q2/134] || {{pkg|jq}} || 2016-04-23 || <= 1.5-3 || 1.5-4 || 109d || Fixed ({{bug|50330}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000684.html ASA-201608-10]<br />
|-<br />
| {{CVE|CVE-2016-3074}} [http://seclists.org/oss-sec/2016/q2/128] || {{pkg|gd}} || 2016-04-21 || <= 2.1.1-3 || 2.1.1-4 || 15d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000615.html ASA-201605-8]<br />
|-<br />
| {{CVE|CVE-2016-4051}} {{CVE|CVE-2016-4052}} {{CVE|CVE-2016-4053}} {{CVE|CVE-2016-4054}} [http://www.squid-cache.org/Advisories/SQUID-2016_5.txt] [http://www.squid-cache.org/Advisories/SQUID-2016_6.txt] || {{pkg|squid}} || 2016-04-20 || <= 3.5.16-1 || 3.5.17-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000606.html ASA-201604-14]<br />
|-<br />
| {{CVE|CVE-2016-4021}} [https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2016-030.txt] || {{pkg|pgpdump}} || 2016-04-12 || <= 0.29-2 || 0.30-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000603.html ASA-201604-11]<br />
|-<br />
| {{CVE|CVE-2016-1955}} {{CVE|CVE-2016-1956}} [https://www.mozilla.org/en-US/security/advisories/mfsa2016-18/] [https://www.mozilla.org/en-US/security/advisories/mfsa2016-19/] || {{pkg|thunderbird}} || 2016-04-12 || <= 38.7.2-1 || 45.0-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000604.html ASA-201604-12]<br />
|-<br />
| {{CVE|CVE-2016-2347}} [http://www.talosintel.com/reports/TALOS-2016-0095/] || {{pkg|lhasa}} || 2016-04-14 || <= 0.3.0-1 || 0.3.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000600.html ASA-201604-8]<br />
|-<br />
| {{CVE|CVE-2016-1651}} {{CVE|CVE-2016-1652}} {{CVE|CVE-2016-1653}} {{CVE|CVE-2016-1654}} {{CVE|CVE-2016-1655}} {{CVE|CVE-2016-1656}} {{CVE|CVE-2016-1657}} {{CVE|CVE-2016-1658}} {{CVE|CVE-2016-1659}} [http://googlechromereleases.blogspot.fr/2016/04/stable-channel-update_13.html] || {{pkg|chromium}} || 2016-04-13|| <= 49.0.2623.112-1 || 50.0.2661.75-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000602.html ASA-201604-10]<br />
|-<br />
| {{CVE|CVE-2015-5370}} {{CVE|CVE-2016-2110}} {{CVE|CVE-2016-2111}} {{CVE|CVE-2016-2112}} {{CVE|CVE-2016-2113}} {{CVE|CVE-2016-2114}} {{CVE|CVE-2016-2115}} {{CVE|CVE-2016-2118}} [https://www.samba.org/samba/history/security.html] [http://badlock.org/] || {{pkg|samba}} || 2016-04-12|| <= 4.4.0-1 || 4.4.2-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000605.html ASA-201604-13]<br />
|-<br />
| {{CVE|CVE-2016-4008}} [http://article.gmane.org/gmane.comp.security.oss.general/19286] || {{pkg|libtasn1}} || 2016-04-11|| <= 4.7-1 || 4.8-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000601.html ASA-201604-9]<br />
|-<br />
| {{CVE|CVE-2011-5326}} {{CVE|CVE-2016-3993}} {{CVE|CVE-2016-3994}} {{CVE|CVE-2016-4024}} [https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=785369] [http://article.gmane.org/gmane.comp.security.oss.general/19276] || {{pkg|imlib2}} || 2016-04-09 || <= 1.4.8-1 || 1.4.9-1 || 23d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000608.html ASA-201605-1]<br />
|-<br />
| {{CVE|CVE-2014-9771}} [http://www.openwall.com/lists/oss-security/2016/04/09/3] || {{pkg|imlib2}} || 2016-04-09 || <= 1.4.5-6 || 1.4.6-1 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-1006}} {{CVE|CVE-2016-1011}} {{CVE|CVE-2016-1012}} {{CVE|CVE-2016-1013}} {{CVE|CVE-2016-1014}} {{CVE|CVE-2016-1015}} {{CVE|CVE-2016-1016}} {{CVE|CVE-2016-1017}} {{CVE|CVE-2016-1018}} {{CVE|CVE-2016-1019}} {{CVE|CVE-2016-1020}} {{CVE|CVE-2016-1021}} {{CVE|CVE-2016-1022}} {{CVE|CVE-2016-1023}} {{CVE|CVE-2016-1024}} {{CVE|CVE-2016-1025}} {{CVE|CVE-2016-1026}} {{CVE|CVE-2016-1027}} {{CVE|CVE-2016-1028}} {{CVE|CVE-2016-1029}} {{CVE|CVE-2016-1030}} {{CVE|CVE-2016-1031}} {{CVE|CVE-2016-1032}} {{CVE|CVE-2016-1033}} [https://helpx.adobe.com/security/products/flash-player/apsa16-01.html] [https://helpx.adobe.com/security/products/flash-player/apsb16-10.html] || {{pkg|flashplugin}} || 2016-04-05 || <= 11.2.202.577-1 || 11.2.202.616-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000599.html ASA-201604-7]<br />
|-<br />
| {{CVE|CVE-2016-3630}} {{CVE|CVE-2016-3068}} {{CVE|CVE-2016-3069}} [https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.29] || {{pkg|mercurial}} || 2016-03-29 || <= 3.7.2-1 || 3.7.3-1 || 8d || Fixed ({{bug|48821}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000598.html ASA-201604-6]<br />
|-<br />
| {{CVE|CVE-2016-2191}} [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2191] [https://sourceforge.net/p/optipng/bugs/59/] [http://www.openwall.com/lists/oss-security/2016/04/04/2]|| {{Pkg|optipng}} || 2016-04-04 || <= 0.7.5-2 || 0.7.6-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000597.html ASA-201604-5]<br />
|-<br />
| {{CVE|CVE-2016-3947}} [http://www.squid-cache.org/Advisories/SQUID-2016_3.txt] || {{Pkg|squid}} || 2016-04-01 || <= 3.5.15-2 || 3.5.16 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000596.html ASA-201604-4]<br />
|-<br />
| {{CVE|CVE-2016-0636}} [http://www.oracle.com/technetwork/topics/security/alert-cve-2016-0636-2949497.html] [http://blog.fuseyism.com/index.php/2016/03/25/security-icedtea-2-6-5-for-openjdk-7-released/] || {{pkg|jdk7-openjdk}} {{pkg|jre7-openjdk}} {{pkg|jre7-openjdk-headless}} || 2016-03-24 || <= 7.u95_2.6.4-1 || 7.u99_2.6.5-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000593.html ASA-201604-1] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000594.html ASA-201604-2] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000595.html ASA-201604-3]<br />
|-<br />
| {{CVE|CVE-2016-0636}} [http://www.oracle.com/technetwork/topics/security/alert-cve-2016-0636-2949497.html] || {{pkg|jdk8-openjdk}} {{pkg|jre8-openjdk}} {{pkg|jre8-openjdk-headless}} || 2016-03-23 || <= 8.u74-1 || 8.u77-1 || 6d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000590.html ASA-201603-25] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000591.html ASA-201603-26] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000592.html ASA-201603-27]<br />
|-<br />
| {{CVE|CVE-2016-1646}} {{CVE|CVE-2016-1647}} {{CVE|CVE-2016-1648}} {{CVE|CVE-2016-1649}} {{CVE|CVE-2016-1650}} [http://googlechromereleases.blogspot.fr/2016/03/stable-channel-update_24.html] || {{pkg|chromium}} || 2016-03-24 || <= 49.0.2623.87-1 || 49.0.2623.108-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000589.html ASA-201603-24]<br />
|-<br />
| {{CVE|CVE-2016-2849}} {{CVE|CVE-2016-2850}} [http://botan.randombit.net/security.html#id1] || {{pkg|botan}} || 2016-03-20 || <= 1.11.28-1 || 1.11.29-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000587.html ASA-201603-22]<br />
|-<br />
| {{CVE|CVE-2016-1952}} {{CVE|CVE-2016-1953}} {{CVE|CVE-2016-1954}} {{CVE|CVE-2016-1957}} {{CVE|CVE-2016-1960}} {{CVE|CVE-2016-1961}} {{CVE|CVE-2016-1964}} {{CVE|CVE-2016-1966}} {{CVE|CVE-2016-1974}} {{CVE|CVE-2016-1977}} {{CVE|CVE-2016-2790}} {{CVE|CVE-2016-2791}} {{CVE|CVE-2016-2792}} {{CVE|CVE-2016-2793}} {{CVE|CVE-2016-2794}} {{CVE|CVE-2016-2795}} {{CVE|CVE-2016-2796}} {{CVE|CVE-2016-2797}} {{CVE|CVE-2016-2798}} {{CVE|CVE-2016-2799}} {{CVE|CVE-2016-2800}} {{CVE|CVE-2016-2801}} {{CVE|CVE-2016-2802}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird38.7] || {{pkg|thunderbird}} || 2016-03-14 || <= 38.6.0-1 || 38.7.0-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000586.html ASA-201603-21]<br />
|-<br />
| {{CVE|CVE-2016-2324}} [http://seclists.org/oss-sec/2016/q1/653] || {{pkg|git}} || 2016-03-15 || <= 2.7.3-1 || 2.7.4-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000585.html ASA-201603-20]<br />
|-<br />
| {{CVE|CVE-2016-3116}} [https://matt.ucc.asn.au/dropbear/CHANGES] || {{pkg|dropbear}} || 2016-03-13 || <= 2015.71-1 || 2016.72-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000584.html ASA-201603-19]<br />
|-<br />
| {{CVE|CVE-2015-1283}} [https://sourceforge.net/p/expat/bugs/528/] || {{pkg|expat}} || 2016-03-12 || <= 2.1.0-4 || 2.1.1-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000588.html ASA-201603-23]<br />
|-<br />
| {{CVE|CVE-2016-2088}} [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2088] {{CVE|CVE-2016-1286}} [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1286] {{CVE|CVE-2016-1285}} [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1285] || {{pkg|bind}} || 2016-03-10 || <= 9.10.3.P3-3 || 9.10.3.P4-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000578.html ASA-201603-13]<br />
|-<br />
| {{CVE|CVE-2016-0960}} {{CVE|CVE-2016-0961}} {{CVE|CVE-2016-0962}} {{CVE|CVE-2016-0963}} {{CVE|CVE-2016-0986}} {{CVE|CVE-2016-0987}} {{CVE|CVE-2016-0988}} {{CVE|CVE-2016-0989}} {{CVE|CVE-2016-0990}} {{CVE|CVE-2016-0991}} {{CVE|CVE-2016-0992}} {{CVE|CVE-2016-0993}} {{CVE|CVE-2016-0994}} {{CVE|CVE-2016-0995}} {{CVE|CVE-2016-0996}} {{CVE|CVE-2016-0997}} {{CVE|CVE-2016-0998}} {{CVE|CVE-2016-0999}} {{CVE|CVE-2016-1000}} {{CVE|CVE-2016-1001}} {{CVE|CVE-2016-1002}} {{CVE|CVE-2016-1005}} {{CVE|CVE-2016-1010}} [https://helpx.adobe.com/security/products/flash-player/apsb16-08.html] || {{pkg|lib32-flashplugin}} || 2016-03-10 || <= 11.2.202.569-1 || 11.2.202.577-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000576.html ASA-201603-11]<br />
|-<br />
| {{CVE|CVE-2016-0960}} {{CVE|CVE-2016-0961}} {{CVE|CVE-2016-0962}} {{CVE|CVE-2016-0963}} {{CVE|CVE-2016-0986}} {{CVE|CVE-2016-0987}} {{CVE|CVE-2016-0988}} {{CVE|CVE-2016-0989}} {{CVE|CVE-2016-0990}} {{CVE|CVE-2016-0991}} {{CVE|CVE-2016-0992}} {{CVE|CVE-2016-0993}} {{CVE|CVE-2016-0994}} {{CVE|CVE-2016-0995}} {{CVE|CVE-2016-0996}} {{CVE|CVE-2016-0997}} {{CVE|CVE-2016-0998}} {{CVE|CVE-2016-0999}} {{CVE|CVE-2016-1000}} {{CVE|CVE-2016-1001}} {{CVE|CVE-2016-1002}} {{CVE|CVE-2016-1005}} {{CVE|CVE-2016-1010}} [https://helpx.adobe.com/security/products/flash-player/apsb16-08.html] || {{pkg|flashplugin}} || 2016-03-10 || <= 11.2.202.569-1 || 11.2.202.577-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000575.html ASA-201603-10]<br />
|-<br />
| {{CVE|CVE-2016-3115}} [http://www.openssh.com/txt/x11fwd.adv] || {{pkg|openssh}} || 2016-03-10 || <= 7.2p1-1 || 7.2p2-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000577.html ASA-201603-12]<br />
|-<br />
| {{CVE|CVE-2015-8833}} [http://seclists.org/oss-sec/2016/q1/572] || {{pkg|pidgin-otr}} || 2016-03-09 || <= 4.0.1-2 || 4.0.2-1 || 3d || Fixed ({{bug|48537}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000579.html ASA-201603-14]<br />
|-<br />
| {{CVE|CVE-2016-2774}} [https://kb.isc.org/article/AA-01354] || {{pkg|dhcp}} || 2016-03-09 || <= 4.3.3.p1-1 || 4.3.4-1 || 21d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-1531}} [http://www.exim.org/static/doc/CVE-2016-1531.txt] || {{pkg|exim}} || 2016-03-06 || <= 4.86.1-1 || 4.86.2-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000573.html ASA-201603-8]<br />
|-<br />
| {{CVE|CVE-2016-1577}} {{CVE|CVE-2016-2089}} {{CVE|CVE-2016-2116}} || {{pkg|jasper}} || 2016-03-06 || <= 1.900.1-14 || 1.900.1-15 || ~2m || Fixed ({{bug|48511}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000609.html ASA-201605-2]<br />
|-<br />
| {{CVE|CVE-2016-1285}} {{CVE|CVE-2016-1286}} [https://kb.isc.org/article/AA-01352/] [https://kb.isc.org/article/AA-01353/] || {{pkg|bind}} || 2016-03-09 || <= 9.10.3.P3-3 || 9.10.3.P4-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000572.html ASA-201603-7]<br />
|-<br />
| {{CVE|CVE-2016-2851}} [https://otr.cypherpunks.ca/] || {{pkg|libotr}} || 2016-03-09 || <= 4.1.0-1 || 4.1.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000571.html ASA-201603-6]<br />
|-<br />
| {{CVE|CVE-2016-1643}} {{CVE|CVE-2016-1644}} {{CVE|CVE-2016-1645}} || {{pkg|chromium}} || 2016-03-09 || <= 49.0.2623.75-1 || 49.0.2623.87-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000570.html ASA-201603-5]<br />
|-<br />
| {{CVE|CVE-2016-1952}} {{CVE|CVE-2016-1953}} {{CVE|CVE-2016-1954}} {{CVE|CVE-2016-1955}} {{CVE|CVE-2016-1956}} {{CVE|CVE-2016-1957}} {{CVE|CVE-2016-1958}} {{CVE|CVE-2016-1959}} {{CVE|CVE-2016-1960}} {{CVE|CVE-2016-1961}} {{CVE|CVE-2016-1962}} {{CVE|CVE-2016-1963}} {{CVE|CVE-2016-1964}} {{CVE|CVE-2016-1965}} {{CVE|CVE-2016-1966}} {{CVE|CVE-2016-1967}} {{CVE|CVE-2016-1968}} {{CVE|CVE-2016-1970}} {{CVE|CVE-2016-1971}} {{CVE|CVE-2016-1972}} {{CVE|CVE-2016-1973}} {{CVE|CVE-2016-1974}} {{CVE|CVE-2016-1975}} {{CVE|CVE-2016-1976}} {{CVE|CVE-2016-1977}} {{CVE|CVE-2016-2790}} {{CVE|CVE-2016-2791}} {{CVE|CVE-2016-2792}} {{CVE|CVE-2016-2793}} {{CVE|CVE-2016-2794}} {{CVE|CVE-2016-2795}} {{CVE|CVE-2016-2796}} {{CVE|CVE-2016-2797}} {{CVE|CVE-2016-2798}} {{CVE|CVE-2016-2799}} {{CVE|CVE-2016-2800}} {{CVE|CVE-2016-2801}} {{CVE|CVE-2016-2802}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox45] || {{pkg|firefox}} || 2016-03-08 || <= 44.0.2-2 || 45.0-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000569.html ASA-201603-4]<br />
|-<br />
| {{CVE|CVE-2016-2532}} {{CVE|CVE-2016-2531}} {{CVE|CVE-2016-2530}} {{CVE|CVE-2016-2529}} {{CVE|CVE-2016-2528}} {{CVE|CVE-2016-2527}} {{CVE|CVE-2016-2526}} {{CVE|CVE-2016-2525}} {{CVE|CVE-2016-2524}} {{CVE|CVE-2016-2523}} {{CVE|CVE-2016-2522}} {{CVE|CVE-2016-2521}} || {{pkg|wireshark-cli}} {{pkg|wireshark-qt}} {{pkg|wireshark-gtk}} || 2016-03-07 || <= 2.0.1-2 || 2.0.2-1 || 5d || Fixed ({{bug|48536}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000580.html ASA-201603-15] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000581.html ASA-201603-16] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000582.html ASA-201603-17]<br />
|-<br />
| {{CVE|CVE-2016-2381}} [https://www.debian.org/security/2016/dsa-3501] || {{pkg|perl}} || 2016-03-07 || <= 5.22.1-1 || 5.22.1-2 || 3d || Fixed ({{Bug|48482}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000574.html ASA-201603-9]<br />
|-<br />
| {{CVE|CVE-2015-8126}} {{CVE|CVE-2016-1630}} {{CVE|CVE-2016-1631}} {{CVE|CVE-2016-1632}} {{CVE|CVE-2016-1633}} {{CVE|CVE-2016-1634}} {{CVE|CVE-2016-1635}} {{CVE|CVE-2016-1636}} {{CVE|CVE-2016-1637}} {{CVE|CVE-2016-1638}} {{CVE|CVE-2016-1639}} {{CVE|CVE-2016-1640}} {{CVE|CVE-2016-1641}} {{CVE|CVE-2016-1642}} [http://googlechromereleases.blogspot.fr/2016/03/stable-channel-update.html] || {{pkg|chromium}} || 2016-03-02 || <= 48.0.2564.116-1 || 49.0.2623.75-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000566.html ASA-201603-1]<br />
|-<br />
| {{CVE|CVE-2016-0702}} {{CVE|CVE-2016-0705}} {{CVE|CVE-2016-0797}} {{CVE|CVE-2016-0798}} {{CVE|CVE-2016-0799}} {{CVE|CVE-2016-0800}} [https://www.openssl.org/news/secadv/20160301.txt] || {{pkg|openssl}} || 2016-03-01 || <= 1.0.2.f-1 || 1.0.2.g-3 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000567.html ASA-201603-2]<br />
|-<br />
| {{CVE|CVE-2016-0702}} {{CVE|CVE-2016-0705}} {{CVE|CVE-2016-0797}} {{CVE|CVE-2016-0798}} {{CVE|CVE-2016-0799}} {{CVE|CVE-2016-0800}} [https://www.openssl.org/news/secadv/20160301.txt] || {{pkg|lib32-openssl}} || 2016-03-01 || <= 1.0.2.f-1 || 1.0.2.g-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000568.html ASA-201603-3]<br />
|-<br />
| {{CVE|CVE-2015-7511}} [https://lists.gnupg.org/pipermail/gnupg-announce/2016q1/000384.html] || {{pkg|libgcrypt}} || 2016-02-09 || <= 1.6.4-1 || 1.6.5-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000560.html ASA-201602-19]<br />
|-<br />
| {{CVE|CVE-2016-0739}} [https://www.libssh.org/2016/02/23/libssh-0-7-3-security-and-bugfix-release/] || {{pkg|libssh}} || 2016-02-23 || <= 0.7.2-1 || 0.7.3-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000559.html ASA-201602-18]<br />
|-<br />
| {{CVE|CVE-2016-0787}} [https://www.libssh2.org/adv_20160223.html] || {{pkg|libssh2}} || 2016-02-23 || <= 1.6.0-1 || 1.7.0-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000561.html ASA-201602-20]<br />
|-<br />
| {{CVE|CVE-2016-0787}} [https://www.libssh2.org/adv_20160223.html] || {{pkg|lib32-libssh2}} || 2016-02-23 || <= 1.6.0-1 || 1.7.0-1 ||3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000562.html ASA-201602-21]<br />
|-<br />
| {{CVE|CVE-2016-1629}} [http://googlechromereleases.blogspot.fr/2016/02/stable-channel-update_18.html] || {{pkg|chromium}} || 2016-02-18 || <= 48.0.2564.109-1 || 48.0.2564.116-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000558.html ASA-201602-17]<br />
|-<br />
| {{CVE|CVE-2015-7575}} {{CVE|CVE-2016-1523}} {{CVE|CVE-2016-1930}} {{CVE|CVE-2016-1931}} {{CVE|CVE-2016-1935}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird38.6] || {{pkg|thunderbird}} || 2016-02-11 || <= 38.5.1-1 || 38.6.0-1 || 6d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000557.html ASA-201602-16]<br />
|-<br />
| {{CVE|CVE-2015-7547}} {{CVE|CVE-2015-8776}} {{CVE|CVE-2015-8777}} {{CVE|CVE-2015-8778}} {{CVE|CVE-2015-8779}} [https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html] [https://googleonlinesecurity.blogspot.de/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html] || {{pkg|glibc}} || 2016-02-16 || <= 2.22-3 || 2.22-4 || 1d || Fixed ({{Bug|48213}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000555.html ASA-201602-15]<br />
|-<br />
| {{CVE|CVE-2015-7547}} {{CVE|CVE-2015-8776}} {{CVE|CVE-2015-8777}} {{CVE|CVE-2015-8778}} {{CVE|CVE-2015-8779}} [https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html] [https://googleonlinesecurity.blogspot.de/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html] || {{pkg|lib32-glibc}} || 2016-02-16 || <= 2.22-3.1 || 2.22-4 || 1d || Fixed ({{Bug|48213}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000554.html ASA-201602-14]<br />
|-<br />
| {{CVE|CVE-2016-1622}} {{CVE|CVE-2016-1623}} {{CVE|CVE-2016-1624}} {{CVE|CVE-2016-1625}} {{CVE|CVE-2016-1626}} {{CVE|CVE-2016-1627}} [http://googlechromereleases.blogspot.fr/2016/02/stable-channel-update_9.html]|| {{pkg|chromium}} || 2016-02-09 || <= 48.0.2564.103-1 || 48.0.2564.109-1 || 6d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-1949}} [https://www.mozilla.org/en-US/security/advisories/mfsa2016-13/]|| {{pkg|firefox}} || 2016-02-11 || <= 44.0.1-1 || 44.0.2-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000552.html ASA-201602-12]<br />
|-<br />
| {{CVE|CVE-2016-1544}} [https://nghttp2.org/blog/2016/02/11/nghttp2-v1-7-1/]|| {{pkg|nghttp2}} || 2016-02-11 || <= 1.7.0-1 || 1.7.1-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000553.html ASA-201602-13]<br />
|-<br />
| {{CVE|CVE-2014-2312}} [https://www.kde.org/info/security/advisory-20160209-1.txt]|| {{pkg|kscreenlocker}} || 2016-02-10 || <= 5.5.4-1 || 5.5.4-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000550.html ASA-201602-10]<br />
|-<br />
| {{CVE|CVE-2014-9496}} {{CVE|CVE-2014-9756}} {{CVE|CVE-2015-7805}} || {{pkg|libsndfile}} {{pkg|lib32-libsndfile}} || 2016-02-01 || <= 1.0.25-3 || 1.0.26-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000548.html ASA-201602-8] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000549.html ASA-201602-9]<br />
|-<br />
| {{CVE|CVE-2015-8803}} {{CVE|CVE-2015-8804}} {{CVE|CVE-2015-8805}} [https://blog.fuzzing-project.org/38-Miscomputations-of-elliptic-curve-scalar-multiplications-in-Nettle.html] || {{pkg|nettle}} {{pkg|lib32-nettle}} || 2016-02-03 || <= 3.1-1 || 3.2-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000545.html ASA-201602-5] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000546.html ASA-201602-6]<br />
|-<br />
| {{CVE|CVE-2016-2194}} {{CVE|CVE-2016-2195}} {{CVE|CVE-2016-2196}} [http://botan.randombit.net/security.html#id1] || {{pkg|botan}} || 2016-02-01 || <= 1.11.25-2 || 1.11.28-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000551.html ASA-201602-11]<br />
|-<br />
| {{CVE|CVE-2014-9761}} [http://seclists.org/oss-sec/2016/q1/153] || {{pkg|lib32-glibc}} || 2016-02-01 || <= 2.22-4 || 2.23-1 || 27d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000564.html ASA-201602-23]<br />
|-<br />
| {{CVE|CVE-2014-9761}} [http://seclists.org/oss-sec/2016/q1/153] || {{pkg|glibc}} || 2016-02-01 || <= 2.22-4 || 2.23-1 || 27d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000563.html ASA-201602-22]<br />
|-<br />
| {{CVE|CVE-2016-2048}} [https://www.djangoproject.com/weblog/2016/feb/01/releases-192-and-189/] || {{pkg|python-django}} {{pkg|python2-django}} || 2016-02-01 || <= 1.9.1-1 || 1.9.2-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000540.html ASA-201602-1] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000542.html ASA-201602-2]<br />
|-<br />
| {{CVE|CVE-2016-2090}} [http://article.gmane.org/gmane.comp.security.oss.general/18715] [http://cgit.freedesktop.org/libbsd/commit/?id=c8f0723d2b4520bdd6b9eb7c3e7976de726d7ff7] [https://bugs.freedesktop.org/show_bug.cgi?id=93881] [https://blog.fuzzing-project.org/36-Heap-buffer-overflow-in-fgetwln-function-of-libbsd.html] || {{pkg|libbsd}} || 2016-01-27 || <= 0.8.1-1 || 0.8.2-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000547.html ASA-201602-7]<br />
|-<br />
| {{CVE|CVE-2015-3197}} {{CVE|CVE-2015-4000}} {{CVE|CVE-2016-0701}} [https://openssl.org/news/secadv/20160128.txt] || {{pkg|openssl}} {{pkg|lib32-openssl}} || 2016-01-28 || <= 1.0.2.e-1 || 1.0.2.f-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000538.html ASA-201601-32] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000539.html ASA-201601-33]<br />
|-<br />
| {{CVE|CVE-2016-0755}} [http://curl.haxx.se/docs/adv_20160127A.html] || {{pkg|curl}} {{pkg|lib32-curl}} || 2016-01-27 || <= 7.46.0-1 || 7.47.0-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000543.html ASA-201602-3] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000544.html ASA-201602-4]<br />
|-<br />
| {{CVE|CVE-2016-0742}} {{CVE|CVE-2016-0746}} {{CVE|CVE-2016-0747}} [http://mailman.nginx.org/pipermail/nginx-announce/2016/000168.html] || {{pkg|nginx}} || 2016-01-26 || <= 1.8.0-2 || 1.8.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000536.html ASA-201601-31]<br />
|-<br />
| {{CVE|CVE-2016-1982}} {{CVE|CVE-2016-1983}} [http://seclists.org/oss-sec/2016/q1/179] || {{pkg|privoxy}} || 2016-01-21 || <= 3.0.23-1 || 3.0.24-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000532.html ASA-201601-27]<br />
|-<br />
| {{CVE|CVE-2016-1572}} [https://bugs.launchpad.net/ecryptfs/+bug/1530566] || {{pkg|ecryptfs-utils}} || 2016-01-21 || <= 108-1 || 108-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000530.html ASA-201601-25]<br />
|-<br />
| {{CVE|CVE-2016-1612}} {{CVE|CVE-2016-1613}} {{CVE|CVE-2016-1614}} {{CVE|CVE-2016-1615}} {{CVE|CVE-2016-1616}} {{CVE|CVE-2016-1617}} {{CVE|CVE-2016-1618}} {{CVE|CVE-2016-1619}} {{CVE|CVE-2016-1620}} [http://googlechromereleases.blogspot.fr/2016/01/stable-channel-update_20.html] || {{pkg|chromium}} || 2016-01-20 || <= 47.0.2526.111-1 || 48.0.2564.82-1 || 1d|| Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000533.html ASA-201601-28]<br />
|-<br />
| {{CVE|CVE-2015-8704}} {{CVE|CVE-2015-8705}} [https://kb.isc.org/article/AA-01335] [https://kb.isc.org/article/AA-01336] || {{pkg|bind}} || 2016-01-19 || <= 9.10.3.P2-1 || 9.10.3.P3-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000526.html ASA-201601-21]<br />
|-<br />
| {{CVE|CVE-2016-0728}} [http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/] || {{pkg|linux-lts}} || 2016-01-19 || <= 4.1.15-1 || 4.1.16-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000531.html ASA-201601-26]<br />
|-<br />
| {{CVE|CVE-2016-0728}} [http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/] || {{pkg|linux}} || 2016-01-19 || <= 4.3.3-2 || 4.3.3-3 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000525.html ASA-201601-20]<br />
|-<br />
| {{CVE|CVE-2015-5300}} [http://support.ntp.org/bin/view/Main/NtpBug2956] || {{pkg|ntp}} || 2016-01-07 || <= 4.2.8.p4-1 || 4.2.8.p5-1 || 10d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000524.html ASA-201601-19]<br />
|-<br />
| {{CVE|CVE-2015-8618}} [https://groups.google.com/forum/#!topic/golang-dev/MEATuOi_ei4] || {{pkg|syncthing}} || 2016-01-13 || <= 0.12.14-1 || 0.12.14-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000521.html ASA-201601-16]<br />
|-<br />
| {{CVE|CVE-2015-8618}} [https://groups.google.com/forum/#!topic/golang-dev/MEATuOi_ei4] || {{pkg|keybase}} || 2016-01-13 || <= 1.0.8.0-1 || 1.0.8.0-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000520.html ASA-201601-15]<br />
|-<br />
| {{CVE|CVE-2015-8618}} [https://groups.google.com/forum/#!topic/golang-dev/MEATuOi_ei4] || {{pkg|hub}} || 2016-01-13 || <= 2.2.2-1 || 2.2.2-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000519.html ASA-201601-14]<br />
|-<br />
| {{CVE|CVE-2015-8618}} [https://groups.google.com/forum/#!topic/golang-dev/MEATuOi_ei4] || {{pkg|go-ipfs}} || 2016-01-13 || <= 0.3.11-1 || 0.3.11-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000518.html ASA-201601-13]<br />
|-<br />
| {{CVE|CVE-2015-8618}} [https://groups.google.com/forum/#!topic/golang-dev/MEATuOi_ei4] || {{pkg|docker}} || 2016-01-13 || <= 1:1.9.1-1 || 1:1.9.1-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000517.html ASA-201601-12]<br />
|-<br />
| {{CVE|CVE-2015-8770}} [http://seclists.org/bugtraq/2016/Jan/60] || {{pkg|roundcubemail}} || 2015-12-26 || <= 1.2beta-1 || 1.2beta-2 || 20d || Fixed ({{bug|47764}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000523.html ASA-201601-18]<br />
|-<br />
| {{CVE|CVE-2016-1903}} {{CVE|CVE-2016-1904}} [http://seclists.org/oss-sec/2016/q1/100] || {{pkg|php}} || 2016-01-14 || <= 7.0.1-1 || 7.0.2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000515.html ASA-201601-10]<br />
|-<br />
| {{CVE|CVE-2016-0777}} {{CVE|CVE-2016-0778}} [http://www.openssh.com/txt/release-7.1p2] || {{pkg|openssh}} || 2016-01-14 || <= 7.1p1-1 || 7.1p2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000512.html ASA-201601-9]<br />
|-<br />
| {{CVE|CVE-2016-2213}} [http://www.openwall.com/lists/oss-security/2016/02/03/2] || {{pkg|ffmpeg}} || 2016-02-03 || <= 2.8.4-1 || 2.8.5-1 || 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-1897}} {{CVE|CVE-2016-1898}} [http://seclists.org/oss-sec/2016/q1/85] || {{pkg|ffmpeg}} || 2016-01-13 || <= 1:2.8.4-2 || 1:2.8.4-3 || <1d || Fixed ({{Bug|47738}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000522.html ASA-201601-17]<br />
|-<br />
| {{CVE|CVE-2016-1897}} {{CVE|CVE-2016-1898}} [http://seclists.org/oss-sec/2016/q1/85] || {{pkg|mplayer}} || 2016-01-13 || <= 37379-6 || 37379-7 || 17d || Fixed ({{Bug|47944}}) || None<br />
|-<br />
| {{CVE|CVE-2015-8618}} [https://groups.google.com/forum/#!topic/golang-dev/MEATuOi_ei4] || {{pkg|go}} || 2016-01-13 || <= 2:1.5.2-1 || 2:1.5.3-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000516.html ASA-201601-11]<br />
|-<br />
|{{CVE|CVE-2015-8742}} {{CVE|CVE-2015-8741}} {{CVE|CVE-2015-8740}} {{CVE|CVE-2015-8738}} {{CVE|CVE-2015-8739}} {{CVE|CVE-2015-8737}} {{CVE|CVE-2015-8736}} {{CVE|CVE-2015-8735}} {{CVE|CVE-2015-8734}} {{CVE|CVE-2015-8733}} {{CVE|CVE-2015-8732}} {{CVE|CVE-2015-8730}} {{CVE|CVE-2015-8731}} {{CVE|CVE-2015-8729}} {{CVE|CVE-2015-8728}} {{CVE|CVE-2015-8727}} {{CVE|CVE-2015-8726}} {{CVE|CVE-2015-8725}} {{CVE|CVE-2015-8724}} {{CVE|CVE-2015-8723}} {{CVE|CVE-2015-8722}} {{CVE|CVE-2015-8721}} {{CVE|CVE-2015-8720}} {{CVE|CVE-2015-8718}} {{CVE|CVE-2015-8711}} || {{Pkg|wireshark-cli}} {{Pkg|wireshark-gtk}} {{Pkg|wireshark-qt}} || 2016-01-04 || <= 2.0.0 || 2.0.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000483.html ASA-201601-4] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000484.html ASA-201601-5] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000485.html ASA-201601-6]<br />
|-<br />
| {{CVE|CVE-2016-1564}} [http://article.gmane.org/gmane.comp.security.oss.general/18527] || {{Pkg|wordpress}} || 2016-01-08 || <= 4.4-1 || 4.4.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000481.html ASA-201601-2]<br />
|-<br />
| {{CVE|CVE-2015-8751}} [https://bugzilla.redhat.com/show_bug.cgi?id=1294039] [http://article.gmane.org/gmane.comp.security.oss.general/18523] || {{Pkg|jasper}} || 2016-01-07 || 1.900.1-15 || || || '''Vulnerable''' || <br />
|-<br />
| {{CVE|CVE-2015-8750}} [https://bugzilla.redhat.com/show_bug.cgi?id=1294264] [https://github.com/tomhughes/libdwarf/commit/11750a2838e52953013e3114ef27b3c7b1780697] || {{Pkg|libdwarf}} || 2016-01-07 || 20150507-1 || 20160115-1 || 13d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000527.html ASA-201601-22]<br />
|-<br />
| {{CVE|CVE-2016-1503}} {{CVE|CVE-2016-1504}} [http://article.gmane.org/gmane.comp.security.oss.general/18516] || {{Pkg|dhcpcd}} || 2016-01-07 || <= 6.9.4-1 || 6.10.0-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000486.html ASA-201601-7]<br />
|-<br />
| {{CVE|CVE-2015-7575}} [http://www.mitls.org/pages/attacks/SLOTH] [https://tls.mbed.org/tech-updates/releases/mbedtls-2.2.1-2.1.4-1.3.16-and-polarssl.1.2.19-released] || {{pkg|mbedtls}} || 2016-01-04 || 2.2.0-1 || 2.2.1-1 || 21d || Fixed ({{bug|47783}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000534.html ASA-201601-29]<br />
|-<br />
| {{CVE|CVE-2015-8688}} [http://gultsch.de/gajim_roster_push_and_message_interception.html] || {{pkg|gajim}} || 2015-12-20 || <= 0.16.4-1 || 0.16.5-1 || 20d || Fixed ({{bug|47647}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000482.html ASA-201601-3]<br />
|-<br />
| {{CVE|CVE-2016-1494}} [https://bitbucket.org/sybren/python-rsa/pull-requests/14/security-fix-bb06-attack-in-verify-by/diff] [https://blog.filippo.io/bleichenbacher-06-signature-forgery-in-python-rsa/] || {{pkg|python-rsa}} {{pkg|python2-rsa}} || 2016-01-05 || <= 3.2.3-1 || 3.3-1 || 13d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000528.html ASA-201601-23] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000529.html ASA-201601-24]<br />
|-<br />
| {{CVE|CVE-2016-1283}} [https://bugs.exim.org/show_bug.cgi?id=1767] [http://article.gmane.org/gmane.comp.security.oss.general/18481] || {{pkg|pcre}} || 2016-01-02 || <= 8.38-2 || 8.38-3 || 71d|| Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000583.html ASA-201603-18]<br />
|-<br />
|[http://article.gmane.org/gmane.comp.security.oss.general/18466] || {{Pkg|rtmpdump}} || 2015-12-23 || <= 20140918-2 || 1:2.4.r96.fa8646d-1 || 7d || Fixed ({{bug|47564}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000480.html ASA-201601-1]<br />
|-<br />
| {{CVE|CVE-2015-8472}} [http://seclists.org/oss-sec/2015/q4/439] || {{pkg|libpng}} || 2015-12-03 || <= 1.6.19-1 || 1.6.20-1 || 25d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000477.html ASA-201512-18]<br />
|-<br />
| {{CVE|CVE-2015-8459}} {{CVE|CVE-2015-8460}} {{CVE|CVE-2015-8634}} {{CVE|CVE-2015-8635}} {{CVE|CVE-2015-8636}} {{CVE|CVE-2015-8638}} {{CVE|CVE-2015-8639}} {{CVE|CVE-2015-8640}} {{CVE|CVE-2015-8641}} {{CVE|CVE-2015-8642}} {{CVE|CVE-2015-8643}} {{CVE|CVE-2015-8644}} {{CVE|CVE-2015-8645}} {{CVE|CVE-2015-8646}} {{CVE|CVE-2015-8647}} {{CVE|CVE-2015-8648}} {{CVE|CVE-2015-8649}} {{CVE|CVE-2015-8650}} {{CVE|CVE-2015-8651}} [https://helpx.adobe.com/security/products/flash-player/apsb16-01.html] || {{pkg|flashplugin}} {{pkg|lib32-flashplugin}} || 2015-12-28 || <= 11.2.202.554-1 || 11.2.202.559-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000477.html ASA-201512-17]<br />
|-<br />
| {{CVE|CVE-2015-7554}} {{CVE|CVE-2015-8683}} [http://seclists.org/oss-sec/2015/q4/584] [http://seclists.org/oss-sec/2015/q4/590] || {{pkg|libtiff}} || 2015-12-25 || <= 4.0.6-2 || || || '''Vulnerable''' || <br />
|-<br />
| {{CVE|CVE-2015-7201}} {{CVE|CVE-2015-7205}} {{CVE|CVE-2015-7212}} {{CVE|CVE-2015-7213}} {{CVE|CVE-2015-7214}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird38.5] || {{pkg|thunderbird}} || 2015-12-23 || <= 38.4.0-2 || 38.5.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000474.html ASA-201512-14]<br />
|-<br />
| {{CVE|CVE-2015-8612}} [http://seclists.org/oss-sec/2015/q4/541] || {{pkg|blueman}} || 2015-12-18 || <= 2.0.2-1 || 2.0.3-1 || 38d || Fixed ({{bug|47784}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000535.html ASA-201601-30]<br />
|-<br />
| {{CVE|CVE-2015-8659}} [http://seclists.org/oss-sec/2015/q4/576] || {{pkg|nghttp2}} || 2015-12-23 || <= 1.5.0-2 || 1.6.0-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000476.html ASA-201512-16]<br />
|-<br />
| {{CVE|CVE-2015-7555}} [http://seclists.org/oss-sec/2015/q4/548] || {{pkg|giflib}} || 2015-12-21 || <= 5.1.1-1 || 5.1.2-1 || 43d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-7557}} {{CVE|CVE-2015-7558}} [http://seclists.org/oss-sec/2015/q4/549] || {{pkg|librsvg}} || 2015-12-21 || <= 2:2.40.11-1 || 2:2.40.13-1 || 45d || Fixed ({{bug|47785}}) || None<br />
|-<br />
| {{CVE|CVE-2015-8622}} {{CVE|CVE-2015-8623}} {{CVE|CVE-2015-8624}} {{CVE|CVE-2015-8625}} {{CVE|CVE-2015-8626}} {{CVE|CVE-2015-8627}} {{CVE|CVE-2015-8628}} [http://seclists.org/oss-sec/2015/q4/552] || {{pkg|mediawiki}} || 2015-12-17 || <= 1.26.0-1 || 1.26.2-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000475.html ASA-201512-15]<br />
|-<br />
| {{CVE|CVE-2015-8614}} [http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3557] || {{pkg|claws-mail}} || 2015-12-21 || <= 3.13.0-1 || 3.13.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000473.html ASA-201512-13]<br />
|-<br />
| {{CVE|CVE-2015-8369}} {{CVE|CVE-2015-8604}} {{CVE|CVE-2015-8377}} {{CVE|CVE-2016-2313}} [http://www.openwall.com/lists/oss-security/2016/02/09/3] [https://bugs.mageia.org/show_bug.cgi?id=17352] [http://www.openwall.com/lists/oss-security/2016/01/04/8] || {{pkg|cacti}} || 2015-12-17 || <= 0.8.8_f-3 || 0.8.8_g-2 || 72d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000565.html ASA-201602-24]<br />
|-<br />
| [https://blog.fuzzing-project.org/32-Out-of-bounds-read-in-OpenVPN.html] || {{pkg|openvpn}} || 2015-12-18 || <= 2.3.8-2 || 2.3.9-1 || 9d || Fixed ({{bug|47498}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000479.html ASA-201512-19]<br />
|-<br />
| {{CVE|CVE-2015-8549}} [http://www.ocert.org/advisories/ocert-2015-011.html] || {{pkg|python2-pyamf}} || 2015-12-17 || <= 0.7.2-1 || 0.8.0-2 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000472.html ASA-201512-12]<br />
|-<br />
| {{CVE|CVE-2015-7551}} [https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/] || {{pkg|ruby}} || 2015-12-16 || <= 2.2.3-1 || 2.2.4-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000471.html ASA-201512-11]<br />
|-<br />
| {{CVE|CVE-2015-7201}} {{CVE|CVE-2015-7202}} {{CVE|CVE-2015-7203}} {{CVE|CVE-2015-7204}} {{CVE|CVE-2015-7205}} {{CVE|CVE-2015-7207}} {{CVE|CVE-2015-7208}} {{CVE|CVE-2015-7210}} {{CVE|CVE-2015-7211}} {{CVE|CVE-2015-7212}} {{CVE|CVE-2015-7213}} {{CVE|CVE-2015-7214}} {{CVE|CVE-2015-7215}} {{CVE|CVE-2015-7216}} {{CVE|CVE-2015-7217}} {{CVE|CVE-2015-7218}} {{CVE|CVE-2015-7219}} {{CVE|CVE-2015-7220}} {{CVE|CVE-2015-7221}} {{CVE|CVE-2015-7222}} {{CVE|CVE-2015-7223}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox43] || {{pkg|firefox}} || 2015-12-15 || <= 42.0-3 || 43.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000467.html ASA-201512-9]<br />
|-<br />
| {{CVE|CVE-2015-8000}} [https://kb.isc.org/article/AA-01317] || {{pkg|bind}} || 2015-12-15 || <= 9.10.3-2 || 9.10.3.P2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000468.html ASA-201512-10]<br />
|-<br />
| {{CVE|CVE-2015-8370}} [http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html#fix] || {{pkg|grub}} || 2015-12-15 || <= 1:2.02.beta2-5 || 1:2.02.beta2-6 || 3d || Fixed ({{bug|47386}}) || None<br />
|-<br />
| {{CVE|CVE-2015-8378}} [https://www.keepassx.org/news/2015/12/551] || {{pkg|keepassx}} || 2015-12-08 || <= 0.4.3-7 || 0.4.4-1 || <2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000466.html ASA-201512-8]<br />
|-<br />
| {{CVE|CVE-2015-8045}} {{CVE|CVE-2015-8047}} {{CVE|CVE-2015-8048}} {{CVE|CVE-2015-8049}} {{CVE|CVE-2015-8050}} {{CVE|CVE-2015-8055}} {{CVE|CVE-2015-8056}} {{CVE|CVE-2015-8057}} {{CVE|CVE-2015-8058}} {{CVE|CVE-2015-8059}} {{CVE|CVE-2015-8060}} {{CVE|CVE-2015-8061}} {{CVE|CVE-2015-8062}} {{CVE|CVE-2015-8063}} {{CVE|CVE-2015-8064}} {{CVE|CVE-2015-8065}} {{CVE|CVE-2015-8066}} {{CVE|CVE-2015-8067}} {{CVE|CVE-2015-8068}} {{CVE|CVE-2015-8069}} {{CVE|CVE-2015-8070}} {{CVE|CVE-2015-8071}} {{CVE|CVE-2015-8401}} {{CVE|CVE-2015-8402}} {{CVE|CVE-2015-8403}} {{CVE|CVE-2015-8404}} {{CVE|CVE-2015-8405}} {{CVE|CVE-2015-8406}} {{CVE|CVE-2015-8407}} {{CVE|CVE-2015-8408}} {{CVE|CVE-2015-8409}} {{CVE|CVE-2015-8410}} {{CVE|CVE-2015-8411}} {{CVE|CVE-2015-8412}} {{CVE|CVE-2015-8413}} {{CVE|CVE-2015-8414}} {{CVE|CVE-2015-8415}} {{CVE|CVE-2015-8416}} {{CVE|CVE-2015-8417}} {{CVE|CVE-2015-8418}} {{CVE|CVE-2015-8419}} {{CVE|CVE-2015-8420}} {{CVE|CVE-2015-8421}} {{CVE|CVE-2015-8422}} {{CVE|CVE-2015-8423}} {{CVE|CVE-2015-8424}} {{CVE|CVE-2015-8425}} {{CVE|CVE-2015-8426}} {{CVE|CVE-2015-8427}} {{CVE|CVE-2015-8428}} {{CVE|CVE-2015-8429}} {{CVE|CVE-2015-8430}} {{CVE|CVE-2015-8431}} {{CVE|CVE-2015-8432}} {{CVE|CVE-2015-8433}} {{CVE|CVE-2015-8434}} {{CVE|CVE-2015-8435}} {{CVE|CVE-2015-8436}} {{CVE|CVE-2015-8437}} {{CVE|CVE-2015-8438}} {{CVE|CVE-2015-8439}} {{CVE|CVE-2015-8440}} {{CVE|CVE-2015-8441}} {{CVE|CVE-2015-8442}} {{CVE|CVE-2015-8443}} {{CVE|CVE-2015-8444}} {{CVE|CVE-2015-8445}} {{CVE|CVE-2015-8446}} {{CVE|CVE-2015-8447}} {{CVE|CVE-2015-8448}} {{CVE|CVE-2015-8449}} {{CVE|CVE-2015-8450}} {{CVE|CVE-2015-8451}} {{CVE|CVE-2015-8452}} {{CVE|CVE-2015-8453}} {{CVE|CVE-2015-8454}} {{CVE|CVE-2015-8455}} [https://helpx.adobe.com/security/products/flash-player/apsb15-32.html] || {{pkg|flashplugin}} || 2015-12-08 || <= 11.2.202.548-1 || 11.2.202.554-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000465.html ASA-201512-7]<br />
|-<br />
| {{CVE|CVE-2015-6788}} {{CVE|CVE-2015-6789}} {{CVE|CVE-2015-6790}} {{CVE|CVE-2015-6791}} [http://googlechromereleases.blogspot.fr/2015/12/stable-channel-update_8.html] || {{pkg|chromium}} || 2015-12-08 || <= 47.0.2526.73-1 || 47.0.2526.80-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000463.html ASA-201512-5]<br />
|-<br />
| {{CVE|CVE-2015-3193}} {{CVE|CVE-2015-3194}} {{CVE|CVE-2015-3195}} {{CVE|CVE-2015-3196}} {{CVE|CVE-2015-1794}} [https://www.openssl.org/news/secadv/20151203.txt] || {{pkg|openssl}} {{pkg|lib32-openssl}} || 2015-12-03 || <= 1.0.2.d-1 || 1.0.2.e-1 || <3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000459.html ASA-201512-2]<br />
|-<br />
| {{CVE|CVE-2015-6764}} {{CVE|CVE-2015-6765}} {{CVE|CVE-2015-6766}} {{CVE|CVE-2015-6767}} {{CVE|CVE-2015-6768}} {{CVE|CVE-2015-6769}} {{CVE|CVE-2015-6770}} {{CVE|CVE-2015-6771}} {{CVE|CVE-2015-6772}} {{CVE|CVE-2015-6773}} {{CVE|CVE-2015-6774}} {{CVE|CVE-2015-6775}} {{CVE|CVE-2015-6776}} {{CVE|CVE-2015-6777}} {{CVE|CVE-2015-6778}} {{CVE|CVE-2015-6779}} {{CVE|CVE-2015-6780}} {{CVE|CVE-2015-6781}} {{CVE|CVE-2015-6782}} {{CVE|CVE-2015-6783}} {{CVE|CVE-2015-6784}} {{CVE|CVE-2015-6785}} {{CVE|CVE-2015-6786}} {{CVE|CVE-2015-6787}} [http://googlechromereleases.blogspot.fr/2015/12/stable-channel-update.html] || {{pkg|chromium}} || 2015-12-01 || <= 46.0.2490.86-1 || 47.0.2526.73-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000440.html ASA-201512-1]<br />
|-<br />
| {{CVE|CVE-2015-6764}} {{CVE|CVE-2015-8027}} [https://nodejs.org/en/blog/vulnerability/cve-2015-8027_cve-2015-6764/] || {{pkg|nodejs}} || 2015-11-25 || <= 5.1.0-1 || 5.1.1-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000462.html ASA-201512-4]<br />
|-<br />
| {{CVE|CVE-2015-8213}} [https://www.djangoproject.com/weblog/2015/nov/24/security-releases-issued/ templink] || {{pkg|python-django}} {{pkg|python2-django}} || 2015-11-24 || <= 1.8.6-1 || 1.8.7-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000460.html ASA-201512-3]<br />
|-<br />
| {{CVE|CVE-2015-1819}} {{CVE|CVE-2015-5312}} {{CVE|CVE-2015-7941}} {{CVE|CVE-2015-7942}} {{CVE|CVE-2015-7497}} {{CVE|CVE-2015-7498}} {{CVE|CVE-2015-7499}} {{CVE|CVE-2015-7500}} {{CVE|CVE-2015-8035}} {{CVE|CVE-2015-8242}} [https://mail.gnome.org/archives/xml/2015-November/msg00012.html templink] || {{pkg|libxml2}} || 2015-11-20 || <= 2.9.2-2 || 2.9.3-1 || 19d || Fixed ({{bug|47095}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000464.html ASA-201512-6]<br />
|-<br />
| {{CVE|CVE-2015-7981}} {{CVE|CVE-2015-8126}} [http://seclists.org/oss-sec/2015/q4/264 templink] [http://seclists.org/oss-sec/2015/q4/161 templink] || {{pkg|libpng}} {{pkg|lib32-libpng}} || 2015-11-12 || <= 1.6.18-1 || 1.6.19-1 || 5d || Fixed ({{bug|47069}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000437.html ASA-201511-9] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000438.html ASA-201511-10]<br />
|-<br />
| {{CVE|CVE-2015-5309}} [http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-ech-overflow.html templink] || {{pkg|putty}} || 2015-11-12 || <= 0.65-1 || 0.66-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000435.html ASA-201511-7]<br />
|-<br />
| {{CVE|CVE-2015-7651}} {{CVE|CVE-2015-7652}} {{CVE|CVE-2015-7653}} {{CVE|CVE-2015-7654}} {{CVE|CVE-2015-7655}} {{CVE|CVE-2015-7656}} {{CVE|CVE-2015-7657}} {{CVE|CVE-2015-7658}} {{CVE|CVE-2015-7659}} {{CVE|CVE-2015-7660}} {{CVE|CVE-2015-7661}} {{CVE|CVE-2015-7662}} {{CVE|CVE-2015-7663}} {{CVE|CVE-2015-8042}} {{CVE|CVE-2015-8043}} {{CVE|CVE-2015-8044}} {{CVE|CVE-2015-8046}} [https://helpx.adobe.com/security/products/flash-player/apsb15-28.html templink] || {{pkg|flashplugin}} || 2015-11-10 || <= 11.2.202.540-1 || 11.2.202.548-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000433.html ASA-201511-5]<br />
|-<br />
| {{CVE|CVE-2015-1302}} [http://googlechromereleases.blogspot.fr/2015/11/stable-channel-update.html templink] || {{pkg|chromium}} || 2015-11-10 || <= 46.0.2490.80-2 || 46.0.2490.86-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000436.html ASA-201511-8]<br />
|-<br />
| {{CVE|CVE-2015-5311}} [https://doc.powerdns.com/md/security/powerdns-advisory-2015-03/ templink] || {{pkg|powerdns}} || 2015-11-09 || <= 3.4.6-2 || 3.4.7-1 || 3d || Fixed ({{bug|47014}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000434.html ASA-201511-6]<br />
|-<br />
| {{CVE|CVE-2015-4513}} {{CVE|CVE-2015-4514}} {{CVE|CVE-2015-4515}} {{CVE|CVE-2015-4518}} {{CVE|CVE-2015-7181}} {{CVE|CVE-2015-7182}} {{CVE|CVE-2015-7183}} {{CVE|CVE-2015-7187}} {{CVE|CVE-2015-7188}} {{CVE|CVE-2015-7189}} {{CVE|CVE-2015-7193}} {{CVE|CVE-2015-7194}} {{CVE|CVE-2015-7195}} {{CVE|CVE-2015-7196}} {{CVE|CVE-2015-7197}} {{CVE|CVE-2015-7198}} {{CVE|CVE-2015-7199}} {{CVE|CVE-2015-7200}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2015-11-03 || <= 41.0.2-2 || 42.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000430.html ASA-201511-2]<br />
|-<br />
| {{CVE|CVE-2015-7183}} [http://www.mail-archive.com/dev-tech-crypto@lists.mozilla.org/msg12386.html templink] || {{pkg|nspr}} || 2015-11-03 || <= 4.10.9-1 || 4.10.10-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000432.html ASA-201511-4]<br />
|-<br />
| {{CVE|CVE-2015-7181}} {{CVE|CVE-2015-7182}} [http://www.mail-archive.com/dev-tech-crypto@lists.mozilla.org/msg12386.html templink] || {{pkg|nss}} || 2015-11-03 || <= 3.20-1 || 3.20.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000431.html ASA-201511-3]<br />
|-<br />
| {{CVE|CVE-2015-7696}} {{CVE|CVE-2015-7697}} [http://seclists.org/oss-sec/2015/q3/512 templink] || {{pkg|unzip}} || 2015-10-30 || <= 6.0-10 || 6.0-11 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000429.html ASA-201511-1]<br />
|-<br />
| {{CVE|CVE-2015-8011}} {{CVE|CVE-2015-8012}} [http://seclists.org/oss-sec/2015/q4/198 templink] || {{pkg|lldpd}} || 2015-10-17 || <= 0.7.18-1 || 0.7.19-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000427.html ASA-201510-25]<br />
|-<br />
| {{CVE|CVE-2015-5714}} {{CVE|CVE-2015-5715}} {{CVE|CVE-2015-7989}} [https://codex.wordpress.org/Version_4.3.1 templink] || {{pkg|wordpress}} || 2015-10-18 || <= 4.3.0-1 || 4.3.1-1 || 11d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000426.html ASA-201510-24]<br />
|-<br />
| {{CVE|CVE-2015-7873}} [https://www.phpmyadmin.net/security/PMASA-2015-5/ templink] || {{pkg|phpmyadmin}} || 2015-10-23 || <= 4.5.0-1 || 4.5.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000425.html ASA-201510-23]<br />
|-<br />
| {{CVE|CVE-2015-7995}} [https://bugzilla.redhat.com/show_bug.cgi?id=1257962 templink] || {{pkg|libxslt}} || 2015-10-27 || <= 1.1.28-3 || 1.1.28-4 || 73d || Fixed ({{bug|47681}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000487.html ASA-201601-8]<br />
|-<br />
| {{CVE|CVE-2015-7943}} [https://www.drupal.org/SA-CORE-2015-004 templink] || {{pkg|drupal}} || 2015-10-21 || <= 7.40-1 || 7.41-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000423.html ASA-201510-21]<br />
|-<br />
| {{CVE|CVE-2015-4913}} {{CVE|CVE-2015-4870}} {{CVE|CVE-2015-4861}} {{CVE|CVE-2015-4858}} {{CVE|CVE-2015-4836}} {{CVE|CVE-2015-4830}} {{CVE|CVE-2015-4826}} {{CVE|CVE-2015-4815}} {{CVE|CVE-2015-4802}} {{CVE|CVE-2015-4792}} || {{pkg|mariadb}} || 2015-10-22 || <= 10.0.21-3 || 10.0.22-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000428.html ASA-201510-26] <br />
|-<br />
| {{CVE|CVE-2015-4734}} {{CVE|CVE-2015-4803}} {{CVE|CVE-2015-4805}} {{CVE|CVE-2015-4806}} {{CVE|CVE-2015-4810}} {{CVE|CVE-2015-4835}} {{CVE|CVE-2015-4840}} {{CVE|CVE-2015-4842}} {{CVE|CVE-2015-4843}} {{CVE|CVE-2015-4844}} {{CVE|CVE-2015-4860}} {{CVE|CVE-2015-4868}} {{CVE|CVE-2015-4872}} {{CVE|CVE-2015-4881}} {{CVE|CVE-2015-4882}} {{CVE|CVE-2015-4883}} {{CVE|CVE-2015-4893}} {{CVE|CVE-2015-4901}} {{CVE|CVE-2015-4902}} {{CVE|CVE-2015-4903}} {{CVE|CVE-2015-4906}} {{CVE|CVE-2015-4908}} {{CVE|CVE-2015-4911}} {{CVE|CVE-2015-4916}} || {{pkg|jdk8-openjdk}} {{pkg|jre8-openjdk}} {{pkg|jre8-openjdk-headless}} || 2015-09-22 || <= 8.u60-1 || 8.u65-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000420.html ASA-201510-18] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000421.html ASA-201510-19] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000422.html ASA-201510-20]<br />
|-<br />
| {{CVE|CVE-2015-4734}} {{CVE|CVE-2015-4803}} {{CVE|CVE-2015-4805}} {{CVE|CVE-2015-4806}} {{CVE|CVE-2015-4810}} {{CVE|CVE-2015-4835}} {{CVE|CVE-2015-4840}} {{CVE|CVE-2015-4842}} {{CVE|CVE-2015-4843}} {{CVE|CVE-2015-4844}} {{CVE|CVE-2015-4860}} {{CVE|CVE-2015-4871}} {{CVE|CVE-2015-4872}} {{CVE|CVE-2015-4881}} {{CVE|CVE-2015-4882}} {{CVE|CVE-2015-4883}} {{CVE|CVE-2015-4893}} {{CVE|CVE-2015-4902}} {{CVE|CVE-2015-4903}} {{CVE|CVE-2015-4911}} || {{pkg|jdk7-openjdk}} {{pkg|jre7-openjdk}} {{pkg|jre7-openjdk-headless}} || 2015-09-22 || <= 7.u85_2.6.1-2 || 7.u91_2.6.2-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000417.html ASA-201510-15] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000418.html ASA-201510-16] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000419.html ASA-201510-17]<br />
|-<br />
| {{CVE|CVE-2015-7691}} {{CVE|CVE-2015-7692}} {{CVE|CVE-2015-7701}} {{CVE|CVE-2015-7702}} {{CVE|CVE-2015-7703}} {{CVE|CVE-2015-7704}} {{CVE|CVE-2015-7705}} {{CVE|CVE-2015-7848}} {{CVE|CVE-2015-7849}} {{CVE|CVE-2015-7850}} {{CVE|CVE-2015-7851}} {{CVE|CVE-2015-7852}} {{CVE|CVE-2015-7853}} {{CVE|CVE-2015-7854}} {{CVE|CVE-2015-7855}} {{CVE|CVE-2015-7871}} [http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities templink] [http://blog.talosintel.com/2015/10/ntpd-vulnerabilities.html templink] || {{pkg|ntp}} || 2015-10-21 || <= 4.2.8.p3-1 || 4.2.8.p4-1 || 1d || Fixed ({{bug|46826}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000416.html ASA-201510-14]<br />
|-<br />
| {{CVE|CVE-2015-6031}} [http://talosintel.com/reports/TALOS-2015-0035/ templink] || {{pkg|miniupnpc}} || 2015-09-15 || <= 1.9.20150730-1 || 1.9.20151008-1 || 30d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000413.html ASA-201510-11]<br />
|-<br />
| {{CVE|CVE-2015-7645}} {{CVE|CVE-2015-7647}} {{CVE|CVE-2015-7648}} [https://helpx.adobe.com/security/products/flash-player/apsa15-05.html templink] [https://helpx.adobe.com/security/products/flash-player/apsb15-27.html templink] || {{pkg|flashplugin}} || 2015-10-14 || <= 11.2.202.535-1 || 11.2.202.540-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000414.html ASA-201510-12]<br />
|-<br />
| {{CVE|CVE-2015-7184}} [https://www.mozilla.org/en-US/security/advisories/mfsa2015-115/ templink] || {{pkg|firefox}} || 2015-10-15 || <= 41.0.1-1 || 41.0.2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000412.html ASA-201510-10]<br />
|-<br />
| {{CVE|CVE-2015-5260}} {{CVE|CVE-2015-5261}} {{CVE|CVE-2015-3247}} [http://lists.freedesktop.org/archives/spice-devel/2015-October/022168.html templink] [https://bugzilla.redhat.com/show_bug.cgi?id=1260822 templink] [https://bugzilla.redhat.com/show_bug.cgi?id=1261889 templink] [https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797976;msg=21 templink] || {{pkg|spice}} || 2015-09-08 || <= 0.12.5-1 || 0.12.6-1 || 41d || Fixed ({{bug|46738}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000415.html ASA-201510-13]<br />
|-<br />
| {{CVE|CVE-2015-6755}} {{CVE|CVE-2015-6756}} {{CVE|CVE-2015-6757}} {{CVE|CVE-2015-6758}} {{CVE|CVE-2015-6759}} {{CVE|CVE-2015-6760}} {{CVE|CVE-2015-6761}} {{CVE|CVE-2015-6762}} {{CVE|CVE-2015-6763}} [http://googlechromereleases.blogspot.fr/2015/10/stable-channel-update.html templink] || {{pkg|chromium}} || 2015-10-13 || <= 45.0.2454.101-2 || 46.0.2490.71-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000410.html ASA-201510-8]<br />
|-<br />
| {{CVE|CVE-2015-5569}} {{CVE|CVE-2015-7625}} {{CVE|CVE-2015-7626}} {{CVE|CVE-2015-7627}} {{CVE|CVE-2015-7628}} {{CVE|CVE-2015-7629}} {{CVE|CVE-2015-7630}} {{CVE|CVE-2015-7631}} {{CVE|CVE-2015-7632}} {{CVE|CVE-2015-7633}} {{CVE|CVE-2015-7634}} {{CVE|CVE-2015-7643}} {{CVE|CVE-2015-7644}} [https://helpx.adobe.com/security/products/flash-player/apsb15-25.html templink] || {{pkg|flashplugin}} || 2015-10-13 || <= 11.2.202.521-1 || 11.2.202.535-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000409.html ASA-201510-7]<br />
|-<br />
| {{CVE|CVE-2015-5291}} [https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2015-01 templink] || {{pkg|mbedtls}} || 2015-10-05 || <= 2.1.1-1 || 2.1.2-1 || 10d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000411.html ASA-201510-9]<br />
|-<br />
| {{CVE|CVE-2015-7384}} [https://nodejs.org/en/blog/release/v4.1.2/ templink] || {{pkg|nodejs}} || 2015-10-05 || <= 4.1.1-1 || 4.1.2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000405.html ASA-201510-3]<br />
|-<br />
| {{CVE|CVE-2015-7687}} [http://seclists.org/oss-sec/2015/q4/17 templink] [https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3f8e2fe24f3ff174d8515b82607e951e054f68f6 templink] || {{pkg|opensmtpd}} || 2015-10-02 || <= 5.7.1p1-1 || 5.7.3p1-1 || 6d || Fixed ({{bug|46605}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000407.html ASA-201510-5]<br />
|-<br />
| {{CVE|CVE-2015-7673}} {{CVE|CVE-2015-7674}} [http://seclists.org/oss-sec/2015/q4/18 templink] [http://seclists.org/oss-sec/2015/q4/19 templink] || {{pkg|gdk-pixbuf2}} || 2015-10-01 || <= 2.31.7-1 || 2.32.1-1 || 9d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000408.html ASA-201510-6]<br />
|-<br />
| {{CVE|CVE-2015-1335}} [https://github.com/lxc/lxc/commit/6de26af93d3dd87c8b21a42fdf20f30fa1c1948d templink] || {{pkg|lxc}} || 2015-09-29 || <= 1:1.1.3-2 || - || - || Not Affected ({{bug|46574}}) || None<br />
|-<br />
| {{CVE|CVE-2015-6972}} {{CVE|CVE-2015-6973}} [http://hyp3rlinx.altervista.org/advisories/AS-OPENFIRE-XSS.txt templink] [http://hyp3rlinx.altervista.org/advisories/AS-OPENFIRE-CSRF.txt templink] [https://igniterealtime.org/issues/browse/OF-942] || {{pkg|openfire}} || 2015-09-14 || <= 4.0.3-1 || || || '''Vulnerable''' ||<br />
|-<br />
| {{CVE|CVE-2015-4499}} [https://www.bugzilla.org/security/4.2.14/ templink] || {{pkg|bugzilla}} || 2015-09-10 || <= 5.0-1 || 5.0.1-1 || 28d || Fixed ({{bug|46573}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000406.html ASA-201510-4]<br />
|-<br />
| {{CVE|CVE-2015-4141}} {{CVE|CVE-2015-4142}} {{CVE|CVE-2015-4143}} {{CVE|CVE-2015-4144}} {{CVE|CVE-2015-4145}} {{CVE|CVE-2015-4146}} [http://w1.fi/security/2015-2/ templink] [http://w1.fi/security/2015-3/ templink] [http://w1.fi/security/2015-4/ templink] [http://w1.fi/security/2015-5/ templink] || {{pkg|hostapd}} || 2015-05-04 || <= 2.4-2 || 2.5-1 || ~150d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000404.html ASA-201510-2]<br />
|-<br />
| {{CVE|CVE-2015-3239}} [https://bugzilla.redhat.com/show_bug.cgi?id=1232265 templink] || {{pkg|libunwind}} || 2015-06-16 || <= 1.1-2 || 1.1-3 || ~110d || Fixed ({{bug|46474}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000403.html ASA-201510-1]<br />
|-<br />
| {{CVE|CVE-2015-1303}} {{CVE|CVE-2015-1304}} [http://googlechromereleases.blogspot.fr/2015/09/stable-channel-update_24.html templink] || {{pkg|chromium}} || 2015-09-24 || <= 45.0.2454.99-1 || 45.0.2454.101-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000401.html ASA-201509-11]<br />
|-<br />
| {{CVE|CVE-2015-4500}} {{CVE|CVE-2015-4501}} {{CVE|CVE-2015-4502}} {{CVE|CVE-2015-4504}} {{CVE|CVE-2015-4506}} {{CVE|CVE-2015-4507}} {{CVE|CVE-2015-4508}} {{CVE|CVE-2015-4509}} {{CVE|CVE-2015-4510}} {{CVE|CVE-2015-4511}} {{CVE|CVE-2015-4512}} {{CVE|CVE-2015-4516}} {{CVE|CVE-2015-4517}} {{CVE|CVE-2015-4519}} {{CVE|CVE-2015-4520}} {{CVE|CVE-2015-4521}} {{CVE|CVE-2015-4522}} {{CVE|CVE-2015-7174}} {{CVE|CVE-2015-7175}} {{CVE|CVE-2015-7176}} {{CVE|CVE-2015-7177}} {{CVE|CVE-2015-7180}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox41 templink] || {{pkg|firefox}} || 2015-09-22 || <= 40.0.3-1 || 41.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000399.html ASA-201509-9]<br />
|-<br />
| {{CVE|CVE-2015-5567}} {{CVE|CVE-2015-5568}} {{CVE|CVE-2015-5570}} {{CVE|CVE-2015-5571}} {{CVE|CVE-2015-5572}} {{CVE|CVE-2015-5573}} {{CVE|CVE-2015-5574}} {{CVE|CVE-2015-5575}} {{CVE|CVE-2015-5576}} {{CVE|CVE-2015-5577}} {{CVE|CVE-2015-5578}} {{CVE|CVE-2015-5579}} {{CVE|CVE-2015-5580}} {{CVE|CVE-2015-5581}} {{CVE|CVE-2015-5582}} {{CVE|CVE-2015-5584}} {{CVE|CVE-2015-5587}} {{CVE|CVE-2015-5588}} {{CVE|CVE-2015-6676}} {{CVE|CVE-2015-6677}} {{CVE|CVE-2015-6678}} {{CVE|CVE-2015-6679}} {{CVE|CVE-2015-6682}} [https://helpx.adobe.com/security/products/flash-player/apsb15-23.html templink] || {{pkg|flashplugin}} || 2015-09-21 || <= 11.2.202.508-1 || 11.2.202.521-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000398.html ASA-201510-8]<br />
|-<br />
| {{CVE|CVE-2015-7236}} [http://seclists.org/oss-sec/2015/q3/561 templink] || {{pkg|rpcbind}} || 2015-09-17 || <= 0.2.3-1 || 0.2.3-2 || 7d || Fixed ({{bug|46341}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000400.html ASA-201509-10]<br />
|-<br />
| {{CVE|CVE-2015-5714}} {{CVE|CVE-2015-5715}} [https://wordpress.org/news/2015/09/wordpress-4-3-1/ templink] || {{pkg|wordpress}} || 2015-09-15 || <= 4.3-1 || 4.3.1-1 || 5d || Fixed ({{bug|46340}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000397.html ASA-201510-7]<br />
|-<br />
| {{CVE|CVE-2015-6908}} [http://www.openwall.com/lists/oss-security/2015/09/11/5 templink] || {{pkg|openldap}} || 2015-09-09 || <= 2.4.42-1 || 2.4.42-2 || 3d || Fixed ({{bug|46265}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000393.html ASA-201509-4]<br />
|-<br />
| {{CVE|CVE-2015-5722}} {{CVE|CVE-2015-5986}} [https://www.isc.org/blogs/cve-2015-5986-an-incorrect-boundary-check-can-trigger-a-require-assertion-failure-in-openpgpkey_61-c/ templink] [https://www.isc.org/blogs/cve-2015-5722-parsing-malformed-keys-may-cause-bind-to-exit-due-to-a-failed-assertion-in-buffer-c/ templink] || {{pkg|bind}} || 2015-09-02 || <= 9.10.2.P3-1 || 9.10.2.P4-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000391.html ASA-201509-2]<br />
|-<br />
| {{CVE|CVE-2015-5198}} {{CVE|CVE-2015-5199}} {{CVE|CVE-2015-5200}} [http://lists.x.org/archives/xorg-announce/2015-August/002630.html templink] || {{pkg|libvdpau}} {{pkg|lib32-libvdpau}} || 2015-08-31 || <= 1.1-1 || 1.1.1-1 || 13d || Fixed ({{bug|46266}}) ({{bug|46267}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000394.html ASA-201509-5]<br />
|-<br />
| {{CVE|CVE-2015-1291}} {{CVE|CVE-2015-1292}} {{CVE|CVE-2015-1293}} {{CVE|CVE-2015-1294}} {{CVE|CVE-2015-1295}} {{CVE|CVE-2015-1296}} {{CVE|CVE-2015-1297}} {{CVE|CVE-2015-1298}} {{CVE|CVE-2015-1299}} {{CVE|CVE-2015-1300}} {{CVE|CVE-2015-1301}} [http://googlechromereleases.blogspot.fr/2015/09/stable-channel-update.html templink] || {{pkg|chromium}} || 2015-09-01 || <= 44.0.2403.157-1 || 45.0.2454.85-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000390.html ASA-201509-1]<br />
|-<br />
| {{CVE|CVE-2015-5230}} [https://doc.powerdns.com/md/security/powerdns-advisory-2015-02/ templink] || {{pkg|powerdns}} || 2015-09-02 || <= 3.4.5-1 || 3.4.6-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000392.html ASA-201509-3]<br />
|-<br />
| {{CVE|CVE-2015-5317}} {{CVE|CVE-2015-5318}} {{CVE|CVE-2015-5319}} {{CVE|CVE-2015-5320}} {{CVE|CVE-2015-5321}} {{CVE|CVE-2015-5322}} {{CVE|CVE-2015-5323}} {{CVE|CVE-2015-5324}} {{CVE|CVE-2015-5325}} {{CVE|CVE-2015-5326}} {{CVE|CVE-2015-8103}} [https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11 templink] [http://seclists.org/bugtraq/2015/Aug/161 templink] || {{pkg|jenkins}} || 2015-08-28 || <= 1.627-1 || 1.638-1 || 60d || Fixed ({{bug|46268}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000439.html ASA-201511-11]<br />
|-<br />
| {{CVE|CVE-2015-6749}} [http://seclists.org/oss-sec/2015/q3/457 templink] || {{pkg|vorbis-tools}} || 2015-08-30 || <= 1.4.0-5 || 1.4.0-6 || >60d || Fixed ({{bug|46269}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000424.html ASA-201510-22]<br />
|-<br />
| {{CVE|CVE-2015-4497}} {{CVE|CVE-2015-4498}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox40.0.3 templink] || {{pkg|firefox}} || 2015-08-27 || <= 40.0.2-1 || 40.0.3-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000389.html ASA-201508-12]<br />
|-<br />
| {{CVE|CVE-2015-5949}} [http://www.ocert.org/advisories/ocert-2015-009.html templink] || {{pkg|vlc}} || 2015-08-20 || <= 2.2.1-6 || 2.2.2-1 || 179d || Fixed ({{bug|46037}}) || None<br />
|-<br />
| {{CVE|CVE-2015-5963}} [https://www.djangoproject.com/weblog/2015/aug/18/security-releases/ templink] || {{pkg|python-django}} {{pkg|python2-django}} || 2015-08-18 || <= 1.8.3-1 || 1.8.4-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000386.html ASA-201508-9]<br />
|-<br />
| {{CVE|CVE-2015-5221}} [http://seclists.org/oss-sec/2015/q3/408 templink] || {{pkg|jasper}} || 2015-08-16 || <= 1.900.1-15 || || || '''Vulnerable''' || <br />
|-<br />
| {{CVE|CVE-2015-5203}} [http://seclists.org/oss-sec/2015/q3/366 templink] || {{pkg|jasper}} || 2015-08-16 || <= 1.900.1-15 || || || '''Vulnerable''' || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000387.html ASA-201508-10]<br />
|-<br />
| CVE Pending [http://seclists.org/oss-sec/2015/q3/295 templink] || {{pkg|pcre}} || 2015-08-05 || <= 8.37-2 || 8.37-3 || 12d || Fixed ({{bug|45945}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000388.html ASA-201508-11]<br />
|-<br />
| {{CVE|CVE-2015-4473}} {{CVE|CVE-2015-4474}} {{CVE|CVE-2015-4475}} {{CVE|CVE-2015-4477}} {{CVE|CVE-2015-4478}} {{CVE|CVE-2015-4479}} {{CVE|CVE-2015-4480}} {{CVE|CVE-2015-4482}} {{CVE|CVE-2015-4483}} {{CVE|CVE-2015-4484}} {{CVE|CVE-2015-4485}} {{CVE|CVE-2015-4486}} {{CVE|CVE-2015-4487}} {{CVE|CVE-2015-4488}} {{CVE|CVE-2015-4489}} {{CVE|CVE-2015-4490}} {{CVE|CVE-2015-4491}} {{CVE|CVE-2015-4492}} {{CVE|CVE-2015-4493}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox40 templink] || {{pkg|firefox}} || 2015-08-11 || <= 39.0.3-1 || 40.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000381.html ASA-201508-4]<br />
|-<br />
| {{CVE|CVE-2014-8121}} [https://access.redhat.com/security/cve/CVE-2014-8121 templink] || {{pkg|glibc}} || 2015-02-23 || <= 2.21-4 || 2.22-1 || ~180d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000384.html ASA-201508-7]<br />
|-<br />
| {{CVE|CVE-2015-4680}} [http://www.ocert.org/advisories/ocert-2015-008.html templink] || {{pkg|freeradius}} || 2015-06-22 || <= 3.0.8-2 || 3.0.9-1 || ~50d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000383.html ASA-201508-6]<br />
|-<br />
| {{CVE|CVE-2015-3184}} {{CVE|CVE-2015-3187}} [https://subversion.apache.org/security/CVE-2015-3184-advisory.txt templink] [https://subversion.apache.org/security/CVE-2015-3187-advisory.txt templink] || {{pkg|subversion}} || 2015-08-05 || <= 1.8.13-2 || 1.9.0-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000382.html ASA-201508-5]<br />
|-<br />
| {{CVE|CVE-2015-6251}} [http://www.gnutls.org/security.html#GNUTLS-SA-2015-3 templink] || {{pkg|gnutls}} || 2015-08-10 || <= 3.4.3-1 || 3.4.4.1-1 || 10d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000385.html ASA-201508-8]<br />
|-<br />
| {{CVE|CVE-2015-4495}} [https://www.mozilla.org/en-US/security/advisories/mfsa2015-78/ templink] || {{pkg|firefox}} || 2015-08-06 || <= 39.0-1 || 39.0.3-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000378.html ASA-201508-1]<br />
|-<br />
| {{CVE|CVE-2015-2213}} {{CVE|CVE-2015-5730}} {{CVE|CVE-2015-5731}} {{CVE|CVE-2015-5732}} {{CVE|CVE-2015-5733}} {{CVE|CVE-2015-5734}} [https://codex.wordpress.org/Version_4.2.4 templink] || {{pkg|wordpress}} || 2015-08-04 || <= 4.2.3-1 || 4.2.4.-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000379.html ASA-201508-2]<br />
|-<br />
| {{CVE|CVE-2015-3245}} {{CVE|CVE-2015-3246}} [http://seclists.org/oss-sec/2015/q3/185 templink] || {{pkg|libuser}} || 2015-07-22 || <= 0.61-1 || 0.62-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000373.html ASA-201507-19]<br />
|-<br />
| {{CVE|CVE-2015-5600}} [https://kingcope.wordpress.com/2015/07/16/openssh-keyboard-interactive-authentication-brute-force-vulnerability-maxauthtries-bypass/ templink] || {{pkg|openssh}} || 2015-07-22 || <= 6.9p1-1 || 6.9p1-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000372.html ASA-201507-17]<br />
|-<br />
| {{CVE|CVE-2015-1270}} {{CVE|CVE-2015-1271}} {{CVE|CVE-2015-1272}} {{CVE|CVE-2015-1273}} {{CVE|CVE-2015-1274}} {{CVE|CVE-2015-1276}} {{CVE|CVE-2015-1277}} {{CVE|CVE-2015-1278}} {{CVE|CVE-2015-1279}} {{CVE|CVE-2015-1280}} {{CVE|CVE-2015-1281}} {{CVE|CVE-2015-1282}} {{CVE|CVE-2015-1283}} {{CVE|CVE-2015-1284}} {{CVE|CVE-2015-1285}} {{CVE|CVE-2015-1286}} {{CVE|CVE-2015-1287}} {{CVE|CVE-2015-1288}} {{CVE|CVE-2015-1289}} [http://googlechromereleases.blogspot.fr/2015/07/stable-channel-update_21.html templink] || {{pkg|chromium}} || 2015-07-21 || <= 43.0.2357.134-1 || 44.0.2403.89-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000371.html ASA-201507-18]<br />
|-<br />
| {{CVE|CVE-2015-2590}} {{CVE|CVE-2015-2601}} {{CVE|CVE-2015-2613}} {{CVE|CVE-2015-2621}} {{CVE|CVE-2015-2625}} {{CVE|CVE-2015-2628}} {{CVE|CVE-2015-2632}} {{CVE|CVE-2015-2808}} {{CVE|CVE-2015-4000}} {{CVE|CVE-2015-4731}} {{CVE|CVE-2015-4732}} {{CVE|CVE-2015-4733}} {{CVE|CVE-2015-4748}} {{CVE|CVE-2015-4749}} {{CVE|CVE-2015-4760}} [http://blog.fuseyism.com/index.php/2015/07/21/security-icedtea-2-6-1-for-openjdk-7-released/ templink] || {{pkg|jre7-openjdk}} || 2015-07-21 || <= 7.u80_2.6.0-1 || 7.u85_2.6.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000370.html ASA-201507-16]<br />
|-<br />
| {{CVE|CVE-2015-5122}} {{CVE|CVE-2015-5123}} [https://helpx.adobe.com/security/products/flash-player/apsb15-18.html templink] || {{pkg|lib32-flashplugin}} || 2015-07-09 || <= 11.2.202.481-1 || 11.2.202.491-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000368.html ASA-201507-14]<br />
|-<br />
| {{CVE|CVE-2015-5122}} {{CVE|CVE-2015-5123}} [https://helpx.adobe.com/security/products/flash-player/apsb15-18.html templink] || {{pkg|flashplugin}} || 2015-07-09 || <= 11.2.202.481-1 || 11.2.202.491-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000367.html ASA-201507-13]<br />
|-<br />
| {{CVE|CVE-2015-0228}} {{CVE|CVE-2015-0253}} {{CVE|CVE-2015-3183}} {{CVE|CVE-2015-3185}} [http://www.apache.org/dist/httpd/CHANGES_2.4.16 templink] || {{pkg|apache}} || 2015-07-15 || <= 2.4.12-4 || 2.4.16-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000369.html ASA-201507-15]<br />
|-<br />
| {{CVE|CVE-2015-2724}} {{CVE|CVE-2015-2725}} {{CVE|CVE-2015-2726}} {{CVE|CVE-2015-2731}} {{CVE|CVE-2015-2734}} {{CVE|CVE-2015-2735}} {{CVE|CVE-2015-2736}} {{CVE|CVE-2015-2737}} {{CVE|CVE-2015-2738}} {{CVE|CVE-2015-2739}} {{CVE|CVE-2015-2740}} {{CVE|CVE-2015-2741}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird38.1 templink] || {{pkg|thunderbird}} || 2015-07-09 || <= 38.0.1-1 || 38.1.0-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000363.html ASA-201507-9]<br />
|-<br />
| {{CVE|CVE-2015-1793}} [https://openssl.org/news/secadv_20150709.txt templink] || {{pkg|lib32-openssl}} || 2015-07-09 || <= 1.0.2.c-1 || 1.0.2.d-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000366.html ASA-201507-12]<br />
|-<br />
| {{CVE|CVE-2015-1793}} [https://openssl.org/news/secadv_20150709.txt templink] || {{pkg|openssl}} || 2015-07-09 || <= 1.0.2.c-1 || 1.0.2.d-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000362.html ASA-201507-8]<br />
|-<br />
| {{CVE|CVE-2014-0578}} {{CVE|CVE-2015-3114}} {{CVE|CVE-2015-3115}} {{CVE|CVE-2015-3116}} {{CVE|CVE-2015-3117}} {{CVE|CVE-2015-3118}} {{CVE|CVE-2015-3119}} {{CVE|CVE-2015-3120}} {{CVE|CVE-2015-3121}} {{CVE|CVE-2015-3122}} {{CVE|CVE-2015-3123}} {{CVE|CVE-2015-3124}} {{CVE|CVE-2015-3125}} {{CVE|CVE-2015-3126}} {{CVE|CVE-2015-3127}} {{CVE|CVE-2015-3128}} {{CVE|CVE-2015-3129}} {{CVE|CVE-2015-3130}} {{CVE|CVE-2015-3131}} {{CVE|CVE-2015-3132}} {{CVE|CVE-2015-3133}} {{CVE|CVE-2015-3134}} {{CVE|CVE-2015-3135}} {{CVE|CVE-2015-3136}} {{CVE|CVE-2015-3137}} {{CVE|CVE-2015-4428}} {{CVE|CVE-2015-4429}} {{CVE|CVE-2015-4430}} {{CVE|CVE-2015-4431}} {{CVE|CVE-2015-4432}} {{CVE|CVE-2015-4433}} {{CVE|CVE-2015-5116}} {{CVE|CVE-2015-5117}} {{CVE|CVE-2015-5118}} {{CVE|CVE-2015-5119}} [https://helpx.adobe.com/security/products/flash-player/apsb15-16.html templink] [https://www.kb.cert.org/vuls/id/561288 templink] || {{pkg|flashplugin}} || 2015-07-07 || <= 11.2.202.468-1 || 11.2.202.481-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000361.html ASA-201507-7]<br />
|-<br />
| {{CVE|CVE-2015-4620}} [https://kb.isc.org/article/AA-01267/ templink] || {{pkg|bind}} || 2015-07-07 || <= 9.10.2.P1-1 || 9.10.2.P2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000360.html ASA-201507-6]<br />
|-<br />
| {{CVE|CVE-2015-5382}} [http://www.openwall.com/lists/oss-security/2015/07/07/3 templink] || {{pkg|roundcubemail}} || 2015-07-06 || <= 1.1.1-1 || 1.1.2-1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-5355}} {{CVE|CVE-2015-2694}} [http://krbdev.mit.edu/rt/NoAuth/krb5-1.13/fixed-1.13.2.html templink] || {{pkg|lib32-krb5}} || 2015-05-08 || <= 1.13.1-1 || 1.13.2-1 || 63d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000365.html ASA-201507-11]<br />
|-<br />
| {{CVE|CVE-2014-5355}} {{CVE|CVE-2015-2694}} [http://krbdev.mit.edu/rt/NoAuth/krb5-1.13/fixed-1.13.2.html templink] || {{pkg|krb5}} || 2015-05-08 || <= 1.13.1-1 || 1.13.2-1 || 63d || Fixed ({{bug|45575}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000364.html ASA-201507-10]<br />
|-<br />
| {{CVE|CVE-2015-3281}} [http://marc.info/?l=haproxy&m=143593901506748&w=2 templink] || {{pkg|haproxy}} || 2015-07-03 || <= 1.5.12-1 || 1.5.14-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000357.html ASA-201507-3]<br />
|-<br />
| {{CVE|CVE-2015-2722}} {{CVE|CVE-2015-2724}} {{CVE|CVE-2015-2725}} {{CVE|CVE-2015-2726}} {{CVE|CVE-2015-2727}} {{CVE|CVE-2015-2728}} {{CVE|CVE-2015-2729}} {{CVE|CVE-2015-2731}} {{CVE|CVE-2015-2733}} {{CVE|CVE-2015-2734}} {{CVE|CVE-2015-2735}} {{CVE|CVE-2015-2736}} {{CVE|CVE-2015-2737}} {{CVE|CVE-2015-2739}} {{CVE|CVE-2015-2740}} {{CVE|CVE-2015-2741}} {{CVE|CVE-2015-2743}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2015-07-02 || <= 38.0.5 || 39.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000356.html ASA-201507-2]<br />
|- <br />
| {{CVE|CVE-2015-5352}} [http://www.openwall.com/lists/oss-security/2015/07/01/10 templink] || {{pkg|openssh}} || 2015-06-29 || <= 6.8p1-3 || 6.9p1-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000358.html ASA-201507-4]<br />
|-<br />
| {{CVE|CVE-2015-5146}} [http://support.ntp.org/bin/view/Main/SecurityNotice#June_2015_NTP_Security_Vulnerabi templink] || {{pkg|ntp}} || 2015-06-29 || <= 4.2.8p2-1 || 4.2.8p3-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000359.html ASA-201507-5]<br />
|-<br />
| {{CVE|CVE-2015-2141}} [https://lists.ubuntu.com/archives/ubuntu-devel-discuss/2015-June/015585.html templink] [https://github.com/weidai11/cryptopp/commit/9425e16437439e68c7d96abef922167d68fafaff commit] || {{pkg|crypto++}} || 2015-06-28 || <= 5.6.2-2 || 5.6.2-3 || 28d || Fixed ({{bug|45498}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000374.html ASA-201507-20]<br />
|-<br />
| {{CVE|CVE-2015-5073}} [https://bugs.exim.org/show_bug.cgi?id=1651 templink] [http://vcs.pcre.org/pcre?view=revision&revision=1571 commit] || {{pkg|pcre}} || 2015-06-26 || <= 8.37-2 || 8.37-3 || ~52d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-5069}} {{CVE|CVE-2015-5070}} [http://www.openwall.com/lists/oss-security/2015/06/25/12 templink] || {{pkg|wesnoth}} || 2015-06-24 || <= 1.12.2-3 || 1.12.4-1 || < 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000355.html ASA-201507-1]<br />
|-<br />
| {{CVE|CVE-2015-3113}} [https://helpx.adobe.com/security/products/flash-player/apsb15-14.html templink] || {{pkg|flashplugin}} || 2015-06-23 || <= 11.2.202.466-1 || 11.2.202.468-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-June/000346.html ASA-201506-5]<br />
|-<br />
| {{CVE|CVE-2015-3236}} {{CVE|CVE-2015-3237}} [http://curl.haxx.se/docs/adv_20150617A.html templink] [http://curl.haxx.se/docs/adv_20150617B.html templink] || {{pkg|lib32-curl}} || 2015-06-17 || <= 7.42.1-1 || 7.43.0-1 || 47d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-June/000345.html ASA-201506-4]<br />
|-<br />
| {{CVE|CVE-2015-3236}} {{CVE|CVE-2015-3237}} [http://curl.haxx.se/docs/adv_20150617A.html templink] [http://curl.haxx.se/docs/adv_20150617B.html templink] || {{pkg|curl}} || 2015-06-17 || <= 7.42.1-1 || 7.43.0-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-June/000345.html ASA-201506-4]<br />
|-<br />
| {{CVE|CVE-2009-1364}} {{CVE|CVE-2006-3376}} {{CVE|CVE-2007-0455}} {{CVE|CVE-2007-2756}} {{CVE|CVE-2007-3472}} {{CVE|CVE-2007-3473}} {{CVE|CVE-2007-3477}} {{CVE|CVE-2009-3546}} {{CVE|CVE-2015-0848}} {{CVE|CVE-2015-4588}} {{CVE|CVE-2015-4695}} {{CVE|CVE-2015-4696}} [http://www.openwall.com/lists/oss-security/2015/06/16/4 templink] || {{pkg|libwmf}} || 2015-06-01 || <= 0.2.8.4-13 || || || '''Vulnerable''' ({{bug|49162}}) ||<br />
|-<br />
| {{CVE|CVE-2015-2325}} {{CVE|CVE-2015-2326}} {{CVE|CVE-2015-3414}} {{CVE|CVE-2015-3415}} {{CVE|CVE-2015-3416}} [http://php.net/ChangeLog-5.php#5.6.10 templink] || {{pkg|php}} || 2015-06-11 || <= 5.6.9-2 || 5.6.10-1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-3885}} [http://www.ocert.org/advisories/ocert-2015-006.html templink] || {{pkg|libraw}} || 2015-05-11 || <= 0.16.0-3 || 0.16.1 || 5d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-3885}} [http://www.ocert.org/advisories/ocert-2015-006.html templink] || {{pkg|dcraw}} || 2015-05-11 || <= 9.25.0-1 || 9.26.0-1 || ~1m || Fixed || None <br />
|-<br />
| {{CVE|CVE-2015-3885}} [http://www.ocert.org/advisories/ocert-2015-006.html templink] || {{pkg|gimp-ufraw}} || 2015-05-11 || <= 0.21-1 || 0.22-1 || 45d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-3885}} [http://www.ocert.org/advisories/ocert-2015-006.html templink] || {{pkg|rawtherapee}} || 2015-05-11 || <= 1:4.2-1 || 1:4.2+448.g26d182d-1 || ~5m || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-3885}} [http://www.ocert.org/advisories/ocert-2015-006.html templink] || {{pkg|rawstudio}} || 2015-05-11 || <= 2.0-12 || 2.0_git20160107-1 || ~11m || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-1158}} {{CVE|CVE-2015-1159}} [http://www.cups.org/str.php?L4609 templink] || {{pkg|cups}} || 2015-06-08 || <= 2.0.2-4 || 2.0.3-1 || 1d || Fixed ({{bug|45279}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-June/000343.html ASA-201506-2]<br />
|-<br />
| {{CVE|CVE-2015-1788}} {{CVE|CVE-2015-1789}} {{CVE|CVE-2015-1790}} {{CVE|CVE-2015-1791}} {{CVE|CVE-2015-1792}} {{CVE|CVE-2015-4000}} [https://www.openssl.org/news/secadv_20150611.txt templink] [https://git.openssl.org/?p=openssl.git;a=commit;h=98ece4eebfb6cd45cc8d550c6ac0022965071afc templink] || {{pkg|openssl}} || 2015-06-11 || <= 1.0.2.a-1 || 1.0.2.b-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-June/000344.html ASA-201506-3]<br />
|-<br />
| {{CVE|CVE-2015-3210}} [https://bugs.exim.org/show_bug.cgi?id=1636 templink] || {{pkg|pcre}} || 2015-05-29 || <= 8.37-1 || 8.37-2 || 7d || Fixed ({{bug|45207}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-June/000342.html ASA-201506-1]<br />
|-<br />
| {{CVE|CVE-2015-3165}} {{CVE|CVE-2015-3166}} {{CVE|CVE-2015-3167}} [http://www.postgresql.org/about/news/1587/ templink] || {{pkg|postgresql}} || 2015-05-22 || <= 9.4.1-1 || 9.4.2-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000338.html ASA-201505-17]<br />
|-<br />
| {{CVE|CVE-2015-4054}} [http://www.openwall.com/lists/oss-security/2015/05/22/5 templink] || {{pkg|pgbouncer}} || 2015-04-09 || <= 1.5.4-6 || 1.5.5-1 || 26d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000337.html ASA-201505-16]<br />
|-<br />
| {{CVE|CVE-2015-1251}} {{CVE|CVE-2015-1252}} {{CVE|CVE-2015-1253}} {{CVE|CVE-2015-1254}} {{CVE|CVE-2015-1255}} {{CVE|CVE-2015-1256}} {{CVE|CVE-2015-1257}} {{CVE|CVE-2015-1258}} {{CVE|CVE-2015-1259}} {{CVE|CVE-2015-1260}} {{CVE|CVE-2015-1263}} {{CVE|CVE-2015-1264}} {{CVE|CVE-2015-1265}} [http://googlechromereleases.blogspot.fr/2015/05/stable-channel-update_19.html templink] || {{pkg|chromium}} || 2015-05-19 || <= 42.0.2311.135-1 || 43.0.2357.65-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000335.html ASA-201505-14]<br />
|-<br />
| {{CVE|CVE-2015-3808}} {{CVE|CVE-2015-3809}} {{CVE|CVE-2015-3810}} {{CVE|CVE-2015-3811}} {{CVE|CVE-2015-3812}} {{CVE|CVE-2015-3813}} {{CVE|CVE-2015-3814}} {{CVE|CVE-2015-3815}} [https://wireshark.org/docs/relnotes/wireshark-1.12.5.html templink] || {{pkg|wireshark-cli}} {{pkg|wireshark-qt}} {{pkg|wireshark-gtk}} || 2015-05-11 || <= 1.12.4-4 || 1.12.5-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000329.html ASA-201505-10] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000330.html ASA-201505-11] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000331.html ASA-201505-12]<br />
|-<br />
| {{CVE|CVE-2015-3456}} [https://securityblog.redhat.com/2015/05/13/venom-dont-get-bitten/ templink] || {{pkg|qemu}} || 2015-05-13 || <= 2.2.1-4 || 2.2.1-5 || 1d || Fixed ({{bug|44958}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000328.html ASA-201505-9]<br />
|-<br />
| {{CVE|CVE-2014-0230}} [https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.44 templink] || {{pkg|tomcat6}} || 2015-04-09 || <= 6.0.43-2 || 6.0.44-1 || 34d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000321.html ASA-201505-8]<br />
|-<br />
| {{CVE|CVE-2015-2708}} {{CVE|CVE-2015-2709}} {{CVE|CVE-2015-2710}} {{CVE|CVE-2015-2713}} {{CVE|CVE-2015-2716}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird31.7 templink] || {{pkg|thunderbird}} || 2015-05-12 || <= 31.6.0-2 || 31.7.0-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000332.html ASA-201505-13]<br />
|-<br />
| {{CVE|CVE-2015-2708}} {{CVE|CVE-2015-2709}} {{CVE|CVE-2015-2710}} {{CVE|CVE-2015-2711}} {{CVE|CVE-2015-2712}} {{CVE|CVE-2015-2713}} {{CVE|CVE-2015-2715}} {{CVE|CVE-2015-2716}} {{CVE|CVE-2015-2717}} {{CVE|CVE-2015-2718}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox38 templink] || {{pkg|firefox}} || 2015-05-12 || <= 37.0.2-1 || 38.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000320.html ASA-201505-7] <br />
|-<br />
| {{CVE|CVE-2015-3622}} [http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commitdiff;h=f979435 templink] || {{pkg|libtasn1}} || 2015-04-20 || <= 4.5-1 || 4.4-1 || 16d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000318.html ASA-201505-5]<br />
|-<br />
| {{CVE|CVE-2014-8964}} [https://mariadb.com/kb/en/mariadb/mariadb-10018-release-notes/ templink] || {{pkg|mariadb-clients}} || 2015-05-07 || <= 10.0.17-1 || 10.0.18-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000317.html ASA-201505-4]<br />
|-<br />
| {{CVE|CVE-2014-8964}} {{CVE|CVE-2015-0499}} {{CVE|CVE-2015-0501}} {{CVE|CVE-2015-0505}} {{CVE|CVE-2015-2571}} [https://mariadb.com/kb/en/mariadb/mariadb-10018-release-notes/ templink] || {{pkg|mariadb}} || 2015-05-07 || <= 10.0.17-1 || 10.0.18-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000316.html ASA-201505-3]<br />
|-<br />
| {{CVE|CVE-2015-3627}} {{CVE|CVE-2015-3629}} {{CVE|CVE-2015-3630}} {{CVE|CVE-2015-3631}} [http://seclists.org/oss-sec/2015/q2/389 templink] || {{pkg|docker}} || 2015-05-07 || <= 1:1.6.0-1 || 1:1.6.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000319.html ASA-201505-6]<br />
|-<br />
| {{CVE|CVE-2015-0847}} [http://sourceforge.net/p/nbd/mailman/message/34091218/ templink] || {{pkg|nbd}} || 2015-05-07 || <= 3.10-1 || 3.11-1 || 19d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000336.html ASA-201505-15]<br />
|-<br />
| {{CVE|CVE-2015-1858}} {{CVE|CVE-2015-1859}} {{CVE|CVE-2015-1860}} [http://lists.qt-project.org/pipermail/announce/2015-April/000067.html templink] || {{pkg|qt5-base}} || 2015-04-13 || <= 5.4.1-5 || 5.4.2-1 || 50d || Fixed || None <br />
|-<br />
| {{CVE|CVE-2015-1858}} {{CVE|CVE-2015-1859}} {{CVE|CVE-2015-1860}} [http://lists.qt-project.org/pipermail/announce/2015-April/000067.html templink] || {{pkg|qt4}} || 2015-04-13 || <= 4.8.6-6 || 4.8.7-1 || 50d || Fixed || None <br />
|-<br />
| {{CVE|CVE-2015-3414}} {{CVE|CVE-2015-3415}} {{CVE|CVE-2015-3416}} [http://seclists.org/fulldisclosure/2015/Apr/31 templink] || {{pkg|sqlite}} || 2015-04-24 || <= 3.8.8.3-1 || 3.8.9-1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-2170}} {{CVE|CVE-2015-2221}} {{CVE|CVE-2015-2222}} {{CVE|CVE-2015-2305}} {{CVE|CVE-2015-2668}} [http://blog.clamav.net/2015/04/clamav-0987-has-been-released.html templink] || {{pkg|clamav}} || 2015-04-29 || <= 0.98.6-1 || 0.98.7-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000315.html ASA-201505-2]<br />
|-<br />
| {{CVE|CVE-2015-3455}} [http://www.openwall.com/lists/oss-security/2015/04/30/2 templink] || {{pkg|squid}} || 2015-04-29 || <= 3.5.3-2 || 3.5.4-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000314.html ASA-201505-1]<br />
|-<br />
| {{CVE|CVE-2015-3451}} [http://www.openwall.com/lists/oss-security/2015/04/30/1 templink] || {{pkg|perl-xml-libxml}} || 2015-04-30 || <= 2.0118-3 || 2.0119-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000313.html ASA-201504-32]<br />
|-<br />
| {{CVE|CVE-2015-3152}} [http://www.openwall.com/lists/oss-security/2015/04/29/4 templink] || {{pkg|mariadb}} {{pkg|mariadb-clients}} || 2015-04-29 || <= 10.0.17-2 || 10.0.20-1 || 52d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-3153}} [http://curl.haxx.se/docs/adv_20150429.html templink] || {{pkg|curl}} || 2015-04-29 || <= 7.42.0-1 || 7.42.1-1 || 29d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000341.html ASA-201505-20]<br />
|-<br />
| {{CVE|CVE-2015-1243}} {{CVE|CVE-2015-1250}} [http://googlechromereleases.blogspot.fr/2015/04/stable-channel-update_28.html templink] || {{pkg|chromium}} || 2015-04-28 || <= 42.0.2311.90-1 || 42.0.2311.135-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000311.html ASA-201504-30]<br />
|-<br />
| {{CVE|CVE-2015-3420}} [http://seclists.org/oss-sec/2015/q2/288 templink] || {{pkg|dovecot}} || 2015-04-24 || <= 2.2.16-1 || 2.2.16-2 || 4d || Fixed ({{bug|44757}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000312.html ASA-201504-31]<br />
|-<br />
| {{CVE|CVE-2015-1868}} [https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/ templink] || {{pkg|powerdns-recursor}} || 2015-04-23 || <= 3.7.1-1 || 3.7.2-1 || 1d || Fixed ({{Bug|44708}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000308.html ASA-201504-27]<br />
|-<br />
| {{CVE|CVE-2015-1868}} [https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/ templink] || {{pkg|powerdns}} || 2015-04-23 || <= 3.4.3-2 || 3.4.4-1 || 1d || Fixed ({{Bug|44708}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000307.html ASA-201504-26]<br />
|-<br />
| {{CVE|CVE-2015-1863}} [http://w1.fi/security/2015-1/wpa_supplicant-p2p-ssid-overflow.txt templink] || {{pkg|wpa_supplicant}} || 2015-04-22 || <= 2.3-1 || 2.4-1 (1:2.3-1) || 2d || Fixed ({{Bug|44695}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000310.html ASA-201504-29]<br />
|-<br />
| {{CVE|CVE-2015-1781}} [https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=2959eda9272a033863c271aff62095abd01bd4e3;hp=7bf8fb104226407b75103b95525364c4667c869f templink] || {{pkg|glibc}} || 2015-04-21 || <= 2.21-2 || 2.21-3 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000305.html ASA-201504-25]<br />
|-<br />
| {{CVE|CVE-2015-3143}} {{CVE|CVE-2015-3144}} {{CVE|CVE-2015-3145}} {{CVE|CVE-2015-3148}} [http://curl.haxx.se/docs/vuln-7.41.0.html templink] || {{pkg|curl}} || 2015-04-22 || <= 7.41.0-1 || 7.42.0-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000309.html ASA-201504-28]<br />
|-<br />
| {{CVE|CVE-2015-2706}} [https://www.mozilla.org/en-US/security/advisories/mfsa2015-45/ templink] || {{pkg|firefox}} || 2015-04-20 || <= 37.0.1-3 || 37.0.2-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000304.html ASA-201504-24]<br />
|-<br />
| {{CVE|CVE-2015-3138}} [https://github.com/the-tcpdump-group/tcpdump/issues/446 templink] || {{pkg|tcpdump}} || 2015-03-24 || <= 4.7.3-1 || 4.7.3-2 || 26d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000299.html ASA-201504-20]<br />
|-<br />
| {{CVE|CVE-2015-0346}} {{CVE|CVE-2015-0347}} {{CVE|CVE-2015-0348}} {{CVE|CVE-2015-0349}} {{CVE|CVE-2015-0350}} {{CVE|CVE-2015-0351}} {{CVE|CVE-2015-0352}} {{CVE|CVE-2015-0353}} {{CVE|CVE-2015-0354}} {{CVE|CVE-2015-0355}} {{CVE|CVE-2015-0356}} {{CVE|CVE-2015-0357}} {{CVE|CVE-2015-0358}} {{CVE|CVE-2015-0359}} {{CVE|CVE-2015-0360}} {{CVE|CVE-2015-3038}} {{CVE|CVE-2015-3039}} {{CVE|CVE-2015-3040}} {{CVE|CVE-2015-3041}} {{CVE|CVE-2015-3042}} {{CVE|CVE-2015-3043}} {{CVE|CVE-2015-3044}} [https://helpx.adobe.com/security/products/flash-player/apsb15-06.html templink] || {{pkg|flashplugin}} || 2015-04-14 || <= 11.2.202.451-1 || 11.2.202.457-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000297.html ASA-201504-18]<br />
|-<br />
| {{CVE|CVE-2015-1351}} {{CVE|CVE-2015-1352}} {{CVE|CVE-2015-2783}} {{CVE|CVE-2015-3330}} {{CVE|CVE-2015-3329}} [https://php.net/ChangeLog-5.php#5.6.8 templink] || {{pkg|php}} || 2015-04-17 || <= 5.6.7.-2 || 5.6.8-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000291.html ASA-201504-14]<br />
|-<br />
| {{CVE|CVE-2015-0460}} {{CVE|CVE-2015-0469}} {{CVE|CVE-2015-0470}} {{CVE|CVE-2015-0477}} {{CVE|CVE-2015-0478}} {{CVE|CVE-2015-0480}} {{CVE|CVE-2015-0488}} || {{pkg|jdk8-openjdk}} {{pkg|jre8-openjdk}} {{pkg|jre8-openjdk-headless}} || 2015-04-14 || <= 8.u40-1 || 8.u45-1 || 6d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000300.html ASA-201504-21] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000301.html ASA-201504-22] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000302.html ASA-201504-23]<br />
|-<br />
| {{CVE|CVE-2015-0460}} {{CVE|CVE-2015-0469}} {{CVE|CVE-2015-0477}} {{CVE|CVE-2015-0478}} {{CVE|CVE-2015-0480}} {{CVE|CVE-2015-0488}} [http://blog.fuseyism.com/index.php/2015/04/15/security-icedtea-2-5-5-for-openjdk-7-released/ templink] || {{pkg|jdk7-openjdk}} {{pkg|jre7-openjdk}} {{pkg|jre7-openjdk-headless}} || 2015-04-14 || <= 7.u75_2.5.4-1 || 7.u79_2.5.5-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000294.html ASA-201504-15] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000295.html ASA-201504-16] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000296.html ASA-201504-17]<br />
|-<br />
| {{CVE|CVE-2015-3310}} [http://www.openwall.com/lists/oss-security/2015/04/16/7 templink] || {{pkg|ppp}} || 2015-04-13 || <= 2.4.7-1 || 2.4.7-2 || ~4m || Fixed ({{bug|44607}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000380.html ASA-201508-3]<br />
|-<br />
| {{CVE|CVE-2015-3308}} [http://www.openwall.com/lists/oss-security/2015/04/16/6 templink] || {{pkg|gnutls}} || 2015-03-30 || <= 3.3.13-1 || 3.3.14-1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-1235}} {{CVE|CVE-2015-1236}} {{CVE|CVE-2015-1237}} {{CVE|CVE-2015-1238}} {{CVE|CVE-2015-1240}} {{CVE|CVE-2015-1241}} {{CVE|CVE-2015-1242}} {{CVE|CVE-2015-1244}} {{CVE|CVE-2015-1245}} {{CVE|CVE-2015-1246}} {{CVE|CVE-2015-1247}} {{CVE|CVE-2015-1248}} {{CVE|CVE-2015-1249}} [http://googlechromereleases.blogspot.fr/2015/04/stable-channel-update_14.html templink] || {{pkg|chromium}} || 2015-04-14 || <= 41.0.2272.118-2 || 42.0.2311.90-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000298.html ASA-201504-19]<br />
|-<br />
| {{CVE|CVE-2015-1855}} [https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/ templink] || {{pkg|ruby}} || 2015-04-13 || <= 2.2.1-1 || 2.2.2-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000282.html ASA-201504-13]<br />
|-<br />
| {{CVE|CVE-2015-3026}} [http://seclists.org/oss-sec/2015/q2/80 templink] || {{pkg|icecast}} || 2015-04-08 || <= 2.4.1-1 || 2.4.2-1 || 3d || Fixed ({{bug|44503}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000281.html ASA-201504-12]<br />
|-<br />
| {{CVE|CVE-2015-1798}} [http://seclists.org/oss-sec/2015/q2/63 templink] || {{pkg|chrony}} || 2015-04-08 || <= 1.31-2 || 1.31.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000278.html ASA-201504-9]<br />
|-<br />
| {{CVE|CVE-2015-1798}} {{CVE|CVE-2015-1799}} [http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities templink] || {{pkg|ntp}} || 2015-04-07 || <= 4.2.8p1 || 4.2.8p2-1 || <1d || Fixed ({{bug|44492}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000275.html ASA-201504-8]<br />
|-<br />
| {{CVE|CVE-2015-2931}} {{CVE|CVE-2015-2932}} {{CVE|CVE-2015-2933}} {{CVE|CVE-2015-2934}} {{CVE|CVE-2015-2935}} {{CVE|CVE-2015-2936}} {{CVE|CVE-2015-2937}} {{CVE|CVE-2015-2938}} {{CVE|CVE-2015-2939}} {{CVE|CVE-2015-2940}} {{CVE|CVE-2015-2941}} {{CVE|CVE-2015-2942}} [http://seclists.org/oss-sec/2015/q2/61 templink] || {{pkg|mediawiki}} || 2015-04-07 || <= 1.24.1-1 || 1.24.2-1 || 0d || Fixed ({{bug|44489}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000280.html ASA-201504-11]<br />
|-<br />
| {{CVE|CVE-2015-2928}} {{CVE|CVE-2015-2929}} [http://seclists.org/oss-sec/2015/q2/56 templink] || {{pkg|tor}} || 2015-04-06 || <= 0.2.5.11-1 || 0.2.5.12-1 || <1d || Fixed ({{bug|44482}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000274.html ASA-201504-7]<br />
|-<br />
| {{CVE|CVE-2015-0799}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2015-04-03 || <= 37.0-1 || 37.0.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000271.html ASA-201504-4]<br />
|-<br />
| {{CVE|CVE-2015-1233}} {{CVE|CVE-2015-1234}} [http://googlechromereleases.blogspot.fr/2015/04/stable-channel-update.html templink] || {{pkg|chromium}} || 2015-04-01 || <= 41.0.2272.101-1 || 41.0.2272.118-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000269.html ASA-201504-2]<br />
|-<br />
| {{CVE|CVE-2015-0801}} {{CVE|CVE-2015-0807}} {{CVE|CVE-2015-0813}} {{CVE|CVE-2015-0814}} {{CVE|CVE-2015-0815}} {{CVE|CVE-2015-0816}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/ templink] || {{pkg|thunderbird}} || 2015-03-31 || <= 31.5.0-1 || 31.6.0-1|| 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000272.html ASA-201504-6]<br />
|-<br />
| {{CVE|CVE-2015-0801}} {{CVE|CVE-2015-0802}} {{CVE|CVE-2015-0803}} {{CVE|CVE-2015-0804}} {{CVE|CVE-2015-0805}} {{CVE|CVE-2015-0806}} {{CVE|CVE-2015-0807}} {{CVE|CVE-2015-0808}} {{CVE|CVE-2015-0811}} {{CVE|CVE-2015-0812}} {{CVE|CVE-2015-0813}} {{CVE|CVE-2015-0814}} {{CVE|CVE-2015-0815}} {{CVE|CVE-2015-0816}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2015-03-31 || <= 36.0.4-1 || 37.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000268.html ASA-201504-1]<br />
|-<br />
| {{CVE|CVE-2015-1817}} [http://www.openwall.com/lists/oss-security/2015/03/30/3 templink] || {{pkg|musl}} || 2015-03-29 || <= 1.1.7-1 || 1.1.8-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000267.html ASA-201503-26]<br />
|-<br />
| {{CVE|CVE-2015-2782}} {{CVE|CVE-2015-0556}} {{CVE|CVE-2015-0557}} [http://www.openwall.com/lists/oss-security/2015/03/29/1 templink] || {{pkg|arj}} || 2015-03-28 || <= 3.10.22-8 || 3.10.22-10 || 10d || Fixed ({{bug|44411}}) ({{bug|44488}}) || None<br />
|-<br />
| {{CVE|CVE-2015-0250}} [http://seclists.org/fulldisclosure/2015/Mar/142 templink] || {{pkg|java-batik}} || 2015-03-17 || <= 1.7-12 || 1.8-1 || 17d || Fixed ({{bug|44410}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000273.html ASA-201504-5]<br />
|-<br />
| {{CVE|CVE-2015-2806}} [http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=4d4f992826a4962790ecd0cce6fbba4a415ce149 templink] || {{pkg|libtasn1}} || 2015-03-29 || <= 4.3-1 || 4.4-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000270.html ASA-201504-3]<br />
|-<br />
| {{CVE|CVE-2015-0817}} {{CVE|CVE-2015-0818}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2015-03-20 || <= 36.0.1-1 || 36.0.3-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000262.html ASA-201503-21]<br />
|-<br />
| {{CVE|CVE-2015-2559}} [https://www.drupal.org/SA-CORE-2015-001 templink] || {{pkg|drupal}} || 2015-03-19 || <= 7.34-1 || 7.35-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000259.html ASA-201503-18]<br />
|-<br />
| {{CVE|CVE-2015-0252}} [https://xerces.apache.org/xerces-c/secadv/CVE-2015-0252.txt templink] || {{pkg|xerces-c}} || 2015-03-19 || <= 3.1.1-5 || 3.1.2-1 || 1d || Fixed ({{bug|44272}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000260.html ASA-201503-19]<br />
|-<br />
| {{CVE|CVE-2015-2330}} [http://www.openwall.com/lists/oss-security/2015/03/18/4 templink] || {{pkg|webkitgtk}} {{pkg|webkitgtk2}} || 2015-03-17 || <= 2.4.8-1 || 2.4.9-1 || 30d || Fixed ({{bug|44237}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000339.html ASA-201505-18] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000340.html ASA-201505-19]<br />
|-<br />
| {{CVE|CVE-2015-2305}} {{CVE|CVE-2015-2331}} {{CVE|CVE-2015-2348}} {{CVE|CVE-2015-2787}} [https://bugs.php.net/bug.php?id=69253 templink] || {{pkg|php}} || 2015-03-18 || <= 5.6.6-1 || 5.6.7-1 || 10d || Fixed ({{bug|44236}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000266.html ASA-201503-25]<br />
|-<br />
| {{CVE|CVE-2015-0204}} {{CVE|CVE-2015-0207}} {{CVE|CVE-2015-0208}} {{CVE|CVE-2015-0209}} {{CVE|CVE-2015-0285}} {{CVE|CVE-2015-0286}} {{CVE|CVE-2015-0287}} {{CVE|CVE-2015-0288}} {{CVE|CVE-2015-0289}} {{CVE|CVE-2015-0290}} {{CVE|CVE-2015-0291}} {{CVE|CVE-2015-0293}} {{CVE|CVE-2015-1787}} [https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=28a00bcd8e318da18031b2ac8778c64147cd54f9 commit-0288] [https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2b31fcc0b5e7329e13806822a5709dbd51c5c8a4 commit-0285] [https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ba5d0113e8bcb26857ae58a11b219aeb7bc2408a commit-0209] [https://security-tracker.debian.org/tracker/CVE-2015-0288 Debian-Bug-tracker] [https://www.openssl.org/news/secadv_20150319.txt advisory] || {{pkg|openssl}} {{pkg|lib32-openssl}} || 2015-03-17 || <= 1.0.2-1 || 1.0.2.a-1 || 2d || Fixed ({{bug|44227}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000257.html ASA-201503-16] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000258.html ASA-201503-17]<br />
|-<br />
| {{CVE|CVE-2015-1802}} {{CVE|CVE-2015-1803}} {{CVE|CVE-2015-1804}} [http://www.openwall.com/lists/oss-security/2015/03/17/5 templink] || {{pkg|libxfont}} || 2015-03-17 || <= 1.5.0-1 || 1.5.1-1 || <1d || Fixed ({{bug|44226}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000256.html ASA-201503-15]<br />
|-<br />
| {{CVE|CVE-2015-0332}} {{CVE|CVE-2015-0333}} {{CVE|CVE-2015-0334}} {{CVE|CVE-2015-0335}} {{CVE|CVE-2015-0336}} {{CVE|CVE-2015-0337}} {{CVE|CVE-2015-0338}} {{CVE|CVE-2015-0339}} {{CVE|CVE-2015-0340}} {{CVE|CVE-2015-0341}} {{CVE|CVE-2015-0342}} [https://helpx.adobe.com/security/products/flash-player/apsb15-05.html templink] || {{pkg|flashplugin}} || 2015-03-12 || <= 11.2.202.442-1 || 11.2.202.451-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000252.html ASA-201503-11]<br />
|-<br />
| {{CVE|CVE-2014-9687}} [http://www.openwall.com/lists/oss-security/2015/02/10/10 templink] || {{pkg|ecryptfs-utils}} || 2015-02-10 || <= 104-1 || 106-1 || 37d || Fixed ({{bug|44157}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000255.html ASA-201503-14]<br />
|-<br />
| {{CVE|CVE-2015-1782}} [http://www.libssh2.org/adv_20150311.html templink] || {{pkg|libssh2}} || 2015-03-11 || <= 1.4.3-1 || 1.5.0-1 || 29d || Fixed ({{bug|44146}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000279.html ASA-201504-10]<br />
|-<br />
| {{CVE|CVE-2015-2241}} [https://www.djangoproject.com/weblog/2015/mar/09/security-releases/ templink] || {{pkg|python-django}} {{pkg|python2-django}} || 2015-03-09 || <= 1.7.5-1 || 1.7.6-1 || 2d || Fixed ({{bug|44122}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000248.html ASA-201503-7]<br />
|-<br />
| {{CVE|CVE-2015-1212}} {{CVE|CVE-2015-1213}} {{CVE|CVE-2015-1214}} {{CVE|CVE-2015-1215}} {{CVE|CVE-2015-1216}} {{CVE|CVE-2015-1217}} {{CVE|CVE-2015-1218}} {{CVE|CVE-2015-1219}} {{CVE|CVE-2015-1220}} {{CVE|CVE-2015-1221}} {{CVE|CVE-2015-1222}} {{CVE|CVE-2015-1223}} {{CVE|CVE-2015-1224}} {{CVE|CVE-2015-1225}} {{CVE|CVE-2015-1226}} {{CVE|CVE-2015-1227}} {{CVE|CVE-2015-1228}} {{CVE|CVE-2015-1229}} {{CVE|CVE-2015-1230}} {{CVE|CVE-2015-1231}} [http://googlechromereleases.blogspot.fr/2015/03/stable-channel-update.html templink] || {{pkg|chromium}} || 2015-03-03 || <= 40.0.2214.115-1 || 41.0.2272.76-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000245.html ASA-201503-5]<br />
|-<br />
| {{CVE|CVE-2015-1572}} [https://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=49d0fe2a14f2a23da2fe299643379b8c1d37df73 templink] || {{pkg|e2fsprogs}} || 2015-02-06 || <= 1.42.12-1 || 1.42.12-2 || 6d || Fixed ({{bug|44015}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000249.html ASA-201503-8]<br />
|-<br />
| {{CVE|CVE-2015-2157}} [http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/private-key-not-wiped-2.html templink] || {{pkg|putty}} || 2015-03-02 || <= 0.63-1 || 0.64-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000241.html ASA-201503-1]<br />
|-<br />
| {{CVE|CVE-2015-0822}} {{CVE|CVE-2015-0827}} {{CVE|CVE-2015-0831}} {{CVE|CVE-2015-0835}} {{CVE|CVE-2015-0836}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/ templink] || {{pkg|thunderbird}} || 2015-02-24 || <= 31.4.0-1 || 31.5.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000238.html ASA-201502-15]<br />
|-<br />
| {{CVE|CVE-2015-0819}} {{CVE|CVE-2015-0821}} {{CVE|CVE-2015-0822}} {{CVE|CVE-2015-0823}} {{CVE|CVE-2015-0824}} {{CVE|CVE-2015-0825}} {{CVE|CVE-2015-0826}} {{CVE|CVE-2015-0827}} {{CVE|CVE-2015-0829}} {{CVE|CVE-2015-0830}} {{CVE|CVE-2015-0831}} {{CVE|CVE-2015-0832}} {{CVE|CVE-2015-0834}} {{CVE|CVE-2015-0835}} {{CVE|CVE-2015-0836}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2015-02-24 || <= 35.0.1-1 || 36.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000237.html ASA-201502-14]<br />
|-<br />
| {{CVE|CVE-2015-0240}} [https://www.samba.org/samba/history/samba-4.1.17.html templink] || {{pkg|samba}} || 2015-02-23 || <= 4.1.16-1 || 4.1.17-1 || <1d || Fixed ({{bug|43923}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000236.html ASA-201502-13]<br />
|-<br />
| {{CVE|CVE-2014-9636}} [http://www.openwall.com/lists/oss-security/2014/11/02/2 templink] || {{pkg|unzip}} || 2014-11-02 || <= 6.0-9 || 6.0-10 || 75d || Fixed ({{bug|44171}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000250.html ASA-201503-9]<br />
|-<br />
| {{CVE|CVE-2015-1315}} [http://www.openwall.com/lists/oss-security/2015/02/17/4 templink] || {{pkg|unzip}} || 2014-11-02 || <= 6.0-9 || 6.0-9 || - || Not Affected || None<br />
|-<br />
| {{CVE|CVE-2014-9680}} [http://www.sudo.ws/sudo/alerts/tz.html templink] || {{pkg|sudo}} || 2015-02-09 || <= 1.8.12-1 || 1.8.12-1 || 4d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-5352}} {{CVE|CVE-2014-5353}} {{CVE|CVE-2014-5354}} {{CVE|CVE-2014-9421}} {{CVE|CVE-2014-9422}} {{CVE|CVE-2014-9423}} [http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2015-001.txt templink] [http://www.openwall.com/lists/oss-security/2014/12/16/1 templink] || {{pkg|krb5}} || 2015-02-03 || <= 1.13-1 || 1.13.1-1 || 14d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000235.html ASA-201502-12] <br />
|-<br />
| {{CVE|CVE-2015-0255}} [http://www.x.org/wiki/Development/Security/Advisory-2015-02-10/ templink] || {{pkg|xorg-server}} || 2015-02-10 || <= 1.16.3-2|| 1.16.4-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000234.html ASA-201502-11]<br />
|-<br />
| {{CVE|CVE-2015-1191}} [http://www.openwall.com/lists/oss-security/2015/01/18/3 templink] || {{pkg|pigz}} || 2015-01-18 || <= 2.3.1-1 || 2.3.3-1 || 21d || Fixed ({{bug|43748}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000232.html ASA-201502-9]<br />
|-<br />
| {{CVE|CVE-2015-0245}} [http://lists.freedesktop.org/archives/dbus/2015-February/016553.html templink] || {{pkg|dbus}} || 2015-02-09 || <= 1.8.14-1 || 1.8.16-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000233.html ASA-201502-10]<br />
|-<br />
| {{CVE|CVE-2015-1472}} {{CVE|CVE-2015-1473}} || {{pkg|glibc}} || 2015-02-05 || <= 2.20-6 || 2.21-1 ||4d || Fixed ({{bug|43747}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000231.html ASA-201502-8]<br />
|-<br />
| {{CVE|CVE-2014-9297}} {{CVE|CVE-2014-9298}} [http://support.ntp.org/bin/view/Main/SecurityNotice#vallen_is_not_validated_in_sever templink] [http://support.ntp.org/bin/view/Main/SecurityNotice#1_can_be_spoofed_on_some_OSes_so templink]|| {{pkg|ntp}} || 2015-02-04 || <= 4.2.8-1 || 4.2.8.p1-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000230.html ASA-201502-7]<br />
|-<br />
| {{CVE|CVE-2014-9328}} || {{pkg|clamav}} || 2015-01-28 || <= 0.98.5-1 || 0.98.6-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000229.html ASA-201502-6]<br />
|-<br />
| {{CVE|CVE-2015-1209}} {{CVE|CVE-2015-1210}} {{CVE|CVE-2015-1211}} {{CVE|CVE-2015-1212}} [http://googlechromereleases.blogspot.fr/2015/02/stable-channel-update.html templink] || {{pkg|chromium}} || 2015-02-05 || <= 40.0.2214.94-1 || 40.0.2214.111-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000228.html ASA-201502-5]<br />
|-<br />
| {{CVE|CVE-2015-0313}} {{CVE|CVE-2015-0314}} {{CVE|CVE-2015-0315}} {{CVE|CVE-2015-0316}} {{CVE|CVE-2015-0317}} {{CVE|CVE-2015-0318}} {{CVE|CVE-2015-0319}} {{CVE|CVE-2015-0320}} {{CVE|CVE-2015-0321}} {{CVE|CVE-2015-0322}} {{CVE|CVE-2015-0323}} {{CVE|CVE-2015-0324}} {{CVE|CVE-2015-0325}} {{CVE|CVE-2015-0326}} {{CVE|CVE-2015-0327}} {{CVE|CVE-2015-0328}} {{CVE|CVE-2015-0329}} {{CVE|CVE-2015-0330}} [https://helpx.adobe.com/security/products/flash-player/apsb15-04.html templink] || {{pkg|flashplugin}} || 2015-02-05 || <= 11.2.202.440-1 || 11.2.202.442-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000225.html ASA-201502-2]<br />
|-<br />
| {{CVE|CVE-2014-8161}} {{CVE|CVE-2015-0241}} {{CVE|CVE-2015-0243}} {{CVE|CVE-2015-0244}} [http://www.postgresql.org/docs/9.4/static/release-9-4-1.html templink] || {{pkg|postgresql}} || 2015-02-05 || <= 9.4.0-1 || 9.4.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000227.html ASA-201502-4]<br />
|-<br />
| {{CVE|CVE-2015-1380}} {{CVE|CVE-2015-1381}} {{CVE|CVE-2015-1382}} [http://seclists.org/oss-sec/2015/q1/285 templink] || {{pkg|privoxy}} || 2015-01-26 || <= 3.0.22-1 || 3.0.23-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000224.html ASA-201502-1]<br />
|-<br />
| {{CVE|CVE-2015-0235}} [https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-0235 templink] || {{pkg|glibc}} || 2015-01-27 || < 2.18-1 || 2.18-1 || < 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-0311}} {{CVE|CVE-2015-0301}} {{CVE|CVE-2015-0302}} {{CVE|CVE-2015-0303}} {{CVE|CVE-2015-0304}} {{CVE|CVE-2015-0305}} {{CVE|CVE-2015-0306}} {{CVE|CVE-2015-0307}} {{CVE|CVE-2015-0308}} {{CVE|CVE-2015-0309}} [https://helpx.adobe.com/security/products/flash-player/apsb15-01.html templink] || {{pkg|flashplugin}} || 2015-01-23 || <= 11.2.202.438-1 || 11.2.202.440-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000220.html ASA-201501-22]<br />
|-<br />
| {{CVE|CVE-2015-0231}} {{CVE|CVE-2014-9427}} {{CVE|CVE-2015-0232}} [https://bugs.php.net/bug.php?id=68710 templink] [https://bugs.php.net/bug.php?id=68618 templink] [https://bugs.php.net/bug.php?id=68799 templink] || {{pkg|php}} || 2015-01-22 || <= 5.6.4-1 || 5.6.5-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000215.html ASA-201501-17]<br />
|-<br />
| {{CVE|CVE-2014-9638}} {{CVE|CVE-2014-9639}} {{CVE|CVE-2014-9640}} [http://www.openwall.com/lists/oss-security/2015/01/22/9 templink] || {{pkg|vorbis-tools}} || 2015-01-21 || <= 1.4.0-4 || 1.4.0-5 || 64d || Fixed ({{bug|44172}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000265.html ASA-201503-24]<br />
|-<br />
| {{CVE|CVE-2015-1345}} [http://seclists.org/oss-sec/2015/q1/179 templink] || {{pkg|grep}} || 2015-01-18 || <= 2.21-1 || 2.21-2 || 46d || Fixed ({{bug|44017}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000244.html ASA-201503-4]<br />
|-<br />
| {{CVE|CVE-2014-7923}} {{CVE|CVE-2014-7924}} {{CVE|CVE-2014-7925}} {{CVE|CVE-2014-7926}} {{CVE|CVE-2014-7927}} {{CVE|CVE-2014-7928}} {{CVE|CVE-2014-7930}} {{CVE|CVE-2014-7931}} {{CVE|CVE-2014-7929}} {{CVE|CVE-2014-7932}} {{CVE|CVE-2014-7933}} {{CVE|CVE-2014-7934}} {{CVE|CVE-2014-7935}} {{CVE|CVE-2014-7936}} {{CVE|CVE-2014-7937}} {{CVE|CVE-2014-7938}} {{CVE|CVE-2014-7939}} {{CVE|CVE-2014-7940}} {{CVE|CVE-2014-7941}} {{CVE|CVE-2014-7942}} {{CVE|CVE-2014-7943}} {{CVE|CVE-2014-7944}} {{CVE|CVE-2014-7945}} {{CVE|CVE-2014-7946}} {{CVE|CVE-2014-7947}} {{CVE|CVE-2014-7948}} {{CVE|CVE-2015-1205}} [http://googlechromereleases.blogspot.fr/2015/01/stable-update.html templink] || {{pkg|chromium}} || 2015-01-22 || <= 39.0.2171.99-1 || 40.0.2214.91-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000219.html ASA-201501-21]<br />
|-<br />
| {{CVE|CVE-2014-3566}} {{CVE|CVE-2014-6549}} {{CVE|CVE-2014-6585}} {{CVE|CVE-2014-6587}} {{CVE|CVE-2014-6591}} {{CVE|CVE-2014-6593}} {{CVE|CVE-2014-6601}} {{CVE|CVE-2015-0383}} {{CVE|CVE-2015-0395}} {{CVE|CVE-2015-0400}} {{CVE|CVE-2015-0403}} {{CVE|CVE-2015-0406}} {{CVE|CVE-2015-0407}} {{CVE|CVE-2015-0408}} {{CVE|CVE-2015-0410}} {{CVE|CVE-2015-0412}} {{CVE|CVE-2015-0413}} {{CVE|CVE-2015-0421}} {{CVE|CVE-2015-0437}} [http://www.oracle.com/technetwork/topics/security/cpujan2015verbose-1972976.html#JAVA templink] || {{pkg|jdk8-openjdk}} {{pkg|jre8-openjdk}} {{pkg|jre8-openjdk-headless}} || 2015-01-22 || <= 8.u25-2 || 8.u31-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000210.html ASA-201501-14] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000211.html ASA-201501-15] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000212.html ASA-201501-16]<br />
|-<br />
| {{CVE|CVE-2014-3566}} {{CVE|CVE-2014-6585}} {{CVE|CVE-2014-6587}} {{CVE|CVE-2014-6591}} {{CVE|CVE-2014-6593}} {{CVE|CVE-2014-6601}} {{CVE|CVE-2015-0383}} {{CVE|CVE-2015-0395}} {{CVE|CVE-2015-0407}} {{CVE|CVE-2015-0408}} {{CVE|CVE-2015-0410}} {{CVE|CVE-2015-0412}} [http://www.oracle.com/technetwork/topics/security/cpujan2015verbose-1972976.html#JAVA templink] || {{pkg|jdk7-openjdk}} {{pkg|jre7-openjdk}} {{pkg|jre7-openjdk-headless}} || 2015-01-22 || <= 7.u71_2.5.3-3 || 7.u75_2.5.4-1 || || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000216.html ASA-201501-18] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000217.html ASA-201501-19] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000218.html ASA-201501-20]<br />
|-<br />
| {{CVE|CVE-2014-8157}} {{CVE|CVE-2014-8158}} [http://seclists.org/oss-sec/2015/q1/210 templink] || {{pkg|jasper}} || 2015-01-22 || <= 1.900.1-12 || 1.900.1-13 || 5d || Fixed ({{bug|43592}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000222.html ASA-201501-23]<br />
|-<br />
| {{CVE|CVE-2014-8132}} [http://www.libssh.org/2014/12/19/libssh-0-6-4-security-and-bugfix-release/ templink] || {{pkg|libssh}} || 2014-12-19 || <= 0.6.3-1 || 0.6.4-1 || 26d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000208.html ASA-201501-12]<br />
|-<br />
| {{CVE|CVE-2015-1182}} [https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-04 templink] || {{pkg|polarssl}} || 2012-09-19 || <= 1.3.9-1 || 1.3.9-2 || 1d || Fixed ({{bug|43508}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000209.html ASA-201501-13]<br />
|-<br />
| {{CVE|CVE-2012-3505}} [http://www.openwall.com/lists/oss-security/2012/08/18/1 templink] || {{pkg|tinyproxy}} || 2012-09-10 || <= 1.8.3-1 || 1.8.4-1 || > 740d || Fixed ({{bug|38400}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000207.html ASA-201501-11]<br />
|-<br />
| {{CVE|CVE-2014-9447}} [https://git.fedorahosted.org/cgit/elfutils.git/commit/?id=147018e729e7c22eeabf15b82d26e4bf68a0d18e templink] || {{pkg|elfutils}} || 2015-01-19 || <= 0.161-2 || 0.161-3 || 42d || Fixed ({{bug|44019}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000242.html ASA-201503-2]<br />
|-<br />
| {{CVE|CVE-2014-9447}} [https://git.fedorahosted.org/cgit/elfutils.git/commit/?id=147018e729e7c22eeabf15b82d26e4bf68a0d18e templink] || {{pkg|lib32-elfutils}} || 2015-01-19 || <= 0.161-1 || 0.161-2 || 42d || Fixed ({{bug|44020}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000243.html ASA-201503-3]<br />
|-<br />
| {{CVE|CVE-2014-8143}} [https://www.samba.org/samba/security/CVE-2014-8143 templink] || {{pkg|samba}} || 2015-01-15 || <= 4.1.15-1 || 4.1.16-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000206.html ASA-201501-10]<br />
|-<br />
| {{CVE|CVE-2015-1197}} [http://www.openwall.com/lists/oss-security/2015/01/18/7 templink] || {{pkg|cpio}} || 2015-01-16 || <= 2.11-5 || 2.11-6 || 65d || Fixed ({{bug|44173}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000263.html ASA-201503-22]<br />
|-<br />
| {{CVE|CVE-2015-1196}} {{CVE|CVE-2014-9637}} [http://www.openwall.com/lists/oss-security/2015/01/18/6 templink] [https://savannah.gnu.org/bugs/?44051 templink] || {{pkg|patch}} || 2015-01-14 || <= 2.7.1-3 || 2.7.3-1 || 14d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000223.html ASA-201501-24]<br />
|-<br />
| {{CVE|CVE-2014-9571}} {{CVE|CVE-2014-9572}} {{CVE|CVE-2014-9573}} {{CVE|CVE-2014-9624}} {{CVE|CVE-2015-1042}} [http://www.openwall.com/lists/oss-security/2015/01/17/1 templink] [http://www.openwall.com/lists/oss-security/2015/01/17/3 templink] [http://www.openwall.com/lists/oss-security/2015/01/17/2 templink] [http://www.openwall.com/lists/oss-security/2015/01/18/11 templink] || {{pkg|mantisbt}} || 2015-01-17 || <= 1.2.18-1 || 1.2.19-1 || 20d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000226.html ASA-201502-3]<br />
|-<br />
| {{CVE|CVE-2014-8634}} {{CVE|CVE-2014-8635}} {{CVE|CVE-2014-8638}} {{CVE|CVE-2014-8639}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/ templink] || {{pkg|thunderbird}} || 2015-01-13 || <= 31.3.0-1 || 31.4.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000203.html ASA-201501-7]<br />
|-<br />
| {{CVE|CVE-2014-8634}} {{CVE|CVE-2014-8635}} {{CVE|CVE-2014-8636}} {{CVE|CVE-2014-8637}} {{CVE|CVE-2014-8638}} {{CVE|CVE-2014-8639}} {{CVE|CVE-2014-8640}} {{CVE|CVE-2014-8641}} {{CVE|CVE-2014-8642}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2015-01-13 || <= 34.0.5-1 || 35.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000202.html ASA-201501-6]<br />
|-<br />
| {{CVE|CVE-2014-3571}} {{CVE|CVE-2015-0206}} {{CVE|CVE-2014-3569}} {{CVE|CVE-2014-3572}} {{CVE|CVE-2015-0205}} {{CVE|CVE-2014-8275}} {{CVE|CVE-2014-3570}} [https://www.openssl.org/news/secadv_20150108.txt templink] || {{pkg|openssl}} || 2015-01-08 || <= 1.0.1.j-1 || 1.0.1.k-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000198.html ASA-201501-2]<br />
|-<br />
| {{CVE|CVE-2014-8150}} [http://curl.haxx.se/docs/adv_20150108B.html templink] || {{pkg|curl}} || 2015-01-08 || <= 7.39.0-1 || 7.40.0-1 || 10d || Fixed ({{bug|43379}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000205.html ASA-201501-9]<br />
|-<br />
| {{CVE|CVE-2014-6272}} [http://archives.seul.org/libevent/users/Jan-2015/msg00010.html templink] || {{pkg|libevent}} || 2015-01-05 || <= 2.0.21-3 || 2.0.22-1 || 7d || Fixed ({{bug|43366}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000200.html ASA-201501-4] <br />
|-<br />
| {{CVE|CVE-2014-8139}} {{CVE|CVE-2014-8140}} {{CVE|CVE-2014-8141}} [http://www.ocert.org/advisories/ocert-2014-011.html templink] || {{pkg|unzip}} || 2014-12-22 || <= 6.0-7 || 6.0-9 || 17d || Fixed ({{bug|43300}}) ({{bug|43391}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000199.html ASA-201501-3]<br />
|-<br />
| {{CVE|CVE-2014-6395}} {{CVE|CVE-2014-6396}} {{CVE|CVE-2014-9376}} {{CVE|CVE-2014-9377}} {{CVE|CVE-2014-9378}} {{CVE|CVE-2014-9379}} {{CVE|CVE-2014-9380}} {{CVE|CVE-2014-9381}} [https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/ templink] || {{pkg|ettercap}} {{pkg|ettercap-gtk}} || 2014-12-16 || <= 0.8.1-2 || 0.8.2-1 || 89d || Fixed ({{bug|44174}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000253.html ASA-201503-12] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000254.html ASA-201503-13]<br />
|-<br />
| {{CVE|CVE-2014-9425}} [https://bugs.php.net/bug.php?id=68676 templink] || {{pkg|php}} || 2014-12-29 || <= 5.6.4-1 || 5.6.5-1 || 6d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-9295}} {{CVE|CVE-2014-9296}} [http://support.ntp.org/bin/view/Main/SecurityNotice#Buffer_overflow_in_ctl_putdata templink] || {{pkg|ntp}} || 2014-12-19 || < 4.2.8-1 || 4.2.8-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000189.html ASA-201412-24]<br />
|-<br />
| {{CVE|CVE-2014-8142}} [https://bugzilla.redhat.com/show_bug.cgi?id=1175718 templink] || {{pkg|php}} || 2014-12-18 || <= 5.6.3-1 || 5.6.4-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000183.html ASA-201412-23]<br />
|-<br />
| {{CVE|CVE-2014-8137}} {{CVE|CVE-2011-4516}} {{CVE|CVE-2011-4517}} [https://marc.info/?l=oss-security&m=141891163026757&w=2 templink] || {{pkg|jasper}} || 2014-12-18 || <= 1.900.1-11 || 1.900.1-12 || 1d || Fixed ({{bug|43155}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000182.html ASA-201412-22]<br />
|-<br />
| {{CVE|CVE-2014-9029}} [https://marc.info/?l=oss-security&m=141770163916268&w=2 templink] || {{pkg|jasper}} || 2014-12-04 || <= 1.900.1-10 || 1.900.1-12 || 6d || Fixed ({{bug|43044}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000182.html ASA-201412-22]<br />
|-<br />
| {{CVE|CVE-2012-3406}} {{CVE|CVE-2014-9402}} [http://www.openwall.com/lists/oss-security/2014/12/18/1 templink] || {{pkg|glibc}} {{pkg|lib32-glibc}} || 2014-12-17 || <= 2.20-4 || 2.20-5 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000181.html ASA-201412-21]<br />
|-<br />
| {{CVE|CVE-2014-9253}} [http://seclists.org/oss-sec/2014/q4/1050 templink] || {{pkg|dokuwiki}} || 2014-12-15 || <= 20140929_a-1 || 20140929_b-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000177.html ASA-201412-19]<br />
|-<br />
| {{CVE|CVE-2014-3580}} {{CVE|CVE-2014-8108}} [https://subversion.apache.org/security/CVE-2014-3580-advisory.txt templink] [https://subversion.apache.org/security/CVE-2014-8108-advisory.txt templink] || {{pkg|subversion}} || 2014-12-16 || <= 1.8.10-1 || 1.8.11-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000175.html ASA-201412-17]<br />
|-<br />
| {{CVE|CVE-2014-9356}} {{CVE|CVE-2014-9357}} {{CVE|CVE-2014-9358}} [http://www.securityfocus.com/archive/1/534215 templink] || {{pkg|docker}} || 2014-12-12 || <= 1:1.3.2-1 || 1:1.4.0-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000174.html ASA-201412-16]<br />
|-<br />
| {{CVE|CVE-2013-1752}} {{CVE|CVE-2013-1753}} {{CVE|CVE-2014-9365}} [https://hg.python.org/cpython/raw-file/v2.7.9/Misc/NEWS templink] || {{pkg|python2}} || 2014-12-11 || <= 2.7.8-1 || 2.7.9-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000173.html ASA-201412-15]<br />
|-<br />
| {{CVE|CVE-2014-0580}} {{CVE|CVE-2014-0587}} {{CVE|CVE-2014-8443}} {{CVE|CVE-2014-9162}} {{CVE|CVE-2014-9163}} {{CVE|CVE-2014-9164}} [https://helpx.adobe.com/security/products/flash-player/apsb14-27.html templink] || {{pkg|flashplugin}} || 2014-12-09 || <= 11.2.202.424-1 || 11.2.202.425-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000171.html ASA-201412-13]<br />
|-<br />
| {{CVE|CVE-2014-8091}} {{CVE|CVE-2014-8092}} {{CVE|CVE-2014-8093}} {{CVE|CVE-2014-8094}} {{CVE|CVE-2014-8095}} {{CVE|CVE-2014-8096}} {{CVE|CVE-2014-8097}} {{CVE|CVE-2014-8098}} {{CVE|CVE-2014-8099}} {{CVE|CVE-2014-8100}} {{CVE|CVE-2014-8101}} {{CVE|CVE-2014-8102}} {{CVE|CVE-2014-8103}} [http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/ templink] || {{pkg|xorg-server}} || 2014-12-09 || <= 1.16.2-1 || 1.16.2.901-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000172.html ASA-201412-14]<br />
|-<br />
| {{CVE|CVE-2014-8093}} {{CVE|CVE-2014-8098}} {{CVE|CVE-2014-8298}} [https://nvidia.custhelp.com/app/answers/detail/a_id/3610 templink] || {{pkg|nvidia}} {{pkg|nvidia-lts}} || 2014-12-09 || <= 343.22-6 || 343.36-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000170.html ASA-201412-12]<br />
|-<br />
| {{CVE|CVE-2014-8093}} {{CVE|CVE-2014-8098}} {{CVE|CVE-2014-8298}} [https://nvidia.custhelp.com/app/answers/detail/a_id/3610 templink] || {{pkg|nvidia-340xx}} {{pkg|nvidia-340xx-lts}} || 2014-12-09 || <= 340.58-3 || 340.65-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000169.html ASA-201412-11]<br />
|-<br />
| {{CVE|CVE-2014-8093}} {{CVE|CVE-2014-8098}} {{CVE|CVE-2014-8298}} [https://nvidia.custhelp.com/app/answers/detail/a_id/3610 templink] || {{pkg|nvidia-304xx}} {{pkg|nvidia-304xx-lts}} || 2014-12-09 || < 304.125-1 || 304.125-1 || < 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000168.html ASA-201412-10]<br />
|-<br />
| {{CVE|CVE-2014-8601}} [http://doc.powerdns.com/md/security/powerdns-advisory-2014-02/ templink] || {{pkg|powerdns-recursor}} || 2014-12-09 || <= 3.6.1-1 || 3.6.2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000167.html ASA-201412-9]<br />
|-<br />
| {{CVE|CVE-2014-8602}} [https://unbound.net/downloads/CVE-2014-8602.txt templink] || {{pkg|unbound}} || 2014-12-09 || <= 1.5.0-1 || 1.5.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000166.html ASA-201412-8]<br />
|-<br />
| {{CVE|CVE-2014-8500}} {{CVE|CVE-2014-8680}} [http://svnweb.freebsd.org/ports?view=revision&revision=374305 templink] || {{pkg|bind}} || 2014-12-08 || <= 9.10.1-2 || 9.10.1.P1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000165.html ASA-201412-7]<br />
|-<br />
| {{CVE|CVE-2014-9274}} {{CVE|CVE-2014-9275}} [http://seclists.org/oss-sec/2014/q4/904 templink] || {{pkg|unrtf}} || 2014-12-04 || <= 0.21.5-1 || 0.21.7-1 || 10d || Fixed ({{bug|43131}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000178.html ASA-201412-20]<br />
|-<br />
| {{CVE|CVE-2014-1587}} {{CVE|CVE-2014-1588}} {{CVE|CVE-2014-1589}} {{CVE|CVE-2014-1590}} {{CVE|CVE-2014-1591}} {{CVE|CVE-2014-1592}} {{CVE|CVE-2014-1593}} {{CVE|CVE-2014-1594}} {{CVE|CVE-2014-8631}} {{CVE|CVE-2014-8632}} [https://www.mozilla.org/fr/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2014-12-02 || <= 33.1.1-1 || 34.0.5-1 || < 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000161.html ASA-201412-3]<br />
|-<br />
| {{CVE|CVE-2014-9157}} [http://seclists.org/oss-sec/2014/q4/872 templink] || {{pkg|graphviz}} || 2014-11-25 || <= 2.38.0-2 || 2.38.0-3 || 8d || Fixed ({{bug|42983}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000162.html ASA-201412-4]<br />
|-<br />
| {{CVE|CVE-2014-8123}} [http://seclists.org/oss-sec/2014/q4/874 templink] || {{pkg|antiword}} || 2014-12-01 || <= 0.37-4 || 0.37-5 || 3d || Fixed ({{bug|42982}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000163.html ASA-201412-5]<br />
|-<br />
| {{CVE|CVE-2014-8104}} [https://forums.openvpn.net/topic17625.html templink] || {{pkg|openvpn}} || 2014-11-30 || <= 2.3.5-1 || 2.3.6-1 || 4d || Fixed ({{bug|42975}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000160.html ASA-201412-2]<br />
|-<br />
| {{CVE|CVE-2014-9087}} [http://seclists.org/oss-sec/2014/q4/801 templink] || {{pkg|gnupg}} || 2014-11-25 || <= 2.1.0-5 || 2.1.0-6 || 4d || Fixed ({{bug|42943}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000159.html ASA-201412-1]<br />
|-<br />
| {{CVE|CVE-2014-9087}} [http://seclists.org/oss-sec/2014/q4/801 templink] || {{pkg|libksba}} || 2014-11-25 || <= 1.3.1-1 || 1.3.2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000156.html ASA-201411-31]<br />
|-<br />
| {{CVE|CVE-2014-9114}} [http://seclists.org/oss-sec/2014/q4/819 templink] || {{pkg|util-linux}} || 2014-11-27 || <= 2.25.2-1 || 2.26.1-3 || 117d || Fixed ({{bug|43886}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000264.html ASA-201503-23]<br />
|-<br />
| {{CVE|CVE-2014-9112}} [http://seclists.org/oss-sec/2014/q4/818 templink] || {{pkg|cpio}} || 2014-11-26 || <= 2.11-4 || 2.11-5 || 20d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000201.html ASA-201501-5]<br />
|-<br />
| {{CVE|CVE-2014-9116}} [http://seclists.org/oss-sec/2014/q4/835 templink] || {{pkg|mutt}} || 2014-11-27 || <= 1.5.23-1 || 1.5.23-2 || 71d || Fixed ({{bug|44110}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000247.html ASA-201503-6]<br />
|-<br />
| {{CVE|CVE-2014-9093}} [https://bugs.freedesktop.org/show_bug.cgi?id=86449 templink] || {{pkg|libreoffice-fresh}} || 2014-11-19 || <= 4.3.4-1 ||4.3.5-1 || 31d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-9092}} [https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768369#114 templink] || {{pkg|libjpeg-turbo}} || 2014-11-26 || <= 1.3.1-2 || 1.3.1-3 || 2d || Fixed ({{bug|42922}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000158.html ASA-201411-33]<br />
|-<br />
| {{CVE|CVE-2014-9272}} {{CVE|CVE-2014-9270}} {{CVE|CVE-2014-8987}} {{CVE|CVE-2014-9271}} {{CVE|CVE-2014-9281}} {{CVE|CVE-2014-8986}} {{CVE|CVE-2014-9269}} {{CVE|CVE-2014-9280}} {{CVE|CVE-2014-9089}} {{CVE|CVE-2014-9279}} {{CVE|CVE-2014-8988}} {{CVE|CVE-2014-8553}} {{CVE|CVE-2014-6387}} {{CVE|CVE-2014-6316}} {{CVE|CVE-2014-9117}} [https://www.mantisbt.org/bugs/view.php?id=17841 templink] [https://www.mantisbt.org/bugs/view.php?id=17811 templink] [http://seclists.org/oss-sec/2014/q4/955 templink] || {{pkg|mantisbt}} || 2014-11-25 || <= 1.2.17-4 || 1.2.18-1 || 13d || Fixed ({{bug|42920}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000164.html ASA-201412-6]<br />
|-<br />
| {{CVE|CVE-2014-9090}} [https://marc.info/?l=oss-security&m=141698775601426&w=2 templink] || {{pkg|linux}} {{pkg|linux-lts}} || 2014-11-26 || <= 3.18-rc6 || 3.19 || - || Not Affected || None<br />
|-<br />
| {{CVE|CVE-2014-9018}} {{CVE|CVE-2014-9091}} [http://seclists.org/oss-sec/2014/q4/694 templink] || {{pkg|icecast}} || 2014-11-20 || <= 2.4.0-1 || 2.4.1-1 || 8d || Fixed ({{bug|42912}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000157.html ASA-201411-32]<br />
|-<br />
| {{CVE|CVE-2014-8964}} [http://bugs.exim.org/show_bug.cgi?id=1546 templink] || {{pkg|pcre}} || 2014-11-18 || <= 8.36-1 || 8.36-2 || 8d || Fixed ({{bug|42860}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000154.html ASA-201411-29]<br />
|-<br />
| {{CVE|CVE-2014-8962}} {{CVE|CVE-2014-9028}} [http://www.ocert.org/advisories/ocert-2014-008.html templink] || {{pkg|flac}} || 2014-11-25 || <= 1.3.0-4 || 1.3.0-5 || < 1d || Fixed ({{bug|42898}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000155.html ASA-201411-30]<br />
|-<br />
| {{CVE|CVE-2014-7899}} {{CVE|CVE-2014-7900}} {{CVE|CVE-2014-7901}} {{CVE|CVE-2014-7902}} {{CVE|CVE-2014-7903}} {{CVE|CVE-2014-7904}} {{CVE|CVE-2014-7906}} {{CVE|CVE-2014-7907}} {{CVE|CVE-2014-7908}} {{CVE|CVE-2014-7909}} {{CVE|CVE-2014-7910}} [http://googlechromereleases.blogspot.in/2014/11/stable-channel-update_18.html templink] || {{pkg|chromium}} || 2014-11-20 || <= 38.0.2125.122-1 || 39.0.2171.65-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000151.html ASA-201411-26]<br />
|-<br />
| {{CVE|CVE-2014-9015}} {{CVE|CVE-2014-9016}} [http://seclists.org/oss-sec/2014/q4/697 templink] || {{pkg|drupal}} || 2014-11-19 || <= 7.33-1 || 7.34-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000150.html ASA-201411-25]<br />
|-<br />
| {{CVE|CVE-2013-6497}} [http://seclists.org/oss-sec/2014/q4/673 templink] || {{pkg|clamav}} || 2014-11-18 || <= 0.98.4-1 || 0.98.5-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000146.html ASA-201411-21]<br />
|-<br />
| {{CVE|CVE-2014-7817}} [https://sourceware.org/bugzilla/show_bug.cgi?id=17625 templink] || {{pkg|glibc}} {{pkg|lib32-glibc}} || 2014-11-19 || <= 2.20-2 || 2.20.3 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000152.html ASA-201411-27]<br />
|-<br />
| {{CVE|CVE-2014-8600}} [https://www.kde.org/info/security/advisory-20141113-1.txt templink] || {{pkg|kwebkitpart}} || 2014-11-18 || <= 1.3.4-2 || 1.3.4-3 || 4d || Fixed ({{bug|44170}} {{bug|42775}}) || None<br />
|-<br />
| {{CVE|CVE-2014-8767}} {{CVE|CVE-2014-8768}} {{CVE|CVE-2014-8769}} {{CVE|CVE-2014-9140}} {{CVE|CVE-2015-0261}} {{CVE|CVE-2015-2153}} {{CVE|CVE-2015-2154}} {{CVE|CVE-2015-2155}} [http://www.securityfocus.com/archive/1/534011/30/0/threaded templink] [http://www.securityfocus.com/archive/1/534010/30/0/threaded templink] [http://www.securityfocus.com/archive/1/534009/30/0/threaded templink] [https://github.com/the-tcpdump-group/tcpdump/commit/0f95d441e4b5d7512cc5c326c8668a120e048eda templink] || {{pkg|tcpdump}} || 2014-11-18 || <= 4.6.2-1 || 4.7.3-1 || 88d || Fixed ({{bug|44153}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000261.html ASA-201503-20]<br />
|-<br />
| {{CVE|CVE-2014-8090}} || {{pkg|ruby}} || 2014-11-13 || <= 2.1.4-1 || 2.1.5-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000141.html ASA-201411-16]<br />
|-<br />
| {{CVE|CVE-2014-7823}} || {{pkg|libvirt}} || 2014-11-13 || <= 1.2.10-1 ||1.2.11-1 ||33d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-8710}} {{CVE|CVE-2014-8711}} {{CVE|CVE-2014-8712}} {{CVE|CVE-2014-8713}} {{CVE|CVE-2014-8714}} [https://www.wireshark.org/security/wnpa-sec-2014-20.html templink] [https://www.wireshark.org/security/wnpa-sec-2014-21.html templink] [https://www.wireshark.org/security/wnpa-sec-2014-22.html templink] || {{pkg|wireshark-cli}} {{pkg|wireshark-gtk}} {{pkg|wireshark-qt}} || 2014-11-13 || <= 1.12.1-1 || 1.12.2-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000147.html ASA-201411-22] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000148.html ASA-201411-23] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000149.html ASA-201411-24]<br />
|-<br />
| {{CVE|CVE-2014-0573}} {{CVE|CVE-2014-0574}} {{CVE|CVE-2014-0576}} {{CVE|CVE-2014-0577}} {{CVE|CVE-2014-0581}} {{CVE|CVE-2014-0582}} {{CVE|CVE-2014-0583}} {{CVE|CVE-2014-0584}} {{CVE|CVE-2014-0585}} {{CVE|CVE-2014-0586}} {{CVE|CVE-2014-0588}} {{CVE|CVE-2014-0589}} {{CVE|CVE-2014-0590}} {{CVE|CVE-2014-8437}} {{CVE|CVE-2014-8438}} {{CVE|CVE-2014-8440}} {{CVE|CVE-2014-8441}} {{CVE|CVE-2014-8442}} [https://helpx.adobe.com/security/products/flash-player/apsb14-24.html templink] || {{pkg|flashplugin}} || 2014-11-11 || <= 11.2.202.411-1 || 11.2.202.418-1 || <1d || Fixed ({{bug|42769}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000136.html ASA-201411-11]<br />
|-<br />
| {{CVE|CVE-2014-3710}} [https://bugzilla.redhat.com/show_bug.cgi?id=1155071 templink] || {{pkg|php}} || 2014-10-29 || <= 5.6.2-2 || 5.6.3-1 || 14d || Fixed ({{bug|42764}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000138.html ASA-201411-13]<br />
|-<br />
| {{CVE|CVE-2014-8564}} [http://www.gnutls.org/security.html#GNUTLS-SA-2014-5 templink]|| {{pkg|gnutls}} || 2014-11-10 || <= 3.3.9-1 ||3.3.10-1 ||<1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000135.html ASA-201411-10]<br />
|-<br />
| {{CVE|CVE-2014-8716}} [http://seclists.org/oss-sec/2014/q4/591 templink]|| {{pkg|imagemagick}} || 2014-11-12 || <= 6.8.9.9-1 || 6.8.9.10-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000137.html ASA-201411-12]<br />
|-<br />
| {{CVE|CVE-2014-3710}} [https://bugzilla.redhat.com/show_bug.cgi?id=1155071 templink] || {{pkg|file}} || 2014-10-29 || <= 5.20-1 || 5.20-2 || 12d || Fixed ({{bug|42759}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000134.html ASA-201411-9]<br />
|-<br />
| {{CVE|CVE-2014-1569}} [https://bugzilla.mozilla.org/show_bug.cgi?id=1064670 templink] || {{pkg|nss}} || 2014-11-07 || <= 3.17.2-1 || 3.17.3-1 || 22d || Fixed ({{bug|42760}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000176.html ASA-201412-18]<br />
|-<br />
| {{CVE|CVE-2014-7824}} [http://www.openwall.com/lists/oss-security/2014/11/10/2 templink] || {{pkg|dbus}} || 2014-11-10 || <= 1.8.8-1 || 1.8.10-1 || 14d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000153.html ASA-201411-28]<br />
|-<br />
| {{CVE|CVE-2014-8598}} {{CVE|CVE-2014-7146}} [http://www.openwall.com/lists/oss-security/2014/11/07/27 templink] [http://www.openwall.com/lists/oss-security/2014/11/07/28 templink]|| {{pkg|mantisbt}} || 2014-11-08 || <= 1.2.17-3 || 1.2.17-4 || <4d || Fixed ({{bug|42761}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000133.html ASA-201411-8]<br />
|-<br />
| {{CVE|CVE-2014-8483}} [https://www.kde.org/info/security/advisory-20141104-1.txt templink] || {{pkg|konversation}} || 2014-11-04 || <= 1.5-1 || 1.5.1-1 || <4d || Fixed ({{bug|42698}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000130.html ASA-201411-5]<br />
|-<br />
| {{CVE|CVE-2014-3707}} [http://curl.haxx.se/docs/adv_20141105.html templink]|| {{pkg|curl}} || 2014-11-05 || <= 7.38.0-3 || 7.39.0-1 || 6d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000132.html ASA-201411-7]<br />
|-<br />
| {{CVE|CVE-2014-8651}} [http://seclists.org/oss-sec/2014/q4/520 templink]|| {{pkg|kdebase-workspace}} || 2014-11-04 || <= 4.11.13-1 || 4.11.13-2 || 6d || Fixed ({{bug|42679}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000131.html ASA-201411-6]<br />
|-<br />
| {{CVE|CVE-2014-8627}} {{CVE|CVE-2014-8628}} [http://www.openwall.com/lists/oss-security/2014/11/04/6 templink]|| {{pkg|polarssl}} || 2014-10-23 || <= 1.3.8-3 || 1.3.9-1 || 11d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000129.html ASA-201411-4]<br />
|-<br />
| {{CVE|CVE-2014-8321}} {{CVE|CVE-2014-8322}} {{CVE|CVE-2014-8323}} {{CVE|CVE-2014-8324}} [http://www.securityfocus.com/archive/1/533869/30/0/threaded templink]|| {{pkg|aircrack-ng}} || 2014-11-02 || <= 1.2beta3-1 || 1.2rc1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000127.html ASA-201411-2]<br />
|-<br />
| {{CVE|CVE-2014-8554}} [http://www.openwall.com/lists/oss-security/2014/10/30/9 templink]|| {{pkg|mantisbt}} || 2014-10-30 || <= 1.2.17-2 || 1.2.17-3 || 5d || Fixed ({{bug|42683}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000128.html ASA-201411-3]<br />
|-<br />
| {{CVE|CVE-2014-8354}} {{CVE|CVE-2014-8355}} {{CVE|CVE-2014-8561}} {{CVE|CVE-2014-8562}} [http://seclists.org/oss-sec/2014/q4/466 templink]|| {{pkg|imagemagick}} || 2014-10-29 || <= 6.8.9.8-1 || 6.8.9.9-1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-8517}} [http://seclists.org/oss-sec/2014/q4/459 templink]|| {{pkg|tnftp}} || 2014-10-28 || <= 20130505-2 || 20141031-1 || 4d || Fixed ({{bug|42646}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000126.html ASA-201411-1]<br />
|-<br />
| {{CVE|CVE-2014-4877}} [http://git.savannah.gnu.org/cgit/wget.git/commit/?id=18b0979357ed7dc4e11d4f2b1d7e0f5932d82aa7 templink]|| {{pkg|wget}} || 2014-10-27 || <= 1.15-1 || 1.16-1 || <2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000125.html ASA-201410-14]<br />
|-<br />
| {{CVE|CVE-2014-8484}} {{CVE|CVE-2014-8485}} {{CVE|CVE-2014-8501}} {{CVE|CVE-2014-8502}} {{CVE|CVE-2014-8503}} {{CVE|CVE-2014-8504}} {{CVE|CVE-2014-8737}} {{CVE|CVE-2014-8738}} [http://seclists.org/oss-sec/2014/q4/424 templink] [http://seclists.org/oss-sec/2014/q4/599 tmplink] [http://seclists.org/oss-sec/2014/q4/600 templink] || {{pkg|avr-binutils}} || 2014-10-23 || <= 2.24-2 || 2.24-3 || 27d || Fixed ({{bug|42773}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000145.html ASA-201411-20]<br />
|-<br />
| {{CVE|CVE-2014-8484}} {{CVE|CVE-2014-8485}} {{CVE|CVE-2014-8501}} {{CVE|CVE-2014-8502}} {{CVE|CVE-2014-8503}} {{CVE|CVE-2014-8504}} {{CVE|CVE-2014-8737}} {{CVE|CVE-2014-8738}} [http://seclists.org/oss-sec/2014/q4/424 templink] [http://seclists.org/oss-sec/2014/q4/599 tmplink] [http://seclists.org/oss-sec/2014/q4/600 templink] || {{pkg|mingw-w64-binutils}} || 2014-10-23 || <= 2.24-1 || 2.24-2 || 26d || Fixed ({{bug|42773}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000144.html ASA-201411-19]<br />
|-<br />
| {{CVE|CVE-2014-8484}} {{CVE|CVE-2014-8485}} {{CVE|CVE-2014-8501}} {{CVE|CVE-2014-8502}} {{CVE|CVE-2014-8503}} {{CVE|CVE-2014-8504}} {{CVE|CVE-2014-8737}} {{CVE|CVE-2014-8738}} [http://seclists.org/oss-sec/2014/q4/424 templink] [http://seclists.org/oss-sec/2014/q4/599 tmplink] [http://seclists.org/oss-sec/2014/q4/600 templink] || {{pkg|arm-none-eabi-binutils}} || 2014-10-23 || <= 2.24-2 || 2.24-3 || 26d || Fixed ({{bug|42773}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000143.html ASA-201411-18]<br />
|-<br />
| {{CVE|CVE-2014-8484}} {{CVE|CVE-2014-8485}} {{CVE|CVE-2014-8501}} {{CVE|CVE-2014-8502}} {{CVE|CVE-2014-8503}} {{CVE|CVE-2014-8504}} {{CVE|CVE-2014-8737}} {{CVE|CVE-2014-8738}} [http://seclists.org/oss-sec/2014/q4/424 templink] [http://seclists.org/oss-sec/2014/q4/599 tmplink] [http://seclists.org/oss-sec/2014/q4/600 templink] || {{pkg|binutils}} || 2014-10-23 || <= 2.24-7 || 2.24-8 || 26d || Fixed ({{bug|42773}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000142.html ASA-201411-17]<br />
|-<br />
| {{CVE|CVE-2014-8559}} [http://www.openwall.com/lists/oss-security/2014/10/30/7 templink] || {{pkg|linux}}, {{pkg|linux-lts}} || 2014-10-30 || <= 3.17.3-1, <= 3.14.24-1 ||3.17.4-1 3.14.25-1 || ~23d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-3610}} {{CVE|CVE-2014-3611}} {{CVE|CVE-2014-3646}} {{CVE|CVE-2014-3647}} {{CVE|CVE-2014-7825}} {{CVE|CVE-2014-7826}} {{CVE|CVE-2014-8369}} [http://permalink.gmane.org/gmane.comp.security.oss.general/14526 templink] [http://seclists.org/oss-sec/2014/q4/548 templink] || {{pkg|linux}}, {{pkg|linux-lts}} || 2014-10-21 || <= 3.17.2-1, <= 3.14.23-1 || 3.17.3-1, 3.14.24-1 || || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000139.html ASA-201411-14] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000140.html ASA-201411-15]<br />
|-<br />
| {{CVE|CVE-2014-8480}} {{CVE|CVE-2014-8481}} [http://permalink.gmane.org/gmane.comp.security.oss.general/14526 templink] || {{pkg|linux}} || 2014-10-21 || <= 3.17.2-1 || 3.17.3-1 || || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000139.html ASA-201411-14]<br />
|-<br />
| {{CVE|CVE-2014-3695}} {{CVE|CVE-2014-3696}} {{CVE|CVE-2014-3698}} [https://pidgin.im/news/security/ templink] || {{pkg|libpurple}} || 2014-10-22 || <= 2.10.9-2 || 2.10.10-1 || < 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000120.html ASA-201410-9]<br />
|-<br />
| {{CVE|CVE-2014-8760}} || {{pkg|ejabberd}} || 2014-10-13 || <= 14.07-1 || 14.07-2 || 14d || Fixed ({{bug|42541}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000124.html ASA-201410-13]<br />
|-<br />
| {{CVE|CVE-2014-3686}} || {{pkg|wpa_supplicant}}, {{pkg|hostapd}} || 2014-10-09 || <= 2.2-2 || 2.3-1 || ~10d || Fixed ({{bug|42401}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000119.html ASA-201410-8]<br />
|-<br />
| {{CVE|CVE-2014-0191}} {{CVE|CVE-2014-3660}} || {{pkg|libxml2}} || 2014-10-16 || <= 2.9.1-5 || 2.9.2-1 || 8d || Fixed ({{bug|40790}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000123.html ASA-201410-12]<br />
|-<br />
| {{CVE|CVE-2014-3704}} [https://www.drupal.org/SA-CORE-2014-005 templink] || {{pkg|drupal}} || 2014-10-15 || <= 7.31-2 || 7.32-1 || 1d || Fixed ({{bug|42388}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000118.html ASA-201410-7]<br />
|-<br />
| {{CVE|CVE-2014-3513}} {{CVE|CVE-2014-3566}} {{CVE|CVE-2014-3567}} {{CVE|CVE-2014-3568}} [https://www.openssl.org/news/secadv_20141015.txt templink] [https://www.openssl.org/~bodo/ssl-poodle.pdf temp link] || {{pkg|openssl}} || 2014-10-15 || <= 1.0.1.i-1 || 1.0.1.j-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000117.html ASA-201410-6]<br />
|-<br />
| {{CVE|CVE-2014-8242}} [http://www.openwall.com/lists/oss-security/2014/10/13/2 temp link] || {{pkg|librsync}} || 2014-10-12 || <= 0.9.7-7 || 1.0.0-1 || 166d || Fixed ({{bug|44175}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000251.html ASA-201503-10]<br />
|-<br />
| {{CVE|CVE-2014-7203}} {{CVE|CVE-2014-7202}} [http://seclists.org/oss-sec/2014/q3/776 temp link] || {{pkg|zeromq}} || 2014-09-27 || <= 4.0.4-4 || 4.0.5-1 || 18d || Fixed ({{bug|42381}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000116.html ASA-201410-4]<br />
|-<br />
| {{CVE|CVE-2014-6051}} {{CVE|CVE-2014-6052}} {{CVE|CVE-2014-6053}} {{CVE|CVE-2014-6054}} {{CVE|CVE-2014-6055}} [http://seclists.org/oss-sec/2014/q3/639 temp link] || {{pkg|libvncserver}} || 2014-09-23 || <= 0.9.9-3 || 0.9.10-1 || 31d || Fixed ({{bug|42321}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000121.html ASA-201410-10]<br />
|-<br />
| {{CVE|CVE-2014-3683}} [http://www.rsyslog.com/remote-syslog-pri-vulnerability-cve-2014-3683/ temp link] || {{pkg|rsyslog}} || 2014-10-02 || <= 8.4.1-1 || 8.4.2-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000115.html ASA-201410-5]<br />
|-<br />
| {{CVE|CVE-2014-7204}} [http://seclists.org/oss-sec/2014/q3/842 temp link] || {{pkg|ctags}} || 2014-09-29 || <= 5.8-4 || 5.8-5 || 26d || Fixed ({{bug|42246}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000122.html ASA-201410-11]<br />
|-<br />
| {{CVE|CVE-2014-7295}} [https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-October/000163.html temp link] || {{pkg|mediawiki}} || 2014-10-02 || <= 1.23.4-1 || 1.23.5-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000114.html ASA-201410-3]<br />
|-<br />
| {{CVE|CVE-2014-3661}} {{CVE|CVE-2014-3662}} {{CVE|CVE-2014-3663}} {{CVE|CVE-2014-3664}} {{CVE|CVE-2014-3680}} {{CVE|CVE-2014-3681}} {{CVE|CVE-2014-3666}} {{CVE|CVE-2014-3667}} {{CVE|CVE-2013-2186}} {{CVE|CVE-2014-1869}} {{CVE|CVE-2014-3678}} {{CVE|CVE-2014-3679}} [https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01 temp link] || {{pkg|jenkins}} || 2014-10-01 || <= 1.582-1 || 1.583-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000113.html ASA-201410-2]<br />
|-<br />
| {{CVE|CVE-2014-3634}} [http://www.rsyslog.com/remote-syslog-pri-vulnerability/ temp link] || {{pkg|rsyslog}} || 2014-09-30 || <= 8.4.0-1 || 8.4.1-1 || 1d || Fixed ({{bug|42200}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000112.html ASA-201410-1]<br />
|-<br />
| {{CVE|CVE-2014-3657}} {{CVE|CVE-2014-3633}} [https://www.debian.org/security/2014/dsa-3038 temp link] || {{pkg|libvirt}} || 2014-09-26 || <= 1.2.8-1 || 1.2.8-2 || 3d || Fixed ({{bug|42159}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-September/000111.html ASA-201409-5]<br />
|-<br />
| {{CVE|CVE-2014-7199}} [https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-September/000161.html temp link] || {{pkg|mediawiki}} || 2014-09-24 || <= 1.23.3-1 || 1.23.4-1 || 5d || Fixed ({{bug|42161}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-September/000109.html ASA-201409-4]<br />
|-<br />
| {{CVE|CVE-2014-7185}} [http://bugs.python.org/issue21831 temp link] || {{pkg|python2}} || 2014-09-24 || < 2.7.8 || 2.7.8-1 || < 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-September/000102.html ASA-201409-3]<br />
|-<br />
| {{CVE|CVE-2014-1568}} [https://www.mozilla.org/security/announce/2014/mfsa2014-73.html temp link] || {{pkg|nss}} || 2014-09-24 || < 3.17.1 || 3.17.1-1 || < 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-September/000097.html ASA-201409-1]<br />
|-<br />
| {{CVE|CVE-2014-6271}} {{CVE|CVE-2014-7169}} {{CVE|CVE-2014-7186}} {{CVE|CVE-2014-7187}} {{CVE|CVE-2014-6277}} {{CVE|CVE-2014-6278}} [http://seclists.org/oss-sec/2014/q3/649 temp link] || {{pkg|bash}} || 2014-09-24 || <= 4.3.024-1 || 4.3.026-1 || 2d || Fixed ({{bug|42109}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-September/000099.html ASA-201409-2]<br />
|-<br />
| {{CVE|CVE-2014-3635}} {{CVE|CVE-2014-3636}} {{CVE|CVE-2014-3637}} {{CVE|CVE-2014-3638}} {{CVE|CVE-2014-3639}} [http://www.openwall.com/lists/oss-security/2014/09/16/9 temp link] || {{pkg|dbus}} {{pkg|libdbus}} {{pkg|lib32-libdbus}} || 2014-09-16 || < 1.8.8 || 1.8.8-1 || 1d || Fixed ({{bug|41993}}) || None<br />
|-<br />
| {{CVE|CVE-2014-3613}} {{CVE|CVE-2014-3620}} [http://curl.haxx.se/docs/security.html temp link] || {{pkg|curl}} {{pkg|lib32-curl}}|| 2014-09-10 || < 7.38.0 || 7.38.0-1 || 5d ({{pkg|curl}}), 7d ({{pkg|lib32-curl}}) || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-3609}} [http://www.squid-cache.org/Advisories/SQUID-2014_2.txt temp link] || {{pkg|squid}} || 2014-08-28 || < 3.4.7 || 3.4.7-1 || < 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-5119}} [https://sourceware.org/bugzilla/show_bug.cgi?id=17187 temp link] || {{pkg|glibc}} || 2014-07-21 || <= 2.19 || 2.20-2 || 55d || Fixed ({{bug|41713}}) || None<br />
|-<br />
| {{CVE|CVE-2014-3508}} {{CVE|CVE-2014-5139}} {{CVE|CVE-2014-3509}} {{CVE|CVE-2014-3505}} {{CVE|CVE-2014-3506}} {{CVE|CVE-2014-3507}} {{CVE|CVE-2014-3510}} {{CVE|CVE-2014-3511}} {{CVE|CVE-2014-3512}} [https://www.openssl.org/news/secadv_20140806.txt temp link] || {{pkg|openssl}} || 2014-08-06 || < 1.0.1.i || 1.0.1.i-1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0226}} [http://www.zerodayinitiative.com/advisories/ZDI-14-236/ temp link] || {{pkg|apache}} || 2014-07-15 || < 2.4.10 || 2.4.10-1 || ~7d || Fixed ({{bug|41244}}) || None<br />
|-<br />
| {{CVE|CVE-2014-4943}} [http://www.openwall.com/lists/oss-security/2014/07/17/1 temp link] || {{pkg|linux}}, {{pkg|linux-lts}}, {{pkg|linux-grsec}} || 2014-07-16 || || 3.15.5.201407170639-1 {{pkg|linux-grsec}}, 3.14.16 ({{pkg|linux-lts}}), 3.16 ({{pkg|linux}}) || 1d ({{pkg|linux-grsec}}), 23d ({{pkg|linux-lts}}), 27d {{pkg|linux}} || Fixed in {{pkg|linux}}, {{pkg|linux-lts}} ({{bug|41231}}), Fixed in {{pkg|linux-grsec}} || None<br />
|-<br />
| {{CVE|CVE-2014-0475}} [http://www.openwall.com/lists/oss-security/2014/07/10/7 temp link] || {{pkg|glibc}} || 2014-07-10 || <=2.19 || 2.20-2 || 66d || Fixed ({{bug|41166}}) || None<br />
|-<br />
| {{CVE|CVE-2014-4699}} [http://www.openwall.com/lists/oss-security/2014/07/04/4 temp link] || {{Pkg|linux}}, {{pkg|linux-lts}}, {{pkg|linux-grsec}} || 2014-07-04 || || 3.15.3.201407060933-1 {{pkg|linux-grsec}}, 3.15.4-1 {{pkg|linux}}, 3.14.11-1 {{pkg|linux-lts}} || 2d ({{pkg|linux-grsec}}), 3d ({{pkg|linux}}, {{pkg|linux-lts}}) || Fixed ({{bug|41115}}) || None<br />
|-<br />
| {{CVE|CVE-2014-4715}} [http://www.openwall.com/lists/oss-security/2014/07/02/13 temp link] || {{Pkg|lz4}} || 2014-07-02 || || 119-1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-4611}} [http://www.openwall.com/lists/oss-security/2014/06/26/25 temp link] || {{Pkg|linux}}, {{pkg|linux-grsec}}, {{pkg|lz4}} || 2014-06-26 || || 3.15.2-1 ({{pkg|linux}}), 3.15.2.201406262058-1 ({{pkg|linux-grsec}}), 118-1 {{pkg|lz4}} || <1d ({{pkg|linux}}, {{pkg|linux-grsec}}, {{pkg|lz4}}) || Fixed in {{pkg|linux}} ({{bug|40992}}), Fixed in {{pkg|linux-grsec}}, Fixed in {{pkg|lz4}} ({{bug|40997}}) || None<br />
|-<br />
| {{CVE|CVE-2014-4610}} [http://www.openwall.com/lists/oss-security/2014/06/26/23 temp link] || {{Pkg|ffmpeg}} || 2014-06-26 || || 1:2.2.4-1 || <2d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-4609}} [http://www.openwall.com/lists/oss-security/2014/06/26/22 temp link] || {{Pkg|gst-libav}} || 2014-06-26 || 1.2.4-1 || 1.2.4-2 (with libav 9.14) || 2d || Fixed ({{bug|40995}}) || None<br />
|-<br />
| {{CVE|CVE-2014-4608}} [http://www.openwall.com/lists/oss-security/2014/06/26/21 temp link] || {{Pkg|linux}}, {{pkg|linux-lts}}, {{pkg|linux-grsec}} || 2014-06-26 || || 3.15.2-1 ({{pkg|linux}}), 3.10.45-1 ({{pkg|linux-lts}}), 3.15.2.201406262058-1 ({{pkg|linux-grsec}}) || <1d ({{pkg|linux}}, {{pkg|linux-lts}}, {{pkg|linux-grsec}}) || Fixed in {{pkg|linux}} and {{pkg|linux-lts}} ({{bug|40992}}), Fixed in {{pkg|linux-grsec}} || None<br />
|-<br />
| {{CVE|CVE-2014-4607}} [http://www.openwall.com/lists/oss-security/2014/06/26/20 temp link] || {{Pkg|lzo2}} || 2014-06-26 || || 2.07-2 || 3d || Fixed ({{bug|40993}}) || None<br />
|-<br />
| {{CVE|CVE-2014-4617}} [http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000345.html temp link] || {{Pkg|gnupg}} || 2014-06-24 || < 2.0.24 || 2.0.24 || 7d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0244}} {{CVE|CVE-2014-3493}} [https://www.samba.org/samba/history/samba-4.1.9.html temp link] || {{Pkg|samba}} || 2014-06-23 || < 4.1.9 || 4.1.9 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1545}} [https://www.mozilla.org/security/announce/2014/mfsa2014-55.html temp link] || {{Pkg|nspr}} || 2014-06-10 || < 4.10.6 || 4.10.6 || ~1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-3859}} || {{Pkg|bind}} || 2014-06-11 || 9.10.0, 9.10.0-P1 || 9.10.0-P2 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-3477}} || {{Pkg|dbus}} || 2014-06-10 || <= 1.8.2 || 1.8.4 || 3d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0195}} {{CVE|CVE-2014-0198}} {{CVE|CVE-2010-5298}} {{CVE|CVE-2014-3470}} {{CVE|CVE-2014-0224}} {{CVE|CVE-2014-0221}} [http://www.openssl.org/news/secadv_20140605.txt temp link] || {{Pkg|openssl}} || 2014-06-05 || 1.0.1 - 1.0.1g || 1.0.1h || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-3153}} [http://seclists.org/oss-sec/2014/q2/467 temp link]|| {{Pkg|linux}}, {{pkg|linux-lts}}, {{Pkg|linux-grsec}} || 2014-06-05 || ? || 3.14.6 ({{pkg|linux}}), 3.10.42-1 ({{pkg|linux-lts}}), 3.14.5.201406051310-1 ({{pkg|linux-grsec}})|| 3d ({{pkg|linux}}, {{pkg|linux-lts}}), <1d ({{pkg|linux-grsec}}) || Fixed in {{pkg|linux}} ({{bug|40715}}), Fixed in {{pkg|linux-lts}}, Fixed in {{pkg|linux-grsec}} || None<br />
|-<br />
| {{CVE|CVE-2014-3466}} [https://bugzilla.redhat.com/show_bug.cgi?id=1101932 temp link]|| {{Pkg|gnutls}} || 2014-05-30 || < 3.3.3 || 3.3.3 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0209}} {{CVE|CVE-2014-0210}} {{CVE|CVE-2014-0211}}|| {{Pkg|libxfont}} || 2014-05-13 || < 1.4.18 || 1.4.18 || 3d || Fixed ({{Bug|40409 }}) || None<br />
|-<br />
| {{CVE|CVE-2014-0196}} [https://bugzilla.redhat.com/show_bug.cgi?id=1094232 temp-link] || {{Pkg|linux}}, {{Pkg|linux-lts}}, {{pkg|linux-grsec}} || 2014-05-05 || 2.6.31 - 3.14 || 3.14.3-2 ({{pkg|linux}}), 3.10.39-2 ({{pkg|linux-lts}}), 3.14.3.201405121814-1 ({{pkg|linux-grsec}}) || 7d ({{pkg|linux}}), 8d {{pkg|linux-lts}}, <1d ({{pkg|linux-grsec}}) || Fixed in {{pkg|linux}} ({{Bug|40232}}), Fixed in {{pkg|linux-lts}}, Fixed in {{pkg|linux-grsec}} || None<br />
|-<br />
| {{CVE|CVE-2014-2905}} {{CVE|CVE-2014-2906}} {{CVE|CVE-2014-2914}} [https://bugzilla.redhat.com/show_bug.cgi?id=1092091 temp-link] || {{Pkg|fish}} || 2014-04-28 || 1.16.0 - 2.1.0 || 2.2.1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0160}} || {{Pkg|openssl}} || 2014-04-07 || 1.0.1 - 1.0.1f || 1.0.1g || ~1d || Fixed ({{Bug|39775}}) || None<br />
|-<br />
| {{CVE|CVE-2014-1700}} {{CVE|CVE-2014-1701}} {{CVE|CVE-2014-1702}} {{CVE|CVE-2014-1703}} {{CVE|CVE-2014-1704}} {{CVE|CVE-2014-1705}} {{CVE|CVE-2014-1713}} {{CVE|CVE-2014-1715}} || {{Pkg|chromium}} {{Pkg|v8}} || 2014-03-11 || 32 || 33 || 4d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0098}} {{CVE|CVE-2013-6438}}|| {{Pkg|apache}} || 2014-03-17 || 2.4.8 || 2.4.9 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1492}} || {{Pkg|nss}} || 2014-03-18 || 3.15.5 || 3.16 || 22d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1493}} {{CVE|CVE-2014-1494}} {{CVE|CVE-2014-1497}} {{CVE|CVE-2014-1498}} {{CVE|CVE-2014-1499}} {{CVE|CVE-2014-1500}} {{CVE|CVE-2014-1502}} {{CVE|CVE-2014-1504}} {{CVE|CVE-2014-1505}} {{CVE|CVE-2014-1508}} {{CVE|CVE-2014-1509}} {{CVE|CVE-2014-1510}} {{CVE|CVE-2014-1511}} {{CVE|CVE-2014-1512}} {{CVE|CVE-2014-1513}} {{CVE|CVE-2014-1514}} || {{Pkg|firefox}} {{Pkg|thunderbird}} || 2014-03-18 || 27 || 28 || 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-2240}} {{CVE|CVE-2014-2241}}|| {{Pkg|freetype2}} || ? || 2.5.2 || 2.5.3 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-2029}}|| {{Pkg|xtrabackup}} || 2014-02-16 || 2.1.7 || 2.1.8 || 28d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1958}} {{CVE|CVE-2014-2030}}|| {{Pkg|imagemagick}} || ? || ? || 6.8.8.9-1 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1943}} {{CVE|CVE-2014-2270}}|| {{Pkg|php}} || 2014-03-06 || 5.5.9 || 5.5.110 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0404}} {{CVE|CVE-2014-0406}} {{CVE|CVE-2014-0407}} || {{Pkg|virtualbox}} || 2014-02-28 || 4.3.4 || 4.3.6 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-2323}} {{CVE|CVE-2014-2324}} || {{Pkg|lighttpd}} || 2014-03-12 || 1.4.34 || 1.4.35 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0333}} || {{Pkg|libpng}} || 2014-02-28 || 1.6.9 || 1.6.10 || 9d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0017}} || {{Pkg|libssh}} || 2014-03-04 || ? || 0.5.5-3 || 5d || Fixed || None<br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/628 CVE-2013-7339] || {{Pkg|linux}} || 2014-03-20 || < 3.5.7.29 || 3.5.7.29 || 0d || Fixed || None<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2568 CVE-2014-2568] || {{Pkg|linux}} || 2014-03-18 || ? || ? || ? || Not Affected ({{Bug|39566}}) ||<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2524 CVE-2014-2524] || {{Pkg|tigervnc}} || 2014-03-19 || ? || 1.3.1 || 1d || Fixed || None<br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/595 CVE-2013-7338] || {{Pkg|python}} || 2014-03-19 || 3.4beta || 3.4 || ? || Fixed ({{Bug|39540}}) || None<br />
|-<br />
| [http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html CVE-2014-0133 ] || {{Pkg|nginx}} || 2014-03-18 || ? || 1.4.7 || 0d || Fixed || None<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2013-7336 CVE-2013-7336 ] || {{Pkg|libvirt}} || 2013-09-19 || ? || 1.1.1-7 (in RHEL 7) || 0d || Fixed || None<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2523 CVE-2014-2523 ] || {{Pkg|linux}} || 2014-03-17 || ? || 3.13-rc5 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0004}} || {{Pkg|udisks2}} & {{Pkg|udisks}} || 2014-03-10 || 2.1.3 / 1.0.5 || 2.1.3 / 1.0.5 || 3d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-2281}} {{CVE|CVE-2014-2282}} {{CVE|CVE-2014-2283}} {{CVE|CVE-2014-2299}} || {{Pkg|wireshark-cli}} || 2014-03-10 || 1.10.6 || 1.10.6 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0050}} || {{Pkg|tomcat7}} || 2014-02-06 || 7.0.51 || 7.0.51 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0033}} || {{Pkg|tomcat6}} || 2014-01-10 || 6.0.37 || 6.0.37 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0032}} || {{Pkg|subversion}} || 2014-01-10 || 1.8.6 || 1.8.6 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0060}} {{CVE|CVE-2014-0061}} {{CVE|CVE-2014-0062}} {{CVE|CVE-2014-0063}} {{CVE|CVE-2014-0064}} {{CVE|CVE-2014-0065}} {{CVE|CVE-2014-0066}} {{CVE|CVE-2014-0067}} || {{Pkg|postgresql}} || 2014-02-20 || <=9.3.3 || 9.3.3-1 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1912}} || {{Pkg|python}} {{Pkg|python2}} || 2014-02-07 || ? || 2.7.6-3 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2013-4496}} {{CVE|CVE-2013-6442}} || {{Pkg|samba}} || 2014-03-14 || ? || 4.1.6 || 2d || Fixed ({{Bug|39424}}) || None<br />
|-<br />
| {{CVE|CVE-2014-0504}} || {{Pkg|flashplugin}} || 2014-03-12 || ? || 11.2.202.346 || 1d || Fixed ({{Bug|39385}}) || None<br />
|-<br />
| {{CVE|CVE-2014-0106}} || {{Pkg|sudo}} || || 1.8.9.p5 || 1.8.10 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-2285}} {{CVE|CVE-2014-2284}} || {{Pkg|net-snmp}} || 2014-03-05 || ? || 5.7.2.1-2 || 8d || Fixed ({{Bug|39190}}) || None<br />
|-<br />
| {{CVE|CVE-2014-0092}} || {{Pkg|gnutls}} || 2014-03-04 || <3.2.12 || 3.2.12-1 || 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-2242}} {{CVE|CVE-2014-2243}} {{CVE|CVE-2014-2244}} || {{Pkg|mediawiki}} || 2014-03-14 || <1.22.3 || 1.22.3 || 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-2093}} {{CVE|CVE-2014-2094}} {{CVE|CVE-2014-2095}} {{CVE|CVE-2014-2096}} || {{Pkg|catfish}} || 2014-02-25 || <1.0.1 || 1.0.1 || 8d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0497}} || {{Pkg|flashplugin}} || 2014-02-04 || ? || 11.2.202.346 || 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0015}} || {{Pkg|curl}} || 2014-01-29 || <7.35 || 7.35 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1610}} || {{Pkg|mediawiki}} || 2014-01-29 || <1.22.2 || 1.22.2 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0021}} || {{Pkg|chrony}} || 2014-01-17 || <1.29.1-1 || 1.29.1-1 || 14d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1875}} || {{Pkg|perl-capture-tiny}} || 2014-02-06 || ? || 0.24-1 || 4d || Fixed ({{Bug|38862}}) || None<br />
|-<br />
| {{CVE|CVE-2013-6493}} || {{Pkg|icedtea-web-java7}} || 2014-02-05 || <1.4.2 || 1.4.2 || 0d || Fixed || None<br />
|- <br />
| {{CVE|CVE-2014-1858}} {{CVE|CVE-2014-1859}} || {{Pkg|python-numpy}} || 2014-02-06 || ? || 1.8.0-2 || 4d || Fixed ({{Bug|38863}}) || None<br />
|-<br />
| {{CVE|CVE-2014-1932}} {{CVE|CVE-2014-1933}} || {{Pkg|python-pillow}} || 2014-02-10 || <2.3.1 || 2.3.1 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1935}} || {{Pkg|9base}} || 2014-02-10 || ? || ? || ? || ? ||<br />
|-<br />
| {{CVE|CVE-2014-1949}} [http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-1949.html temp link] || {{Pkg|cinnamon-screensaver}} || 2014-02-12 || 2.0.3 || ? || ? || ? ||<br />
|-<br />
| {{CVE|CVE-2014-1959}} || {{Pkg|gnutls}} || 2014-02-13 || <3.2.11 || 3.2.11 || 2d || Fixed || None<br />
|- <br />
| {{CVE|CVE-2014-1943}} {{CVE|CVE-2014-2270}} || {{Pkg|file}} || 2014-02-10 || <5.17 || 5.17-1 || 3d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0001}} {{CVE|CVE-2014-0412}} {{CVE|CVE-2014-0437}} {{CVE|CVE-2014-0420}} {{CVE|CVE-2014-0393}} {{CVE|CVE-2014-0386}} {{CVE|CVE-2014-0401}} {{CVE|CVE-2014-0402}} || {{Pkg|mariadb}} || 2014-01-31 || <5.5.35 || 5.5.35-1 || 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1447}} || {{Pkg|libvirt}} || 2014-01-16 || <1.2.1 || 1.2.1 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0979}} || lightdm-gtk* || 2014-01-07 || ? || ? || 25d || Fixed ({{Bug|38715}}) || None<br />
|-<br />
| {{CVE|CVE-2014-1475}} {{CVE|CVE-2014-1476}} || {{Pkg|drupal}} || 2014-01-15 || <7.26 || 7.26-1 || 12d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0019}} || {{Pkg|socat}} || 2014-01-29 || <1.7.2.3 || 1.7.2.3 || 0d || Fixed || None<br />
|- <br />
| {{CVE|CVE-2014-1838}} {{CVE|CVE-2014-1839}} || {{Pkg|python-logilab-common}} || 2014-01-31 || ? || ? || 3d || Fixed [https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737051] || None<br />
|-<br />
| {{CVE|CVE-2014-0368}} {{CVE|CVE-2014-0373}} {{CVE|CVE-2014-0376}} {{CVE|CVE-2014-0411}} {{CVE|CVE-2014-0416}} {{CVE|CVE-2014-0422}} {{CVE|CVE-2014-0423}} {{CVE|CVE-2014-0428}} || *-openjdk-* || 2014-01-15 || ? || ? || 2d || ? ||<br />
|-<br />
| {{CVE|CVE-2014-1402}} || {{Pkg|python-jinja}} || 2014-01-10 || <2.7.2 || 2.7.2 || 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2013-6462}} || {{Pkg|libxfont}} || 2014-01-07 || <1.4.7 || 1.4.7 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1235}} || {{Pkg|graphviz}} || 2014-01-07 || <2.36.0 || 2.34.0-3 || 3d || Fixed ({{Bug|38441}}) || None<br />
|-<br />
| {{CVE|CVE-2014-0978}} || {{Pkg|freerdp}} || 2014-01-10 || <1.0.2 || 1.0.2-5 || 67d || Fixed ({{Bug|38802}}) || None<br />
|-<br />
|}</div>
Anthraxx
https://wiki.archlinux.org/index.php?title=CVE&diff=454709
CVE
2016-10-21T14:27:38Z
<p>Anthraxx: adding linux-lts CVE</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Related articles start}}<br />
{{Related|Arch CVE Monitoring Team}}<br />
{{Related|Security Advisories}}<br />
{{Related|Security Advisories/Examples}}<br />
{{Related articles end}}<br />
This article documents [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's) that are found and fixed in Arch Linux. <br />
<br />
== Introduction ==<br />
<br />
CVE's represent critical security vulnerabilities which must be addressed as quickly as possible. <br />
<br />
Once a CVE has been located and fixed, it is added to the CVE documentation table below.<br />
<br />
== Helping ==<br />
<br />
This is a community driven project. Please consider joining the [[Arch CVE Monitoring Team]]. <br />
<br />
Also, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch security mailing list]. There is an IRC on irc://irc.freenode.net/archlinux-security.<br />
<br />
== Procedure ==<br />
<br />
When adding a CVE to the table, add it to the TOP of the table. Use Wiki markup to create links in the "CVE-ID", "Package", and "Status" columns. The following template may be used to ease the process of adding CVE entries into the table. The first line, "|-" represents the creation of a new row in the table, while the second line should be modified per CVE:<br />
<br />
{{hc|CVE Table Addition Template|<nowiki><br />
|-<br />
| {{CVE|CVE-2016-????}} || {{Pkg|pkgname}} || Disclosure date || Affected versions || Fixed in version || Arch Linux response time || Status(Fixed|Pending|Invalid) (Bug reports) || {{ASA|ASA-??????-??}}<br />
</nowiki>}}<br />
<br />
{{Note|<br />
* If the CVE is not found in [http://nvd.nist.gov/home.cfm NVD], just include a link to different database in the first column: {{ic|<nowiki>[http://link.to.cve CVE-2014-????]</nowiki>}}<br />
* The "Disclosure date" field should be expressed in [[Wikipedia:ISO 8601|ISO 8601 format]] to avoid any confusion. Example: 2014-03-22.<br />
* The "Arch Linux response time" field corresponds to the time between the public release of a vulnerability and the date the package update fixing the vulnerability is made available in the official stable repositories. The "Time really vulnerable" is potentially much lengthier but is harder to estimate.<br />
}}<br />
<br />
The above "CVE-template" should be added after the line:<br />
<br />
{{bc|<nowiki>! scope="col" width="125px" data-sort-type="text" | CVE-ID !! Package !! Disclosure date !! Affected versions !! Fixed in version !! Arch Linux response time !! Status (and related bug reports) !! ASA-ID</nowiki>}}<br />
<br />
== Response time ==<br />
<br />
The response time is the time taken to get a fixed package to the stable repositories.<br />
<br />
== Documented CVE's ==<br />
<br />
{{Note|Refer to the [[#Procedure]] section when adding new entries.}}<br />
<br />
{| class="wikitable sortable" style="margin: 1em auto 1em auto; text-align: center;" width="100%"<br />
! height="50px" colspan="8" style="font-size: 125%;"| '''TRACKED CVE's'''<br />
|-<br />
! scope="col" width="130px" data-sort-type="text" | CVE-ID !! Package !! Disclosure date !! Affected versions !! Fixed in Arch Linux package version !! Arch Linux response time !! Status (and related bug reports) !! ASA-ID<br />
|-<br />
| {{CVE|CVE-2016-5195}} [https://github.com/dirtycow/dirtycow.github.io/wiki/VulnerabilityDetails] || {{pkg|linux}} || 2016-10-21 || <= 4.8.2-1 || 4.8.3-1 || || '''Vulnerable''' || <br />
|-<br />
| {{CVE|CVE-2016-5195}} [https://github.com/dirtycow/dirtycow.github.io/wiki/VulnerabilityDetails] || {{pkg|linux-grsec}} || 2016-10-21 || <= 1:4.7.8.r201610161720-1 || || || '''Vulnerable''' || <br />
|-<br />
| {{CVE|CVE-2016-5195}} [https://github.com/dirtycow/dirtycow.github.io/wiki/VulnerabilityDetails] || {{pkg|linux-lts}} || 2016-10-21 || <= 4.4.25-1 || 4.4.26-1 || <3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-October/000739.html ASA-201610-11]<br />
|-<br />
| {{CVE|CVE-2016-8605}} {{CVE|CVE-2016-8606}} [http://www.openwall.com/lists/oss-security/2016/10/11/1] [http://www.openwall.com/lists/oss-security/2016/10/12/2] || {{pkg|guile}} || 2016-10-11 || <= 2.0.12-1 || 2.0.13-1 || <3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-October/000738.html ASA-201610-10]<br />
|-<br />
| {{CVE|CVE-2016-7906}} {{CVE|CVE-2016-7799}} [http://www.openwall.com/lists/oss-security/2016/10/02/3] [http://www.openwall.com/lists/oss-security/2016/10/01/6] || {{pkg|imagemagick}} || 2016-10-02 || <= 6.9.5.10-1 || 6.9.6.0-1 || <5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-October/000734.html ASA-201610-6]<br />
|-<br />
| {{CVE|CVE-2016-7967}} {{CVE|CVE-2016-7968}} [https://www.kde.org/info/security/advisory-20161006-2.txt] [https://www.kde.org/info/security/advisory-20161006-3.txt] [http://seclists.org/oss-sec/2016/q4/23] || {{pkg|messagelib}} || 2016-10-06 || <= 16.08.1-1 || 16.08.1-2 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-October/000733.html ASA-201610-5]<br />
|- <br />
| {{CVE|CVE-2016-7966}} [https://www.kde.org/info/security/advisory-20161006-1.txt] [http://seclists.org/oss-sec/2016/q4/23] || {{pkg|kcoreaddons}} || 2016-10-06 || <= 5.26.0-1 || 5.26.0-2 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-October/000732.html ASA-201610-4]<br />
|- <br />
| {{CVE|CVE-2016-7795}} || {{pkg|systemd}} || 2016-09-29 || <= 231-1 || 231-2 || 6d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-October/000730.html ASA-201610-2]<br />
|- <br />
| {{CVE|CVE-2016-5177}} {{CVE|CVE-2016-5178}} [https://googlechromereleases.blogspot.fr/2016/09/stable-channel-update-for-desktop_29.html] || {{pkg|chromium}} || 2016-09-29 || <= 53.0.2785.116-1 || 53.0.2785.143-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-October/000729.html ASA-201610-1]<br />
|- <br />
| {{CVE|CVE-2016-7168}} {{CVE|CVE-2016-7169}} [https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/] || {{pkg|wordpress}} || 2016-09-29 || <= 4.6.0-1 || 4.6.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000728.html ASA-201609-32]<br />
|- <br />
| {{CVE|CVE-2016-5180}} [https://c-ares.haxx.se/adv_20160929.html] || {{pkg|c-ares}} || 2016-09-29 || <= 1.11.0-1 || 1.12.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000727.html ASA-201609-31]<br />
|- <br />
| {{CVE|CVE-2016-2776}} [https://kb.isc.org/article/AA-01419/0] || {{pkg|bind}} || 2016-07-27 || <= 9.10.4.P2-1 || 9.10.4.P3-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000725.html ASA-201607-29]<br />
|-<br />
| {{CVE|CVE-2016-7052}} [https://www.openssl.org/news/secadv/20160926.txt] || {{pkg|lib32-openssl}} || 2016-09-26 || <= 1:1.0.2.i-1 || 1:1.0.2.j-1 || || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000724.html ASA-201609-28]<br />
|- <br />
| {{CVE|CVE-2016-7052}} [https://www.openssl.org/news/secadv/20160926.txt] || {{pkg|openssl}} || 2016-09-26 || <= 1.0.2.i-1 || 1.0.2.j-1 || || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000726.html ASA-201609-30]<br />
|- <br />
| {{CVE|CVE-2016-6309}} [https://www.openssl.org/news/secadv/20160926.txt] || {{pkg|lib32-openssl}} || 2016-09-26 || <= 1:1.0.2.i-1 || || || Not Affected || None<br />
|- <br />
| {{CVE|CVE-2016-6309}} [https://www.openssl.org/news/secadv/20160926.txt] || {{pkg|openssl}} || 2016-09-26 || <= 1.0.2.i-1 || || || Not Affected || None<br />
|- <br />
| {{CVE|CVE-2016-2177}} {{CVE|CVE-2016-2178}} {{CVE|CVE-2016-2179}} {{CVE|CVE-2016-2180}} {{CVE|CVE-2016-2181}} {{CVE|CVE-2016-2182}} {{CVE|CVE-2016-2183}} {{CVE|CVE-2016-6302}} {{CVE|CVE-2016-6303}} {{CVE|CVE-2016-6304}} {{CVE|CVE-2016-6306}} [http://eprint.iacr.org/2016/594] [https://www.openssl.org/news/secadv/20160922.txt] || {{pkg|openssl}} || 2016-09-22 || <= 1.0.2.h-1 || 1.0.2.i-1 || <1d || Fixed ({{bug|49616}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000719.html ASA-201609-23]<br />
|- <br />
| {{CVE|CVE-2016-2177}} {{CVE|CVE-2016-2178}} {{CVE|CVE-2016-2179}} {{CVE|CVE-2016-2180}} {{CVE|CVE-2016-2181}} {{CVE|CVE-2016-2182}} {{CVE|CVE-2016-2183}} {{CVE|CVE-2016-6302}} {{CVE|CVE-2016-6303}} {{CVE|CVE-2016-6304}} {{CVE|CVE-2016-6306}} [http://eprint.iacr.org/2016/594] [https://www.openssl.org/news/secadv/20160922.txt] || {{pkg|lib32-openssl}} || 2016-09-22 || <= 1:1.0.2.h-1 || 1:1.0.2.i-1 || <1d || Fixed ({{bug|49616}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000720.html ASA-201609-24]<br />
|- <br />
| {{CVE|CVE-2016-7044}} {{CVE|CVE-2016-7045}} [https://irssi.org/security/irssi_sa_2016.txt] || {{pkg|irssi}} || 2016-09-21 || <= 0.8.19-2 || 0.8.20-1 || || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000716.html ASA-201609-20]<br />
|- <br />
| {{CVE|CVE-2016-5270}} {{CVE|CVE-2016-5271}} {{CVE|CVE-2016-5272}} {{CVE|CVE-2016-5273}} {{CVE|CVE-2016-5276}} {{CVE|CVE-2016-5274}} {{CVE|CVE-2016-5277}} {{CVE|CVE-2016-5275}} {{CVE|CVE-2016-5278}} {{CVE|CVE-2016-5279}} {{CVE|CVE-2016-5280}} {{CVE|CVE-2016-5281}} {{CVE|CVE-2016-5282}} {{CVE|CVE-2016-5283}} {{CVE|CVE-2016-5284}} {{CVE|CVE-2016-5256}} {{CVE|CVE-2016-5257}} [https://www.mozilla.org/en-US/security/advisories/mfsa2016-85/] || {{pkg|firefox}} || 2016-09-13 || <= 48.0.2-1 || 49.0-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000718.html ASA-201609-22]<br />
|- <br />
| {{CVE|CVE-2016-5388}} || {{pkg|tomcat7}} || 2016-09-18 || <= 7.0.70-1 || 7.0.72-1 || || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000717.html ASA-201609-21]<br />
|- <br />
| {{CVE|CVE-2016-7420}} [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7420] || {{pkg|crypto++}} || 2016-09-18 || <= 5.6.4-2 || 5.6.5-1 || <24d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-October/000736.html ASA-201610-8 ]<br />
|- <br />
| {{CVE|CVE-2016-7444}} [http://seclists.org/oss-sec/2016/q3/545] [https://www.gnutls.org/security.html#GNUTLS-SA-2016-3] || {{pkg|gnutls}} || 2016-09-08 || <= 3.4.14-1 || 3.4.15-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000721.html ASA-201609-25]<br />
|- <br />
| {{CVE|CVE-2016-7444}} [http://seclists.org/oss-sec/2016/q3/545] [https://www.gnutls.org/security.html#GNUTLS-SA-2016-3] || {{pkg|lib32-gnutls}} || 2016-09-08 || <= 3.4.14-1 || 3.4.15-1 || 13d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000722.html ASA-201609-26]<br />
|- <br />
| {{CVE|CVE-2016-5170}} {{CVE|CVE-2016-5171}} {{CVE|CVE-2016-5172}} {{CVE|CVE-2016-5173}} {{CVE|CVE-2016-5174}} {{CVE|CVE-2016-5175}} [https://googlechromereleases.blogspot.fr/2016/09/stable-channel-update-for-desktop_13.html] || {{pkg|chromium}} || 2016-09-13 || <= 53.0.2785.101-1 || 53.0.2785.116-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000709.html ASA-201609-13]<br />
|- <br />
| {{CVE|CVE-2016-7412}} {{CVE|CVE-2016-7413}} {{CVE|CVE-2016-7414}} {{CVE|CVE-2016-7416}} {{CVE|CVE-2016-7417}} {{CVE|CVE-2016-7418}} [http://www.openwall.com/lists/oss-security/2016/09/15/10] || {{pkg|php}} || 2016-09-15 || <= 7.0.10-1 || 7.0.11-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000712.html ASA-201609-16]<br />
|- <br />
| {{CVE|CVE-2016-6352}} [https://bugzilla.redhat.com/show_bug.cgi?id=1349751] || {{pkg|lib32-gdk-pixbuf2}} || 2016-08-31 || <= 2.34.0-1 || || || '''Vulnerable''' ||<br />
|- <br />
| {{CVE|CVE-2016-6352}} [https://bugzilla.redhat.com/show_bug.cgi?id=1349751] || {{pkg|gdk-pixbuf2}} || 2016-08-31 || <= 2.34.0-2 || 2.36.0+2+ga7c869a-1 || 50d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-October/000737.html ASA-201610-9]<br />
|- <br />
| {{CVE|CVE-2016-7167}} [https://curl.haxx.se/docs/adv_20160914.html] || {{pkg|curl}} || 2016-09-14 || <= 7.50.2-1 || 7.50.3-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000715.html ASA-201609-19]<br />
|- <br />
| {{CVE|CVE-2016-7167}} [https://curl.haxx.se/docs/adv_20160914.html] || {{pkg|lib32-curl}} || 2016-09-14 || <= 7.50.0-1 || 7.50.3-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000714.html ASA-201609-18]<br />
|- <br />
| {{CVE|CVE-2016-4271}} {{CVE|CVE-2016-4272}} {{CVE|CVE-2016-4274}} {{CVE|CVE-2016-4275}} {{CVE|CVE-2016-4276}} {{CVE|CVE-2016-4277}} {{CVE|CVE-2016-4278}} {{CVE|CVE-2016-4279}} {{CVE|CVE-2016-4280}} {{CVE|CVE-2016-4281}} {{CVE|CVE-2016-4282}} {{CVE|CVE-2016-4283}} {{CVE|CVE-2016-4284}} {{CVE|CVE-2016-4285}} {{CVE|CVE-2016-4287}} {{CVE|CVE-2016-6921}} {{CVE|CVE-2016-6922}} {{CVE|CVE-2016-6923}} {{CVE|CVE-2016-6924}} {{CVE|CVE-2016-6925}} {{CVE|CVE-2016-6926}} {{CVE|CVE-2016-6927}} {{CVE|CVE-2016-6929}} {{CVE|CVE-2016-6930}} {{CVE|CVE-2016-6931}} {{CVE|CVE-2016-6932}} [https://helpx.adobe.com/security/products/flash-player/apsb16-29.html] || {{pkg|flashplugin}} {{pkg|lib32-flashplugin}} || 2016-09-13 || <= 11.2.202.632-1 || 11.2.202.635-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000707.html ASA-201609-11] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000708.html ASA-201609-12]<br />
|- <br />
| {{CVE|CVE-2016-6662}} {{CVE|CVE-2016-6663}} [https://mariadb.org/mariadb-server-versions-remote-root-code-execution-vulnerability-cve-2016-6662/] [https://jira.mariadb.org/browse/MDEV-10465] [http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html] || {{Pkg|mariadb}} || 2016-09-13 || <= 10.1.16-2 || 10.1.17-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000706.html ASA-201609-10]<br />
|-<br />
| {{CVE|CVE-2016-7180}} {{CVE|CVE-2016-7175}} {{CVE|CVE-2016-7176}} {{CVE|CVE-2016-7177}} {{CVE|CVE-2016-7178}} {{CVE|CVE-2016-7179}} [https://www.wireshark.org/security/wnpa-sec-2016-50.html] [https://www.wireshark.org/security/wnpa-sec-2016-51.html] [https://www.wireshark.org/security/wnpa-sec-2016-52.html] [https://www.wireshark.org/security/wnpa-sec-2016-53.html] [https://www.wireshark.org/security/wnpa-sec-2016-54.html] [https://www.wireshark.org/security/wnpa-sec-2016-55.html] || {{pkg|wireshark-cli}} || 2016-09-09 || <= 2.0.5-1 || 2.2.0-1 || 15d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000723.html ASA-201609-27]<br />
|- <br />
| {{CVE|CVE-2016-5388}} [https://www.apache.org/security/asf-httpoxy-response.txt] || {{pkg|tomcat8}} || 2016-07-18 || <= 8.0.36-1 || 8.0.37-1 || 52d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000703.html ASA-201609-7] <br />
|-<br />
| {{CVE|CVE-2016-7164}} [http://ftp.gnome.org/mirror/gnome.org/sources/file-roller/3.20/file-roller-3.20.3.news] || {{pkg|file-roller}} || 2016-09-08 || <= 3.20.2-1 || 3.20.3-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000701.html ASA-201609-5]<br />
|-<br />
| {{CVE|CVE-2016-5426}} {{CVE|CVE-2016-5427}} [http://seclists.org/oss-sec/2016/q3/464] [https://doc.powerdns.com/md/security/powerdns-advisory-2016-01/] || {{pkg|powerdns}} || 2016-09-08 || 3.4.9-1 || 4.0.1-3 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000705.html ASA-201609-9]<br />
|-<br />
| {{CVE|CVE-2016-7164}} [http://seclists.org/oss-sec/2016/q3/443] || {{pkg|libtorrent-rasterbar}} || 2016-09-08 || <= 1:1.1-3 || 1:1.1.1-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000704.html ASA-201609-8]<br />
|-<br />
| {{CVE|CVE-2016-7141}} [https://curl.haxx.se/docs/adv_20160907.html] || {{pkg|curl}} || 2016-09-07 || N/A || N/A || - || Not Affected || None<br />
|-<br />
| {{CVE|CVE-2016-2835}} {{CVE|CVE-2016-2836}} [https://www.mozilla.org/en-US/security/advisories/mfsa2016-62/] || {{pkg|thunderbird}} || 2016-08-30 || <= 45.2.0-2 || 45.3.0-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000699.html ASA-201609-3]<br />
|-<br />
| {{CVE|CVE-2016-7134}} {{CVE|CVE-2016-7133}} {{CVE|CVE-2016-7132}} {{CVE|CVE-2016-7131}} {{CVE|CVE-2016-7130}} {{CVE|CVE-2016-7129}} {{CVE|CVE-2016-7128}} {{CVE|CVE-2016-7127}} {{CVE|CVE-2016-7126}} {{CVE|CVE-2016-7125}} {{CVE|CVE-2016-7124}} [http://www.openwall.com/lists/oss-security/2016/09/02/9] || {{pkg|php}} || 2016-09-03 || <= 7.0.10-1 || 7.0.11-1 || || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-5147}} {{CVE|CVE-2016-5148}} {{CVE|CVE-2016-5149}} {{CVE|CVE-2016-5150}} {{CVE|CVE-2016-5151}} {{CVE|CVE-2016-5152}} {{CVE|CVE-2016-5153}} {{CVE|CVE-2016-5154}} {{CVE|CVE-2016-5155}} {{CVE|CVE-2016-5156}} {{CVE|CVE-2016-5157}} {{CVE|CVE-2016-5158}} {{CVE|CVE-2016-5159}} {{CVE|CVE-2016-5160}} {{CVE|CVE-2016-5161}} {{CVE|CVE-2016-5162}} {{CVE|CVE-2016-5163}} {{CVE|CVE-2016-5164}} {{CVE|CVE-2016-5165}} {{CVE|CVE-2016-5166}} {{CVE|CVE-2016-5167}} [https://googlechromereleases.blogspot.fr/2016/08/stable-channel-update-for-desktop_31.html] || {{pkg|chromium}} || 2016-08-31 || <= 52.0.2743.116-1 || 53.0.2785.89-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000697.html ASA-201609-1]<br />
|-<br />
| {{CVE|CVE-2016-6525}} [http://bugs.ghostscript.com/show_bug.cgi?id=696954] || {{Pkg|mupdf}} || 2016-07-19 || <= 1.9a-4 || 1.9a-5 || 1d || Fixed ([https://bugs.archlinux.org/task/50590 FS#50590 ]) || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000696.html ASA-201608-22] <br />
|-<br />
| {{CVE|CVE-2016-6265}} [http://bugs.ghostscript.com/show_bug.cgi?id=696941] || {{Pkg|mupdf}} || 2016-07-19 || <= 1.9a-3 || 1.9a-4 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000695.html ASA-201608-21] <br />
|-<br />
| {{CVE|CVE-2016-4590}} {{CVE|CVE-2016-4591}} {{CVE|CVE-2016-4622}} {{CVE|CVE-2016-4624}} [https://webkitgtk.org/2016/08/24/webkitgtk2.12.4-released.html] [https://webkitgtk.org/security/WSA-2016-0005.html] || {{pkg|webkit2gtk}} || 2016-08-24 || <= 2.12.3-1 || 2.12.4-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000698.html ASA-201609-2]<br />
|-<br />
| {{CVE|CVE-2016-6331}} {{CVE|CVE-2016-6332}} {{CVE|CVE-2016-6333}} {{CVE|CVE-2016-6334}} {{CVE|CVE-2016-6335}} {{CVE|CVE-2016-6336}} {{CVE|CVE-2016-6337}} [https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html] || {{pkg|mediawiki}} || 2016-08-23 || <= 1.27.0-1 || 1.27.1-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000693.html ASA-201608-19] <br />
|-<br />
| {{CVE|CVE-2016-6313}} [https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html] || {{pkg|lib32-libgcrypt}} || 2016-08-17 || <= 1.7.2-1 || 1.7.3-1 || 31d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000710.html ASA-201609-14]<br />
|-<br />
| {{CVE|CVE-2016-6313}} [https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html] || {{pkg|libgcrypt}} || 2016-08-17 || <= 1.7.2-1 || 1.7.3-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000692.html ASA-201608-18]<br />
|-<br />
| {{CVE|CVE-2016-5423}} {{CVE|CVE-2016-5424}} [https://www.postgresql.org/about/news/1688/] || {{pkg|postgresql}} {{pkg|postgresql-libs}} || 2016-08-11 || <= 9.5.3-1 || 9.5.4-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000688.html ASA-201608-14]<br />
|-<br />
| {{CVE|CVE-2016-5696}} [http://seclists.org/oss-sec/2016/q3/44] [https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=75ff39ccc1bd5d3c455b6822ab09e533c551f758] || {{pkg|linux}} || 2016-07-12 || <= 4.6.4-1 || 4.7-1 || 31d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000686.html ASA-201608-12]<br />
|-<br />
| {{CVE|CVE-2016-5696}} [http://seclists.org/oss-sec/2016/q3/44] [https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=75ff39ccc1bd5d3c455b6822ab09e533c551f758] || {{pkg|linux-grsec}} || 2016-07-12 || <= 4.6.5.201607312210-1 || 4.7.201608131240-1 || 33d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000687.html ASA-201608-13]<br />
|-<br />
| {{CVE|CVE-2016-5696}} [http://seclists.org/oss-sec/2016/q3/44] [https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=75ff39ccc1bd5d3c455b6822ab09e533c551f758] || {{pkg|linux-lts}} || 2016-07-12 || <= 4.4.16-1 || 4.4.19-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000691.html ASA-201608-17]<br />
|-<br />
| {{CVE|CVE-2016-5696}} [http://seclists.org/oss-sec/2016/q3/44] [https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=75ff39ccc1bd5d3c455b6822ab09e533c551f758] || {{pkg|linux-zen}} || 2016-07-12 || <= 4.6.5-1 || 4.7-1 || 35d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000689.html ASA-201608-15]<br />
|-<br />
| {{CVE|CVE-2016-5139}} {{CVE|CVE-2016-5140}} {{CVE|CVE-2016-5141}} {{CVE|CVE-2016-5142}} {{CVE|CVE-2016-5143}} {{CVE|CVE-2016-5144}} {{CVE|CVE-2016-5145}} {{CVE|CVE-2016-5146}} [https://googlechromereleases.blogspot.fr/2016/08/stable-channel-update-for-desktop.html] || {{pkg|chromium}} || 2016-08-03 || <= 52.0.2743.85-2 || 52.0.2743.116-1 || 14d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000690.html ASA-201608-16]<br />
|-<br />
| {{CVE|CVE-2016-6255}} || {{pkg|libupnp}} || 2016-08-08 || <= 1.6.19-1 || 1.6.20-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000682.html ASA-201608-8]<br />
|-<br />
| {{CVE|CVE-2016-3075}} {{CVE|CVE-2016-5417}} [https://sourceware.org/bugzilla/show_bug.cgi?id=19879] [https://sourceware.org/bugzilla/show_bug.cgi?id=19257] || {{pkg|glibc}} {{pkg|lib32-glibc}} || 2016-08-02 || <= 2.23-5 || 2.24-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000680.html ASA-201608-6] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000681.html ASA-201608-7]<br />
|-<br />
| {{CVE|CVE-2016-3458}} {{CVE|CVE-2016-3500}} {{CVE|CVE-2016-3508}} {{CVE|CVE-2016-3550}} {{CVE|CVE-2016-3598}} {{CVE|CVE-2016-3606}} {{CVE|CVE-2016-3610}} [http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2016-July/036560.html] || {{pkg|jdk7-openjdk}} {{pkg|jre7-openjdk}} {{pkg|jre7-openjdk-headless}} || 2016-07-29 || <= 7.u101_2.6.6 || 7.u111_2.6.7 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000677.html ASA-201608-3] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000678.html ASA-201608-4] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000679.html ASA-201608-5]<br />
|-<br />
| {{CVE|CVE-2016-0718}} {{CVE|CVE-2016-2830}} {{CVE|CVE-2016-2835}} {{CVE|CVE-2016-2836}} {{CVE|CVE-2016-2837}} {{CVE|CVE-2016-2838}} {{CVE|CVE-2016-2839}} {{CVE|CVE-2016-5250}} {{CVE|CVE-2016-5251}} {{CVE|CVE-2016-5252}} {{CVE|CVE-2016-5254}} {{CVE|CVE-2016-5255}} {{CVE|CVE-2016-5258}} {{CVE|CVE-2016-5259}} {{CVE|CVE-2016-5260}} {{CVE|CVE-2016-5261}} {{CVE|CVE-2016-5262}} {{CVE|CVE-2016-5263}} {{CVE|CVE-2016-5264}} {{CVE|CVE-2016-5265}} {{CVE|CVE-2016-5266}} {{CVE|CVE-2016-5268}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox48] || {{pkg|firefox}} || 2016-08-02 || <= 47.0.1-1 || 48.0-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000676.html ASA-201608-2]<br />
|-<br />
| {{CVE|CVE-2016-5419}} {{CVE|CVE-2016-5420}} {{CVE|CVE-2016-5421}} [https://curl.haxx.se/docs/adv_20160803A.html] [https://curl.haxx.se/docs/adv_20160803B.html] [https://curl.haxx.se/docs/adv_20160803C.html] || {{pkg|curl}} || 2016-08-03 || <= 7.50.0-1 || 7.50.1-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000683.html ASA-201608-9]<br />
|-<br />
| {{CVE|CVE-2016-6210}} [http://www.openssh.com/txt/release-7.3] [http://seclists.org/fulldisclosure/2016/Jul/51] || {{pkg|openssh}} || 2016-07-14 || <= 7.2p2-2 || 7.3p1-1 || 16d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000675.html ASA-201608-1]<br />
|-<br />
| {{CVE|CVE-2016-6503}} {CVE|CVE-2016-6504}} {{CVE|CVE-2016-6507}} [http://seclists.org/oss-sec/2016/q3/217] [[http://www.wireshark.org/security/wnpa-sec-2016-39.html] [http://www.wireshark.org/security/wnpa-sec-2016-40.html] [http://www.wireshark.org/security/wnpa-sec-2016-43.html] || {{pkg|wireshark-cli}} || 2016-07-28 || <= 2.0.4-1 || - || - || Not Affected || None<br />
|-<br />
| {{CVE|CVE-2016-6505}} {{CVE|CVE-2016-6506}} {{CVE|CVE-2016-6508}} {{CVE|CVE-2016-6509}} {{CVE|CVE-2016-6510}} {{CVE|CVE-2016-6511}} {{CVE|CVE-2016-6512}} {{CVE|CVE-2016-6513}} [http://seclists.org/oss-sec/2016/q3/217] [http://www.wireshark.org/security/wnpa-sec-2016-41.html] [http://www.wireshark.org/security/wnpa-sec-2016-42.html] [http://www.wireshark.org/security/wnpa-sec-2016-44.html] [http://www.wireshark.org/security/wnpa-sec-2016-45.html] [http://www.wireshark.org/security/wnpa-sec-2016-46.html] [http://www.wireshark.org/security/wnpa-sec-2016-47.html] [http://www.wireshark.org/security/wnpa-sec-2016-48.html] [http://www.wireshark.org/security/wnpa-sec-2016-49.html] || {{pkg|wireshark-cli}} || 2016-07-28 || <= 2.0.4-1 || 2.0.5-1 || 26d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000694.html ASA-201608-20]<br />
|-<br />
| {{CVE|CVE-2016-6491}} [http://seclists.org/oss-sec/2016/q3/194] [http://git.imagemagick.org/repos/ImageMagick/commit/5cb6c1acd3e3b12f9260daf207db432df7f792c2] || {{pkg|imagemagick}} || 2016-07-27 || <= 6.9.5.2-1 || 6.9.5.3-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000673.html ASA-201607-13]<br />
|-<br />
| {{CVE|CVE-2015-8948}} {{CVE|CVE-2016-6261}} {{CVE|CVE-2016-6262}} {{CVE|CVE-2016-6263}} || {{Pkg|libidn}} || 2016-07-20 || <= 1.32-1 || 1.33-1 || 10d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000674.html ASA-201607-14]<br />
|-<br />
| {{CVE|CVE-2016-6186}} || {{Pkg|python-django}} {{Pkg|python2-django}}|| 2016-07-18 || <= 1.9.8-1 || 1.9.8-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000670.html ASA-201607-10] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000671.html ASA-201607-11]<br />
|-<br />
| {{CVE|CVE-2016-1705}} {{CVE|CVE-2016-1706}} {{CVE|CVE-2016-1708}} {{CVE|CVE-2016-1709}} {{CVE|CVE-2016-1710}} {{CVE|CVE-2016-1711}} {{CVE|CVE-2016-5127}} {{CVE|CVE-2016-5128}} {{CVE|CVE-2016-5129}} {{CVE|CVE-2016-5130}} {{CVE|CVE-2016-5131}} {{CVE|CVE-2016-5132}} {{CVE|CVE-2016-5133}} {{CVE|CVE-2016-5134}} {{CVE|CVE-2016-5135}} {{CVE|CVE-2016-5136}} {{CVE|CVE-2016-5137}} [https://googlechromereleases.blogspot.fr/2016/07/stable-channel-update.html] || {{pkg|chromium}} || 2016-07-20 || <= 51.0.2704.106-1 || 52.0.2743.82-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000672.html ASA-201607-12]<br />
|-<br />
| {{CVE|CVE-2016-5385}} [https://www.drupal.org/SA-CORE-2016-003] || {{pkg|drupal}} || 2016-07-18 || <= 8.1.6-1 || 8.1.7-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000669.html ASA-201607-9]<br />
|-<br />
| {{CVE|CVE-2016-2775}} [https://kb.isc.org/article/AA-01393/74/CVE-2016-2775] || {{pkg|bind}} || 2016-07-19 || <= 9.10.4.P1-2 || 9.10.4.P2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000668.html ASA-201607-8]<br />
|-<br />
|{{CVE|CVE-2016-4173}} {{CVE|CVE-2016-4174}} {{CVE|CVE-2016-4175}} {{CVE|CVE-2016-4176}} {{CVE|CVE-2016-4177}} {{CVE|CVE-2016-4179}} {{CVE|CVE-2016-4180}} {{CVE|CVE-2016-4181}} {{CVE|CVE-2016-4182}} {{CVE|CVE-2016-4183}} {{CVE|CVE-2016-4184}} {{CVE|CVE-2016-4185}} {{CVE|CVE-2016-4186}} {{CVE|CVE-2016-4187}} {{CVE|CVE-2016-4188}} {{CVE|CVE-2016-4189}} {{CVE|CVE-2016-4190}} {{CVE|CVE-2016-4217}} {{CVE|CVE-2016-4218}} {{CVE|CVE-2016-4219}} {{CVE|CVE-2016-4220}} {{CVE|CVE-2016-4221}} {{CVE|CVE-2016-4222}} {{CVE|CVE-2016-4223}} {{CVE|CVE-2016-4224}} {{CVE|CVE-2016-4225}} {{CVE|CVE-2016-4226}} {{CVE|CVE-2016-4227}} {{CVE|CVE-2016-4228}} {{CVE|CVE-2016-4229}} {{CVE|CVE-2016-4230}} {{CVE|CVE-2016-4231}} {{CVE|CVE-2016-4232}} {{CVE|CVE-2016-4233}} {{CVE|CVE-2016-4234}} {{CVE|CVE-2016-4235}} {{CVE|CVE-2016-4236}} {{CVE|CVE-2016-4237}} {{CVE|CVE-2016-4238}} {{CVE|CVE-2016-4239}} {{CVE|CVE-2016-4240}} {{CVE|CVE-2016-4241}} {{CVE|CVE-2016-4242}} {{CVE|CVE-2016-4243}} {{CVE|CVE-2016-4244}} {{CVE|CVE-2016-4245}} {{CVE|CVE-2016-4246}} {{CVE|CVE-2016-4247}} {{CVE|CVE-2016-4248}} || {{pkg|flashplugin}} {{pkg|lib32-flashplugin}} || 2016-07-12 || <= 11.2.202.626-1 || 11.2.202.632-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000666.html ASA-201607-6] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000667.html ASA-201607-7]<br />
|-<br />
| {{CVE|CVE-2016-2815}} {{CVE|CVE-2016-2818}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird45.2] || {{pkg|thunderbird}} || 2016-06-30 || <= 45.1.1-2 || 45.2.0-1 || 10d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000664.html ASA-201607-4]<br />
|-<br />
| {{CVE|CVE-2016-4979}} [https://httpd.apache.org/security/vulnerabilities_24.html] || {{pkg|apache}} || 2016-07-05 || 2.4.18-2.4.20 || 2.4.23-1 || || Fixed ({{bug|49958}}) || None<br />
|-<br />
| {{CVE|CVE-2016-4994}} [https://bugzilla.gnome.org/show_bug.cgi?id=767873] || {{pkg|gimp}} || 2016-06-21 || <= 2.8.16-2 || 2.8.18-1 || 26d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000665.html ASA-201607-5]<br />
|-<br />
| {{CVE|CVE-2016-4472}} [https://bugzilla.redhat.com/show_bug.cgi?id=1344251] || {{pkg|expat}} || 2016-06-30 || <= 2.1.1-3 || 2.2.0-1 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-3189}} [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3189] || {{pkg|bzip2}} || 2016-06-30 || <= 1.0.6-5 || || || '''Vulnerable''' ||<br />
|-<br />
| {{CVE|CVE-2016-4463}} [http://seclists.org/bugtraq/2016/Jun/115] || {{pkg|xerces-c}} || 2016-06-29 || <= 3.1.3-2 || 3.1.4-1 || <3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000662.html ASA-201607-2]<br />
|-<br />
| {{CVE|CVE-2016-4324}} [http://www.talosintelligence.com/reports/TALOS-2016-0126/] || {{pkg|libreoffice-fresh}} || 2016-06-27 || <= 5.1.3-2 || 5.1.4-1 || <0d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000663.html ASA-201607-3]<br />
|-<br />
| {{CVE|CVE-2016-5701}} {{CVE|CVE-2016-5702}} {{CVE|CVE-2016-5703}} {{CVE|CVE-2016-5704}} {{CVE|CVE-2016-5705}} {{CVE|CVE-2016-5706}} {{CVE|CVE-2016-5730}} {{CVE|CVE-2016-5731}} {{CVE|CVE-2016-5732}} {{CVE|CVE-2016-5733}} {{CVE|CVE-2016-5734}} {{CVE|CVE-2016-5739}} [https://www.phpmyadmin.net/security/PMASA-2016-17/] [https://www.phpmyadmin.net/security/PMASA-2016-18/] [https://www.phpmyadmin.net/security/PMASA-2016-19/] [https://www.phpmyadmin.net/security/PMASA-2016-20/] [https://www.phpmyadmin.net/security/PMASA-2016-21/] [https://www.phpmyadmin.net/security/PMASA-2016-22/] [https://www.phpmyadmin.net/security/PMASA-2016-23/] [https://www.phpmyadmin.net/security/PMASA-2016-24/] [https://www.phpmyadmin.net/security/PMASA-2016-25/] [https://www.phpmyadmin.net/security/PMASA-2016-26/] [https://www.phpmyadmin.net/security/PMASA-2016-27/] [https://www.phpmyadmin.net/security/PMASA-2016-28/] || {{pkg|phpmyadmin}} || 2016-06-23 || <= 4.6.2-1 || 4.6.3-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000660.html ASA-201606-25]<br />
|-<br />
| {{CVE|CVE-2016-1704}} [https://googlechromereleases.blogspot.fr/2016/06/stable-channel-update_16.html] || {{pkg|chromium}} || 2016-01-16 || <= 51.0.2704.84-1 || 51.0.2704.103-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000655.html ASA-201606-20]<br />
|-<br />
| {{CVE|CVE-2016-2365}} {{CVE|CVE-2016-2366}} {{CVE|CVE-2016-2367}} {{CVE|CVE-2016-2368}} {{CVE|CVE-2016-2369}} {{CVE|CVE-2016-2370}} {{CVE|CVE-2016-2371}} {{CVE|CVE-2016-2372}} {{CVE|CVE-2016-2373}} {{CVE|CVE-2016-2374}} {{CVE|CVE-2016-2375}} {{CVE|CVE-2016-2376}} {{CVE|CVE-2016-2377}} {{CVE|CVE-2016-2378}} {{CVE|CVE-2016-2380}} {{CVE|CVE-2016-4323}} [http://blog.talosintel.com/2016/06/vulnerability-spotlight-pidgin.html] || {{pkg|libpurple}} || 2016-01-21 || <= 2.10.12-4 || 2.11.0-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000659.html ASA-201606-24]<br />
|-<br />
| {{CVE|CVE-2016-1541}} [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1541] || {{pkg|libarchive}} || 2016-01-17 || <= 3.1.2-8 || 3.2.0-1 || 47d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000661.html ASA-201607-1]<br />
|-<br />
| {{CVE|CVE-2016-5875}} {{CVE|CVE-2016-5314}} {{CVE|CVE-2016-5315}} {{CVE|CVE-2016-5316}} {{CVE|CVE-2016-5317}} {{CVE|CVE-2016-5320}} {{CVE|CVE-2016-5321}} {{CVE|CVE-2016-5322}} {{CVE|CVE-2016-5323}} {{CVE|CVE-2016-5102}} {{CVE|CVE-2016-3991}} {{CVE|CVE-2016-3990}} {{CVE|CVE-2016-3945}} {{CVE|CVE-2016-3658}} {{CVE|CVE-2016-3634}} {{CVE|CVE-2016-3633}} {{CVE|CVE-2016-3632}} {{CVE|CVE-2016-3631}} {{CVE|CVE-2016-3625}} {{CVE|CVE-2016-3624}} {{CVE|CVE-2016-3623}} {{CVE|CVE-2016-3622}} {{CVE|CVE-2016-3621}} {{CVE|CVE-2016-3620}} {{CVE|CVE-2016-3619}} {{CVE|CVE-2016-3186}} {{CVE|CVE-2015-8668}} {{CVE|CVE-2015-7313}} {{CVE|CVE-2014-8130}} {{CVE|CVE-2014-8127}} {{CVE|CVE-2010-2596}} {{CVE|CVE-2016-6223}} [http://www.openwall.com/lists/oss-security/2016/06/15/1] [http://www.openwall.com/lists/oss-security/2016/06/15/2] [http://www.openwall.com/lists/oss-security/2016/06/15/3] [http://www.openwall.com/lists/oss-security/2016/06/15/5] [http://www.openwall.com/lists/oss-security/2016/06/15/6] [http://www.openwall.com/lists/oss-security/2016/06/15/7] [http://www.openwall.com/lists/oss-security/2016/06/15/8] [http://www.openwall.com/lists/oss-security/2016/06/15/9] [https://security-tracker.debian.org/tracker/source-package/tiff] [http://www.openwall.com/lists/oss-security/2016/07/13/3] || {{pkg|libtiff}} || 2016-06-19 || <= 4.0.6-2 || || || '''Vulnerable''' ||<br />
|-<br />
| {{CVE|CVE-2016-4122}} {{CVE|CVE-2016-4123}} {{CVE|CVE-2016-4124}} {{CVE|CVE-2016-4125}} {{CVE|CVE-2016-4127}} {{CVE|CVE-2016-4128}} {{CVE|CVE-2016-4129}} {{CVE|CVE-2016-4130}} {{CVE|CVE-2016-4131}} {{CVE|CVE-2016-4132}} {{CVE|CVE-2016-4133}} {{CVE|CVE-2016-4134}} {{CVE|CVE-2016-4135}} {{CVE|CVE-2016-4136}} {{CVE|CVE-2016-4137}} {{CVE|CVE-2016-4138}} {{CVE|CVE-2016-4139}} {{CVE|CVE-2016-4140}} {{CVE|CVE-2016-4141}} {{CVE|CVE-2016-4142}} {{CVE|CVE-2016-4143}} {{CVE|CVE-2016-4144}} {{CVE|CVE-2016-4145}} {{CVE|CVE-2016-4146}} {{CVE|CVE-2016-4147}} {{CVE|CVE-2016-4148}} {{CVE|CVE-2016-4149}} {{CVE|CVE-2016-4150}} {{CVE|CVE-2016-4151}} {{CVE|CVE-2016-4152}} {{CVE|CVE-2016-4153}} {{CVE|CVE-2016-4154}} {{CVE|CVE-2016-4155}} {{CVE|CVE-2016-4156}} {{CVE|CVE-2016-4166}} {{CVE|CVE-2016-4171}} [https://helpx.adobe.com/security/products/flash-player/apsb16-18.html] || {{pkg|flashplugin}} {{pkg|lib32-flashplugin}} || 2016-06-16 || <= 11.2.202.621-1 || 11.2.202.626-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000650.html ASA-201606-15] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000653.html ASA-201606-18]<br />
|-<br />
| {{CVE|CVE-2016-4971}} [https://lists.gnu.org/archive/html/bug-wget/2016-06/msg00033.html] || {{pkg|wget}} || 2016-06-09 || <= 1.17.1-2 || 1.18-1 || 11d || Fixed ({{bug|49730}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000654.html ASA-201606-19]<br />
|-<br />
| {{CVE|CVE-2012-6702}} {{CVE|CVE-2016-5300}} || {{pkg|expat}} {{pkg|lib32-expat}} || 2016-06-07 || <= 2.1.1-2 || 2.1.1-3 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000648.html ASA-201606-13] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000649.html ASA-201606-14]<br />
|-<br />
| {{CVE|CVE-2016-5360}} [http://seclists.org/oss-sec/2016/q2/512] || {{pkg|haproxy}} || 2016-06-09 || <= 1.6.5-3 || 1.6.5-4 || 1d || Fixed ({{bug|49638}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000646.html ASA-201606-11]<br />
|-<br />
| {{CVE|CVE-2016-2815}} {{CVE|CVE-2016-2818}} {{CVE|CVE-2016-2819}} {{CVE|CVE-2016-2821}} {{CVE|CVE-2016-2822}} {{CVE|CVE-2016-2825}} {{CVE|CVE-2016-2828}} {{CVE|CVE-2016-2829}} {{CVE|CVE-2016-2831}} {{CVE|CVE-2016-2832}} {{CVE|CVE-2016-2833}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox47] || {{pkg|firefox}} || 2016-06-07 || <= 46.0.1-1 || 47.0-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000642.html ASA-201606-7]<br />
|-<br />
| {{CVE|CVE-2016-4456}} [https://marc.ttias.be/oss-security/2016-06/msg00043.php] [http://gnutls.org/security.html#GNUTLS-SA-2016-1] || {{pkg|gnutls}} {{pkg|lib32-gnutls}} || 2016-06-06 || <= 3.4.12-1 || 3.4.13-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000645.html ASA-201606-10] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000647.html ASA-201606-12]<br />
|-<br />
| {{CVE|CVE-2015-8899}} [http://www.openwall.com/lists/oss-security/2016/06/04/2] || {{pkg|dnsmasq}} || 2016-06-04 || <= 2.75-1 || 2.76-1 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-4953}} {{CVE|CVE-2016-4954}} {{CVE|CVE-2016-4955}} {{CVE|CVE-2016-4956}} {{CVE|CVE-2016-4957}} [http://support.ntp.org/bin/view/Main/SecurityNotice#June_2016_ntp_4_2_8p8_NTP_Securi] || {{pkg|ntp}} || 2016-06-02 || <= 4.2.8.p7-1 || 4.2.8.p8-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000639.html ASA-201606-4]<br />
|-<br />
| {{CVE|CVE-2016-4429}} [https://sourceware.org/bugzilla/show_bug.cgi?id=20112] || {{pkg|glibc}} {{pkg|lib32-glibc}} || 2016-05-18 || <= 2.23-4 || 2.23-5 || 25d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000651.html ASA-201606-16] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000652.html ASA-201606-17]<br />
|-<br />
| {{CVE|CVE-2016-5244}} {{CVE|CVE-2016-5243}} [http://www.openwall.com/lists/oss-security/2016/06/03/5] [http://www.openwall.com/lists/oss-security/2016/06/03/4] || {{pkg|linux}} || 2016-06-03 || <= 4.6.1 || || || Not Affected ||<br />
|-<br />
| {{CVE|CVE-2016-1696}} {{CVE|CVE-2016-1697}} {{CVE|CVE-2016-1698}} {{CVE|CVE-2016-1699}} {{CVE|CVE-2016-1700}} {{CVE|CVE-2016-1701}} {{CVE|CVE-2016-1702}} {{CVE|CVE-2016-1703}} [http://googlechromereleases.blogspot.fr/2016/06/stable-channel-update.html] || {{pkg|chromium}} || 2016-06-01 || <= 51.0.2704.63-1 || 51.0.2704.79-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000640.html ASA-201606-5]<br />
|-<br />
| {{CVE|CVE-2016-4450}} [http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html] [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4450] || {{pkg|nginx-mainline}} || 2016-05-31 || <= 1.11-1 || 1.11.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000637.html ASA-201606-2]<br />
|-<br />
| {{CVE|CVE-2016-4450}} [http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html] [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4450] || {{pkg|nginx}} || 2016-05-31 || <= 1.10-1 || 1.10.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000636.html ASA-201606-1]<br />
|-<br />
| {{CVE|CVE-2016-1857}} [http://webkitgtk.org/security/WSA-2016-0004.html] || {{pkg|webkit2gtk}} || 2016-05-30 || <= 2.12.2-1 || 2.12.3-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000638.html ASA-201606-3]<br />
|-<br />
| {{CVE|CVE-2016-5108}} [http://www.openwall.com/lists/oss-security/2016/05/27/7] || {{pkg|vlc}} || 2016-05-27 || <= 2.2.3-3 || 2.2.4-1 || 11d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000656.html ASA-201606-21]<br />
|-<br />
| {{CVE|CVE-2016-5104}} [http://www.openwall.com/lists/oss-security/2016/05/26/6] || {{pkg|libusbmuxd}} || 2016-05-26 || <= 1.0.10-1 || || || '''Vulnerable''' ||<br />
|-<br />
| {{CVE|CVE-2016-5104}} [http://www.openwall.com/lists/oss-security/2016/05/26/6] || {{pkg|libimobiledevice}} || 2016-05-26 || <= 1.2.0-3 || || || '''Vulnerable''' ||<br />
|-<br />
| {{CVE|CVE-2016-5103}} [http://www.openwall.com/lists/oss-security/2016/05/26/5] || {{pkg|roundcubemail}} || 2016-05-26 || <= 1.2rc-1 || 1.2.0-1 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-1762}} {{CVE|CVE-2016-1833}} {{CVE|CVE-2016-1834}} {{CVE|CVE-2016-1835}} {{CVE|CVE-2016-1836}} {{CVE|CVE-2016-1837}} {{CVE|CVE-2016-1838}} {{CVE|CVE-2016-1839}} {{CVE|CVE-2016-1840}} {{CVE|CVE-2016-3627}} {{CVE|CVE-2016-3705}} {{CVE|CVE-2016-4483}} [https://git.gnome.org/browse/libxml2/log/] || {{pkg|libxml2}} || 2016-05-23 || <= 2.9.3-2 || 2.9.4+0+gbdec218-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000634.html ASA-201605-27]<br />
|-<br />
| {{CVE|CVE-2016-1672}} {{CVE|CVE-2016-1673}} {{CVE|CVE-2016-1674}} {{CVE|CVE-2016-1675}} {{CVE|CVE-2016-1676}} {{CVE|CVE-2016-1677}} {{CVE|CVE-2016-1678}} {{CVE|CVE-2016-1679}} {{CVE|CVE-2016-1680}} {{CVE|CVE-2016-1681}} {{CVE|CVE-2016-1682}} {{CVE|CVE-2016-1683}} {{CVE|CVE-2016-1684}} {{CVE|CVE-2016-1685}} {{CVE|CVE-2016-1686}} {{CVE|CVE-2016-1687}} {{CVE|CVE-2016-1688}} {{CVE|CVE-2016-1689}} {{CVE|CVE-2016-1690}} {{CVE|CVE-2016-1691}} {{CVE|CVE-2016-1692}} {{CVE|CVE-2016-1693}} {{CVE|CVE-2016-1694}} {{CVE|CVE-2016-1695}} [http://googlechromereleases.blogspot.fr/2016/05/stable-channel-update_25.html] || {{pkg|chromium}} || 2016-05-25 || <= 50.0.2661.102-1 || 51.0.2704.63-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000635.html ASA-201605-28]<br />
|-<br />
| {{CVE|CVE-2016-5027}} {{CVE|CVE-2016-5028}} {{CVE|CVE-2016-5029}} {{CVE|CVE-2016-5030}} {{CVE|CVE-2016-5031}} {{CVE|CVE-2016-5032}} {{CVE|CVE-2016-5033}} {{CVE|CVE-2016-5034}} {{CVE|CVE-2016-5035}} {{CVE|CVE-2016-5036}} {{CVE|CVE-2016-5037}} {{CVE|CVE-2016-5038}} {{CVE|CVE-2016-5039}} {{CVE|CVE-2016-5040}} {{CVE|CVE-2016-5041}} {{CVE|CVE-2016-5042}} {{CVE|CVE-2016-5043}} {{CVE|CVE-2016-5044}} [http://seclists.org/oss-sec/2016/q2/393] [https://www.prevanders.net/dwarfbug.html] || {{pkg|libdwarf}} || 2016-05-24 || <= 20160507-1 || 20160613-1 || 27d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000658.html ASA-201606-23]<br />
|-<br />
| {{CVE|CVE-2015-1283}} {{CVE|CVE-2016-0718}} [http://seclists.org/oss-sec/2016/q2/360] || {{pkg|expat}} {{pkg|lib32-expat}} || 2016-05-17 || <= 2.1.1-1 || 2.1.1-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000629.html ASA-201605-22] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000630.html ASA-201605-23]<br />
|-<br />
| {{CVE|CVE-2016-2334}} {{CVE|CVE-2016-2335}} [http://www.talosintel.com/reports/TALOS-2016-0093/] [http://www.talosintel.com/reports/TALOS-2016-0094/] || {{pkg|p7zip}} || 2016-05-10 || <= 15.14.1-1 || 15.14.1-2 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000631.html ASA-201605-24]<br />
|-<br />
| {{CVE|CVE-2016-3698}} [https://github.com/jpirko/libndp/commit/2af9a55b38b55abbf05fd116ec097d4029115839] || {{pkg|libndp}} || 2016-05-17 || <= 1.5-1 || 1.6-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000633.html ASA-201605-26]<br />
|-<br />
| {{CVE|CVE-2016-2803}} [http://seclists.org/bugtraq/2016/May/72] || {{pkg|bugzilla}} || 2016-05-16 || <= 5.0.2-1 || 5.0.3-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000632.html ASA-201605-25]<br />
|-<br />
| {{CVE|CVE-2016-2099}} [https://issues.apache.org/jira/browse/XERCESC-2066] [http://www.openwall.com/lists/oss-security/2016/05/09/7] || {{pkg|xerces-c}} || 2016-05-09 || <= 3.1.3-1 || 3.1.3-2 || 46d || Fixed ({{bug|49353}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000656.html ASA-201606-22]<br />
|-<br />
| [http://blog.jetbrains.com/blog/2016/05/11/security-update-for-intellij-based-ides-v2016-1-and-older-versions/] || {{pkg|intellij-idea-community-edition}} {{pkg|intellij-idea-libs}} || 2016-05-11 || <= 1:2016.1.1-1 || 1:2016.1.2-1 || 3d || Fixed ({{bug|49329}}) || None<br />
|-<br />
| {{CVE|CVE-2016-2804}} {{CVE|CVE-2016-2805}} {{CVE|CVE-2016-2806}} {{CVE|CVE-2016-2807}} [https://www.mozilla.org/en-US/security/advisories/mfsa2016-39/] || {{pkg|thunderbird}} || 2016-05-10 || <= 45.0-1 || 45.1.0-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000628.html ASA-201605-21]<br />
|-<br />
| {{CVE|CVE-2016-1667}} {{CVE|CVE-2016-1668}} {{CVE|CVE-2016-1669}} {{CVE|CVE-2016-1670}} [http://googlechromereleases.blogspot.fr/2016/05/stable-channel-update.html] || {{pkg|chromium}} || 2016-05-11 || <= 50.0.2661.94-1 || 50.0.2661.102-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000622.html ASA-201605-15] <br />
|-<br />
| {{CVE|CVE-2016-3706}} {{CVE|CVE-2016-1234}} [https://sourceware.org/bugzilla/show_bug.cgi?id=20010] || {{pkg|glibc}} {{pkg|lib32-glibc}} || 2016-04-27 || <= 2.23-2 || 2.23-4 || 17d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000626.html ASA-201605-19] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000627.html ASA-201605-20]<br />
|-<br />
| {{CVE|CVE-2016-1096}} {{CVE|CVE-2016-1097}} {{CVE|CVE-2016-1098}} {{CVE|CVE-2016-1099}} {{CVE|CVE-2016-1100}} {{CVE|CVE-2016-1101}} {{CVE|CVE-2016-1102}} {{CVE|CVE-2016-1103}} {{CVE|CVE-2016-1104}} {{CVE|CVE-2016-1105}} {{CVE|CVE-2016-1106}} {{CVE|CVE-2016-1107}} {{CVE|CVE-2016-1108}} {{CVE|CVE-2016-1109}} {{CVE|CVE-2016-1110}} {{CVE|CVE-2016-4108}} {{CVE|CVE-2016-4109}} {{CVE|CVE-2016-4110}} {{CVE|CVE-2016-4111}} {{CVE|CVE-2016-4112}} {{CVE|CVE-2016-4113}} {{CVE|CVE-2016-4114}} {{CVE|CVE-2016-4115}} {{CVE|CVE-2016-4116}} {{CVE|CVE-2016-4117}} [https://helpx.adobe.com/security/products/flash-player/apsa16-02.html] || {{pkg|flashplugin}} {{pkg|lib32-flashplugin}} || 2016-05-10 || <= 11.2.202.616-2 || 11.2.202.621-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000623.html ASA-201605-16] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000625.html ASA-201605-18]<br />
|-<br />
| {{CVE|CVE-2015-8558}} {{CVE|CVE-2016-3710}} {{CVE|CVE-2016-3712}} {{CVE|CVE-2016-5105}} {{CVE|CVE-2016-5107}} {{CVE|CVE-2016-5106}} [http://xenbits.xen.org/xsa/advisory-179.html] [http://www.openwall.com/lists/oss-security/2016/05/25/7] || {{pkg|qemu}} {{pkg|qemu-arch-extra}} || 2016-05-10 || <= 2.5.1-1 || 2.6.0-1 || 28d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000643.html ASA-201606-8] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000644.html ASA-201606-9]<br />
|-<br />
| {{CVE|CVE-2015-8558}} {{CVE|CVE-2016-3710}} {{CVE|CVE-2016-3712}} {{CVE|CVE-2016-5105}} {{CVE|CVE-2016-5107}} {{CVE|CVE-2016-5106}} [http://xenbits.xen.org/xsa/advisory-179.html] [http://www.openwall.com/lists/oss-security/2016/05/25/7] || {{pkg|qemu-guest-agent}} {{pkg|qemu-block-gluster}} {{pkg|qemu-block-iscsi}} {{pkg|qemu-block-rbd}} || 2016-05-10 || <= 2.5.1-1 || - || - || Not Affected || None<br />
|-<br />
| {{CVE|CVE-2016-1926}} [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1926] [http://www.openvas.org/OVSA20160113.html] || {{pkg|greenbone-security-assistant}} || 2016-01-16 || <= 6.0.6-2 || || || '''Vulnerable''' || <br />
|-<br />
| {{CVE|CVE-2016-3659}} [http://bugs.cacti.net/view.php?id=2673] || {{pkg|cacti}} || 2016-03-31 || <= 0.8.8_g-3 || 0.8.8_h-1 || 40d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000621.html ASA-201605-14]<br />
|-<br />
| {{CVE|CVE-2016-4554}} {{CVE|CVE-2016-4555}} {{CVE|CVE-2016-4556}} [http://www.squid-cache.org/Advisories/SQUID-2016_8.txt] [http://www.squid-cache.org/Advisories/SQUID-2016_9.txt] || {{pkg|squid}} || 2016-05-09 || <= 3.5.17-1 || 3.5.19-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000620.html ASA-201605-13]<br />
|-<br />
| {{CVE|CVE-2015-8106}} [http://www.openwall.com/lists/oss-security/2015/11/16/39] || {{pkg|latex2rtf}} || 2015-11-16 || <= 2.3.8-1 || 2.3.10-1 || ~6m || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000616.html ASA-201605-9]<br />
|-<br />
| {{CVE|CVE-2016-3105}} [https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.8_.2F_3.8.1_.282016-5-1.29] || {{pkg|mercurial}} || 2016-05-01 || <= 3.7.3-1 || 3.8.1-1 || 5d || Fixed ({{bug|49239}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000617.html ASA-201605-10] <br />
|-<br />
| {{CVE|CVE-2016-1236}} [http://www.openwall.com/lists/oss-security/2016/05/05/22] || {{pkg|websvn}} || 2016-05-05 || <= 2.3.3-6 || 2.3.3-7 || 98d || Fixed ({{bug|50344}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000685.html ASA-201608-11]<br />
|-<br />
| {{CVE|CVE-2016-4414}} [http://marc.info/?l=oss-security&m=146204310020229&w=2] || {{pkg|quassel-client}} {{pkg|quassel-monolithic}} || 2016-04-30 || <= 0.12.3-1 || - || - || Not Affected || None<br />
|-<br />
| {{CVE|CVE-2016-4352}} [http://www.openwall.com/lists/oss-security/2016/04/29/7] || {{pkg|mencoder}} {{pkg|mplayer}} || 2016-05-03 || <= 37379-7 || 37857-1 || 3d || Fixed ({{bug|49195}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000618.html ASA-201605-11] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000619.html ASA-201605-12]<br />
|-<br />
| {{CVE|CVE-2016-4574}} [http://www.openwall.com/lists/oss-security/2016/05/10/4] || {{pkg|libksba}} || 2016-05-03 || <= 1.3.3-1 || 1.3.4-1 || 9d || Fixed ({{bug|49289}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000624.html ASA-201605-17]<br />
|-<br />
| {{CVE|CVE-2016-4354}} {{CVE|CVE-2016-4353}} {{CVE|CVE-2016-4355}} {{CVE|CVE-2016-4356}} [http://www.openwall.com/lists/oss-security/2016/04/29/8] || {{pkg|libksba}} || 2016-04-10 || <= 1.3.2-1 || 1.3.3-1 || 18d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-4348}} {{CVE|CVE-2016-4347}} [http://www.openwall.com/lists/oss-security/2016/04/30/3] || {{pkg|librsvg}} || 2016-05-03 || <= 2:2.40.2-2 || 2:2.40.15-2 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-4415}} {{CVE|CVE-2016-4416}} {{CVE|CVE-2016-4417}} {{CVE|CVE-2016-4418}} {{CVE|CVE-2016-4419}} {{CVE|CVE-2016-4420}} {{CVE|CVE-2016-4421}} {{CVE|CVE-2016-4076}} {{CVE|CVE-2016-4077}} {{CVE|CVE-2016-4078}} {{CVE|CVE-2016-4079}} {{CVE|CVE-2016-4080}} {{CVE|CVE-2016-4081}} {{CVE|CVE-2016-4006}} {{CVE|CVE-2016-4082}} {{CVE|CVE-2016-4083}} {{CVE|CVE-2016-4084}} {{CVE|CVE-2016-4085}} [http://www.openwall.com/lists/oss-security/2016/04/25/2] || {{pkg|wireshark-cli}} {{pkg|wireshark-qt}} {{pkg|wireshark-gtk}} || 2016-05-03 || <= 2.0.2-1 || 2.0.3-1 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-3714}} [http://www.openwall.com/lists/oss-security/2016/05/03/13] [http://www.openwall.com/lists/oss-security/2016/05/03/14]|| {{pkg|imagemagick}} || 2016-05-03 || <= 6.9.3.8-1 || 6.9.3.10-1 || 3d || Fixed ({{bug|49203}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000613.html ASA-201605-6]<br />
|-<br />
| {{CVE|CVE-2016-4477}} {{CVE|CVE-2016-4476}} [http://www.openwall.com/lists/oss-security/2016/05/03/2] || {{pkg|hostapd}} || 2016-05-03 || <= 2.5-2 || 2.6-1 || 90d || Fixed ({{bug|49196}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-October/000731.html ASA-201610-3]<br />
|-<br />
| {{CVE|CVE-2016-4477}} {{CVE|CVE-2016-4476}} [http://www.openwall.com/lists/oss-security/2016/05/03/2] || {{pkg|wpa_supplicant}} || 2016-05-03 || <= 1:2.5-3 || 1:2.6-1 || >90d || Fixed ({{bug|49196}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-October/000735.html ASA-201610-7]<br />
|-<br />
| {{CVE|CVE-2016-2105}} {{CVE|CVE-2016-2106}} {{CVE|CVE-2016-2107}} {{CVE|CVE-2016-2109}} {{CVE|CVE-2016-2176}} [https://www.openssl.org/news/secadv/20160503.txt] || {{pkg|openssl}} {{pkg|lib32-openssl}} || 2016-05-03 || <= 1.0.2.g-3 || 1.0.2.h-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000610.html ASA-201605-3] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000611.html ASA-201605-4]<br />
|-<br />
| {{CVE|CVE-2016-4425}} [https://github.com/akheron/jansson/issues/282] [http://marc.info/?l=oss-security&m=146219323703639&w=2] || {{pkg|jansson}} || 2016-05-02 || <= 2.7-1 || 2.8-1 || 137d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000711.html ASA-201609-15]<br />
|-<br />
| {{CVE|CVE-2016-4425}} [https://github.com/akheron/jansson/issues/282] [http://marc.info/?l=oss-security&m=146219323703639&w=2] || {{pkg|lib32-jansson}} || 2016-05-02 || <= 2.7-2 || 2.8-1 || 140d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000713.html ASA-201609-17]<br />
|-<br />
| {{CVE|CVE-2016-1660}} {{CVE|CVE-2016-1661}} {{CVE|CVE-2016-1662}} {{CVE|CVE-2016-1663}} {{CVE|CVE-2016-1664}} {{CVE|CVE-2016-1665}} {{CVE|CVE-2016-1666}} [http://googlechromereleases.blogspot.fr/2016/04/stable-channel-update_28.html] || {{pkg|chromium}} || 2016-04-28 || <= 50.0.2661.75-1 || 50.0.2661.94-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000614.html ASA-201605-7]<br />
|-<br />
| {{CVE|CVE-2015-8869}} || {{pkg|ocaml}} || 2016-04-29 || <= 4.02.3-2 || || || '''Vulnerable''' || <br />
|-<br />
| {{CVE|CVE-2016-4414}} [http://marc.info/?l=oss-security&m=146204310020229&w=2] || {{pkg|quassel-core}} || 2016-04-30 || <= 0.12.3-1 || 0.12.4-1 || 6d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000612.html ASA-201605-5]<br />
|-<br />
| {{CVE|CVE-2016-2167}} {{CVE|CVE-2016-2168}} [https://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgfn1iKueW51EpmXzXi_URNfGNofZSgOyW1_jnSeNm5DQ@mail.gmail.com%3E] || {{pkg|subversion}} || 2016-04-28 || <= 1.9.3-2 || 1.9.4-1 || 38d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000641.html ASA-201606-6]<br />
|-<br />
| {{CVE|CVE-2015-7704}} {{CVE|CVE-2015-8138}} {{CVE|CVE-2016-1547}} {{CVE|CVE-2016-1548}} {{CVE|CVE-2016-1549}} {{CVE|CVE-2016-1550}} {{CVE|CVE-2016-1551}} {{CVE|CVE-2016-2516}} {{CVE|CVE-2016-2517}} {{CVE|CVE-2016-2518}} {{CVE|CVE-2016-2519}} [http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security] || {{pkg|ntp}} || 2016-04-26 || <= 4.2.8.p6-3 || 4.2.8.p7-1 || 6d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-2804}} {{CVE|CVE-2016-2805}} {{CVE|CVE-2016-2806}} {{CVE|CVE-2016-2807}} {{CVE|CVE-2016-2808}} {{CVE|CVE-2016-2811}} {{CVE|CVE-2016-2812}} {{CVE|CVE-2016-2814}} {{CVE|CVE-2016-2816}} {{CVE|CVE-2016-2817}} {{CVE|CVE-2016-2820}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox46] || {{pkg|firefox}} || 2016-04-26 || <= 45.0.2-1 || 46.0-2 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000607.html ASA-201604-15]<br />
|-<br />
| {{CVE|CVE-2015-8863}} [http://seclists.org/oss-sec/2016/q2/134] || {{pkg|jq}} || 2016-04-23 || <= 1.5-3 || 1.5-4 || 109d || Fixed ({{bug|50330}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000684.html ASA-201608-10]<br />
|-<br />
| {{CVE|CVE-2016-3074}} [http://seclists.org/oss-sec/2016/q2/128] || {{pkg|gd}} || 2016-04-21 || <= 2.1.1-3 || 2.1.1-4 || 15d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000615.html ASA-201605-8]<br />
|-<br />
| {{CVE|CVE-2016-4051}} {{CVE|CVE-2016-4052}} {{CVE|CVE-2016-4053}} {{CVE|CVE-2016-4054}} [http://www.squid-cache.org/Advisories/SQUID-2016_5.txt] [http://www.squid-cache.org/Advisories/SQUID-2016_6.txt] || {{pkg|squid}} || 2016-04-20 || <= 3.5.16-1 || 3.5.17-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000606.html ASA-201604-14]<br />
|-<br />
| {{CVE|CVE-2016-4021}} [https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2016-030.txt] || {{pkg|pgpdump}} || 2016-04-12 || <= 0.29-2 || 0.30-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000603.html ASA-201604-11]<br />
|-<br />
| {{CVE|CVE-2016-1955}} {{CVE|CVE-2016-1956}} [https://www.mozilla.org/en-US/security/advisories/mfsa2016-18/] [https://www.mozilla.org/en-US/security/advisories/mfsa2016-19/] || {{pkg|thunderbird}} || 2016-04-12 || <= 38.7.2-1 || 45.0-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000604.html ASA-201604-12]<br />
|-<br />
| {{CVE|CVE-2016-2347}} [http://www.talosintel.com/reports/TALOS-2016-0095/] || {{pkg|lhasa}} || 2016-04-14 || <= 0.3.0-1 || 0.3.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000600.html ASA-201604-8]<br />
|-<br />
| {{CVE|CVE-2016-1651}} {{CVE|CVE-2016-1652}} {{CVE|CVE-2016-1653}} {{CVE|CVE-2016-1654}} {{CVE|CVE-2016-1655}} {{CVE|CVE-2016-1656}} {{CVE|CVE-2016-1657}} {{CVE|CVE-2016-1658}} {{CVE|CVE-2016-1659}} [http://googlechromereleases.blogspot.fr/2016/04/stable-channel-update_13.html] || {{pkg|chromium}} || 2016-04-13|| <= 49.0.2623.112-1 || 50.0.2661.75-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000602.html ASA-201604-10]<br />
|-<br />
| {{CVE|CVE-2015-5370}} {{CVE|CVE-2016-2110}} {{CVE|CVE-2016-2111}} {{CVE|CVE-2016-2112}} {{CVE|CVE-2016-2113}} {{CVE|CVE-2016-2114}} {{CVE|CVE-2016-2115}} {{CVE|CVE-2016-2118}} [https://www.samba.org/samba/history/security.html] [http://badlock.org/] || {{pkg|samba}} || 2016-04-12|| <= 4.4.0-1 || 4.4.2-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000605.html ASA-201604-13]<br />
|-<br />
| {{CVE|CVE-2016-4008}} [http://article.gmane.org/gmane.comp.security.oss.general/19286] || {{pkg|libtasn1}} || 2016-04-11|| <= 4.7-1 || 4.8-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000601.html ASA-201604-9]<br />
|-<br />
| {{CVE|CVE-2011-5326}} {{CVE|CVE-2016-3993}} {{CVE|CVE-2016-3994}} {{CVE|CVE-2016-4024}} [https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=785369] [http://article.gmane.org/gmane.comp.security.oss.general/19276] || {{pkg|imlib2}} || 2016-04-09 || <= 1.4.8-1 || 1.4.9-1 || 23d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000608.html ASA-201605-1]<br />
|-<br />
| {{CVE|CVE-2014-9771}} [http://www.openwall.com/lists/oss-security/2016/04/09/3] || {{pkg|imlib2}} || 2016-04-09 || <= 1.4.5-6 || 1.4.6-1 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-1006}} {{CVE|CVE-2016-1011}} {{CVE|CVE-2016-1012}} {{CVE|CVE-2016-1013}} {{CVE|CVE-2016-1014}} {{CVE|CVE-2016-1015}} {{CVE|CVE-2016-1016}} {{CVE|CVE-2016-1017}} {{CVE|CVE-2016-1018}} {{CVE|CVE-2016-1019}} {{CVE|CVE-2016-1020}} {{CVE|CVE-2016-1021}} {{CVE|CVE-2016-1022}} {{CVE|CVE-2016-1023}} {{CVE|CVE-2016-1024}} {{CVE|CVE-2016-1025}} {{CVE|CVE-2016-1026}} {{CVE|CVE-2016-1027}} {{CVE|CVE-2016-1028}} {{CVE|CVE-2016-1029}} {{CVE|CVE-2016-1030}} {{CVE|CVE-2016-1031}} {{CVE|CVE-2016-1032}} {{CVE|CVE-2016-1033}} [https://helpx.adobe.com/security/products/flash-player/apsa16-01.html] [https://helpx.adobe.com/security/products/flash-player/apsb16-10.html] || {{pkg|flashplugin}} || 2016-04-05 || <= 11.2.202.577-1 || 11.2.202.616-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000599.html ASA-201604-7]<br />
|-<br />
| {{CVE|CVE-2016-3630}} {{CVE|CVE-2016-3068}} {{CVE|CVE-2016-3069}} [https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.29] || {{pkg|mercurial}} || 2016-03-29 || <= 3.7.2-1 || 3.7.3-1 || 8d || Fixed ({{bug|48821}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000598.html ASA-201604-6]<br />
|-<br />
| {{CVE|CVE-2016-2191}} [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2191] [https://sourceforge.net/p/optipng/bugs/59/] [http://www.openwall.com/lists/oss-security/2016/04/04/2]|| {{Pkg|optipng}} || 2016-04-04 || <= 0.7.5-2 || 0.7.6-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000597.html ASA-201604-5]<br />
|-<br />
| {{CVE|CVE-2016-3947}} [http://www.squid-cache.org/Advisories/SQUID-2016_3.txt] || {{Pkg|squid}} || 2016-04-01 || <= 3.5.15-2 || 3.5.16 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000596.html ASA-201604-4]<br />
|-<br />
| {{CVE|CVE-2016-0636}} [http://www.oracle.com/technetwork/topics/security/alert-cve-2016-0636-2949497.html] [http://blog.fuseyism.com/index.php/2016/03/25/security-icedtea-2-6-5-for-openjdk-7-released/] || {{pkg|jdk7-openjdk}} {{pkg|jre7-openjdk}} {{pkg|jre7-openjdk-headless}} || 2016-03-24 || <= 7.u95_2.6.4-1 || 7.u99_2.6.5-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000593.html ASA-201604-1] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000594.html ASA-201604-2] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000595.html ASA-201604-3]<br />
|-<br />
| {{CVE|CVE-2016-0636}} [http://www.oracle.com/technetwork/topics/security/alert-cve-2016-0636-2949497.html] || {{pkg|jdk8-openjdk}} {{pkg|jre8-openjdk}} {{pkg|jre8-openjdk-headless}} || 2016-03-23 || <= 8.u74-1 || 8.u77-1 || 6d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000590.html ASA-201603-25] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000591.html ASA-201603-26] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000592.html ASA-201603-27]<br />
|-<br />
| {{CVE|CVE-2016-1646}} {{CVE|CVE-2016-1647}} {{CVE|CVE-2016-1648}} {{CVE|CVE-2016-1649}} {{CVE|CVE-2016-1650}} [http://googlechromereleases.blogspot.fr/2016/03/stable-channel-update_24.html] || {{pkg|chromium}} || 2016-03-24 || <= 49.0.2623.87-1 || 49.0.2623.108-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000589.html ASA-201603-24]<br />
|-<br />
| {{CVE|CVE-2016-2849}} {{CVE|CVE-2016-2850}} [http://botan.randombit.net/security.html#id1] || {{pkg|botan}} || 2016-03-20 || <= 1.11.28-1 || 1.11.29-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000587.html ASA-201603-22]<br />
|-<br />
| {{CVE|CVE-2016-1952}} {{CVE|CVE-2016-1953}} {{CVE|CVE-2016-1954}} {{CVE|CVE-2016-1957}} {{CVE|CVE-2016-1960}} {{CVE|CVE-2016-1961}} {{CVE|CVE-2016-1964}} {{CVE|CVE-2016-1966}} {{CVE|CVE-2016-1974}} {{CVE|CVE-2016-1977}} {{CVE|CVE-2016-2790}} {{CVE|CVE-2016-2791}} {{CVE|CVE-2016-2792}} {{CVE|CVE-2016-2793}} {{CVE|CVE-2016-2794}} {{CVE|CVE-2016-2795}} {{CVE|CVE-2016-2796}} {{CVE|CVE-2016-2797}} {{CVE|CVE-2016-2798}} {{CVE|CVE-2016-2799}} {{CVE|CVE-2016-2800}} {{CVE|CVE-2016-2801}} {{CVE|CVE-2016-2802}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird38.7] || {{pkg|thunderbird}} || 2016-03-14 || <= 38.6.0-1 || 38.7.0-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000586.html ASA-201603-21]<br />
|-<br />
| {{CVE|CVE-2016-2324}} [http://seclists.org/oss-sec/2016/q1/653] || {{pkg|git}} || 2016-03-15 || <= 2.7.3-1 || 2.7.4-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000585.html ASA-201603-20]<br />
|-<br />
| {{CVE|CVE-2016-3116}} [https://matt.ucc.asn.au/dropbear/CHANGES] || {{pkg|dropbear}} || 2016-03-13 || <= 2015.71-1 || 2016.72-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000584.html ASA-201603-19]<br />
|-<br />
| {{CVE|CVE-2015-1283}} [https://sourceforge.net/p/expat/bugs/528/] || {{pkg|expat}} || 2016-03-12 || <= 2.1.0-4 || 2.1.1-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000588.html ASA-201603-23]<br />
|-<br />
| {{CVE|CVE-2016-2088}} [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2088] {{CVE|CVE-2016-1286}} [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1286] {{CVE|CVE-2016-1285}} [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1285] || {{pkg|bind}} || 2016-03-10 || <= 9.10.3.P3-3 || 9.10.3.P4-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000578.html ASA-201603-13]<br />
|-<br />
| {{CVE|CVE-2016-0960}} {{CVE|CVE-2016-0961}} {{CVE|CVE-2016-0962}} {{CVE|CVE-2016-0963}} {{CVE|CVE-2016-0986}} {{CVE|CVE-2016-0987}} {{CVE|CVE-2016-0988}} {{CVE|CVE-2016-0989}} {{CVE|CVE-2016-0990}} {{CVE|CVE-2016-0991}} {{CVE|CVE-2016-0992}} {{CVE|CVE-2016-0993}} {{CVE|CVE-2016-0994}} {{CVE|CVE-2016-0995}} {{CVE|CVE-2016-0996}} {{CVE|CVE-2016-0997}} {{CVE|CVE-2016-0998}} {{CVE|CVE-2016-0999}} {{CVE|CVE-2016-1000}} {{CVE|CVE-2016-1001}} {{CVE|CVE-2016-1002}} {{CVE|CVE-2016-1005}} {{CVE|CVE-2016-1010}} [https://helpx.adobe.com/security/products/flash-player/apsb16-08.html] || {{pkg|lib32-flashplugin}} || 2016-03-10 || <= 11.2.202.569-1 || 11.2.202.577-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000576.html ASA-201603-11]<br />
|-<br />
| {{CVE|CVE-2016-0960}} {{CVE|CVE-2016-0961}} {{CVE|CVE-2016-0962}} {{CVE|CVE-2016-0963}} {{CVE|CVE-2016-0986}} {{CVE|CVE-2016-0987}} {{CVE|CVE-2016-0988}} {{CVE|CVE-2016-0989}} {{CVE|CVE-2016-0990}} {{CVE|CVE-2016-0991}} {{CVE|CVE-2016-0992}} {{CVE|CVE-2016-0993}} {{CVE|CVE-2016-0994}} {{CVE|CVE-2016-0995}} {{CVE|CVE-2016-0996}} {{CVE|CVE-2016-0997}} {{CVE|CVE-2016-0998}} {{CVE|CVE-2016-0999}} {{CVE|CVE-2016-1000}} {{CVE|CVE-2016-1001}} {{CVE|CVE-2016-1002}} {{CVE|CVE-2016-1005}} {{CVE|CVE-2016-1010}} [https://helpx.adobe.com/security/products/flash-player/apsb16-08.html] || {{pkg|flashplugin}} || 2016-03-10 || <= 11.2.202.569-1 || 11.2.202.577-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000575.html ASA-201603-10]<br />
|-<br />
| {{CVE|CVE-2016-3115}} [http://www.openssh.com/txt/x11fwd.adv] || {{pkg|openssh}} || 2016-03-10 || <= 7.2p1-1 || 7.2p2-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000577.html ASA-201603-12]<br />
|-<br />
| {{CVE|CVE-2015-8833}} [http://seclists.org/oss-sec/2016/q1/572] || {{pkg|pidgin-otr}} || 2016-03-09 || <= 4.0.1-2 || 4.0.2-1 || 3d || Fixed ({{bug|48537}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000579.html ASA-201603-14]<br />
|-<br />
| {{CVE|CVE-2016-2774}} [https://kb.isc.org/article/AA-01354] || {{pkg|dhcp}} || 2016-03-09 || <= 4.3.3.p1-1 || 4.3.4-1 || 21d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-1531}} [http://www.exim.org/static/doc/CVE-2016-1531.txt] || {{pkg|exim}} || 2016-03-06 || <= 4.86.1-1 || 4.86.2-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000573.html ASA-201603-8]<br />
|-<br />
| {{CVE|CVE-2016-1577}} {{CVE|CVE-2016-2089}} {{CVE|CVE-2016-2116}} || {{pkg|jasper}} || 2016-03-06 || <= 1.900.1-14 || 1.900.1-15 || ~2m || Fixed ({{bug|48511}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000609.html ASA-201605-2]<br />
|-<br />
| {{CVE|CVE-2016-1285}} {{CVE|CVE-2016-1286}} [https://kb.isc.org/article/AA-01352/] [https://kb.isc.org/article/AA-01353/] || {{pkg|bind}} || 2016-03-09 || <= 9.10.3.P3-3 || 9.10.3.P4-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000572.html ASA-201603-7]<br />
|-<br />
| {{CVE|CVE-2016-2851}} [https://otr.cypherpunks.ca/] || {{pkg|libotr}} || 2016-03-09 || <= 4.1.0-1 || 4.1.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000571.html ASA-201603-6]<br />
|-<br />
| {{CVE|CVE-2016-1643}} {{CVE|CVE-2016-1644}} {{CVE|CVE-2016-1645}} || {{pkg|chromium}} || 2016-03-09 || <= 49.0.2623.75-1 || 49.0.2623.87-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000570.html ASA-201603-5]<br />
|-<br />
| {{CVE|CVE-2016-1952}} {{CVE|CVE-2016-1953}} {{CVE|CVE-2016-1954}} {{CVE|CVE-2016-1955}} {{CVE|CVE-2016-1956}} {{CVE|CVE-2016-1957}} {{CVE|CVE-2016-1958}} {{CVE|CVE-2016-1959}} {{CVE|CVE-2016-1960}} {{CVE|CVE-2016-1961}} {{CVE|CVE-2016-1962}} {{CVE|CVE-2016-1963}} {{CVE|CVE-2016-1964}} {{CVE|CVE-2016-1965}} {{CVE|CVE-2016-1966}} {{CVE|CVE-2016-1967}} {{CVE|CVE-2016-1968}} {{CVE|CVE-2016-1970}} {{CVE|CVE-2016-1971}} {{CVE|CVE-2016-1972}} {{CVE|CVE-2016-1973}} {{CVE|CVE-2016-1974}} {{CVE|CVE-2016-1975}} {{CVE|CVE-2016-1976}} {{CVE|CVE-2016-1977}} {{CVE|CVE-2016-2790}} {{CVE|CVE-2016-2791}} {{CVE|CVE-2016-2792}} {{CVE|CVE-2016-2793}} {{CVE|CVE-2016-2794}} {{CVE|CVE-2016-2795}} {{CVE|CVE-2016-2796}} {{CVE|CVE-2016-2797}} {{CVE|CVE-2016-2798}} {{CVE|CVE-2016-2799}} {{CVE|CVE-2016-2800}} {{CVE|CVE-2016-2801}} {{CVE|CVE-2016-2802}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox45] || {{pkg|firefox}} || 2016-03-08 || <= 44.0.2-2 || 45.0-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000569.html ASA-201603-4]<br />
|-<br />
| {{CVE|CVE-2016-2532}} {{CVE|CVE-2016-2531}} {{CVE|CVE-2016-2530}} {{CVE|CVE-2016-2529}} {{CVE|CVE-2016-2528}} {{CVE|CVE-2016-2527}} {{CVE|CVE-2016-2526}} {{CVE|CVE-2016-2525}} {{CVE|CVE-2016-2524}} {{CVE|CVE-2016-2523}} {{CVE|CVE-2016-2522}} {{CVE|CVE-2016-2521}} || {{pkg|wireshark-cli}} {{pkg|wireshark-qt}} {{pkg|wireshark-gtk}} || 2016-03-07 || <= 2.0.1-2 || 2.0.2-1 || 5d || Fixed ({{bug|48536}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000580.html ASA-201603-15] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000581.html ASA-201603-16] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000582.html ASA-201603-17]<br />
|-<br />
| {{CVE|CVE-2016-2381}} [https://www.debian.org/security/2016/dsa-3501] || {{pkg|perl}} || 2016-03-07 || <= 5.22.1-1 || 5.22.1-2 || 3d || Fixed ({{Bug|48482}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000574.html ASA-201603-9]<br />
|-<br />
| {{CVE|CVE-2015-8126}} {{CVE|CVE-2016-1630}} {{CVE|CVE-2016-1631}} {{CVE|CVE-2016-1632}} {{CVE|CVE-2016-1633}} {{CVE|CVE-2016-1634}} {{CVE|CVE-2016-1635}} {{CVE|CVE-2016-1636}} {{CVE|CVE-2016-1637}} {{CVE|CVE-2016-1638}} {{CVE|CVE-2016-1639}} {{CVE|CVE-2016-1640}} {{CVE|CVE-2016-1641}} {{CVE|CVE-2016-1642}} [http://googlechromereleases.blogspot.fr/2016/03/stable-channel-update.html] || {{pkg|chromium}} || 2016-03-02 || <= 48.0.2564.116-1 || 49.0.2623.75-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000566.html ASA-201603-1]<br />
|-<br />
| {{CVE|CVE-2016-0702}} {{CVE|CVE-2016-0705}} {{CVE|CVE-2016-0797}} {{CVE|CVE-2016-0798}} {{CVE|CVE-2016-0799}} {{CVE|CVE-2016-0800}} [https://www.openssl.org/news/secadv/20160301.txt] || {{pkg|openssl}} || 2016-03-01 || <= 1.0.2.f-1 || 1.0.2.g-3 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000567.html ASA-201603-2]<br />
|-<br />
| {{CVE|CVE-2016-0702}} {{CVE|CVE-2016-0705}} {{CVE|CVE-2016-0797}} {{CVE|CVE-2016-0798}} {{CVE|CVE-2016-0799}} {{CVE|CVE-2016-0800}} [https://www.openssl.org/news/secadv/20160301.txt] || {{pkg|lib32-openssl}} || 2016-03-01 || <= 1.0.2.f-1 || 1.0.2.g-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000568.html ASA-201603-3]<br />
|-<br />
| {{CVE|CVE-2015-7511}} [https://lists.gnupg.org/pipermail/gnupg-announce/2016q1/000384.html] || {{pkg|libgcrypt}} || 2016-02-09 || <= 1.6.4-1 || 1.6.5-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000560.html ASA-201602-19]<br />
|-<br />
| {{CVE|CVE-2016-0739}} [https://www.libssh.org/2016/02/23/libssh-0-7-3-security-and-bugfix-release/] || {{pkg|libssh}} || 2016-02-23 || <= 0.7.2-1 || 0.7.3-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000559.html ASA-201602-18]<br />
|-<br />
| {{CVE|CVE-2016-0787}} [https://www.libssh2.org/adv_20160223.html] || {{pkg|libssh2}} || 2016-02-23 || <= 1.6.0-1 || 1.7.0-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000561.html ASA-201602-20]<br />
|-<br />
| {{CVE|CVE-2016-0787}} [https://www.libssh2.org/adv_20160223.html] || {{pkg|lib32-libssh2}} || 2016-02-23 || <= 1.6.0-1 || 1.7.0-1 ||3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000562.html ASA-201602-21]<br />
|-<br />
| {{CVE|CVE-2016-1629}} [http://googlechromereleases.blogspot.fr/2016/02/stable-channel-update_18.html] || {{pkg|chromium}} || 2016-02-18 || <= 48.0.2564.109-1 || 48.0.2564.116-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000558.html ASA-201602-17]<br />
|-<br />
| {{CVE|CVE-2015-7575}} {{CVE|CVE-2016-1523}} {{CVE|CVE-2016-1930}} {{CVE|CVE-2016-1931}} {{CVE|CVE-2016-1935}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird38.6] || {{pkg|thunderbird}} || 2016-02-11 || <= 38.5.1-1 || 38.6.0-1 || 6d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000557.html ASA-201602-16]<br />
|-<br />
| {{CVE|CVE-2015-7547}} {{CVE|CVE-2015-8776}} {{CVE|CVE-2015-8777}} {{CVE|CVE-2015-8778}} {{CVE|CVE-2015-8779}} [https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html] [https://googleonlinesecurity.blogspot.de/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html] || {{pkg|glibc}} || 2016-02-16 || <= 2.22-3 || 2.22-4 || 1d || Fixed ({{Bug|48213}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000555.html ASA-201602-15]<br />
|-<br />
| {{CVE|CVE-2015-7547}} {{CVE|CVE-2015-8776}} {{CVE|CVE-2015-8777}} {{CVE|CVE-2015-8778}} {{CVE|CVE-2015-8779}} [https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html] [https://googleonlinesecurity.blogspot.de/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html] || {{pkg|lib32-glibc}} || 2016-02-16 || <= 2.22-3.1 || 2.22-4 || 1d || Fixed ({{Bug|48213}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000554.html ASA-201602-14]<br />
|-<br />
| {{CVE|CVE-2016-1622}} {{CVE|CVE-2016-1623}} {{CVE|CVE-2016-1624}} {{CVE|CVE-2016-1625}} {{CVE|CVE-2016-1626}} {{CVE|CVE-2016-1627}} [http://googlechromereleases.blogspot.fr/2016/02/stable-channel-update_9.html]|| {{pkg|chromium}} || 2016-02-09 || <= 48.0.2564.103-1 || 48.0.2564.109-1 || 6d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-1949}} [https://www.mozilla.org/en-US/security/advisories/mfsa2016-13/]|| {{pkg|firefox}} || 2016-02-11 || <= 44.0.1-1 || 44.0.2-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000552.html ASA-201602-12]<br />
|-<br />
| {{CVE|CVE-2016-1544}} [https://nghttp2.org/blog/2016/02/11/nghttp2-v1-7-1/]|| {{pkg|nghttp2}} || 2016-02-11 || <= 1.7.0-1 || 1.7.1-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000553.html ASA-201602-13]<br />
|-<br />
| {{CVE|CVE-2014-2312}} [https://www.kde.org/info/security/advisory-20160209-1.txt]|| {{pkg|kscreenlocker}} || 2016-02-10 || <= 5.5.4-1 || 5.5.4-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000550.html ASA-201602-10]<br />
|-<br />
| {{CVE|CVE-2014-9496}} {{CVE|CVE-2014-9756}} {{CVE|CVE-2015-7805}} || {{pkg|libsndfile}} {{pkg|lib32-libsndfile}} || 2016-02-01 || <= 1.0.25-3 || 1.0.26-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000548.html ASA-201602-8] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000549.html ASA-201602-9]<br />
|-<br />
| {{CVE|CVE-2015-8803}} {{CVE|CVE-2015-8804}} {{CVE|CVE-2015-8805}} [https://blog.fuzzing-project.org/38-Miscomputations-of-elliptic-curve-scalar-multiplications-in-Nettle.html] || {{pkg|nettle}} {{pkg|lib32-nettle}} || 2016-02-03 || <= 3.1-1 || 3.2-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000545.html ASA-201602-5] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000546.html ASA-201602-6]<br />
|-<br />
| {{CVE|CVE-2016-2194}} {{CVE|CVE-2016-2195}} {{CVE|CVE-2016-2196}} [http://botan.randombit.net/security.html#id1] || {{pkg|botan}} || 2016-02-01 || <= 1.11.25-2 || 1.11.28-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000551.html ASA-201602-11]<br />
|-<br />
| {{CVE|CVE-2014-9761}} [http://seclists.org/oss-sec/2016/q1/153] || {{pkg|lib32-glibc}} || 2016-02-01 || <= 2.22-4 || 2.23-1 || 27d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000564.html ASA-201602-23]<br />
|-<br />
| {{CVE|CVE-2014-9761}} [http://seclists.org/oss-sec/2016/q1/153] || {{pkg|glibc}} || 2016-02-01 || <= 2.22-4 || 2.23-1 || 27d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000563.html ASA-201602-22]<br />
|-<br />
| {{CVE|CVE-2016-2048}} [https://www.djangoproject.com/weblog/2016/feb/01/releases-192-and-189/] || {{pkg|python-django}} {{pkg|python2-django}} || 2016-02-01 || <= 1.9.1-1 || 1.9.2-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000540.html ASA-201602-1] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000542.html ASA-201602-2]<br />
|-<br />
| {{CVE|CVE-2016-2090}} [http://article.gmane.org/gmane.comp.security.oss.general/18715] [http://cgit.freedesktop.org/libbsd/commit/?id=c8f0723d2b4520bdd6b9eb7c3e7976de726d7ff7] [https://bugs.freedesktop.org/show_bug.cgi?id=93881] [https://blog.fuzzing-project.org/36-Heap-buffer-overflow-in-fgetwln-function-of-libbsd.html] || {{pkg|libbsd}} || 2016-01-27 || <= 0.8.1-1 || 0.8.2-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000547.html ASA-201602-7]<br />
|-<br />
| {{CVE|CVE-2015-3197}} {{CVE|CVE-2015-4000}} {{CVE|CVE-2016-0701}} [https://openssl.org/news/secadv/20160128.txt] || {{pkg|openssl}} {{pkg|lib32-openssl}} || 2016-01-28 || <= 1.0.2.e-1 || 1.0.2.f-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000538.html ASA-201601-32] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000539.html ASA-201601-33]<br />
|-<br />
| {{CVE|CVE-2016-0755}} [http://curl.haxx.se/docs/adv_20160127A.html] || {{pkg|curl}} {{pkg|lib32-curl}} || 2016-01-27 || <= 7.46.0-1 || 7.47.0-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000543.html ASA-201602-3] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000544.html ASA-201602-4]<br />
|-<br />
| {{CVE|CVE-2016-0742}} {{CVE|CVE-2016-0746}} {{CVE|CVE-2016-0747}} [http://mailman.nginx.org/pipermail/nginx-announce/2016/000168.html] || {{pkg|nginx}} || 2016-01-26 || <= 1.8.0-2 || 1.8.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000536.html ASA-201601-31]<br />
|-<br />
| {{CVE|CVE-2016-1982}} {{CVE|CVE-2016-1983}} [http://seclists.org/oss-sec/2016/q1/179] || {{pkg|privoxy}} || 2016-01-21 || <= 3.0.23-1 || 3.0.24-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000532.html ASA-201601-27]<br />
|-<br />
| {{CVE|CVE-2016-1572}} [https://bugs.launchpad.net/ecryptfs/+bug/1530566] || {{pkg|ecryptfs-utils}} || 2016-01-21 || <= 108-1 || 108-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000530.html ASA-201601-25]<br />
|-<br />
| {{CVE|CVE-2016-1612}} {{CVE|CVE-2016-1613}} {{CVE|CVE-2016-1614}} {{CVE|CVE-2016-1615}} {{CVE|CVE-2016-1616}} {{CVE|CVE-2016-1617}} {{CVE|CVE-2016-1618}} {{CVE|CVE-2016-1619}} {{CVE|CVE-2016-1620}} [http://googlechromereleases.blogspot.fr/2016/01/stable-channel-update_20.html] || {{pkg|chromium}} || 2016-01-20 || <= 47.0.2526.111-1 || 48.0.2564.82-1 || 1d|| Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000533.html ASA-201601-28]<br />
|-<br />
| {{CVE|CVE-2015-8704}} {{CVE|CVE-2015-8705}} [https://kb.isc.org/article/AA-01335] [https://kb.isc.org/article/AA-01336] || {{pkg|bind}} || 2016-01-19 || <= 9.10.3.P2-1 || 9.10.3.P3-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000526.html ASA-201601-21]<br />
|-<br />
| {{CVE|CVE-2016-0728}} [http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/] || {{pkg|linux-lts}} || 2016-01-19 || <= 4.1.15-1 || 4.1.16-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000531.html ASA-201601-26]<br />
|-<br />
| {{CVE|CVE-2016-0728}} [http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/] || {{pkg|linux}} || 2016-01-19 || <= 4.3.3-2 || 4.3.3-3 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000525.html ASA-201601-20]<br />
|-<br />
| {{CVE|CVE-2015-5300}} [http://support.ntp.org/bin/view/Main/NtpBug2956] || {{pkg|ntp}} || 2016-01-07 || <= 4.2.8.p4-1 || 4.2.8.p5-1 || 10d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000524.html ASA-201601-19]<br />
|-<br />
| {{CVE|CVE-2015-8618}} [https://groups.google.com/forum/#!topic/golang-dev/MEATuOi_ei4] || {{pkg|syncthing}} || 2016-01-13 || <= 0.12.14-1 || 0.12.14-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000521.html ASA-201601-16]<br />
|-<br />
| {{CVE|CVE-2015-8618}} [https://groups.google.com/forum/#!topic/golang-dev/MEATuOi_ei4] || {{pkg|keybase}} || 2016-01-13 || <= 1.0.8.0-1 || 1.0.8.0-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000520.html ASA-201601-15]<br />
|-<br />
| {{CVE|CVE-2015-8618}} [https://groups.google.com/forum/#!topic/golang-dev/MEATuOi_ei4] || {{pkg|hub}} || 2016-01-13 || <= 2.2.2-1 || 2.2.2-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000519.html ASA-201601-14]<br />
|-<br />
| {{CVE|CVE-2015-8618}} [https://groups.google.com/forum/#!topic/golang-dev/MEATuOi_ei4] || {{pkg|go-ipfs}} || 2016-01-13 || <= 0.3.11-1 || 0.3.11-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000518.html ASA-201601-13]<br />
|-<br />
| {{CVE|CVE-2015-8618}} [https://groups.google.com/forum/#!topic/golang-dev/MEATuOi_ei4] || {{pkg|docker}} || 2016-01-13 || <= 1:1.9.1-1 || 1:1.9.1-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000517.html ASA-201601-12]<br />
|-<br />
| {{CVE|CVE-2015-8770}} [http://seclists.org/bugtraq/2016/Jan/60] || {{pkg|roundcubemail}} || 2015-12-26 || <= 1.2beta-1 || 1.2beta-2 || 20d || Fixed ({{bug|47764}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000523.html ASA-201601-18]<br />
|-<br />
| {{CVE|CVE-2016-1903}} {{CVE|CVE-2016-1904}} [http://seclists.org/oss-sec/2016/q1/100] || {{pkg|php}} || 2016-01-14 || <= 7.0.1-1 || 7.0.2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000515.html ASA-201601-10]<br />
|-<br />
| {{CVE|CVE-2016-0777}} {{CVE|CVE-2016-0778}} [http://www.openssh.com/txt/release-7.1p2] || {{pkg|openssh}} || 2016-01-14 || <= 7.1p1-1 || 7.1p2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000512.html ASA-201601-9]<br />
|-<br />
| {{CVE|CVE-2016-2213}} [http://www.openwall.com/lists/oss-security/2016/02/03/2] || {{pkg|ffmpeg}} || 2016-02-03 || <= 2.8.4-1 || 2.8.5-1 || 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-1897}} {{CVE|CVE-2016-1898}} [http://seclists.org/oss-sec/2016/q1/85] || {{pkg|ffmpeg}} || 2016-01-13 || <= 1:2.8.4-2 || 1:2.8.4-3 || <1d || Fixed ({{Bug|47738}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000522.html ASA-201601-17]<br />
|-<br />
| {{CVE|CVE-2016-1897}} {{CVE|CVE-2016-1898}} [http://seclists.org/oss-sec/2016/q1/85] || {{pkg|mplayer}} || 2016-01-13 || <= 37379-6 || 37379-7 || 17d || Fixed ({{Bug|47944}}) || None<br />
|-<br />
| {{CVE|CVE-2015-8618}} [https://groups.google.com/forum/#!topic/golang-dev/MEATuOi_ei4] || {{pkg|go}} || 2016-01-13 || <= 2:1.5.2-1 || 2:1.5.3-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000516.html ASA-201601-11]<br />
|-<br />
|{{CVE|CVE-2015-8742}} {{CVE|CVE-2015-8741}} {{CVE|CVE-2015-8740}} {{CVE|CVE-2015-8738}} {{CVE|CVE-2015-8739}} {{CVE|CVE-2015-8737}} {{CVE|CVE-2015-8736}} {{CVE|CVE-2015-8735}} {{CVE|CVE-2015-8734}} {{CVE|CVE-2015-8733}} {{CVE|CVE-2015-8732}} {{CVE|CVE-2015-8730}} {{CVE|CVE-2015-8731}} {{CVE|CVE-2015-8729}} {{CVE|CVE-2015-8728}} {{CVE|CVE-2015-8727}} {{CVE|CVE-2015-8726}} {{CVE|CVE-2015-8725}} {{CVE|CVE-2015-8724}} {{CVE|CVE-2015-8723}} {{CVE|CVE-2015-8722}} {{CVE|CVE-2015-8721}} {{CVE|CVE-2015-8720}} {{CVE|CVE-2015-8718}} {{CVE|CVE-2015-8711}} || {{Pkg|wireshark-cli}} {{Pkg|wireshark-gtk}} {{Pkg|wireshark-qt}} || 2016-01-04 || <= 2.0.0 || 2.0.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000483.html ASA-201601-4] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000484.html ASA-201601-5] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000485.html ASA-201601-6]<br />
|-<br />
| {{CVE|CVE-2016-1564}} [http://article.gmane.org/gmane.comp.security.oss.general/18527] || {{Pkg|wordpress}} || 2016-01-08 || <= 4.4-1 || 4.4.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000481.html ASA-201601-2]<br />
|-<br />
| {{CVE|CVE-2015-8751}} [https://bugzilla.redhat.com/show_bug.cgi?id=1294039] [http://article.gmane.org/gmane.comp.security.oss.general/18523] || {{Pkg|jasper}} || 2016-01-07 || 1.900.1-15 || || || '''Vulnerable''' || <br />
|-<br />
| {{CVE|CVE-2015-8750}} [https://bugzilla.redhat.com/show_bug.cgi?id=1294264] [https://github.com/tomhughes/libdwarf/commit/11750a2838e52953013e3114ef27b3c7b1780697] || {{Pkg|libdwarf}} || 2016-01-07 || 20150507-1 || 20160115-1 || 13d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000527.html ASA-201601-22]<br />
|-<br />
| {{CVE|CVE-2016-1503}} {{CVE|CVE-2016-1504}} [http://article.gmane.org/gmane.comp.security.oss.general/18516] || {{Pkg|dhcpcd}} || 2016-01-07 || <= 6.9.4-1 || 6.10.0-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000486.html ASA-201601-7]<br />
|-<br />
| {{CVE|CVE-2015-7575}} [http://www.mitls.org/pages/attacks/SLOTH] [https://tls.mbed.org/tech-updates/releases/mbedtls-2.2.1-2.1.4-1.3.16-and-polarssl.1.2.19-released] || {{pkg|mbedtls}} || 2016-01-04 || 2.2.0-1 || 2.2.1-1 || 21d || Fixed ({{bug|47783}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000534.html ASA-201601-29]<br />
|-<br />
| {{CVE|CVE-2015-8688}} [http://gultsch.de/gajim_roster_push_and_message_interception.html] || {{pkg|gajim}} || 2015-12-20 || <= 0.16.4-1 || 0.16.5-1 || 20d || Fixed ({{bug|47647}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000482.html ASA-201601-3]<br />
|-<br />
| {{CVE|CVE-2016-1494}} [https://bitbucket.org/sybren/python-rsa/pull-requests/14/security-fix-bb06-attack-in-verify-by/diff] [https://blog.filippo.io/bleichenbacher-06-signature-forgery-in-python-rsa/] || {{pkg|python-rsa}} {{pkg|python2-rsa}} || 2016-01-05 || <= 3.2.3-1 || 3.3-1 || 13d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000528.html ASA-201601-23] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000529.html ASA-201601-24]<br />
|-<br />
| {{CVE|CVE-2016-1283}} [https://bugs.exim.org/show_bug.cgi?id=1767] [http://article.gmane.org/gmane.comp.security.oss.general/18481] || {{pkg|pcre}} || 2016-01-02 || <= 8.38-2 || 8.38-3 || 71d|| Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000583.html ASA-201603-18]<br />
|-<br />
|[http://article.gmane.org/gmane.comp.security.oss.general/18466] || {{Pkg|rtmpdump}} || 2015-12-23 || <= 20140918-2 || 1:2.4.r96.fa8646d-1 || 7d || Fixed ({{bug|47564}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000480.html ASA-201601-1]<br />
|-<br />
| {{CVE|CVE-2015-8472}} [http://seclists.org/oss-sec/2015/q4/439] || {{pkg|libpng}} || 2015-12-03 || <= 1.6.19-1 || 1.6.20-1 || 25d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000477.html ASA-201512-18]<br />
|-<br />
| {{CVE|CVE-2015-8459}} {{CVE|CVE-2015-8460}} {{CVE|CVE-2015-8634}} {{CVE|CVE-2015-8635}} {{CVE|CVE-2015-8636}} {{CVE|CVE-2015-8638}} {{CVE|CVE-2015-8639}} {{CVE|CVE-2015-8640}} {{CVE|CVE-2015-8641}} {{CVE|CVE-2015-8642}} {{CVE|CVE-2015-8643}} {{CVE|CVE-2015-8644}} {{CVE|CVE-2015-8645}} {{CVE|CVE-2015-8646}} {{CVE|CVE-2015-8647}} {{CVE|CVE-2015-8648}} {{CVE|CVE-2015-8649}} {{CVE|CVE-2015-8650}} {{CVE|CVE-2015-8651}} [https://helpx.adobe.com/security/products/flash-player/apsb16-01.html] || {{pkg|flashplugin}} {{pkg|lib32-flashplugin}} || 2015-12-28 || <= 11.2.202.554-1 || 11.2.202.559-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000477.html ASA-201512-17]<br />
|-<br />
| {{CVE|CVE-2015-7554}} {{CVE|CVE-2015-8683}} [http://seclists.org/oss-sec/2015/q4/584] [http://seclists.org/oss-sec/2015/q4/590] || {{pkg|libtiff}} || 2015-12-25 || <= 4.0.6-2 || || || '''Vulnerable''' || <br />
|-<br />
| {{CVE|CVE-2015-7201}} {{CVE|CVE-2015-7205}} {{CVE|CVE-2015-7212}} {{CVE|CVE-2015-7213}} {{CVE|CVE-2015-7214}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird38.5] || {{pkg|thunderbird}} || 2015-12-23 || <= 38.4.0-2 || 38.5.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000474.html ASA-201512-14]<br />
|-<br />
| {{CVE|CVE-2015-8612}} [http://seclists.org/oss-sec/2015/q4/541] || {{pkg|blueman}} || 2015-12-18 || <= 2.0.2-1 || 2.0.3-1 || 38d || Fixed ({{bug|47784}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000535.html ASA-201601-30]<br />
|-<br />
| {{CVE|CVE-2015-8659}} [http://seclists.org/oss-sec/2015/q4/576] || {{pkg|nghttp2}} || 2015-12-23 || <= 1.5.0-2 || 1.6.0-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000476.html ASA-201512-16]<br />
|-<br />
| {{CVE|CVE-2015-7555}} [http://seclists.org/oss-sec/2015/q4/548] || {{pkg|giflib}} || 2015-12-21 || <= 5.1.1-1 || 5.1.2-1 || 43d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-7557}} {{CVE|CVE-2015-7558}} [http://seclists.org/oss-sec/2015/q4/549] || {{pkg|librsvg}} || 2015-12-21 || <= 2:2.40.11-1 || 2:2.40.13-1 || 45d || Fixed ({{bug|47785}}) || None<br />
|-<br />
| {{CVE|CVE-2015-8622}} {{CVE|CVE-2015-8623}} {{CVE|CVE-2015-8624}} {{CVE|CVE-2015-8625}} {{CVE|CVE-2015-8626}} {{CVE|CVE-2015-8627}} {{CVE|CVE-2015-8628}} [http://seclists.org/oss-sec/2015/q4/552] || {{pkg|mediawiki}} || 2015-12-17 || <= 1.26.0-1 || 1.26.2-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000475.html ASA-201512-15]<br />
|-<br />
| {{CVE|CVE-2015-8614}} [http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3557] || {{pkg|claws-mail}} || 2015-12-21 || <= 3.13.0-1 || 3.13.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000473.html ASA-201512-13]<br />
|-<br />
| {{CVE|CVE-2015-8369}} {{CVE|CVE-2015-8604}} {{CVE|CVE-2015-8377}} {{CVE|CVE-2016-2313}} [http://www.openwall.com/lists/oss-security/2016/02/09/3] [https://bugs.mageia.org/show_bug.cgi?id=17352] [http://www.openwall.com/lists/oss-security/2016/01/04/8] || {{pkg|cacti}} || 2015-12-17 || <= 0.8.8_f-3 || 0.8.8_g-2 || 72d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000565.html ASA-201602-24]<br />
|-<br />
| [https://blog.fuzzing-project.org/32-Out-of-bounds-read-in-OpenVPN.html] || {{pkg|openvpn}} || 2015-12-18 || <= 2.3.8-2 || 2.3.9-1 || 9d || Fixed ({{bug|47498}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000479.html ASA-201512-19]<br />
|-<br />
| {{CVE|CVE-2015-8549}} [http://www.ocert.org/advisories/ocert-2015-011.html] || {{pkg|python2-pyamf}} || 2015-12-17 || <= 0.7.2-1 || 0.8.0-2 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000472.html ASA-201512-12]<br />
|-<br />
| {{CVE|CVE-2015-7551}} [https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/] || {{pkg|ruby}} || 2015-12-16 || <= 2.2.3-1 || 2.2.4-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000471.html ASA-201512-11]<br />
|-<br />
| {{CVE|CVE-2015-7201}} {{CVE|CVE-2015-7202}} {{CVE|CVE-2015-7203}} {{CVE|CVE-2015-7204}} {{CVE|CVE-2015-7205}} {{CVE|CVE-2015-7207}} {{CVE|CVE-2015-7208}} {{CVE|CVE-2015-7210}} {{CVE|CVE-2015-7211}} {{CVE|CVE-2015-7212}} {{CVE|CVE-2015-7213}} {{CVE|CVE-2015-7214}} {{CVE|CVE-2015-7215}} {{CVE|CVE-2015-7216}} {{CVE|CVE-2015-7217}} {{CVE|CVE-2015-7218}} {{CVE|CVE-2015-7219}} {{CVE|CVE-2015-7220}} {{CVE|CVE-2015-7221}} {{CVE|CVE-2015-7222}} {{CVE|CVE-2015-7223}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox43] || {{pkg|firefox}} || 2015-12-15 || <= 42.0-3 || 43.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000467.html ASA-201512-9]<br />
|-<br />
| {{CVE|CVE-2015-8000}} [https://kb.isc.org/article/AA-01317] || {{pkg|bind}} || 2015-12-15 || <= 9.10.3-2 || 9.10.3.P2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000468.html ASA-201512-10]<br />
|-<br />
| {{CVE|CVE-2015-8370}} [http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html#fix] || {{pkg|grub}} || 2015-12-15 || <= 1:2.02.beta2-5 || 1:2.02.beta2-6 || 3d || Fixed ({{bug|47386}}) || None<br />
|-<br />
| {{CVE|CVE-2015-8378}} [https://www.keepassx.org/news/2015/12/551] || {{pkg|keepassx}} || 2015-12-08 || <= 0.4.3-7 || 0.4.4-1 || <2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000466.html ASA-201512-8]<br />
|-<br />
| {{CVE|CVE-2015-8045}} {{CVE|CVE-2015-8047}} {{CVE|CVE-2015-8048}} {{CVE|CVE-2015-8049}} {{CVE|CVE-2015-8050}} {{CVE|CVE-2015-8055}} {{CVE|CVE-2015-8056}} {{CVE|CVE-2015-8057}} {{CVE|CVE-2015-8058}} {{CVE|CVE-2015-8059}} {{CVE|CVE-2015-8060}} {{CVE|CVE-2015-8061}} {{CVE|CVE-2015-8062}} {{CVE|CVE-2015-8063}} {{CVE|CVE-2015-8064}} {{CVE|CVE-2015-8065}} {{CVE|CVE-2015-8066}} {{CVE|CVE-2015-8067}} {{CVE|CVE-2015-8068}} {{CVE|CVE-2015-8069}} {{CVE|CVE-2015-8070}} {{CVE|CVE-2015-8071}} {{CVE|CVE-2015-8401}} {{CVE|CVE-2015-8402}} {{CVE|CVE-2015-8403}} {{CVE|CVE-2015-8404}} {{CVE|CVE-2015-8405}} {{CVE|CVE-2015-8406}} {{CVE|CVE-2015-8407}} {{CVE|CVE-2015-8408}} {{CVE|CVE-2015-8409}} {{CVE|CVE-2015-8410}} {{CVE|CVE-2015-8411}} {{CVE|CVE-2015-8412}} {{CVE|CVE-2015-8413}} {{CVE|CVE-2015-8414}} {{CVE|CVE-2015-8415}} {{CVE|CVE-2015-8416}} {{CVE|CVE-2015-8417}} {{CVE|CVE-2015-8418}} {{CVE|CVE-2015-8419}} {{CVE|CVE-2015-8420}} {{CVE|CVE-2015-8421}} {{CVE|CVE-2015-8422}} {{CVE|CVE-2015-8423}} {{CVE|CVE-2015-8424}} {{CVE|CVE-2015-8425}} {{CVE|CVE-2015-8426}} {{CVE|CVE-2015-8427}} {{CVE|CVE-2015-8428}} {{CVE|CVE-2015-8429}} {{CVE|CVE-2015-8430}} {{CVE|CVE-2015-8431}} {{CVE|CVE-2015-8432}} {{CVE|CVE-2015-8433}} {{CVE|CVE-2015-8434}} {{CVE|CVE-2015-8435}} {{CVE|CVE-2015-8436}} {{CVE|CVE-2015-8437}} {{CVE|CVE-2015-8438}} {{CVE|CVE-2015-8439}} {{CVE|CVE-2015-8440}} {{CVE|CVE-2015-8441}} {{CVE|CVE-2015-8442}} {{CVE|CVE-2015-8443}} {{CVE|CVE-2015-8444}} {{CVE|CVE-2015-8445}} {{CVE|CVE-2015-8446}} {{CVE|CVE-2015-8447}} {{CVE|CVE-2015-8448}} {{CVE|CVE-2015-8449}} {{CVE|CVE-2015-8450}} {{CVE|CVE-2015-8451}} {{CVE|CVE-2015-8452}} {{CVE|CVE-2015-8453}} {{CVE|CVE-2015-8454}} {{CVE|CVE-2015-8455}} [https://helpx.adobe.com/security/products/flash-player/apsb15-32.html] || {{pkg|flashplugin}} || 2015-12-08 || <= 11.2.202.548-1 || 11.2.202.554-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000465.html ASA-201512-7]<br />
|-<br />
| {{CVE|CVE-2015-6788}} {{CVE|CVE-2015-6789}} {{CVE|CVE-2015-6790}} {{CVE|CVE-2015-6791}} [http://googlechromereleases.blogspot.fr/2015/12/stable-channel-update_8.html] || {{pkg|chromium}} || 2015-12-08 || <= 47.0.2526.73-1 || 47.0.2526.80-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000463.html ASA-201512-5]<br />
|-<br />
| {{CVE|CVE-2015-3193}} {{CVE|CVE-2015-3194}} {{CVE|CVE-2015-3195}} {{CVE|CVE-2015-3196}} {{CVE|CVE-2015-1794}} [https://www.openssl.org/news/secadv/20151203.txt] || {{pkg|openssl}} {{pkg|lib32-openssl}} || 2015-12-03 || <= 1.0.2.d-1 || 1.0.2.e-1 || <3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000459.html ASA-201512-2]<br />
|-<br />
| {{CVE|CVE-2015-6764}} {{CVE|CVE-2015-6765}} {{CVE|CVE-2015-6766}} {{CVE|CVE-2015-6767}} {{CVE|CVE-2015-6768}} {{CVE|CVE-2015-6769}} {{CVE|CVE-2015-6770}} {{CVE|CVE-2015-6771}} {{CVE|CVE-2015-6772}} {{CVE|CVE-2015-6773}} {{CVE|CVE-2015-6774}} {{CVE|CVE-2015-6775}} {{CVE|CVE-2015-6776}} {{CVE|CVE-2015-6777}} {{CVE|CVE-2015-6778}} {{CVE|CVE-2015-6779}} {{CVE|CVE-2015-6780}} {{CVE|CVE-2015-6781}} {{CVE|CVE-2015-6782}} {{CVE|CVE-2015-6783}} {{CVE|CVE-2015-6784}} {{CVE|CVE-2015-6785}} {{CVE|CVE-2015-6786}} {{CVE|CVE-2015-6787}} [http://googlechromereleases.blogspot.fr/2015/12/stable-channel-update.html] || {{pkg|chromium}} || 2015-12-01 || <= 46.0.2490.86-1 || 47.0.2526.73-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000440.html ASA-201512-1]<br />
|-<br />
| {{CVE|CVE-2015-6764}} {{CVE|CVE-2015-8027}} [https://nodejs.org/en/blog/vulnerability/cve-2015-8027_cve-2015-6764/] || {{pkg|nodejs}} || 2015-11-25 || <= 5.1.0-1 || 5.1.1-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000462.html ASA-201512-4]<br />
|-<br />
| {{CVE|CVE-2015-8213}} [https://www.djangoproject.com/weblog/2015/nov/24/security-releases-issued/ templink] || {{pkg|python-django}} {{pkg|python2-django}} || 2015-11-24 || <= 1.8.6-1 || 1.8.7-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000460.html ASA-201512-3]<br />
|-<br />
| {{CVE|CVE-2015-1819}} {{CVE|CVE-2015-5312}} {{CVE|CVE-2015-7941}} {{CVE|CVE-2015-7942}} {{CVE|CVE-2015-7497}} {{CVE|CVE-2015-7498}} {{CVE|CVE-2015-7499}} {{CVE|CVE-2015-7500}} {{CVE|CVE-2015-8035}} {{CVE|CVE-2015-8242}} [https://mail.gnome.org/archives/xml/2015-November/msg00012.html templink] || {{pkg|libxml2}} || 2015-11-20 || <= 2.9.2-2 || 2.9.3-1 || 19d || Fixed ({{bug|47095}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000464.html ASA-201512-6]<br />
|-<br />
| {{CVE|CVE-2015-7981}} {{CVE|CVE-2015-8126}} [http://seclists.org/oss-sec/2015/q4/264 templink] [http://seclists.org/oss-sec/2015/q4/161 templink] || {{pkg|libpng}} {{pkg|lib32-libpng}} || 2015-11-12 || <= 1.6.18-1 || 1.6.19-1 || 5d || Fixed ({{bug|47069}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000437.html ASA-201511-9] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000438.html ASA-201511-10]<br />
|-<br />
| {{CVE|CVE-2015-5309}} [http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-ech-overflow.html templink] || {{pkg|putty}} || 2015-11-12 || <= 0.65-1 || 0.66-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000435.html ASA-201511-7]<br />
|-<br />
| {{CVE|CVE-2015-7651}} {{CVE|CVE-2015-7652}} {{CVE|CVE-2015-7653}} {{CVE|CVE-2015-7654}} {{CVE|CVE-2015-7655}} {{CVE|CVE-2015-7656}} {{CVE|CVE-2015-7657}} {{CVE|CVE-2015-7658}} {{CVE|CVE-2015-7659}} {{CVE|CVE-2015-7660}} {{CVE|CVE-2015-7661}} {{CVE|CVE-2015-7662}} {{CVE|CVE-2015-7663}} {{CVE|CVE-2015-8042}} {{CVE|CVE-2015-8043}} {{CVE|CVE-2015-8044}} {{CVE|CVE-2015-8046}} [https://helpx.adobe.com/security/products/flash-player/apsb15-28.html templink] || {{pkg|flashplugin}} || 2015-11-10 || <= 11.2.202.540-1 || 11.2.202.548-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000433.html ASA-201511-5]<br />
|-<br />
| {{CVE|CVE-2015-1302}} [http://googlechromereleases.blogspot.fr/2015/11/stable-channel-update.html templink] || {{pkg|chromium}} || 2015-11-10 || <= 46.0.2490.80-2 || 46.0.2490.86-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000436.html ASA-201511-8]<br />
|-<br />
| {{CVE|CVE-2015-5311}} [https://doc.powerdns.com/md/security/powerdns-advisory-2015-03/ templink] || {{pkg|powerdns}} || 2015-11-09 || <= 3.4.6-2 || 3.4.7-1 || 3d || Fixed ({{bug|47014}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000434.html ASA-201511-6]<br />
|-<br />
| {{CVE|CVE-2015-4513}} {{CVE|CVE-2015-4514}} {{CVE|CVE-2015-4515}} {{CVE|CVE-2015-4518}} {{CVE|CVE-2015-7181}} {{CVE|CVE-2015-7182}} {{CVE|CVE-2015-7183}} {{CVE|CVE-2015-7187}} {{CVE|CVE-2015-7188}} {{CVE|CVE-2015-7189}} {{CVE|CVE-2015-7193}} {{CVE|CVE-2015-7194}} {{CVE|CVE-2015-7195}} {{CVE|CVE-2015-7196}} {{CVE|CVE-2015-7197}} {{CVE|CVE-2015-7198}} {{CVE|CVE-2015-7199}} {{CVE|CVE-2015-7200}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2015-11-03 || <= 41.0.2-2 || 42.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000430.html ASA-201511-2]<br />
|-<br />
| {{CVE|CVE-2015-7183}} [http://www.mail-archive.com/dev-tech-crypto@lists.mozilla.org/msg12386.html templink] || {{pkg|nspr}} || 2015-11-03 || <= 4.10.9-1 || 4.10.10-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000432.html ASA-201511-4]<br />
|-<br />
| {{CVE|CVE-2015-7181}} {{CVE|CVE-2015-7182}} [http://www.mail-archive.com/dev-tech-crypto@lists.mozilla.org/msg12386.html templink] || {{pkg|nss}} || 2015-11-03 || <= 3.20-1 || 3.20.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000431.html ASA-201511-3]<br />
|-<br />
| {{CVE|CVE-2015-7696}} {{CVE|CVE-2015-7697}} [http://seclists.org/oss-sec/2015/q3/512 templink] || {{pkg|unzip}} || 2015-10-30 || <= 6.0-10 || 6.0-11 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000429.html ASA-201511-1]<br />
|-<br />
| {{CVE|CVE-2015-8011}} {{CVE|CVE-2015-8012}} [http://seclists.org/oss-sec/2015/q4/198 templink] || {{pkg|lldpd}} || 2015-10-17 || <= 0.7.18-1 || 0.7.19-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000427.html ASA-201510-25]<br />
|-<br />
| {{CVE|CVE-2015-5714}} {{CVE|CVE-2015-5715}} {{CVE|CVE-2015-7989}} [https://codex.wordpress.org/Version_4.3.1 templink] || {{pkg|wordpress}} || 2015-10-18 || <= 4.3.0-1 || 4.3.1-1 || 11d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000426.html ASA-201510-24]<br />
|-<br />
| {{CVE|CVE-2015-7873}} [https://www.phpmyadmin.net/security/PMASA-2015-5/ templink] || {{pkg|phpmyadmin}} || 2015-10-23 || <= 4.5.0-1 || 4.5.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000425.html ASA-201510-23]<br />
|-<br />
| {{CVE|CVE-2015-7995}} [https://bugzilla.redhat.com/show_bug.cgi?id=1257962 templink] || {{pkg|libxslt}} || 2015-10-27 || <= 1.1.28-3 || 1.1.28-4 || 73d || Fixed ({{bug|47681}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000487.html ASA-201601-8]<br />
|-<br />
| {{CVE|CVE-2015-7943}} [https://www.drupal.org/SA-CORE-2015-004 templink] || {{pkg|drupal}} || 2015-10-21 || <= 7.40-1 || 7.41-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000423.html ASA-201510-21]<br />
|-<br />
| {{CVE|CVE-2015-4913}} {{CVE|CVE-2015-4870}} {{CVE|CVE-2015-4861}} {{CVE|CVE-2015-4858}} {{CVE|CVE-2015-4836}} {{CVE|CVE-2015-4830}} {{CVE|CVE-2015-4826}} {{CVE|CVE-2015-4815}} {{CVE|CVE-2015-4802}} {{CVE|CVE-2015-4792}} || {{pkg|mariadb}} || 2015-10-22 || <= 10.0.21-3 || 10.0.22-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000428.html ASA-201510-26] <br />
|-<br />
| {{CVE|CVE-2015-4734}} {{CVE|CVE-2015-4803}} {{CVE|CVE-2015-4805}} {{CVE|CVE-2015-4806}} {{CVE|CVE-2015-4810}} {{CVE|CVE-2015-4835}} {{CVE|CVE-2015-4840}} {{CVE|CVE-2015-4842}} {{CVE|CVE-2015-4843}} {{CVE|CVE-2015-4844}} {{CVE|CVE-2015-4860}} {{CVE|CVE-2015-4868}} {{CVE|CVE-2015-4872}} {{CVE|CVE-2015-4881}} {{CVE|CVE-2015-4882}} {{CVE|CVE-2015-4883}} {{CVE|CVE-2015-4893}} {{CVE|CVE-2015-4901}} {{CVE|CVE-2015-4902}} {{CVE|CVE-2015-4903}} {{CVE|CVE-2015-4906}} {{CVE|CVE-2015-4908}} {{CVE|CVE-2015-4911}} {{CVE|CVE-2015-4916}} || {{pkg|jdk8-openjdk}} {{pkg|jre8-openjdk}} {{pkg|jre8-openjdk-headless}} || 2015-09-22 || <= 8.u60-1 || 8.u65-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000420.html ASA-201510-18] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000421.html ASA-201510-19] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000422.html ASA-201510-20]<br />
|-<br />
| {{CVE|CVE-2015-4734}} {{CVE|CVE-2015-4803}} {{CVE|CVE-2015-4805}} {{CVE|CVE-2015-4806}} {{CVE|CVE-2015-4810}} {{CVE|CVE-2015-4835}} {{CVE|CVE-2015-4840}} {{CVE|CVE-2015-4842}} {{CVE|CVE-2015-4843}} {{CVE|CVE-2015-4844}} {{CVE|CVE-2015-4860}} {{CVE|CVE-2015-4871}} {{CVE|CVE-2015-4872}} {{CVE|CVE-2015-4881}} {{CVE|CVE-2015-4882}} {{CVE|CVE-2015-4883}} {{CVE|CVE-2015-4893}} {{CVE|CVE-2015-4902}} {{CVE|CVE-2015-4903}} {{CVE|CVE-2015-4911}} || {{pkg|jdk7-openjdk}} {{pkg|jre7-openjdk}} {{pkg|jre7-openjdk-headless}} || 2015-09-22 || <= 7.u85_2.6.1-2 || 7.u91_2.6.2-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000417.html ASA-201510-15] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000418.html ASA-201510-16] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000419.html ASA-201510-17]<br />
|-<br />
| {{CVE|CVE-2015-7691}} {{CVE|CVE-2015-7692}} {{CVE|CVE-2015-7701}} {{CVE|CVE-2015-7702}} {{CVE|CVE-2015-7703}} {{CVE|CVE-2015-7704}} {{CVE|CVE-2015-7705}} {{CVE|CVE-2015-7848}} {{CVE|CVE-2015-7849}} {{CVE|CVE-2015-7850}} {{CVE|CVE-2015-7851}} {{CVE|CVE-2015-7852}} {{CVE|CVE-2015-7853}} {{CVE|CVE-2015-7854}} {{CVE|CVE-2015-7855}} {{CVE|CVE-2015-7871}} [http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities templink] [http://blog.talosintel.com/2015/10/ntpd-vulnerabilities.html templink] || {{pkg|ntp}} || 2015-10-21 || <= 4.2.8.p3-1 || 4.2.8.p4-1 || 1d || Fixed ({{bug|46826}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000416.html ASA-201510-14]<br />
|-<br />
| {{CVE|CVE-2015-6031}} [http://talosintel.com/reports/TALOS-2015-0035/ templink] || {{pkg|miniupnpc}} || 2015-09-15 || <= 1.9.20150730-1 || 1.9.20151008-1 || 30d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000413.html ASA-201510-11]<br />
|-<br />
| {{CVE|CVE-2015-7645}} {{CVE|CVE-2015-7647}} {{CVE|CVE-2015-7648}} [https://helpx.adobe.com/security/products/flash-player/apsa15-05.html templink] [https://helpx.adobe.com/security/products/flash-player/apsb15-27.html templink] || {{pkg|flashplugin}} || 2015-10-14 || <= 11.2.202.535-1 || 11.2.202.540-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000414.html ASA-201510-12]<br />
|-<br />
| {{CVE|CVE-2015-7184}} [https://www.mozilla.org/en-US/security/advisories/mfsa2015-115/ templink] || {{pkg|firefox}} || 2015-10-15 || <= 41.0.1-1 || 41.0.2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000412.html ASA-201510-10]<br />
|-<br />
| {{CVE|CVE-2015-5260}} {{CVE|CVE-2015-5261}} {{CVE|CVE-2015-3247}} [http://lists.freedesktop.org/archives/spice-devel/2015-October/022168.html templink] [https://bugzilla.redhat.com/show_bug.cgi?id=1260822 templink] [https://bugzilla.redhat.com/show_bug.cgi?id=1261889 templink] [https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797976;msg=21 templink] || {{pkg|spice}} || 2015-09-08 || <= 0.12.5-1 || 0.12.6-1 || 41d || Fixed ({{bug|46738}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000415.html ASA-201510-13]<br />
|-<br />
| {{CVE|CVE-2015-6755}} {{CVE|CVE-2015-6756}} {{CVE|CVE-2015-6757}} {{CVE|CVE-2015-6758}} {{CVE|CVE-2015-6759}} {{CVE|CVE-2015-6760}} {{CVE|CVE-2015-6761}} {{CVE|CVE-2015-6762}} {{CVE|CVE-2015-6763}} [http://googlechromereleases.blogspot.fr/2015/10/stable-channel-update.html templink] || {{pkg|chromium}} || 2015-10-13 || <= 45.0.2454.101-2 || 46.0.2490.71-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000410.html ASA-201510-8]<br />
|-<br />
| {{CVE|CVE-2015-5569}} {{CVE|CVE-2015-7625}} {{CVE|CVE-2015-7626}} {{CVE|CVE-2015-7627}} {{CVE|CVE-2015-7628}} {{CVE|CVE-2015-7629}} {{CVE|CVE-2015-7630}} {{CVE|CVE-2015-7631}} {{CVE|CVE-2015-7632}} {{CVE|CVE-2015-7633}} {{CVE|CVE-2015-7634}} {{CVE|CVE-2015-7643}} {{CVE|CVE-2015-7644}} [https://helpx.adobe.com/security/products/flash-player/apsb15-25.html templink] || {{pkg|flashplugin}} || 2015-10-13 || <= 11.2.202.521-1 || 11.2.202.535-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000409.html ASA-201510-7]<br />
|-<br />
| {{CVE|CVE-2015-5291}} [https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2015-01 templink] || {{pkg|mbedtls}} || 2015-10-05 || <= 2.1.1-1 || 2.1.2-1 || 10d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000411.html ASA-201510-9]<br />
|-<br />
| {{CVE|CVE-2015-7384}} [https://nodejs.org/en/blog/release/v4.1.2/ templink] || {{pkg|nodejs}} || 2015-10-05 || <= 4.1.1-1 || 4.1.2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000405.html ASA-201510-3]<br />
|-<br />
| {{CVE|CVE-2015-7687}} [http://seclists.org/oss-sec/2015/q4/17 templink] [https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3f8e2fe24f3ff174d8515b82607e951e054f68f6 templink] || {{pkg|opensmtpd}} || 2015-10-02 || <= 5.7.1p1-1 || 5.7.3p1-1 || 6d || Fixed ({{bug|46605}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000407.html ASA-201510-5]<br />
|-<br />
| {{CVE|CVE-2015-7673}} {{CVE|CVE-2015-7674}} [http://seclists.org/oss-sec/2015/q4/18 templink] [http://seclists.org/oss-sec/2015/q4/19 templink] || {{pkg|gdk-pixbuf2}} || 2015-10-01 || <= 2.31.7-1 || 2.32.1-1 || 9d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000408.html ASA-201510-6]<br />
|-<br />
| {{CVE|CVE-2015-1335}} [https://github.com/lxc/lxc/commit/6de26af93d3dd87c8b21a42fdf20f30fa1c1948d templink] || {{pkg|lxc}} || 2015-09-29 || <= 1:1.1.3-2 || - || - || Not Affected ({{bug|46574}}) || None<br />
|-<br />
| {{CVE|CVE-2015-6972}} {{CVE|CVE-2015-6973}} [http://hyp3rlinx.altervista.org/advisories/AS-OPENFIRE-XSS.txt templink] [http://hyp3rlinx.altervista.org/advisories/AS-OPENFIRE-CSRF.txt templink] [https://igniterealtime.org/issues/browse/OF-942] || {{pkg|openfire}} || 2015-09-14 || <= 4.0.3-1 || || || '''Vulnerable''' ||<br />
|-<br />
| {{CVE|CVE-2015-4499}} [https://www.bugzilla.org/security/4.2.14/ templink] || {{pkg|bugzilla}} || 2015-09-10 || <= 5.0-1 || 5.0.1-1 || 28d || Fixed ({{bug|46573}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000406.html ASA-201510-4]<br />
|-<br />
| {{CVE|CVE-2015-4141}} {{CVE|CVE-2015-4142}} {{CVE|CVE-2015-4143}} {{CVE|CVE-2015-4144}} {{CVE|CVE-2015-4145}} {{CVE|CVE-2015-4146}} [http://w1.fi/security/2015-2/ templink] [http://w1.fi/security/2015-3/ templink] [http://w1.fi/security/2015-4/ templink] [http://w1.fi/security/2015-5/ templink] || {{pkg|hostapd}} || 2015-05-04 || <= 2.4-2 || 2.5-1 || ~150d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000404.html ASA-201510-2]<br />
|-<br />
| {{CVE|CVE-2015-3239}} [https://bugzilla.redhat.com/show_bug.cgi?id=1232265 templink] || {{pkg|libunwind}} || 2015-06-16 || <= 1.1-2 || 1.1-3 || ~110d || Fixed ({{bug|46474}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000403.html ASA-201510-1]<br />
|-<br />
| {{CVE|CVE-2015-1303}} {{CVE|CVE-2015-1304}} [http://googlechromereleases.blogspot.fr/2015/09/stable-channel-update_24.html templink] || {{pkg|chromium}} || 2015-09-24 || <= 45.0.2454.99-1 || 45.0.2454.101-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000401.html ASA-201509-11]<br />
|-<br />
| {{CVE|CVE-2015-4500}} {{CVE|CVE-2015-4501}} {{CVE|CVE-2015-4502}} {{CVE|CVE-2015-4504}} {{CVE|CVE-2015-4506}} {{CVE|CVE-2015-4507}} {{CVE|CVE-2015-4508}} {{CVE|CVE-2015-4509}} {{CVE|CVE-2015-4510}} {{CVE|CVE-2015-4511}} {{CVE|CVE-2015-4512}} {{CVE|CVE-2015-4516}} {{CVE|CVE-2015-4517}} {{CVE|CVE-2015-4519}} {{CVE|CVE-2015-4520}} {{CVE|CVE-2015-4521}} {{CVE|CVE-2015-4522}} {{CVE|CVE-2015-7174}} {{CVE|CVE-2015-7175}} {{CVE|CVE-2015-7176}} {{CVE|CVE-2015-7177}} {{CVE|CVE-2015-7180}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox41 templink] || {{pkg|firefox}} || 2015-09-22 || <= 40.0.3-1 || 41.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000399.html ASA-201509-9]<br />
|-<br />
| {{CVE|CVE-2015-5567}} {{CVE|CVE-2015-5568}} {{CVE|CVE-2015-5570}} {{CVE|CVE-2015-5571}} {{CVE|CVE-2015-5572}} {{CVE|CVE-2015-5573}} {{CVE|CVE-2015-5574}} {{CVE|CVE-2015-5575}} {{CVE|CVE-2015-5576}} {{CVE|CVE-2015-5577}} {{CVE|CVE-2015-5578}} {{CVE|CVE-2015-5579}} {{CVE|CVE-2015-5580}} {{CVE|CVE-2015-5581}} {{CVE|CVE-2015-5582}} {{CVE|CVE-2015-5584}} {{CVE|CVE-2015-5587}} {{CVE|CVE-2015-5588}} {{CVE|CVE-2015-6676}} {{CVE|CVE-2015-6677}} {{CVE|CVE-2015-6678}} {{CVE|CVE-2015-6679}} {{CVE|CVE-2015-6682}} [https://helpx.adobe.com/security/products/flash-player/apsb15-23.html templink] || {{pkg|flashplugin}} || 2015-09-21 || <= 11.2.202.508-1 || 11.2.202.521-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000398.html ASA-201510-8]<br />
|-<br />
| {{CVE|CVE-2015-7236}} [http://seclists.org/oss-sec/2015/q3/561 templink] || {{pkg|rpcbind}} || 2015-09-17 || <= 0.2.3-1 || 0.2.3-2 || 7d || Fixed ({{bug|46341}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000400.html ASA-201509-10]<br />
|-<br />
| {{CVE|CVE-2015-5714}} {{CVE|CVE-2015-5715}} [https://wordpress.org/news/2015/09/wordpress-4-3-1/ templink] || {{pkg|wordpress}} || 2015-09-15 || <= 4.3-1 || 4.3.1-1 || 5d || Fixed ({{bug|46340}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000397.html ASA-201510-7]<br />
|-<br />
| {{CVE|CVE-2015-6908}} [http://www.openwall.com/lists/oss-security/2015/09/11/5 templink] || {{pkg|openldap}} || 2015-09-09 || <= 2.4.42-1 || 2.4.42-2 || 3d || Fixed ({{bug|46265}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000393.html ASA-201509-4]<br />
|-<br />
| {{CVE|CVE-2015-5722}} {{CVE|CVE-2015-5986}} [https://www.isc.org/blogs/cve-2015-5986-an-incorrect-boundary-check-can-trigger-a-require-assertion-failure-in-openpgpkey_61-c/ templink] [https://www.isc.org/blogs/cve-2015-5722-parsing-malformed-keys-may-cause-bind-to-exit-due-to-a-failed-assertion-in-buffer-c/ templink] || {{pkg|bind}} || 2015-09-02 || <= 9.10.2.P3-1 || 9.10.2.P4-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000391.html ASA-201509-2]<br />
|-<br />
| {{CVE|CVE-2015-5198}} {{CVE|CVE-2015-5199}} {{CVE|CVE-2015-5200}} [http://lists.x.org/archives/xorg-announce/2015-August/002630.html templink] || {{pkg|libvdpau}} {{pkg|lib32-libvdpau}} || 2015-08-31 || <= 1.1-1 || 1.1.1-1 || 13d || Fixed ({{bug|46266}}) ({{bug|46267}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000394.html ASA-201509-5]<br />
|-<br />
| {{CVE|CVE-2015-1291}} {{CVE|CVE-2015-1292}} {{CVE|CVE-2015-1293}} {{CVE|CVE-2015-1294}} {{CVE|CVE-2015-1295}} {{CVE|CVE-2015-1296}} {{CVE|CVE-2015-1297}} {{CVE|CVE-2015-1298}} {{CVE|CVE-2015-1299}} {{CVE|CVE-2015-1300}} {{CVE|CVE-2015-1301}} [http://googlechromereleases.blogspot.fr/2015/09/stable-channel-update.html templink] || {{pkg|chromium}} || 2015-09-01 || <= 44.0.2403.157-1 || 45.0.2454.85-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000390.html ASA-201509-1]<br />
|-<br />
| {{CVE|CVE-2015-5230}} [https://doc.powerdns.com/md/security/powerdns-advisory-2015-02/ templink] || {{pkg|powerdns}} || 2015-09-02 || <= 3.4.5-1 || 3.4.6-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000392.html ASA-201509-3]<br />
|-<br />
| {{CVE|CVE-2015-5317}} {{CVE|CVE-2015-5318}} {{CVE|CVE-2015-5319}} {{CVE|CVE-2015-5320}} {{CVE|CVE-2015-5321}} {{CVE|CVE-2015-5322}} {{CVE|CVE-2015-5323}} {{CVE|CVE-2015-5324}} {{CVE|CVE-2015-5325}} {{CVE|CVE-2015-5326}} {{CVE|CVE-2015-8103}} [https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11 templink] [http://seclists.org/bugtraq/2015/Aug/161 templink] || {{pkg|jenkins}} || 2015-08-28 || <= 1.627-1 || 1.638-1 || 60d || Fixed ({{bug|46268}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000439.html ASA-201511-11]<br />
|-<br />
| {{CVE|CVE-2015-6749}} [http://seclists.org/oss-sec/2015/q3/457 templink] || {{pkg|vorbis-tools}} || 2015-08-30 || <= 1.4.0-5 || 1.4.0-6 || >60d || Fixed ({{bug|46269}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000424.html ASA-201510-22]<br />
|-<br />
| {{CVE|CVE-2015-4497}} {{CVE|CVE-2015-4498}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox40.0.3 templink] || {{pkg|firefox}} || 2015-08-27 || <= 40.0.2-1 || 40.0.3-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000389.html ASA-201508-12]<br />
|-<br />
| {{CVE|CVE-2015-5949}} [http://www.ocert.org/advisories/ocert-2015-009.html templink] || {{pkg|vlc}} || 2015-08-20 || <= 2.2.1-6 || 2.2.2-1 || 179d || Fixed ({{bug|46037}}) || None<br />
|-<br />
| {{CVE|CVE-2015-5963}} [https://www.djangoproject.com/weblog/2015/aug/18/security-releases/ templink] || {{pkg|python-django}} {{pkg|python2-django}} || 2015-08-18 || <= 1.8.3-1 || 1.8.4-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000386.html ASA-201508-9]<br />
|-<br />
| {{CVE|CVE-2015-5221}} [http://seclists.org/oss-sec/2015/q3/408 templink] || {{pkg|jasper}} || 2015-08-16 || <= 1.900.1-15 || || || '''Vulnerable''' || <br />
|-<br />
| {{CVE|CVE-2015-5203}} [http://seclists.org/oss-sec/2015/q3/366 templink] || {{pkg|jasper}} || 2015-08-16 || <= 1.900.1-15 || || || '''Vulnerable''' || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000387.html ASA-201508-10]<br />
|-<br />
| CVE Pending [http://seclists.org/oss-sec/2015/q3/295 templink] || {{pkg|pcre}} || 2015-08-05 || <= 8.37-2 || 8.37-3 || 12d || Fixed ({{bug|45945}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000388.html ASA-201508-11]<br />
|-<br />
| {{CVE|CVE-2015-4473}} {{CVE|CVE-2015-4474}} {{CVE|CVE-2015-4475}} {{CVE|CVE-2015-4477}} {{CVE|CVE-2015-4478}} {{CVE|CVE-2015-4479}} {{CVE|CVE-2015-4480}} {{CVE|CVE-2015-4482}} {{CVE|CVE-2015-4483}} {{CVE|CVE-2015-4484}} {{CVE|CVE-2015-4485}} {{CVE|CVE-2015-4486}} {{CVE|CVE-2015-4487}} {{CVE|CVE-2015-4488}} {{CVE|CVE-2015-4489}} {{CVE|CVE-2015-4490}} {{CVE|CVE-2015-4491}} {{CVE|CVE-2015-4492}} {{CVE|CVE-2015-4493}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox40 templink] || {{pkg|firefox}} || 2015-08-11 || <= 39.0.3-1 || 40.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000381.html ASA-201508-4]<br />
|-<br />
| {{CVE|CVE-2014-8121}} [https://access.redhat.com/security/cve/CVE-2014-8121 templink] || {{pkg|glibc}} || 2015-02-23 || <= 2.21-4 || 2.22-1 || ~180d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000384.html ASA-201508-7]<br />
|-<br />
| {{CVE|CVE-2015-4680}} [http://www.ocert.org/advisories/ocert-2015-008.html templink] || {{pkg|freeradius}} || 2015-06-22 || <= 3.0.8-2 || 3.0.9-1 || ~50d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000383.html ASA-201508-6]<br />
|-<br />
| {{CVE|CVE-2015-3184}} {{CVE|CVE-2015-3187}} [https://subversion.apache.org/security/CVE-2015-3184-advisory.txt templink] [https://subversion.apache.org/security/CVE-2015-3187-advisory.txt templink] || {{pkg|subversion}} || 2015-08-05 || <= 1.8.13-2 || 1.9.0-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000382.html ASA-201508-5]<br />
|-<br />
| {{CVE|CVE-2015-6251}} [http://www.gnutls.org/security.html#GNUTLS-SA-2015-3 templink] || {{pkg|gnutls}} || 2015-08-10 || <= 3.4.3-1 || 3.4.4.1-1 || 10d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000385.html ASA-201508-8]<br />
|-<br />
| {{CVE|CVE-2015-4495}} [https://www.mozilla.org/en-US/security/advisories/mfsa2015-78/ templink] || {{pkg|firefox}} || 2015-08-06 || <= 39.0-1 || 39.0.3-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000378.html ASA-201508-1]<br />
|-<br />
| {{CVE|CVE-2015-2213}} {{CVE|CVE-2015-5730}} {{CVE|CVE-2015-5731}} {{CVE|CVE-2015-5732}} {{CVE|CVE-2015-5733}} {{CVE|CVE-2015-5734}} [https://codex.wordpress.org/Version_4.2.4 templink] || {{pkg|wordpress}} || 2015-08-04 || <= 4.2.3-1 || 4.2.4.-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000379.html ASA-201508-2]<br />
|-<br />
| {{CVE|CVE-2015-3245}} {{CVE|CVE-2015-3246}} [http://seclists.org/oss-sec/2015/q3/185 templink] || {{pkg|libuser}} || 2015-07-22 || <= 0.61-1 || 0.62-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000373.html ASA-201507-19]<br />
|-<br />
| {{CVE|CVE-2015-5600}} [https://kingcope.wordpress.com/2015/07/16/openssh-keyboard-interactive-authentication-brute-force-vulnerability-maxauthtries-bypass/ templink] || {{pkg|openssh}} || 2015-07-22 || <= 6.9p1-1 || 6.9p1-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000372.html ASA-201507-17]<br />
|-<br />
| {{CVE|CVE-2015-1270}} {{CVE|CVE-2015-1271}} {{CVE|CVE-2015-1272}} {{CVE|CVE-2015-1273}} {{CVE|CVE-2015-1274}} {{CVE|CVE-2015-1276}} {{CVE|CVE-2015-1277}} {{CVE|CVE-2015-1278}} {{CVE|CVE-2015-1279}} {{CVE|CVE-2015-1280}} {{CVE|CVE-2015-1281}} {{CVE|CVE-2015-1282}} {{CVE|CVE-2015-1283}} {{CVE|CVE-2015-1284}} {{CVE|CVE-2015-1285}} {{CVE|CVE-2015-1286}} {{CVE|CVE-2015-1287}} {{CVE|CVE-2015-1288}} {{CVE|CVE-2015-1289}} [http://googlechromereleases.blogspot.fr/2015/07/stable-channel-update_21.html templink] || {{pkg|chromium}} || 2015-07-21 || <= 43.0.2357.134-1 || 44.0.2403.89-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000371.html ASA-201507-18]<br />
|-<br />
| {{CVE|CVE-2015-2590}} {{CVE|CVE-2015-2601}} {{CVE|CVE-2015-2613}} {{CVE|CVE-2015-2621}} {{CVE|CVE-2015-2625}} {{CVE|CVE-2015-2628}} {{CVE|CVE-2015-2632}} {{CVE|CVE-2015-2808}} {{CVE|CVE-2015-4000}} {{CVE|CVE-2015-4731}} {{CVE|CVE-2015-4732}} {{CVE|CVE-2015-4733}} {{CVE|CVE-2015-4748}} {{CVE|CVE-2015-4749}} {{CVE|CVE-2015-4760}} [http://blog.fuseyism.com/index.php/2015/07/21/security-icedtea-2-6-1-for-openjdk-7-released/ templink] || {{pkg|jre7-openjdk}} || 2015-07-21 || <= 7.u80_2.6.0-1 || 7.u85_2.6.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000370.html ASA-201507-16]<br />
|-<br />
| {{CVE|CVE-2015-5122}} {{CVE|CVE-2015-5123}} [https://helpx.adobe.com/security/products/flash-player/apsb15-18.html templink] || {{pkg|lib32-flashplugin}} || 2015-07-09 || <= 11.2.202.481-1 || 11.2.202.491-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000368.html ASA-201507-14]<br />
|-<br />
| {{CVE|CVE-2015-5122}} {{CVE|CVE-2015-5123}} [https://helpx.adobe.com/security/products/flash-player/apsb15-18.html templink] || {{pkg|flashplugin}} || 2015-07-09 || <= 11.2.202.481-1 || 11.2.202.491-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000367.html ASA-201507-13]<br />
|-<br />
| {{CVE|CVE-2015-0228}} {{CVE|CVE-2015-0253}} {{CVE|CVE-2015-3183}} {{CVE|CVE-2015-3185}} [http://www.apache.org/dist/httpd/CHANGES_2.4.16 templink] || {{pkg|apache}} || 2015-07-15 || <= 2.4.12-4 || 2.4.16-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000369.html ASA-201507-15]<br />
|-<br />
| {{CVE|CVE-2015-2724}} {{CVE|CVE-2015-2725}} {{CVE|CVE-2015-2726}} {{CVE|CVE-2015-2731}} {{CVE|CVE-2015-2734}} {{CVE|CVE-2015-2735}} {{CVE|CVE-2015-2736}} {{CVE|CVE-2015-2737}} {{CVE|CVE-2015-2738}} {{CVE|CVE-2015-2739}} {{CVE|CVE-2015-2740}} {{CVE|CVE-2015-2741}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird38.1 templink] || {{pkg|thunderbird}} || 2015-07-09 || <= 38.0.1-1 || 38.1.0-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000363.html ASA-201507-9]<br />
|-<br />
| {{CVE|CVE-2015-1793}} [https://openssl.org/news/secadv_20150709.txt templink] || {{pkg|lib32-openssl}} || 2015-07-09 || <= 1.0.2.c-1 || 1.0.2.d-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000366.html ASA-201507-12]<br />
|-<br />
| {{CVE|CVE-2015-1793}} [https://openssl.org/news/secadv_20150709.txt templink] || {{pkg|openssl}} || 2015-07-09 || <= 1.0.2.c-1 || 1.0.2.d-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000362.html ASA-201507-8]<br />
|-<br />
| {{CVE|CVE-2014-0578}} {{CVE|CVE-2015-3114}} {{CVE|CVE-2015-3115}} {{CVE|CVE-2015-3116}} {{CVE|CVE-2015-3117}} {{CVE|CVE-2015-3118}} {{CVE|CVE-2015-3119}} {{CVE|CVE-2015-3120}} {{CVE|CVE-2015-3121}} {{CVE|CVE-2015-3122}} {{CVE|CVE-2015-3123}} {{CVE|CVE-2015-3124}} {{CVE|CVE-2015-3125}} {{CVE|CVE-2015-3126}} {{CVE|CVE-2015-3127}} {{CVE|CVE-2015-3128}} {{CVE|CVE-2015-3129}} {{CVE|CVE-2015-3130}} {{CVE|CVE-2015-3131}} {{CVE|CVE-2015-3132}} {{CVE|CVE-2015-3133}} {{CVE|CVE-2015-3134}} {{CVE|CVE-2015-3135}} {{CVE|CVE-2015-3136}} {{CVE|CVE-2015-3137}} {{CVE|CVE-2015-4428}} {{CVE|CVE-2015-4429}} {{CVE|CVE-2015-4430}} {{CVE|CVE-2015-4431}} {{CVE|CVE-2015-4432}} {{CVE|CVE-2015-4433}} {{CVE|CVE-2015-5116}} {{CVE|CVE-2015-5117}} {{CVE|CVE-2015-5118}} {{CVE|CVE-2015-5119}} [https://helpx.adobe.com/security/products/flash-player/apsb15-16.html templink] [https://www.kb.cert.org/vuls/id/561288 templink] || {{pkg|flashplugin}} || 2015-07-07 || <= 11.2.202.468-1 || 11.2.202.481-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000361.html ASA-201507-7]<br />
|-<br />
| {{CVE|CVE-2015-4620}} [https://kb.isc.org/article/AA-01267/ templink] || {{pkg|bind}} || 2015-07-07 || <= 9.10.2.P1-1 || 9.10.2.P2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000360.html ASA-201507-6]<br />
|-<br />
| {{CVE|CVE-2015-5382}} [http://www.openwall.com/lists/oss-security/2015/07/07/3 templink] || {{pkg|roundcubemail}} || 2015-07-06 || <= 1.1.1-1 || 1.1.2-1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-5355}} {{CVE|CVE-2015-2694}} [http://krbdev.mit.edu/rt/NoAuth/krb5-1.13/fixed-1.13.2.html templink] || {{pkg|lib32-krb5}} || 2015-05-08 || <= 1.13.1-1 || 1.13.2-1 || 63d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000365.html ASA-201507-11]<br />
|-<br />
| {{CVE|CVE-2014-5355}} {{CVE|CVE-2015-2694}} [http://krbdev.mit.edu/rt/NoAuth/krb5-1.13/fixed-1.13.2.html templink] || {{pkg|krb5}} || 2015-05-08 || <= 1.13.1-1 || 1.13.2-1 || 63d || Fixed ({{bug|45575}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000364.html ASA-201507-10]<br />
|-<br />
| {{CVE|CVE-2015-3281}} [http://marc.info/?l=haproxy&m=143593901506748&w=2 templink] || {{pkg|haproxy}} || 2015-07-03 || <= 1.5.12-1 || 1.5.14-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000357.html ASA-201507-3]<br />
|-<br />
| {{CVE|CVE-2015-2722}} {{CVE|CVE-2015-2724}} {{CVE|CVE-2015-2725}} {{CVE|CVE-2015-2726}} {{CVE|CVE-2015-2727}} {{CVE|CVE-2015-2728}} {{CVE|CVE-2015-2729}} {{CVE|CVE-2015-2731}} {{CVE|CVE-2015-2733}} {{CVE|CVE-2015-2734}} {{CVE|CVE-2015-2735}} {{CVE|CVE-2015-2736}} {{CVE|CVE-2015-2737}} {{CVE|CVE-2015-2739}} {{CVE|CVE-2015-2740}} {{CVE|CVE-2015-2741}} {{CVE|CVE-2015-2743}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2015-07-02 || <= 38.0.5 || 39.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000356.html ASA-201507-2]<br />
|- <br />
| {{CVE|CVE-2015-5352}} [http://www.openwall.com/lists/oss-security/2015/07/01/10 templink] || {{pkg|openssh}} || 2015-06-29 || <= 6.8p1-3 || 6.9p1-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000358.html ASA-201507-4]<br />
|-<br />
| {{CVE|CVE-2015-5146}} [http://support.ntp.org/bin/view/Main/SecurityNotice#June_2015_NTP_Security_Vulnerabi templink] || {{pkg|ntp}} || 2015-06-29 || <= 4.2.8p2-1 || 4.2.8p3-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000359.html ASA-201507-5]<br />
|-<br />
| {{CVE|CVE-2015-2141}} [https://lists.ubuntu.com/archives/ubuntu-devel-discuss/2015-June/015585.html templink] [https://github.com/weidai11/cryptopp/commit/9425e16437439e68c7d96abef922167d68fafaff commit] || {{pkg|crypto++}} || 2015-06-28 || <= 5.6.2-2 || 5.6.2-3 || 28d || Fixed ({{bug|45498}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000374.html ASA-201507-20]<br />
|-<br />
| {{CVE|CVE-2015-5073}} [https://bugs.exim.org/show_bug.cgi?id=1651 templink] [http://vcs.pcre.org/pcre?view=revision&revision=1571 commit] || {{pkg|pcre}} || 2015-06-26 || <= 8.37-2 || 8.37-3 || ~52d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-5069}} {{CVE|CVE-2015-5070}} [http://www.openwall.com/lists/oss-security/2015/06/25/12 templink] || {{pkg|wesnoth}} || 2015-06-24 || <= 1.12.2-3 || 1.12.4-1 || < 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000355.html ASA-201507-1]<br />
|-<br />
| {{CVE|CVE-2015-3113}} [https://helpx.adobe.com/security/products/flash-player/apsb15-14.html templink] || {{pkg|flashplugin}} || 2015-06-23 || <= 11.2.202.466-1 || 11.2.202.468-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-June/000346.html ASA-201506-5]<br />
|-<br />
| {{CVE|CVE-2015-3236}} {{CVE|CVE-2015-3237}} [http://curl.haxx.se/docs/adv_20150617A.html templink] [http://curl.haxx.se/docs/adv_20150617B.html templink] || {{pkg|lib32-curl}} || 2015-06-17 || <= 7.42.1-1 || 7.43.0-1 || 47d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-June/000345.html ASA-201506-4]<br />
|-<br />
| {{CVE|CVE-2015-3236}} {{CVE|CVE-2015-3237}} [http://curl.haxx.se/docs/adv_20150617A.html templink] [http://curl.haxx.se/docs/adv_20150617B.html templink] || {{pkg|curl}} || 2015-06-17 || <= 7.42.1-1 || 7.43.0-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-June/000345.html ASA-201506-4]<br />
|-<br />
| {{CVE|CVE-2009-1364}} {{CVE|CVE-2006-3376}} {{CVE|CVE-2007-0455}} {{CVE|CVE-2007-2756}} {{CVE|CVE-2007-3472}} {{CVE|CVE-2007-3473}} {{CVE|CVE-2007-3477}} {{CVE|CVE-2009-3546}} {{CVE|CVE-2015-0848}} {{CVE|CVE-2015-4588}} {{CVE|CVE-2015-4695}} {{CVE|CVE-2015-4696}} [http://www.openwall.com/lists/oss-security/2015/06/16/4 templink] || {{pkg|libwmf}} || 2015-06-01 || <= 0.2.8.4-13 || || || '''Vulnerable''' ({{bug|49162}}) ||<br />
|-<br />
| {{CVE|CVE-2015-2325}} {{CVE|CVE-2015-2326}} {{CVE|CVE-2015-3414}} {{CVE|CVE-2015-3415}} {{CVE|CVE-2015-3416}} [http://php.net/ChangeLog-5.php#5.6.10 templink] || {{pkg|php}} || 2015-06-11 || <= 5.6.9-2 || 5.6.10-1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-3885}} [http://www.ocert.org/advisories/ocert-2015-006.html templink] || {{pkg|libraw}} || 2015-05-11 || <= 0.16.0-3 || 0.16.1 || 5d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-3885}} [http://www.ocert.org/advisories/ocert-2015-006.html templink] || {{pkg|dcraw}} || 2015-05-11 || <= 9.25.0-1 || 9.26.0-1 || ~1m || Fixed || None <br />
|-<br />
| {{CVE|CVE-2015-3885}} [http://www.ocert.org/advisories/ocert-2015-006.html templink] || {{pkg|gimp-ufraw}} || 2015-05-11 || <= 0.21-1 || 0.22-1 || 45d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-3885}} [http://www.ocert.org/advisories/ocert-2015-006.html templink] || {{pkg|rawtherapee}} || 2015-05-11 || <= 1:4.2-1 || 1:4.2+448.g26d182d-1 || ~5m || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-3885}} [http://www.ocert.org/advisories/ocert-2015-006.html templink] || {{pkg|rawstudio}} || 2015-05-11 || <= 2.0-12 || 2.0_git20160107-1 || ~11m || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-1158}} {{CVE|CVE-2015-1159}} [http://www.cups.org/str.php?L4609 templink] || {{pkg|cups}} || 2015-06-08 || <= 2.0.2-4 || 2.0.3-1 || 1d || Fixed ({{bug|45279}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-June/000343.html ASA-201506-2]<br />
|-<br />
| {{CVE|CVE-2015-1788}} {{CVE|CVE-2015-1789}} {{CVE|CVE-2015-1790}} {{CVE|CVE-2015-1791}} {{CVE|CVE-2015-1792}} {{CVE|CVE-2015-4000}} [https://www.openssl.org/news/secadv_20150611.txt templink] [https://git.openssl.org/?p=openssl.git;a=commit;h=98ece4eebfb6cd45cc8d550c6ac0022965071afc templink] || {{pkg|openssl}} || 2015-06-11 || <= 1.0.2.a-1 || 1.0.2.b-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-June/000344.html ASA-201506-3]<br />
|-<br />
| {{CVE|CVE-2015-3210}} [https://bugs.exim.org/show_bug.cgi?id=1636 templink] || {{pkg|pcre}} || 2015-05-29 || <= 8.37-1 || 8.37-2 || 7d || Fixed ({{bug|45207}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-June/000342.html ASA-201506-1]<br />
|-<br />
| {{CVE|CVE-2015-3165}} {{CVE|CVE-2015-3166}} {{CVE|CVE-2015-3167}} [http://www.postgresql.org/about/news/1587/ templink] || {{pkg|postgresql}} || 2015-05-22 || <= 9.4.1-1 || 9.4.2-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000338.html ASA-201505-17]<br />
|-<br />
| {{CVE|CVE-2015-4054}} [http://www.openwall.com/lists/oss-security/2015/05/22/5 templink] || {{pkg|pgbouncer}} || 2015-04-09 || <= 1.5.4-6 || 1.5.5-1 || 26d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000337.html ASA-201505-16]<br />
|-<br />
| {{CVE|CVE-2015-1251}} {{CVE|CVE-2015-1252}} {{CVE|CVE-2015-1253}} {{CVE|CVE-2015-1254}} {{CVE|CVE-2015-1255}} {{CVE|CVE-2015-1256}} {{CVE|CVE-2015-1257}} {{CVE|CVE-2015-1258}} {{CVE|CVE-2015-1259}} {{CVE|CVE-2015-1260}} {{CVE|CVE-2015-1263}} {{CVE|CVE-2015-1264}} {{CVE|CVE-2015-1265}} [http://googlechromereleases.blogspot.fr/2015/05/stable-channel-update_19.html templink] || {{pkg|chromium}} || 2015-05-19 || <= 42.0.2311.135-1 || 43.0.2357.65-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000335.html ASA-201505-14]<br />
|-<br />
| {{CVE|CVE-2015-3808}} {{CVE|CVE-2015-3809}} {{CVE|CVE-2015-3810}} {{CVE|CVE-2015-3811}} {{CVE|CVE-2015-3812}} {{CVE|CVE-2015-3813}} {{CVE|CVE-2015-3814}} {{CVE|CVE-2015-3815}} [https://wireshark.org/docs/relnotes/wireshark-1.12.5.html templink] || {{pkg|wireshark-cli}} {{pkg|wireshark-qt}} {{pkg|wireshark-gtk}} || 2015-05-11 || <= 1.12.4-4 || 1.12.5-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000329.html ASA-201505-10] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000330.html ASA-201505-11] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000331.html ASA-201505-12]<br />
|-<br />
| {{CVE|CVE-2015-3456}} [https://securityblog.redhat.com/2015/05/13/venom-dont-get-bitten/ templink] || {{pkg|qemu}} || 2015-05-13 || <= 2.2.1-4 || 2.2.1-5 || 1d || Fixed ({{bug|44958}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000328.html ASA-201505-9]<br />
|-<br />
| {{CVE|CVE-2014-0230}} [https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.44 templink] || {{pkg|tomcat6}} || 2015-04-09 || <= 6.0.43-2 || 6.0.44-1 || 34d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000321.html ASA-201505-8]<br />
|-<br />
| {{CVE|CVE-2015-2708}} {{CVE|CVE-2015-2709}} {{CVE|CVE-2015-2710}} {{CVE|CVE-2015-2713}} {{CVE|CVE-2015-2716}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird31.7 templink] || {{pkg|thunderbird}} || 2015-05-12 || <= 31.6.0-2 || 31.7.0-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000332.html ASA-201505-13]<br />
|-<br />
| {{CVE|CVE-2015-2708}} {{CVE|CVE-2015-2709}} {{CVE|CVE-2015-2710}} {{CVE|CVE-2015-2711}} {{CVE|CVE-2015-2712}} {{CVE|CVE-2015-2713}} {{CVE|CVE-2015-2715}} {{CVE|CVE-2015-2716}} {{CVE|CVE-2015-2717}} {{CVE|CVE-2015-2718}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox38 templink] || {{pkg|firefox}} || 2015-05-12 || <= 37.0.2-1 || 38.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000320.html ASA-201505-7] <br />
|-<br />
| {{CVE|CVE-2015-3622}} [http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commitdiff;h=f979435 templink] || {{pkg|libtasn1}} || 2015-04-20 || <= 4.5-1 || 4.4-1 || 16d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000318.html ASA-201505-5]<br />
|-<br />
| {{CVE|CVE-2014-8964}} [https://mariadb.com/kb/en/mariadb/mariadb-10018-release-notes/ templink] || {{pkg|mariadb-clients}} || 2015-05-07 || <= 10.0.17-1 || 10.0.18-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000317.html ASA-201505-4]<br />
|-<br />
| {{CVE|CVE-2014-8964}} {{CVE|CVE-2015-0499}} {{CVE|CVE-2015-0501}} {{CVE|CVE-2015-0505}} {{CVE|CVE-2015-2571}} [https://mariadb.com/kb/en/mariadb/mariadb-10018-release-notes/ templink] || {{pkg|mariadb}} || 2015-05-07 || <= 10.0.17-1 || 10.0.18-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000316.html ASA-201505-3]<br />
|-<br />
| {{CVE|CVE-2015-3627}} {{CVE|CVE-2015-3629}} {{CVE|CVE-2015-3630}} {{CVE|CVE-2015-3631}} [http://seclists.org/oss-sec/2015/q2/389 templink] || {{pkg|docker}} || 2015-05-07 || <= 1:1.6.0-1 || 1:1.6.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000319.html ASA-201505-6]<br />
|-<br />
| {{CVE|CVE-2015-0847}} [http://sourceforge.net/p/nbd/mailman/message/34091218/ templink] || {{pkg|nbd}} || 2015-05-07 || <= 3.10-1 || 3.11-1 || 19d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000336.html ASA-201505-15]<br />
|-<br />
| {{CVE|CVE-2015-1858}} {{CVE|CVE-2015-1859}} {{CVE|CVE-2015-1860}} [http://lists.qt-project.org/pipermail/announce/2015-April/000067.html templink] || {{pkg|qt5-base}} || 2015-04-13 || <= 5.4.1-5 || 5.4.2-1 || 50d || Fixed || None <br />
|-<br />
| {{CVE|CVE-2015-1858}} {{CVE|CVE-2015-1859}} {{CVE|CVE-2015-1860}} [http://lists.qt-project.org/pipermail/announce/2015-April/000067.html templink] || {{pkg|qt4}} || 2015-04-13 || <= 4.8.6-6 || 4.8.7-1 || 50d || Fixed || None <br />
|-<br />
| {{CVE|CVE-2015-3414}} {{CVE|CVE-2015-3415}} {{CVE|CVE-2015-3416}} [http://seclists.org/fulldisclosure/2015/Apr/31 templink] || {{pkg|sqlite}} || 2015-04-24 || <= 3.8.8.3-1 || 3.8.9-1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-2170}} {{CVE|CVE-2015-2221}} {{CVE|CVE-2015-2222}} {{CVE|CVE-2015-2305}} {{CVE|CVE-2015-2668}} [http://blog.clamav.net/2015/04/clamav-0987-has-been-released.html templink] || {{pkg|clamav}} || 2015-04-29 || <= 0.98.6-1 || 0.98.7-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000315.html ASA-201505-2]<br />
|-<br />
| {{CVE|CVE-2015-3455}} [http://www.openwall.com/lists/oss-security/2015/04/30/2 templink] || {{pkg|squid}} || 2015-04-29 || <= 3.5.3-2 || 3.5.4-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000314.html ASA-201505-1]<br />
|-<br />
| {{CVE|CVE-2015-3451}} [http://www.openwall.com/lists/oss-security/2015/04/30/1 templink] || {{pkg|perl-xml-libxml}} || 2015-04-30 || <= 2.0118-3 || 2.0119-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000313.html ASA-201504-32]<br />
|-<br />
| {{CVE|CVE-2015-3152}} [http://www.openwall.com/lists/oss-security/2015/04/29/4 templink] || {{pkg|mariadb}} {{pkg|mariadb-clients}} || 2015-04-29 || <= 10.0.17-2 || 10.0.20-1 || 52d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-3153}} [http://curl.haxx.se/docs/adv_20150429.html templink] || {{pkg|curl}} || 2015-04-29 || <= 7.42.0-1 || 7.42.1-1 || 29d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000341.html ASA-201505-20]<br />
|-<br />
| {{CVE|CVE-2015-1243}} {{CVE|CVE-2015-1250}} [http://googlechromereleases.blogspot.fr/2015/04/stable-channel-update_28.html templink] || {{pkg|chromium}} || 2015-04-28 || <= 42.0.2311.90-1 || 42.0.2311.135-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000311.html ASA-201504-30]<br />
|-<br />
| {{CVE|CVE-2015-3420}} [http://seclists.org/oss-sec/2015/q2/288 templink] || {{pkg|dovecot}} || 2015-04-24 || <= 2.2.16-1 || 2.2.16-2 || 4d || Fixed ({{bug|44757}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000312.html ASA-201504-31]<br />
|-<br />
| {{CVE|CVE-2015-1868}} [https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/ templink] || {{pkg|powerdns-recursor}} || 2015-04-23 || <= 3.7.1-1 || 3.7.2-1 || 1d || Fixed ({{Bug|44708}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000308.html ASA-201504-27]<br />
|-<br />
| {{CVE|CVE-2015-1868}} [https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/ templink] || {{pkg|powerdns}} || 2015-04-23 || <= 3.4.3-2 || 3.4.4-1 || 1d || Fixed ({{Bug|44708}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000307.html ASA-201504-26]<br />
|-<br />
| {{CVE|CVE-2015-1863}} [http://w1.fi/security/2015-1/wpa_supplicant-p2p-ssid-overflow.txt templink] || {{pkg|wpa_supplicant}} || 2015-04-22 || <= 2.3-1 || 2.4-1 (1:2.3-1) || 2d || Fixed ({{Bug|44695}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000310.html ASA-201504-29]<br />
|-<br />
| {{CVE|CVE-2015-1781}} [https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=2959eda9272a033863c271aff62095abd01bd4e3;hp=7bf8fb104226407b75103b95525364c4667c869f templink] || {{pkg|glibc}} || 2015-04-21 || <= 2.21-2 || 2.21-3 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000305.html ASA-201504-25]<br />
|-<br />
| {{CVE|CVE-2015-3143}} {{CVE|CVE-2015-3144}} {{CVE|CVE-2015-3145}} {{CVE|CVE-2015-3148}} [http://curl.haxx.se/docs/vuln-7.41.0.html templink] || {{pkg|curl}} || 2015-04-22 || <= 7.41.0-1 || 7.42.0-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000309.html ASA-201504-28]<br />
|-<br />
| {{CVE|CVE-2015-2706}} [https://www.mozilla.org/en-US/security/advisories/mfsa2015-45/ templink] || {{pkg|firefox}} || 2015-04-20 || <= 37.0.1-3 || 37.0.2-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000304.html ASA-201504-24]<br />
|-<br />
| {{CVE|CVE-2015-3138}} [https://github.com/the-tcpdump-group/tcpdump/issues/446 templink] || {{pkg|tcpdump}} || 2015-03-24 || <= 4.7.3-1 || 4.7.3-2 || 26d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000299.html ASA-201504-20]<br />
|-<br />
| {{CVE|CVE-2015-0346}} {{CVE|CVE-2015-0347}} {{CVE|CVE-2015-0348}} {{CVE|CVE-2015-0349}} {{CVE|CVE-2015-0350}} {{CVE|CVE-2015-0351}} {{CVE|CVE-2015-0352}} {{CVE|CVE-2015-0353}} {{CVE|CVE-2015-0354}} {{CVE|CVE-2015-0355}} {{CVE|CVE-2015-0356}} {{CVE|CVE-2015-0357}} {{CVE|CVE-2015-0358}} {{CVE|CVE-2015-0359}} {{CVE|CVE-2015-0360}} {{CVE|CVE-2015-3038}} {{CVE|CVE-2015-3039}} {{CVE|CVE-2015-3040}} {{CVE|CVE-2015-3041}} {{CVE|CVE-2015-3042}} {{CVE|CVE-2015-3043}} {{CVE|CVE-2015-3044}} [https://helpx.adobe.com/security/products/flash-player/apsb15-06.html templink] || {{pkg|flashplugin}} || 2015-04-14 || <= 11.2.202.451-1 || 11.2.202.457-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000297.html ASA-201504-18]<br />
|-<br />
| {{CVE|CVE-2015-1351}} {{CVE|CVE-2015-1352}} {{CVE|CVE-2015-2783}} {{CVE|CVE-2015-3330}} {{CVE|CVE-2015-3329}} [https://php.net/ChangeLog-5.php#5.6.8 templink] || {{pkg|php}} || 2015-04-17 || <= 5.6.7.-2 || 5.6.8-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000291.html ASA-201504-14]<br />
|-<br />
| {{CVE|CVE-2015-0460}} {{CVE|CVE-2015-0469}} {{CVE|CVE-2015-0470}} {{CVE|CVE-2015-0477}} {{CVE|CVE-2015-0478}} {{CVE|CVE-2015-0480}} {{CVE|CVE-2015-0488}} || {{pkg|jdk8-openjdk}} {{pkg|jre8-openjdk}} {{pkg|jre8-openjdk-headless}} || 2015-04-14 || <= 8.u40-1 || 8.u45-1 || 6d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000300.html ASA-201504-21] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000301.html ASA-201504-22] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000302.html ASA-201504-23]<br />
|-<br />
| {{CVE|CVE-2015-0460}} {{CVE|CVE-2015-0469}} {{CVE|CVE-2015-0477}} {{CVE|CVE-2015-0478}} {{CVE|CVE-2015-0480}} {{CVE|CVE-2015-0488}} [http://blog.fuseyism.com/index.php/2015/04/15/security-icedtea-2-5-5-for-openjdk-7-released/ templink] || {{pkg|jdk7-openjdk}} {{pkg|jre7-openjdk}} {{pkg|jre7-openjdk-headless}} || 2015-04-14 || <= 7.u75_2.5.4-1 || 7.u79_2.5.5-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000294.html ASA-201504-15] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000295.html ASA-201504-16] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000296.html ASA-201504-17]<br />
|-<br />
| {{CVE|CVE-2015-3310}} [http://www.openwall.com/lists/oss-security/2015/04/16/7 templink] || {{pkg|ppp}} || 2015-04-13 || <= 2.4.7-1 || 2.4.7-2 || ~4m || Fixed ({{bug|44607}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000380.html ASA-201508-3]<br />
|-<br />
| {{CVE|CVE-2015-3308}} [http://www.openwall.com/lists/oss-security/2015/04/16/6 templink] || {{pkg|gnutls}} || 2015-03-30 || <= 3.3.13-1 || 3.3.14-1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-1235}} {{CVE|CVE-2015-1236}} {{CVE|CVE-2015-1237}} {{CVE|CVE-2015-1238}} {{CVE|CVE-2015-1240}} {{CVE|CVE-2015-1241}} {{CVE|CVE-2015-1242}} {{CVE|CVE-2015-1244}} {{CVE|CVE-2015-1245}} {{CVE|CVE-2015-1246}} {{CVE|CVE-2015-1247}} {{CVE|CVE-2015-1248}} {{CVE|CVE-2015-1249}} [http://googlechromereleases.blogspot.fr/2015/04/stable-channel-update_14.html templink] || {{pkg|chromium}} || 2015-04-14 || <= 41.0.2272.118-2 || 42.0.2311.90-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000298.html ASA-201504-19]<br />
|-<br />
| {{CVE|CVE-2015-1855}} [https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/ templink] || {{pkg|ruby}} || 2015-04-13 || <= 2.2.1-1 || 2.2.2-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000282.html ASA-201504-13]<br />
|-<br />
| {{CVE|CVE-2015-3026}} [http://seclists.org/oss-sec/2015/q2/80 templink] || {{pkg|icecast}} || 2015-04-08 || <= 2.4.1-1 || 2.4.2-1 || 3d || Fixed ({{bug|44503}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000281.html ASA-201504-12]<br />
|-<br />
| {{CVE|CVE-2015-1798}} [http://seclists.org/oss-sec/2015/q2/63 templink] || {{pkg|chrony}} || 2015-04-08 || <= 1.31-2 || 1.31.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000278.html ASA-201504-9]<br />
|-<br />
| {{CVE|CVE-2015-1798}} {{CVE|CVE-2015-1799}} [http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities templink] || {{pkg|ntp}} || 2015-04-07 || <= 4.2.8p1 || 4.2.8p2-1 || <1d || Fixed ({{bug|44492}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000275.html ASA-201504-8]<br />
|-<br />
| {{CVE|CVE-2015-2931}} {{CVE|CVE-2015-2932}} {{CVE|CVE-2015-2933}} {{CVE|CVE-2015-2934}} {{CVE|CVE-2015-2935}} {{CVE|CVE-2015-2936}} {{CVE|CVE-2015-2937}} {{CVE|CVE-2015-2938}} {{CVE|CVE-2015-2939}} {{CVE|CVE-2015-2940}} {{CVE|CVE-2015-2941}} {{CVE|CVE-2015-2942}} [http://seclists.org/oss-sec/2015/q2/61 templink] || {{pkg|mediawiki}} || 2015-04-07 || <= 1.24.1-1 || 1.24.2-1 || 0d || Fixed ({{bug|44489}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000280.html ASA-201504-11]<br />
|-<br />
| {{CVE|CVE-2015-2928}} {{CVE|CVE-2015-2929}} [http://seclists.org/oss-sec/2015/q2/56 templink] || {{pkg|tor}} || 2015-04-06 || <= 0.2.5.11-1 || 0.2.5.12-1 || <1d || Fixed ({{bug|44482}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000274.html ASA-201504-7]<br />
|-<br />
| {{CVE|CVE-2015-0799}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2015-04-03 || <= 37.0-1 || 37.0.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000271.html ASA-201504-4]<br />
|-<br />
| {{CVE|CVE-2015-1233}} {{CVE|CVE-2015-1234}} [http://googlechromereleases.blogspot.fr/2015/04/stable-channel-update.html templink] || {{pkg|chromium}} || 2015-04-01 || <= 41.0.2272.101-1 || 41.0.2272.118-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000269.html ASA-201504-2]<br />
|-<br />
| {{CVE|CVE-2015-0801}} {{CVE|CVE-2015-0807}} {{CVE|CVE-2015-0813}} {{CVE|CVE-2015-0814}} {{CVE|CVE-2015-0815}} {{CVE|CVE-2015-0816}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/ templink] || {{pkg|thunderbird}} || 2015-03-31 || <= 31.5.0-1 || 31.6.0-1|| 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000272.html ASA-201504-6]<br />
|-<br />
| {{CVE|CVE-2015-0801}} {{CVE|CVE-2015-0802}} {{CVE|CVE-2015-0803}} {{CVE|CVE-2015-0804}} {{CVE|CVE-2015-0805}} {{CVE|CVE-2015-0806}} {{CVE|CVE-2015-0807}} {{CVE|CVE-2015-0808}} {{CVE|CVE-2015-0811}} {{CVE|CVE-2015-0812}} {{CVE|CVE-2015-0813}} {{CVE|CVE-2015-0814}} {{CVE|CVE-2015-0815}} {{CVE|CVE-2015-0816}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2015-03-31 || <= 36.0.4-1 || 37.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000268.html ASA-201504-1]<br />
|-<br />
| {{CVE|CVE-2015-1817}} [http://www.openwall.com/lists/oss-security/2015/03/30/3 templink] || {{pkg|musl}} || 2015-03-29 || <= 1.1.7-1 || 1.1.8-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000267.html ASA-201503-26]<br />
|-<br />
| {{CVE|CVE-2015-2782}} {{CVE|CVE-2015-0556}} {{CVE|CVE-2015-0557}} [http://www.openwall.com/lists/oss-security/2015/03/29/1 templink] || {{pkg|arj}} || 2015-03-28 || <= 3.10.22-8 || 3.10.22-10 || 10d || Fixed ({{bug|44411}}) ({{bug|44488}}) || None<br />
|-<br />
| {{CVE|CVE-2015-0250}} [http://seclists.org/fulldisclosure/2015/Mar/142 templink] || {{pkg|java-batik}} || 2015-03-17 || <= 1.7-12 || 1.8-1 || 17d || Fixed ({{bug|44410}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000273.html ASA-201504-5]<br />
|-<br />
| {{CVE|CVE-2015-2806}} [http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=4d4f992826a4962790ecd0cce6fbba4a415ce149 templink] || {{pkg|libtasn1}} || 2015-03-29 || <= 4.3-1 || 4.4-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000270.html ASA-201504-3]<br />
|-<br />
| {{CVE|CVE-2015-0817}} {{CVE|CVE-2015-0818}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2015-03-20 || <= 36.0.1-1 || 36.0.3-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000262.html ASA-201503-21]<br />
|-<br />
| {{CVE|CVE-2015-2559}} [https://www.drupal.org/SA-CORE-2015-001 templink] || {{pkg|drupal}} || 2015-03-19 || <= 7.34-1 || 7.35-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000259.html ASA-201503-18]<br />
|-<br />
| {{CVE|CVE-2015-0252}} [https://xerces.apache.org/xerces-c/secadv/CVE-2015-0252.txt templink] || {{pkg|xerces-c}} || 2015-03-19 || <= 3.1.1-5 || 3.1.2-1 || 1d || Fixed ({{bug|44272}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000260.html ASA-201503-19]<br />
|-<br />
| {{CVE|CVE-2015-2330}} [http://www.openwall.com/lists/oss-security/2015/03/18/4 templink] || {{pkg|webkitgtk}} {{pkg|webkitgtk2}} || 2015-03-17 || <= 2.4.8-1 || 2.4.9-1 || 30d || Fixed ({{bug|44237}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000339.html ASA-201505-18] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000340.html ASA-201505-19]<br />
|-<br />
| {{CVE|CVE-2015-2305}} {{CVE|CVE-2015-2331}} {{CVE|CVE-2015-2348}} {{CVE|CVE-2015-2787}} [https://bugs.php.net/bug.php?id=69253 templink] || {{pkg|php}} || 2015-03-18 || <= 5.6.6-1 || 5.6.7-1 || 10d || Fixed ({{bug|44236}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000266.html ASA-201503-25]<br />
|-<br />
| {{CVE|CVE-2015-0204}} {{CVE|CVE-2015-0207}} {{CVE|CVE-2015-0208}} {{CVE|CVE-2015-0209}} {{CVE|CVE-2015-0285}} {{CVE|CVE-2015-0286}} {{CVE|CVE-2015-0287}} {{CVE|CVE-2015-0288}} {{CVE|CVE-2015-0289}} {{CVE|CVE-2015-0290}} {{CVE|CVE-2015-0291}} {{CVE|CVE-2015-0293}} {{CVE|CVE-2015-1787}} [https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=28a00bcd8e318da18031b2ac8778c64147cd54f9 commit-0288] [https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2b31fcc0b5e7329e13806822a5709dbd51c5c8a4 commit-0285] [https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ba5d0113e8bcb26857ae58a11b219aeb7bc2408a commit-0209] [https://security-tracker.debian.org/tracker/CVE-2015-0288 Debian-Bug-tracker] [https://www.openssl.org/news/secadv_20150319.txt advisory] || {{pkg|openssl}} {{pkg|lib32-openssl}} || 2015-03-17 || <= 1.0.2-1 || 1.0.2.a-1 || 2d || Fixed ({{bug|44227}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000257.html ASA-201503-16] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000258.html ASA-201503-17]<br />
|-<br />
| {{CVE|CVE-2015-1802}} {{CVE|CVE-2015-1803}} {{CVE|CVE-2015-1804}} [http://www.openwall.com/lists/oss-security/2015/03/17/5 templink] || {{pkg|libxfont}} || 2015-03-17 || <= 1.5.0-1 || 1.5.1-1 || <1d || Fixed ({{bug|44226}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000256.html ASA-201503-15]<br />
|-<br />
| {{CVE|CVE-2015-0332}} {{CVE|CVE-2015-0333}} {{CVE|CVE-2015-0334}} {{CVE|CVE-2015-0335}} {{CVE|CVE-2015-0336}} {{CVE|CVE-2015-0337}} {{CVE|CVE-2015-0338}} {{CVE|CVE-2015-0339}} {{CVE|CVE-2015-0340}} {{CVE|CVE-2015-0341}} {{CVE|CVE-2015-0342}} [https://helpx.adobe.com/security/products/flash-player/apsb15-05.html templink] || {{pkg|flashplugin}} || 2015-03-12 || <= 11.2.202.442-1 || 11.2.202.451-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000252.html ASA-201503-11]<br />
|-<br />
| {{CVE|CVE-2014-9687}} [http://www.openwall.com/lists/oss-security/2015/02/10/10 templink] || {{pkg|ecryptfs-utils}} || 2015-02-10 || <= 104-1 || 106-1 || 37d || Fixed ({{bug|44157}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000255.html ASA-201503-14]<br />
|-<br />
| {{CVE|CVE-2015-1782}} [http://www.libssh2.org/adv_20150311.html templink] || {{pkg|libssh2}} || 2015-03-11 || <= 1.4.3-1 || 1.5.0-1 || 29d || Fixed ({{bug|44146}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000279.html ASA-201504-10]<br />
|-<br />
| {{CVE|CVE-2015-2241}} [https://www.djangoproject.com/weblog/2015/mar/09/security-releases/ templink] || {{pkg|python-django}} {{pkg|python2-django}} || 2015-03-09 || <= 1.7.5-1 || 1.7.6-1 || 2d || Fixed ({{bug|44122}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000248.html ASA-201503-7]<br />
|-<br />
| {{CVE|CVE-2015-1212}} {{CVE|CVE-2015-1213}} {{CVE|CVE-2015-1214}} {{CVE|CVE-2015-1215}} {{CVE|CVE-2015-1216}} {{CVE|CVE-2015-1217}} {{CVE|CVE-2015-1218}} {{CVE|CVE-2015-1219}} {{CVE|CVE-2015-1220}} {{CVE|CVE-2015-1221}} {{CVE|CVE-2015-1222}} {{CVE|CVE-2015-1223}} {{CVE|CVE-2015-1224}} {{CVE|CVE-2015-1225}} {{CVE|CVE-2015-1226}} {{CVE|CVE-2015-1227}} {{CVE|CVE-2015-1228}} {{CVE|CVE-2015-1229}} {{CVE|CVE-2015-1230}} {{CVE|CVE-2015-1231}} [http://googlechromereleases.blogspot.fr/2015/03/stable-channel-update.html templink] || {{pkg|chromium}} || 2015-03-03 || <= 40.0.2214.115-1 || 41.0.2272.76-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000245.html ASA-201503-5]<br />
|-<br />
| {{CVE|CVE-2015-1572}} [https://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=49d0fe2a14f2a23da2fe299643379b8c1d37df73 templink] || {{pkg|e2fsprogs}} || 2015-02-06 || <= 1.42.12-1 || 1.42.12-2 || 6d || Fixed ({{bug|44015}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000249.html ASA-201503-8]<br />
|-<br />
| {{CVE|CVE-2015-2157}} [http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/private-key-not-wiped-2.html templink] || {{pkg|putty}} || 2015-03-02 || <= 0.63-1 || 0.64-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000241.html ASA-201503-1]<br />
|-<br />
| {{CVE|CVE-2015-0822}} {{CVE|CVE-2015-0827}} {{CVE|CVE-2015-0831}} {{CVE|CVE-2015-0835}} {{CVE|CVE-2015-0836}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/ templink] || {{pkg|thunderbird}} || 2015-02-24 || <= 31.4.0-1 || 31.5.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000238.html ASA-201502-15]<br />
|-<br />
| {{CVE|CVE-2015-0819}} {{CVE|CVE-2015-0821}} {{CVE|CVE-2015-0822}} {{CVE|CVE-2015-0823}} {{CVE|CVE-2015-0824}} {{CVE|CVE-2015-0825}} {{CVE|CVE-2015-0826}} {{CVE|CVE-2015-0827}} {{CVE|CVE-2015-0829}} {{CVE|CVE-2015-0830}} {{CVE|CVE-2015-0831}} {{CVE|CVE-2015-0832}} {{CVE|CVE-2015-0834}} {{CVE|CVE-2015-0835}} {{CVE|CVE-2015-0836}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2015-02-24 || <= 35.0.1-1 || 36.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000237.html ASA-201502-14]<br />
|-<br />
| {{CVE|CVE-2015-0240}} [https://www.samba.org/samba/history/samba-4.1.17.html templink] || {{pkg|samba}} || 2015-02-23 || <= 4.1.16-1 || 4.1.17-1 || <1d || Fixed ({{bug|43923}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000236.html ASA-201502-13]<br />
|-<br />
| {{CVE|CVE-2014-9636}} [http://www.openwall.com/lists/oss-security/2014/11/02/2 templink] || {{pkg|unzip}} || 2014-11-02 || <= 6.0-9 || 6.0-10 || 75d || Fixed ({{bug|44171}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000250.html ASA-201503-9]<br />
|-<br />
| {{CVE|CVE-2015-1315}} [http://www.openwall.com/lists/oss-security/2015/02/17/4 templink] || {{pkg|unzip}} || 2014-11-02 || <= 6.0-9 || 6.0-9 || - || Not Affected || None<br />
|-<br />
| {{CVE|CVE-2014-9680}} [http://www.sudo.ws/sudo/alerts/tz.html templink] || {{pkg|sudo}} || 2015-02-09 || <= 1.8.12-1 || 1.8.12-1 || 4d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-5352}} {{CVE|CVE-2014-5353}} {{CVE|CVE-2014-5354}} {{CVE|CVE-2014-9421}} {{CVE|CVE-2014-9422}} {{CVE|CVE-2014-9423}} [http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2015-001.txt templink] [http://www.openwall.com/lists/oss-security/2014/12/16/1 templink] || {{pkg|krb5}} || 2015-02-03 || <= 1.13-1 || 1.13.1-1 || 14d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000235.html ASA-201502-12] <br />
|-<br />
| {{CVE|CVE-2015-0255}} [http://www.x.org/wiki/Development/Security/Advisory-2015-02-10/ templink] || {{pkg|xorg-server}} || 2015-02-10 || <= 1.16.3-2|| 1.16.4-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000234.html ASA-201502-11]<br />
|-<br />
| {{CVE|CVE-2015-1191}} [http://www.openwall.com/lists/oss-security/2015/01/18/3 templink] || {{pkg|pigz}} || 2015-01-18 || <= 2.3.1-1 || 2.3.3-1 || 21d || Fixed ({{bug|43748}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000232.html ASA-201502-9]<br />
|-<br />
| {{CVE|CVE-2015-0245}} [http://lists.freedesktop.org/archives/dbus/2015-February/016553.html templink] || {{pkg|dbus}} || 2015-02-09 || <= 1.8.14-1 || 1.8.16-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000233.html ASA-201502-10]<br />
|-<br />
| {{CVE|CVE-2015-1472}} {{CVE|CVE-2015-1473}} || {{pkg|glibc}} || 2015-02-05 || <= 2.20-6 || 2.21-1 ||4d || Fixed ({{bug|43747}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000231.html ASA-201502-8]<br />
|-<br />
| {{CVE|CVE-2014-9297}} {{CVE|CVE-2014-9298}} [http://support.ntp.org/bin/view/Main/SecurityNotice#vallen_is_not_validated_in_sever templink] [http://support.ntp.org/bin/view/Main/SecurityNotice#1_can_be_spoofed_on_some_OSes_so templink]|| {{pkg|ntp}} || 2015-02-04 || <= 4.2.8-1 || 4.2.8.p1-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000230.html ASA-201502-7]<br />
|-<br />
| {{CVE|CVE-2014-9328}} || {{pkg|clamav}} || 2015-01-28 || <= 0.98.5-1 || 0.98.6-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000229.html ASA-201502-6]<br />
|-<br />
| {{CVE|CVE-2015-1209}} {{CVE|CVE-2015-1210}} {{CVE|CVE-2015-1211}} {{CVE|CVE-2015-1212}} [http://googlechromereleases.blogspot.fr/2015/02/stable-channel-update.html templink] || {{pkg|chromium}} || 2015-02-05 || <= 40.0.2214.94-1 || 40.0.2214.111-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000228.html ASA-201502-5]<br />
|-<br />
| {{CVE|CVE-2015-0313}} {{CVE|CVE-2015-0314}} {{CVE|CVE-2015-0315}} {{CVE|CVE-2015-0316}} {{CVE|CVE-2015-0317}} {{CVE|CVE-2015-0318}} {{CVE|CVE-2015-0319}} {{CVE|CVE-2015-0320}} {{CVE|CVE-2015-0321}} {{CVE|CVE-2015-0322}} {{CVE|CVE-2015-0323}} {{CVE|CVE-2015-0324}} {{CVE|CVE-2015-0325}} {{CVE|CVE-2015-0326}} {{CVE|CVE-2015-0327}} {{CVE|CVE-2015-0328}} {{CVE|CVE-2015-0329}} {{CVE|CVE-2015-0330}} [https://helpx.adobe.com/security/products/flash-player/apsb15-04.html templink] || {{pkg|flashplugin}} || 2015-02-05 || <= 11.2.202.440-1 || 11.2.202.442-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000225.html ASA-201502-2]<br />
|-<br />
| {{CVE|CVE-2014-8161}} {{CVE|CVE-2015-0241}} {{CVE|CVE-2015-0243}} {{CVE|CVE-2015-0244}} [http://www.postgresql.org/docs/9.4/static/release-9-4-1.html templink] || {{pkg|postgresql}} || 2015-02-05 || <= 9.4.0-1 || 9.4.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000227.html ASA-201502-4]<br />
|-<br />
| {{CVE|CVE-2015-1380}} {{CVE|CVE-2015-1381}} {{CVE|CVE-2015-1382}} [http://seclists.org/oss-sec/2015/q1/285 templink] || {{pkg|privoxy}} || 2015-01-26 || <= 3.0.22-1 || 3.0.23-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000224.html ASA-201502-1]<br />
|-<br />
| {{CVE|CVE-2015-0235}} [https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-0235 templink] || {{pkg|glibc}} || 2015-01-27 || < 2.18-1 || 2.18-1 || < 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-0311}} {{CVE|CVE-2015-0301}} {{CVE|CVE-2015-0302}} {{CVE|CVE-2015-0303}} {{CVE|CVE-2015-0304}} {{CVE|CVE-2015-0305}} {{CVE|CVE-2015-0306}} {{CVE|CVE-2015-0307}} {{CVE|CVE-2015-0308}} {{CVE|CVE-2015-0309}} [https://helpx.adobe.com/security/products/flash-player/apsb15-01.html templink] || {{pkg|flashplugin}} || 2015-01-23 || <= 11.2.202.438-1 || 11.2.202.440-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000220.html ASA-201501-22]<br />
|-<br />
| {{CVE|CVE-2015-0231}} {{CVE|CVE-2014-9427}} {{CVE|CVE-2015-0232}} [https://bugs.php.net/bug.php?id=68710 templink] [https://bugs.php.net/bug.php?id=68618 templink] [https://bugs.php.net/bug.php?id=68799 templink] || {{pkg|php}} || 2015-01-22 || <= 5.6.4-1 || 5.6.5-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000215.html ASA-201501-17]<br />
|-<br />
| {{CVE|CVE-2014-9638}} {{CVE|CVE-2014-9639}} {{CVE|CVE-2014-9640}} [http://www.openwall.com/lists/oss-security/2015/01/22/9 templink] || {{pkg|vorbis-tools}} || 2015-01-21 || <= 1.4.0-4 || 1.4.0-5 || 64d || Fixed ({{bug|44172}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000265.html ASA-201503-24]<br />
|-<br />
| {{CVE|CVE-2015-1345}} [http://seclists.org/oss-sec/2015/q1/179 templink] || {{pkg|grep}} || 2015-01-18 || <= 2.21-1 || 2.21-2 || 46d || Fixed ({{bug|44017}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000244.html ASA-201503-4]<br />
|-<br />
| {{CVE|CVE-2014-7923}} {{CVE|CVE-2014-7924}} {{CVE|CVE-2014-7925}} {{CVE|CVE-2014-7926}} {{CVE|CVE-2014-7927}} {{CVE|CVE-2014-7928}} {{CVE|CVE-2014-7930}} {{CVE|CVE-2014-7931}} {{CVE|CVE-2014-7929}} {{CVE|CVE-2014-7932}} {{CVE|CVE-2014-7933}} {{CVE|CVE-2014-7934}} {{CVE|CVE-2014-7935}} {{CVE|CVE-2014-7936}} {{CVE|CVE-2014-7937}} {{CVE|CVE-2014-7938}} {{CVE|CVE-2014-7939}} {{CVE|CVE-2014-7940}} {{CVE|CVE-2014-7941}} {{CVE|CVE-2014-7942}} {{CVE|CVE-2014-7943}} {{CVE|CVE-2014-7944}} {{CVE|CVE-2014-7945}} {{CVE|CVE-2014-7946}} {{CVE|CVE-2014-7947}} {{CVE|CVE-2014-7948}} {{CVE|CVE-2015-1205}} [http://googlechromereleases.blogspot.fr/2015/01/stable-update.html templink] || {{pkg|chromium}} || 2015-01-22 || <= 39.0.2171.99-1 || 40.0.2214.91-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000219.html ASA-201501-21]<br />
|-<br />
| {{CVE|CVE-2014-3566}} {{CVE|CVE-2014-6549}} {{CVE|CVE-2014-6585}} {{CVE|CVE-2014-6587}} {{CVE|CVE-2014-6591}} {{CVE|CVE-2014-6593}} {{CVE|CVE-2014-6601}} {{CVE|CVE-2015-0383}} {{CVE|CVE-2015-0395}} {{CVE|CVE-2015-0400}} {{CVE|CVE-2015-0403}} {{CVE|CVE-2015-0406}} {{CVE|CVE-2015-0407}} {{CVE|CVE-2015-0408}} {{CVE|CVE-2015-0410}} {{CVE|CVE-2015-0412}} {{CVE|CVE-2015-0413}} {{CVE|CVE-2015-0421}} {{CVE|CVE-2015-0437}} [http://www.oracle.com/technetwork/topics/security/cpujan2015verbose-1972976.html#JAVA templink] || {{pkg|jdk8-openjdk}} {{pkg|jre8-openjdk}} {{pkg|jre8-openjdk-headless}} || 2015-01-22 || <= 8.u25-2 || 8.u31-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000210.html ASA-201501-14] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000211.html ASA-201501-15] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000212.html ASA-201501-16]<br />
|-<br />
| {{CVE|CVE-2014-3566}} {{CVE|CVE-2014-6585}} {{CVE|CVE-2014-6587}} {{CVE|CVE-2014-6591}} {{CVE|CVE-2014-6593}} {{CVE|CVE-2014-6601}} {{CVE|CVE-2015-0383}} {{CVE|CVE-2015-0395}} {{CVE|CVE-2015-0407}} {{CVE|CVE-2015-0408}} {{CVE|CVE-2015-0410}} {{CVE|CVE-2015-0412}} [http://www.oracle.com/technetwork/topics/security/cpujan2015verbose-1972976.html#JAVA templink] || {{pkg|jdk7-openjdk}} {{pkg|jre7-openjdk}} {{pkg|jre7-openjdk-headless}} || 2015-01-22 || <= 7.u71_2.5.3-3 || 7.u75_2.5.4-1 || || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000216.html ASA-201501-18] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000217.html ASA-201501-19] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000218.html ASA-201501-20]<br />
|-<br />
| {{CVE|CVE-2014-8157}} {{CVE|CVE-2014-8158}} [http://seclists.org/oss-sec/2015/q1/210 templink] || {{pkg|jasper}} || 2015-01-22 || <= 1.900.1-12 || 1.900.1-13 || 5d || Fixed ({{bug|43592}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000222.html ASA-201501-23]<br />
|-<br />
| {{CVE|CVE-2014-8132}} [http://www.libssh.org/2014/12/19/libssh-0-6-4-security-and-bugfix-release/ templink] || {{pkg|libssh}} || 2014-12-19 || <= 0.6.3-1 || 0.6.4-1 || 26d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000208.html ASA-201501-12]<br />
|-<br />
| {{CVE|CVE-2015-1182}} [https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-04 templink] || {{pkg|polarssl}} || 2012-09-19 || <= 1.3.9-1 || 1.3.9-2 || 1d || Fixed ({{bug|43508}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000209.html ASA-201501-13]<br />
|-<br />
| {{CVE|CVE-2012-3505}} [http://www.openwall.com/lists/oss-security/2012/08/18/1 templink] || {{pkg|tinyproxy}} || 2012-09-10 || <= 1.8.3-1 || 1.8.4-1 || > 740d || Fixed ({{bug|38400}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000207.html ASA-201501-11]<br />
|-<br />
| {{CVE|CVE-2014-9447}} [https://git.fedorahosted.org/cgit/elfutils.git/commit/?id=147018e729e7c22eeabf15b82d26e4bf68a0d18e templink] || {{pkg|elfutils}} || 2015-01-19 || <= 0.161-2 || 0.161-3 || 42d || Fixed ({{bug|44019}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000242.html ASA-201503-2]<br />
|-<br />
| {{CVE|CVE-2014-9447}} [https://git.fedorahosted.org/cgit/elfutils.git/commit/?id=147018e729e7c22eeabf15b82d26e4bf68a0d18e templink] || {{pkg|lib32-elfutils}} || 2015-01-19 || <= 0.161-1 || 0.161-2 || 42d || Fixed ({{bug|44020}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000243.html ASA-201503-3]<br />
|-<br />
| {{CVE|CVE-2014-8143}} [https://www.samba.org/samba/security/CVE-2014-8143 templink] || {{pkg|samba}} || 2015-01-15 || <= 4.1.15-1 || 4.1.16-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000206.html ASA-201501-10]<br />
|-<br />
| {{CVE|CVE-2015-1197}} [http://www.openwall.com/lists/oss-security/2015/01/18/7 templink] || {{pkg|cpio}} || 2015-01-16 || <= 2.11-5 || 2.11-6 || 65d || Fixed ({{bug|44173}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000263.html ASA-201503-22]<br />
|-<br />
| {{CVE|CVE-2015-1196}} {{CVE|CVE-2014-9637}} [http://www.openwall.com/lists/oss-security/2015/01/18/6 templink] [https://savannah.gnu.org/bugs/?44051 templink] || {{pkg|patch}} || 2015-01-14 || <= 2.7.1-3 || 2.7.3-1 || 14d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000223.html ASA-201501-24]<br />
|-<br />
| {{CVE|CVE-2014-9571}} {{CVE|CVE-2014-9572}} {{CVE|CVE-2014-9573}} {{CVE|CVE-2014-9624}} {{CVE|CVE-2015-1042}} [http://www.openwall.com/lists/oss-security/2015/01/17/1 templink] [http://www.openwall.com/lists/oss-security/2015/01/17/3 templink] [http://www.openwall.com/lists/oss-security/2015/01/17/2 templink] [http://www.openwall.com/lists/oss-security/2015/01/18/11 templink] || {{pkg|mantisbt}} || 2015-01-17 || <= 1.2.18-1 || 1.2.19-1 || 20d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000226.html ASA-201502-3]<br />
|-<br />
| {{CVE|CVE-2014-8634}} {{CVE|CVE-2014-8635}} {{CVE|CVE-2014-8638}} {{CVE|CVE-2014-8639}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/ templink] || {{pkg|thunderbird}} || 2015-01-13 || <= 31.3.0-1 || 31.4.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000203.html ASA-201501-7]<br />
|-<br />
| {{CVE|CVE-2014-8634}} {{CVE|CVE-2014-8635}} {{CVE|CVE-2014-8636}} {{CVE|CVE-2014-8637}} {{CVE|CVE-2014-8638}} {{CVE|CVE-2014-8639}} {{CVE|CVE-2014-8640}} {{CVE|CVE-2014-8641}} {{CVE|CVE-2014-8642}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2015-01-13 || <= 34.0.5-1 || 35.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000202.html ASA-201501-6]<br />
|-<br />
| {{CVE|CVE-2014-3571}} {{CVE|CVE-2015-0206}} {{CVE|CVE-2014-3569}} {{CVE|CVE-2014-3572}} {{CVE|CVE-2015-0205}} {{CVE|CVE-2014-8275}} {{CVE|CVE-2014-3570}} [https://www.openssl.org/news/secadv_20150108.txt templink] || {{pkg|openssl}} || 2015-01-08 || <= 1.0.1.j-1 || 1.0.1.k-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000198.html ASA-201501-2]<br />
|-<br />
| {{CVE|CVE-2014-8150}} [http://curl.haxx.se/docs/adv_20150108B.html templink] || {{pkg|curl}} || 2015-01-08 || <= 7.39.0-1 || 7.40.0-1 || 10d || Fixed ({{bug|43379}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000205.html ASA-201501-9]<br />
|-<br />
| {{CVE|CVE-2014-6272}} [http://archives.seul.org/libevent/users/Jan-2015/msg00010.html templink] || {{pkg|libevent}} || 2015-01-05 || <= 2.0.21-3 || 2.0.22-1 || 7d || Fixed ({{bug|43366}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000200.html ASA-201501-4] <br />
|-<br />
| {{CVE|CVE-2014-8139}} {{CVE|CVE-2014-8140}} {{CVE|CVE-2014-8141}} [http://www.ocert.org/advisories/ocert-2014-011.html templink] || {{pkg|unzip}} || 2014-12-22 || <= 6.0-7 || 6.0-9 || 17d || Fixed ({{bug|43300}}) ({{bug|43391}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000199.html ASA-201501-3]<br />
|-<br />
| {{CVE|CVE-2014-6395}} {{CVE|CVE-2014-6396}} {{CVE|CVE-2014-9376}} {{CVE|CVE-2014-9377}} {{CVE|CVE-2014-9378}} {{CVE|CVE-2014-9379}} {{CVE|CVE-2014-9380}} {{CVE|CVE-2014-9381}} [https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/ templink] || {{pkg|ettercap}} {{pkg|ettercap-gtk}} || 2014-12-16 || <= 0.8.1-2 || 0.8.2-1 || 89d || Fixed ({{bug|44174}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000253.html ASA-201503-12] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000254.html ASA-201503-13]<br />
|-<br />
| {{CVE|CVE-2014-9425}} [https://bugs.php.net/bug.php?id=68676 templink] || {{pkg|php}} || 2014-12-29 || <= 5.6.4-1 || 5.6.5-1 || 6d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-9295}} {{CVE|CVE-2014-9296}} [http://support.ntp.org/bin/view/Main/SecurityNotice#Buffer_overflow_in_ctl_putdata templink] || {{pkg|ntp}} || 2014-12-19 || < 4.2.8-1 || 4.2.8-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000189.html ASA-201412-24]<br />
|-<br />
| {{CVE|CVE-2014-8142}} [https://bugzilla.redhat.com/show_bug.cgi?id=1175718 templink] || {{pkg|php}} || 2014-12-18 || <= 5.6.3-1 || 5.6.4-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000183.html ASA-201412-23]<br />
|-<br />
| {{CVE|CVE-2014-8137}} {{CVE|CVE-2011-4516}} {{CVE|CVE-2011-4517}} [https://marc.info/?l=oss-security&m=141891163026757&w=2 templink] || {{pkg|jasper}} || 2014-12-18 || <= 1.900.1-11 || 1.900.1-12 || 1d || Fixed ({{bug|43155}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000182.html ASA-201412-22]<br />
|-<br />
| {{CVE|CVE-2014-9029}} [https://marc.info/?l=oss-security&m=141770163916268&w=2 templink] || {{pkg|jasper}} || 2014-12-04 || <= 1.900.1-10 || 1.900.1-12 || 6d || Fixed ({{bug|43044}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000182.html ASA-201412-22]<br />
|-<br />
| {{CVE|CVE-2012-3406}} {{CVE|CVE-2014-9402}} [http://www.openwall.com/lists/oss-security/2014/12/18/1 templink] || {{pkg|glibc}} {{pkg|lib32-glibc}} || 2014-12-17 || <= 2.20-4 || 2.20-5 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000181.html ASA-201412-21]<br />
|-<br />
| {{CVE|CVE-2014-9253}} [http://seclists.org/oss-sec/2014/q4/1050 templink] || {{pkg|dokuwiki}} || 2014-12-15 || <= 20140929_a-1 || 20140929_b-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000177.html ASA-201412-19]<br />
|-<br />
| {{CVE|CVE-2014-3580}} {{CVE|CVE-2014-8108}} [https://subversion.apache.org/security/CVE-2014-3580-advisory.txt templink] [https://subversion.apache.org/security/CVE-2014-8108-advisory.txt templink] || {{pkg|subversion}} || 2014-12-16 || <= 1.8.10-1 || 1.8.11-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000175.html ASA-201412-17]<br />
|-<br />
| {{CVE|CVE-2014-9356}} {{CVE|CVE-2014-9357}} {{CVE|CVE-2014-9358}} [http://www.securityfocus.com/archive/1/534215 templink] || {{pkg|docker}} || 2014-12-12 || <= 1:1.3.2-1 || 1:1.4.0-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000174.html ASA-201412-16]<br />
|-<br />
| {{CVE|CVE-2013-1752}} {{CVE|CVE-2013-1753}} {{CVE|CVE-2014-9365}} [https://hg.python.org/cpython/raw-file/v2.7.9/Misc/NEWS templink] || {{pkg|python2}} || 2014-12-11 || <= 2.7.8-1 || 2.7.9-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000173.html ASA-201412-15]<br />
|-<br />
| {{CVE|CVE-2014-0580}} {{CVE|CVE-2014-0587}} {{CVE|CVE-2014-8443}} {{CVE|CVE-2014-9162}} {{CVE|CVE-2014-9163}} {{CVE|CVE-2014-9164}} [https://helpx.adobe.com/security/products/flash-player/apsb14-27.html templink] || {{pkg|flashplugin}} || 2014-12-09 || <= 11.2.202.424-1 || 11.2.202.425-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000171.html ASA-201412-13]<br />
|-<br />
| {{CVE|CVE-2014-8091}} {{CVE|CVE-2014-8092}} {{CVE|CVE-2014-8093}} {{CVE|CVE-2014-8094}} {{CVE|CVE-2014-8095}} {{CVE|CVE-2014-8096}} {{CVE|CVE-2014-8097}} {{CVE|CVE-2014-8098}} {{CVE|CVE-2014-8099}} {{CVE|CVE-2014-8100}} {{CVE|CVE-2014-8101}} {{CVE|CVE-2014-8102}} {{CVE|CVE-2014-8103}} [http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/ templink] || {{pkg|xorg-server}} || 2014-12-09 || <= 1.16.2-1 || 1.16.2.901-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000172.html ASA-201412-14]<br />
|-<br />
| {{CVE|CVE-2014-8093}} {{CVE|CVE-2014-8098}} {{CVE|CVE-2014-8298}} [https://nvidia.custhelp.com/app/answers/detail/a_id/3610 templink] || {{pkg|nvidia}} {{pkg|nvidia-lts}} || 2014-12-09 || <= 343.22-6 || 343.36-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000170.html ASA-201412-12]<br />
|-<br />
| {{CVE|CVE-2014-8093}} {{CVE|CVE-2014-8098}} {{CVE|CVE-2014-8298}} [https://nvidia.custhelp.com/app/answers/detail/a_id/3610 templink] || {{pkg|nvidia-340xx}} {{pkg|nvidia-340xx-lts}} || 2014-12-09 || <= 340.58-3 || 340.65-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000169.html ASA-201412-11]<br />
|-<br />
| {{CVE|CVE-2014-8093}} {{CVE|CVE-2014-8098}} {{CVE|CVE-2014-8298}} [https://nvidia.custhelp.com/app/answers/detail/a_id/3610 templink] || {{pkg|nvidia-304xx}} {{pkg|nvidia-304xx-lts}} || 2014-12-09 || < 304.125-1 || 304.125-1 || < 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000168.html ASA-201412-10]<br />
|-<br />
| {{CVE|CVE-2014-8601}} [http://doc.powerdns.com/md/security/powerdns-advisory-2014-02/ templink] || {{pkg|powerdns-recursor}} || 2014-12-09 || <= 3.6.1-1 || 3.6.2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000167.html ASA-201412-9]<br />
|-<br />
| {{CVE|CVE-2014-8602}} [https://unbound.net/downloads/CVE-2014-8602.txt templink] || {{pkg|unbound}} || 2014-12-09 || <= 1.5.0-1 || 1.5.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000166.html ASA-201412-8]<br />
|-<br />
| {{CVE|CVE-2014-8500}} {{CVE|CVE-2014-8680}} [http://svnweb.freebsd.org/ports?view=revision&revision=374305 templink] || {{pkg|bind}} || 2014-12-08 || <= 9.10.1-2 || 9.10.1.P1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000165.html ASA-201412-7]<br />
|-<br />
| {{CVE|CVE-2014-9274}} {{CVE|CVE-2014-9275}} [http://seclists.org/oss-sec/2014/q4/904 templink] || {{pkg|unrtf}} || 2014-12-04 || <= 0.21.5-1 || 0.21.7-1 || 10d || Fixed ({{bug|43131}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000178.html ASA-201412-20]<br />
|-<br />
| {{CVE|CVE-2014-1587}} {{CVE|CVE-2014-1588}} {{CVE|CVE-2014-1589}} {{CVE|CVE-2014-1590}} {{CVE|CVE-2014-1591}} {{CVE|CVE-2014-1592}} {{CVE|CVE-2014-1593}} {{CVE|CVE-2014-1594}} {{CVE|CVE-2014-8631}} {{CVE|CVE-2014-8632}} [https://www.mozilla.org/fr/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2014-12-02 || <= 33.1.1-1 || 34.0.5-1 || < 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000161.html ASA-201412-3]<br />
|-<br />
| {{CVE|CVE-2014-9157}} [http://seclists.org/oss-sec/2014/q4/872 templink] || {{pkg|graphviz}} || 2014-11-25 || <= 2.38.0-2 || 2.38.0-3 || 8d || Fixed ({{bug|42983}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000162.html ASA-201412-4]<br />
|-<br />
| {{CVE|CVE-2014-8123}} [http://seclists.org/oss-sec/2014/q4/874 templink] || {{pkg|antiword}} || 2014-12-01 || <= 0.37-4 || 0.37-5 || 3d || Fixed ({{bug|42982}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000163.html ASA-201412-5]<br />
|-<br />
| {{CVE|CVE-2014-8104}} [https://forums.openvpn.net/topic17625.html templink] || {{pkg|openvpn}} || 2014-11-30 || <= 2.3.5-1 || 2.3.6-1 || 4d || Fixed ({{bug|42975}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000160.html ASA-201412-2]<br />
|-<br />
| {{CVE|CVE-2014-9087}} [http://seclists.org/oss-sec/2014/q4/801 templink] || {{pkg|gnupg}} || 2014-11-25 || <= 2.1.0-5 || 2.1.0-6 || 4d || Fixed ({{bug|42943}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000159.html ASA-201412-1]<br />
|-<br />
| {{CVE|CVE-2014-9087}} [http://seclists.org/oss-sec/2014/q4/801 templink] || {{pkg|libksba}} || 2014-11-25 || <= 1.3.1-1 || 1.3.2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000156.html ASA-201411-31]<br />
|-<br />
| {{CVE|CVE-2014-9114}} [http://seclists.org/oss-sec/2014/q4/819 templink] || {{pkg|util-linux}} || 2014-11-27 || <= 2.25.2-1 || 2.26.1-3 || 117d || Fixed ({{bug|43886}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000264.html ASA-201503-23]<br />
|-<br />
| {{CVE|CVE-2014-9112}} [http://seclists.org/oss-sec/2014/q4/818 templink] || {{pkg|cpio}} || 2014-11-26 || <= 2.11-4 || 2.11-5 || 20d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000201.html ASA-201501-5]<br />
|-<br />
| {{CVE|CVE-2014-9116}} [http://seclists.org/oss-sec/2014/q4/835 templink] || {{pkg|mutt}} || 2014-11-27 || <= 1.5.23-1 || 1.5.23-2 || 71d || Fixed ({{bug|44110}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000247.html ASA-201503-6]<br />
|-<br />
| {{CVE|CVE-2014-9093}} [https://bugs.freedesktop.org/show_bug.cgi?id=86449 templink] || {{pkg|libreoffice-fresh}} || 2014-11-19 || <= 4.3.4-1 ||4.3.5-1 || 31d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-9092}} [https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768369#114 templink] || {{pkg|libjpeg-turbo}} || 2014-11-26 || <= 1.3.1-2 || 1.3.1-3 || 2d || Fixed ({{bug|42922}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000158.html ASA-201411-33]<br />
|-<br />
| {{CVE|CVE-2014-9272}} {{CVE|CVE-2014-9270}} {{CVE|CVE-2014-8987}} {{CVE|CVE-2014-9271}} {{CVE|CVE-2014-9281}} {{CVE|CVE-2014-8986}} {{CVE|CVE-2014-9269}} {{CVE|CVE-2014-9280}} {{CVE|CVE-2014-9089}} {{CVE|CVE-2014-9279}} {{CVE|CVE-2014-8988}} {{CVE|CVE-2014-8553}} {{CVE|CVE-2014-6387}} {{CVE|CVE-2014-6316}} {{CVE|CVE-2014-9117}} [https://www.mantisbt.org/bugs/view.php?id=17841 templink] [https://www.mantisbt.org/bugs/view.php?id=17811 templink] [http://seclists.org/oss-sec/2014/q4/955 templink] || {{pkg|mantisbt}} || 2014-11-25 || <= 1.2.17-4 || 1.2.18-1 || 13d || Fixed ({{bug|42920}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000164.html ASA-201412-6]<br />
|-<br />
| {{CVE|CVE-2014-9090}} [https://marc.info/?l=oss-security&m=141698775601426&w=2 templink] || {{pkg|linux}} {{pkg|linux-lts}} || 2014-11-26 || <= 3.18-rc6 || 3.19 || - || Not Affected || None<br />
|-<br />
| {{CVE|CVE-2014-9018}} {{CVE|CVE-2014-9091}} [http://seclists.org/oss-sec/2014/q4/694 templink] || {{pkg|icecast}} || 2014-11-20 || <= 2.4.0-1 || 2.4.1-1 || 8d || Fixed ({{bug|42912}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000157.html ASA-201411-32]<br />
|-<br />
| {{CVE|CVE-2014-8964}} [http://bugs.exim.org/show_bug.cgi?id=1546 templink] || {{pkg|pcre}} || 2014-11-18 || <= 8.36-1 || 8.36-2 || 8d || Fixed ({{bug|42860}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000154.html ASA-201411-29]<br />
|-<br />
| {{CVE|CVE-2014-8962}} {{CVE|CVE-2014-9028}} [http://www.ocert.org/advisories/ocert-2014-008.html templink] || {{pkg|flac}} || 2014-11-25 || <= 1.3.0-4 || 1.3.0-5 || < 1d || Fixed ({{bug|42898}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000155.html ASA-201411-30]<br />
|-<br />
| {{CVE|CVE-2014-7899}} {{CVE|CVE-2014-7900}} {{CVE|CVE-2014-7901}} {{CVE|CVE-2014-7902}} {{CVE|CVE-2014-7903}} {{CVE|CVE-2014-7904}} {{CVE|CVE-2014-7906}} {{CVE|CVE-2014-7907}} {{CVE|CVE-2014-7908}} {{CVE|CVE-2014-7909}} {{CVE|CVE-2014-7910}} [http://googlechromereleases.blogspot.in/2014/11/stable-channel-update_18.html templink] || {{pkg|chromium}} || 2014-11-20 || <= 38.0.2125.122-1 || 39.0.2171.65-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000151.html ASA-201411-26]<br />
|-<br />
| {{CVE|CVE-2014-9015}} {{CVE|CVE-2014-9016}} [http://seclists.org/oss-sec/2014/q4/697 templink] || {{pkg|drupal}} || 2014-11-19 || <= 7.33-1 || 7.34-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000150.html ASA-201411-25]<br />
|-<br />
| {{CVE|CVE-2013-6497}} [http://seclists.org/oss-sec/2014/q4/673 templink] || {{pkg|clamav}} || 2014-11-18 || <= 0.98.4-1 || 0.98.5-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000146.html ASA-201411-21]<br />
|-<br />
| {{CVE|CVE-2014-7817}} [https://sourceware.org/bugzilla/show_bug.cgi?id=17625 templink] || {{pkg|glibc}} {{pkg|lib32-glibc}} || 2014-11-19 || <= 2.20-2 || 2.20.3 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000152.html ASA-201411-27]<br />
|-<br />
| {{CVE|CVE-2014-8600}} [https://www.kde.org/info/security/advisory-20141113-1.txt templink] || {{pkg|kwebkitpart}} || 2014-11-18 || <= 1.3.4-2 || 1.3.4-3 || 4d || Fixed ({{bug|44170}} {{bug|42775}}) || None<br />
|-<br />
| {{CVE|CVE-2014-8767}} {{CVE|CVE-2014-8768}} {{CVE|CVE-2014-8769}} {{CVE|CVE-2014-9140}} {{CVE|CVE-2015-0261}} {{CVE|CVE-2015-2153}} {{CVE|CVE-2015-2154}} {{CVE|CVE-2015-2155}} [http://www.securityfocus.com/archive/1/534011/30/0/threaded templink] [http://www.securityfocus.com/archive/1/534010/30/0/threaded templink] [http://www.securityfocus.com/archive/1/534009/30/0/threaded templink] [https://github.com/the-tcpdump-group/tcpdump/commit/0f95d441e4b5d7512cc5c326c8668a120e048eda templink] || {{pkg|tcpdump}} || 2014-11-18 || <= 4.6.2-1 || 4.7.3-1 || 88d || Fixed ({{bug|44153}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000261.html ASA-201503-20]<br />
|-<br />
| {{CVE|CVE-2014-8090}} || {{pkg|ruby}} || 2014-11-13 || <= 2.1.4-1 || 2.1.5-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000141.html ASA-201411-16]<br />
|-<br />
| {{CVE|CVE-2014-7823}} || {{pkg|libvirt}} || 2014-11-13 || <= 1.2.10-1 ||1.2.11-1 ||33d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-8710}} {{CVE|CVE-2014-8711}} {{CVE|CVE-2014-8712}} {{CVE|CVE-2014-8713}} {{CVE|CVE-2014-8714}} [https://www.wireshark.org/security/wnpa-sec-2014-20.html templink] [https://www.wireshark.org/security/wnpa-sec-2014-21.html templink] [https://www.wireshark.org/security/wnpa-sec-2014-22.html templink] || {{pkg|wireshark-cli}} {{pkg|wireshark-gtk}} {{pkg|wireshark-qt}} || 2014-11-13 || <= 1.12.1-1 || 1.12.2-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000147.html ASA-201411-22] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000148.html ASA-201411-23] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000149.html ASA-201411-24]<br />
|-<br />
| {{CVE|CVE-2014-0573}} {{CVE|CVE-2014-0574}} {{CVE|CVE-2014-0576}} {{CVE|CVE-2014-0577}} {{CVE|CVE-2014-0581}} {{CVE|CVE-2014-0582}} {{CVE|CVE-2014-0583}} {{CVE|CVE-2014-0584}} {{CVE|CVE-2014-0585}} {{CVE|CVE-2014-0586}} {{CVE|CVE-2014-0588}} {{CVE|CVE-2014-0589}} {{CVE|CVE-2014-0590}} {{CVE|CVE-2014-8437}} {{CVE|CVE-2014-8438}} {{CVE|CVE-2014-8440}} {{CVE|CVE-2014-8441}} {{CVE|CVE-2014-8442}} [https://helpx.adobe.com/security/products/flash-player/apsb14-24.html templink] || {{pkg|flashplugin}} || 2014-11-11 || <= 11.2.202.411-1 || 11.2.202.418-1 || <1d || Fixed ({{bug|42769}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000136.html ASA-201411-11]<br />
|-<br />
| {{CVE|CVE-2014-3710}} [https://bugzilla.redhat.com/show_bug.cgi?id=1155071 templink] || {{pkg|php}} || 2014-10-29 || <= 5.6.2-2 || 5.6.3-1 || 14d || Fixed ({{bug|42764}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000138.html ASA-201411-13]<br />
|-<br />
| {{CVE|CVE-2014-8564}} [http://www.gnutls.org/security.html#GNUTLS-SA-2014-5 templink]|| {{pkg|gnutls}} || 2014-11-10 || <= 3.3.9-1 ||3.3.10-1 ||<1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000135.html ASA-201411-10]<br />
|-<br />
| {{CVE|CVE-2014-8716}} [http://seclists.org/oss-sec/2014/q4/591 templink]|| {{pkg|imagemagick}} || 2014-11-12 || <= 6.8.9.9-1 || 6.8.9.10-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000137.html ASA-201411-12]<br />
|-<br />
| {{CVE|CVE-2014-3710}} [https://bugzilla.redhat.com/show_bug.cgi?id=1155071 templink] || {{pkg|file}} || 2014-10-29 || <= 5.20-1 || 5.20-2 || 12d || Fixed ({{bug|42759}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000134.html ASA-201411-9]<br />
|-<br />
| {{CVE|CVE-2014-1569}} [https://bugzilla.mozilla.org/show_bug.cgi?id=1064670 templink] || {{pkg|nss}} || 2014-11-07 || <= 3.17.2-1 || 3.17.3-1 || 22d || Fixed ({{bug|42760}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000176.html ASA-201412-18]<br />
|-<br />
| {{CVE|CVE-2014-7824}} [http://www.openwall.com/lists/oss-security/2014/11/10/2 templink] || {{pkg|dbus}} || 2014-11-10 || <= 1.8.8-1 || 1.8.10-1 || 14d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000153.html ASA-201411-28]<br />
|-<br />
| {{CVE|CVE-2014-8598}} {{CVE|CVE-2014-7146}} [http://www.openwall.com/lists/oss-security/2014/11/07/27 templink] [http://www.openwall.com/lists/oss-security/2014/11/07/28 templink]|| {{pkg|mantisbt}} || 2014-11-08 || <= 1.2.17-3 || 1.2.17-4 || <4d || Fixed ({{bug|42761}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000133.html ASA-201411-8]<br />
|-<br />
| {{CVE|CVE-2014-8483}} [https://www.kde.org/info/security/advisory-20141104-1.txt templink] || {{pkg|konversation}} || 2014-11-04 || <= 1.5-1 || 1.5.1-1 || <4d || Fixed ({{bug|42698}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000130.html ASA-201411-5]<br />
|-<br />
| {{CVE|CVE-2014-3707}} [http://curl.haxx.se/docs/adv_20141105.html templink]|| {{pkg|curl}} || 2014-11-05 || <= 7.38.0-3 || 7.39.0-1 || 6d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000132.html ASA-201411-7]<br />
|-<br />
| {{CVE|CVE-2014-8651}} [http://seclists.org/oss-sec/2014/q4/520 templink]|| {{pkg|kdebase-workspace}} || 2014-11-04 || <= 4.11.13-1 || 4.11.13-2 || 6d || Fixed ({{bug|42679}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000131.html ASA-201411-6]<br />
|-<br />
| {{CVE|CVE-2014-8627}} {{CVE|CVE-2014-8628}} [http://www.openwall.com/lists/oss-security/2014/11/04/6 templink]|| {{pkg|polarssl}} || 2014-10-23 || <= 1.3.8-3 || 1.3.9-1 || 11d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000129.html ASA-201411-4]<br />
|-<br />
| {{CVE|CVE-2014-8321}} {{CVE|CVE-2014-8322}} {{CVE|CVE-2014-8323}} {{CVE|CVE-2014-8324}} [http://www.securityfocus.com/archive/1/533869/30/0/threaded templink]|| {{pkg|aircrack-ng}} || 2014-11-02 || <= 1.2beta3-1 || 1.2rc1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000127.html ASA-201411-2]<br />
|-<br />
| {{CVE|CVE-2014-8554}} [http://www.openwall.com/lists/oss-security/2014/10/30/9 templink]|| {{pkg|mantisbt}} || 2014-10-30 || <= 1.2.17-2 || 1.2.17-3 || 5d || Fixed ({{bug|42683}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000128.html ASA-201411-3]<br />
|-<br />
| {{CVE|CVE-2014-8354}} {{CVE|CVE-2014-8355}} {{CVE|CVE-2014-8561}} {{CVE|CVE-2014-8562}} [http://seclists.org/oss-sec/2014/q4/466 templink]|| {{pkg|imagemagick}} || 2014-10-29 || <= 6.8.9.8-1 || 6.8.9.9-1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-8517}} [http://seclists.org/oss-sec/2014/q4/459 templink]|| {{pkg|tnftp}} || 2014-10-28 || <= 20130505-2 || 20141031-1 || 4d || Fixed ({{bug|42646}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000126.html ASA-201411-1]<br />
|-<br />
| {{CVE|CVE-2014-4877}} [http://git.savannah.gnu.org/cgit/wget.git/commit/?id=18b0979357ed7dc4e11d4f2b1d7e0f5932d82aa7 templink]|| {{pkg|wget}} || 2014-10-27 || <= 1.15-1 || 1.16-1 || <2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000125.html ASA-201410-14]<br />
|-<br />
| {{CVE|CVE-2014-8484}} {{CVE|CVE-2014-8485}} {{CVE|CVE-2014-8501}} {{CVE|CVE-2014-8502}} {{CVE|CVE-2014-8503}} {{CVE|CVE-2014-8504}} {{CVE|CVE-2014-8737}} {{CVE|CVE-2014-8738}} [http://seclists.org/oss-sec/2014/q4/424 templink] [http://seclists.org/oss-sec/2014/q4/599 tmplink] [http://seclists.org/oss-sec/2014/q4/600 templink] || {{pkg|avr-binutils}} || 2014-10-23 || <= 2.24-2 || 2.24-3 || 27d || Fixed ({{bug|42773}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000145.html ASA-201411-20]<br />
|-<br />
| {{CVE|CVE-2014-8484}} {{CVE|CVE-2014-8485}} {{CVE|CVE-2014-8501}} {{CVE|CVE-2014-8502}} {{CVE|CVE-2014-8503}} {{CVE|CVE-2014-8504}} {{CVE|CVE-2014-8737}} {{CVE|CVE-2014-8738}} [http://seclists.org/oss-sec/2014/q4/424 templink] [http://seclists.org/oss-sec/2014/q4/599 tmplink] [http://seclists.org/oss-sec/2014/q4/600 templink] || {{pkg|mingw-w64-binutils}} || 2014-10-23 || <= 2.24-1 || 2.24-2 || 26d || Fixed ({{bug|42773}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000144.html ASA-201411-19]<br />
|-<br />
| {{CVE|CVE-2014-8484}} {{CVE|CVE-2014-8485}} {{CVE|CVE-2014-8501}} {{CVE|CVE-2014-8502}} {{CVE|CVE-2014-8503}} {{CVE|CVE-2014-8504}} {{CVE|CVE-2014-8737}} {{CVE|CVE-2014-8738}} [http://seclists.org/oss-sec/2014/q4/424 templink] [http://seclists.org/oss-sec/2014/q4/599 tmplink] [http://seclists.org/oss-sec/2014/q4/600 templink] || {{pkg|arm-none-eabi-binutils}} || 2014-10-23 || <= 2.24-2 || 2.24-3 || 26d || Fixed ({{bug|42773}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000143.html ASA-201411-18]<br />
|-<br />
| {{CVE|CVE-2014-8484}} {{CVE|CVE-2014-8485}} {{CVE|CVE-2014-8501}} {{CVE|CVE-2014-8502}} {{CVE|CVE-2014-8503}} {{CVE|CVE-2014-8504}} {{CVE|CVE-2014-8737}} {{CVE|CVE-2014-8738}} [http://seclists.org/oss-sec/2014/q4/424 templink] [http://seclists.org/oss-sec/2014/q4/599 tmplink] [http://seclists.org/oss-sec/2014/q4/600 templink] || {{pkg|binutils}} || 2014-10-23 || <= 2.24-7 || 2.24-8 || 26d || Fixed ({{bug|42773}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000142.html ASA-201411-17]<br />
|-<br />
| {{CVE|CVE-2014-8559}} [http://www.openwall.com/lists/oss-security/2014/10/30/7 templink] || {{pkg|linux}}, {{pkg|linux-lts}} || 2014-10-30 || <= 3.17.3-1, <= 3.14.24-1 ||3.17.4-1 3.14.25-1 || ~23d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-3610}} {{CVE|CVE-2014-3611}} {{CVE|CVE-2014-3646}} {{CVE|CVE-2014-3647}} {{CVE|CVE-2014-7825}} {{CVE|CVE-2014-7826}} {{CVE|CVE-2014-8369}} [http://permalink.gmane.org/gmane.comp.security.oss.general/14526 templink] [http://seclists.org/oss-sec/2014/q4/548 templink] || {{pkg|linux}}, {{pkg|linux-lts}} || 2014-10-21 || <= 3.17.2-1, <= 3.14.23-1 || 3.17.3-1, 3.14.24-1 || || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000139.html ASA-201411-14] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000140.html ASA-201411-15]<br />
|-<br />
| {{CVE|CVE-2014-8480}} {{CVE|CVE-2014-8481}} [http://permalink.gmane.org/gmane.comp.security.oss.general/14526 templink] || {{pkg|linux}} || 2014-10-21 || <= 3.17.2-1 || 3.17.3-1 || || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000139.html ASA-201411-14]<br />
|-<br />
| {{CVE|CVE-2014-3695}} {{CVE|CVE-2014-3696}} {{CVE|CVE-2014-3698}} [https://pidgin.im/news/security/ templink] || {{pkg|libpurple}} || 2014-10-22 || <= 2.10.9-2 || 2.10.10-1 || < 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000120.html ASA-201410-9]<br />
|-<br />
| {{CVE|CVE-2014-8760}} || {{pkg|ejabberd}} || 2014-10-13 || <= 14.07-1 || 14.07-2 || 14d || Fixed ({{bug|42541}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000124.html ASA-201410-13]<br />
|-<br />
| {{CVE|CVE-2014-3686}} || {{pkg|wpa_supplicant}}, {{pkg|hostapd}} || 2014-10-09 || <= 2.2-2 || 2.3-1 || ~10d || Fixed ({{bug|42401}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000119.html ASA-201410-8]<br />
|-<br />
| {{CVE|CVE-2014-0191}} {{CVE|CVE-2014-3660}} || {{pkg|libxml2}} || 2014-10-16 || <= 2.9.1-5 || 2.9.2-1 || 8d || Fixed ({{bug|40790}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000123.html ASA-201410-12]<br />
|-<br />
| {{CVE|CVE-2014-3704}} [https://www.drupal.org/SA-CORE-2014-005 templink] || {{pkg|drupal}} || 2014-10-15 || <= 7.31-2 || 7.32-1 || 1d || Fixed ({{bug|42388}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000118.html ASA-201410-7]<br />
|-<br />
| {{CVE|CVE-2014-3513}} {{CVE|CVE-2014-3566}} {{CVE|CVE-2014-3567}} {{CVE|CVE-2014-3568}} [https://www.openssl.org/news/secadv_20141015.txt templink] [https://www.openssl.org/~bodo/ssl-poodle.pdf temp link] || {{pkg|openssl}} || 2014-10-15 || <= 1.0.1.i-1 || 1.0.1.j-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000117.html ASA-201410-6]<br />
|-<br />
| {{CVE|CVE-2014-8242}} [http://www.openwall.com/lists/oss-security/2014/10/13/2 temp link] || {{pkg|librsync}} || 2014-10-12 || <= 0.9.7-7 || 1.0.0-1 || 166d || Fixed ({{bug|44175}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000251.html ASA-201503-10]<br />
|-<br />
| {{CVE|CVE-2014-7203}} {{CVE|CVE-2014-7202}} [http://seclists.org/oss-sec/2014/q3/776 temp link] || {{pkg|zeromq}} || 2014-09-27 || <= 4.0.4-4 || 4.0.5-1 || 18d || Fixed ({{bug|42381}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000116.html ASA-201410-4]<br />
|-<br />
| {{CVE|CVE-2014-6051}} {{CVE|CVE-2014-6052}} {{CVE|CVE-2014-6053}} {{CVE|CVE-2014-6054}} {{CVE|CVE-2014-6055}} [http://seclists.org/oss-sec/2014/q3/639 temp link] || {{pkg|libvncserver}} || 2014-09-23 || <= 0.9.9-3 || 0.9.10-1 || 31d || Fixed ({{bug|42321}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000121.html ASA-201410-10]<br />
|-<br />
| {{CVE|CVE-2014-3683}} [http://www.rsyslog.com/remote-syslog-pri-vulnerability-cve-2014-3683/ temp link] || {{pkg|rsyslog}} || 2014-10-02 || <= 8.4.1-1 || 8.4.2-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000115.html ASA-201410-5]<br />
|-<br />
| {{CVE|CVE-2014-7204}} [http://seclists.org/oss-sec/2014/q3/842 temp link] || {{pkg|ctags}} || 2014-09-29 || <= 5.8-4 || 5.8-5 || 26d || Fixed ({{bug|42246}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000122.html ASA-201410-11]<br />
|-<br />
| {{CVE|CVE-2014-7295}} [https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-October/000163.html temp link] || {{pkg|mediawiki}} || 2014-10-02 || <= 1.23.4-1 || 1.23.5-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000114.html ASA-201410-3]<br />
|-<br />
| {{CVE|CVE-2014-3661}} {{CVE|CVE-2014-3662}} {{CVE|CVE-2014-3663}} {{CVE|CVE-2014-3664}} {{CVE|CVE-2014-3680}} {{CVE|CVE-2014-3681}} {{CVE|CVE-2014-3666}} {{CVE|CVE-2014-3667}} {{CVE|CVE-2013-2186}} {{CVE|CVE-2014-1869}} {{CVE|CVE-2014-3678}} {{CVE|CVE-2014-3679}} [https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01 temp link] || {{pkg|jenkins}} || 2014-10-01 || <= 1.582-1 || 1.583-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000113.html ASA-201410-2]<br />
|-<br />
| {{CVE|CVE-2014-3634}} [http://www.rsyslog.com/remote-syslog-pri-vulnerability/ temp link] || {{pkg|rsyslog}} || 2014-09-30 || <= 8.4.0-1 || 8.4.1-1 || 1d || Fixed ({{bug|42200}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000112.html ASA-201410-1]<br />
|-<br />
| {{CVE|CVE-2014-3657}} {{CVE|CVE-2014-3633}} [https://www.debian.org/security/2014/dsa-3038 temp link] || {{pkg|libvirt}} || 2014-09-26 || <= 1.2.8-1 || 1.2.8-2 || 3d || Fixed ({{bug|42159}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-September/000111.html ASA-201409-5]<br />
|-<br />
| {{CVE|CVE-2014-7199}} [https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-September/000161.html temp link] || {{pkg|mediawiki}} || 2014-09-24 || <= 1.23.3-1 || 1.23.4-1 || 5d || Fixed ({{bug|42161}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-September/000109.html ASA-201409-4]<br />
|-<br />
| {{CVE|CVE-2014-7185}} [http://bugs.python.org/issue21831 temp link] || {{pkg|python2}} || 2014-09-24 || < 2.7.8 || 2.7.8-1 || < 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-September/000102.html ASA-201409-3]<br />
|-<br />
| {{CVE|CVE-2014-1568}} [https://www.mozilla.org/security/announce/2014/mfsa2014-73.html temp link] || {{pkg|nss}} || 2014-09-24 || < 3.17.1 || 3.17.1-1 || < 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-September/000097.html ASA-201409-1]<br />
|-<br />
| {{CVE|CVE-2014-6271}} {{CVE|CVE-2014-7169}} {{CVE|CVE-2014-7186}} {{CVE|CVE-2014-7187}} {{CVE|CVE-2014-6277}} {{CVE|CVE-2014-6278}} [http://seclists.org/oss-sec/2014/q3/649 temp link] || {{pkg|bash}} || 2014-09-24 || <= 4.3.024-1 || 4.3.026-1 || 2d || Fixed ({{bug|42109}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-September/000099.html ASA-201409-2]<br />
|-<br />
| {{CVE|CVE-2014-3635}} {{CVE|CVE-2014-3636}} {{CVE|CVE-2014-3637}} {{CVE|CVE-2014-3638}} {{CVE|CVE-2014-3639}} [http://www.openwall.com/lists/oss-security/2014/09/16/9 temp link] || {{pkg|dbus}} {{pkg|libdbus}} {{pkg|lib32-libdbus}} || 2014-09-16 || < 1.8.8 || 1.8.8-1 || 1d || Fixed ({{bug|41993}}) || None<br />
|-<br />
| {{CVE|CVE-2014-3613}} {{CVE|CVE-2014-3620}} [http://curl.haxx.se/docs/security.html temp link] || {{pkg|curl}} {{pkg|lib32-curl}}|| 2014-09-10 || < 7.38.0 || 7.38.0-1 || 5d ({{pkg|curl}}), 7d ({{pkg|lib32-curl}}) || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-3609}} [http://www.squid-cache.org/Advisories/SQUID-2014_2.txt temp link] || {{pkg|squid}} || 2014-08-28 || < 3.4.7 || 3.4.7-1 || < 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-5119}} [https://sourceware.org/bugzilla/show_bug.cgi?id=17187 temp link] || {{pkg|glibc}} || 2014-07-21 || <= 2.19 || 2.20-2 || 55d || Fixed ({{bug|41713}}) || None<br />
|-<br />
| {{CVE|CVE-2014-3508}} {{CVE|CVE-2014-5139}} {{CVE|CVE-2014-3509}} {{CVE|CVE-2014-3505}} {{CVE|CVE-2014-3506}} {{CVE|CVE-2014-3507}} {{CVE|CVE-2014-3510}} {{CVE|CVE-2014-3511}} {{CVE|CVE-2014-3512}} [https://www.openssl.org/news/secadv_20140806.txt temp link] || {{pkg|openssl}} || 2014-08-06 || < 1.0.1.i || 1.0.1.i-1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0226}} [http://www.zerodayinitiative.com/advisories/ZDI-14-236/ temp link] || {{pkg|apache}} || 2014-07-15 || < 2.4.10 || 2.4.10-1 || ~7d || Fixed ({{bug|41244}}) || None<br />
|-<br />
| {{CVE|CVE-2014-4943}} [http://www.openwall.com/lists/oss-security/2014/07/17/1 temp link] || {{pkg|linux}}, {{pkg|linux-lts}}, {{pkg|linux-grsec}} || 2014-07-16 || || 3.15.5.201407170639-1 {{pkg|linux-grsec}}, 3.14.16 ({{pkg|linux-lts}}), 3.16 ({{pkg|linux}}) || 1d ({{pkg|linux-grsec}}), 23d ({{pkg|linux-lts}}), 27d {{pkg|linux}} || Fixed in {{pkg|linux}}, {{pkg|linux-lts}} ({{bug|41231}}), Fixed in {{pkg|linux-grsec}} || None<br />
|-<br />
| {{CVE|CVE-2014-0475}} [http://www.openwall.com/lists/oss-security/2014/07/10/7 temp link] || {{pkg|glibc}} || 2014-07-10 || <=2.19 || 2.20-2 || 66d || Fixed ({{bug|41166}}) || None<br />
|-<br />
| {{CVE|CVE-2014-4699}} [http://www.openwall.com/lists/oss-security/2014/07/04/4 temp link] || {{Pkg|linux}}, {{pkg|linux-lts}}, {{pkg|linux-grsec}} || 2014-07-04 || || 3.15.3.201407060933-1 {{pkg|linux-grsec}}, 3.15.4-1 {{pkg|linux}}, 3.14.11-1 {{pkg|linux-lts}} || 2d ({{pkg|linux-grsec}}), 3d ({{pkg|linux}}, {{pkg|linux-lts}}) || Fixed ({{bug|41115}}) || None<br />
|-<br />
| {{CVE|CVE-2014-4715}} [http://www.openwall.com/lists/oss-security/2014/07/02/13 temp link] || {{Pkg|lz4}} || 2014-07-02 || || 119-1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-4611}} [http://www.openwall.com/lists/oss-security/2014/06/26/25 temp link] || {{Pkg|linux}}, {{pkg|linux-grsec}}, {{pkg|lz4}} || 2014-06-26 || || 3.15.2-1 ({{pkg|linux}}), 3.15.2.201406262058-1 ({{pkg|linux-grsec}}), 118-1 {{pkg|lz4}} || <1d ({{pkg|linux}}, {{pkg|linux-grsec}}, {{pkg|lz4}}) || Fixed in {{pkg|linux}} ({{bug|40992}}), Fixed in {{pkg|linux-grsec}}, Fixed in {{pkg|lz4}} ({{bug|40997}}) || None<br />
|-<br />
| {{CVE|CVE-2014-4610}} [http://www.openwall.com/lists/oss-security/2014/06/26/23 temp link] || {{Pkg|ffmpeg}} || 2014-06-26 || || 1:2.2.4-1 || <2d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-4609}} [http://www.openwall.com/lists/oss-security/2014/06/26/22 temp link] || {{Pkg|gst-libav}} || 2014-06-26 || 1.2.4-1 || 1.2.4-2 (with libav 9.14) || 2d || Fixed ({{bug|40995}}) || None<br />
|-<br />
| {{CVE|CVE-2014-4608}} [http://www.openwall.com/lists/oss-security/2014/06/26/21 temp link] || {{Pkg|linux}}, {{pkg|linux-lts}}, {{pkg|linux-grsec}} || 2014-06-26 || || 3.15.2-1 ({{pkg|linux}}), 3.10.45-1 ({{pkg|linux-lts}}), 3.15.2.201406262058-1 ({{pkg|linux-grsec}}) || <1d ({{pkg|linux}}, {{pkg|linux-lts}}, {{pkg|linux-grsec}}) || Fixed in {{pkg|linux}} and {{pkg|linux-lts}} ({{bug|40992}}), Fixed in {{pkg|linux-grsec}} || None<br />
|-<br />
| {{CVE|CVE-2014-4607}} [http://www.openwall.com/lists/oss-security/2014/06/26/20 temp link] || {{Pkg|lzo2}} || 2014-06-26 || || 2.07-2 || 3d || Fixed ({{bug|40993}}) || None<br />
|-<br />
| {{CVE|CVE-2014-4617}} [http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000345.html temp link] || {{Pkg|gnupg}} || 2014-06-24 || < 2.0.24 || 2.0.24 || 7d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0244}} {{CVE|CVE-2014-3493}} [https://www.samba.org/samba/history/samba-4.1.9.html temp link] || {{Pkg|samba}} || 2014-06-23 || < 4.1.9 || 4.1.9 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1545}} [https://www.mozilla.org/security/announce/2014/mfsa2014-55.html temp link] || {{Pkg|nspr}} || 2014-06-10 || < 4.10.6 || 4.10.6 || ~1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-3859}} || {{Pkg|bind}} || 2014-06-11 || 9.10.0, 9.10.0-P1 || 9.10.0-P2 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-3477}} || {{Pkg|dbus}} || 2014-06-10 || <= 1.8.2 || 1.8.4 || 3d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0195}} {{CVE|CVE-2014-0198}} {{CVE|CVE-2010-5298}} {{CVE|CVE-2014-3470}} {{CVE|CVE-2014-0224}} {{CVE|CVE-2014-0221}} [http://www.openssl.org/news/secadv_20140605.txt temp link] || {{Pkg|openssl}} || 2014-06-05 || 1.0.1 - 1.0.1g || 1.0.1h || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-3153}} [http://seclists.org/oss-sec/2014/q2/467 temp link]|| {{Pkg|linux}}, {{pkg|linux-lts}}, {{Pkg|linux-grsec}} || 2014-06-05 || ? || 3.14.6 ({{pkg|linux}}), 3.10.42-1 ({{pkg|linux-lts}}), 3.14.5.201406051310-1 ({{pkg|linux-grsec}})|| 3d ({{pkg|linux}}, {{pkg|linux-lts}}), <1d ({{pkg|linux-grsec}}) || Fixed in {{pkg|linux}} ({{bug|40715}}), Fixed in {{pkg|linux-lts}}, Fixed in {{pkg|linux-grsec}} || None<br />
|-<br />
| {{CVE|CVE-2014-3466}} [https://bugzilla.redhat.com/show_bug.cgi?id=1101932 temp link]|| {{Pkg|gnutls}} || 2014-05-30 || < 3.3.3 || 3.3.3 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0209}} {{CVE|CVE-2014-0210}} {{CVE|CVE-2014-0211}}|| {{Pkg|libxfont}} || 2014-05-13 || < 1.4.18 || 1.4.18 || 3d || Fixed ({{Bug|40409 }}) || None<br />
|-<br />
| {{CVE|CVE-2014-0196}} [https://bugzilla.redhat.com/show_bug.cgi?id=1094232 temp-link] || {{Pkg|linux}}, {{Pkg|linux-lts}}, {{pkg|linux-grsec}} || 2014-05-05 || 2.6.31 - 3.14 || 3.14.3-2 ({{pkg|linux}}), 3.10.39-2 ({{pkg|linux-lts}}), 3.14.3.201405121814-1 ({{pkg|linux-grsec}}) || 7d ({{pkg|linux}}), 8d {{pkg|linux-lts}}, <1d ({{pkg|linux-grsec}}) || Fixed in {{pkg|linux}} ({{Bug|40232}}), Fixed in {{pkg|linux-lts}}, Fixed in {{pkg|linux-grsec}} || None<br />
|-<br />
| {{CVE|CVE-2014-2905}} {{CVE|CVE-2014-2906}} {{CVE|CVE-2014-2914}} [https://bugzilla.redhat.com/show_bug.cgi?id=1092091 temp-link] || {{Pkg|fish}} || 2014-04-28 || 1.16.0 - 2.1.0 || 2.2.1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0160}} || {{Pkg|openssl}} || 2014-04-07 || 1.0.1 - 1.0.1f || 1.0.1g || ~1d || Fixed ({{Bug|39775}}) || None<br />
|-<br />
| {{CVE|CVE-2014-1700}} {{CVE|CVE-2014-1701}} {{CVE|CVE-2014-1702}} {{CVE|CVE-2014-1703}} {{CVE|CVE-2014-1704}} {{CVE|CVE-2014-1705}} {{CVE|CVE-2014-1713}} {{CVE|CVE-2014-1715}} || {{Pkg|chromium}} {{Pkg|v8}} || 2014-03-11 || 32 || 33 || 4d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0098}} {{CVE|CVE-2013-6438}}|| {{Pkg|apache}} || 2014-03-17 || 2.4.8 || 2.4.9 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1492}} || {{Pkg|nss}} || 2014-03-18 || 3.15.5 || 3.16 || 22d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1493}} {{CVE|CVE-2014-1494}} {{CVE|CVE-2014-1497}} {{CVE|CVE-2014-1498}} {{CVE|CVE-2014-1499}} {{CVE|CVE-2014-1500}} {{CVE|CVE-2014-1502}} {{CVE|CVE-2014-1504}} {{CVE|CVE-2014-1505}} {{CVE|CVE-2014-1508}} {{CVE|CVE-2014-1509}} {{CVE|CVE-2014-1510}} {{CVE|CVE-2014-1511}} {{CVE|CVE-2014-1512}} {{CVE|CVE-2014-1513}} {{CVE|CVE-2014-1514}} || {{Pkg|firefox}} {{Pkg|thunderbird}} || 2014-03-18 || 27 || 28 || 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-2240}} {{CVE|CVE-2014-2241}}|| {{Pkg|freetype2}} || ? || 2.5.2 || 2.5.3 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-2029}}|| {{Pkg|xtrabackup}} || 2014-02-16 || 2.1.7 || 2.1.8 || 28d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1958}} {{CVE|CVE-2014-2030}}|| {{Pkg|imagemagick}} || ? || ? || 6.8.8.9-1 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1943}} {{CVE|CVE-2014-2270}}|| {{Pkg|php}} || 2014-03-06 || 5.5.9 || 5.5.110 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0404}} {{CVE|CVE-2014-0406}} {{CVE|CVE-2014-0407}} || {{Pkg|virtualbox}} || 2014-02-28 || 4.3.4 || 4.3.6 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-2323}} {{CVE|CVE-2014-2324}} || {{Pkg|lighttpd}} || 2014-03-12 || 1.4.34 || 1.4.35 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0333}} || {{Pkg|libpng}} || 2014-02-28 || 1.6.9 || 1.6.10 || 9d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0017}} || {{Pkg|libssh}} || 2014-03-04 || ? || 0.5.5-3 || 5d || Fixed || None<br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/628 CVE-2013-7339] || {{Pkg|linux}} || 2014-03-20 || < 3.5.7.29 || 3.5.7.29 || 0d || Fixed || None<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2568 CVE-2014-2568] || {{Pkg|linux}} || 2014-03-18 || ? || ? || ? || Not Affected ({{Bug|39566}}) ||<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2524 CVE-2014-2524] || {{Pkg|tigervnc}} || 2014-03-19 || ? || 1.3.1 || 1d || Fixed || None<br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/595 CVE-2013-7338] || {{Pkg|python}} || 2014-03-19 || 3.4beta || 3.4 || ? || Fixed ({{Bug|39540}}) || None<br />
|-<br />
| [http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html CVE-2014-0133 ] || {{Pkg|nginx}} || 2014-03-18 || ? || 1.4.7 || 0d || Fixed || None<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2013-7336 CVE-2013-7336 ] || {{Pkg|libvirt}} || 2013-09-19 || ? || 1.1.1-7 (in RHEL 7) || 0d || Fixed || None<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2523 CVE-2014-2523 ] || {{Pkg|linux}} || 2014-03-17 || ? || 3.13-rc5 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0004}} || {{Pkg|udisks2}} & {{Pkg|udisks}} || 2014-03-10 || 2.1.3 / 1.0.5 || 2.1.3 / 1.0.5 || 3d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-2281}} {{CVE|CVE-2014-2282}} {{CVE|CVE-2014-2283}} {{CVE|CVE-2014-2299}} || {{Pkg|wireshark-cli}} || 2014-03-10 || 1.10.6 || 1.10.6 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0050}} || {{Pkg|tomcat7}} || 2014-02-06 || 7.0.51 || 7.0.51 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0033}} || {{Pkg|tomcat6}} || 2014-01-10 || 6.0.37 || 6.0.37 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0032}} || {{Pkg|subversion}} || 2014-01-10 || 1.8.6 || 1.8.6 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0060}} {{CVE|CVE-2014-0061}} {{CVE|CVE-2014-0062}} {{CVE|CVE-2014-0063}} {{CVE|CVE-2014-0064}} {{CVE|CVE-2014-0065}} {{CVE|CVE-2014-0066}} {{CVE|CVE-2014-0067}} || {{Pkg|postgresql}} || 2014-02-20 || <=9.3.3 || 9.3.3-1 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1912}} || {{Pkg|python}} {{Pkg|python2}} || 2014-02-07 || ? || 2.7.6-3 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2013-4496}} {{CVE|CVE-2013-6442}} || {{Pkg|samba}} || 2014-03-14 || ? || 4.1.6 || 2d || Fixed ({{Bug|39424}}) || None<br />
|-<br />
| {{CVE|CVE-2014-0504}} || {{Pkg|flashplugin}} || 2014-03-12 || ? || 11.2.202.346 || 1d || Fixed ({{Bug|39385}}) || None<br />
|-<br />
| {{CVE|CVE-2014-0106}} || {{Pkg|sudo}} || || 1.8.9.p5 || 1.8.10 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-2285}} {{CVE|CVE-2014-2284}} || {{Pkg|net-snmp}} || 2014-03-05 || ? || 5.7.2.1-2 || 8d || Fixed ({{Bug|39190}}) || None<br />
|-<br />
| {{CVE|CVE-2014-0092}} || {{Pkg|gnutls}} || 2014-03-04 || <3.2.12 || 3.2.12-1 || 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-2242}} {{CVE|CVE-2014-2243}} {{CVE|CVE-2014-2244}} || {{Pkg|mediawiki}} || 2014-03-14 || <1.22.3 || 1.22.3 || 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-2093}} {{CVE|CVE-2014-2094}} {{CVE|CVE-2014-2095}} {{CVE|CVE-2014-2096}} || {{Pkg|catfish}} || 2014-02-25 || <1.0.1 || 1.0.1 || 8d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0497}} || {{Pkg|flashplugin}} || 2014-02-04 || ? || 11.2.202.346 || 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0015}} || {{Pkg|curl}} || 2014-01-29 || <7.35 || 7.35 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1610}} || {{Pkg|mediawiki}} || 2014-01-29 || <1.22.2 || 1.22.2 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0021}} || {{Pkg|chrony}} || 2014-01-17 || <1.29.1-1 || 1.29.1-1 || 14d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1875}} || {{Pkg|perl-capture-tiny}} || 2014-02-06 || ? || 0.24-1 || 4d || Fixed ({{Bug|38862}}) || None<br />
|-<br />
| {{CVE|CVE-2013-6493}} || {{Pkg|icedtea-web-java7}} || 2014-02-05 || <1.4.2 || 1.4.2 || 0d || Fixed || None<br />
|- <br />
| {{CVE|CVE-2014-1858}} {{CVE|CVE-2014-1859}} || {{Pkg|python-numpy}} || 2014-02-06 || ? || 1.8.0-2 || 4d || Fixed ({{Bug|38863}}) || None<br />
|-<br />
| {{CVE|CVE-2014-1932}} {{CVE|CVE-2014-1933}} || {{Pkg|python-pillow}} || 2014-02-10 || <2.3.1 || 2.3.1 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1935}} || {{Pkg|9base}} || 2014-02-10 || ? || ? || ? || ? ||<br />
|-<br />
| {{CVE|CVE-2014-1949}} [http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-1949.html temp link] || {{Pkg|cinnamon-screensaver}} || 2014-02-12 || 2.0.3 || ? || ? || ? ||<br />
|-<br />
| {{CVE|CVE-2014-1959}} || {{Pkg|gnutls}} || 2014-02-13 || <3.2.11 || 3.2.11 || 2d || Fixed || None<br />
|- <br />
| {{CVE|CVE-2014-1943}} {{CVE|CVE-2014-2270}} || {{Pkg|file}} || 2014-02-10 || <5.17 || 5.17-1 || 3d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0001}} {{CVE|CVE-2014-0412}} {{CVE|CVE-2014-0437}} {{CVE|CVE-2014-0420}} {{CVE|CVE-2014-0393}} {{CVE|CVE-2014-0386}} {{CVE|CVE-2014-0401}} {{CVE|CVE-2014-0402}} || {{Pkg|mariadb}} || 2014-01-31 || <5.5.35 || 5.5.35-1 || 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1447}} || {{Pkg|libvirt}} || 2014-01-16 || <1.2.1 || 1.2.1 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0979}} || lightdm-gtk* || 2014-01-07 || ? || ? || 25d || Fixed ({{Bug|38715}}) || None<br />
|-<br />
| {{CVE|CVE-2014-1475}} {{CVE|CVE-2014-1476}} || {{Pkg|drupal}} || 2014-01-15 || <7.26 || 7.26-1 || 12d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0019}} || {{Pkg|socat}} || 2014-01-29 || <1.7.2.3 || 1.7.2.3 || 0d || Fixed || None<br />
|- <br />
| {{CVE|CVE-2014-1838}} {{CVE|CVE-2014-1839}} || {{Pkg|python-logilab-common}} || 2014-01-31 || ? || ? || 3d || Fixed [https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737051] || None<br />
|-<br />
| {{CVE|CVE-2014-0368}} {{CVE|CVE-2014-0373}} {{CVE|CVE-2014-0376}} {{CVE|CVE-2014-0411}} {{CVE|CVE-2014-0416}} {{CVE|CVE-2014-0422}} {{CVE|CVE-2014-0423}} {{CVE|CVE-2014-0428}} || *-openjdk-* || 2014-01-15 || ? || ? || 2d || ? ||<br />
|-<br />
| {{CVE|CVE-2014-1402}} || {{Pkg|python-jinja}} || 2014-01-10 || <2.7.2 || 2.7.2 || 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2013-6462}} || {{Pkg|libxfont}} || 2014-01-07 || <1.4.7 || 1.4.7 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1235}} || {{Pkg|graphviz}} || 2014-01-07 || <2.36.0 || 2.34.0-3 || 3d || Fixed ({{Bug|38441}}) || None<br />
|-<br />
| {{CVE|CVE-2014-0978}} || {{Pkg|freerdp}} || 2014-01-10 || <1.0.2 || 1.0.2-5 || 67d || Fixed ({{Bug|38802}}) || None<br />
|-<br />
|}</div>
Anthraxx
https://wiki.archlinux.org/index.php?title=Security_Advisories&diff=454707
Security Advisories
2016-10-21T14:26:40Z
<p>Anthraxx: adding linux-lts advisory</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Related articles start}}<br />
{{Related|Arch CVE Monitoring Team}}<br />
{{Related|CVE}}<br />
{{Related|Security Advisories/Examples}}<br />
{{Related articles end}}<br />
<br />
Security Advisories are published by the community driven [[Arch CVE Monitoring Team]] to the public [https://mailman.archlinux.org/mailman/listinfo/arch-security arch-security] list.<br />
All published advisories can be found below, however if you want to be up-to-date its recommended to subscribe to the [https://mailman.archlinux.org/mailman/listinfo/arch-security list]. All assigned CVE's are tracked at the relevant CVE page [[CVE]], by the [[Arch_CVE_Monitoring_Team|ACMT]].<br />
<br />
==Scheduled Advisories==<br />
<br />
==Recent Advisories==<br />
Here is an archive of security advisories posted to the [https://mailman.archlinux.org/mailman/listinfo/arch-security arch-security] list.<br />
<br />
=== October 2016 ===<br />
* [21 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000739.html ASA-201610-11] {{pkg|linux-lts}} privilege escalation<br />
* [16 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000738.html ASA-201610-10] {{pkg|guile}} multiple issues<br />
* [13 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000737.html ASA-201610-9] {{pkg|gdk-pixbuf2}} arbitrary code execution<br />
* [11 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000736.html ASA-201610-8] {{pkg|crypto++}} information disclosure<br />
* [09 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000735.html ASA-201610-7] {{pkg|wpa_supplicant}} multiple issues<br />
* [08 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000734.html ASA-201610-6] {{pkg|imagemagick}} multiple issues<br />
* [07 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000733.html ASA-201610-5] {{pkg|messagelib}} multiple issues<br />
* [07 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000732.html ASA-201610-4] {{pkg|kcoreaddons}} insufficient validation<br />
* [03 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000731.html ASA-201610-3] {{pkg|hostapd}} multiple issues<br />
* [03 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000730.html ASA-201610-2] {{pkg|systemd}} denial of service<br />
* [03 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000729.html ASA-201610-1] {{pkg|chromium}} arbitrary code execution<br />
<br />
=== September 2016 ===<br />
* [30 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000728.html ASA-201609-32] {{pkg|wordpress}} multiple issues<br />
* [30 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000727.html ASA-201609-31] {{pkg|c-ares}} arbitrary code execution<br />
* [28 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000726.html ASA-201609-30] {{pkg|openssl}} denial of service<br />
* [28 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000725.html ASA-201609-29] {{pkg|bind}} denial of service<br />
* [27 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000724.html ASA-201609-28] {{pkg|lib32-openssl}} denial of service<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000723.html ASA-201609-27] {{pkg|wireshark-cli}} denial of service<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000722.html ASA-201609-26] {{pkg|lib32-gnutls}} certificate verification bypass<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000721.html ASA-201609-25] {{pkg|gnutls}} certificate verification bypass<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000720.html ASA-201609-24] {{pkg|lib32-openssl}} multiple issues<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000719.html ASA-201609-23] {{pkg|openssl}} multiple issues<br />
* [22 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000718.html ASA-201609-22] {{pkg|firefox}} multiple issues<br />
* [22 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000717.html ASA-201609-21] {{pkg|tomcat7}} proxy injection<br />
* [22 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000716.html ASA-201609-20] {{pkg|irssi}} arbitrary code execution<br />
* [20 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000715.html ASA-201609-19] {{pkg|curl}} denial of service<br />
* [20 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000714.html ASA-201609-18] {{pkg|lib32-curl}} denial of service<br />
* [20 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000713.html ASA-201609-17] {{pkg|lib32-jansson}} denial of service<br />
* [18 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000712.html ASA-201609-16] {{pkg|php}} multiple issues<br />
* [17 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000711.html ASA-201609-15] {{pkg|jansson}} denial of service<br />
* [17 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000710.html ASA-201609-14] {{pkg|lib32-libgcrypt}} information disclosure<br />
* [17 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000709.html ASA-201609-13] {{pkg|chromium}} multiple issues<br />
* [15 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000708.html ASA-201609-12] {{pkg|lib32-flashplugin}} multiple issues<br />
* [15 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000707.html ASA-201609-11] {{pkg|flashplugin}} multiple issues<br />
* [14 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000706.html ASA-201609-10] {{pkg|mariadb}} multiple issues<br />
* [13 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000705.html ASA-201609-9] {{pkg|powerdns}} denial of service<br />
* [13 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000704.html ASA-201609-8] {{pkg|libtorrent-rasterbar}} denial of service<br />
* [10 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000703.html ASA-201609-7] {{pkg|tomcat8}} proxy injection<br />
* [09 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000702.html ASA-201609-6] {{pkg|graphicsmagick}} multiple issues<br />
* [09 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000701.html ASA-201609-5] {{pkg|file-roller}} directory traversal<br />
* [09 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000700.html ASA-201609-4] {{pkg|wordpress}} multiple issues<br />
* [04 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000699.html ASA-201609-3] {{pkg|thunderbird}} arbitrary code execution<br />
* [01 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000698.html ASA-201609-2] {{pkg|webkit2gtk}} multiple issues<br />
* [01 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000697.html ASA-201609-1] {{pkg|chromium}} multiple issues<br />
<br />
=== August 2016 ===<br />
* [30 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000696.html ASA-201608-22] {{pkg|mupdf}} arbitrary code execution<br />
* [30 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000695.html ASA-201608-21] {{pkg|mupdf}} arbitrary code execution<br />
* [27 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000694.html ASA-201608-20] {{pkg|wireshark-cli}} denial of service<br />
* [26 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000693.html ASA-201608-19] {{pkg|mediawiki}} multiple issues<br />
* [22 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000692.html ASA-201608-18] {{pkg|libgcrypt}} information disclosure<br />
* [21 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000691.html ASA-201608-17] {{pkg|linux-lts}} information disclosure<br />
* [17 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000690.html ASA-201608-16] {{pkg|chromium}} multiple issues<br />
* [17 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000689.html ASA-201608-15] {{pkg|linux-zen}} information disclosure<br />
* [14 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000688.html ASA-201608-14] {{pkg|postgresql}} multiple issues<br />
* [14 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000687.html ASA-201608-13] {{pkg|linux-grsec}} information disclosure<br />
* [14 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000686.html ASA-201608-12] {{pkg|linux}} information disclosure<br />
* [11 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000685.html ASA-201608-11] {{pkg|websvn}} cross-site scripting<br />
* [10 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000684.html ASA-201608-10] {{pkg|jq}} arbitrary code execution<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000683.html ASA-201608-9] {{pkg|curl}} multiple issues<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000682.html ASA-201608-8] {{pkg|libupnp}} arbitrary filesystem access<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000681.html ASA-201608-7] {{pkg|lib32-glibc}} denial of service<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000680.html ASA-201608-6] {{pkg|glibc}} denial of service<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000679.html ASA-201608-5] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000678.html ASA-201608-4] {{pkg|jre7-openjdk}} multiple issues<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000677.html ASA-201608-3] {{pkg|jdk7-openjdk}} multiple issues<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000676.html ASA-201608-2] {{pkg|firefox}} multiple issues<br />
* [02 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000675.html ASA-201608-1] {{pkg|openssh}} information leakage<br />
<br />
=== July 2016 ===<br />
* [30 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000674.html ASA-201607-14] {{pkg|libidn}} denial of service<br />
* [29 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000673.html ASA-201607-13] {{pkg|imagemagick}} information leakage<br />
* [24 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000672.html ASA-201607-12] {{pkg|chromium}} multiple issues<br />
* [22 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000671.html ASA-201607-11] {{pkg|python2-django}} cross site scripting<br />
* [22 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000670.html ASA-201607-10] {{pkg|python-django}} cross site scripting<br />
* [21 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000669.html ASA-201607-9] {{pkg|drupal}} proxy injection<br />
* [20 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000668.html ASA-201607-8] {{pkg|bind}} denial of service<br />
* [18 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000667.html ASA-201607-7] {{pkg|lib32-flashplugin}} multiple issues<br />
* [18 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000666.html ASA-201607-6] {{pkg|flashplugin}} multiple issues<br />
* [17 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000665.html ASA-201607-5] {{pkg|gimp}} arbitrary code execution<br />
* [10 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000664.html ASA-201607-4] {{pkg|thunderbird}} arbitrary code execution<br />
* [05 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000663.html ASA-201607-3] {{pkg|libreoffice-fresh}} arbitrary code execution<br />
* [05 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000662.html ASA-201607-2] {{pkg|xerces-c}} denial of service<br />
* [05 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000661.html ASA-201607-1] {{pkg|libarchive}} arbitrary code execution<br />
<br />
=== June 2016 ===<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000660.html ASA-201606-25] {{pkg|phpmyadmin}} multiple issues<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000659.html ASA-201606-24] {{pkg|libpurple}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000658.html ASA-201606-23] {{pkg|libdwarf}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000657.html ASA-201606-22] {{pkg|xerces-c}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000656.html ASA-201606-21] {{pkg|vlc}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000655.html ASA-201606-20] {{pkg|chromium}} arbitrary code execution<br />
* [20 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000654.html ASA-201606-19] {{pkg|wget}} arbitrary file upload<br />
* [20 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000653.html ASA-201606-18] {{pkg|lib32-flashplugin}} multiple issues<br />
* [19 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000652.html ASA-201606-17] {{pkg|lib32-glibc}} denial of service<br />
* [19 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000651.html ASA-201606-16] {{pkg|glibc}} denial of service<br />
* [19 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000650.html ASA-201606-15] {{pkg|flashplugin}} multiple issues<br />
* [13 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000649.html ASA-201606-14] {{pkg|lib32-expat}} multiple issues<br />
* [13 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000648.html ASA-201606-13] {{pkg|expat}} multiple issues<br />
* [10 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000647.html ASA-201606-12] {{pkg|lib32-gnutls}} arbitrary file overwrite<br />
* [10 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000646.html ASA-201606-11] {{pkg|haproxy}} denial of service<br />
* [10 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000645.html ASA-201606-10] {{pkg|gnutls}} arbitrary file overwrite<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000644.html ASA-201606-9] {{pkg|qemu-arch-extra}} multiple issues<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000643.html ASA-201606-8] {{pkg|qemu}} multiple issues<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000642.html ASA-201606-7] {{pkg|firefox}} multiple issues<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000641.html ASA-201606-6] {{pkg|subversion}} multiple issues<br />
* [5 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000640.html ASA-201606-5] {{pkg|chromium}} multiple issues<br />
* [4 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000639.html ASA-201606-4] {{pkg|ntp}} distributed denial of service amplification<br />
* [4 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000638.html ASA-201606-3] {{pkg|webkit2gtk}} arbitrary code execution<br />
* [1 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000637.html ASA-201606-2] {{pkg|nginx-mainline}} denial of service<br />
* [1 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000636.html ASA-201606-1] {{pkg|nginx}} denial of service<br />
<br />
=== May 2016 ===<br />
<br />
* [28 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000635.html ASA-201605-28] {{pkg|chromium}} multiple issues<br />
* [26 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000634.html ASA-201605-27] {{pkg|libxml2}} multiple issues<br />
* [24 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000633.html ASA-201605-26] {{pkg|libndp}} man-in-the-middle<br />
* [19 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000632.html ASA-201605-25] {{pkg|bugzilla}} cross-site scripting<br />
* [18 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000631.html ASA-201605-24] {{pkg|p7zip}} arbitrary code execution<br />
* [18 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000630.html ASA-201605-23] {{pkg|lib32-expat}} arbitrary code execution<br />
* [18 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000629.html ASA-201605-22] {{pkg|expat}} arbitrary code execution<br />
* [15 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000628.html ASA-201605-21] {{pkg|thunderbird}} arbitrary code execution<br />
* [13 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000627.html ASA-201605-20] {{pkg|lib32-glibc}} multiple issues<br />
* [13 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000626.html ASA-201605-19] {{pkg|glibc}} multiple issues<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000625.html ASA-201605-18] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000624.html ASA-201605-17] {{pkg|libksba}} denial of service<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000623.html ASA-201605-16] {{pkg|flashplugin}} arbitrary code execution<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000622.html ASA-201605-15] {{pkg|chromium}} multiple issues<br />
* [10 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000621.html ASA-201605-14] {{pkg|cacti}} sql injection<br />
* [10 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000620.html ASA-201605-13] {{pkg|squid}} multiple issues<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000619.html ASA-201605-12] {{pkg|mencoder}} denial of service<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000618.html ASA-201605-11] {{pkg|mplayer}} denial of service<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000617.html ASA-201605-10] {{pkg|mercurial}} arbitrary code execution<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000616.html ASA-201605-9] {{pkg|latex2rtf}} arbitrary code execution<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000615.html ASA-201605-8] {{pkg|gd}} arbitrary code execution<br />
* [05 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000614.html ASA-201605-7] {{pkg|chromium}} multiple issues<br />
* [05 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000613.html ASA-201605-6] {{pkg|imagemagick}} arbitrary code execution<br />
* [05 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000612.html ASA-201605-5] {{pkg|quassel-core}} denial of service<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000611.html ASA-201605-4] {{pkg|lib32-openssl}} multiple issues<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000610.html ASA-201605-3] {{pkg|openssl}} multiple issues<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000609.html ASA-201605-2] {{pkg|jasper}} multiple issues<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000608.html ASA-201605-1] {{pkg|imlib2}} multiple issues<br />
<br />
=== April 2016 ===<br />
<br />
* [30 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000607.html ASA-201604-15] {{pkg|firefox}} multiple issues<br />
* [23 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000606.html ASA-201604-14] {{pkg|squid}} multiple issues<br />
* [23 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000605.html ASA-201604-13] {{pkg|samba}} multiple issues<br />
* [23 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000604.html ASA-201604-12] {{pkg|thunderbird}} multiple issues<br />
* [22 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000603.html ASA-201604-11] {{pkg|pgpdump}} denial of service<br />
* [17 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000602.html ASA-201604-10] {{pkg|chromium}} multiple issues<br />
* [17 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000601.html ASA-201604-9] {{pkg|libtasn1}} denial of service<br />
* [14 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000600.html ASA-201604-8] {{pkg|lhasa}} arbitrary code execution<br />
* [10 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000599.html ASA-201604-7] {{pkg|flashplugin}} arbitrary code execution<br />
* [06 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000598.html ASA-201604-6] {{pkg|mercurial}} arbitrary code execution<br />
* [04 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000597.html ASA-201604-5] {{pkg|optipng}} arbitrary code execution<br />
* [02 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000596.html ASA-201604-4] {{pkg|squid}} denial of service<br />
* [01 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000595.html ASA-201604-3] {{pkg|jre7-openjdk-headless}} sandbox escape<br />
* [01 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000594.html ASA-201604-2] {{pkg|jre7-openjdk}} sandbox escape<br />
* [01 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000593.html ASA-201604-1] {{pkg|jdk7-openjdk}} sandbox escape<br />
<br />
=== March 2016 ===<br />
<br />
* [29 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000592.html ASA-201603-27] {{pkg|jre8-openjdk-headless}} sandbox escape<br />
* [29 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000591.html ASA-201603-26] {{pkg|jre8-openjdk}} sandbox escape<br />
* [29 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000590.html ASA-201603-25] {{pkg|jdk8-openjdk}} sandbox escape<br />
* [26 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000589.html ASA-201603-24] {{pkg|chromium}} multiple issues<br />
* [24 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000588.html ASA-201603-23] {{pkg|expat}} arbitrary code execution<br />
* [24 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000587.html ASA-201603-22] {{pkg|botan}} multiple issues<br />
* [20 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000586.html ASA-201603-21] {{pkg|thunderbird}} multiple issues<br />
* [20 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000585.html ASA-201603-20] {{pkg|git}} remote command execution<br />
* [14 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000584.html ASA-201603-19] {{pkg|dropbear}} command injection<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000583.html ASA-201603-18] {{pkg|pcre}} arbitrary code execution<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000582.html ASA-201603-17] {{pkg|wireshark-gtk}} denial of service<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000581.html ASA-201603-16] {{pkg|wireshark-qt}} denial of service<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000580.html ASA-201603-15] {{pkg|wireshark-cli}} denial of service<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000579.html ASA-201603-14] {{pkg|pidgin-otr}} arbitrary code execution<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000578.html ASA-201603-13] {{pkg|bind}} denial of service<br />
* [11 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000577.html ASA-201603-12] {{pkg|openssh}} command injection<br />
* [11 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000576.html ASA-201603-11] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [11 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000575.html ASA-201603-10] {{pkg|flashplugin}} arbitrary code execution<br />
* [10 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000574.html ASA-201603-9] {{pkg|perl}} improper input validation<br />
* [10 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000573.html ASA-201603-8] {{pkg|exim}} privilege escalation<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000572.html ASA-201603-7] {{pkg|bind}} denial of service<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000571.html ASA-201603-6] {{pkg|libotr}} arbitrary code execution<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000570.html ASA-201603-5] {{pkg|chromium}} multiple issues<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000569.html ASA-201603-4] {{pkg|firefox}} multiple issues<br />
* [7 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000568.html ASA-201603-3] {{pkg|lib32-openssl}} multiple issues<br />
* [7 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000567.html ASA-201603-2] {{pkg|openssl}} multiple issues<br />
* [3 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000566.html ASA-201603-1] {{pkg|chromium}} multiple issues<br />
<br />
=== February 2016 ===<br />
<br />
* [28 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000565.html ASA-201602-24] {{pkg|cacti}} SQL injection<br />
* [28 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000564.html ASA-201602-23] {{pkg|lib32-glibc}} unbound stack usage<br />
* [28 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000563.html ASA-201602-22] {{pkg|glibc}} unbound stack usage<br />
* [25 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000562.html ASA-201602-21] {{pkg|lib32-libssh2}} man-in-the-middle<br />
* [25 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000561.html ASA-201602-20] {{pkg|libssh2}} man-in-the-middle<br />
* [24 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000560.html ASA-201602-19] {{pkg|libgcrypt}} secret key extraction<br />
* [23 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000559.html ASA-201602-18] {{pkg|libssh}} man-in-the-middle<br />
* [21 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000558.html ASA-201602-17] {{pkg|chromium}} multiple issues<br />
* [21 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000557.html ASA-201602-16] {{pkg|thunderbird}} multiple issues<br />
* [17 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000555.html ASA-201602-15] {{pkg|lib32-glibc}} multiple issues<br />
* [17 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000554.html ASA-201602-14] {{pkg|glibc}} multiple issues<br />
* [13 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000553.html ASA-201602-13] {{pkg|nghttp2}} denial of service<br />
* [13 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000552.html ASA-201602-12] {{pkg|firefox}} same-origin policy bypass<br />
* [10 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000551.html ASA-201602-11] {{pkg|botan}} multiple issues<br />
* [10 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000550.html ASA-201602-10] {{pkg|kscreenlocker}} access restriction bypass<br />
* [6 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000549.html ASA-201602-9] {{pkg|lib32-libsndfile}} multiple issues<br />
* [6 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000548.html ASA-201602-8] {{pkg|libsndfile}} multiple issues<br />
* [4 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000547.html ASA-201602-7] {{pkg|libbsd}} denial of service<br />
* [3 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000546.html ASA-201602-6] {{pkg|lib32-nettle}} improper cryptographic calculations<br />
* [3 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000545.html ASA-201602-5] {{pkg|nettle}} improper cryptographic calculations<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000544.html ASA-201602-4] {{pkg|lib32-curl}} man-in-the-middle<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000543.html ASA-201602-3] {{pkg|curl}} man-in-the-middle<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000542.html ASA-201602-2] {{pkg|python2-django}} permission bypass<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000540.html ASA-201602-1] {{pkg|python-django}} permission bypass<br />
<br />
=== January 2016 ===<br />
* [29 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000539.html ASA-201601-33] {{pkg|lib32-openssl}} man-in-the-middle<br />
* [29 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000538.html ASA-201601-32] {{pkg|openssl}} man-in-the-middle<br />
* [27 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000536.html ASA-201601-31] {{pkg|nginx}} denial of service<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000535.html ASA-201601-30] {{pkg|blueman}} privilege escalation<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000534.html ASA-201601-29] {{pkg|mbedtls}} man-in-the-middle<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000533.html ASA-201601-28] {{pkg|chromium}} multiple issues<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000532.html ASA-201601-27] {{pkg|privoxy}} denial of service<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000531.html ASA-201601-26] {{pkg|linux-lts}} privilege escalation<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000530.html ASA-201601-25] {{pkg|ecryptfs-utils}} privilege escalation<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000529.html ASA-201601-24] {{pkg|python2-rsa}} signature forgery<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000528.html ASA-201601-23] {{pkg|python-rsa}} signature forgery<br />
* [21 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000527.html ASA-201601-22] {{pkg|libdwarf}} denial of service<br />
* [21 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000526.html ASA-201601-21] {{pkg|bind}} denial of service<br />
* [20 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000525.html ASA-201601-20] {{pkg|linux}} privilege escalation<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000524.html ASA-201601-19] {{pkg|ntp}} time alteration<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000523.html ASA-201601-18] {{pkg|roundcubemail}} remote code execution<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000522.html ASA-201601-17] {{pkg|ffmpeg}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000521.html ASA-201601-16] {{pkg|syncthing}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000520.html ASA-201601-15] {{pkg|keybase}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000519.html ASA-201601-14] {{pkg|hub}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000518.html ASA-201601-13] {{pkg|go-ipfs}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000517.html ASA-201601-12] {{pkg|docker}} information leakage<br />
* [16 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000516.html ASA-201601-11] {{pkg|go}} information leakage<br />
* [14 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000515.html ASA-201601-10] {{pkg|php}} multiple issues<br />
* [14 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000512.html ASA-201601-9] {{pkg|openssh}} multiple issues<br />
* [13 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000487.html ASA-201601-8] {{pkg|libxslt}} denial of service<br />
* [11 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000486.html ASA-201601-7] {{pkg|dhcpcd}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000485.html ASA-201601-6] {{pkg|wireshark-qt}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000484.html ASA-201601-5] {{pkg|wireshark-gtk}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000483.html ASA-201601-4] {{pkg|wireshark-cli}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000482.html ASA-201601-3] {{pkg|gajim}} man-in-the-middle<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000481.html ASA-201601-2] {{pkg|wordpress}} cross-side scripting<br />
* [02 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000480.html ASA-201601-1] {{pkg|rtmpdump}} multiple issues<br />
<br />
=== December 2015 ===<br />
<br />
* [28 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000479.html ASA-201512-19] {{pkg|openvpn}} out-of-bound read<br />
* [28 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000478.html ASA-201512-18] {{pkg|libpng}} buffer overflow<br />
* [28 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000477.html ASA-201512-17] {{pkg|flashplugin}}, {{pkg|lib32-flashplugin}} multiple issues<br />
* [25 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000476.html ASA-201512-16] {{pkg|nghttp2}} use-after-free<br />
* [25 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000475.html ASA-201512-15] {{pkg|mediawiki}} multiple issues<br />
* [25 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000474.html ASA-201512-14] {{pkg|thunderbird}} multiple issues<br />
* [22 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000473.html ASA-201512-13] {{pkg|claws-mail}} buffer overflow<br />
* [17 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000472.html ASA-201512-12] {{pkg|python2-pyamf}} XML external entity injection<br />
* [17 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000471.html ASA-201512-11] {{pkg|ruby}} unsafe tainted string usage<br />
* [16 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000468.html ASA-201512-10] {{pkg|bind}} denial of service<br />
* [15 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000467.html ASA-201512-9] {{pkg|firefox}} multiple issues<br />
* [10 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000466.html ASA-201512-8] {{pkg|keepassx}} information disclosure<br />
* [09 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000465.html ASA-201512-7] {{pkg|flashplugin}} multiple issues<br />
* [09 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000464.html ASA-201512-6] {{pkg|libxml2}} multiple issues<br />
* [09 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000463.html ASA-201512-5] {{pkg|chromium}} multiple issues<br />
* [05 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000462.html ASA-201512-4] {{pkg|nodejs}} denial of service<br />
* [05 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000460.html ASA-201512-3] {{pkg|python-django}} {{pkg|python2-django}} information leakage<br />
* [05 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000459.html ASA-201512-2] {{pkg|openssl}} {{pkg|lib32-openssl}} multiple issues<br />
* [02 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000440.html ASA-201512-1] {{pkg|chromium}} multiple issues<br />
<br />
=== November 2015 ===<br />
<br />
* [18 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000439.html ASA-201511-11] {{pkg|jenkins}} multiple issues<br />
* [17 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000438.html ASA-201511-10] {{pkg|lib32-libpng}} multiple issues<br />
* [17 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000437.html ASA-201511-9] {{pkg|libpng}} multiple issues<br />
* [13 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000436.html ASA-201511-8] {{pkg|chromium}} information leakage<br />
* [12 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000435.html ASA-201511-7] {{pkg|putty}} arbitrary code execution<br />
* [12 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000434.html ASA-201511-6] {{pkg|powerdns}} denial of service<br />
* [11 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000433.html ASA-201511-5] {{pkg|flashplugin}} multiple issues<br />
* [06 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000432.html ASA-201511-4] {{pkg|nspr}} arbitrary code execution<br />
* [06 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000431.html ASA-201511-3] {{pkg|nss}} arbitrary code execution<br />
* [04 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000430.html ASA-201511-2] {{pkg|firefox}} multiple issues<br />
* [03 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000429.html ASA-201511-1] {{pkg|unzip}} multiple issues<br />
<br />
=== October 2015 ===<br />
<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000428.html ASA-201510-26] {{pkg|mariadb}} denial of service<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000427.html ASA-201510-25] {{pkg|lldpd}} denial of service<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000426.html ASA-201510-24] {{pkg|wordpress}} multiple issues<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000425.html ASA-201510-23] {{pkg|phpmyadmin}} content spoofing<br />
* [27 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000424.html ASA-201510-22] {{pkg|vorbis-tools}} denial of service<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000423.html ASA-201510-21] {{pkg|drupal}} open redirect<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000422.html ASA-201510-20] {{pkg|jre8-openjdk-headless}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000421.html ASA-201510-19] {{pkg|jre8-openjdk}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000420.html ASA-201510-18] {{pkg|jdk8-openjdk}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000419.html ASA-201510-17] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000418.html ASA-201510-16] {{pkg|jre7-openjdk}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000417.html ASA-201510-15] {{pkg|jdk7-openjdk}} multiple issues<br />
* [22 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000416.html ASA-201510-14] {{pkg|ntp}} multiple issues<br />
* [19 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000415.html ASA-201510-13] {{pkg|spice}} multiple issues<br />
* [18 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000414.html ASA-201510-12] {{pkg|flashplugin}} arbitrary code execution<br />
* [18 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000413.html ASA-201510-11] {{pkg|miniupnpc}} arbitrary code execution<br />
* [16 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000412.html ASA-201510-10] {{pkg|firefox}} cross-origin restriction bypass<br />
* [15 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000411.html ASA-201510-9] {{pkg|mbedtls}} arbitrary code execution<br />
* [14 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000410.html ASA-201510-8] {{pkg|chromium}} multiple issues<br />
* [14 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000409.html ASA-201510-7] {{pkg|flashplugin}} multiple issues<br />
* [10 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000408.html ASA-201510-6] {{pkg|gdk-pixbuf2}} multiple issues<br />
* [08 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000407.html ASA-201510-5] {{pkg|opensmtpd}} multiple issues<br />
* [08 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000406.html ASA-201510-4] {{pkg|bugzilla}} unauthorized account creation<br />
* [05 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000405.html ASA-201510-3] {{pkg|nodejs}} denial of service<br />
* [05 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000404.html ASA-201510-2] {{pkg|hostapd}} denial of service<br />
* [05 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000403.html ASA-201510-1] {{pkg|libunwind}} denial of service<br />
<br />
=== September 2015 ===<br />
* [28 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000401.html ASA-201509-11] {{pkg|chromium}} cross-origin bypass<br />
* [25 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000400.html ASA-201509-10] {{pkg|rpcbind}} denial of service<br />
* [23 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000399.html ASA-201509-9] {{pkg|firefox}} multiple issues<br />
* [22 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000398.html ASA-201509-8] {{pkg|flashplugin}} multiple issues<br />
* [21 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000397.html ASA-201509-7] {{pkg|wordpress}} multiple issues<br />
* [13 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000395.html ASA-201509-6] {{pkg|icedtea-web}} multiple issues<br />
* [13 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000394.html ASA-201509-5] {{pkg|libvdpau}} {{pkg|lib32-libvdpau}} multiple issues<br />
* [13 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000393.html ASA-201509-4] {{pkg|openldap}} denial of service<br />
* [07 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000392.html ASA-201509-3] {{pkg|powerdns}} denial of service<br />
* [03 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000391.html ASA-201509-2] {{pkg|bind}} denial of service<br />
* [02 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000390.html ASA-201509-1] {{pkg|chromium}} multiple issues<br />
<br />
=== August 2015 ===<br />
* [28 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000389.html ASA-201508-12] {{pkg|firefox}} multiple issues<br />
* [26 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000388.html ASA-201508-11] {{pkg|pcre}} arbitrary code execution<br />
* [26 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000387.html ASA-201508-10] {{pkg|jasper}} denial of service<br />
* [25 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000386.html ASA-201508-9] {{pkg|django}} denial of service<br />
* [25 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000385.html ASA-201508-8] {{pkg|gnutls}} denial of service<br />
* [16 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000384.html ASA-201508-7] {{pkg|glibc}} denial of service<br />
* [14 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000383.html ASA-201508-6] {{pkg|freeradius}} insufficient CRL validation<br />
* [14 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000382.html ASA-201508-5] {{pkg|subversion}} authentication bypass<br />
* [12 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000381.html ASA-201508-4] {{pkg|firefox}} multiple issues<br />
* [11 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000380.html ASA-201508-3] {{pkg|ppp}} denial of service<br />
* [07 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000379.html ASA-201508-2] {{pkg|wordpress}} multiple issues<br />
* [07 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000378.html ASA-201508-1] {{pkg|firefox}} information leakage<br />
<br />
=== July 2015 ===<br />
* [29 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000377.html ASA-201507-23] {{pkg|pacman}} silent downgrade<br />
* [29 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000376.html ASA-201507-22] {{pkg|bind}} denial of service<br />
* [29 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000375.html ASA-201507-21] {{pkg|qemu}} multiple issues<br />
* [24 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000374.html ASA-201507-20] {{pkg|crypto++}} private key recovery<br />
* [24 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000373.html ASA-201507-19] {{pkg|libuser}} privilege escalation<br />
* [23 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000371.html ASA-201507-18] {{pkg|chromium}} multiple issues<br />
* [23 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000372.html ASA-201507-17] {{pkg|openssh}} authentication limits bypass<br />
* [22 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000370.html ASA-201507-16] {{pkg|jre7-openjdk}} multiple issues<br />
* [17 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000369.html ASA-201507-15] {{pkg|apache}} multiple issues<br />
* [16 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000368.html ASA-201507-14] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [16 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000367.html ASA-201507-13] {{pkg|flashplugin}} arbitrary code execution<br />
* [13 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000366.html ASA-201507-12] {{pkg|lib32-openssl}} man-in-the-middle<br />
* [12 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000365.html ASA-201507-11] {{pkg|lib32-krb5}} multiple issues<br />
* [12 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000364.html ASA-201507-10] {{pkg|krb5}} multiple issues<br />
* [11 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000363.html ASA-201507-9] {{pkg|thunderbird}} multiple issues<br />
* [09 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000362.html ASA-201507-8] {{pkg|openssl}} man-in-the-middle<br />
* [08 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000361.html ASA-201507-7] {{pkg|flashplugin}} remote code execution<br />
* [07 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000360.html ASA-201507-6] {{pkg|bind}} denial of service<br />
* [07 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000359.html ASA-201507-5] {{pkg|ntp}} denial of service<br />
* [04 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000358.html ASA-201507-4] {{pkg|openssh}} XSECURITY restrictions bypass<br />
* [04 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000357.html ASA-201507-3] {{pkg|haproxy}} information leakage<br />
* [03 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000356.html ASA-201507-2] {{pkg|firefox}} remote code execution<br />
* [03 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000355.html ASA-201507-1] {{pkg|wesnoth}} information leakage<br />
<br />
=== June 2015 ===<br />
* [24 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000346.html ASA-201506-5] {{pkg|flashplugin}} remote code execution<br />
* [22 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000345.html ASA-201506-4] {{pkg|curl}} information leakage<br />
* [12 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000344.html ASA-201506-3] {{pkg|openssl}} multiple issues<br />
* [10 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000343.html ASA-201506-2] {{pkg|cups}} multiple issues<br />
* [01 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000342.html ASA-201506-1] {{pkg|pcre}} buffer overflow<br />
<br />
=== May 2015 ===<br />
* [28 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000341.html ASA-201505-20] {{pkg|curl}} information leakage<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000340.html ASA-201505-19] {{pkg|webkitgtk2}} man-in-the-middle<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000339.html ASA-201505-18] {{pkg|webkitgtk}} man-in-the-middle<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000338.html ASA-201505-17] {{pkg|postgresql}} multiple issues<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000337.html ASA-201505-16] {{pkg|pgbouncer}} denial of service<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000336.html ASA-201505-15] {{pkg|nbd}} denial of service<br />
* [21 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000335.html ASA-201505-14] {{pkg|chromium}} multiple issues<br />
* [18 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000332.html ASA-201505-13] {{pkg|thunderbird}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000331.html ASA-201505-12] {{pkg|wireshark-gtk}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000330.html ASA-201505-11] {{pkg|wireshark-qt}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000329.html ASA-201505-10] {{pkg|wireshark-cli}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000328.html ASA-201505-9] {{pkg|qemu}} arbitrary code execution<br />
* [13 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000321.html ASA-201505-8] {{pkg|tomcat6}} denial of service<br />
* [13 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000320.html ASA-201505-7] {{pkg|firefox}} multiple issues<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000319.html ASA-201505-6] {{pkg|docker}} multiple issues<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000318.html ASA-201505-5] {{pkg|libtasn1}} arbitrary code execution<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000317.html ASA-201505-4] {{pkg|mariadb-clients}} multiple issues<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000316.html ASA-201505-3] {{pkg|mariadb}} multiple issues<br />
* [03 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000315.html ASA-201505-2] {{pkg|clamav}} multiple issues<br />
* [01 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000314.html ASA-201505-1] {{pkg|squid}} weak certificate validation<br />
<br />
=== Apr 2015 ===<br />
* [30 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000313.html ASA-201504-32] {{pkg|perl-xml-libxml}} xml external entity injection<br />
* [29 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000312.html ASA-201504-31] {{pkg|dovecot}} denial of service<br />
* [29 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000311.html ASA-201504-30] {{pkg|chromium}} multiple issues<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000310.html ASA-201504-29] {{pkg|wpa_supplicant}} arbitrary code execution<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000309.html ASA-201504-28] {{pkg|curl}} multiple issues<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000308.html ASA-201504-27] {{pkg|powerdns-recursor}} denial of service<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000307.html ASA-201504-26] {{pkg|powerdns}} denial of service<br />
* [23 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000305.html ASA-201504-25] {{pkg|glibc}} arbitrary code execution<br />
* [22 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000304.html ASA-201504-24] {{pkg|firefox}} arbitrary code execution<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000302.html ASA-201504-23] {{pkg|jre8-openjdk-headless}} multiple issues<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000301.html ASA-201504-22] {{pkg|jre8-openjdk}} multiple issues<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000300.html ASA-201504-21] {{pkg|jdk8-openjdk}} multiple issues<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000299.html ASA-201504-20] {{pkg|tcpdump}} denial of service<br />
* [18 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000298.html ASA-201504-19] {{pkg|chromium}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000297.html ASA-201504-18] {{pkg|flashplugin}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000296.html ASA-201504-17] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000295.html ASA-201504-16] {{pkg|jre7-openjdk}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000294.html ASA-201504-15] {{pkg|jdk7-openjdk}} multiple issues<br />
* [15 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000291.html ASA-201504-14] {{pkg|php}} multiple issues<br />
* [14 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000282.html ASA-201504-13] {{pkg|ruby}} permissive certificate matching<br />
* [11 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000281.html ASA-201504-12] {{pkg|icecast}} denial of service<br />
* [10 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000280.html ASA-201504-11] {{pkg|mediawiki}} multiple issues<br />
* [09 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000279.html ASA-201504-10] {{pkg|libssh2}} out-of-bounds read<br />
* [08 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000278.html ASA-201504-9] {{pkg|chrony}} denial of service<br />
* [08 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000275.html ASA-201504-8] {{pkg|ntp}} multiple issues<br />
* [07 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000274.html ASA-201504-7] {{pkg|tor}} multiple issues<br />
* [04 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000272.html ASA-201504-6] {{pkg|thunderbird}} multiple issues<br />
* [04 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000273.html ASA-201504-5] {{pkg|java-batik}} xml external entity injection<br />
* [04 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000271.html ASA-201504-4] {{pkg|firefox}} certificate verification bypass<br />
* [03 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000270.html ASA-201504-3] {{pkg|libtasn1}} stack overflow<br />
* [02 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000269.html ASA-201504-2] {{pkg|chromium}} remote code execution<br />
* [01 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000268.html ASA-201504-1] {{pkg|firefox}} multiple issues<br />
<br />
=== Mar 2015 ===<br />
* [31 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000267.html ASA-201503-26] {{pkg|musl}} arbitrary code execution<br />
* [28 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000266.html ASA-201503-25] {{pkg|php}} zip integer overflow<br />
* [25 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000265.html ASA-201503-24] {{pkg|vorbis-tools}} denial of service<br />
* [24 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000264.html ASA-201503-23] {{pkg|util-linux}} command injection<br />
* [23 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000263.html ASA-201503-22] {{pkg|cpio}} directory traversal<br />
* [21 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000262.html ASA-201503-21] {{pkg|firefox}} multiple issues<br />
* [20 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000261.html ASA-201503-20] {{pkg|tcpdump}} multiple issues<br />
* [20 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000260.html ASA-201503-19] {{pkg|xerces-c}} denial of service<br />
* [20 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000259.html ASA-201503-18] {{pkg|drupal}} multiple issues<br />
* [19 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000258.html ASA-201503-17] {{pkg|lib32-openssl}} multiple issues<br />
* [19 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000257.html ASA-201503-16] {{pkg|openssl}} multiple issues<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000256.html ASA-201503-15] {{pkg|libxfont}} multiple issues<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000255.html ASA-201503-14] {{pkg|ecryptfs-utils}} hard-coded passphrase salt<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000254.html ASA-201503-13] {{pkg|ettercap-gtk}} multiple issues<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000253.html ASA-201503-12] {{pkg|ettercap}} multiple issues<br />
* [16 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000252.html ASA-201503-11] {{pkg|flashplugin}} multiple issues<br />
* [16 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000251.html ASA-201503-10] {{pkg|librsync}} checksum collision<br />
* [15 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000250.html ASA-201503-9] {{pkg|unzip}} arbitrary code execution<br />
* [12 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000249.html ASA-201503-8] {{pkg|e2fsprogs}} arbitrary code execution<br />
* [11 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000248.html ASA-201503-7] {{pkg|python2-django}} {{pkg|python-django}} cross site scripting<br />
* [09 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000247.html ASA-201503-6] {{pkg|mutt}} denial of service<br />
* [05 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000245.html ASA-201503-5] {{pkg|chromium}} multiple issues<br />
* [05 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000244.html ASA-201503-4] {{pkg|grep}} denial of service<br />
* [02 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000243.html ASA-201503-3] {{pkg|lib32-elfutils}} directory traversal<br />
* [02 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000242.html ASA-201503-2] {{pkg|elfutils}} directory traversal<br />
* [02 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000241.html ASA-201503-1] {{pkg|putty}} information disclosure<br />
<br />
=== Feb 2015 ===<br />
* [25 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000238.html ASA-201502-15] {{pkg|thunderbird}} multiple issues<br />
* [25 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000237.html ASA-201502-14] {{pkg|firefox}} multiple issues<br />
* [23 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000236.html ASA-201502-13] {{pkg|samba}} arbitrary code execution<br />
* [17 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000235.html ASA-201502-12] {{pkg|krb5}} multiple issues<br />
* [11 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000234.html ASA-201502-11] {{pkg|xorg-server}} information leak and denial of service<br />
* [10 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000233.html ASA-201502-10] {{pkg|dbus}} denial of service<br />
* [09 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000232.html ASA-201502-9] {{pkg|pigz}} remote write to arbitrary file<br />
* [09 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000231.html ASA-201502-8] {{pkg|glibc}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000230.html ASA-201502-7] {{pkg|ntp}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000229.html ASA-201502-6] {{pkg|clamav}} arbitrary code execution<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000228.html ASA-201502-5] {{pkg|chromium}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000227.html ASA-201502-4] {{pkg|postgresql}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000226.html ASA-201502-3] {{pkg|mantisbt}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000225.html ASA-201502-2] {{pkg|flashplugin}} remote code execution<br />
* [03 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000224.html ASA-201502-1] {{pkg|privoxy}} denial of service<br />
<br />
=== Jan 2015 ===<br />
* [28 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000223.html ASA-201501-24] {{pkg|patch}} multiple issues<br />
* [27 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000222.html ASA-201501-23] {{pkg|jasper}} arbitrary code execution<br />
* [26 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000220.html ASA-201501-22] {{pkg|flashplugin}} multiple issues<br />
* [25 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000219.html ASA-201501-21] {{pkg|chromium}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000218.html ASA-201501-20] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000217.html ASA-201501-19] {{pkg|jre7-openjdk}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000216.html ASA-201501-18] {{pkg|jdk7-openjdk}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000215.html ASA-201501-17] {{pkg|php}} remote code execution<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000212.html ASA-201501-16] {{pkg|jre8-openjdk-headless}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000211.html ASA-201501-15] {{pkg|jre8-openjdk}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000210.html ASA-201501-14] {{pkg|jdk8-openjdk}} multiple issues<br />
* [20 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000209.html ASA-201501-13] {{pkg|polarssl}} remote code execution<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000208.html ASA-201501-12] {{pkg|libssh}} denial of service<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000207.html ASA-201501-11] {{pkg|tinyproxy}} denial of service<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000206.html ASA-201501-10] {{pkg|samba}} privilege elevation<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000205.html ASA-201501-9] {{pkg|curl}} url request injection<br />
* [15 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000204.html ASA-201501-8] {{pkg|flashplugin}} multiple issues<br />
* [14 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000203.html ASA-201501-7] {{pkg|thunderbird}} multiple issues<br />
* [14 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000202.html ASA-201501-6] {{pkg|firefox}} multiple issues<br />
* [14 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000201.html ASA-201501-5] {{pkg|cpio}} heap buffer overflow<br />
* [13 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000200.html ASA-201501-4] {{pkg|libevent}} heap overflow<br />
* [10 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000199.html ASA-201501-3] {{pkg|unzip}} arbitrary code execution<br />
* [09 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000198.html ASA-201501-2] {{pkg|openssl}} multiple issues<br />
* [07 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000192.html ASA-201501-1] {{pkg|imagemagick}} multiple issues<br />
<br />
=== Dec 2014 ===<br />
* [22 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000189.html ASA-201412-24] {{pkg|ntp}} multiple issues<br />
* [18 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000183.html ASA-201412-23] {{pkg|php}} use after free<br />
* [18 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000182.html ASA-201412-22] {{pkg|jasper}} arbitrary code execution<br />
* [18 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000181.html ASA-201412-21] {{pkg|glibc}} arbitrary code execution<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000178.html ASA-201412-20] {{pkg|unrtf}} arbitrary code execution<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000177.html ASA-201412-19] {{pkg|dokuwiki}} cross-site scripting<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000176.html ASA-201412-18] {{pkg|nss}} signature forgery<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000175.html ASA-201412-17] {{pkg|subversion}} denial of service<br />
* [15 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000174.html ASA-201412-16] {{pkg|docker}} multiple issues<br />
* [15 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000173.html ASA-201412-15] {{pkg|python2}} multiple issues<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000172.html ASA-201412-14] {{pkg|xorg-server}} multiple issues<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000171.html ASA-201412-13] {{pkg|flashplugin}} multiple issues<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000170.html ASA-201412-12] {{pkg|nvidia}} arbitrary code execution<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000169.html ASA-201412-11] {{pkg|nvidia-340xx}} arbitrary code execution<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000168.html ASA-201412-10] {{pkg|nvidia-304xx}} arbitrary code execution<br />
* [09 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000167.html ASA-201412-9] {{pkg|powerdns-recursor}} denial of service<br />
* [09 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000166.html ASA-201412-8] {{pkg|unbound}} denial of service<br />
* [08 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000165.html ASA-201412-7] {{pkg|bind}} denial of service<br />
* [08 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000164.html ASA-201412-6] {{pkg|mantisbt}} multiple issues<br />
* [04 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000163.html ASA-201412-5] {{pkg|antiword}} buffer overflow<br />
* [03 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000162.html ASA-201412-4] {{pkg|graphviz}} format string vulnerability<br />
* [03 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000161.html ASA-201412-3] {{pkg|firefox}} multiple issues<br />
* [02 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000160.html ASA-201412-2] {{pkg|openvpn}} denial of service<br />
* [01 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000159.html ASA-201412-1] {{pkg|gnupg}} denial of service<br />
<br />
=== Nov 2014 ===<br />
* [28 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000156.html ASA-201411-31] {{pkg|libksba}} denial of service<br />
* [28 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000157.html ASA-201411-32] {{pkg|icecast}} information leak<br />
* [28 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000158.html ASA-201411-33] {{pkg|libjpeg-turbo}} denial of service <br />
* [26 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000155.html ASA-201411-30] {{pkg|flac}} arbitrary code execution<br />
* [26 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000154.html ASA-201411-29] {{pkg|pcre}} heap buffer overflow<br />
* [23 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000153.html ASA-201411-28] {{pkg|dbus}} denial of service<br />
* [21 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000152.html ASA-201411-27] {{pkg|glibc}} command execution<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000151.html ASA-201411-26] {{pkg|chromium}} multiple issues<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000150.html ASA-201411-25] {{pkg|drupal}} session hijacking and denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000149.html ASA-201411-24] {{pkg|wireshark-qt}} denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000148.html ASA-201411-23] {{pkg|wireshark-gtk}} denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000147.html ASA-201411-22] {{pkg|wireshark-cli}} denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000146.html ASA-201411-21] {{pkg|clamav}} denial of service<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000145.html ASA-201411-20] {{pkg|avr-binutils}} multiple issues<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000144.html ASA-201411-19] {{pkg|mingw-w64-binutils}} multiple issues<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000143.html ASA-201411-18] {{pkg|arm-none-eabi-binutils}} multiple issues<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000142.html ASA-201411-17] {{pkg|binutils}} multiple issues<br />
* [17 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000141.html ASA-201411-16] {{pkg|ruby}} denial of service<br />
* [17 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000140.html ASA-201411-15] {{pkg|linux-lts}} local denial of service, privilege escalation<br />
* [17 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000139.html ASA-201411-14] {{pkg|linux}} local denial of service, privilege escalation<br />
* [13 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000138.html ASA-201411-13] {{pkg|php}} denial of service<br />
* [13 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000137.html ASA-201411-12] {{pkg|imagemagick}} denial of service<br />
* [13 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000136.html ASA-201411-11] {{pkg|flashplugin}} remote code execution<br />
* [12 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000135.html ASA-201411-10] {{pkg|gnutls}} out-of-bounds memory write<br />
* [12 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000134.html ASA-201411-9] {{pkg|file}} denial of service through out-of-bounds read<br />
* [12 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000133.html ASA-201411-8] {{pkg|mantisbt}} arbitrary code execution and unrestricted access<br />
* [11 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000132.html ASA-201411-7] {{pkg|curl}} out-of-bounds read<br />
* [10 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000131.html ASA-201411-6] {{pkg|kdebase-workspace}} local privilege escalation<br />
* [09 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000130.html ASA-201411-5] {{pkg|konversation}} denial of service<br />
* [06 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000129.html ASA-201411-4] {{pkg|polarssl}} multiple issues<br />
* [05 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000128.html ASA-201411-3] {{pkg|mantisbt}} sql injection<br />
* [03 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000127.html ASA-201411-2] {{pkg|aircrack-ng}} multiple vulnerabilities<br />
* [01 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000126.html ASA-201411-1] {{pkg|tnftp}} arbitrary command execution<br />
<br />
=== Oct 2014 ===<br />
<br />
* [29 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000125.html ASA-201410-14] {{pkg|wget}} arbitrary filesystem access<br />
* [27 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000124.html ASA-201410-13] {{pkg|ejabberd}} circumvention of encryption<br />
* [24 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000123.html ASA-201410-12] {{pkg|libxml2}} Denial of service<br />
* [24 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000122.html ASA-201410-11] {{pkg|ctags}} Denial of service<br />
* [23 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000121.html ASA-201410-10] {{pkg|libvncserver}} Remote code execution and Remote DoS<br />
* [22 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000120.html ASA-201410-9] {{pkg|libpurple}} Remote DoS and Information leakage<br />
* [20 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000119.html ASA-201410-8] {{pkg|wpa_supplicant}}, {{pkg|hostapd}} Arbitrary command execution<br />
* [16 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000118.html ASA-201410-7] {{pkg|drupal}} SQL Injection<br />
* [16 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000117.html ASA-201410-6] {{pkg|openssl}} Memory leak and poodle mitigation<br />
* [15 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000116.html ASA-201410-4] {{pkg|zeromq}} Man-in-the-middle downgrade and replay attack<br />
* [8 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000115.html ASA-201410-5] {{pkg|rsyslog}} Denial of service<br />
* [4 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000114.html ASA-201410-3] {{pkg|mediawiki}} Cross-site Scripting (XSS) and UI redressing<br />
* [2 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000113.html ASA-201410-2] {{pkg|jenkins}} Multiple issues<br />
* [1 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000112.html ASA-201410-1] {{pkg|rsyslog}} Remote denial of service<br />
<br />
=== Sep 2014 ===<br />
<br />
* [29 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000111.html ASA-201409-5] {{pkg|libvirt}} Out-of-bounds read access<br />
* [29 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000109.html ASA-201409-4] {{pkg|mediawiki}} Cross-site Scripting (XSS)<br />
* [26 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000102.html ASA-201409-3] {{pkg|python2}} Information leakage through integer overflow<br />
* [26 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000099.html ASA-201409-2] {{pkg|bash}} Remote code execution<br />
* [25 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000097.html ASA-201409-1] {{pkg|nss}} Signature forgery attack<br />
<br />
==Publishing a new advisory==<br />
<br />
We try to always wait for the vulnerability to have been fixed in the corresponding package before issuing an advisory.<br />
In case of an extremely critical vulnerability,<br />
we may issue an advisory before the package has been fixed, but only if a work-around exists. <br />
<br />
If you want to publish a new advisory, please check that:<br />
* the corresponding Arch Linux package is really vulnerable ;<br />
* the tracking [[Arch_CVE_Monitoring_Team#Procedure|Procedure]] has been completed;<br />
* no Arch Linux Security Advisory for this vulnerability has been published yet ;<br />
* no upcoming Security Advisory for this vulnerability has been claimed in the "[[#Scheduled Advisories|Scheduled Advisories]]" list of this page, as it would mean that someone is already working on an advisory ;<br />
* the current maintainer has been notified, either by flagging the package ouf-of-date if an upstream release fixing the issue exists and/or by creating a new [https://bugs.archlinux.org/ bug-tracker] entry (see the exact procedure [[Arch_CVE_Monitoring_Team#Procedure|here]]).<br />
<br />
You may then:<br />
* add a line in the "[[#Scheduled Advisories|Scheduled Advisories]]" list of this page, indicating that you are going to publish an advisory soon ;<br />
* use the following template as an example to write the advisory ;<br />
* ensure that every line in the advisory is properly wrapped after 72 characters<br />
* send the advisory to the [https://mailman.archlinux.org/mailman/listinfo/arch-security arch-security] mailing-list (note that it would be nice if you could send a PGP-signed e-mail, but it is not required).<br />
* move the published advisory from "[[#Scheduled Advisories|Scheduled Advisories]]" to "[[#Recent Advisories|Recent Advisories]]"<br />
* adapt the [[CVE#Documented_CVE.27s|CVE]] tracking page for the fixed package and add a link to the appropriate ASA.<br />
<br />
===Templates===<br />
<br />
{{bc|<nowiki><br />
Subject:<br />
[ASA-<YYYYMM-N>] <Package>: <Vulnerability Type><br />
<br />
Body:<br />
Arch Linux Security Advisory ASA-YYYYMM-N<br />
=========================================<br />
<br />
Severity: Low, Medium, High, Critical<br />
Date : YYYY-MM-DD<br />
CVE-ID : <CVE-ID><br />
Package : <package><br />
Type : <Vulnerability Type><br />
Remote : <Yes/No><br />
Link : https://wiki.archlinux.org/index.php/CVE<br />
<br />
Summary<br />
=======<br />
<br />
The package <package> before version <Arch Linux fixed version> is vulnerable to <Vulnerability type>.<br />
<br />
Resolution<br />
==========<br />
<br />
Upgrade to <Arch Linux fixed version>.<br />
<br />
# pacman -Syu "<package>>=<Arch Linux fixed version>"<br />
<br />
The problem has been fixed upstream in version <upstream fixed version>.<br />
<br />
Workaround<br />
==========<br />
<br />
<Is there a way to mitigate this vulnerability without upgrading?><br />
<br />
Description<br />
===========<br />
<br />
<Long description, for example from original advisory>.<br />
<br />
Impact<br />
======<br />
<br />
<<br />
What is it that an attacker can do? Does this need existing<br />
pre-conditions to be exploited (valid credentials, physical access)?<br />
Is this remotely exploitable?<br />
>.<br />
<br />
References<br />
==========<br />
<br />
<CVE-Link><br />
<Upstream report><br />
<Arch Linux Bug-Tracker><br />
</nowiki>}}<br />
<br />
===Vim-Snippet===<br />
<br />
Vim-Snippet for vim-ultisnips plugin for easy completing the archlinux template. Just install {{pkg|vim-ultisnips}} and copy the text below in your {{ic|~/.vim/UltiSnips/all.snippets}} you can jump through the tabstops with {{ic|CTRL+j}}.<br />
<br />
{{bc|<nowiki><br />
snippet archsec "arch security form" <br />
Arch Linux Security Advisory ASA-`date -I -u | egrep -o '[0-9]{4}'``date -I -u | egrep -o '[0-9]{2}' | sed '3q;d'`-${1}<br />
========================================${1/./=/g} <br />
<br />
Severity: ${2} <br />
Date : `date -I -u` <br />
CVE-ID : $3 <br />
Package : $4 <br />
Type : $5<br />
Remote : ${6} <br />
Link : https://wiki.archlinux.org/index.php/CVE <br />
<br />
Summary<br />
=======<br />
<br />
The package $4 before version $7 is vulnerable to $5 ${8} <br />
<br />
Resolution<br />
==========<br />
<br />
Upgrade to $7.<br />
<br />
# pacman -Syu "$4>=$7" <br />
<br />
${9:The problems have been fixed upstream in version ${7/-\d+$/./}} <br />
<br />
Workaround<br />
========== <br />
<br />
${10:None.} <br />
<br />
Description <br />
=========== <br />
<br />
${3/(CVE-....-....)(\s?)/- $1(?2: : )()\n\n/g} <br />
<br />
Impact<br />
====== <br />
<br />
A${6/(Yes)|(No)/(?1: remote )(?2: local )/}attacker is able to ${12} <br />
<br />
References<br />
========== <br />
<br />
${3/(CVE-....-....)(\s?)/https:\/\/access.redhat.com\/security\/cve\/$1\n/g}<br />
${13}<br />
endsnippet<br />
<br />
</nowiki>}}</div>
Anthraxx
https://wiki.archlinux.org/index.php?title=CVE&diff=453837
CVE
2016-10-13T15:53:19Z
<p>Anthraxx: mark gdk-pixbuf2 as fixed</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Related articles start}}<br />
{{Related|Arch CVE Monitoring Team}}<br />
{{Related|Security Advisories}}<br />
{{Related|Security Advisories/Examples}}<br />
{{Related articles end}}<br />
This article documents [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's) that are found and fixed in Arch Linux. <br />
<br />
== Introduction ==<br />
<br />
CVE's represent critical security vulnerabilities which must be addressed as quickly as possible. <br />
<br />
Once a CVE has been located and fixed, it is added to the CVE documentation table below.<br />
<br />
== Helping ==<br />
<br />
This is a community driven project. Please consider joining the [[Arch CVE Monitoring Team]]. <br />
<br />
Also, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch security mailing list]. There is an IRC on irc://irc.freenode.net/archlinux-security.<br />
<br />
== Procedure ==<br />
<br />
When adding a CVE to the table, add it to the TOP of the table. Use Wiki markup to create links in the "CVE-ID", "Package", and "Status" columns. The following template may be used to ease the process of adding CVE entries into the table. The first line, "|-" represents the creation of a new row in the table, while the second line should be modified per CVE:<br />
<br />
{{hc|CVE Table Addition Template|<nowiki><br />
|-<br />
| {{CVE|CVE-2016-????}} || {{Pkg|pkgname}} || Disclosure date || Affected versions || Fixed in version || Arch Linux response time || Status(Fixed|Pending|Invalid) (Bug reports) || {{ASA|ASA-??????-??}}<br />
</nowiki>}}<br />
<br />
{{Note|<br />
* If the CVE is not found in [http://nvd.nist.gov/home.cfm NVD], just include a link to different database in the first column: {{ic|<nowiki>[http://link.to.cve CVE-2014-????]</nowiki>}}<br />
* The "Disclosure date" field should be expressed in [[Wikipedia:ISO 8601|ISO 8601 format]] to avoid any confusion. Example: 2014-03-22.<br />
* The "Arch Linux response time" field corresponds to the time between the public release of a vulnerability and the date the package update fixing the vulnerability is made available in the official stable repositories. The "Time really vulnerable" is potentially much lengthier but is harder to estimate.<br />
}}<br />
<br />
The above "CVE-template" should be added after the line:<br />
<br />
{{bc|<nowiki>! scope="col" width="125px" data-sort-type="text" | CVE-ID !! Package !! Disclosure date !! Affected versions !! Fixed in version !! Arch Linux response time !! Status (and related bug reports) !! ASA-ID</nowiki>}}<br />
<br />
== Response time ==<br />
<br />
The response time is the time taken to get a fixed package to the stable repositories.<br />
<br />
== Documented CVE's ==<br />
<br />
{{Note|Refer to the [[#Procedure]] section when adding new entries.}}<br />
<br />
{| class="wikitable sortable" style="margin: 1em auto 1em auto; text-align: center;" width="100%"<br />
! height="50px" colspan="8" style="font-size: 125%;"| '''TRACKED CVE's'''<br />
|-<br />
! scope="col" width="130px" data-sort-type="text" | CVE-ID !! Package !! Disclosure date !! Affected versions !! Fixed in Arch Linux package version !! Arch Linux response time !! Status (and related bug reports) !! ASA-ID<br />
|- <br />
| {{CVE|CVE-2016-7906}} {{CVE|CVE-2016-7799}} [http://www.openwall.com/lists/oss-security/2016/10/02/3] [http://www.openwall.com/lists/oss-security/2016/10/01/6] || {{pkg|imagemagick}} || 2016-10-02 || <= 6.9.5.10-1 || 6.9.6.0-1 || <5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-October/000734.html ASA-201610-6]<br />
|-<br />
| {{CVE|CVE-2016-7967}} {{CVE|CVE-2016-7968}} [https://www.kde.org/info/security/advisory-20161006-2.txt] [https://www.kde.org/info/security/advisory-20161006-3.txt] [http://seclists.org/oss-sec/2016/q4/23] || {{pkg|messagelib}} || 2016-10-06 || <= 16.08.1-1 || 16.08.1-2 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-October/000733.html ASA-201610-5]<br />
|- <br />
| {{CVE|CVE-2016-7966}} [https://www.kde.org/info/security/advisory-20161006-1.txt] [http://seclists.org/oss-sec/2016/q4/23] || {{pkg|kcoreaddons}} || 2016-10-06 || <= 5.26.0-1 || 5.26.0-2 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-October/000732.html ASA-201610-4]<br />
|- <br />
| {{CVE|CVE-2016-7795}} || {{pkg|systemd}} || 2016-09-29 || <= 231-1 || 231-2 || 6d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-October/000730.html ASA-201610-2]<br />
|- <br />
| {{CVE|CVE-2016-5177}} {{CVE|CVE-2016-5178}} [https://googlechromereleases.blogspot.fr/2016/09/stable-channel-update-for-desktop_29.html] || {{pkg|chromium}} || 2016-09-29 || <= 53.0.2785.116-1 || 53.0.2785.143-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-October/000729.html ASA-201610-1]<br />
|- <br />
| {{CVE|CVE-2016-7168}} {{CVE|CVE-2016-7169}} [https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/] || {{pkg|wordpress}} || 2016-09-29 || <= 4.6.0-1 || 4.6.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000728.html ASA-201609-32]<br />
|- <br />
| {{CVE|CVE-2016-5180}} [https://c-ares.haxx.se/adv_20160929.html] || {{pkg|c-ares}} || 2016-09-29 || <= 1.11.0-1 || 1.12.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000727.html ASA-201609-31]<br />
|- <br />
| {{CVE|CVE-2016-2776}} [https://kb.isc.org/article/AA-01419/0] || {{pkg|bind}} || 2016-07-27 || <= 9.10.4.P2-1 || 9.10.4.P3-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000725.html ASA-201607-29]<br />
|-<br />
| {{CVE|CVE-2016-7052}} [https://www.openssl.org/news/secadv/20160926.txt] || {{pkg|lib32-openssl}} || 2016-09-26 || <= 1:1.0.2.i-1 || 1:1.0.2.j-1 || || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000724.html ASA-201609-28]<br />
|- <br />
| {{CVE|CVE-2016-7052}} [https://www.openssl.org/news/secadv/20160926.txt] || {{pkg|openssl}} || 2016-09-26 || <= 1.0.2.i-1 || 1.0.2.j-1 || || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000726.html ASA-201609-30]<br />
|- <br />
| {{CVE|CVE-2016-6309}} [https://www.openssl.org/news/secadv/20160926.txt] || {{pkg|lib32-openssl}} || 2016-09-26 || <= 1:1.0.2.i-1 || || || Not Affected || None<br />
|- <br />
| {{CVE|CVE-2016-6309}} [https://www.openssl.org/news/secadv/20160926.txt] || {{pkg|openssl}} || 2016-09-26 || <= 1.0.2.i-1 || || || Not Affected || None<br />
|- <br />
| {{CVE|CVE-2016-2177}} {{CVE|CVE-2016-2178}} {{CVE|CVE-2016-2179}} {{CVE|CVE-2016-2180}} {{CVE|CVE-2016-2181}} {{CVE|CVE-2016-2182}} {{CVE|CVE-2016-2183}} {{CVE|CVE-2016-6302}} {{CVE|CVE-2016-6303}} {{CVE|CVE-2016-6304}} {{CVE|CVE-2016-6306}} [http://eprint.iacr.org/2016/594] [https://www.openssl.org/news/secadv/20160922.txt] || {{pkg|openssl}} || 2016-09-22 || <= 1.0.2.h-1 || 1.0.2.i-1 || <1d || Fixed ({{bug|49616}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000719.html ASA-201609-23]<br />
|- <br />
| {{CVE|CVE-2016-2177}} {{CVE|CVE-2016-2178}} {{CVE|CVE-2016-2179}} {{CVE|CVE-2016-2180}} {{CVE|CVE-2016-2181}} {{CVE|CVE-2016-2182}} {{CVE|CVE-2016-2183}} {{CVE|CVE-2016-6302}} {{CVE|CVE-2016-6303}} {{CVE|CVE-2016-6304}} {{CVE|CVE-2016-6306}} [http://eprint.iacr.org/2016/594] [https://www.openssl.org/news/secadv/20160922.txt] || {{pkg|lib32-openssl}} || 2016-09-22 || <= 1:1.0.2.h-1 || 1:1.0.2.i-1 || <1d || Fixed ({{bug|49616}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000720.html ASA-201609-24]<br />
|- <br />
| {{CVE|CVE-2016-7044}} {{CVE|CVE-2016-7045}} [https://irssi.org/security/irssi_sa_2016.txt] || {{pkg|irssi}} || 2016-09-21 || <= 0.8.19-2 || 0.8.20-1 || || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000716.html ASA-201609-20]<br />
|- <br />
| {{CVE|CVE-2016-5270}} {{CVE|CVE-2016-5271}} {{CVE|CVE-2016-5272}} {{CVE|CVE-2016-5273}} {{CVE|CVE-2016-5276}} {{CVE|CVE-2016-5274}} {{CVE|CVE-2016-5277}} {{CVE|CVE-2016-5275}} {{CVE|CVE-2016-5278}} {{CVE|CVE-2016-5279}} {{CVE|CVE-2016-5280}} {{CVE|CVE-2016-5281}} {{CVE|CVE-2016-5282}} {{CVE|CVE-2016-5283}} {{CVE|CVE-2016-5284}} {{CVE|CVE-2016-5256}} {{CVE|CVE-2016-5257}} [https://www.mozilla.org/en-US/security/advisories/mfsa2016-85/] || {{pkg|firefox}} || 2016-09-13 || <= 48.0.2-1 || 49.0-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000718.html ASA-201609-22]<br />
|- <br />
| {{CVE|CVE-2016-5388}} || {{pkg|tomcat7}} || 2016-09-18 || <= 7.0.70-1 || 7.0.72-1 || || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000717.html ASA-201609-21]<br />
|- <br />
| {{CVE|CVE-2016-7420}} [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7420] || {{pkg|crypto++}} || 2016-09-18 || <= 5.6.4-2 || 5.6.5-1 || <24d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-October/000736.html ASA-201610-8 ]<br />
|- <br />
| {{CVE|CVE-2016-7444}} [http://seclists.org/oss-sec/2016/q3/545] [https://www.gnutls.org/security.html#GNUTLS-SA-2016-3] || {{pkg|gnutls}} || 2016-09-08 || <= 3.4.14-1 || 3.4.15-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000721.html ASA-201609-25]<br />
|- <br />
| {{CVE|CVE-2016-7444}} [http://seclists.org/oss-sec/2016/q3/545] [https://www.gnutls.org/security.html#GNUTLS-SA-2016-3] || {{pkg|lib32-gnutls}} || 2016-09-08 || <= 3.4.14-1 || 3.4.15-1 || 13d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000722.html ASA-201609-26]<br />
|- <br />
| {{CVE|CVE-2016-5170}} {{CVE|CVE-2016-5171}} {{CVE|CVE-2016-5172}} {{CVE|CVE-2016-5173}} {{CVE|CVE-2016-5174}} {{CVE|CVE-2016-5175}} [https://googlechromereleases.blogspot.fr/2016/09/stable-channel-update-for-desktop_13.html] || {{pkg|chromium}} || 2016-09-13 || <= 53.0.2785.101-1 || 53.0.2785.116-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000709.html ASA-201609-13]<br />
|- <br />
| {{CVE|CVE-2016-7412}} {{CVE|CVE-2016-7413}} {{CVE|CVE-2016-7414}} {{CVE|CVE-2016-7416}} {{CVE|CVE-2016-7417}} {{CVE|CVE-2016-7418}} [http://www.openwall.com/lists/oss-security/2016/09/15/10] || {{pkg|php}} || 2016-09-15 || <= 7.0.10-1 || 7.0.11-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000712.html ASA-201609-16]<br />
|- <br />
| {{CVE|CVE-2016-6352}} [https://bugzilla.redhat.com/show_bug.cgi?id=1349751] || {{pkg|lib32-gdk-pixbuf2}} || 2016-08-31 || <= 2.34.0-1 || || || '''Vulnerable''' ||<br />
|- <br />
| {{CVE|CVE-2016-6352}} [https://bugzilla.redhat.com/show_bug.cgi?id=1349751] || {{pkg|gdk-pixbuf2}} || 2016-08-31 || <= 2.34.0-2 || 2.36.0+2+ga7c869a-1 || 50d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-October/000737.html ASA-201610-9]<br />
|- <br />
| {{CVE|CVE-2016-7167}} [https://curl.haxx.se/docs/adv_20160914.html] || {{pkg|curl}} || 2016-09-14 || <= 7.50.2-1 || 7.50.3-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000715.html ASA-201609-19]<br />
|- <br />
| {{CVE|CVE-2016-7167}} [https://curl.haxx.se/docs/adv_20160914.html] || {{pkg|lib32-curl}} || 2016-09-14 || <= 7.50.0-1 || 7.50.3-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000714.html ASA-201609-18]<br />
|- <br />
| {{CVE|CVE-2016-4271}} {{CVE|CVE-2016-4272}} {{CVE|CVE-2016-4274}} {{CVE|CVE-2016-4275}} {{CVE|CVE-2016-4276}} {{CVE|CVE-2016-4277}} {{CVE|CVE-2016-4278}} {{CVE|CVE-2016-4279}} {{CVE|CVE-2016-4280}} {{CVE|CVE-2016-4281}} {{CVE|CVE-2016-4282}} {{CVE|CVE-2016-4283}} {{CVE|CVE-2016-4284}} {{CVE|CVE-2016-4285}} {{CVE|CVE-2016-4287}} {{CVE|CVE-2016-6921}} {{CVE|CVE-2016-6922}} {{CVE|CVE-2016-6923}} {{CVE|CVE-2016-6924}} {{CVE|CVE-2016-6925}} {{CVE|CVE-2016-6926}} {{CVE|CVE-2016-6927}} {{CVE|CVE-2016-6929}} {{CVE|CVE-2016-6930}} {{CVE|CVE-2016-6931}} {{CVE|CVE-2016-6932}} [https://helpx.adobe.com/security/products/flash-player/apsb16-29.html] || {{pkg|flashplugin}} {{pkg|lib32-flashplugin}} || 2016-09-13 || <= 11.2.202.632-1 || 11.2.202.635-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000707.html ASA-201609-11] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000708.html ASA-201609-12]<br />
|- <br />
| {{CVE|CVE-2016-6662}} {{CVE|CVE-2016-6663}} [https://mariadb.org/mariadb-server-versions-remote-root-code-execution-vulnerability-cve-2016-6662/] [https://jira.mariadb.org/browse/MDEV-10465] [http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html] || {{Pkg|mariadb}} || 2016-09-13 || <= 10.1.16-2 || 10.1.17-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000706.html ASA-201609-10]<br />
|-<br />
| {{CVE|CVE-2016-7180}} {{CVE|CVE-2016-7175}} {{CVE|CVE-2016-7176}} {{CVE|CVE-2016-7177}} {{CVE|CVE-2016-7178}} {{CVE|CVE-2016-7179}} [https://www.wireshark.org/security/wnpa-sec-2016-50.html] [https://www.wireshark.org/security/wnpa-sec-2016-51.html] [https://www.wireshark.org/security/wnpa-sec-2016-52.html] [https://www.wireshark.org/security/wnpa-sec-2016-53.html] [https://www.wireshark.org/security/wnpa-sec-2016-54.html] [https://www.wireshark.org/security/wnpa-sec-2016-55.html] || {{pkg|wireshark-cli}} || 2016-09-09 || <= 2.0.5-1 || 2.2.0-1 || 15d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000723.html ASA-201609-27]<br />
|- <br />
| {{CVE|CVE-2016-5388}} [https://www.apache.org/security/asf-httpoxy-response.txt] || {{pkg|tomcat8}} || 2016-07-18 || <= 8.0.36-1 || 8.0.37-1 || 52d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000703.html ASA-201609-7] <br />
|-<br />
| {{CVE|CVE-2016-7164}} [http://ftp.gnome.org/mirror/gnome.org/sources/file-roller/3.20/file-roller-3.20.3.news] || {{pkg|file-roller}} || 2016-09-08 || <= 3.20.2-1 || 3.20.3-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000701.html ASA-201609-5]<br />
|-<br />
| {{CVE|CVE-2016-5426}} {{CVE|CVE-2016-5427}} [http://seclists.org/oss-sec/2016/q3/464] [https://doc.powerdns.com/md/security/powerdns-advisory-2016-01/] || {{pkg|powerdns}} || 2016-09-08 || 3.4.9-1 || 4.0.1-3 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000705.html ASA-201609-9]<br />
|-<br />
| {{CVE|CVE-2016-7164}} [http://seclists.org/oss-sec/2016/q3/443] || {{pkg|libtorrent-rasterbar}} || 2016-09-08 || <= 1:1.1-3 || 1:1.1.1-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000704.html ASA-201609-8]<br />
|-<br />
| {{CVE|CVE-2016-7141}} [https://curl.haxx.se/docs/adv_20160907.html] || {{pkg|curl}} || 2016-09-07 || N/A || N/A || - || Not Affected || None<br />
|-<br />
| {{CVE|CVE-2016-2835}} {{CVE|CVE-2016-2836}} [https://www.mozilla.org/en-US/security/advisories/mfsa2016-62/] || {{pkg|thunderbird}} || 2016-08-30 || <= 45.2.0-2 || 45.3.0-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000699.html ASA-201609-3]<br />
|-<br />
| {{CVE|CVE-2016-7134}} {{CVE|CVE-2016-7133}} {{CVE|CVE-2016-7132}} {{CVE|CVE-2016-7131}} {{CVE|CVE-2016-7130}} {{CVE|CVE-2016-7129}} {{CVE|CVE-2016-7128}} {{CVE|CVE-2016-7127}} {{CVE|CVE-2016-7126}} {{CVE|CVE-2016-7125}} {{CVE|CVE-2016-7124}} [http://www.openwall.com/lists/oss-security/2016/09/02/9] || {{pkg|php}} || 2016-09-03 || <= 7.0.10-1 || 7.0.11-1 || || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-5147}} {{CVE|CVE-2016-5148}} {{CVE|CVE-2016-5149}} {{CVE|CVE-2016-5150}} {{CVE|CVE-2016-5151}} {{CVE|CVE-2016-5152}} {{CVE|CVE-2016-5153}} {{CVE|CVE-2016-5154}} {{CVE|CVE-2016-5155}} {{CVE|CVE-2016-5156}} {{CVE|CVE-2016-5157}} {{CVE|CVE-2016-5158}} {{CVE|CVE-2016-5159}} {{CVE|CVE-2016-5160}} {{CVE|CVE-2016-5161}} {{CVE|CVE-2016-5162}} {{CVE|CVE-2016-5163}} {{CVE|CVE-2016-5164}} {{CVE|CVE-2016-5165}} {{CVE|CVE-2016-5166}} {{CVE|CVE-2016-5167}} [https://googlechromereleases.blogspot.fr/2016/08/stable-channel-update-for-desktop_31.html] || {{pkg|chromium}} || 2016-08-31 || <= 52.0.2743.116-1 || 53.0.2785.89-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000697.html ASA-201609-1]<br />
|-<br />
| {{CVE|CVE-2016-6525}} [http://bugs.ghostscript.com/show_bug.cgi?id=696954] || {{Pkg|mupdf}} || 2016-07-19 || <= 1.9a-4 || 1.9a-5 || 1d || Fixed ([https://bugs.archlinux.org/task/50590 FS#50590 ]) || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000696.html ASA-201608-22] <br />
|-<br />
| {{CVE|CVE-2016-6265}} [http://bugs.ghostscript.com/show_bug.cgi?id=696941] || {{Pkg|mupdf}} || 2016-07-19 || <= 1.9a-3 || 1.9a-4 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000695.html ASA-201608-21] <br />
|-<br />
| {{CVE|CVE-2016-4590}} {{CVE|CVE-2016-4591}} {{CVE|CVE-2016-4622}} {{CVE|CVE-2016-4624}} [https://webkitgtk.org/2016/08/24/webkitgtk2.12.4-released.html] [https://webkitgtk.org/security/WSA-2016-0005.html] || {{pkg|webkit2gtk}} || 2016-08-24 || <= 2.12.3-1 || 2.12.4-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000698.html ASA-201609-2]<br />
|-<br />
| {{CVE|CVE-2016-6331}} {{CVE|CVE-2016-6332}} {{CVE|CVE-2016-6333}} {{CVE|CVE-2016-6334}} {{CVE|CVE-2016-6335}} {{CVE|CVE-2016-6336}} {{CVE|CVE-2016-6337}} [https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html] || {{pkg|mediawiki}} || 2016-08-23 || <= 1.27.0-1 || 1.27.1-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000693.html ASA-201608-19] <br />
|-<br />
| {{CVE|CVE-2016-6313}} [https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html] || {{pkg|lib32-libgcrypt}} || 2016-08-17 || <= 1.7.2-1 || 1.7.3-1 || 31d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000710.html ASA-201609-14]<br />
|-<br />
| {{CVE|CVE-2016-6313}} [https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html] || {{pkg|libgcrypt}} || 2016-08-17 || <= 1.7.2-1 || 1.7.3-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000692.html ASA-201608-18]<br />
|-<br />
| {{CVE|CVE-2016-5423}} {{CVE|CVE-2016-5424}} [https://www.postgresql.org/about/news/1688/] || {{pkg|postgresql}} {{pkg|postgresql-libs}} || 2016-08-11 || <= 9.5.3-1 || 9.5.4-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000688.html ASA-201608-14]<br />
|-<br />
| {{CVE|CVE-2016-5696}} [http://seclists.org/oss-sec/2016/q3/44] [https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=75ff39ccc1bd5d3c455b6822ab09e533c551f758] || {{pkg|linux}} || 2016-07-12 || <= 4.6.4-1 || 4.7-1 || 31d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000686.html ASA-201608-12]<br />
|-<br />
| {{CVE|CVE-2016-5696}} [http://seclists.org/oss-sec/2016/q3/44] [https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=75ff39ccc1bd5d3c455b6822ab09e533c551f758] || {{pkg|linux-grsec}} || 2016-07-12 || <= 4.6.5.201607312210-1 || 4.7.201608131240-1 || 33d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000687.html ASA-201608-13]<br />
|-<br />
| {{CVE|CVE-2016-5696}} [http://seclists.org/oss-sec/2016/q3/44] [https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=75ff39ccc1bd5d3c455b6822ab09e533c551f758] || {{pkg|linux-lts}} || 2016-07-12 || <= 4.4.16-1 || 4.4.19-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000691.html ASA-201608-17]<br />
|-<br />
| {{CVE|CVE-2016-5696}} [http://seclists.org/oss-sec/2016/q3/44] [https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=75ff39ccc1bd5d3c455b6822ab09e533c551f758] || {{pkg|linux-zen}} || 2016-07-12 || <= 4.6.5-1 || 4.7-1 || 35d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000689.html ASA-201608-15]<br />
|-<br />
| {{CVE|CVE-2016-5139}} {{CVE|CVE-2016-5140}} {{CVE|CVE-2016-5141}} {{CVE|CVE-2016-5142}} {{CVE|CVE-2016-5143}} {{CVE|CVE-2016-5144}} {{CVE|CVE-2016-5145}} {{CVE|CVE-2016-5146}} [https://googlechromereleases.blogspot.fr/2016/08/stable-channel-update-for-desktop.html] || {{pkg|chromium}} || 2016-08-03 || <= 52.0.2743.85-2 || 52.0.2743.116-1 || 14d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000690.html ASA-201608-16]<br />
|-<br />
| {{CVE|CVE-2016-6255}} || {{pkg|libupnp}} || 2016-08-08 || <= 1.6.19-1 || 1.6.20-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000682.html ASA-201608-8]<br />
|-<br />
| {{CVE|CVE-2016-3075}} {{CVE|CVE-2016-5417}} [https://sourceware.org/bugzilla/show_bug.cgi?id=19879] [https://sourceware.org/bugzilla/show_bug.cgi?id=19257] || {{pkg|glibc}} {{pkg|lib32-glibc}} || 2016-08-02 || <= 2.23-5 || 2.24-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000680.html ASA-201608-6] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000681.html ASA-201608-7]<br />
|-<br />
| {{CVE|CVE-2016-3458}} {{CVE|CVE-2016-3500}} {{CVE|CVE-2016-3508}} {{CVE|CVE-2016-3550}} {{CVE|CVE-2016-3598}} {{CVE|CVE-2016-3606}} {{CVE|CVE-2016-3610}} [http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2016-July/036560.html] || {{pkg|jdk7-openjdk}} {{pkg|jre7-openjdk}} {{pkg|jre7-openjdk-headless}} || 2016-07-29 || <= 7.u101_2.6.6 || 7.u111_2.6.7 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000677.html ASA-201608-3] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000678.html ASA-201608-4] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000679.html ASA-201608-5]<br />
|-<br />
| {{CVE|CVE-2016-0718}} {{CVE|CVE-2016-2830}} {{CVE|CVE-2016-2835}} {{CVE|CVE-2016-2836}} {{CVE|CVE-2016-2837}} {{CVE|CVE-2016-2838}} {{CVE|CVE-2016-2839}} {{CVE|CVE-2016-5250}} {{CVE|CVE-2016-5251}} {{CVE|CVE-2016-5252}} {{CVE|CVE-2016-5254}} {{CVE|CVE-2016-5255}} {{CVE|CVE-2016-5258}} {{CVE|CVE-2016-5259}} {{CVE|CVE-2016-5260}} {{CVE|CVE-2016-5261}} {{CVE|CVE-2016-5262}} {{CVE|CVE-2016-5263}} {{CVE|CVE-2016-5264}} {{CVE|CVE-2016-5265}} {{CVE|CVE-2016-5266}} {{CVE|CVE-2016-5268}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox48] || {{pkg|firefox}} || 2016-08-02 || <= 47.0.1-1 || 48.0-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000676.html ASA-201608-2]<br />
|-<br />
| {{CVE|CVE-2016-5419}} {{CVE|CVE-2016-5420}} {{CVE|CVE-2016-5421}} [https://curl.haxx.se/docs/adv_20160803A.html] [https://curl.haxx.se/docs/adv_20160803B.html] [https://curl.haxx.se/docs/adv_20160803C.html] || {{pkg|curl}} || 2016-08-03 || <= 7.50.0-1 || 7.50.1-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000683.html ASA-201608-9]<br />
|-<br />
| {{CVE|CVE-2016-6210}} [http://www.openssh.com/txt/release-7.3] [http://seclists.org/fulldisclosure/2016/Jul/51] || {{pkg|openssh}} || 2016-07-14 || <= 7.2p2-2 || 7.3p1-1 || 16d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000675.html ASA-201608-1]<br />
|-<br />
| {{CVE|CVE-2016-6503}} {CVE|CVE-2016-6504}} {{CVE|CVE-2016-6507}} [http://seclists.org/oss-sec/2016/q3/217] [[http://www.wireshark.org/security/wnpa-sec-2016-39.html] [http://www.wireshark.org/security/wnpa-sec-2016-40.html] [http://www.wireshark.org/security/wnpa-sec-2016-43.html] || {{pkg|wireshark-cli}} || 2016-07-28 || <= 2.0.4-1 || - || - || Not Affected || None<br />
|-<br />
| {{CVE|CVE-2016-6505}} {{CVE|CVE-2016-6506}} {{CVE|CVE-2016-6508}} {{CVE|CVE-2016-6509}} {{CVE|CVE-2016-6510}} {{CVE|CVE-2016-6511}} {{CVE|CVE-2016-6512}} {{CVE|CVE-2016-6513}} [http://seclists.org/oss-sec/2016/q3/217] [http://www.wireshark.org/security/wnpa-sec-2016-41.html] [http://www.wireshark.org/security/wnpa-sec-2016-42.html] [http://www.wireshark.org/security/wnpa-sec-2016-44.html] [http://www.wireshark.org/security/wnpa-sec-2016-45.html] [http://www.wireshark.org/security/wnpa-sec-2016-46.html] [http://www.wireshark.org/security/wnpa-sec-2016-47.html] [http://www.wireshark.org/security/wnpa-sec-2016-48.html] [http://www.wireshark.org/security/wnpa-sec-2016-49.html] || {{pkg|wireshark-cli}} || 2016-07-28 || <= 2.0.4-1 || 2.0.5-1 || 26d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000694.html ASA-201608-20]<br />
|-<br />
| {{CVE|CVE-2016-6491}} [http://seclists.org/oss-sec/2016/q3/194] [http://git.imagemagick.org/repos/ImageMagick/commit/5cb6c1acd3e3b12f9260daf207db432df7f792c2] || {{pkg|imagemagick}} || 2016-07-27 || <= 6.9.5.2-1 || 6.9.5.3-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000673.html ASA-201607-13]<br />
|-<br />
| {{CVE|CVE-2015-8948}} {{CVE|CVE-2016-6261}} {{CVE|CVE-2016-6262}} {{CVE|CVE-2016-6263}} || {{Pkg|libidn}} || 2016-07-20 || <= 1.32-1 || 1.33-1 || 10d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000674.html ASA-201607-14]<br />
|-<br />
| {{CVE|CVE-2016-6186}} || {{Pkg|python-django}} {{Pkg|python2-django}}|| 2016-07-18 || <= 1.9.8-1 || 1.9.8-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000670.html ASA-201607-10] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000671.html ASA-201607-11]<br />
|-<br />
| {{CVE|CVE-2016-1705}} {{CVE|CVE-2016-1706}} {{CVE|CVE-2016-1708}} {{CVE|CVE-2016-1709}} {{CVE|CVE-2016-1710}} {{CVE|CVE-2016-1711}} {{CVE|CVE-2016-5127}} {{CVE|CVE-2016-5128}} {{CVE|CVE-2016-5129}} {{CVE|CVE-2016-5130}} {{CVE|CVE-2016-5131}} {{CVE|CVE-2016-5132}} {{CVE|CVE-2016-5133}} {{CVE|CVE-2016-5134}} {{CVE|CVE-2016-5135}} {{CVE|CVE-2016-5136}} {{CVE|CVE-2016-5137}} [https://googlechromereleases.blogspot.fr/2016/07/stable-channel-update.html] || {{pkg|chromium}} || 2016-07-20 || <= 51.0.2704.106-1 || 52.0.2743.82-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000672.html ASA-201607-12]<br />
|-<br />
| {{CVE|CVE-2016-5385}} [https://www.drupal.org/SA-CORE-2016-003] || {{pkg|drupal}} || 2016-07-18 || <= 8.1.6-1 || 8.1.7-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000669.html ASA-201607-9]<br />
|-<br />
| {{CVE|CVE-2016-2775}} [https://kb.isc.org/article/AA-01393/74/CVE-2016-2775] || {{pkg|bind}} || 2016-07-19 || <= 9.10.4.P1-2 || 9.10.4.P2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000668.html ASA-201607-8]<br />
|-<br />
|{{CVE|CVE-2016-4173}} {{CVE|CVE-2016-4174}} {{CVE|CVE-2016-4175}} {{CVE|CVE-2016-4176}} {{CVE|CVE-2016-4177}} {{CVE|CVE-2016-4179}} {{CVE|CVE-2016-4180}} {{CVE|CVE-2016-4181}} {{CVE|CVE-2016-4182}} {{CVE|CVE-2016-4183}} {{CVE|CVE-2016-4184}} {{CVE|CVE-2016-4185}} {{CVE|CVE-2016-4186}} {{CVE|CVE-2016-4187}} {{CVE|CVE-2016-4188}} {{CVE|CVE-2016-4189}} {{CVE|CVE-2016-4190}} {{CVE|CVE-2016-4217}} {{CVE|CVE-2016-4218}} {{CVE|CVE-2016-4219}} {{CVE|CVE-2016-4220}} {{CVE|CVE-2016-4221}} {{CVE|CVE-2016-4222}} {{CVE|CVE-2016-4223}} {{CVE|CVE-2016-4224}} {{CVE|CVE-2016-4225}} {{CVE|CVE-2016-4226}} {{CVE|CVE-2016-4227}} {{CVE|CVE-2016-4228}} {{CVE|CVE-2016-4229}} {{CVE|CVE-2016-4230}} {{CVE|CVE-2016-4231}} {{CVE|CVE-2016-4232}} {{CVE|CVE-2016-4233}} {{CVE|CVE-2016-4234}} {{CVE|CVE-2016-4235}} {{CVE|CVE-2016-4236}} {{CVE|CVE-2016-4237}} {{CVE|CVE-2016-4238}} {{CVE|CVE-2016-4239}} {{CVE|CVE-2016-4240}} {{CVE|CVE-2016-4241}} {{CVE|CVE-2016-4242}} {{CVE|CVE-2016-4243}} {{CVE|CVE-2016-4244}} {{CVE|CVE-2016-4245}} {{CVE|CVE-2016-4246}} {{CVE|CVE-2016-4247}} {{CVE|CVE-2016-4248}} || {{pkg|flashplugin}} {{pkg|lib32-flashplugin}} || 2016-07-12 || <= 11.2.202.626-1 || 11.2.202.632-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000666.html ASA-201607-6] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000667.html ASA-201607-7]<br />
|-<br />
| {{CVE|CVE-2016-2815}} {{CVE|CVE-2016-2818}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird45.2] || {{pkg|thunderbird}} || 2016-06-30 || <= 45.1.1-2 || 45.2.0-1 || 10d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000664.html ASA-201607-4]<br />
|-<br />
| {{CVE|CVE-2016-4979}} [https://httpd.apache.org/security/vulnerabilities_24.html] || {{pkg|apache}} || 2016-07-05 || 2.4.18-2.4.20 || 2.4.23-1 || || Fixed ({{bug|49958}}) || None<br />
|-<br />
| {{CVE|CVE-2016-4994}} [https://bugzilla.gnome.org/show_bug.cgi?id=767873] || {{pkg|gimp}} || 2016-06-21 || <= 2.8.16-2 || 2.8.18-1 || 26d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000665.html ASA-201607-5]<br />
|-<br />
| {{CVE|CVE-2016-4472}} [https://bugzilla.redhat.com/show_bug.cgi?id=1344251] || {{pkg|expat}} || 2016-06-30 || <= 2.1.1-3 || 2.2.0-1 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-3189}} [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3189] || {{pkg|bzip2}} || 2016-06-30 || <= 1.0.6-5 || || || '''Vulnerable''' ||<br />
|-<br />
| {{CVE|CVE-2016-4463}} [http://seclists.org/bugtraq/2016/Jun/115] || {{pkg|xerces-c}} || 2016-06-29 || <= 3.1.3-2 || 3.1.4-1 || <3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000662.html ASA-201607-2]<br />
|-<br />
| {{CVE|CVE-2016-4324}} [http://www.talosintelligence.com/reports/TALOS-2016-0126/] || {{pkg|libreoffice-fresh}} || 2016-06-27 || <= 5.1.3-2 || 5.1.4-1 || <0d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000663.html ASA-201607-3]<br />
|-<br />
| {{CVE|CVE-2016-5701}} {{CVE|CVE-2016-5702}} {{CVE|CVE-2016-5703}} {{CVE|CVE-2016-5704}} {{CVE|CVE-2016-5705}} {{CVE|CVE-2016-5706}} {{CVE|CVE-2016-5730}} {{CVE|CVE-2016-5731}} {{CVE|CVE-2016-5732}} {{CVE|CVE-2016-5733}} {{CVE|CVE-2016-5734}} {{CVE|CVE-2016-5739}} [https://www.phpmyadmin.net/security/PMASA-2016-17/] [https://www.phpmyadmin.net/security/PMASA-2016-18/] [https://www.phpmyadmin.net/security/PMASA-2016-19/] [https://www.phpmyadmin.net/security/PMASA-2016-20/] [https://www.phpmyadmin.net/security/PMASA-2016-21/] [https://www.phpmyadmin.net/security/PMASA-2016-22/] [https://www.phpmyadmin.net/security/PMASA-2016-23/] [https://www.phpmyadmin.net/security/PMASA-2016-24/] [https://www.phpmyadmin.net/security/PMASA-2016-25/] [https://www.phpmyadmin.net/security/PMASA-2016-26/] [https://www.phpmyadmin.net/security/PMASA-2016-27/] [https://www.phpmyadmin.net/security/PMASA-2016-28/] || {{pkg|phpmyadmin}} || 2016-06-23 || <= 4.6.2-1 || 4.6.3-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000660.html ASA-201606-25]<br />
|-<br />
| {{CVE|CVE-2016-1704}} [https://googlechromereleases.blogspot.fr/2016/06/stable-channel-update_16.html] || {{pkg|chromium}} || 2016-01-16 || <= 51.0.2704.84-1 || 51.0.2704.103-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000655.html ASA-201606-20]<br />
|-<br />
| {{CVE|CVE-2016-2365}} {{CVE|CVE-2016-2366}} {{CVE|CVE-2016-2367}} {{CVE|CVE-2016-2368}} {{CVE|CVE-2016-2369}} {{CVE|CVE-2016-2370}} {{CVE|CVE-2016-2371}} {{CVE|CVE-2016-2372}} {{CVE|CVE-2016-2373}} {{CVE|CVE-2016-2374}} {{CVE|CVE-2016-2375}} {{CVE|CVE-2016-2376}} {{CVE|CVE-2016-2377}} {{CVE|CVE-2016-2378}} {{CVE|CVE-2016-2380}} {{CVE|CVE-2016-4323}} [http://blog.talosintel.com/2016/06/vulnerability-spotlight-pidgin.html] || {{pkg|libpurple}} || 2016-01-21 || <= 2.10.12-4 || 2.11.0-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000659.html ASA-201606-24]<br />
|-<br />
| {{CVE|CVE-2016-1541}} [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1541] || {{pkg|libarchive}} || 2016-01-17 || <= 3.1.2-8 || 3.2.0-1 || 47d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000661.html ASA-201607-1]<br />
|-<br />
| {{CVE|CVE-2016-5875}} {{CVE|CVE-2016-5314}} {{CVE|CVE-2016-5315}} {{CVE|CVE-2016-5316}} {{CVE|CVE-2016-5317}} {{CVE|CVE-2016-5320}} {{CVE|CVE-2016-5321}} {{CVE|CVE-2016-5322}} {{CVE|CVE-2016-5323}} {{CVE|CVE-2016-5102}} {{CVE|CVE-2016-3991}} {{CVE|CVE-2016-3990}} {{CVE|CVE-2016-3945}} {{CVE|CVE-2016-3658}} {{CVE|CVE-2016-3634}} {{CVE|CVE-2016-3633}} {{CVE|CVE-2016-3632}} {{CVE|CVE-2016-3631}} {{CVE|CVE-2016-3625}} {{CVE|CVE-2016-3624}} {{CVE|CVE-2016-3623}} {{CVE|CVE-2016-3622}} {{CVE|CVE-2016-3621}} {{CVE|CVE-2016-3620}} {{CVE|CVE-2016-3619}} {{CVE|CVE-2016-3186}} {{CVE|CVE-2015-8668}} {{CVE|CVE-2015-7313}} {{CVE|CVE-2014-8130}} {{CVE|CVE-2014-8127}} {{CVE|CVE-2010-2596}} {{CVE|CVE-2016-6223}} [http://www.openwall.com/lists/oss-security/2016/06/15/1] [http://www.openwall.com/lists/oss-security/2016/06/15/2] [http://www.openwall.com/lists/oss-security/2016/06/15/3] [http://www.openwall.com/lists/oss-security/2016/06/15/5] [http://www.openwall.com/lists/oss-security/2016/06/15/6] [http://www.openwall.com/lists/oss-security/2016/06/15/7] [http://www.openwall.com/lists/oss-security/2016/06/15/8] [http://www.openwall.com/lists/oss-security/2016/06/15/9] [https://security-tracker.debian.org/tracker/source-package/tiff] [http://www.openwall.com/lists/oss-security/2016/07/13/3] || {{pkg|libtiff}} || 2016-06-19 || <= 4.0.6-2 || || || '''Vulnerable''' ||<br />
|-<br />
| {{CVE|CVE-2016-4122}} {{CVE|CVE-2016-4123}} {{CVE|CVE-2016-4124}} {{CVE|CVE-2016-4125}} {{CVE|CVE-2016-4127}} {{CVE|CVE-2016-4128}} {{CVE|CVE-2016-4129}} {{CVE|CVE-2016-4130}} {{CVE|CVE-2016-4131}} {{CVE|CVE-2016-4132}} {{CVE|CVE-2016-4133}} {{CVE|CVE-2016-4134}} {{CVE|CVE-2016-4135}} {{CVE|CVE-2016-4136}} {{CVE|CVE-2016-4137}} {{CVE|CVE-2016-4138}} {{CVE|CVE-2016-4139}} {{CVE|CVE-2016-4140}} {{CVE|CVE-2016-4141}} {{CVE|CVE-2016-4142}} {{CVE|CVE-2016-4143}} {{CVE|CVE-2016-4144}} {{CVE|CVE-2016-4145}} {{CVE|CVE-2016-4146}} {{CVE|CVE-2016-4147}} {{CVE|CVE-2016-4148}} {{CVE|CVE-2016-4149}} {{CVE|CVE-2016-4150}} {{CVE|CVE-2016-4151}} {{CVE|CVE-2016-4152}} {{CVE|CVE-2016-4153}} {{CVE|CVE-2016-4154}} {{CVE|CVE-2016-4155}} {{CVE|CVE-2016-4156}} {{CVE|CVE-2016-4166}} {{CVE|CVE-2016-4171}} [https://helpx.adobe.com/security/products/flash-player/apsb16-18.html] || {{pkg|flashplugin}} {{pkg|lib32-flashplugin}} || 2016-06-16 || <= 11.2.202.621-1 || 11.2.202.626-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000650.html ASA-201606-15] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000653.html ASA-201606-18]<br />
|-<br />
| {{CVE|CVE-2016-4971}} [https://lists.gnu.org/archive/html/bug-wget/2016-06/msg00033.html] || {{pkg|wget}} || 2016-06-09 || <= 1.17.1-2 || 1.18-1 || 11d || Fixed ({{bug|49730}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000654.html ASA-201606-19]<br />
|-<br />
| {{CVE|CVE-2012-6702}} {{CVE|CVE-2016-5300}} || {{pkg|expat}} {{pkg|lib32-expat}} || 2016-06-07 || <= 2.1.1-2 || 2.1.1-3 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000648.html ASA-201606-13] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000649.html ASA-201606-14]<br />
|-<br />
| {{CVE|CVE-2016-5360}} [http://seclists.org/oss-sec/2016/q2/512] || {{pkg|haproxy}} || 2016-06-09 || <= 1.6.5-3 || 1.6.5-4 || 1d || Fixed ({{bug|49638}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000646.html ASA-201606-11]<br />
|-<br />
| {{CVE|CVE-2016-2815}} {{CVE|CVE-2016-2818}} {{CVE|CVE-2016-2819}} {{CVE|CVE-2016-2821}} {{CVE|CVE-2016-2822}} {{CVE|CVE-2016-2825}} {{CVE|CVE-2016-2828}} {{CVE|CVE-2016-2829}} {{CVE|CVE-2016-2831}} {{CVE|CVE-2016-2832}} {{CVE|CVE-2016-2833}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox47] || {{pkg|firefox}} || 2016-06-07 || <= 46.0.1-1 || 47.0-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000642.html ASA-201606-7]<br />
|-<br />
| {{CVE|CVE-2016-4456}} [https://marc.ttias.be/oss-security/2016-06/msg00043.php] [http://gnutls.org/security.html#GNUTLS-SA-2016-1] || {{pkg|gnutls}} {{pkg|lib32-gnutls}} || 2016-06-06 || <= 3.4.12-1 || 3.4.13-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000645.html ASA-201606-10] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000647.html ASA-201606-12]<br />
|-<br />
| {{CVE|CVE-2015-8899}} [http://www.openwall.com/lists/oss-security/2016/06/04/2] || {{pkg|dnsmasq}} || 2016-06-04 || <= 2.75-1 || 2.76-1 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-4953}} {{CVE|CVE-2016-4954}} {{CVE|CVE-2016-4955}} {{CVE|CVE-2016-4956}} {{CVE|CVE-2016-4957}} [http://support.ntp.org/bin/view/Main/SecurityNotice#June_2016_ntp_4_2_8p8_NTP_Securi] || {{pkg|ntp}} || 2016-06-02 || <= 4.2.8.p7-1 || 4.2.8.p8-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000639.html ASA-201606-4]<br />
|-<br />
| {{CVE|CVE-2016-4429}} [https://sourceware.org/bugzilla/show_bug.cgi?id=20112] || {{pkg|glibc}} {{pkg|lib32-glibc}} || 2016-05-18 || <= 2.23-4 || 2.23-5 || 25d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000651.html ASA-201606-16] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000652.html ASA-201606-17]<br />
|-<br />
| {{CVE|CVE-2016-5244}} {{CVE|CVE-2016-5243}} [http://www.openwall.com/lists/oss-security/2016/06/03/5] [http://www.openwall.com/lists/oss-security/2016/06/03/4] || {{pkg|linux}} || 2016-06-03 || <= 4.6.1 || || || Not Affected ||<br />
|-<br />
| {{CVE|CVE-2016-1696}} {{CVE|CVE-2016-1697}} {{CVE|CVE-2016-1698}} {{CVE|CVE-2016-1699}} {{CVE|CVE-2016-1700}} {{CVE|CVE-2016-1701}} {{CVE|CVE-2016-1702}} {{CVE|CVE-2016-1703}} [http://googlechromereleases.blogspot.fr/2016/06/stable-channel-update.html] || {{pkg|chromium}} || 2016-06-01 || <= 51.0.2704.63-1 || 51.0.2704.79-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000640.html ASA-201606-5]<br />
|-<br />
| {{CVE|CVE-2016-4450}} [http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html] [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4450] || {{pkg|nginx-mainline}} || 2016-05-31 || <= 1.11-1 || 1.11.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000637.html ASA-201606-2]<br />
|-<br />
| {{CVE|CVE-2016-4450}} [http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html] [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4450] || {{pkg|nginx}} || 2016-05-31 || <= 1.10-1 || 1.10.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000636.html ASA-201606-1]<br />
|-<br />
| {{CVE|CVE-2016-1857}} [http://webkitgtk.org/security/WSA-2016-0004.html] || {{pkg|webkit2gtk}} || 2016-05-30 || <= 2.12.2-1 || 2.12.3-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000638.html ASA-201606-3]<br />
|-<br />
| {{CVE|CVE-2016-5108}} [http://www.openwall.com/lists/oss-security/2016/05/27/7] || {{pkg|vlc}} || 2016-05-27 || <= 2.2.3-3 || 2.2.4-1 || 11d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000656.html ASA-201606-21]<br />
|-<br />
| {{CVE|CVE-2016-5104}} [http://www.openwall.com/lists/oss-security/2016/05/26/6] || {{pkg|libusbmuxd}} || 2016-05-26 || <= 1.0.10-1 || || || '''Vulnerable''' ||<br />
|-<br />
| {{CVE|CVE-2016-5104}} [http://www.openwall.com/lists/oss-security/2016/05/26/6] || {{pkg|libimobiledevice}} || 2016-05-26 || <= 1.2.0-3 || || || '''Vulnerable''' ||<br />
|-<br />
| {{CVE|CVE-2016-5103}} [http://www.openwall.com/lists/oss-security/2016/05/26/5] || {{pkg|roundcubemail}} || 2016-05-26 || <= 1.2rc-1 || 1.2.0-1 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-1762}} {{CVE|CVE-2016-1833}} {{CVE|CVE-2016-1834}} {{CVE|CVE-2016-1835}} {{CVE|CVE-2016-1836}} {{CVE|CVE-2016-1837}} {{CVE|CVE-2016-1838}} {{CVE|CVE-2016-1839}} {{CVE|CVE-2016-1840}} {{CVE|CVE-2016-3627}} {{CVE|CVE-2016-3705}} {{CVE|CVE-2016-4483}} [https://git.gnome.org/browse/libxml2/log/] || {{pkg|libxml2}} || 2016-05-23 || <= 2.9.3-2 || 2.9.4+0+gbdec218-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000634.html ASA-201605-27]<br />
|-<br />
| {{CVE|CVE-2016-1672}} {{CVE|CVE-2016-1673}} {{CVE|CVE-2016-1674}} {{CVE|CVE-2016-1675}} {{CVE|CVE-2016-1676}} {{CVE|CVE-2016-1677}} {{CVE|CVE-2016-1678}} {{CVE|CVE-2016-1679}} {{CVE|CVE-2016-1680}} {{CVE|CVE-2016-1681}} {{CVE|CVE-2016-1682}} {{CVE|CVE-2016-1683}} {{CVE|CVE-2016-1684}} {{CVE|CVE-2016-1685}} {{CVE|CVE-2016-1686}} {{CVE|CVE-2016-1687}} {{CVE|CVE-2016-1688}} {{CVE|CVE-2016-1689}} {{CVE|CVE-2016-1690}} {{CVE|CVE-2016-1691}} {{CVE|CVE-2016-1692}} {{CVE|CVE-2016-1693}} {{CVE|CVE-2016-1694}} {{CVE|CVE-2016-1695}} [http://googlechromereleases.blogspot.fr/2016/05/stable-channel-update_25.html] || {{pkg|chromium}} || 2016-05-25 || <= 50.0.2661.102-1 || 51.0.2704.63-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000635.html ASA-201605-28]<br />
|-<br />
| {{CVE|CVE-2016-5027}} {{CVE|CVE-2016-5028}} {{CVE|CVE-2016-5029}} {{CVE|CVE-2016-5030}} {{CVE|CVE-2016-5031}} {{CVE|CVE-2016-5032}} {{CVE|CVE-2016-5033}} {{CVE|CVE-2016-5034}} {{CVE|CVE-2016-5035}} {{CVE|CVE-2016-5036}} {{CVE|CVE-2016-5037}} {{CVE|CVE-2016-5038}} {{CVE|CVE-2016-5039}} {{CVE|CVE-2016-5040}} {{CVE|CVE-2016-5041}} {{CVE|CVE-2016-5042}} {{CVE|CVE-2016-5043}} {{CVE|CVE-2016-5044}} [http://seclists.org/oss-sec/2016/q2/393] [https://www.prevanders.net/dwarfbug.html] || {{pkg|libdwarf}} || 2016-05-24 || <= 20160507-1 || 20160613-1 || 27d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000658.html ASA-201606-23]<br />
|-<br />
| {{CVE|CVE-2015-1283}} {{CVE|CVE-2016-0718}} [http://seclists.org/oss-sec/2016/q2/360] || {{pkg|expat}} {{pkg|lib32-expat}} || 2016-05-17 || <= 2.1.1-1 || 2.1.1-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000629.html ASA-201605-22] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000630.html ASA-201605-23]<br />
|-<br />
| {{CVE|CVE-2016-2334}} {{CVE|CVE-2016-2335}} [http://www.talosintel.com/reports/TALOS-2016-0093/] [http://www.talosintel.com/reports/TALOS-2016-0094/] || {{pkg|p7zip}} || 2016-05-10 || <= 15.14.1-1 || 15.14.1-2 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000631.html ASA-201605-24]<br />
|-<br />
| {{CVE|CVE-2016-3698}} [https://github.com/jpirko/libndp/commit/2af9a55b38b55abbf05fd116ec097d4029115839] || {{pkg|libndp}} || 2016-05-17 || <= 1.5-1 || 1.6-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000633.html ASA-201605-26]<br />
|-<br />
| {{CVE|CVE-2016-2803}} [http://seclists.org/bugtraq/2016/May/72] || {{pkg|bugzilla}} || 2016-05-16 || <= 5.0.2-1 || 5.0.3-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000632.html ASA-201605-25]<br />
|-<br />
| {{CVE|CVE-2016-2099}} [https://issues.apache.org/jira/browse/XERCESC-2066] [http://www.openwall.com/lists/oss-security/2016/05/09/7] || {{pkg|xerces-c}} || 2016-05-09 || <= 3.1.3-1 || 3.1.3-2 || 46d || Fixed ({{bug|49353}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000656.html ASA-201606-22]<br />
|-<br />
| [http://blog.jetbrains.com/blog/2016/05/11/security-update-for-intellij-based-ides-v2016-1-and-older-versions/] || {{pkg|intellij-idea-community-edition}} {{pkg|intellij-idea-libs}} || 2016-05-11 || <= 1:2016.1.1-1 || 1:2016.1.2-1 || 3d || Fixed ({{bug|49329}}) || None<br />
|-<br />
| {{CVE|CVE-2016-2804}} {{CVE|CVE-2016-2805}} {{CVE|CVE-2016-2806}} {{CVE|CVE-2016-2807}} [https://www.mozilla.org/en-US/security/advisories/mfsa2016-39/] || {{pkg|thunderbird}} || 2016-05-10 || <= 45.0-1 || 45.1.0-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000628.html ASA-201605-21]<br />
|-<br />
| {{CVE|CVE-2016-1667}} {{CVE|CVE-2016-1668}} {{CVE|CVE-2016-1669}} {{CVE|CVE-2016-1670}} [http://googlechromereleases.blogspot.fr/2016/05/stable-channel-update.html] || {{pkg|chromium}} || 2016-05-11 || <= 50.0.2661.94-1 || 50.0.2661.102-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000622.html ASA-201605-15] <br />
|-<br />
| {{CVE|CVE-2016-3706}} {{CVE|CVE-2016-1234}} [https://sourceware.org/bugzilla/show_bug.cgi?id=20010] || {{pkg|glibc}} {{pkg|lib32-glibc}} || 2016-04-27 || <= 2.23-2 || 2.23-4 || 17d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000626.html ASA-201605-19] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000627.html ASA-201605-20]<br />
|-<br />
| {{CVE|CVE-2016-1096}} {{CVE|CVE-2016-1097}} {{CVE|CVE-2016-1098}} {{CVE|CVE-2016-1099}} {{CVE|CVE-2016-1100}} {{CVE|CVE-2016-1101}} {{CVE|CVE-2016-1102}} {{CVE|CVE-2016-1103}} {{CVE|CVE-2016-1104}} {{CVE|CVE-2016-1105}} {{CVE|CVE-2016-1106}} {{CVE|CVE-2016-1107}} {{CVE|CVE-2016-1108}} {{CVE|CVE-2016-1109}} {{CVE|CVE-2016-1110}} {{CVE|CVE-2016-4108}} {{CVE|CVE-2016-4109}} {{CVE|CVE-2016-4110}} {{CVE|CVE-2016-4111}} {{CVE|CVE-2016-4112}} {{CVE|CVE-2016-4113}} {{CVE|CVE-2016-4114}} {{CVE|CVE-2016-4115}} {{CVE|CVE-2016-4116}} {{CVE|CVE-2016-4117}} [https://helpx.adobe.com/security/products/flash-player/apsa16-02.html] || {{pkg|flashplugin}} {{pkg|lib32-flashplugin}} || 2016-05-10 || <= 11.2.202.616-2 || 11.2.202.621-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000623.html ASA-201605-16] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000625.html ASA-201605-18]<br />
|-<br />
| {{CVE|CVE-2015-8558}} {{CVE|CVE-2016-3710}} {{CVE|CVE-2016-3712}} {{CVE|CVE-2016-5105}} {{CVE|CVE-2016-5107}} {{CVE|CVE-2016-5106}} [http://xenbits.xen.org/xsa/advisory-179.html] [http://www.openwall.com/lists/oss-security/2016/05/25/7] || {{pkg|qemu}} {{pkg|qemu-arch-extra}} || 2016-05-10 || <= 2.5.1-1 || 2.6.0-1 || 28d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000643.html ASA-201606-8] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000644.html ASA-201606-9]<br />
|-<br />
| {{CVE|CVE-2015-8558}} {{CVE|CVE-2016-3710}} {{CVE|CVE-2016-3712}} {{CVE|CVE-2016-5105}} {{CVE|CVE-2016-5107}} {{CVE|CVE-2016-5106}} [http://xenbits.xen.org/xsa/advisory-179.html] [http://www.openwall.com/lists/oss-security/2016/05/25/7] || {{pkg|qemu-guest-agent}} {{pkg|qemu-block-gluster}} {{pkg|qemu-block-iscsi}} {{pkg|qemu-block-rbd}} || 2016-05-10 || <= 2.5.1-1 || - || - || Not Affected || None<br />
|-<br />
| {{CVE|CVE-2016-1926}} [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1926] [http://www.openvas.org/OVSA20160113.html] || {{pkg|greenbone-security-assistant}} || 2016-01-16 || <= 6.0.6-2 || || || '''Vulnerable''' || <br />
|-<br />
| {{CVE|CVE-2016-3659}} [http://bugs.cacti.net/view.php?id=2673] || {{pkg|cacti}} || 2016-03-31 || <= 0.8.8_g-3 || 0.8.8_h-1 || 40d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000621.html ASA-201605-14]<br />
|-<br />
| {{CVE|CVE-2016-4554}} {{CVE|CVE-2016-4555}} {{CVE|CVE-2016-4556}} [http://www.squid-cache.org/Advisories/SQUID-2016_8.txt] [http://www.squid-cache.org/Advisories/SQUID-2016_9.txt] || {{pkg|squid}} || 2016-05-09 || <= 3.5.17-1 || 3.5.19-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000620.html ASA-201605-13]<br />
|-<br />
| {{CVE|CVE-2015-8106}} [http://www.openwall.com/lists/oss-security/2015/11/16/39] || {{pkg|latex2rtf}} || 2015-11-16 || <= 2.3.8-1 || 2.3.10-1 || ~6m || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000616.html ASA-201605-9]<br />
|-<br />
| {{CVE|CVE-2016-3105}} [https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.8_.2F_3.8.1_.282016-5-1.29] || {{pkg|mercurial}} || 2016-05-01 || <= 3.7.3-1 || 3.8.1-1 || 5d || Fixed ({{bug|49239}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000617.html ASA-201605-10] <br />
|-<br />
| {{CVE|CVE-2016-1236}} [http://www.openwall.com/lists/oss-security/2016/05/05/22] || {{pkg|websvn}} || 2016-05-05 || <= 2.3.3-6 || 2.3.3-7 || 98d || Fixed ({{bug|50344}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000685.html ASA-201608-11]<br />
|-<br />
| {{CVE|CVE-2016-4414}} [http://marc.info/?l=oss-security&m=146204310020229&w=2] || {{pkg|quassel-client}} {{pkg|quassel-monolithic}} || 2016-04-30 || <= 0.12.3-1 || - || - || Not Affected || None<br />
|-<br />
| {{CVE|CVE-2016-4352}} [http://www.openwall.com/lists/oss-security/2016/04/29/7] || {{pkg|mencoder}} {{pkg|mplayer}} || 2016-05-03 || <= 37379-7 || 37857-1 || 3d || Fixed ({{bug|49195}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000618.html ASA-201605-11] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000619.html ASA-201605-12]<br />
|-<br />
| {{CVE|CVE-2016-4574}} [http://www.openwall.com/lists/oss-security/2016/05/10/4] || {{pkg|libksba}} || 2016-05-03 || <= 1.3.3-1 || 1.3.4-1 || 9d || Fixed ({{bug|49289}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000624.html ASA-201605-17]<br />
|-<br />
| {{CVE|CVE-2016-4354}} {{CVE|CVE-2016-4353}} {{CVE|CVE-2016-4355}} {{CVE|CVE-2016-4356}} [http://www.openwall.com/lists/oss-security/2016/04/29/8] || {{pkg|libksba}} || 2016-04-10 || <= 1.3.2-1 || 1.3.3-1 || 18d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-4348}} {{CVE|CVE-2016-4347}} [http://www.openwall.com/lists/oss-security/2016/04/30/3] || {{pkg|librsvg}} || 2016-05-03 || <= 2:2.40.2-2 || 2:2.40.15-2 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-4415}} {{CVE|CVE-2016-4416}} {{CVE|CVE-2016-4417}} {{CVE|CVE-2016-4418}} {{CVE|CVE-2016-4419}} {{CVE|CVE-2016-4420}} {{CVE|CVE-2016-4421}} {{CVE|CVE-2016-4076}} {{CVE|CVE-2016-4077}} {{CVE|CVE-2016-4078}} {{CVE|CVE-2016-4079}} {{CVE|CVE-2016-4080}} {{CVE|CVE-2016-4081}} {{CVE|CVE-2016-4006}} {{CVE|CVE-2016-4082}} {{CVE|CVE-2016-4083}} {{CVE|CVE-2016-4084}} {{CVE|CVE-2016-4085}} [http://www.openwall.com/lists/oss-security/2016/04/25/2] || {{pkg|wireshark-cli}} {{pkg|wireshark-qt}} {{pkg|wireshark-gtk}} || 2016-05-03 || <= 2.0.2-1 || 2.0.3-1 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-3714}} [http://www.openwall.com/lists/oss-security/2016/05/03/13] [http://www.openwall.com/lists/oss-security/2016/05/03/14]|| {{pkg|imagemagick}} || 2016-05-03 || <= 6.9.3.8-1 || 6.9.3.10-1 || 3d || Fixed ({{bug|49203}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000613.html ASA-201605-6]<br />
|-<br />
| {{CVE|CVE-2016-4477}} {{CVE|CVE-2016-4476}} [http://www.openwall.com/lists/oss-security/2016/05/03/2] || {{pkg|hostapd}} || 2016-05-03 || <= 2.5-2 || 2.6-1 || 90d || Fixed ({{bug|49196}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-October/000731.html ASA-201610-3]<br />
|-<br />
| {{CVE|CVE-2016-4477}} {{CVE|CVE-2016-4476}} [http://www.openwall.com/lists/oss-security/2016/05/03/2] || {{pkg|wpa_supplicant}} || 2016-05-03 || <= 1:2.5-3 || 1:2.6-1 || >90d || Fixed ({{bug|49196}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-October/000735.html ASA-201610-7]<br />
|-<br />
| {{CVE|CVE-2016-2105}} {{CVE|CVE-2016-2106}} {{CVE|CVE-2016-2107}} {{CVE|CVE-2016-2109}} {{CVE|CVE-2016-2176}} [https://www.openssl.org/news/secadv/20160503.txt] || {{pkg|openssl}} {{pkg|lib32-openssl}} || 2016-05-03 || <= 1.0.2.g-3 || 1.0.2.h-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000610.html ASA-201605-3] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000611.html ASA-201605-4]<br />
|-<br />
| {{CVE|CVE-2016-4425}} [https://github.com/akheron/jansson/issues/282] [http://marc.info/?l=oss-security&m=146219323703639&w=2] || {{pkg|jansson}} || 2016-05-02 || <= 2.7-1 || 2.8-1 || 137d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000711.html ASA-201609-15]<br />
|-<br />
| {{CVE|CVE-2016-4425}} [https://github.com/akheron/jansson/issues/282] [http://marc.info/?l=oss-security&m=146219323703639&w=2] || {{pkg|lib32-jansson}} || 2016-05-02 || <= 2.7-2 || 2.8-1 || 140d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000713.html ASA-201609-17]<br />
|-<br />
| {{CVE|CVE-2016-1660}} {{CVE|CVE-2016-1661}} {{CVE|CVE-2016-1662}} {{CVE|CVE-2016-1663}} {{CVE|CVE-2016-1664}} {{CVE|CVE-2016-1665}} {{CVE|CVE-2016-1666}} [http://googlechromereleases.blogspot.fr/2016/04/stable-channel-update_28.html] || {{pkg|chromium}} || 2016-04-28 || <= 50.0.2661.75-1 || 50.0.2661.94-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000614.html ASA-201605-7]<br />
|-<br />
| {{CVE|CVE-2015-8869}} || {{pkg|ocaml}} || 2016-04-29 || <= 4.02.3-2 || || || '''Vulnerable''' || <br />
|-<br />
| {{CVE|CVE-2016-4414}} [http://marc.info/?l=oss-security&m=146204310020229&w=2] || {{pkg|quassel-core}} || 2016-04-30 || <= 0.12.3-1 || 0.12.4-1 || 6d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000612.html ASA-201605-5]<br />
|-<br />
| {{CVE|CVE-2016-2167}} {{CVE|CVE-2016-2168}} [https://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgfn1iKueW51EpmXzXi_URNfGNofZSgOyW1_jnSeNm5DQ@mail.gmail.com%3E] || {{pkg|subversion}} || 2016-04-28 || <= 1.9.3-2 || 1.9.4-1 || 38d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000641.html ASA-201606-6]<br />
|-<br />
| {{CVE|CVE-2015-7704}} {{CVE|CVE-2015-8138}} {{CVE|CVE-2016-1547}} {{CVE|CVE-2016-1548}} {{CVE|CVE-2016-1549}} {{CVE|CVE-2016-1550}} {{CVE|CVE-2016-1551}} {{CVE|CVE-2016-2516}} {{CVE|CVE-2016-2517}} {{CVE|CVE-2016-2518}} {{CVE|CVE-2016-2519}} [http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security] || {{pkg|ntp}} || 2016-04-26 || <= 4.2.8.p6-3 || 4.2.8.p7-1 || 6d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-2804}} {{CVE|CVE-2016-2805}} {{CVE|CVE-2016-2806}} {{CVE|CVE-2016-2807}} {{CVE|CVE-2016-2808}} {{CVE|CVE-2016-2811}} {{CVE|CVE-2016-2812}} {{CVE|CVE-2016-2814}} {{CVE|CVE-2016-2816}} {{CVE|CVE-2016-2817}} {{CVE|CVE-2016-2820}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox46] || {{pkg|firefox}} || 2016-04-26 || <= 45.0.2-1 || 46.0-2 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000607.html ASA-201604-15]<br />
|-<br />
| {{CVE|CVE-2015-8863}} [http://seclists.org/oss-sec/2016/q2/134] || {{pkg|jq}} || 2016-04-23 || <= 1.5-3 || 1.5-4 || 109d || Fixed ({{bug|50330}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000684.html ASA-201608-10]<br />
|-<br />
| {{CVE|CVE-2016-3074}} [http://seclists.org/oss-sec/2016/q2/128] || {{pkg|gd}} || 2016-04-21 || <= 2.1.1-3 || 2.1.1-4 || 15d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000615.html ASA-201605-8]<br />
|-<br />
| {{CVE|CVE-2016-4051}} {{CVE|CVE-2016-4052}} {{CVE|CVE-2016-4053}} {{CVE|CVE-2016-4054}} [http://www.squid-cache.org/Advisories/SQUID-2016_5.txt] [http://www.squid-cache.org/Advisories/SQUID-2016_6.txt] || {{pkg|squid}} || 2016-04-20 || <= 3.5.16-1 || 3.5.17-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000606.html ASA-201604-14]<br />
|-<br />
| {{CVE|CVE-2016-4021}} [https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2016-030.txt] || {{pkg|pgpdump}} || 2016-04-12 || <= 0.29-2 || 0.30-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000603.html ASA-201604-11]<br />
|-<br />
| {{CVE|CVE-2016-1955}} {{CVE|CVE-2016-1956}} [https://www.mozilla.org/en-US/security/advisories/mfsa2016-18/] [https://www.mozilla.org/en-US/security/advisories/mfsa2016-19/] || {{pkg|thunderbird}} || 2016-04-12 || <= 38.7.2-1 || 45.0-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000604.html ASA-201604-12]<br />
|-<br />
| {{CVE|CVE-2016-2347}} [http://www.talosintel.com/reports/TALOS-2016-0095/] || {{pkg|lhasa}} || 2016-04-14 || <= 0.3.0-1 || 0.3.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000600.html ASA-201604-8]<br />
|-<br />
| {{CVE|CVE-2016-1651}} {{CVE|CVE-2016-1652}} {{CVE|CVE-2016-1653}} {{CVE|CVE-2016-1654}} {{CVE|CVE-2016-1655}} {{CVE|CVE-2016-1656}} {{CVE|CVE-2016-1657}} {{CVE|CVE-2016-1658}} {{CVE|CVE-2016-1659}} [http://googlechromereleases.blogspot.fr/2016/04/stable-channel-update_13.html] || {{pkg|chromium}} || 2016-04-13|| <= 49.0.2623.112-1 || 50.0.2661.75-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000602.html ASA-201604-10]<br />
|-<br />
| {{CVE|CVE-2015-5370}} {{CVE|CVE-2016-2110}} {{CVE|CVE-2016-2111}} {{CVE|CVE-2016-2112}} {{CVE|CVE-2016-2113}} {{CVE|CVE-2016-2114}} {{CVE|CVE-2016-2115}} {{CVE|CVE-2016-2118}} [https://www.samba.org/samba/history/security.html] [http://badlock.org/] || {{pkg|samba}} || 2016-04-12|| <= 4.4.0-1 || 4.4.2-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000605.html ASA-201604-13]<br />
|-<br />
| {{CVE|CVE-2016-4008}} [http://article.gmane.org/gmane.comp.security.oss.general/19286] || {{pkg|libtasn1}} || 2016-04-11|| <= 4.7-1 || 4.8-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000601.html ASA-201604-9]<br />
|-<br />
| {{CVE|CVE-2011-5326}} {{CVE|CVE-2016-3993}} {{CVE|CVE-2016-3994}} {{CVE|CVE-2016-4024}} [https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=785369] [http://article.gmane.org/gmane.comp.security.oss.general/19276] || {{pkg|imlib2}} || 2016-04-09 || <= 1.4.8-1 || 1.4.9-1 || 23d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000608.html ASA-201605-1]<br />
|-<br />
| {{CVE|CVE-2014-9771}} [http://www.openwall.com/lists/oss-security/2016/04/09/3] || {{pkg|imlib2}} || 2016-04-09 || <= 1.4.5-6 || 1.4.6-1 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-1006}} {{CVE|CVE-2016-1011}} {{CVE|CVE-2016-1012}} {{CVE|CVE-2016-1013}} {{CVE|CVE-2016-1014}} {{CVE|CVE-2016-1015}} {{CVE|CVE-2016-1016}} {{CVE|CVE-2016-1017}} {{CVE|CVE-2016-1018}} {{CVE|CVE-2016-1019}} {{CVE|CVE-2016-1020}} {{CVE|CVE-2016-1021}} {{CVE|CVE-2016-1022}} {{CVE|CVE-2016-1023}} {{CVE|CVE-2016-1024}} {{CVE|CVE-2016-1025}} {{CVE|CVE-2016-1026}} {{CVE|CVE-2016-1027}} {{CVE|CVE-2016-1028}} {{CVE|CVE-2016-1029}} {{CVE|CVE-2016-1030}} {{CVE|CVE-2016-1031}} {{CVE|CVE-2016-1032}} {{CVE|CVE-2016-1033}} [https://helpx.adobe.com/security/products/flash-player/apsa16-01.html] [https://helpx.adobe.com/security/products/flash-player/apsb16-10.html] || {{pkg|flashplugin}} || 2016-04-05 || <= 11.2.202.577-1 || 11.2.202.616-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000599.html ASA-201604-7]<br />
|-<br />
| {{CVE|CVE-2016-3630}} {{CVE|CVE-2016-3068}} {{CVE|CVE-2016-3069}} [https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.29] || {{pkg|mercurial}} || 2016-03-29 || <= 3.7.2-1 || 3.7.3-1 || 8d || Fixed ({{bug|48821}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000598.html ASA-201604-6]<br />
|-<br />
| {{CVE|CVE-2016-2191}} [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2191] [https://sourceforge.net/p/optipng/bugs/59/] [http://www.openwall.com/lists/oss-security/2016/04/04/2]|| {{Pkg|optipng}} || 2016-04-04 || <= 0.7.5-2 || 0.7.6-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000597.html ASA-201604-5]<br />
|-<br />
| {{CVE|CVE-2016-3947}} [http://www.squid-cache.org/Advisories/SQUID-2016_3.txt] || {{Pkg|squid}} || 2016-04-01 || <= 3.5.15-2 || 3.5.16 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000596.html ASA-201604-4]<br />
|-<br />
| {{CVE|CVE-2016-0636}} [http://www.oracle.com/technetwork/topics/security/alert-cve-2016-0636-2949497.html] [http://blog.fuseyism.com/index.php/2016/03/25/security-icedtea-2-6-5-for-openjdk-7-released/] || {{pkg|jdk7-openjdk}} {{pkg|jre7-openjdk}} {{pkg|jre7-openjdk-headless}} || 2016-03-24 || <= 7.u95_2.6.4-1 || 7.u99_2.6.5-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000593.html ASA-201604-1] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000594.html ASA-201604-2] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000595.html ASA-201604-3]<br />
|-<br />
| {{CVE|CVE-2016-0636}} [http://www.oracle.com/technetwork/topics/security/alert-cve-2016-0636-2949497.html] || {{pkg|jdk8-openjdk}} {{pkg|jre8-openjdk}} {{pkg|jre8-openjdk-headless}} || 2016-03-23 || <= 8.u74-1 || 8.u77-1 || 6d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000590.html ASA-201603-25] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000591.html ASA-201603-26] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000592.html ASA-201603-27]<br />
|-<br />
| {{CVE|CVE-2016-1646}} {{CVE|CVE-2016-1647}} {{CVE|CVE-2016-1648}} {{CVE|CVE-2016-1649}} {{CVE|CVE-2016-1650}} [http://googlechromereleases.blogspot.fr/2016/03/stable-channel-update_24.html] || {{pkg|chromium}} || 2016-03-24 || <= 49.0.2623.87-1 || 49.0.2623.108-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000589.html ASA-201603-24]<br />
|-<br />
| {{CVE|CVE-2016-2849}} {{CVE|CVE-2016-2850}} [http://botan.randombit.net/security.html#id1] || {{pkg|botan}} || 2016-03-20 || <= 1.11.28-1 || 1.11.29-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000587.html ASA-201603-22]<br />
|-<br />
| {{CVE|CVE-2016-1952}} {{CVE|CVE-2016-1953}} {{CVE|CVE-2016-1954}} {{CVE|CVE-2016-1957}} {{CVE|CVE-2016-1960}} {{CVE|CVE-2016-1961}} {{CVE|CVE-2016-1964}} {{CVE|CVE-2016-1966}} {{CVE|CVE-2016-1974}} {{CVE|CVE-2016-1977}} {{CVE|CVE-2016-2790}} {{CVE|CVE-2016-2791}} {{CVE|CVE-2016-2792}} {{CVE|CVE-2016-2793}} {{CVE|CVE-2016-2794}} {{CVE|CVE-2016-2795}} {{CVE|CVE-2016-2796}} {{CVE|CVE-2016-2797}} {{CVE|CVE-2016-2798}} {{CVE|CVE-2016-2799}} {{CVE|CVE-2016-2800}} {{CVE|CVE-2016-2801}} {{CVE|CVE-2016-2802}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird38.7] || {{pkg|thunderbird}} || 2016-03-14 || <= 38.6.0-1 || 38.7.0-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000586.html ASA-201603-21]<br />
|-<br />
| {{CVE|CVE-2016-2324}} [http://seclists.org/oss-sec/2016/q1/653] || {{pkg|git}} || 2016-03-15 || <= 2.7.3-1 || 2.7.4-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000585.html ASA-201603-20]<br />
|-<br />
| {{CVE|CVE-2016-3116}} [https://matt.ucc.asn.au/dropbear/CHANGES] || {{pkg|dropbear}} || 2016-03-13 || <= 2015.71-1 || 2016.72-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000584.html ASA-201603-19]<br />
|-<br />
| {{CVE|CVE-2015-1283}} [https://sourceforge.net/p/expat/bugs/528/] || {{pkg|expat}} || 2016-03-12 || <= 2.1.0-4 || 2.1.1-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000588.html ASA-201603-23]<br />
|-<br />
| {{CVE|CVE-2016-2088}} [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2088] {{CVE|CVE-2016-1286}} [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1286] {{CVE|CVE-2016-1285}} [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1285] || {{pkg|bind}} || 2016-03-10 || <= 9.10.3.P3-3 || 9.10.3.P4-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000578.html ASA-201603-13]<br />
|-<br />
| {{CVE|CVE-2016-0960}} {{CVE|CVE-2016-0961}} {{CVE|CVE-2016-0962}} {{CVE|CVE-2016-0963}} {{CVE|CVE-2016-0986}} {{CVE|CVE-2016-0987}} {{CVE|CVE-2016-0988}} {{CVE|CVE-2016-0989}} {{CVE|CVE-2016-0990}} {{CVE|CVE-2016-0991}} {{CVE|CVE-2016-0992}} {{CVE|CVE-2016-0993}} {{CVE|CVE-2016-0994}} {{CVE|CVE-2016-0995}} {{CVE|CVE-2016-0996}} {{CVE|CVE-2016-0997}} {{CVE|CVE-2016-0998}} {{CVE|CVE-2016-0999}} {{CVE|CVE-2016-1000}} {{CVE|CVE-2016-1001}} {{CVE|CVE-2016-1002}} {{CVE|CVE-2016-1005}} {{CVE|CVE-2016-1010}} [https://helpx.adobe.com/security/products/flash-player/apsb16-08.html] || {{pkg|lib32-flashplugin}} || 2016-03-10 || <= 11.2.202.569-1 || 11.2.202.577-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000576.html ASA-201603-11]<br />
|-<br />
| {{CVE|CVE-2016-0960}} {{CVE|CVE-2016-0961}} {{CVE|CVE-2016-0962}} {{CVE|CVE-2016-0963}} {{CVE|CVE-2016-0986}} {{CVE|CVE-2016-0987}} {{CVE|CVE-2016-0988}} {{CVE|CVE-2016-0989}} {{CVE|CVE-2016-0990}} {{CVE|CVE-2016-0991}} {{CVE|CVE-2016-0992}} {{CVE|CVE-2016-0993}} {{CVE|CVE-2016-0994}} {{CVE|CVE-2016-0995}} {{CVE|CVE-2016-0996}} {{CVE|CVE-2016-0997}} {{CVE|CVE-2016-0998}} {{CVE|CVE-2016-0999}} {{CVE|CVE-2016-1000}} {{CVE|CVE-2016-1001}} {{CVE|CVE-2016-1002}} {{CVE|CVE-2016-1005}} {{CVE|CVE-2016-1010}} [https://helpx.adobe.com/security/products/flash-player/apsb16-08.html] || {{pkg|flashplugin}} || 2016-03-10 || <= 11.2.202.569-1 || 11.2.202.577-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000575.html ASA-201603-10]<br />
|-<br />
| {{CVE|CVE-2016-3115}} [http://www.openssh.com/txt/x11fwd.adv] || {{pkg|openssh}} || 2016-03-10 || <= 7.2p1-1 || 7.2p2-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000577.html ASA-201603-12]<br />
|-<br />
| {{CVE|CVE-2015-8833}} [http://seclists.org/oss-sec/2016/q1/572] || {{pkg|pidgin-otr}} || 2016-03-09 || <= 4.0.1-2 || 4.0.2-1 || 3d || Fixed ({{bug|48537}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000579.html ASA-201603-14]<br />
|-<br />
| {{CVE|CVE-2016-2774}} [https://kb.isc.org/article/AA-01354] || {{pkg|dhcp}} || 2016-03-09 || <= 4.3.3.p1-1 || 4.3.4-1 || 21d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-1531}} [http://www.exim.org/static/doc/CVE-2016-1531.txt] || {{pkg|exim}} || 2016-03-06 || <= 4.86.1-1 || 4.86.2-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000573.html ASA-201603-8]<br />
|-<br />
| {{CVE|CVE-2016-1577}} {{CVE|CVE-2016-2089}} {{CVE|CVE-2016-2116}} || {{pkg|jasper}} || 2016-03-06 || <= 1.900.1-14 || 1.900.1-15 || ~2m || Fixed ({{bug|48511}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000609.html ASA-201605-2]<br />
|-<br />
| {{CVE|CVE-2016-1285}} {{CVE|CVE-2016-1286}} [https://kb.isc.org/article/AA-01352/] [https://kb.isc.org/article/AA-01353/] || {{pkg|bind}} || 2016-03-09 || <= 9.10.3.P3-3 || 9.10.3.P4-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000572.html ASA-201603-7]<br />
|-<br />
| {{CVE|CVE-2016-2851}} [https://otr.cypherpunks.ca/] || {{pkg|libotr}} || 2016-03-09 || <= 4.1.0-1 || 4.1.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000571.html ASA-201603-6]<br />
|-<br />
| {{CVE|CVE-2016-1643}} {{CVE|CVE-2016-1644}} {{CVE|CVE-2016-1645}} || {{pkg|chromium}} || 2016-03-09 || <= 49.0.2623.75-1 || 49.0.2623.87-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000570.html ASA-201603-5]<br />
|-<br />
| {{CVE|CVE-2016-1952}} {{CVE|CVE-2016-1953}} {{CVE|CVE-2016-1954}} {{CVE|CVE-2016-1955}} {{CVE|CVE-2016-1956}} {{CVE|CVE-2016-1957}} {{CVE|CVE-2016-1958}} {{CVE|CVE-2016-1959}} {{CVE|CVE-2016-1960}} {{CVE|CVE-2016-1961}} {{CVE|CVE-2016-1962}} {{CVE|CVE-2016-1963}} {{CVE|CVE-2016-1964}} {{CVE|CVE-2016-1965}} {{CVE|CVE-2016-1966}} {{CVE|CVE-2016-1967}} {{CVE|CVE-2016-1968}} {{CVE|CVE-2016-1970}} {{CVE|CVE-2016-1971}} {{CVE|CVE-2016-1972}} {{CVE|CVE-2016-1973}} {{CVE|CVE-2016-1974}} {{CVE|CVE-2016-1975}} {{CVE|CVE-2016-1976}} {{CVE|CVE-2016-1977}} {{CVE|CVE-2016-2790}} {{CVE|CVE-2016-2791}} {{CVE|CVE-2016-2792}} {{CVE|CVE-2016-2793}} {{CVE|CVE-2016-2794}} {{CVE|CVE-2016-2795}} {{CVE|CVE-2016-2796}} {{CVE|CVE-2016-2797}} {{CVE|CVE-2016-2798}} {{CVE|CVE-2016-2799}} {{CVE|CVE-2016-2800}} {{CVE|CVE-2016-2801}} {{CVE|CVE-2016-2802}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox45] || {{pkg|firefox}} || 2016-03-08 || <= 44.0.2-2 || 45.0-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000569.html ASA-201603-4]<br />
|-<br />
| {{CVE|CVE-2016-2532}} {{CVE|CVE-2016-2531}} {{CVE|CVE-2016-2530}} {{CVE|CVE-2016-2529}} {{CVE|CVE-2016-2528}} {{CVE|CVE-2016-2527}} {{CVE|CVE-2016-2526}} {{CVE|CVE-2016-2525}} {{CVE|CVE-2016-2524}} {{CVE|CVE-2016-2523}} {{CVE|CVE-2016-2522}} {{CVE|CVE-2016-2521}} || {{pkg|wireshark-cli}} {{pkg|wireshark-qt}} {{pkg|wireshark-gtk}} || 2016-03-07 || <= 2.0.1-2 || 2.0.2-1 || 5d || Fixed ({{bug|48536}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000580.html ASA-201603-15] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000581.html ASA-201603-16] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000582.html ASA-201603-17]<br />
|-<br />
| {{CVE|CVE-2016-2381}} [https://www.debian.org/security/2016/dsa-3501] || {{pkg|perl}} || 2016-03-07 || <= 5.22.1-1 || 5.22.1-2 || 3d || Fixed ({{Bug|48482}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000574.html ASA-201603-9]<br />
|-<br />
| {{CVE|CVE-2015-8126}} {{CVE|CVE-2016-1630}} {{CVE|CVE-2016-1631}} {{CVE|CVE-2016-1632}} {{CVE|CVE-2016-1633}} {{CVE|CVE-2016-1634}} {{CVE|CVE-2016-1635}} {{CVE|CVE-2016-1636}} {{CVE|CVE-2016-1637}} {{CVE|CVE-2016-1638}} {{CVE|CVE-2016-1639}} {{CVE|CVE-2016-1640}} {{CVE|CVE-2016-1641}} {{CVE|CVE-2016-1642}} [http://googlechromereleases.blogspot.fr/2016/03/stable-channel-update.html] || {{pkg|chromium}} || 2016-03-02 || <= 48.0.2564.116-1 || 49.0.2623.75-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000566.html ASA-201603-1]<br />
|-<br />
| {{CVE|CVE-2016-0702}} {{CVE|CVE-2016-0705}} {{CVE|CVE-2016-0797}} {{CVE|CVE-2016-0798}} {{CVE|CVE-2016-0799}} {{CVE|CVE-2016-0800}} [https://www.openssl.org/news/secadv/20160301.txt] || {{pkg|openssl}} || 2016-03-01 || <= 1.0.2.f-1 || 1.0.2.g-3 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000567.html ASA-201603-2]<br />
|-<br />
| {{CVE|CVE-2016-0702}} {{CVE|CVE-2016-0705}} {{CVE|CVE-2016-0797}} {{CVE|CVE-2016-0798}} {{CVE|CVE-2016-0799}} {{CVE|CVE-2016-0800}} [https://www.openssl.org/news/secadv/20160301.txt] || {{pkg|lib32-openssl}} || 2016-03-01 || <= 1.0.2.f-1 || 1.0.2.g-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000568.html ASA-201603-3]<br />
|-<br />
| {{CVE|CVE-2015-7511}} [https://lists.gnupg.org/pipermail/gnupg-announce/2016q1/000384.html] || {{pkg|libgcrypt}} || 2016-02-09 || <= 1.6.4-1 || 1.6.5-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000560.html ASA-201602-19]<br />
|-<br />
| {{CVE|CVE-2016-0739}} [https://www.libssh.org/2016/02/23/libssh-0-7-3-security-and-bugfix-release/] || {{pkg|libssh}} || 2016-02-23 || <= 0.7.2-1 || 0.7.3-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000559.html ASA-201602-18]<br />
|-<br />
| {{CVE|CVE-2016-0787}} [https://www.libssh2.org/adv_20160223.html] || {{pkg|libssh2}} || 2016-02-23 || <= 1.6.0-1 || 1.7.0-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000561.html ASA-201602-20]<br />
|-<br />
| {{CVE|CVE-2016-0787}} [https://www.libssh2.org/adv_20160223.html] || {{pkg|lib32-libssh2}} || 2016-02-23 || <= 1.6.0-1 || 1.7.0-1 ||3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000562.html ASA-201602-21]<br />
|-<br />
| {{CVE|CVE-2016-1629}} [http://googlechromereleases.blogspot.fr/2016/02/stable-channel-update_18.html] || {{pkg|chromium}} || 2016-02-18 || <= 48.0.2564.109-1 || 48.0.2564.116-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000558.html ASA-201602-17]<br />
|-<br />
| {{CVE|CVE-2015-7575}} {{CVE|CVE-2016-1523}} {{CVE|CVE-2016-1930}} {{CVE|CVE-2016-1931}} {{CVE|CVE-2016-1935}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird38.6] || {{pkg|thunderbird}} || 2016-02-11 || <= 38.5.1-1 || 38.6.0-1 || 6d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000557.html ASA-201602-16]<br />
|-<br />
| {{CVE|CVE-2015-7547}} {{CVE|CVE-2015-8776}} {{CVE|CVE-2015-8777}} {{CVE|CVE-2015-8778}} {{CVE|CVE-2015-8779}} [https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html] [https://googleonlinesecurity.blogspot.de/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html] || {{pkg|glibc}} || 2016-02-16 || <= 2.22-3 || 2.22-4 || 1d || Fixed ({{Bug|48213}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000555.html ASA-201602-15]<br />
|-<br />
| {{CVE|CVE-2015-7547}} {{CVE|CVE-2015-8776}} {{CVE|CVE-2015-8777}} {{CVE|CVE-2015-8778}} {{CVE|CVE-2015-8779}} [https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html] [https://googleonlinesecurity.blogspot.de/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html] || {{pkg|lib32-glibc}} || 2016-02-16 || <= 2.22-3.1 || 2.22-4 || 1d || Fixed ({{Bug|48213}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000554.html ASA-201602-14]<br />
|-<br />
| {{CVE|CVE-2016-1622}} {{CVE|CVE-2016-1623}} {{CVE|CVE-2016-1624}} {{CVE|CVE-2016-1625}} {{CVE|CVE-2016-1626}} {{CVE|CVE-2016-1627}} [http://googlechromereleases.blogspot.fr/2016/02/stable-channel-update_9.html]|| {{pkg|chromium}} || 2016-02-09 || <= 48.0.2564.103-1 || 48.0.2564.109-1 || 6d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-1949}} [https://www.mozilla.org/en-US/security/advisories/mfsa2016-13/]|| {{pkg|firefox}} || 2016-02-11 || <= 44.0.1-1 || 44.0.2-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000552.html ASA-201602-12]<br />
|-<br />
| {{CVE|CVE-2016-1544}} [https://nghttp2.org/blog/2016/02/11/nghttp2-v1-7-1/]|| {{pkg|nghttp2}} || 2016-02-11 || <= 1.7.0-1 || 1.7.1-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000553.html ASA-201602-13]<br />
|-<br />
| {{CVE|CVE-2014-2312}} [https://www.kde.org/info/security/advisory-20160209-1.txt]|| {{pkg|kscreenlocker}} || 2016-02-10 || <= 5.5.4-1 || 5.5.4-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000550.html ASA-201602-10]<br />
|-<br />
| {{CVE|CVE-2014-9496}} {{CVE|CVE-2014-9756}} {{CVE|CVE-2015-7805}} || {{pkg|libsndfile}} {{pkg|lib32-libsndfile}} || 2016-02-01 || <= 1.0.25-3 || 1.0.26-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000548.html ASA-201602-8] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000549.html ASA-201602-9]<br />
|-<br />
| {{CVE|CVE-2015-8803}} {{CVE|CVE-2015-8804}} {{CVE|CVE-2015-8805}} [https://blog.fuzzing-project.org/38-Miscomputations-of-elliptic-curve-scalar-multiplications-in-Nettle.html] || {{pkg|nettle}} {{pkg|lib32-nettle}} || 2016-02-03 || <= 3.1-1 || 3.2-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000545.html ASA-201602-5] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000546.html ASA-201602-6]<br />
|-<br />
| {{CVE|CVE-2016-2194}} {{CVE|CVE-2016-2195}} {{CVE|CVE-2016-2196}} [http://botan.randombit.net/security.html#id1] || {{pkg|botan}} || 2016-02-01 || <= 1.11.25-2 || 1.11.28-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000551.html ASA-201602-11]<br />
|-<br />
| {{CVE|CVE-2014-9761}} [http://seclists.org/oss-sec/2016/q1/153] || {{pkg|lib32-glibc}} || 2016-02-01 || <= 2.22-4 || 2.23-1 || 27d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000564.html ASA-201602-23]<br />
|-<br />
| {{CVE|CVE-2014-9761}} [http://seclists.org/oss-sec/2016/q1/153] || {{pkg|glibc}} || 2016-02-01 || <= 2.22-4 || 2.23-1 || 27d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000563.html ASA-201602-22]<br />
|-<br />
| {{CVE|CVE-2016-2048}} [https://www.djangoproject.com/weblog/2016/feb/01/releases-192-and-189/] || {{pkg|python-django}} {{pkg|python2-django}} || 2016-02-01 || <= 1.9.1-1 || 1.9.2-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000540.html ASA-201602-1] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000542.html ASA-201602-2]<br />
|-<br />
| {{CVE|CVE-2016-2090}} [http://article.gmane.org/gmane.comp.security.oss.general/18715] [http://cgit.freedesktop.org/libbsd/commit/?id=c8f0723d2b4520bdd6b9eb7c3e7976de726d7ff7] [https://bugs.freedesktop.org/show_bug.cgi?id=93881] [https://blog.fuzzing-project.org/36-Heap-buffer-overflow-in-fgetwln-function-of-libbsd.html] || {{pkg|libbsd}} || 2016-01-27 || <= 0.8.1-1 || 0.8.2-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000547.html ASA-201602-7]<br />
|-<br />
| {{CVE|CVE-2015-3197}} {{CVE|CVE-2015-4000}} {{CVE|CVE-2016-0701}} [https://openssl.org/news/secadv/20160128.txt] || {{pkg|openssl}} {{pkg|lib32-openssl}} || 2016-01-28 || <= 1.0.2.e-1 || 1.0.2.f-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000538.html ASA-201601-32] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000539.html ASA-201601-33]<br />
|-<br />
| {{CVE|CVE-2016-0755}} [http://curl.haxx.se/docs/adv_20160127A.html] || {{pkg|curl}} {{pkg|lib32-curl}} || 2016-01-27 || <= 7.46.0-1 || 7.47.0-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000543.html ASA-201602-3] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000544.html ASA-201602-4]<br />
|-<br />
| {{CVE|CVE-2016-0742}} {{CVE|CVE-2016-0746}} {{CVE|CVE-2016-0747}} [http://mailman.nginx.org/pipermail/nginx-announce/2016/000168.html] || {{pkg|nginx}} || 2016-01-26 || <= 1.8.0-2 || 1.8.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000536.html ASA-201601-31]<br />
|-<br />
| {{CVE|CVE-2016-1982}} {{CVE|CVE-2016-1983}} [http://seclists.org/oss-sec/2016/q1/179] || {{pkg|privoxy}} || 2016-01-21 || <= 3.0.23-1 || 3.0.24-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000532.html ASA-201601-27]<br />
|-<br />
| {{CVE|CVE-2016-1572}} [https://bugs.launchpad.net/ecryptfs/+bug/1530566] || {{pkg|ecryptfs-utils}} || 2016-01-21 || <= 108-1 || 108-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000530.html ASA-201601-25]<br />
|-<br />
| {{CVE|CVE-2016-1612}} {{CVE|CVE-2016-1613}} {{CVE|CVE-2016-1614}} {{CVE|CVE-2016-1615}} {{CVE|CVE-2016-1616}} {{CVE|CVE-2016-1617}} {{CVE|CVE-2016-1618}} {{CVE|CVE-2016-1619}} {{CVE|CVE-2016-1620}} [http://googlechromereleases.blogspot.fr/2016/01/stable-channel-update_20.html] || {{pkg|chromium}} || 2016-01-20 || <= 47.0.2526.111-1 || 48.0.2564.82-1 || 1d|| Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000533.html ASA-201601-28]<br />
|-<br />
| {{CVE|CVE-2015-8704}} {{CVE|CVE-2015-8705}} [https://kb.isc.org/article/AA-01335] [https://kb.isc.org/article/AA-01336] || {{pkg|bind}} || 2016-01-19 || <= 9.10.3.P2-1 || 9.10.3.P3-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000526.html ASA-201601-21]<br />
|-<br />
| {{CVE|CVE-2016-0728}} [http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/] || {{pkg|linux-lts}} || 2016-01-19 || <= 4.1.15-1 || 4.1.16-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000531.html ASA-201601-26]<br />
|-<br />
| {{CVE|CVE-2016-0728}} [http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/] || {{pkg|linux}} || 2016-01-19 || <= 4.3.3-2 || 4.3.3-3 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000525.html ASA-201601-20]<br />
|-<br />
| {{CVE|CVE-2015-5300}} [http://support.ntp.org/bin/view/Main/NtpBug2956] || {{pkg|ntp}} || 2016-01-07 || <= 4.2.8.p4-1 || 4.2.8.p5-1 || 10d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000524.html ASA-201601-19]<br />
|-<br />
| {{CVE|CVE-2015-8618}} [https://groups.google.com/forum/#!topic/golang-dev/MEATuOi_ei4] || {{pkg|syncthing}} || 2016-01-13 || <= 0.12.14-1 || 0.12.14-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000521.html ASA-201601-16]<br />
|-<br />
| {{CVE|CVE-2015-8618}} [https://groups.google.com/forum/#!topic/golang-dev/MEATuOi_ei4] || {{pkg|keybase}} || 2016-01-13 || <= 1.0.8.0-1 || 1.0.8.0-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000520.html ASA-201601-15]<br />
|-<br />
| {{CVE|CVE-2015-8618}} [https://groups.google.com/forum/#!topic/golang-dev/MEATuOi_ei4] || {{pkg|hub}} || 2016-01-13 || <= 2.2.2-1 || 2.2.2-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000519.html ASA-201601-14]<br />
|-<br />
| {{CVE|CVE-2015-8618}} [https://groups.google.com/forum/#!topic/golang-dev/MEATuOi_ei4] || {{pkg|go-ipfs}} || 2016-01-13 || <= 0.3.11-1 || 0.3.11-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000518.html ASA-201601-13]<br />
|-<br />
| {{CVE|CVE-2015-8618}} [https://groups.google.com/forum/#!topic/golang-dev/MEATuOi_ei4] || {{pkg|docker}} || 2016-01-13 || <= 1:1.9.1-1 || 1:1.9.1-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000517.html ASA-201601-12]<br />
|-<br />
| {{CVE|CVE-2015-8770}} [http://seclists.org/bugtraq/2016/Jan/60] || {{pkg|roundcubemail}} || 2015-12-26 || <= 1.2beta-1 || 1.2beta-2 || 20d || Fixed ({{bug|47764}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000523.html ASA-201601-18]<br />
|-<br />
| {{CVE|CVE-2016-1903}} {{CVE|CVE-2016-1904}} [http://seclists.org/oss-sec/2016/q1/100] || {{pkg|php}} || 2016-01-14 || <= 7.0.1-1 || 7.0.2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000515.html ASA-201601-10]<br />
|-<br />
| {{CVE|CVE-2016-0777}} {{CVE|CVE-2016-0778}} [http://www.openssh.com/txt/release-7.1p2] || {{pkg|openssh}} || 2016-01-14 || <= 7.1p1-1 || 7.1p2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000512.html ASA-201601-9]<br />
|-<br />
| {{CVE|CVE-2016-2213}} [http://www.openwall.com/lists/oss-security/2016/02/03/2] || {{pkg|ffmpeg}} || 2016-02-03 || <= 2.8.4-1 || 2.8.5-1 || 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-1897}} {{CVE|CVE-2016-1898}} [http://seclists.org/oss-sec/2016/q1/85] || {{pkg|ffmpeg}} || 2016-01-13 || <= 1:2.8.4-2 || 1:2.8.4-3 || <1d || Fixed ({{Bug|47738}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000522.html ASA-201601-17]<br />
|-<br />
| {{CVE|CVE-2016-1897}} {{CVE|CVE-2016-1898}} [http://seclists.org/oss-sec/2016/q1/85] || {{pkg|mplayer}} || 2016-01-13 || <= 37379-6 || 37379-7 || 17d || Fixed ({{Bug|47944}}) || None<br />
|-<br />
| {{CVE|CVE-2015-8618}} [https://groups.google.com/forum/#!topic/golang-dev/MEATuOi_ei4] || {{pkg|go}} || 2016-01-13 || <= 2:1.5.2-1 || 2:1.5.3-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000516.html ASA-201601-11]<br />
|-<br />
|{{CVE|CVE-2015-8742}} {{CVE|CVE-2015-8741}} {{CVE|CVE-2015-8740}} {{CVE|CVE-2015-8738}} {{CVE|CVE-2015-8739}} {{CVE|CVE-2015-8737}} {{CVE|CVE-2015-8736}} {{CVE|CVE-2015-8735}} {{CVE|CVE-2015-8734}} {{CVE|CVE-2015-8733}} {{CVE|CVE-2015-8732}} {{CVE|CVE-2015-8730}} {{CVE|CVE-2015-8731}} {{CVE|CVE-2015-8729}} {{CVE|CVE-2015-8728}} {{CVE|CVE-2015-8727}} {{CVE|CVE-2015-8726}} {{CVE|CVE-2015-8725}} {{CVE|CVE-2015-8724}} {{CVE|CVE-2015-8723}} {{CVE|CVE-2015-8722}} {{CVE|CVE-2015-8721}} {{CVE|CVE-2015-8720}} {{CVE|CVE-2015-8718}} {{CVE|CVE-2015-8711}} || {{Pkg|wireshark-cli}} {{Pkg|wireshark-gtk}} {{Pkg|wireshark-qt}} || 2016-01-04 || <= 2.0.0 || 2.0.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000483.html ASA-201601-4] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000484.html ASA-201601-5] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000485.html ASA-201601-6]<br />
|-<br />
| {{CVE|CVE-2016-1564}} [http://article.gmane.org/gmane.comp.security.oss.general/18527] || {{Pkg|wordpress}} || 2016-01-08 || <= 4.4-1 || 4.4.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000481.html ASA-201601-2]<br />
|-<br />
| {{CVE|CVE-2015-8751}} [https://bugzilla.redhat.com/show_bug.cgi?id=1294039] [http://article.gmane.org/gmane.comp.security.oss.general/18523] || {{Pkg|jasper}} || 2016-01-07 || 1.900.1-15 || || || '''Vulnerable''' || <br />
|-<br />
| {{CVE|CVE-2015-8750}} [https://bugzilla.redhat.com/show_bug.cgi?id=1294264] [https://github.com/tomhughes/libdwarf/commit/11750a2838e52953013e3114ef27b3c7b1780697] || {{Pkg|libdwarf}} || 2016-01-07 || 20150507-1 || 20160115-1 || 13d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000527.html ASA-201601-22]<br />
|-<br />
| {{CVE|CVE-2016-1503}} {{CVE|CVE-2016-1504}} [http://article.gmane.org/gmane.comp.security.oss.general/18516] || {{Pkg|dhcpcd}} || 2016-01-07 || <= 6.9.4-1 || 6.10.0-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000486.html ASA-201601-7]<br />
|-<br />
| {{CVE|CVE-2015-7575}} [http://www.mitls.org/pages/attacks/SLOTH] [https://tls.mbed.org/tech-updates/releases/mbedtls-2.2.1-2.1.4-1.3.16-and-polarssl.1.2.19-released] || {{pkg|mbedtls}} || 2016-01-04 || 2.2.0-1 || 2.2.1-1 || 21d || Fixed ({{bug|47783}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000534.html ASA-201601-29]<br />
|-<br />
| {{CVE|CVE-2015-8688}} [http://gultsch.de/gajim_roster_push_and_message_interception.html] || {{pkg|gajim}} || 2015-12-20 || <= 0.16.4-1 || 0.16.5-1 || 20d || Fixed ({{bug|47647}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000482.html ASA-201601-3]<br />
|-<br />
| {{CVE|CVE-2016-1494}} [https://bitbucket.org/sybren/python-rsa/pull-requests/14/security-fix-bb06-attack-in-verify-by/diff] [https://blog.filippo.io/bleichenbacher-06-signature-forgery-in-python-rsa/] || {{pkg|python-rsa}} {{pkg|python2-rsa}} || 2016-01-05 || <= 3.2.3-1 || 3.3-1 || 13d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000528.html ASA-201601-23] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000529.html ASA-201601-24]<br />
|-<br />
| {{CVE|CVE-2016-1283}} [https://bugs.exim.org/show_bug.cgi?id=1767] [http://article.gmane.org/gmane.comp.security.oss.general/18481] || {{pkg|pcre}} || 2016-01-02 || <= 8.38-2 || 8.38-3 || 71d|| Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000583.html ASA-201603-18]<br />
|-<br />
|[http://article.gmane.org/gmane.comp.security.oss.general/18466] || {{Pkg|rtmpdump}} || 2015-12-23 || <= 20140918-2 || 1:2.4.r96.fa8646d-1 || 7d || Fixed ({{bug|47564}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000480.html ASA-201601-1]<br />
|-<br />
| {{CVE|CVE-2015-8472}} [http://seclists.org/oss-sec/2015/q4/439] || {{pkg|libpng}} || 2015-12-03 || <= 1.6.19-1 || 1.6.20-1 || 25d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000477.html ASA-201512-18]<br />
|-<br />
| {{CVE|CVE-2015-8459}} {{CVE|CVE-2015-8460}} {{CVE|CVE-2015-8634}} {{CVE|CVE-2015-8635}} {{CVE|CVE-2015-8636}} {{CVE|CVE-2015-8638}} {{CVE|CVE-2015-8639}} {{CVE|CVE-2015-8640}} {{CVE|CVE-2015-8641}} {{CVE|CVE-2015-8642}} {{CVE|CVE-2015-8643}} {{CVE|CVE-2015-8644}} {{CVE|CVE-2015-8645}} {{CVE|CVE-2015-8646}} {{CVE|CVE-2015-8647}} {{CVE|CVE-2015-8648}} {{CVE|CVE-2015-8649}} {{CVE|CVE-2015-8650}} {{CVE|CVE-2015-8651}} [https://helpx.adobe.com/security/products/flash-player/apsb16-01.html] || {{pkg|flashplugin}} {{pkg|lib32-flashplugin}} || 2015-12-28 || <= 11.2.202.554-1 || 11.2.202.559-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000477.html ASA-201512-17]<br />
|-<br />
| {{CVE|CVE-2015-7554}} {{CVE|CVE-2015-8683}} [http://seclists.org/oss-sec/2015/q4/584] [http://seclists.org/oss-sec/2015/q4/590] || {{pkg|libtiff}} || 2015-12-25 || <= 4.0.6-2 || || || '''Vulnerable''' || <br />
|-<br />
| {{CVE|CVE-2015-7201}} {{CVE|CVE-2015-7205}} {{CVE|CVE-2015-7212}} {{CVE|CVE-2015-7213}} {{CVE|CVE-2015-7214}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird38.5] || {{pkg|thunderbird}} || 2015-12-23 || <= 38.4.0-2 || 38.5.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000474.html ASA-201512-14]<br />
|-<br />
| {{CVE|CVE-2015-8612}} [http://seclists.org/oss-sec/2015/q4/541] || {{pkg|blueman}} || 2015-12-18 || <= 2.0.2-1 || 2.0.3-1 || 38d || Fixed ({{bug|47784}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000535.html ASA-201601-30]<br />
|-<br />
| {{CVE|CVE-2015-8659}} [http://seclists.org/oss-sec/2015/q4/576] || {{pkg|nghttp2}} || 2015-12-23 || <= 1.5.0-2 || 1.6.0-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000476.html ASA-201512-16]<br />
|-<br />
| {{CVE|CVE-2015-7555}} [http://seclists.org/oss-sec/2015/q4/548] || {{pkg|giflib}} || 2015-12-21 || <= 5.1.1-1 || 5.1.2-1 || 43d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-7557}} {{CVE|CVE-2015-7558}} [http://seclists.org/oss-sec/2015/q4/549] || {{pkg|librsvg}} || 2015-12-21 || <= 2:2.40.11-1 || 2:2.40.13-1 || 45d || Fixed ({{bug|47785}}) || None<br />
|-<br />
| {{CVE|CVE-2015-8622}} {{CVE|CVE-2015-8623}} {{CVE|CVE-2015-8624}} {{CVE|CVE-2015-8625}} {{CVE|CVE-2015-8626}} {{CVE|CVE-2015-8627}} {{CVE|CVE-2015-8628}} [http://seclists.org/oss-sec/2015/q4/552] || {{pkg|mediawiki}} || 2015-12-17 || <= 1.26.0-1 || 1.26.2-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000475.html ASA-201512-15]<br />
|-<br />
| {{CVE|CVE-2015-8614}} [http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3557] || {{pkg|claws-mail}} || 2015-12-21 || <= 3.13.0-1 || 3.13.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000473.html ASA-201512-13]<br />
|-<br />
| {{CVE|CVE-2015-8369}} {{CVE|CVE-2015-8604}} {{CVE|CVE-2015-8377}} {{CVE|CVE-2016-2313}} [http://www.openwall.com/lists/oss-security/2016/02/09/3] [https://bugs.mageia.org/show_bug.cgi?id=17352] [http://www.openwall.com/lists/oss-security/2016/01/04/8] || {{pkg|cacti}} || 2015-12-17 || <= 0.8.8_f-3 || 0.8.8_g-2 || 72d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000565.html ASA-201602-24]<br />
|-<br />
| [https://blog.fuzzing-project.org/32-Out-of-bounds-read-in-OpenVPN.html] || {{pkg|openvpn}} || 2015-12-18 || <= 2.3.8-2 || 2.3.9-1 || 9d || Fixed ({{bug|47498}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000479.html ASA-201512-19]<br />
|-<br />
| {{CVE|CVE-2015-8549}} [http://www.ocert.org/advisories/ocert-2015-011.html] || {{pkg|python2-pyamf}} || 2015-12-17 || <= 0.7.2-1 || 0.8.0-2 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000472.html ASA-201512-12]<br />
|-<br />
| {{CVE|CVE-2015-7551}} [https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/] || {{pkg|ruby}} || 2015-12-16 || <= 2.2.3-1 || 2.2.4-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000471.html ASA-201512-11]<br />
|-<br />
| {{CVE|CVE-2015-7201}} {{CVE|CVE-2015-7202}} {{CVE|CVE-2015-7203}} {{CVE|CVE-2015-7204}} {{CVE|CVE-2015-7205}} {{CVE|CVE-2015-7207}} {{CVE|CVE-2015-7208}} {{CVE|CVE-2015-7210}} {{CVE|CVE-2015-7211}} {{CVE|CVE-2015-7212}} {{CVE|CVE-2015-7213}} {{CVE|CVE-2015-7214}} {{CVE|CVE-2015-7215}} {{CVE|CVE-2015-7216}} {{CVE|CVE-2015-7217}} {{CVE|CVE-2015-7218}} {{CVE|CVE-2015-7219}} {{CVE|CVE-2015-7220}} {{CVE|CVE-2015-7221}} {{CVE|CVE-2015-7222}} {{CVE|CVE-2015-7223}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox43] || {{pkg|firefox}} || 2015-12-15 || <= 42.0-3 || 43.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000467.html ASA-201512-9]<br />
|-<br />
| {{CVE|CVE-2015-8000}} [https://kb.isc.org/article/AA-01317] || {{pkg|bind}} || 2015-12-15 || <= 9.10.3-2 || 9.10.3.P2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000468.html ASA-201512-10]<br />
|-<br />
| {{CVE|CVE-2015-8370}} [http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html#fix] || {{pkg|grub}} || 2015-12-15 || <= 1:2.02.beta2-5 || 1:2.02.beta2-6 || 3d || Fixed ({{bug|47386}}) || None<br />
|-<br />
| {{CVE|CVE-2015-8378}} [https://www.keepassx.org/news/2015/12/551] || {{pkg|keepassx}} || 2015-12-08 || <= 0.4.3-7 || 0.4.4-1 || <2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000466.html ASA-201512-8]<br />
|-<br />
| {{CVE|CVE-2015-8045}} {{CVE|CVE-2015-8047}} {{CVE|CVE-2015-8048}} {{CVE|CVE-2015-8049}} {{CVE|CVE-2015-8050}} {{CVE|CVE-2015-8055}} {{CVE|CVE-2015-8056}} {{CVE|CVE-2015-8057}} {{CVE|CVE-2015-8058}} {{CVE|CVE-2015-8059}} {{CVE|CVE-2015-8060}} {{CVE|CVE-2015-8061}} {{CVE|CVE-2015-8062}} {{CVE|CVE-2015-8063}} {{CVE|CVE-2015-8064}} {{CVE|CVE-2015-8065}} {{CVE|CVE-2015-8066}} {{CVE|CVE-2015-8067}} {{CVE|CVE-2015-8068}} {{CVE|CVE-2015-8069}} {{CVE|CVE-2015-8070}} {{CVE|CVE-2015-8071}} {{CVE|CVE-2015-8401}} {{CVE|CVE-2015-8402}} {{CVE|CVE-2015-8403}} {{CVE|CVE-2015-8404}} {{CVE|CVE-2015-8405}} {{CVE|CVE-2015-8406}} {{CVE|CVE-2015-8407}} {{CVE|CVE-2015-8408}} {{CVE|CVE-2015-8409}} {{CVE|CVE-2015-8410}} {{CVE|CVE-2015-8411}} {{CVE|CVE-2015-8412}} {{CVE|CVE-2015-8413}} {{CVE|CVE-2015-8414}} {{CVE|CVE-2015-8415}} {{CVE|CVE-2015-8416}} {{CVE|CVE-2015-8417}} {{CVE|CVE-2015-8418}} {{CVE|CVE-2015-8419}} {{CVE|CVE-2015-8420}} {{CVE|CVE-2015-8421}} {{CVE|CVE-2015-8422}} {{CVE|CVE-2015-8423}} {{CVE|CVE-2015-8424}} {{CVE|CVE-2015-8425}} {{CVE|CVE-2015-8426}} {{CVE|CVE-2015-8427}} {{CVE|CVE-2015-8428}} {{CVE|CVE-2015-8429}} {{CVE|CVE-2015-8430}} {{CVE|CVE-2015-8431}} {{CVE|CVE-2015-8432}} {{CVE|CVE-2015-8433}} {{CVE|CVE-2015-8434}} {{CVE|CVE-2015-8435}} {{CVE|CVE-2015-8436}} {{CVE|CVE-2015-8437}} {{CVE|CVE-2015-8438}} {{CVE|CVE-2015-8439}} {{CVE|CVE-2015-8440}} {{CVE|CVE-2015-8441}} {{CVE|CVE-2015-8442}} {{CVE|CVE-2015-8443}} {{CVE|CVE-2015-8444}} {{CVE|CVE-2015-8445}} {{CVE|CVE-2015-8446}} {{CVE|CVE-2015-8447}} {{CVE|CVE-2015-8448}} {{CVE|CVE-2015-8449}} {{CVE|CVE-2015-8450}} {{CVE|CVE-2015-8451}} {{CVE|CVE-2015-8452}} {{CVE|CVE-2015-8453}} {{CVE|CVE-2015-8454}} {{CVE|CVE-2015-8455}} [https://helpx.adobe.com/security/products/flash-player/apsb15-32.html] || {{pkg|flashplugin}} || 2015-12-08 || <= 11.2.202.548-1 || 11.2.202.554-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000465.html ASA-201512-7]<br />
|-<br />
| {{CVE|CVE-2015-6788}} {{CVE|CVE-2015-6789}} {{CVE|CVE-2015-6790}} {{CVE|CVE-2015-6791}} [http://googlechromereleases.blogspot.fr/2015/12/stable-channel-update_8.html] || {{pkg|chromium}} || 2015-12-08 || <= 47.0.2526.73-1 || 47.0.2526.80-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000463.html ASA-201512-5]<br />
|-<br />
| {{CVE|CVE-2015-3193}} {{CVE|CVE-2015-3194}} {{CVE|CVE-2015-3195}} {{CVE|CVE-2015-3196}} {{CVE|CVE-2015-1794}} [https://www.openssl.org/news/secadv/20151203.txt] || {{pkg|openssl}} {{pkg|lib32-openssl}} || 2015-12-03 || <= 1.0.2.d-1 || 1.0.2.e-1 || <3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000459.html ASA-201512-2]<br />
|-<br />
| {{CVE|CVE-2015-6764}} {{CVE|CVE-2015-6765}} {{CVE|CVE-2015-6766}} {{CVE|CVE-2015-6767}} {{CVE|CVE-2015-6768}} {{CVE|CVE-2015-6769}} {{CVE|CVE-2015-6770}} {{CVE|CVE-2015-6771}} {{CVE|CVE-2015-6772}} {{CVE|CVE-2015-6773}} {{CVE|CVE-2015-6774}} {{CVE|CVE-2015-6775}} {{CVE|CVE-2015-6776}} {{CVE|CVE-2015-6777}} {{CVE|CVE-2015-6778}} {{CVE|CVE-2015-6779}} {{CVE|CVE-2015-6780}} {{CVE|CVE-2015-6781}} {{CVE|CVE-2015-6782}} {{CVE|CVE-2015-6783}} {{CVE|CVE-2015-6784}} {{CVE|CVE-2015-6785}} {{CVE|CVE-2015-6786}} {{CVE|CVE-2015-6787}} [http://googlechromereleases.blogspot.fr/2015/12/stable-channel-update.html] || {{pkg|chromium}} || 2015-12-01 || <= 46.0.2490.86-1 || 47.0.2526.73-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000440.html ASA-201512-1]<br />
|-<br />
| {{CVE|CVE-2015-6764}} {{CVE|CVE-2015-8027}} [https://nodejs.org/en/blog/vulnerability/cve-2015-8027_cve-2015-6764/] || {{pkg|nodejs}} || 2015-11-25 || <= 5.1.0-1 || 5.1.1-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000462.html ASA-201512-4]<br />
|-<br />
| {{CVE|CVE-2015-8213}} [https://www.djangoproject.com/weblog/2015/nov/24/security-releases-issued/ templink] || {{pkg|python-django}} {{pkg|python2-django}} || 2015-11-24 || <= 1.8.6-1 || 1.8.7-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000460.html ASA-201512-3]<br />
|-<br />
| {{CVE|CVE-2015-1819}} {{CVE|CVE-2015-5312}} {{CVE|CVE-2015-7941}} {{CVE|CVE-2015-7942}} {{CVE|CVE-2015-7497}} {{CVE|CVE-2015-7498}} {{CVE|CVE-2015-7499}} {{CVE|CVE-2015-7500}} {{CVE|CVE-2015-8035}} {{CVE|CVE-2015-8242}} [https://mail.gnome.org/archives/xml/2015-November/msg00012.html templink] || {{pkg|libxml2}} || 2015-11-20 || <= 2.9.2-2 || 2.9.3-1 || 19d || Fixed ({{bug|47095}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000464.html ASA-201512-6]<br />
|-<br />
| {{CVE|CVE-2015-7981}} {{CVE|CVE-2015-8126}} [http://seclists.org/oss-sec/2015/q4/264 templink] [http://seclists.org/oss-sec/2015/q4/161 templink] || {{pkg|libpng}} {{pkg|lib32-libpng}} || 2015-11-12 || <= 1.6.18-1 || 1.6.19-1 || 5d || Fixed ({{bug|47069}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000437.html ASA-201511-9] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000438.html ASA-201511-10]<br />
|-<br />
| {{CVE|CVE-2015-5309}} [http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-ech-overflow.html templink] || {{pkg|putty}} || 2015-11-12 || <= 0.65-1 || 0.66-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000435.html ASA-201511-7]<br />
|-<br />
| {{CVE|CVE-2015-7651}} {{CVE|CVE-2015-7652}} {{CVE|CVE-2015-7653}} {{CVE|CVE-2015-7654}} {{CVE|CVE-2015-7655}} {{CVE|CVE-2015-7656}} {{CVE|CVE-2015-7657}} {{CVE|CVE-2015-7658}} {{CVE|CVE-2015-7659}} {{CVE|CVE-2015-7660}} {{CVE|CVE-2015-7661}} {{CVE|CVE-2015-7662}} {{CVE|CVE-2015-7663}} {{CVE|CVE-2015-8042}} {{CVE|CVE-2015-8043}} {{CVE|CVE-2015-8044}} {{CVE|CVE-2015-8046}} [https://helpx.adobe.com/security/products/flash-player/apsb15-28.html templink] || {{pkg|flashplugin}} || 2015-11-10 || <= 11.2.202.540-1 || 11.2.202.548-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000433.html ASA-201511-5]<br />
|-<br />
| {{CVE|CVE-2015-1302}} [http://googlechromereleases.blogspot.fr/2015/11/stable-channel-update.html templink] || {{pkg|chromium}} || 2015-11-10 || <= 46.0.2490.80-2 || 46.0.2490.86-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000436.html ASA-201511-8]<br />
|-<br />
| {{CVE|CVE-2015-5311}} [https://doc.powerdns.com/md/security/powerdns-advisory-2015-03/ templink] || {{pkg|powerdns}} || 2015-11-09 || <= 3.4.6-2 || 3.4.7-1 || 3d || Fixed ({{bug|47014}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000434.html ASA-201511-6]<br />
|-<br />
| {{CVE|CVE-2015-4513}} {{CVE|CVE-2015-4514}} {{CVE|CVE-2015-4515}} {{CVE|CVE-2015-4518}} {{CVE|CVE-2015-7181}} {{CVE|CVE-2015-7182}} {{CVE|CVE-2015-7183}} {{CVE|CVE-2015-7187}} {{CVE|CVE-2015-7188}} {{CVE|CVE-2015-7189}} {{CVE|CVE-2015-7193}} {{CVE|CVE-2015-7194}} {{CVE|CVE-2015-7195}} {{CVE|CVE-2015-7196}} {{CVE|CVE-2015-7197}} {{CVE|CVE-2015-7198}} {{CVE|CVE-2015-7199}} {{CVE|CVE-2015-7200}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2015-11-03 || <= 41.0.2-2 || 42.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000430.html ASA-201511-2]<br />
|-<br />
| {{CVE|CVE-2015-7183}} [http://www.mail-archive.com/dev-tech-crypto@lists.mozilla.org/msg12386.html templink] || {{pkg|nspr}} || 2015-11-03 || <= 4.10.9-1 || 4.10.10-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000432.html ASA-201511-4]<br />
|-<br />
| {{CVE|CVE-2015-7181}} {{CVE|CVE-2015-7182}} [http://www.mail-archive.com/dev-tech-crypto@lists.mozilla.org/msg12386.html templink] || {{pkg|nss}} || 2015-11-03 || <= 3.20-1 || 3.20.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000431.html ASA-201511-3]<br />
|-<br />
| {{CVE|CVE-2015-7696}} {{CVE|CVE-2015-7697}} [http://seclists.org/oss-sec/2015/q3/512 templink] || {{pkg|unzip}} || 2015-10-30 || <= 6.0-10 || 6.0-11 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000429.html ASA-201511-1]<br />
|-<br />
| {{CVE|CVE-2015-8011}} {{CVE|CVE-2015-8012}} [http://seclists.org/oss-sec/2015/q4/198 templink] || {{pkg|lldpd}} || 2015-10-17 || <= 0.7.18-1 || 0.7.19-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000427.html ASA-201510-25]<br />
|-<br />
| {{CVE|CVE-2015-5714}} {{CVE|CVE-2015-5715}} {{CVE|CVE-2015-7989}} [https://codex.wordpress.org/Version_4.3.1 templink] || {{pkg|wordpress}} || 2015-10-18 || <= 4.3.0-1 || 4.3.1-1 || 11d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000426.html ASA-201510-24]<br />
|-<br />
| {{CVE|CVE-2015-7873}} [https://www.phpmyadmin.net/security/PMASA-2015-5/ templink] || {{pkg|phpmyadmin}} || 2015-10-23 || <= 4.5.0-1 || 4.5.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000425.html ASA-201510-23]<br />
|-<br />
| {{CVE|CVE-2015-7995}} [https://bugzilla.redhat.com/show_bug.cgi?id=1257962 templink] || {{pkg|libxslt}} || 2015-10-27 || <= 1.1.28-3 || 1.1.28-4 || 73d || Fixed ({{bug|47681}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000487.html ASA-201601-8]<br />
|-<br />
| {{CVE|CVE-2015-7943}} [https://www.drupal.org/SA-CORE-2015-004 templink] || {{pkg|drupal}} || 2015-10-21 || <= 7.40-1 || 7.41-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000423.html ASA-201510-21]<br />
|-<br />
| {{CVE|CVE-2015-4913}} {{CVE|CVE-2015-4870}} {{CVE|CVE-2015-4861}} {{CVE|CVE-2015-4858}} {{CVE|CVE-2015-4836}} {{CVE|CVE-2015-4830}} {{CVE|CVE-2015-4826}} {{CVE|CVE-2015-4815}} {{CVE|CVE-2015-4802}} {{CVE|CVE-2015-4792}} || {{pkg|mariadb}} || 2015-10-22 || <= 10.0.21-3 || 10.0.22-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000428.html ASA-201510-26] <br />
|-<br />
| {{CVE|CVE-2015-4734}} {{CVE|CVE-2015-4803}} {{CVE|CVE-2015-4805}} {{CVE|CVE-2015-4806}} {{CVE|CVE-2015-4810}} {{CVE|CVE-2015-4835}} {{CVE|CVE-2015-4840}} {{CVE|CVE-2015-4842}} {{CVE|CVE-2015-4843}} {{CVE|CVE-2015-4844}} {{CVE|CVE-2015-4860}} {{CVE|CVE-2015-4868}} {{CVE|CVE-2015-4872}} {{CVE|CVE-2015-4881}} {{CVE|CVE-2015-4882}} {{CVE|CVE-2015-4883}} {{CVE|CVE-2015-4893}} {{CVE|CVE-2015-4901}} {{CVE|CVE-2015-4902}} {{CVE|CVE-2015-4903}} {{CVE|CVE-2015-4906}} {{CVE|CVE-2015-4908}} {{CVE|CVE-2015-4911}} {{CVE|CVE-2015-4916}} || {{pkg|jdk8-openjdk}} {{pkg|jre8-openjdk}} {{pkg|jre8-openjdk-headless}} || 2015-09-22 || <= 8.u60-1 || 8.u65-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000420.html ASA-201510-18] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000421.html ASA-201510-19] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000422.html ASA-201510-20]<br />
|-<br />
| {{CVE|CVE-2015-4734}} {{CVE|CVE-2015-4803}} {{CVE|CVE-2015-4805}} {{CVE|CVE-2015-4806}} {{CVE|CVE-2015-4810}} {{CVE|CVE-2015-4835}} {{CVE|CVE-2015-4840}} {{CVE|CVE-2015-4842}} {{CVE|CVE-2015-4843}} {{CVE|CVE-2015-4844}} {{CVE|CVE-2015-4860}} {{CVE|CVE-2015-4871}} {{CVE|CVE-2015-4872}} {{CVE|CVE-2015-4881}} {{CVE|CVE-2015-4882}} {{CVE|CVE-2015-4883}} {{CVE|CVE-2015-4893}} {{CVE|CVE-2015-4902}} {{CVE|CVE-2015-4903}} {{CVE|CVE-2015-4911}} || {{pkg|jdk7-openjdk}} {{pkg|jre7-openjdk}} {{pkg|jre7-openjdk-headless}} || 2015-09-22 || <= 7.u85_2.6.1-2 || 7.u91_2.6.2-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000417.html ASA-201510-15] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000418.html ASA-201510-16] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000419.html ASA-201510-17]<br />
|-<br />
| {{CVE|CVE-2015-7691}} {{CVE|CVE-2015-7692}} {{CVE|CVE-2015-7701}} {{CVE|CVE-2015-7702}} {{CVE|CVE-2015-7703}} {{CVE|CVE-2015-7704}} {{CVE|CVE-2015-7705}} {{CVE|CVE-2015-7848}} {{CVE|CVE-2015-7849}} {{CVE|CVE-2015-7850}} {{CVE|CVE-2015-7851}} {{CVE|CVE-2015-7852}} {{CVE|CVE-2015-7853}} {{CVE|CVE-2015-7854}} {{CVE|CVE-2015-7855}} {{CVE|CVE-2015-7871}} [http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities templink] [http://blog.talosintel.com/2015/10/ntpd-vulnerabilities.html templink] || {{pkg|ntp}} || 2015-10-21 || <= 4.2.8.p3-1 || 4.2.8.p4-1 || 1d || Fixed ({{bug|46826}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000416.html ASA-201510-14]<br />
|-<br />
| {{CVE|CVE-2015-6031}} [http://talosintel.com/reports/TALOS-2015-0035/ templink] || {{pkg|miniupnpc}} || 2015-09-15 || <= 1.9.20150730-1 || 1.9.20151008-1 || 30d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000413.html ASA-201510-11]<br />
|-<br />
| {{CVE|CVE-2015-7645}} {{CVE|CVE-2015-7647}} {{CVE|CVE-2015-7648}} [https://helpx.adobe.com/security/products/flash-player/apsa15-05.html templink] [https://helpx.adobe.com/security/products/flash-player/apsb15-27.html templink] || {{pkg|flashplugin}} || 2015-10-14 || <= 11.2.202.535-1 || 11.2.202.540-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000414.html ASA-201510-12]<br />
|-<br />
| {{CVE|CVE-2015-7184}} [https://www.mozilla.org/en-US/security/advisories/mfsa2015-115/ templink] || {{pkg|firefox}} || 2015-10-15 || <= 41.0.1-1 || 41.0.2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000412.html ASA-201510-10]<br />
|-<br />
| {{CVE|CVE-2015-5260}} {{CVE|CVE-2015-5261}} {{CVE|CVE-2015-3247}} [http://lists.freedesktop.org/archives/spice-devel/2015-October/022168.html templink] [https://bugzilla.redhat.com/show_bug.cgi?id=1260822 templink] [https://bugzilla.redhat.com/show_bug.cgi?id=1261889 templink] [https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797976;msg=21 templink] || {{pkg|spice}} || 2015-09-08 || <= 0.12.5-1 || 0.12.6-1 || 41d || Fixed ({{bug|46738}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000415.html ASA-201510-13]<br />
|-<br />
| {{CVE|CVE-2015-6755}} {{CVE|CVE-2015-6756}} {{CVE|CVE-2015-6757}} {{CVE|CVE-2015-6758}} {{CVE|CVE-2015-6759}} {{CVE|CVE-2015-6760}} {{CVE|CVE-2015-6761}} {{CVE|CVE-2015-6762}} {{CVE|CVE-2015-6763}} [http://googlechromereleases.blogspot.fr/2015/10/stable-channel-update.html templink] || {{pkg|chromium}} || 2015-10-13 || <= 45.0.2454.101-2 || 46.0.2490.71-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000410.html ASA-201510-8]<br />
|-<br />
| {{CVE|CVE-2015-5569}} {{CVE|CVE-2015-7625}} {{CVE|CVE-2015-7626}} {{CVE|CVE-2015-7627}} {{CVE|CVE-2015-7628}} {{CVE|CVE-2015-7629}} {{CVE|CVE-2015-7630}} {{CVE|CVE-2015-7631}} {{CVE|CVE-2015-7632}} {{CVE|CVE-2015-7633}} {{CVE|CVE-2015-7634}} {{CVE|CVE-2015-7643}} {{CVE|CVE-2015-7644}} [https://helpx.adobe.com/security/products/flash-player/apsb15-25.html templink] || {{pkg|flashplugin}} || 2015-10-13 || <= 11.2.202.521-1 || 11.2.202.535-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000409.html ASA-201510-7]<br />
|-<br />
| {{CVE|CVE-2015-5291}} [https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2015-01 templink] || {{pkg|mbedtls}} || 2015-10-05 || <= 2.1.1-1 || 2.1.2-1 || 10d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000411.html ASA-201510-9]<br />
|-<br />
| {{CVE|CVE-2015-7384}} [https://nodejs.org/en/blog/release/v4.1.2/ templink] || {{pkg|nodejs}} || 2015-10-05 || <= 4.1.1-1 || 4.1.2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000405.html ASA-201510-3]<br />
|-<br />
| {{CVE|CVE-2015-7687}} [http://seclists.org/oss-sec/2015/q4/17 templink] [https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3f8e2fe24f3ff174d8515b82607e951e054f68f6 templink] || {{pkg|opensmtpd}} || 2015-10-02 || <= 5.7.1p1-1 || 5.7.3p1-1 || 6d || Fixed ({{bug|46605}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000407.html ASA-201510-5]<br />
|-<br />
| {{CVE|CVE-2015-7673}} {{CVE|CVE-2015-7674}} [http://seclists.org/oss-sec/2015/q4/18 templink] [http://seclists.org/oss-sec/2015/q4/19 templink] || {{pkg|gdk-pixbuf2}} || 2015-10-01 || <= 2.31.7-1 || 2.32.1-1 || 9d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000408.html ASA-201510-6]<br />
|-<br />
| {{CVE|CVE-2015-1335}} [https://github.com/lxc/lxc/commit/6de26af93d3dd87c8b21a42fdf20f30fa1c1948d templink] || {{pkg|lxc}} || 2015-09-29 || <= 1:1.1.3-2 || - || - || Not Affected ({{bug|46574}}) || None<br />
|-<br />
| {{CVE|CVE-2015-6972}} {{CVE|CVE-2015-6973}} [http://hyp3rlinx.altervista.org/advisories/AS-OPENFIRE-XSS.txt templink] [http://hyp3rlinx.altervista.org/advisories/AS-OPENFIRE-CSRF.txt templink] [https://igniterealtime.org/issues/browse/OF-942] || {{pkg|openfire}} || 2015-09-14 || <= 4.0.3-1 || || || '''Vulnerable''' ||<br />
|-<br />
| {{CVE|CVE-2015-4499}} [https://www.bugzilla.org/security/4.2.14/ templink] || {{pkg|bugzilla}} || 2015-09-10 || <= 5.0-1 || 5.0.1-1 || 28d || Fixed ({{bug|46573}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000406.html ASA-201510-4]<br />
|-<br />
| {{CVE|CVE-2015-4141}} {{CVE|CVE-2015-4142}} {{CVE|CVE-2015-4143}} {{CVE|CVE-2015-4144}} {{CVE|CVE-2015-4145}} {{CVE|CVE-2015-4146}} [http://w1.fi/security/2015-2/ templink] [http://w1.fi/security/2015-3/ templink] [http://w1.fi/security/2015-4/ templink] [http://w1.fi/security/2015-5/ templink] || {{pkg|hostapd}} || 2015-05-04 || <= 2.4-2 || 2.5-1 || ~150d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000404.html ASA-201510-2]<br />
|-<br />
| {{CVE|CVE-2015-3239}} [https://bugzilla.redhat.com/show_bug.cgi?id=1232265 templink] || {{pkg|libunwind}} || 2015-06-16 || <= 1.1-2 || 1.1-3 || ~110d || Fixed ({{bug|46474}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000403.html ASA-201510-1]<br />
|-<br />
| {{CVE|CVE-2015-1303}} {{CVE|CVE-2015-1304}} [http://googlechromereleases.blogspot.fr/2015/09/stable-channel-update_24.html templink] || {{pkg|chromium}} || 2015-09-24 || <= 45.0.2454.99-1 || 45.0.2454.101-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000401.html ASA-201509-11]<br />
|-<br />
| {{CVE|CVE-2015-4500}} {{CVE|CVE-2015-4501}} {{CVE|CVE-2015-4502}} {{CVE|CVE-2015-4504}} {{CVE|CVE-2015-4506}} {{CVE|CVE-2015-4507}} {{CVE|CVE-2015-4508}} {{CVE|CVE-2015-4509}} {{CVE|CVE-2015-4510}} {{CVE|CVE-2015-4511}} {{CVE|CVE-2015-4512}} {{CVE|CVE-2015-4516}} {{CVE|CVE-2015-4517}} {{CVE|CVE-2015-4519}} {{CVE|CVE-2015-4520}} {{CVE|CVE-2015-4521}} {{CVE|CVE-2015-4522}} {{CVE|CVE-2015-7174}} {{CVE|CVE-2015-7175}} {{CVE|CVE-2015-7176}} {{CVE|CVE-2015-7177}} {{CVE|CVE-2015-7180}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox41 templink] || {{pkg|firefox}} || 2015-09-22 || <= 40.0.3-1 || 41.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000399.html ASA-201509-9]<br />
|-<br />
| {{CVE|CVE-2015-5567}} {{CVE|CVE-2015-5568}} {{CVE|CVE-2015-5570}} {{CVE|CVE-2015-5571}} {{CVE|CVE-2015-5572}} {{CVE|CVE-2015-5573}} {{CVE|CVE-2015-5574}} {{CVE|CVE-2015-5575}} {{CVE|CVE-2015-5576}} {{CVE|CVE-2015-5577}} {{CVE|CVE-2015-5578}} {{CVE|CVE-2015-5579}} {{CVE|CVE-2015-5580}} {{CVE|CVE-2015-5581}} {{CVE|CVE-2015-5582}} {{CVE|CVE-2015-5584}} {{CVE|CVE-2015-5587}} {{CVE|CVE-2015-5588}} {{CVE|CVE-2015-6676}} {{CVE|CVE-2015-6677}} {{CVE|CVE-2015-6678}} {{CVE|CVE-2015-6679}} {{CVE|CVE-2015-6682}} [https://helpx.adobe.com/security/products/flash-player/apsb15-23.html templink] || {{pkg|flashplugin}} || 2015-09-21 || <= 11.2.202.508-1 || 11.2.202.521-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000398.html ASA-201510-8]<br />
|-<br />
| {{CVE|CVE-2015-7236}} [http://seclists.org/oss-sec/2015/q3/561 templink] || {{pkg|rpcbind}} || 2015-09-17 || <= 0.2.3-1 || 0.2.3-2 || 7d || Fixed ({{bug|46341}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000400.html ASA-201509-10]<br />
|-<br />
| {{CVE|CVE-2015-5714}} {{CVE|CVE-2015-5715}} [https://wordpress.org/news/2015/09/wordpress-4-3-1/ templink] || {{pkg|wordpress}} || 2015-09-15 || <= 4.3-1 || 4.3.1-1 || 5d || Fixed ({{bug|46340}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000397.html ASA-201510-7]<br />
|-<br />
| {{CVE|CVE-2015-6908}} [http://www.openwall.com/lists/oss-security/2015/09/11/5 templink] || {{pkg|openldap}} || 2015-09-09 || <= 2.4.42-1 || 2.4.42-2 || 3d || Fixed ({{bug|46265}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000393.html ASA-201509-4]<br />
|-<br />
| {{CVE|CVE-2015-5722}} {{CVE|CVE-2015-5986}} [https://www.isc.org/blogs/cve-2015-5986-an-incorrect-boundary-check-can-trigger-a-require-assertion-failure-in-openpgpkey_61-c/ templink] [https://www.isc.org/blogs/cve-2015-5722-parsing-malformed-keys-may-cause-bind-to-exit-due-to-a-failed-assertion-in-buffer-c/ templink] || {{pkg|bind}} || 2015-09-02 || <= 9.10.2.P3-1 || 9.10.2.P4-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000391.html ASA-201509-2]<br />
|-<br />
| {{CVE|CVE-2015-5198}} {{CVE|CVE-2015-5199}} {{CVE|CVE-2015-5200}} [http://lists.x.org/archives/xorg-announce/2015-August/002630.html templink] || {{pkg|libvdpau}} {{pkg|lib32-libvdpau}} || 2015-08-31 || <= 1.1-1 || 1.1.1-1 || 13d || Fixed ({{bug|46266}}) ({{bug|46267}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000394.html ASA-201509-5]<br />
|-<br />
| {{CVE|CVE-2015-1291}} {{CVE|CVE-2015-1292}} {{CVE|CVE-2015-1293}} {{CVE|CVE-2015-1294}} {{CVE|CVE-2015-1295}} {{CVE|CVE-2015-1296}} {{CVE|CVE-2015-1297}} {{CVE|CVE-2015-1298}} {{CVE|CVE-2015-1299}} {{CVE|CVE-2015-1300}} {{CVE|CVE-2015-1301}} [http://googlechromereleases.blogspot.fr/2015/09/stable-channel-update.html templink] || {{pkg|chromium}} || 2015-09-01 || <= 44.0.2403.157-1 || 45.0.2454.85-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000390.html ASA-201509-1]<br />
|-<br />
| {{CVE|CVE-2015-5230}} [https://doc.powerdns.com/md/security/powerdns-advisory-2015-02/ templink] || {{pkg|powerdns}} || 2015-09-02 || <= 3.4.5-1 || 3.4.6-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000392.html ASA-201509-3]<br />
|-<br />
| {{CVE|CVE-2015-5317}} {{CVE|CVE-2015-5318}} {{CVE|CVE-2015-5319}} {{CVE|CVE-2015-5320}} {{CVE|CVE-2015-5321}} {{CVE|CVE-2015-5322}} {{CVE|CVE-2015-5323}} {{CVE|CVE-2015-5324}} {{CVE|CVE-2015-5325}} {{CVE|CVE-2015-5326}} {{CVE|CVE-2015-8103}} [https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11 templink] [http://seclists.org/bugtraq/2015/Aug/161 templink] || {{pkg|jenkins}} || 2015-08-28 || <= 1.627-1 || 1.638-1 || 60d || Fixed ({{bug|46268}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000439.html ASA-201511-11]<br />
|-<br />
| {{CVE|CVE-2015-6749}} [http://seclists.org/oss-sec/2015/q3/457 templink] || {{pkg|vorbis-tools}} || 2015-08-30 || <= 1.4.0-5 || 1.4.0-6 || >60d || Fixed ({{bug|46269}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000424.html ASA-201510-22]<br />
|-<br />
| {{CVE|CVE-2015-4497}} {{CVE|CVE-2015-4498}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox40.0.3 templink] || {{pkg|firefox}} || 2015-08-27 || <= 40.0.2-1 || 40.0.3-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000389.html ASA-201508-12]<br />
|-<br />
| {{CVE|CVE-2015-5949}} [http://www.ocert.org/advisories/ocert-2015-009.html templink] || {{pkg|vlc}} || 2015-08-20 || <= 2.2.1-6 || 2.2.2-1 || 179d || Fixed ({{bug|46037}}) || None<br />
|-<br />
| {{CVE|CVE-2015-5963}} [https://www.djangoproject.com/weblog/2015/aug/18/security-releases/ templink] || {{pkg|python-django}} {{pkg|python2-django}} || 2015-08-18 || <= 1.8.3-1 || 1.8.4-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000386.html ASA-201508-9]<br />
|-<br />
| {{CVE|CVE-2015-5221}} [http://seclists.org/oss-sec/2015/q3/408 templink] || {{pkg|jasper}} || 2015-08-16 || <= 1.900.1-15 || || || '''Vulnerable''' || <br />
|-<br />
| {{CVE|CVE-2015-5203}} [http://seclists.org/oss-sec/2015/q3/366 templink] || {{pkg|jasper}} || 2015-08-16 || <= 1.900.1-15 || || || '''Vulnerable''' || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000387.html ASA-201508-10]<br />
|-<br />
| CVE Pending [http://seclists.org/oss-sec/2015/q3/295 templink] || {{pkg|pcre}} || 2015-08-05 || <= 8.37-2 || 8.37-3 || 12d || Fixed ({{bug|45945}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000388.html ASA-201508-11]<br />
|-<br />
| {{CVE|CVE-2015-4473}} {{CVE|CVE-2015-4474}} {{CVE|CVE-2015-4475}} {{CVE|CVE-2015-4477}} {{CVE|CVE-2015-4478}} {{CVE|CVE-2015-4479}} {{CVE|CVE-2015-4480}} {{CVE|CVE-2015-4482}} {{CVE|CVE-2015-4483}} {{CVE|CVE-2015-4484}} {{CVE|CVE-2015-4485}} {{CVE|CVE-2015-4486}} {{CVE|CVE-2015-4487}} {{CVE|CVE-2015-4488}} {{CVE|CVE-2015-4489}} {{CVE|CVE-2015-4490}} {{CVE|CVE-2015-4491}} {{CVE|CVE-2015-4492}} {{CVE|CVE-2015-4493}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox40 templink] || {{pkg|firefox}} || 2015-08-11 || <= 39.0.3-1 || 40.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000381.html ASA-201508-4]<br />
|-<br />
| {{CVE|CVE-2014-8121}} [https://access.redhat.com/security/cve/CVE-2014-8121 templink] || {{pkg|glibc}} || 2015-02-23 || <= 2.21-4 || 2.22-1 || ~180d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000384.html ASA-201508-7]<br />
|-<br />
| {{CVE|CVE-2015-4680}} [http://www.ocert.org/advisories/ocert-2015-008.html templink] || {{pkg|freeradius}} || 2015-06-22 || <= 3.0.8-2 || 3.0.9-1 || ~50d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000383.html ASA-201508-6]<br />
|-<br />
| {{CVE|CVE-2015-3184}} {{CVE|CVE-2015-3187}} [https://subversion.apache.org/security/CVE-2015-3184-advisory.txt templink] [https://subversion.apache.org/security/CVE-2015-3187-advisory.txt templink] || {{pkg|subversion}} || 2015-08-05 || <= 1.8.13-2 || 1.9.0-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000382.html ASA-201508-5]<br />
|-<br />
| {{CVE|CVE-2015-6251}} [http://www.gnutls.org/security.html#GNUTLS-SA-2015-3 templink] || {{pkg|gnutls}} || 2015-08-10 || <= 3.4.3-1 || 3.4.4.1-1 || 10d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000385.html ASA-201508-8]<br />
|-<br />
| {{CVE|CVE-2015-4495}} [https://www.mozilla.org/en-US/security/advisories/mfsa2015-78/ templink] || {{pkg|firefox}} || 2015-08-06 || <= 39.0-1 || 39.0.3-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000378.html ASA-201508-1]<br />
|-<br />
| {{CVE|CVE-2015-2213}} {{CVE|CVE-2015-5730}} {{CVE|CVE-2015-5731}} {{CVE|CVE-2015-5732}} {{CVE|CVE-2015-5733}} {{CVE|CVE-2015-5734}} [https://codex.wordpress.org/Version_4.2.4 templink] || {{pkg|wordpress}} || 2015-08-04 || <= 4.2.3-1 || 4.2.4.-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000379.html ASA-201508-2]<br />
|-<br />
| {{CVE|CVE-2015-3245}} {{CVE|CVE-2015-3246}} [http://seclists.org/oss-sec/2015/q3/185 templink] || {{pkg|libuser}} || 2015-07-22 || <= 0.61-1 || 0.62-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000373.html ASA-201507-19]<br />
|-<br />
| {{CVE|CVE-2015-5600}} [https://kingcope.wordpress.com/2015/07/16/openssh-keyboard-interactive-authentication-brute-force-vulnerability-maxauthtries-bypass/ templink] || {{pkg|openssh}} || 2015-07-22 || <= 6.9p1-1 || 6.9p1-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000372.html ASA-201507-17]<br />
|-<br />
| {{CVE|CVE-2015-1270}} {{CVE|CVE-2015-1271}} {{CVE|CVE-2015-1272}} {{CVE|CVE-2015-1273}} {{CVE|CVE-2015-1274}} {{CVE|CVE-2015-1276}} {{CVE|CVE-2015-1277}} {{CVE|CVE-2015-1278}} {{CVE|CVE-2015-1279}} {{CVE|CVE-2015-1280}} {{CVE|CVE-2015-1281}} {{CVE|CVE-2015-1282}} {{CVE|CVE-2015-1283}} {{CVE|CVE-2015-1284}} {{CVE|CVE-2015-1285}} {{CVE|CVE-2015-1286}} {{CVE|CVE-2015-1287}} {{CVE|CVE-2015-1288}} {{CVE|CVE-2015-1289}} [http://googlechromereleases.blogspot.fr/2015/07/stable-channel-update_21.html templink] || {{pkg|chromium}} || 2015-07-21 || <= 43.0.2357.134-1 || 44.0.2403.89-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000371.html ASA-201507-18]<br />
|-<br />
| {{CVE|CVE-2015-2590}} {{CVE|CVE-2015-2601}} {{CVE|CVE-2015-2613}} {{CVE|CVE-2015-2621}} {{CVE|CVE-2015-2625}} {{CVE|CVE-2015-2628}} {{CVE|CVE-2015-2632}} {{CVE|CVE-2015-2808}} {{CVE|CVE-2015-4000}} {{CVE|CVE-2015-4731}} {{CVE|CVE-2015-4732}} {{CVE|CVE-2015-4733}} {{CVE|CVE-2015-4748}} {{CVE|CVE-2015-4749}} {{CVE|CVE-2015-4760}} [http://blog.fuseyism.com/index.php/2015/07/21/security-icedtea-2-6-1-for-openjdk-7-released/ templink] || {{pkg|jre7-openjdk}} || 2015-07-21 || <= 7.u80_2.6.0-1 || 7.u85_2.6.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000370.html ASA-201507-16]<br />
|-<br />
| {{CVE|CVE-2015-5122}} {{CVE|CVE-2015-5123}} [https://helpx.adobe.com/security/products/flash-player/apsb15-18.html templink] || {{pkg|lib32-flashplugin}} || 2015-07-09 || <= 11.2.202.481-1 || 11.2.202.491-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000368.html ASA-201507-14]<br />
|-<br />
| {{CVE|CVE-2015-5122}} {{CVE|CVE-2015-5123}} [https://helpx.adobe.com/security/products/flash-player/apsb15-18.html templink] || {{pkg|flashplugin}} || 2015-07-09 || <= 11.2.202.481-1 || 11.2.202.491-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000367.html ASA-201507-13]<br />
|-<br />
| {{CVE|CVE-2015-0228}} {{CVE|CVE-2015-0253}} {{CVE|CVE-2015-3183}} {{CVE|CVE-2015-3185}} [http://www.apache.org/dist/httpd/CHANGES_2.4.16 templink] || {{pkg|apache}} || 2015-07-15 || <= 2.4.12-4 || 2.4.16-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000369.html ASA-201507-15]<br />
|-<br />
| {{CVE|CVE-2015-2724}} {{CVE|CVE-2015-2725}} {{CVE|CVE-2015-2726}} {{CVE|CVE-2015-2731}} {{CVE|CVE-2015-2734}} {{CVE|CVE-2015-2735}} {{CVE|CVE-2015-2736}} {{CVE|CVE-2015-2737}} {{CVE|CVE-2015-2738}} {{CVE|CVE-2015-2739}} {{CVE|CVE-2015-2740}} {{CVE|CVE-2015-2741}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird38.1 templink] || {{pkg|thunderbird}} || 2015-07-09 || <= 38.0.1-1 || 38.1.0-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000363.html ASA-201507-9]<br />
|-<br />
| {{CVE|CVE-2015-1793}} [https://openssl.org/news/secadv_20150709.txt templink] || {{pkg|lib32-openssl}} || 2015-07-09 || <= 1.0.2.c-1 || 1.0.2.d-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000366.html ASA-201507-12]<br />
|-<br />
| {{CVE|CVE-2015-1793}} [https://openssl.org/news/secadv_20150709.txt templink] || {{pkg|openssl}} || 2015-07-09 || <= 1.0.2.c-1 || 1.0.2.d-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000362.html ASA-201507-8]<br />
|-<br />
| {{CVE|CVE-2014-0578}} {{CVE|CVE-2015-3114}} {{CVE|CVE-2015-3115}} {{CVE|CVE-2015-3116}} {{CVE|CVE-2015-3117}} {{CVE|CVE-2015-3118}} {{CVE|CVE-2015-3119}} {{CVE|CVE-2015-3120}} {{CVE|CVE-2015-3121}} {{CVE|CVE-2015-3122}} {{CVE|CVE-2015-3123}} {{CVE|CVE-2015-3124}} {{CVE|CVE-2015-3125}} {{CVE|CVE-2015-3126}} {{CVE|CVE-2015-3127}} {{CVE|CVE-2015-3128}} {{CVE|CVE-2015-3129}} {{CVE|CVE-2015-3130}} {{CVE|CVE-2015-3131}} {{CVE|CVE-2015-3132}} {{CVE|CVE-2015-3133}} {{CVE|CVE-2015-3134}} {{CVE|CVE-2015-3135}} {{CVE|CVE-2015-3136}} {{CVE|CVE-2015-3137}} {{CVE|CVE-2015-4428}} {{CVE|CVE-2015-4429}} {{CVE|CVE-2015-4430}} {{CVE|CVE-2015-4431}} {{CVE|CVE-2015-4432}} {{CVE|CVE-2015-4433}} {{CVE|CVE-2015-5116}} {{CVE|CVE-2015-5117}} {{CVE|CVE-2015-5118}} {{CVE|CVE-2015-5119}} [https://helpx.adobe.com/security/products/flash-player/apsb15-16.html templink] [https://www.kb.cert.org/vuls/id/561288 templink] || {{pkg|flashplugin}} || 2015-07-07 || <= 11.2.202.468-1 || 11.2.202.481-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000361.html ASA-201507-7]<br />
|-<br />
| {{CVE|CVE-2015-4620}} [https://kb.isc.org/article/AA-01267/ templink] || {{pkg|bind}} || 2015-07-07 || <= 9.10.2.P1-1 || 9.10.2.P2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000360.html ASA-201507-6]<br />
|-<br />
| {{CVE|CVE-2015-5382}} [http://www.openwall.com/lists/oss-security/2015/07/07/3 templink] || {{pkg|roundcubemail}} || 2015-07-06 || <= 1.1.1-1 || 1.1.2-1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-5355}} {{CVE|CVE-2015-2694}} [http://krbdev.mit.edu/rt/NoAuth/krb5-1.13/fixed-1.13.2.html templink] || {{pkg|lib32-krb5}} || 2015-05-08 || <= 1.13.1-1 || 1.13.2-1 || 63d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000365.html ASA-201507-11]<br />
|-<br />
| {{CVE|CVE-2014-5355}} {{CVE|CVE-2015-2694}} [http://krbdev.mit.edu/rt/NoAuth/krb5-1.13/fixed-1.13.2.html templink] || {{pkg|krb5}} || 2015-05-08 || <= 1.13.1-1 || 1.13.2-1 || 63d || Fixed ({{bug|45575}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000364.html ASA-201507-10]<br />
|-<br />
| {{CVE|CVE-2015-3281}} [http://marc.info/?l=haproxy&m=143593901506748&w=2 templink] || {{pkg|haproxy}} || 2015-07-03 || <= 1.5.12-1 || 1.5.14-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000357.html ASA-201507-3]<br />
|-<br />
| {{CVE|CVE-2015-2722}} {{CVE|CVE-2015-2724}} {{CVE|CVE-2015-2725}} {{CVE|CVE-2015-2726}} {{CVE|CVE-2015-2727}} {{CVE|CVE-2015-2728}} {{CVE|CVE-2015-2729}} {{CVE|CVE-2015-2731}} {{CVE|CVE-2015-2733}} {{CVE|CVE-2015-2734}} {{CVE|CVE-2015-2735}} {{CVE|CVE-2015-2736}} {{CVE|CVE-2015-2737}} {{CVE|CVE-2015-2739}} {{CVE|CVE-2015-2740}} {{CVE|CVE-2015-2741}} {{CVE|CVE-2015-2743}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2015-07-02 || <= 38.0.5 || 39.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000356.html ASA-201507-2]<br />
|- <br />
| {{CVE|CVE-2015-5352}} [http://www.openwall.com/lists/oss-security/2015/07/01/10 templink] || {{pkg|openssh}} || 2015-06-29 || <= 6.8p1-3 || 6.9p1-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000358.html ASA-201507-4]<br />
|-<br />
| {{CVE|CVE-2015-5146}} [http://support.ntp.org/bin/view/Main/SecurityNotice#June_2015_NTP_Security_Vulnerabi templink] || {{pkg|ntp}} || 2015-06-29 || <= 4.2.8p2-1 || 4.2.8p3-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000359.html ASA-201507-5]<br />
|-<br />
| {{CVE|CVE-2015-2141}} [https://lists.ubuntu.com/archives/ubuntu-devel-discuss/2015-June/015585.html templink] [https://github.com/weidai11/cryptopp/commit/9425e16437439e68c7d96abef922167d68fafaff commit] || {{pkg|crypto++}} || 2015-06-28 || <= 5.6.2-2 || 5.6.2-3 || 28d || Fixed ({{bug|45498}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000374.html ASA-201507-20]<br />
|-<br />
| {{CVE|CVE-2015-5073}} [https://bugs.exim.org/show_bug.cgi?id=1651 templink] [http://vcs.pcre.org/pcre?view=revision&revision=1571 commit] || {{pkg|pcre}} || 2015-06-26 || <= 8.37-2 || 8.37-3 || ~52d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-5069}} {{CVE|CVE-2015-5070}} [http://www.openwall.com/lists/oss-security/2015/06/25/12 templink] || {{pkg|wesnoth}} || 2015-06-24 || <= 1.12.2-3 || 1.12.4-1 || < 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000355.html ASA-201507-1]<br />
|-<br />
| {{CVE|CVE-2015-3113}} [https://helpx.adobe.com/security/products/flash-player/apsb15-14.html templink] || {{pkg|flashplugin}} || 2015-06-23 || <= 11.2.202.466-1 || 11.2.202.468-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-June/000346.html ASA-201506-5]<br />
|-<br />
| {{CVE|CVE-2015-3236}} {{CVE|CVE-2015-3237}} [http://curl.haxx.se/docs/adv_20150617A.html templink] [http://curl.haxx.se/docs/adv_20150617B.html templink] || {{pkg|lib32-curl}} || 2015-06-17 || <= 7.42.1-1 || 7.43.0-1 || 47d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-June/000345.html ASA-201506-4]<br />
|-<br />
| {{CVE|CVE-2015-3236}} {{CVE|CVE-2015-3237}} [http://curl.haxx.se/docs/adv_20150617A.html templink] [http://curl.haxx.se/docs/adv_20150617B.html templink] || {{pkg|curl}} || 2015-06-17 || <= 7.42.1-1 || 7.43.0-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-June/000345.html ASA-201506-4]<br />
|-<br />
| {{CVE|CVE-2009-1364}} {{CVE|CVE-2006-3376}} {{CVE|CVE-2007-0455}} {{CVE|CVE-2007-2756}} {{CVE|CVE-2007-3472}} {{CVE|CVE-2007-3473}} {{CVE|CVE-2007-3477}} {{CVE|CVE-2009-3546}} {{CVE|CVE-2015-0848}} {{CVE|CVE-2015-4588}} {{CVE|CVE-2015-4695}} {{CVE|CVE-2015-4696}} [http://www.openwall.com/lists/oss-security/2015/06/16/4 templink] || {{pkg|libwmf}} || 2015-06-01 || <= 0.2.8.4-13 || || || '''Vulnerable''' ({{bug|49162}}) ||<br />
|-<br />
| {{CVE|CVE-2015-2325}} {{CVE|CVE-2015-2326}} {{CVE|CVE-2015-3414}} {{CVE|CVE-2015-3415}} {{CVE|CVE-2015-3416}} [http://php.net/ChangeLog-5.php#5.6.10 templink] || {{pkg|php}} || 2015-06-11 || <= 5.6.9-2 || 5.6.10-1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-3885}} [http://www.ocert.org/advisories/ocert-2015-006.html templink] || {{pkg|libraw}} || 2015-05-11 || <= 0.16.0-3 || 0.16.1 || 5d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-3885}} [http://www.ocert.org/advisories/ocert-2015-006.html templink] || {{pkg|dcraw}} || 2015-05-11 || <= 9.25.0-1 || 9.26.0-1 || ~1m || Fixed || None <br />
|-<br />
| {{CVE|CVE-2015-3885}} [http://www.ocert.org/advisories/ocert-2015-006.html templink] || {{pkg|gimp-ufraw}} || 2015-05-11 || <= 0.21-1 || 0.22-1 || 45d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-3885}} [http://www.ocert.org/advisories/ocert-2015-006.html templink] || {{pkg|rawtherapee}} || 2015-05-11 || <= 1:4.2-1 || 1:4.2+448.g26d182d-1 || ~5m || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-3885}} [http://www.ocert.org/advisories/ocert-2015-006.html templink] || {{pkg|rawstudio}} || 2015-05-11 || <= 2.0-12 || 2.0_git20160107-1 || ~11m || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-1158}} {{CVE|CVE-2015-1159}} [http://www.cups.org/str.php?L4609 templink] || {{pkg|cups}} || 2015-06-08 || <= 2.0.2-4 || 2.0.3-1 || 1d || Fixed ({{bug|45279}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-June/000343.html ASA-201506-2]<br />
|-<br />
| {{CVE|CVE-2015-1788}} {{CVE|CVE-2015-1789}} {{CVE|CVE-2015-1790}} {{CVE|CVE-2015-1791}} {{CVE|CVE-2015-1792}} {{CVE|CVE-2015-4000}} [https://www.openssl.org/news/secadv_20150611.txt templink] [https://git.openssl.org/?p=openssl.git;a=commit;h=98ece4eebfb6cd45cc8d550c6ac0022965071afc templink] || {{pkg|openssl}} || 2015-06-11 || <= 1.0.2.a-1 || 1.0.2.b-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-June/000344.html ASA-201506-3]<br />
|-<br />
| {{CVE|CVE-2015-3210}} [https://bugs.exim.org/show_bug.cgi?id=1636 templink] || {{pkg|pcre}} || 2015-05-29 || <= 8.37-1 || 8.37-2 || 7d || Fixed ({{bug|45207}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-June/000342.html ASA-201506-1]<br />
|-<br />
| {{CVE|CVE-2015-3165}} {{CVE|CVE-2015-3166}} {{CVE|CVE-2015-3167}} [http://www.postgresql.org/about/news/1587/ templink] || {{pkg|postgresql}} || 2015-05-22 || <= 9.4.1-1 || 9.4.2-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000338.html ASA-201505-17]<br />
|-<br />
| {{CVE|CVE-2015-4054}} [http://www.openwall.com/lists/oss-security/2015/05/22/5 templink] || {{pkg|pgbouncer}} || 2015-04-09 || <= 1.5.4-6 || 1.5.5-1 || 26d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000337.html ASA-201505-16]<br />
|-<br />
| {{CVE|CVE-2015-1251}} {{CVE|CVE-2015-1252}} {{CVE|CVE-2015-1253}} {{CVE|CVE-2015-1254}} {{CVE|CVE-2015-1255}} {{CVE|CVE-2015-1256}} {{CVE|CVE-2015-1257}} {{CVE|CVE-2015-1258}} {{CVE|CVE-2015-1259}} {{CVE|CVE-2015-1260}} {{CVE|CVE-2015-1263}} {{CVE|CVE-2015-1264}} {{CVE|CVE-2015-1265}} [http://googlechromereleases.blogspot.fr/2015/05/stable-channel-update_19.html templink] || {{pkg|chromium}} || 2015-05-19 || <= 42.0.2311.135-1 || 43.0.2357.65-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000335.html ASA-201505-14]<br />
|-<br />
| {{CVE|CVE-2015-3808}} {{CVE|CVE-2015-3809}} {{CVE|CVE-2015-3810}} {{CVE|CVE-2015-3811}} {{CVE|CVE-2015-3812}} {{CVE|CVE-2015-3813}} {{CVE|CVE-2015-3814}} {{CVE|CVE-2015-3815}} [https://wireshark.org/docs/relnotes/wireshark-1.12.5.html templink] || {{pkg|wireshark-cli}} {{pkg|wireshark-qt}} {{pkg|wireshark-gtk}} || 2015-05-11 || <= 1.12.4-4 || 1.12.5-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000329.html ASA-201505-10] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000330.html ASA-201505-11] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000331.html ASA-201505-12]<br />
|-<br />
| {{CVE|CVE-2015-3456}} [https://securityblog.redhat.com/2015/05/13/venom-dont-get-bitten/ templink] || {{pkg|qemu}} || 2015-05-13 || <= 2.2.1-4 || 2.2.1-5 || 1d || Fixed ({{bug|44958}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000328.html ASA-201505-9]<br />
|-<br />
| {{CVE|CVE-2014-0230}} [https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.44 templink] || {{pkg|tomcat6}} || 2015-04-09 || <= 6.0.43-2 || 6.0.44-1 || 34d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000321.html ASA-201505-8]<br />
|-<br />
| {{CVE|CVE-2015-2708}} {{CVE|CVE-2015-2709}} {{CVE|CVE-2015-2710}} {{CVE|CVE-2015-2713}} {{CVE|CVE-2015-2716}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird31.7 templink] || {{pkg|thunderbird}} || 2015-05-12 || <= 31.6.0-2 || 31.7.0-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000332.html ASA-201505-13]<br />
|-<br />
| {{CVE|CVE-2015-2708}} {{CVE|CVE-2015-2709}} {{CVE|CVE-2015-2710}} {{CVE|CVE-2015-2711}} {{CVE|CVE-2015-2712}} {{CVE|CVE-2015-2713}} {{CVE|CVE-2015-2715}} {{CVE|CVE-2015-2716}} {{CVE|CVE-2015-2717}} {{CVE|CVE-2015-2718}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox38 templink] || {{pkg|firefox}} || 2015-05-12 || <= 37.0.2-1 || 38.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000320.html ASA-201505-7] <br />
|-<br />
| {{CVE|CVE-2015-3622}} [http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commitdiff;h=f979435 templink] || {{pkg|libtasn1}} || 2015-04-20 || <= 4.5-1 || 4.4-1 || 16d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000318.html ASA-201505-5]<br />
|-<br />
| {{CVE|CVE-2014-8964}} [https://mariadb.com/kb/en/mariadb/mariadb-10018-release-notes/ templink] || {{pkg|mariadb-clients}} || 2015-05-07 || <= 10.0.17-1 || 10.0.18-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000317.html ASA-201505-4]<br />
|-<br />
| {{CVE|CVE-2014-8964}} {{CVE|CVE-2015-0499}} {{CVE|CVE-2015-0501}} {{CVE|CVE-2015-0505}} {{CVE|CVE-2015-2571}} [https://mariadb.com/kb/en/mariadb/mariadb-10018-release-notes/ templink] || {{pkg|mariadb}} || 2015-05-07 || <= 10.0.17-1 || 10.0.18-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000316.html ASA-201505-3]<br />
|-<br />
| {{CVE|CVE-2015-3627}} {{CVE|CVE-2015-3629}} {{CVE|CVE-2015-3630}} {{CVE|CVE-2015-3631}} [http://seclists.org/oss-sec/2015/q2/389 templink] || {{pkg|docker}} || 2015-05-07 || <= 1:1.6.0-1 || 1:1.6.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000319.html ASA-201505-6]<br />
|-<br />
| {{CVE|CVE-2015-0847}} [http://sourceforge.net/p/nbd/mailman/message/34091218/ templink] || {{pkg|nbd}} || 2015-05-07 || <= 3.10-1 || 3.11-1 || 19d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000336.html ASA-201505-15]<br />
|-<br />
| {{CVE|CVE-2015-1858}} {{CVE|CVE-2015-1859}} {{CVE|CVE-2015-1860}} [http://lists.qt-project.org/pipermail/announce/2015-April/000067.html templink] || {{pkg|qt5-base}} || 2015-04-13 || <= 5.4.1-5 || 5.4.2-1 || 50d || Fixed || None <br />
|-<br />
| {{CVE|CVE-2015-1858}} {{CVE|CVE-2015-1859}} {{CVE|CVE-2015-1860}} [http://lists.qt-project.org/pipermail/announce/2015-April/000067.html templink] || {{pkg|qt4}} || 2015-04-13 || <= 4.8.6-6 || 4.8.7-1 || 50d || Fixed || None <br />
|-<br />
| {{CVE|CVE-2015-3414}} {{CVE|CVE-2015-3415}} {{CVE|CVE-2015-3416}} [http://seclists.org/fulldisclosure/2015/Apr/31 templink] || {{pkg|sqlite}} || 2015-04-24 || <= 3.8.8.3-1 || 3.8.9-1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-2170}} {{CVE|CVE-2015-2221}} {{CVE|CVE-2015-2222}} {{CVE|CVE-2015-2305}} {{CVE|CVE-2015-2668}} [http://blog.clamav.net/2015/04/clamav-0987-has-been-released.html templink] || {{pkg|clamav}} || 2015-04-29 || <= 0.98.6-1 || 0.98.7-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000315.html ASA-201505-2]<br />
|-<br />
| {{CVE|CVE-2015-3455}} [http://www.openwall.com/lists/oss-security/2015/04/30/2 templink] || {{pkg|squid}} || 2015-04-29 || <= 3.5.3-2 || 3.5.4-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000314.html ASA-201505-1]<br />
|-<br />
| {{CVE|CVE-2015-3451}} [http://www.openwall.com/lists/oss-security/2015/04/30/1 templink] || {{pkg|perl-xml-libxml}} || 2015-04-30 || <= 2.0118-3 || 2.0119-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000313.html ASA-201504-32]<br />
|-<br />
| {{CVE|CVE-2015-3152}} [http://www.openwall.com/lists/oss-security/2015/04/29/4 templink] || {{pkg|mariadb}} {{pkg|mariadb-clients}} || 2015-04-29 || <= 10.0.17-2 || 10.0.20-1 || 52d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-3153}} [http://curl.haxx.se/docs/adv_20150429.html templink] || {{pkg|curl}} || 2015-04-29 || <= 7.42.0-1 || 7.42.1-1 || 29d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000341.html ASA-201505-20]<br />
|-<br />
| {{CVE|CVE-2015-1243}} {{CVE|CVE-2015-1250}} [http://googlechromereleases.blogspot.fr/2015/04/stable-channel-update_28.html templink] || {{pkg|chromium}} || 2015-04-28 || <= 42.0.2311.90-1 || 42.0.2311.135-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000311.html ASA-201504-30]<br />
|-<br />
| {{CVE|CVE-2015-3420}} [http://seclists.org/oss-sec/2015/q2/288 templink] || {{pkg|dovecot}} || 2015-04-24 || <= 2.2.16-1 || 2.2.16-2 || 4d || Fixed ({{bug|44757}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000312.html ASA-201504-31]<br />
|-<br />
| {{CVE|CVE-2015-1868}} [https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/ templink] || {{pkg|powerdns-recursor}} || 2015-04-23 || <= 3.7.1-1 || 3.7.2-1 || 1d || Fixed ({{Bug|44708}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000308.html ASA-201504-27]<br />
|-<br />
| {{CVE|CVE-2015-1868}} [https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/ templink] || {{pkg|powerdns}} || 2015-04-23 || <= 3.4.3-2 || 3.4.4-1 || 1d || Fixed ({{Bug|44708}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000307.html ASA-201504-26]<br />
|-<br />
| {{CVE|CVE-2015-1863}} [http://w1.fi/security/2015-1/wpa_supplicant-p2p-ssid-overflow.txt templink] || {{pkg|wpa_supplicant}} || 2015-04-22 || <= 2.3-1 || 2.4-1 (1:2.3-1) || 2d || Fixed ({{Bug|44695}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000310.html ASA-201504-29]<br />
|-<br />
| {{CVE|CVE-2015-1781}} [https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=2959eda9272a033863c271aff62095abd01bd4e3;hp=7bf8fb104226407b75103b95525364c4667c869f templink] || {{pkg|glibc}} || 2015-04-21 || <= 2.21-2 || 2.21-3 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000305.html ASA-201504-25]<br />
|-<br />
| {{CVE|CVE-2015-3143}} {{CVE|CVE-2015-3144}} {{CVE|CVE-2015-3145}} {{CVE|CVE-2015-3148}} [http://curl.haxx.se/docs/vuln-7.41.0.html templink] || {{pkg|curl}} || 2015-04-22 || <= 7.41.0-1 || 7.42.0-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000309.html ASA-201504-28]<br />
|-<br />
| {{CVE|CVE-2015-2706}} [https://www.mozilla.org/en-US/security/advisories/mfsa2015-45/ templink] || {{pkg|firefox}} || 2015-04-20 || <= 37.0.1-3 || 37.0.2-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000304.html ASA-201504-24]<br />
|-<br />
| {{CVE|CVE-2015-3138}} [https://github.com/the-tcpdump-group/tcpdump/issues/446 templink] || {{pkg|tcpdump}} || 2015-03-24 || <= 4.7.3-1 || 4.7.3-2 || 26d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000299.html ASA-201504-20]<br />
|-<br />
| {{CVE|CVE-2015-0346}} {{CVE|CVE-2015-0347}} {{CVE|CVE-2015-0348}} {{CVE|CVE-2015-0349}} {{CVE|CVE-2015-0350}} {{CVE|CVE-2015-0351}} {{CVE|CVE-2015-0352}} {{CVE|CVE-2015-0353}} {{CVE|CVE-2015-0354}} {{CVE|CVE-2015-0355}} {{CVE|CVE-2015-0356}} {{CVE|CVE-2015-0357}} {{CVE|CVE-2015-0358}} {{CVE|CVE-2015-0359}} {{CVE|CVE-2015-0360}} {{CVE|CVE-2015-3038}} {{CVE|CVE-2015-3039}} {{CVE|CVE-2015-3040}} {{CVE|CVE-2015-3041}} {{CVE|CVE-2015-3042}} {{CVE|CVE-2015-3043}} {{CVE|CVE-2015-3044}} [https://helpx.adobe.com/security/products/flash-player/apsb15-06.html templink] || {{pkg|flashplugin}} || 2015-04-14 || <= 11.2.202.451-1 || 11.2.202.457-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000297.html ASA-201504-18]<br />
|-<br />
| {{CVE|CVE-2015-1351}} {{CVE|CVE-2015-1352}} {{CVE|CVE-2015-2783}} {{CVE|CVE-2015-3330}} {{CVE|CVE-2015-3329}} [https://php.net/ChangeLog-5.php#5.6.8 templink] || {{pkg|php}} || 2015-04-17 || <= 5.6.7.-2 || 5.6.8-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000291.html ASA-201504-14]<br />
|-<br />
| {{CVE|CVE-2015-0460}} {{CVE|CVE-2015-0469}} {{CVE|CVE-2015-0470}} {{CVE|CVE-2015-0477}} {{CVE|CVE-2015-0478}} {{CVE|CVE-2015-0480}} {{CVE|CVE-2015-0488}} || {{pkg|jdk8-openjdk}} {{pkg|jre8-openjdk}} {{pkg|jre8-openjdk-headless}} || 2015-04-14 || <= 8.u40-1 || 8.u45-1 || 6d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000300.html ASA-201504-21] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000301.html ASA-201504-22] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000302.html ASA-201504-23]<br />
|-<br />
| {{CVE|CVE-2015-0460}} {{CVE|CVE-2015-0469}} {{CVE|CVE-2015-0477}} {{CVE|CVE-2015-0478}} {{CVE|CVE-2015-0480}} {{CVE|CVE-2015-0488}} [http://blog.fuseyism.com/index.php/2015/04/15/security-icedtea-2-5-5-for-openjdk-7-released/ templink] || {{pkg|jdk7-openjdk}} {{pkg|jre7-openjdk}} {{pkg|jre7-openjdk-headless}} || 2015-04-14 || <= 7.u75_2.5.4-1 || 7.u79_2.5.5-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000294.html ASA-201504-15] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000295.html ASA-201504-16] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000296.html ASA-201504-17]<br />
|-<br />
| {{CVE|CVE-2015-3310}} [http://www.openwall.com/lists/oss-security/2015/04/16/7 templink] || {{pkg|ppp}} || 2015-04-13 || <= 2.4.7-1 || 2.4.7-2 || ~4m || Fixed ({{bug|44607}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000380.html ASA-201508-3]<br />
|-<br />
| {{CVE|CVE-2015-3308}} [http://www.openwall.com/lists/oss-security/2015/04/16/6 templink] || {{pkg|gnutls}} || 2015-03-30 || <= 3.3.13-1 || 3.3.14-1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-1235}} {{CVE|CVE-2015-1236}} {{CVE|CVE-2015-1237}} {{CVE|CVE-2015-1238}} {{CVE|CVE-2015-1240}} {{CVE|CVE-2015-1241}} {{CVE|CVE-2015-1242}} {{CVE|CVE-2015-1244}} {{CVE|CVE-2015-1245}} {{CVE|CVE-2015-1246}} {{CVE|CVE-2015-1247}} {{CVE|CVE-2015-1248}} {{CVE|CVE-2015-1249}} [http://googlechromereleases.blogspot.fr/2015/04/stable-channel-update_14.html templink] || {{pkg|chromium}} || 2015-04-14 || <= 41.0.2272.118-2 || 42.0.2311.90-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000298.html ASA-201504-19]<br />
|-<br />
| {{CVE|CVE-2015-1855}} [https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/ templink] || {{pkg|ruby}} || 2015-04-13 || <= 2.2.1-1 || 2.2.2-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000282.html ASA-201504-13]<br />
|-<br />
| {{CVE|CVE-2015-3026}} [http://seclists.org/oss-sec/2015/q2/80 templink] || {{pkg|icecast}} || 2015-04-08 || <= 2.4.1-1 || 2.4.2-1 || 3d || Fixed ({{bug|44503}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000281.html ASA-201504-12]<br />
|-<br />
| {{CVE|CVE-2015-1798}} [http://seclists.org/oss-sec/2015/q2/63 templink] || {{pkg|chrony}} || 2015-04-08 || <= 1.31-2 || 1.31.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000278.html ASA-201504-9]<br />
|-<br />
| {{CVE|CVE-2015-1798}} {{CVE|CVE-2015-1799}} [http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities templink] || {{pkg|ntp}} || 2015-04-07 || <= 4.2.8p1 || 4.2.8p2-1 || <1d || Fixed ({{bug|44492}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000275.html ASA-201504-8]<br />
|-<br />
| {{CVE|CVE-2015-2931}} {{CVE|CVE-2015-2932}} {{CVE|CVE-2015-2933}} {{CVE|CVE-2015-2934}} {{CVE|CVE-2015-2935}} {{CVE|CVE-2015-2936}} {{CVE|CVE-2015-2937}} {{CVE|CVE-2015-2938}} {{CVE|CVE-2015-2939}} {{CVE|CVE-2015-2940}} {{CVE|CVE-2015-2941}} {{CVE|CVE-2015-2942}} [http://seclists.org/oss-sec/2015/q2/61 templink] || {{pkg|mediawiki}} || 2015-04-07 || <= 1.24.1-1 || 1.24.2-1 || 0d || Fixed ({{bug|44489}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000280.html ASA-201504-11]<br />
|-<br />
| {{CVE|CVE-2015-2928}} {{CVE|CVE-2015-2929}} [http://seclists.org/oss-sec/2015/q2/56 templink] || {{pkg|tor}} || 2015-04-06 || <= 0.2.5.11-1 || 0.2.5.12-1 || <1d || Fixed ({{bug|44482}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000274.html ASA-201504-7]<br />
|-<br />
| {{CVE|CVE-2015-0799}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2015-04-03 || <= 37.0-1 || 37.0.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000271.html ASA-201504-4]<br />
|-<br />
| {{CVE|CVE-2015-1233}} {{CVE|CVE-2015-1234}} [http://googlechromereleases.blogspot.fr/2015/04/stable-channel-update.html templink] || {{pkg|chromium}} || 2015-04-01 || <= 41.0.2272.101-1 || 41.0.2272.118-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000269.html ASA-201504-2]<br />
|-<br />
| {{CVE|CVE-2015-0801}} {{CVE|CVE-2015-0807}} {{CVE|CVE-2015-0813}} {{CVE|CVE-2015-0814}} {{CVE|CVE-2015-0815}} {{CVE|CVE-2015-0816}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/ templink] || {{pkg|thunderbird}} || 2015-03-31 || <= 31.5.0-1 || 31.6.0-1|| 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000272.html ASA-201504-6]<br />
|-<br />
| {{CVE|CVE-2015-0801}} {{CVE|CVE-2015-0802}} {{CVE|CVE-2015-0803}} {{CVE|CVE-2015-0804}} {{CVE|CVE-2015-0805}} {{CVE|CVE-2015-0806}} {{CVE|CVE-2015-0807}} {{CVE|CVE-2015-0808}} {{CVE|CVE-2015-0811}} {{CVE|CVE-2015-0812}} {{CVE|CVE-2015-0813}} {{CVE|CVE-2015-0814}} {{CVE|CVE-2015-0815}} {{CVE|CVE-2015-0816}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2015-03-31 || <= 36.0.4-1 || 37.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000268.html ASA-201504-1]<br />
|-<br />
| {{CVE|CVE-2015-1817}} [http://www.openwall.com/lists/oss-security/2015/03/30/3 templink] || {{pkg|musl}} || 2015-03-29 || <= 1.1.7-1 || 1.1.8-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000267.html ASA-201503-26]<br />
|-<br />
| {{CVE|CVE-2015-2782}} {{CVE|CVE-2015-0556}} {{CVE|CVE-2015-0557}} [http://www.openwall.com/lists/oss-security/2015/03/29/1 templink] || {{pkg|arj}} || 2015-03-28 || <= 3.10.22-8 || 3.10.22-10 || 10d || Fixed ({{bug|44411}}) ({{bug|44488}}) || None<br />
|-<br />
| {{CVE|CVE-2015-0250}} [http://seclists.org/fulldisclosure/2015/Mar/142 templink] || {{pkg|java-batik}} || 2015-03-17 || <= 1.7-12 || 1.8-1 || 17d || Fixed ({{bug|44410}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000273.html ASA-201504-5]<br />
|-<br />
| {{CVE|CVE-2015-2806}} [http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=4d4f992826a4962790ecd0cce6fbba4a415ce149 templink] || {{pkg|libtasn1}} || 2015-03-29 || <= 4.3-1 || 4.4-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000270.html ASA-201504-3]<br />
|-<br />
| {{CVE|CVE-2015-0817}} {{CVE|CVE-2015-0818}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2015-03-20 || <= 36.0.1-1 || 36.0.3-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000262.html ASA-201503-21]<br />
|-<br />
| {{CVE|CVE-2015-2559}} [https://www.drupal.org/SA-CORE-2015-001 templink] || {{pkg|drupal}} || 2015-03-19 || <= 7.34-1 || 7.35-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000259.html ASA-201503-18]<br />
|-<br />
| {{CVE|CVE-2015-0252}} [https://xerces.apache.org/xerces-c/secadv/CVE-2015-0252.txt templink] || {{pkg|xerces-c}} || 2015-03-19 || <= 3.1.1-5 || 3.1.2-1 || 1d || Fixed ({{bug|44272}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000260.html ASA-201503-19]<br />
|-<br />
| {{CVE|CVE-2015-2330}} [http://www.openwall.com/lists/oss-security/2015/03/18/4 templink] || {{pkg|webkitgtk}} {{pkg|webkitgtk2}} || 2015-03-17 || <= 2.4.8-1 || 2.4.9-1 || 30d || Fixed ({{bug|44237}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000339.html ASA-201505-18] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000340.html ASA-201505-19]<br />
|-<br />
| {{CVE|CVE-2015-2305}} {{CVE|CVE-2015-2331}} {{CVE|CVE-2015-2348}} {{CVE|CVE-2015-2787}} [https://bugs.php.net/bug.php?id=69253 templink] || {{pkg|php}} || 2015-03-18 || <= 5.6.6-1 || 5.6.7-1 || 10d || Fixed ({{bug|44236}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000266.html ASA-201503-25]<br />
|-<br />
| {{CVE|CVE-2015-0204}} {{CVE|CVE-2015-0207}} {{CVE|CVE-2015-0208}} {{CVE|CVE-2015-0209}} {{CVE|CVE-2015-0285}} {{CVE|CVE-2015-0286}} {{CVE|CVE-2015-0287}} {{CVE|CVE-2015-0288}} {{CVE|CVE-2015-0289}} {{CVE|CVE-2015-0290}} {{CVE|CVE-2015-0291}} {{CVE|CVE-2015-0293}} {{CVE|CVE-2015-1787}} [https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=28a00bcd8e318da18031b2ac8778c64147cd54f9 commit-0288] [https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2b31fcc0b5e7329e13806822a5709dbd51c5c8a4 commit-0285] [https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ba5d0113e8bcb26857ae58a11b219aeb7bc2408a commit-0209] [https://security-tracker.debian.org/tracker/CVE-2015-0288 Debian-Bug-tracker] [https://www.openssl.org/news/secadv_20150319.txt advisory] || {{pkg|openssl}} {{pkg|lib32-openssl}} || 2015-03-17 || <= 1.0.2-1 || 1.0.2.a-1 || 2d || Fixed ({{bug|44227}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000257.html ASA-201503-16] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000258.html ASA-201503-17]<br />
|-<br />
| {{CVE|CVE-2015-1802}} {{CVE|CVE-2015-1803}} {{CVE|CVE-2015-1804}} [http://www.openwall.com/lists/oss-security/2015/03/17/5 templink] || {{pkg|libxfont}} || 2015-03-17 || <= 1.5.0-1 || 1.5.1-1 || <1d || Fixed ({{bug|44226}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000256.html ASA-201503-15]<br />
|-<br />
| {{CVE|CVE-2015-0332}} {{CVE|CVE-2015-0333}} {{CVE|CVE-2015-0334}} {{CVE|CVE-2015-0335}} {{CVE|CVE-2015-0336}} {{CVE|CVE-2015-0337}} {{CVE|CVE-2015-0338}} {{CVE|CVE-2015-0339}} {{CVE|CVE-2015-0340}} {{CVE|CVE-2015-0341}} {{CVE|CVE-2015-0342}} [https://helpx.adobe.com/security/products/flash-player/apsb15-05.html templink] || {{pkg|flashplugin}} || 2015-03-12 || <= 11.2.202.442-1 || 11.2.202.451-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000252.html ASA-201503-11]<br />
|-<br />
| {{CVE|CVE-2014-9687}} [http://www.openwall.com/lists/oss-security/2015/02/10/10 templink] || {{pkg|ecryptfs-utils}} || 2015-02-10 || <= 104-1 || 106-1 || 37d || Fixed ({{bug|44157}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000255.html ASA-201503-14]<br />
|-<br />
| {{CVE|CVE-2015-1782}} [http://www.libssh2.org/adv_20150311.html templink] || {{pkg|libssh2}} || 2015-03-11 || <= 1.4.3-1 || 1.5.0-1 || 29d || Fixed ({{bug|44146}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000279.html ASA-201504-10]<br />
|-<br />
| {{CVE|CVE-2015-2241}} [https://www.djangoproject.com/weblog/2015/mar/09/security-releases/ templink] || {{pkg|python-django}} {{pkg|python2-django}} || 2015-03-09 || <= 1.7.5-1 || 1.7.6-1 || 2d || Fixed ({{bug|44122}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000248.html ASA-201503-7]<br />
|-<br />
| {{CVE|CVE-2015-1212}} {{CVE|CVE-2015-1213}} {{CVE|CVE-2015-1214}} {{CVE|CVE-2015-1215}} {{CVE|CVE-2015-1216}} {{CVE|CVE-2015-1217}} {{CVE|CVE-2015-1218}} {{CVE|CVE-2015-1219}} {{CVE|CVE-2015-1220}} {{CVE|CVE-2015-1221}} {{CVE|CVE-2015-1222}} {{CVE|CVE-2015-1223}} {{CVE|CVE-2015-1224}} {{CVE|CVE-2015-1225}} {{CVE|CVE-2015-1226}} {{CVE|CVE-2015-1227}} {{CVE|CVE-2015-1228}} {{CVE|CVE-2015-1229}} {{CVE|CVE-2015-1230}} {{CVE|CVE-2015-1231}} [http://googlechromereleases.blogspot.fr/2015/03/stable-channel-update.html templink] || {{pkg|chromium}} || 2015-03-03 || <= 40.0.2214.115-1 || 41.0.2272.76-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000245.html ASA-201503-5]<br />
|-<br />
| {{CVE|CVE-2015-1572}} [https://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=49d0fe2a14f2a23da2fe299643379b8c1d37df73 templink] || {{pkg|e2fsprogs}} || 2015-02-06 || <= 1.42.12-1 || 1.42.12-2 || 6d || Fixed ({{bug|44015}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000249.html ASA-201503-8]<br />
|-<br />
| {{CVE|CVE-2015-2157}} [http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/private-key-not-wiped-2.html templink] || {{pkg|putty}} || 2015-03-02 || <= 0.63-1 || 0.64-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000241.html ASA-201503-1]<br />
|-<br />
| {{CVE|CVE-2015-0822}} {{CVE|CVE-2015-0827}} {{CVE|CVE-2015-0831}} {{CVE|CVE-2015-0835}} {{CVE|CVE-2015-0836}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/ templink] || {{pkg|thunderbird}} || 2015-02-24 || <= 31.4.0-1 || 31.5.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000238.html ASA-201502-15]<br />
|-<br />
| {{CVE|CVE-2015-0819}} {{CVE|CVE-2015-0821}} {{CVE|CVE-2015-0822}} {{CVE|CVE-2015-0823}} {{CVE|CVE-2015-0824}} {{CVE|CVE-2015-0825}} {{CVE|CVE-2015-0826}} {{CVE|CVE-2015-0827}} {{CVE|CVE-2015-0829}} {{CVE|CVE-2015-0830}} {{CVE|CVE-2015-0831}} {{CVE|CVE-2015-0832}} {{CVE|CVE-2015-0834}} {{CVE|CVE-2015-0835}} {{CVE|CVE-2015-0836}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2015-02-24 || <= 35.0.1-1 || 36.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000237.html ASA-201502-14]<br />
|-<br />
| {{CVE|CVE-2015-0240}} [https://www.samba.org/samba/history/samba-4.1.17.html templink] || {{pkg|samba}} || 2015-02-23 || <= 4.1.16-1 || 4.1.17-1 || <1d || Fixed ({{bug|43923}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000236.html ASA-201502-13]<br />
|-<br />
| {{CVE|CVE-2014-9636}} [http://www.openwall.com/lists/oss-security/2014/11/02/2 templink] || {{pkg|unzip}} || 2014-11-02 || <= 6.0-9 || 6.0-10 || 75d || Fixed ({{bug|44171}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000250.html ASA-201503-9]<br />
|-<br />
| {{CVE|CVE-2015-1315}} [http://www.openwall.com/lists/oss-security/2015/02/17/4 templink] || {{pkg|unzip}} || 2014-11-02 || <= 6.0-9 || 6.0-9 || - || Not Affected || None<br />
|-<br />
| {{CVE|CVE-2014-9680}} [http://www.sudo.ws/sudo/alerts/tz.html templink] || {{pkg|sudo}} || 2015-02-09 || <= 1.8.12-1 || 1.8.12-1 || 4d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-5352}} {{CVE|CVE-2014-5353}} {{CVE|CVE-2014-5354}} {{CVE|CVE-2014-9421}} {{CVE|CVE-2014-9422}} {{CVE|CVE-2014-9423}} [http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2015-001.txt templink] [http://www.openwall.com/lists/oss-security/2014/12/16/1 templink] || {{pkg|krb5}} || 2015-02-03 || <= 1.13-1 || 1.13.1-1 || 14d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000235.html ASA-201502-12] <br />
|-<br />
| {{CVE|CVE-2015-0255}} [http://www.x.org/wiki/Development/Security/Advisory-2015-02-10/ templink] || {{pkg|xorg-server}} || 2015-02-10 || <= 1.16.3-2|| 1.16.4-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000234.html ASA-201502-11]<br />
|-<br />
| {{CVE|CVE-2015-1191}} [http://www.openwall.com/lists/oss-security/2015/01/18/3 templink] || {{pkg|pigz}} || 2015-01-18 || <= 2.3.1-1 || 2.3.3-1 || 21d || Fixed ({{bug|43748}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000232.html ASA-201502-9]<br />
|-<br />
| {{CVE|CVE-2015-0245}} [http://lists.freedesktop.org/archives/dbus/2015-February/016553.html templink] || {{pkg|dbus}} || 2015-02-09 || <= 1.8.14-1 || 1.8.16-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000233.html ASA-201502-10]<br />
|-<br />
| {{CVE|CVE-2015-1472}} {{CVE|CVE-2015-1473}} || {{pkg|glibc}} || 2015-02-05 || <= 2.20-6 || 2.21-1 ||4d || Fixed ({{bug|43747}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000231.html ASA-201502-8]<br />
|-<br />
| {{CVE|CVE-2014-9297}} {{CVE|CVE-2014-9298}} [http://support.ntp.org/bin/view/Main/SecurityNotice#vallen_is_not_validated_in_sever templink] [http://support.ntp.org/bin/view/Main/SecurityNotice#1_can_be_spoofed_on_some_OSes_so templink]|| {{pkg|ntp}} || 2015-02-04 || <= 4.2.8-1 || 4.2.8.p1-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000230.html ASA-201502-7]<br />
|-<br />
| {{CVE|CVE-2014-9328}} || {{pkg|clamav}} || 2015-01-28 || <= 0.98.5-1 || 0.98.6-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000229.html ASA-201502-6]<br />
|-<br />
| {{CVE|CVE-2015-1209}} {{CVE|CVE-2015-1210}} {{CVE|CVE-2015-1211}} {{CVE|CVE-2015-1212}} [http://googlechromereleases.blogspot.fr/2015/02/stable-channel-update.html templink] || {{pkg|chromium}} || 2015-02-05 || <= 40.0.2214.94-1 || 40.0.2214.111-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000228.html ASA-201502-5]<br />
|-<br />
| {{CVE|CVE-2015-0313}} {{CVE|CVE-2015-0314}} {{CVE|CVE-2015-0315}} {{CVE|CVE-2015-0316}} {{CVE|CVE-2015-0317}} {{CVE|CVE-2015-0318}} {{CVE|CVE-2015-0319}} {{CVE|CVE-2015-0320}} {{CVE|CVE-2015-0321}} {{CVE|CVE-2015-0322}} {{CVE|CVE-2015-0323}} {{CVE|CVE-2015-0324}} {{CVE|CVE-2015-0325}} {{CVE|CVE-2015-0326}} {{CVE|CVE-2015-0327}} {{CVE|CVE-2015-0328}} {{CVE|CVE-2015-0329}} {{CVE|CVE-2015-0330}} [https://helpx.adobe.com/security/products/flash-player/apsb15-04.html templink] || {{pkg|flashplugin}} || 2015-02-05 || <= 11.2.202.440-1 || 11.2.202.442-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000225.html ASA-201502-2]<br />
|-<br />
| {{CVE|CVE-2014-8161}} {{CVE|CVE-2015-0241}} {{CVE|CVE-2015-0243}} {{CVE|CVE-2015-0244}} [http://www.postgresql.org/docs/9.4/static/release-9-4-1.html templink] || {{pkg|postgresql}} || 2015-02-05 || <= 9.4.0-1 || 9.4.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000227.html ASA-201502-4]<br />
|-<br />
| {{CVE|CVE-2015-1380}} {{CVE|CVE-2015-1381}} {{CVE|CVE-2015-1382}} [http://seclists.org/oss-sec/2015/q1/285 templink] || {{pkg|privoxy}} || 2015-01-26 || <= 3.0.22-1 || 3.0.23-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000224.html ASA-201502-1]<br />
|-<br />
| {{CVE|CVE-2015-0235}} [https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-0235 templink] || {{pkg|glibc}} || 2015-01-27 || < 2.18-1 || 2.18-1 || < 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-0311}} {{CVE|CVE-2015-0301}} {{CVE|CVE-2015-0302}} {{CVE|CVE-2015-0303}} {{CVE|CVE-2015-0304}} {{CVE|CVE-2015-0305}} {{CVE|CVE-2015-0306}} {{CVE|CVE-2015-0307}} {{CVE|CVE-2015-0308}} {{CVE|CVE-2015-0309}} [https://helpx.adobe.com/security/products/flash-player/apsb15-01.html templink] || {{pkg|flashplugin}} || 2015-01-23 || <= 11.2.202.438-1 || 11.2.202.440-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000220.html ASA-201501-22]<br />
|-<br />
| {{CVE|CVE-2015-0231}} {{CVE|CVE-2014-9427}} {{CVE|CVE-2015-0232}} [https://bugs.php.net/bug.php?id=68710 templink] [https://bugs.php.net/bug.php?id=68618 templink] [https://bugs.php.net/bug.php?id=68799 templink] || {{pkg|php}} || 2015-01-22 || <= 5.6.4-1 || 5.6.5-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000215.html ASA-201501-17]<br />
|-<br />
| {{CVE|CVE-2014-9638}} {{CVE|CVE-2014-9639}} {{CVE|CVE-2014-9640}} [http://www.openwall.com/lists/oss-security/2015/01/22/9 templink] || {{pkg|vorbis-tools}} || 2015-01-21 || <= 1.4.0-4 || 1.4.0-5 || 64d || Fixed ({{bug|44172}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000265.html ASA-201503-24]<br />
|-<br />
| {{CVE|CVE-2015-1345}} [http://seclists.org/oss-sec/2015/q1/179 templink] || {{pkg|grep}} || 2015-01-18 || <= 2.21-1 || 2.21-2 || 46d || Fixed ({{bug|44017}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000244.html ASA-201503-4]<br />
|-<br />
| {{CVE|CVE-2014-7923}} {{CVE|CVE-2014-7924}} {{CVE|CVE-2014-7925}} {{CVE|CVE-2014-7926}} {{CVE|CVE-2014-7927}} {{CVE|CVE-2014-7928}} {{CVE|CVE-2014-7930}} {{CVE|CVE-2014-7931}} {{CVE|CVE-2014-7929}} {{CVE|CVE-2014-7932}} {{CVE|CVE-2014-7933}} {{CVE|CVE-2014-7934}} {{CVE|CVE-2014-7935}} {{CVE|CVE-2014-7936}} {{CVE|CVE-2014-7937}} {{CVE|CVE-2014-7938}} {{CVE|CVE-2014-7939}} {{CVE|CVE-2014-7940}} {{CVE|CVE-2014-7941}} {{CVE|CVE-2014-7942}} {{CVE|CVE-2014-7943}} {{CVE|CVE-2014-7944}} {{CVE|CVE-2014-7945}} {{CVE|CVE-2014-7946}} {{CVE|CVE-2014-7947}} {{CVE|CVE-2014-7948}} {{CVE|CVE-2015-1205}} [http://googlechromereleases.blogspot.fr/2015/01/stable-update.html templink] || {{pkg|chromium}} || 2015-01-22 || <= 39.0.2171.99-1 || 40.0.2214.91-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000219.html ASA-201501-21]<br />
|-<br />
| {{CVE|CVE-2014-3566}} {{CVE|CVE-2014-6549}} {{CVE|CVE-2014-6585}} {{CVE|CVE-2014-6587}} {{CVE|CVE-2014-6591}} {{CVE|CVE-2014-6593}} {{CVE|CVE-2014-6601}} {{CVE|CVE-2015-0383}} {{CVE|CVE-2015-0395}} {{CVE|CVE-2015-0400}} {{CVE|CVE-2015-0403}} {{CVE|CVE-2015-0406}} {{CVE|CVE-2015-0407}} {{CVE|CVE-2015-0408}} {{CVE|CVE-2015-0410}} {{CVE|CVE-2015-0412}} {{CVE|CVE-2015-0413}} {{CVE|CVE-2015-0421}} {{CVE|CVE-2015-0437}} [http://www.oracle.com/technetwork/topics/security/cpujan2015verbose-1972976.html#JAVA templink] || {{pkg|jdk8-openjdk}} {{pkg|jre8-openjdk}} {{pkg|jre8-openjdk-headless}} || 2015-01-22 || <= 8.u25-2 || 8.u31-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000210.html ASA-201501-14] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000211.html ASA-201501-15] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000212.html ASA-201501-16]<br />
|-<br />
| {{CVE|CVE-2014-3566}} {{CVE|CVE-2014-6585}} {{CVE|CVE-2014-6587}} {{CVE|CVE-2014-6591}} {{CVE|CVE-2014-6593}} {{CVE|CVE-2014-6601}} {{CVE|CVE-2015-0383}} {{CVE|CVE-2015-0395}} {{CVE|CVE-2015-0407}} {{CVE|CVE-2015-0408}} {{CVE|CVE-2015-0410}} {{CVE|CVE-2015-0412}} [http://www.oracle.com/technetwork/topics/security/cpujan2015verbose-1972976.html#JAVA templink] || {{pkg|jdk7-openjdk}} {{pkg|jre7-openjdk}} {{pkg|jre7-openjdk-headless}} || 2015-01-22 || <= 7.u71_2.5.3-3 || 7.u75_2.5.4-1 || || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000216.html ASA-201501-18] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000217.html ASA-201501-19] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000218.html ASA-201501-20]<br />
|-<br />
| {{CVE|CVE-2014-8157}} {{CVE|CVE-2014-8158}} [http://seclists.org/oss-sec/2015/q1/210 templink] || {{pkg|jasper}} || 2015-01-22 || <= 1.900.1-12 || 1.900.1-13 || 5d || Fixed ({{bug|43592}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000222.html ASA-201501-23]<br />
|-<br />
| {{CVE|CVE-2014-8132}} [http://www.libssh.org/2014/12/19/libssh-0-6-4-security-and-bugfix-release/ templink] || {{pkg|libssh}} || 2014-12-19 || <= 0.6.3-1 || 0.6.4-1 || 26d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000208.html ASA-201501-12]<br />
|-<br />
| {{CVE|CVE-2015-1182}} [https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-04 templink] || {{pkg|polarssl}} || 2012-09-19 || <= 1.3.9-1 || 1.3.9-2 || 1d || Fixed ({{bug|43508}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000209.html ASA-201501-13]<br />
|-<br />
| {{CVE|CVE-2012-3505}} [http://www.openwall.com/lists/oss-security/2012/08/18/1 templink] || {{pkg|tinyproxy}} || 2012-09-10 || <= 1.8.3-1 || 1.8.4-1 || > 740d || Fixed ({{bug|38400}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000207.html ASA-201501-11]<br />
|-<br />
| {{CVE|CVE-2014-9447}} [https://git.fedorahosted.org/cgit/elfutils.git/commit/?id=147018e729e7c22eeabf15b82d26e4bf68a0d18e templink] || {{pkg|elfutils}} || 2015-01-19 || <= 0.161-2 || 0.161-3 || 42d || Fixed ({{bug|44019}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000242.html ASA-201503-2]<br />
|-<br />
| {{CVE|CVE-2014-9447}} [https://git.fedorahosted.org/cgit/elfutils.git/commit/?id=147018e729e7c22eeabf15b82d26e4bf68a0d18e templink] || {{pkg|lib32-elfutils}} || 2015-01-19 || <= 0.161-1 || 0.161-2 || 42d || Fixed ({{bug|44020}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000243.html ASA-201503-3]<br />
|-<br />
| {{CVE|CVE-2014-8143}} [https://www.samba.org/samba/security/CVE-2014-8143 templink] || {{pkg|samba}} || 2015-01-15 || <= 4.1.15-1 || 4.1.16-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000206.html ASA-201501-10]<br />
|-<br />
| {{CVE|CVE-2015-1197}} [http://www.openwall.com/lists/oss-security/2015/01/18/7 templink] || {{pkg|cpio}} || 2015-01-16 || <= 2.11-5 || 2.11-6 || 65d || Fixed ({{bug|44173}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000263.html ASA-201503-22]<br />
|-<br />
| {{CVE|CVE-2015-1196}} {{CVE|CVE-2014-9637}} [http://www.openwall.com/lists/oss-security/2015/01/18/6 templink] [https://savannah.gnu.org/bugs/?44051 templink] || {{pkg|patch}} || 2015-01-14 || <= 2.7.1-3 || 2.7.3-1 || 14d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000223.html ASA-201501-24]<br />
|-<br />
| {{CVE|CVE-2014-9571}} {{CVE|CVE-2014-9572}} {{CVE|CVE-2014-9573}} {{CVE|CVE-2014-9624}} {{CVE|CVE-2015-1042}} [http://www.openwall.com/lists/oss-security/2015/01/17/1 templink] [http://www.openwall.com/lists/oss-security/2015/01/17/3 templink] [http://www.openwall.com/lists/oss-security/2015/01/17/2 templink] [http://www.openwall.com/lists/oss-security/2015/01/18/11 templink] || {{pkg|mantisbt}} || 2015-01-17 || <= 1.2.18-1 || 1.2.19-1 || 20d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000226.html ASA-201502-3]<br />
|-<br />
| {{CVE|CVE-2014-8634}} {{CVE|CVE-2014-8635}} {{CVE|CVE-2014-8638}} {{CVE|CVE-2014-8639}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/ templink] || {{pkg|thunderbird}} || 2015-01-13 || <= 31.3.0-1 || 31.4.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000203.html ASA-201501-7]<br />
|-<br />
| {{CVE|CVE-2014-8634}} {{CVE|CVE-2014-8635}} {{CVE|CVE-2014-8636}} {{CVE|CVE-2014-8637}} {{CVE|CVE-2014-8638}} {{CVE|CVE-2014-8639}} {{CVE|CVE-2014-8640}} {{CVE|CVE-2014-8641}} {{CVE|CVE-2014-8642}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2015-01-13 || <= 34.0.5-1 || 35.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000202.html ASA-201501-6]<br />
|-<br />
| {{CVE|CVE-2014-3571}} {{CVE|CVE-2015-0206}} {{CVE|CVE-2014-3569}} {{CVE|CVE-2014-3572}} {{CVE|CVE-2015-0205}} {{CVE|CVE-2014-8275}} {{CVE|CVE-2014-3570}} [https://www.openssl.org/news/secadv_20150108.txt templink] || {{pkg|openssl}} || 2015-01-08 || <= 1.0.1.j-1 || 1.0.1.k-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000198.html ASA-201501-2]<br />
|-<br />
| {{CVE|CVE-2014-8150}} [http://curl.haxx.se/docs/adv_20150108B.html templink] || {{pkg|curl}} || 2015-01-08 || <= 7.39.0-1 || 7.40.0-1 || 10d || Fixed ({{bug|43379}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000205.html ASA-201501-9]<br />
|-<br />
| {{CVE|CVE-2014-6272}} [http://archives.seul.org/libevent/users/Jan-2015/msg00010.html templink] || {{pkg|libevent}} || 2015-01-05 || <= 2.0.21-3 || 2.0.22-1 || 7d || Fixed ({{bug|43366}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000200.html ASA-201501-4] <br />
|-<br />
| {{CVE|CVE-2014-8139}} {{CVE|CVE-2014-8140}} {{CVE|CVE-2014-8141}} [http://www.ocert.org/advisories/ocert-2014-011.html templink] || {{pkg|unzip}} || 2014-12-22 || <= 6.0-7 || 6.0-9 || 17d || Fixed ({{bug|43300}}) ({{bug|43391}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000199.html ASA-201501-3]<br />
|-<br />
| {{CVE|CVE-2014-6395}} {{CVE|CVE-2014-6396}} {{CVE|CVE-2014-9376}} {{CVE|CVE-2014-9377}} {{CVE|CVE-2014-9378}} {{CVE|CVE-2014-9379}} {{CVE|CVE-2014-9380}} {{CVE|CVE-2014-9381}} [https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/ templink] || {{pkg|ettercap}} {{pkg|ettercap-gtk}} || 2014-12-16 || <= 0.8.1-2 || 0.8.2-1 || 89d || Fixed ({{bug|44174}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000253.html ASA-201503-12] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000254.html ASA-201503-13]<br />
|-<br />
| {{CVE|CVE-2014-9425}} [https://bugs.php.net/bug.php?id=68676 templink] || {{pkg|php}} || 2014-12-29 || <= 5.6.4-1 || 5.6.5-1 || 6d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-9295}} {{CVE|CVE-2014-9296}} [http://support.ntp.org/bin/view/Main/SecurityNotice#Buffer_overflow_in_ctl_putdata templink] || {{pkg|ntp}} || 2014-12-19 || < 4.2.8-1 || 4.2.8-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000189.html ASA-201412-24]<br />
|-<br />
| {{CVE|CVE-2014-8142}} [https://bugzilla.redhat.com/show_bug.cgi?id=1175718 templink] || {{pkg|php}} || 2014-12-18 || <= 5.6.3-1 || 5.6.4-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000183.html ASA-201412-23]<br />
|-<br />
| {{CVE|CVE-2014-8137}} {{CVE|CVE-2011-4516}} {{CVE|CVE-2011-4517}} [https://marc.info/?l=oss-security&m=141891163026757&w=2 templink] || {{pkg|jasper}} || 2014-12-18 || <= 1.900.1-11 || 1.900.1-12 || 1d || Fixed ({{bug|43155}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000182.html ASA-201412-22]<br />
|-<br />
| {{CVE|CVE-2014-9029}} [https://marc.info/?l=oss-security&m=141770163916268&w=2 templink] || {{pkg|jasper}} || 2014-12-04 || <= 1.900.1-10 || 1.900.1-12 || 6d || Fixed ({{bug|43044}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000182.html ASA-201412-22]<br />
|-<br />
| {{CVE|CVE-2012-3406}} {{CVE|CVE-2014-9402}} [http://www.openwall.com/lists/oss-security/2014/12/18/1 templink] || {{pkg|glibc}} {{pkg|lib32-glibc}} || 2014-12-17 || <= 2.20-4 || 2.20-5 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000181.html ASA-201412-21]<br />
|-<br />
| {{CVE|CVE-2014-9253}} [http://seclists.org/oss-sec/2014/q4/1050 templink] || {{pkg|dokuwiki}} || 2014-12-15 || <= 20140929_a-1 || 20140929_b-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000177.html ASA-201412-19]<br />
|-<br />
| {{CVE|CVE-2014-3580}} {{CVE|CVE-2014-8108}} [https://subversion.apache.org/security/CVE-2014-3580-advisory.txt templink] [https://subversion.apache.org/security/CVE-2014-8108-advisory.txt templink] || {{pkg|subversion}} || 2014-12-16 || <= 1.8.10-1 || 1.8.11-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000175.html ASA-201412-17]<br />
|-<br />
| {{CVE|CVE-2014-9356}} {{CVE|CVE-2014-9357}} {{CVE|CVE-2014-9358}} [http://www.securityfocus.com/archive/1/534215 templink] || {{pkg|docker}} || 2014-12-12 || <= 1:1.3.2-1 || 1:1.4.0-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000174.html ASA-201412-16]<br />
|-<br />
| {{CVE|CVE-2013-1752}} {{CVE|CVE-2013-1753}} {{CVE|CVE-2014-9365}} [https://hg.python.org/cpython/raw-file/v2.7.9/Misc/NEWS templink] || {{pkg|python2}} || 2014-12-11 || <= 2.7.8-1 || 2.7.9-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000173.html ASA-201412-15]<br />
|-<br />
| {{CVE|CVE-2014-0580}} {{CVE|CVE-2014-0587}} {{CVE|CVE-2014-8443}} {{CVE|CVE-2014-9162}} {{CVE|CVE-2014-9163}} {{CVE|CVE-2014-9164}} [https://helpx.adobe.com/security/products/flash-player/apsb14-27.html templink] || {{pkg|flashplugin}} || 2014-12-09 || <= 11.2.202.424-1 || 11.2.202.425-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000171.html ASA-201412-13]<br />
|-<br />
| {{CVE|CVE-2014-8091}} {{CVE|CVE-2014-8092}} {{CVE|CVE-2014-8093}} {{CVE|CVE-2014-8094}} {{CVE|CVE-2014-8095}} {{CVE|CVE-2014-8096}} {{CVE|CVE-2014-8097}} {{CVE|CVE-2014-8098}} {{CVE|CVE-2014-8099}} {{CVE|CVE-2014-8100}} {{CVE|CVE-2014-8101}} {{CVE|CVE-2014-8102}} {{CVE|CVE-2014-8103}} [http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/ templink] || {{pkg|xorg-server}} || 2014-12-09 || <= 1.16.2-1 || 1.16.2.901-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000172.html ASA-201412-14]<br />
|-<br />
| {{CVE|CVE-2014-8093}} {{CVE|CVE-2014-8098}} {{CVE|CVE-2014-8298}} [https://nvidia.custhelp.com/app/answers/detail/a_id/3610 templink] || {{pkg|nvidia}} {{pkg|nvidia-lts}} || 2014-12-09 || <= 343.22-6 || 343.36-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000170.html ASA-201412-12]<br />
|-<br />
| {{CVE|CVE-2014-8093}} {{CVE|CVE-2014-8098}} {{CVE|CVE-2014-8298}} [https://nvidia.custhelp.com/app/answers/detail/a_id/3610 templink] || {{pkg|nvidia-340xx}} {{pkg|nvidia-340xx-lts}} || 2014-12-09 || <= 340.58-3 || 340.65-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000169.html ASA-201412-11]<br />
|-<br />
| {{CVE|CVE-2014-8093}} {{CVE|CVE-2014-8098}} {{CVE|CVE-2014-8298}} [https://nvidia.custhelp.com/app/answers/detail/a_id/3610 templink] || {{pkg|nvidia-304xx}} {{pkg|nvidia-304xx-lts}} || 2014-12-09 || < 304.125-1 || 304.125-1 || < 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000168.html ASA-201412-10]<br />
|-<br />
| {{CVE|CVE-2014-8601}} [http://doc.powerdns.com/md/security/powerdns-advisory-2014-02/ templink] || {{pkg|powerdns-recursor}} || 2014-12-09 || <= 3.6.1-1 || 3.6.2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000167.html ASA-201412-9]<br />
|-<br />
| {{CVE|CVE-2014-8602}} [https://unbound.net/downloads/CVE-2014-8602.txt templink] || {{pkg|unbound}} || 2014-12-09 || <= 1.5.0-1 || 1.5.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000166.html ASA-201412-8]<br />
|-<br />
| {{CVE|CVE-2014-8500}} {{CVE|CVE-2014-8680}} [http://svnweb.freebsd.org/ports?view=revision&revision=374305 templink] || {{pkg|bind}} || 2014-12-08 || <= 9.10.1-2 || 9.10.1.P1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000165.html ASA-201412-7]<br />
|-<br />
| {{CVE|CVE-2014-9274}} {{CVE|CVE-2014-9275}} [http://seclists.org/oss-sec/2014/q4/904 templink] || {{pkg|unrtf}} || 2014-12-04 || <= 0.21.5-1 || 0.21.7-1 || 10d || Fixed ({{bug|43131}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000178.html ASA-201412-20]<br />
|-<br />
| {{CVE|CVE-2014-1587}} {{CVE|CVE-2014-1588}} {{CVE|CVE-2014-1589}} {{CVE|CVE-2014-1590}} {{CVE|CVE-2014-1591}} {{CVE|CVE-2014-1592}} {{CVE|CVE-2014-1593}} {{CVE|CVE-2014-1594}} {{CVE|CVE-2014-8631}} {{CVE|CVE-2014-8632}} [https://www.mozilla.org/fr/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2014-12-02 || <= 33.1.1-1 || 34.0.5-1 || < 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000161.html ASA-201412-3]<br />
|-<br />
| {{CVE|CVE-2014-9157}} [http://seclists.org/oss-sec/2014/q4/872 templink] || {{pkg|graphviz}} || 2014-11-25 || <= 2.38.0-2 || 2.38.0-3 || 8d || Fixed ({{bug|42983}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000162.html ASA-201412-4]<br />
|-<br />
| {{CVE|CVE-2014-8123}} [http://seclists.org/oss-sec/2014/q4/874 templink] || {{pkg|antiword}} || 2014-12-01 || <= 0.37-4 || 0.37-5 || 3d || Fixed ({{bug|42982}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000163.html ASA-201412-5]<br />
|-<br />
| {{CVE|CVE-2014-8104}} [https://forums.openvpn.net/topic17625.html templink] || {{pkg|openvpn}} || 2014-11-30 || <= 2.3.5-1 || 2.3.6-1 || 4d || Fixed ({{bug|42975}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000160.html ASA-201412-2]<br />
|-<br />
| {{CVE|CVE-2014-9087}} [http://seclists.org/oss-sec/2014/q4/801 templink] || {{pkg|gnupg}} || 2014-11-25 || <= 2.1.0-5 || 2.1.0-6 || 4d || Fixed ({{bug|42943}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000159.html ASA-201412-1]<br />
|-<br />
| {{CVE|CVE-2014-9087}} [http://seclists.org/oss-sec/2014/q4/801 templink] || {{pkg|libksba}} || 2014-11-25 || <= 1.3.1-1 || 1.3.2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000156.html ASA-201411-31]<br />
|-<br />
| {{CVE|CVE-2014-9114}} [http://seclists.org/oss-sec/2014/q4/819 templink] || {{pkg|util-linux}} || 2014-11-27 || <= 2.25.2-1 || 2.26.1-3 || 117d || Fixed ({{bug|43886}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000264.html ASA-201503-23]<br />
|-<br />
| {{CVE|CVE-2014-9112}} [http://seclists.org/oss-sec/2014/q4/818 templink] || {{pkg|cpio}} || 2014-11-26 || <= 2.11-4 || 2.11-5 || 20d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000201.html ASA-201501-5]<br />
|-<br />
| {{CVE|CVE-2014-9116}} [http://seclists.org/oss-sec/2014/q4/835 templink] || {{pkg|mutt}} || 2014-11-27 || <= 1.5.23-1 || 1.5.23-2 || 71d || Fixed ({{bug|44110}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000247.html ASA-201503-6]<br />
|-<br />
| {{CVE|CVE-2014-9093}} [https://bugs.freedesktop.org/show_bug.cgi?id=86449 templink] || {{pkg|libreoffice-fresh}} || 2014-11-19 || <= 4.3.4-1 ||4.3.5-1 || 31d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-9092}} [https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768369#114 templink] || {{pkg|libjpeg-turbo}} || 2014-11-26 || <= 1.3.1-2 || 1.3.1-3 || 2d || Fixed ({{bug|42922}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000158.html ASA-201411-33]<br />
|-<br />
| {{CVE|CVE-2014-9272}} {{CVE|CVE-2014-9270}} {{CVE|CVE-2014-8987}} {{CVE|CVE-2014-9271}} {{CVE|CVE-2014-9281}} {{CVE|CVE-2014-8986}} {{CVE|CVE-2014-9269}} {{CVE|CVE-2014-9280}} {{CVE|CVE-2014-9089}} {{CVE|CVE-2014-9279}} {{CVE|CVE-2014-8988}} {{CVE|CVE-2014-8553}} {{CVE|CVE-2014-6387}} {{CVE|CVE-2014-6316}} {{CVE|CVE-2014-9117}} [https://www.mantisbt.org/bugs/view.php?id=17841 templink] [https://www.mantisbt.org/bugs/view.php?id=17811 templink] [http://seclists.org/oss-sec/2014/q4/955 templink] || {{pkg|mantisbt}} || 2014-11-25 || <= 1.2.17-4 || 1.2.18-1 || 13d || Fixed ({{bug|42920}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000164.html ASA-201412-6]<br />
|-<br />
| {{CVE|CVE-2014-9090}} [https://marc.info/?l=oss-security&m=141698775601426&w=2 templink] || {{pkg|linux}} {{pkg|linux-lts}} || 2014-11-26 || <= 3.18-rc6 || 3.19 || - || Not Affected || None<br />
|-<br />
| {{CVE|CVE-2014-9018}} {{CVE|CVE-2014-9091}} [http://seclists.org/oss-sec/2014/q4/694 templink] || {{pkg|icecast}} || 2014-11-20 || <= 2.4.0-1 || 2.4.1-1 || 8d || Fixed ({{bug|42912}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000157.html ASA-201411-32]<br />
|-<br />
| {{CVE|CVE-2014-8964}} [http://bugs.exim.org/show_bug.cgi?id=1546 templink] || {{pkg|pcre}} || 2014-11-18 || <= 8.36-1 || 8.36-2 || 8d || Fixed ({{bug|42860}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000154.html ASA-201411-29]<br />
|-<br />
| {{CVE|CVE-2014-8962}} {{CVE|CVE-2014-9028}} [http://www.ocert.org/advisories/ocert-2014-008.html templink] || {{pkg|flac}} || 2014-11-25 || <= 1.3.0-4 || 1.3.0-5 || < 1d || Fixed ({{bug|42898}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000155.html ASA-201411-30]<br />
|-<br />
| {{CVE|CVE-2014-7899}} {{CVE|CVE-2014-7900}} {{CVE|CVE-2014-7901}} {{CVE|CVE-2014-7902}} {{CVE|CVE-2014-7903}} {{CVE|CVE-2014-7904}} {{CVE|CVE-2014-7906}} {{CVE|CVE-2014-7907}} {{CVE|CVE-2014-7908}} {{CVE|CVE-2014-7909}} {{CVE|CVE-2014-7910}} [http://googlechromereleases.blogspot.in/2014/11/stable-channel-update_18.html templink] || {{pkg|chromium}} || 2014-11-20 || <= 38.0.2125.122-1 || 39.0.2171.65-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000151.html ASA-201411-26]<br />
|-<br />
| {{CVE|CVE-2014-9015}} {{CVE|CVE-2014-9016}} [http://seclists.org/oss-sec/2014/q4/697 templink] || {{pkg|drupal}} || 2014-11-19 || <= 7.33-1 || 7.34-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000150.html ASA-201411-25]<br />
|-<br />
| {{CVE|CVE-2013-6497}} [http://seclists.org/oss-sec/2014/q4/673 templink] || {{pkg|clamav}} || 2014-11-18 || <= 0.98.4-1 || 0.98.5-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000146.html ASA-201411-21]<br />
|-<br />
| {{CVE|CVE-2014-7817}} [https://sourceware.org/bugzilla/show_bug.cgi?id=17625 templink] || {{pkg|glibc}} {{pkg|lib32-glibc}} || 2014-11-19 || <= 2.20-2 || 2.20.3 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000152.html ASA-201411-27]<br />
|-<br />
| {{CVE|CVE-2014-8600}} [https://www.kde.org/info/security/advisory-20141113-1.txt templink] || {{pkg|kwebkitpart}} || 2014-11-18 || <= 1.3.4-2 || 1.3.4-3 || 4d || Fixed ({{bug|44170}} {{bug|42775}}) || None<br />
|-<br />
| {{CVE|CVE-2014-8767}} {{CVE|CVE-2014-8768}} {{CVE|CVE-2014-8769}} {{CVE|CVE-2014-9140}} {{CVE|CVE-2015-0261}} {{CVE|CVE-2015-2153}} {{CVE|CVE-2015-2154}} {{CVE|CVE-2015-2155}} [http://www.securityfocus.com/archive/1/534011/30/0/threaded templink] [http://www.securityfocus.com/archive/1/534010/30/0/threaded templink] [http://www.securityfocus.com/archive/1/534009/30/0/threaded templink] [https://github.com/the-tcpdump-group/tcpdump/commit/0f95d441e4b5d7512cc5c326c8668a120e048eda templink] || {{pkg|tcpdump}} || 2014-11-18 || <= 4.6.2-1 || 4.7.3-1 || 88d || Fixed ({{bug|44153}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000261.html ASA-201503-20]<br />
|-<br />
| {{CVE|CVE-2014-8090}} || {{pkg|ruby}} || 2014-11-13 || <= 2.1.4-1 || 2.1.5-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000141.html ASA-201411-16]<br />
|-<br />
| {{CVE|CVE-2014-7823}} || {{pkg|libvirt}} || 2014-11-13 || <= 1.2.10-1 ||1.2.11-1 ||33d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-8710}} {{CVE|CVE-2014-8711}} {{CVE|CVE-2014-8712}} {{CVE|CVE-2014-8713}} {{CVE|CVE-2014-8714}} [https://www.wireshark.org/security/wnpa-sec-2014-20.html templink] [https://www.wireshark.org/security/wnpa-sec-2014-21.html templink] [https://www.wireshark.org/security/wnpa-sec-2014-22.html templink] || {{pkg|wireshark-cli}} {{pkg|wireshark-gtk}} {{pkg|wireshark-qt}} || 2014-11-13 || <= 1.12.1-1 || 1.12.2-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000147.html ASA-201411-22] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000148.html ASA-201411-23] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000149.html ASA-201411-24]<br />
|-<br />
| {{CVE|CVE-2014-0573}} {{CVE|CVE-2014-0574}} {{CVE|CVE-2014-0576}} {{CVE|CVE-2014-0577}} {{CVE|CVE-2014-0581}} {{CVE|CVE-2014-0582}} {{CVE|CVE-2014-0583}} {{CVE|CVE-2014-0584}} {{CVE|CVE-2014-0585}} {{CVE|CVE-2014-0586}} {{CVE|CVE-2014-0588}} {{CVE|CVE-2014-0589}} {{CVE|CVE-2014-0590}} {{CVE|CVE-2014-8437}} {{CVE|CVE-2014-8438}} {{CVE|CVE-2014-8440}} {{CVE|CVE-2014-8441}} {{CVE|CVE-2014-8442}} [https://helpx.adobe.com/security/products/flash-player/apsb14-24.html templink] || {{pkg|flashplugin}} || 2014-11-11 || <= 11.2.202.411-1 || 11.2.202.418-1 || <1d || Fixed ({{bug|42769}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000136.html ASA-201411-11]<br />
|-<br />
| {{CVE|CVE-2014-3710}} [https://bugzilla.redhat.com/show_bug.cgi?id=1155071 templink] || {{pkg|php}} || 2014-10-29 || <= 5.6.2-2 || 5.6.3-1 || 14d || Fixed ({{bug|42764}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000138.html ASA-201411-13]<br />
|-<br />
| {{CVE|CVE-2014-8564}} [http://www.gnutls.org/security.html#GNUTLS-SA-2014-5 templink]|| {{pkg|gnutls}} || 2014-11-10 || <= 3.3.9-1 ||3.3.10-1 ||<1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000135.html ASA-201411-10]<br />
|-<br />
| {{CVE|CVE-2014-8716}} [http://seclists.org/oss-sec/2014/q4/591 templink]|| {{pkg|imagemagick}} || 2014-11-12 || <= 6.8.9.9-1 || 6.8.9.10-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000137.html ASA-201411-12]<br />
|-<br />
| {{CVE|CVE-2014-3710}} [https://bugzilla.redhat.com/show_bug.cgi?id=1155071 templink] || {{pkg|file}} || 2014-10-29 || <= 5.20-1 || 5.20-2 || 12d || Fixed ({{bug|42759}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000134.html ASA-201411-9]<br />
|-<br />
| {{CVE|CVE-2014-1569}} [https://bugzilla.mozilla.org/show_bug.cgi?id=1064670 templink] || {{pkg|nss}} || 2014-11-07 || <= 3.17.2-1 || 3.17.3-1 || 22d || Fixed ({{bug|42760}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000176.html ASA-201412-18]<br />
|-<br />
| {{CVE|CVE-2014-7824}} [http://www.openwall.com/lists/oss-security/2014/11/10/2 templink] || {{pkg|dbus}} || 2014-11-10 || <= 1.8.8-1 || 1.8.10-1 || 14d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000153.html ASA-201411-28]<br />
|-<br />
| {{CVE|CVE-2014-8598}} {{CVE|CVE-2014-7146}} [http://www.openwall.com/lists/oss-security/2014/11/07/27 templink] [http://www.openwall.com/lists/oss-security/2014/11/07/28 templink]|| {{pkg|mantisbt}} || 2014-11-08 || <= 1.2.17-3 || 1.2.17-4 || <4d || Fixed ({{bug|42761}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000133.html ASA-201411-8]<br />
|-<br />
| {{CVE|CVE-2014-8483}} [https://www.kde.org/info/security/advisory-20141104-1.txt templink] || {{pkg|konversation}} || 2014-11-04 || <= 1.5-1 || 1.5.1-1 || <4d || Fixed ({{bug|42698}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000130.html ASA-201411-5]<br />
|-<br />
| {{CVE|CVE-2014-3707}} [http://curl.haxx.se/docs/adv_20141105.html templink]|| {{pkg|curl}} || 2014-11-05 || <= 7.38.0-3 || 7.39.0-1 || 6d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000132.html ASA-201411-7]<br />
|-<br />
| {{CVE|CVE-2014-8651}} [http://seclists.org/oss-sec/2014/q4/520 templink]|| {{pkg|kdebase-workspace}} || 2014-11-04 || <= 4.11.13-1 || 4.11.13-2 || 6d || Fixed ({{bug|42679}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000131.html ASA-201411-6]<br />
|-<br />
| {{CVE|CVE-2014-8627}} {{CVE|CVE-2014-8628}} [http://www.openwall.com/lists/oss-security/2014/11/04/6 templink]|| {{pkg|polarssl}} || 2014-10-23 || <= 1.3.8-3 || 1.3.9-1 || 11d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000129.html ASA-201411-4]<br />
|-<br />
| {{CVE|CVE-2014-8321}} {{CVE|CVE-2014-8322}} {{CVE|CVE-2014-8323}} {{CVE|CVE-2014-8324}} [http://www.securityfocus.com/archive/1/533869/30/0/threaded templink]|| {{pkg|aircrack-ng}} || 2014-11-02 || <= 1.2beta3-1 || 1.2rc1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000127.html ASA-201411-2]<br />
|-<br />
| {{CVE|CVE-2014-8554}} [http://www.openwall.com/lists/oss-security/2014/10/30/9 templink]|| {{pkg|mantisbt}} || 2014-10-30 || <= 1.2.17-2 || 1.2.17-3 || 5d || Fixed ({{bug|42683}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000128.html ASA-201411-3]<br />
|-<br />
| {{CVE|CVE-2014-8354}} {{CVE|CVE-2014-8355}} {{CVE|CVE-2014-8561}} {{CVE|CVE-2014-8562}} [http://seclists.org/oss-sec/2014/q4/466 templink]|| {{pkg|imagemagick}} || 2014-10-29 || <= 6.8.9.8-1 || 6.8.9.9-1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-8517}} [http://seclists.org/oss-sec/2014/q4/459 templink]|| {{pkg|tnftp}} || 2014-10-28 || <= 20130505-2 || 20141031-1 || 4d || Fixed ({{bug|42646}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000126.html ASA-201411-1]<br />
|-<br />
| {{CVE|CVE-2014-4877}} [http://git.savannah.gnu.org/cgit/wget.git/commit/?id=18b0979357ed7dc4e11d4f2b1d7e0f5932d82aa7 templink]|| {{pkg|wget}} || 2014-10-27 || <= 1.15-1 || 1.16-1 || <2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000125.html ASA-201410-14]<br />
|-<br />
| {{CVE|CVE-2014-8484}} {{CVE|CVE-2014-8485}} {{CVE|CVE-2014-8501}} {{CVE|CVE-2014-8502}} {{CVE|CVE-2014-8503}} {{CVE|CVE-2014-8504}} {{CVE|CVE-2014-8737}} {{CVE|CVE-2014-8738}} [http://seclists.org/oss-sec/2014/q4/424 templink] [http://seclists.org/oss-sec/2014/q4/599 tmplink] [http://seclists.org/oss-sec/2014/q4/600 templink] || {{pkg|avr-binutils}} || 2014-10-23 || <= 2.24-2 || 2.24-3 || 27d || Fixed ({{bug|42773}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000145.html ASA-201411-20]<br />
|-<br />
| {{CVE|CVE-2014-8484}} {{CVE|CVE-2014-8485}} {{CVE|CVE-2014-8501}} {{CVE|CVE-2014-8502}} {{CVE|CVE-2014-8503}} {{CVE|CVE-2014-8504}} {{CVE|CVE-2014-8737}} {{CVE|CVE-2014-8738}} [http://seclists.org/oss-sec/2014/q4/424 templink] [http://seclists.org/oss-sec/2014/q4/599 tmplink] [http://seclists.org/oss-sec/2014/q4/600 templink] || {{pkg|mingw-w64-binutils}} || 2014-10-23 || <= 2.24-1 || 2.24-2 || 26d || Fixed ({{bug|42773}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000144.html ASA-201411-19]<br />
|-<br />
| {{CVE|CVE-2014-8484}} {{CVE|CVE-2014-8485}} {{CVE|CVE-2014-8501}} {{CVE|CVE-2014-8502}} {{CVE|CVE-2014-8503}} {{CVE|CVE-2014-8504}} {{CVE|CVE-2014-8737}} {{CVE|CVE-2014-8738}} [http://seclists.org/oss-sec/2014/q4/424 templink] [http://seclists.org/oss-sec/2014/q4/599 tmplink] [http://seclists.org/oss-sec/2014/q4/600 templink] || {{pkg|arm-none-eabi-binutils}} || 2014-10-23 || <= 2.24-2 || 2.24-3 || 26d || Fixed ({{bug|42773}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000143.html ASA-201411-18]<br />
|-<br />
| {{CVE|CVE-2014-8484}} {{CVE|CVE-2014-8485}} {{CVE|CVE-2014-8501}} {{CVE|CVE-2014-8502}} {{CVE|CVE-2014-8503}} {{CVE|CVE-2014-8504}} {{CVE|CVE-2014-8737}} {{CVE|CVE-2014-8738}} [http://seclists.org/oss-sec/2014/q4/424 templink] [http://seclists.org/oss-sec/2014/q4/599 tmplink] [http://seclists.org/oss-sec/2014/q4/600 templink] || {{pkg|binutils}} || 2014-10-23 || <= 2.24-7 || 2.24-8 || 26d || Fixed ({{bug|42773}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000142.html ASA-201411-17]<br />
|-<br />
| {{CVE|CVE-2014-8559}} [http://www.openwall.com/lists/oss-security/2014/10/30/7 templink] || {{pkg|linux}}, {{pkg|linux-lts}} || 2014-10-30 || <= 3.17.3-1, <= 3.14.24-1 ||3.17.4-1 3.14.25-1 || ~23d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-3610}} {{CVE|CVE-2014-3611}} {{CVE|CVE-2014-3646}} {{CVE|CVE-2014-3647}} {{CVE|CVE-2014-7825}} {{CVE|CVE-2014-7826}} {{CVE|CVE-2014-8369}} [http://permalink.gmane.org/gmane.comp.security.oss.general/14526 templink] [http://seclists.org/oss-sec/2014/q4/548 templink] || {{pkg|linux}}, {{pkg|linux-lts}} || 2014-10-21 || <= 3.17.2-1, <= 3.14.23-1 || 3.17.3-1, 3.14.24-1 || || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000139.html ASA-201411-14] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000140.html ASA-201411-15]<br />
|-<br />
| {{CVE|CVE-2014-8480}} {{CVE|CVE-2014-8481}} [http://permalink.gmane.org/gmane.comp.security.oss.general/14526 templink] || {{pkg|linux}} || 2014-10-21 || <= 3.17.2-1 || 3.17.3-1 || || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000139.html ASA-201411-14]<br />
|-<br />
| {{CVE|CVE-2014-3695}} {{CVE|CVE-2014-3696}} {{CVE|CVE-2014-3698}} [https://pidgin.im/news/security/ templink] || {{pkg|libpurple}} || 2014-10-22 || <= 2.10.9-2 || 2.10.10-1 || < 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000120.html ASA-201410-9]<br />
|-<br />
| {{CVE|CVE-2014-8760}} || {{pkg|ejabberd}} || 2014-10-13 || <= 14.07-1 || 14.07-2 || 14d || Fixed ({{bug|42541}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000124.html ASA-201410-13]<br />
|-<br />
| {{CVE|CVE-2014-3686}} || {{pkg|wpa_supplicant}}, {{pkg|hostapd}} || 2014-10-09 || <= 2.2-2 || 2.3-1 || ~10d || Fixed ({{bug|42401}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000119.html ASA-201410-8]<br />
|-<br />
| {{CVE|CVE-2014-0191}} {{CVE|CVE-2014-3660}} || {{pkg|libxml2}} || 2014-10-16 || <= 2.9.1-5 || 2.9.2-1 || 8d || Fixed ({{bug|40790}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000123.html ASA-201410-12]<br />
|-<br />
| {{CVE|CVE-2014-3704}} [https://www.drupal.org/SA-CORE-2014-005 templink] || {{pkg|drupal}} || 2014-10-15 || <= 7.31-2 || 7.32-1 || 1d || Fixed ({{bug|42388}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000118.html ASA-201410-7]<br />
|-<br />
| {{CVE|CVE-2014-3513}} {{CVE|CVE-2014-3566}} {{CVE|CVE-2014-3567}} {{CVE|CVE-2014-3568}} [https://www.openssl.org/news/secadv_20141015.txt templink] [https://www.openssl.org/~bodo/ssl-poodle.pdf temp link] || {{pkg|openssl}} || 2014-10-15 || <= 1.0.1.i-1 || 1.0.1.j-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000117.html ASA-201410-6]<br />
|-<br />
| {{CVE|CVE-2014-8242}} [http://www.openwall.com/lists/oss-security/2014/10/13/2 temp link] || {{pkg|librsync}} || 2014-10-12 || <= 0.9.7-7 || 1.0.0-1 || 166d || Fixed ({{bug|44175}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000251.html ASA-201503-10]<br />
|-<br />
| {{CVE|CVE-2014-7203}} {{CVE|CVE-2014-7202}} [http://seclists.org/oss-sec/2014/q3/776 temp link] || {{pkg|zeromq}} || 2014-09-27 || <= 4.0.4-4 || 4.0.5-1 || 18d || Fixed ({{bug|42381}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000116.html ASA-201410-4]<br />
|-<br />
| {{CVE|CVE-2014-6051}} {{CVE|CVE-2014-6052}} {{CVE|CVE-2014-6053}} {{CVE|CVE-2014-6054}} {{CVE|CVE-2014-6055}} [http://seclists.org/oss-sec/2014/q3/639 temp link] || {{pkg|libvncserver}} || 2014-09-23 || <= 0.9.9-3 || 0.9.10-1 || 31d || Fixed ({{bug|42321}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000121.html ASA-201410-10]<br />
|-<br />
| {{CVE|CVE-2014-3683}} [http://www.rsyslog.com/remote-syslog-pri-vulnerability-cve-2014-3683/ temp link] || {{pkg|rsyslog}} || 2014-10-02 || <= 8.4.1-1 || 8.4.2-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000115.html ASA-201410-5]<br />
|-<br />
| {{CVE|CVE-2014-7204}} [http://seclists.org/oss-sec/2014/q3/842 temp link] || {{pkg|ctags}} || 2014-09-29 || <= 5.8-4 || 5.8-5 || 26d || Fixed ({{bug|42246}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000122.html ASA-201410-11]<br />
|-<br />
| {{CVE|CVE-2014-7295}} [https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-October/000163.html temp link] || {{pkg|mediawiki}} || 2014-10-02 || <= 1.23.4-1 || 1.23.5-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000114.html ASA-201410-3]<br />
|-<br />
| {{CVE|CVE-2014-3661}} {{CVE|CVE-2014-3662}} {{CVE|CVE-2014-3663}} {{CVE|CVE-2014-3664}} {{CVE|CVE-2014-3680}} {{CVE|CVE-2014-3681}} {{CVE|CVE-2014-3666}} {{CVE|CVE-2014-3667}} {{CVE|CVE-2013-2186}} {{CVE|CVE-2014-1869}} {{CVE|CVE-2014-3678}} {{CVE|CVE-2014-3679}} [https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01 temp link] || {{pkg|jenkins}} || 2014-10-01 || <= 1.582-1 || 1.583-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000113.html ASA-201410-2]<br />
|-<br />
| {{CVE|CVE-2014-3634}} [http://www.rsyslog.com/remote-syslog-pri-vulnerability/ temp link] || {{pkg|rsyslog}} || 2014-09-30 || <= 8.4.0-1 || 8.4.1-1 || 1d || Fixed ({{bug|42200}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000112.html ASA-201410-1]<br />
|-<br />
| {{CVE|CVE-2014-3657}} {{CVE|CVE-2014-3633}} [https://www.debian.org/security/2014/dsa-3038 temp link] || {{pkg|libvirt}} || 2014-09-26 || <= 1.2.8-1 || 1.2.8-2 || 3d || Fixed ({{bug|42159}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-September/000111.html ASA-201409-5]<br />
|-<br />
| {{CVE|CVE-2014-7199}} [https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-September/000161.html temp link] || {{pkg|mediawiki}} || 2014-09-24 || <= 1.23.3-1 || 1.23.4-1 || 5d || Fixed ({{bug|42161}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-September/000109.html ASA-201409-4]<br />
|-<br />
| {{CVE|CVE-2014-7185}} [http://bugs.python.org/issue21831 temp link] || {{pkg|python2}} || 2014-09-24 || < 2.7.8 || 2.7.8-1 || < 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-September/000102.html ASA-201409-3]<br />
|-<br />
| {{CVE|CVE-2014-1568}} [https://www.mozilla.org/security/announce/2014/mfsa2014-73.html temp link] || {{pkg|nss}} || 2014-09-24 || < 3.17.1 || 3.17.1-1 || < 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-September/000097.html ASA-201409-1]<br />
|-<br />
| {{CVE|CVE-2014-6271}} {{CVE|CVE-2014-7169}} {{CVE|CVE-2014-7186}} {{CVE|CVE-2014-7187}} {{CVE|CVE-2014-6277}} {{CVE|CVE-2014-6278}} [http://seclists.org/oss-sec/2014/q3/649 temp link] || {{pkg|bash}} || 2014-09-24 || <= 4.3.024-1 || 4.3.026-1 || 2d || Fixed ({{bug|42109}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-September/000099.html ASA-201409-2]<br />
|-<br />
| {{CVE|CVE-2014-3635}} {{CVE|CVE-2014-3636}} {{CVE|CVE-2014-3637}} {{CVE|CVE-2014-3638}} {{CVE|CVE-2014-3639}} [http://www.openwall.com/lists/oss-security/2014/09/16/9 temp link] || {{pkg|dbus}} {{pkg|libdbus}} {{pkg|lib32-libdbus}} || 2014-09-16 || < 1.8.8 || 1.8.8-1 || 1d || Fixed ({{bug|41993}}) || None<br />
|-<br />
| {{CVE|CVE-2014-3613}} {{CVE|CVE-2014-3620}} [http://curl.haxx.se/docs/security.html temp link] || {{pkg|curl}} {{pkg|lib32-curl}}|| 2014-09-10 || < 7.38.0 || 7.38.0-1 || 5d ({{pkg|curl}}), 7d ({{pkg|lib32-curl}}) || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-3609}} [http://www.squid-cache.org/Advisories/SQUID-2014_2.txt temp link] || {{pkg|squid}} || 2014-08-28 || < 3.4.7 || 3.4.7-1 || < 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-5119}} [https://sourceware.org/bugzilla/show_bug.cgi?id=17187 temp link] || {{pkg|glibc}} || 2014-07-21 || <= 2.19 || 2.20-2 || 55d || Fixed ({{bug|41713}}) || None<br />
|-<br />
| {{CVE|CVE-2014-3508}} {{CVE|CVE-2014-5139}} {{CVE|CVE-2014-3509}} {{CVE|CVE-2014-3505}} {{CVE|CVE-2014-3506}} {{CVE|CVE-2014-3507}} {{CVE|CVE-2014-3510}} {{CVE|CVE-2014-3511}} {{CVE|CVE-2014-3512}} [https://www.openssl.org/news/secadv_20140806.txt temp link] || {{pkg|openssl}} || 2014-08-06 || < 1.0.1.i || 1.0.1.i-1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0226}} [http://www.zerodayinitiative.com/advisories/ZDI-14-236/ temp link] || {{pkg|apache}} || 2014-07-15 || < 2.4.10 || 2.4.10-1 || ~7d || Fixed ({{bug|41244}}) || None<br />
|-<br />
| {{CVE|CVE-2014-4943}} [http://www.openwall.com/lists/oss-security/2014/07/17/1 temp link] || {{pkg|linux}}, {{pkg|linux-lts}}, {{pkg|linux-grsec}} || 2014-07-16 || || 3.15.5.201407170639-1 {{pkg|linux-grsec}}, 3.14.16 ({{pkg|linux-lts}}), 3.16 ({{pkg|linux}}) || 1d ({{pkg|linux-grsec}}), 23d ({{pkg|linux-lts}}), 27d {{pkg|linux}} || Fixed in {{pkg|linux}}, {{pkg|linux-lts}} ({{bug|41231}}), Fixed in {{pkg|linux-grsec}} || None<br />
|-<br />
| {{CVE|CVE-2014-0475}} [http://www.openwall.com/lists/oss-security/2014/07/10/7 temp link] || {{pkg|glibc}} || 2014-07-10 || <=2.19 || 2.20-2 || 66d || Fixed ({{bug|41166}}) || None<br />
|-<br />
| {{CVE|CVE-2014-4699}} [http://www.openwall.com/lists/oss-security/2014/07/04/4 temp link] || {{Pkg|linux}}, {{pkg|linux-lts}}, {{pkg|linux-grsec}} || 2014-07-04 || || 3.15.3.201407060933-1 {{pkg|linux-grsec}}, 3.15.4-1 {{pkg|linux}}, 3.14.11-1 {{pkg|linux-lts}} || 2d ({{pkg|linux-grsec}}), 3d ({{pkg|linux}}, {{pkg|linux-lts}}) || Fixed ({{bug|41115}}) || None<br />
|-<br />
| {{CVE|CVE-2014-4715}} [http://www.openwall.com/lists/oss-security/2014/07/02/13 temp link] || {{Pkg|lz4}} || 2014-07-02 || || 119-1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-4611}} [http://www.openwall.com/lists/oss-security/2014/06/26/25 temp link] || {{Pkg|linux}}, {{pkg|linux-grsec}}, {{pkg|lz4}} || 2014-06-26 || || 3.15.2-1 ({{pkg|linux}}), 3.15.2.201406262058-1 ({{pkg|linux-grsec}}), 118-1 {{pkg|lz4}} || <1d ({{pkg|linux}}, {{pkg|linux-grsec}}, {{pkg|lz4}}) || Fixed in {{pkg|linux}} ({{bug|40992}}), Fixed in {{pkg|linux-grsec}}, Fixed in {{pkg|lz4}} ({{bug|40997}}) || None<br />
|-<br />
| {{CVE|CVE-2014-4610}} [http://www.openwall.com/lists/oss-security/2014/06/26/23 temp link] || {{Pkg|ffmpeg}} || 2014-06-26 || || 1:2.2.4-1 || <2d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-4609}} [http://www.openwall.com/lists/oss-security/2014/06/26/22 temp link] || {{Pkg|gst-libav}} || 2014-06-26 || 1.2.4-1 || 1.2.4-2 (with libav 9.14) || 2d || Fixed ({{bug|40995}}) || None<br />
|-<br />
| {{CVE|CVE-2014-4608}} [http://www.openwall.com/lists/oss-security/2014/06/26/21 temp link] || {{Pkg|linux}}, {{pkg|linux-lts}}, {{pkg|linux-grsec}} || 2014-06-26 || || 3.15.2-1 ({{pkg|linux}}), 3.10.45-1 ({{pkg|linux-lts}}), 3.15.2.201406262058-1 ({{pkg|linux-grsec}}) || <1d ({{pkg|linux}}, {{pkg|linux-lts}}, {{pkg|linux-grsec}}) || Fixed in {{pkg|linux}} and {{pkg|linux-lts}} ({{bug|40992}}), Fixed in {{pkg|linux-grsec}} || None<br />
|-<br />
| {{CVE|CVE-2014-4607}} [http://www.openwall.com/lists/oss-security/2014/06/26/20 temp link] || {{Pkg|lzo2}} || 2014-06-26 || || 2.07-2 || 3d || Fixed ({{bug|40993}}) || None<br />
|-<br />
| {{CVE|CVE-2014-4617}} [http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000345.html temp link] || {{Pkg|gnupg}} || 2014-06-24 || < 2.0.24 || 2.0.24 || 7d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0244}} {{CVE|CVE-2014-3493}} [https://www.samba.org/samba/history/samba-4.1.9.html temp link] || {{Pkg|samba}} || 2014-06-23 || < 4.1.9 || 4.1.9 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1545}} [https://www.mozilla.org/security/announce/2014/mfsa2014-55.html temp link] || {{Pkg|nspr}} || 2014-06-10 || < 4.10.6 || 4.10.6 || ~1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-3859}} || {{Pkg|bind}} || 2014-06-11 || 9.10.0, 9.10.0-P1 || 9.10.0-P2 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-3477}} || {{Pkg|dbus}} || 2014-06-10 || <= 1.8.2 || 1.8.4 || 3d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0195}} {{CVE|CVE-2014-0198}} {{CVE|CVE-2010-5298}} {{CVE|CVE-2014-3470}} {{CVE|CVE-2014-0224}} {{CVE|CVE-2014-0221}} [http://www.openssl.org/news/secadv_20140605.txt temp link] || {{Pkg|openssl}} || 2014-06-05 || 1.0.1 - 1.0.1g || 1.0.1h || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-3153}} [http://seclists.org/oss-sec/2014/q2/467 temp link]|| {{Pkg|linux}}, {{pkg|linux-lts}}, {{Pkg|linux-grsec}} || 2014-06-05 || ? || 3.14.6 ({{pkg|linux}}), 3.10.42-1 ({{pkg|linux-lts}}), 3.14.5.201406051310-1 ({{pkg|linux-grsec}})|| 3d ({{pkg|linux}}, {{pkg|linux-lts}}), <1d ({{pkg|linux-grsec}}) || Fixed in {{pkg|linux}} ({{bug|40715}}), Fixed in {{pkg|linux-lts}}, Fixed in {{pkg|linux-grsec}} || None<br />
|-<br />
| {{CVE|CVE-2014-3466}} [https://bugzilla.redhat.com/show_bug.cgi?id=1101932 temp link]|| {{Pkg|gnutls}} || 2014-05-30 || < 3.3.3 || 3.3.3 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0209}} {{CVE|CVE-2014-0210}} {{CVE|CVE-2014-0211}}|| {{Pkg|libxfont}} || 2014-05-13 || < 1.4.18 || 1.4.18 || 3d || Fixed ({{Bug|40409 }}) || None<br />
|-<br />
| {{CVE|CVE-2014-0196}} [https://bugzilla.redhat.com/show_bug.cgi?id=1094232 temp-link] || {{Pkg|linux}}, {{Pkg|linux-lts}}, {{pkg|linux-grsec}} || 2014-05-05 || 2.6.31 - 3.14 || 3.14.3-2 ({{pkg|linux}}), 3.10.39-2 ({{pkg|linux-lts}}), 3.14.3.201405121814-1 ({{pkg|linux-grsec}}) || 7d ({{pkg|linux}}), 8d {{pkg|linux-lts}}, <1d ({{pkg|linux-grsec}}) || Fixed in {{pkg|linux}} ({{Bug|40232}}), Fixed in {{pkg|linux-lts}}, Fixed in {{pkg|linux-grsec}} || None<br />
|-<br />
| {{CVE|CVE-2014-2905}} {{CVE|CVE-2014-2906}} {{CVE|CVE-2014-2914}} [https://bugzilla.redhat.com/show_bug.cgi?id=1092091 temp-link] || {{Pkg|fish}} || 2014-04-28 || 1.16.0 - 2.1.0 || 2.2.1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0160}} || {{Pkg|openssl}} || 2014-04-07 || 1.0.1 - 1.0.1f || 1.0.1g || ~1d || Fixed ({{Bug|39775}}) || None<br />
|-<br />
| {{CVE|CVE-2014-1700}} {{CVE|CVE-2014-1701}} {{CVE|CVE-2014-1702}} {{CVE|CVE-2014-1703}} {{CVE|CVE-2014-1704}} {{CVE|CVE-2014-1705}} {{CVE|CVE-2014-1713}} {{CVE|CVE-2014-1715}} || {{Pkg|chromium}} {{Pkg|v8}} || 2014-03-11 || 32 || 33 || 4d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0098}} {{CVE|CVE-2013-6438}}|| {{Pkg|apache}} || 2014-03-17 || 2.4.8 || 2.4.9 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1492}} || {{Pkg|nss}} || 2014-03-18 || 3.15.5 || 3.16 || 22d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1493}} {{CVE|CVE-2014-1494}} {{CVE|CVE-2014-1497}} {{CVE|CVE-2014-1498}} {{CVE|CVE-2014-1499}} {{CVE|CVE-2014-1500}} {{CVE|CVE-2014-1502}} {{CVE|CVE-2014-1504}} {{CVE|CVE-2014-1505}} {{CVE|CVE-2014-1508}} {{CVE|CVE-2014-1509}} {{CVE|CVE-2014-1510}} {{CVE|CVE-2014-1511}} {{CVE|CVE-2014-1512}} {{CVE|CVE-2014-1513}} {{CVE|CVE-2014-1514}} || {{Pkg|firefox}} {{Pkg|thunderbird}} || 2014-03-18 || 27 || 28 || 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-2240}} {{CVE|CVE-2014-2241}}|| {{Pkg|freetype2}} || ? || 2.5.2 || 2.5.3 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-2029}}|| {{Pkg|xtrabackup}} || 2014-02-16 || 2.1.7 || 2.1.8 || 28d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1958}} {{CVE|CVE-2014-2030}}|| {{Pkg|imagemagick}} || ? || ? || 6.8.8.9-1 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1943}} {{CVE|CVE-2014-2270}}|| {{Pkg|php}} || 2014-03-06 || 5.5.9 || 5.5.110 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0404}} {{CVE|CVE-2014-0406}} {{CVE|CVE-2014-0407}} || {{Pkg|virtualbox}} || 2014-02-28 || 4.3.4 || 4.3.6 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-2323}} {{CVE|CVE-2014-2324}} || {{Pkg|lighttpd}} || 2014-03-12 || 1.4.34 || 1.4.35 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0333}} || {{Pkg|libpng}} || 2014-02-28 || 1.6.9 || 1.6.10 || 9d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0017}} || {{Pkg|libssh}} || 2014-03-04 || ? || 0.5.5-3 || 5d || Fixed || None<br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/628 CVE-2013-7339] || {{Pkg|linux}} || 2014-03-20 || < 3.5.7.29 || 3.5.7.29 || 0d || Fixed || None<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2568 CVE-2014-2568] || {{Pkg|linux}} || 2014-03-18 || ? || ? || ? || Not Affected ({{Bug|39566}}) ||<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2524 CVE-2014-2524] || {{Pkg|tigervnc}} || 2014-03-19 || ? || 1.3.1 || 1d || Fixed || None<br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/595 CVE-2013-7338] || {{Pkg|python}} || 2014-03-19 || 3.4beta || 3.4 || ? || Fixed ({{Bug|39540}}) || None<br />
|-<br />
| [http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html CVE-2014-0133 ] || {{Pkg|nginx}} || 2014-03-18 || ? || 1.4.7 || 0d || Fixed || None<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2013-7336 CVE-2013-7336 ] || {{Pkg|libvirt}} || 2013-09-19 || ? || 1.1.1-7 (in RHEL 7) || 0d || Fixed || None<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2523 CVE-2014-2523 ] || {{Pkg|linux}} || 2014-03-17 || ? || 3.13-rc5 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0004}} || {{Pkg|udisks2}} & {{Pkg|udisks}} || 2014-03-10 || 2.1.3 / 1.0.5 || 2.1.3 / 1.0.5 || 3d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-2281}} {{CVE|CVE-2014-2282}} {{CVE|CVE-2014-2283}} {{CVE|CVE-2014-2299}} || {{Pkg|wireshark-cli}} || 2014-03-10 || 1.10.6 || 1.10.6 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0050}} || {{Pkg|tomcat7}} || 2014-02-06 || 7.0.51 || 7.0.51 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0033}} || {{Pkg|tomcat6}} || 2014-01-10 || 6.0.37 || 6.0.37 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0032}} || {{Pkg|subversion}} || 2014-01-10 || 1.8.6 || 1.8.6 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0060}} {{CVE|CVE-2014-0061}} {{CVE|CVE-2014-0062}} {{CVE|CVE-2014-0063}} {{CVE|CVE-2014-0064}} {{CVE|CVE-2014-0065}} {{CVE|CVE-2014-0066}} {{CVE|CVE-2014-0067}} || {{Pkg|postgresql}} || 2014-02-20 || <=9.3.3 || 9.3.3-1 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1912}} || {{Pkg|python}} {{Pkg|python2}} || 2014-02-07 || ? || 2.7.6-3 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2013-4496}} {{CVE|CVE-2013-6442}} || {{Pkg|samba}} || 2014-03-14 || ? || 4.1.6 || 2d || Fixed ({{Bug|39424}}) || None<br />
|-<br />
| {{CVE|CVE-2014-0504}} || {{Pkg|flashplugin}} || 2014-03-12 || ? || 11.2.202.346 || 1d || Fixed ({{Bug|39385}}) || None<br />
|-<br />
| {{CVE|CVE-2014-0106}} || {{Pkg|sudo}} || || 1.8.9.p5 || 1.8.10 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-2285}} {{CVE|CVE-2014-2284}} || {{Pkg|net-snmp}} || 2014-03-05 || ? || 5.7.2.1-2 || 8d || Fixed ({{Bug|39190}}) || None<br />
|-<br />
| {{CVE|CVE-2014-0092}} || {{Pkg|gnutls}} || 2014-03-04 || <3.2.12 || 3.2.12-1 || 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-2242}} {{CVE|CVE-2014-2243}} {{CVE|CVE-2014-2244}} || {{Pkg|mediawiki}} || 2014-03-14 || <1.22.3 || 1.22.3 || 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-2093}} {{CVE|CVE-2014-2094}} {{CVE|CVE-2014-2095}} {{CVE|CVE-2014-2096}} || {{Pkg|catfish}} || 2014-02-25 || <1.0.1 || 1.0.1 || 8d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0497}} || {{Pkg|flashplugin}} || 2014-02-04 || ? || 11.2.202.346 || 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0015}} || {{Pkg|curl}} || 2014-01-29 || <7.35 || 7.35 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1610}} || {{Pkg|mediawiki}} || 2014-01-29 || <1.22.2 || 1.22.2 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0021}} || {{Pkg|chrony}} || 2014-01-17 || <1.29.1-1 || 1.29.1-1 || 14d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1875}} || {{Pkg|perl-capture-tiny}} || 2014-02-06 || ? || 0.24-1 || 4d || Fixed ({{Bug|38862}}) || None<br />
|-<br />
| {{CVE|CVE-2013-6493}} || {{Pkg|icedtea-web-java7}} || 2014-02-05 || <1.4.2 || 1.4.2 || 0d || Fixed || None<br />
|- <br />
| {{CVE|CVE-2014-1858}} {{CVE|CVE-2014-1859}} || {{Pkg|python-numpy}} || 2014-02-06 || ? || 1.8.0-2 || 4d || Fixed ({{Bug|38863}}) || None<br />
|-<br />
| {{CVE|CVE-2014-1932}} {{CVE|CVE-2014-1933}} || {{Pkg|python-pillow}} || 2014-02-10 || <2.3.1 || 2.3.1 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1935}} || {{Pkg|9base}} || 2014-02-10 || ? || ? || ? || ? ||<br />
|-<br />
| {{CVE|CVE-2014-1949}} [http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-1949.html temp link] || {{Pkg|cinnamon-screensaver}} || 2014-02-12 || 2.0.3 || ? || ? || ? ||<br />
|-<br />
| {{CVE|CVE-2014-1959}} || {{Pkg|gnutls}} || 2014-02-13 || <3.2.11 || 3.2.11 || 2d || Fixed || None<br />
|- <br />
| {{CVE|CVE-2014-1943}} {{CVE|CVE-2014-2270}} || {{Pkg|file}} || 2014-02-10 || <5.17 || 5.17-1 || 3d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0001}} {{CVE|CVE-2014-0412}} {{CVE|CVE-2014-0437}} {{CVE|CVE-2014-0420}} {{CVE|CVE-2014-0393}} {{CVE|CVE-2014-0386}} {{CVE|CVE-2014-0401}} {{CVE|CVE-2014-0402}} || {{Pkg|mariadb}} || 2014-01-31 || <5.5.35 || 5.5.35-1 || 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1447}} || {{Pkg|libvirt}} || 2014-01-16 || <1.2.1 || 1.2.1 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0979}} || lightdm-gtk* || 2014-01-07 || ? || ? || 25d || Fixed ({{Bug|38715}}) || None<br />
|-<br />
| {{CVE|CVE-2014-1475}} {{CVE|CVE-2014-1476}} || {{Pkg|drupal}} || 2014-01-15 || <7.26 || 7.26-1 || 12d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0019}} || {{Pkg|socat}} || 2014-01-29 || <1.7.2.3 || 1.7.2.3 || 0d || Fixed || None<br />
|- <br />
| {{CVE|CVE-2014-1838}} {{CVE|CVE-2014-1839}} || {{Pkg|python-logilab-common}} || 2014-01-31 || ? || ? || 3d || Fixed [https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737051] || None<br />
|-<br />
| {{CVE|CVE-2014-0368}} {{CVE|CVE-2014-0373}} {{CVE|CVE-2014-0376}} {{CVE|CVE-2014-0411}} {{CVE|CVE-2014-0416}} {{CVE|CVE-2014-0422}} {{CVE|CVE-2014-0423}} {{CVE|CVE-2014-0428}} || *-openjdk-* || 2014-01-15 || ? || ? || 2d || ? ||<br />
|-<br />
| {{CVE|CVE-2014-1402}} || {{Pkg|python-jinja}} || 2014-01-10 || <2.7.2 || 2.7.2 || 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2013-6462}} || {{Pkg|libxfont}} || 2014-01-07 || <1.4.7 || 1.4.7 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1235}} || {{Pkg|graphviz}} || 2014-01-07 || <2.36.0 || 2.34.0-3 || 3d || Fixed ({{Bug|38441}}) || None<br />
|-<br />
| {{CVE|CVE-2014-0978}} || {{Pkg|freerdp}} || 2014-01-10 || <1.0.2 || 1.0.2-5 || 67d || Fixed ({{Bug|38802}}) || None<br />
|-<br />
|}</div>
Anthraxx
https://wiki.archlinux.org/index.php?title=Security_Advisories&diff=453836
Security Advisories
2016-10-13T15:52:30Z
<p>Anthraxx: advisory for gdk-pixbuf2</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Related articles start}}<br />
{{Related|Arch CVE Monitoring Team}}<br />
{{Related|CVE}}<br />
{{Related|Security Advisories/Examples}}<br />
{{Related articles end}}<br />
<br />
Security Advisories are published by the community driven [[Arch CVE Monitoring Team]] to the public [https://mailman.archlinux.org/mailman/listinfo/arch-security arch-security] list.<br />
All published advisories can be found below, however if you want to be up-to-date its recommended to subscribe to the [https://mailman.archlinux.org/mailman/listinfo/arch-security list]. All assigned CVE's are tracked at the relevant CVE page [[CVE]], by the [[Arch_CVE_Monitoring_Team|ACMT]].<br />
<br />
==Scheduled Advisories==<br />
<br />
==Recent Advisories==<br />
Here is an archive of security advisories posted to the [https://mailman.archlinux.org/mailman/listinfo/arch-security arch-security] list.<br />
<br />
=== October 2016 ===<br />
* [13 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000737.html ASA-201610-9] {{pkg|gdk-pixbuf2}} arbitrary code execution<br />
* [11 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000736.html ASA-201610-8] {{pkg|crypto++}} information disclosure<br />
* [09 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000735.html ASA-201610-7] {{pkg|wpa_supplicant}} multiple issues<br />
* [08 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000734.html ASA-201610-6] {{pkg|imagemagick}} multiple issues<br />
* [07 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000733.html ASA-201610-5] {{pkg|messagelib}} multiple issues<br />
* [07 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000732.html ASA-201610-4] {{pkg|kcoreaddons}} insufficient validation<br />
* [03 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000731.html ASA-201610-3] {{pkg|hostapd}} multiple issues<br />
* [03 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000730.html ASA-201610-2] {{pkg|systemd}} denial of service<br />
* [03 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000729.html ASA-201610-1] {{pkg|chromium}} arbitrary code execution<br />
<br />
=== September 2016 ===<br />
* [30 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000728.html ASA-201609-32] {{pkg|wordpress}} multiple issues<br />
* [30 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000727.html ASA-201609-31] {{pkg|c-ares}} arbitrary code execution<br />
* [28 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000726.html ASA-201609-30] {{pkg|openssl}} denial of service<br />
* [28 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000725.html ASA-201609-29] {{pkg|bind}} denial of service<br />
* [27 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000724.html ASA-201609-28] {{pkg|lib32-openssl}} denial of service<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000723.html ASA-201609-27] {{pkg|wireshark-cli}} denial of service<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000722.html ASA-201609-26] {{pkg|lib32-gnutls}} certificate verification bypass<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000721.html ASA-201609-25] {{pkg|gnutls}} certificate verification bypass<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000720.html ASA-201609-24] {{pkg|lib32-openssl}} multiple issues<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000719.html ASA-201609-23] {{pkg|openssl}} multiple issues<br />
* [22 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000718.html ASA-201609-22] {{pkg|firefox}} multiple issues<br />
* [22 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000717.html ASA-201609-21] {{pkg|tomcat7}} proxy injection<br />
* [22 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000716.html ASA-201609-20] {{pkg|irssi}} arbitrary code execution<br />
* [20 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000715.html ASA-201609-19] {{pkg|curl}} denial of service<br />
* [20 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000714.html ASA-201609-18] {{pkg|lib32-curl}} denial of service<br />
* [20 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000713.html ASA-201609-17] {{pkg|lib32-jansson}} denial of service<br />
* [18 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000712.html ASA-201609-16] {{pkg|php}} multiple issues<br />
* [17 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000711.html ASA-201609-15] {{pkg|jansson}} denial of service<br />
* [17 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000710.html ASA-201609-14] {{pkg|lib32-libgcrypt}} information disclosure<br />
* [17 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000709.html ASA-201609-13] {{pkg|chromium}} multiple issues<br />
* [15 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000708.html ASA-201609-12] {{pkg|lib32-flashplugin}} multiple issues<br />
* [15 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000707.html ASA-201609-11] {{pkg|flashplugin}} multiple issues<br />
* [14 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000706.html ASA-201609-10] {{pkg|mariadb}} multiple issues<br />
* [13 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000705.html ASA-201609-9] {{pkg|powerdns}} denial of service<br />
* [13 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000704.html ASA-201609-8] {{pkg|libtorrent-rasterbar}} denial of service<br />
* [10 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000703.html ASA-201609-7] {{pkg|tomcat8}} proxy injection<br />
* [09 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000702.html ASA-201609-6] {{pkg|graphicsmagick}} multiple issues<br />
* [09 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000701.html ASA-201609-5] {{pkg|file-roller}} directory traversal<br />
* [09 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000700.html ASA-201609-4] {{pkg|wordpress}} multiple issues<br />
* [04 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000699.html ASA-201609-3] {{pkg|thunderbird}} arbitrary code execution<br />
* [01 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000698.html ASA-201609-2] {{pkg|webkit2gtk}} multiple issues<br />
* [01 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000697.html ASA-201609-1] {{pkg|chromium}} multiple issues<br />
<br />
=== August 2016 ===<br />
* [30 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000696.html ASA-201608-22] {{pkg|mupdf}} arbitrary code execution<br />
* [30 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000695.html ASA-201608-21] {{pkg|mupdf}} arbitrary code execution<br />
* [27 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000694.html ASA-201608-20] {{pkg|wireshark-cli}} denial of service<br />
* [26 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000693.html ASA-201608-19] {{pkg|mediawiki}} multiple issues<br />
* [22 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000692.html ASA-201608-18] {{pkg|libgcrypt}} information disclosure<br />
* [21 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000691.html ASA-201608-17] {{pkg|linux-lts}} information disclosure<br />
* [17 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000690.html ASA-201608-16] {{pkg|chromium}} multiple issues<br />
* [17 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000689.html ASA-201608-15] {{pkg|linux-zen}} information disclosure<br />
* [14 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000688.html ASA-201608-14] {{pkg|postgresql}} multiple issues<br />
* [14 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000687.html ASA-201608-13] {{pkg|linux-grsec}} information disclosure<br />
* [14 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000686.html ASA-201608-12] {{pkg|linux}} information disclosure<br />
* [11 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000685.html ASA-201608-11] {{pkg|websvn}} cross-site scripting<br />
* [10 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000684.html ASA-201608-10] {{pkg|jq}} arbitrary code execution<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000683.html ASA-201608-9] {{pkg|curl}} multiple issues<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000682.html ASA-201608-8] {{pkg|libupnp}} arbitrary filesystem access<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000681.html ASA-201608-7] {{pkg|lib32-glibc}} denial of service<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000680.html ASA-201608-6] {{pkg|glibc}} denial of service<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000679.html ASA-201608-5] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000678.html ASA-201608-4] {{pkg|jre7-openjdk}} multiple issues<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000677.html ASA-201608-3] {{pkg|jdk7-openjdk}} multiple issues<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000676.html ASA-201608-2] {{pkg|firefox}} multiple issues<br />
* [02 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000675.html ASA-201608-1] {{pkg|openssh}} information leakage<br />
<br />
=== July 2016 ===<br />
* [30 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000674.html ASA-201607-14] {{pkg|libidn}} denial of service<br />
* [29 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000673.html ASA-201607-13] {{pkg|imagemagick}} information leakage<br />
* [24 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000672.html ASA-201607-12] {{pkg|chromium}} multiple issues<br />
* [22 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000671.html ASA-201607-11] {{pkg|python2-django}} cross site scripting<br />
* [22 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000670.html ASA-201607-10] {{pkg|python-django}} cross site scripting<br />
* [21 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000669.html ASA-201607-9] {{pkg|drupal}} proxy injection<br />
* [20 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000668.html ASA-201607-8] {{pkg|bind}} denial of service<br />
* [18 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000667.html ASA-201607-7] {{pkg|lib32-flashplugin}} multiple issues<br />
* [18 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000666.html ASA-201607-6] {{pkg|flashplugin}} multiple issues<br />
* [17 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000665.html ASA-201607-5] {{pkg|gimp}} arbitrary code execution<br />
* [10 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000664.html ASA-201607-4] {{pkg|thunderbird}} arbitrary code execution<br />
* [05 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000663.html ASA-201607-3] {{pkg|libreoffice-fresh}} arbitrary code execution<br />
* [05 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000662.html ASA-201607-2] {{pkg|xerces-c}} denial of service<br />
* [05 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000661.html ASA-201607-1] {{pkg|libarchive}} arbitrary code execution<br />
<br />
=== June 2016 ===<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000660.html ASA-201606-25] {{pkg|phpmyadmin}} multiple issues<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000659.html ASA-201606-24] {{pkg|libpurple}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000658.html ASA-201606-23] {{pkg|libdwarf}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000657.html ASA-201606-22] {{pkg|xerces-c}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000656.html ASA-201606-21] {{pkg|vlc}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000655.html ASA-201606-20] {{pkg|chromium}} arbitrary code execution<br />
* [20 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000654.html ASA-201606-19] {{pkg|wget}} arbitrary file upload<br />
* [20 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000653.html ASA-201606-18] {{pkg|lib32-flashplugin}} multiple issues<br />
* [19 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000652.html ASA-201606-17] {{pkg|lib32-glibc}} denial of service<br />
* [19 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000651.html ASA-201606-16] {{pkg|glibc}} denial of service<br />
* [19 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000650.html ASA-201606-15] {{pkg|flashplugin}} multiple issues<br />
* [13 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000649.html ASA-201606-14] {{pkg|lib32-expat}} multiple issues<br />
* [13 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000648.html ASA-201606-13] {{pkg|expat}} multiple issues<br />
* [10 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000647.html ASA-201606-12] {{pkg|lib32-gnutls}} arbitrary file overwrite<br />
* [10 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000646.html ASA-201606-11] {{pkg|haproxy}} denial of service<br />
* [10 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000645.html ASA-201606-10] {{pkg|gnutls}} arbitrary file overwrite<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000644.html ASA-201606-9] {{pkg|qemu-arch-extra}} multiple issues<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000643.html ASA-201606-8] {{pkg|qemu}} multiple issues<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000642.html ASA-201606-7] {{pkg|firefox}} multiple issues<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000641.html ASA-201606-6] {{pkg|subversion}} multiple issues<br />
* [5 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000640.html ASA-201606-5] {{pkg|chromium}} multiple issues<br />
* [4 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000639.html ASA-201606-4] {{pkg|ntp}} distributed denial of service amplification<br />
* [4 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000638.html ASA-201606-3] {{pkg|webkit2gtk}} arbitrary code execution<br />
* [1 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000637.html ASA-201606-2] {{pkg|nginx-mainline}} denial of service<br />
* [1 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000636.html ASA-201606-1] {{pkg|nginx}} denial of service<br />
<br />
=== May 2016 ===<br />
<br />
* [28 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000635.html ASA-201605-28] {{pkg|chromium}} multiple issues<br />
* [26 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000634.html ASA-201605-27] {{pkg|libxml2}} multiple issues<br />
* [24 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000633.html ASA-201605-26] {{pkg|libndp}} man-in-the-middle<br />
* [19 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000632.html ASA-201605-25] {{pkg|bugzilla}} cross-site scripting<br />
* [18 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000631.html ASA-201605-24] {{pkg|p7zip}} arbitrary code execution<br />
* [18 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000630.html ASA-201605-23] {{pkg|lib32-expat}} arbitrary code execution<br />
* [18 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000629.html ASA-201605-22] {{pkg|expat}} arbitrary code execution<br />
* [15 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000628.html ASA-201605-21] {{pkg|thunderbird}} arbitrary code execution<br />
* [13 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000627.html ASA-201605-20] {{pkg|lib32-glibc}} multiple issues<br />
* [13 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000626.html ASA-201605-19] {{pkg|glibc}} multiple issues<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000625.html ASA-201605-18] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000624.html ASA-201605-17] {{pkg|libksba}} denial of service<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000623.html ASA-201605-16] {{pkg|flashplugin}} arbitrary code execution<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000622.html ASA-201605-15] {{pkg|chromium}} multiple issues<br />
* [10 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000621.html ASA-201605-14] {{pkg|cacti}} sql injection<br />
* [10 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000620.html ASA-201605-13] {{pkg|squid}} multiple issues<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000619.html ASA-201605-12] {{pkg|mencoder}} denial of service<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000618.html ASA-201605-11] {{pkg|mplayer}} denial of service<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000617.html ASA-201605-10] {{pkg|mercurial}} arbitrary code execution<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000616.html ASA-201605-9] {{pkg|latex2rtf}} arbitrary code execution<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000615.html ASA-201605-8] {{pkg|gd}} arbitrary code execution<br />
* [05 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000614.html ASA-201605-7] {{pkg|chromium}} multiple issues<br />
* [05 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000613.html ASA-201605-6] {{pkg|imagemagick}} arbitrary code execution<br />
* [05 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000612.html ASA-201605-5] {{pkg|quassel-core}} denial of service<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000611.html ASA-201605-4] {{pkg|lib32-openssl}} multiple issues<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000610.html ASA-201605-3] {{pkg|openssl}} multiple issues<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000609.html ASA-201605-2] {{pkg|jasper}} multiple issues<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000608.html ASA-201605-1] {{pkg|imlib2}} multiple issues<br />
<br />
=== April 2016 ===<br />
<br />
* [30 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000607.html ASA-201604-15] {{pkg|firefox}} multiple issues<br />
* [23 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000606.html ASA-201604-14] {{pkg|squid}} multiple issues<br />
* [23 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000605.html ASA-201604-13] {{pkg|samba}} multiple issues<br />
* [23 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000604.html ASA-201604-12] {{pkg|thunderbird}} multiple issues<br />
* [22 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000603.html ASA-201604-11] {{pkg|pgpdump}} denial of service<br />
* [17 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000602.html ASA-201604-10] {{pkg|chromium}} multiple issues<br />
* [17 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000601.html ASA-201604-9] {{pkg|libtasn1}} denial of service<br />
* [14 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000600.html ASA-201604-8] {{pkg|lhasa}} arbitrary code execution<br />
* [10 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000599.html ASA-201604-7] {{pkg|flashplugin}} arbitrary code execution<br />
* [06 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000598.html ASA-201604-6] {{pkg|mercurial}} arbitrary code execution<br />
* [04 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000597.html ASA-201604-5] {{pkg|optipng}} arbitrary code execution<br />
* [02 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000596.html ASA-201604-4] {{pkg|squid}} denial of service<br />
* [01 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000595.html ASA-201604-3] {{pkg|jre7-openjdk-headless}} sandbox escape<br />
* [01 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000594.html ASA-201604-2] {{pkg|jre7-openjdk}} sandbox escape<br />
* [01 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000593.html ASA-201604-1] {{pkg|jdk7-openjdk}} sandbox escape<br />
<br />
=== March 2016 ===<br />
<br />
* [29 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000592.html ASA-201603-27] {{pkg|jre8-openjdk-headless}} sandbox escape<br />
* [29 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000591.html ASA-201603-26] {{pkg|jre8-openjdk}} sandbox escape<br />
* [29 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000590.html ASA-201603-25] {{pkg|jdk8-openjdk}} sandbox escape<br />
* [26 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000589.html ASA-201603-24] {{pkg|chromium}} multiple issues<br />
* [24 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000588.html ASA-201603-23] {{pkg|expat}} arbitrary code execution<br />
* [24 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000587.html ASA-201603-22] {{pkg|botan}} multiple issues<br />
* [20 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000586.html ASA-201603-21] {{pkg|thunderbird}} multiple issues<br />
* [20 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000585.html ASA-201603-20] {{pkg|git}} remote command execution<br />
* [14 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000584.html ASA-201603-19] {{pkg|dropbear}} command injection<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000583.html ASA-201603-18] {{pkg|pcre}} arbitrary code execution<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000582.html ASA-201603-17] {{pkg|wireshark-gtk}} denial of service<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000581.html ASA-201603-16] {{pkg|wireshark-qt}} denial of service<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000580.html ASA-201603-15] {{pkg|wireshark-cli}} denial of service<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000579.html ASA-201603-14] {{pkg|pidgin-otr}} arbitrary code execution<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000578.html ASA-201603-13] {{pkg|bind}} denial of service<br />
* [11 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000577.html ASA-201603-12] {{pkg|openssh}} command injection<br />
* [11 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000576.html ASA-201603-11] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [11 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000575.html ASA-201603-10] {{pkg|flashplugin}} arbitrary code execution<br />
* [10 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000574.html ASA-201603-9] {{pkg|perl}} improper input validation<br />
* [10 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000573.html ASA-201603-8] {{pkg|exim}} privilege escalation<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000572.html ASA-201603-7] {{pkg|bind}} denial of service<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000571.html ASA-201603-6] {{pkg|libotr}} arbitrary code execution<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000570.html ASA-201603-5] {{pkg|chromium}} multiple issues<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000569.html ASA-201603-4] {{pkg|firefox}} multiple issues<br />
* [7 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000568.html ASA-201603-3] {{pkg|lib32-openssl}} multiple issues<br />
* [7 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000567.html ASA-201603-2] {{pkg|openssl}} multiple issues<br />
* [3 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000566.html ASA-201603-1] {{pkg|chromium}} multiple issues<br />
<br />
=== February 2016 ===<br />
<br />
* [28 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000565.html ASA-201602-24] {{pkg|cacti}} SQL injection<br />
* [28 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000564.html ASA-201602-23] {{pkg|lib32-glibc}} unbound stack usage<br />
* [28 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000563.html ASA-201602-22] {{pkg|glibc}} unbound stack usage<br />
* [25 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000562.html ASA-201602-21] {{pkg|lib32-libssh2}} man-in-the-middle<br />
* [25 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000561.html ASA-201602-20] {{pkg|libssh2}} man-in-the-middle<br />
* [24 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000560.html ASA-201602-19] {{pkg|libgcrypt}} secret key extraction<br />
* [23 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000559.html ASA-201602-18] {{pkg|libssh}} man-in-the-middle<br />
* [21 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000558.html ASA-201602-17] {{pkg|chromium}} multiple issues<br />
* [21 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000557.html ASA-201602-16] {{pkg|thunderbird}} multiple issues<br />
* [17 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000555.html ASA-201602-15] {{pkg|lib32-glibc}} multiple issues<br />
* [17 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000554.html ASA-201602-14] {{pkg|glibc}} multiple issues<br />
* [13 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000553.html ASA-201602-13] {{pkg|nghttp2}} denial of service<br />
* [13 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000552.html ASA-201602-12] {{pkg|firefox}} same-origin policy bypass<br />
* [10 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000551.html ASA-201602-11] {{pkg|botan}} multiple issues<br />
* [10 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000550.html ASA-201602-10] {{pkg|kscreenlocker}} access restriction bypass<br />
* [6 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000549.html ASA-201602-9] {{pkg|lib32-libsndfile}} multiple issues<br />
* [6 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000548.html ASA-201602-8] {{pkg|libsndfile}} multiple issues<br />
* [4 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000547.html ASA-201602-7] {{pkg|libbsd}} denial of service<br />
* [3 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000546.html ASA-201602-6] {{pkg|lib32-nettle}} improper cryptographic calculations<br />
* [3 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000545.html ASA-201602-5] {{pkg|nettle}} improper cryptographic calculations<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000544.html ASA-201602-4] {{pkg|lib32-curl}} man-in-the-middle<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000543.html ASA-201602-3] {{pkg|curl}} man-in-the-middle<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000542.html ASA-201602-2] {{pkg|python2-django}} permission bypass<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000540.html ASA-201602-1] {{pkg|python-django}} permission bypass<br />
<br />
=== January 2016 ===<br />
* [29 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000539.html ASA-201601-33] {{pkg|lib32-openssl}} man-in-the-middle<br />
* [29 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000538.html ASA-201601-32] {{pkg|openssl}} man-in-the-middle<br />
* [27 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000536.html ASA-201601-31] {{pkg|nginx}} denial of service<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000535.html ASA-201601-30] {{pkg|blueman}} privilege escalation<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000534.html ASA-201601-29] {{pkg|mbedtls}} man-in-the-middle<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000533.html ASA-201601-28] {{pkg|chromium}} multiple issues<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000532.html ASA-201601-27] {{pkg|privoxy}} denial of service<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000531.html ASA-201601-26] {{pkg|linux-lts}} privilege escalation<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000530.html ASA-201601-25] {{pkg|ecryptfs-utils}} privilege escalation<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000529.html ASA-201601-24] {{pkg|python2-rsa}} signature forgery<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000528.html ASA-201601-23] {{pkg|python-rsa}} signature forgery<br />
* [21 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000527.html ASA-201601-22] {{pkg|libdwarf}} denial of service<br />
* [21 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000526.html ASA-201601-21] {{pkg|bind}} denial of service<br />
* [20 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000525.html ASA-201601-20] {{pkg|linux}} privilege escalation<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000524.html ASA-201601-19] {{pkg|ntp}} time alteration<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000523.html ASA-201601-18] {{pkg|roundcubemail}} remote code execution<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000522.html ASA-201601-17] {{pkg|ffmpeg}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000521.html ASA-201601-16] {{pkg|syncthing}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000520.html ASA-201601-15] {{pkg|keybase}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000519.html ASA-201601-14] {{pkg|hub}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000518.html ASA-201601-13] {{pkg|go-ipfs}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000517.html ASA-201601-12] {{pkg|docker}} information leakage<br />
* [16 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000516.html ASA-201601-11] {{pkg|go}} information leakage<br />
* [14 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000515.html ASA-201601-10] {{pkg|php}} multiple issues<br />
* [14 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000512.html ASA-201601-9] {{pkg|openssh}} multiple issues<br />
* [13 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000487.html ASA-201601-8] {{pkg|libxslt}} denial of service<br />
* [11 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000486.html ASA-201601-7] {{pkg|dhcpcd}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000485.html ASA-201601-6] {{pkg|wireshark-qt}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000484.html ASA-201601-5] {{pkg|wireshark-gtk}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000483.html ASA-201601-4] {{pkg|wireshark-cli}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000482.html ASA-201601-3] {{pkg|gajim}} man-in-the-middle<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000481.html ASA-201601-2] {{pkg|wordpress}} cross-side scripting<br />
* [02 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000480.html ASA-201601-1] {{pkg|rtmpdump}} multiple issues<br />
<br />
=== December 2015 ===<br />
<br />
* [28 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000479.html ASA-201512-19] {{pkg|openvpn}} out-of-bound read<br />
* [28 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000478.html ASA-201512-18] {{pkg|libpng}} buffer overflow<br />
* [28 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000477.html ASA-201512-17] {{pkg|flashplugin}}, {{pkg|lib32-flashplugin}} multiple issues<br />
* [25 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000476.html ASA-201512-16] {{pkg|nghttp2}} use-after-free<br />
* [25 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000475.html ASA-201512-15] {{pkg|mediawiki}} multiple issues<br />
* [25 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000474.html ASA-201512-14] {{pkg|thunderbird}} multiple issues<br />
* [22 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000473.html ASA-201512-13] {{pkg|claws-mail}} buffer overflow<br />
* [17 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000472.html ASA-201512-12] {{pkg|python2-pyamf}} XML external entity injection<br />
* [17 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000471.html ASA-201512-11] {{pkg|ruby}} unsafe tainted string usage<br />
* [16 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000468.html ASA-201512-10] {{pkg|bind}} denial of service<br />
* [15 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000467.html ASA-201512-9] {{pkg|firefox}} multiple issues<br />
* [10 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000466.html ASA-201512-8] {{pkg|keepassx}} information disclosure<br />
* [09 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000465.html ASA-201512-7] {{pkg|flashplugin}} multiple issues<br />
* [09 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000464.html ASA-201512-6] {{pkg|libxml2}} multiple issues<br />
* [09 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000463.html ASA-201512-5] {{pkg|chromium}} multiple issues<br />
* [05 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000462.html ASA-201512-4] {{pkg|nodejs}} denial of service<br />
* [05 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000460.html ASA-201512-3] {{pkg|python-django}} {{pkg|python2-django}} information leakage<br />
* [05 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000459.html ASA-201512-2] {{pkg|openssl}} {{pkg|lib32-openssl}} multiple issues<br />
* [02 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000440.html ASA-201512-1] {{pkg|chromium}} multiple issues<br />
<br />
=== November 2015 ===<br />
<br />
* [18 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000439.html ASA-201511-11] {{pkg|jenkins}} multiple issues<br />
* [17 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000438.html ASA-201511-10] {{pkg|lib32-libpng}} multiple issues<br />
* [17 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000437.html ASA-201511-9] {{pkg|libpng}} multiple issues<br />
* [13 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000436.html ASA-201511-8] {{pkg|chromium}} information leakage<br />
* [12 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000435.html ASA-201511-7] {{pkg|putty}} arbitrary code execution<br />
* [12 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000434.html ASA-201511-6] {{pkg|powerdns}} denial of service<br />
* [11 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000433.html ASA-201511-5] {{pkg|flashplugin}} multiple issues<br />
* [06 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000432.html ASA-201511-4] {{pkg|nspr}} arbitrary code execution<br />
* [06 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000431.html ASA-201511-3] {{pkg|nss}} arbitrary code execution<br />
* [04 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000430.html ASA-201511-2] {{pkg|firefox}} multiple issues<br />
* [03 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000429.html ASA-201511-1] {{pkg|unzip}} multiple issues<br />
<br />
=== October 2015 ===<br />
<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000428.html ASA-201510-26] {{pkg|mariadb}} denial of service<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000427.html ASA-201510-25] {{pkg|lldpd}} denial of service<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000426.html ASA-201510-24] {{pkg|wordpress}} multiple issues<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000425.html ASA-201510-23] {{pkg|phpmyadmin}} content spoofing<br />
* [27 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000424.html ASA-201510-22] {{pkg|vorbis-tools}} denial of service<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000423.html ASA-201510-21] {{pkg|drupal}} open redirect<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000422.html ASA-201510-20] {{pkg|jre8-openjdk-headless}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000421.html ASA-201510-19] {{pkg|jre8-openjdk}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000420.html ASA-201510-18] {{pkg|jdk8-openjdk}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000419.html ASA-201510-17] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000418.html ASA-201510-16] {{pkg|jre7-openjdk}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000417.html ASA-201510-15] {{pkg|jdk7-openjdk}} multiple issues<br />
* [22 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000416.html ASA-201510-14] {{pkg|ntp}} multiple issues<br />
* [19 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000415.html ASA-201510-13] {{pkg|spice}} multiple issues<br />
* [18 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000414.html ASA-201510-12] {{pkg|flashplugin}} arbitrary code execution<br />
* [18 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000413.html ASA-201510-11] {{pkg|miniupnpc}} arbitrary code execution<br />
* [16 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000412.html ASA-201510-10] {{pkg|firefox}} cross-origin restriction bypass<br />
* [15 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000411.html ASA-201510-9] {{pkg|mbedtls}} arbitrary code execution<br />
* [14 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000410.html ASA-201510-8] {{pkg|chromium}} multiple issues<br />
* [14 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000409.html ASA-201510-7] {{pkg|flashplugin}} multiple issues<br />
* [10 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000408.html ASA-201510-6] {{pkg|gdk-pixbuf2}} multiple issues<br />
* [08 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000407.html ASA-201510-5] {{pkg|opensmtpd}} multiple issues<br />
* [08 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000406.html ASA-201510-4] {{pkg|bugzilla}} unauthorized account creation<br />
* [05 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000405.html ASA-201510-3] {{pkg|nodejs}} denial of service<br />
* [05 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000404.html ASA-201510-2] {{pkg|hostapd}} denial of service<br />
* [05 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000403.html ASA-201510-1] {{pkg|libunwind}} denial of service<br />
<br />
=== September 2015 ===<br />
* [28 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000401.html ASA-201509-11] {{pkg|chromium}} cross-origin bypass<br />
* [25 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000400.html ASA-201509-10] {{pkg|rpcbind}} denial of service<br />
* [23 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000399.html ASA-201509-9] {{pkg|firefox}} multiple issues<br />
* [22 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000398.html ASA-201509-8] {{pkg|flashplugin}} multiple issues<br />
* [21 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000397.html ASA-201509-7] {{pkg|wordpress}} multiple issues<br />
* [13 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000395.html ASA-201509-6] {{pkg|icedtea-web}} multiple issues<br />
* [13 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000394.html ASA-201509-5] {{pkg|libvdpau}} {{pkg|lib32-libvdpau}} multiple issues<br />
* [13 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000393.html ASA-201509-4] {{pkg|openldap}} denial of service<br />
* [07 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000392.html ASA-201509-3] {{pkg|powerdns}} denial of service<br />
* [03 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000391.html ASA-201509-2] {{pkg|bind}} denial of service<br />
* [02 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000390.html ASA-201509-1] {{pkg|chromium}} multiple issues<br />
<br />
=== August 2015 ===<br />
* [28 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000389.html ASA-201508-12] {{pkg|firefox}} multiple issues<br />
* [26 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000388.html ASA-201508-11] {{pkg|pcre}} arbitrary code execution<br />
* [26 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000387.html ASA-201508-10] {{pkg|jasper}} denial of service<br />
* [25 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000386.html ASA-201508-9] {{pkg|django}} denial of service<br />
* [25 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000385.html ASA-201508-8] {{pkg|gnutls}} denial of service<br />
* [16 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000384.html ASA-201508-7] {{pkg|glibc}} denial of service<br />
* [14 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000383.html ASA-201508-6] {{pkg|freeradius}} insufficient CRL validation<br />
* [14 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000382.html ASA-201508-5] {{pkg|subversion}} authentication bypass<br />
* [12 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000381.html ASA-201508-4] {{pkg|firefox}} multiple issues<br />
* [11 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000380.html ASA-201508-3] {{pkg|ppp}} denial of service<br />
* [07 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000379.html ASA-201508-2] {{pkg|wordpress}} multiple issues<br />
* [07 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000378.html ASA-201508-1] {{pkg|firefox}} information leakage<br />
<br />
=== July 2015 ===<br />
* [29 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000377.html ASA-201507-23] {{pkg|pacman}} silent downgrade<br />
* [29 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000376.html ASA-201507-22] {{pkg|bind}} denial of service<br />
* [29 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000375.html ASA-201507-21] {{pkg|qemu}} multiple issues<br />
* [24 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000374.html ASA-201507-20] {{pkg|crypto++}} private key recovery<br />
* [24 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000373.html ASA-201507-19] {{pkg|libuser}} privilege escalation<br />
* [23 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000371.html ASA-201507-18] {{pkg|chromium}} multiple issues<br />
* [23 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000372.html ASA-201507-17] {{pkg|openssh}} authentication limits bypass<br />
* [22 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000370.html ASA-201507-16] {{pkg|jre7-openjdk}} multiple issues<br />
* [17 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000369.html ASA-201507-15] {{pkg|apache}} multiple issues<br />
* [16 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000368.html ASA-201507-14] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [16 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000367.html ASA-201507-13] {{pkg|flashplugin}} arbitrary code execution<br />
* [13 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000366.html ASA-201507-12] {{pkg|lib32-openssl}} man-in-the-middle<br />
* [12 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000365.html ASA-201507-11] {{pkg|lib32-krb5}} multiple issues<br />
* [12 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000364.html ASA-201507-10] {{pkg|krb5}} multiple issues<br />
* [11 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000363.html ASA-201507-9] {{pkg|thunderbird}} multiple issues<br />
* [09 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000362.html ASA-201507-8] {{pkg|openssl}} man-in-the-middle<br />
* [08 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000361.html ASA-201507-7] {{pkg|flashplugin}} remote code execution<br />
* [07 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000360.html ASA-201507-6] {{pkg|bind}} denial of service<br />
* [07 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000359.html ASA-201507-5] {{pkg|ntp}} denial of service<br />
* [04 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000358.html ASA-201507-4] {{pkg|openssh}} XSECURITY restrictions bypass<br />
* [04 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000357.html ASA-201507-3] {{pkg|haproxy}} information leakage<br />
* [03 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000356.html ASA-201507-2] {{pkg|firefox}} remote code execution<br />
* [03 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000355.html ASA-201507-1] {{pkg|wesnoth}} information leakage<br />
<br />
=== June 2015 ===<br />
* [24 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000346.html ASA-201506-5] {{pkg|flashplugin}} remote code execution<br />
* [22 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000345.html ASA-201506-4] {{pkg|curl}} information leakage<br />
* [12 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000344.html ASA-201506-3] {{pkg|openssl}} multiple issues<br />
* [10 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000343.html ASA-201506-2] {{pkg|cups}} multiple issues<br />
* [01 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000342.html ASA-201506-1] {{pkg|pcre}} buffer overflow<br />
<br />
=== May 2015 ===<br />
* [28 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000341.html ASA-201505-20] {{pkg|curl}} information leakage<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000340.html ASA-201505-19] {{pkg|webkitgtk2}} man-in-the-middle<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000339.html ASA-201505-18] {{pkg|webkitgtk}} man-in-the-middle<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000338.html ASA-201505-17] {{pkg|postgresql}} multiple issues<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000337.html ASA-201505-16] {{pkg|pgbouncer}} denial of service<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000336.html ASA-201505-15] {{pkg|nbd}} denial of service<br />
* [21 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000335.html ASA-201505-14] {{pkg|chromium}} multiple issues<br />
* [18 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000332.html ASA-201505-13] {{pkg|thunderbird}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000331.html ASA-201505-12] {{pkg|wireshark-gtk}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000330.html ASA-201505-11] {{pkg|wireshark-qt}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000329.html ASA-201505-10] {{pkg|wireshark-cli}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000328.html ASA-201505-9] {{pkg|qemu}} arbitrary code execution<br />
* [13 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000321.html ASA-201505-8] {{pkg|tomcat6}} denial of service<br />
* [13 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000320.html ASA-201505-7] {{pkg|firefox}} multiple issues<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000319.html ASA-201505-6] {{pkg|docker}} multiple issues<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000318.html ASA-201505-5] {{pkg|libtasn1}} arbitrary code execution<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000317.html ASA-201505-4] {{pkg|mariadb-clients}} multiple issues<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000316.html ASA-201505-3] {{pkg|mariadb}} multiple issues<br />
* [03 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000315.html ASA-201505-2] {{pkg|clamav}} multiple issues<br />
* [01 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000314.html ASA-201505-1] {{pkg|squid}} weak certificate validation<br />
<br />
=== Apr 2015 ===<br />
* [30 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000313.html ASA-201504-32] {{pkg|perl-xml-libxml}} xml external entity injection<br />
* [29 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000312.html ASA-201504-31] {{pkg|dovecot}} denial of service<br />
* [29 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000311.html ASA-201504-30] {{pkg|chromium}} multiple issues<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000310.html ASA-201504-29] {{pkg|wpa_supplicant}} arbitrary code execution<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000309.html ASA-201504-28] {{pkg|curl}} multiple issues<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000308.html ASA-201504-27] {{pkg|powerdns-recursor}} denial of service<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000307.html ASA-201504-26] {{pkg|powerdns}} denial of service<br />
* [23 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000305.html ASA-201504-25] {{pkg|glibc}} arbitrary code execution<br />
* [22 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000304.html ASA-201504-24] {{pkg|firefox}} arbitrary code execution<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000302.html ASA-201504-23] {{pkg|jre8-openjdk-headless}} multiple issues<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000301.html ASA-201504-22] {{pkg|jre8-openjdk}} multiple issues<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000300.html ASA-201504-21] {{pkg|jdk8-openjdk}} multiple issues<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000299.html ASA-201504-20] {{pkg|tcpdump}} denial of service<br />
* [18 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000298.html ASA-201504-19] {{pkg|chromium}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000297.html ASA-201504-18] {{pkg|flashplugin}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000296.html ASA-201504-17] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000295.html ASA-201504-16] {{pkg|jre7-openjdk}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000294.html ASA-201504-15] {{pkg|jdk7-openjdk}} multiple issues<br />
* [15 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000291.html ASA-201504-14] {{pkg|php}} multiple issues<br />
* [14 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000282.html ASA-201504-13] {{pkg|ruby}} permissive certificate matching<br />
* [11 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000281.html ASA-201504-12] {{pkg|icecast}} denial of service<br />
* [10 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000280.html ASA-201504-11] {{pkg|mediawiki}} multiple issues<br />
* [09 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000279.html ASA-201504-10] {{pkg|libssh2}} out-of-bounds read<br />
* [08 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000278.html ASA-201504-9] {{pkg|chrony}} denial of service<br />
* [08 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000275.html ASA-201504-8] {{pkg|ntp}} multiple issues<br />
* [07 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000274.html ASA-201504-7] {{pkg|tor}} multiple issues<br />
* [04 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000272.html ASA-201504-6] {{pkg|thunderbird}} multiple issues<br />
* [04 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000273.html ASA-201504-5] {{pkg|java-batik}} xml external entity injection<br />
* [04 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000271.html ASA-201504-4] {{pkg|firefox}} certificate verification bypass<br />
* [03 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000270.html ASA-201504-3] {{pkg|libtasn1}} stack overflow<br />
* [02 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000269.html ASA-201504-2] {{pkg|chromium}} remote code execution<br />
* [01 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000268.html ASA-201504-1] {{pkg|firefox}} multiple issues<br />
<br />
=== Mar 2015 ===<br />
* [31 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000267.html ASA-201503-26] {{pkg|musl}} arbitrary code execution<br />
* [28 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000266.html ASA-201503-25] {{pkg|php}} zip integer overflow<br />
* [25 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000265.html ASA-201503-24] {{pkg|vorbis-tools}} denial of service<br />
* [24 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000264.html ASA-201503-23] {{pkg|util-linux}} command injection<br />
* [23 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000263.html ASA-201503-22] {{pkg|cpio}} directory traversal<br />
* [21 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000262.html ASA-201503-21] {{pkg|firefox}} multiple issues<br />
* [20 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000261.html ASA-201503-20] {{pkg|tcpdump}} multiple issues<br />
* [20 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000260.html ASA-201503-19] {{pkg|xerces-c}} denial of service<br />
* [20 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000259.html ASA-201503-18] {{pkg|drupal}} multiple issues<br />
* [19 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000258.html ASA-201503-17] {{pkg|lib32-openssl}} multiple issues<br />
* [19 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000257.html ASA-201503-16] {{pkg|openssl}} multiple issues<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000256.html ASA-201503-15] {{pkg|libxfont}} multiple issues<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000255.html ASA-201503-14] {{pkg|ecryptfs-utils}} hard-coded passphrase salt<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000254.html ASA-201503-13] {{pkg|ettercap-gtk}} multiple issues<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000253.html ASA-201503-12] {{pkg|ettercap}} multiple issues<br />
* [16 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000252.html ASA-201503-11] {{pkg|flashplugin}} multiple issues<br />
* [16 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000251.html ASA-201503-10] {{pkg|librsync}} checksum collision<br />
* [15 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000250.html ASA-201503-9] {{pkg|unzip}} arbitrary code execution<br />
* [12 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000249.html ASA-201503-8] {{pkg|e2fsprogs}} arbitrary code execution<br />
* [11 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000248.html ASA-201503-7] {{pkg|python2-django}} {{pkg|python-django}} cross site scripting<br />
* [09 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000247.html ASA-201503-6] {{pkg|mutt}} denial of service<br />
* [05 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000245.html ASA-201503-5] {{pkg|chromium}} multiple issues<br />
* [05 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000244.html ASA-201503-4] {{pkg|grep}} denial of service<br />
* [02 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000243.html ASA-201503-3] {{pkg|lib32-elfutils}} directory traversal<br />
* [02 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000242.html ASA-201503-2] {{pkg|elfutils}} directory traversal<br />
* [02 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000241.html ASA-201503-1] {{pkg|putty}} information disclosure<br />
<br />
=== Feb 2015 ===<br />
* [25 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000238.html ASA-201502-15] {{pkg|thunderbird}} multiple issues<br />
* [25 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000237.html ASA-201502-14] {{pkg|firefox}} multiple issues<br />
* [23 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000236.html ASA-201502-13] {{pkg|samba}} arbitrary code execution<br />
* [17 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000235.html ASA-201502-12] {{pkg|krb5}} multiple issues<br />
* [11 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000234.html ASA-201502-11] {{pkg|xorg-server}} information leak and denial of service<br />
* [10 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000233.html ASA-201502-10] {{pkg|dbus}} denial of service<br />
* [09 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000232.html ASA-201502-9] {{pkg|pigz}} remote write to arbitrary file<br />
* [09 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000231.html ASA-201502-8] {{pkg|glibc}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000230.html ASA-201502-7] {{pkg|ntp}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000229.html ASA-201502-6] {{pkg|clamav}} arbitrary code execution<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000228.html ASA-201502-5] {{pkg|chromium}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000227.html ASA-201502-4] {{pkg|postgresql}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000226.html ASA-201502-3] {{pkg|mantisbt}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000225.html ASA-201502-2] {{pkg|flashplugin}} remote code execution<br />
* [03 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000224.html ASA-201502-1] {{pkg|privoxy}} denial of service<br />
<br />
=== Jan 2015 ===<br />
* [28 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000223.html ASA-201501-24] {{pkg|patch}} multiple issues<br />
* [27 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000222.html ASA-201501-23] {{pkg|jasper}} arbitrary code execution<br />
* [26 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000220.html ASA-201501-22] {{pkg|flashplugin}} multiple issues<br />
* [25 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000219.html ASA-201501-21] {{pkg|chromium}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000218.html ASA-201501-20] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000217.html ASA-201501-19] {{pkg|jre7-openjdk}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000216.html ASA-201501-18] {{pkg|jdk7-openjdk}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000215.html ASA-201501-17] {{pkg|php}} remote code execution<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000212.html ASA-201501-16] {{pkg|jre8-openjdk-headless}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000211.html ASA-201501-15] {{pkg|jre8-openjdk}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000210.html ASA-201501-14] {{pkg|jdk8-openjdk}} multiple issues<br />
* [20 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000209.html ASA-201501-13] {{pkg|polarssl}} remote code execution<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000208.html ASA-201501-12] {{pkg|libssh}} denial of service<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000207.html ASA-201501-11] {{pkg|tinyproxy}} denial of service<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000206.html ASA-201501-10] {{pkg|samba}} privilege elevation<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000205.html ASA-201501-9] {{pkg|curl}} url request injection<br />
* [15 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000204.html ASA-201501-8] {{pkg|flashplugin}} multiple issues<br />
* [14 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000203.html ASA-201501-7] {{pkg|thunderbird}} multiple issues<br />
* [14 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000202.html ASA-201501-6] {{pkg|firefox}} multiple issues<br />
* [14 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000201.html ASA-201501-5] {{pkg|cpio}} heap buffer overflow<br />
* [13 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000200.html ASA-201501-4] {{pkg|libevent}} heap overflow<br />
* [10 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000199.html ASA-201501-3] {{pkg|unzip}} arbitrary code execution<br />
* [09 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000198.html ASA-201501-2] {{pkg|openssl}} multiple issues<br />
* [07 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000192.html ASA-201501-1] {{pkg|imagemagick}} multiple issues<br />
<br />
=== Dec 2014 ===<br />
* [22 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000189.html ASA-201412-24] {{pkg|ntp}} multiple issues<br />
* [18 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000183.html ASA-201412-23] {{pkg|php}} use after free<br />
* [18 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000182.html ASA-201412-22] {{pkg|jasper}} arbitrary code execution<br />
* [18 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000181.html ASA-201412-21] {{pkg|glibc}} arbitrary code execution<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000178.html ASA-201412-20] {{pkg|unrtf}} arbitrary code execution<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000177.html ASA-201412-19] {{pkg|dokuwiki}} cross-site scripting<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000176.html ASA-201412-18] {{pkg|nss}} signature forgery<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000175.html ASA-201412-17] {{pkg|subversion}} denial of service<br />
* [15 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000174.html ASA-201412-16] {{pkg|docker}} multiple issues<br />
* [15 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000173.html ASA-201412-15] {{pkg|python2}} multiple issues<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000172.html ASA-201412-14] {{pkg|xorg-server}} multiple issues<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000171.html ASA-201412-13] {{pkg|flashplugin}} multiple issues<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000170.html ASA-201412-12] {{pkg|nvidia}} arbitrary code execution<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000169.html ASA-201412-11] {{pkg|nvidia-340xx}} arbitrary code execution<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000168.html ASA-201412-10] {{pkg|nvidia-304xx}} arbitrary code execution<br />
* [09 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000167.html ASA-201412-9] {{pkg|powerdns-recursor}} denial of service<br />
* [09 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000166.html ASA-201412-8] {{pkg|unbound}} denial of service<br />
* [08 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000165.html ASA-201412-7] {{pkg|bind}} denial of service<br />
* [08 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000164.html ASA-201412-6] {{pkg|mantisbt}} multiple issues<br />
* [04 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000163.html ASA-201412-5] {{pkg|antiword}} buffer overflow<br />
* [03 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000162.html ASA-201412-4] {{pkg|graphviz}} format string vulnerability<br />
* [03 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000161.html ASA-201412-3] {{pkg|firefox}} multiple issues<br />
* [02 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000160.html ASA-201412-2] {{pkg|openvpn}} denial of service<br />
* [01 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000159.html ASA-201412-1] {{pkg|gnupg}} denial of service<br />
<br />
=== Nov 2014 ===<br />
* [28 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000156.html ASA-201411-31] {{pkg|libksba}} denial of service<br />
* [28 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000157.html ASA-201411-32] {{pkg|icecast}} information leak<br />
* [28 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000158.html ASA-201411-33] {{pkg|libjpeg-turbo}} denial of service <br />
* [26 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000155.html ASA-201411-30] {{pkg|flac}} arbitrary code execution<br />
* [26 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000154.html ASA-201411-29] {{pkg|pcre}} heap buffer overflow<br />
* [23 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000153.html ASA-201411-28] {{pkg|dbus}} denial of service<br />
* [21 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000152.html ASA-201411-27] {{pkg|glibc}} command execution<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000151.html ASA-201411-26] {{pkg|chromium}} multiple issues<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000150.html ASA-201411-25] {{pkg|drupal}} session hijacking and denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000149.html ASA-201411-24] {{pkg|wireshark-qt}} denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000148.html ASA-201411-23] {{pkg|wireshark-gtk}} denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000147.html ASA-201411-22] {{pkg|wireshark-cli}} denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000146.html ASA-201411-21] {{pkg|clamav}} denial of service<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000145.html ASA-201411-20] {{pkg|avr-binutils}} multiple issues<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000144.html ASA-201411-19] {{pkg|mingw-w64-binutils}} multiple issues<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000143.html ASA-201411-18] {{pkg|arm-none-eabi-binutils}} multiple issues<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000142.html ASA-201411-17] {{pkg|binutils}} multiple issues<br />
* [17 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000141.html ASA-201411-16] {{pkg|ruby}} denial of service<br />
* [17 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000140.html ASA-201411-15] {{pkg|linux-lts}} local denial of service, privilege escalation<br />
* [17 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000139.html ASA-201411-14] {{pkg|linux}} local denial of service, privilege escalation<br />
* [13 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000138.html ASA-201411-13] {{pkg|php}} denial of service<br />
* [13 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000137.html ASA-201411-12] {{pkg|imagemagick}} denial of service<br />
* [13 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000136.html ASA-201411-11] {{pkg|flashplugin}} remote code execution<br />
* [12 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000135.html ASA-201411-10] {{pkg|gnutls}} out-of-bounds memory write<br />
* [12 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000134.html ASA-201411-9] {{pkg|file}} denial of service through out-of-bounds read<br />
* [12 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000133.html ASA-201411-8] {{pkg|mantisbt}} arbitrary code execution and unrestricted access<br />
* [11 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000132.html ASA-201411-7] {{pkg|curl}} out-of-bounds read<br />
* [10 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000131.html ASA-201411-6] {{pkg|kdebase-workspace}} local privilege escalation<br />
* [09 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000130.html ASA-201411-5] {{pkg|konversation}} denial of service<br />
* [06 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000129.html ASA-201411-4] {{pkg|polarssl}} multiple issues<br />
* [05 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000128.html ASA-201411-3] {{pkg|mantisbt}} sql injection<br />
* [03 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000127.html ASA-201411-2] {{pkg|aircrack-ng}} multiple vulnerabilities<br />
* [01 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000126.html ASA-201411-1] {{pkg|tnftp}} arbitrary command execution<br />
<br />
=== Oct 2014 ===<br />
<br />
* [29 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000125.html ASA-201410-14] {{pkg|wget}} arbitrary filesystem access<br />
* [27 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000124.html ASA-201410-13] {{pkg|ejabberd}} circumvention of encryption<br />
* [24 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000123.html ASA-201410-12] {{pkg|libxml2}} Denial of service<br />
* [24 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000122.html ASA-201410-11] {{pkg|ctags}} Denial of service<br />
* [23 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000121.html ASA-201410-10] {{pkg|libvncserver}} Remote code execution and Remote DoS<br />
* [22 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000120.html ASA-201410-9] {{pkg|libpurple}} Remote DoS and Information leakage<br />
* [20 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000119.html ASA-201410-8] {{pkg|wpa_supplicant}}, {{pkg|hostapd}} Arbitrary command execution<br />
* [16 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000118.html ASA-201410-7] {{pkg|drupal}} SQL Injection<br />
* [16 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000117.html ASA-201410-6] {{pkg|openssl}} Memory leak and poodle mitigation<br />
* [15 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000116.html ASA-201410-4] {{pkg|zeromq}} Man-in-the-middle downgrade and replay attack<br />
* [8 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000115.html ASA-201410-5] {{pkg|rsyslog}} Denial of service<br />
* [4 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000114.html ASA-201410-3] {{pkg|mediawiki}} Cross-site Scripting (XSS) and UI redressing<br />
* [2 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000113.html ASA-201410-2] {{pkg|jenkins}} Multiple issues<br />
* [1 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000112.html ASA-201410-1] {{pkg|rsyslog}} Remote denial of service<br />
<br />
=== Sep 2014 ===<br />
<br />
* [29 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000111.html ASA-201409-5] {{pkg|libvirt}} Out-of-bounds read access<br />
* [29 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000109.html ASA-201409-4] {{pkg|mediawiki}} Cross-site Scripting (XSS)<br />
* [26 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000102.html ASA-201409-3] {{pkg|python2}} Information leakage through integer overflow<br />
* [26 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000099.html ASA-201409-2] {{pkg|bash}} Remote code execution<br />
* [25 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000097.html ASA-201409-1] {{pkg|nss}} Signature forgery attack<br />
<br />
==Publishing a new advisory==<br />
<br />
We try to always wait for the vulnerability to have been fixed in the corresponding package before issuing an advisory.<br />
In case of an extremely critical vulnerability,<br />
we may issue an advisory before the package has been fixed, but only if a work-around exists. <br />
<br />
If you want to publish a new advisory, please check that:<br />
* the corresponding Arch Linux package is really vulnerable ;<br />
* the tracking [[Arch_CVE_Monitoring_Team#Procedure|Procedure]] has been completed;<br />
* no Arch Linux Security Advisory for this vulnerability has been published yet ;<br />
* no upcoming Security Advisory for this vulnerability has been claimed in the "[[#Scheduled Advisories|Scheduled Advisories]]" list of this page, as it would mean that someone is already working on an advisory ;<br />
* the current maintainer has been notified, either by flagging the package ouf-of-date if an upstream release fixing the issue exists and/or by creating a new [https://bugs.archlinux.org/ bug-tracker] entry (see the exact procedure [[Arch_CVE_Monitoring_Team#Procedure|here]]).<br />
<br />
You may then:<br />
* add a line in the "[[#Scheduled Advisories|Scheduled Advisories]]" list of this page, indicating that you are going to publish an advisory soon ;<br />
* use the following template as an example to write the advisory ;<br />
* ensure that every line in the advisory is properly wrapped after 72 characters<br />
* send the advisory to the [https://mailman.archlinux.org/mailman/listinfo/arch-security arch-security] mailing-list (note that it would be nice if you could send a PGP-signed e-mail, but it is not required).<br />
* move the published advisory from "[[#Scheduled Advisories|Scheduled Advisories]]" to "[[#Recent Advisories|Recent Advisories]]"<br />
* adapt the [[CVE#Documented_CVE.27s|CVE]] tracking page for the fixed package and add a link to the appropriate ASA.<br />
<br />
===Templates===<br />
<br />
{{bc|<nowiki><br />
Subject:<br />
[ASA-<YYYYMM-N>] <Package>: <Vulnerability Type><br />
<br />
Body:<br />
Arch Linux Security Advisory ASA-YYYYMM-N<br />
=========================================<br />
<br />
Severity: Low, Medium, High, Critical<br />
Date : YYYY-MM-DD<br />
CVE-ID : <CVE-ID><br />
Package : <package><br />
Type : <Vulnerability Type><br />
Remote : <Yes/No><br />
Link : https://wiki.archlinux.org/index.php/CVE<br />
<br />
Summary<br />
=======<br />
<br />
The package <package> before version <Arch Linux fixed version> is vulnerable to <Vulnerability type>.<br />
<br />
Resolution<br />
==========<br />
<br />
Upgrade to <Arch Linux fixed version>.<br />
<br />
# pacman -Syu "<package>>=<Arch Linux fixed version>"<br />
<br />
The problem has been fixed upstream in version <upstream fixed version>.<br />
<br />
Workaround<br />
==========<br />
<br />
<Is there a way to mitigate this vulnerability without upgrading?><br />
<br />
Description<br />
===========<br />
<br />
<Long description, for example from original advisory>.<br />
<br />
Impact<br />
======<br />
<br />
<<br />
What is it that an attacker can do? Does this need existing<br />
pre-conditions to be exploited (valid credentials, physical access)?<br />
Is this remotely exploitable?<br />
>.<br />
<br />
References<br />
==========<br />
<br />
<CVE-Link><br />
<Upstream report><br />
<Arch Linux Bug-Tracker><br />
</nowiki>}}<br />
<br />
===Vim-Snippet===<br />
<br />
Vim-Snippet for vim-ultisnips plugin for easy completing the archlinux template. Just install {{pkg|vim-ultisnips}} and copy the text below in your {{ic|~/.vim/UltiSnips/all.snippets}} you can jump through the tabstops with {{ic|CTRL+j}}.<br />
<br />
{{bc|<nowiki><br />
snippet archsec "arch security form" <br />
Arch Linux Security Advisory ASA-`date -I -u | egrep -o '[0-9]{4}'``date -I -u | egrep -o '[0-9]{2}' | sed '3q;d'`-${1}<br />
========================================${1/./=/g} <br />
<br />
Severity: ${2} <br />
Date : `date -I -u` <br />
CVE-ID : $3 <br />
Package : $4 <br />
Type : $5<br />
Remote : ${6} <br />
Link : https://wiki.archlinux.org/index.php/CVE <br />
<br />
Summary<br />
=======<br />
<br />
The package $4 before version $7 is vulnerable to $5 ${8} <br />
<br />
Resolution<br />
==========<br />
<br />
Upgrade to $7.<br />
<br />
# pacman -Syu "$4>=$7" <br />
<br />
${9:The problems have been fixed upstream in version ${7/-\d+$/./}} <br />
<br />
Workaround<br />
========== <br />
<br />
${10:None.} <br />
<br />
Description <br />
=========== <br />
<br />
${3/(CVE-....-....)(\s?)/- $1(?2: : )()\n\n/g} <br />
<br />
Impact<br />
====== <br />
<br />
A${6/(Yes)|(No)/(?1: remote )(?2: local )/}attacker is able to ${12} <br />
<br />
References<br />
========== <br />
<br />
${3/(CVE-....-....)(\s?)/https:\/\/access.redhat.com\/security\/cve\/$1\n/g}<br />
${13}<br />
endsnippet<br />
<br />
</nowiki>}}</div>
Anthraxx
https://wiki.archlinux.org/index.php?title=CVE&diff=452896
CVE
2016-10-04T14:21:28Z
<p>Anthraxx: fixed hostapd</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Related articles start}}<br />
{{Related|Arch CVE Monitoring Team}}<br />
{{Related|Security Advisories}}<br />
{{Related|Security Advisories/Examples}}<br />
{{Related articles end}}<br />
This article documents [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's) that are found and fixed in Arch Linux. <br />
<br />
== Introduction ==<br />
<br />
CVE's represent critical security vulnerabilities which must be addressed as quickly as possible. <br />
<br />
Once a CVE has been located and fixed, it is added to the CVE documentation table below.<br />
<br />
== Helping ==<br />
<br />
This is a community driven project. Please consider joining the [[Arch CVE Monitoring Team]]. <br />
<br />
Also, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch security mailing list]. There is an IRC on irc://irc.freenode.net/archlinux-security.<br />
<br />
== Procedure ==<br />
<br />
When adding a CVE to the table, add it to the TOP of the table. Use Wiki markup to create links in the "CVE-ID", "Package", and "Status" columns. The following template may be used to ease the process of adding CVE entries into the table. The first line, "|-" represents the creation of a new row in the table, while the second line should be modified per CVE:<br />
<br />
{{hc|CVE Table Addition Template|<nowiki><br />
|-<br />
| {{CVE|CVE-2016-????}} || {{Pkg|pkgname}} || Disclosure date || Affected versions || Fixed in version || Arch Linux response time || Status(Fixed|Pending|Invalid) (Bug reports) || {{ASA|ASA-??????-??}}<br />
</nowiki>}}<br />
<br />
{{Note|<br />
* If the CVE is not found in [http://nvd.nist.gov/home.cfm NVD], just include a link to different database in the first column: {{ic|<nowiki>[http://link.to.cve CVE-2014-????]</nowiki>}}<br />
* The "Disclosure date" field should be expressed in [[Wikipedia:ISO 8601|ISO 8601 format]] to avoid any confusion. Example: 2014-03-22.<br />
* The "Arch Linux response time" field corresponds to the time between the public release of a vulnerability and the date the package update fixing the vulnerability is made available in the official stable repositories. The "Time really vulnerable" is potentially much lengthier but is harder to estimate.<br />
}}<br />
<br />
The above "CVE-template" should be added after the line:<br />
<br />
{{bc|<nowiki>! scope="col" width="125px" data-sort-type="text" | CVE-ID !! Package !! Disclosure date !! Affected versions !! Fixed in version !! Arch Linux response time !! Status (and related bug reports) !! ASA-ID</nowiki>}}<br />
<br />
== Response time ==<br />
<br />
The response time is the time taken to get a fixed package to the stable repositories.<br />
<br />
== Documented CVE's ==<br />
<br />
{{Note|Refer to the [[#Procedure]] section when adding new entries.}}<br />
<br />
{| class="wikitable sortable" style="margin: 1em auto 1em auto; text-align: center;" width="100%"<br />
! height="50px" colspan="8" style="font-size: 125%;"| '''TRACKED CVE's'''<br />
|-<br />
! scope="col" width="130px" data-sort-type="text" | CVE-ID !! Package !! Disclosure date !! Affected versions !! Fixed in Arch Linux package version !! Arch Linux response time !! Status (and related bug reports) !! ASA-ID<br />
|- <br />
| {{CVE|CVE-2016-7795}} || {{pkg|systemd}} || 2016-09-29 || <= 231-1 || 231-2 || 6d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-October/000730.html ASA-201610-2]<br />
|- <br />
| {{CVE|CVE-2016-5177}} {{CVE|CVE-2016-5178}} [https://googlechromereleases.blogspot.fr/2016/09/stable-channel-update-for-desktop_29.html] || {{pkg|chromium}} || 2016-09-29 || <= 53.0.2785.116-1 || 53.0.2785.143-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-October/000729.html ASA-201610-1]<br />
|- <br />
| {{CVE|CVE-2016-7168}} {{CVE|CVE-2016-7169}} [https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/] || {{pkg|wordpress}} || 2016-09-29 || <= 4.6.0-1 || 4.6.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000728.html ASA-201609-32]<br />
|- <br />
| {{CVE|CVE-2016-5180}} [https://c-ares.haxx.se/adv_20160929.html] || {{pkg|c-ares}} || 2016-09-29 || <= 1.11.0-1 || 1.12.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000727.html ASA-201609-31]<br />
|- <br />
| {{CVE|CVE-2016-2776}} [https://kb.isc.org/article/AA-01419/0] || {{pkg|bind}} || 2016-07-27 || <= 9.10.4.P2-1 || 9.10.4.P3-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000725.html ASA-201607-29]<br />
|-<br />
| {{CVE|CVE-2016-7052}} [https://www.openssl.org/news/secadv/20160926.txt] || {{pkg|lib32-openssl}} || 2016-09-26 || <= 1:1.0.2.i-1 || 1:1.0.2.j-1 || || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000724.html ASA-201609-28]<br />
|- <br />
| {{CVE|CVE-2016-7052}} [https://www.openssl.org/news/secadv/20160926.txt] || {{pkg|openssl}} || 2016-09-26 || <= 1.0.2.i-1 || 1.0.2.j-1 || || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000726.html ASA-201609-30]<br />
|- <br />
| {{CVE|CVE-2016-6309}} [https://www.openssl.org/news/secadv/20160926.txt] || {{pkg|lib32-openssl}} || 2016-09-26 || <= 1:1.0.2.i-1 || || || Not Affected || None<br />
|- <br />
| {{CVE|CVE-2016-6309}} [https://www.openssl.org/news/secadv/20160926.txt] || {{pkg|openssl}} || 2016-09-26 || <= 1.0.2.i-1 || || || Not Affected || None<br />
|- <br />
| {{CVE|CVE-2016-2177}} {{CVE|CVE-2016-2178}} {{CVE|CVE-2016-2179}} {{CVE|CVE-2016-2180}} {{CVE|CVE-2016-2181}} {{CVE|CVE-2016-2182}} {{CVE|CVE-2016-2183}} {{CVE|CVE-2016-6302}} {{CVE|CVE-2016-6303}} {{CVE|CVE-2016-6304}} {{CVE|CVE-2016-6306}} [http://eprint.iacr.org/2016/594] [https://www.openssl.org/news/secadv/20160922.txt] || {{pkg|openssl}} || 2016-09-22 || <= 1.0.2.h-1 || 1.0.2.i-1 || <1d || Fixed ({{bug|49616}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000719.html ASA-201609-23]<br />
|- <br />
| {{CVE|CVE-2016-2177}} {{CVE|CVE-2016-2178}} {{CVE|CVE-2016-2179}} {{CVE|CVE-2016-2180}} {{CVE|CVE-2016-2181}} {{CVE|CVE-2016-2182}} {{CVE|CVE-2016-2183}} {{CVE|CVE-2016-6302}} {{CVE|CVE-2016-6303}} {{CVE|CVE-2016-6304}} {{CVE|CVE-2016-6306}} [http://eprint.iacr.org/2016/594] [https://www.openssl.org/news/secadv/20160922.txt] || {{pkg|lib32-openssl}} || 2016-09-22 || <= 1:1.0.2.h-1 || 1:1.0.2.i-1 || <1d || Fixed ({{bug|49616}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000720.html ASA-201609-24]<br />
|- <br />
| {{CVE|CVE-2016-7044}} {{CVE|CVE-2016-7045}} [https://irssi.org/security/irssi_sa_2016.txt] || {{pkg|irssi}} || 2016-09-21 || <= 0.8.19-2 || 0.8.20-1 || || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000716.html ASA-201609-20]<br />
|- <br />
| {{CVE|CVE-2016-5270}} {{CVE|CVE-2016-5271}} {{CVE|CVE-2016-5272}} {{CVE|CVE-2016-5273}} {{CVE|CVE-2016-5276}} {{CVE|CVE-2016-5274}} {{CVE|CVE-2016-5277}} {{CVE|CVE-2016-5275}} {{CVE|CVE-2016-5278}} {{CVE|CVE-2016-5279}} {{CVE|CVE-2016-5280}} {{CVE|CVE-2016-5281}} {{CVE|CVE-2016-5282}} {{CVE|CVE-2016-5283}} {{CVE|CVE-2016-5284}} {{CVE|CVE-2016-5256}} {{CVE|CVE-2016-5257}} [https://www.mozilla.org/en-US/security/advisories/mfsa2016-85/] || {{pkg|firefox}} || 2016-09-13 || <= 48.0.2-1 || 49.0-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000718.html ASA-201609-22]<br />
|- <br />
| {{CVE|CVE-2016-5388}} || {{pkg|tomcat7}} || 2016-09-18 || <= 7.0.70-1 || 7.0.72-1 || || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000717.html ASA-201609-21]<br />
|- <br />
| {{CVE|CVE-2016-7420}} [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7420] || {{pkg|crypto++}} || 2016-09-18 || <= 5.6.4-2 || || || '''Vulnerable''' || <br />
|- <br />
| {{CVE|CVE-2016-7444}} [http://seclists.org/oss-sec/2016/q3/545] [https://www.gnutls.org/security.html#GNUTLS-SA-2016-3] || {{pkg|gnutls}} || 2016-09-08 || <= 3.4.14-1 || 3.4.15-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000721.html ASA-201609-25]<br />
|- <br />
| {{CVE|CVE-2016-7444}} [http://seclists.org/oss-sec/2016/q3/545] [https://www.gnutls.org/security.html#GNUTLS-SA-2016-3] || {{pkg|lib32-gnutls}} || 2016-09-08 || <= 3.4.14-1 || 3.4.15-1 || 13d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000722.html ASA-201609-26]<br />
|- <br />
| {{CVE|CVE-2016-5170}} {{CVE|CVE-2016-5171}} {{CVE|CVE-2016-5172}} {{CVE|CVE-2016-5173}} {{CVE|CVE-2016-5174}} {{CVE|CVE-2016-5175}} [https://googlechromereleases.blogspot.fr/2016/09/stable-channel-update-for-desktop_13.html] || {{pkg|chromium}} || 2016-09-13 || <= 53.0.2785.101-1 || 53.0.2785.116-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000709.html ASA-201609-13]<br />
|- <br />
| {{CVE|CVE-2016-7412}} {{CVE|CVE-2016-7413}} {{CVE|CVE-2016-7414}} {{CVE|CVE-2016-7416}} {{CVE|CVE-2016-7417}} {{CVE|CVE-2016-7418}} [http://www.openwall.com/lists/oss-security/2016/09/15/10] || {{pkg|php}} || 2016-09-15 || <= 7.0.10-1 || 7.0.11-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000712.html ASA-201609-16]<br />
|- <br />
| {{CVE|CVE-2016-6352}} [https://bugzilla.redhat.com/show_bug.cgi?id=1349751] || {{pkg|lib32-gdk-pixbuf2}} || 2016-08-31 || <= 2.34.0-1 || || || '''Vulnerable''' ||<br />
|- <br />
| {{CVE|CVE-2016-6352}} [https://bugzilla.redhat.com/show_bug.cgi?id=1349751] || {{pkg|gdk-pixbuf2}} || 2016-08-31 || <= 2.34.0-2 || || || '''Vulnerable''' ||<br />
|- <br />
| {{CVE|CVE-2016-7167}} [https://curl.haxx.se/docs/adv_20160914.html] || {{pkg|curl}} || 2016-09-14 || <= 7.50.2-1 || 7.50.3-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000715.html ASA-201609-19]<br />
|- <br />
| {{CVE|CVE-2016-7167}} [https://curl.haxx.se/docs/adv_20160914.html] || {{pkg|lib32-curl}} || 2016-09-14 || <= 7.50.0-1 || 7.50.3-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000714.html ASA-201609-18]<br />
|- <br />
| {{CVE|CVE-2016-4271}} {{CVE|CVE-2016-4272}} {{CVE|CVE-2016-4274}} {{CVE|CVE-2016-4275}} {{CVE|CVE-2016-4276}} {{CVE|CVE-2016-4277}} {{CVE|CVE-2016-4278}} {{CVE|CVE-2016-4279}} {{CVE|CVE-2016-4280}} {{CVE|CVE-2016-4281}} {{CVE|CVE-2016-4282}} {{CVE|CVE-2016-4283}} {{CVE|CVE-2016-4284}} {{CVE|CVE-2016-4285}} {{CVE|CVE-2016-4287}} {{CVE|CVE-2016-6921}} {{CVE|CVE-2016-6922}} {{CVE|CVE-2016-6923}} {{CVE|CVE-2016-6924}} {{CVE|CVE-2016-6925}} {{CVE|CVE-2016-6926}} {{CVE|CVE-2016-6927}} {{CVE|CVE-2016-6929}} {{CVE|CVE-2016-6930}} {{CVE|CVE-2016-6931}} {{CVE|CVE-2016-6932}} [https://helpx.adobe.com/security/products/flash-player/apsb16-29.html] || {{pkg|flashplugin}} {{pkg|lib32-flashplugin}} || 2016-09-13 || <= 11.2.202.632-1 || 11.2.202.635-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000707.html ASA-201609-11] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000708.html ASA-201609-12]<br />
|- <br />
| {{CVE|CVE-2016-6662}} {{CVE|CVE-2016-6663}} [https://mariadb.org/mariadb-server-versions-remote-root-code-execution-vulnerability-cve-2016-6662/] [https://jira.mariadb.org/browse/MDEV-10465] [http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html] || {{Pkg|mariadb}} || 2016-09-13 || <= 10.1.16-2 || 10.1.17-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000706.html ASA-201609-10]<br />
|-<br />
| {{CVE|CVE-2016-7180}} {{CVE|CVE-2016-7175}} {{CVE|CVE-2016-7176}} {{CVE|CVE-2016-7177}} {{CVE|CVE-2016-7178}} {{CVE|CVE-2016-7179}} [https://www.wireshark.org/security/wnpa-sec-2016-50.html] [https://www.wireshark.org/security/wnpa-sec-2016-51.html] [https://www.wireshark.org/security/wnpa-sec-2016-52.html] [https://www.wireshark.org/security/wnpa-sec-2016-53.html] [https://www.wireshark.org/security/wnpa-sec-2016-54.html] [https://www.wireshark.org/security/wnpa-sec-2016-55.html] || {{pkg|wireshark-cli}} || 2016-09-09 || <= 2.0.5-1 || 2.2.0-1 || 15d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000723.html ASA-201609-27]<br />
|- <br />
| {{CVE|CVE-2016-5388}} [https://www.apache.org/security/asf-httpoxy-response.txt] || {{pkg|tomcat8}} || 2016-07-18 || <= 8.0.36-1 || 8.0.37-1 || 52d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000703.html ASA-201609-7] <br />
|-<br />
| {{CVE|CVE-2016-7164}} [http://ftp.gnome.org/mirror/gnome.org/sources/file-roller/3.20/file-roller-3.20.3.news] || {{pkg|file-roller}} || 2016-09-08 || <= 3.20.2-1 || 3.20.3-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000701.html ASA-201609-5]<br />
|-<br />
| {{CVE|CVE-2016-5426}} {{CVE|CVE-2016-5427}} [http://seclists.org/oss-sec/2016/q3/464] [https://doc.powerdns.com/md/security/powerdns-advisory-2016-01/] || {{pkg|powerdns}} || 2016-09-08 || 3.4.9-1 || 4.0.1-3 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000705.html ASA-201609-9]<br />
|-<br />
| {{CVE|CVE-2016-7164}} [http://seclists.org/oss-sec/2016/q3/443] || {{pkg|libtorrent-rasterbar}} || 2016-09-08 || <= 1:1.1-3 || 1:1.1.1-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000704.html ASA-201609-8]<br />
|-<br />
| {{CVE|CVE-2016-7141}} [https://curl.haxx.se/docs/adv_20160907.html] || {{pkg|curl}} || 2016-09-07 || N/A || N/A || - || Not Affected || None<br />
|-<br />
| {{CVE|CVE-2016-2835}} {{CVE|CVE-2016-2836}} [https://www.mozilla.org/en-US/security/advisories/mfsa2016-62/] || {{pkg|thunderbird}} || 2016-08-30 || <= 45.2.0-2 || 45.3.0-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000699.html ASA-201609-3]<br />
|-<br />
| {{CVE|CVE-2016-7134}} {{CVE|CVE-2016-7133}} {{CVE|CVE-2016-7132}} {{CVE|CVE-2016-7131}} {{CVE|CVE-2016-7130}} {{CVE|CVE-2016-7129}} {{CVE|CVE-2016-7128}} {{CVE|CVE-2016-7127}} {{CVE|CVE-2016-7126}} {{CVE|CVE-2016-7125}} {{CVE|CVE-2016-7124}} [http://www.openwall.com/lists/oss-security/2016/09/02/9] || {{pkg|php}} || 2016-09-03 || <= 7.0.10-1 || 7.0.11-1 || || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-5147}} {{CVE|CVE-2016-5148}} {{CVE|CVE-2016-5149}} {{CVE|CVE-2016-5150}} {{CVE|CVE-2016-5151}} {{CVE|CVE-2016-5152}} {{CVE|CVE-2016-5153}} {{CVE|CVE-2016-5154}} {{CVE|CVE-2016-5155}} {{CVE|CVE-2016-5156}} {{CVE|CVE-2016-5157}} {{CVE|CVE-2016-5158}} {{CVE|CVE-2016-5159}} {{CVE|CVE-2016-5160}} {{CVE|CVE-2016-5161}} {{CVE|CVE-2016-5162}} {{CVE|CVE-2016-5163}} {{CVE|CVE-2016-5164}} {{CVE|CVE-2016-5165}} {{CVE|CVE-2016-5166}} {{CVE|CVE-2016-5167}} [https://googlechromereleases.blogspot.fr/2016/08/stable-channel-update-for-desktop_31.html] || {{pkg|chromium}} || 2016-08-31 || <= 52.0.2743.116-1 || 53.0.2785.89-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000697.html ASA-201609-1]<br />
|-<br />
| {{CVE|CVE-2016-6525}} [http://bugs.ghostscript.com/show_bug.cgi?id=696954] || {{Pkg|mupdf}} || 2016-07-19 || <= 1.9a-4 || 1.9a-5 || 1d || Fixed ([https://bugs.archlinux.org/task/50590 FS#50590 ]) || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000696.html ASA-201608-22] <br />
|-<br />
| {{CVE|CVE-2016-6265}} [http://bugs.ghostscript.com/show_bug.cgi?id=696941] || {{Pkg|mupdf}} || 2016-07-19 || <= 1.9a-3 || 1.9a-4 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000695.html ASA-201608-21] <br />
|-<br />
| {{CVE|CVE-2016-4590}} {{CVE|CVE-2016-4591}} {{CVE|CVE-2016-4622}} {{CVE|CVE-2016-4624}} [https://webkitgtk.org/2016/08/24/webkitgtk2.12.4-released.html] [https://webkitgtk.org/security/WSA-2016-0005.html] || {{pkg|webkit2gtk}} || 2016-08-24 || <= 2.12.3-1 || 2.12.4-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000698.html ASA-201609-2]<br />
|-<br />
| {{CVE|CVE-2016-6331}} {{CVE|CVE-2016-6332}} {{CVE|CVE-2016-6333}} {{CVE|CVE-2016-6334}} {{CVE|CVE-2016-6335}} {{CVE|CVE-2016-6336}} {{CVE|CVE-2016-6337}} [https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html] || {{pkg|mediawiki}} || 2016-08-23 || <= 1.27.0-1 || 1.27.1-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000693.html ASA-201608-19] <br />
|-<br />
| {{CVE|CVE-2016-6313}} [https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html] || {{pkg|lib32-libgcrypt}} || 2016-08-17 || <= 1.7.2-1 || 1.7.3-1 || 31d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000710.html ASA-201609-14]<br />
|-<br />
| {{CVE|CVE-2016-6313}} [https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html] || {{pkg|libgcrypt}} || 2016-08-17 || <= 1.7.2-1 || 1.7.3-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000692.html ASA-201608-18]<br />
|-<br />
| {{CVE|CVE-2016-5423}} {{CVE|CVE-2016-5424}} [https://www.postgresql.org/about/news/1688/] || {{pkg|postgresql}} {{pkg|postgresql-libs}} || 2016-08-11 || <= 9.5.3-1 || 9.5.4-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000688.html ASA-201608-14]<br />
|-<br />
| {{CVE|CVE-2016-5696}} [http://seclists.org/oss-sec/2016/q3/44] [https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=75ff39ccc1bd5d3c455b6822ab09e533c551f758] || {{pkg|linux}} || 2016-07-12 || <= 4.6.4-1 || 4.7-1 || 31d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000686.html ASA-201608-12]<br />
|-<br />
| {{CVE|CVE-2016-5696}} [http://seclists.org/oss-sec/2016/q3/44] [https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=75ff39ccc1bd5d3c455b6822ab09e533c551f758] || {{pkg|linux-grsec}} || 2016-07-12 || <= 4.6.5.201607312210-1 || 4.7.201608131240-1 || 33d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000687.html ASA-201608-13]<br />
|-<br />
| {{CVE|CVE-2016-5696}} [http://seclists.org/oss-sec/2016/q3/44] [https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=75ff39ccc1bd5d3c455b6822ab09e533c551f758] || {{pkg|linux-lts}} || 2016-07-12 || <= 4.4.16-1 || 4.4.19-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000691.html ASA-201608-17]<br />
|-<br />
| {{CVE|CVE-2016-5696}} [http://seclists.org/oss-sec/2016/q3/44] [https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=75ff39ccc1bd5d3c455b6822ab09e533c551f758] || {{pkg|linux-zen}} || 2016-07-12 || <= 4.6.5-1 || 4.7-1 || 35d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000689.html ASA-201608-15]<br />
|-<br />
| {{CVE|CVE-2016-5139}} {{CVE|CVE-2016-5140}} {{CVE|CVE-2016-5141}} {{CVE|CVE-2016-5142}} {{CVE|CVE-2016-5143}} {{CVE|CVE-2016-5144}} {{CVE|CVE-2016-5145}} {{CVE|CVE-2016-5146}} [https://googlechromereleases.blogspot.fr/2016/08/stable-channel-update-for-desktop.html] || {{pkg|chromium}} || 2016-08-03 || <= 52.0.2743.85-2 || 52.0.2743.116-1 || 14d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000690.html ASA-201608-16]<br />
|-<br />
| {{CVE|CVE-2016-6255}} || {{pkg|libupnp}} || 2016-08-08 || <= 1.6.19-1 || 1.6.20-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000682.html ASA-201608-8]<br />
|-<br />
| {{CVE|CVE-2016-3075}} {{CVE|CVE-2016-5417}} [https://sourceware.org/bugzilla/show_bug.cgi?id=19879] [https://sourceware.org/bugzilla/show_bug.cgi?id=19257] || {{pkg|glibc}} {{pkg|lib32-glibc}} || 2016-08-02 || <= 2.23-5 || 2.24-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000680.html ASA-201608-6] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000681.html ASA-201608-7]<br />
|-<br />
| {{CVE|CVE-2016-3458}} {{CVE|CVE-2016-3500}} {{CVE|CVE-2016-3508}} {{CVE|CVE-2016-3550}} {{CVE|CVE-2016-3598}} {{CVE|CVE-2016-3606}} {{CVE|CVE-2016-3610}} [http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2016-July/036560.html] || {{pkg|jdk7-openjdk}} {{pkg|jre7-openjdk}} {{pkg|jre7-openjdk-headless}} || 2016-07-29 || <= 7.u101_2.6.6 || 7.u111_2.6.7 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000677.html ASA-201608-3] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000678.html ASA-201608-4] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000679.html ASA-201608-5]<br />
|-<br />
| {{CVE|CVE-2016-0718}} {{CVE|CVE-2016-2830}} {{CVE|CVE-2016-2835}} {{CVE|CVE-2016-2836}} {{CVE|CVE-2016-2837}} {{CVE|CVE-2016-2838}} {{CVE|CVE-2016-2839}} {{CVE|CVE-2016-5250}} {{CVE|CVE-2016-5251}} {{CVE|CVE-2016-5252}} {{CVE|CVE-2016-5254}} {{CVE|CVE-2016-5255}} {{CVE|CVE-2016-5258}} {{CVE|CVE-2016-5259}} {{CVE|CVE-2016-5260}} {{CVE|CVE-2016-5261}} {{CVE|CVE-2016-5262}} {{CVE|CVE-2016-5263}} {{CVE|CVE-2016-5264}} {{CVE|CVE-2016-5265}} {{CVE|CVE-2016-5266}} {{CVE|CVE-2016-5268}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox48] || {{pkg|firefox}} || 2016-08-02 || <= 47.0.1-1 || 48.0-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000676.html ASA-201608-2]<br />
|-<br />
| {{CVE|CVE-2016-5419}} {{CVE|CVE-2016-5420}} {{CVE|CVE-2016-5421}} [https://curl.haxx.se/docs/adv_20160803A.html] [https://curl.haxx.se/docs/adv_20160803B.html] [https://curl.haxx.se/docs/adv_20160803C.html] || {{pkg|curl}} || 2016-08-03 || <= 7.50.0-1 || 7.50.1-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000683.html ASA-201608-9]<br />
|-<br />
| {{CVE|CVE-2016-6210}} [http://www.openssh.com/txt/release-7.3] [http://seclists.org/fulldisclosure/2016/Jul/51] || {{pkg|openssh}} || 2016-07-14 || <= 7.2p2-2 || 7.3p1-1 || 16d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000675.html ASA-201608-1]<br />
|-<br />
| {{CVE|CVE-2016-6503}} {CVE|CVE-2016-6504}} {{CVE|CVE-2016-6507}} [http://seclists.org/oss-sec/2016/q3/217] [[http://www.wireshark.org/security/wnpa-sec-2016-39.html] [http://www.wireshark.org/security/wnpa-sec-2016-40.html] [http://www.wireshark.org/security/wnpa-sec-2016-43.html] || {{pkg|wireshark-cli}} || 2016-07-28 || <= 2.0.4-1 || - || - || Not Affected || None<br />
|-<br />
| {{CVE|CVE-2016-6505}} {{CVE|CVE-2016-6506}} {{CVE|CVE-2016-6508}} {{CVE|CVE-2016-6509}} {{CVE|CVE-2016-6510}} {{CVE|CVE-2016-6511}} {{CVE|CVE-2016-6512}} {{CVE|CVE-2016-6513}} [http://seclists.org/oss-sec/2016/q3/217] [http://www.wireshark.org/security/wnpa-sec-2016-41.html] [http://www.wireshark.org/security/wnpa-sec-2016-42.html] [http://www.wireshark.org/security/wnpa-sec-2016-44.html] [http://www.wireshark.org/security/wnpa-sec-2016-45.html] [http://www.wireshark.org/security/wnpa-sec-2016-46.html] [http://www.wireshark.org/security/wnpa-sec-2016-47.html] [http://www.wireshark.org/security/wnpa-sec-2016-48.html] [http://www.wireshark.org/security/wnpa-sec-2016-49.html] || {{pkg|wireshark-cli}} || 2016-07-28 || <= 2.0.4-1 || 2.0.5-1 || 26d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000694.html ASA-201608-20]<br />
|-<br />
| {{CVE|CVE-2016-6491}} [http://seclists.org/oss-sec/2016/q3/194] [http://git.imagemagick.org/repos/ImageMagick/commit/5cb6c1acd3e3b12f9260daf207db432df7f792c2] || {{pkg|imagemagick}} || 2016-07-27 || <= 6.9.5.2-1 || 6.9.5.3-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000673.html ASA-201607-13]<br />
|-<br />
| {{CVE|CVE-2015-8948}} {{CVE|CVE-2016-6261}} {{CVE|CVE-2016-6262}} {{CVE|CVE-2016-6263}} || {{Pkg|libidn}} || 2016-07-20 || <= 1.32-1 || 1.33-1 || 10d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000674.html ASA-201607-14]<br />
|-<br />
| {{CVE|CVE-2016-6186}} || {{Pkg|python-django}} {{Pkg|python2-django}}|| 2016-07-18 || <= 1.9.8-1 || 1.9.8-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000670.html ASA-201607-10] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000671.html ASA-201607-11]<br />
|-<br />
| {{CVE|CVE-2016-1705}} {{CVE|CVE-2016-1706}} {{CVE|CVE-2016-1708}} {{CVE|CVE-2016-1709}} {{CVE|CVE-2016-1710}} {{CVE|CVE-2016-1711}} {{CVE|CVE-2016-5127}} {{CVE|CVE-2016-5128}} {{CVE|CVE-2016-5129}} {{CVE|CVE-2016-5130}} {{CVE|CVE-2016-5131}} {{CVE|CVE-2016-5132}} {{CVE|CVE-2016-5133}} {{CVE|CVE-2016-5134}} {{CVE|CVE-2016-5135}} {{CVE|CVE-2016-5136}} {{CVE|CVE-2016-5137}} [https://googlechromereleases.blogspot.fr/2016/07/stable-channel-update.html] || {{pkg|chromium}} || 2016-07-20 || <= 51.0.2704.106-1 || 52.0.2743.82-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000672.html ASA-201607-12]<br />
|-<br />
| {{CVE|CVE-2016-5385}} [https://www.drupal.org/SA-CORE-2016-003] || {{pkg|drupal}} || 2016-07-18 || <= 8.1.6-1 || 8.1.7-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000669.html ASA-201607-9]<br />
|-<br />
| {{CVE|CVE-2016-2775}} [https://kb.isc.org/article/AA-01393/74/CVE-2016-2775] || {{pkg|bind}} || 2016-07-19 || <= 9.10.4.P1-2 || 9.10.4.P2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000668.html ASA-201607-8]<br />
|-<br />
|{{CVE|CVE-2016-4173}} {{CVE|CVE-2016-4174}} {{CVE|CVE-2016-4175}} {{CVE|CVE-2016-4176}} {{CVE|CVE-2016-4177}} {{CVE|CVE-2016-4179}} {{CVE|CVE-2016-4180}} {{CVE|CVE-2016-4181}} {{CVE|CVE-2016-4182}} {{CVE|CVE-2016-4183}} {{CVE|CVE-2016-4184}} {{CVE|CVE-2016-4185}} {{CVE|CVE-2016-4186}} {{CVE|CVE-2016-4187}} {{CVE|CVE-2016-4188}} {{CVE|CVE-2016-4189}} {{CVE|CVE-2016-4190}} {{CVE|CVE-2016-4217}} {{CVE|CVE-2016-4218}} {{CVE|CVE-2016-4219}} {{CVE|CVE-2016-4220}} {{CVE|CVE-2016-4221}} {{CVE|CVE-2016-4222}} {{CVE|CVE-2016-4223}} {{CVE|CVE-2016-4224}} {{CVE|CVE-2016-4225}} {{CVE|CVE-2016-4226}} {{CVE|CVE-2016-4227}} {{CVE|CVE-2016-4228}} {{CVE|CVE-2016-4229}} {{CVE|CVE-2016-4230}} {{CVE|CVE-2016-4231}} {{CVE|CVE-2016-4232}} {{CVE|CVE-2016-4233}} {{CVE|CVE-2016-4234}} {{CVE|CVE-2016-4235}} {{CVE|CVE-2016-4236}} {{CVE|CVE-2016-4237}} {{CVE|CVE-2016-4238}} {{CVE|CVE-2016-4239}} {{CVE|CVE-2016-4240}} {{CVE|CVE-2016-4241}} {{CVE|CVE-2016-4242}} {{CVE|CVE-2016-4243}} {{CVE|CVE-2016-4244}} {{CVE|CVE-2016-4245}} {{CVE|CVE-2016-4246}} {{CVE|CVE-2016-4247}} {{CVE|CVE-2016-4248}} || {{pkg|flashplugin}} {{pkg|lib32-flashplugin}} || 2016-07-12 || <= 11.2.202.626-1 || 11.2.202.632-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000666.html ASA-201607-6] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000667.html ASA-201607-7]<br />
|-<br />
| {{CVE|CVE-2016-2815}} {{CVE|CVE-2016-2818}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird45.2] || {{pkg|thunderbird}} || 2016-06-30 || <= 45.1.1-2 || 45.2.0-1 || 10d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000664.html ASA-201607-4]<br />
|-<br />
| {{CVE|CVE-2016-4979}} [https://httpd.apache.org/security/vulnerabilities_24.html] || {{pkg|apache}} || 2016-07-05 || 2.4.18-2.4.20 || 2.4.23-1 || || Fixed ({{bug|49958}}) || None<br />
|-<br />
| {{CVE|CVE-2016-4994}} [https://bugzilla.gnome.org/show_bug.cgi?id=767873] || {{pkg|gimp}} || 2016-06-21 || <= 2.8.16-2 || 2.8.18-1 || 26d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000665.html ASA-201607-5]<br />
|-<br />
| {{CVE|CVE-2016-4472}} [https://bugzilla.redhat.com/show_bug.cgi?id=1344251] || {{pkg|expat}} || 2016-06-30 || <= 2.1.1-3 || 2.2.0-1 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-3189}} [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3189] || {{pkg|bzip2}} || 2016-06-30 || <= 1.0.6-5 || || || '''Vulnerable''' ||<br />
|-<br />
| {{CVE|CVE-2016-4463}} [http://seclists.org/bugtraq/2016/Jun/115] || {{pkg|xerces-c}} || 2016-06-29 || <= 3.1.3-2 || 3.1.4-1 || <3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000662.html ASA-201607-2]<br />
|-<br />
| {{CVE|CVE-2016-4324}} [http://www.talosintelligence.com/reports/TALOS-2016-0126/] || {{pkg|libreoffice-fresh}} || 2016-06-27 || <= 5.1.3-2 || 5.1.4-1 || <0d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000663.html ASA-201607-3]<br />
|-<br />
| {{CVE|CVE-2016-5701}} {{CVE|CVE-2016-5702}} {{CVE|CVE-2016-5703}} {{CVE|CVE-2016-5704}} {{CVE|CVE-2016-5705}} {{CVE|CVE-2016-5706}} {{CVE|CVE-2016-5730}} {{CVE|CVE-2016-5731}} {{CVE|CVE-2016-5732}} {{CVE|CVE-2016-5733}} {{CVE|CVE-2016-5734}} {{CVE|CVE-2016-5739}} [https://www.phpmyadmin.net/security/PMASA-2016-17/] [https://www.phpmyadmin.net/security/PMASA-2016-18/] [https://www.phpmyadmin.net/security/PMASA-2016-19/] [https://www.phpmyadmin.net/security/PMASA-2016-20/] [https://www.phpmyadmin.net/security/PMASA-2016-21/] [https://www.phpmyadmin.net/security/PMASA-2016-22/] [https://www.phpmyadmin.net/security/PMASA-2016-23/] [https://www.phpmyadmin.net/security/PMASA-2016-24/] [https://www.phpmyadmin.net/security/PMASA-2016-25/] [https://www.phpmyadmin.net/security/PMASA-2016-26/] [https://www.phpmyadmin.net/security/PMASA-2016-27/] [https://www.phpmyadmin.net/security/PMASA-2016-28/] || {{pkg|phpmyadmin}} || 2016-06-23 || <= 4.6.2-1 || 4.6.3-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000660.html ASA-201606-25]<br />
|-<br />
| {{CVE|CVE-2016-1704}} [https://googlechromereleases.blogspot.fr/2016/06/stable-channel-update_16.html] || {{pkg|chromium}} || 2016-01-16 || <= 51.0.2704.84-1 || 51.0.2704.103-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000655.html ASA-201606-20]<br />
|-<br />
| {{CVE|CVE-2016-2365}} {{CVE|CVE-2016-2366}} {{CVE|CVE-2016-2367}} {{CVE|CVE-2016-2368}} {{CVE|CVE-2016-2369}} {{CVE|CVE-2016-2370}} {{CVE|CVE-2016-2371}} {{CVE|CVE-2016-2372}} {{CVE|CVE-2016-2373}} {{CVE|CVE-2016-2374}} {{CVE|CVE-2016-2375}} {{CVE|CVE-2016-2376}} {{CVE|CVE-2016-2377}} {{CVE|CVE-2016-2378}} {{CVE|CVE-2016-2380}} {{CVE|CVE-2016-4323}} [http://blog.talosintel.com/2016/06/vulnerability-spotlight-pidgin.html] || {{pkg|libpurple}} || 2016-01-21 || <= 2.10.12-4 || 2.11.0-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000659.html ASA-201606-24]<br />
|-<br />
| {{CVE|CVE-2016-1541}} [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1541] || {{pkg|libarchive}} || 2016-01-17 || <= 3.1.2-8 || 3.2.0-1 || 47d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000661.html ASA-201607-1]<br />
|-<br />
| {{CVE|CVE-2016-5875}} {{CVE|CVE-2016-5314}} {{CVE|CVE-2016-5315}} {{CVE|CVE-2016-5316}} {{CVE|CVE-2016-5317}} {{CVE|CVE-2016-5320}} {{CVE|CVE-2016-5321}} {{CVE|CVE-2016-5322}} {{CVE|CVE-2016-5323}} {{CVE|CVE-2016-5102}} {{CVE|CVE-2016-3991}} {{CVE|CVE-2016-3990}} {{CVE|CVE-2016-3945}} {{CVE|CVE-2016-3658}} {{CVE|CVE-2016-3634}} {{CVE|CVE-2016-3633}} {{CVE|CVE-2016-3632}} {{CVE|CVE-2016-3631}} {{CVE|CVE-2016-3625}} {{CVE|CVE-2016-3624}} {{CVE|CVE-2016-3623}} {{CVE|CVE-2016-3622}} {{CVE|CVE-2016-3621}} {{CVE|CVE-2016-3620}} {{CVE|CVE-2016-3619}} {{CVE|CVE-2016-3186}} {{CVE|CVE-2015-8668}} {{CVE|CVE-2015-7313}} {{CVE|CVE-2014-8130}} {{CVE|CVE-2014-8127}} {{CVE|CVE-2010-2596}} {{CVE|CVE-2016-6223}} [http://www.openwall.com/lists/oss-security/2016/06/15/1] [http://www.openwall.com/lists/oss-security/2016/06/15/2] [http://www.openwall.com/lists/oss-security/2016/06/15/3] [http://www.openwall.com/lists/oss-security/2016/06/15/5] [http://www.openwall.com/lists/oss-security/2016/06/15/6] [http://www.openwall.com/lists/oss-security/2016/06/15/7] [http://www.openwall.com/lists/oss-security/2016/06/15/8] [http://www.openwall.com/lists/oss-security/2016/06/15/9] [https://security-tracker.debian.org/tracker/source-package/tiff] [http://www.openwall.com/lists/oss-security/2016/07/13/3] || {{pkg|libtiff}} || 2016-06-19 || <= 4.0.6-2 || || || '''Vulnerable''' ||<br />
|-<br />
| {{CVE|CVE-2016-4122}} {{CVE|CVE-2016-4123}} {{CVE|CVE-2016-4124}} {{CVE|CVE-2016-4125}} {{CVE|CVE-2016-4127}} {{CVE|CVE-2016-4128}} {{CVE|CVE-2016-4129}} {{CVE|CVE-2016-4130}} {{CVE|CVE-2016-4131}} {{CVE|CVE-2016-4132}} {{CVE|CVE-2016-4133}} {{CVE|CVE-2016-4134}} {{CVE|CVE-2016-4135}} {{CVE|CVE-2016-4136}} {{CVE|CVE-2016-4137}} {{CVE|CVE-2016-4138}} {{CVE|CVE-2016-4139}} {{CVE|CVE-2016-4140}} {{CVE|CVE-2016-4141}} {{CVE|CVE-2016-4142}} {{CVE|CVE-2016-4143}} {{CVE|CVE-2016-4144}} {{CVE|CVE-2016-4145}} {{CVE|CVE-2016-4146}} {{CVE|CVE-2016-4147}} {{CVE|CVE-2016-4148}} {{CVE|CVE-2016-4149}} {{CVE|CVE-2016-4150}} {{CVE|CVE-2016-4151}} {{CVE|CVE-2016-4152}} {{CVE|CVE-2016-4153}} {{CVE|CVE-2016-4154}} {{CVE|CVE-2016-4155}} {{CVE|CVE-2016-4156}} {{CVE|CVE-2016-4166}} {{CVE|CVE-2016-4171}} [https://helpx.adobe.com/security/products/flash-player/apsb16-18.html] || {{pkg|flashplugin}} {{pkg|lib32-flashplugin}} || 2016-06-16 || <= 11.2.202.621-1 || 11.2.202.626-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000650.html ASA-201606-15] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000653.html ASA-201606-18]<br />
|-<br />
| {{CVE|CVE-2016-4971}} [https://lists.gnu.org/archive/html/bug-wget/2016-06/msg00033.html] || {{pkg|wget}} || 2016-06-09 || <= 1.17.1-2 || 1.18-1 || 11d || Fixed ({{bug|49730}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000654.html ASA-201606-19]<br />
|-<br />
| {{CVE|CVE-2012-6702}} {{CVE|CVE-2016-5300}} || {{pkg|expat}} {{pkg|lib32-expat}} || 2016-06-07 || <= 2.1.1-2 || 2.1.1-3 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000648.html ASA-201606-13] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000649.html ASA-201606-14]<br />
|-<br />
| {{CVE|CVE-2016-5360}} [http://seclists.org/oss-sec/2016/q2/512] || {{pkg|haproxy}} || 2016-06-09 || <= 1.6.5-3 || 1.6.5-4 || 1d || Fixed ({{bug|49638}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000646.html ASA-201606-11]<br />
|-<br />
| {{CVE|CVE-2016-2815}} {{CVE|CVE-2016-2818}} {{CVE|CVE-2016-2819}} {{CVE|CVE-2016-2821}} {{CVE|CVE-2016-2822}} {{CVE|CVE-2016-2825}} {{CVE|CVE-2016-2828}} {{CVE|CVE-2016-2829}} {{CVE|CVE-2016-2831}} {{CVE|CVE-2016-2832}} {{CVE|CVE-2016-2833}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox47] || {{pkg|firefox}} || 2016-06-07 || <= 46.0.1-1 || 47.0-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000642.html ASA-201606-7]<br />
|-<br />
| {{CVE|CVE-2016-4456}} [https://marc.ttias.be/oss-security/2016-06/msg00043.php] [http://gnutls.org/security.html#GNUTLS-SA-2016-1] || {{pkg|gnutls}} {{pkg|lib32-gnutls}} || 2016-06-06 || <= 3.4.12-1 || 3.4.13-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000645.html ASA-201606-10] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000647.html ASA-201606-12]<br />
|-<br />
| {{CVE|CVE-2015-8899}} [http://www.openwall.com/lists/oss-security/2016/06/04/2] || {{pkg|dnsmasq}} || 2016-06-04 || <= 2.75-1 || 2.76-1 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-4953}} {{CVE|CVE-2016-4954}} {{CVE|CVE-2016-4955}} {{CVE|CVE-2016-4956}} {{CVE|CVE-2016-4957}} [http://support.ntp.org/bin/view/Main/SecurityNotice#June_2016_ntp_4_2_8p8_NTP_Securi] || {{pkg|ntp}} || 2016-06-02 || <= 4.2.8.p7-1 || 4.2.8.p8-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000639.html ASA-201606-4]<br />
|-<br />
| {{CVE|CVE-2016-4429}} [https://sourceware.org/bugzilla/show_bug.cgi?id=20112] || {{pkg|glibc}} {{pkg|lib32-glibc}} || 2016-05-18 || <= 2.23-4 || 2.23-5 || 25d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000651.html ASA-201606-16] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000652.html ASA-201606-17]<br />
|-<br />
| {{CVE|CVE-2016-5244}} {{CVE|CVE-2016-5243}} [http://www.openwall.com/lists/oss-security/2016/06/03/5] [http://www.openwall.com/lists/oss-security/2016/06/03/4] || {{pkg|linux}} || 2016-06-03 || <= 4.6.1 || || || Not Affected ||<br />
|-<br />
| {{CVE|CVE-2016-1696}} {{CVE|CVE-2016-1697}} {{CVE|CVE-2016-1698}} {{CVE|CVE-2016-1699}} {{CVE|CVE-2016-1700}} {{CVE|CVE-2016-1701}} {{CVE|CVE-2016-1702}} {{CVE|CVE-2016-1703}} [http://googlechromereleases.blogspot.fr/2016/06/stable-channel-update.html] || {{pkg|chromium}} || 2016-06-01 || <= 51.0.2704.63-1 || 51.0.2704.79-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000640.html ASA-201606-5]<br />
|-<br />
| {{CVE|CVE-2016-4450}} [http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html] [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4450] || {{pkg|nginx-mainline}} || 2016-05-31 || <= 1.11-1 || 1.11.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000637.html ASA-201606-2]<br />
|-<br />
| {{CVE|CVE-2016-4450}} [http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html] [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4450] || {{pkg|nginx}} || 2016-05-31 || <= 1.10-1 || 1.10.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000636.html ASA-201606-1]<br />
|-<br />
| {{CVE|CVE-2016-1857}} [http://webkitgtk.org/security/WSA-2016-0004.html] || {{pkg|webkit2gtk}} || 2016-05-30 || <= 2.12.2-1 || 2.12.3-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000638.html ASA-201606-3]<br />
|-<br />
| {{CVE|CVE-2016-5108}} [http://www.openwall.com/lists/oss-security/2016/05/27/7] || {{pkg|vlc}} || 2016-05-27 || <= 2.2.3-3 || 2.2.4-1 || 11d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000656.html ASA-201606-21]<br />
|-<br />
| {{CVE|CVE-2016-5104}} [http://www.openwall.com/lists/oss-security/2016/05/26/6] || {{pkg|libusbmuxd}} || 2016-05-26 || <= 1.0.10-1 || || || '''Vulnerable''' ||<br />
|-<br />
| {{CVE|CVE-2016-5104}} [http://www.openwall.com/lists/oss-security/2016/05/26/6] || {{pkg|libimobiledevice}} || 2016-05-26 || <= 1.2.0-3 || || || '''Vulnerable''' ||<br />
|-<br />
| {{CVE|CVE-2016-5103}} [http://www.openwall.com/lists/oss-security/2016/05/26/5] || {{pkg|roundcubemail}} || 2016-05-26 || <= 1.2rc-1 || 1.2.0-1 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-1762}} {{CVE|CVE-2016-1833}} {{CVE|CVE-2016-1834}} {{CVE|CVE-2016-1835}} {{CVE|CVE-2016-1836}} {{CVE|CVE-2016-1837}} {{CVE|CVE-2016-1838}} {{CVE|CVE-2016-1839}} {{CVE|CVE-2016-1840}} {{CVE|CVE-2016-3627}} {{CVE|CVE-2016-3705}} {{CVE|CVE-2016-4483}} [https://git.gnome.org/browse/libxml2/log/] || {{pkg|libxml2}} || 2016-05-23 || <= 2.9.3-2 || 2.9.4+0+gbdec218-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000634.html ASA-201605-27]<br />
|-<br />
| {{CVE|CVE-2016-1672}} {{CVE|CVE-2016-1673}} {{CVE|CVE-2016-1674}} {{CVE|CVE-2016-1675}} {{CVE|CVE-2016-1676}} {{CVE|CVE-2016-1677}} {{CVE|CVE-2016-1678}} {{CVE|CVE-2016-1679}} {{CVE|CVE-2016-1680}} {{CVE|CVE-2016-1681}} {{CVE|CVE-2016-1682}} {{CVE|CVE-2016-1683}} {{CVE|CVE-2016-1684}} {{CVE|CVE-2016-1685}} {{CVE|CVE-2016-1686}} {{CVE|CVE-2016-1687}} {{CVE|CVE-2016-1688}} {{CVE|CVE-2016-1689}} {{CVE|CVE-2016-1690}} {{CVE|CVE-2016-1691}} {{CVE|CVE-2016-1692}} {{CVE|CVE-2016-1693}} {{CVE|CVE-2016-1694}} {{CVE|CVE-2016-1695}} [http://googlechromereleases.blogspot.fr/2016/05/stable-channel-update_25.html] || {{pkg|chromium}} || 2016-05-25 || <= 50.0.2661.102-1 || 51.0.2704.63-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000635.html ASA-201605-28]<br />
|-<br />
| {{CVE|CVE-2016-5027}} {{CVE|CVE-2016-5028}} {{CVE|CVE-2016-5029}} {{CVE|CVE-2016-5030}} {{CVE|CVE-2016-5031}} {{CVE|CVE-2016-5032}} {{CVE|CVE-2016-5033}} {{CVE|CVE-2016-5034}} {{CVE|CVE-2016-5035}} {{CVE|CVE-2016-5036}} {{CVE|CVE-2016-5037}} {{CVE|CVE-2016-5038}} {{CVE|CVE-2016-5039}} {{CVE|CVE-2016-5040}} {{CVE|CVE-2016-5041}} {{CVE|CVE-2016-5042}} {{CVE|CVE-2016-5043}} {{CVE|CVE-2016-5044}} [http://seclists.org/oss-sec/2016/q2/393] [https://www.prevanders.net/dwarfbug.html] || {{pkg|libdwarf}} || 2016-05-24 || <= 20160507-1 || 20160613-1 || 27d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000658.html ASA-201606-23]<br />
|-<br />
| {{CVE|CVE-2015-1283}} {{CVE|CVE-2016-0718}} [http://seclists.org/oss-sec/2016/q2/360] || {{pkg|expat}} {{pkg|lib32-expat}} || 2016-05-17 || <= 2.1.1-1 || 2.1.1-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000629.html ASA-201605-22] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000630.html ASA-201605-23]<br />
|-<br />
| {{CVE|CVE-2016-2334}} {{CVE|CVE-2016-2335}} [http://www.talosintel.com/reports/TALOS-2016-0093/] [http://www.talosintel.com/reports/TALOS-2016-0094/] || {{pkg|p7zip}} || 2016-05-10 || <= 15.14.1-1 || 15.14.1-2 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000631.html ASA-201605-24]<br />
|-<br />
| {{CVE|CVE-2016-3698}} [https://github.com/jpirko/libndp/commit/2af9a55b38b55abbf05fd116ec097d4029115839] || {{pkg|libndp}} || 2016-05-17 || <= 1.5-1 || 1.6-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000633.html ASA-201605-26]<br />
|-<br />
| {{CVE|CVE-2016-2803}} [http://seclists.org/bugtraq/2016/May/72] || {{pkg|bugzilla}} || 2016-05-16 || <= 5.0.2-1 || 5.0.3-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000632.html ASA-201605-25]<br />
|-<br />
| {{CVE|CVE-2016-2099}} [https://issues.apache.org/jira/browse/XERCESC-2066] [http://www.openwall.com/lists/oss-security/2016/05/09/7] || {{pkg|xerces-c}} || 2016-05-09 || <= 3.1.3-1 || 3.1.3-2 || 46d || Fixed ({{bug|49353}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000656.html ASA-201606-22]<br />
|-<br />
| [http://blog.jetbrains.com/blog/2016/05/11/security-update-for-intellij-based-ides-v2016-1-and-older-versions/] || {{pkg|intellij-idea-community-edition}} {{pkg|intellij-idea-libs}} || 2016-05-11 || <= 1:2016.1.1-1 || 1:2016.1.2-1 || 3d || Fixed ({{bug|49329}}) || None<br />
|-<br />
| {{CVE|CVE-2016-2804}} {{CVE|CVE-2016-2805}} {{CVE|CVE-2016-2806}} {{CVE|CVE-2016-2807}} [https://www.mozilla.org/en-US/security/advisories/mfsa2016-39/] || {{pkg|thunderbird}} || 2016-05-10 || <= 45.0-1 || 45.1.0-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000628.html ASA-201605-21]<br />
|-<br />
| {{CVE|CVE-2016-1667}} {{CVE|CVE-2016-1668}} {{CVE|CVE-2016-1669}} {{CVE|CVE-2016-1670}} [http://googlechromereleases.blogspot.fr/2016/05/stable-channel-update.html] || {{pkg|chromium}} || 2016-05-11 || <= 50.0.2661.94-1 || 50.0.2661.102-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000622.html ASA-201605-15] <br />
|-<br />
| {{CVE|CVE-2016-3706}} {{CVE|CVE-2016-1234}} [https://sourceware.org/bugzilla/show_bug.cgi?id=20010] || {{pkg|glibc}} {{pkg|lib32-glibc}} || 2016-04-27 || <= 2.23-2 || 2.23-4 || 17d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000626.html ASA-201605-19] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000627.html ASA-201605-20]<br />
|-<br />
| {{CVE|CVE-2016-1096}} {{CVE|CVE-2016-1097}} {{CVE|CVE-2016-1098}} {{CVE|CVE-2016-1099}} {{CVE|CVE-2016-1100}} {{CVE|CVE-2016-1101}} {{CVE|CVE-2016-1102}} {{CVE|CVE-2016-1103}} {{CVE|CVE-2016-1104}} {{CVE|CVE-2016-1105}} {{CVE|CVE-2016-1106}} {{CVE|CVE-2016-1107}} {{CVE|CVE-2016-1108}} {{CVE|CVE-2016-1109}} {{CVE|CVE-2016-1110}} {{CVE|CVE-2016-4108}} {{CVE|CVE-2016-4109}} {{CVE|CVE-2016-4110}} {{CVE|CVE-2016-4111}} {{CVE|CVE-2016-4112}} {{CVE|CVE-2016-4113}} {{CVE|CVE-2016-4114}} {{CVE|CVE-2016-4115}} {{CVE|CVE-2016-4116}} {{CVE|CVE-2016-4117}} [https://helpx.adobe.com/security/products/flash-player/apsa16-02.html] || {{pkg|flashplugin}} {{pkg|lib32-flashplugin}} || 2016-05-10 || <= 11.2.202.616-2 || 11.2.202.621-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000623.html ASA-201605-16] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000625.html ASA-201605-18]<br />
|-<br />
| {{CVE|CVE-2015-8558}} {{CVE|CVE-2016-3710}} {{CVE|CVE-2016-3712}} {{CVE|CVE-2016-5105}} {{CVE|CVE-2016-5107}} {{CVE|CVE-2016-5106}} [http://xenbits.xen.org/xsa/advisory-179.html] [http://www.openwall.com/lists/oss-security/2016/05/25/7] || {{pkg|qemu}} {{pkg|qemu-arch-extra}} || 2016-05-10 || <= 2.5.1-1 || 2.6.0-1 || 28d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000643.html ASA-201606-8] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000644.html ASA-201606-9]<br />
|-<br />
| {{CVE|CVE-2015-8558}} {{CVE|CVE-2016-3710}} {{CVE|CVE-2016-3712}} {{CVE|CVE-2016-5105}} {{CVE|CVE-2016-5107}} {{CVE|CVE-2016-5106}} [http://xenbits.xen.org/xsa/advisory-179.html] [http://www.openwall.com/lists/oss-security/2016/05/25/7] || {{pkg|qemu-guest-agent}} {{pkg|qemu-block-gluster}} {{pkg|qemu-block-iscsi}} {{pkg|qemu-block-rbd}} || 2016-05-10 || <= 2.5.1-1 || - || - || Not Affected || None<br />
|-<br />
| {{CVE|CVE-2016-1926}} [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1926] [http://www.openvas.org/OVSA20160113.html] || {{pkg|greenbone-security-assistant}} || 2016-01-16 || <= 6.0.6-2 || || || '''Vulnerable''' || <br />
|-<br />
| {{CVE|CVE-2016-3659}} [http://bugs.cacti.net/view.php?id=2673] || {{pkg|cacti}} || 2016-03-31 || <= 0.8.8_g-3 || 0.8.8_h-1 || 40d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000621.html ASA-201605-14]<br />
|-<br />
| {{CVE|CVE-2016-4554}} {{CVE|CVE-2016-4555}} {{CVE|CVE-2016-4556}} [http://www.squid-cache.org/Advisories/SQUID-2016_8.txt] [http://www.squid-cache.org/Advisories/SQUID-2016_9.txt] || {{pkg|squid}} || 2016-05-09 || <= 3.5.17-1 || 3.5.19-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000620.html ASA-201605-13]<br />
|-<br />
| {{CVE|CVE-2015-8106}} [http://www.openwall.com/lists/oss-security/2015/11/16/39] || {{pkg|latex2rtf}} || 2015-11-16 || <= 2.3.8-1 || 2.3.10-1 || ~6m || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000616.html ASA-201605-9]<br />
|-<br />
| {{CVE|CVE-2016-3105}} [https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.8_.2F_3.8.1_.282016-5-1.29] || {{pkg|mercurial}} || 2016-05-01 || <= 3.7.3-1 || 3.8.1-1 || 5d || Fixed ({{bug|49239}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000617.html ASA-201605-10] <br />
|-<br />
| {{CVE|CVE-2016-1236}} [http://www.openwall.com/lists/oss-security/2016/05/05/22] || {{pkg|websvn}} || 2016-05-05 || <= 2.3.3-6 || 2.3.3-7 || 98d || Fixed ({{bug|50344}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000685.html ASA-201608-11]<br />
|-<br />
| {{CVE|CVE-2016-4414}} [http://marc.info/?l=oss-security&m=146204310020229&w=2] || {{pkg|quassel-client}} {{pkg|quassel-monolithic}} || 2016-04-30 || <= 0.12.3-1 || - || - || Not Affected || None<br />
|-<br />
| {{CVE|CVE-2016-4352}} [http://www.openwall.com/lists/oss-security/2016/04/29/7] || {{pkg|mencoder}} {{pkg|mplayer}} || 2016-05-03 || <= 37379-7 || 37857-1 || 3d || Fixed ({{bug|49195}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000618.html ASA-201605-11] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000619.html ASA-201605-12]<br />
|-<br />
| {{CVE|CVE-2016-4574}} [http://www.openwall.com/lists/oss-security/2016/05/10/4] || {{pkg|libksba}} || 2016-05-03 || <= 1.3.3-1 || 1.3.4-1 || 9d || Fixed ({{bug|49289}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000624.html ASA-201605-17]<br />
|-<br />
| {{CVE|CVE-2016-4354}} {{CVE|CVE-2016-4353}} {{CVE|CVE-2016-4355}} {{CVE|CVE-2016-4356}} [http://www.openwall.com/lists/oss-security/2016/04/29/8] || {{pkg|libksba}} || 2016-04-10 || <= 1.3.2-1 || 1.3.3-1 || 18d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-4348}} {{CVE|CVE-2016-4347}} [http://www.openwall.com/lists/oss-security/2016/04/30/3] || {{pkg|librsvg}} || 2016-05-03 || <= 2:2.40.2-2 || 2:2.40.15-2 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-4415}} {{CVE|CVE-2016-4416}} {{CVE|CVE-2016-4417}} {{CVE|CVE-2016-4418}} {{CVE|CVE-2016-4419}} {{CVE|CVE-2016-4420}} {{CVE|CVE-2016-4421}} {{CVE|CVE-2016-4076}} {{CVE|CVE-2016-4077}} {{CVE|CVE-2016-4078}} {{CVE|CVE-2016-4079}} {{CVE|CVE-2016-4080}} {{CVE|CVE-2016-4081}} {{CVE|CVE-2016-4006}} {{CVE|CVE-2016-4082}} {{CVE|CVE-2016-4083}} {{CVE|CVE-2016-4084}} {{CVE|CVE-2016-4085}} [http://www.openwall.com/lists/oss-security/2016/04/25/2] || {{pkg|wireshark-cli}} {{pkg|wireshark-qt}} {{pkg|wireshark-gtk}} || 2016-05-03 || <= 2.0.2-1 || 2.0.3-1 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-3714}} [http://www.openwall.com/lists/oss-security/2016/05/03/13] [http://www.openwall.com/lists/oss-security/2016/05/03/14]|| {{pkg|imagemagick}} || 2016-05-03 || <= 6.9.3.8-1 || 6.9.3.10-1 || 3d || Fixed ({{bug|49203}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000613.html ASA-201605-6]<br />
|-<br />
| {{CVE|CVE-2016-4477}} {{CVE|CVE-2016-4476}} [http://www.openwall.com/lists/oss-security/2016/05/03/2] || {{pkg|hostapd}} || 2016-05-03 || <= 2.5-2 || 2.6-1 || 90d || Fixed ({{bug|49196}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-October/000731.html ASA-201610-3]<br />
|-<br />
| {{CVE|CVE-2016-4477}} {{CVE|CVE-2016-4476}} [http://www.openwall.com/lists/oss-security/2016/05/03/2] || {{pkg|wpa_supplicant}} || 2016-05-03 || <= 1:2.5-3 || || || '''Vulnerable''' ({{bug|49196}}) || <br />
|-<br />
| {{CVE|CVE-2016-2105}} {{CVE|CVE-2016-2106}} {{CVE|CVE-2016-2107}} {{CVE|CVE-2016-2109}} {{CVE|CVE-2016-2176}} [https://www.openssl.org/news/secadv/20160503.txt] || {{pkg|openssl}} {{pkg|lib32-openssl}} || 2016-05-03 || <= 1.0.2.g-3 || 1.0.2.h-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000610.html ASA-201605-3] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000611.html ASA-201605-4]<br />
|-<br />
| {{CVE|CVE-2016-4425}} [https://github.com/akheron/jansson/issues/282] [http://marc.info/?l=oss-security&m=146219323703639&w=2] || {{pkg|jansson}} || 2016-05-02 || <= 2.7-1 || 2.8-1 || 137d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000711.html ASA-201609-15]<br />
|-<br />
| {{CVE|CVE-2016-4425}} [https://github.com/akheron/jansson/issues/282] [http://marc.info/?l=oss-security&m=146219323703639&w=2] || {{pkg|lib32-jansson}} || 2016-05-02 || <= 2.7-2 || 2.8-1 || 140d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000713.html ASA-201609-17]<br />
|-<br />
| {{CVE|CVE-2016-1660}} {{CVE|CVE-2016-1661}} {{CVE|CVE-2016-1662}} {{CVE|CVE-2016-1663}} {{CVE|CVE-2016-1664}} {{CVE|CVE-2016-1665}} {{CVE|CVE-2016-1666}} [http://googlechromereleases.blogspot.fr/2016/04/stable-channel-update_28.html] || {{pkg|chromium}} || 2016-04-28 || <= 50.0.2661.75-1 || 50.0.2661.94-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000614.html ASA-201605-7]<br />
|-<br />
| {{CVE|CVE-2015-8869}} || {{pkg|ocaml}} || 2016-04-29 || <= 4.02.3-2 || || || '''Vulnerable''' || <br />
|-<br />
| {{CVE|CVE-2016-4414}} [http://marc.info/?l=oss-security&m=146204310020229&w=2] || {{pkg|quassel-core}} || 2016-04-30 || <= 0.12.3-1 || 0.12.4-1 || 6d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000612.html ASA-201605-5]<br />
|-<br />
| {{CVE|CVE-2016-2167}} {{CVE|CVE-2016-2168}} [https://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgfn1iKueW51EpmXzXi_URNfGNofZSgOyW1_jnSeNm5DQ@mail.gmail.com%3E] || {{pkg|subversion}} || 2016-04-28 || <= 1.9.3-2 || 1.9.4-1 || 38d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000641.html ASA-201606-6]<br />
|-<br />
| {{CVE|CVE-2015-7704}} {{CVE|CVE-2015-8138}} {{CVE|CVE-2016-1547}} {{CVE|CVE-2016-1548}} {{CVE|CVE-2016-1549}} {{CVE|CVE-2016-1550}} {{CVE|CVE-2016-1551}} {{CVE|CVE-2016-2516}} {{CVE|CVE-2016-2517}} {{CVE|CVE-2016-2518}} {{CVE|CVE-2016-2519}} [http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security] || {{pkg|ntp}} || 2016-04-26 || <= 4.2.8.p6-3 || 4.2.8.p7-1 || 6d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-2804}} {{CVE|CVE-2016-2805}} {{CVE|CVE-2016-2806}} {{CVE|CVE-2016-2807}} {{CVE|CVE-2016-2808}} {{CVE|CVE-2016-2811}} {{CVE|CVE-2016-2812}} {{CVE|CVE-2016-2814}} {{CVE|CVE-2016-2816}} {{CVE|CVE-2016-2817}} {{CVE|CVE-2016-2820}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox46] || {{pkg|firefox}} || 2016-04-26 || <= 45.0.2-1 || 46.0-2 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000607.html ASA-201604-15]<br />
|-<br />
| {{CVE|CVE-2015-8863}} [http://seclists.org/oss-sec/2016/q2/134] || {{pkg|jq}} || 2016-04-23 || <= 1.5-3 || 1.5-4 || 109d || Fixed ({{bug|50330}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000684.html ASA-201608-10]<br />
|-<br />
| {{CVE|CVE-2016-3074}} [http://seclists.org/oss-sec/2016/q2/128] || {{pkg|gd}} || 2016-04-21 || <= 2.1.1-3 || 2.1.1-4 || 15d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000615.html ASA-201605-8]<br />
|-<br />
| {{CVE|CVE-2016-4051}} {{CVE|CVE-2016-4052}} {{CVE|CVE-2016-4053}} {{CVE|CVE-2016-4054}} [http://www.squid-cache.org/Advisories/SQUID-2016_5.txt] [http://www.squid-cache.org/Advisories/SQUID-2016_6.txt] || {{pkg|squid}} || 2016-04-20 || <= 3.5.16-1 || 3.5.17-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000606.html ASA-201604-14]<br />
|-<br />
| {{CVE|CVE-2016-4021}} [https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2016-030.txt] || {{pkg|pgpdump}} || 2016-04-12 || <= 0.29-2 || 0.30-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000603.html ASA-201604-11]<br />
|-<br />
| {{CVE|CVE-2016-1955}} {{CVE|CVE-2016-1956}} [https://www.mozilla.org/en-US/security/advisories/mfsa2016-18/] [https://www.mozilla.org/en-US/security/advisories/mfsa2016-19/] || {{pkg|thunderbird}} || 2016-04-12 || <= 38.7.2-1 || 45.0-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000604.html ASA-201604-12]<br />
|-<br />
| {{CVE|CVE-2016-2347}} [http://www.talosintel.com/reports/TALOS-2016-0095/] || {{pkg|lhasa}} || 2016-04-14 || <= 0.3.0-1 || 0.3.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000600.html ASA-201604-8]<br />
|-<br />
| {{CVE|CVE-2016-1651}} {{CVE|CVE-2016-1652}} {{CVE|CVE-2016-1653}} {{CVE|CVE-2016-1654}} {{CVE|CVE-2016-1655}} {{CVE|CVE-2016-1656}} {{CVE|CVE-2016-1657}} {{CVE|CVE-2016-1658}} {{CVE|CVE-2016-1659}} [http://googlechromereleases.blogspot.fr/2016/04/stable-channel-update_13.html] || {{pkg|chromium}} || 2016-04-13|| <= 49.0.2623.112-1 || 50.0.2661.75-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000602.html ASA-201604-10]<br />
|-<br />
| {{CVE|CVE-2015-5370}} {{CVE|CVE-2016-2110}} {{CVE|CVE-2016-2111}} {{CVE|CVE-2016-2112}} {{CVE|CVE-2016-2113}} {{CVE|CVE-2016-2114}} {{CVE|CVE-2016-2115}} {{CVE|CVE-2016-2118}} [https://www.samba.org/samba/history/security.html] [http://badlock.org/] || {{pkg|samba}} || 2016-04-12|| <= 4.4.0-1 || 4.4.2-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000605.html ASA-201604-13]<br />
|-<br />
| {{CVE|CVE-2016-4008}} [http://article.gmane.org/gmane.comp.security.oss.general/19286] || {{pkg|libtasn1}} || 2016-04-11|| <= 4.7-1 || 4.8-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000601.html ASA-201604-9]<br />
|-<br />
| {{CVE|CVE-2011-5326}} {{CVE|CVE-2016-3993}} {{CVE|CVE-2016-3994}} {{CVE|CVE-2016-4024}} [https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=785369] [http://article.gmane.org/gmane.comp.security.oss.general/19276] || {{pkg|imlib2}} || 2016-04-09 || <= 1.4.8-1 || 1.4.9-1 || 23d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000608.html ASA-201605-1]<br />
|-<br />
| {{CVE|CVE-2014-9771}} [http://www.openwall.com/lists/oss-security/2016/04/09/3] || {{pkg|imlib2}} || 2016-04-09 || <= 1.4.5-6 || 1.4.6-1 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-1006}} {{CVE|CVE-2016-1011}} {{CVE|CVE-2016-1012}} {{CVE|CVE-2016-1013}} {{CVE|CVE-2016-1014}} {{CVE|CVE-2016-1015}} {{CVE|CVE-2016-1016}} {{CVE|CVE-2016-1017}} {{CVE|CVE-2016-1018}} {{CVE|CVE-2016-1019}} {{CVE|CVE-2016-1020}} {{CVE|CVE-2016-1021}} {{CVE|CVE-2016-1022}} {{CVE|CVE-2016-1023}} {{CVE|CVE-2016-1024}} {{CVE|CVE-2016-1025}} {{CVE|CVE-2016-1026}} {{CVE|CVE-2016-1027}} {{CVE|CVE-2016-1028}} {{CVE|CVE-2016-1029}} {{CVE|CVE-2016-1030}} {{CVE|CVE-2016-1031}} {{CVE|CVE-2016-1032}} {{CVE|CVE-2016-1033}} [https://helpx.adobe.com/security/products/flash-player/apsa16-01.html] [https://helpx.adobe.com/security/products/flash-player/apsb16-10.html] || {{pkg|flashplugin}} || 2016-04-05 || <= 11.2.202.577-1 || 11.2.202.616-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000599.html ASA-201604-7]<br />
|-<br />
| {{CVE|CVE-2016-3630}} {{CVE|CVE-2016-3068}} {{CVE|CVE-2016-3069}} [https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.29] || {{pkg|mercurial}} || 2016-03-29 || <= 3.7.2-1 || 3.7.3-1 || 8d || Fixed ({{bug|48821}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000598.html ASA-201604-6]<br />
|-<br />
| {{CVE|CVE-2016-2191}} [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2191] [https://sourceforge.net/p/optipng/bugs/59/] [http://www.openwall.com/lists/oss-security/2016/04/04/2]|| {{Pkg|optipng}} || 2016-04-04 || <= 0.7.5-2 || 0.7.6-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000597.html ASA-201604-5]<br />
|-<br />
| {{CVE|CVE-2016-3947}} [http://www.squid-cache.org/Advisories/SQUID-2016_3.txt] || {{Pkg|squid}} || 2016-04-01 || <= 3.5.15-2 || 3.5.16 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000596.html ASA-201604-4]<br />
|-<br />
| {{CVE|CVE-2016-0636}} [http://www.oracle.com/technetwork/topics/security/alert-cve-2016-0636-2949497.html] [http://blog.fuseyism.com/index.php/2016/03/25/security-icedtea-2-6-5-for-openjdk-7-released/] || {{pkg|jdk7-openjdk}} {{pkg|jre7-openjdk}} {{pkg|jre7-openjdk-headless}} || 2016-03-24 || <= 7.u95_2.6.4-1 || 7.u99_2.6.5-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000593.html ASA-201604-1] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000594.html ASA-201604-2] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000595.html ASA-201604-3]<br />
|-<br />
| {{CVE|CVE-2016-0636}} [http://www.oracle.com/technetwork/topics/security/alert-cve-2016-0636-2949497.html] || {{pkg|jdk8-openjdk}} {{pkg|jre8-openjdk}} {{pkg|jre8-openjdk-headless}} || 2016-03-23 || <= 8.u74-1 || 8.u77-1 || 6d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000590.html ASA-201603-25] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000591.html ASA-201603-26] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000592.html ASA-201603-27]<br />
|-<br />
| {{CVE|CVE-2016-1646}} {{CVE|CVE-2016-1647}} {{CVE|CVE-2016-1648}} {{CVE|CVE-2016-1649}} {{CVE|CVE-2016-1650}} [http://googlechromereleases.blogspot.fr/2016/03/stable-channel-update_24.html] || {{pkg|chromium}} || 2016-03-24 || <= 49.0.2623.87-1 || 49.0.2623.108-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000589.html ASA-201603-24]<br />
|-<br />
| {{CVE|CVE-2016-2849}} {{CVE|CVE-2016-2850}} [http://botan.randombit.net/security.html#id1] || {{pkg|botan}} || 2016-03-20 || <= 1.11.28-1 || 1.11.29-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000587.html ASA-201603-22]<br />
|-<br />
| {{CVE|CVE-2016-1952}} {{CVE|CVE-2016-1953}} {{CVE|CVE-2016-1954}} {{CVE|CVE-2016-1957}} {{CVE|CVE-2016-1960}} {{CVE|CVE-2016-1961}} {{CVE|CVE-2016-1964}} {{CVE|CVE-2016-1966}} {{CVE|CVE-2016-1974}} {{CVE|CVE-2016-1977}} {{CVE|CVE-2016-2790}} {{CVE|CVE-2016-2791}} {{CVE|CVE-2016-2792}} {{CVE|CVE-2016-2793}} {{CVE|CVE-2016-2794}} {{CVE|CVE-2016-2795}} {{CVE|CVE-2016-2796}} {{CVE|CVE-2016-2797}} {{CVE|CVE-2016-2798}} {{CVE|CVE-2016-2799}} {{CVE|CVE-2016-2800}} {{CVE|CVE-2016-2801}} {{CVE|CVE-2016-2802}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird38.7] || {{pkg|thunderbird}} || 2016-03-14 || <= 38.6.0-1 || 38.7.0-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000586.html ASA-201603-21]<br />
|-<br />
| {{CVE|CVE-2016-2324}} [http://seclists.org/oss-sec/2016/q1/653] || {{pkg|git}} || 2016-03-15 || <= 2.7.3-1 || 2.7.4-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000585.html ASA-201603-20]<br />
|-<br />
| {{CVE|CVE-2016-3116}} [https://matt.ucc.asn.au/dropbear/CHANGES] || {{pkg|dropbear}} || 2016-03-13 || <= 2015.71-1 || 2016.72-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000584.html ASA-201603-19]<br />
|-<br />
| {{CVE|CVE-2015-1283}} [https://sourceforge.net/p/expat/bugs/528/] || {{pkg|expat}} || 2016-03-12 || <= 2.1.0-4 || 2.1.1-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000588.html ASA-201603-23]<br />
|-<br />
| {{CVE|CVE-2016-2088}} [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2088] {{CVE|CVE-2016-1286}} [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1286] {{CVE|CVE-2016-1285}} [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1285] || {{pkg|bind}} || 2016-03-10 || <= 9.10.3.P3-3 || 9.10.3.P4-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000578.html ASA-201603-13]<br />
|-<br />
| {{CVE|CVE-2016-0960}} {{CVE|CVE-2016-0961}} {{CVE|CVE-2016-0962}} {{CVE|CVE-2016-0963}} {{CVE|CVE-2016-0986}} {{CVE|CVE-2016-0987}} {{CVE|CVE-2016-0988}} {{CVE|CVE-2016-0989}} {{CVE|CVE-2016-0990}} {{CVE|CVE-2016-0991}} {{CVE|CVE-2016-0992}} {{CVE|CVE-2016-0993}} {{CVE|CVE-2016-0994}} {{CVE|CVE-2016-0995}} {{CVE|CVE-2016-0996}} {{CVE|CVE-2016-0997}} {{CVE|CVE-2016-0998}} {{CVE|CVE-2016-0999}} {{CVE|CVE-2016-1000}} {{CVE|CVE-2016-1001}} {{CVE|CVE-2016-1002}} {{CVE|CVE-2016-1005}} {{CVE|CVE-2016-1010}} [https://helpx.adobe.com/security/products/flash-player/apsb16-08.html] || {{pkg|lib32-flashplugin}} || 2016-03-10 || <= 11.2.202.569-1 || 11.2.202.577-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000576.html ASA-201603-11]<br />
|-<br />
| {{CVE|CVE-2016-0960}} {{CVE|CVE-2016-0961}} {{CVE|CVE-2016-0962}} {{CVE|CVE-2016-0963}} {{CVE|CVE-2016-0986}} {{CVE|CVE-2016-0987}} {{CVE|CVE-2016-0988}} {{CVE|CVE-2016-0989}} {{CVE|CVE-2016-0990}} {{CVE|CVE-2016-0991}} {{CVE|CVE-2016-0992}} {{CVE|CVE-2016-0993}} {{CVE|CVE-2016-0994}} {{CVE|CVE-2016-0995}} {{CVE|CVE-2016-0996}} {{CVE|CVE-2016-0997}} {{CVE|CVE-2016-0998}} {{CVE|CVE-2016-0999}} {{CVE|CVE-2016-1000}} {{CVE|CVE-2016-1001}} {{CVE|CVE-2016-1002}} {{CVE|CVE-2016-1005}} {{CVE|CVE-2016-1010}} [https://helpx.adobe.com/security/products/flash-player/apsb16-08.html] || {{pkg|flashplugin}} || 2016-03-10 || <= 11.2.202.569-1 || 11.2.202.577-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000575.html ASA-201603-10]<br />
|-<br />
| {{CVE|CVE-2016-3115}} [http://www.openssh.com/txt/x11fwd.adv] || {{pkg|openssh}} || 2016-03-10 || <= 7.2p1-1 || 7.2p2-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000577.html ASA-201603-12]<br />
|-<br />
| {{CVE|CVE-2015-8833}} [http://seclists.org/oss-sec/2016/q1/572] || {{pkg|pidgin-otr}} || 2016-03-09 || <= 4.0.1-2 || 4.0.2-1 || 3d || Fixed ({{bug|48537}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000579.html ASA-201603-14]<br />
|-<br />
| {{CVE|CVE-2016-2774}} [https://kb.isc.org/article/AA-01354] || {{pkg|dhcp}} || 2016-03-09 || <= 4.3.3.p1-1 || 4.3.4-1 || 21d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-1531}} [http://www.exim.org/static/doc/CVE-2016-1531.txt] || {{pkg|exim}} || 2016-03-06 || <= 4.86.1-1 || 4.86.2-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000573.html ASA-201603-8]<br />
|-<br />
| {{CVE|CVE-2016-1577}} {{CVE|CVE-2016-2089}} {{CVE|CVE-2016-2116}} || {{pkg|jasper}} || 2016-03-06 || <= 1.900.1-14 || 1.900.1-15 || ~2m || Fixed ({{bug|48511}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000609.html ASA-201605-2]<br />
|-<br />
| {{CVE|CVE-2016-1285}} {{CVE|CVE-2016-1286}} [https://kb.isc.org/article/AA-01352/] [https://kb.isc.org/article/AA-01353/] || {{pkg|bind}} || 2016-03-09 || <= 9.10.3.P3-3 || 9.10.3.P4-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000572.html ASA-201603-7]<br />
|-<br />
| {{CVE|CVE-2016-2851}} [https://otr.cypherpunks.ca/] || {{pkg|libotr}} || 2016-03-09 || <= 4.1.0-1 || 4.1.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000571.html ASA-201603-6]<br />
|-<br />
| {{CVE|CVE-2016-1643}} {{CVE|CVE-2016-1644}} {{CVE|CVE-2016-1645}} || {{pkg|chromium}} || 2016-03-09 || <= 49.0.2623.75-1 || 49.0.2623.87-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000570.html ASA-201603-5]<br />
|-<br />
| {{CVE|CVE-2016-1952}} {{CVE|CVE-2016-1953}} {{CVE|CVE-2016-1954}} {{CVE|CVE-2016-1955}} {{CVE|CVE-2016-1956}} {{CVE|CVE-2016-1957}} {{CVE|CVE-2016-1958}} {{CVE|CVE-2016-1959}} {{CVE|CVE-2016-1960}} {{CVE|CVE-2016-1961}} {{CVE|CVE-2016-1962}} {{CVE|CVE-2016-1963}} {{CVE|CVE-2016-1964}} {{CVE|CVE-2016-1965}} {{CVE|CVE-2016-1966}} {{CVE|CVE-2016-1967}} {{CVE|CVE-2016-1968}} {{CVE|CVE-2016-1970}} {{CVE|CVE-2016-1971}} {{CVE|CVE-2016-1972}} {{CVE|CVE-2016-1973}} {{CVE|CVE-2016-1974}} {{CVE|CVE-2016-1975}} {{CVE|CVE-2016-1976}} {{CVE|CVE-2016-1977}} {{CVE|CVE-2016-2790}} {{CVE|CVE-2016-2791}} {{CVE|CVE-2016-2792}} {{CVE|CVE-2016-2793}} {{CVE|CVE-2016-2794}} {{CVE|CVE-2016-2795}} {{CVE|CVE-2016-2796}} {{CVE|CVE-2016-2797}} {{CVE|CVE-2016-2798}} {{CVE|CVE-2016-2799}} {{CVE|CVE-2016-2800}} {{CVE|CVE-2016-2801}} {{CVE|CVE-2016-2802}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox45] || {{pkg|firefox}} || 2016-03-08 || <= 44.0.2-2 || 45.0-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000569.html ASA-201603-4]<br />
|-<br />
| {{CVE|CVE-2016-2532}} {{CVE|CVE-2016-2531}} {{CVE|CVE-2016-2530}} {{CVE|CVE-2016-2529}} {{CVE|CVE-2016-2528}} {{CVE|CVE-2016-2527}} {{CVE|CVE-2016-2526}} {{CVE|CVE-2016-2525}} {{CVE|CVE-2016-2524}} {{CVE|CVE-2016-2523}} {{CVE|CVE-2016-2522}} {{CVE|CVE-2016-2521}} || {{pkg|wireshark-cli}} {{pkg|wireshark-qt}} {{pkg|wireshark-gtk}} || 2016-03-07 || <= 2.0.1-2 || 2.0.2-1 || 5d || Fixed ({{bug|48536}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000580.html ASA-201603-15] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000581.html ASA-201603-16] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000582.html ASA-201603-17]<br />
|-<br />
| {{CVE|CVE-2016-2381}} [https://www.debian.org/security/2016/dsa-3501] || {{pkg|perl}} || 2016-03-07 || <= 5.22.1-1 || 5.22.1-2 || 3d || Fixed ({{Bug|48482}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000574.html ASA-201603-9]<br />
|-<br />
| {{CVE|CVE-2015-8126}} {{CVE|CVE-2016-1630}} {{CVE|CVE-2016-1631}} {{CVE|CVE-2016-1632}} {{CVE|CVE-2016-1633}} {{CVE|CVE-2016-1634}} {{CVE|CVE-2016-1635}} {{CVE|CVE-2016-1636}} {{CVE|CVE-2016-1637}} {{CVE|CVE-2016-1638}} {{CVE|CVE-2016-1639}} {{CVE|CVE-2016-1640}} {{CVE|CVE-2016-1641}} {{CVE|CVE-2016-1642}} [http://googlechromereleases.blogspot.fr/2016/03/stable-channel-update.html] || {{pkg|chromium}} || 2016-03-02 || <= 48.0.2564.116-1 || 49.0.2623.75-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000566.html ASA-201603-1]<br />
|-<br />
| {{CVE|CVE-2016-0702}} {{CVE|CVE-2016-0705}} {{CVE|CVE-2016-0797}} {{CVE|CVE-2016-0798}} {{CVE|CVE-2016-0799}} {{CVE|CVE-2016-0800}} [https://www.openssl.org/news/secadv/20160301.txt] || {{pkg|openssl}} || 2016-03-01 || <= 1.0.2.f-1 || 1.0.2.g-3 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000567.html ASA-201603-2]<br />
|-<br />
| {{CVE|CVE-2016-0702}} {{CVE|CVE-2016-0705}} {{CVE|CVE-2016-0797}} {{CVE|CVE-2016-0798}} {{CVE|CVE-2016-0799}} {{CVE|CVE-2016-0800}} [https://www.openssl.org/news/secadv/20160301.txt] || {{pkg|lib32-openssl}} || 2016-03-01 || <= 1.0.2.f-1 || 1.0.2.g-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000568.html ASA-201603-3]<br />
|-<br />
| {{CVE|CVE-2015-7511}} [https://lists.gnupg.org/pipermail/gnupg-announce/2016q1/000384.html] || {{pkg|libgcrypt}} || 2016-02-09 || <= 1.6.4-1 || 1.6.5-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000560.html ASA-201602-19]<br />
|-<br />
| {{CVE|CVE-2016-0739}} [https://www.libssh.org/2016/02/23/libssh-0-7-3-security-and-bugfix-release/] || {{pkg|libssh}} || 2016-02-23 || <= 0.7.2-1 || 0.7.3-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000559.html ASA-201602-18]<br />
|-<br />
| {{CVE|CVE-2016-0787}} [https://www.libssh2.org/adv_20160223.html] || {{pkg|libssh2}} || 2016-02-23 || <= 1.6.0-1 || 1.7.0-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000561.html ASA-201602-20]<br />
|-<br />
| {{CVE|CVE-2016-0787}} [https://www.libssh2.org/adv_20160223.html] || {{pkg|lib32-libssh2}} || 2016-02-23 || <= 1.6.0-1 || 1.7.0-1 ||3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000562.html ASA-201602-21]<br />
|-<br />
| {{CVE|CVE-2016-1629}} [http://googlechromereleases.blogspot.fr/2016/02/stable-channel-update_18.html] || {{pkg|chromium}} || 2016-02-18 || <= 48.0.2564.109-1 || 48.0.2564.116-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000558.html ASA-201602-17]<br />
|-<br />
| {{CVE|CVE-2015-7575}} {{CVE|CVE-2016-1523}} {{CVE|CVE-2016-1930}} {{CVE|CVE-2016-1931}} {{CVE|CVE-2016-1935}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird38.6] || {{pkg|thunderbird}} || 2016-02-11 || <= 38.5.1-1 || 38.6.0-1 || 6d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000557.html ASA-201602-16]<br />
|-<br />
| {{CVE|CVE-2015-7547}} {{CVE|CVE-2015-8776}} {{CVE|CVE-2015-8777}} {{CVE|CVE-2015-8778}} {{CVE|CVE-2015-8779}} [https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html] [https://googleonlinesecurity.blogspot.de/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html] || {{pkg|glibc}} || 2016-02-16 || <= 2.22-3 || 2.22-4 || 1d || Fixed ({{Bug|48213}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000555.html ASA-201602-15]<br />
|-<br />
| {{CVE|CVE-2015-7547}} {{CVE|CVE-2015-8776}} {{CVE|CVE-2015-8777}} {{CVE|CVE-2015-8778}} {{CVE|CVE-2015-8779}} [https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html] [https://googleonlinesecurity.blogspot.de/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html] || {{pkg|lib32-glibc}} || 2016-02-16 || <= 2.22-3.1 || 2.22-4 || 1d || Fixed ({{Bug|48213}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000554.html ASA-201602-14]<br />
|-<br />
| {{CVE|CVE-2016-1622}} {{CVE|CVE-2016-1623}} {{CVE|CVE-2016-1624}} {{CVE|CVE-2016-1625}} {{CVE|CVE-2016-1626}} {{CVE|CVE-2016-1627}} [http://googlechromereleases.blogspot.fr/2016/02/stable-channel-update_9.html]|| {{pkg|chromium}} || 2016-02-09 || <= 48.0.2564.103-1 || 48.0.2564.109-1 || 6d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-1949}} [https://www.mozilla.org/en-US/security/advisories/mfsa2016-13/]|| {{pkg|firefox}} || 2016-02-11 || <= 44.0.1-1 || 44.0.2-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000552.html ASA-201602-12]<br />
|-<br />
| {{CVE|CVE-2016-1544}} [https://nghttp2.org/blog/2016/02/11/nghttp2-v1-7-1/]|| {{pkg|nghttp2}} || 2016-02-11 || <= 1.7.0-1 || 1.7.1-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000553.html ASA-201602-13]<br />
|-<br />
| {{CVE|CVE-2014-2312}} [https://www.kde.org/info/security/advisory-20160209-1.txt]|| {{pkg|kscreenlocker}} || 2016-02-10 || <= 5.5.4-1 || 5.5.4-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000550.html ASA-201602-10]<br />
|-<br />
| {{CVE|CVE-2014-9496}} {{CVE|CVE-2014-9756}} {{CVE|CVE-2015-7805}} || {{pkg|libsndfile}} {{pkg|lib32-libsndfile}} || 2016-02-01 || <= 1.0.25-3 || 1.0.26-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000548.html ASA-201602-8] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000549.html ASA-201602-9]<br />
|-<br />
| {{CVE|CVE-2015-8803}} {{CVE|CVE-2015-8804}} {{CVE|CVE-2015-8805}} [https://blog.fuzzing-project.org/38-Miscomputations-of-elliptic-curve-scalar-multiplications-in-Nettle.html] || {{pkg|nettle}} {{pkg|lib32-nettle}} || 2016-02-03 || <= 3.1-1 || 3.2-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000545.html ASA-201602-5] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000546.html ASA-201602-6]<br />
|-<br />
| {{CVE|CVE-2016-2194}} {{CVE|CVE-2016-2195}} {{CVE|CVE-2016-2196}} [http://botan.randombit.net/security.html#id1] || {{pkg|botan}} || 2016-02-01 || <= 1.11.25-2 || 1.11.28-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000551.html ASA-201602-11]<br />
|-<br />
| {{CVE|CVE-2014-9761}} [http://seclists.org/oss-sec/2016/q1/153] || {{pkg|lib32-glibc}} || 2016-02-01 || <= 2.22-4 || 2.23-1 || 27d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000564.html ASA-201602-23]<br />
|-<br />
| {{CVE|CVE-2014-9761}} [http://seclists.org/oss-sec/2016/q1/153] || {{pkg|glibc}} || 2016-02-01 || <= 2.22-4 || 2.23-1 || 27d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000563.html ASA-201602-22]<br />
|-<br />
| {{CVE|CVE-2016-2048}} [https://www.djangoproject.com/weblog/2016/feb/01/releases-192-and-189/] || {{pkg|python-django}} {{pkg|python2-django}} || 2016-02-01 || <= 1.9.1-1 || 1.9.2-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000540.html ASA-201602-1] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000542.html ASA-201602-2]<br />
|-<br />
| {{CVE|CVE-2016-2090}} [http://article.gmane.org/gmane.comp.security.oss.general/18715] [http://cgit.freedesktop.org/libbsd/commit/?id=c8f0723d2b4520bdd6b9eb7c3e7976de726d7ff7] [https://bugs.freedesktop.org/show_bug.cgi?id=93881] [https://blog.fuzzing-project.org/36-Heap-buffer-overflow-in-fgetwln-function-of-libbsd.html] || {{pkg|libbsd}} || 2016-01-27 || <= 0.8.1-1 || 0.8.2-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000547.html ASA-201602-7]<br />
|-<br />
| {{CVE|CVE-2015-3197}} {{CVE|CVE-2015-4000}} {{CVE|CVE-2016-0701}} [https://openssl.org/news/secadv/20160128.txt] || {{pkg|openssl}} {{pkg|lib32-openssl}} || 2016-01-28 || <= 1.0.2.e-1 || 1.0.2.f-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000538.html ASA-201601-32] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000539.html ASA-201601-33]<br />
|-<br />
| {{CVE|CVE-2016-0755}} [http://curl.haxx.se/docs/adv_20160127A.html] || {{pkg|curl}} {{pkg|lib32-curl}} || 2016-01-27 || <= 7.46.0-1 || 7.47.0-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000543.html ASA-201602-3] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000544.html ASA-201602-4]<br />
|-<br />
| {{CVE|CVE-2016-0742}} {{CVE|CVE-2016-0746}} {{CVE|CVE-2016-0747}} [http://mailman.nginx.org/pipermail/nginx-announce/2016/000168.html] || {{pkg|nginx}} || 2016-01-26 || <= 1.8.0-2 || 1.8.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000536.html ASA-201601-31]<br />
|-<br />
| {{CVE|CVE-2016-1982}} {{CVE|CVE-2016-1983}} [http://seclists.org/oss-sec/2016/q1/179] || {{pkg|privoxy}} || 2016-01-21 || <= 3.0.23-1 || 3.0.24-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000532.html ASA-201601-27]<br />
|-<br />
| {{CVE|CVE-2016-1572}} [https://bugs.launchpad.net/ecryptfs/+bug/1530566] || {{pkg|ecryptfs-utils}} || 2016-01-21 || <= 108-1 || 108-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000530.html ASA-201601-25]<br />
|-<br />
| {{CVE|CVE-2016-1612}} {{CVE|CVE-2016-1613}} {{CVE|CVE-2016-1614}} {{CVE|CVE-2016-1615}} {{CVE|CVE-2016-1616}} {{CVE|CVE-2016-1617}} {{CVE|CVE-2016-1618}} {{CVE|CVE-2016-1619}} {{CVE|CVE-2016-1620}} [http://googlechromereleases.blogspot.fr/2016/01/stable-channel-update_20.html] || {{pkg|chromium}} || 2016-01-20 || <= 47.0.2526.111-1 || 48.0.2564.82-1 || 1d|| Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000533.html ASA-201601-28]<br />
|-<br />
| {{CVE|CVE-2015-8704}} {{CVE|CVE-2015-8705}} [https://kb.isc.org/article/AA-01335] [https://kb.isc.org/article/AA-01336] || {{pkg|bind}} || 2016-01-19 || <= 9.10.3.P2-1 || 9.10.3.P3-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000526.html ASA-201601-21]<br />
|-<br />
| {{CVE|CVE-2016-0728}} [http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/] || {{pkg|linux-lts}} || 2016-01-19 || <= 4.1.15-1 || 4.1.16-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000531.html ASA-201601-26]<br />
|-<br />
| {{CVE|CVE-2016-0728}} [http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/] || {{pkg|linux}} || 2016-01-19 || <= 4.3.3-2 || 4.3.3-3 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000525.html ASA-201601-20]<br />
|-<br />
| {{CVE|CVE-2015-5300}} [http://support.ntp.org/bin/view/Main/NtpBug2956] || {{pkg|ntp}} || 2016-01-07 || <= 4.2.8.p4-1 || 4.2.8.p5-1 || 10d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000524.html ASA-201601-19]<br />
|-<br />
| {{CVE|CVE-2015-8618}} [https://groups.google.com/forum/#!topic/golang-dev/MEATuOi_ei4] || {{pkg|syncthing}} || 2016-01-13 || <= 0.12.14-1 || 0.12.14-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000521.html ASA-201601-16]<br />
|-<br />
| {{CVE|CVE-2015-8618}} [https://groups.google.com/forum/#!topic/golang-dev/MEATuOi_ei4] || {{pkg|keybase}} || 2016-01-13 || <= 1.0.8.0-1 || 1.0.8.0-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000520.html ASA-201601-15]<br />
|-<br />
| {{CVE|CVE-2015-8618}} [https://groups.google.com/forum/#!topic/golang-dev/MEATuOi_ei4] || {{pkg|hub}} || 2016-01-13 || <= 2.2.2-1 || 2.2.2-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000519.html ASA-201601-14]<br />
|-<br />
| {{CVE|CVE-2015-8618}} [https://groups.google.com/forum/#!topic/golang-dev/MEATuOi_ei4] || {{pkg|go-ipfs}} || 2016-01-13 || <= 0.3.11-1 || 0.3.11-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000518.html ASA-201601-13]<br />
|-<br />
| {{CVE|CVE-2015-8618}} [https://groups.google.com/forum/#!topic/golang-dev/MEATuOi_ei4] || {{pkg|docker}} || 2016-01-13 || <= 1:1.9.1-1 || 1:1.9.1-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000517.html ASA-201601-12]<br />
|-<br />
| {{CVE|CVE-2015-8770}} [http://seclists.org/bugtraq/2016/Jan/60] || {{pkg|roundcubemail}} || 2015-12-26 || <= 1.2beta-1 || 1.2beta-2 || 20d || Fixed ({{bug|47764}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000523.html ASA-201601-18]<br />
|-<br />
| {{CVE|CVE-2016-1903}} {{CVE|CVE-2016-1904}} [http://seclists.org/oss-sec/2016/q1/100] || {{pkg|php}} || 2016-01-14 || <= 7.0.1-1 || 7.0.2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000515.html ASA-201601-10]<br />
|-<br />
| {{CVE|CVE-2016-0777}} {{CVE|CVE-2016-0778}} [http://www.openssh.com/txt/release-7.1p2] || {{pkg|openssh}} || 2016-01-14 || <= 7.1p1-1 || 7.1p2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000512.html ASA-201601-9]<br />
|-<br />
| {{CVE|CVE-2016-2213}} [http://www.openwall.com/lists/oss-security/2016/02/03/2] || {{pkg|ffmpeg}} || 2016-02-03 || <= 2.8.4-1 || 2.8.5-1 || 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-1897}} {{CVE|CVE-2016-1898}} [http://seclists.org/oss-sec/2016/q1/85] || {{pkg|ffmpeg}} || 2016-01-13 || <= 1:2.8.4-2 || 1:2.8.4-3 || <1d || Fixed ({{Bug|47738}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000522.html ASA-201601-17]<br />
|-<br />
| {{CVE|CVE-2016-1897}} {{CVE|CVE-2016-1898}} [http://seclists.org/oss-sec/2016/q1/85] || {{pkg|mplayer}} || 2016-01-13 || <= 37379-6 || 37379-7 || 17d || Fixed ({{Bug|47944}}) || None<br />
|-<br />
| {{CVE|CVE-2015-8618}} [https://groups.google.com/forum/#!topic/golang-dev/MEATuOi_ei4] || {{pkg|go}} || 2016-01-13 || <= 2:1.5.2-1 || 2:1.5.3-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000516.html ASA-201601-11]<br />
|-<br />
|{{CVE|CVE-2015-8742}} {{CVE|CVE-2015-8741}} {{CVE|CVE-2015-8740}} {{CVE|CVE-2015-8738}} {{CVE|CVE-2015-8739}} {{CVE|CVE-2015-8737}} {{CVE|CVE-2015-8736}} {{CVE|CVE-2015-8735}} {{CVE|CVE-2015-8734}} {{CVE|CVE-2015-8733}} {{CVE|CVE-2015-8732}} {{CVE|CVE-2015-8730}} {{CVE|CVE-2015-8731}} {{CVE|CVE-2015-8729}} {{CVE|CVE-2015-8728}} {{CVE|CVE-2015-8727}} {{CVE|CVE-2015-8726}} {{CVE|CVE-2015-8725}} {{CVE|CVE-2015-8724}} {{CVE|CVE-2015-8723}} {{CVE|CVE-2015-8722}} {{CVE|CVE-2015-8721}} {{CVE|CVE-2015-8720}} {{CVE|CVE-2015-8718}} {{CVE|CVE-2015-8711}} || {{Pkg|wireshark-cli}} {{Pkg|wireshark-gtk}} {{Pkg|wireshark-qt}} || 2016-01-04 || <= 2.0.0 || 2.0.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000483.html ASA-201601-4] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000484.html ASA-201601-5] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000485.html ASA-201601-6]<br />
|-<br />
| {{CVE|CVE-2016-1564}} [http://article.gmane.org/gmane.comp.security.oss.general/18527] || {{Pkg|wordpress}} || 2016-01-08 || <= 4.4-1 || 4.4.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000481.html ASA-201601-2]<br />
|-<br />
| {{CVE|CVE-2015-8751}} [https://bugzilla.redhat.com/show_bug.cgi?id=1294039] [http://article.gmane.org/gmane.comp.security.oss.general/18523] || {{Pkg|jasper}} || 2016-01-07 || 1.900.1-15 || || || '''Vulnerable''' || <br />
|-<br />
| {{CVE|CVE-2015-8750}} [https://bugzilla.redhat.com/show_bug.cgi?id=1294264] [https://github.com/tomhughes/libdwarf/commit/11750a2838e52953013e3114ef27b3c7b1780697] || {{Pkg|libdwarf}} || 2016-01-07 || 20150507-1 || 20160115-1 || 13d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000527.html ASA-201601-22]<br />
|-<br />
| {{CVE|CVE-2016-1503}} {{CVE|CVE-2016-1504}} [http://article.gmane.org/gmane.comp.security.oss.general/18516] || {{Pkg|dhcpcd}} || 2016-01-07 || <= 6.9.4-1 || 6.10.0-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000486.html ASA-201601-7]<br />
|-<br />
| {{CVE|CVE-2015-7575}} [http://www.mitls.org/pages/attacks/SLOTH] [https://tls.mbed.org/tech-updates/releases/mbedtls-2.2.1-2.1.4-1.3.16-and-polarssl.1.2.19-released] || {{pkg|mbedtls}} || 2016-01-04 || 2.2.0-1 || 2.2.1-1 || 21d || Fixed ({{bug|47783}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000534.html ASA-201601-29]<br />
|-<br />
| {{CVE|CVE-2015-8688}} [http://gultsch.de/gajim_roster_push_and_message_interception.html] || {{pkg|gajim}} || 2015-12-20 || <= 0.16.4-1 || 0.16.5-1 || 20d || Fixed ({{bug|47647}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000482.html ASA-201601-3]<br />
|-<br />
| {{CVE|CVE-2016-1494}} [https://bitbucket.org/sybren/python-rsa/pull-requests/14/security-fix-bb06-attack-in-verify-by/diff] [https://blog.filippo.io/bleichenbacher-06-signature-forgery-in-python-rsa/] || {{pkg|python-rsa}} {{pkg|python2-rsa}} || 2016-01-05 || <= 3.2.3-1 || 3.3-1 || 13d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000528.html ASA-201601-23] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000529.html ASA-201601-24]<br />
|-<br />
| {{CVE|CVE-2016-1283}} [https://bugs.exim.org/show_bug.cgi?id=1767] [http://article.gmane.org/gmane.comp.security.oss.general/18481] || {{pkg|pcre}} || 2016-01-02 || <= 8.38-2 || 8.38-3 || 71d|| Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000583.html ASA-201603-18]<br />
|-<br />
|[http://article.gmane.org/gmane.comp.security.oss.general/18466] || {{Pkg|rtmpdump}} || 2015-12-23 || <= 20140918-2 || 1:2.4.r96.fa8646d-1 || 7d || Fixed ({{bug|47564}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000480.html ASA-201601-1]<br />
|-<br />
| {{CVE|CVE-2015-8472}} [http://seclists.org/oss-sec/2015/q4/439] || {{pkg|libpng}} || 2015-12-03 || <= 1.6.19-1 || 1.6.20-1 || 25d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000477.html ASA-201512-18]<br />
|-<br />
| {{CVE|CVE-2015-8459}} {{CVE|CVE-2015-8460}} {{CVE|CVE-2015-8634}} {{CVE|CVE-2015-8635}} {{CVE|CVE-2015-8636}} {{CVE|CVE-2015-8638}} {{CVE|CVE-2015-8639}} {{CVE|CVE-2015-8640}} {{CVE|CVE-2015-8641}} {{CVE|CVE-2015-8642}} {{CVE|CVE-2015-8643}} {{CVE|CVE-2015-8644}} {{CVE|CVE-2015-8645}} {{CVE|CVE-2015-8646}} {{CVE|CVE-2015-8647}} {{CVE|CVE-2015-8648}} {{CVE|CVE-2015-8649}} {{CVE|CVE-2015-8650}} {{CVE|CVE-2015-8651}} [https://helpx.adobe.com/security/products/flash-player/apsb16-01.html] || {{pkg|flashplugin}} {{pkg|lib32-flashplugin}} || 2015-12-28 || <= 11.2.202.554-1 || 11.2.202.559-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000477.html ASA-201512-17]<br />
|-<br />
| {{CVE|CVE-2015-7554}} {{CVE|CVE-2015-8683}} [http://seclists.org/oss-sec/2015/q4/584] [http://seclists.org/oss-sec/2015/q4/590] || {{pkg|libtiff}} || 2015-12-25 || <= 4.0.6-2 || || || '''Vulnerable''' || <br />
|-<br />
| {{CVE|CVE-2015-7201}} {{CVE|CVE-2015-7205}} {{CVE|CVE-2015-7212}} {{CVE|CVE-2015-7213}} {{CVE|CVE-2015-7214}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird38.5] || {{pkg|thunderbird}} || 2015-12-23 || <= 38.4.0-2 || 38.5.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000474.html ASA-201512-14]<br />
|-<br />
| {{CVE|CVE-2015-8612}} [http://seclists.org/oss-sec/2015/q4/541] || {{pkg|blueman}} || 2015-12-18 || <= 2.0.2-1 || 2.0.3-1 || 38d || Fixed ({{bug|47784}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000535.html ASA-201601-30]<br />
|-<br />
| {{CVE|CVE-2015-8659}} [http://seclists.org/oss-sec/2015/q4/576] || {{pkg|nghttp2}} || 2015-12-23 || <= 1.5.0-2 || 1.6.0-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000476.html ASA-201512-16]<br />
|-<br />
| {{CVE|CVE-2015-7555}} [http://seclists.org/oss-sec/2015/q4/548] || {{pkg|giflib}} || 2015-12-21 || <= 5.1.1-1 || 5.1.2-1 || 43d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-7557}} {{CVE|CVE-2015-7558}} [http://seclists.org/oss-sec/2015/q4/549] || {{pkg|librsvg}} || 2015-12-21 || <= 2:2.40.11-1 || 2:2.40.13-1 || 45d || Fixed ({{bug|47785}}) || None<br />
|-<br />
| {{CVE|CVE-2015-8622}} {{CVE|CVE-2015-8623}} {{CVE|CVE-2015-8624}} {{CVE|CVE-2015-8625}} {{CVE|CVE-2015-8626}} {{CVE|CVE-2015-8627}} {{CVE|CVE-2015-8628}} [http://seclists.org/oss-sec/2015/q4/552] || {{pkg|mediawiki}} || 2015-12-17 || <= 1.26.0-1 || 1.26.2-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000475.html ASA-201512-15]<br />
|-<br />
| {{CVE|CVE-2015-8614}} [http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3557] || {{pkg|claws-mail}} || 2015-12-21 || <= 3.13.0-1 || 3.13.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000473.html ASA-201512-13]<br />
|-<br />
| {{CVE|CVE-2015-8369}} {{CVE|CVE-2015-8604}} {{CVE|CVE-2015-8377}} {{CVE|CVE-2016-2313}} [http://www.openwall.com/lists/oss-security/2016/02/09/3] [https://bugs.mageia.org/show_bug.cgi?id=17352] [http://www.openwall.com/lists/oss-security/2016/01/04/8] || {{pkg|cacti}} || 2015-12-17 || <= 0.8.8_f-3 || 0.8.8_g-2 || 72d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000565.html ASA-201602-24]<br />
|-<br />
| [https://blog.fuzzing-project.org/32-Out-of-bounds-read-in-OpenVPN.html] || {{pkg|openvpn}} || 2015-12-18 || <= 2.3.8-2 || 2.3.9-1 || 9d || Fixed ({{bug|47498}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000479.html ASA-201512-19]<br />
|-<br />
| {{CVE|CVE-2015-8549}} [http://www.ocert.org/advisories/ocert-2015-011.html] || {{pkg|python2-pyamf}} || 2015-12-17 || <= 0.7.2-1 || 0.8.0-2 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000472.html ASA-201512-12]<br />
|-<br />
| {{CVE|CVE-2015-7551}} [https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/] || {{pkg|ruby}} || 2015-12-16 || <= 2.2.3-1 || 2.2.4-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000471.html ASA-201512-11]<br />
|-<br />
| {{CVE|CVE-2015-7201}} {{CVE|CVE-2015-7202}} {{CVE|CVE-2015-7203}} {{CVE|CVE-2015-7204}} {{CVE|CVE-2015-7205}} {{CVE|CVE-2015-7207}} {{CVE|CVE-2015-7208}} {{CVE|CVE-2015-7210}} {{CVE|CVE-2015-7211}} {{CVE|CVE-2015-7212}} {{CVE|CVE-2015-7213}} {{CVE|CVE-2015-7214}} {{CVE|CVE-2015-7215}} {{CVE|CVE-2015-7216}} {{CVE|CVE-2015-7217}} {{CVE|CVE-2015-7218}} {{CVE|CVE-2015-7219}} {{CVE|CVE-2015-7220}} {{CVE|CVE-2015-7221}} {{CVE|CVE-2015-7222}} {{CVE|CVE-2015-7223}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox43] || {{pkg|firefox}} || 2015-12-15 || <= 42.0-3 || 43.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000467.html ASA-201512-9]<br />
|-<br />
| {{CVE|CVE-2015-8000}} [https://kb.isc.org/article/AA-01317] || {{pkg|bind}} || 2015-12-15 || <= 9.10.3-2 || 9.10.3.P2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000468.html ASA-201512-10]<br />
|-<br />
| {{CVE|CVE-2015-8370}} [http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html#fix] || {{pkg|grub}} || 2015-12-15 || <= 1:2.02.beta2-5 || 1:2.02.beta2-6 || 3d || Fixed ({{bug|47386}}) || None<br />
|-<br />
| {{CVE|CVE-2015-8378}} [https://www.keepassx.org/news/2015/12/551] || {{pkg|keepassx}} || 2015-12-08 || <= 0.4.3-7 || 0.4.4-1 || <2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000466.html ASA-201512-8]<br />
|-<br />
| {{CVE|CVE-2015-8045}} {{CVE|CVE-2015-8047}} {{CVE|CVE-2015-8048}} {{CVE|CVE-2015-8049}} {{CVE|CVE-2015-8050}} {{CVE|CVE-2015-8055}} {{CVE|CVE-2015-8056}} {{CVE|CVE-2015-8057}} {{CVE|CVE-2015-8058}} {{CVE|CVE-2015-8059}} {{CVE|CVE-2015-8060}} {{CVE|CVE-2015-8061}} {{CVE|CVE-2015-8062}} {{CVE|CVE-2015-8063}} {{CVE|CVE-2015-8064}} {{CVE|CVE-2015-8065}} {{CVE|CVE-2015-8066}} {{CVE|CVE-2015-8067}} {{CVE|CVE-2015-8068}} {{CVE|CVE-2015-8069}} {{CVE|CVE-2015-8070}} {{CVE|CVE-2015-8071}} {{CVE|CVE-2015-8401}} {{CVE|CVE-2015-8402}} {{CVE|CVE-2015-8403}} {{CVE|CVE-2015-8404}} {{CVE|CVE-2015-8405}} {{CVE|CVE-2015-8406}} {{CVE|CVE-2015-8407}} {{CVE|CVE-2015-8408}} {{CVE|CVE-2015-8409}} {{CVE|CVE-2015-8410}} {{CVE|CVE-2015-8411}} {{CVE|CVE-2015-8412}} {{CVE|CVE-2015-8413}} {{CVE|CVE-2015-8414}} {{CVE|CVE-2015-8415}} {{CVE|CVE-2015-8416}} {{CVE|CVE-2015-8417}} {{CVE|CVE-2015-8418}} {{CVE|CVE-2015-8419}} {{CVE|CVE-2015-8420}} {{CVE|CVE-2015-8421}} {{CVE|CVE-2015-8422}} {{CVE|CVE-2015-8423}} {{CVE|CVE-2015-8424}} {{CVE|CVE-2015-8425}} {{CVE|CVE-2015-8426}} {{CVE|CVE-2015-8427}} {{CVE|CVE-2015-8428}} {{CVE|CVE-2015-8429}} {{CVE|CVE-2015-8430}} {{CVE|CVE-2015-8431}} {{CVE|CVE-2015-8432}} {{CVE|CVE-2015-8433}} {{CVE|CVE-2015-8434}} {{CVE|CVE-2015-8435}} {{CVE|CVE-2015-8436}} {{CVE|CVE-2015-8437}} {{CVE|CVE-2015-8438}} {{CVE|CVE-2015-8439}} {{CVE|CVE-2015-8440}} {{CVE|CVE-2015-8441}} {{CVE|CVE-2015-8442}} {{CVE|CVE-2015-8443}} {{CVE|CVE-2015-8444}} {{CVE|CVE-2015-8445}} {{CVE|CVE-2015-8446}} {{CVE|CVE-2015-8447}} {{CVE|CVE-2015-8448}} {{CVE|CVE-2015-8449}} {{CVE|CVE-2015-8450}} {{CVE|CVE-2015-8451}} {{CVE|CVE-2015-8452}} {{CVE|CVE-2015-8453}} {{CVE|CVE-2015-8454}} {{CVE|CVE-2015-8455}} [https://helpx.adobe.com/security/products/flash-player/apsb15-32.html] || {{pkg|flashplugin}} || 2015-12-08 || <= 11.2.202.548-1 || 11.2.202.554-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000465.html ASA-201512-7]<br />
|-<br />
| {{CVE|CVE-2015-6788}} {{CVE|CVE-2015-6789}} {{CVE|CVE-2015-6790}} {{CVE|CVE-2015-6791}} [http://googlechromereleases.blogspot.fr/2015/12/stable-channel-update_8.html] || {{pkg|chromium}} || 2015-12-08 || <= 47.0.2526.73-1 || 47.0.2526.80-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000463.html ASA-201512-5]<br />
|-<br />
| {{CVE|CVE-2015-3193}} {{CVE|CVE-2015-3194}} {{CVE|CVE-2015-3195}} {{CVE|CVE-2015-3196}} {{CVE|CVE-2015-1794}} [https://www.openssl.org/news/secadv/20151203.txt] || {{pkg|openssl}} {{pkg|lib32-openssl}} || 2015-12-03 || <= 1.0.2.d-1 || 1.0.2.e-1 || <3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000459.html ASA-201512-2]<br />
|-<br />
| {{CVE|CVE-2015-6764}} {{CVE|CVE-2015-6765}} {{CVE|CVE-2015-6766}} {{CVE|CVE-2015-6767}} {{CVE|CVE-2015-6768}} {{CVE|CVE-2015-6769}} {{CVE|CVE-2015-6770}} {{CVE|CVE-2015-6771}} {{CVE|CVE-2015-6772}} {{CVE|CVE-2015-6773}} {{CVE|CVE-2015-6774}} {{CVE|CVE-2015-6775}} {{CVE|CVE-2015-6776}} {{CVE|CVE-2015-6777}} {{CVE|CVE-2015-6778}} {{CVE|CVE-2015-6779}} {{CVE|CVE-2015-6780}} {{CVE|CVE-2015-6781}} {{CVE|CVE-2015-6782}} {{CVE|CVE-2015-6783}} {{CVE|CVE-2015-6784}} {{CVE|CVE-2015-6785}} {{CVE|CVE-2015-6786}} {{CVE|CVE-2015-6787}} [http://googlechromereleases.blogspot.fr/2015/12/stable-channel-update.html] || {{pkg|chromium}} || 2015-12-01 || <= 46.0.2490.86-1 || 47.0.2526.73-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000440.html ASA-201512-1]<br />
|-<br />
| {{CVE|CVE-2015-6764}} {{CVE|CVE-2015-8027}} [https://nodejs.org/en/blog/vulnerability/cve-2015-8027_cve-2015-6764/] || {{pkg|nodejs}} || 2015-11-25 || <= 5.1.0-1 || 5.1.1-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000462.html ASA-201512-4]<br />
|-<br />
| {{CVE|CVE-2015-8213}} [https://www.djangoproject.com/weblog/2015/nov/24/security-releases-issued/ templink] || {{pkg|python-django}} {{pkg|python2-django}} || 2015-11-24 || <= 1.8.6-1 || 1.8.7-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000460.html ASA-201512-3]<br />
|-<br />
| {{CVE|CVE-2015-1819}} {{CVE|CVE-2015-5312}} {{CVE|CVE-2015-7941}} {{CVE|CVE-2015-7942}} {{CVE|CVE-2015-7497}} {{CVE|CVE-2015-7498}} {{CVE|CVE-2015-7499}} {{CVE|CVE-2015-7500}} {{CVE|CVE-2015-8035}} {{CVE|CVE-2015-8242}} [https://mail.gnome.org/archives/xml/2015-November/msg00012.html templink] || {{pkg|libxml2}} || 2015-11-20 || <= 2.9.2-2 || 2.9.3-1 || 19d || Fixed ({{bug|47095}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000464.html ASA-201512-6]<br />
|-<br />
| {{CVE|CVE-2015-7981}} {{CVE|CVE-2015-8126}} [http://seclists.org/oss-sec/2015/q4/264 templink] [http://seclists.org/oss-sec/2015/q4/161 templink] || {{pkg|libpng}} {{pkg|lib32-libpng}} || 2015-11-12 || <= 1.6.18-1 || 1.6.19-1 || 5d || Fixed ({{bug|47069}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000437.html ASA-201511-9] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000438.html ASA-201511-10]<br />
|-<br />
| {{CVE|CVE-2015-5309}} [http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-ech-overflow.html templink] || {{pkg|putty}} || 2015-11-12 || <= 0.65-1 || 0.66-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000435.html ASA-201511-7]<br />
|-<br />
| {{CVE|CVE-2015-7651}} {{CVE|CVE-2015-7652}} {{CVE|CVE-2015-7653}} {{CVE|CVE-2015-7654}} {{CVE|CVE-2015-7655}} {{CVE|CVE-2015-7656}} {{CVE|CVE-2015-7657}} {{CVE|CVE-2015-7658}} {{CVE|CVE-2015-7659}} {{CVE|CVE-2015-7660}} {{CVE|CVE-2015-7661}} {{CVE|CVE-2015-7662}} {{CVE|CVE-2015-7663}} {{CVE|CVE-2015-8042}} {{CVE|CVE-2015-8043}} {{CVE|CVE-2015-8044}} {{CVE|CVE-2015-8046}} [https://helpx.adobe.com/security/products/flash-player/apsb15-28.html templink] || {{pkg|flashplugin}} || 2015-11-10 || <= 11.2.202.540-1 || 11.2.202.548-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000433.html ASA-201511-5]<br />
|-<br />
| {{CVE|CVE-2015-1302}} [http://googlechromereleases.blogspot.fr/2015/11/stable-channel-update.html templink] || {{pkg|chromium}} || 2015-11-10 || <= 46.0.2490.80-2 || 46.0.2490.86-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000436.html ASA-201511-8]<br />
|-<br />
| {{CVE|CVE-2015-5311}} [https://doc.powerdns.com/md/security/powerdns-advisory-2015-03/ templink] || {{pkg|powerdns}} || 2015-11-09 || <= 3.4.6-2 || 3.4.7-1 || 3d || Fixed ({{bug|47014}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000434.html ASA-201511-6]<br />
|-<br />
| {{CVE|CVE-2015-4513}} {{CVE|CVE-2015-4514}} {{CVE|CVE-2015-4515}} {{CVE|CVE-2015-4518}} {{CVE|CVE-2015-7181}} {{CVE|CVE-2015-7182}} {{CVE|CVE-2015-7183}} {{CVE|CVE-2015-7187}} {{CVE|CVE-2015-7188}} {{CVE|CVE-2015-7189}} {{CVE|CVE-2015-7193}} {{CVE|CVE-2015-7194}} {{CVE|CVE-2015-7195}} {{CVE|CVE-2015-7196}} {{CVE|CVE-2015-7197}} {{CVE|CVE-2015-7198}} {{CVE|CVE-2015-7199}} {{CVE|CVE-2015-7200}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2015-11-03 || <= 41.0.2-2 || 42.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000430.html ASA-201511-2]<br />
|-<br />
| {{CVE|CVE-2015-7183}} [http://www.mail-archive.com/dev-tech-crypto@lists.mozilla.org/msg12386.html templink] || {{pkg|nspr}} || 2015-11-03 || <= 4.10.9-1 || 4.10.10-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000432.html ASA-201511-4]<br />
|-<br />
| {{CVE|CVE-2015-7181}} {{CVE|CVE-2015-7182}} [http://www.mail-archive.com/dev-tech-crypto@lists.mozilla.org/msg12386.html templink] || {{pkg|nss}} || 2015-11-03 || <= 3.20-1 || 3.20.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000431.html ASA-201511-3]<br />
|-<br />
| {{CVE|CVE-2015-7696}} {{CVE|CVE-2015-7697}} [http://seclists.org/oss-sec/2015/q3/512 templink] || {{pkg|unzip}} || 2015-10-30 || <= 6.0-10 || 6.0-11 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000429.html ASA-201511-1]<br />
|-<br />
| {{CVE|CVE-2015-8011}} {{CVE|CVE-2015-8012}} [http://seclists.org/oss-sec/2015/q4/198 templink] || {{pkg|lldpd}} || 2015-10-17 || <= 0.7.18-1 || 0.7.19-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000427.html ASA-201510-25]<br />
|-<br />
| {{CVE|CVE-2015-5714}} {{CVE|CVE-2015-5715}} {{CVE|CVE-2015-7989}} [https://codex.wordpress.org/Version_4.3.1 templink] || {{pkg|wordpress}} || 2015-10-18 || <= 4.3.0-1 || 4.3.1-1 || 11d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000426.html ASA-201510-24]<br />
|-<br />
| {{CVE|CVE-2015-7873}} [https://www.phpmyadmin.net/security/PMASA-2015-5/ templink] || {{pkg|phpmyadmin}} || 2015-10-23 || <= 4.5.0-1 || 4.5.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000425.html ASA-201510-23]<br />
|-<br />
| {{CVE|CVE-2015-7995}} [https://bugzilla.redhat.com/show_bug.cgi?id=1257962 templink] || {{pkg|libxslt}} || 2015-10-27 || <= 1.1.28-3 || 1.1.28-4 || 73d || Fixed ({{bug|47681}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000487.html ASA-201601-8]<br />
|-<br />
| {{CVE|CVE-2015-7943}} [https://www.drupal.org/SA-CORE-2015-004 templink] || {{pkg|drupal}} || 2015-10-21 || <= 7.40-1 || 7.41-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000423.html ASA-201510-21]<br />
|-<br />
| {{CVE|CVE-2015-4913}} {{CVE|CVE-2015-4870}} {{CVE|CVE-2015-4861}} {{CVE|CVE-2015-4858}} {{CVE|CVE-2015-4836}} {{CVE|CVE-2015-4830}} {{CVE|CVE-2015-4826}} {{CVE|CVE-2015-4815}} {{CVE|CVE-2015-4802}} {{CVE|CVE-2015-4792}} || {{pkg|mariadb}} || 2015-10-22 || <= 10.0.21-3 || 10.0.22-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000428.html ASA-201510-26] <br />
|-<br />
| {{CVE|CVE-2015-4734}} {{CVE|CVE-2015-4803}} {{CVE|CVE-2015-4805}} {{CVE|CVE-2015-4806}} {{CVE|CVE-2015-4810}} {{CVE|CVE-2015-4835}} {{CVE|CVE-2015-4840}} {{CVE|CVE-2015-4842}} {{CVE|CVE-2015-4843}} {{CVE|CVE-2015-4844}} {{CVE|CVE-2015-4860}} {{CVE|CVE-2015-4868}} {{CVE|CVE-2015-4872}} {{CVE|CVE-2015-4881}} {{CVE|CVE-2015-4882}} {{CVE|CVE-2015-4883}} {{CVE|CVE-2015-4893}} {{CVE|CVE-2015-4901}} {{CVE|CVE-2015-4902}} {{CVE|CVE-2015-4903}} {{CVE|CVE-2015-4906}} {{CVE|CVE-2015-4908}} {{CVE|CVE-2015-4911}} {{CVE|CVE-2015-4916}} || {{pkg|jdk8-openjdk}} {{pkg|jre8-openjdk}} {{pkg|jre8-openjdk-headless}} || 2015-09-22 || <= 8.u60-1 || 8.u65-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000420.html ASA-201510-18] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000421.html ASA-201510-19] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000422.html ASA-201510-20]<br />
|-<br />
| {{CVE|CVE-2015-4734}} {{CVE|CVE-2015-4803}} {{CVE|CVE-2015-4805}} {{CVE|CVE-2015-4806}} {{CVE|CVE-2015-4810}} {{CVE|CVE-2015-4835}} {{CVE|CVE-2015-4840}} {{CVE|CVE-2015-4842}} {{CVE|CVE-2015-4843}} {{CVE|CVE-2015-4844}} {{CVE|CVE-2015-4860}} {{CVE|CVE-2015-4871}} {{CVE|CVE-2015-4872}} {{CVE|CVE-2015-4881}} {{CVE|CVE-2015-4882}} {{CVE|CVE-2015-4883}} {{CVE|CVE-2015-4893}} {{CVE|CVE-2015-4902}} {{CVE|CVE-2015-4903}} {{CVE|CVE-2015-4911}} || {{pkg|jdk7-openjdk}} {{pkg|jre7-openjdk}} {{pkg|jre7-openjdk-headless}} || 2015-09-22 || <= 7.u85_2.6.1-2 || 7.u91_2.6.2-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000417.html ASA-201510-15] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000418.html ASA-201510-16] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000419.html ASA-201510-17]<br />
|-<br />
| {{CVE|CVE-2015-7691}} {{CVE|CVE-2015-7692}} {{CVE|CVE-2015-7701}} {{CVE|CVE-2015-7702}} {{CVE|CVE-2015-7703}} {{CVE|CVE-2015-7704}} {{CVE|CVE-2015-7705}} {{CVE|CVE-2015-7848}} {{CVE|CVE-2015-7849}} {{CVE|CVE-2015-7850}} {{CVE|CVE-2015-7851}} {{CVE|CVE-2015-7852}} {{CVE|CVE-2015-7853}} {{CVE|CVE-2015-7854}} {{CVE|CVE-2015-7855}} {{CVE|CVE-2015-7871}} [http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities templink] [http://blog.talosintel.com/2015/10/ntpd-vulnerabilities.html templink] || {{pkg|ntp}} || 2015-10-21 || <= 4.2.8.p3-1 || 4.2.8.p4-1 || 1d || Fixed ({{bug|46826}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000416.html ASA-201510-14]<br />
|-<br />
| {{CVE|CVE-2015-6031}} [http://talosintel.com/reports/TALOS-2015-0035/ templink] || {{pkg|miniupnpc}} || 2015-09-15 || <= 1.9.20150730-1 || 1.9.20151008-1 || 30d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000413.html ASA-201510-11]<br />
|-<br />
| {{CVE|CVE-2015-7645}} {{CVE|CVE-2015-7647}} {{CVE|CVE-2015-7648}} [https://helpx.adobe.com/security/products/flash-player/apsa15-05.html templink] [https://helpx.adobe.com/security/products/flash-player/apsb15-27.html templink] || {{pkg|flashplugin}} || 2015-10-14 || <= 11.2.202.535-1 || 11.2.202.540-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000414.html ASA-201510-12]<br />
|-<br />
| {{CVE|CVE-2015-7184}} [https://www.mozilla.org/en-US/security/advisories/mfsa2015-115/ templink] || {{pkg|firefox}} || 2015-10-15 || <= 41.0.1-1 || 41.0.2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000412.html ASA-201510-10]<br />
|-<br />
| {{CVE|CVE-2015-5260}} {{CVE|CVE-2015-5261}} {{CVE|CVE-2015-3247}} [http://lists.freedesktop.org/archives/spice-devel/2015-October/022168.html templink] [https://bugzilla.redhat.com/show_bug.cgi?id=1260822 templink] [https://bugzilla.redhat.com/show_bug.cgi?id=1261889 templink] [https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797976;msg=21 templink] || {{pkg|spice}} || 2015-09-08 || <= 0.12.5-1 || 0.12.6-1 || 41d || Fixed ({{bug|46738}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000415.html ASA-201510-13]<br />
|-<br />
| {{CVE|CVE-2015-6755}} {{CVE|CVE-2015-6756}} {{CVE|CVE-2015-6757}} {{CVE|CVE-2015-6758}} {{CVE|CVE-2015-6759}} {{CVE|CVE-2015-6760}} {{CVE|CVE-2015-6761}} {{CVE|CVE-2015-6762}} {{CVE|CVE-2015-6763}} [http://googlechromereleases.blogspot.fr/2015/10/stable-channel-update.html templink] || {{pkg|chromium}} || 2015-10-13 || <= 45.0.2454.101-2 || 46.0.2490.71-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000410.html ASA-201510-8]<br />
|-<br />
| {{CVE|CVE-2015-5569}} {{CVE|CVE-2015-7625}} {{CVE|CVE-2015-7626}} {{CVE|CVE-2015-7627}} {{CVE|CVE-2015-7628}} {{CVE|CVE-2015-7629}} {{CVE|CVE-2015-7630}} {{CVE|CVE-2015-7631}} {{CVE|CVE-2015-7632}} {{CVE|CVE-2015-7633}} {{CVE|CVE-2015-7634}} {{CVE|CVE-2015-7643}} {{CVE|CVE-2015-7644}} [https://helpx.adobe.com/security/products/flash-player/apsb15-25.html templink] || {{pkg|flashplugin}} || 2015-10-13 || <= 11.2.202.521-1 || 11.2.202.535-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000409.html ASA-201510-7]<br />
|-<br />
| {{CVE|CVE-2015-5291}} [https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2015-01 templink] || {{pkg|mbedtls}} || 2015-10-05 || <= 2.1.1-1 || 2.1.2-1 || 10d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000411.html ASA-201510-9]<br />
|-<br />
| {{CVE|CVE-2015-7384}} [https://nodejs.org/en/blog/release/v4.1.2/ templink] || {{pkg|nodejs}} || 2015-10-05 || <= 4.1.1-1 || 4.1.2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000405.html ASA-201510-3]<br />
|-<br />
| {{CVE|CVE-2015-7687}} [http://seclists.org/oss-sec/2015/q4/17 templink] [https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3f8e2fe24f3ff174d8515b82607e951e054f68f6 templink] || {{pkg|opensmtpd}} || 2015-10-02 || <= 5.7.1p1-1 || 5.7.3p1-1 || 6d || Fixed ({{bug|46605}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000407.html ASA-201510-5]<br />
|-<br />
| {{CVE|CVE-2015-7673}} {{CVE|CVE-2015-7674}} [http://seclists.org/oss-sec/2015/q4/18 templink] [http://seclists.org/oss-sec/2015/q4/19 templink] || {{pkg|gdk-pixbuf2}} || 2015-10-01 || <= 2.31.7-1 || 2.32.1-1 || 9d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000408.html ASA-201510-6]<br />
|-<br />
| {{CVE|CVE-2015-1335}} [https://github.com/lxc/lxc/commit/6de26af93d3dd87c8b21a42fdf20f30fa1c1948d templink] || {{pkg|lxc}} || 2015-09-29 || <= 1:1.1.3-2 || - || - || Not Affected ({{bug|46574}}) || None<br />
|-<br />
| {{CVE|CVE-2015-6972}} {{CVE|CVE-2015-6973}} [http://hyp3rlinx.altervista.org/advisories/AS-OPENFIRE-XSS.txt templink] [http://hyp3rlinx.altervista.org/advisories/AS-OPENFIRE-CSRF.txt templink] [https://igniterealtime.org/issues/browse/OF-942] || {{pkg|openfire}} || 2015-09-14 || <= 4.0.3-1 || || || '''Vulnerable''' ||<br />
|-<br />
| {{CVE|CVE-2015-4499}} [https://www.bugzilla.org/security/4.2.14/ templink] || {{pkg|bugzilla}} || 2015-09-10 || <= 5.0-1 || 5.0.1-1 || 28d || Fixed ({{bug|46573}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000406.html ASA-201510-4]<br />
|-<br />
| {{CVE|CVE-2015-4141}} {{CVE|CVE-2015-4142}} {{CVE|CVE-2015-4143}} {{CVE|CVE-2015-4144}} {{CVE|CVE-2015-4145}} {{CVE|CVE-2015-4146}} [http://w1.fi/security/2015-2/ templink] [http://w1.fi/security/2015-3/ templink] [http://w1.fi/security/2015-4/ templink] [http://w1.fi/security/2015-5/ templink] || {{pkg|hostapd}} || 2015-05-04 || <= 2.4-2 || 2.5-1 || ~150d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000404.html ASA-201510-2]<br />
|-<br />
| {{CVE|CVE-2015-3239}} [https://bugzilla.redhat.com/show_bug.cgi?id=1232265 templink] || {{pkg|libunwind}} || 2015-06-16 || <= 1.1-2 || 1.1-3 || ~110d || Fixed ({{bug|46474}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000403.html ASA-201510-1]<br />
|-<br />
| {{CVE|CVE-2015-1303}} {{CVE|CVE-2015-1304}} [http://googlechromereleases.blogspot.fr/2015/09/stable-channel-update_24.html templink] || {{pkg|chromium}} || 2015-09-24 || <= 45.0.2454.99-1 || 45.0.2454.101-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000401.html ASA-201509-11]<br />
|-<br />
| {{CVE|CVE-2015-4500}} {{CVE|CVE-2015-4501}} {{CVE|CVE-2015-4502}} {{CVE|CVE-2015-4504}} {{CVE|CVE-2015-4506}} {{CVE|CVE-2015-4507}} {{CVE|CVE-2015-4508}} {{CVE|CVE-2015-4509}} {{CVE|CVE-2015-4510}} {{CVE|CVE-2015-4511}} {{CVE|CVE-2015-4512}} {{CVE|CVE-2015-4516}} {{CVE|CVE-2015-4517}} {{CVE|CVE-2015-4519}} {{CVE|CVE-2015-4520}} {{CVE|CVE-2015-4521}} {{CVE|CVE-2015-4522}} {{CVE|CVE-2015-7174}} {{CVE|CVE-2015-7175}} {{CVE|CVE-2015-7176}} {{CVE|CVE-2015-7177}} {{CVE|CVE-2015-7180}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox41 templink] || {{pkg|firefox}} || 2015-09-22 || <= 40.0.3-1 || 41.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000399.html ASA-201509-9]<br />
|-<br />
| {{CVE|CVE-2015-5567}} {{CVE|CVE-2015-5568}} {{CVE|CVE-2015-5570}} {{CVE|CVE-2015-5571}} {{CVE|CVE-2015-5572}} {{CVE|CVE-2015-5573}} {{CVE|CVE-2015-5574}} {{CVE|CVE-2015-5575}} {{CVE|CVE-2015-5576}} {{CVE|CVE-2015-5577}} {{CVE|CVE-2015-5578}} {{CVE|CVE-2015-5579}} {{CVE|CVE-2015-5580}} {{CVE|CVE-2015-5581}} {{CVE|CVE-2015-5582}} {{CVE|CVE-2015-5584}} {{CVE|CVE-2015-5587}} {{CVE|CVE-2015-5588}} {{CVE|CVE-2015-6676}} {{CVE|CVE-2015-6677}} {{CVE|CVE-2015-6678}} {{CVE|CVE-2015-6679}} {{CVE|CVE-2015-6682}} [https://helpx.adobe.com/security/products/flash-player/apsb15-23.html templink] || {{pkg|flashplugin}} || 2015-09-21 || <= 11.2.202.508-1 || 11.2.202.521-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000398.html ASA-201510-8]<br />
|-<br />
| {{CVE|CVE-2015-7236}} [http://seclists.org/oss-sec/2015/q3/561 templink] || {{pkg|rpcbind}} || 2015-09-17 || <= 0.2.3-1 || 0.2.3-2 || 7d || Fixed ({{bug|46341}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000400.html ASA-201509-10]<br />
|-<br />
| {{CVE|CVE-2015-5714}} {{CVE|CVE-2015-5715}} [https://wordpress.org/news/2015/09/wordpress-4-3-1/ templink] || {{pkg|wordpress}} || 2015-09-15 || <= 4.3-1 || 4.3.1-1 || 5d || Fixed ({{bug|46340}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000397.html ASA-201510-7]<br />
|-<br />
| {{CVE|CVE-2015-6908}} [http://www.openwall.com/lists/oss-security/2015/09/11/5 templink] || {{pkg|openldap}} || 2015-09-09 || <= 2.4.42-1 || 2.4.42-2 || 3d || Fixed ({{bug|46265}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000393.html ASA-201509-4]<br />
|-<br />
| {{CVE|CVE-2015-5722}} {{CVE|CVE-2015-5986}} [https://www.isc.org/blogs/cve-2015-5986-an-incorrect-boundary-check-can-trigger-a-require-assertion-failure-in-openpgpkey_61-c/ templink] [https://www.isc.org/blogs/cve-2015-5722-parsing-malformed-keys-may-cause-bind-to-exit-due-to-a-failed-assertion-in-buffer-c/ templink] || {{pkg|bind}} || 2015-09-02 || <= 9.10.2.P3-1 || 9.10.2.P4-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000391.html ASA-201509-2]<br />
|-<br />
| {{CVE|CVE-2015-5198}} {{CVE|CVE-2015-5199}} {{CVE|CVE-2015-5200}} [http://lists.x.org/archives/xorg-announce/2015-August/002630.html templink] || {{pkg|libvdpau}} {{pkg|lib32-libvdpau}} || 2015-08-31 || <= 1.1-1 || 1.1.1-1 || 13d || Fixed ({{bug|46266}}) ({{bug|46267}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000394.html ASA-201509-5]<br />
|-<br />
| {{CVE|CVE-2015-1291}} {{CVE|CVE-2015-1292}} {{CVE|CVE-2015-1293}} {{CVE|CVE-2015-1294}} {{CVE|CVE-2015-1295}} {{CVE|CVE-2015-1296}} {{CVE|CVE-2015-1297}} {{CVE|CVE-2015-1298}} {{CVE|CVE-2015-1299}} {{CVE|CVE-2015-1300}} {{CVE|CVE-2015-1301}} [http://googlechromereleases.blogspot.fr/2015/09/stable-channel-update.html templink] || {{pkg|chromium}} || 2015-09-01 || <= 44.0.2403.157-1 || 45.0.2454.85-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000390.html ASA-201509-1]<br />
|-<br />
| {{CVE|CVE-2015-5230}} [https://doc.powerdns.com/md/security/powerdns-advisory-2015-02/ templink] || {{pkg|powerdns}} || 2015-09-02 || <= 3.4.5-1 || 3.4.6-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000392.html ASA-201509-3]<br />
|-<br />
| {{CVE|CVE-2015-5317}} {{CVE|CVE-2015-5318}} {{CVE|CVE-2015-5319}} {{CVE|CVE-2015-5320}} {{CVE|CVE-2015-5321}} {{CVE|CVE-2015-5322}} {{CVE|CVE-2015-5323}} {{CVE|CVE-2015-5324}} {{CVE|CVE-2015-5325}} {{CVE|CVE-2015-5326}} {{CVE|CVE-2015-8103}} [https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11 templink] [http://seclists.org/bugtraq/2015/Aug/161 templink] || {{pkg|jenkins}} || 2015-08-28 || <= 1.627-1 || 1.638-1 || 60d || Fixed ({{bug|46268}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000439.html ASA-201511-11]<br />
|-<br />
| {{CVE|CVE-2015-6749}} [http://seclists.org/oss-sec/2015/q3/457 templink] || {{pkg|vorbis-tools}} || 2015-08-30 || <= 1.4.0-5 || 1.4.0-6 || >60d || Fixed ({{bug|46269}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000424.html ASA-201510-22]<br />
|-<br />
| {{CVE|CVE-2015-4497}} {{CVE|CVE-2015-4498}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox40.0.3 templink] || {{pkg|firefox}} || 2015-08-27 || <= 40.0.2-1 || 40.0.3-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000389.html ASA-201508-12]<br />
|-<br />
| {{CVE|CVE-2015-5949}} [http://www.ocert.org/advisories/ocert-2015-009.html templink] || {{pkg|vlc}} || 2015-08-20 || <= 2.2.1-6 || 2.2.2-1 || 179d || Fixed ({{bug|46037}}) || None<br />
|-<br />
| {{CVE|CVE-2015-5963}} [https://www.djangoproject.com/weblog/2015/aug/18/security-releases/ templink] || {{pkg|python-django}} {{pkg|python2-django}} || 2015-08-18 || <= 1.8.3-1 || 1.8.4-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000386.html ASA-201508-9]<br />
|-<br />
| {{CVE|CVE-2015-5221}} [http://seclists.org/oss-sec/2015/q3/408 templink] || {{pkg|jasper}} || 2015-08-16 || <= 1.900.1-15 || || || '''Vulnerable''' || <br />
|-<br />
| {{CVE|CVE-2015-5203}} [http://seclists.org/oss-sec/2015/q3/366 templink] || {{pkg|jasper}} || 2015-08-16 || <= 1.900.1-15 || || || '''Vulnerable''' || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000387.html ASA-201508-10]<br />
|-<br />
| CVE Pending [http://seclists.org/oss-sec/2015/q3/295 templink] || {{pkg|pcre}} || 2015-08-05 || <= 8.37-2 || 8.37-3 || 12d || Fixed ({{bug|45945}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000388.html ASA-201508-11]<br />
|-<br />
| {{CVE|CVE-2015-4473}} {{CVE|CVE-2015-4474}} {{CVE|CVE-2015-4475}} {{CVE|CVE-2015-4477}} {{CVE|CVE-2015-4478}} {{CVE|CVE-2015-4479}} {{CVE|CVE-2015-4480}} {{CVE|CVE-2015-4482}} {{CVE|CVE-2015-4483}} {{CVE|CVE-2015-4484}} {{CVE|CVE-2015-4485}} {{CVE|CVE-2015-4486}} {{CVE|CVE-2015-4487}} {{CVE|CVE-2015-4488}} {{CVE|CVE-2015-4489}} {{CVE|CVE-2015-4490}} {{CVE|CVE-2015-4491}} {{CVE|CVE-2015-4492}} {{CVE|CVE-2015-4493}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox40 templink] || {{pkg|firefox}} || 2015-08-11 || <= 39.0.3-1 || 40.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000381.html ASA-201508-4]<br />
|-<br />
| {{CVE|CVE-2014-8121}} [https://access.redhat.com/security/cve/CVE-2014-8121 templink] || {{pkg|glibc}} || 2015-02-23 || <= 2.21-4 || 2.22-1 || ~180d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000384.html ASA-201508-7]<br />
|-<br />
| {{CVE|CVE-2015-4680}} [http://www.ocert.org/advisories/ocert-2015-008.html templink] || {{pkg|freeradius}} || 2015-06-22 || <= 3.0.8-2 || 3.0.9-1 || ~50d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000383.html ASA-201508-6]<br />
|-<br />
| {{CVE|CVE-2015-3184}} {{CVE|CVE-2015-3187}} [https://subversion.apache.org/security/CVE-2015-3184-advisory.txt templink] [https://subversion.apache.org/security/CVE-2015-3187-advisory.txt templink] || {{pkg|subversion}} || 2015-08-05 || <= 1.8.13-2 || 1.9.0-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000382.html ASA-201508-5]<br />
|-<br />
| {{CVE|CVE-2015-6251}} [http://www.gnutls.org/security.html#GNUTLS-SA-2015-3 templink] || {{pkg|gnutls}} || 2015-08-10 || <= 3.4.3-1 || 3.4.4.1-1 || 10d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000385.html ASA-201508-8]<br />
|-<br />
| {{CVE|CVE-2015-4495}} [https://www.mozilla.org/en-US/security/advisories/mfsa2015-78/ templink] || {{pkg|firefox}} || 2015-08-06 || <= 39.0-1 || 39.0.3-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000378.html ASA-201508-1]<br />
|-<br />
| {{CVE|CVE-2015-2213}} {{CVE|CVE-2015-5730}} {{CVE|CVE-2015-5731}} {{CVE|CVE-2015-5732}} {{CVE|CVE-2015-5733}} {{CVE|CVE-2015-5734}} [https://codex.wordpress.org/Version_4.2.4 templink] || {{pkg|wordpress}} || 2015-08-04 || <= 4.2.3-1 || 4.2.4.-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000379.html ASA-201508-2]<br />
|-<br />
| {{CVE|CVE-2015-3245}} {{CVE|CVE-2015-3246}} [http://seclists.org/oss-sec/2015/q3/185 templink] || {{pkg|libuser}} || 2015-07-22 || <= 0.61-1 || 0.62-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000373.html ASA-201507-19]<br />
|-<br />
| {{CVE|CVE-2015-5600}} [https://kingcope.wordpress.com/2015/07/16/openssh-keyboard-interactive-authentication-brute-force-vulnerability-maxauthtries-bypass/ templink] || {{pkg|openssh}} || 2015-07-22 || <= 6.9p1-1 || 6.9p1-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000372.html ASA-201507-17]<br />
|-<br />
| {{CVE|CVE-2015-1270}} {{CVE|CVE-2015-1271}} {{CVE|CVE-2015-1272}} {{CVE|CVE-2015-1273}} {{CVE|CVE-2015-1274}} {{CVE|CVE-2015-1276}} {{CVE|CVE-2015-1277}} {{CVE|CVE-2015-1278}} {{CVE|CVE-2015-1279}} {{CVE|CVE-2015-1280}} {{CVE|CVE-2015-1281}} {{CVE|CVE-2015-1282}} {{CVE|CVE-2015-1283}} {{CVE|CVE-2015-1284}} {{CVE|CVE-2015-1285}} {{CVE|CVE-2015-1286}} {{CVE|CVE-2015-1287}} {{CVE|CVE-2015-1288}} {{CVE|CVE-2015-1289}} [http://googlechromereleases.blogspot.fr/2015/07/stable-channel-update_21.html templink] || {{pkg|chromium}} || 2015-07-21 || <= 43.0.2357.134-1 || 44.0.2403.89-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000371.html ASA-201507-18]<br />
|-<br />
| {{CVE|CVE-2015-2590}} {{CVE|CVE-2015-2601}} {{CVE|CVE-2015-2613}} {{CVE|CVE-2015-2621}} {{CVE|CVE-2015-2625}} {{CVE|CVE-2015-2628}} {{CVE|CVE-2015-2632}} {{CVE|CVE-2015-2808}} {{CVE|CVE-2015-4000}} {{CVE|CVE-2015-4731}} {{CVE|CVE-2015-4732}} {{CVE|CVE-2015-4733}} {{CVE|CVE-2015-4748}} {{CVE|CVE-2015-4749}} {{CVE|CVE-2015-4760}} [http://blog.fuseyism.com/index.php/2015/07/21/security-icedtea-2-6-1-for-openjdk-7-released/ templink] || {{pkg|jre7-openjdk}} || 2015-07-21 || <= 7.u80_2.6.0-1 || 7.u85_2.6.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000370.html ASA-201507-16]<br />
|-<br />
| {{CVE|CVE-2015-5122}} {{CVE|CVE-2015-5123}} [https://helpx.adobe.com/security/products/flash-player/apsb15-18.html templink] || {{pkg|lib32-flashplugin}} || 2015-07-09 || <= 11.2.202.481-1 || 11.2.202.491-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000368.html ASA-201507-14]<br />
|-<br />
| {{CVE|CVE-2015-5122}} {{CVE|CVE-2015-5123}} [https://helpx.adobe.com/security/products/flash-player/apsb15-18.html templink] || {{pkg|flashplugin}} || 2015-07-09 || <= 11.2.202.481-1 || 11.2.202.491-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000367.html ASA-201507-13]<br />
|-<br />
| {{CVE|CVE-2015-0228}} {{CVE|CVE-2015-0253}} {{CVE|CVE-2015-3183}} {{CVE|CVE-2015-3185}} [http://www.apache.org/dist/httpd/CHANGES_2.4.16 templink] || {{pkg|apache}} || 2015-07-15 || <= 2.4.12-4 || 2.4.16-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000369.html ASA-201507-15]<br />
|-<br />
| {{CVE|CVE-2015-2724}} {{CVE|CVE-2015-2725}} {{CVE|CVE-2015-2726}} {{CVE|CVE-2015-2731}} {{CVE|CVE-2015-2734}} {{CVE|CVE-2015-2735}} {{CVE|CVE-2015-2736}} {{CVE|CVE-2015-2737}} {{CVE|CVE-2015-2738}} {{CVE|CVE-2015-2739}} {{CVE|CVE-2015-2740}} {{CVE|CVE-2015-2741}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird38.1 templink] || {{pkg|thunderbird}} || 2015-07-09 || <= 38.0.1-1 || 38.1.0-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000363.html ASA-201507-9]<br />
|-<br />
| {{CVE|CVE-2015-1793}} [https://openssl.org/news/secadv_20150709.txt templink] || {{pkg|lib32-openssl}} || 2015-07-09 || <= 1.0.2.c-1 || 1.0.2.d-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000366.html ASA-201507-12]<br />
|-<br />
| {{CVE|CVE-2015-1793}} [https://openssl.org/news/secadv_20150709.txt templink] || {{pkg|openssl}} || 2015-07-09 || <= 1.0.2.c-1 || 1.0.2.d-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000362.html ASA-201507-8]<br />
|-<br />
| {{CVE|CVE-2014-0578}} {{CVE|CVE-2015-3114}} {{CVE|CVE-2015-3115}} {{CVE|CVE-2015-3116}} {{CVE|CVE-2015-3117}} {{CVE|CVE-2015-3118}} {{CVE|CVE-2015-3119}} {{CVE|CVE-2015-3120}} {{CVE|CVE-2015-3121}} {{CVE|CVE-2015-3122}} {{CVE|CVE-2015-3123}} {{CVE|CVE-2015-3124}} {{CVE|CVE-2015-3125}} {{CVE|CVE-2015-3126}} {{CVE|CVE-2015-3127}} {{CVE|CVE-2015-3128}} {{CVE|CVE-2015-3129}} {{CVE|CVE-2015-3130}} {{CVE|CVE-2015-3131}} {{CVE|CVE-2015-3132}} {{CVE|CVE-2015-3133}} {{CVE|CVE-2015-3134}} {{CVE|CVE-2015-3135}} {{CVE|CVE-2015-3136}} {{CVE|CVE-2015-3137}} {{CVE|CVE-2015-4428}} {{CVE|CVE-2015-4429}} {{CVE|CVE-2015-4430}} {{CVE|CVE-2015-4431}} {{CVE|CVE-2015-4432}} {{CVE|CVE-2015-4433}} {{CVE|CVE-2015-5116}} {{CVE|CVE-2015-5117}} {{CVE|CVE-2015-5118}} {{CVE|CVE-2015-5119}} [https://helpx.adobe.com/security/products/flash-player/apsb15-16.html templink] [https://www.kb.cert.org/vuls/id/561288 templink] || {{pkg|flashplugin}} || 2015-07-07 || <= 11.2.202.468-1 || 11.2.202.481-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000361.html ASA-201507-7]<br />
|-<br />
| {{CVE|CVE-2015-4620}} [https://kb.isc.org/article/AA-01267/ templink] || {{pkg|bind}} || 2015-07-07 || <= 9.10.2.P1-1 || 9.10.2.P2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000360.html ASA-201507-6]<br />
|-<br />
| {{CVE|CVE-2015-5382}} [http://www.openwall.com/lists/oss-security/2015/07/07/3 templink] || {{pkg|roundcubemail}} || 2015-07-06 || <= 1.1.1-1 || 1.1.2-1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-5355}} {{CVE|CVE-2015-2694}} [http://krbdev.mit.edu/rt/NoAuth/krb5-1.13/fixed-1.13.2.html templink] || {{pkg|lib32-krb5}} || 2015-05-08 || <= 1.13.1-1 || 1.13.2-1 || 63d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000365.html ASA-201507-11]<br />
|-<br />
| {{CVE|CVE-2014-5355}} {{CVE|CVE-2015-2694}} [http://krbdev.mit.edu/rt/NoAuth/krb5-1.13/fixed-1.13.2.html templink] || {{pkg|krb5}} || 2015-05-08 || <= 1.13.1-1 || 1.13.2-1 || 63d || Fixed ({{bug|45575}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000364.html ASA-201507-10]<br />
|-<br />
| {{CVE|CVE-2015-3281}} [http://marc.info/?l=haproxy&m=143593901506748&w=2 templink] || {{pkg|haproxy}} || 2015-07-03 || <= 1.5.12-1 || 1.5.14-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000357.html ASA-201507-3]<br />
|-<br />
| {{CVE|CVE-2015-2722}} {{CVE|CVE-2015-2724}} {{CVE|CVE-2015-2725}} {{CVE|CVE-2015-2726}} {{CVE|CVE-2015-2727}} {{CVE|CVE-2015-2728}} {{CVE|CVE-2015-2729}} {{CVE|CVE-2015-2731}} {{CVE|CVE-2015-2733}} {{CVE|CVE-2015-2734}} {{CVE|CVE-2015-2735}} {{CVE|CVE-2015-2736}} {{CVE|CVE-2015-2737}} {{CVE|CVE-2015-2739}} {{CVE|CVE-2015-2740}} {{CVE|CVE-2015-2741}} {{CVE|CVE-2015-2743}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2015-07-02 || <= 38.0.5 || 39.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000356.html ASA-201507-2]<br />
|- <br />
| {{CVE|CVE-2015-5352}} [http://www.openwall.com/lists/oss-security/2015/07/01/10 templink] || {{pkg|openssh}} || 2015-06-29 || <= 6.8p1-3 || 6.9p1-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000358.html ASA-201507-4]<br />
|-<br />
| {{CVE|CVE-2015-5146}} [http://support.ntp.org/bin/view/Main/SecurityNotice#June_2015_NTP_Security_Vulnerabi templink] || {{pkg|ntp}} || 2015-06-29 || <= 4.2.8p2-1 || 4.2.8p3-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000359.html ASA-201507-5]<br />
|-<br />
| {{CVE|CVE-2015-2141}} [https://lists.ubuntu.com/archives/ubuntu-devel-discuss/2015-June/015585.html templink] [https://github.com/weidai11/cryptopp/commit/9425e16437439e68c7d96abef922167d68fafaff commit] || {{pkg|crypto++}} || 2015-06-28 || <= 5.6.2-2 || 5.6.2-3 || 28d || Fixed ({{bug|45498}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000374.html ASA-201507-20]<br />
|-<br />
| {{CVE|CVE-2015-5073}} [https://bugs.exim.org/show_bug.cgi?id=1651 templink] [http://vcs.pcre.org/pcre?view=revision&revision=1571 commit] || {{pkg|pcre}} || 2015-06-26 || <= 8.37-2 || 8.37-3 || ~52d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-5069}} {{CVE|CVE-2015-5070}} [http://www.openwall.com/lists/oss-security/2015/06/25/12 templink] || {{pkg|wesnoth}} || 2015-06-24 || <= 1.12.2-3 || 1.12.4-1 || < 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000355.html ASA-201507-1]<br />
|-<br />
| {{CVE|CVE-2015-3113}} [https://helpx.adobe.com/security/products/flash-player/apsb15-14.html templink] || {{pkg|flashplugin}} || 2015-06-23 || <= 11.2.202.466-1 || 11.2.202.468-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-June/000346.html ASA-201506-5]<br />
|-<br />
| {{CVE|CVE-2015-3236}} {{CVE|CVE-2015-3237}} [http://curl.haxx.se/docs/adv_20150617A.html templink] [http://curl.haxx.se/docs/adv_20150617B.html templink] || {{pkg|lib32-curl}} || 2015-06-17 || <= 7.42.1-1 || 7.43.0-1 || 47d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-June/000345.html ASA-201506-4]<br />
|-<br />
| {{CVE|CVE-2015-3236}} {{CVE|CVE-2015-3237}} [http://curl.haxx.se/docs/adv_20150617A.html templink] [http://curl.haxx.se/docs/adv_20150617B.html templink] || {{pkg|curl}} || 2015-06-17 || <= 7.42.1-1 || 7.43.0-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-June/000345.html ASA-201506-4]<br />
|-<br />
| {{CVE|CVE-2009-1364}} {{CVE|CVE-2006-3376}} {{CVE|CVE-2007-0455}} {{CVE|CVE-2007-2756}} {{CVE|CVE-2007-3472}} {{CVE|CVE-2007-3473}} {{CVE|CVE-2007-3477}} {{CVE|CVE-2009-3546}} {{CVE|CVE-2015-0848}} {{CVE|CVE-2015-4588}} {{CVE|CVE-2015-4695}} {{CVE|CVE-2015-4696}} [http://www.openwall.com/lists/oss-security/2015/06/16/4 templink] || {{pkg|libwmf}} || 2015-06-01 || <= 0.2.8.4-13 || || || '''Vulnerable''' ({{bug|49162}}) ||<br />
|-<br />
| {{CVE|CVE-2015-2325}} {{CVE|CVE-2015-2326}} {{CVE|CVE-2015-3414}} {{CVE|CVE-2015-3415}} {{CVE|CVE-2015-3416}} [http://php.net/ChangeLog-5.php#5.6.10 templink] || {{pkg|php}} || 2015-06-11 || <= 5.6.9-2 || 5.6.10-1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-3885}} [http://www.ocert.org/advisories/ocert-2015-006.html templink] || {{pkg|libraw}} || 2015-05-11 || <= 0.16.0-3 || 0.16.1 || 5d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-3885}} [http://www.ocert.org/advisories/ocert-2015-006.html templink] || {{pkg|dcraw}} || 2015-05-11 || <= 9.25.0-1 || 9.26.0-1 || ~1m || Fixed || None <br />
|-<br />
| {{CVE|CVE-2015-3885}} [http://www.ocert.org/advisories/ocert-2015-006.html templink] || {{pkg|gimp-ufraw}} || 2015-05-11 || <= 0.21-1 || 0.22-1 || 45d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-3885}} [http://www.ocert.org/advisories/ocert-2015-006.html templink] || {{pkg|rawtherapee}} || 2015-05-11 || <= 1:4.2-1 || 1:4.2+448.g26d182d-1 || ~5m || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-3885}} [http://www.ocert.org/advisories/ocert-2015-006.html templink] || {{pkg|rawstudio}} || 2015-05-11 || <= 2.0-12 || 2.0_git20160107-1 || ~11m || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-1158}} {{CVE|CVE-2015-1159}} [http://www.cups.org/str.php?L4609 templink] || {{pkg|cups}} || 2015-06-08 || <= 2.0.2-4 || 2.0.3-1 || 1d || Fixed ({{bug|45279}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-June/000343.html ASA-201506-2]<br />
|-<br />
| {{CVE|CVE-2015-1788}} {{CVE|CVE-2015-1789}} {{CVE|CVE-2015-1790}} {{CVE|CVE-2015-1791}} {{CVE|CVE-2015-1792}} {{CVE|CVE-2015-4000}} [https://www.openssl.org/news/secadv_20150611.txt templink] [https://git.openssl.org/?p=openssl.git;a=commit;h=98ece4eebfb6cd45cc8d550c6ac0022965071afc templink] || {{pkg|openssl}} || 2015-06-11 || <= 1.0.2.a-1 || 1.0.2.b-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-June/000344.html ASA-201506-3]<br />
|-<br />
| {{CVE|CVE-2015-3210}} [https://bugs.exim.org/show_bug.cgi?id=1636 templink] || {{pkg|pcre}} || 2015-05-29 || <= 8.37-1 || 8.37-2 || 7d || Fixed ({{bug|45207}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-June/000342.html ASA-201506-1]<br />
|-<br />
| {{CVE|CVE-2015-3165}} {{CVE|CVE-2015-3166}} {{CVE|CVE-2015-3167}} [http://www.postgresql.org/about/news/1587/ templink] || {{pkg|postgresql}} || 2015-05-22 || <= 9.4.1-1 || 9.4.2-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000338.html ASA-201505-17]<br />
|-<br />
| {{CVE|CVE-2015-4054}} [http://www.openwall.com/lists/oss-security/2015/05/22/5 templink] || {{pkg|pgbouncer}} || 2015-04-09 || <= 1.5.4-6 || 1.5.5-1 || 26d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000337.html ASA-201505-16]<br />
|-<br />
| {{CVE|CVE-2015-1251}} {{CVE|CVE-2015-1252}} {{CVE|CVE-2015-1253}} {{CVE|CVE-2015-1254}} {{CVE|CVE-2015-1255}} {{CVE|CVE-2015-1256}} {{CVE|CVE-2015-1257}} {{CVE|CVE-2015-1258}} {{CVE|CVE-2015-1259}} {{CVE|CVE-2015-1260}} {{CVE|CVE-2015-1263}} {{CVE|CVE-2015-1264}} {{CVE|CVE-2015-1265}} [http://googlechromereleases.blogspot.fr/2015/05/stable-channel-update_19.html templink] || {{pkg|chromium}} || 2015-05-19 || <= 42.0.2311.135-1 || 43.0.2357.65-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000335.html ASA-201505-14]<br />
|-<br />
| {{CVE|CVE-2015-3808}} {{CVE|CVE-2015-3809}} {{CVE|CVE-2015-3810}} {{CVE|CVE-2015-3811}} {{CVE|CVE-2015-3812}} {{CVE|CVE-2015-3813}} {{CVE|CVE-2015-3814}} {{CVE|CVE-2015-3815}} [https://wireshark.org/docs/relnotes/wireshark-1.12.5.html templink] || {{pkg|wireshark-cli}} {{pkg|wireshark-qt}} {{pkg|wireshark-gtk}} || 2015-05-11 || <= 1.12.4-4 || 1.12.5-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000329.html ASA-201505-10] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000330.html ASA-201505-11] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000331.html ASA-201505-12]<br />
|-<br />
| {{CVE|CVE-2015-3456}} [https://securityblog.redhat.com/2015/05/13/venom-dont-get-bitten/ templink] || {{pkg|qemu}} || 2015-05-13 || <= 2.2.1-4 || 2.2.1-5 || 1d || Fixed ({{bug|44958}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000328.html ASA-201505-9]<br />
|-<br />
| {{CVE|CVE-2014-0230}} [https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.44 templink] || {{pkg|tomcat6}} || 2015-04-09 || <= 6.0.43-2 || 6.0.44-1 || 34d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000321.html ASA-201505-8]<br />
|-<br />
| {{CVE|CVE-2015-2708}} {{CVE|CVE-2015-2709}} {{CVE|CVE-2015-2710}} {{CVE|CVE-2015-2713}} {{CVE|CVE-2015-2716}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird31.7 templink] || {{pkg|thunderbird}} || 2015-05-12 || <= 31.6.0-2 || 31.7.0-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000332.html ASA-201505-13]<br />
|-<br />
| {{CVE|CVE-2015-2708}} {{CVE|CVE-2015-2709}} {{CVE|CVE-2015-2710}} {{CVE|CVE-2015-2711}} {{CVE|CVE-2015-2712}} {{CVE|CVE-2015-2713}} {{CVE|CVE-2015-2715}} {{CVE|CVE-2015-2716}} {{CVE|CVE-2015-2717}} {{CVE|CVE-2015-2718}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox38 templink] || {{pkg|firefox}} || 2015-05-12 || <= 37.0.2-1 || 38.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000320.html ASA-201505-7] <br />
|-<br />
| {{CVE|CVE-2015-3622}} [http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commitdiff;h=f979435 templink] || {{pkg|libtasn1}} || 2015-04-20 || <= 4.5-1 || 4.4-1 || 16d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000318.html ASA-201505-5]<br />
|-<br />
| {{CVE|CVE-2014-8964}} [https://mariadb.com/kb/en/mariadb/mariadb-10018-release-notes/ templink] || {{pkg|mariadb-clients}} || 2015-05-07 || <= 10.0.17-1 || 10.0.18-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000317.html ASA-201505-4]<br />
|-<br />
| {{CVE|CVE-2014-8964}} {{CVE|CVE-2015-0499}} {{CVE|CVE-2015-0501}} {{CVE|CVE-2015-0505}} {{CVE|CVE-2015-2571}} [https://mariadb.com/kb/en/mariadb/mariadb-10018-release-notes/ templink] || {{pkg|mariadb}} || 2015-05-07 || <= 10.0.17-1 || 10.0.18-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000316.html ASA-201505-3]<br />
|-<br />
| {{CVE|CVE-2015-3627}} {{CVE|CVE-2015-3629}} {{CVE|CVE-2015-3630}} {{CVE|CVE-2015-3631}} [http://seclists.org/oss-sec/2015/q2/389 templink] || {{pkg|docker}} || 2015-05-07 || <= 1:1.6.0-1 || 1:1.6.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000319.html ASA-201505-6]<br />
|-<br />
| {{CVE|CVE-2015-0847}} [http://sourceforge.net/p/nbd/mailman/message/34091218/ templink] || {{pkg|nbd}} || 2015-05-07 || <= 3.10-1 || 3.11-1 || 19d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000336.html ASA-201505-15]<br />
|-<br />
| {{CVE|CVE-2015-1858}} {{CVE|CVE-2015-1859}} {{CVE|CVE-2015-1860}} [http://lists.qt-project.org/pipermail/announce/2015-April/000067.html templink] || {{pkg|qt5-base}} || 2015-04-13 || <= 5.4.1-5 || 5.4.2-1 || 50d || Fixed || None <br />
|-<br />
| {{CVE|CVE-2015-1858}} {{CVE|CVE-2015-1859}} {{CVE|CVE-2015-1860}} [http://lists.qt-project.org/pipermail/announce/2015-April/000067.html templink] || {{pkg|qt4}} || 2015-04-13 || <= 4.8.6-6 || 4.8.7-1 || 50d || Fixed || None <br />
|-<br />
| {{CVE|CVE-2015-3414}} {{CVE|CVE-2015-3415}} {{CVE|CVE-2015-3416}} [http://seclists.org/fulldisclosure/2015/Apr/31 templink] || {{pkg|sqlite}} || 2015-04-24 || <= 3.8.8.3-1 || 3.8.9-1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-2170}} {{CVE|CVE-2015-2221}} {{CVE|CVE-2015-2222}} {{CVE|CVE-2015-2305}} {{CVE|CVE-2015-2668}} [http://blog.clamav.net/2015/04/clamav-0987-has-been-released.html templink] || {{pkg|clamav}} || 2015-04-29 || <= 0.98.6-1 || 0.98.7-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000315.html ASA-201505-2]<br />
|-<br />
| {{CVE|CVE-2015-3455}} [http://www.openwall.com/lists/oss-security/2015/04/30/2 templink] || {{pkg|squid}} || 2015-04-29 || <= 3.5.3-2 || 3.5.4-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000314.html ASA-201505-1]<br />
|-<br />
| {{CVE|CVE-2015-3451}} [http://www.openwall.com/lists/oss-security/2015/04/30/1 templink] || {{pkg|perl-xml-libxml}} || 2015-04-30 || <= 2.0118-3 || 2.0119-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000313.html ASA-201504-32]<br />
|-<br />
| {{CVE|CVE-2015-3152}} [http://www.openwall.com/lists/oss-security/2015/04/29/4 templink] || {{pkg|mariadb}} {{pkg|mariadb-clients}} || 2015-04-29 || <= 10.0.17-2 || 10.0.20-1 || 52d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-3153}} [http://curl.haxx.se/docs/adv_20150429.html templink] || {{pkg|curl}} || 2015-04-29 || <= 7.42.0-1 || 7.42.1-1 || 29d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000341.html ASA-201505-20]<br />
|-<br />
| {{CVE|CVE-2015-1243}} {{CVE|CVE-2015-1250}} [http://googlechromereleases.blogspot.fr/2015/04/stable-channel-update_28.html templink] || {{pkg|chromium}} || 2015-04-28 || <= 42.0.2311.90-1 || 42.0.2311.135-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000311.html ASA-201504-30]<br />
|-<br />
| {{CVE|CVE-2015-3420}} [http://seclists.org/oss-sec/2015/q2/288 templink] || {{pkg|dovecot}} || 2015-04-24 || <= 2.2.16-1 || 2.2.16-2 || 4d || Fixed ({{bug|44757}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000312.html ASA-201504-31]<br />
|-<br />
| {{CVE|CVE-2015-1868}} [https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/ templink] || {{pkg|powerdns-recursor}} || 2015-04-23 || <= 3.7.1-1 || 3.7.2-1 || 1d || Fixed ({{Bug|44708}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000308.html ASA-201504-27]<br />
|-<br />
| {{CVE|CVE-2015-1868}} [https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/ templink] || {{pkg|powerdns}} || 2015-04-23 || <= 3.4.3-2 || 3.4.4-1 || 1d || Fixed ({{Bug|44708}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000307.html ASA-201504-26]<br />
|-<br />
| {{CVE|CVE-2015-1863}} [http://w1.fi/security/2015-1/wpa_supplicant-p2p-ssid-overflow.txt templink] || {{pkg|wpa_supplicant}} || 2015-04-22 || <= 2.3-1 || 2.4-1 (1:2.3-1) || 2d || Fixed ({{Bug|44695}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000310.html ASA-201504-29]<br />
|-<br />
| {{CVE|CVE-2015-1781}} [https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=2959eda9272a033863c271aff62095abd01bd4e3;hp=7bf8fb104226407b75103b95525364c4667c869f templink] || {{pkg|glibc}} || 2015-04-21 || <= 2.21-2 || 2.21-3 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000305.html ASA-201504-25]<br />
|-<br />
| {{CVE|CVE-2015-3143}} {{CVE|CVE-2015-3144}} {{CVE|CVE-2015-3145}} {{CVE|CVE-2015-3148}} [http://curl.haxx.se/docs/vuln-7.41.0.html templink] || {{pkg|curl}} || 2015-04-22 || <= 7.41.0-1 || 7.42.0-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000309.html ASA-201504-28]<br />
|-<br />
| {{CVE|CVE-2015-2706}} [https://www.mozilla.org/en-US/security/advisories/mfsa2015-45/ templink] || {{pkg|firefox}} || 2015-04-20 || <= 37.0.1-3 || 37.0.2-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000304.html ASA-201504-24]<br />
|-<br />
| {{CVE|CVE-2015-3138}} [https://github.com/the-tcpdump-group/tcpdump/issues/446 templink] || {{pkg|tcpdump}} || 2015-03-24 || <= 4.7.3-1 || 4.7.3-2 || 26d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000299.html ASA-201504-20]<br />
|-<br />
| {{CVE|CVE-2015-0346}} {{CVE|CVE-2015-0347}} {{CVE|CVE-2015-0348}} {{CVE|CVE-2015-0349}} {{CVE|CVE-2015-0350}} {{CVE|CVE-2015-0351}} {{CVE|CVE-2015-0352}} {{CVE|CVE-2015-0353}} {{CVE|CVE-2015-0354}} {{CVE|CVE-2015-0355}} {{CVE|CVE-2015-0356}} {{CVE|CVE-2015-0357}} {{CVE|CVE-2015-0358}} {{CVE|CVE-2015-0359}} {{CVE|CVE-2015-0360}} {{CVE|CVE-2015-3038}} {{CVE|CVE-2015-3039}} {{CVE|CVE-2015-3040}} {{CVE|CVE-2015-3041}} {{CVE|CVE-2015-3042}} {{CVE|CVE-2015-3043}} {{CVE|CVE-2015-3044}} [https://helpx.adobe.com/security/products/flash-player/apsb15-06.html templink] || {{pkg|flashplugin}} || 2015-04-14 || <= 11.2.202.451-1 || 11.2.202.457-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000297.html ASA-201504-18]<br />
|-<br />
| {{CVE|CVE-2015-1351}} {{CVE|CVE-2015-1352}} {{CVE|CVE-2015-2783}} {{CVE|CVE-2015-3330}} {{CVE|CVE-2015-3329}} [https://php.net/ChangeLog-5.php#5.6.8 templink] || {{pkg|php}} || 2015-04-17 || <= 5.6.7.-2 || 5.6.8-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000291.html ASA-201504-14]<br />
|-<br />
| {{CVE|CVE-2015-0460}} {{CVE|CVE-2015-0469}} {{CVE|CVE-2015-0470}} {{CVE|CVE-2015-0477}} {{CVE|CVE-2015-0478}} {{CVE|CVE-2015-0480}} {{CVE|CVE-2015-0488}} || {{pkg|jdk8-openjdk}} {{pkg|jre8-openjdk}} {{pkg|jre8-openjdk-headless}} || 2015-04-14 || <= 8.u40-1 || 8.u45-1 || 6d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000300.html ASA-201504-21] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000301.html ASA-201504-22] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000302.html ASA-201504-23]<br />
|-<br />
| {{CVE|CVE-2015-0460}} {{CVE|CVE-2015-0469}} {{CVE|CVE-2015-0477}} {{CVE|CVE-2015-0478}} {{CVE|CVE-2015-0480}} {{CVE|CVE-2015-0488}} [http://blog.fuseyism.com/index.php/2015/04/15/security-icedtea-2-5-5-for-openjdk-7-released/ templink] || {{pkg|jdk7-openjdk}} {{pkg|jre7-openjdk}} {{pkg|jre7-openjdk-headless}} || 2015-04-14 || <= 7.u75_2.5.4-1 || 7.u79_2.5.5-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000294.html ASA-201504-15] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000295.html ASA-201504-16] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000296.html ASA-201504-17]<br />
|-<br />
| {{CVE|CVE-2015-3310}} [http://www.openwall.com/lists/oss-security/2015/04/16/7 templink] || {{pkg|ppp}} || 2015-04-13 || <= 2.4.7-1 || 2.4.7-2 || ~4m || Fixed ({{bug|44607}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000380.html ASA-201508-3]<br />
|-<br />
| {{CVE|CVE-2015-3308}} [http://www.openwall.com/lists/oss-security/2015/04/16/6 templink] || {{pkg|gnutls}} || 2015-03-30 || <= 3.3.13-1 || 3.3.14-1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-1235}} {{CVE|CVE-2015-1236}} {{CVE|CVE-2015-1237}} {{CVE|CVE-2015-1238}} {{CVE|CVE-2015-1240}} {{CVE|CVE-2015-1241}} {{CVE|CVE-2015-1242}} {{CVE|CVE-2015-1244}} {{CVE|CVE-2015-1245}} {{CVE|CVE-2015-1246}} {{CVE|CVE-2015-1247}} {{CVE|CVE-2015-1248}} {{CVE|CVE-2015-1249}} [http://googlechromereleases.blogspot.fr/2015/04/stable-channel-update_14.html templink] || {{pkg|chromium}} || 2015-04-14 || <= 41.0.2272.118-2 || 42.0.2311.90-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000298.html ASA-201504-19]<br />
|-<br />
| {{CVE|CVE-2015-1855}} [https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/ templink] || {{pkg|ruby}} || 2015-04-13 || <= 2.2.1-1 || 2.2.2-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000282.html ASA-201504-13]<br />
|-<br />
| {{CVE|CVE-2015-3026}} [http://seclists.org/oss-sec/2015/q2/80 templink] || {{pkg|icecast}} || 2015-04-08 || <= 2.4.1-1 || 2.4.2-1 || 3d || Fixed ({{bug|44503}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000281.html ASA-201504-12]<br />
|-<br />
| {{CVE|CVE-2015-1798}} [http://seclists.org/oss-sec/2015/q2/63 templink] || {{pkg|chrony}} || 2015-04-08 || <= 1.31-2 || 1.31.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000278.html ASA-201504-9]<br />
|-<br />
| {{CVE|CVE-2015-1798}} {{CVE|CVE-2015-1799}} [http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities templink] || {{pkg|ntp}} || 2015-04-07 || <= 4.2.8p1 || 4.2.8p2-1 || <1d || Fixed ({{bug|44492}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000275.html ASA-201504-8]<br />
|-<br />
| {{CVE|CVE-2015-2931}} {{CVE|CVE-2015-2932}} {{CVE|CVE-2015-2933}} {{CVE|CVE-2015-2934}} {{CVE|CVE-2015-2935}} {{CVE|CVE-2015-2936}} {{CVE|CVE-2015-2937}} {{CVE|CVE-2015-2938}} {{CVE|CVE-2015-2939}} {{CVE|CVE-2015-2940}} {{CVE|CVE-2015-2941}} {{CVE|CVE-2015-2942}} [http://seclists.org/oss-sec/2015/q2/61 templink] || {{pkg|mediawiki}} || 2015-04-07 || <= 1.24.1-1 || 1.24.2-1 || 0d || Fixed ({{bug|44489}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000280.html ASA-201504-11]<br />
|-<br />
| {{CVE|CVE-2015-2928}} {{CVE|CVE-2015-2929}} [http://seclists.org/oss-sec/2015/q2/56 templink] || {{pkg|tor}} || 2015-04-06 || <= 0.2.5.11-1 || 0.2.5.12-1 || <1d || Fixed ({{bug|44482}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000274.html ASA-201504-7]<br />
|-<br />
| {{CVE|CVE-2015-0799}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2015-04-03 || <= 37.0-1 || 37.0.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000271.html ASA-201504-4]<br />
|-<br />
| {{CVE|CVE-2015-1233}} {{CVE|CVE-2015-1234}} [http://googlechromereleases.blogspot.fr/2015/04/stable-channel-update.html templink] || {{pkg|chromium}} || 2015-04-01 || <= 41.0.2272.101-1 || 41.0.2272.118-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000269.html ASA-201504-2]<br />
|-<br />
| {{CVE|CVE-2015-0801}} {{CVE|CVE-2015-0807}} {{CVE|CVE-2015-0813}} {{CVE|CVE-2015-0814}} {{CVE|CVE-2015-0815}} {{CVE|CVE-2015-0816}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/ templink] || {{pkg|thunderbird}} || 2015-03-31 || <= 31.5.0-1 || 31.6.0-1|| 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000272.html ASA-201504-6]<br />
|-<br />
| {{CVE|CVE-2015-0801}} {{CVE|CVE-2015-0802}} {{CVE|CVE-2015-0803}} {{CVE|CVE-2015-0804}} {{CVE|CVE-2015-0805}} {{CVE|CVE-2015-0806}} {{CVE|CVE-2015-0807}} {{CVE|CVE-2015-0808}} {{CVE|CVE-2015-0811}} {{CVE|CVE-2015-0812}} {{CVE|CVE-2015-0813}} {{CVE|CVE-2015-0814}} {{CVE|CVE-2015-0815}} {{CVE|CVE-2015-0816}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2015-03-31 || <= 36.0.4-1 || 37.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000268.html ASA-201504-1]<br />
|-<br />
| {{CVE|CVE-2015-1817}} [http://www.openwall.com/lists/oss-security/2015/03/30/3 templink] || {{pkg|musl}} || 2015-03-29 || <= 1.1.7-1 || 1.1.8-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000267.html ASA-201503-26]<br />
|-<br />
| {{CVE|CVE-2015-2782}} {{CVE|CVE-2015-0556}} {{CVE|CVE-2015-0557}} [http://www.openwall.com/lists/oss-security/2015/03/29/1 templink] || {{pkg|arj}} || 2015-03-28 || <= 3.10.22-8 || 3.10.22-10 || 10d || Fixed ({{bug|44411}}) ({{bug|44488}}) || None<br />
|-<br />
| {{CVE|CVE-2015-0250}} [http://seclists.org/fulldisclosure/2015/Mar/142 templink] || {{pkg|java-batik}} || 2015-03-17 || <= 1.7-12 || 1.8-1 || 17d || Fixed ({{bug|44410}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000273.html ASA-201504-5]<br />
|-<br />
| {{CVE|CVE-2015-2806}} [http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=4d4f992826a4962790ecd0cce6fbba4a415ce149 templink] || {{pkg|libtasn1}} || 2015-03-29 || <= 4.3-1 || 4.4-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000270.html ASA-201504-3]<br />
|-<br />
| {{CVE|CVE-2015-0817}} {{CVE|CVE-2015-0818}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2015-03-20 || <= 36.0.1-1 || 36.0.3-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000262.html ASA-201503-21]<br />
|-<br />
| {{CVE|CVE-2015-2559}} [https://www.drupal.org/SA-CORE-2015-001 templink] || {{pkg|drupal}} || 2015-03-19 || <= 7.34-1 || 7.35-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000259.html ASA-201503-18]<br />
|-<br />
| {{CVE|CVE-2015-0252}} [https://xerces.apache.org/xerces-c/secadv/CVE-2015-0252.txt templink] || {{pkg|xerces-c}} || 2015-03-19 || <= 3.1.1-5 || 3.1.2-1 || 1d || Fixed ({{bug|44272}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000260.html ASA-201503-19]<br />
|-<br />
| {{CVE|CVE-2015-2330}} [http://www.openwall.com/lists/oss-security/2015/03/18/4 templink] || {{pkg|webkitgtk}} {{pkg|webkitgtk2}} || 2015-03-17 || <= 2.4.8-1 || 2.4.9-1 || 30d || Fixed ({{bug|44237}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000339.html ASA-201505-18] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000340.html ASA-201505-19]<br />
|-<br />
| {{CVE|CVE-2015-2305}} {{CVE|CVE-2015-2331}} {{CVE|CVE-2015-2348}} {{CVE|CVE-2015-2787}} [https://bugs.php.net/bug.php?id=69253 templink] || {{pkg|php}} || 2015-03-18 || <= 5.6.6-1 || 5.6.7-1 || 10d || Fixed ({{bug|44236}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000266.html ASA-201503-25]<br />
|-<br />
| {{CVE|CVE-2015-0204}} {{CVE|CVE-2015-0207}} {{CVE|CVE-2015-0208}} {{CVE|CVE-2015-0209}} {{CVE|CVE-2015-0285}} {{CVE|CVE-2015-0286}} {{CVE|CVE-2015-0287}} {{CVE|CVE-2015-0288}} {{CVE|CVE-2015-0289}} {{CVE|CVE-2015-0290}} {{CVE|CVE-2015-0291}} {{CVE|CVE-2015-0293}} {{CVE|CVE-2015-1787}} [https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=28a00bcd8e318da18031b2ac8778c64147cd54f9 commit-0288] [https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2b31fcc0b5e7329e13806822a5709dbd51c5c8a4 commit-0285] [https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ba5d0113e8bcb26857ae58a11b219aeb7bc2408a commit-0209] [https://security-tracker.debian.org/tracker/CVE-2015-0288 Debian-Bug-tracker] [https://www.openssl.org/news/secadv_20150319.txt advisory] || {{pkg|openssl}} {{pkg|lib32-openssl}} || 2015-03-17 || <= 1.0.2-1 || 1.0.2.a-1 || 2d || Fixed ({{bug|44227}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000257.html ASA-201503-16] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000258.html ASA-201503-17]<br />
|-<br />
| {{CVE|CVE-2015-1802}} {{CVE|CVE-2015-1803}} {{CVE|CVE-2015-1804}} [http://www.openwall.com/lists/oss-security/2015/03/17/5 templink] || {{pkg|libxfont}} || 2015-03-17 || <= 1.5.0-1 || 1.5.1-1 || <1d || Fixed ({{bug|44226}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000256.html ASA-201503-15]<br />
|-<br />
| {{CVE|CVE-2015-0332}} {{CVE|CVE-2015-0333}} {{CVE|CVE-2015-0334}} {{CVE|CVE-2015-0335}} {{CVE|CVE-2015-0336}} {{CVE|CVE-2015-0337}} {{CVE|CVE-2015-0338}} {{CVE|CVE-2015-0339}} {{CVE|CVE-2015-0340}} {{CVE|CVE-2015-0341}} {{CVE|CVE-2015-0342}} [https://helpx.adobe.com/security/products/flash-player/apsb15-05.html templink] || {{pkg|flashplugin}} || 2015-03-12 || <= 11.2.202.442-1 || 11.2.202.451-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000252.html ASA-201503-11]<br />
|-<br />
| {{CVE|CVE-2014-9687}} [http://www.openwall.com/lists/oss-security/2015/02/10/10 templink] || {{pkg|ecryptfs-utils}} || 2015-02-10 || <= 104-1 || 106-1 || 37d || Fixed ({{bug|44157}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000255.html ASA-201503-14]<br />
|-<br />
| {{CVE|CVE-2015-1782}} [http://www.libssh2.org/adv_20150311.html templink] || {{pkg|libssh2}} || 2015-03-11 || <= 1.4.3-1 || 1.5.0-1 || 29d || Fixed ({{bug|44146}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000279.html ASA-201504-10]<br />
|-<br />
| {{CVE|CVE-2015-2241}} [https://www.djangoproject.com/weblog/2015/mar/09/security-releases/ templink] || {{pkg|python-django}} {{pkg|python2-django}} || 2015-03-09 || <= 1.7.5-1 || 1.7.6-1 || 2d || Fixed ({{bug|44122}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000248.html ASA-201503-7]<br />
|-<br />
| {{CVE|CVE-2015-1212}} {{CVE|CVE-2015-1213}} {{CVE|CVE-2015-1214}} {{CVE|CVE-2015-1215}} {{CVE|CVE-2015-1216}} {{CVE|CVE-2015-1217}} {{CVE|CVE-2015-1218}} {{CVE|CVE-2015-1219}} {{CVE|CVE-2015-1220}} {{CVE|CVE-2015-1221}} {{CVE|CVE-2015-1222}} {{CVE|CVE-2015-1223}} {{CVE|CVE-2015-1224}} {{CVE|CVE-2015-1225}} {{CVE|CVE-2015-1226}} {{CVE|CVE-2015-1227}} {{CVE|CVE-2015-1228}} {{CVE|CVE-2015-1229}} {{CVE|CVE-2015-1230}} {{CVE|CVE-2015-1231}} [http://googlechromereleases.blogspot.fr/2015/03/stable-channel-update.html templink] || {{pkg|chromium}} || 2015-03-03 || <= 40.0.2214.115-1 || 41.0.2272.76-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000245.html ASA-201503-5]<br />
|-<br />
| {{CVE|CVE-2015-1572}} [https://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=49d0fe2a14f2a23da2fe299643379b8c1d37df73 templink] || {{pkg|e2fsprogs}} || 2015-02-06 || <= 1.42.12-1 || 1.42.12-2 || 6d || Fixed ({{bug|44015}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000249.html ASA-201503-8]<br />
|-<br />
| {{CVE|CVE-2015-2157}} [http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/private-key-not-wiped-2.html templink] || {{pkg|putty}} || 2015-03-02 || <= 0.63-1 || 0.64-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000241.html ASA-201503-1]<br />
|-<br />
| {{CVE|CVE-2015-0822}} {{CVE|CVE-2015-0827}} {{CVE|CVE-2015-0831}} {{CVE|CVE-2015-0835}} {{CVE|CVE-2015-0836}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/ templink] || {{pkg|thunderbird}} || 2015-02-24 || <= 31.4.0-1 || 31.5.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000238.html ASA-201502-15]<br />
|-<br />
| {{CVE|CVE-2015-0819}} {{CVE|CVE-2015-0821}} {{CVE|CVE-2015-0822}} {{CVE|CVE-2015-0823}} {{CVE|CVE-2015-0824}} {{CVE|CVE-2015-0825}} {{CVE|CVE-2015-0826}} {{CVE|CVE-2015-0827}} {{CVE|CVE-2015-0829}} {{CVE|CVE-2015-0830}} {{CVE|CVE-2015-0831}} {{CVE|CVE-2015-0832}} {{CVE|CVE-2015-0834}} {{CVE|CVE-2015-0835}} {{CVE|CVE-2015-0836}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2015-02-24 || <= 35.0.1-1 || 36.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000237.html ASA-201502-14]<br />
|-<br />
| {{CVE|CVE-2015-0240}} [https://www.samba.org/samba/history/samba-4.1.17.html templink] || {{pkg|samba}} || 2015-02-23 || <= 4.1.16-1 || 4.1.17-1 || <1d || Fixed ({{bug|43923}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000236.html ASA-201502-13]<br />
|-<br />
| {{CVE|CVE-2014-9636}} [http://www.openwall.com/lists/oss-security/2014/11/02/2 templink] || {{pkg|unzip}} || 2014-11-02 || <= 6.0-9 || 6.0-10 || 75d || Fixed ({{bug|44171}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000250.html ASA-201503-9]<br />
|-<br />
| {{CVE|CVE-2015-1315}} [http://www.openwall.com/lists/oss-security/2015/02/17/4 templink] || {{pkg|unzip}} || 2014-11-02 || <= 6.0-9 || 6.0-9 || - || Not Affected || None<br />
|-<br />
| {{CVE|CVE-2014-9680}} [http://www.sudo.ws/sudo/alerts/tz.html templink] || {{pkg|sudo}} || 2015-02-09 || <= 1.8.12-1 || 1.8.12-1 || 4d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-5352}} {{CVE|CVE-2014-5353}} {{CVE|CVE-2014-5354}} {{CVE|CVE-2014-9421}} {{CVE|CVE-2014-9422}} {{CVE|CVE-2014-9423}} [http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2015-001.txt templink] [http://www.openwall.com/lists/oss-security/2014/12/16/1 templink] || {{pkg|krb5}} || 2015-02-03 || <= 1.13-1 || 1.13.1-1 || 14d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000235.html ASA-201502-12] <br />
|-<br />
| {{CVE|CVE-2015-0255}} [http://www.x.org/wiki/Development/Security/Advisory-2015-02-10/ templink] || {{pkg|xorg-server}} || 2015-02-10 || <= 1.16.3-2|| 1.16.4-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000234.html ASA-201502-11]<br />
|-<br />
| {{CVE|CVE-2015-1191}} [http://www.openwall.com/lists/oss-security/2015/01/18/3 templink] || {{pkg|pigz}} || 2015-01-18 || <= 2.3.1-1 || 2.3.3-1 || 21d || Fixed ({{bug|43748}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000232.html ASA-201502-9]<br />
|-<br />
| {{CVE|CVE-2015-0245}} [http://lists.freedesktop.org/archives/dbus/2015-February/016553.html templink] || {{pkg|dbus}} || 2015-02-09 || <= 1.8.14-1 || 1.8.16-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000233.html ASA-201502-10]<br />
|-<br />
| {{CVE|CVE-2015-1472}} {{CVE|CVE-2015-1473}} || {{pkg|glibc}} || 2015-02-05 || <= 2.20-6 || 2.21-1 ||4d || Fixed ({{bug|43747}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000231.html ASA-201502-8]<br />
|-<br />
| {{CVE|CVE-2014-9297}} {{CVE|CVE-2014-9298}} [http://support.ntp.org/bin/view/Main/SecurityNotice#vallen_is_not_validated_in_sever templink] [http://support.ntp.org/bin/view/Main/SecurityNotice#1_can_be_spoofed_on_some_OSes_so templink]|| {{pkg|ntp}} || 2015-02-04 || <= 4.2.8-1 || 4.2.8.p1-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000230.html ASA-201502-7]<br />
|-<br />
| {{CVE|CVE-2014-9328}} || {{pkg|clamav}} || 2015-01-28 || <= 0.98.5-1 || 0.98.6-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000229.html ASA-201502-6]<br />
|-<br />
| {{CVE|CVE-2015-1209}} {{CVE|CVE-2015-1210}} {{CVE|CVE-2015-1211}} {{CVE|CVE-2015-1212}} [http://googlechromereleases.blogspot.fr/2015/02/stable-channel-update.html templink] || {{pkg|chromium}} || 2015-02-05 || <= 40.0.2214.94-1 || 40.0.2214.111-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000228.html ASA-201502-5]<br />
|-<br />
| {{CVE|CVE-2015-0313}} {{CVE|CVE-2015-0314}} {{CVE|CVE-2015-0315}} {{CVE|CVE-2015-0316}} {{CVE|CVE-2015-0317}} {{CVE|CVE-2015-0318}} {{CVE|CVE-2015-0319}} {{CVE|CVE-2015-0320}} {{CVE|CVE-2015-0321}} {{CVE|CVE-2015-0322}} {{CVE|CVE-2015-0323}} {{CVE|CVE-2015-0324}} {{CVE|CVE-2015-0325}} {{CVE|CVE-2015-0326}} {{CVE|CVE-2015-0327}} {{CVE|CVE-2015-0328}} {{CVE|CVE-2015-0329}} {{CVE|CVE-2015-0330}} [https://helpx.adobe.com/security/products/flash-player/apsb15-04.html templink] || {{pkg|flashplugin}} || 2015-02-05 || <= 11.2.202.440-1 || 11.2.202.442-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000225.html ASA-201502-2]<br />
|-<br />
| {{CVE|CVE-2014-8161}} {{CVE|CVE-2015-0241}} {{CVE|CVE-2015-0243}} {{CVE|CVE-2015-0244}} [http://www.postgresql.org/docs/9.4/static/release-9-4-1.html templink] || {{pkg|postgresql}} || 2015-02-05 || <= 9.4.0-1 || 9.4.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000227.html ASA-201502-4]<br />
|-<br />
| {{CVE|CVE-2015-1380}} {{CVE|CVE-2015-1381}} {{CVE|CVE-2015-1382}} [http://seclists.org/oss-sec/2015/q1/285 templink] || {{pkg|privoxy}} || 2015-01-26 || <= 3.0.22-1 || 3.0.23-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000224.html ASA-201502-1]<br />
|-<br />
| {{CVE|CVE-2015-0235}} [https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-0235 templink] || {{pkg|glibc}} || 2015-01-27 || < 2.18-1 || 2.18-1 || < 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-0311}} {{CVE|CVE-2015-0301}} {{CVE|CVE-2015-0302}} {{CVE|CVE-2015-0303}} {{CVE|CVE-2015-0304}} {{CVE|CVE-2015-0305}} {{CVE|CVE-2015-0306}} {{CVE|CVE-2015-0307}} {{CVE|CVE-2015-0308}} {{CVE|CVE-2015-0309}} [https://helpx.adobe.com/security/products/flash-player/apsb15-01.html templink] || {{pkg|flashplugin}} || 2015-01-23 || <= 11.2.202.438-1 || 11.2.202.440-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000220.html ASA-201501-22]<br />
|-<br />
| {{CVE|CVE-2015-0231}} {{CVE|CVE-2014-9427}} {{CVE|CVE-2015-0232}} [https://bugs.php.net/bug.php?id=68710 templink] [https://bugs.php.net/bug.php?id=68618 templink] [https://bugs.php.net/bug.php?id=68799 templink] || {{pkg|php}} || 2015-01-22 || <= 5.6.4-1 || 5.6.5-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000215.html ASA-201501-17]<br />
|-<br />
| {{CVE|CVE-2014-9638}} {{CVE|CVE-2014-9639}} {{CVE|CVE-2014-9640}} [http://www.openwall.com/lists/oss-security/2015/01/22/9 templink] || {{pkg|vorbis-tools}} || 2015-01-21 || <= 1.4.0-4 || 1.4.0-5 || 64d || Fixed ({{bug|44172}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000265.html ASA-201503-24]<br />
|-<br />
| {{CVE|CVE-2015-1345}} [http://seclists.org/oss-sec/2015/q1/179 templink] || {{pkg|grep}} || 2015-01-18 || <= 2.21-1 || 2.21-2 || 46d || Fixed ({{bug|44017}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000244.html ASA-201503-4]<br />
|-<br />
| {{CVE|CVE-2014-7923}} {{CVE|CVE-2014-7924}} {{CVE|CVE-2014-7925}} {{CVE|CVE-2014-7926}} {{CVE|CVE-2014-7927}} {{CVE|CVE-2014-7928}} {{CVE|CVE-2014-7930}} {{CVE|CVE-2014-7931}} {{CVE|CVE-2014-7929}} {{CVE|CVE-2014-7932}} {{CVE|CVE-2014-7933}} {{CVE|CVE-2014-7934}} {{CVE|CVE-2014-7935}} {{CVE|CVE-2014-7936}} {{CVE|CVE-2014-7937}} {{CVE|CVE-2014-7938}} {{CVE|CVE-2014-7939}} {{CVE|CVE-2014-7940}} {{CVE|CVE-2014-7941}} {{CVE|CVE-2014-7942}} {{CVE|CVE-2014-7943}} {{CVE|CVE-2014-7944}} {{CVE|CVE-2014-7945}} {{CVE|CVE-2014-7946}} {{CVE|CVE-2014-7947}} {{CVE|CVE-2014-7948}} {{CVE|CVE-2015-1205}} [http://googlechromereleases.blogspot.fr/2015/01/stable-update.html templink] || {{pkg|chromium}} || 2015-01-22 || <= 39.0.2171.99-1 || 40.0.2214.91-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000219.html ASA-201501-21]<br />
|-<br />
| {{CVE|CVE-2014-3566}} {{CVE|CVE-2014-6549}} {{CVE|CVE-2014-6585}} {{CVE|CVE-2014-6587}} {{CVE|CVE-2014-6591}} {{CVE|CVE-2014-6593}} {{CVE|CVE-2014-6601}} {{CVE|CVE-2015-0383}} {{CVE|CVE-2015-0395}} {{CVE|CVE-2015-0400}} {{CVE|CVE-2015-0403}} {{CVE|CVE-2015-0406}} {{CVE|CVE-2015-0407}} {{CVE|CVE-2015-0408}} {{CVE|CVE-2015-0410}} {{CVE|CVE-2015-0412}} {{CVE|CVE-2015-0413}} {{CVE|CVE-2015-0421}} {{CVE|CVE-2015-0437}} [http://www.oracle.com/technetwork/topics/security/cpujan2015verbose-1972976.html#JAVA templink] || {{pkg|jdk8-openjdk}} {{pkg|jre8-openjdk}} {{pkg|jre8-openjdk-headless}} || 2015-01-22 || <= 8.u25-2 || 8.u31-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000210.html ASA-201501-14] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000211.html ASA-201501-15] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000212.html ASA-201501-16]<br />
|-<br />
| {{CVE|CVE-2014-3566}} {{CVE|CVE-2014-6585}} {{CVE|CVE-2014-6587}} {{CVE|CVE-2014-6591}} {{CVE|CVE-2014-6593}} {{CVE|CVE-2014-6601}} {{CVE|CVE-2015-0383}} {{CVE|CVE-2015-0395}} {{CVE|CVE-2015-0407}} {{CVE|CVE-2015-0408}} {{CVE|CVE-2015-0410}} {{CVE|CVE-2015-0412}} [http://www.oracle.com/technetwork/topics/security/cpujan2015verbose-1972976.html#JAVA templink] || {{pkg|jdk7-openjdk}} {{pkg|jre7-openjdk}} {{pkg|jre7-openjdk-headless}} || 2015-01-22 || <= 7.u71_2.5.3-3 || 7.u75_2.5.4-1 || || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000216.html ASA-201501-18] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000217.html ASA-201501-19] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000218.html ASA-201501-20]<br />
|-<br />
| {{CVE|CVE-2014-8157}} {{CVE|CVE-2014-8158}} [http://seclists.org/oss-sec/2015/q1/210 templink] || {{pkg|jasper}} || 2015-01-22 || <= 1.900.1-12 || 1.900.1-13 || 5d || Fixed ({{bug|43592}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000222.html ASA-201501-23]<br />
|-<br />
| {{CVE|CVE-2014-8132}} [http://www.libssh.org/2014/12/19/libssh-0-6-4-security-and-bugfix-release/ templink] || {{pkg|libssh}} || 2014-12-19 || <= 0.6.3-1 || 0.6.4-1 || 26d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000208.html ASA-201501-12]<br />
|-<br />
| {{CVE|CVE-2015-1182}} [https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-04 templink] || {{pkg|polarssl}} || 2012-09-19 || <= 1.3.9-1 || 1.3.9-2 || 1d || Fixed ({{bug|43508}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000209.html ASA-201501-13]<br />
|-<br />
| {{CVE|CVE-2012-3505}} [http://www.openwall.com/lists/oss-security/2012/08/18/1 templink] || {{pkg|tinyproxy}} || 2012-09-10 || <= 1.8.3-1 || 1.8.4-1 || > 740d || Fixed ({{bug|38400}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000207.html ASA-201501-11]<br />
|-<br />
| {{CVE|CVE-2014-9447}} [https://git.fedorahosted.org/cgit/elfutils.git/commit/?id=147018e729e7c22eeabf15b82d26e4bf68a0d18e templink] || {{pkg|elfutils}} || 2015-01-19 || <= 0.161-2 || 0.161-3 || 42d || Fixed ({{bug|44019}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000242.html ASA-201503-2]<br />
|-<br />
| {{CVE|CVE-2014-9447}} [https://git.fedorahosted.org/cgit/elfutils.git/commit/?id=147018e729e7c22eeabf15b82d26e4bf68a0d18e templink] || {{pkg|lib32-elfutils}} || 2015-01-19 || <= 0.161-1 || 0.161-2 || 42d || Fixed ({{bug|44020}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000243.html ASA-201503-3]<br />
|-<br />
| {{CVE|CVE-2014-8143}} [https://www.samba.org/samba/security/CVE-2014-8143 templink] || {{pkg|samba}} || 2015-01-15 || <= 4.1.15-1 || 4.1.16-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000206.html ASA-201501-10]<br />
|-<br />
| {{CVE|CVE-2015-1197}} [http://www.openwall.com/lists/oss-security/2015/01/18/7 templink] || {{pkg|cpio}} || 2015-01-16 || <= 2.11-5 || 2.11-6 || 65d || Fixed ({{bug|44173}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000263.html ASA-201503-22]<br />
|-<br />
| {{CVE|CVE-2015-1196}} {{CVE|CVE-2014-9637}} [http://www.openwall.com/lists/oss-security/2015/01/18/6 templink] [https://savannah.gnu.org/bugs/?44051 templink] || {{pkg|patch}} || 2015-01-14 || <= 2.7.1-3 || 2.7.3-1 || 14d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000223.html ASA-201501-24]<br />
|-<br />
| {{CVE|CVE-2014-9571}} {{CVE|CVE-2014-9572}} {{CVE|CVE-2014-9573}} {{CVE|CVE-2014-9624}} {{CVE|CVE-2015-1042}} [http://www.openwall.com/lists/oss-security/2015/01/17/1 templink] [http://www.openwall.com/lists/oss-security/2015/01/17/3 templink] [http://www.openwall.com/lists/oss-security/2015/01/17/2 templink] [http://www.openwall.com/lists/oss-security/2015/01/18/11 templink] || {{pkg|mantisbt}} || 2015-01-17 || <= 1.2.18-1 || 1.2.19-1 || 20d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000226.html ASA-201502-3]<br />
|-<br />
| {{CVE|CVE-2014-8634}} {{CVE|CVE-2014-8635}} {{CVE|CVE-2014-8638}} {{CVE|CVE-2014-8639}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/ templink] || {{pkg|thunderbird}} || 2015-01-13 || <= 31.3.0-1 || 31.4.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000203.html ASA-201501-7]<br />
|-<br />
| {{CVE|CVE-2014-8634}} {{CVE|CVE-2014-8635}} {{CVE|CVE-2014-8636}} {{CVE|CVE-2014-8637}} {{CVE|CVE-2014-8638}} {{CVE|CVE-2014-8639}} {{CVE|CVE-2014-8640}} {{CVE|CVE-2014-8641}} {{CVE|CVE-2014-8642}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2015-01-13 || <= 34.0.5-1 || 35.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000202.html ASA-201501-6]<br />
|-<br />
| {{CVE|CVE-2014-3571}} {{CVE|CVE-2015-0206}} {{CVE|CVE-2014-3569}} {{CVE|CVE-2014-3572}} {{CVE|CVE-2015-0205}} {{CVE|CVE-2014-8275}} {{CVE|CVE-2014-3570}} [https://www.openssl.org/news/secadv_20150108.txt templink] || {{pkg|openssl}} || 2015-01-08 || <= 1.0.1.j-1 || 1.0.1.k-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000198.html ASA-201501-2]<br />
|-<br />
| {{CVE|CVE-2014-8150}} [http://curl.haxx.se/docs/adv_20150108B.html templink] || {{pkg|curl}} || 2015-01-08 || <= 7.39.0-1 || 7.40.0-1 || 10d || Fixed ({{bug|43379}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000205.html ASA-201501-9]<br />
|-<br />
| {{CVE|CVE-2014-6272}} [http://archives.seul.org/libevent/users/Jan-2015/msg00010.html templink] || {{pkg|libevent}} || 2015-01-05 || <= 2.0.21-3 || 2.0.22-1 || 7d || Fixed ({{bug|43366}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000200.html ASA-201501-4] <br />
|-<br />
| {{CVE|CVE-2014-8139}} {{CVE|CVE-2014-8140}} {{CVE|CVE-2014-8141}} [http://www.ocert.org/advisories/ocert-2014-011.html templink] || {{pkg|unzip}} || 2014-12-22 || <= 6.0-7 || 6.0-9 || 17d || Fixed ({{bug|43300}}) ({{bug|43391}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000199.html ASA-201501-3]<br />
|-<br />
| {{CVE|CVE-2014-6395}} {{CVE|CVE-2014-6396}} {{CVE|CVE-2014-9376}} {{CVE|CVE-2014-9377}} {{CVE|CVE-2014-9378}} {{CVE|CVE-2014-9379}} {{CVE|CVE-2014-9380}} {{CVE|CVE-2014-9381}} [https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/ templink] || {{pkg|ettercap}} {{pkg|ettercap-gtk}} || 2014-12-16 || <= 0.8.1-2 || 0.8.2-1 || 89d || Fixed ({{bug|44174}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000253.html ASA-201503-12] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000254.html ASA-201503-13]<br />
|-<br />
| {{CVE|CVE-2014-9425}} [https://bugs.php.net/bug.php?id=68676 templink] || {{pkg|php}} || 2014-12-29 || <= 5.6.4-1 || 5.6.5-1 || 6d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-9295}} {{CVE|CVE-2014-9296}} [http://support.ntp.org/bin/view/Main/SecurityNotice#Buffer_overflow_in_ctl_putdata templink] || {{pkg|ntp}} || 2014-12-19 || < 4.2.8-1 || 4.2.8-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000189.html ASA-201412-24]<br />
|-<br />
| {{CVE|CVE-2014-8142}} [https://bugzilla.redhat.com/show_bug.cgi?id=1175718 templink] || {{pkg|php}} || 2014-12-18 || <= 5.6.3-1 || 5.6.4-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000183.html ASA-201412-23]<br />
|-<br />
| {{CVE|CVE-2014-8137}} {{CVE|CVE-2011-4516}} {{CVE|CVE-2011-4517}} [https://marc.info/?l=oss-security&m=141891163026757&w=2 templink] || {{pkg|jasper}} || 2014-12-18 || <= 1.900.1-11 || 1.900.1-12 || 1d || Fixed ({{bug|43155}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000182.html ASA-201412-22]<br />
|-<br />
| {{CVE|CVE-2014-9029}} [https://marc.info/?l=oss-security&m=141770163916268&w=2 templink] || {{pkg|jasper}} || 2014-12-04 || <= 1.900.1-10 || 1.900.1-12 || 6d || Fixed ({{bug|43044}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000182.html ASA-201412-22]<br />
|-<br />
| {{CVE|CVE-2012-3406}} {{CVE|CVE-2014-9402}} [http://www.openwall.com/lists/oss-security/2014/12/18/1 templink] || {{pkg|glibc}} {{pkg|lib32-glibc}} || 2014-12-17 || <= 2.20-4 || 2.20-5 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000181.html ASA-201412-21]<br />
|-<br />
| {{CVE|CVE-2014-9253}} [http://seclists.org/oss-sec/2014/q4/1050 templink] || {{pkg|dokuwiki}} || 2014-12-15 || <= 20140929_a-1 || 20140929_b-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000177.html ASA-201412-19]<br />
|-<br />
| {{CVE|CVE-2014-3580}} {{CVE|CVE-2014-8108}} [https://subversion.apache.org/security/CVE-2014-3580-advisory.txt templink] [https://subversion.apache.org/security/CVE-2014-8108-advisory.txt templink] || {{pkg|subversion}} || 2014-12-16 || <= 1.8.10-1 || 1.8.11-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000175.html ASA-201412-17]<br />
|-<br />
| {{CVE|CVE-2014-9356}} {{CVE|CVE-2014-9357}} {{CVE|CVE-2014-9358}} [http://www.securityfocus.com/archive/1/534215 templink] || {{pkg|docker}} || 2014-12-12 || <= 1:1.3.2-1 || 1:1.4.0-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000174.html ASA-201412-16]<br />
|-<br />
| {{CVE|CVE-2013-1752}} {{CVE|CVE-2013-1753}} {{CVE|CVE-2014-9365}} [https://hg.python.org/cpython/raw-file/v2.7.9/Misc/NEWS templink] || {{pkg|python2}} || 2014-12-11 || <= 2.7.8-1 || 2.7.9-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000173.html ASA-201412-15]<br />
|-<br />
| {{CVE|CVE-2014-0580}} {{CVE|CVE-2014-0587}} {{CVE|CVE-2014-8443}} {{CVE|CVE-2014-9162}} {{CVE|CVE-2014-9163}} {{CVE|CVE-2014-9164}} [https://helpx.adobe.com/security/products/flash-player/apsb14-27.html templink] || {{pkg|flashplugin}} || 2014-12-09 || <= 11.2.202.424-1 || 11.2.202.425-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000171.html ASA-201412-13]<br />
|-<br />
| {{CVE|CVE-2014-8091}} {{CVE|CVE-2014-8092}} {{CVE|CVE-2014-8093}} {{CVE|CVE-2014-8094}} {{CVE|CVE-2014-8095}} {{CVE|CVE-2014-8096}} {{CVE|CVE-2014-8097}} {{CVE|CVE-2014-8098}} {{CVE|CVE-2014-8099}} {{CVE|CVE-2014-8100}} {{CVE|CVE-2014-8101}} {{CVE|CVE-2014-8102}} {{CVE|CVE-2014-8103}} [http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/ templink] || {{pkg|xorg-server}} || 2014-12-09 || <= 1.16.2-1 || 1.16.2.901-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000172.html ASA-201412-14]<br />
|-<br />
| {{CVE|CVE-2014-8093}} {{CVE|CVE-2014-8098}} {{CVE|CVE-2014-8298}} [https://nvidia.custhelp.com/app/answers/detail/a_id/3610 templink] || {{pkg|nvidia}} {{pkg|nvidia-lts}} || 2014-12-09 || <= 343.22-6 || 343.36-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000170.html ASA-201412-12]<br />
|-<br />
| {{CVE|CVE-2014-8093}} {{CVE|CVE-2014-8098}} {{CVE|CVE-2014-8298}} [https://nvidia.custhelp.com/app/answers/detail/a_id/3610 templink] || {{pkg|nvidia-340xx}} {{pkg|nvidia-340xx-lts}} || 2014-12-09 || <= 340.58-3 || 340.65-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000169.html ASA-201412-11]<br />
|-<br />
| {{CVE|CVE-2014-8093}} {{CVE|CVE-2014-8098}} {{CVE|CVE-2014-8298}} [https://nvidia.custhelp.com/app/answers/detail/a_id/3610 templink] || {{pkg|nvidia-304xx}} {{pkg|nvidia-304xx-lts}} || 2014-12-09 || < 304.125-1 || 304.125-1 || < 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000168.html ASA-201412-10]<br />
|-<br />
| {{CVE|CVE-2014-8601}} [http://doc.powerdns.com/md/security/powerdns-advisory-2014-02/ templink] || {{pkg|powerdns-recursor}} || 2014-12-09 || <= 3.6.1-1 || 3.6.2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000167.html ASA-201412-9]<br />
|-<br />
| {{CVE|CVE-2014-8602}} [https://unbound.net/downloads/CVE-2014-8602.txt templink] || {{pkg|unbound}} || 2014-12-09 || <= 1.5.0-1 || 1.5.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000166.html ASA-201412-8]<br />
|-<br />
| {{CVE|CVE-2014-8500}} {{CVE|CVE-2014-8680}} [http://svnweb.freebsd.org/ports?view=revision&revision=374305 templink] || {{pkg|bind}} || 2014-12-08 || <= 9.10.1-2 || 9.10.1.P1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000165.html ASA-201412-7]<br />
|-<br />
| {{CVE|CVE-2014-9274}} {{CVE|CVE-2014-9275}} [http://seclists.org/oss-sec/2014/q4/904 templink] || {{pkg|unrtf}} || 2014-12-04 || <= 0.21.5-1 || 0.21.7-1 || 10d || Fixed ({{bug|43131}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000178.html ASA-201412-20]<br />
|-<br />
| {{CVE|CVE-2014-1587}} {{CVE|CVE-2014-1588}} {{CVE|CVE-2014-1589}} {{CVE|CVE-2014-1590}} {{CVE|CVE-2014-1591}} {{CVE|CVE-2014-1592}} {{CVE|CVE-2014-1593}} {{CVE|CVE-2014-1594}} {{CVE|CVE-2014-8631}} {{CVE|CVE-2014-8632}} [https://www.mozilla.org/fr/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2014-12-02 || <= 33.1.1-1 || 34.0.5-1 || < 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000161.html ASA-201412-3]<br />
|-<br />
| {{CVE|CVE-2014-9157}} [http://seclists.org/oss-sec/2014/q4/872 templink] || {{pkg|graphviz}} || 2014-11-25 || <= 2.38.0-2 || 2.38.0-3 || 8d || Fixed ({{bug|42983}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000162.html ASA-201412-4]<br />
|-<br />
| {{CVE|CVE-2014-8123}} [http://seclists.org/oss-sec/2014/q4/874 templink] || {{pkg|antiword}} || 2014-12-01 || <= 0.37-4 || 0.37-5 || 3d || Fixed ({{bug|42982}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000163.html ASA-201412-5]<br />
|-<br />
| {{CVE|CVE-2014-8104}} [https://forums.openvpn.net/topic17625.html templink] || {{pkg|openvpn}} || 2014-11-30 || <= 2.3.5-1 || 2.3.6-1 || 4d || Fixed ({{bug|42975}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000160.html ASA-201412-2]<br />
|-<br />
| {{CVE|CVE-2014-9087}} [http://seclists.org/oss-sec/2014/q4/801 templink] || {{pkg|gnupg}} || 2014-11-25 || <= 2.1.0-5 || 2.1.0-6 || 4d || Fixed ({{bug|42943}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000159.html ASA-201412-1]<br />
|-<br />
| {{CVE|CVE-2014-9087}} [http://seclists.org/oss-sec/2014/q4/801 templink] || {{pkg|libksba}} || 2014-11-25 || <= 1.3.1-1 || 1.3.2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000156.html ASA-201411-31]<br />
|-<br />
| {{CVE|CVE-2014-9114}} [http://seclists.org/oss-sec/2014/q4/819 templink] || {{pkg|util-linux}} || 2014-11-27 || <= 2.25.2-1 || 2.26.1-3 || 117d || Fixed ({{bug|43886}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000264.html ASA-201503-23]<br />
|-<br />
| {{CVE|CVE-2014-9112}} [http://seclists.org/oss-sec/2014/q4/818 templink] || {{pkg|cpio}} || 2014-11-26 || <= 2.11-4 || 2.11-5 || 20d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000201.html ASA-201501-5]<br />
|-<br />
| {{CVE|CVE-2014-9116}} [http://seclists.org/oss-sec/2014/q4/835 templink] || {{pkg|mutt}} || 2014-11-27 || <= 1.5.23-1 || 1.5.23-2 || 71d || Fixed ({{bug|44110}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000247.html ASA-201503-6]<br />
|-<br />
| {{CVE|CVE-2014-9093}} [https://bugs.freedesktop.org/show_bug.cgi?id=86449 templink] || {{pkg|libreoffice-fresh}} || 2014-11-19 || <= 4.3.4-1 ||4.3.5-1 || 31d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-9092}} [https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768369#114 templink] || {{pkg|libjpeg-turbo}} || 2014-11-26 || <= 1.3.1-2 || 1.3.1-3 || 2d || Fixed ({{bug|42922}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000158.html ASA-201411-33]<br />
|-<br />
| {{CVE|CVE-2014-9272}} {{CVE|CVE-2014-9270}} {{CVE|CVE-2014-8987}} {{CVE|CVE-2014-9271}} {{CVE|CVE-2014-9281}} {{CVE|CVE-2014-8986}} {{CVE|CVE-2014-9269}} {{CVE|CVE-2014-9280}} {{CVE|CVE-2014-9089}} {{CVE|CVE-2014-9279}} {{CVE|CVE-2014-8988}} {{CVE|CVE-2014-8553}} {{CVE|CVE-2014-6387}} {{CVE|CVE-2014-6316}} {{CVE|CVE-2014-9117}} [https://www.mantisbt.org/bugs/view.php?id=17841 templink] [https://www.mantisbt.org/bugs/view.php?id=17811 templink] [http://seclists.org/oss-sec/2014/q4/955 templink] || {{pkg|mantisbt}} || 2014-11-25 || <= 1.2.17-4 || 1.2.18-1 || 13d || Fixed ({{bug|42920}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000164.html ASA-201412-6]<br />
|-<br />
| {{CVE|CVE-2014-9090}} [https://marc.info/?l=oss-security&m=141698775601426&w=2 templink] || {{pkg|linux}} {{pkg|linux-lts}} || 2014-11-26 || <= 3.18-rc6 || 3.19 || - || Not Affected || None<br />
|-<br />
| {{CVE|CVE-2014-9018}} {{CVE|CVE-2014-9091}} [http://seclists.org/oss-sec/2014/q4/694 templink] || {{pkg|icecast}} || 2014-11-20 || <= 2.4.0-1 || 2.4.1-1 || 8d || Fixed ({{bug|42912}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000157.html ASA-201411-32]<br />
|-<br />
| {{CVE|CVE-2014-8964}} [http://bugs.exim.org/show_bug.cgi?id=1546 templink] || {{pkg|pcre}} || 2014-11-18 || <= 8.36-1 || 8.36-2 || 8d || Fixed ({{bug|42860}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000154.html ASA-201411-29]<br />
|-<br />
| {{CVE|CVE-2014-8962}} {{CVE|CVE-2014-9028}} [http://www.ocert.org/advisories/ocert-2014-008.html templink] || {{pkg|flac}} || 2014-11-25 || <= 1.3.0-4 || 1.3.0-5 || < 1d || Fixed ({{bug|42898}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000155.html ASA-201411-30]<br />
|-<br />
| {{CVE|CVE-2014-7899}} {{CVE|CVE-2014-7900}} {{CVE|CVE-2014-7901}} {{CVE|CVE-2014-7902}} {{CVE|CVE-2014-7903}} {{CVE|CVE-2014-7904}} {{CVE|CVE-2014-7906}} {{CVE|CVE-2014-7907}} {{CVE|CVE-2014-7908}} {{CVE|CVE-2014-7909}} {{CVE|CVE-2014-7910}} [http://googlechromereleases.blogspot.in/2014/11/stable-channel-update_18.html templink] || {{pkg|chromium}} || 2014-11-20 || <= 38.0.2125.122-1 || 39.0.2171.65-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000151.html ASA-201411-26]<br />
|-<br />
| {{CVE|CVE-2014-9015}} {{CVE|CVE-2014-9016}} [http://seclists.org/oss-sec/2014/q4/697 templink] || {{pkg|drupal}} || 2014-11-19 || <= 7.33-1 || 7.34-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000150.html ASA-201411-25]<br />
|-<br />
| {{CVE|CVE-2013-6497}} [http://seclists.org/oss-sec/2014/q4/673 templink] || {{pkg|clamav}} || 2014-11-18 || <= 0.98.4-1 || 0.98.5-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000146.html ASA-201411-21]<br />
|-<br />
| {{CVE|CVE-2014-7817}} [https://sourceware.org/bugzilla/show_bug.cgi?id=17625 templink] || {{pkg|glibc}} {{pkg|lib32-glibc}} || 2014-11-19 || <= 2.20-2 || 2.20.3 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000152.html ASA-201411-27]<br />
|-<br />
| {{CVE|CVE-2014-8600}} [https://www.kde.org/info/security/advisory-20141113-1.txt templink] || {{pkg|kwebkitpart}} || 2014-11-18 || <= 1.3.4-2 || 1.3.4-3 || 4d || Fixed ({{bug|44170}} {{bug|42775}}) || None<br />
|-<br />
| {{CVE|CVE-2014-8767}} {{CVE|CVE-2014-8768}} {{CVE|CVE-2014-8769}} {{CVE|CVE-2014-9140}} {{CVE|CVE-2015-0261}} {{CVE|CVE-2015-2153}} {{CVE|CVE-2015-2154}} {{CVE|CVE-2015-2155}} [http://www.securityfocus.com/archive/1/534011/30/0/threaded templink] [http://www.securityfocus.com/archive/1/534010/30/0/threaded templink] [http://www.securityfocus.com/archive/1/534009/30/0/threaded templink] [https://github.com/the-tcpdump-group/tcpdump/commit/0f95d441e4b5d7512cc5c326c8668a120e048eda templink] || {{pkg|tcpdump}} || 2014-11-18 || <= 4.6.2-1 || 4.7.3-1 || 88d || Fixed ({{bug|44153}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000261.html ASA-201503-20]<br />
|-<br />
| {{CVE|CVE-2014-8090}} || {{pkg|ruby}} || 2014-11-13 || <= 2.1.4-1 || 2.1.5-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000141.html ASA-201411-16]<br />
|-<br />
| {{CVE|CVE-2014-7823}} || {{pkg|libvirt}} || 2014-11-13 || <= 1.2.10-1 ||1.2.11-1 ||33d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-8710}} {{CVE|CVE-2014-8711}} {{CVE|CVE-2014-8712}} {{CVE|CVE-2014-8713}} {{CVE|CVE-2014-8714}} [https://www.wireshark.org/security/wnpa-sec-2014-20.html templink] [https://www.wireshark.org/security/wnpa-sec-2014-21.html templink] [https://www.wireshark.org/security/wnpa-sec-2014-22.html templink] || {{pkg|wireshark-cli}} {{pkg|wireshark-gtk}} {{pkg|wireshark-qt}} || 2014-11-13 || <= 1.12.1-1 || 1.12.2-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000147.html ASA-201411-22] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000148.html ASA-201411-23] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000149.html ASA-201411-24]<br />
|-<br />
| {{CVE|CVE-2014-0573}} {{CVE|CVE-2014-0574}} {{CVE|CVE-2014-0576}} {{CVE|CVE-2014-0577}} {{CVE|CVE-2014-0581}} {{CVE|CVE-2014-0582}} {{CVE|CVE-2014-0583}} {{CVE|CVE-2014-0584}} {{CVE|CVE-2014-0585}} {{CVE|CVE-2014-0586}} {{CVE|CVE-2014-0588}} {{CVE|CVE-2014-0589}} {{CVE|CVE-2014-0590}} {{CVE|CVE-2014-8437}} {{CVE|CVE-2014-8438}} {{CVE|CVE-2014-8440}} {{CVE|CVE-2014-8441}} {{CVE|CVE-2014-8442}} [https://helpx.adobe.com/security/products/flash-player/apsb14-24.html templink] || {{pkg|flashplugin}} || 2014-11-11 || <= 11.2.202.411-1 || 11.2.202.418-1 || <1d || Fixed ({{bug|42769}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000136.html ASA-201411-11]<br />
|-<br />
| {{CVE|CVE-2014-3710}} [https://bugzilla.redhat.com/show_bug.cgi?id=1155071 templink] || {{pkg|php}} || 2014-10-29 || <= 5.6.2-2 || 5.6.3-1 || 14d || Fixed ({{bug|42764}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000138.html ASA-201411-13]<br />
|-<br />
| {{CVE|CVE-2014-8564}} [http://www.gnutls.org/security.html#GNUTLS-SA-2014-5 templink]|| {{pkg|gnutls}} || 2014-11-10 || <= 3.3.9-1 ||3.3.10-1 ||<1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000135.html ASA-201411-10]<br />
|-<br />
| {{CVE|CVE-2014-8716}} [http://seclists.org/oss-sec/2014/q4/591 templink]|| {{pkg|imagemagick}} || 2014-11-12 || <= 6.8.9.9-1 || 6.8.9.10-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000137.html ASA-201411-12]<br />
|-<br />
| {{CVE|CVE-2014-3710}} [https://bugzilla.redhat.com/show_bug.cgi?id=1155071 templink] || {{pkg|file}} || 2014-10-29 || <= 5.20-1 || 5.20-2 || 12d || Fixed ({{bug|42759}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000134.html ASA-201411-9]<br />
|-<br />
| {{CVE|CVE-2014-1569}} [https://bugzilla.mozilla.org/show_bug.cgi?id=1064670 templink] || {{pkg|nss}} || 2014-11-07 || <= 3.17.2-1 || 3.17.3-1 || 22d || Fixed ({{bug|42760}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000176.html ASA-201412-18]<br />
|-<br />
| {{CVE|CVE-2014-7824}} [http://www.openwall.com/lists/oss-security/2014/11/10/2 templink] || {{pkg|dbus}} || 2014-11-10 || <= 1.8.8-1 || 1.8.10-1 || 14d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000153.html ASA-201411-28]<br />
|-<br />
| {{CVE|CVE-2014-8598}} {{CVE|CVE-2014-7146}} [http://www.openwall.com/lists/oss-security/2014/11/07/27 templink] [http://www.openwall.com/lists/oss-security/2014/11/07/28 templink]|| {{pkg|mantisbt}} || 2014-11-08 || <= 1.2.17-3 || 1.2.17-4 || <4d || Fixed ({{bug|42761}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000133.html ASA-201411-8]<br />
|-<br />
| {{CVE|CVE-2014-8483}} [https://www.kde.org/info/security/advisory-20141104-1.txt templink] || {{pkg|konversation}} || 2014-11-04 || <= 1.5-1 || 1.5.1-1 || <4d || Fixed ({{bug|42698}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000130.html ASA-201411-5]<br />
|-<br />
| {{CVE|CVE-2014-3707}} [http://curl.haxx.se/docs/adv_20141105.html templink]|| {{pkg|curl}} || 2014-11-05 || <= 7.38.0-3 || 7.39.0-1 || 6d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000132.html ASA-201411-7]<br />
|-<br />
| {{CVE|CVE-2014-8651}} [http://seclists.org/oss-sec/2014/q4/520 templink]|| {{pkg|kdebase-workspace}} || 2014-11-04 || <= 4.11.13-1 || 4.11.13-2 || 6d || Fixed ({{bug|42679}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000131.html ASA-201411-6]<br />
|-<br />
| {{CVE|CVE-2014-8627}} {{CVE|CVE-2014-8628}} [http://www.openwall.com/lists/oss-security/2014/11/04/6 templink]|| {{pkg|polarssl}} || 2014-10-23 || <= 1.3.8-3 || 1.3.9-1 || 11d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000129.html ASA-201411-4]<br />
|-<br />
| {{CVE|CVE-2014-8321}} {{CVE|CVE-2014-8322}} {{CVE|CVE-2014-8323}} {{CVE|CVE-2014-8324}} [http://www.securityfocus.com/archive/1/533869/30/0/threaded templink]|| {{pkg|aircrack-ng}} || 2014-11-02 || <= 1.2beta3-1 || 1.2rc1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000127.html ASA-201411-2]<br />
|-<br />
| {{CVE|CVE-2014-8554}} [http://www.openwall.com/lists/oss-security/2014/10/30/9 templink]|| {{pkg|mantisbt}} || 2014-10-30 || <= 1.2.17-2 || 1.2.17-3 || 5d || Fixed ({{bug|42683}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000128.html ASA-201411-3]<br />
|-<br />
| {{CVE|CVE-2014-8354}} {{CVE|CVE-2014-8355}} {{CVE|CVE-2014-8561}} {{CVE|CVE-2014-8562}} [http://seclists.org/oss-sec/2014/q4/466 templink]|| {{pkg|imagemagick}} || 2014-10-29 || <= 6.8.9.8-1 || 6.8.9.9-1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-8517}} [http://seclists.org/oss-sec/2014/q4/459 templink]|| {{pkg|tnftp}} || 2014-10-28 || <= 20130505-2 || 20141031-1 || 4d || Fixed ({{bug|42646}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000126.html ASA-201411-1]<br />
|-<br />
| {{CVE|CVE-2014-4877}} [http://git.savannah.gnu.org/cgit/wget.git/commit/?id=18b0979357ed7dc4e11d4f2b1d7e0f5932d82aa7 templink]|| {{pkg|wget}} || 2014-10-27 || <= 1.15-1 || 1.16-1 || <2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000125.html ASA-201410-14]<br />
|-<br />
| {{CVE|CVE-2014-8484}} {{CVE|CVE-2014-8485}} {{CVE|CVE-2014-8501}} {{CVE|CVE-2014-8502}} {{CVE|CVE-2014-8503}} {{CVE|CVE-2014-8504}} {{CVE|CVE-2014-8737}} {{CVE|CVE-2014-8738}} [http://seclists.org/oss-sec/2014/q4/424 templink] [http://seclists.org/oss-sec/2014/q4/599 tmplink] [http://seclists.org/oss-sec/2014/q4/600 templink] || {{pkg|avr-binutils}} || 2014-10-23 || <= 2.24-2 || 2.24-3 || 27d || Fixed ({{bug|42773}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000145.html ASA-201411-20]<br />
|-<br />
| {{CVE|CVE-2014-8484}} {{CVE|CVE-2014-8485}} {{CVE|CVE-2014-8501}} {{CVE|CVE-2014-8502}} {{CVE|CVE-2014-8503}} {{CVE|CVE-2014-8504}} {{CVE|CVE-2014-8737}} {{CVE|CVE-2014-8738}} [http://seclists.org/oss-sec/2014/q4/424 templink] [http://seclists.org/oss-sec/2014/q4/599 tmplink] [http://seclists.org/oss-sec/2014/q4/600 templink] || {{pkg|mingw-w64-binutils}} || 2014-10-23 || <= 2.24-1 || 2.24-2 || 26d || Fixed ({{bug|42773}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000144.html ASA-201411-19]<br />
|-<br />
| {{CVE|CVE-2014-8484}} {{CVE|CVE-2014-8485}} {{CVE|CVE-2014-8501}} {{CVE|CVE-2014-8502}} {{CVE|CVE-2014-8503}} {{CVE|CVE-2014-8504}} {{CVE|CVE-2014-8737}} {{CVE|CVE-2014-8738}} [http://seclists.org/oss-sec/2014/q4/424 templink] [http://seclists.org/oss-sec/2014/q4/599 tmplink] [http://seclists.org/oss-sec/2014/q4/600 templink] || {{pkg|arm-none-eabi-binutils}} || 2014-10-23 || <= 2.24-2 || 2.24-3 || 26d || Fixed ({{bug|42773}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000143.html ASA-201411-18]<br />
|-<br />
| {{CVE|CVE-2014-8484}} {{CVE|CVE-2014-8485}} {{CVE|CVE-2014-8501}} {{CVE|CVE-2014-8502}} {{CVE|CVE-2014-8503}} {{CVE|CVE-2014-8504}} {{CVE|CVE-2014-8737}} {{CVE|CVE-2014-8738}} [http://seclists.org/oss-sec/2014/q4/424 templink] [http://seclists.org/oss-sec/2014/q4/599 tmplink] [http://seclists.org/oss-sec/2014/q4/600 templink] || {{pkg|binutils}} || 2014-10-23 || <= 2.24-7 || 2.24-8 || 26d || Fixed ({{bug|42773}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000142.html ASA-201411-17]<br />
|-<br />
| {{CVE|CVE-2014-8559}} [http://www.openwall.com/lists/oss-security/2014/10/30/7 templink] || {{pkg|linux}}, {{pkg|linux-lts}} || 2014-10-30 || <= 3.17.3-1, <= 3.14.24-1 ||3.17.4-1 3.14.25-1 || ~23d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-3610}} {{CVE|CVE-2014-3611}} {{CVE|CVE-2014-3646}} {{CVE|CVE-2014-3647}} {{CVE|CVE-2014-7825}} {{CVE|CVE-2014-7826}} {{CVE|CVE-2014-8369}} [http://permalink.gmane.org/gmane.comp.security.oss.general/14526 templink] [http://seclists.org/oss-sec/2014/q4/548 templink] || {{pkg|linux}}, {{pkg|linux-lts}} || 2014-10-21 || <= 3.17.2-1, <= 3.14.23-1 || 3.17.3-1, 3.14.24-1 || || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000139.html ASA-201411-14] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000140.html ASA-201411-15]<br />
|-<br />
| {{CVE|CVE-2014-8480}} {{CVE|CVE-2014-8481}} [http://permalink.gmane.org/gmane.comp.security.oss.general/14526 templink] || {{pkg|linux}} || 2014-10-21 || <= 3.17.2-1 || 3.17.3-1 || || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000139.html ASA-201411-14]<br />
|-<br />
| {{CVE|CVE-2014-3695}} {{CVE|CVE-2014-3696}} {{CVE|CVE-2014-3698}} [https://pidgin.im/news/security/ templink] || {{pkg|libpurple}} || 2014-10-22 || <= 2.10.9-2 || 2.10.10-1 || < 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000120.html ASA-201410-9]<br />
|-<br />
| {{CVE|CVE-2014-8760}} || {{pkg|ejabberd}} || 2014-10-13 || <= 14.07-1 || 14.07-2 || 14d || Fixed ({{bug|42541}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000124.html ASA-201410-13]<br />
|-<br />
| {{CVE|CVE-2014-3686}} || {{pkg|wpa_supplicant}}, {{pkg|hostapd}} || 2014-10-09 || <= 2.2-2 || 2.3-1 || ~10d || Fixed ({{bug|42401}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000119.html ASA-201410-8]<br />
|-<br />
| {{CVE|CVE-2014-0191}} {{CVE|CVE-2014-3660}} || {{pkg|libxml2}} || 2014-10-16 || <= 2.9.1-5 || 2.9.2-1 || 8d || Fixed ({{bug|40790}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000123.html ASA-201410-12]<br />
|-<br />
| {{CVE|CVE-2014-3704}} [https://www.drupal.org/SA-CORE-2014-005 templink] || {{pkg|drupal}} || 2014-10-15 || <= 7.31-2 || 7.32-1 || 1d || Fixed ({{bug|42388}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000118.html ASA-201410-7]<br />
|-<br />
| {{CVE|CVE-2014-3513}} {{CVE|CVE-2014-3566}} {{CVE|CVE-2014-3567}} {{CVE|CVE-2014-3568}} [https://www.openssl.org/news/secadv_20141015.txt templink] [https://www.openssl.org/~bodo/ssl-poodle.pdf temp link] || {{pkg|openssl}} || 2014-10-15 || <= 1.0.1.i-1 || 1.0.1.j-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000117.html ASA-201410-6]<br />
|-<br />
| {{CVE|CVE-2014-8242}} [http://www.openwall.com/lists/oss-security/2014/10/13/2 temp link] || {{pkg|librsync}} || 2014-10-12 || <= 0.9.7-7 || 1.0.0-1 || 166d || Fixed ({{bug|44175}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000251.html ASA-201503-10]<br />
|-<br />
| {{CVE|CVE-2014-7203}} {{CVE|CVE-2014-7202}} [http://seclists.org/oss-sec/2014/q3/776 temp link] || {{pkg|zeromq}} || 2014-09-27 || <= 4.0.4-4 || 4.0.5-1 || 18d || Fixed ({{bug|42381}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000116.html ASA-201410-4]<br />
|-<br />
| {{CVE|CVE-2014-6051}} {{CVE|CVE-2014-6052}} {{CVE|CVE-2014-6053}} {{CVE|CVE-2014-6054}} {{CVE|CVE-2014-6055}} [http://seclists.org/oss-sec/2014/q3/639 temp link] || {{pkg|libvncserver}} || 2014-09-23 || <= 0.9.9-3 || 0.9.10-1 || 31d || Fixed ({{bug|42321}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000121.html ASA-201410-10]<br />
|-<br />
| {{CVE|CVE-2014-3683}} [http://www.rsyslog.com/remote-syslog-pri-vulnerability-cve-2014-3683/ temp link] || {{pkg|rsyslog}} || 2014-10-02 || <= 8.4.1-1 || 8.4.2-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000115.html ASA-201410-5]<br />
|-<br />
| {{CVE|CVE-2014-7204}} [http://seclists.org/oss-sec/2014/q3/842 temp link] || {{pkg|ctags}} || 2014-09-29 || <= 5.8-4 || 5.8-5 || 26d || Fixed ({{bug|42246}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000122.html ASA-201410-11]<br />
|-<br />
| {{CVE|CVE-2014-7295}} [https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-October/000163.html temp link] || {{pkg|mediawiki}} || 2014-10-02 || <= 1.23.4-1 || 1.23.5-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000114.html ASA-201410-3]<br />
|-<br />
| {{CVE|CVE-2014-3661}} {{CVE|CVE-2014-3662}} {{CVE|CVE-2014-3663}} {{CVE|CVE-2014-3664}} {{CVE|CVE-2014-3680}} {{CVE|CVE-2014-3681}} {{CVE|CVE-2014-3666}} {{CVE|CVE-2014-3667}} {{CVE|CVE-2013-2186}} {{CVE|CVE-2014-1869}} {{CVE|CVE-2014-3678}} {{CVE|CVE-2014-3679}} [https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01 temp link] || {{pkg|jenkins}} || 2014-10-01 || <= 1.582-1 || 1.583-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000113.html ASA-201410-2]<br />
|-<br />
| {{CVE|CVE-2014-3634}} [http://www.rsyslog.com/remote-syslog-pri-vulnerability/ temp link] || {{pkg|rsyslog}} || 2014-09-30 || <= 8.4.0-1 || 8.4.1-1 || 1d || Fixed ({{bug|42200}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000112.html ASA-201410-1]<br />
|-<br />
| {{CVE|CVE-2014-3657}} {{CVE|CVE-2014-3633}} [https://www.debian.org/security/2014/dsa-3038 temp link] || {{pkg|libvirt}} || 2014-09-26 || <= 1.2.8-1 || 1.2.8-2 || 3d || Fixed ({{bug|42159}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-September/000111.html ASA-201409-5]<br />
|-<br />
| {{CVE|CVE-2014-7199}} [https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-September/000161.html temp link] || {{pkg|mediawiki}} || 2014-09-24 || <= 1.23.3-1 || 1.23.4-1 || 5d || Fixed ({{bug|42161}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-September/000109.html ASA-201409-4]<br />
|-<br />
| {{CVE|CVE-2014-7185}} [http://bugs.python.org/issue21831 temp link] || {{pkg|python2}} || 2014-09-24 || < 2.7.8 || 2.7.8-1 || < 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-September/000102.html ASA-201409-3]<br />
|-<br />
| {{CVE|CVE-2014-1568}} [https://www.mozilla.org/security/announce/2014/mfsa2014-73.html temp link] || {{pkg|nss}} || 2014-09-24 || < 3.17.1 || 3.17.1-1 || < 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-September/000097.html ASA-201409-1]<br />
|-<br />
| {{CVE|CVE-2014-6271}} {{CVE|CVE-2014-7169}} {{CVE|CVE-2014-7186}} {{CVE|CVE-2014-7187}} {{CVE|CVE-2014-6277}} {{CVE|CVE-2014-6278}} [http://seclists.org/oss-sec/2014/q3/649 temp link] || {{pkg|bash}} || 2014-09-24 || <= 4.3.024-1 || 4.3.026-1 || 2d || Fixed ({{bug|42109}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-September/000099.html ASA-201409-2]<br />
|-<br />
| {{CVE|CVE-2014-3635}} {{CVE|CVE-2014-3636}} {{CVE|CVE-2014-3637}} {{CVE|CVE-2014-3638}} {{CVE|CVE-2014-3639}} [http://www.openwall.com/lists/oss-security/2014/09/16/9 temp link] || {{pkg|dbus}} {{pkg|libdbus}} {{pkg|lib32-libdbus}} || 2014-09-16 || < 1.8.8 || 1.8.8-1 || 1d || Fixed ({{bug|41993}}) || None<br />
|-<br />
| {{CVE|CVE-2014-3613}} {{CVE|CVE-2014-3620}} [http://curl.haxx.se/docs/security.html temp link] || {{pkg|curl}} {{pkg|lib32-curl}}|| 2014-09-10 || < 7.38.0 || 7.38.0-1 || 5d ({{pkg|curl}}), 7d ({{pkg|lib32-curl}}) || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-3609}} [http://www.squid-cache.org/Advisories/SQUID-2014_2.txt temp link] || {{pkg|squid}} || 2014-08-28 || < 3.4.7 || 3.4.7-1 || < 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-5119}} [https://sourceware.org/bugzilla/show_bug.cgi?id=17187 temp link] || {{pkg|glibc}} || 2014-07-21 || <= 2.19 || 2.20-2 || 55d || Fixed ({{bug|41713}}) || None<br />
|-<br />
| {{CVE|CVE-2014-3508}} {{CVE|CVE-2014-5139}} {{CVE|CVE-2014-3509}} {{CVE|CVE-2014-3505}} {{CVE|CVE-2014-3506}} {{CVE|CVE-2014-3507}} {{CVE|CVE-2014-3510}} {{CVE|CVE-2014-3511}} {{CVE|CVE-2014-3512}} [https://www.openssl.org/news/secadv_20140806.txt temp link] || {{pkg|openssl}} || 2014-08-06 || < 1.0.1.i || 1.0.1.i-1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0226}} [http://www.zerodayinitiative.com/advisories/ZDI-14-236/ temp link] || {{pkg|apache}} || 2014-07-15 || < 2.4.10 || 2.4.10-1 || ~7d || Fixed ({{bug|41244}}) || None<br />
|-<br />
| {{CVE|CVE-2014-4943}} [http://www.openwall.com/lists/oss-security/2014/07/17/1 temp link] || {{pkg|linux}}, {{pkg|linux-lts}}, {{pkg|linux-grsec}} || 2014-07-16 || || 3.15.5.201407170639-1 {{pkg|linux-grsec}}, 3.14.16 ({{pkg|linux-lts}}), 3.16 ({{pkg|linux}}) || 1d ({{pkg|linux-grsec}}), 23d ({{pkg|linux-lts}}), 27d {{pkg|linux}} || Fixed in {{pkg|linux}}, {{pkg|linux-lts}} ({{bug|41231}}), Fixed in {{pkg|linux-grsec}} || None<br />
|-<br />
| {{CVE|CVE-2014-0475}} [http://www.openwall.com/lists/oss-security/2014/07/10/7 temp link] || {{pkg|glibc}} || 2014-07-10 || <=2.19 || 2.20-2 || 66d || Fixed ({{bug|41166}}) || None<br />
|-<br />
| {{CVE|CVE-2014-4699}} [http://www.openwall.com/lists/oss-security/2014/07/04/4 temp link] || {{Pkg|linux}}, {{pkg|linux-lts}}, {{pkg|linux-grsec}} || 2014-07-04 || || 3.15.3.201407060933-1 {{pkg|linux-grsec}}, 3.15.4-1 {{pkg|linux}}, 3.14.11-1 {{pkg|linux-lts}} || 2d ({{pkg|linux-grsec}}), 3d ({{pkg|linux}}, {{pkg|linux-lts}}) || Fixed ({{bug|41115}}) || None<br />
|-<br />
| {{CVE|CVE-2014-4715}} [http://www.openwall.com/lists/oss-security/2014/07/02/13 temp link] || {{Pkg|lz4}} || 2014-07-02 || || 119-1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-4611}} [http://www.openwall.com/lists/oss-security/2014/06/26/25 temp link] || {{Pkg|linux}}, {{pkg|linux-grsec}}, {{pkg|lz4}} || 2014-06-26 || || 3.15.2-1 ({{pkg|linux}}), 3.15.2.201406262058-1 ({{pkg|linux-grsec}}), 118-1 {{pkg|lz4}} || <1d ({{pkg|linux}}, {{pkg|linux-grsec}}, {{pkg|lz4}}) || Fixed in {{pkg|linux}} ({{bug|40992}}), Fixed in {{pkg|linux-grsec}}, Fixed in {{pkg|lz4}} ({{bug|40997}}) || None<br />
|-<br />
| {{CVE|CVE-2014-4610}} [http://www.openwall.com/lists/oss-security/2014/06/26/23 temp link] || {{Pkg|ffmpeg}} || 2014-06-26 || || 1:2.2.4-1 || <2d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-4609}} [http://www.openwall.com/lists/oss-security/2014/06/26/22 temp link] || {{Pkg|gst-libav}} || 2014-06-26 || 1.2.4-1 || 1.2.4-2 (with libav 9.14) || 2d || Fixed ({{bug|40995}}) || None<br />
|-<br />
| {{CVE|CVE-2014-4608}} [http://www.openwall.com/lists/oss-security/2014/06/26/21 temp link] || {{Pkg|linux}}, {{pkg|linux-lts}}, {{pkg|linux-grsec}} || 2014-06-26 || || 3.15.2-1 ({{pkg|linux}}), 3.10.45-1 ({{pkg|linux-lts}}), 3.15.2.201406262058-1 ({{pkg|linux-grsec}}) || <1d ({{pkg|linux}}, {{pkg|linux-lts}}, {{pkg|linux-grsec}}) || Fixed in {{pkg|linux}} and {{pkg|linux-lts}} ({{bug|40992}}), Fixed in {{pkg|linux-grsec}} || None<br />
|-<br />
| {{CVE|CVE-2014-4607}} [http://www.openwall.com/lists/oss-security/2014/06/26/20 temp link] || {{Pkg|lzo2}} || 2014-06-26 || || 2.07-2 || 3d || Fixed ({{bug|40993}}) || None<br />
|-<br />
| {{CVE|CVE-2014-4617}} [http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000345.html temp link] || {{Pkg|gnupg}} || 2014-06-24 || < 2.0.24 || 2.0.24 || 7d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0244}} {{CVE|CVE-2014-3493}} [https://www.samba.org/samba/history/samba-4.1.9.html temp link] || {{Pkg|samba}} || 2014-06-23 || < 4.1.9 || 4.1.9 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1545}} [https://www.mozilla.org/security/announce/2014/mfsa2014-55.html temp link] || {{Pkg|nspr}} || 2014-06-10 || < 4.10.6 || 4.10.6 || ~1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-3859}} || {{Pkg|bind}} || 2014-06-11 || 9.10.0, 9.10.0-P1 || 9.10.0-P2 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-3477}} || {{Pkg|dbus}} || 2014-06-10 || <= 1.8.2 || 1.8.4 || 3d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0195}} {{CVE|CVE-2014-0198}} {{CVE|CVE-2010-5298}} {{CVE|CVE-2014-3470}} {{CVE|CVE-2014-0224}} {{CVE|CVE-2014-0221}} [http://www.openssl.org/news/secadv_20140605.txt temp link] || {{Pkg|openssl}} || 2014-06-05 || 1.0.1 - 1.0.1g || 1.0.1h || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-3153}} [http://seclists.org/oss-sec/2014/q2/467 temp link]|| {{Pkg|linux}}, {{pkg|linux-lts}}, {{Pkg|linux-grsec}} || 2014-06-05 || ? || 3.14.6 ({{pkg|linux}}), 3.10.42-1 ({{pkg|linux-lts}}), 3.14.5.201406051310-1 ({{pkg|linux-grsec}})|| 3d ({{pkg|linux}}, {{pkg|linux-lts}}), <1d ({{pkg|linux-grsec}}) || Fixed in {{pkg|linux}} ({{bug|40715}}), Fixed in {{pkg|linux-lts}}, Fixed in {{pkg|linux-grsec}} || None<br />
|-<br />
| {{CVE|CVE-2014-3466}} [https://bugzilla.redhat.com/show_bug.cgi?id=1101932 temp link]|| {{Pkg|gnutls}} || 2014-05-30 || < 3.3.3 || 3.3.3 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0209}} {{CVE|CVE-2014-0210}} {{CVE|CVE-2014-0211}}|| {{Pkg|libxfont}} || 2014-05-13 || < 1.4.18 || 1.4.18 || 3d || Fixed ({{Bug|40409 }}) || None<br />
|-<br />
| {{CVE|CVE-2014-0196}} [https://bugzilla.redhat.com/show_bug.cgi?id=1094232 temp-link] || {{Pkg|linux}}, {{Pkg|linux-lts}}, {{pkg|linux-grsec}} || 2014-05-05 || 2.6.31 - 3.14 || 3.14.3-2 ({{pkg|linux}}), 3.10.39-2 ({{pkg|linux-lts}}), 3.14.3.201405121814-1 ({{pkg|linux-grsec}}) || 7d ({{pkg|linux}}), 8d {{pkg|linux-lts}}, <1d ({{pkg|linux-grsec}}) || Fixed in {{pkg|linux}} ({{Bug|40232}}), Fixed in {{pkg|linux-lts}}, Fixed in {{pkg|linux-grsec}} || None<br />
|-<br />
| {{CVE|CVE-2014-2905}} {{CVE|CVE-2014-2906}} {{CVE|CVE-2014-2914}} [https://bugzilla.redhat.com/show_bug.cgi?id=1092091 temp-link] || {{Pkg|fish}} || 2014-04-28 || 1.16.0 - 2.1.0 || 2.2.1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0160}} || {{Pkg|openssl}} || 2014-04-07 || 1.0.1 - 1.0.1f || 1.0.1g || ~1d || Fixed ({{Bug|39775}}) || None<br />
|-<br />
| {{CVE|CVE-2014-1700}} {{CVE|CVE-2014-1701}} {{CVE|CVE-2014-1702}} {{CVE|CVE-2014-1703}} {{CVE|CVE-2014-1704}} {{CVE|CVE-2014-1705}} {{CVE|CVE-2014-1713}} {{CVE|CVE-2014-1715}} || {{Pkg|chromium}} {{Pkg|v8}} || 2014-03-11 || 32 || 33 || 4d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0098}} {{CVE|CVE-2013-6438}}|| {{Pkg|apache}} || 2014-03-17 || 2.4.8 || 2.4.9 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1492}} || {{Pkg|nss}} || 2014-03-18 || 3.15.5 || 3.16 || 22d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1493}} {{CVE|CVE-2014-1494}} {{CVE|CVE-2014-1497}} {{CVE|CVE-2014-1498}} {{CVE|CVE-2014-1499}} {{CVE|CVE-2014-1500}} {{CVE|CVE-2014-1502}} {{CVE|CVE-2014-1504}} {{CVE|CVE-2014-1505}} {{CVE|CVE-2014-1508}} {{CVE|CVE-2014-1509}} {{CVE|CVE-2014-1510}} {{CVE|CVE-2014-1511}} {{CVE|CVE-2014-1512}} {{CVE|CVE-2014-1513}} {{CVE|CVE-2014-1514}} || {{Pkg|firefox}} {{Pkg|thunderbird}} || 2014-03-18 || 27 || 28 || 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-2240}} {{CVE|CVE-2014-2241}}|| {{Pkg|freetype2}} || ? || 2.5.2 || 2.5.3 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-2029}}|| {{Pkg|xtrabackup}} || 2014-02-16 || 2.1.7 || 2.1.8 || 28d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1958}} {{CVE|CVE-2014-2030}}|| {{Pkg|imagemagick}} || ? || ? || 6.8.8.9-1 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1943}} {{CVE|CVE-2014-2270}}|| {{Pkg|php}} || 2014-03-06 || 5.5.9 || 5.5.110 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0404}} {{CVE|CVE-2014-0406}} {{CVE|CVE-2014-0407}} || {{Pkg|virtualbox}} || 2014-02-28 || 4.3.4 || 4.3.6 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-2323}} {{CVE|CVE-2014-2324}} || {{Pkg|lighttpd}} || 2014-03-12 || 1.4.34 || 1.4.35 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0333}} || {{Pkg|libpng}} || 2014-02-28 || 1.6.9 || 1.6.10 || 9d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0017}} || {{Pkg|libssh}} || 2014-03-04 || ? || 0.5.5-3 || 5d || Fixed || None<br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/628 CVE-2013-7339] || {{Pkg|linux}} || 2014-03-20 || < 3.5.7.29 || 3.5.7.29 || 0d || Fixed || None<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2568 CVE-2014-2568] || {{Pkg|linux}} || 2014-03-18 || ? || ? || ? || Not Affected ({{Bug|39566}}) ||<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2524 CVE-2014-2524] || {{Pkg|tigervnc}} || 2014-03-19 || ? || 1.3.1 || 1d || Fixed || None<br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/595 CVE-2013-7338] || {{Pkg|python}} || 2014-03-19 || 3.4beta || 3.4 || ? || Fixed ({{Bug|39540}}) || None<br />
|-<br />
| [http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html CVE-2014-0133 ] || {{Pkg|nginx}} || 2014-03-18 || ? || 1.4.7 || 0d || Fixed || None<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2013-7336 CVE-2013-7336 ] || {{Pkg|libvirt}} || 2013-09-19 || ? || 1.1.1-7 (in RHEL 7) || 0d || Fixed || None<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2523 CVE-2014-2523 ] || {{Pkg|linux}} || 2014-03-17 || ? || 3.13-rc5 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0004}} || {{Pkg|udisks2}} & {{Pkg|udisks}} || 2014-03-10 || 2.1.3 / 1.0.5 || 2.1.3 / 1.0.5 || 3d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-2281}} {{CVE|CVE-2014-2282}} {{CVE|CVE-2014-2283}} {{CVE|CVE-2014-2299}} || {{Pkg|wireshark-cli}} || 2014-03-10 || 1.10.6 || 1.10.6 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0050}} || {{Pkg|tomcat7}} || 2014-02-06 || 7.0.51 || 7.0.51 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0033}} || {{Pkg|tomcat6}} || 2014-01-10 || 6.0.37 || 6.0.37 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0032}} || {{Pkg|subversion}} || 2014-01-10 || 1.8.6 || 1.8.6 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0060}} {{CVE|CVE-2014-0061}} {{CVE|CVE-2014-0062}} {{CVE|CVE-2014-0063}} {{CVE|CVE-2014-0064}} {{CVE|CVE-2014-0065}} {{CVE|CVE-2014-0066}} {{CVE|CVE-2014-0067}} || {{Pkg|postgresql}} || 2014-02-20 || <=9.3.3 || 9.3.3-1 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1912}} || {{Pkg|python}} {{Pkg|python2}} || 2014-02-07 || ? || 2.7.6-3 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2013-4496}} {{CVE|CVE-2013-6442}} || {{Pkg|samba}} || 2014-03-14 || ? || 4.1.6 || 2d || Fixed ({{Bug|39424}}) || None<br />
|-<br />
| {{CVE|CVE-2014-0504}} || {{Pkg|flashplugin}} || 2014-03-12 || ? || 11.2.202.346 || 1d || Fixed ({{Bug|39385}}) || None<br />
|-<br />
| {{CVE|CVE-2014-0106}} || {{Pkg|sudo}} || || 1.8.9.p5 || 1.8.10 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-2285}} {{CVE|CVE-2014-2284}} || {{Pkg|net-snmp}} || 2014-03-05 || ? || 5.7.2.1-2 || 8d || Fixed ({{Bug|39190}}) || None<br />
|-<br />
| {{CVE|CVE-2014-0092}} || {{Pkg|gnutls}} || 2014-03-04 || <3.2.12 || 3.2.12-1 || 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-2242}} {{CVE|CVE-2014-2243}} {{CVE|CVE-2014-2244}} || {{Pkg|mediawiki}} || 2014-03-14 || <1.22.3 || 1.22.3 || 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-2093}} {{CVE|CVE-2014-2094}} {{CVE|CVE-2014-2095}} {{CVE|CVE-2014-2096}} || {{Pkg|catfish}} || 2014-02-25 || <1.0.1 || 1.0.1 || 8d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0497}} || {{Pkg|flashplugin}} || 2014-02-04 || ? || 11.2.202.346 || 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0015}} || {{Pkg|curl}} || 2014-01-29 || <7.35 || 7.35 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1610}} || {{Pkg|mediawiki}} || 2014-01-29 || <1.22.2 || 1.22.2 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0021}} || {{Pkg|chrony}} || 2014-01-17 || <1.29.1-1 || 1.29.1-1 || 14d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1875}} || {{Pkg|perl-capture-tiny}} || 2014-02-06 || ? || 0.24-1 || 4d || Fixed ({{Bug|38862}}) || None<br />
|-<br />
| {{CVE|CVE-2013-6493}} || {{Pkg|icedtea-web-java7}} || 2014-02-05 || <1.4.2 || 1.4.2 || 0d || Fixed || None<br />
|- <br />
| {{CVE|CVE-2014-1858}} {{CVE|CVE-2014-1859}} || {{Pkg|python-numpy}} || 2014-02-06 || ? || 1.8.0-2 || 4d || Fixed ({{Bug|38863}}) || None<br />
|-<br />
| {{CVE|CVE-2014-1932}} {{CVE|CVE-2014-1933}} || {{Pkg|python-pillow}} || 2014-02-10 || <2.3.1 || 2.3.1 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1935}} || {{Pkg|9base}} || 2014-02-10 || ? || ? || ? || ? ||<br />
|-<br />
| {{CVE|CVE-2014-1949}} [http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-1949.html temp link] || {{Pkg|cinnamon-screensaver}} || 2014-02-12 || 2.0.3 || ? || ? || ? ||<br />
|-<br />
| {{CVE|CVE-2014-1959}} || {{Pkg|gnutls}} || 2014-02-13 || <3.2.11 || 3.2.11 || 2d || Fixed || None<br />
|- <br />
| {{CVE|CVE-2014-1943}} {{CVE|CVE-2014-2270}} || {{Pkg|file}} || 2014-02-10 || <5.17 || 5.17-1 || 3d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0001}} {{CVE|CVE-2014-0412}} {{CVE|CVE-2014-0437}} {{CVE|CVE-2014-0420}} {{CVE|CVE-2014-0393}} {{CVE|CVE-2014-0386}} {{CVE|CVE-2014-0401}} {{CVE|CVE-2014-0402}} || {{Pkg|mariadb}} || 2014-01-31 || <5.5.35 || 5.5.35-1 || 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1447}} || {{Pkg|libvirt}} || 2014-01-16 || <1.2.1 || 1.2.1 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0979}} || lightdm-gtk* || 2014-01-07 || ? || ? || 25d || Fixed ({{Bug|38715}}) || None<br />
|-<br />
| {{CVE|CVE-2014-1475}} {{CVE|CVE-2014-1476}} || {{Pkg|drupal}} || 2014-01-15 || <7.26 || 7.26-1 || 12d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0019}} || {{Pkg|socat}} || 2014-01-29 || <1.7.2.3 || 1.7.2.3 || 0d || Fixed || None<br />
|- <br />
| {{CVE|CVE-2014-1838}} {{CVE|CVE-2014-1839}} || {{Pkg|python-logilab-common}} || 2014-01-31 || ? || ? || 3d || Fixed [https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737051] || None<br />
|-<br />
| {{CVE|CVE-2014-0368}} {{CVE|CVE-2014-0373}} {{CVE|CVE-2014-0376}} {{CVE|CVE-2014-0411}} {{CVE|CVE-2014-0416}} {{CVE|CVE-2014-0422}} {{CVE|CVE-2014-0423}} {{CVE|CVE-2014-0428}} || *-openjdk-* || 2014-01-15 || ? || ? || 2d || ? ||<br />
|-<br />
| {{CVE|CVE-2014-1402}} || {{Pkg|python-jinja}} || 2014-01-10 || <2.7.2 || 2.7.2 || 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2013-6462}} || {{Pkg|libxfont}} || 2014-01-07 || <1.4.7 || 1.4.7 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1235}} || {{Pkg|graphviz}} || 2014-01-07 || <2.36.0 || 2.34.0-3 || 3d || Fixed ({{Bug|38441}}) || None<br />
|-<br />
| {{CVE|CVE-2014-0978}} || {{Pkg|freerdp}} || 2014-01-10 || <1.0.2 || 1.0.2-5 || 67d || Fixed ({{Bug|38802}}) || None<br />
|-<br />
|}</div>
Anthraxx
https://wiki.archlinux.org/index.php?title=Security_Advisories&diff=452895
Security Advisories
2016-10-04T14:20:47Z
<p>Anthraxx: hostapd</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Related articles start}}<br />
{{Related|Arch CVE Monitoring Team}}<br />
{{Related|CVE}}<br />
{{Related|Security Advisories/Examples}}<br />
{{Related articles end}}<br />
<br />
Security Advisories are published by the community driven [[Arch CVE Monitoring Team]] to the public [https://mailman.archlinux.org/mailman/listinfo/arch-security arch-security] list.<br />
All published advisories can be found below, however if you want to be up-to-date its recommended to subscribe to the [https://mailman.archlinux.org/mailman/listinfo/arch-security list]. All assigned CVE's are tracked at the relevant CVE page [[CVE]], by the [[Arch_CVE_Monitoring_Team|ACMT]].<br />
<br />
==Scheduled Advisories==<br />
<br />
==Recent Advisories==<br />
Here is an archive of security advisories posted to the [https://mailman.archlinux.org/mailman/listinfo/arch-security arch-security] list.<br />
<br />
=== October 2016 ===<br />
* [03 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000731.html ASA-201610-3] {{pkg|hostapd}} multiple issues<br />
* [03 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000730.html ASA-201610-2] {{pkg|systemd}} denial of service<br />
* [03 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000729.html ASA-201610-1] {{pkg|chromium}} arbitrary code execution<br />
<br />
=== September 2016 ===<br />
* [30 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000728.html ASA-201609-32] {{pkg|wordpress}} multiple issues<br />
* [30 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000727.html ASA-201609-31] {{pkg|c-ares}} arbitrary code execution<br />
* [28 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000726.html ASA-201609-30] {{pkg|openssl}} denial of service<br />
* [28 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000725.html ASA-201609-29] {{pkg|bind}} denial of service<br />
* [27 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000724.html ASA-201609-28] {{pkg|lib32-openssl}} denial of service<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000723.html ASA-201609-27] {{pkg|wireshark-cli}} denial of service<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000722.html ASA-201609-26] {{pkg|lib32-gnutls}} certificate verification bypass<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000721.html ASA-201609-25] {{pkg|gnutls}} certificate verification bypass<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000720.html ASA-201609-24] {{pkg|lib32-openssl}} multiple issues<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000719.html ASA-201609-23] {{pkg|openssl}} multiple issues<br />
* [22 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000718.html ASA-201609-22] {{pkg|firefox}} multiple issues<br />
* [22 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000717.html ASA-201609-21] {{pkg|tomcat7}} proxy injection<br />
* [22 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000716.html ASA-201609-20] {{pkg|irssi}} arbitrary code execution<br />
* [20 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000715.html ASA-201609-19] {{pkg|curl}} denial of service<br />
* [20 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000714.html ASA-201609-18] {{pkg|lib32-curl}} denial of service<br />
* [20 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000713.html ASA-201609-17] {{pkg|lib32-jansson}} denial of service<br />
* [18 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000712.html ASA-201609-16] {{pkg|php}} multiple issues<br />
* [17 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000711.html ASA-201609-15] {{pkg|jansson}} denial of service<br />
* [17 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000710.html ASA-201609-14] {{pkg|lib32-libgcrypt}} information disclosure<br />
* [17 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000709.html ASA-201609-13] {{pkg|chromium}} multiple issues<br />
* [15 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000708.html ASA-201609-12] {{pkg|lib32-flashplugin}} multiple issues<br />
* [15 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000707.html ASA-201609-11] {{pkg|flashplugin}} multiple issues<br />
* [14 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000706.html ASA-201609-10] {{pkg|mariadb}} multiple issues<br />
* [13 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000705.html ASA-201609-9] {{pkg|powerdns}} denial of service<br />
* [13 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000704.html ASA-201609-8] {{pkg|libtorrent-rasterbar}} denial of service<br />
* [10 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000703.html ASA-201609-7] {{pkg|tomcat8}} proxy injection<br />
* [09 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000702.html ASA-201609-6] {{pkg|graphicsmagick}} multiple issues<br />
* [09 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000701.html ASA-201609-5] {{pkg|file-roller}} directory traversal<br />
* [09 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000700.html ASA-201609-4] {{pkg|wordpress}} multiple issues<br />
* [04 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000699.html ASA-201609-3] {{pkg|thunderbird}} arbitrary code execution<br />
* [01 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000698.html ASA-201609-2] {{pkg|webkit2gtk}} multiple issues<br />
* [01 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000697.html ASA-201609-1] {{pkg|chromium}} multiple issues<br />
<br />
=== August 2016 ===<br />
* [30 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000696.html ASA-201608-22] {{pkg|mupdf}} arbitrary code execution<br />
* [30 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000695.html ASA-201608-21] {{pkg|mupdf}} arbitrary code execution<br />
* [27 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000694.html ASA-201608-20] {{pkg|wireshark-cli}} denial of service<br />
* [26 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000693.html ASA-201608-19] {{pkg|mediawiki}} multiple issues<br />
* [22 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000692.html ASA-201608-18] {{pkg|libgcrypt}} information disclosure<br />
* [21 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000691.html ASA-201608-17] {{pkg|linux-lts}} information disclosure<br />
* [17 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000690.html ASA-201608-16] {{pkg|chromium}} multiple issues<br />
* [17 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000689.html ASA-201608-15] {{pkg|linux-zen}} information disclosure<br />
* [14 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000688.html ASA-201608-14] {{pkg|postgresql}} multiple issues<br />
* [14 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000687.html ASA-201608-13] {{pkg|linux-grsec}} information disclosure<br />
* [14 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000686.html ASA-201608-12] {{pkg|linux}} information disclosure<br />
* [11 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000685.html ASA-201608-11] {{pkg|websvn}} cross-site scripting<br />
* [10 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000684.html ASA-201608-10] {{pkg|jq}} arbitrary code execution<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000683.html ASA-201608-9] {{pkg|curl}} multiple issues<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000682.html ASA-201608-8] {{pkg|libupnp}} arbitrary filesystem access<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000681.html ASA-201608-7] {{pkg|lib32-glibc}} denial of service<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000680.html ASA-201608-6] {{pkg|glibc}} denial of service<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000679.html ASA-201608-5] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000678.html ASA-201608-4] {{pkg|jre7-openjdk}} multiple issues<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000677.html ASA-201608-3] {{pkg|jdk7-openjdk}} multiple issues<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000676.html ASA-201608-2] {{pkg|firefox}} multiple issues<br />
* [02 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000675.html ASA-201608-1] {{pkg|openssh}} information leakage<br />
<br />
=== July 2016 ===<br />
* [30 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000674.html ASA-201607-14] {{pkg|libidn}} denial of service<br />
* [29 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000673.html ASA-201607-13] {{pkg|imagemagick}} information leakage<br />
* [24 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000672.html ASA-201607-12] {{pkg|chromium}} multiple issues<br />
* [22 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000671.html ASA-201607-11] {{pkg|python2-django}} cross site scripting<br />
* [22 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000670.html ASA-201607-10] {{pkg|python-django}} cross site scripting<br />
* [21 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000669.html ASA-201607-9] {{pkg|drupal}} proxy injection<br />
* [20 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000668.html ASA-201607-8] {{pkg|bind}} denial of service<br />
* [18 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000667.html ASA-201607-7] {{pkg|lib32-flashplugin}} multiple issues<br />
* [18 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000666.html ASA-201607-6] {{pkg|flashplugin}} multiple issues<br />
* [17 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000665.html ASA-201607-5] {{pkg|gimp}} arbitrary code execution<br />
* [10 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000664.html ASA-201607-4] {{pkg|thunderbird}} arbitrary code execution<br />
* [05 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000663.html ASA-201607-3] {{pkg|libreoffice-fresh}} arbitrary code execution<br />
* [05 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000662.html ASA-201607-2] {{pkg|xerces-c}} denial of service<br />
* [05 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000661.html ASA-201607-1] {{pkg|libarchive}} arbitrary code execution<br />
<br />
=== June 2016 ===<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000660.html ASA-201606-25] {{pkg|phpmyadmin}} multiple issues<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000659.html ASA-201606-24] {{pkg|libpurple}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000658.html ASA-201606-23] {{pkg|libdwarf}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000657.html ASA-201606-22] {{pkg|xerces-c}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000656.html ASA-201606-21] {{pkg|vlc}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000655.html ASA-201606-20] {{pkg|chromium}} arbitrary code execution<br />
* [20 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000654.html ASA-201606-19] {{pkg|wget}} arbitrary file upload<br />
* [20 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000653.html ASA-201606-18] {{pkg|lib32-flashplugin}} multiple issues<br />
* [19 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000652.html ASA-201606-17] {{pkg|lib32-glibc}} denial of service<br />
* [19 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000651.html ASA-201606-16] {{pkg|glibc}} denial of service<br />
* [19 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000650.html ASA-201606-15] {{pkg|flashplugin}} multiple issues<br />
* [13 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000649.html ASA-201606-14] {{pkg|lib32-expat}} multiple issues<br />
* [13 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000648.html ASA-201606-13] {{pkg|expat}} multiple issues<br />
* [10 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000647.html ASA-201606-12] {{pkg|lib32-gnutls}} arbitrary file overwrite<br />
* [10 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000646.html ASA-201606-11] {{pkg|haproxy}} denial of service<br />
* [10 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000645.html ASA-201606-10] {{pkg|gnutls}} arbitrary file overwrite<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000644.html ASA-201606-9] {{pkg|qemu-arch-extra}} multiple issues<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000643.html ASA-201606-8] {{pkg|qemu}} multiple issues<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000642.html ASA-201606-7] {{pkg|firefox}} multiple issues<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000641.html ASA-201606-6] {{pkg|subversion}} multiple issues<br />
* [5 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000640.html ASA-201606-5] {{pkg|chromium}} multiple issues<br />
* [4 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000639.html ASA-201606-4] {{pkg|ntp}} distributed denial of service amplification<br />
* [4 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000638.html ASA-201606-3] {{pkg|webkit2gtk}} arbitrary code execution<br />
* [1 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000637.html ASA-201606-2] {{pkg|nginx-mainline}} denial of service<br />
* [1 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000636.html ASA-201606-1] {{pkg|nginx}} denial of service<br />
<br />
=== May 2016 ===<br />
<br />
* [28 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000635.html ASA-201605-28] {{pkg|chromium}} multiple issues<br />
* [26 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000634.html ASA-201605-27] {{pkg|libxml2}} multiple issues<br />
* [24 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000633.html ASA-201605-26] {{pkg|libndp}} man-in-the-middle<br />
* [19 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000632.html ASA-201605-25] {{pkg|bugzilla}} cross-site scripting<br />
* [18 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000631.html ASA-201605-24] {{pkg|p7zip}} arbitrary code execution<br />
* [18 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000630.html ASA-201605-23] {{pkg|lib32-expat}} arbitrary code execution<br />
* [18 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000629.html ASA-201605-22] {{pkg|expat}} arbitrary code execution<br />
* [15 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000628.html ASA-201605-21] {{pkg|thunderbird}} arbitrary code execution<br />
* [13 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000627.html ASA-201605-20] {{pkg|lib32-glibc}} multiple issues<br />
* [13 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000626.html ASA-201605-19] {{pkg|glibc}} multiple issues<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000625.html ASA-201605-18] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000624.html ASA-201605-17] {{pkg|libksba}} denial of service<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000623.html ASA-201605-16] {{pkg|flashplugin}} arbitrary code execution<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000622.html ASA-201605-15] {{pkg|chromium}} multiple issues<br />
* [10 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000621.html ASA-201605-14] {{pkg|cacti}} sql injection<br />
* [10 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000620.html ASA-201605-13] {{pkg|squid}} multiple issues<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000619.html ASA-201605-12] {{pkg|mencoder}} denial of service<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000618.html ASA-201605-11] {{pkg|mplayer}} denial of service<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000617.html ASA-201605-10] {{pkg|mercurial}} arbitrary code execution<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000616.html ASA-201605-9] {{pkg|latex2rtf}} arbitrary code execution<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000615.html ASA-201605-8] {{pkg|gd}} arbitrary code execution<br />
* [05 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000614.html ASA-201605-7] {{pkg|chromium}} multiple issues<br />
* [05 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000613.html ASA-201605-6] {{pkg|imagemagick}} arbitrary code execution<br />
* [05 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000612.html ASA-201605-5] {{pkg|quassel-core}} denial of service<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000611.html ASA-201605-4] {{pkg|lib32-openssl}} multiple issues<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000610.html ASA-201605-3] {{pkg|openssl}} multiple issues<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000609.html ASA-201605-2] {{pkg|jasper}} multiple issues<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000608.html ASA-201605-1] {{pkg|imlib2}} multiple issues<br />
<br />
=== April 2016 ===<br />
<br />
* [30 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000607.html ASA-201604-15] {{pkg|firefox}} multiple issues<br />
* [23 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000606.html ASA-201604-14] {{pkg|squid}} multiple issues<br />
* [23 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000605.html ASA-201604-13] {{pkg|samba}} multiple issues<br />
* [23 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000604.html ASA-201604-12] {{pkg|thunderbird}} multiple issues<br />
* [22 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000603.html ASA-201604-11] {{pkg|pgpdump}} denial of service<br />
* [17 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000602.html ASA-201604-10] {{pkg|chromium}} multiple issues<br />
* [17 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000601.html ASA-201604-9] {{pkg|libtasn1}} denial of service<br />
* [14 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000600.html ASA-201604-8] {{pkg|lhasa}} arbitrary code execution<br />
* [10 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000599.html ASA-201604-7] {{pkg|flashplugin}} arbitrary code execution<br />
* [06 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000598.html ASA-201604-6] {{pkg|mercurial}} arbitrary code execution<br />
* [04 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000597.html ASA-201604-5] {{pkg|optipng}} arbitrary code execution<br />
* [02 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000596.html ASA-201604-4] {{pkg|squid}} denial of service<br />
* [01 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000595.html ASA-201604-3] {{pkg|jre7-openjdk-headless}} sandbox escape<br />
* [01 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000594.html ASA-201604-2] {{pkg|jre7-openjdk}} sandbox escape<br />
* [01 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000593.html ASA-201604-1] {{pkg|jdk7-openjdk}} sandbox escape<br />
<br />
=== March 2016 ===<br />
<br />
* [29 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000592.html ASA-201603-27] {{pkg|jre8-openjdk-headless}} sandbox escape<br />
* [29 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000591.html ASA-201603-26] {{pkg|jre8-openjdk}} sandbox escape<br />
* [29 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000590.html ASA-201603-25] {{pkg|jdk8-openjdk}} sandbox escape<br />
* [26 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000589.html ASA-201603-24] {{pkg|chromium}} multiple issues<br />
* [24 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000588.html ASA-201603-23] {{pkg|expat}} arbitrary code execution<br />
* [24 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000587.html ASA-201603-22] {{pkg|botan}} multiple issues<br />
* [20 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000586.html ASA-201603-21] {{pkg|thunderbird}} multiple issues<br />
* [20 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000585.html ASA-201603-20] {{pkg|git}} remote command execution<br />
* [14 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000584.html ASA-201603-19] {{pkg|dropbear}} command injection<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000583.html ASA-201603-18] {{pkg|pcre}} arbitrary code execution<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000582.html ASA-201603-17] {{pkg|wireshark-gtk}} denial of service<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000581.html ASA-201603-16] {{pkg|wireshark-qt}} denial of service<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000580.html ASA-201603-15] {{pkg|wireshark-cli}} denial of service<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000579.html ASA-201603-14] {{pkg|pidgin-otr}} arbitrary code execution<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000578.html ASA-201603-13] {{pkg|bind}} denial of service<br />
* [11 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000577.html ASA-201603-12] {{pkg|openssh}} command injection<br />
* [11 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000576.html ASA-201603-11] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [11 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000575.html ASA-201603-10] {{pkg|flashplugin}} arbitrary code execution<br />
* [10 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000574.html ASA-201603-9] {{pkg|perl}} improper input validation<br />
* [10 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000573.html ASA-201603-8] {{pkg|exim}} privilege escalation<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000572.html ASA-201603-7] {{pkg|bind}} denial of service<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000571.html ASA-201603-6] {{pkg|libotr}} arbitrary code execution<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000570.html ASA-201603-5] {{pkg|chromium}} multiple issues<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000569.html ASA-201603-4] {{pkg|firefox}} multiple issues<br />
* [7 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000568.html ASA-201603-3] {{pkg|lib32-openssl}} multiple issues<br />
* [7 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000567.html ASA-201603-2] {{pkg|openssl}} multiple issues<br />
* [3 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000566.html ASA-201603-1] {{pkg|chromium}} multiple issues<br />
<br />
=== February 2016 ===<br />
<br />
* [28 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000565.html ASA-201602-24] {{pkg|cacti}} SQL injection<br />
* [28 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000564.html ASA-201602-23] {{pkg|lib32-glibc}} unbound stack usage<br />
* [28 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000563.html ASA-201602-22] {{pkg|glibc}} unbound stack usage<br />
* [25 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000562.html ASA-201602-21] {{pkg|lib32-libssh2}} man-in-the-middle<br />
* [25 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000561.html ASA-201602-20] {{pkg|libssh2}} man-in-the-middle<br />
* [24 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000560.html ASA-201602-19] {{pkg|libgcrypt}} secret key extraction<br />
* [23 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000559.html ASA-201602-18] {{pkg|libssh}} man-in-the-middle<br />
* [21 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000558.html ASA-201602-17] {{pkg|chromium}} multiple issues<br />
* [21 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000557.html ASA-201602-16] {{pkg|thunderbird}} multiple issues<br />
* [17 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000555.html ASA-201602-15] {{pkg|lib32-glibc}} multiple issues<br />
* [17 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000554.html ASA-201602-14] {{pkg|glibc}} multiple issues<br />
* [13 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000553.html ASA-201602-13] {{pkg|nghttp2}} denial of service<br />
* [13 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000552.html ASA-201602-12] {{pkg|firefox}} same-origin policy bypass<br />
* [10 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000551.html ASA-201602-11] {{pkg|botan}} multiple issues<br />
* [10 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000550.html ASA-201602-10] {{pkg|kscreenlocker}} access restriction bypass<br />
* [6 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000549.html ASA-201602-9] {{pkg|lib32-libsndfile}} multiple issues<br />
* [6 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000548.html ASA-201602-8] {{pkg|libsndfile}} multiple issues<br />
* [4 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000547.html ASA-201602-7] {{pkg|libbsd}} denial of service<br />
* [3 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000546.html ASA-201602-6] {{pkg|lib32-nettle}} improper cryptographic calculations<br />
* [3 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000545.html ASA-201602-5] {{pkg|nettle}} improper cryptographic calculations<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000544.html ASA-201602-4] {{pkg|lib32-curl}} man-in-the-middle<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000543.html ASA-201602-3] {{pkg|curl}} man-in-the-middle<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000542.html ASA-201602-2] {{pkg|python2-django}} permission bypass<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000540.html ASA-201602-1] {{pkg|python-django}} permission bypass<br />
<br />
=== January 2016 ===<br />
* [29 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000539.html ASA-201601-33] {{pkg|lib32-openssl}} man-in-the-middle<br />
* [29 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000538.html ASA-201601-32] {{pkg|openssl}} man-in-the-middle<br />
* [27 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000536.html ASA-201601-31] {{pkg|nginx}} denial of service<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000535.html ASA-201601-30] {{pkg|blueman}} privilege escalation<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000534.html ASA-201601-29] {{pkg|mbedtls}} man-in-the-middle<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000533.html ASA-201601-28] {{pkg|chromium}} multiple issues<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000532.html ASA-201601-27] {{pkg|privoxy}} denial of service<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000531.html ASA-201601-26] {{pkg|linux-lts}} privilege escalation<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000530.html ASA-201601-25] {{pkg|ecryptfs-utils}} privilege escalation<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000529.html ASA-201601-24] {{pkg|python2-rsa}} signature forgery<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000528.html ASA-201601-23] {{pkg|python-rsa}} signature forgery<br />
* [21 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000527.html ASA-201601-22] {{pkg|libdwarf}} denial of service<br />
* [21 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000526.html ASA-201601-21] {{pkg|bind}} denial of service<br />
* [20 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000525.html ASA-201601-20] {{pkg|linux}} privilege escalation<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000524.html ASA-201601-19] {{pkg|ntp}} time alteration<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000523.html ASA-201601-18] {{pkg|roundcubemail}} remote code execution<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000522.html ASA-201601-17] {{pkg|ffmpeg}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000521.html ASA-201601-16] {{pkg|syncthing}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000520.html ASA-201601-15] {{pkg|keybase}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000519.html ASA-201601-14] {{pkg|hub}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000518.html ASA-201601-13] {{pkg|go-ipfs}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000517.html ASA-201601-12] {{pkg|docker}} information leakage<br />
* [16 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000516.html ASA-201601-11] {{pkg|go}} information leakage<br />
* [14 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000515.html ASA-201601-10] {{pkg|php}} multiple issues<br />
* [14 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000512.html ASA-201601-9] {{pkg|openssh}} multiple issues<br />
* [13 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000487.html ASA-201601-8] {{pkg|libxslt}} denial of service<br />
* [11 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000486.html ASA-201601-7] {{pkg|dhcpcd}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000485.html ASA-201601-6] {{pkg|wireshark-qt}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000484.html ASA-201601-5] {{pkg|wireshark-gtk}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000483.html ASA-201601-4] {{pkg|wireshark-cli}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000482.html ASA-201601-3] {{pkg|gajim}} man-in-the-middle<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000481.html ASA-201601-2] {{pkg|wordpress}} cross-side scripting<br />
* [02 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000480.html ASA-201601-1] {{pkg|rtmpdump}} multiple issues<br />
<br />
=== December 2015 ===<br />
<br />
* [28 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000479.html ASA-201512-19] {{pkg|openvpn}} out-of-bound read<br />
* [28 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000478.html ASA-201512-18] {{pkg|libpng}} buffer overflow<br />
* [28 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000477.html ASA-201512-17] {{pkg|flashplugin}}, {{pkg|lib32-flashplugin}} multiple issues<br />
* [25 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000476.html ASA-201512-16] {{pkg|nghttp2}} use-after-free<br />
* [25 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000475.html ASA-201512-15] {{pkg|mediawiki}} multiple issues<br />
* [25 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000474.html ASA-201512-14] {{pkg|thunderbird}} multiple issues<br />
* [22 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000473.html ASA-201512-13] {{pkg|claws-mail}} buffer overflow<br />
* [17 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000472.html ASA-201512-12] {{pkg|python2-pyamf}} XML external entity injection<br />
* [17 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000471.html ASA-201512-11] {{pkg|ruby}} unsafe tainted string usage<br />
* [16 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000468.html ASA-201512-10] {{pkg|bind}} denial of service<br />
* [15 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000467.html ASA-201512-9] {{pkg|firefox}} multiple issues<br />
* [10 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000466.html ASA-201512-8] {{pkg|keepassx}} information disclosure<br />
* [09 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000465.html ASA-201512-7] {{pkg|flashplugin}} multiple issues<br />
* [09 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000464.html ASA-201512-6] {{pkg|libxml2}} multiple issues<br />
* [09 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000463.html ASA-201512-5] {{pkg|chromium}} multiple issues<br />
* [05 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000462.html ASA-201512-4] {{pkg|nodejs}} denial of service<br />
* [05 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000460.html ASA-201512-3] {{pkg|python-django}} {{pkg|python2-django}} information leakage<br />
* [05 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000459.html ASA-201512-2] {{pkg|openssl}} {{pkg|lib32-openssl}} multiple issues<br />
* [02 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000440.html ASA-201512-1] {{pkg|chromium}} multiple issues<br />
<br />
=== November 2015 ===<br />
<br />
* [18 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000439.html ASA-201511-11] {{pkg|jenkins}} multiple issues<br />
* [17 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000438.html ASA-201511-10] {{pkg|lib32-libpng}} multiple issues<br />
* [17 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000437.html ASA-201511-9] {{pkg|libpng}} multiple issues<br />
* [13 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000436.html ASA-201511-8] {{pkg|chromium}} information leakage<br />
* [12 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000435.html ASA-201511-7] {{pkg|putty}} arbitrary code execution<br />
* [12 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000434.html ASA-201511-6] {{pkg|powerdns}} denial of service<br />
* [11 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000433.html ASA-201511-5] {{pkg|flashplugin}} multiple issues<br />
* [06 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000432.html ASA-201511-4] {{pkg|nspr}} arbitrary code execution<br />
* [06 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000431.html ASA-201511-3] {{pkg|nss}} arbitrary code execution<br />
* [04 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000430.html ASA-201511-2] {{pkg|firefox}} multiple issues<br />
* [03 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000429.html ASA-201511-1] {{pkg|unzip}} multiple issues<br />
<br />
=== October 2015 ===<br />
<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000428.html ASA-201510-26] {{pkg|mariadb}} denial of service<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000427.html ASA-201510-25] {{pkg|lldpd}} denial of service<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000426.html ASA-201510-24] {{pkg|wordpress}} multiple issues<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000425.html ASA-201510-23] {{pkg|phpmyadmin}} content spoofing<br />
* [27 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000424.html ASA-201510-22] {{pkg|vorbis-tools}} denial of service<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000423.html ASA-201510-21] {{pkg|drupal}} open redirect<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000422.html ASA-201510-20] {{pkg|jre8-openjdk-headless}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000421.html ASA-201510-19] {{pkg|jre8-openjdk}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000420.html ASA-201510-18] {{pkg|jdk8-openjdk}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000419.html ASA-201510-17] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000418.html ASA-201510-16] {{pkg|jre7-openjdk}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000417.html ASA-201510-15] {{pkg|jdk7-openjdk}} multiple issues<br />
* [22 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000416.html ASA-201510-14] {{pkg|ntp}} multiple issues<br />
* [19 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000415.html ASA-201510-13] {{pkg|spice}} multiple issues<br />
* [18 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000414.html ASA-201510-12] {{pkg|flashplugin}} arbitrary code execution<br />
* [18 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000413.html ASA-201510-11] {{pkg|miniupnpc}} arbitrary code execution<br />
* [16 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000412.html ASA-201510-10] {{pkg|firefox}} cross-origin restriction bypass<br />
* [15 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000411.html ASA-201510-9] {{pkg|mbedtls}} arbitrary code execution<br />
* [14 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000410.html ASA-201510-8] {{pkg|chromium}} multiple issues<br />
* [14 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000409.html ASA-201510-7] {{pkg|flashplugin}} multiple issues<br />
* [10 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000408.html ASA-201510-6] {{pkg|gdk-pixbuf2}} multiple issues<br />
* [08 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000407.html ASA-201510-5] {{pkg|opensmtpd}} multiple issues<br />
* [08 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000406.html ASA-201510-4] {{pkg|bugzilla}} unauthorized account creation<br />
* [05 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000405.html ASA-201510-3] {{pkg|nodejs}} denial of service<br />
* [05 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000404.html ASA-201510-2] {{pkg|hostapd}} denial of service<br />
* [05 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000403.html ASA-201510-1] {{pkg|libunwind}} denial of service<br />
<br />
=== September 2015 ===<br />
* [28 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000401.html ASA-201509-11] {{pkg|chromium}} cross-origin bypass<br />
* [25 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000400.html ASA-201509-10] {{pkg|rpcbind}} denial of service<br />
* [23 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000399.html ASA-201509-9] {{pkg|firefox}} multiple issues<br />
* [22 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000398.html ASA-201509-8] {{pkg|flashplugin}} multiple issues<br />
* [21 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000397.html ASA-201509-7] {{pkg|wordpress}} multiple issues<br />
* [13 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000395.html ASA-201509-6] {{pkg|icedtea-web}} multiple issues<br />
* [13 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000394.html ASA-201509-5] {{pkg|libvdpau}} {{pkg|lib32-libvdpau}} multiple issues<br />
* [13 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000393.html ASA-201509-4] {{pkg|openldap}} denial of service<br />
* [07 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000392.html ASA-201509-3] {{pkg|powerdns}} denial of service<br />
* [03 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000391.html ASA-201509-2] {{pkg|bind}} denial of service<br />
* [02 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000390.html ASA-201509-1] {{pkg|chromium}} multiple issues<br />
<br />
=== August 2015 ===<br />
* [28 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000389.html ASA-201508-12] {{pkg|firefox}} multiple issues<br />
* [26 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000388.html ASA-201508-11] {{pkg|pcre}} arbitrary code execution<br />
* [26 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000387.html ASA-201508-10] {{pkg|jasper}} denial of service<br />
* [25 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000386.html ASA-201508-9] {{pkg|django}} denial of service<br />
* [25 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000385.html ASA-201508-8] {{pkg|gnutls}} denial of service<br />
* [16 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000384.html ASA-201508-7] {{pkg|glibc}} denial of service<br />
* [14 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000383.html ASA-201508-6] {{pkg|freeradius}} insufficient CRL validation<br />
* [14 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000382.html ASA-201508-5] {{pkg|subversion}} authentication bypass<br />
* [12 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000381.html ASA-201508-4] {{pkg|firefox}} multiple issues<br />
* [11 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000380.html ASA-201508-3] {{pkg|ppp}} denial of service<br />
* [07 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000379.html ASA-201508-2] {{pkg|wordpress}} multiple issues<br />
* [07 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000378.html ASA-201508-1] {{pkg|firefox}} information leakage<br />
<br />
=== July 2015 ===<br />
* [29 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000377.html ASA-201507-23] {{pkg|pacman}} silent downgrade<br />
* [29 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000376.html ASA-201507-22] {{pkg|bind}} denial of service<br />
* [29 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000375.html ASA-201507-21] {{pkg|qemu}} multiple issues<br />
* [24 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000374.html ASA-201507-20] {{pkg|crypto++}} private key recovery<br />
* [24 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000373.html ASA-201507-19] {{pkg|libuser}} privilege escalation<br />
* [23 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000371.html ASA-201507-18] {{pkg|chromium}} multiple issues<br />
* [23 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000372.html ASA-201507-17] {{pkg|openssh}} authentication limits bypass<br />
* [22 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000370.html ASA-201507-16] {{pkg|jre7-openjdk}} multiple issues<br />
* [17 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000369.html ASA-201507-15] {{pkg|apache}} multiple issues<br />
* [16 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000368.html ASA-201507-14] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [16 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000367.html ASA-201507-13] {{pkg|flashplugin}} arbitrary code execution<br />
* [13 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000366.html ASA-201507-12] {{pkg|lib32-openssl}} man-in-the-middle<br />
* [12 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000365.html ASA-201507-11] {{pkg|lib32-krb5}} multiple issues<br />
* [12 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000364.html ASA-201507-10] {{pkg|krb5}} multiple issues<br />
* [11 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000363.html ASA-201507-9] {{pkg|thunderbird}} multiple issues<br />
* [09 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000362.html ASA-201507-8] {{pkg|openssl}} man-in-the-middle<br />
* [08 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000361.html ASA-201507-7] {{pkg|flashplugin}} remote code execution<br />
* [07 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000360.html ASA-201507-6] {{pkg|bind}} denial of service<br />
* [07 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000359.html ASA-201507-5] {{pkg|ntp}} denial of service<br />
* [04 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000358.html ASA-201507-4] {{pkg|openssh}} XSECURITY restrictions bypass<br />
* [04 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000357.html ASA-201507-3] {{pkg|haproxy}} information leakage<br />
* [03 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000356.html ASA-201507-2] {{pkg|firefox}} remote code execution<br />
* [03 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000355.html ASA-201507-1] {{pkg|wesnoth}} information leakage<br />
<br />
=== June 2015 ===<br />
* [24 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000346.html ASA-201506-5] {{pkg|flashplugin}} remote code execution<br />
* [22 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000345.html ASA-201506-4] {{pkg|curl}} information leakage<br />
* [12 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000344.html ASA-201506-3] {{pkg|openssl}} multiple issues<br />
* [10 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000343.html ASA-201506-2] {{pkg|cups}} multiple issues<br />
* [01 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000342.html ASA-201506-1] {{pkg|pcre}} buffer overflow<br />
<br />
=== May 2015 ===<br />
* [28 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000341.html ASA-201505-20] {{pkg|curl}} information leakage<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000340.html ASA-201505-19] {{pkg|webkitgtk2}} man-in-the-middle<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000339.html ASA-201505-18] {{pkg|webkitgtk}} man-in-the-middle<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000338.html ASA-201505-17] {{pkg|postgresql}} multiple issues<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000337.html ASA-201505-16] {{pkg|pgbouncer}} denial of service<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000336.html ASA-201505-15] {{pkg|nbd}} denial of service<br />
* [21 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000335.html ASA-201505-14] {{pkg|chromium}} multiple issues<br />
* [18 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000332.html ASA-201505-13] {{pkg|thunderbird}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000331.html ASA-201505-12] {{pkg|wireshark-gtk}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000330.html ASA-201505-11] {{pkg|wireshark-qt}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000329.html ASA-201505-10] {{pkg|wireshark-cli}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000328.html ASA-201505-9] {{pkg|qemu}} arbitrary code execution<br />
* [13 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000321.html ASA-201505-8] {{pkg|tomcat6}} denial of service<br />
* [13 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000320.html ASA-201505-7] {{pkg|firefox}} multiple issues<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000319.html ASA-201505-6] {{pkg|docker}} multiple issues<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000318.html ASA-201505-5] {{pkg|libtasn1}} arbitrary code execution<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000317.html ASA-201505-4] {{pkg|mariadb-clients}} multiple issues<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000316.html ASA-201505-3] {{pkg|mariadb}} multiple issues<br />
* [03 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000315.html ASA-201505-2] {{pkg|clamav}} multiple issues<br />
* [01 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000314.html ASA-201505-1] {{pkg|squid}} weak certificate validation<br />
<br />
=== Apr 2015 ===<br />
* [30 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000313.html ASA-201504-32] {{pkg|perl-xml-libxml}} xml external entity injection<br />
* [29 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000312.html ASA-201504-31] {{pkg|dovecot}} denial of service<br />
* [29 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000311.html ASA-201504-30] {{pkg|chromium}} multiple issues<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000310.html ASA-201504-29] {{pkg|wpa_supplicant}} arbitrary code execution<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000309.html ASA-201504-28] {{pkg|curl}} multiple issues<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000308.html ASA-201504-27] {{pkg|powerdns-recursor}} denial of service<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000307.html ASA-201504-26] {{pkg|powerdns}} denial of service<br />
* [23 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000305.html ASA-201504-25] {{pkg|glibc}} arbitrary code execution<br />
* [22 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000304.html ASA-201504-24] {{pkg|firefox}} arbitrary code execution<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000302.html ASA-201504-23] {{pkg|jre8-openjdk-headless}} multiple issues<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000301.html ASA-201504-22] {{pkg|jre8-openjdk}} multiple issues<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000300.html ASA-201504-21] {{pkg|jdk8-openjdk}} multiple issues<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000299.html ASA-201504-20] {{pkg|tcpdump}} denial of service<br />
* [18 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000298.html ASA-201504-19] {{pkg|chromium}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000297.html ASA-201504-18] {{pkg|flashplugin}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000296.html ASA-201504-17] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000295.html ASA-201504-16] {{pkg|jre7-openjdk}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000294.html ASA-201504-15] {{pkg|jdk7-openjdk}} multiple issues<br />
* [15 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000291.html ASA-201504-14] {{pkg|php}} multiple issues<br />
* [14 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000282.html ASA-201504-13] {{pkg|ruby}} permissive certificate matching<br />
* [11 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000281.html ASA-201504-12] {{pkg|icecast}} denial of service<br />
* [10 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000280.html ASA-201504-11] {{pkg|mediawiki}} multiple issues<br />
* [09 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000279.html ASA-201504-10] {{pkg|libssh2}} out-of-bounds read<br />
* [08 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000278.html ASA-201504-9] {{pkg|chrony}} denial of service<br />
* [08 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000275.html ASA-201504-8] {{pkg|ntp}} multiple issues<br />
* [07 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000274.html ASA-201504-7] {{pkg|tor}} multiple issues<br />
* [04 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000272.html ASA-201504-6] {{pkg|thunderbird}} multiple issues<br />
* [04 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000273.html ASA-201504-5] {{pkg|java-batik}} xml external entity injection<br />
* [04 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000271.html ASA-201504-4] {{pkg|firefox}} certificate verification bypass<br />
* [03 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000270.html ASA-201504-3] {{pkg|libtasn1}} stack overflow<br />
* [02 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000269.html ASA-201504-2] {{pkg|chromium}} remote code execution<br />
* [01 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000268.html ASA-201504-1] {{pkg|firefox}} multiple issues<br />
<br />
=== Mar 2015 ===<br />
* [31 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000267.html ASA-201503-26] {{pkg|musl}} arbitrary code execution<br />
* [28 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000266.html ASA-201503-25] {{pkg|php}} zip integer overflow<br />
* [25 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000265.html ASA-201503-24] {{pkg|vorbis-tools}} denial of service<br />
* [24 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000264.html ASA-201503-23] {{pkg|util-linux}} command injection<br />
* [23 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000263.html ASA-201503-22] {{pkg|cpio}} directory traversal<br />
* [21 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000262.html ASA-201503-21] {{pkg|firefox}} multiple issues<br />
* [20 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000261.html ASA-201503-20] {{pkg|tcpdump}} multiple issues<br />
* [20 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000260.html ASA-201503-19] {{pkg|xerces-c}} denial of service<br />
* [20 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000259.html ASA-201503-18] {{pkg|drupal}} multiple issues<br />
* [19 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000258.html ASA-201503-17] {{pkg|lib32-openssl}} multiple issues<br />
* [19 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000257.html ASA-201503-16] {{pkg|openssl}} multiple issues<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000256.html ASA-201503-15] {{pkg|libxfont}} multiple issues<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000255.html ASA-201503-14] {{pkg|ecryptfs-utils}} hard-coded passphrase salt<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000254.html ASA-201503-13] {{pkg|ettercap-gtk}} multiple issues<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000253.html ASA-201503-12] {{pkg|ettercap}} multiple issues<br />
* [16 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000252.html ASA-201503-11] {{pkg|flashplugin}} multiple issues<br />
* [16 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000251.html ASA-201503-10] {{pkg|librsync}} checksum collision<br />
* [15 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000250.html ASA-201503-9] {{pkg|unzip}} arbitrary code execution<br />
* [12 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000249.html ASA-201503-8] {{pkg|e2fsprogs}} arbitrary code execution<br />
* [11 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000248.html ASA-201503-7] {{pkg|python2-django}} {{pkg|python-django}} cross site scripting<br />
* [09 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000247.html ASA-201503-6] {{pkg|mutt}} denial of service<br />
* [05 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000245.html ASA-201503-5] {{pkg|chromium}} multiple issues<br />
* [05 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000244.html ASA-201503-4] {{pkg|grep}} denial of service<br />
* [02 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000243.html ASA-201503-3] {{pkg|lib32-elfutils}} directory traversal<br />
* [02 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000242.html ASA-201503-2] {{pkg|elfutils}} directory traversal<br />
* [02 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000241.html ASA-201503-1] {{pkg|putty}} information disclosure<br />
<br />
=== Feb 2015 ===<br />
* [25 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000238.html ASA-201502-15] {{pkg|thunderbird}} multiple issues<br />
* [25 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000237.html ASA-201502-14] {{pkg|firefox}} multiple issues<br />
* [23 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000236.html ASA-201502-13] {{pkg|samba}} arbitrary code execution<br />
* [17 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000235.html ASA-201502-12] {{pkg|krb5}} multiple issues<br />
* [11 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000234.html ASA-201502-11] {{pkg|xorg-server}} information leak and denial of service<br />
* [10 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000233.html ASA-201502-10] {{pkg|dbus}} denial of service<br />
* [09 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000232.html ASA-201502-9] {{pkg|pigz}} remote write to arbitrary file<br />
* [09 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000231.html ASA-201502-8] {{pkg|glibc}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000230.html ASA-201502-7] {{pkg|ntp}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000229.html ASA-201502-6] {{pkg|clamav}} arbitrary code execution<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000228.html ASA-201502-5] {{pkg|chromium}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000227.html ASA-201502-4] {{pkg|postgresql}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000226.html ASA-201502-3] {{pkg|mantisbt}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000225.html ASA-201502-2] {{pkg|flashplugin}} remote code execution<br />
* [03 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000224.html ASA-201502-1] {{pkg|privoxy}} denial of service<br />
<br />
=== Jan 2015 ===<br />
* [28 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000223.html ASA-201501-24] {{pkg|patch}} multiple issues<br />
* [27 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000222.html ASA-201501-23] {{pkg|jasper}} arbitrary code execution<br />
* [26 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000220.html ASA-201501-22] {{pkg|flashplugin}} multiple issues<br />
* [25 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000219.html ASA-201501-21] {{pkg|chromium}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000218.html ASA-201501-20] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000217.html ASA-201501-19] {{pkg|jre7-openjdk}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000216.html ASA-201501-18] {{pkg|jdk7-openjdk}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000215.html ASA-201501-17] {{pkg|php}} remote code execution<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000212.html ASA-201501-16] {{pkg|jre8-openjdk-headless}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000211.html ASA-201501-15] {{pkg|jre8-openjdk}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000210.html ASA-201501-14] {{pkg|jdk8-openjdk}} multiple issues<br />
* [20 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000209.html ASA-201501-13] {{pkg|polarssl}} remote code execution<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000208.html ASA-201501-12] {{pkg|libssh}} denial of service<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000207.html ASA-201501-11] {{pkg|tinyproxy}} denial of service<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000206.html ASA-201501-10] {{pkg|samba}} privilege elevation<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000205.html ASA-201501-9] {{pkg|curl}} url request injection<br />
* [15 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000204.html ASA-201501-8] {{pkg|flashplugin}} multiple issues<br />
* [14 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000203.html ASA-201501-7] {{pkg|thunderbird}} multiple issues<br />
* [14 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000202.html ASA-201501-6] {{pkg|firefox}} multiple issues<br />
* [14 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000201.html ASA-201501-5] {{pkg|cpio}} heap buffer overflow<br />
* [13 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000200.html ASA-201501-4] {{pkg|libevent}} heap overflow<br />
* [10 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000199.html ASA-201501-3] {{pkg|unzip}} arbitrary code execution<br />
* [09 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000198.html ASA-201501-2] {{pkg|openssl}} multiple issues<br />
* [07 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000192.html ASA-201501-1] {{pkg|imagemagick}} multiple issues<br />
<br />
=== Dec 2014 ===<br />
* [22 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000189.html ASA-201412-24] {{pkg|ntp}} multiple issues<br />
* [18 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000183.html ASA-201412-23] {{pkg|php}} use after free<br />
* [18 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000182.html ASA-201412-22] {{pkg|jasper}} arbitrary code execution<br />
* [18 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000181.html ASA-201412-21] {{pkg|glibc}} arbitrary code execution<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000178.html ASA-201412-20] {{pkg|unrtf}} arbitrary code execution<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000177.html ASA-201412-19] {{pkg|dokuwiki}} cross-site scripting<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000176.html ASA-201412-18] {{pkg|nss}} signature forgery<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000175.html ASA-201412-17] {{pkg|subversion}} denial of service<br />
* [15 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000174.html ASA-201412-16] {{pkg|docker}} multiple issues<br />
* [15 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000173.html ASA-201412-15] {{pkg|python2}} multiple issues<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000172.html ASA-201412-14] {{pkg|xorg-server}} multiple issues<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000171.html ASA-201412-13] {{pkg|flashplugin}} multiple issues<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000170.html ASA-201412-12] {{pkg|nvidia}} arbitrary code execution<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000169.html ASA-201412-11] {{pkg|nvidia-340xx}} arbitrary code execution<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000168.html ASA-201412-10] {{pkg|nvidia-304xx}} arbitrary code execution<br />
* [09 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000167.html ASA-201412-9] {{pkg|powerdns-recursor}} denial of service<br />
* [09 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000166.html ASA-201412-8] {{pkg|unbound}} denial of service<br />
* [08 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000165.html ASA-201412-7] {{pkg|bind}} denial of service<br />
* [08 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000164.html ASA-201412-6] {{pkg|mantisbt}} multiple issues<br />
* [04 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000163.html ASA-201412-5] {{pkg|antiword}} buffer overflow<br />
* [03 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000162.html ASA-201412-4] {{pkg|graphviz}} format string vulnerability<br />
* [03 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000161.html ASA-201412-3] {{pkg|firefox}} multiple issues<br />
* [02 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000160.html ASA-201412-2] {{pkg|openvpn}} denial of service<br />
* [01 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000159.html ASA-201412-1] {{pkg|gnupg}} denial of service<br />
<br />
=== Nov 2014 ===<br />
* [28 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000156.html ASA-201411-31] {{pkg|libksba}} denial of service<br />
* [28 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000157.html ASA-201411-32] {{pkg|icecast}} information leak<br />
* [28 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000158.html ASA-201411-33] {{pkg|libjpeg-turbo}} denial of service <br />
* [26 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000155.html ASA-201411-30] {{pkg|flac}} arbitrary code execution<br />
* [26 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000154.html ASA-201411-29] {{pkg|pcre}} heap buffer overflow<br />
* [23 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000153.html ASA-201411-28] {{pkg|dbus}} denial of service<br />
* [21 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000152.html ASA-201411-27] {{pkg|glibc}} command execution<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000151.html ASA-201411-26] {{pkg|chromium}} multiple issues<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000150.html ASA-201411-25] {{pkg|drupal}} session hijacking and denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000149.html ASA-201411-24] {{pkg|wireshark-qt}} denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000148.html ASA-201411-23] {{pkg|wireshark-gtk}} denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000147.html ASA-201411-22] {{pkg|wireshark-cli}} denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000146.html ASA-201411-21] {{pkg|clamav}} denial of service<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000145.html ASA-201411-20] {{pkg|avr-binutils}} multiple issues<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000144.html ASA-201411-19] {{pkg|mingw-w64-binutils}} multiple issues<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000143.html ASA-201411-18] {{pkg|arm-none-eabi-binutils}} multiple issues<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000142.html ASA-201411-17] {{pkg|binutils}} multiple issues<br />
* [17 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000141.html ASA-201411-16] {{pkg|ruby}} denial of service<br />
* [17 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000140.html ASA-201411-15] {{pkg|linux-lts}} local denial of service, privilege escalation<br />
* [17 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000139.html ASA-201411-14] {{pkg|linux}} local denial of service, privilege escalation<br />
* [13 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000138.html ASA-201411-13] {{pkg|php}} denial of service<br />
* [13 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000137.html ASA-201411-12] {{pkg|imagemagick}} denial of service<br />
* [13 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000136.html ASA-201411-11] {{pkg|flashplugin}} remote code execution<br />
* [12 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000135.html ASA-201411-10] {{pkg|gnutls}} out-of-bounds memory write<br />
* [12 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000134.html ASA-201411-9] {{pkg|file}} denial of service through out-of-bounds read<br />
* [12 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000133.html ASA-201411-8] {{pkg|mantisbt}} arbitrary code execution and unrestricted access<br />
* [11 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000132.html ASA-201411-7] {{pkg|curl}} out-of-bounds read<br />
* [10 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000131.html ASA-201411-6] {{pkg|kdebase-workspace}} local privilege escalation<br />
* [09 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000130.html ASA-201411-5] {{pkg|konversation}} denial of service<br />
* [06 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000129.html ASA-201411-4] {{pkg|polarssl}} multiple issues<br />
* [05 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000128.html ASA-201411-3] {{pkg|mantisbt}} sql injection<br />
* [03 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000127.html ASA-201411-2] {{pkg|aircrack-ng}} multiple vulnerabilities<br />
* [01 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000126.html ASA-201411-1] {{pkg|tnftp}} arbitrary command execution<br />
<br />
=== Oct 2014 ===<br />
<br />
* [29 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000125.html ASA-201410-14] {{pkg|wget}} arbitrary filesystem access<br />
* [27 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000124.html ASA-201410-13] {{pkg|ejabberd}} circumvention of encryption<br />
* [24 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000123.html ASA-201410-12] {{pkg|libxml2}} Denial of service<br />
* [24 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000122.html ASA-201410-11] {{pkg|ctags}} Denial of service<br />
* [23 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000121.html ASA-201410-10] {{pkg|libvncserver}} Remote code execution and Remote DoS<br />
* [22 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000120.html ASA-201410-9] {{pkg|libpurple}} Remote DoS and Information leakage<br />
* [20 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000119.html ASA-201410-8] {{pkg|wpa_supplicant}}, {{pkg|hostapd}} Arbitrary command execution<br />
* [16 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000118.html ASA-201410-7] {{pkg|drupal}} SQL Injection<br />
* [16 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000117.html ASA-201410-6] {{pkg|openssl}} Memory leak and poodle mitigation<br />
* [15 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000116.html ASA-201410-4] {{pkg|zeromq}} Man-in-the-middle downgrade and replay attack<br />
* [8 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000115.html ASA-201410-5] {{pkg|rsyslog}} Denial of service<br />
* [4 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000114.html ASA-201410-3] {{pkg|mediawiki}} Cross-site Scripting (XSS) and UI redressing<br />
* [2 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000113.html ASA-201410-2] {{pkg|jenkins}} Multiple issues<br />
* [1 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000112.html ASA-201410-1] {{pkg|rsyslog}} Remote denial of service<br />
<br />
=== Sep 2014 ===<br />
<br />
* [29 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000111.html ASA-201409-5] {{pkg|libvirt}} Out-of-bounds read access<br />
* [29 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000109.html ASA-201409-4] {{pkg|mediawiki}} Cross-site Scripting (XSS)<br />
* [26 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000102.html ASA-201409-3] {{pkg|python2}} Information leakage through integer overflow<br />
* [26 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000099.html ASA-201409-2] {{pkg|bash}} Remote code execution<br />
* [25 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000097.html ASA-201409-1] {{pkg|nss}} Signature forgery attack<br />
<br />
==Publishing a new advisory==<br />
<br />
We try to always wait for the vulnerability to have been fixed in the corresponding package before issuing an advisory.<br />
In case of an extremely critical vulnerability,<br />
we may issue an advisory before the package has been fixed, but only if a work-around exists. <br />
<br />
If you want to publish a new advisory, please check that:<br />
* the corresponding Arch Linux package is really vulnerable ;<br />
* the tracking [[Arch_CVE_Monitoring_Team#Procedure|Procedure]] has been completed;<br />
* no Arch Linux Security Advisory for this vulnerability has been published yet ;<br />
* no upcoming Security Advisory for this vulnerability has been claimed in the "[[#Scheduled Advisories|Scheduled Advisories]]" list of this page, as it would mean that someone is already working on an advisory ;<br />
* the current maintainer has been notified, either by flagging the package ouf-of-date if an upstream release fixing the issue exists and/or by creating a new [https://bugs.archlinux.org/ bug-tracker] entry (see the exact procedure [[Arch_CVE_Monitoring_Team#Procedure|here]]).<br />
<br />
You may then:<br />
* add a line in the "[[#Scheduled Advisories|Scheduled Advisories]]" list of this page, indicating that you are going to publish an advisory soon ;<br />
* use the following template as an example to write the advisory ;<br />
* ensure that every line in the advisory is properly wrapped after 72 characters<br />
* send the advisory to the [https://mailman.archlinux.org/mailman/listinfo/arch-security arch-security] mailing-list (note that it would be nice if you could send a PGP-signed e-mail, but it is not required).<br />
* move the published advisory from "[[#Scheduled Advisories|Scheduled Advisories]]" to "[[#Recent Advisories|Recent Advisories]]"<br />
* adapt the [[CVE#Documented_CVE.27s|CVE]] tracking page for the fixed package and add a link to the appropriate ASA.<br />
<br />
===Templates===<br />
<br />
{{bc|<nowiki><br />
Subject:<br />
[ASA-<YYYYMM-N>] <Package>: <Vulnerability Type><br />
<br />
Body:<br />
Arch Linux Security Advisory ASA-YYYYMM-N<br />
=========================================<br />
<br />
Severity: Low, Medium, High, Critical<br />
Date : YYYY-MM-DD<br />
CVE-ID : <CVE-ID><br />
Package : <package><br />
Type : <Vulnerability Type><br />
Remote : <Yes/No><br />
Link : https://wiki.archlinux.org/index.php/CVE<br />
<br />
Summary<br />
=======<br />
<br />
The package <package> before version <Arch Linux fixed version> is vulnerable to <Vulnerability type>.<br />
<br />
Resolution<br />
==========<br />
<br />
Upgrade to <Arch Linux fixed version>.<br />
<br />
# pacman -Syu "<package>>=<Arch Linux fixed version>"<br />
<br />
The problem has been fixed upstream in version <upstream fixed version>.<br />
<br />
Workaround<br />
==========<br />
<br />
<Is there a way to mitigate this vulnerability without upgrading?><br />
<br />
Description<br />
===========<br />
<br />
<Long description, for example from original advisory>.<br />
<br />
Impact<br />
======<br />
<br />
<<br />
What is it that an attacker can do? Does this need existing<br />
pre-conditions to be exploited (valid credentials, physical access)?<br />
Is this remotely exploitable?<br />
>.<br />
<br />
References<br />
==========<br />
<br />
<CVE-Link><br />
<Upstream report><br />
<Arch Linux Bug-Tracker><br />
</nowiki>}}<br />
<br />
===Vim-Snippet===<br />
<br />
Vim-Snippet for vim-ultisnips plugin for easy completing the archlinux template. Just install {{pkg|vim-ultisnips}} and copy the text below in your {{ic|~/.vim/UltiSnips/all.snippets}} you can jump through the tabstops with {{ic|CTRL+j}}.<br />
<br />
{{bc|<nowiki><br />
snippet archsec "arch security form" <br />
Arch Linux Security Advisory ASA-`date -I -u | egrep -o '[0-9]{4}'``date -I -u | egrep -o '[0-9]{2}' | sed '3q;d'`-${1}<br />
========================================${1/./=/g} <br />
<br />
Severity: ${2} <br />
Date : `date -I -u` <br />
CVE-ID : $3 <br />
Package : $4 <br />
Type : $5<br />
Remote : ${6} <br />
Link : https://wiki.archlinux.org/index.php/CVE <br />
<br />
Summary<br />
=======<br />
<br />
The package $4 before version $7 is vulnerable to $5 ${8} <br />
<br />
Resolution<br />
==========<br />
<br />
Upgrade to $7.<br />
<br />
# pacman -Syu "$4>=$7" <br />
<br />
${9:The problems have been fixed upstream in version ${7/-\d+$/./}} <br />
<br />
Workaround<br />
========== <br />
<br />
${10:None.} <br />
<br />
Description <br />
=========== <br />
<br />
${3/(CVE-....-....)(\s?)/- $1(?2: : )()\n\n/g} <br />
<br />
Impact<br />
====== <br />
<br />
A${6/(Yes)|(No)/(?1: remote )(?2: local )/}attacker is able to ${12} <br />
<br />
References<br />
========== <br />
<br />
${3/(CVE-....-....)(\s?)/https:\/\/access.redhat.com\/security\/cve\/$1\n/g}<br />
${13}<br />
endsnippet<br />
<br />
</nowiki>}}</div>
Anthraxx
https://wiki.archlinux.org/index.php?title=CVE&diff=452884
CVE
2016-10-04T13:24:45Z
<p>Anthraxx: adding systemd</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Related articles start}}<br />
{{Related|Arch CVE Monitoring Team}}<br />
{{Related|Security Advisories}}<br />
{{Related|Security Advisories/Examples}}<br />
{{Related articles end}}<br />
This article documents [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's) that are found and fixed in Arch Linux. <br />
<br />
== Introduction ==<br />
<br />
CVE's represent critical security vulnerabilities which must be addressed as quickly as possible. <br />
<br />
Once a CVE has been located and fixed, it is added to the CVE documentation table below.<br />
<br />
== Helping ==<br />
<br />
This is a community driven project. Please consider joining the [[Arch CVE Monitoring Team]]. <br />
<br />
Also, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch security mailing list]. There is an IRC on irc://irc.freenode.net/archlinux-security.<br />
<br />
== Procedure ==<br />
<br />
When adding a CVE to the table, add it to the TOP of the table. Use Wiki markup to create links in the "CVE-ID", "Package", and "Status" columns. The following template may be used to ease the process of adding CVE entries into the table. The first line, "|-" represents the creation of a new row in the table, while the second line should be modified per CVE:<br />
<br />
{{hc|CVE Table Addition Template|<nowiki><br />
|-<br />
| {{CVE|CVE-2016-????}} || {{Pkg|pkgname}} || Disclosure date || Affected versions || Fixed in version || Arch Linux response time || Status(Fixed|Pending|Invalid) (Bug reports) || {{ASA|ASA-??????-??}}<br />
</nowiki>}}<br />
<br />
{{Note|<br />
* If the CVE is not found in [http://nvd.nist.gov/home.cfm NVD], just include a link to different database in the first column: {{ic|<nowiki>[http://link.to.cve CVE-2014-????]</nowiki>}}<br />
* The "Disclosure date" field should be expressed in [[Wikipedia:ISO 8601|ISO 8601 format]] to avoid any confusion. Example: 2014-03-22.<br />
* The "Arch Linux response time" field corresponds to the time between the public release of a vulnerability and the date the package update fixing the vulnerability is made available in the official stable repositories. The "Time really vulnerable" is potentially much lengthier but is harder to estimate.<br />
}}<br />
<br />
The above "CVE-template" should be added after the line:<br />
<br />
{{bc|<nowiki>! scope="col" width="125px" data-sort-type="text" | CVE-ID !! Package !! Disclosure date !! Affected versions !! Fixed in version !! Arch Linux response time !! Status (and related bug reports) !! ASA-ID</nowiki>}}<br />
<br />
== Response time ==<br />
<br />
The response time is the time taken to get a fixed package to the stable repositories.<br />
<br />
== Documented CVE's ==<br />
<br />
{{Note|Refer to the [[#Procedure]] section when adding new entries.}}<br />
<br />
{| class="wikitable sortable" style="margin: 1em auto 1em auto; text-align: center;" width="100%"<br />
! height="50px" colspan="8" style="font-size: 125%;"| '''TRACKED CVE's'''<br />
|-<br />
! scope="col" width="130px" data-sort-type="text" | CVE-ID !! Package !! Disclosure date !! Affected versions !! Fixed in Arch Linux package version !! Arch Linux response time !! Status (and related bug reports) !! ASA-ID<br />
|- <br />
| {{CVE|CVE-2016-7795}} || {{pkg|systemd}} || 2016-09-29 || <= 231-1 || 231-2 || 6d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-October/000730.html ASA-201610-2]<br />
|- <br />
| {{CVE|CVE-2016-5177}} {{CVE|CVE-2016-5178}} [https://googlechromereleases.blogspot.fr/2016/09/stable-channel-update-for-desktop_29.html] || {{pkg|chromium}} || 2016-09-29 || <= 53.0.2785.116-1 || 53.0.2785.143-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-October/000729.html ASA-201610-1]<br />
|- <br />
| {{CVE|CVE-2016-7168}} {{CVE|CVE-2016-7169}} [https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/] || {{pkg|wordpress}} || 2016-09-29 || <= 4.6.0-1 || 4.6.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000728.html ASA-201609-32]<br />
|- <br />
| {{CVE|CVE-2016-5180}} [https://c-ares.haxx.se/adv_20160929.html] || {{pkg|c-ares}} || 2016-09-29 || <= 1.11.0-1 || 1.12.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000727.html ASA-201609-31]<br />
|- <br />
| {{CVE|CVE-2016-2776}} [https://kb.isc.org/article/AA-01419/0] || {{pkg|bind}} || 2016-07-27 || <= 9.10.4.P2-1 || 9.10.4.P3-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000725.html ASA-201607-29]<br />
|-<br />
| {{CVE|CVE-2016-7052}} [https://www.openssl.org/news/secadv/20160926.txt] || {{pkg|lib32-openssl}} || 2016-09-26 || <= 1:1.0.2.i-1 || 1:1.0.2.j-1 || || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000724.html ASA-201609-28]<br />
|- <br />
| {{CVE|CVE-2016-7052}} [https://www.openssl.org/news/secadv/20160926.txt] || {{pkg|openssl}} || 2016-09-26 || <= 1.0.2.i-1 || 1.0.2.j-1 || || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000726.html ASA-201609-30]<br />
|- <br />
| {{CVE|CVE-2016-6309}} [https://www.openssl.org/news/secadv/20160926.txt] || {{pkg|lib32-openssl}} || 2016-09-26 || <= 1:1.0.2.i-1 || || || Not Affected || None<br />
|- <br />
| {{CVE|CVE-2016-6309}} [https://www.openssl.org/news/secadv/20160926.txt] || {{pkg|openssl}} || 2016-09-26 || <= 1.0.2.i-1 || || || Not Affected || None<br />
|- <br />
| {{CVE|CVE-2016-2177}} {{CVE|CVE-2016-2178}} {{CVE|CVE-2016-2179}} {{CVE|CVE-2016-2180}} {{CVE|CVE-2016-2181}} {{CVE|CVE-2016-2182}} {{CVE|CVE-2016-2183}} {{CVE|CVE-2016-6302}} {{CVE|CVE-2016-6303}} {{CVE|CVE-2016-6304}} {{CVE|CVE-2016-6306}} [http://eprint.iacr.org/2016/594] [https://www.openssl.org/news/secadv/20160922.txt] || {{pkg|openssl}} || 2016-09-22 || <= 1.0.2.h-1 || 1.0.2.i-1 || <1d || Fixed ({{bug|49616}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000719.html ASA-201609-23]<br />
|- <br />
| {{CVE|CVE-2016-2177}} {{CVE|CVE-2016-2178}} {{CVE|CVE-2016-2179}} {{CVE|CVE-2016-2180}} {{CVE|CVE-2016-2181}} {{CVE|CVE-2016-2182}} {{CVE|CVE-2016-2183}} {{CVE|CVE-2016-6302}} {{CVE|CVE-2016-6303}} {{CVE|CVE-2016-6304}} {{CVE|CVE-2016-6306}} [http://eprint.iacr.org/2016/594] [https://www.openssl.org/news/secadv/20160922.txt] || {{pkg|lib32-openssl}} || 2016-09-22 || <= 1:1.0.2.h-1 || 1:1.0.2.i-1 || <1d || Fixed ({{bug|49616}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000720.html ASA-201609-24]<br />
|- <br />
| {{CVE|CVE-2016-7044}} {{CVE|CVE-2016-7045}} [https://irssi.org/security/irssi_sa_2016.txt] || {{pkg|irssi}} || 2016-09-21 || <= 0.8.19-2 || 0.8.20-1 || || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000716.html ASA-201609-20]<br />
|- <br />
| {{CVE|CVE-2016-5270}} {{CVE|CVE-2016-5271}} {{CVE|CVE-2016-5272}} {{CVE|CVE-2016-5273}} {{CVE|CVE-2016-5276}} {{CVE|CVE-2016-5274}} {{CVE|CVE-2016-5277}} {{CVE|CVE-2016-5275}} {{CVE|CVE-2016-5278}} {{CVE|CVE-2016-5279}} {{CVE|CVE-2016-5280}} {{CVE|CVE-2016-5281}} {{CVE|CVE-2016-5282}} {{CVE|CVE-2016-5283}} {{CVE|CVE-2016-5284}} {{CVE|CVE-2016-5256}} {{CVE|CVE-2016-5257}} [https://www.mozilla.org/en-US/security/advisories/mfsa2016-85/] || {{pkg|firefox}} || 2016-09-13 || <= 48.0.2-1 || 49.0-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000718.html ASA-201609-22]<br />
|- <br />
| {{CVE|CVE-2016-5388}} || {{pkg|tomcat7}} || 2016-09-18 || <= 7.0.70-1 || 7.0.72-1 || || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000717.html ASA-201609-21]<br />
|- <br />
| {{CVE|CVE-2016-7420}} [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7420] || {{pkg|crypto++}} || 2016-09-18 || <= 5.6.4-2 || || || '''Vulnerable''' || <br />
|- <br />
| {{CVE|CVE-2016-7444}} [http://seclists.org/oss-sec/2016/q3/545] [https://www.gnutls.org/security.html#GNUTLS-SA-2016-3] || {{pkg|gnutls}} || 2016-09-08 || <= 3.4.14-1 || 3.4.15-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000721.html ASA-201609-25]<br />
|- <br />
| {{CVE|CVE-2016-7444}} [http://seclists.org/oss-sec/2016/q3/545] [https://www.gnutls.org/security.html#GNUTLS-SA-2016-3] || {{pkg|lib32-gnutls}} || 2016-09-08 || <= 3.4.14-1 || 3.4.15-1 || 13d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000722.html ASA-201609-26]<br />
|- <br />
| {{CVE|CVE-2016-5170}} {{CVE|CVE-2016-5171}} {{CVE|CVE-2016-5172}} {{CVE|CVE-2016-5173}} {{CVE|CVE-2016-5174}} {{CVE|CVE-2016-5175}} [https://googlechromereleases.blogspot.fr/2016/09/stable-channel-update-for-desktop_13.html] || {{pkg|chromium}} || 2016-09-13 || <= 53.0.2785.101-1 || 53.0.2785.116-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000709.html ASA-201609-13]<br />
|- <br />
| {{CVE|CVE-2016-7412}} {{CVE|CVE-2016-7413}} {{CVE|CVE-2016-7414}} {{CVE|CVE-2016-7416}} {{CVE|CVE-2016-7417}} {{CVE|CVE-2016-7418}} [http://www.openwall.com/lists/oss-security/2016/09/15/10] || {{pkg|php}} || 2016-09-15 || <= 7.0.10-1 || 7.0.11-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000712.html ASA-201609-16]<br />
|- <br />
| {{CVE|CVE-2016-6352}} [https://bugzilla.redhat.com/show_bug.cgi?id=1349751] || {{pkg|lib32-gdk-pixbuf2}} || 2016-08-31 || <= 2.34.0-1 || || || '''Vulnerable''' ||<br />
|- <br />
| {{CVE|CVE-2016-6352}} [https://bugzilla.redhat.com/show_bug.cgi?id=1349751] || {{pkg|gdk-pixbuf2}} || 2016-08-31 || <= 2.34.0-2 || || || '''Vulnerable''' ||<br />
|- <br />
| {{CVE|CVE-2016-7167}} [https://curl.haxx.se/docs/adv_20160914.html] || {{pkg|curl}} || 2016-09-14 || <= 7.50.2-1 || 7.50.3-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000715.html ASA-201609-19]<br />
|- <br />
| {{CVE|CVE-2016-7167}} [https://curl.haxx.se/docs/adv_20160914.html] || {{pkg|lib32-curl}} || 2016-09-14 || <= 7.50.0-1 || 7.50.3-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000714.html ASA-201609-18]<br />
|- <br />
| {{CVE|CVE-2016-4271}} {{CVE|CVE-2016-4272}} {{CVE|CVE-2016-4274}} {{CVE|CVE-2016-4275}} {{CVE|CVE-2016-4276}} {{CVE|CVE-2016-4277}} {{CVE|CVE-2016-4278}} {{CVE|CVE-2016-4279}} {{CVE|CVE-2016-4280}} {{CVE|CVE-2016-4281}} {{CVE|CVE-2016-4282}} {{CVE|CVE-2016-4283}} {{CVE|CVE-2016-4284}} {{CVE|CVE-2016-4285}} {{CVE|CVE-2016-4287}} {{CVE|CVE-2016-6921}} {{CVE|CVE-2016-6922}} {{CVE|CVE-2016-6923}} {{CVE|CVE-2016-6924}} {{CVE|CVE-2016-6925}} {{CVE|CVE-2016-6926}} {{CVE|CVE-2016-6927}} {{CVE|CVE-2016-6929}} {{CVE|CVE-2016-6930}} {{CVE|CVE-2016-6931}} {{CVE|CVE-2016-6932}} [https://helpx.adobe.com/security/products/flash-player/apsb16-29.html] || {{pkg|flashplugin}} {{pkg|lib32-flashplugin}} || 2016-09-13 || <= 11.2.202.632-1 || 11.2.202.635-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000707.html ASA-201609-11] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000708.html ASA-201609-12]<br />
|- <br />
| {{CVE|CVE-2016-6662}} {{CVE|CVE-2016-6663}} [https://mariadb.org/mariadb-server-versions-remote-root-code-execution-vulnerability-cve-2016-6662/] [https://jira.mariadb.org/browse/MDEV-10465] [http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html] || {{Pkg|mariadb}} || 2016-09-13 || <= 10.1.16-2 || 10.1.17-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000706.html ASA-201609-10]<br />
|-<br />
| {{CVE|CVE-2016-7180}} {{CVE|CVE-2016-7175}} {{CVE|CVE-2016-7176}} {{CVE|CVE-2016-7177}} {{CVE|CVE-2016-7178}} {{CVE|CVE-2016-7179}} [https://www.wireshark.org/security/wnpa-sec-2016-50.html] [https://www.wireshark.org/security/wnpa-sec-2016-51.html] [https://www.wireshark.org/security/wnpa-sec-2016-52.html] [https://www.wireshark.org/security/wnpa-sec-2016-53.html] [https://www.wireshark.org/security/wnpa-sec-2016-54.html] [https://www.wireshark.org/security/wnpa-sec-2016-55.html] || {{pkg|wireshark-cli}} || 2016-09-09 || <= 2.0.5-1 || 2.2.0-1 || 15d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000723.html ASA-201609-27]<br />
|- <br />
| {{CVE|CVE-2016-5388}} [https://www.apache.org/security/asf-httpoxy-response.txt] || {{pkg|tomcat8}} || 2016-07-18 || <= 8.0.36-1 || 8.0.37-1 || 52d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000703.html ASA-201609-7] <br />
|-<br />
| {{CVE|CVE-2016-7164}} [http://ftp.gnome.org/mirror/gnome.org/sources/file-roller/3.20/file-roller-3.20.3.news] || {{pkg|file-roller}} || 2016-09-08 || <= 3.20.2-1 || 3.20.3-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000701.html ASA-201609-5]<br />
|-<br />
| {{CVE|CVE-2016-5426}} {{CVE|CVE-2016-5427}} [http://seclists.org/oss-sec/2016/q3/464] [https://doc.powerdns.com/md/security/powerdns-advisory-2016-01/] || {{pkg|powerdns}} || 2016-09-08 || 3.4.9-1 || 4.0.1-3 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000705.html ASA-201609-9]<br />
|-<br />
| {{CVE|CVE-2016-7164}} [http://seclists.org/oss-sec/2016/q3/443] || {{pkg|libtorrent-rasterbar}} || 2016-09-08 || <= 1:1.1-3 || 1:1.1.1-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000704.html ASA-201609-8]<br />
|-<br />
| {{CVE|CVE-2016-7141}} [https://curl.haxx.se/docs/adv_20160907.html] || {{pkg|curl}} || 2016-09-07 || N/A || N/A || - || Not Affected || None<br />
|-<br />
| {{CVE|CVE-2016-2835}} {{CVE|CVE-2016-2836}} [https://www.mozilla.org/en-US/security/advisories/mfsa2016-62/] || {{pkg|thunderbird}} || 2016-08-30 || <= 45.2.0-2 || 45.3.0-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000699.html ASA-201609-3]<br />
|-<br />
| {{CVE|CVE-2016-7134}} {{CVE|CVE-2016-7133}} {{CVE|CVE-2016-7132}} {{CVE|CVE-2016-7131}} {{CVE|CVE-2016-7130}} {{CVE|CVE-2016-7129}} {{CVE|CVE-2016-7128}} {{CVE|CVE-2016-7127}} {{CVE|CVE-2016-7126}} {{CVE|CVE-2016-7125}} {{CVE|CVE-2016-7124}} [http://www.openwall.com/lists/oss-security/2016/09/02/9] || {{pkg|php}} || 2016-09-03 || <= 7.0.10-1 || 7.0.11-1 || || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-5147}} {{CVE|CVE-2016-5148}} {{CVE|CVE-2016-5149}} {{CVE|CVE-2016-5150}} {{CVE|CVE-2016-5151}} {{CVE|CVE-2016-5152}} {{CVE|CVE-2016-5153}} {{CVE|CVE-2016-5154}} {{CVE|CVE-2016-5155}} {{CVE|CVE-2016-5156}} {{CVE|CVE-2016-5157}} {{CVE|CVE-2016-5158}} {{CVE|CVE-2016-5159}} {{CVE|CVE-2016-5160}} {{CVE|CVE-2016-5161}} {{CVE|CVE-2016-5162}} {{CVE|CVE-2016-5163}} {{CVE|CVE-2016-5164}} {{CVE|CVE-2016-5165}} {{CVE|CVE-2016-5166}} {{CVE|CVE-2016-5167}} [https://googlechromereleases.blogspot.fr/2016/08/stable-channel-update-for-desktop_31.html] || {{pkg|chromium}} || 2016-08-31 || <= 52.0.2743.116-1 || 53.0.2785.89-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000697.html ASA-201609-1]<br />
|-<br />
| {{CVE|CVE-2016-6525}} [http://bugs.ghostscript.com/show_bug.cgi?id=696954] || {{Pkg|mupdf}} || 2016-07-19 || <= 1.9a-4 || 1.9a-5 || 1d || Fixed ([https://bugs.archlinux.org/task/50590 FS#50590 ]) || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000696.html ASA-201608-22] <br />
|-<br />
| {{CVE|CVE-2016-6265}} [http://bugs.ghostscript.com/show_bug.cgi?id=696941] || {{Pkg|mupdf}} || 2016-07-19 || <= 1.9a-3 || 1.9a-4 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000695.html ASA-201608-21] <br />
|-<br />
| {{CVE|CVE-2016-4590}} {{CVE|CVE-2016-4591}} {{CVE|CVE-2016-4622}} {{CVE|CVE-2016-4624}} [https://webkitgtk.org/2016/08/24/webkitgtk2.12.4-released.html] [https://webkitgtk.org/security/WSA-2016-0005.html] || {{pkg|webkit2gtk}} || 2016-08-24 || <= 2.12.3-1 || 2.12.4-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000698.html ASA-201609-2]<br />
|-<br />
| {{CVE|CVE-2016-6331}} {{CVE|CVE-2016-6332}} {{CVE|CVE-2016-6333}} {{CVE|CVE-2016-6334}} {{CVE|CVE-2016-6335}} {{CVE|CVE-2016-6336}} {{CVE|CVE-2016-6337}} [https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html] || {{pkg|mediawiki}} || 2016-08-23 || <= 1.27.0-1 || 1.27.1-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000693.html ASA-201608-19] <br />
|-<br />
| {{CVE|CVE-2016-6313}} [https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html] || {{pkg|lib32-libgcrypt}} || 2016-08-17 || <= 1.7.2-1 || 1.7.3-1 || 31d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000710.html ASA-201609-14]<br />
|-<br />
| {{CVE|CVE-2016-6313}} [https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html] || {{pkg|libgcrypt}} || 2016-08-17 || <= 1.7.2-1 || 1.7.3-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000692.html ASA-201608-18]<br />
|-<br />
| {{CVE|CVE-2016-5423}} {{CVE|CVE-2016-5424}} [https://www.postgresql.org/about/news/1688/] || {{pkg|postgresql}} {{pkg|postgresql-libs}} || 2016-08-11 || <= 9.5.3-1 || 9.5.4-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000688.html ASA-201608-14]<br />
|-<br />
| {{CVE|CVE-2016-5696}} [http://seclists.org/oss-sec/2016/q3/44] [https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=75ff39ccc1bd5d3c455b6822ab09e533c551f758] || {{pkg|linux}} || 2016-07-12 || <= 4.6.4-1 || 4.7-1 || 31d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000686.html ASA-201608-12]<br />
|-<br />
| {{CVE|CVE-2016-5696}} [http://seclists.org/oss-sec/2016/q3/44] [https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=75ff39ccc1bd5d3c455b6822ab09e533c551f758] || {{pkg|linux-grsec}} || 2016-07-12 || <= 4.6.5.201607312210-1 || 4.7.201608131240-1 || 33d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000687.html ASA-201608-13]<br />
|-<br />
| {{CVE|CVE-2016-5696}} [http://seclists.org/oss-sec/2016/q3/44] [https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=75ff39ccc1bd5d3c455b6822ab09e533c551f758] || {{pkg|linux-lts}} || 2016-07-12 || <= 4.4.16-1 || 4.4.19-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000691.html ASA-201608-17]<br />
|-<br />
| {{CVE|CVE-2016-5696}} [http://seclists.org/oss-sec/2016/q3/44] [https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=75ff39ccc1bd5d3c455b6822ab09e533c551f758] || {{pkg|linux-zen}} || 2016-07-12 || <= 4.6.5-1 || 4.7-1 || 35d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000689.html ASA-201608-15]<br />
|-<br />
| {{CVE|CVE-2016-5139}} {{CVE|CVE-2016-5140}} {{CVE|CVE-2016-5141}} {{CVE|CVE-2016-5142}} {{CVE|CVE-2016-5143}} {{CVE|CVE-2016-5144}} {{CVE|CVE-2016-5145}} {{CVE|CVE-2016-5146}} [https://googlechromereleases.blogspot.fr/2016/08/stable-channel-update-for-desktop.html] || {{pkg|chromium}} || 2016-08-03 || <= 52.0.2743.85-2 || 52.0.2743.116-1 || 14d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000690.html ASA-201608-16]<br />
|-<br />
| {{CVE|CVE-2016-6255}} || {{pkg|libupnp}} || 2016-08-08 || <= 1.6.19-1 || 1.6.20-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000682.html ASA-201608-8]<br />
|-<br />
| {{CVE|CVE-2016-3075}} {{CVE|CVE-2016-5417}} [https://sourceware.org/bugzilla/show_bug.cgi?id=19879] [https://sourceware.org/bugzilla/show_bug.cgi?id=19257] || {{pkg|glibc}} {{pkg|lib32-glibc}} || 2016-08-02 || <= 2.23-5 || 2.24-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000680.html ASA-201608-6] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000681.html ASA-201608-7]<br />
|-<br />
| {{CVE|CVE-2016-3458}} {{CVE|CVE-2016-3500}} {{CVE|CVE-2016-3508}} {{CVE|CVE-2016-3550}} {{CVE|CVE-2016-3598}} {{CVE|CVE-2016-3606}} {{CVE|CVE-2016-3610}} [http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2016-July/036560.html] || {{pkg|jdk7-openjdk}} {{pkg|jre7-openjdk}} {{pkg|jre7-openjdk-headless}} || 2016-07-29 || <= 7.u101_2.6.6 || 7.u111_2.6.7 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000677.html ASA-201608-3] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000678.html ASA-201608-4] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000679.html ASA-201608-5]<br />
|-<br />
| {{CVE|CVE-2016-0718}} {{CVE|CVE-2016-2830}} {{CVE|CVE-2016-2835}} {{CVE|CVE-2016-2836}} {{CVE|CVE-2016-2837}} {{CVE|CVE-2016-2838}} {{CVE|CVE-2016-2839}} {{CVE|CVE-2016-5250}} {{CVE|CVE-2016-5251}} {{CVE|CVE-2016-5252}} {{CVE|CVE-2016-5254}} {{CVE|CVE-2016-5255}} {{CVE|CVE-2016-5258}} {{CVE|CVE-2016-5259}} {{CVE|CVE-2016-5260}} {{CVE|CVE-2016-5261}} {{CVE|CVE-2016-5262}} {{CVE|CVE-2016-5263}} {{CVE|CVE-2016-5264}} {{CVE|CVE-2016-5265}} {{CVE|CVE-2016-5266}} {{CVE|CVE-2016-5268}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox48] || {{pkg|firefox}} || 2016-08-02 || <= 47.0.1-1 || 48.0-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000676.html ASA-201608-2]<br />
|-<br />
| {{CVE|CVE-2016-5419}} {{CVE|CVE-2016-5420}} {{CVE|CVE-2016-5421}} [https://curl.haxx.se/docs/adv_20160803A.html] [https://curl.haxx.se/docs/adv_20160803B.html] [https://curl.haxx.se/docs/adv_20160803C.html] || {{pkg|curl}} || 2016-08-03 || <= 7.50.0-1 || 7.50.1-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000683.html ASA-201608-9]<br />
|-<br />
| {{CVE|CVE-2016-6210}} [http://www.openssh.com/txt/release-7.3] [http://seclists.org/fulldisclosure/2016/Jul/51] || {{pkg|openssh}} || 2016-07-14 || <= 7.2p2-2 || 7.3p1-1 || 16d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000675.html ASA-201608-1]<br />
|-<br />
| {{CVE|CVE-2016-6503}} {CVE|CVE-2016-6504}} {{CVE|CVE-2016-6507}} [http://seclists.org/oss-sec/2016/q3/217] [[http://www.wireshark.org/security/wnpa-sec-2016-39.html] [http://www.wireshark.org/security/wnpa-sec-2016-40.html] [http://www.wireshark.org/security/wnpa-sec-2016-43.html] || {{pkg|wireshark-cli}} || 2016-07-28 || <= 2.0.4-1 || - || - || Not Affected || None<br />
|-<br />
| {{CVE|CVE-2016-6505}} {{CVE|CVE-2016-6506}} {{CVE|CVE-2016-6508}} {{CVE|CVE-2016-6509}} {{CVE|CVE-2016-6510}} {{CVE|CVE-2016-6511}} {{CVE|CVE-2016-6512}} {{CVE|CVE-2016-6513}} [http://seclists.org/oss-sec/2016/q3/217] [http://www.wireshark.org/security/wnpa-sec-2016-41.html] [http://www.wireshark.org/security/wnpa-sec-2016-42.html] [http://www.wireshark.org/security/wnpa-sec-2016-44.html] [http://www.wireshark.org/security/wnpa-sec-2016-45.html] [http://www.wireshark.org/security/wnpa-sec-2016-46.html] [http://www.wireshark.org/security/wnpa-sec-2016-47.html] [http://www.wireshark.org/security/wnpa-sec-2016-48.html] [http://www.wireshark.org/security/wnpa-sec-2016-49.html] || {{pkg|wireshark-cli}} || 2016-07-28 || <= 2.0.4-1 || 2.0.5-1 || 26d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000694.html ASA-201608-20]<br />
|-<br />
| {{CVE|CVE-2016-6491}} [http://seclists.org/oss-sec/2016/q3/194] [http://git.imagemagick.org/repos/ImageMagick/commit/5cb6c1acd3e3b12f9260daf207db432df7f792c2] || {{pkg|imagemagick}} || 2016-07-27 || <= 6.9.5.2-1 || 6.9.5.3-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000673.html ASA-201607-13]<br />
|-<br />
| {{CVE|CVE-2015-8948}} {{CVE|CVE-2016-6261}} {{CVE|CVE-2016-6262}} {{CVE|CVE-2016-6263}} || {{Pkg|libidn}} || 2016-07-20 || <= 1.32-1 || 1.33-1 || 10d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000674.html ASA-201607-14]<br />
|-<br />
| {{CVE|CVE-2016-6186}} || {{Pkg|python-django}} {{Pkg|python2-django}}|| 2016-07-18 || <= 1.9.8-1 || 1.9.8-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000670.html ASA-201607-10] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000671.html ASA-201607-11]<br />
|-<br />
| {{CVE|CVE-2016-1705}} {{CVE|CVE-2016-1706}} {{CVE|CVE-2016-1708}} {{CVE|CVE-2016-1709}} {{CVE|CVE-2016-1710}} {{CVE|CVE-2016-1711}} {{CVE|CVE-2016-5127}} {{CVE|CVE-2016-5128}} {{CVE|CVE-2016-5129}} {{CVE|CVE-2016-5130}} {{CVE|CVE-2016-5131}} {{CVE|CVE-2016-5132}} {{CVE|CVE-2016-5133}} {{CVE|CVE-2016-5134}} {{CVE|CVE-2016-5135}} {{CVE|CVE-2016-5136}} {{CVE|CVE-2016-5137}} [https://googlechromereleases.blogspot.fr/2016/07/stable-channel-update.html] || {{pkg|chromium}} || 2016-07-20 || <= 51.0.2704.106-1 || 52.0.2743.82-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000672.html ASA-201607-12]<br />
|-<br />
| {{CVE|CVE-2016-5385}} [https://www.drupal.org/SA-CORE-2016-003] || {{pkg|drupal}} || 2016-07-18 || <= 8.1.6-1 || 8.1.7-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000669.html ASA-201607-9]<br />
|-<br />
| {{CVE|CVE-2016-2775}} [https://kb.isc.org/article/AA-01393/74/CVE-2016-2775] || {{pkg|bind}} || 2016-07-19 || <= 9.10.4.P1-2 || 9.10.4.P2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000668.html ASA-201607-8]<br />
|-<br />
|{{CVE|CVE-2016-4173}} {{CVE|CVE-2016-4174}} {{CVE|CVE-2016-4175}} {{CVE|CVE-2016-4176}} {{CVE|CVE-2016-4177}} {{CVE|CVE-2016-4179}} {{CVE|CVE-2016-4180}} {{CVE|CVE-2016-4181}} {{CVE|CVE-2016-4182}} {{CVE|CVE-2016-4183}} {{CVE|CVE-2016-4184}} {{CVE|CVE-2016-4185}} {{CVE|CVE-2016-4186}} {{CVE|CVE-2016-4187}} {{CVE|CVE-2016-4188}} {{CVE|CVE-2016-4189}} {{CVE|CVE-2016-4190}} {{CVE|CVE-2016-4217}} {{CVE|CVE-2016-4218}} {{CVE|CVE-2016-4219}} {{CVE|CVE-2016-4220}} {{CVE|CVE-2016-4221}} {{CVE|CVE-2016-4222}} {{CVE|CVE-2016-4223}} {{CVE|CVE-2016-4224}} {{CVE|CVE-2016-4225}} {{CVE|CVE-2016-4226}} {{CVE|CVE-2016-4227}} {{CVE|CVE-2016-4228}} {{CVE|CVE-2016-4229}} {{CVE|CVE-2016-4230}} {{CVE|CVE-2016-4231}} {{CVE|CVE-2016-4232}} {{CVE|CVE-2016-4233}} {{CVE|CVE-2016-4234}} {{CVE|CVE-2016-4235}} {{CVE|CVE-2016-4236}} {{CVE|CVE-2016-4237}} {{CVE|CVE-2016-4238}} {{CVE|CVE-2016-4239}} {{CVE|CVE-2016-4240}} {{CVE|CVE-2016-4241}} {{CVE|CVE-2016-4242}} {{CVE|CVE-2016-4243}} {{CVE|CVE-2016-4244}} {{CVE|CVE-2016-4245}} {{CVE|CVE-2016-4246}} {{CVE|CVE-2016-4247}} {{CVE|CVE-2016-4248}} || {{pkg|flashplugin}} {{pkg|lib32-flashplugin}} || 2016-07-12 || <= 11.2.202.626-1 || 11.2.202.632-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000666.html ASA-201607-6] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000667.html ASA-201607-7]<br />
|-<br />
| {{CVE|CVE-2016-2815}} {{CVE|CVE-2016-2818}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird45.2] || {{pkg|thunderbird}} || 2016-06-30 || <= 45.1.1-2 || 45.2.0-1 || 10d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000664.html ASA-201607-4]<br />
|-<br />
| {{CVE|CVE-2016-4979}} [https://httpd.apache.org/security/vulnerabilities_24.html] || {{pkg|apache}} || 2016-07-05 || 2.4.18-2.4.20 || 2.4.23-1 || || Fixed ({{bug|49958}}) || None<br />
|-<br />
| {{CVE|CVE-2016-4994}} [https://bugzilla.gnome.org/show_bug.cgi?id=767873] || {{pkg|gimp}} || 2016-06-21 || <= 2.8.16-2 || 2.8.18-1 || 26d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000665.html ASA-201607-5]<br />
|-<br />
| {{CVE|CVE-2016-4472}} [https://bugzilla.redhat.com/show_bug.cgi?id=1344251] || {{pkg|expat}} || 2016-06-30 || <= 2.1.1-3 || 2.2.0-1 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-3189}} [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3189] || {{pkg|bzip2}} || 2016-06-30 || <= 1.0.6-5 || || || '''Vulnerable''' ||<br />
|-<br />
| {{CVE|CVE-2016-4463}} [http://seclists.org/bugtraq/2016/Jun/115] || {{pkg|xerces-c}} || 2016-06-29 || <= 3.1.3-2 || 3.1.4-1 || <3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000662.html ASA-201607-2]<br />
|-<br />
| {{CVE|CVE-2016-4324}} [http://www.talosintelligence.com/reports/TALOS-2016-0126/] || {{pkg|libreoffice-fresh}} || 2016-06-27 || <= 5.1.3-2 || 5.1.4-1 || <0d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000663.html ASA-201607-3]<br />
|-<br />
| {{CVE|CVE-2016-5701}} {{CVE|CVE-2016-5702}} {{CVE|CVE-2016-5703}} {{CVE|CVE-2016-5704}} {{CVE|CVE-2016-5705}} {{CVE|CVE-2016-5706}} {{CVE|CVE-2016-5730}} {{CVE|CVE-2016-5731}} {{CVE|CVE-2016-5732}} {{CVE|CVE-2016-5733}} {{CVE|CVE-2016-5734}} {{CVE|CVE-2016-5739}} [https://www.phpmyadmin.net/security/PMASA-2016-17/] [https://www.phpmyadmin.net/security/PMASA-2016-18/] [https://www.phpmyadmin.net/security/PMASA-2016-19/] [https://www.phpmyadmin.net/security/PMASA-2016-20/] [https://www.phpmyadmin.net/security/PMASA-2016-21/] [https://www.phpmyadmin.net/security/PMASA-2016-22/] [https://www.phpmyadmin.net/security/PMASA-2016-23/] [https://www.phpmyadmin.net/security/PMASA-2016-24/] [https://www.phpmyadmin.net/security/PMASA-2016-25/] [https://www.phpmyadmin.net/security/PMASA-2016-26/] [https://www.phpmyadmin.net/security/PMASA-2016-27/] [https://www.phpmyadmin.net/security/PMASA-2016-28/] || {{pkg|phpmyadmin}} || 2016-06-23 || <= 4.6.2-1 || 4.6.3-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000660.html ASA-201606-25]<br />
|-<br />
| {{CVE|CVE-2016-1704}} [https://googlechromereleases.blogspot.fr/2016/06/stable-channel-update_16.html] || {{pkg|chromium}} || 2016-01-16 || <= 51.0.2704.84-1 || 51.0.2704.103-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000655.html ASA-201606-20]<br />
|-<br />
| {{CVE|CVE-2016-2365}} {{CVE|CVE-2016-2366}} {{CVE|CVE-2016-2367}} {{CVE|CVE-2016-2368}} {{CVE|CVE-2016-2369}} {{CVE|CVE-2016-2370}} {{CVE|CVE-2016-2371}} {{CVE|CVE-2016-2372}} {{CVE|CVE-2016-2373}} {{CVE|CVE-2016-2374}} {{CVE|CVE-2016-2375}} {{CVE|CVE-2016-2376}} {{CVE|CVE-2016-2377}} {{CVE|CVE-2016-2378}} {{CVE|CVE-2016-2380}} {{CVE|CVE-2016-4323}} [http://blog.talosintel.com/2016/06/vulnerability-spotlight-pidgin.html] || {{pkg|libpurple}} || 2016-01-21 || <= 2.10.12-4 || 2.11.0-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000659.html ASA-201606-24]<br />
|-<br />
| {{CVE|CVE-2016-1541}} [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1541] || {{pkg|libarchive}} || 2016-01-17 || <= 3.1.2-8 || 3.2.0-1 || 47d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000661.html ASA-201607-1]<br />
|-<br />
| {{CVE|CVE-2016-5875}} {{CVE|CVE-2016-5314}} {{CVE|CVE-2016-5315}} {{CVE|CVE-2016-5316}} {{CVE|CVE-2016-5317}} {{CVE|CVE-2016-5320}} {{CVE|CVE-2016-5321}} {{CVE|CVE-2016-5322}} {{CVE|CVE-2016-5323}} {{CVE|CVE-2016-5102}} {{CVE|CVE-2016-3991}} {{CVE|CVE-2016-3990}} {{CVE|CVE-2016-3945}} {{CVE|CVE-2016-3658}} {{CVE|CVE-2016-3634}} {{CVE|CVE-2016-3633}} {{CVE|CVE-2016-3632}} {{CVE|CVE-2016-3631}} {{CVE|CVE-2016-3625}} {{CVE|CVE-2016-3624}} {{CVE|CVE-2016-3623}} {{CVE|CVE-2016-3622}} {{CVE|CVE-2016-3621}} {{CVE|CVE-2016-3620}} {{CVE|CVE-2016-3619}} {{CVE|CVE-2016-3186}} {{CVE|CVE-2015-8668}} {{CVE|CVE-2015-7313}} {{CVE|CVE-2014-8130}} {{CVE|CVE-2014-8127}} {{CVE|CVE-2010-2596}} {{CVE|CVE-2016-6223}} [http://www.openwall.com/lists/oss-security/2016/06/15/1] [http://www.openwall.com/lists/oss-security/2016/06/15/2] [http://www.openwall.com/lists/oss-security/2016/06/15/3] [http://www.openwall.com/lists/oss-security/2016/06/15/5] [http://www.openwall.com/lists/oss-security/2016/06/15/6] [http://www.openwall.com/lists/oss-security/2016/06/15/7] [http://www.openwall.com/lists/oss-security/2016/06/15/8] [http://www.openwall.com/lists/oss-security/2016/06/15/9] [https://security-tracker.debian.org/tracker/source-package/tiff] [http://www.openwall.com/lists/oss-security/2016/07/13/3] || {{pkg|libtiff}} || 2016-06-19 || <= 4.0.6-2 || || || '''Vulnerable''' ||<br />
|-<br />
| {{CVE|CVE-2016-4122}} {{CVE|CVE-2016-4123}} {{CVE|CVE-2016-4124}} {{CVE|CVE-2016-4125}} {{CVE|CVE-2016-4127}} {{CVE|CVE-2016-4128}} {{CVE|CVE-2016-4129}} {{CVE|CVE-2016-4130}} {{CVE|CVE-2016-4131}} {{CVE|CVE-2016-4132}} {{CVE|CVE-2016-4133}} {{CVE|CVE-2016-4134}} {{CVE|CVE-2016-4135}} {{CVE|CVE-2016-4136}} {{CVE|CVE-2016-4137}} {{CVE|CVE-2016-4138}} {{CVE|CVE-2016-4139}} {{CVE|CVE-2016-4140}} {{CVE|CVE-2016-4141}} {{CVE|CVE-2016-4142}} {{CVE|CVE-2016-4143}} {{CVE|CVE-2016-4144}} {{CVE|CVE-2016-4145}} {{CVE|CVE-2016-4146}} {{CVE|CVE-2016-4147}} {{CVE|CVE-2016-4148}} {{CVE|CVE-2016-4149}} {{CVE|CVE-2016-4150}} {{CVE|CVE-2016-4151}} {{CVE|CVE-2016-4152}} {{CVE|CVE-2016-4153}} {{CVE|CVE-2016-4154}} {{CVE|CVE-2016-4155}} {{CVE|CVE-2016-4156}} {{CVE|CVE-2016-4166}} {{CVE|CVE-2016-4171}} [https://helpx.adobe.com/security/products/flash-player/apsb16-18.html] || {{pkg|flashplugin}} {{pkg|lib32-flashplugin}} || 2016-06-16 || <= 11.2.202.621-1 || 11.2.202.626-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000650.html ASA-201606-15] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000653.html ASA-201606-18]<br />
|-<br />
| {{CVE|CVE-2016-4971}} [https://lists.gnu.org/archive/html/bug-wget/2016-06/msg00033.html] || {{pkg|wget}} || 2016-06-09 || <= 1.17.1-2 || 1.18-1 || 11d || Fixed ({{bug|49730}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000654.html ASA-201606-19]<br />
|-<br />
| {{CVE|CVE-2012-6702}} {{CVE|CVE-2016-5300}} || {{pkg|expat}} {{pkg|lib32-expat}} || 2016-06-07 || <= 2.1.1-2 || 2.1.1-3 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000648.html ASA-201606-13] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000649.html ASA-201606-14]<br />
|-<br />
| {{CVE|CVE-2016-5360}} [http://seclists.org/oss-sec/2016/q2/512] || {{pkg|haproxy}} || 2016-06-09 || <= 1.6.5-3 || 1.6.5-4 || 1d || Fixed ({{bug|49638}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000646.html ASA-201606-11]<br />
|-<br />
| {{CVE|CVE-2016-2815}} {{CVE|CVE-2016-2818}} {{CVE|CVE-2016-2819}} {{CVE|CVE-2016-2821}} {{CVE|CVE-2016-2822}} {{CVE|CVE-2016-2825}} {{CVE|CVE-2016-2828}} {{CVE|CVE-2016-2829}} {{CVE|CVE-2016-2831}} {{CVE|CVE-2016-2832}} {{CVE|CVE-2016-2833}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox47] || {{pkg|firefox}} || 2016-06-07 || <= 46.0.1-1 || 47.0-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000642.html ASA-201606-7]<br />
|-<br />
| {{CVE|CVE-2016-4456}} [https://marc.ttias.be/oss-security/2016-06/msg00043.php] [http://gnutls.org/security.html#GNUTLS-SA-2016-1] || {{pkg|gnutls}} {{pkg|lib32-gnutls}} || 2016-06-06 || <= 3.4.12-1 || 3.4.13-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000645.html ASA-201606-10] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000647.html ASA-201606-12]<br />
|-<br />
| {{CVE|CVE-2015-8899}} [http://www.openwall.com/lists/oss-security/2016/06/04/2] || {{pkg|dnsmasq}} || 2016-06-04 || <= 2.75-1 || 2.76-1 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-4953}} {{CVE|CVE-2016-4954}} {{CVE|CVE-2016-4955}} {{CVE|CVE-2016-4956}} {{CVE|CVE-2016-4957}} [http://support.ntp.org/bin/view/Main/SecurityNotice#June_2016_ntp_4_2_8p8_NTP_Securi] || {{pkg|ntp}} || 2016-06-02 || <= 4.2.8.p7-1 || 4.2.8.p8-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000639.html ASA-201606-4]<br />
|-<br />
| {{CVE|CVE-2016-4429}} [https://sourceware.org/bugzilla/show_bug.cgi?id=20112] || {{pkg|glibc}} {{pkg|lib32-glibc}} || 2016-05-18 || <= 2.23-4 || 2.23-5 || 25d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000651.html ASA-201606-16] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000652.html ASA-201606-17]<br />
|-<br />
| {{CVE|CVE-2016-5244}} {{CVE|CVE-2016-5243}} [http://www.openwall.com/lists/oss-security/2016/06/03/5] [http://www.openwall.com/lists/oss-security/2016/06/03/4] || {{pkg|linux}} || 2016-06-03 || <= 4.6.1 || || || Not Affected ||<br />
|-<br />
| {{CVE|CVE-2016-1696}} {{CVE|CVE-2016-1697}} {{CVE|CVE-2016-1698}} {{CVE|CVE-2016-1699}} {{CVE|CVE-2016-1700}} {{CVE|CVE-2016-1701}} {{CVE|CVE-2016-1702}} {{CVE|CVE-2016-1703}} [http://googlechromereleases.blogspot.fr/2016/06/stable-channel-update.html] || {{pkg|chromium}} || 2016-06-01 || <= 51.0.2704.63-1 || 51.0.2704.79-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000640.html ASA-201606-5]<br />
|-<br />
| {{CVE|CVE-2016-4450}} [http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html] [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4450] || {{pkg|nginx-mainline}} || 2016-05-31 || <= 1.11-1 || 1.11.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000637.html ASA-201606-2]<br />
|-<br />
| {{CVE|CVE-2016-4450}} [http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html] [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4450] || {{pkg|nginx}} || 2016-05-31 || <= 1.10-1 || 1.10.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000636.html ASA-201606-1]<br />
|-<br />
| {{CVE|CVE-2016-1857}} [http://webkitgtk.org/security/WSA-2016-0004.html] || {{pkg|webkit2gtk}} || 2016-05-30 || <= 2.12.2-1 || 2.12.3-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000638.html ASA-201606-3]<br />
|-<br />
| {{CVE|CVE-2016-5108}} [http://www.openwall.com/lists/oss-security/2016/05/27/7] || {{pkg|vlc}} || 2016-05-27 || <= 2.2.3-3 || 2.2.4-1 || 11d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000656.html ASA-201606-21]<br />
|-<br />
| {{CVE|CVE-2016-5104}} [http://www.openwall.com/lists/oss-security/2016/05/26/6] || {{pkg|libusbmuxd}} || 2016-05-26 || <= 1.0.10-1 || || || '''Vulnerable''' ||<br />
|-<br />
| {{CVE|CVE-2016-5104}} [http://www.openwall.com/lists/oss-security/2016/05/26/6] || {{pkg|libimobiledevice}} || 2016-05-26 || <= 1.2.0-3 || || || '''Vulnerable''' ||<br />
|-<br />
| {{CVE|CVE-2016-5103}} [http://www.openwall.com/lists/oss-security/2016/05/26/5] || {{pkg|roundcubemail}} || 2016-05-26 || <= 1.2rc-1 || 1.2.0-1 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-1762}} {{CVE|CVE-2016-1833}} {{CVE|CVE-2016-1834}} {{CVE|CVE-2016-1835}} {{CVE|CVE-2016-1836}} {{CVE|CVE-2016-1837}} {{CVE|CVE-2016-1838}} {{CVE|CVE-2016-1839}} {{CVE|CVE-2016-1840}} {{CVE|CVE-2016-3627}} {{CVE|CVE-2016-3705}} {{CVE|CVE-2016-4483}} [https://git.gnome.org/browse/libxml2/log/] || {{pkg|libxml2}} || 2016-05-23 || <= 2.9.3-2 || 2.9.4+0+gbdec218-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000634.html ASA-201605-27]<br />
|-<br />
| {{CVE|CVE-2016-1672}} {{CVE|CVE-2016-1673}} {{CVE|CVE-2016-1674}} {{CVE|CVE-2016-1675}} {{CVE|CVE-2016-1676}} {{CVE|CVE-2016-1677}} {{CVE|CVE-2016-1678}} {{CVE|CVE-2016-1679}} {{CVE|CVE-2016-1680}} {{CVE|CVE-2016-1681}} {{CVE|CVE-2016-1682}} {{CVE|CVE-2016-1683}} {{CVE|CVE-2016-1684}} {{CVE|CVE-2016-1685}} {{CVE|CVE-2016-1686}} {{CVE|CVE-2016-1687}} {{CVE|CVE-2016-1688}} {{CVE|CVE-2016-1689}} {{CVE|CVE-2016-1690}} {{CVE|CVE-2016-1691}} {{CVE|CVE-2016-1692}} {{CVE|CVE-2016-1693}} {{CVE|CVE-2016-1694}} {{CVE|CVE-2016-1695}} [http://googlechromereleases.blogspot.fr/2016/05/stable-channel-update_25.html] || {{pkg|chromium}} || 2016-05-25 || <= 50.0.2661.102-1 || 51.0.2704.63-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000635.html ASA-201605-28]<br />
|-<br />
| {{CVE|CVE-2016-5027}} {{CVE|CVE-2016-5028}} {{CVE|CVE-2016-5029}} {{CVE|CVE-2016-5030}} {{CVE|CVE-2016-5031}} {{CVE|CVE-2016-5032}} {{CVE|CVE-2016-5033}} {{CVE|CVE-2016-5034}} {{CVE|CVE-2016-5035}} {{CVE|CVE-2016-5036}} {{CVE|CVE-2016-5037}} {{CVE|CVE-2016-5038}} {{CVE|CVE-2016-5039}} {{CVE|CVE-2016-5040}} {{CVE|CVE-2016-5041}} {{CVE|CVE-2016-5042}} {{CVE|CVE-2016-5043}} {{CVE|CVE-2016-5044}} [http://seclists.org/oss-sec/2016/q2/393] [https://www.prevanders.net/dwarfbug.html] || {{pkg|libdwarf}} || 2016-05-24 || <= 20160507-1 || 20160613-1 || 27d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000658.html ASA-201606-23]<br />
|-<br />
| {{CVE|CVE-2015-1283}} {{CVE|CVE-2016-0718}} [http://seclists.org/oss-sec/2016/q2/360] || {{pkg|expat}} {{pkg|lib32-expat}} || 2016-05-17 || <= 2.1.1-1 || 2.1.1-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000629.html ASA-201605-22] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000630.html ASA-201605-23]<br />
|-<br />
| {{CVE|CVE-2016-2334}} {{CVE|CVE-2016-2335}} [http://www.talosintel.com/reports/TALOS-2016-0093/] [http://www.talosintel.com/reports/TALOS-2016-0094/] || {{pkg|p7zip}} || 2016-05-10 || <= 15.14.1-1 || 15.14.1-2 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000631.html ASA-201605-24]<br />
|-<br />
| {{CVE|CVE-2016-3698}} [https://github.com/jpirko/libndp/commit/2af9a55b38b55abbf05fd116ec097d4029115839] || {{pkg|libndp}} || 2016-05-17 || <= 1.5-1 || 1.6-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000633.html ASA-201605-26]<br />
|-<br />
| {{CVE|CVE-2016-2803}} [http://seclists.org/bugtraq/2016/May/72] || {{pkg|bugzilla}} || 2016-05-16 || <= 5.0.2-1 || 5.0.3-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000632.html ASA-201605-25]<br />
|-<br />
| {{CVE|CVE-2016-2099}} [https://issues.apache.org/jira/browse/XERCESC-2066] [http://www.openwall.com/lists/oss-security/2016/05/09/7] || {{pkg|xerces-c}} || 2016-05-09 || <= 3.1.3-1 || 3.1.3-2 || 46d || Fixed ({{bug|49353}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000656.html ASA-201606-22]<br />
|-<br />
| [http://blog.jetbrains.com/blog/2016/05/11/security-update-for-intellij-based-ides-v2016-1-and-older-versions/] || {{pkg|intellij-idea-community-edition}} {{pkg|intellij-idea-libs}} || 2016-05-11 || <= 1:2016.1.1-1 || 1:2016.1.2-1 || 3d || Fixed ({{bug|49329}}) || None<br />
|-<br />
| {{CVE|CVE-2016-2804}} {{CVE|CVE-2016-2805}} {{CVE|CVE-2016-2806}} {{CVE|CVE-2016-2807}} [https://www.mozilla.org/en-US/security/advisories/mfsa2016-39/] || {{pkg|thunderbird}} || 2016-05-10 || <= 45.0-1 || 45.1.0-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000628.html ASA-201605-21]<br />
|-<br />
| {{CVE|CVE-2016-1667}} {{CVE|CVE-2016-1668}} {{CVE|CVE-2016-1669}} {{CVE|CVE-2016-1670}} [http://googlechromereleases.blogspot.fr/2016/05/stable-channel-update.html] || {{pkg|chromium}} || 2016-05-11 || <= 50.0.2661.94-1 || 50.0.2661.102-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000622.html ASA-201605-15] <br />
|-<br />
| {{CVE|CVE-2016-3706}} {{CVE|CVE-2016-1234}} [https://sourceware.org/bugzilla/show_bug.cgi?id=20010] || {{pkg|glibc}} {{pkg|lib32-glibc}} || 2016-04-27 || <= 2.23-2 || 2.23-4 || 17d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000626.html ASA-201605-19] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000627.html ASA-201605-20]<br />
|-<br />
| {{CVE|CVE-2016-1096}} {{CVE|CVE-2016-1097}} {{CVE|CVE-2016-1098}} {{CVE|CVE-2016-1099}} {{CVE|CVE-2016-1100}} {{CVE|CVE-2016-1101}} {{CVE|CVE-2016-1102}} {{CVE|CVE-2016-1103}} {{CVE|CVE-2016-1104}} {{CVE|CVE-2016-1105}} {{CVE|CVE-2016-1106}} {{CVE|CVE-2016-1107}} {{CVE|CVE-2016-1108}} {{CVE|CVE-2016-1109}} {{CVE|CVE-2016-1110}} {{CVE|CVE-2016-4108}} {{CVE|CVE-2016-4109}} {{CVE|CVE-2016-4110}} {{CVE|CVE-2016-4111}} {{CVE|CVE-2016-4112}} {{CVE|CVE-2016-4113}} {{CVE|CVE-2016-4114}} {{CVE|CVE-2016-4115}} {{CVE|CVE-2016-4116}} {{CVE|CVE-2016-4117}} [https://helpx.adobe.com/security/products/flash-player/apsa16-02.html] || {{pkg|flashplugin}} {{pkg|lib32-flashplugin}} || 2016-05-10 || <= 11.2.202.616-2 || 11.2.202.621-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000623.html ASA-201605-16] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000625.html ASA-201605-18]<br />
|-<br />
| {{CVE|CVE-2015-8558}} {{CVE|CVE-2016-3710}} {{CVE|CVE-2016-3712}} {{CVE|CVE-2016-5105}} {{CVE|CVE-2016-5107}} {{CVE|CVE-2016-5106}} [http://xenbits.xen.org/xsa/advisory-179.html] [http://www.openwall.com/lists/oss-security/2016/05/25/7] || {{pkg|qemu}} {{pkg|qemu-arch-extra}} || 2016-05-10 || <= 2.5.1-1 || 2.6.0-1 || 28d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000643.html ASA-201606-8] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000644.html ASA-201606-9]<br />
|-<br />
| {{CVE|CVE-2015-8558}} {{CVE|CVE-2016-3710}} {{CVE|CVE-2016-3712}} {{CVE|CVE-2016-5105}} {{CVE|CVE-2016-5107}} {{CVE|CVE-2016-5106}} [http://xenbits.xen.org/xsa/advisory-179.html] [http://www.openwall.com/lists/oss-security/2016/05/25/7] || {{pkg|qemu-guest-agent}} {{pkg|qemu-block-gluster}} {{pkg|qemu-block-iscsi}} {{pkg|qemu-block-rbd}} || 2016-05-10 || <= 2.5.1-1 || - || - || Not Affected || None<br />
|-<br />
| {{CVE|CVE-2016-1926}} [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1926] [http://www.openvas.org/OVSA20160113.html] || {{pkg|greenbone-security-assistant}} || 2016-01-16 || <= 6.0.6-2 || || || '''Vulnerable''' || <br />
|-<br />
| {{CVE|CVE-2016-3659}} [http://bugs.cacti.net/view.php?id=2673] || {{pkg|cacti}} || 2016-03-31 || <= 0.8.8_g-3 || 0.8.8_h-1 || 40d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000621.html ASA-201605-14]<br />
|-<br />
| {{CVE|CVE-2016-4554}} {{CVE|CVE-2016-4555}} {{CVE|CVE-2016-4556}} [http://www.squid-cache.org/Advisories/SQUID-2016_8.txt] [http://www.squid-cache.org/Advisories/SQUID-2016_9.txt] || {{pkg|squid}} || 2016-05-09 || <= 3.5.17-1 || 3.5.19-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000620.html ASA-201605-13]<br />
|-<br />
| {{CVE|CVE-2015-8106}} [http://www.openwall.com/lists/oss-security/2015/11/16/39] || {{pkg|latex2rtf}} || 2015-11-16 || <= 2.3.8-1 || 2.3.10-1 || ~6m || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000616.html ASA-201605-9]<br />
|-<br />
| {{CVE|CVE-2016-3105}} [https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.8_.2F_3.8.1_.282016-5-1.29] || {{pkg|mercurial}} || 2016-05-01 || <= 3.7.3-1 || 3.8.1-1 || 5d || Fixed ({{bug|49239}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000617.html ASA-201605-10] <br />
|-<br />
| {{CVE|CVE-2016-1236}} [http://www.openwall.com/lists/oss-security/2016/05/05/22] || {{pkg|websvn}} || 2016-05-05 || <= 2.3.3-6 || 2.3.3-7 || 98d || Fixed ({{bug|50344}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000685.html ASA-201608-11]<br />
|-<br />
| {{CVE|CVE-2016-4414}} [http://marc.info/?l=oss-security&m=146204310020229&w=2] || {{pkg|quassel-client}} {{pkg|quassel-monolithic}} || 2016-04-30 || <= 0.12.3-1 || - || - || Not Affected || None<br />
|-<br />
| {{CVE|CVE-2016-4352}} [http://www.openwall.com/lists/oss-security/2016/04/29/7] || {{pkg|mencoder}} {{pkg|mplayer}} || 2016-05-03 || <= 37379-7 || 37857-1 || 3d || Fixed ({{bug|49195}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000618.html ASA-201605-11] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000619.html ASA-201605-12]<br />
|-<br />
| {{CVE|CVE-2016-4574}} [http://www.openwall.com/lists/oss-security/2016/05/10/4] || {{pkg|libksba}} || 2016-05-03 || <= 1.3.3-1 || 1.3.4-1 || 9d || Fixed ({{bug|49289}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000624.html ASA-201605-17]<br />
|-<br />
| {{CVE|CVE-2016-4354}} {{CVE|CVE-2016-4353}} {{CVE|CVE-2016-4355}} {{CVE|CVE-2016-4356}} [http://www.openwall.com/lists/oss-security/2016/04/29/8] || {{pkg|libksba}} || 2016-04-10 || <= 1.3.2-1 || 1.3.3-1 || 18d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-4348}} {{CVE|CVE-2016-4347}} [http://www.openwall.com/lists/oss-security/2016/04/30/3] || {{pkg|librsvg}} || 2016-05-03 || <= 2:2.40.2-2 || 2:2.40.15-2 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-4415}} {{CVE|CVE-2016-4416}} {{CVE|CVE-2016-4417}} {{CVE|CVE-2016-4418}} {{CVE|CVE-2016-4419}} {{CVE|CVE-2016-4420}} {{CVE|CVE-2016-4421}} {{CVE|CVE-2016-4076}} {{CVE|CVE-2016-4077}} {{CVE|CVE-2016-4078}} {{CVE|CVE-2016-4079}} {{CVE|CVE-2016-4080}} {{CVE|CVE-2016-4081}} {{CVE|CVE-2016-4006}} {{CVE|CVE-2016-4082}} {{CVE|CVE-2016-4083}} {{CVE|CVE-2016-4084}} {{CVE|CVE-2016-4085}} [http://www.openwall.com/lists/oss-security/2016/04/25/2] || {{pkg|wireshark-cli}} {{pkg|wireshark-qt}} {{pkg|wireshark-gtk}} || 2016-05-03 || <= 2.0.2-1 || 2.0.3-1 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-3714}} [http://www.openwall.com/lists/oss-security/2016/05/03/13] [http://www.openwall.com/lists/oss-security/2016/05/03/14]|| {{pkg|imagemagick}} || 2016-05-03 || <= 6.9.3.8-1 || 6.9.3.10-1 || 3d || Fixed ({{bug|49203}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000613.html ASA-201605-6]<br />
|-<br />
| {{CVE|CVE-2016-4477}} {{CVE|CVE-2016-4476}} [http://www.openwall.com/lists/oss-security/2016/05/03/2] || {{pkg|hostapd}} || 2016-05-03 || <= 2.5-2 || || || '''Vulnerable''' ({{bug|49196}}) || <br />
|-<br />
| {{CVE|CVE-2016-4477}} {{CVE|CVE-2016-4476}} [http://www.openwall.com/lists/oss-security/2016/05/03/2] || {{pkg|wpa_supplicant}} || 2016-05-03 || <= 1:2.5-3 || || || '''Vulnerable''' ({{bug|49196}}) || <br />
|-<br />
| {{CVE|CVE-2016-2105}} {{CVE|CVE-2016-2106}} {{CVE|CVE-2016-2107}} {{CVE|CVE-2016-2109}} {{CVE|CVE-2016-2176}} [https://www.openssl.org/news/secadv/20160503.txt] || {{pkg|openssl}} {{pkg|lib32-openssl}} || 2016-05-03 || <= 1.0.2.g-3 || 1.0.2.h-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000610.html ASA-201605-3] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000611.html ASA-201605-4]<br />
|-<br />
| {{CVE|CVE-2016-4425}} [https://github.com/akheron/jansson/issues/282] [http://marc.info/?l=oss-security&m=146219323703639&w=2] || {{pkg|jansson}} || 2016-05-02 || <= 2.7-1 || 2.8-1 || 137d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000711.html ASA-201609-15]<br />
|-<br />
| {{CVE|CVE-2016-4425}} [https://github.com/akheron/jansson/issues/282] [http://marc.info/?l=oss-security&m=146219323703639&w=2] || {{pkg|lib32-jansson}} || 2016-05-02 || <= 2.7-2 || 2.8-1 || 140d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000713.html ASA-201609-17]<br />
|-<br />
| {{CVE|CVE-2016-1660}} {{CVE|CVE-2016-1661}} {{CVE|CVE-2016-1662}} {{CVE|CVE-2016-1663}} {{CVE|CVE-2016-1664}} {{CVE|CVE-2016-1665}} {{CVE|CVE-2016-1666}} [http://googlechromereleases.blogspot.fr/2016/04/stable-channel-update_28.html] || {{pkg|chromium}} || 2016-04-28 || <= 50.0.2661.75-1 || 50.0.2661.94-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000614.html ASA-201605-7]<br />
|-<br />
| {{CVE|CVE-2015-8869}} || {{pkg|ocaml}} || 2016-04-29 || <= 4.02.3-2 || || || '''Vulnerable''' || <br />
|-<br />
| {{CVE|CVE-2016-4414}} [http://marc.info/?l=oss-security&m=146204310020229&w=2] || {{pkg|quassel-core}} || 2016-04-30 || <= 0.12.3-1 || 0.12.4-1 || 6d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000612.html ASA-201605-5]<br />
|-<br />
| {{CVE|CVE-2016-2167}} {{CVE|CVE-2016-2168}} [https://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgfn1iKueW51EpmXzXi_URNfGNofZSgOyW1_jnSeNm5DQ@mail.gmail.com%3E] || {{pkg|subversion}} || 2016-04-28 || <= 1.9.3-2 || 1.9.4-1 || 38d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000641.html ASA-201606-6]<br />
|-<br />
| {{CVE|CVE-2015-7704}} {{CVE|CVE-2015-8138}} {{CVE|CVE-2016-1547}} {{CVE|CVE-2016-1548}} {{CVE|CVE-2016-1549}} {{CVE|CVE-2016-1550}} {{CVE|CVE-2016-1551}} {{CVE|CVE-2016-2516}} {{CVE|CVE-2016-2517}} {{CVE|CVE-2016-2518}} {{CVE|CVE-2016-2519}} [http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security] || {{pkg|ntp}} || 2016-04-26 || <= 4.2.8.p6-3 || 4.2.8.p7-1 || 6d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-2804}} {{CVE|CVE-2016-2805}} {{CVE|CVE-2016-2806}} {{CVE|CVE-2016-2807}} {{CVE|CVE-2016-2808}} {{CVE|CVE-2016-2811}} {{CVE|CVE-2016-2812}} {{CVE|CVE-2016-2814}} {{CVE|CVE-2016-2816}} {{CVE|CVE-2016-2817}} {{CVE|CVE-2016-2820}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox46] || {{pkg|firefox}} || 2016-04-26 || <= 45.0.2-1 || 46.0-2 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000607.html ASA-201604-15]<br />
|-<br />
| {{CVE|CVE-2015-8863}} [http://seclists.org/oss-sec/2016/q2/134] || {{pkg|jq}} || 2016-04-23 || <= 1.5-3 || 1.5-4 || 109d || Fixed ({{bug|50330}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000684.html ASA-201608-10]<br />
|-<br />
| {{CVE|CVE-2016-3074}} [http://seclists.org/oss-sec/2016/q2/128] || {{pkg|gd}} || 2016-04-21 || <= 2.1.1-3 || 2.1.1-4 || 15d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000615.html ASA-201605-8]<br />
|-<br />
| {{CVE|CVE-2016-4051}} {{CVE|CVE-2016-4052}} {{CVE|CVE-2016-4053}} {{CVE|CVE-2016-4054}} [http://www.squid-cache.org/Advisories/SQUID-2016_5.txt] [http://www.squid-cache.org/Advisories/SQUID-2016_6.txt] || {{pkg|squid}} || 2016-04-20 || <= 3.5.16-1 || 3.5.17-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000606.html ASA-201604-14]<br />
|-<br />
| {{CVE|CVE-2016-4021}} [https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2016-030.txt] || {{pkg|pgpdump}} || 2016-04-12 || <= 0.29-2 || 0.30-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000603.html ASA-201604-11]<br />
|-<br />
| {{CVE|CVE-2016-1955}} {{CVE|CVE-2016-1956}} [https://www.mozilla.org/en-US/security/advisories/mfsa2016-18/] [https://www.mozilla.org/en-US/security/advisories/mfsa2016-19/] || {{pkg|thunderbird}} || 2016-04-12 || <= 38.7.2-1 || 45.0-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000604.html ASA-201604-12]<br />
|-<br />
| {{CVE|CVE-2016-2347}} [http://www.talosintel.com/reports/TALOS-2016-0095/] || {{pkg|lhasa}} || 2016-04-14 || <= 0.3.0-1 || 0.3.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000600.html ASA-201604-8]<br />
|-<br />
| {{CVE|CVE-2016-1651}} {{CVE|CVE-2016-1652}} {{CVE|CVE-2016-1653}} {{CVE|CVE-2016-1654}} {{CVE|CVE-2016-1655}} {{CVE|CVE-2016-1656}} {{CVE|CVE-2016-1657}} {{CVE|CVE-2016-1658}} {{CVE|CVE-2016-1659}} [http://googlechromereleases.blogspot.fr/2016/04/stable-channel-update_13.html] || {{pkg|chromium}} || 2016-04-13|| <= 49.0.2623.112-1 || 50.0.2661.75-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000602.html ASA-201604-10]<br />
|-<br />
| {{CVE|CVE-2015-5370}} {{CVE|CVE-2016-2110}} {{CVE|CVE-2016-2111}} {{CVE|CVE-2016-2112}} {{CVE|CVE-2016-2113}} {{CVE|CVE-2016-2114}} {{CVE|CVE-2016-2115}} {{CVE|CVE-2016-2118}} [https://www.samba.org/samba/history/security.html] [http://badlock.org/] || {{pkg|samba}} || 2016-04-12|| <= 4.4.0-1 || 4.4.2-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000605.html ASA-201604-13]<br />
|-<br />
| {{CVE|CVE-2016-4008}} [http://article.gmane.org/gmane.comp.security.oss.general/19286] || {{pkg|libtasn1}} || 2016-04-11|| <= 4.7-1 || 4.8-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000601.html ASA-201604-9]<br />
|-<br />
| {{CVE|CVE-2011-5326}} {{CVE|CVE-2016-3993}} {{CVE|CVE-2016-3994}} {{CVE|CVE-2016-4024}} [https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=785369] [http://article.gmane.org/gmane.comp.security.oss.general/19276] || {{pkg|imlib2}} || 2016-04-09 || <= 1.4.8-1 || 1.4.9-1 || 23d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000608.html ASA-201605-1]<br />
|-<br />
| {{CVE|CVE-2014-9771}} [http://www.openwall.com/lists/oss-security/2016/04/09/3] || {{pkg|imlib2}} || 2016-04-09 || <= 1.4.5-6 || 1.4.6-1 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-1006}} {{CVE|CVE-2016-1011}} {{CVE|CVE-2016-1012}} {{CVE|CVE-2016-1013}} {{CVE|CVE-2016-1014}} {{CVE|CVE-2016-1015}} {{CVE|CVE-2016-1016}} {{CVE|CVE-2016-1017}} {{CVE|CVE-2016-1018}} {{CVE|CVE-2016-1019}} {{CVE|CVE-2016-1020}} {{CVE|CVE-2016-1021}} {{CVE|CVE-2016-1022}} {{CVE|CVE-2016-1023}} {{CVE|CVE-2016-1024}} {{CVE|CVE-2016-1025}} {{CVE|CVE-2016-1026}} {{CVE|CVE-2016-1027}} {{CVE|CVE-2016-1028}} {{CVE|CVE-2016-1029}} {{CVE|CVE-2016-1030}} {{CVE|CVE-2016-1031}} {{CVE|CVE-2016-1032}} {{CVE|CVE-2016-1033}} [https://helpx.adobe.com/security/products/flash-player/apsa16-01.html] [https://helpx.adobe.com/security/products/flash-player/apsb16-10.html] || {{pkg|flashplugin}} || 2016-04-05 || <= 11.2.202.577-1 || 11.2.202.616-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000599.html ASA-201604-7]<br />
|-<br />
| {{CVE|CVE-2016-3630}} {{CVE|CVE-2016-3068}} {{CVE|CVE-2016-3069}} [https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.29] || {{pkg|mercurial}} || 2016-03-29 || <= 3.7.2-1 || 3.7.3-1 || 8d || Fixed ({{bug|48821}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000598.html ASA-201604-6]<br />
|-<br />
| {{CVE|CVE-2016-2191}} [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2191] [https://sourceforge.net/p/optipng/bugs/59/] [http://www.openwall.com/lists/oss-security/2016/04/04/2]|| {{Pkg|optipng}} || 2016-04-04 || <= 0.7.5-2 || 0.7.6-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000597.html ASA-201604-5]<br />
|-<br />
| {{CVE|CVE-2016-3947}} [http://www.squid-cache.org/Advisories/SQUID-2016_3.txt] || {{Pkg|squid}} || 2016-04-01 || <= 3.5.15-2 || 3.5.16 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000596.html ASA-201604-4]<br />
|-<br />
| {{CVE|CVE-2016-0636}} [http://www.oracle.com/technetwork/topics/security/alert-cve-2016-0636-2949497.html] [http://blog.fuseyism.com/index.php/2016/03/25/security-icedtea-2-6-5-for-openjdk-7-released/] || {{pkg|jdk7-openjdk}} {{pkg|jre7-openjdk}} {{pkg|jre7-openjdk-headless}} || 2016-03-24 || <= 7.u95_2.6.4-1 || 7.u99_2.6.5-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000593.html ASA-201604-1] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000594.html ASA-201604-2] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000595.html ASA-201604-3]<br />
|-<br />
| {{CVE|CVE-2016-0636}} [http://www.oracle.com/technetwork/topics/security/alert-cve-2016-0636-2949497.html] || {{pkg|jdk8-openjdk}} {{pkg|jre8-openjdk}} {{pkg|jre8-openjdk-headless}} || 2016-03-23 || <= 8.u74-1 || 8.u77-1 || 6d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000590.html ASA-201603-25] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000591.html ASA-201603-26] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000592.html ASA-201603-27]<br />
|-<br />
| {{CVE|CVE-2016-1646}} {{CVE|CVE-2016-1647}} {{CVE|CVE-2016-1648}} {{CVE|CVE-2016-1649}} {{CVE|CVE-2016-1650}} [http://googlechromereleases.blogspot.fr/2016/03/stable-channel-update_24.html] || {{pkg|chromium}} || 2016-03-24 || <= 49.0.2623.87-1 || 49.0.2623.108-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000589.html ASA-201603-24]<br />
|-<br />
| {{CVE|CVE-2016-2849}} {{CVE|CVE-2016-2850}} [http://botan.randombit.net/security.html#id1] || {{pkg|botan}} || 2016-03-20 || <= 1.11.28-1 || 1.11.29-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000587.html ASA-201603-22]<br />
|-<br />
| {{CVE|CVE-2016-1952}} {{CVE|CVE-2016-1953}} {{CVE|CVE-2016-1954}} {{CVE|CVE-2016-1957}} {{CVE|CVE-2016-1960}} {{CVE|CVE-2016-1961}} {{CVE|CVE-2016-1964}} {{CVE|CVE-2016-1966}} {{CVE|CVE-2016-1974}} {{CVE|CVE-2016-1977}} {{CVE|CVE-2016-2790}} {{CVE|CVE-2016-2791}} {{CVE|CVE-2016-2792}} {{CVE|CVE-2016-2793}} {{CVE|CVE-2016-2794}} {{CVE|CVE-2016-2795}} {{CVE|CVE-2016-2796}} {{CVE|CVE-2016-2797}} {{CVE|CVE-2016-2798}} {{CVE|CVE-2016-2799}} {{CVE|CVE-2016-2800}} {{CVE|CVE-2016-2801}} {{CVE|CVE-2016-2802}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird38.7] || {{pkg|thunderbird}} || 2016-03-14 || <= 38.6.0-1 || 38.7.0-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000586.html ASA-201603-21]<br />
|-<br />
| {{CVE|CVE-2016-2324}} [http://seclists.org/oss-sec/2016/q1/653] || {{pkg|git}} || 2016-03-15 || <= 2.7.3-1 || 2.7.4-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000585.html ASA-201603-20]<br />
|-<br />
| {{CVE|CVE-2016-3116}} [https://matt.ucc.asn.au/dropbear/CHANGES] || {{pkg|dropbear}} || 2016-03-13 || <= 2015.71-1 || 2016.72-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000584.html ASA-201603-19]<br />
|-<br />
| {{CVE|CVE-2015-1283}} [https://sourceforge.net/p/expat/bugs/528/] || {{pkg|expat}} || 2016-03-12 || <= 2.1.0-4 || 2.1.1-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000588.html ASA-201603-23]<br />
|-<br />
| {{CVE|CVE-2016-2088}} [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2088] {{CVE|CVE-2016-1286}} [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1286] {{CVE|CVE-2016-1285}} [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1285] || {{pkg|bind}} || 2016-03-10 || <= 9.10.3.P3-3 || 9.10.3.P4-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000578.html ASA-201603-13]<br />
|-<br />
| {{CVE|CVE-2016-0960}} {{CVE|CVE-2016-0961}} {{CVE|CVE-2016-0962}} {{CVE|CVE-2016-0963}} {{CVE|CVE-2016-0986}} {{CVE|CVE-2016-0987}} {{CVE|CVE-2016-0988}} {{CVE|CVE-2016-0989}} {{CVE|CVE-2016-0990}} {{CVE|CVE-2016-0991}} {{CVE|CVE-2016-0992}} {{CVE|CVE-2016-0993}} {{CVE|CVE-2016-0994}} {{CVE|CVE-2016-0995}} {{CVE|CVE-2016-0996}} {{CVE|CVE-2016-0997}} {{CVE|CVE-2016-0998}} {{CVE|CVE-2016-0999}} {{CVE|CVE-2016-1000}} {{CVE|CVE-2016-1001}} {{CVE|CVE-2016-1002}} {{CVE|CVE-2016-1005}} {{CVE|CVE-2016-1010}} [https://helpx.adobe.com/security/products/flash-player/apsb16-08.html] || {{pkg|lib32-flashplugin}} || 2016-03-10 || <= 11.2.202.569-1 || 11.2.202.577-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000576.html ASA-201603-11]<br />
|-<br />
| {{CVE|CVE-2016-0960}} {{CVE|CVE-2016-0961}} {{CVE|CVE-2016-0962}} {{CVE|CVE-2016-0963}} {{CVE|CVE-2016-0986}} {{CVE|CVE-2016-0987}} {{CVE|CVE-2016-0988}} {{CVE|CVE-2016-0989}} {{CVE|CVE-2016-0990}} {{CVE|CVE-2016-0991}} {{CVE|CVE-2016-0992}} {{CVE|CVE-2016-0993}} {{CVE|CVE-2016-0994}} {{CVE|CVE-2016-0995}} {{CVE|CVE-2016-0996}} {{CVE|CVE-2016-0997}} {{CVE|CVE-2016-0998}} {{CVE|CVE-2016-0999}} {{CVE|CVE-2016-1000}} {{CVE|CVE-2016-1001}} {{CVE|CVE-2016-1002}} {{CVE|CVE-2016-1005}} {{CVE|CVE-2016-1010}} [https://helpx.adobe.com/security/products/flash-player/apsb16-08.html] || {{pkg|flashplugin}} || 2016-03-10 || <= 11.2.202.569-1 || 11.2.202.577-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000575.html ASA-201603-10]<br />
|-<br />
| {{CVE|CVE-2016-3115}} [http://www.openssh.com/txt/x11fwd.adv] || {{pkg|openssh}} || 2016-03-10 || <= 7.2p1-1 || 7.2p2-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000577.html ASA-201603-12]<br />
|-<br />
| {{CVE|CVE-2015-8833}} [http://seclists.org/oss-sec/2016/q1/572] || {{pkg|pidgin-otr}} || 2016-03-09 || <= 4.0.1-2 || 4.0.2-1 || 3d || Fixed ({{bug|48537}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000579.html ASA-201603-14]<br />
|-<br />
| {{CVE|CVE-2016-2774}} [https://kb.isc.org/article/AA-01354] || {{pkg|dhcp}} || 2016-03-09 || <= 4.3.3.p1-1 || 4.3.4-1 || 21d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-1531}} [http://www.exim.org/static/doc/CVE-2016-1531.txt] || {{pkg|exim}} || 2016-03-06 || <= 4.86.1-1 || 4.86.2-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000573.html ASA-201603-8]<br />
|-<br />
| {{CVE|CVE-2016-1577}} {{CVE|CVE-2016-2089}} {{CVE|CVE-2016-2116}} || {{pkg|jasper}} || 2016-03-06 || <= 1.900.1-14 || 1.900.1-15 || ~2m || Fixed ({{bug|48511}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000609.html ASA-201605-2]<br />
|-<br />
| {{CVE|CVE-2016-1285}} {{CVE|CVE-2016-1286}} [https://kb.isc.org/article/AA-01352/] [https://kb.isc.org/article/AA-01353/] || {{pkg|bind}} || 2016-03-09 || <= 9.10.3.P3-3 || 9.10.3.P4-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000572.html ASA-201603-7]<br />
|-<br />
| {{CVE|CVE-2016-2851}} [https://otr.cypherpunks.ca/] || {{pkg|libotr}} || 2016-03-09 || <= 4.1.0-1 || 4.1.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000571.html ASA-201603-6]<br />
|-<br />
| {{CVE|CVE-2016-1643}} {{CVE|CVE-2016-1644}} {{CVE|CVE-2016-1645}} || {{pkg|chromium}} || 2016-03-09 || <= 49.0.2623.75-1 || 49.0.2623.87-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000570.html ASA-201603-5]<br />
|-<br />
| {{CVE|CVE-2016-1952}} {{CVE|CVE-2016-1953}} {{CVE|CVE-2016-1954}} {{CVE|CVE-2016-1955}} {{CVE|CVE-2016-1956}} {{CVE|CVE-2016-1957}} {{CVE|CVE-2016-1958}} {{CVE|CVE-2016-1959}} {{CVE|CVE-2016-1960}} {{CVE|CVE-2016-1961}} {{CVE|CVE-2016-1962}} {{CVE|CVE-2016-1963}} {{CVE|CVE-2016-1964}} {{CVE|CVE-2016-1965}} {{CVE|CVE-2016-1966}} {{CVE|CVE-2016-1967}} {{CVE|CVE-2016-1968}} {{CVE|CVE-2016-1970}} {{CVE|CVE-2016-1971}} {{CVE|CVE-2016-1972}} {{CVE|CVE-2016-1973}} {{CVE|CVE-2016-1974}} {{CVE|CVE-2016-1975}} {{CVE|CVE-2016-1976}} {{CVE|CVE-2016-1977}} {{CVE|CVE-2016-2790}} {{CVE|CVE-2016-2791}} {{CVE|CVE-2016-2792}} {{CVE|CVE-2016-2793}} {{CVE|CVE-2016-2794}} {{CVE|CVE-2016-2795}} {{CVE|CVE-2016-2796}} {{CVE|CVE-2016-2797}} {{CVE|CVE-2016-2798}} {{CVE|CVE-2016-2799}} {{CVE|CVE-2016-2800}} {{CVE|CVE-2016-2801}} {{CVE|CVE-2016-2802}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox45] || {{pkg|firefox}} || 2016-03-08 || <= 44.0.2-2 || 45.0-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000569.html ASA-201603-4]<br />
|-<br />
| {{CVE|CVE-2016-2532}} {{CVE|CVE-2016-2531}} {{CVE|CVE-2016-2530}} {{CVE|CVE-2016-2529}} {{CVE|CVE-2016-2528}} {{CVE|CVE-2016-2527}} {{CVE|CVE-2016-2526}} {{CVE|CVE-2016-2525}} {{CVE|CVE-2016-2524}} {{CVE|CVE-2016-2523}} {{CVE|CVE-2016-2522}} {{CVE|CVE-2016-2521}} || {{pkg|wireshark-cli}} {{pkg|wireshark-qt}} {{pkg|wireshark-gtk}} || 2016-03-07 || <= 2.0.1-2 || 2.0.2-1 || 5d || Fixed ({{bug|48536}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000580.html ASA-201603-15] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000581.html ASA-201603-16] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000582.html ASA-201603-17]<br />
|-<br />
| {{CVE|CVE-2016-2381}} [https://www.debian.org/security/2016/dsa-3501] || {{pkg|perl}} || 2016-03-07 || <= 5.22.1-1 || 5.22.1-2 || 3d || Fixed ({{Bug|48482}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000574.html ASA-201603-9]<br />
|-<br />
| {{CVE|CVE-2015-8126}} {{CVE|CVE-2016-1630}} {{CVE|CVE-2016-1631}} {{CVE|CVE-2016-1632}} {{CVE|CVE-2016-1633}} {{CVE|CVE-2016-1634}} {{CVE|CVE-2016-1635}} {{CVE|CVE-2016-1636}} {{CVE|CVE-2016-1637}} {{CVE|CVE-2016-1638}} {{CVE|CVE-2016-1639}} {{CVE|CVE-2016-1640}} {{CVE|CVE-2016-1641}} {{CVE|CVE-2016-1642}} [http://googlechromereleases.blogspot.fr/2016/03/stable-channel-update.html] || {{pkg|chromium}} || 2016-03-02 || <= 48.0.2564.116-1 || 49.0.2623.75-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000566.html ASA-201603-1]<br />
|-<br />
| {{CVE|CVE-2016-0702}} {{CVE|CVE-2016-0705}} {{CVE|CVE-2016-0797}} {{CVE|CVE-2016-0798}} {{CVE|CVE-2016-0799}} {{CVE|CVE-2016-0800}} [https://www.openssl.org/news/secadv/20160301.txt] || {{pkg|openssl}} || 2016-03-01 || <= 1.0.2.f-1 || 1.0.2.g-3 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000567.html ASA-201603-2]<br />
|-<br />
| {{CVE|CVE-2016-0702}} {{CVE|CVE-2016-0705}} {{CVE|CVE-2016-0797}} {{CVE|CVE-2016-0798}} {{CVE|CVE-2016-0799}} {{CVE|CVE-2016-0800}} [https://www.openssl.org/news/secadv/20160301.txt] || {{pkg|lib32-openssl}} || 2016-03-01 || <= 1.0.2.f-1 || 1.0.2.g-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000568.html ASA-201603-3]<br />
|-<br />
| {{CVE|CVE-2015-7511}} [https://lists.gnupg.org/pipermail/gnupg-announce/2016q1/000384.html] || {{pkg|libgcrypt}} || 2016-02-09 || <= 1.6.4-1 || 1.6.5-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000560.html ASA-201602-19]<br />
|-<br />
| {{CVE|CVE-2016-0739}} [https://www.libssh.org/2016/02/23/libssh-0-7-3-security-and-bugfix-release/] || {{pkg|libssh}} || 2016-02-23 || <= 0.7.2-1 || 0.7.3-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000559.html ASA-201602-18]<br />
|-<br />
| {{CVE|CVE-2016-0787}} [https://www.libssh2.org/adv_20160223.html] || {{pkg|libssh2}} || 2016-02-23 || <= 1.6.0-1 || 1.7.0-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000561.html ASA-201602-20]<br />
|-<br />
| {{CVE|CVE-2016-0787}} [https://www.libssh2.org/adv_20160223.html] || {{pkg|lib32-libssh2}} || 2016-02-23 || <= 1.6.0-1 || 1.7.0-1 ||3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000562.html ASA-201602-21]<br />
|-<br />
| {{CVE|CVE-2016-1629}} [http://googlechromereleases.blogspot.fr/2016/02/stable-channel-update_18.html] || {{pkg|chromium}} || 2016-02-18 || <= 48.0.2564.109-1 || 48.0.2564.116-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000558.html ASA-201602-17]<br />
|-<br />
| {{CVE|CVE-2015-7575}} {{CVE|CVE-2016-1523}} {{CVE|CVE-2016-1930}} {{CVE|CVE-2016-1931}} {{CVE|CVE-2016-1935}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird38.6] || {{pkg|thunderbird}} || 2016-02-11 || <= 38.5.1-1 || 38.6.0-1 || 6d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000557.html ASA-201602-16]<br />
|-<br />
| {{CVE|CVE-2015-7547}} {{CVE|CVE-2015-8776}} {{CVE|CVE-2015-8777}} {{CVE|CVE-2015-8778}} {{CVE|CVE-2015-8779}} [https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html] [https://googleonlinesecurity.blogspot.de/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html] || {{pkg|glibc}} || 2016-02-16 || <= 2.22-3 || 2.22-4 || 1d || Fixed ({{Bug|48213}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000555.html ASA-201602-15]<br />
|-<br />
| {{CVE|CVE-2015-7547}} {{CVE|CVE-2015-8776}} {{CVE|CVE-2015-8777}} {{CVE|CVE-2015-8778}} {{CVE|CVE-2015-8779}} [https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html] [https://googleonlinesecurity.blogspot.de/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html] || {{pkg|lib32-glibc}} || 2016-02-16 || <= 2.22-3.1 || 2.22-4 || 1d || Fixed ({{Bug|48213}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000554.html ASA-201602-14]<br />
|-<br />
| {{CVE|CVE-2016-1622}} {{CVE|CVE-2016-1623}} {{CVE|CVE-2016-1624}} {{CVE|CVE-2016-1625}} {{CVE|CVE-2016-1626}} {{CVE|CVE-2016-1627}} [http://googlechromereleases.blogspot.fr/2016/02/stable-channel-update_9.html]|| {{pkg|chromium}} || 2016-02-09 || <= 48.0.2564.103-1 || 48.0.2564.109-1 || 6d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-1949}} [https://www.mozilla.org/en-US/security/advisories/mfsa2016-13/]|| {{pkg|firefox}} || 2016-02-11 || <= 44.0.1-1 || 44.0.2-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000552.html ASA-201602-12]<br />
|-<br />
| {{CVE|CVE-2016-1544}} [https://nghttp2.org/blog/2016/02/11/nghttp2-v1-7-1/]|| {{pkg|nghttp2}} || 2016-02-11 || <= 1.7.0-1 || 1.7.1-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000553.html ASA-201602-13]<br />
|-<br />
| {{CVE|CVE-2014-2312}} [https://www.kde.org/info/security/advisory-20160209-1.txt]|| {{pkg|kscreenlocker}} || 2016-02-10 || <= 5.5.4-1 || 5.5.4-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000550.html ASA-201602-10]<br />
|-<br />
| {{CVE|CVE-2014-9496}} {{CVE|CVE-2014-9756}} {{CVE|CVE-2015-7805}} || {{pkg|libsndfile}} {{pkg|lib32-libsndfile}} || 2016-02-01 || <= 1.0.25-3 || 1.0.26-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000548.html ASA-201602-8] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000549.html ASA-201602-9]<br />
|-<br />
| {{CVE|CVE-2015-8803}} {{CVE|CVE-2015-8804}} {{CVE|CVE-2015-8805}} [https://blog.fuzzing-project.org/38-Miscomputations-of-elliptic-curve-scalar-multiplications-in-Nettle.html] || {{pkg|nettle}} {{pkg|lib32-nettle}} || 2016-02-03 || <= 3.1-1 || 3.2-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000545.html ASA-201602-5] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000546.html ASA-201602-6]<br />
|-<br />
| {{CVE|CVE-2016-2194}} {{CVE|CVE-2016-2195}} {{CVE|CVE-2016-2196}} [http://botan.randombit.net/security.html#id1] || {{pkg|botan}} || 2016-02-01 || <= 1.11.25-2 || 1.11.28-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000551.html ASA-201602-11]<br />
|-<br />
| {{CVE|CVE-2014-9761}} [http://seclists.org/oss-sec/2016/q1/153] || {{pkg|lib32-glibc}} || 2016-02-01 || <= 2.22-4 || 2.23-1 || 27d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000564.html ASA-201602-23]<br />
|-<br />
| {{CVE|CVE-2014-9761}} [http://seclists.org/oss-sec/2016/q1/153] || {{pkg|glibc}} || 2016-02-01 || <= 2.22-4 || 2.23-1 || 27d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000563.html ASA-201602-22]<br />
|-<br />
| {{CVE|CVE-2016-2048}} [https://www.djangoproject.com/weblog/2016/feb/01/releases-192-and-189/] || {{pkg|python-django}} {{pkg|python2-django}} || 2016-02-01 || <= 1.9.1-1 || 1.9.2-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000540.html ASA-201602-1] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000542.html ASA-201602-2]<br />
|-<br />
| {{CVE|CVE-2016-2090}} [http://article.gmane.org/gmane.comp.security.oss.general/18715] [http://cgit.freedesktop.org/libbsd/commit/?id=c8f0723d2b4520bdd6b9eb7c3e7976de726d7ff7] [https://bugs.freedesktop.org/show_bug.cgi?id=93881] [https://blog.fuzzing-project.org/36-Heap-buffer-overflow-in-fgetwln-function-of-libbsd.html] || {{pkg|libbsd}} || 2016-01-27 || <= 0.8.1-1 || 0.8.2-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000547.html ASA-201602-7]<br />
|-<br />
| {{CVE|CVE-2015-3197}} {{CVE|CVE-2015-4000}} {{CVE|CVE-2016-0701}} [https://openssl.org/news/secadv/20160128.txt] || {{pkg|openssl}} {{pkg|lib32-openssl}} || 2016-01-28 || <= 1.0.2.e-1 || 1.0.2.f-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000538.html ASA-201601-32] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000539.html ASA-201601-33]<br />
|-<br />
| {{CVE|CVE-2016-0755}} [http://curl.haxx.se/docs/adv_20160127A.html] || {{pkg|curl}} {{pkg|lib32-curl}} || 2016-01-27 || <= 7.46.0-1 || 7.47.0-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000543.html ASA-201602-3] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000544.html ASA-201602-4]<br />
|-<br />
| {{CVE|CVE-2016-0742}} {{CVE|CVE-2016-0746}} {{CVE|CVE-2016-0747}} [http://mailman.nginx.org/pipermail/nginx-announce/2016/000168.html] || {{pkg|nginx}} || 2016-01-26 || <= 1.8.0-2 || 1.8.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000536.html ASA-201601-31]<br />
|-<br />
| {{CVE|CVE-2016-1982}} {{CVE|CVE-2016-1983}} [http://seclists.org/oss-sec/2016/q1/179] || {{pkg|privoxy}} || 2016-01-21 || <= 3.0.23-1 || 3.0.24-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000532.html ASA-201601-27]<br />
|-<br />
| {{CVE|CVE-2016-1572}} [https://bugs.launchpad.net/ecryptfs/+bug/1530566] || {{pkg|ecryptfs-utils}} || 2016-01-21 || <= 108-1 || 108-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000530.html ASA-201601-25]<br />
|-<br />
| {{CVE|CVE-2016-1612}} {{CVE|CVE-2016-1613}} {{CVE|CVE-2016-1614}} {{CVE|CVE-2016-1615}} {{CVE|CVE-2016-1616}} {{CVE|CVE-2016-1617}} {{CVE|CVE-2016-1618}} {{CVE|CVE-2016-1619}} {{CVE|CVE-2016-1620}} [http://googlechromereleases.blogspot.fr/2016/01/stable-channel-update_20.html] || {{pkg|chromium}} || 2016-01-20 || <= 47.0.2526.111-1 || 48.0.2564.82-1 || 1d|| Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000533.html ASA-201601-28]<br />
|-<br />
| {{CVE|CVE-2015-8704}} {{CVE|CVE-2015-8705}} [https://kb.isc.org/article/AA-01335] [https://kb.isc.org/article/AA-01336] || {{pkg|bind}} || 2016-01-19 || <= 9.10.3.P2-1 || 9.10.3.P3-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000526.html ASA-201601-21]<br />
|-<br />
| {{CVE|CVE-2016-0728}} [http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/] || {{pkg|linux-lts}} || 2016-01-19 || <= 4.1.15-1 || 4.1.16-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000531.html ASA-201601-26]<br />
|-<br />
| {{CVE|CVE-2016-0728}} [http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/] || {{pkg|linux}} || 2016-01-19 || <= 4.3.3-2 || 4.3.3-3 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000525.html ASA-201601-20]<br />
|-<br />
| {{CVE|CVE-2015-5300}} [http://support.ntp.org/bin/view/Main/NtpBug2956] || {{pkg|ntp}} || 2016-01-07 || <= 4.2.8.p4-1 || 4.2.8.p5-1 || 10d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000524.html ASA-201601-19]<br />
|-<br />
| {{CVE|CVE-2015-8618}} [https://groups.google.com/forum/#!topic/golang-dev/MEATuOi_ei4] || {{pkg|syncthing}} || 2016-01-13 || <= 0.12.14-1 || 0.12.14-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000521.html ASA-201601-16]<br />
|-<br />
| {{CVE|CVE-2015-8618}} [https://groups.google.com/forum/#!topic/golang-dev/MEATuOi_ei4] || {{pkg|keybase}} || 2016-01-13 || <= 1.0.8.0-1 || 1.0.8.0-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000520.html ASA-201601-15]<br />
|-<br />
| {{CVE|CVE-2015-8618}} [https://groups.google.com/forum/#!topic/golang-dev/MEATuOi_ei4] || {{pkg|hub}} || 2016-01-13 || <= 2.2.2-1 || 2.2.2-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000519.html ASA-201601-14]<br />
|-<br />
| {{CVE|CVE-2015-8618}} [https://groups.google.com/forum/#!topic/golang-dev/MEATuOi_ei4] || {{pkg|go-ipfs}} || 2016-01-13 || <= 0.3.11-1 || 0.3.11-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000518.html ASA-201601-13]<br />
|-<br />
| {{CVE|CVE-2015-8618}} [https://groups.google.com/forum/#!topic/golang-dev/MEATuOi_ei4] || {{pkg|docker}} || 2016-01-13 || <= 1:1.9.1-1 || 1:1.9.1-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000517.html ASA-201601-12]<br />
|-<br />
| {{CVE|CVE-2015-8770}} [http://seclists.org/bugtraq/2016/Jan/60] || {{pkg|roundcubemail}} || 2015-12-26 || <= 1.2beta-1 || 1.2beta-2 || 20d || Fixed ({{bug|47764}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000523.html ASA-201601-18]<br />
|-<br />
| {{CVE|CVE-2016-1903}} {{CVE|CVE-2016-1904}} [http://seclists.org/oss-sec/2016/q1/100] || {{pkg|php}} || 2016-01-14 || <= 7.0.1-1 || 7.0.2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000515.html ASA-201601-10]<br />
|-<br />
| {{CVE|CVE-2016-0777}} {{CVE|CVE-2016-0778}} [http://www.openssh.com/txt/release-7.1p2] || {{pkg|openssh}} || 2016-01-14 || <= 7.1p1-1 || 7.1p2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000512.html ASA-201601-9]<br />
|-<br />
| {{CVE|CVE-2016-2213}} [http://www.openwall.com/lists/oss-security/2016/02/03/2] || {{pkg|ffmpeg}} || 2016-02-03 || <= 2.8.4-1 || 2.8.5-1 || 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-1897}} {{CVE|CVE-2016-1898}} [http://seclists.org/oss-sec/2016/q1/85] || {{pkg|ffmpeg}} || 2016-01-13 || <= 1:2.8.4-2 || 1:2.8.4-3 || <1d || Fixed ({{Bug|47738}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000522.html ASA-201601-17]<br />
|-<br />
| {{CVE|CVE-2016-1897}} {{CVE|CVE-2016-1898}} [http://seclists.org/oss-sec/2016/q1/85] || {{pkg|mplayer}} || 2016-01-13 || <= 37379-6 || 37379-7 || 17d || Fixed ({{Bug|47944}}) || None<br />
|-<br />
| {{CVE|CVE-2015-8618}} [https://groups.google.com/forum/#!topic/golang-dev/MEATuOi_ei4] || {{pkg|go}} || 2016-01-13 || <= 2:1.5.2-1 || 2:1.5.3-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000516.html ASA-201601-11]<br />
|-<br />
|{{CVE|CVE-2015-8742}} {{CVE|CVE-2015-8741}} {{CVE|CVE-2015-8740}} {{CVE|CVE-2015-8738}} {{CVE|CVE-2015-8739}} {{CVE|CVE-2015-8737}} {{CVE|CVE-2015-8736}} {{CVE|CVE-2015-8735}} {{CVE|CVE-2015-8734}} {{CVE|CVE-2015-8733}} {{CVE|CVE-2015-8732}} {{CVE|CVE-2015-8730}} {{CVE|CVE-2015-8731}} {{CVE|CVE-2015-8729}} {{CVE|CVE-2015-8728}} {{CVE|CVE-2015-8727}} {{CVE|CVE-2015-8726}} {{CVE|CVE-2015-8725}} {{CVE|CVE-2015-8724}} {{CVE|CVE-2015-8723}} {{CVE|CVE-2015-8722}} {{CVE|CVE-2015-8721}} {{CVE|CVE-2015-8720}} {{CVE|CVE-2015-8718}} {{CVE|CVE-2015-8711}} || {{Pkg|wireshark-cli}} {{Pkg|wireshark-gtk}} {{Pkg|wireshark-qt}} || 2016-01-04 || <= 2.0.0 || 2.0.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000483.html ASA-201601-4] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000484.html ASA-201601-5] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000485.html ASA-201601-6]<br />
|-<br />
| {{CVE|CVE-2016-1564}} [http://article.gmane.org/gmane.comp.security.oss.general/18527] || {{Pkg|wordpress}} || 2016-01-08 || <= 4.4-1 || 4.4.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000481.html ASA-201601-2]<br />
|-<br />
| {{CVE|CVE-2015-8751}} [https://bugzilla.redhat.com/show_bug.cgi?id=1294039] [http://article.gmane.org/gmane.comp.security.oss.general/18523] || {{Pkg|jasper}} || 2016-01-07 || 1.900.1-15 || || || '''Vulnerable''' || <br />
|-<br />
| {{CVE|CVE-2015-8750}} [https://bugzilla.redhat.com/show_bug.cgi?id=1294264] [https://github.com/tomhughes/libdwarf/commit/11750a2838e52953013e3114ef27b3c7b1780697] || {{Pkg|libdwarf}} || 2016-01-07 || 20150507-1 || 20160115-1 || 13d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000527.html ASA-201601-22]<br />
|-<br />
| {{CVE|CVE-2016-1503}} {{CVE|CVE-2016-1504}} [http://article.gmane.org/gmane.comp.security.oss.general/18516] || {{Pkg|dhcpcd}} || 2016-01-07 || <= 6.9.4-1 || 6.10.0-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000486.html ASA-201601-7]<br />
|-<br />
| {{CVE|CVE-2015-7575}} [http://www.mitls.org/pages/attacks/SLOTH] [https://tls.mbed.org/tech-updates/releases/mbedtls-2.2.1-2.1.4-1.3.16-and-polarssl.1.2.19-released] || {{pkg|mbedtls}} || 2016-01-04 || 2.2.0-1 || 2.2.1-1 || 21d || Fixed ({{bug|47783}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000534.html ASA-201601-29]<br />
|-<br />
| {{CVE|CVE-2015-8688}} [http://gultsch.de/gajim_roster_push_and_message_interception.html] || {{pkg|gajim}} || 2015-12-20 || <= 0.16.4-1 || 0.16.5-1 || 20d || Fixed ({{bug|47647}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000482.html ASA-201601-3]<br />
|-<br />
| {{CVE|CVE-2016-1494}} [https://bitbucket.org/sybren/python-rsa/pull-requests/14/security-fix-bb06-attack-in-verify-by/diff] [https://blog.filippo.io/bleichenbacher-06-signature-forgery-in-python-rsa/] || {{pkg|python-rsa}} {{pkg|python2-rsa}} || 2016-01-05 || <= 3.2.3-1 || 3.3-1 || 13d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000528.html ASA-201601-23] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000529.html ASA-201601-24]<br />
|-<br />
| {{CVE|CVE-2016-1283}} [https://bugs.exim.org/show_bug.cgi?id=1767] [http://article.gmane.org/gmane.comp.security.oss.general/18481] || {{pkg|pcre}} || 2016-01-02 || <= 8.38-2 || 8.38-3 || 71d|| Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000583.html ASA-201603-18]<br />
|-<br />
|[http://article.gmane.org/gmane.comp.security.oss.general/18466] || {{Pkg|rtmpdump}} || 2015-12-23 || <= 20140918-2 || 1:2.4.r96.fa8646d-1 || 7d || Fixed ({{bug|47564}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000480.html ASA-201601-1]<br />
|-<br />
| {{CVE|CVE-2015-8472}} [http://seclists.org/oss-sec/2015/q4/439] || {{pkg|libpng}} || 2015-12-03 || <= 1.6.19-1 || 1.6.20-1 || 25d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000477.html ASA-201512-18]<br />
|-<br />
| {{CVE|CVE-2015-8459}} {{CVE|CVE-2015-8460}} {{CVE|CVE-2015-8634}} {{CVE|CVE-2015-8635}} {{CVE|CVE-2015-8636}} {{CVE|CVE-2015-8638}} {{CVE|CVE-2015-8639}} {{CVE|CVE-2015-8640}} {{CVE|CVE-2015-8641}} {{CVE|CVE-2015-8642}} {{CVE|CVE-2015-8643}} {{CVE|CVE-2015-8644}} {{CVE|CVE-2015-8645}} {{CVE|CVE-2015-8646}} {{CVE|CVE-2015-8647}} {{CVE|CVE-2015-8648}} {{CVE|CVE-2015-8649}} {{CVE|CVE-2015-8650}} {{CVE|CVE-2015-8651}} [https://helpx.adobe.com/security/products/flash-player/apsb16-01.html] || {{pkg|flashplugin}} {{pkg|lib32-flashplugin}} || 2015-12-28 || <= 11.2.202.554-1 || 11.2.202.559-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000477.html ASA-201512-17]<br />
|-<br />
| {{CVE|CVE-2015-7554}} {{CVE|CVE-2015-8683}} [http://seclists.org/oss-sec/2015/q4/584] [http://seclists.org/oss-sec/2015/q4/590] || {{pkg|libtiff}} || 2015-12-25 || <= 4.0.6-2 || || || '''Vulnerable''' || <br />
|-<br />
| {{CVE|CVE-2015-7201}} {{CVE|CVE-2015-7205}} {{CVE|CVE-2015-7212}} {{CVE|CVE-2015-7213}} {{CVE|CVE-2015-7214}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird38.5] || {{pkg|thunderbird}} || 2015-12-23 || <= 38.4.0-2 || 38.5.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000474.html ASA-201512-14]<br />
|-<br />
| {{CVE|CVE-2015-8612}} [http://seclists.org/oss-sec/2015/q4/541] || {{pkg|blueman}} || 2015-12-18 || <= 2.0.2-1 || 2.0.3-1 || 38d || Fixed ({{bug|47784}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000535.html ASA-201601-30]<br />
|-<br />
| {{CVE|CVE-2015-8659}} [http://seclists.org/oss-sec/2015/q4/576] || {{pkg|nghttp2}} || 2015-12-23 || <= 1.5.0-2 || 1.6.0-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000476.html ASA-201512-16]<br />
|-<br />
| {{CVE|CVE-2015-7555}} [http://seclists.org/oss-sec/2015/q4/548] || {{pkg|giflib}} || 2015-12-21 || <= 5.1.1-1 || 5.1.2-1 || 43d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-7557}} {{CVE|CVE-2015-7558}} [http://seclists.org/oss-sec/2015/q4/549] || {{pkg|librsvg}} || 2015-12-21 || <= 2:2.40.11-1 || 2:2.40.13-1 || 45d || Fixed ({{bug|47785}}) || None<br />
|-<br />
| {{CVE|CVE-2015-8622}} {{CVE|CVE-2015-8623}} {{CVE|CVE-2015-8624}} {{CVE|CVE-2015-8625}} {{CVE|CVE-2015-8626}} {{CVE|CVE-2015-8627}} {{CVE|CVE-2015-8628}} [http://seclists.org/oss-sec/2015/q4/552] || {{pkg|mediawiki}} || 2015-12-17 || <= 1.26.0-1 || 1.26.2-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000475.html ASA-201512-15]<br />
|-<br />
| {{CVE|CVE-2015-8614}} [http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3557] || {{pkg|claws-mail}} || 2015-12-21 || <= 3.13.0-1 || 3.13.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000473.html ASA-201512-13]<br />
|-<br />
| {{CVE|CVE-2015-8369}} {{CVE|CVE-2015-8604}} {{CVE|CVE-2015-8377}} {{CVE|CVE-2016-2313}} [http://www.openwall.com/lists/oss-security/2016/02/09/3] [https://bugs.mageia.org/show_bug.cgi?id=17352] [http://www.openwall.com/lists/oss-security/2016/01/04/8] || {{pkg|cacti}} || 2015-12-17 || <= 0.8.8_f-3 || 0.8.8_g-2 || 72d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000565.html ASA-201602-24]<br />
|-<br />
| [https://blog.fuzzing-project.org/32-Out-of-bounds-read-in-OpenVPN.html] || {{pkg|openvpn}} || 2015-12-18 || <= 2.3.8-2 || 2.3.9-1 || 9d || Fixed ({{bug|47498}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000479.html ASA-201512-19]<br />
|-<br />
| {{CVE|CVE-2015-8549}} [http://www.ocert.org/advisories/ocert-2015-011.html] || {{pkg|python2-pyamf}} || 2015-12-17 || <= 0.7.2-1 || 0.8.0-2 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000472.html ASA-201512-12]<br />
|-<br />
| {{CVE|CVE-2015-7551}} [https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/] || {{pkg|ruby}} || 2015-12-16 || <= 2.2.3-1 || 2.2.4-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000471.html ASA-201512-11]<br />
|-<br />
| {{CVE|CVE-2015-7201}} {{CVE|CVE-2015-7202}} {{CVE|CVE-2015-7203}} {{CVE|CVE-2015-7204}} {{CVE|CVE-2015-7205}} {{CVE|CVE-2015-7207}} {{CVE|CVE-2015-7208}} {{CVE|CVE-2015-7210}} {{CVE|CVE-2015-7211}} {{CVE|CVE-2015-7212}} {{CVE|CVE-2015-7213}} {{CVE|CVE-2015-7214}} {{CVE|CVE-2015-7215}} {{CVE|CVE-2015-7216}} {{CVE|CVE-2015-7217}} {{CVE|CVE-2015-7218}} {{CVE|CVE-2015-7219}} {{CVE|CVE-2015-7220}} {{CVE|CVE-2015-7221}} {{CVE|CVE-2015-7222}} {{CVE|CVE-2015-7223}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox43] || {{pkg|firefox}} || 2015-12-15 || <= 42.0-3 || 43.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000467.html ASA-201512-9]<br />
|-<br />
| {{CVE|CVE-2015-8000}} [https://kb.isc.org/article/AA-01317] || {{pkg|bind}} || 2015-12-15 || <= 9.10.3-2 || 9.10.3.P2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000468.html ASA-201512-10]<br />
|-<br />
| {{CVE|CVE-2015-8370}} [http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html#fix] || {{pkg|grub}} || 2015-12-15 || <= 1:2.02.beta2-5 || 1:2.02.beta2-6 || 3d || Fixed ({{bug|47386}}) || None<br />
|-<br />
| {{CVE|CVE-2015-8378}} [https://www.keepassx.org/news/2015/12/551] || {{pkg|keepassx}} || 2015-12-08 || <= 0.4.3-7 || 0.4.4-1 || <2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000466.html ASA-201512-8]<br />
|-<br />
| {{CVE|CVE-2015-8045}} {{CVE|CVE-2015-8047}} {{CVE|CVE-2015-8048}} {{CVE|CVE-2015-8049}} {{CVE|CVE-2015-8050}} {{CVE|CVE-2015-8055}} {{CVE|CVE-2015-8056}} {{CVE|CVE-2015-8057}} {{CVE|CVE-2015-8058}} {{CVE|CVE-2015-8059}} {{CVE|CVE-2015-8060}} {{CVE|CVE-2015-8061}} {{CVE|CVE-2015-8062}} {{CVE|CVE-2015-8063}} {{CVE|CVE-2015-8064}} {{CVE|CVE-2015-8065}} {{CVE|CVE-2015-8066}} {{CVE|CVE-2015-8067}} {{CVE|CVE-2015-8068}} {{CVE|CVE-2015-8069}} {{CVE|CVE-2015-8070}} {{CVE|CVE-2015-8071}} {{CVE|CVE-2015-8401}} {{CVE|CVE-2015-8402}} {{CVE|CVE-2015-8403}} {{CVE|CVE-2015-8404}} {{CVE|CVE-2015-8405}} {{CVE|CVE-2015-8406}} {{CVE|CVE-2015-8407}} {{CVE|CVE-2015-8408}} {{CVE|CVE-2015-8409}} {{CVE|CVE-2015-8410}} {{CVE|CVE-2015-8411}} {{CVE|CVE-2015-8412}} {{CVE|CVE-2015-8413}} {{CVE|CVE-2015-8414}} {{CVE|CVE-2015-8415}} {{CVE|CVE-2015-8416}} {{CVE|CVE-2015-8417}} {{CVE|CVE-2015-8418}} {{CVE|CVE-2015-8419}} {{CVE|CVE-2015-8420}} {{CVE|CVE-2015-8421}} {{CVE|CVE-2015-8422}} {{CVE|CVE-2015-8423}} {{CVE|CVE-2015-8424}} {{CVE|CVE-2015-8425}} {{CVE|CVE-2015-8426}} {{CVE|CVE-2015-8427}} {{CVE|CVE-2015-8428}} {{CVE|CVE-2015-8429}} {{CVE|CVE-2015-8430}} {{CVE|CVE-2015-8431}} {{CVE|CVE-2015-8432}} {{CVE|CVE-2015-8433}} {{CVE|CVE-2015-8434}} {{CVE|CVE-2015-8435}} {{CVE|CVE-2015-8436}} {{CVE|CVE-2015-8437}} {{CVE|CVE-2015-8438}} {{CVE|CVE-2015-8439}} {{CVE|CVE-2015-8440}} {{CVE|CVE-2015-8441}} {{CVE|CVE-2015-8442}} {{CVE|CVE-2015-8443}} {{CVE|CVE-2015-8444}} {{CVE|CVE-2015-8445}} {{CVE|CVE-2015-8446}} {{CVE|CVE-2015-8447}} {{CVE|CVE-2015-8448}} {{CVE|CVE-2015-8449}} {{CVE|CVE-2015-8450}} {{CVE|CVE-2015-8451}} {{CVE|CVE-2015-8452}} {{CVE|CVE-2015-8453}} {{CVE|CVE-2015-8454}} {{CVE|CVE-2015-8455}} [https://helpx.adobe.com/security/products/flash-player/apsb15-32.html] || {{pkg|flashplugin}} || 2015-12-08 || <= 11.2.202.548-1 || 11.2.202.554-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000465.html ASA-201512-7]<br />
|-<br />
| {{CVE|CVE-2015-6788}} {{CVE|CVE-2015-6789}} {{CVE|CVE-2015-6790}} {{CVE|CVE-2015-6791}} [http://googlechromereleases.blogspot.fr/2015/12/stable-channel-update_8.html] || {{pkg|chromium}} || 2015-12-08 || <= 47.0.2526.73-1 || 47.0.2526.80-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000463.html ASA-201512-5]<br />
|-<br />
| {{CVE|CVE-2015-3193}} {{CVE|CVE-2015-3194}} {{CVE|CVE-2015-3195}} {{CVE|CVE-2015-3196}} {{CVE|CVE-2015-1794}} [https://www.openssl.org/news/secadv/20151203.txt] || {{pkg|openssl}} {{pkg|lib32-openssl}} || 2015-12-03 || <= 1.0.2.d-1 || 1.0.2.e-1 || <3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000459.html ASA-201512-2]<br />
|-<br />
| {{CVE|CVE-2015-6764}} {{CVE|CVE-2015-6765}} {{CVE|CVE-2015-6766}} {{CVE|CVE-2015-6767}} {{CVE|CVE-2015-6768}} {{CVE|CVE-2015-6769}} {{CVE|CVE-2015-6770}} {{CVE|CVE-2015-6771}} {{CVE|CVE-2015-6772}} {{CVE|CVE-2015-6773}} {{CVE|CVE-2015-6774}} {{CVE|CVE-2015-6775}} {{CVE|CVE-2015-6776}} {{CVE|CVE-2015-6777}} {{CVE|CVE-2015-6778}} {{CVE|CVE-2015-6779}} {{CVE|CVE-2015-6780}} {{CVE|CVE-2015-6781}} {{CVE|CVE-2015-6782}} {{CVE|CVE-2015-6783}} {{CVE|CVE-2015-6784}} {{CVE|CVE-2015-6785}} {{CVE|CVE-2015-6786}} {{CVE|CVE-2015-6787}} [http://googlechromereleases.blogspot.fr/2015/12/stable-channel-update.html] || {{pkg|chromium}} || 2015-12-01 || <= 46.0.2490.86-1 || 47.0.2526.73-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000440.html ASA-201512-1]<br />
|-<br />
| {{CVE|CVE-2015-6764}} {{CVE|CVE-2015-8027}} [https://nodejs.org/en/blog/vulnerability/cve-2015-8027_cve-2015-6764/] || {{pkg|nodejs}} || 2015-11-25 || <= 5.1.0-1 || 5.1.1-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000462.html ASA-201512-4]<br />
|-<br />
| {{CVE|CVE-2015-8213}} [https://www.djangoproject.com/weblog/2015/nov/24/security-releases-issued/ templink] || {{pkg|python-django}} {{pkg|python2-django}} || 2015-11-24 || <= 1.8.6-1 || 1.8.7-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000460.html ASA-201512-3]<br />
|-<br />
| {{CVE|CVE-2015-1819}} {{CVE|CVE-2015-5312}} {{CVE|CVE-2015-7941}} {{CVE|CVE-2015-7942}} {{CVE|CVE-2015-7497}} {{CVE|CVE-2015-7498}} {{CVE|CVE-2015-7499}} {{CVE|CVE-2015-7500}} {{CVE|CVE-2015-8035}} {{CVE|CVE-2015-8242}} [https://mail.gnome.org/archives/xml/2015-November/msg00012.html templink] || {{pkg|libxml2}} || 2015-11-20 || <= 2.9.2-2 || 2.9.3-1 || 19d || Fixed ({{bug|47095}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000464.html ASA-201512-6]<br />
|-<br />
| {{CVE|CVE-2015-7981}} {{CVE|CVE-2015-8126}} [http://seclists.org/oss-sec/2015/q4/264 templink] [http://seclists.org/oss-sec/2015/q4/161 templink] || {{pkg|libpng}} {{pkg|lib32-libpng}} || 2015-11-12 || <= 1.6.18-1 || 1.6.19-1 || 5d || Fixed ({{bug|47069}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000437.html ASA-201511-9] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000438.html ASA-201511-10]<br />
|-<br />
| {{CVE|CVE-2015-5309}} [http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-ech-overflow.html templink] || {{pkg|putty}} || 2015-11-12 || <= 0.65-1 || 0.66-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000435.html ASA-201511-7]<br />
|-<br />
| {{CVE|CVE-2015-7651}} {{CVE|CVE-2015-7652}} {{CVE|CVE-2015-7653}} {{CVE|CVE-2015-7654}} {{CVE|CVE-2015-7655}} {{CVE|CVE-2015-7656}} {{CVE|CVE-2015-7657}} {{CVE|CVE-2015-7658}} {{CVE|CVE-2015-7659}} {{CVE|CVE-2015-7660}} {{CVE|CVE-2015-7661}} {{CVE|CVE-2015-7662}} {{CVE|CVE-2015-7663}} {{CVE|CVE-2015-8042}} {{CVE|CVE-2015-8043}} {{CVE|CVE-2015-8044}} {{CVE|CVE-2015-8046}} [https://helpx.adobe.com/security/products/flash-player/apsb15-28.html templink] || {{pkg|flashplugin}} || 2015-11-10 || <= 11.2.202.540-1 || 11.2.202.548-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000433.html ASA-201511-5]<br />
|-<br />
| {{CVE|CVE-2015-1302}} [http://googlechromereleases.blogspot.fr/2015/11/stable-channel-update.html templink] || {{pkg|chromium}} || 2015-11-10 || <= 46.0.2490.80-2 || 46.0.2490.86-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000436.html ASA-201511-8]<br />
|-<br />
| {{CVE|CVE-2015-5311}} [https://doc.powerdns.com/md/security/powerdns-advisory-2015-03/ templink] || {{pkg|powerdns}} || 2015-11-09 || <= 3.4.6-2 || 3.4.7-1 || 3d || Fixed ({{bug|47014}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000434.html ASA-201511-6]<br />
|-<br />
| {{CVE|CVE-2015-4513}} {{CVE|CVE-2015-4514}} {{CVE|CVE-2015-4515}} {{CVE|CVE-2015-4518}} {{CVE|CVE-2015-7181}} {{CVE|CVE-2015-7182}} {{CVE|CVE-2015-7183}} {{CVE|CVE-2015-7187}} {{CVE|CVE-2015-7188}} {{CVE|CVE-2015-7189}} {{CVE|CVE-2015-7193}} {{CVE|CVE-2015-7194}} {{CVE|CVE-2015-7195}} {{CVE|CVE-2015-7196}} {{CVE|CVE-2015-7197}} {{CVE|CVE-2015-7198}} {{CVE|CVE-2015-7199}} {{CVE|CVE-2015-7200}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2015-11-03 || <= 41.0.2-2 || 42.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000430.html ASA-201511-2]<br />
|-<br />
| {{CVE|CVE-2015-7183}} [http://www.mail-archive.com/dev-tech-crypto@lists.mozilla.org/msg12386.html templink] || {{pkg|nspr}} || 2015-11-03 || <= 4.10.9-1 || 4.10.10-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000432.html ASA-201511-4]<br />
|-<br />
| {{CVE|CVE-2015-7181}} {{CVE|CVE-2015-7182}} [http://www.mail-archive.com/dev-tech-crypto@lists.mozilla.org/msg12386.html templink] || {{pkg|nss}} || 2015-11-03 || <= 3.20-1 || 3.20.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000431.html ASA-201511-3]<br />
|-<br />
| {{CVE|CVE-2015-7696}} {{CVE|CVE-2015-7697}} [http://seclists.org/oss-sec/2015/q3/512 templink] || {{pkg|unzip}} || 2015-10-30 || <= 6.0-10 || 6.0-11 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000429.html ASA-201511-1]<br />
|-<br />
| {{CVE|CVE-2015-8011}} {{CVE|CVE-2015-8012}} [http://seclists.org/oss-sec/2015/q4/198 templink] || {{pkg|lldpd}} || 2015-10-17 || <= 0.7.18-1 || 0.7.19-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000427.html ASA-201510-25]<br />
|-<br />
| {{CVE|CVE-2015-5714}} {{CVE|CVE-2015-5715}} {{CVE|CVE-2015-7989}} [https://codex.wordpress.org/Version_4.3.1 templink] || {{pkg|wordpress}} || 2015-10-18 || <= 4.3.0-1 || 4.3.1-1 || 11d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000426.html ASA-201510-24]<br />
|-<br />
| {{CVE|CVE-2015-7873}} [https://www.phpmyadmin.net/security/PMASA-2015-5/ templink] || {{pkg|phpmyadmin}} || 2015-10-23 || <= 4.5.0-1 || 4.5.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000425.html ASA-201510-23]<br />
|-<br />
| {{CVE|CVE-2015-7995}} [https://bugzilla.redhat.com/show_bug.cgi?id=1257962 templink] || {{pkg|libxslt}} || 2015-10-27 || <= 1.1.28-3 || 1.1.28-4 || 73d || Fixed ({{bug|47681}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000487.html ASA-201601-8]<br />
|-<br />
| {{CVE|CVE-2015-7943}} [https://www.drupal.org/SA-CORE-2015-004 templink] || {{pkg|drupal}} || 2015-10-21 || <= 7.40-1 || 7.41-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000423.html ASA-201510-21]<br />
|-<br />
| {{CVE|CVE-2015-4913}} {{CVE|CVE-2015-4870}} {{CVE|CVE-2015-4861}} {{CVE|CVE-2015-4858}} {{CVE|CVE-2015-4836}} {{CVE|CVE-2015-4830}} {{CVE|CVE-2015-4826}} {{CVE|CVE-2015-4815}} {{CVE|CVE-2015-4802}} {{CVE|CVE-2015-4792}} || {{pkg|mariadb}} || 2015-10-22 || <= 10.0.21-3 || 10.0.22-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000428.html ASA-201510-26] <br />
|-<br />
| {{CVE|CVE-2015-4734}} {{CVE|CVE-2015-4803}} {{CVE|CVE-2015-4805}} {{CVE|CVE-2015-4806}} {{CVE|CVE-2015-4810}} {{CVE|CVE-2015-4835}} {{CVE|CVE-2015-4840}} {{CVE|CVE-2015-4842}} {{CVE|CVE-2015-4843}} {{CVE|CVE-2015-4844}} {{CVE|CVE-2015-4860}} {{CVE|CVE-2015-4868}} {{CVE|CVE-2015-4872}} {{CVE|CVE-2015-4881}} {{CVE|CVE-2015-4882}} {{CVE|CVE-2015-4883}} {{CVE|CVE-2015-4893}} {{CVE|CVE-2015-4901}} {{CVE|CVE-2015-4902}} {{CVE|CVE-2015-4903}} {{CVE|CVE-2015-4906}} {{CVE|CVE-2015-4908}} {{CVE|CVE-2015-4911}} {{CVE|CVE-2015-4916}} || {{pkg|jdk8-openjdk}} {{pkg|jre8-openjdk}} {{pkg|jre8-openjdk-headless}} || 2015-09-22 || <= 8.u60-1 || 8.u65-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000420.html ASA-201510-18] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000421.html ASA-201510-19] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000422.html ASA-201510-20]<br />
|-<br />
| {{CVE|CVE-2015-4734}} {{CVE|CVE-2015-4803}} {{CVE|CVE-2015-4805}} {{CVE|CVE-2015-4806}} {{CVE|CVE-2015-4810}} {{CVE|CVE-2015-4835}} {{CVE|CVE-2015-4840}} {{CVE|CVE-2015-4842}} {{CVE|CVE-2015-4843}} {{CVE|CVE-2015-4844}} {{CVE|CVE-2015-4860}} {{CVE|CVE-2015-4871}} {{CVE|CVE-2015-4872}} {{CVE|CVE-2015-4881}} {{CVE|CVE-2015-4882}} {{CVE|CVE-2015-4883}} {{CVE|CVE-2015-4893}} {{CVE|CVE-2015-4902}} {{CVE|CVE-2015-4903}} {{CVE|CVE-2015-4911}} || {{pkg|jdk7-openjdk}} {{pkg|jre7-openjdk}} {{pkg|jre7-openjdk-headless}} || 2015-09-22 || <= 7.u85_2.6.1-2 || 7.u91_2.6.2-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000417.html ASA-201510-15] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000418.html ASA-201510-16] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000419.html ASA-201510-17]<br />
|-<br />
| {{CVE|CVE-2015-7691}} {{CVE|CVE-2015-7692}} {{CVE|CVE-2015-7701}} {{CVE|CVE-2015-7702}} {{CVE|CVE-2015-7703}} {{CVE|CVE-2015-7704}} {{CVE|CVE-2015-7705}} {{CVE|CVE-2015-7848}} {{CVE|CVE-2015-7849}} {{CVE|CVE-2015-7850}} {{CVE|CVE-2015-7851}} {{CVE|CVE-2015-7852}} {{CVE|CVE-2015-7853}} {{CVE|CVE-2015-7854}} {{CVE|CVE-2015-7855}} {{CVE|CVE-2015-7871}} [http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities templink] [http://blog.talosintel.com/2015/10/ntpd-vulnerabilities.html templink] || {{pkg|ntp}} || 2015-10-21 || <= 4.2.8.p3-1 || 4.2.8.p4-1 || 1d || Fixed ({{bug|46826}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000416.html ASA-201510-14]<br />
|-<br />
| {{CVE|CVE-2015-6031}} [http://talosintel.com/reports/TALOS-2015-0035/ templink] || {{pkg|miniupnpc}} || 2015-09-15 || <= 1.9.20150730-1 || 1.9.20151008-1 || 30d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000413.html ASA-201510-11]<br />
|-<br />
| {{CVE|CVE-2015-7645}} {{CVE|CVE-2015-7647}} {{CVE|CVE-2015-7648}} [https://helpx.adobe.com/security/products/flash-player/apsa15-05.html templink] [https://helpx.adobe.com/security/products/flash-player/apsb15-27.html templink] || {{pkg|flashplugin}} || 2015-10-14 || <= 11.2.202.535-1 || 11.2.202.540-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000414.html ASA-201510-12]<br />
|-<br />
| {{CVE|CVE-2015-7184}} [https://www.mozilla.org/en-US/security/advisories/mfsa2015-115/ templink] || {{pkg|firefox}} || 2015-10-15 || <= 41.0.1-1 || 41.0.2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000412.html ASA-201510-10]<br />
|-<br />
| {{CVE|CVE-2015-5260}} {{CVE|CVE-2015-5261}} {{CVE|CVE-2015-3247}} [http://lists.freedesktop.org/archives/spice-devel/2015-October/022168.html templink] [https://bugzilla.redhat.com/show_bug.cgi?id=1260822 templink] [https://bugzilla.redhat.com/show_bug.cgi?id=1261889 templink] [https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797976;msg=21 templink] || {{pkg|spice}} || 2015-09-08 || <= 0.12.5-1 || 0.12.6-1 || 41d || Fixed ({{bug|46738}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000415.html ASA-201510-13]<br />
|-<br />
| {{CVE|CVE-2015-6755}} {{CVE|CVE-2015-6756}} {{CVE|CVE-2015-6757}} {{CVE|CVE-2015-6758}} {{CVE|CVE-2015-6759}} {{CVE|CVE-2015-6760}} {{CVE|CVE-2015-6761}} {{CVE|CVE-2015-6762}} {{CVE|CVE-2015-6763}} [http://googlechromereleases.blogspot.fr/2015/10/stable-channel-update.html templink] || {{pkg|chromium}} || 2015-10-13 || <= 45.0.2454.101-2 || 46.0.2490.71-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000410.html ASA-201510-8]<br />
|-<br />
| {{CVE|CVE-2015-5569}} {{CVE|CVE-2015-7625}} {{CVE|CVE-2015-7626}} {{CVE|CVE-2015-7627}} {{CVE|CVE-2015-7628}} {{CVE|CVE-2015-7629}} {{CVE|CVE-2015-7630}} {{CVE|CVE-2015-7631}} {{CVE|CVE-2015-7632}} {{CVE|CVE-2015-7633}} {{CVE|CVE-2015-7634}} {{CVE|CVE-2015-7643}} {{CVE|CVE-2015-7644}} [https://helpx.adobe.com/security/products/flash-player/apsb15-25.html templink] || {{pkg|flashplugin}} || 2015-10-13 || <= 11.2.202.521-1 || 11.2.202.535-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000409.html ASA-201510-7]<br />
|-<br />
| {{CVE|CVE-2015-5291}} [https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2015-01 templink] || {{pkg|mbedtls}} || 2015-10-05 || <= 2.1.1-1 || 2.1.2-1 || 10d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000411.html ASA-201510-9]<br />
|-<br />
| {{CVE|CVE-2015-7384}} [https://nodejs.org/en/blog/release/v4.1.2/ templink] || {{pkg|nodejs}} || 2015-10-05 || <= 4.1.1-1 || 4.1.2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000405.html ASA-201510-3]<br />
|-<br />
| {{CVE|CVE-2015-7687}} [http://seclists.org/oss-sec/2015/q4/17 templink] [https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3f8e2fe24f3ff174d8515b82607e951e054f68f6 templink] || {{pkg|opensmtpd}} || 2015-10-02 || <= 5.7.1p1-1 || 5.7.3p1-1 || 6d || Fixed ({{bug|46605}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000407.html ASA-201510-5]<br />
|-<br />
| {{CVE|CVE-2015-7673}} {{CVE|CVE-2015-7674}} [http://seclists.org/oss-sec/2015/q4/18 templink] [http://seclists.org/oss-sec/2015/q4/19 templink] || {{pkg|gdk-pixbuf2}} || 2015-10-01 || <= 2.31.7-1 || 2.32.1-1 || 9d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000408.html ASA-201510-6]<br />
|-<br />
| {{CVE|CVE-2015-1335}} [https://github.com/lxc/lxc/commit/6de26af93d3dd87c8b21a42fdf20f30fa1c1948d templink] || {{pkg|lxc}} || 2015-09-29 || <= 1:1.1.3-2 || - || - || Not Affected ({{bug|46574}}) || None<br />
|-<br />
| {{CVE|CVE-2015-6972}} {{CVE|CVE-2015-6973}} [http://hyp3rlinx.altervista.org/advisories/AS-OPENFIRE-XSS.txt templink] [http://hyp3rlinx.altervista.org/advisories/AS-OPENFIRE-CSRF.txt templink] [https://igniterealtime.org/issues/browse/OF-942] || {{pkg|openfire}} || 2015-09-14 || <= 4.0.3-1 || || || '''Vulnerable''' ||<br />
|-<br />
| {{CVE|CVE-2015-4499}} [https://www.bugzilla.org/security/4.2.14/ templink] || {{pkg|bugzilla}} || 2015-09-10 || <= 5.0-1 || 5.0.1-1 || 28d || Fixed ({{bug|46573}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000406.html ASA-201510-4]<br />
|-<br />
| {{CVE|CVE-2015-4141}} {{CVE|CVE-2015-4142}} {{CVE|CVE-2015-4143}} {{CVE|CVE-2015-4144}} {{CVE|CVE-2015-4145}} {{CVE|CVE-2015-4146}} [http://w1.fi/security/2015-2/ templink] [http://w1.fi/security/2015-3/ templink] [http://w1.fi/security/2015-4/ templink] [http://w1.fi/security/2015-5/ templink] || {{pkg|hostapd}} || 2015-05-04 || <= 2.4-2 || 2.5-1 || ~150d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000404.html ASA-201510-2]<br />
|-<br />
| {{CVE|CVE-2015-3239}} [https://bugzilla.redhat.com/show_bug.cgi?id=1232265 templink] || {{pkg|libunwind}} || 2015-06-16 || <= 1.1-2 || 1.1-3 || ~110d || Fixed ({{bug|46474}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000403.html ASA-201510-1]<br />
|-<br />
| {{CVE|CVE-2015-1303}} {{CVE|CVE-2015-1304}} [http://googlechromereleases.blogspot.fr/2015/09/stable-channel-update_24.html templink] || {{pkg|chromium}} || 2015-09-24 || <= 45.0.2454.99-1 || 45.0.2454.101-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000401.html ASA-201509-11]<br />
|-<br />
| {{CVE|CVE-2015-4500}} {{CVE|CVE-2015-4501}} {{CVE|CVE-2015-4502}} {{CVE|CVE-2015-4504}} {{CVE|CVE-2015-4506}} {{CVE|CVE-2015-4507}} {{CVE|CVE-2015-4508}} {{CVE|CVE-2015-4509}} {{CVE|CVE-2015-4510}} {{CVE|CVE-2015-4511}} {{CVE|CVE-2015-4512}} {{CVE|CVE-2015-4516}} {{CVE|CVE-2015-4517}} {{CVE|CVE-2015-4519}} {{CVE|CVE-2015-4520}} {{CVE|CVE-2015-4521}} {{CVE|CVE-2015-4522}} {{CVE|CVE-2015-7174}} {{CVE|CVE-2015-7175}} {{CVE|CVE-2015-7176}} {{CVE|CVE-2015-7177}} {{CVE|CVE-2015-7180}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox41 templink] || {{pkg|firefox}} || 2015-09-22 || <= 40.0.3-1 || 41.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000399.html ASA-201509-9]<br />
|-<br />
| {{CVE|CVE-2015-5567}} {{CVE|CVE-2015-5568}} {{CVE|CVE-2015-5570}} {{CVE|CVE-2015-5571}} {{CVE|CVE-2015-5572}} {{CVE|CVE-2015-5573}} {{CVE|CVE-2015-5574}} {{CVE|CVE-2015-5575}} {{CVE|CVE-2015-5576}} {{CVE|CVE-2015-5577}} {{CVE|CVE-2015-5578}} {{CVE|CVE-2015-5579}} {{CVE|CVE-2015-5580}} {{CVE|CVE-2015-5581}} {{CVE|CVE-2015-5582}} {{CVE|CVE-2015-5584}} {{CVE|CVE-2015-5587}} {{CVE|CVE-2015-5588}} {{CVE|CVE-2015-6676}} {{CVE|CVE-2015-6677}} {{CVE|CVE-2015-6678}} {{CVE|CVE-2015-6679}} {{CVE|CVE-2015-6682}} [https://helpx.adobe.com/security/products/flash-player/apsb15-23.html templink] || {{pkg|flashplugin}} || 2015-09-21 || <= 11.2.202.508-1 || 11.2.202.521-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000398.html ASA-201510-8]<br />
|-<br />
| {{CVE|CVE-2015-7236}} [http://seclists.org/oss-sec/2015/q3/561 templink] || {{pkg|rpcbind}} || 2015-09-17 || <= 0.2.3-1 || 0.2.3-2 || 7d || Fixed ({{bug|46341}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000400.html ASA-201509-10]<br />
|-<br />
| {{CVE|CVE-2015-5714}} {{CVE|CVE-2015-5715}} [https://wordpress.org/news/2015/09/wordpress-4-3-1/ templink] || {{pkg|wordpress}} || 2015-09-15 || <= 4.3-1 || 4.3.1-1 || 5d || Fixed ({{bug|46340}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000397.html ASA-201510-7]<br />
|-<br />
| {{CVE|CVE-2015-6908}} [http://www.openwall.com/lists/oss-security/2015/09/11/5 templink] || {{pkg|openldap}} || 2015-09-09 || <= 2.4.42-1 || 2.4.42-2 || 3d || Fixed ({{bug|46265}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000393.html ASA-201509-4]<br />
|-<br />
| {{CVE|CVE-2015-5722}} {{CVE|CVE-2015-5986}} [https://www.isc.org/blogs/cve-2015-5986-an-incorrect-boundary-check-can-trigger-a-require-assertion-failure-in-openpgpkey_61-c/ templink] [https://www.isc.org/blogs/cve-2015-5722-parsing-malformed-keys-may-cause-bind-to-exit-due-to-a-failed-assertion-in-buffer-c/ templink] || {{pkg|bind}} || 2015-09-02 || <= 9.10.2.P3-1 || 9.10.2.P4-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000391.html ASA-201509-2]<br />
|-<br />
| {{CVE|CVE-2015-5198}} {{CVE|CVE-2015-5199}} {{CVE|CVE-2015-5200}} [http://lists.x.org/archives/xorg-announce/2015-August/002630.html templink] || {{pkg|libvdpau}} {{pkg|lib32-libvdpau}} || 2015-08-31 || <= 1.1-1 || 1.1.1-1 || 13d || Fixed ({{bug|46266}}) ({{bug|46267}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000394.html ASA-201509-5]<br />
|-<br />
| {{CVE|CVE-2015-1291}} {{CVE|CVE-2015-1292}} {{CVE|CVE-2015-1293}} {{CVE|CVE-2015-1294}} {{CVE|CVE-2015-1295}} {{CVE|CVE-2015-1296}} {{CVE|CVE-2015-1297}} {{CVE|CVE-2015-1298}} {{CVE|CVE-2015-1299}} {{CVE|CVE-2015-1300}} {{CVE|CVE-2015-1301}} [http://googlechromereleases.blogspot.fr/2015/09/stable-channel-update.html templink] || {{pkg|chromium}} || 2015-09-01 || <= 44.0.2403.157-1 || 45.0.2454.85-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000390.html ASA-201509-1]<br />
|-<br />
| {{CVE|CVE-2015-5230}} [https://doc.powerdns.com/md/security/powerdns-advisory-2015-02/ templink] || {{pkg|powerdns}} || 2015-09-02 || <= 3.4.5-1 || 3.4.6-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000392.html ASA-201509-3]<br />
|-<br />
| {{CVE|CVE-2015-5317}} {{CVE|CVE-2015-5318}} {{CVE|CVE-2015-5319}} {{CVE|CVE-2015-5320}} {{CVE|CVE-2015-5321}} {{CVE|CVE-2015-5322}} {{CVE|CVE-2015-5323}} {{CVE|CVE-2015-5324}} {{CVE|CVE-2015-5325}} {{CVE|CVE-2015-5326}} {{CVE|CVE-2015-8103}} [https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11 templink] [http://seclists.org/bugtraq/2015/Aug/161 templink] || {{pkg|jenkins}} || 2015-08-28 || <= 1.627-1 || 1.638-1 || 60d || Fixed ({{bug|46268}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000439.html ASA-201511-11]<br />
|-<br />
| {{CVE|CVE-2015-6749}} [http://seclists.org/oss-sec/2015/q3/457 templink] || {{pkg|vorbis-tools}} || 2015-08-30 || <= 1.4.0-5 || 1.4.0-6 || >60d || Fixed ({{bug|46269}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000424.html ASA-201510-22]<br />
|-<br />
| {{CVE|CVE-2015-4497}} {{CVE|CVE-2015-4498}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox40.0.3 templink] || {{pkg|firefox}} || 2015-08-27 || <= 40.0.2-1 || 40.0.3-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000389.html ASA-201508-12]<br />
|-<br />
| {{CVE|CVE-2015-5949}} [http://www.ocert.org/advisories/ocert-2015-009.html templink] || {{pkg|vlc}} || 2015-08-20 || <= 2.2.1-6 || 2.2.2-1 || 179d || Fixed ({{bug|46037}}) || None<br />
|-<br />
| {{CVE|CVE-2015-5963}} [https://www.djangoproject.com/weblog/2015/aug/18/security-releases/ templink] || {{pkg|python-django}} {{pkg|python2-django}} || 2015-08-18 || <= 1.8.3-1 || 1.8.4-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000386.html ASA-201508-9]<br />
|-<br />
| {{CVE|CVE-2015-5221}} [http://seclists.org/oss-sec/2015/q3/408 templink] || {{pkg|jasper}} || 2015-08-16 || <= 1.900.1-15 || || || '''Vulnerable''' || <br />
|-<br />
| {{CVE|CVE-2015-5203}} [http://seclists.org/oss-sec/2015/q3/366 templink] || {{pkg|jasper}} || 2015-08-16 || <= 1.900.1-15 || || || '''Vulnerable''' || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000387.html ASA-201508-10]<br />
|-<br />
| CVE Pending [http://seclists.org/oss-sec/2015/q3/295 templink] || {{pkg|pcre}} || 2015-08-05 || <= 8.37-2 || 8.37-3 || 12d || Fixed ({{bug|45945}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000388.html ASA-201508-11]<br />
|-<br />
| {{CVE|CVE-2015-4473}} {{CVE|CVE-2015-4474}} {{CVE|CVE-2015-4475}} {{CVE|CVE-2015-4477}} {{CVE|CVE-2015-4478}} {{CVE|CVE-2015-4479}} {{CVE|CVE-2015-4480}} {{CVE|CVE-2015-4482}} {{CVE|CVE-2015-4483}} {{CVE|CVE-2015-4484}} {{CVE|CVE-2015-4485}} {{CVE|CVE-2015-4486}} {{CVE|CVE-2015-4487}} {{CVE|CVE-2015-4488}} {{CVE|CVE-2015-4489}} {{CVE|CVE-2015-4490}} {{CVE|CVE-2015-4491}} {{CVE|CVE-2015-4492}} {{CVE|CVE-2015-4493}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox40 templink] || {{pkg|firefox}} || 2015-08-11 || <= 39.0.3-1 || 40.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000381.html ASA-201508-4]<br />
|-<br />
| {{CVE|CVE-2014-8121}} [https://access.redhat.com/security/cve/CVE-2014-8121 templink] || {{pkg|glibc}} || 2015-02-23 || <= 2.21-4 || 2.22-1 || ~180d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000384.html ASA-201508-7]<br />
|-<br />
| {{CVE|CVE-2015-4680}} [http://www.ocert.org/advisories/ocert-2015-008.html templink] || {{pkg|freeradius}} || 2015-06-22 || <= 3.0.8-2 || 3.0.9-1 || ~50d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000383.html ASA-201508-6]<br />
|-<br />
| {{CVE|CVE-2015-3184}} {{CVE|CVE-2015-3187}} [https://subversion.apache.org/security/CVE-2015-3184-advisory.txt templink] [https://subversion.apache.org/security/CVE-2015-3187-advisory.txt templink] || {{pkg|subversion}} || 2015-08-05 || <= 1.8.13-2 || 1.9.0-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000382.html ASA-201508-5]<br />
|-<br />
| {{CVE|CVE-2015-6251}} [http://www.gnutls.org/security.html#GNUTLS-SA-2015-3 templink] || {{pkg|gnutls}} || 2015-08-10 || <= 3.4.3-1 || 3.4.4.1-1 || 10d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000385.html ASA-201508-8]<br />
|-<br />
| {{CVE|CVE-2015-4495}} [https://www.mozilla.org/en-US/security/advisories/mfsa2015-78/ templink] || {{pkg|firefox}} || 2015-08-06 || <= 39.0-1 || 39.0.3-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000378.html ASA-201508-1]<br />
|-<br />
| {{CVE|CVE-2015-2213}} {{CVE|CVE-2015-5730}} {{CVE|CVE-2015-5731}} {{CVE|CVE-2015-5732}} {{CVE|CVE-2015-5733}} {{CVE|CVE-2015-5734}} [https://codex.wordpress.org/Version_4.2.4 templink] || {{pkg|wordpress}} || 2015-08-04 || <= 4.2.3-1 || 4.2.4.-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000379.html ASA-201508-2]<br />
|-<br />
| {{CVE|CVE-2015-3245}} {{CVE|CVE-2015-3246}} [http://seclists.org/oss-sec/2015/q3/185 templink] || {{pkg|libuser}} || 2015-07-22 || <= 0.61-1 || 0.62-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000373.html ASA-201507-19]<br />
|-<br />
| {{CVE|CVE-2015-5600}} [https://kingcope.wordpress.com/2015/07/16/openssh-keyboard-interactive-authentication-brute-force-vulnerability-maxauthtries-bypass/ templink] || {{pkg|openssh}} || 2015-07-22 || <= 6.9p1-1 || 6.9p1-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000372.html ASA-201507-17]<br />
|-<br />
| {{CVE|CVE-2015-1270}} {{CVE|CVE-2015-1271}} {{CVE|CVE-2015-1272}} {{CVE|CVE-2015-1273}} {{CVE|CVE-2015-1274}} {{CVE|CVE-2015-1276}} {{CVE|CVE-2015-1277}} {{CVE|CVE-2015-1278}} {{CVE|CVE-2015-1279}} {{CVE|CVE-2015-1280}} {{CVE|CVE-2015-1281}} {{CVE|CVE-2015-1282}} {{CVE|CVE-2015-1283}} {{CVE|CVE-2015-1284}} {{CVE|CVE-2015-1285}} {{CVE|CVE-2015-1286}} {{CVE|CVE-2015-1287}} {{CVE|CVE-2015-1288}} {{CVE|CVE-2015-1289}} [http://googlechromereleases.blogspot.fr/2015/07/stable-channel-update_21.html templink] || {{pkg|chromium}} || 2015-07-21 || <= 43.0.2357.134-1 || 44.0.2403.89-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000371.html ASA-201507-18]<br />
|-<br />
| {{CVE|CVE-2015-2590}} {{CVE|CVE-2015-2601}} {{CVE|CVE-2015-2613}} {{CVE|CVE-2015-2621}} {{CVE|CVE-2015-2625}} {{CVE|CVE-2015-2628}} {{CVE|CVE-2015-2632}} {{CVE|CVE-2015-2808}} {{CVE|CVE-2015-4000}} {{CVE|CVE-2015-4731}} {{CVE|CVE-2015-4732}} {{CVE|CVE-2015-4733}} {{CVE|CVE-2015-4748}} {{CVE|CVE-2015-4749}} {{CVE|CVE-2015-4760}} [http://blog.fuseyism.com/index.php/2015/07/21/security-icedtea-2-6-1-for-openjdk-7-released/ templink] || {{pkg|jre7-openjdk}} || 2015-07-21 || <= 7.u80_2.6.0-1 || 7.u85_2.6.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000370.html ASA-201507-16]<br />
|-<br />
| {{CVE|CVE-2015-5122}} {{CVE|CVE-2015-5123}} [https://helpx.adobe.com/security/products/flash-player/apsb15-18.html templink] || {{pkg|lib32-flashplugin}} || 2015-07-09 || <= 11.2.202.481-1 || 11.2.202.491-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000368.html ASA-201507-14]<br />
|-<br />
| {{CVE|CVE-2015-5122}} {{CVE|CVE-2015-5123}} [https://helpx.adobe.com/security/products/flash-player/apsb15-18.html templink] || {{pkg|flashplugin}} || 2015-07-09 || <= 11.2.202.481-1 || 11.2.202.491-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000367.html ASA-201507-13]<br />
|-<br />
| {{CVE|CVE-2015-0228}} {{CVE|CVE-2015-0253}} {{CVE|CVE-2015-3183}} {{CVE|CVE-2015-3185}} [http://www.apache.org/dist/httpd/CHANGES_2.4.16 templink] || {{pkg|apache}} || 2015-07-15 || <= 2.4.12-4 || 2.4.16-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000369.html ASA-201507-15]<br />
|-<br />
| {{CVE|CVE-2015-2724}} {{CVE|CVE-2015-2725}} {{CVE|CVE-2015-2726}} {{CVE|CVE-2015-2731}} {{CVE|CVE-2015-2734}} {{CVE|CVE-2015-2735}} {{CVE|CVE-2015-2736}} {{CVE|CVE-2015-2737}} {{CVE|CVE-2015-2738}} {{CVE|CVE-2015-2739}} {{CVE|CVE-2015-2740}} {{CVE|CVE-2015-2741}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird38.1 templink] || {{pkg|thunderbird}} || 2015-07-09 || <= 38.0.1-1 || 38.1.0-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000363.html ASA-201507-9]<br />
|-<br />
| {{CVE|CVE-2015-1793}} [https://openssl.org/news/secadv_20150709.txt templink] || {{pkg|lib32-openssl}} || 2015-07-09 || <= 1.0.2.c-1 || 1.0.2.d-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000366.html ASA-201507-12]<br />
|-<br />
| {{CVE|CVE-2015-1793}} [https://openssl.org/news/secadv_20150709.txt templink] || {{pkg|openssl}} || 2015-07-09 || <= 1.0.2.c-1 || 1.0.2.d-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000362.html ASA-201507-8]<br />
|-<br />
| {{CVE|CVE-2014-0578}} {{CVE|CVE-2015-3114}} {{CVE|CVE-2015-3115}} {{CVE|CVE-2015-3116}} {{CVE|CVE-2015-3117}} {{CVE|CVE-2015-3118}} {{CVE|CVE-2015-3119}} {{CVE|CVE-2015-3120}} {{CVE|CVE-2015-3121}} {{CVE|CVE-2015-3122}} {{CVE|CVE-2015-3123}} {{CVE|CVE-2015-3124}} {{CVE|CVE-2015-3125}} {{CVE|CVE-2015-3126}} {{CVE|CVE-2015-3127}} {{CVE|CVE-2015-3128}} {{CVE|CVE-2015-3129}} {{CVE|CVE-2015-3130}} {{CVE|CVE-2015-3131}} {{CVE|CVE-2015-3132}} {{CVE|CVE-2015-3133}} {{CVE|CVE-2015-3134}} {{CVE|CVE-2015-3135}} {{CVE|CVE-2015-3136}} {{CVE|CVE-2015-3137}} {{CVE|CVE-2015-4428}} {{CVE|CVE-2015-4429}} {{CVE|CVE-2015-4430}} {{CVE|CVE-2015-4431}} {{CVE|CVE-2015-4432}} {{CVE|CVE-2015-4433}} {{CVE|CVE-2015-5116}} {{CVE|CVE-2015-5117}} {{CVE|CVE-2015-5118}} {{CVE|CVE-2015-5119}} [https://helpx.adobe.com/security/products/flash-player/apsb15-16.html templink] [https://www.kb.cert.org/vuls/id/561288 templink] || {{pkg|flashplugin}} || 2015-07-07 || <= 11.2.202.468-1 || 11.2.202.481-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000361.html ASA-201507-7]<br />
|-<br />
| {{CVE|CVE-2015-4620}} [https://kb.isc.org/article/AA-01267/ templink] || {{pkg|bind}} || 2015-07-07 || <= 9.10.2.P1-1 || 9.10.2.P2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000360.html ASA-201507-6]<br />
|-<br />
| {{CVE|CVE-2015-5382}} [http://www.openwall.com/lists/oss-security/2015/07/07/3 templink] || {{pkg|roundcubemail}} || 2015-07-06 || <= 1.1.1-1 || 1.1.2-1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-5355}} {{CVE|CVE-2015-2694}} [http://krbdev.mit.edu/rt/NoAuth/krb5-1.13/fixed-1.13.2.html templink] || {{pkg|lib32-krb5}} || 2015-05-08 || <= 1.13.1-1 || 1.13.2-1 || 63d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000365.html ASA-201507-11]<br />
|-<br />
| {{CVE|CVE-2014-5355}} {{CVE|CVE-2015-2694}} [http://krbdev.mit.edu/rt/NoAuth/krb5-1.13/fixed-1.13.2.html templink] || {{pkg|krb5}} || 2015-05-08 || <= 1.13.1-1 || 1.13.2-1 || 63d || Fixed ({{bug|45575}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000364.html ASA-201507-10]<br />
|-<br />
| {{CVE|CVE-2015-3281}} [http://marc.info/?l=haproxy&m=143593901506748&w=2 templink] || {{pkg|haproxy}} || 2015-07-03 || <= 1.5.12-1 || 1.5.14-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000357.html ASA-201507-3]<br />
|-<br />
| {{CVE|CVE-2015-2722}} {{CVE|CVE-2015-2724}} {{CVE|CVE-2015-2725}} {{CVE|CVE-2015-2726}} {{CVE|CVE-2015-2727}} {{CVE|CVE-2015-2728}} {{CVE|CVE-2015-2729}} {{CVE|CVE-2015-2731}} {{CVE|CVE-2015-2733}} {{CVE|CVE-2015-2734}} {{CVE|CVE-2015-2735}} {{CVE|CVE-2015-2736}} {{CVE|CVE-2015-2737}} {{CVE|CVE-2015-2739}} {{CVE|CVE-2015-2740}} {{CVE|CVE-2015-2741}} {{CVE|CVE-2015-2743}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2015-07-02 || <= 38.0.5 || 39.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000356.html ASA-201507-2]<br />
|- <br />
| {{CVE|CVE-2015-5352}} [http://www.openwall.com/lists/oss-security/2015/07/01/10 templink] || {{pkg|openssh}} || 2015-06-29 || <= 6.8p1-3 || 6.9p1-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000358.html ASA-201507-4]<br />
|-<br />
| {{CVE|CVE-2015-5146}} [http://support.ntp.org/bin/view/Main/SecurityNotice#June_2015_NTP_Security_Vulnerabi templink] || {{pkg|ntp}} || 2015-06-29 || <= 4.2.8p2-1 || 4.2.8p3-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000359.html ASA-201507-5]<br />
|-<br />
| {{CVE|CVE-2015-2141}} [https://lists.ubuntu.com/archives/ubuntu-devel-discuss/2015-June/015585.html templink] [https://github.com/weidai11/cryptopp/commit/9425e16437439e68c7d96abef922167d68fafaff commit] || {{pkg|crypto++}} || 2015-06-28 || <= 5.6.2-2 || 5.6.2-3 || 28d || Fixed ({{bug|45498}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000374.html ASA-201507-20]<br />
|-<br />
| {{CVE|CVE-2015-5073}} [https://bugs.exim.org/show_bug.cgi?id=1651 templink] [http://vcs.pcre.org/pcre?view=revision&revision=1571 commit] || {{pkg|pcre}} || 2015-06-26 || <= 8.37-2 || 8.37-3 || ~52d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-5069}} {{CVE|CVE-2015-5070}} [http://www.openwall.com/lists/oss-security/2015/06/25/12 templink] || {{pkg|wesnoth}} || 2015-06-24 || <= 1.12.2-3 || 1.12.4-1 || < 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000355.html ASA-201507-1]<br />
|-<br />
| {{CVE|CVE-2015-3113}} [https://helpx.adobe.com/security/products/flash-player/apsb15-14.html templink] || {{pkg|flashplugin}} || 2015-06-23 || <= 11.2.202.466-1 || 11.2.202.468-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-June/000346.html ASA-201506-5]<br />
|-<br />
| {{CVE|CVE-2015-3236}} {{CVE|CVE-2015-3237}} [http://curl.haxx.se/docs/adv_20150617A.html templink] [http://curl.haxx.se/docs/adv_20150617B.html templink] || {{pkg|lib32-curl}} || 2015-06-17 || <= 7.42.1-1 || 7.43.0-1 || 47d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-June/000345.html ASA-201506-4]<br />
|-<br />
| {{CVE|CVE-2015-3236}} {{CVE|CVE-2015-3237}} [http://curl.haxx.se/docs/adv_20150617A.html templink] [http://curl.haxx.se/docs/adv_20150617B.html templink] || {{pkg|curl}} || 2015-06-17 || <= 7.42.1-1 || 7.43.0-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-June/000345.html ASA-201506-4]<br />
|-<br />
| {{CVE|CVE-2009-1364}} {{CVE|CVE-2006-3376}} {{CVE|CVE-2007-0455}} {{CVE|CVE-2007-2756}} {{CVE|CVE-2007-3472}} {{CVE|CVE-2007-3473}} {{CVE|CVE-2007-3477}} {{CVE|CVE-2009-3546}} {{CVE|CVE-2015-0848}} {{CVE|CVE-2015-4588}} {{CVE|CVE-2015-4695}} {{CVE|CVE-2015-4696}} [http://www.openwall.com/lists/oss-security/2015/06/16/4 templink] || {{pkg|libwmf}} || 2015-06-01 || <= 0.2.8.4-13 || || || '''Vulnerable''' ({{bug|49162}}) ||<br />
|-<br />
| {{CVE|CVE-2015-2325}} {{CVE|CVE-2015-2326}} {{CVE|CVE-2015-3414}} {{CVE|CVE-2015-3415}} {{CVE|CVE-2015-3416}} [http://php.net/ChangeLog-5.php#5.6.10 templink] || {{pkg|php}} || 2015-06-11 || <= 5.6.9-2 || 5.6.10-1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-3885}} [http://www.ocert.org/advisories/ocert-2015-006.html templink] || {{pkg|libraw}} || 2015-05-11 || <= 0.16.0-3 || 0.16.1 || 5d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-3885}} [http://www.ocert.org/advisories/ocert-2015-006.html templink] || {{pkg|dcraw}} || 2015-05-11 || <= 9.25.0-1 || 9.26.0-1 || ~1m || Fixed || None <br />
|-<br />
| {{CVE|CVE-2015-3885}} [http://www.ocert.org/advisories/ocert-2015-006.html templink] || {{pkg|gimp-ufraw}} || 2015-05-11 || <= 0.21-1 || 0.22-1 || 45d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-3885}} [http://www.ocert.org/advisories/ocert-2015-006.html templink] || {{pkg|rawtherapee}} || 2015-05-11 || <= 1:4.2-1 || 1:4.2+448.g26d182d-1 || ~5m || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-3885}} [http://www.ocert.org/advisories/ocert-2015-006.html templink] || {{pkg|rawstudio}} || 2015-05-11 || <= 2.0-12 || 2.0_git20160107-1 || ~11m || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-1158}} {{CVE|CVE-2015-1159}} [http://www.cups.org/str.php?L4609 templink] || {{pkg|cups}} || 2015-06-08 || <= 2.0.2-4 || 2.0.3-1 || 1d || Fixed ({{bug|45279}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-June/000343.html ASA-201506-2]<br />
|-<br />
| {{CVE|CVE-2015-1788}} {{CVE|CVE-2015-1789}} {{CVE|CVE-2015-1790}} {{CVE|CVE-2015-1791}} {{CVE|CVE-2015-1792}} {{CVE|CVE-2015-4000}} [https://www.openssl.org/news/secadv_20150611.txt templink] [https://git.openssl.org/?p=openssl.git;a=commit;h=98ece4eebfb6cd45cc8d550c6ac0022965071afc templink] || {{pkg|openssl}} || 2015-06-11 || <= 1.0.2.a-1 || 1.0.2.b-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-June/000344.html ASA-201506-3]<br />
|-<br />
| {{CVE|CVE-2015-3210}} [https://bugs.exim.org/show_bug.cgi?id=1636 templink] || {{pkg|pcre}} || 2015-05-29 || <= 8.37-1 || 8.37-2 || 7d || Fixed ({{bug|45207}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-June/000342.html ASA-201506-1]<br />
|-<br />
| {{CVE|CVE-2015-3165}} {{CVE|CVE-2015-3166}} {{CVE|CVE-2015-3167}} [http://www.postgresql.org/about/news/1587/ templink] || {{pkg|postgresql}} || 2015-05-22 || <= 9.4.1-1 || 9.4.2-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000338.html ASA-201505-17]<br />
|-<br />
| {{CVE|CVE-2015-4054}} [http://www.openwall.com/lists/oss-security/2015/05/22/5 templink] || {{pkg|pgbouncer}} || 2015-04-09 || <= 1.5.4-6 || 1.5.5-1 || 26d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000337.html ASA-201505-16]<br />
|-<br />
| {{CVE|CVE-2015-1251}} {{CVE|CVE-2015-1252}} {{CVE|CVE-2015-1253}} {{CVE|CVE-2015-1254}} {{CVE|CVE-2015-1255}} {{CVE|CVE-2015-1256}} {{CVE|CVE-2015-1257}} {{CVE|CVE-2015-1258}} {{CVE|CVE-2015-1259}} {{CVE|CVE-2015-1260}} {{CVE|CVE-2015-1263}} {{CVE|CVE-2015-1264}} {{CVE|CVE-2015-1265}} [http://googlechromereleases.blogspot.fr/2015/05/stable-channel-update_19.html templink] || {{pkg|chromium}} || 2015-05-19 || <= 42.0.2311.135-1 || 43.0.2357.65-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000335.html ASA-201505-14]<br />
|-<br />
| {{CVE|CVE-2015-3808}} {{CVE|CVE-2015-3809}} {{CVE|CVE-2015-3810}} {{CVE|CVE-2015-3811}} {{CVE|CVE-2015-3812}} {{CVE|CVE-2015-3813}} {{CVE|CVE-2015-3814}} {{CVE|CVE-2015-3815}} [https://wireshark.org/docs/relnotes/wireshark-1.12.5.html templink] || {{pkg|wireshark-cli}} {{pkg|wireshark-qt}} {{pkg|wireshark-gtk}} || 2015-05-11 || <= 1.12.4-4 || 1.12.5-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000329.html ASA-201505-10] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000330.html ASA-201505-11] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000331.html ASA-201505-12]<br />
|-<br />
| {{CVE|CVE-2015-3456}} [https://securityblog.redhat.com/2015/05/13/venom-dont-get-bitten/ templink] || {{pkg|qemu}} || 2015-05-13 || <= 2.2.1-4 || 2.2.1-5 || 1d || Fixed ({{bug|44958}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000328.html ASA-201505-9]<br />
|-<br />
| {{CVE|CVE-2014-0230}} [https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.44 templink] || {{pkg|tomcat6}} || 2015-04-09 || <= 6.0.43-2 || 6.0.44-1 || 34d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000321.html ASA-201505-8]<br />
|-<br />
| {{CVE|CVE-2015-2708}} {{CVE|CVE-2015-2709}} {{CVE|CVE-2015-2710}} {{CVE|CVE-2015-2713}} {{CVE|CVE-2015-2716}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird31.7 templink] || {{pkg|thunderbird}} || 2015-05-12 || <= 31.6.0-2 || 31.7.0-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000332.html ASA-201505-13]<br />
|-<br />
| {{CVE|CVE-2015-2708}} {{CVE|CVE-2015-2709}} {{CVE|CVE-2015-2710}} {{CVE|CVE-2015-2711}} {{CVE|CVE-2015-2712}} {{CVE|CVE-2015-2713}} {{CVE|CVE-2015-2715}} {{CVE|CVE-2015-2716}} {{CVE|CVE-2015-2717}} {{CVE|CVE-2015-2718}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox38 templink] || {{pkg|firefox}} || 2015-05-12 || <= 37.0.2-1 || 38.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000320.html ASA-201505-7] <br />
|-<br />
| {{CVE|CVE-2015-3622}} [http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commitdiff;h=f979435 templink] || {{pkg|libtasn1}} || 2015-04-20 || <= 4.5-1 || 4.4-1 || 16d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000318.html ASA-201505-5]<br />
|-<br />
| {{CVE|CVE-2014-8964}} [https://mariadb.com/kb/en/mariadb/mariadb-10018-release-notes/ templink] || {{pkg|mariadb-clients}} || 2015-05-07 || <= 10.0.17-1 || 10.0.18-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000317.html ASA-201505-4]<br />
|-<br />
| {{CVE|CVE-2014-8964}} {{CVE|CVE-2015-0499}} {{CVE|CVE-2015-0501}} {{CVE|CVE-2015-0505}} {{CVE|CVE-2015-2571}} [https://mariadb.com/kb/en/mariadb/mariadb-10018-release-notes/ templink] || {{pkg|mariadb}} || 2015-05-07 || <= 10.0.17-1 || 10.0.18-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000316.html ASA-201505-3]<br />
|-<br />
| {{CVE|CVE-2015-3627}} {{CVE|CVE-2015-3629}} {{CVE|CVE-2015-3630}} {{CVE|CVE-2015-3631}} [http://seclists.org/oss-sec/2015/q2/389 templink] || {{pkg|docker}} || 2015-05-07 || <= 1:1.6.0-1 || 1:1.6.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000319.html ASA-201505-6]<br />
|-<br />
| {{CVE|CVE-2015-0847}} [http://sourceforge.net/p/nbd/mailman/message/34091218/ templink] || {{pkg|nbd}} || 2015-05-07 || <= 3.10-1 || 3.11-1 || 19d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000336.html ASA-201505-15]<br />
|-<br />
| {{CVE|CVE-2015-1858}} {{CVE|CVE-2015-1859}} {{CVE|CVE-2015-1860}} [http://lists.qt-project.org/pipermail/announce/2015-April/000067.html templink] || {{pkg|qt5-base}} || 2015-04-13 || <= 5.4.1-5 || 5.4.2-1 || 50d || Fixed || None <br />
|-<br />
| {{CVE|CVE-2015-1858}} {{CVE|CVE-2015-1859}} {{CVE|CVE-2015-1860}} [http://lists.qt-project.org/pipermail/announce/2015-April/000067.html templink] || {{pkg|qt4}} || 2015-04-13 || <= 4.8.6-6 || 4.8.7-1 || 50d || Fixed || None <br />
|-<br />
| {{CVE|CVE-2015-3414}} {{CVE|CVE-2015-3415}} {{CVE|CVE-2015-3416}} [http://seclists.org/fulldisclosure/2015/Apr/31 templink] || {{pkg|sqlite}} || 2015-04-24 || <= 3.8.8.3-1 || 3.8.9-1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-2170}} {{CVE|CVE-2015-2221}} {{CVE|CVE-2015-2222}} {{CVE|CVE-2015-2305}} {{CVE|CVE-2015-2668}} [http://blog.clamav.net/2015/04/clamav-0987-has-been-released.html templink] || {{pkg|clamav}} || 2015-04-29 || <= 0.98.6-1 || 0.98.7-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000315.html ASA-201505-2]<br />
|-<br />
| {{CVE|CVE-2015-3455}} [http://www.openwall.com/lists/oss-security/2015/04/30/2 templink] || {{pkg|squid}} || 2015-04-29 || <= 3.5.3-2 || 3.5.4-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000314.html ASA-201505-1]<br />
|-<br />
| {{CVE|CVE-2015-3451}} [http://www.openwall.com/lists/oss-security/2015/04/30/1 templink] || {{pkg|perl-xml-libxml}} || 2015-04-30 || <= 2.0118-3 || 2.0119-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000313.html ASA-201504-32]<br />
|-<br />
| {{CVE|CVE-2015-3152}} [http://www.openwall.com/lists/oss-security/2015/04/29/4 templink] || {{pkg|mariadb}} {{pkg|mariadb-clients}} || 2015-04-29 || <= 10.0.17-2 || 10.0.20-1 || 52d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-3153}} [http://curl.haxx.se/docs/adv_20150429.html templink] || {{pkg|curl}} || 2015-04-29 || <= 7.42.0-1 || 7.42.1-1 || 29d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000341.html ASA-201505-20]<br />
|-<br />
| {{CVE|CVE-2015-1243}} {{CVE|CVE-2015-1250}} [http://googlechromereleases.blogspot.fr/2015/04/stable-channel-update_28.html templink] || {{pkg|chromium}} || 2015-04-28 || <= 42.0.2311.90-1 || 42.0.2311.135-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000311.html ASA-201504-30]<br />
|-<br />
| {{CVE|CVE-2015-3420}} [http://seclists.org/oss-sec/2015/q2/288 templink] || {{pkg|dovecot}} || 2015-04-24 || <= 2.2.16-1 || 2.2.16-2 || 4d || Fixed ({{bug|44757}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000312.html ASA-201504-31]<br />
|-<br />
| {{CVE|CVE-2015-1868}} [https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/ templink] || {{pkg|powerdns-recursor}} || 2015-04-23 || <= 3.7.1-1 || 3.7.2-1 || 1d || Fixed ({{Bug|44708}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000308.html ASA-201504-27]<br />
|-<br />
| {{CVE|CVE-2015-1868}} [https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/ templink] || {{pkg|powerdns}} || 2015-04-23 || <= 3.4.3-2 || 3.4.4-1 || 1d || Fixed ({{Bug|44708}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000307.html ASA-201504-26]<br />
|-<br />
| {{CVE|CVE-2015-1863}} [http://w1.fi/security/2015-1/wpa_supplicant-p2p-ssid-overflow.txt templink] || {{pkg|wpa_supplicant}} || 2015-04-22 || <= 2.3-1 || 2.4-1 (1:2.3-1) || 2d || Fixed ({{Bug|44695}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000310.html ASA-201504-29]<br />
|-<br />
| {{CVE|CVE-2015-1781}} [https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=2959eda9272a033863c271aff62095abd01bd4e3;hp=7bf8fb104226407b75103b95525364c4667c869f templink] || {{pkg|glibc}} || 2015-04-21 || <= 2.21-2 || 2.21-3 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000305.html ASA-201504-25]<br />
|-<br />
| {{CVE|CVE-2015-3143}} {{CVE|CVE-2015-3144}} {{CVE|CVE-2015-3145}} {{CVE|CVE-2015-3148}} [http://curl.haxx.se/docs/vuln-7.41.0.html templink] || {{pkg|curl}} || 2015-04-22 || <= 7.41.0-1 || 7.42.0-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000309.html ASA-201504-28]<br />
|-<br />
| {{CVE|CVE-2015-2706}} [https://www.mozilla.org/en-US/security/advisories/mfsa2015-45/ templink] || {{pkg|firefox}} || 2015-04-20 || <= 37.0.1-3 || 37.0.2-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000304.html ASA-201504-24]<br />
|-<br />
| {{CVE|CVE-2015-3138}} [https://github.com/the-tcpdump-group/tcpdump/issues/446 templink] || {{pkg|tcpdump}} || 2015-03-24 || <= 4.7.3-1 || 4.7.3-2 || 26d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000299.html ASA-201504-20]<br />
|-<br />
| {{CVE|CVE-2015-0346}} {{CVE|CVE-2015-0347}} {{CVE|CVE-2015-0348}} {{CVE|CVE-2015-0349}} {{CVE|CVE-2015-0350}} {{CVE|CVE-2015-0351}} {{CVE|CVE-2015-0352}} {{CVE|CVE-2015-0353}} {{CVE|CVE-2015-0354}} {{CVE|CVE-2015-0355}} {{CVE|CVE-2015-0356}} {{CVE|CVE-2015-0357}} {{CVE|CVE-2015-0358}} {{CVE|CVE-2015-0359}} {{CVE|CVE-2015-0360}} {{CVE|CVE-2015-3038}} {{CVE|CVE-2015-3039}} {{CVE|CVE-2015-3040}} {{CVE|CVE-2015-3041}} {{CVE|CVE-2015-3042}} {{CVE|CVE-2015-3043}} {{CVE|CVE-2015-3044}} [https://helpx.adobe.com/security/products/flash-player/apsb15-06.html templink] || {{pkg|flashplugin}} || 2015-04-14 || <= 11.2.202.451-1 || 11.2.202.457-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000297.html ASA-201504-18]<br />
|-<br />
| {{CVE|CVE-2015-1351}} {{CVE|CVE-2015-1352}} {{CVE|CVE-2015-2783}} {{CVE|CVE-2015-3330}} {{CVE|CVE-2015-3329}} [https://php.net/ChangeLog-5.php#5.6.8 templink] || {{pkg|php}} || 2015-04-17 || <= 5.6.7.-2 || 5.6.8-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000291.html ASA-201504-14]<br />
|-<br />
| {{CVE|CVE-2015-0460}} {{CVE|CVE-2015-0469}} {{CVE|CVE-2015-0470}} {{CVE|CVE-2015-0477}} {{CVE|CVE-2015-0478}} {{CVE|CVE-2015-0480}} {{CVE|CVE-2015-0488}} || {{pkg|jdk8-openjdk}} {{pkg|jre8-openjdk}} {{pkg|jre8-openjdk-headless}} || 2015-04-14 || <= 8.u40-1 || 8.u45-1 || 6d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000300.html ASA-201504-21] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000301.html ASA-201504-22] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000302.html ASA-201504-23]<br />
|-<br />
| {{CVE|CVE-2015-0460}} {{CVE|CVE-2015-0469}} {{CVE|CVE-2015-0477}} {{CVE|CVE-2015-0478}} {{CVE|CVE-2015-0480}} {{CVE|CVE-2015-0488}} [http://blog.fuseyism.com/index.php/2015/04/15/security-icedtea-2-5-5-for-openjdk-7-released/ templink] || {{pkg|jdk7-openjdk}} {{pkg|jre7-openjdk}} {{pkg|jre7-openjdk-headless}} || 2015-04-14 || <= 7.u75_2.5.4-1 || 7.u79_2.5.5-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000294.html ASA-201504-15] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000295.html ASA-201504-16] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000296.html ASA-201504-17]<br />
|-<br />
| {{CVE|CVE-2015-3310}} [http://www.openwall.com/lists/oss-security/2015/04/16/7 templink] || {{pkg|ppp}} || 2015-04-13 || <= 2.4.7-1 || 2.4.7-2 || ~4m || Fixed ({{bug|44607}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000380.html ASA-201508-3]<br />
|-<br />
| {{CVE|CVE-2015-3308}} [http://www.openwall.com/lists/oss-security/2015/04/16/6 templink] || {{pkg|gnutls}} || 2015-03-30 || <= 3.3.13-1 || 3.3.14-1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-1235}} {{CVE|CVE-2015-1236}} {{CVE|CVE-2015-1237}} {{CVE|CVE-2015-1238}} {{CVE|CVE-2015-1240}} {{CVE|CVE-2015-1241}} {{CVE|CVE-2015-1242}} {{CVE|CVE-2015-1244}} {{CVE|CVE-2015-1245}} {{CVE|CVE-2015-1246}} {{CVE|CVE-2015-1247}} {{CVE|CVE-2015-1248}} {{CVE|CVE-2015-1249}} [http://googlechromereleases.blogspot.fr/2015/04/stable-channel-update_14.html templink] || {{pkg|chromium}} || 2015-04-14 || <= 41.0.2272.118-2 || 42.0.2311.90-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000298.html ASA-201504-19]<br />
|-<br />
| {{CVE|CVE-2015-1855}} [https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/ templink] || {{pkg|ruby}} || 2015-04-13 || <= 2.2.1-1 || 2.2.2-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000282.html ASA-201504-13]<br />
|-<br />
| {{CVE|CVE-2015-3026}} [http://seclists.org/oss-sec/2015/q2/80 templink] || {{pkg|icecast}} || 2015-04-08 || <= 2.4.1-1 || 2.4.2-1 || 3d || Fixed ({{bug|44503}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000281.html ASA-201504-12]<br />
|-<br />
| {{CVE|CVE-2015-1798}} [http://seclists.org/oss-sec/2015/q2/63 templink] || {{pkg|chrony}} || 2015-04-08 || <= 1.31-2 || 1.31.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000278.html ASA-201504-9]<br />
|-<br />
| {{CVE|CVE-2015-1798}} {{CVE|CVE-2015-1799}} [http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities templink] || {{pkg|ntp}} || 2015-04-07 || <= 4.2.8p1 || 4.2.8p2-1 || <1d || Fixed ({{bug|44492}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000275.html ASA-201504-8]<br />
|-<br />
| {{CVE|CVE-2015-2931}} {{CVE|CVE-2015-2932}} {{CVE|CVE-2015-2933}} {{CVE|CVE-2015-2934}} {{CVE|CVE-2015-2935}} {{CVE|CVE-2015-2936}} {{CVE|CVE-2015-2937}} {{CVE|CVE-2015-2938}} {{CVE|CVE-2015-2939}} {{CVE|CVE-2015-2940}} {{CVE|CVE-2015-2941}} {{CVE|CVE-2015-2942}} [http://seclists.org/oss-sec/2015/q2/61 templink] || {{pkg|mediawiki}} || 2015-04-07 || <= 1.24.1-1 || 1.24.2-1 || 0d || Fixed ({{bug|44489}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000280.html ASA-201504-11]<br />
|-<br />
| {{CVE|CVE-2015-2928}} {{CVE|CVE-2015-2929}} [http://seclists.org/oss-sec/2015/q2/56 templink] || {{pkg|tor}} || 2015-04-06 || <= 0.2.5.11-1 || 0.2.5.12-1 || <1d || Fixed ({{bug|44482}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000274.html ASA-201504-7]<br />
|-<br />
| {{CVE|CVE-2015-0799}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2015-04-03 || <= 37.0-1 || 37.0.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000271.html ASA-201504-4]<br />
|-<br />
| {{CVE|CVE-2015-1233}} {{CVE|CVE-2015-1234}} [http://googlechromereleases.blogspot.fr/2015/04/stable-channel-update.html templink] || {{pkg|chromium}} || 2015-04-01 || <= 41.0.2272.101-1 || 41.0.2272.118-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000269.html ASA-201504-2]<br />
|-<br />
| {{CVE|CVE-2015-0801}} {{CVE|CVE-2015-0807}} {{CVE|CVE-2015-0813}} {{CVE|CVE-2015-0814}} {{CVE|CVE-2015-0815}} {{CVE|CVE-2015-0816}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/ templink] || {{pkg|thunderbird}} || 2015-03-31 || <= 31.5.0-1 || 31.6.0-1|| 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000272.html ASA-201504-6]<br />
|-<br />
| {{CVE|CVE-2015-0801}} {{CVE|CVE-2015-0802}} {{CVE|CVE-2015-0803}} {{CVE|CVE-2015-0804}} {{CVE|CVE-2015-0805}} {{CVE|CVE-2015-0806}} {{CVE|CVE-2015-0807}} {{CVE|CVE-2015-0808}} {{CVE|CVE-2015-0811}} {{CVE|CVE-2015-0812}} {{CVE|CVE-2015-0813}} {{CVE|CVE-2015-0814}} {{CVE|CVE-2015-0815}} {{CVE|CVE-2015-0816}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2015-03-31 || <= 36.0.4-1 || 37.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000268.html ASA-201504-1]<br />
|-<br />
| {{CVE|CVE-2015-1817}} [http://www.openwall.com/lists/oss-security/2015/03/30/3 templink] || {{pkg|musl}} || 2015-03-29 || <= 1.1.7-1 || 1.1.8-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000267.html ASA-201503-26]<br />
|-<br />
| {{CVE|CVE-2015-2782}} {{CVE|CVE-2015-0556}} {{CVE|CVE-2015-0557}} [http://www.openwall.com/lists/oss-security/2015/03/29/1 templink] || {{pkg|arj}} || 2015-03-28 || <= 3.10.22-8 || 3.10.22-10 || 10d || Fixed ({{bug|44411}}) ({{bug|44488}}) || None<br />
|-<br />
| {{CVE|CVE-2015-0250}} [http://seclists.org/fulldisclosure/2015/Mar/142 templink] || {{pkg|java-batik}} || 2015-03-17 || <= 1.7-12 || 1.8-1 || 17d || Fixed ({{bug|44410}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000273.html ASA-201504-5]<br />
|-<br />
| {{CVE|CVE-2015-2806}} [http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=4d4f992826a4962790ecd0cce6fbba4a415ce149 templink] || {{pkg|libtasn1}} || 2015-03-29 || <= 4.3-1 || 4.4-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000270.html ASA-201504-3]<br />
|-<br />
| {{CVE|CVE-2015-0817}} {{CVE|CVE-2015-0818}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2015-03-20 || <= 36.0.1-1 || 36.0.3-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000262.html ASA-201503-21]<br />
|-<br />
| {{CVE|CVE-2015-2559}} [https://www.drupal.org/SA-CORE-2015-001 templink] || {{pkg|drupal}} || 2015-03-19 || <= 7.34-1 || 7.35-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000259.html ASA-201503-18]<br />
|-<br />
| {{CVE|CVE-2015-0252}} [https://xerces.apache.org/xerces-c/secadv/CVE-2015-0252.txt templink] || {{pkg|xerces-c}} || 2015-03-19 || <= 3.1.1-5 || 3.1.2-1 || 1d || Fixed ({{bug|44272}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000260.html ASA-201503-19]<br />
|-<br />
| {{CVE|CVE-2015-2330}} [http://www.openwall.com/lists/oss-security/2015/03/18/4 templink] || {{pkg|webkitgtk}} {{pkg|webkitgtk2}} || 2015-03-17 || <= 2.4.8-1 || 2.4.9-1 || 30d || Fixed ({{bug|44237}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000339.html ASA-201505-18] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000340.html ASA-201505-19]<br />
|-<br />
| {{CVE|CVE-2015-2305}} {{CVE|CVE-2015-2331}} {{CVE|CVE-2015-2348}} {{CVE|CVE-2015-2787}} [https://bugs.php.net/bug.php?id=69253 templink] || {{pkg|php}} || 2015-03-18 || <= 5.6.6-1 || 5.6.7-1 || 10d || Fixed ({{bug|44236}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000266.html ASA-201503-25]<br />
|-<br />
| {{CVE|CVE-2015-0204}} {{CVE|CVE-2015-0207}} {{CVE|CVE-2015-0208}} {{CVE|CVE-2015-0209}} {{CVE|CVE-2015-0285}} {{CVE|CVE-2015-0286}} {{CVE|CVE-2015-0287}} {{CVE|CVE-2015-0288}} {{CVE|CVE-2015-0289}} {{CVE|CVE-2015-0290}} {{CVE|CVE-2015-0291}} {{CVE|CVE-2015-0293}} {{CVE|CVE-2015-1787}} [https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=28a00bcd8e318da18031b2ac8778c64147cd54f9 commit-0288] [https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2b31fcc0b5e7329e13806822a5709dbd51c5c8a4 commit-0285] [https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ba5d0113e8bcb26857ae58a11b219aeb7bc2408a commit-0209] [https://security-tracker.debian.org/tracker/CVE-2015-0288 Debian-Bug-tracker] [https://www.openssl.org/news/secadv_20150319.txt advisory] || {{pkg|openssl}} {{pkg|lib32-openssl}} || 2015-03-17 || <= 1.0.2-1 || 1.0.2.a-1 || 2d || Fixed ({{bug|44227}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000257.html ASA-201503-16] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000258.html ASA-201503-17]<br />
|-<br />
| {{CVE|CVE-2015-1802}} {{CVE|CVE-2015-1803}} {{CVE|CVE-2015-1804}} [http://www.openwall.com/lists/oss-security/2015/03/17/5 templink] || {{pkg|libxfont}} || 2015-03-17 || <= 1.5.0-1 || 1.5.1-1 || <1d || Fixed ({{bug|44226}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000256.html ASA-201503-15]<br />
|-<br />
| {{CVE|CVE-2015-0332}} {{CVE|CVE-2015-0333}} {{CVE|CVE-2015-0334}} {{CVE|CVE-2015-0335}} {{CVE|CVE-2015-0336}} {{CVE|CVE-2015-0337}} {{CVE|CVE-2015-0338}} {{CVE|CVE-2015-0339}} {{CVE|CVE-2015-0340}} {{CVE|CVE-2015-0341}} {{CVE|CVE-2015-0342}} [https://helpx.adobe.com/security/products/flash-player/apsb15-05.html templink] || {{pkg|flashplugin}} || 2015-03-12 || <= 11.2.202.442-1 || 11.2.202.451-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000252.html ASA-201503-11]<br />
|-<br />
| {{CVE|CVE-2014-9687}} [http://www.openwall.com/lists/oss-security/2015/02/10/10 templink] || {{pkg|ecryptfs-utils}} || 2015-02-10 || <= 104-1 || 106-1 || 37d || Fixed ({{bug|44157}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000255.html ASA-201503-14]<br />
|-<br />
| {{CVE|CVE-2015-1782}} [http://www.libssh2.org/adv_20150311.html templink] || {{pkg|libssh2}} || 2015-03-11 || <= 1.4.3-1 || 1.5.0-1 || 29d || Fixed ({{bug|44146}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000279.html ASA-201504-10]<br />
|-<br />
| {{CVE|CVE-2015-2241}} [https://www.djangoproject.com/weblog/2015/mar/09/security-releases/ templink] || {{pkg|python-django}} {{pkg|python2-django}} || 2015-03-09 || <= 1.7.5-1 || 1.7.6-1 || 2d || Fixed ({{bug|44122}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000248.html ASA-201503-7]<br />
|-<br />
| {{CVE|CVE-2015-1212}} {{CVE|CVE-2015-1213}} {{CVE|CVE-2015-1214}} {{CVE|CVE-2015-1215}} {{CVE|CVE-2015-1216}} {{CVE|CVE-2015-1217}} {{CVE|CVE-2015-1218}} {{CVE|CVE-2015-1219}} {{CVE|CVE-2015-1220}} {{CVE|CVE-2015-1221}} {{CVE|CVE-2015-1222}} {{CVE|CVE-2015-1223}} {{CVE|CVE-2015-1224}} {{CVE|CVE-2015-1225}} {{CVE|CVE-2015-1226}} {{CVE|CVE-2015-1227}} {{CVE|CVE-2015-1228}} {{CVE|CVE-2015-1229}} {{CVE|CVE-2015-1230}} {{CVE|CVE-2015-1231}} [http://googlechromereleases.blogspot.fr/2015/03/stable-channel-update.html templink] || {{pkg|chromium}} || 2015-03-03 || <= 40.0.2214.115-1 || 41.0.2272.76-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000245.html ASA-201503-5]<br />
|-<br />
| {{CVE|CVE-2015-1572}} [https://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=49d0fe2a14f2a23da2fe299643379b8c1d37df73 templink] || {{pkg|e2fsprogs}} || 2015-02-06 || <= 1.42.12-1 || 1.42.12-2 || 6d || Fixed ({{bug|44015}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000249.html ASA-201503-8]<br />
|-<br />
| {{CVE|CVE-2015-2157}} [http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/private-key-not-wiped-2.html templink] || {{pkg|putty}} || 2015-03-02 || <= 0.63-1 || 0.64-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000241.html ASA-201503-1]<br />
|-<br />
| {{CVE|CVE-2015-0822}} {{CVE|CVE-2015-0827}} {{CVE|CVE-2015-0831}} {{CVE|CVE-2015-0835}} {{CVE|CVE-2015-0836}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/ templink] || {{pkg|thunderbird}} || 2015-02-24 || <= 31.4.0-1 || 31.5.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000238.html ASA-201502-15]<br />
|-<br />
| {{CVE|CVE-2015-0819}} {{CVE|CVE-2015-0821}} {{CVE|CVE-2015-0822}} {{CVE|CVE-2015-0823}} {{CVE|CVE-2015-0824}} {{CVE|CVE-2015-0825}} {{CVE|CVE-2015-0826}} {{CVE|CVE-2015-0827}} {{CVE|CVE-2015-0829}} {{CVE|CVE-2015-0830}} {{CVE|CVE-2015-0831}} {{CVE|CVE-2015-0832}} {{CVE|CVE-2015-0834}} {{CVE|CVE-2015-0835}} {{CVE|CVE-2015-0836}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2015-02-24 || <= 35.0.1-1 || 36.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000237.html ASA-201502-14]<br />
|-<br />
| {{CVE|CVE-2015-0240}} [https://www.samba.org/samba/history/samba-4.1.17.html templink] || {{pkg|samba}} || 2015-02-23 || <= 4.1.16-1 || 4.1.17-1 || <1d || Fixed ({{bug|43923}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000236.html ASA-201502-13]<br />
|-<br />
| {{CVE|CVE-2014-9636}} [http://www.openwall.com/lists/oss-security/2014/11/02/2 templink] || {{pkg|unzip}} || 2014-11-02 || <= 6.0-9 || 6.0-10 || 75d || Fixed ({{bug|44171}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000250.html ASA-201503-9]<br />
|-<br />
| {{CVE|CVE-2015-1315}} [http://www.openwall.com/lists/oss-security/2015/02/17/4 templink] || {{pkg|unzip}} || 2014-11-02 || <= 6.0-9 || 6.0-9 || - || Not Affected || None<br />
|-<br />
| {{CVE|CVE-2014-9680}} [http://www.sudo.ws/sudo/alerts/tz.html templink] || {{pkg|sudo}} || 2015-02-09 || <= 1.8.12-1 || 1.8.12-1 || 4d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-5352}} {{CVE|CVE-2014-5353}} {{CVE|CVE-2014-5354}} {{CVE|CVE-2014-9421}} {{CVE|CVE-2014-9422}} {{CVE|CVE-2014-9423}} [http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2015-001.txt templink] [http://www.openwall.com/lists/oss-security/2014/12/16/1 templink] || {{pkg|krb5}} || 2015-02-03 || <= 1.13-1 || 1.13.1-1 || 14d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000235.html ASA-201502-12] <br />
|-<br />
| {{CVE|CVE-2015-0255}} [http://www.x.org/wiki/Development/Security/Advisory-2015-02-10/ templink] || {{pkg|xorg-server}} || 2015-02-10 || <= 1.16.3-2|| 1.16.4-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000234.html ASA-201502-11]<br />
|-<br />
| {{CVE|CVE-2015-1191}} [http://www.openwall.com/lists/oss-security/2015/01/18/3 templink] || {{pkg|pigz}} || 2015-01-18 || <= 2.3.1-1 || 2.3.3-1 || 21d || Fixed ({{bug|43748}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000232.html ASA-201502-9]<br />
|-<br />
| {{CVE|CVE-2015-0245}} [http://lists.freedesktop.org/archives/dbus/2015-February/016553.html templink] || {{pkg|dbus}} || 2015-02-09 || <= 1.8.14-1 || 1.8.16-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000233.html ASA-201502-10]<br />
|-<br />
| {{CVE|CVE-2015-1472}} {{CVE|CVE-2015-1473}} || {{pkg|glibc}} || 2015-02-05 || <= 2.20-6 || 2.21-1 ||4d || Fixed ({{bug|43747}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000231.html ASA-201502-8]<br />
|-<br />
| {{CVE|CVE-2014-9297}} {{CVE|CVE-2014-9298}} [http://support.ntp.org/bin/view/Main/SecurityNotice#vallen_is_not_validated_in_sever templink] [http://support.ntp.org/bin/view/Main/SecurityNotice#1_can_be_spoofed_on_some_OSes_so templink]|| {{pkg|ntp}} || 2015-02-04 || <= 4.2.8-1 || 4.2.8.p1-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000230.html ASA-201502-7]<br />
|-<br />
| {{CVE|CVE-2014-9328}} || {{pkg|clamav}} || 2015-01-28 || <= 0.98.5-1 || 0.98.6-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000229.html ASA-201502-6]<br />
|-<br />
| {{CVE|CVE-2015-1209}} {{CVE|CVE-2015-1210}} {{CVE|CVE-2015-1211}} {{CVE|CVE-2015-1212}} [http://googlechromereleases.blogspot.fr/2015/02/stable-channel-update.html templink] || {{pkg|chromium}} || 2015-02-05 || <= 40.0.2214.94-1 || 40.0.2214.111-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000228.html ASA-201502-5]<br />
|-<br />
| {{CVE|CVE-2015-0313}} {{CVE|CVE-2015-0314}} {{CVE|CVE-2015-0315}} {{CVE|CVE-2015-0316}} {{CVE|CVE-2015-0317}} {{CVE|CVE-2015-0318}} {{CVE|CVE-2015-0319}} {{CVE|CVE-2015-0320}} {{CVE|CVE-2015-0321}} {{CVE|CVE-2015-0322}} {{CVE|CVE-2015-0323}} {{CVE|CVE-2015-0324}} {{CVE|CVE-2015-0325}} {{CVE|CVE-2015-0326}} {{CVE|CVE-2015-0327}} {{CVE|CVE-2015-0328}} {{CVE|CVE-2015-0329}} {{CVE|CVE-2015-0330}} [https://helpx.adobe.com/security/products/flash-player/apsb15-04.html templink] || {{pkg|flashplugin}} || 2015-02-05 || <= 11.2.202.440-1 || 11.2.202.442-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000225.html ASA-201502-2]<br />
|-<br />
| {{CVE|CVE-2014-8161}} {{CVE|CVE-2015-0241}} {{CVE|CVE-2015-0243}} {{CVE|CVE-2015-0244}} [http://www.postgresql.org/docs/9.4/static/release-9-4-1.html templink] || {{pkg|postgresql}} || 2015-02-05 || <= 9.4.0-1 || 9.4.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000227.html ASA-201502-4]<br />
|-<br />
| {{CVE|CVE-2015-1380}} {{CVE|CVE-2015-1381}} {{CVE|CVE-2015-1382}} [http://seclists.org/oss-sec/2015/q1/285 templink] || {{pkg|privoxy}} || 2015-01-26 || <= 3.0.22-1 || 3.0.23-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000224.html ASA-201502-1]<br />
|-<br />
| {{CVE|CVE-2015-0235}} [https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-0235 templink] || {{pkg|glibc}} || 2015-01-27 || < 2.18-1 || 2.18-1 || < 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-0311}} {{CVE|CVE-2015-0301}} {{CVE|CVE-2015-0302}} {{CVE|CVE-2015-0303}} {{CVE|CVE-2015-0304}} {{CVE|CVE-2015-0305}} {{CVE|CVE-2015-0306}} {{CVE|CVE-2015-0307}} {{CVE|CVE-2015-0308}} {{CVE|CVE-2015-0309}} [https://helpx.adobe.com/security/products/flash-player/apsb15-01.html templink] || {{pkg|flashplugin}} || 2015-01-23 || <= 11.2.202.438-1 || 11.2.202.440-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000220.html ASA-201501-22]<br />
|-<br />
| {{CVE|CVE-2015-0231}} {{CVE|CVE-2014-9427}} {{CVE|CVE-2015-0232}} [https://bugs.php.net/bug.php?id=68710 templink] [https://bugs.php.net/bug.php?id=68618 templink] [https://bugs.php.net/bug.php?id=68799 templink] || {{pkg|php}} || 2015-01-22 || <= 5.6.4-1 || 5.6.5-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000215.html ASA-201501-17]<br />
|-<br />
| {{CVE|CVE-2014-9638}} {{CVE|CVE-2014-9639}} {{CVE|CVE-2014-9640}} [http://www.openwall.com/lists/oss-security/2015/01/22/9 templink] || {{pkg|vorbis-tools}} || 2015-01-21 || <= 1.4.0-4 || 1.4.0-5 || 64d || Fixed ({{bug|44172}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000265.html ASA-201503-24]<br />
|-<br />
| {{CVE|CVE-2015-1345}} [http://seclists.org/oss-sec/2015/q1/179 templink] || {{pkg|grep}} || 2015-01-18 || <= 2.21-1 || 2.21-2 || 46d || Fixed ({{bug|44017}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000244.html ASA-201503-4]<br />
|-<br />
| {{CVE|CVE-2014-7923}} {{CVE|CVE-2014-7924}} {{CVE|CVE-2014-7925}} {{CVE|CVE-2014-7926}} {{CVE|CVE-2014-7927}} {{CVE|CVE-2014-7928}} {{CVE|CVE-2014-7930}} {{CVE|CVE-2014-7931}} {{CVE|CVE-2014-7929}} {{CVE|CVE-2014-7932}} {{CVE|CVE-2014-7933}} {{CVE|CVE-2014-7934}} {{CVE|CVE-2014-7935}} {{CVE|CVE-2014-7936}} {{CVE|CVE-2014-7937}} {{CVE|CVE-2014-7938}} {{CVE|CVE-2014-7939}} {{CVE|CVE-2014-7940}} {{CVE|CVE-2014-7941}} {{CVE|CVE-2014-7942}} {{CVE|CVE-2014-7943}} {{CVE|CVE-2014-7944}} {{CVE|CVE-2014-7945}} {{CVE|CVE-2014-7946}} {{CVE|CVE-2014-7947}} {{CVE|CVE-2014-7948}} {{CVE|CVE-2015-1205}} [http://googlechromereleases.blogspot.fr/2015/01/stable-update.html templink] || {{pkg|chromium}} || 2015-01-22 || <= 39.0.2171.99-1 || 40.0.2214.91-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000219.html ASA-201501-21]<br />
|-<br />
| {{CVE|CVE-2014-3566}} {{CVE|CVE-2014-6549}} {{CVE|CVE-2014-6585}} {{CVE|CVE-2014-6587}} {{CVE|CVE-2014-6591}} {{CVE|CVE-2014-6593}} {{CVE|CVE-2014-6601}} {{CVE|CVE-2015-0383}} {{CVE|CVE-2015-0395}} {{CVE|CVE-2015-0400}} {{CVE|CVE-2015-0403}} {{CVE|CVE-2015-0406}} {{CVE|CVE-2015-0407}} {{CVE|CVE-2015-0408}} {{CVE|CVE-2015-0410}} {{CVE|CVE-2015-0412}} {{CVE|CVE-2015-0413}} {{CVE|CVE-2015-0421}} {{CVE|CVE-2015-0437}} [http://www.oracle.com/technetwork/topics/security/cpujan2015verbose-1972976.html#JAVA templink] || {{pkg|jdk8-openjdk}} {{pkg|jre8-openjdk}} {{pkg|jre8-openjdk-headless}} || 2015-01-22 || <= 8.u25-2 || 8.u31-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000210.html ASA-201501-14] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000211.html ASA-201501-15] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000212.html ASA-201501-16]<br />
|-<br />
| {{CVE|CVE-2014-3566}} {{CVE|CVE-2014-6585}} {{CVE|CVE-2014-6587}} {{CVE|CVE-2014-6591}} {{CVE|CVE-2014-6593}} {{CVE|CVE-2014-6601}} {{CVE|CVE-2015-0383}} {{CVE|CVE-2015-0395}} {{CVE|CVE-2015-0407}} {{CVE|CVE-2015-0408}} {{CVE|CVE-2015-0410}} {{CVE|CVE-2015-0412}} [http://www.oracle.com/technetwork/topics/security/cpujan2015verbose-1972976.html#JAVA templink] || {{pkg|jdk7-openjdk}} {{pkg|jre7-openjdk}} {{pkg|jre7-openjdk-headless}} || 2015-01-22 || <= 7.u71_2.5.3-3 || 7.u75_2.5.4-1 || || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000216.html ASA-201501-18] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000217.html ASA-201501-19] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000218.html ASA-201501-20]<br />
|-<br />
| {{CVE|CVE-2014-8157}} {{CVE|CVE-2014-8158}} [http://seclists.org/oss-sec/2015/q1/210 templink] || {{pkg|jasper}} || 2015-01-22 || <= 1.900.1-12 || 1.900.1-13 || 5d || Fixed ({{bug|43592}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000222.html ASA-201501-23]<br />
|-<br />
| {{CVE|CVE-2014-8132}} [http://www.libssh.org/2014/12/19/libssh-0-6-4-security-and-bugfix-release/ templink] || {{pkg|libssh}} || 2014-12-19 || <= 0.6.3-1 || 0.6.4-1 || 26d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000208.html ASA-201501-12]<br />
|-<br />
| {{CVE|CVE-2015-1182}} [https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-04 templink] || {{pkg|polarssl}} || 2012-09-19 || <= 1.3.9-1 || 1.3.9-2 || 1d || Fixed ({{bug|43508}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000209.html ASA-201501-13]<br />
|-<br />
| {{CVE|CVE-2012-3505}} [http://www.openwall.com/lists/oss-security/2012/08/18/1 templink] || {{pkg|tinyproxy}} || 2012-09-10 || <= 1.8.3-1 || 1.8.4-1 || > 740d || Fixed ({{bug|38400}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000207.html ASA-201501-11]<br />
|-<br />
| {{CVE|CVE-2014-9447}} [https://git.fedorahosted.org/cgit/elfutils.git/commit/?id=147018e729e7c22eeabf15b82d26e4bf68a0d18e templink] || {{pkg|elfutils}} || 2015-01-19 || <= 0.161-2 || 0.161-3 || 42d || Fixed ({{bug|44019}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000242.html ASA-201503-2]<br />
|-<br />
| {{CVE|CVE-2014-9447}} [https://git.fedorahosted.org/cgit/elfutils.git/commit/?id=147018e729e7c22eeabf15b82d26e4bf68a0d18e templink] || {{pkg|lib32-elfutils}} || 2015-01-19 || <= 0.161-1 || 0.161-2 || 42d || Fixed ({{bug|44020}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000243.html ASA-201503-3]<br />
|-<br />
| {{CVE|CVE-2014-8143}} [https://www.samba.org/samba/security/CVE-2014-8143 templink] || {{pkg|samba}} || 2015-01-15 || <= 4.1.15-1 || 4.1.16-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000206.html ASA-201501-10]<br />
|-<br />
| {{CVE|CVE-2015-1197}} [http://www.openwall.com/lists/oss-security/2015/01/18/7 templink] || {{pkg|cpio}} || 2015-01-16 || <= 2.11-5 || 2.11-6 || 65d || Fixed ({{bug|44173}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000263.html ASA-201503-22]<br />
|-<br />
| {{CVE|CVE-2015-1196}} {{CVE|CVE-2014-9637}} [http://www.openwall.com/lists/oss-security/2015/01/18/6 templink] [https://savannah.gnu.org/bugs/?44051 templink] || {{pkg|patch}} || 2015-01-14 || <= 2.7.1-3 || 2.7.3-1 || 14d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000223.html ASA-201501-24]<br />
|-<br />
| {{CVE|CVE-2014-9571}} {{CVE|CVE-2014-9572}} {{CVE|CVE-2014-9573}} {{CVE|CVE-2014-9624}} {{CVE|CVE-2015-1042}} [http://www.openwall.com/lists/oss-security/2015/01/17/1 templink] [http://www.openwall.com/lists/oss-security/2015/01/17/3 templink] [http://www.openwall.com/lists/oss-security/2015/01/17/2 templink] [http://www.openwall.com/lists/oss-security/2015/01/18/11 templink] || {{pkg|mantisbt}} || 2015-01-17 || <= 1.2.18-1 || 1.2.19-1 || 20d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000226.html ASA-201502-3]<br />
|-<br />
| {{CVE|CVE-2014-8634}} {{CVE|CVE-2014-8635}} {{CVE|CVE-2014-8638}} {{CVE|CVE-2014-8639}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/ templink] || {{pkg|thunderbird}} || 2015-01-13 || <= 31.3.0-1 || 31.4.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000203.html ASA-201501-7]<br />
|-<br />
| {{CVE|CVE-2014-8634}} {{CVE|CVE-2014-8635}} {{CVE|CVE-2014-8636}} {{CVE|CVE-2014-8637}} {{CVE|CVE-2014-8638}} {{CVE|CVE-2014-8639}} {{CVE|CVE-2014-8640}} {{CVE|CVE-2014-8641}} {{CVE|CVE-2014-8642}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2015-01-13 || <= 34.0.5-1 || 35.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000202.html ASA-201501-6]<br />
|-<br />
| {{CVE|CVE-2014-3571}} {{CVE|CVE-2015-0206}} {{CVE|CVE-2014-3569}} {{CVE|CVE-2014-3572}} {{CVE|CVE-2015-0205}} {{CVE|CVE-2014-8275}} {{CVE|CVE-2014-3570}} [https://www.openssl.org/news/secadv_20150108.txt templink] || {{pkg|openssl}} || 2015-01-08 || <= 1.0.1.j-1 || 1.0.1.k-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000198.html ASA-201501-2]<br />
|-<br />
| {{CVE|CVE-2014-8150}} [http://curl.haxx.se/docs/adv_20150108B.html templink] || {{pkg|curl}} || 2015-01-08 || <= 7.39.0-1 || 7.40.0-1 || 10d || Fixed ({{bug|43379}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000205.html ASA-201501-9]<br />
|-<br />
| {{CVE|CVE-2014-6272}} [http://archives.seul.org/libevent/users/Jan-2015/msg00010.html templink] || {{pkg|libevent}} || 2015-01-05 || <= 2.0.21-3 || 2.0.22-1 || 7d || Fixed ({{bug|43366}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000200.html ASA-201501-4] <br />
|-<br />
| {{CVE|CVE-2014-8139}} {{CVE|CVE-2014-8140}} {{CVE|CVE-2014-8141}} [http://www.ocert.org/advisories/ocert-2014-011.html templink] || {{pkg|unzip}} || 2014-12-22 || <= 6.0-7 || 6.0-9 || 17d || Fixed ({{bug|43300}}) ({{bug|43391}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000199.html ASA-201501-3]<br />
|-<br />
| {{CVE|CVE-2014-6395}} {{CVE|CVE-2014-6396}} {{CVE|CVE-2014-9376}} {{CVE|CVE-2014-9377}} {{CVE|CVE-2014-9378}} {{CVE|CVE-2014-9379}} {{CVE|CVE-2014-9380}} {{CVE|CVE-2014-9381}} [https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/ templink] || {{pkg|ettercap}} {{pkg|ettercap-gtk}} || 2014-12-16 || <= 0.8.1-2 || 0.8.2-1 || 89d || Fixed ({{bug|44174}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000253.html ASA-201503-12] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000254.html ASA-201503-13]<br />
|-<br />
| {{CVE|CVE-2014-9425}} [https://bugs.php.net/bug.php?id=68676 templink] || {{pkg|php}} || 2014-12-29 || <= 5.6.4-1 || 5.6.5-1 || 6d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-9295}} {{CVE|CVE-2014-9296}} [http://support.ntp.org/bin/view/Main/SecurityNotice#Buffer_overflow_in_ctl_putdata templink] || {{pkg|ntp}} || 2014-12-19 || < 4.2.8-1 || 4.2.8-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000189.html ASA-201412-24]<br />
|-<br />
| {{CVE|CVE-2014-8142}} [https://bugzilla.redhat.com/show_bug.cgi?id=1175718 templink] || {{pkg|php}} || 2014-12-18 || <= 5.6.3-1 || 5.6.4-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000183.html ASA-201412-23]<br />
|-<br />
| {{CVE|CVE-2014-8137}} {{CVE|CVE-2011-4516}} {{CVE|CVE-2011-4517}} [https://marc.info/?l=oss-security&m=141891163026757&w=2 templink] || {{pkg|jasper}} || 2014-12-18 || <= 1.900.1-11 || 1.900.1-12 || 1d || Fixed ({{bug|43155}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000182.html ASA-201412-22]<br />
|-<br />
| {{CVE|CVE-2014-9029}} [https://marc.info/?l=oss-security&m=141770163916268&w=2 templink] || {{pkg|jasper}} || 2014-12-04 || <= 1.900.1-10 || 1.900.1-12 || 6d || Fixed ({{bug|43044}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000182.html ASA-201412-22]<br />
|-<br />
| {{CVE|CVE-2012-3406}} {{CVE|CVE-2014-9402}} [http://www.openwall.com/lists/oss-security/2014/12/18/1 templink] || {{pkg|glibc}} {{pkg|lib32-glibc}} || 2014-12-17 || <= 2.20-4 || 2.20-5 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000181.html ASA-201412-21]<br />
|-<br />
| {{CVE|CVE-2014-9253}} [http://seclists.org/oss-sec/2014/q4/1050 templink] || {{pkg|dokuwiki}} || 2014-12-15 || <= 20140929_a-1 || 20140929_b-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000177.html ASA-201412-19]<br />
|-<br />
| {{CVE|CVE-2014-3580}} {{CVE|CVE-2014-8108}} [https://subversion.apache.org/security/CVE-2014-3580-advisory.txt templink] [https://subversion.apache.org/security/CVE-2014-8108-advisory.txt templink] || {{pkg|subversion}} || 2014-12-16 || <= 1.8.10-1 || 1.8.11-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000175.html ASA-201412-17]<br />
|-<br />
| {{CVE|CVE-2014-9356}} {{CVE|CVE-2014-9357}} {{CVE|CVE-2014-9358}} [http://www.securityfocus.com/archive/1/534215 templink] || {{pkg|docker}} || 2014-12-12 || <= 1:1.3.2-1 || 1:1.4.0-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000174.html ASA-201412-16]<br />
|-<br />
| {{CVE|CVE-2013-1752}} {{CVE|CVE-2013-1753}} {{CVE|CVE-2014-9365}} [https://hg.python.org/cpython/raw-file/v2.7.9/Misc/NEWS templink] || {{pkg|python2}} || 2014-12-11 || <= 2.7.8-1 || 2.7.9-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000173.html ASA-201412-15]<br />
|-<br />
| {{CVE|CVE-2014-0580}} {{CVE|CVE-2014-0587}} {{CVE|CVE-2014-8443}} {{CVE|CVE-2014-9162}} {{CVE|CVE-2014-9163}} {{CVE|CVE-2014-9164}} [https://helpx.adobe.com/security/products/flash-player/apsb14-27.html templink] || {{pkg|flashplugin}} || 2014-12-09 || <= 11.2.202.424-1 || 11.2.202.425-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000171.html ASA-201412-13]<br />
|-<br />
| {{CVE|CVE-2014-8091}} {{CVE|CVE-2014-8092}} {{CVE|CVE-2014-8093}} {{CVE|CVE-2014-8094}} {{CVE|CVE-2014-8095}} {{CVE|CVE-2014-8096}} {{CVE|CVE-2014-8097}} {{CVE|CVE-2014-8098}} {{CVE|CVE-2014-8099}} {{CVE|CVE-2014-8100}} {{CVE|CVE-2014-8101}} {{CVE|CVE-2014-8102}} {{CVE|CVE-2014-8103}} [http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/ templink] || {{pkg|xorg-server}} || 2014-12-09 || <= 1.16.2-1 || 1.16.2.901-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000172.html ASA-201412-14]<br />
|-<br />
| {{CVE|CVE-2014-8093}} {{CVE|CVE-2014-8098}} {{CVE|CVE-2014-8298}} [https://nvidia.custhelp.com/app/answers/detail/a_id/3610 templink] || {{pkg|nvidia}} {{pkg|nvidia-lts}} || 2014-12-09 || <= 343.22-6 || 343.36-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000170.html ASA-201412-12]<br />
|-<br />
| {{CVE|CVE-2014-8093}} {{CVE|CVE-2014-8098}} {{CVE|CVE-2014-8298}} [https://nvidia.custhelp.com/app/answers/detail/a_id/3610 templink] || {{pkg|nvidia-340xx}} {{pkg|nvidia-340xx-lts}} || 2014-12-09 || <= 340.58-3 || 340.65-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000169.html ASA-201412-11]<br />
|-<br />
| {{CVE|CVE-2014-8093}} {{CVE|CVE-2014-8098}} {{CVE|CVE-2014-8298}} [https://nvidia.custhelp.com/app/answers/detail/a_id/3610 templink] || {{pkg|nvidia-304xx}} {{pkg|nvidia-304xx-lts}} || 2014-12-09 || < 304.125-1 || 304.125-1 || < 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000168.html ASA-201412-10]<br />
|-<br />
| {{CVE|CVE-2014-8601}} [http://doc.powerdns.com/md/security/powerdns-advisory-2014-02/ templink] || {{pkg|powerdns-recursor}} || 2014-12-09 || <= 3.6.1-1 || 3.6.2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000167.html ASA-201412-9]<br />
|-<br />
| {{CVE|CVE-2014-8602}} [https://unbound.net/downloads/CVE-2014-8602.txt templink] || {{pkg|unbound}} || 2014-12-09 || <= 1.5.0-1 || 1.5.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000166.html ASA-201412-8]<br />
|-<br />
| {{CVE|CVE-2014-8500}} {{CVE|CVE-2014-8680}} [http://svnweb.freebsd.org/ports?view=revision&revision=374305 templink] || {{pkg|bind}} || 2014-12-08 || <= 9.10.1-2 || 9.10.1.P1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000165.html ASA-201412-7]<br />
|-<br />
| {{CVE|CVE-2014-9274}} {{CVE|CVE-2014-9275}} [http://seclists.org/oss-sec/2014/q4/904 templink] || {{pkg|unrtf}} || 2014-12-04 || <= 0.21.5-1 || 0.21.7-1 || 10d || Fixed ({{bug|43131}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000178.html ASA-201412-20]<br />
|-<br />
| {{CVE|CVE-2014-1587}} {{CVE|CVE-2014-1588}} {{CVE|CVE-2014-1589}} {{CVE|CVE-2014-1590}} {{CVE|CVE-2014-1591}} {{CVE|CVE-2014-1592}} {{CVE|CVE-2014-1593}} {{CVE|CVE-2014-1594}} {{CVE|CVE-2014-8631}} {{CVE|CVE-2014-8632}} [https://www.mozilla.org/fr/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2014-12-02 || <= 33.1.1-1 || 34.0.5-1 || < 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000161.html ASA-201412-3]<br />
|-<br />
| {{CVE|CVE-2014-9157}} [http://seclists.org/oss-sec/2014/q4/872 templink] || {{pkg|graphviz}} || 2014-11-25 || <= 2.38.0-2 || 2.38.0-3 || 8d || Fixed ({{bug|42983}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000162.html ASA-201412-4]<br />
|-<br />
| {{CVE|CVE-2014-8123}} [http://seclists.org/oss-sec/2014/q4/874 templink] || {{pkg|antiword}} || 2014-12-01 || <= 0.37-4 || 0.37-5 || 3d || Fixed ({{bug|42982}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000163.html ASA-201412-5]<br />
|-<br />
| {{CVE|CVE-2014-8104}} [https://forums.openvpn.net/topic17625.html templink] || {{pkg|openvpn}} || 2014-11-30 || <= 2.3.5-1 || 2.3.6-1 || 4d || Fixed ({{bug|42975}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000160.html ASA-201412-2]<br />
|-<br />
| {{CVE|CVE-2014-9087}} [http://seclists.org/oss-sec/2014/q4/801 templink] || {{pkg|gnupg}} || 2014-11-25 || <= 2.1.0-5 || 2.1.0-6 || 4d || Fixed ({{bug|42943}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000159.html ASA-201412-1]<br />
|-<br />
| {{CVE|CVE-2014-9087}} [http://seclists.org/oss-sec/2014/q4/801 templink] || {{pkg|libksba}} || 2014-11-25 || <= 1.3.1-1 || 1.3.2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000156.html ASA-201411-31]<br />
|-<br />
| {{CVE|CVE-2014-9114}} [http://seclists.org/oss-sec/2014/q4/819 templink] || {{pkg|util-linux}} || 2014-11-27 || <= 2.25.2-1 || 2.26.1-3 || 117d || Fixed ({{bug|43886}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000264.html ASA-201503-23]<br />
|-<br />
| {{CVE|CVE-2014-9112}} [http://seclists.org/oss-sec/2014/q4/818 templink] || {{pkg|cpio}} || 2014-11-26 || <= 2.11-4 || 2.11-5 || 20d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000201.html ASA-201501-5]<br />
|-<br />
| {{CVE|CVE-2014-9116}} [http://seclists.org/oss-sec/2014/q4/835 templink] || {{pkg|mutt}} || 2014-11-27 || <= 1.5.23-1 || 1.5.23-2 || 71d || Fixed ({{bug|44110}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000247.html ASA-201503-6]<br />
|-<br />
| {{CVE|CVE-2014-9093}} [https://bugs.freedesktop.org/show_bug.cgi?id=86449 templink] || {{pkg|libreoffice-fresh}} || 2014-11-19 || <= 4.3.4-1 ||4.3.5-1 || 31d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-9092}} [https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768369#114 templink] || {{pkg|libjpeg-turbo}} || 2014-11-26 || <= 1.3.1-2 || 1.3.1-3 || 2d || Fixed ({{bug|42922}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000158.html ASA-201411-33]<br />
|-<br />
| {{CVE|CVE-2014-9272}} {{CVE|CVE-2014-9270}} {{CVE|CVE-2014-8987}} {{CVE|CVE-2014-9271}} {{CVE|CVE-2014-9281}} {{CVE|CVE-2014-8986}} {{CVE|CVE-2014-9269}} {{CVE|CVE-2014-9280}} {{CVE|CVE-2014-9089}} {{CVE|CVE-2014-9279}} {{CVE|CVE-2014-8988}} {{CVE|CVE-2014-8553}} {{CVE|CVE-2014-6387}} {{CVE|CVE-2014-6316}} {{CVE|CVE-2014-9117}} [https://www.mantisbt.org/bugs/view.php?id=17841 templink] [https://www.mantisbt.org/bugs/view.php?id=17811 templink] [http://seclists.org/oss-sec/2014/q4/955 templink] || {{pkg|mantisbt}} || 2014-11-25 || <= 1.2.17-4 || 1.2.18-1 || 13d || Fixed ({{bug|42920}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000164.html ASA-201412-6]<br />
|-<br />
| {{CVE|CVE-2014-9090}} [https://marc.info/?l=oss-security&m=141698775601426&w=2 templink] || {{pkg|linux}} {{pkg|linux-lts}} || 2014-11-26 || <= 3.18-rc6 || 3.19 || - || Not Affected || None<br />
|-<br />
| {{CVE|CVE-2014-9018}} {{CVE|CVE-2014-9091}} [http://seclists.org/oss-sec/2014/q4/694 templink] || {{pkg|icecast}} || 2014-11-20 || <= 2.4.0-1 || 2.4.1-1 || 8d || Fixed ({{bug|42912}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000157.html ASA-201411-32]<br />
|-<br />
| {{CVE|CVE-2014-8964}} [http://bugs.exim.org/show_bug.cgi?id=1546 templink] || {{pkg|pcre}} || 2014-11-18 || <= 8.36-1 || 8.36-2 || 8d || Fixed ({{bug|42860}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000154.html ASA-201411-29]<br />
|-<br />
| {{CVE|CVE-2014-8962}} {{CVE|CVE-2014-9028}} [http://www.ocert.org/advisories/ocert-2014-008.html templink] || {{pkg|flac}} || 2014-11-25 || <= 1.3.0-4 || 1.3.0-5 || < 1d || Fixed ({{bug|42898}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000155.html ASA-201411-30]<br />
|-<br />
| {{CVE|CVE-2014-7899}} {{CVE|CVE-2014-7900}} {{CVE|CVE-2014-7901}} {{CVE|CVE-2014-7902}} {{CVE|CVE-2014-7903}} {{CVE|CVE-2014-7904}} {{CVE|CVE-2014-7906}} {{CVE|CVE-2014-7907}} {{CVE|CVE-2014-7908}} {{CVE|CVE-2014-7909}} {{CVE|CVE-2014-7910}} [http://googlechromereleases.blogspot.in/2014/11/stable-channel-update_18.html templink] || {{pkg|chromium}} || 2014-11-20 || <= 38.0.2125.122-1 || 39.0.2171.65-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000151.html ASA-201411-26]<br />
|-<br />
| {{CVE|CVE-2014-9015}} {{CVE|CVE-2014-9016}} [http://seclists.org/oss-sec/2014/q4/697 templink] || {{pkg|drupal}} || 2014-11-19 || <= 7.33-1 || 7.34-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000150.html ASA-201411-25]<br />
|-<br />
| {{CVE|CVE-2013-6497}} [http://seclists.org/oss-sec/2014/q4/673 templink] || {{pkg|clamav}} || 2014-11-18 || <= 0.98.4-1 || 0.98.5-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000146.html ASA-201411-21]<br />
|-<br />
| {{CVE|CVE-2014-7817}} [https://sourceware.org/bugzilla/show_bug.cgi?id=17625 templink] || {{pkg|glibc}} {{pkg|lib32-glibc}} || 2014-11-19 || <= 2.20-2 || 2.20.3 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000152.html ASA-201411-27]<br />
|-<br />
| {{CVE|CVE-2014-8600}} [https://www.kde.org/info/security/advisory-20141113-1.txt templink] || {{pkg|kwebkitpart}} || 2014-11-18 || <= 1.3.4-2 || 1.3.4-3 || 4d || Fixed ({{bug|44170}} {{bug|42775}}) || None<br />
|-<br />
| {{CVE|CVE-2014-8767}} {{CVE|CVE-2014-8768}} {{CVE|CVE-2014-8769}} {{CVE|CVE-2014-9140}} {{CVE|CVE-2015-0261}} {{CVE|CVE-2015-2153}} {{CVE|CVE-2015-2154}} {{CVE|CVE-2015-2155}} [http://www.securityfocus.com/archive/1/534011/30/0/threaded templink] [http://www.securityfocus.com/archive/1/534010/30/0/threaded templink] [http://www.securityfocus.com/archive/1/534009/30/0/threaded templink] [https://github.com/the-tcpdump-group/tcpdump/commit/0f95d441e4b5d7512cc5c326c8668a120e048eda templink] || {{pkg|tcpdump}} || 2014-11-18 || <= 4.6.2-1 || 4.7.3-1 || 88d || Fixed ({{bug|44153}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000261.html ASA-201503-20]<br />
|-<br />
| {{CVE|CVE-2014-8090}} || {{pkg|ruby}} || 2014-11-13 || <= 2.1.4-1 || 2.1.5-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000141.html ASA-201411-16]<br />
|-<br />
| {{CVE|CVE-2014-7823}} || {{pkg|libvirt}} || 2014-11-13 || <= 1.2.10-1 ||1.2.11-1 ||33d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-8710}} {{CVE|CVE-2014-8711}} {{CVE|CVE-2014-8712}} {{CVE|CVE-2014-8713}} {{CVE|CVE-2014-8714}} [https://www.wireshark.org/security/wnpa-sec-2014-20.html templink] [https://www.wireshark.org/security/wnpa-sec-2014-21.html templink] [https://www.wireshark.org/security/wnpa-sec-2014-22.html templink] || {{pkg|wireshark-cli}} {{pkg|wireshark-gtk}} {{pkg|wireshark-qt}} || 2014-11-13 || <= 1.12.1-1 || 1.12.2-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000147.html ASA-201411-22] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000148.html ASA-201411-23] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000149.html ASA-201411-24]<br />
|-<br />
| {{CVE|CVE-2014-0573}} {{CVE|CVE-2014-0574}} {{CVE|CVE-2014-0576}} {{CVE|CVE-2014-0577}} {{CVE|CVE-2014-0581}} {{CVE|CVE-2014-0582}} {{CVE|CVE-2014-0583}} {{CVE|CVE-2014-0584}} {{CVE|CVE-2014-0585}} {{CVE|CVE-2014-0586}} {{CVE|CVE-2014-0588}} {{CVE|CVE-2014-0589}} {{CVE|CVE-2014-0590}} {{CVE|CVE-2014-8437}} {{CVE|CVE-2014-8438}} {{CVE|CVE-2014-8440}} {{CVE|CVE-2014-8441}} {{CVE|CVE-2014-8442}} [https://helpx.adobe.com/security/products/flash-player/apsb14-24.html templink] || {{pkg|flashplugin}} || 2014-11-11 || <= 11.2.202.411-1 || 11.2.202.418-1 || <1d || Fixed ({{bug|42769}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000136.html ASA-201411-11]<br />
|-<br />
| {{CVE|CVE-2014-3710}} [https://bugzilla.redhat.com/show_bug.cgi?id=1155071 templink] || {{pkg|php}} || 2014-10-29 || <= 5.6.2-2 || 5.6.3-1 || 14d || Fixed ({{bug|42764}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000138.html ASA-201411-13]<br />
|-<br />
| {{CVE|CVE-2014-8564}} [http://www.gnutls.org/security.html#GNUTLS-SA-2014-5 templink]|| {{pkg|gnutls}} || 2014-11-10 || <= 3.3.9-1 ||3.3.10-1 ||<1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000135.html ASA-201411-10]<br />
|-<br />
| {{CVE|CVE-2014-8716}} [http://seclists.org/oss-sec/2014/q4/591 templink]|| {{pkg|imagemagick}} || 2014-11-12 || <= 6.8.9.9-1 || 6.8.9.10-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000137.html ASA-201411-12]<br />
|-<br />
| {{CVE|CVE-2014-3710}} [https://bugzilla.redhat.com/show_bug.cgi?id=1155071 templink] || {{pkg|file}} || 2014-10-29 || <= 5.20-1 || 5.20-2 || 12d || Fixed ({{bug|42759}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000134.html ASA-201411-9]<br />
|-<br />
| {{CVE|CVE-2014-1569}} [https://bugzilla.mozilla.org/show_bug.cgi?id=1064670 templink] || {{pkg|nss}} || 2014-11-07 || <= 3.17.2-1 || 3.17.3-1 || 22d || Fixed ({{bug|42760}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000176.html ASA-201412-18]<br />
|-<br />
| {{CVE|CVE-2014-7824}} [http://www.openwall.com/lists/oss-security/2014/11/10/2 templink] || {{pkg|dbus}} || 2014-11-10 || <= 1.8.8-1 || 1.8.10-1 || 14d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000153.html ASA-201411-28]<br />
|-<br />
| {{CVE|CVE-2014-8598}} {{CVE|CVE-2014-7146}} [http://www.openwall.com/lists/oss-security/2014/11/07/27 templink] [http://www.openwall.com/lists/oss-security/2014/11/07/28 templink]|| {{pkg|mantisbt}} || 2014-11-08 || <= 1.2.17-3 || 1.2.17-4 || <4d || Fixed ({{bug|42761}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000133.html ASA-201411-8]<br />
|-<br />
| {{CVE|CVE-2014-8483}} [https://www.kde.org/info/security/advisory-20141104-1.txt templink] || {{pkg|konversation}} || 2014-11-04 || <= 1.5-1 || 1.5.1-1 || <4d || Fixed ({{bug|42698}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000130.html ASA-201411-5]<br />
|-<br />
| {{CVE|CVE-2014-3707}} [http://curl.haxx.se/docs/adv_20141105.html templink]|| {{pkg|curl}} || 2014-11-05 || <= 7.38.0-3 || 7.39.0-1 || 6d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000132.html ASA-201411-7]<br />
|-<br />
| {{CVE|CVE-2014-8651}} [http://seclists.org/oss-sec/2014/q4/520 templink]|| {{pkg|kdebase-workspace}} || 2014-11-04 || <= 4.11.13-1 || 4.11.13-2 || 6d || Fixed ({{bug|42679}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000131.html ASA-201411-6]<br />
|-<br />
| {{CVE|CVE-2014-8627}} {{CVE|CVE-2014-8628}} [http://www.openwall.com/lists/oss-security/2014/11/04/6 templink]|| {{pkg|polarssl}} || 2014-10-23 || <= 1.3.8-3 || 1.3.9-1 || 11d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000129.html ASA-201411-4]<br />
|-<br />
| {{CVE|CVE-2014-8321}} {{CVE|CVE-2014-8322}} {{CVE|CVE-2014-8323}} {{CVE|CVE-2014-8324}} [http://www.securityfocus.com/archive/1/533869/30/0/threaded templink]|| {{pkg|aircrack-ng}} || 2014-11-02 || <= 1.2beta3-1 || 1.2rc1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000127.html ASA-201411-2]<br />
|-<br />
| {{CVE|CVE-2014-8554}} [http://www.openwall.com/lists/oss-security/2014/10/30/9 templink]|| {{pkg|mantisbt}} || 2014-10-30 || <= 1.2.17-2 || 1.2.17-3 || 5d || Fixed ({{bug|42683}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000128.html ASA-201411-3]<br />
|-<br />
| {{CVE|CVE-2014-8354}} {{CVE|CVE-2014-8355}} {{CVE|CVE-2014-8561}} {{CVE|CVE-2014-8562}} [http://seclists.org/oss-sec/2014/q4/466 templink]|| {{pkg|imagemagick}} || 2014-10-29 || <= 6.8.9.8-1 || 6.8.9.9-1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-8517}} [http://seclists.org/oss-sec/2014/q4/459 templink]|| {{pkg|tnftp}} || 2014-10-28 || <= 20130505-2 || 20141031-1 || 4d || Fixed ({{bug|42646}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000126.html ASA-201411-1]<br />
|-<br />
| {{CVE|CVE-2014-4877}} [http://git.savannah.gnu.org/cgit/wget.git/commit/?id=18b0979357ed7dc4e11d4f2b1d7e0f5932d82aa7 templink]|| {{pkg|wget}} || 2014-10-27 || <= 1.15-1 || 1.16-1 || <2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000125.html ASA-201410-14]<br />
|-<br />
| {{CVE|CVE-2014-8484}} {{CVE|CVE-2014-8485}} {{CVE|CVE-2014-8501}} {{CVE|CVE-2014-8502}} {{CVE|CVE-2014-8503}} {{CVE|CVE-2014-8504}} {{CVE|CVE-2014-8737}} {{CVE|CVE-2014-8738}} [http://seclists.org/oss-sec/2014/q4/424 templink] [http://seclists.org/oss-sec/2014/q4/599 tmplink] [http://seclists.org/oss-sec/2014/q4/600 templink] || {{pkg|avr-binutils}} || 2014-10-23 || <= 2.24-2 || 2.24-3 || 27d || Fixed ({{bug|42773}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000145.html ASA-201411-20]<br />
|-<br />
| {{CVE|CVE-2014-8484}} {{CVE|CVE-2014-8485}} {{CVE|CVE-2014-8501}} {{CVE|CVE-2014-8502}} {{CVE|CVE-2014-8503}} {{CVE|CVE-2014-8504}} {{CVE|CVE-2014-8737}} {{CVE|CVE-2014-8738}} [http://seclists.org/oss-sec/2014/q4/424 templink] [http://seclists.org/oss-sec/2014/q4/599 tmplink] [http://seclists.org/oss-sec/2014/q4/600 templink] || {{pkg|mingw-w64-binutils}} || 2014-10-23 || <= 2.24-1 || 2.24-2 || 26d || Fixed ({{bug|42773}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000144.html ASA-201411-19]<br />
|-<br />
| {{CVE|CVE-2014-8484}} {{CVE|CVE-2014-8485}} {{CVE|CVE-2014-8501}} {{CVE|CVE-2014-8502}} {{CVE|CVE-2014-8503}} {{CVE|CVE-2014-8504}} {{CVE|CVE-2014-8737}} {{CVE|CVE-2014-8738}} [http://seclists.org/oss-sec/2014/q4/424 templink] [http://seclists.org/oss-sec/2014/q4/599 tmplink] [http://seclists.org/oss-sec/2014/q4/600 templink] || {{pkg|arm-none-eabi-binutils}} || 2014-10-23 || <= 2.24-2 || 2.24-3 || 26d || Fixed ({{bug|42773}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000143.html ASA-201411-18]<br />
|-<br />
| {{CVE|CVE-2014-8484}} {{CVE|CVE-2014-8485}} {{CVE|CVE-2014-8501}} {{CVE|CVE-2014-8502}} {{CVE|CVE-2014-8503}} {{CVE|CVE-2014-8504}} {{CVE|CVE-2014-8737}} {{CVE|CVE-2014-8738}} [http://seclists.org/oss-sec/2014/q4/424 templink] [http://seclists.org/oss-sec/2014/q4/599 tmplink] [http://seclists.org/oss-sec/2014/q4/600 templink] || {{pkg|binutils}} || 2014-10-23 || <= 2.24-7 || 2.24-8 || 26d || Fixed ({{bug|42773}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000142.html ASA-201411-17]<br />
|-<br />
| {{CVE|CVE-2014-8559}} [http://www.openwall.com/lists/oss-security/2014/10/30/7 templink] || {{pkg|linux}}, {{pkg|linux-lts}} || 2014-10-30 || <= 3.17.3-1, <= 3.14.24-1 ||3.17.4-1 3.14.25-1 || ~23d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-3610}} {{CVE|CVE-2014-3611}} {{CVE|CVE-2014-3646}} {{CVE|CVE-2014-3647}} {{CVE|CVE-2014-7825}} {{CVE|CVE-2014-7826}} {{CVE|CVE-2014-8369}} [http://permalink.gmane.org/gmane.comp.security.oss.general/14526 templink] [http://seclists.org/oss-sec/2014/q4/548 templink] || {{pkg|linux}}, {{pkg|linux-lts}} || 2014-10-21 || <= 3.17.2-1, <= 3.14.23-1 || 3.17.3-1, 3.14.24-1 || || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000139.html ASA-201411-14] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000140.html ASA-201411-15]<br />
|-<br />
| {{CVE|CVE-2014-8480}} {{CVE|CVE-2014-8481}} [http://permalink.gmane.org/gmane.comp.security.oss.general/14526 templink] || {{pkg|linux}} || 2014-10-21 || <= 3.17.2-1 || 3.17.3-1 || || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000139.html ASA-201411-14]<br />
|-<br />
| {{CVE|CVE-2014-3695}} {{CVE|CVE-2014-3696}} {{CVE|CVE-2014-3698}} [https://pidgin.im/news/security/ templink] || {{pkg|libpurple}} || 2014-10-22 || <= 2.10.9-2 || 2.10.10-1 || < 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000120.html ASA-201410-9]<br />
|-<br />
| {{CVE|CVE-2014-8760}} || {{pkg|ejabberd}} || 2014-10-13 || <= 14.07-1 || 14.07-2 || 14d || Fixed ({{bug|42541}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000124.html ASA-201410-13]<br />
|-<br />
| {{CVE|CVE-2014-3686}} || {{pkg|wpa_supplicant}}, {{pkg|hostapd}} || 2014-10-09 || <= 2.2-2 || 2.3-1 || ~10d || Fixed ({{bug|42401}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000119.html ASA-201410-8]<br />
|-<br />
| {{CVE|CVE-2014-0191}} {{CVE|CVE-2014-3660}} || {{pkg|libxml2}} || 2014-10-16 || <= 2.9.1-5 || 2.9.2-1 || 8d || Fixed ({{bug|40790}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000123.html ASA-201410-12]<br />
|-<br />
| {{CVE|CVE-2014-3704}} [https://www.drupal.org/SA-CORE-2014-005 templink] || {{pkg|drupal}} || 2014-10-15 || <= 7.31-2 || 7.32-1 || 1d || Fixed ({{bug|42388}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000118.html ASA-201410-7]<br />
|-<br />
| {{CVE|CVE-2014-3513}} {{CVE|CVE-2014-3566}} {{CVE|CVE-2014-3567}} {{CVE|CVE-2014-3568}} [https://www.openssl.org/news/secadv_20141015.txt templink] [https://www.openssl.org/~bodo/ssl-poodle.pdf temp link] || {{pkg|openssl}} || 2014-10-15 || <= 1.0.1.i-1 || 1.0.1.j-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000117.html ASA-201410-6]<br />
|-<br />
| {{CVE|CVE-2014-8242}} [http://www.openwall.com/lists/oss-security/2014/10/13/2 temp link] || {{pkg|librsync}} || 2014-10-12 || <= 0.9.7-7 || 1.0.0-1 || 166d || Fixed ({{bug|44175}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000251.html ASA-201503-10]<br />
|-<br />
| {{CVE|CVE-2014-7203}} {{CVE|CVE-2014-7202}} [http://seclists.org/oss-sec/2014/q3/776 temp link] || {{pkg|zeromq}} || 2014-09-27 || <= 4.0.4-4 || 4.0.5-1 || 18d || Fixed ({{bug|42381}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000116.html ASA-201410-4]<br />
|-<br />
| {{CVE|CVE-2014-6051}} {{CVE|CVE-2014-6052}} {{CVE|CVE-2014-6053}} {{CVE|CVE-2014-6054}} {{CVE|CVE-2014-6055}} [http://seclists.org/oss-sec/2014/q3/639 temp link] || {{pkg|libvncserver}} || 2014-09-23 || <= 0.9.9-3 || 0.9.10-1 || 31d || Fixed ({{bug|42321}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000121.html ASA-201410-10]<br />
|-<br />
| {{CVE|CVE-2014-3683}} [http://www.rsyslog.com/remote-syslog-pri-vulnerability-cve-2014-3683/ temp link] || {{pkg|rsyslog}} || 2014-10-02 || <= 8.4.1-1 || 8.4.2-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000115.html ASA-201410-5]<br />
|-<br />
| {{CVE|CVE-2014-7204}} [http://seclists.org/oss-sec/2014/q3/842 temp link] || {{pkg|ctags}} || 2014-09-29 || <= 5.8-4 || 5.8-5 || 26d || Fixed ({{bug|42246}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000122.html ASA-201410-11]<br />
|-<br />
| {{CVE|CVE-2014-7295}} [https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-October/000163.html temp link] || {{pkg|mediawiki}} || 2014-10-02 || <= 1.23.4-1 || 1.23.5-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000114.html ASA-201410-3]<br />
|-<br />
| {{CVE|CVE-2014-3661}} {{CVE|CVE-2014-3662}} {{CVE|CVE-2014-3663}} {{CVE|CVE-2014-3664}} {{CVE|CVE-2014-3680}} {{CVE|CVE-2014-3681}} {{CVE|CVE-2014-3666}} {{CVE|CVE-2014-3667}} {{CVE|CVE-2013-2186}} {{CVE|CVE-2014-1869}} {{CVE|CVE-2014-3678}} {{CVE|CVE-2014-3679}} [https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01 temp link] || {{pkg|jenkins}} || 2014-10-01 || <= 1.582-1 || 1.583-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000113.html ASA-201410-2]<br />
|-<br />
| {{CVE|CVE-2014-3634}} [http://www.rsyslog.com/remote-syslog-pri-vulnerability/ temp link] || {{pkg|rsyslog}} || 2014-09-30 || <= 8.4.0-1 || 8.4.1-1 || 1d || Fixed ({{bug|42200}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000112.html ASA-201410-1]<br />
|-<br />
| {{CVE|CVE-2014-3657}} {{CVE|CVE-2014-3633}} [https://www.debian.org/security/2014/dsa-3038 temp link] || {{pkg|libvirt}} || 2014-09-26 || <= 1.2.8-1 || 1.2.8-2 || 3d || Fixed ({{bug|42159}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-September/000111.html ASA-201409-5]<br />
|-<br />
| {{CVE|CVE-2014-7199}} [https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-September/000161.html temp link] || {{pkg|mediawiki}} || 2014-09-24 || <= 1.23.3-1 || 1.23.4-1 || 5d || Fixed ({{bug|42161}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-September/000109.html ASA-201409-4]<br />
|-<br />
| {{CVE|CVE-2014-7185}} [http://bugs.python.org/issue21831 temp link] || {{pkg|python2}} || 2014-09-24 || < 2.7.8 || 2.7.8-1 || < 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-September/000102.html ASA-201409-3]<br />
|-<br />
| {{CVE|CVE-2014-1568}} [https://www.mozilla.org/security/announce/2014/mfsa2014-73.html temp link] || {{pkg|nss}} || 2014-09-24 || < 3.17.1 || 3.17.1-1 || < 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-September/000097.html ASA-201409-1]<br />
|-<br />
| {{CVE|CVE-2014-6271}} {{CVE|CVE-2014-7169}} {{CVE|CVE-2014-7186}} {{CVE|CVE-2014-7187}} {{CVE|CVE-2014-6277}} {{CVE|CVE-2014-6278}} [http://seclists.org/oss-sec/2014/q3/649 temp link] || {{pkg|bash}} || 2014-09-24 || <= 4.3.024-1 || 4.3.026-1 || 2d || Fixed ({{bug|42109}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-September/000099.html ASA-201409-2]<br />
|-<br />
| {{CVE|CVE-2014-3635}} {{CVE|CVE-2014-3636}} {{CVE|CVE-2014-3637}} {{CVE|CVE-2014-3638}} {{CVE|CVE-2014-3639}} [http://www.openwall.com/lists/oss-security/2014/09/16/9 temp link] || {{pkg|dbus}} {{pkg|libdbus}} {{pkg|lib32-libdbus}} || 2014-09-16 || < 1.8.8 || 1.8.8-1 || 1d || Fixed ({{bug|41993}}) || None<br />
|-<br />
| {{CVE|CVE-2014-3613}} {{CVE|CVE-2014-3620}} [http://curl.haxx.se/docs/security.html temp link] || {{pkg|curl}} {{pkg|lib32-curl}}|| 2014-09-10 || < 7.38.0 || 7.38.0-1 || 5d ({{pkg|curl}}), 7d ({{pkg|lib32-curl}}) || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-3609}} [http://www.squid-cache.org/Advisories/SQUID-2014_2.txt temp link] || {{pkg|squid}} || 2014-08-28 || < 3.4.7 || 3.4.7-1 || < 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-5119}} [https://sourceware.org/bugzilla/show_bug.cgi?id=17187 temp link] || {{pkg|glibc}} || 2014-07-21 || <= 2.19 || 2.20-2 || 55d || Fixed ({{bug|41713}}) || None<br />
|-<br />
| {{CVE|CVE-2014-3508}} {{CVE|CVE-2014-5139}} {{CVE|CVE-2014-3509}} {{CVE|CVE-2014-3505}} {{CVE|CVE-2014-3506}} {{CVE|CVE-2014-3507}} {{CVE|CVE-2014-3510}} {{CVE|CVE-2014-3511}} {{CVE|CVE-2014-3512}} [https://www.openssl.org/news/secadv_20140806.txt temp link] || {{pkg|openssl}} || 2014-08-06 || < 1.0.1.i || 1.0.1.i-1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0226}} [http://www.zerodayinitiative.com/advisories/ZDI-14-236/ temp link] || {{pkg|apache}} || 2014-07-15 || < 2.4.10 || 2.4.10-1 || ~7d || Fixed ({{bug|41244}}) || None<br />
|-<br />
| {{CVE|CVE-2014-4943}} [http://www.openwall.com/lists/oss-security/2014/07/17/1 temp link] || {{pkg|linux}}, {{pkg|linux-lts}}, {{pkg|linux-grsec}} || 2014-07-16 || || 3.15.5.201407170639-1 {{pkg|linux-grsec}}, 3.14.16 ({{pkg|linux-lts}}), 3.16 ({{pkg|linux}}) || 1d ({{pkg|linux-grsec}}), 23d ({{pkg|linux-lts}}), 27d {{pkg|linux}} || Fixed in {{pkg|linux}}, {{pkg|linux-lts}} ({{bug|41231}}), Fixed in {{pkg|linux-grsec}} || None<br />
|-<br />
| {{CVE|CVE-2014-0475}} [http://www.openwall.com/lists/oss-security/2014/07/10/7 temp link] || {{pkg|glibc}} || 2014-07-10 || <=2.19 || 2.20-2 || 66d || Fixed ({{bug|41166}}) || None<br />
|-<br />
| {{CVE|CVE-2014-4699}} [http://www.openwall.com/lists/oss-security/2014/07/04/4 temp link] || {{Pkg|linux}}, {{pkg|linux-lts}}, {{pkg|linux-grsec}} || 2014-07-04 || || 3.15.3.201407060933-1 {{pkg|linux-grsec}}, 3.15.4-1 {{pkg|linux}}, 3.14.11-1 {{pkg|linux-lts}} || 2d ({{pkg|linux-grsec}}), 3d ({{pkg|linux}}, {{pkg|linux-lts}}) || Fixed ({{bug|41115}}) || None<br />
|-<br />
| {{CVE|CVE-2014-4715}} [http://www.openwall.com/lists/oss-security/2014/07/02/13 temp link] || {{Pkg|lz4}} || 2014-07-02 || || 119-1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-4611}} [http://www.openwall.com/lists/oss-security/2014/06/26/25 temp link] || {{Pkg|linux}}, {{pkg|linux-grsec}}, {{pkg|lz4}} || 2014-06-26 || || 3.15.2-1 ({{pkg|linux}}), 3.15.2.201406262058-1 ({{pkg|linux-grsec}}), 118-1 {{pkg|lz4}} || <1d ({{pkg|linux}}, {{pkg|linux-grsec}}, {{pkg|lz4}}) || Fixed in {{pkg|linux}} ({{bug|40992}}), Fixed in {{pkg|linux-grsec}}, Fixed in {{pkg|lz4}} ({{bug|40997}}) || None<br />
|-<br />
| {{CVE|CVE-2014-4610}} [http://www.openwall.com/lists/oss-security/2014/06/26/23 temp link] || {{Pkg|ffmpeg}} || 2014-06-26 || || 1:2.2.4-1 || <2d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-4609}} [http://www.openwall.com/lists/oss-security/2014/06/26/22 temp link] || {{Pkg|gst-libav}} || 2014-06-26 || 1.2.4-1 || 1.2.4-2 (with libav 9.14) || 2d || Fixed ({{bug|40995}}) || None<br />
|-<br />
| {{CVE|CVE-2014-4608}} [http://www.openwall.com/lists/oss-security/2014/06/26/21 temp link] || {{Pkg|linux}}, {{pkg|linux-lts}}, {{pkg|linux-grsec}} || 2014-06-26 || || 3.15.2-1 ({{pkg|linux}}), 3.10.45-1 ({{pkg|linux-lts}}), 3.15.2.201406262058-1 ({{pkg|linux-grsec}}) || <1d ({{pkg|linux}}, {{pkg|linux-lts}}, {{pkg|linux-grsec}}) || Fixed in {{pkg|linux}} and {{pkg|linux-lts}} ({{bug|40992}}), Fixed in {{pkg|linux-grsec}} || None<br />
|-<br />
| {{CVE|CVE-2014-4607}} [http://www.openwall.com/lists/oss-security/2014/06/26/20 temp link] || {{Pkg|lzo2}} || 2014-06-26 || || 2.07-2 || 3d || Fixed ({{bug|40993}}) || None<br />
|-<br />
| {{CVE|CVE-2014-4617}} [http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000345.html temp link] || {{Pkg|gnupg}} || 2014-06-24 || < 2.0.24 || 2.0.24 || 7d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0244}} {{CVE|CVE-2014-3493}} [https://www.samba.org/samba/history/samba-4.1.9.html temp link] || {{Pkg|samba}} || 2014-06-23 || < 4.1.9 || 4.1.9 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1545}} [https://www.mozilla.org/security/announce/2014/mfsa2014-55.html temp link] || {{Pkg|nspr}} || 2014-06-10 || < 4.10.6 || 4.10.6 || ~1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-3859}} || {{Pkg|bind}} || 2014-06-11 || 9.10.0, 9.10.0-P1 || 9.10.0-P2 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-3477}} || {{Pkg|dbus}} || 2014-06-10 || <= 1.8.2 || 1.8.4 || 3d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0195}} {{CVE|CVE-2014-0198}} {{CVE|CVE-2010-5298}} {{CVE|CVE-2014-3470}} {{CVE|CVE-2014-0224}} {{CVE|CVE-2014-0221}} [http://www.openssl.org/news/secadv_20140605.txt temp link] || {{Pkg|openssl}} || 2014-06-05 || 1.0.1 - 1.0.1g || 1.0.1h || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-3153}} [http://seclists.org/oss-sec/2014/q2/467 temp link]|| {{Pkg|linux}}, {{pkg|linux-lts}}, {{Pkg|linux-grsec}} || 2014-06-05 || ? || 3.14.6 ({{pkg|linux}}), 3.10.42-1 ({{pkg|linux-lts}}), 3.14.5.201406051310-1 ({{pkg|linux-grsec}})|| 3d ({{pkg|linux}}, {{pkg|linux-lts}}), <1d ({{pkg|linux-grsec}}) || Fixed in {{pkg|linux}} ({{bug|40715}}), Fixed in {{pkg|linux-lts}}, Fixed in {{pkg|linux-grsec}} || None<br />
|-<br />
| {{CVE|CVE-2014-3466}} [https://bugzilla.redhat.com/show_bug.cgi?id=1101932 temp link]|| {{Pkg|gnutls}} || 2014-05-30 || < 3.3.3 || 3.3.3 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0209}} {{CVE|CVE-2014-0210}} {{CVE|CVE-2014-0211}}|| {{Pkg|libxfont}} || 2014-05-13 || < 1.4.18 || 1.4.18 || 3d || Fixed ({{Bug|40409 }}) || None<br />
|-<br />
| {{CVE|CVE-2014-0196}} [https://bugzilla.redhat.com/show_bug.cgi?id=1094232 temp-link] || {{Pkg|linux}}, {{Pkg|linux-lts}}, {{pkg|linux-grsec}} || 2014-05-05 || 2.6.31 - 3.14 || 3.14.3-2 ({{pkg|linux}}), 3.10.39-2 ({{pkg|linux-lts}}), 3.14.3.201405121814-1 ({{pkg|linux-grsec}}) || 7d ({{pkg|linux}}), 8d {{pkg|linux-lts}}, <1d ({{pkg|linux-grsec}}) || Fixed in {{pkg|linux}} ({{Bug|40232}}), Fixed in {{pkg|linux-lts}}, Fixed in {{pkg|linux-grsec}} || None<br />
|-<br />
| {{CVE|CVE-2014-2905}} {{CVE|CVE-2014-2906}} {{CVE|CVE-2014-2914}} [https://bugzilla.redhat.com/show_bug.cgi?id=1092091 temp-link] || {{Pkg|fish}} || 2014-04-28 || 1.16.0 - 2.1.0 || 2.2.1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0160}} || {{Pkg|openssl}} || 2014-04-07 || 1.0.1 - 1.0.1f || 1.0.1g || ~1d || Fixed ({{Bug|39775}}) || None<br />
|-<br />
| {{CVE|CVE-2014-1700}} {{CVE|CVE-2014-1701}} {{CVE|CVE-2014-1702}} {{CVE|CVE-2014-1703}} {{CVE|CVE-2014-1704}} {{CVE|CVE-2014-1705}} {{CVE|CVE-2014-1713}} {{CVE|CVE-2014-1715}} || {{Pkg|chromium}} {{Pkg|v8}} || 2014-03-11 || 32 || 33 || 4d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0098}} {{CVE|CVE-2013-6438}}|| {{Pkg|apache}} || 2014-03-17 || 2.4.8 || 2.4.9 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1492}} || {{Pkg|nss}} || 2014-03-18 || 3.15.5 || 3.16 || 22d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1493}} {{CVE|CVE-2014-1494}} {{CVE|CVE-2014-1497}} {{CVE|CVE-2014-1498}} {{CVE|CVE-2014-1499}} {{CVE|CVE-2014-1500}} {{CVE|CVE-2014-1502}} {{CVE|CVE-2014-1504}} {{CVE|CVE-2014-1505}} {{CVE|CVE-2014-1508}} {{CVE|CVE-2014-1509}} {{CVE|CVE-2014-1510}} {{CVE|CVE-2014-1511}} {{CVE|CVE-2014-1512}} {{CVE|CVE-2014-1513}} {{CVE|CVE-2014-1514}} || {{Pkg|firefox}} {{Pkg|thunderbird}} || 2014-03-18 || 27 || 28 || 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-2240}} {{CVE|CVE-2014-2241}}|| {{Pkg|freetype2}} || ? || 2.5.2 || 2.5.3 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-2029}}|| {{Pkg|xtrabackup}} || 2014-02-16 || 2.1.7 || 2.1.8 || 28d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1958}} {{CVE|CVE-2014-2030}}|| {{Pkg|imagemagick}} || ? || ? || 6.8.8.9-1 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1943}} {{CVE|CVE-2014-2270}}|| {{Pkg|php}} || 2014-03-06 || 5.5.9 || 5.5.110 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0404}} {{CVE|CVE-2014-0406}} {{CVE|CVE-2014-0407}} || {{Pkg|virtualbox}} || 2014-02-28 || 4.3.4 || 4.3.6 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-2323}} {{CVE|CVE-2014-2324}} || {{Pkg|lighttpd}} || 2014-03-12 || 1.4.34 || 1.4.35 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0333}} || {{Pkg|libpng}} || 2014-02-28 || 1.6.9 || 1.6.10 || 9d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0017}} || {{Pkg|libssh}} || 2014-03-04 || ? || 0.5.5-3 || 5d || Fixed || None<br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/628 CVE-2013-7339] || {{Pkg|linux}} || 2014-03-20 || < 3.5.7.29 || 3.5.7.29 || 0d || Fixed || None<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2568 CVE-2014-2568] || {{Pkg|linux}} || 2014-03-18 || ? || ? || ? || Not Affected ({{Bug|39566}}) ||<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2524 CVE-2014-2524] || {{Pkg|tigervnc}} || 2014-03-19 || ? || 1.3.1 || 1d || Fixed || None<br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/595 CVE-2013-7338] || {{Pkg|python}} || 2014-03-19 || 3.4beta || 3.4 || ? || Fixed ({{Bug|39540}}) || None<br />
|-<br />
| [http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html CVE-2014-0133 ] || {{Pkg|nginx}} || 2014-03-18 || ? || 1.4.7 || 0d || Fixed || None<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2013-7336 CVE-2013-7336 ] || {{Pkg|libvirt}} || 2013-09-19 || ? || 1.1.1-7 (in RHEL 7) || 0d || Fixed || None<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2523 CVE-2014-2523 ] || {{Pkg|linux}} || 2014-03-17 || ? || 3.13-rc5 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0004}} || {{Pkg|udisks2}} & {{Pkg|udisks}} || 2014-03-10 || 2.1.3 / 1.0.5 || 2.1.3 / 1.0.5 || 3d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-2281}} {{CVE|CVE-2014-2282}} {{CVE|CVE-2014-2283}} {{CVE|CVE-2014-2299}} || {{Pkg|wireshark-cli}} || 2014-03-10 || 1.10.6 || 1.10.6 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0050}} || {{Pkg|tomcat7}} || 2014-02-06 || 7.0.51 || 7.0.51 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0033}} || {{Pkg|tomcat6}} || 2014-01-10 || 6.0.37 || 6.0.37 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0032}} || {{Pkg|subversion}} || 2014-01-10 || 1.8.6 || 1.8.6 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0060}} {{CVE|CVE-2014-0061}} {{CVE|CVE-2014-0062}} {{CVE|CVE-2014-0063}} {{CVE|CVE-2014-0064}} {{CVE|CVE-2014-0065}} {{CVE|CVE-2014-0066}} {{CVE|CVE-2014-0067}} || {{Pkg|postgresql}} || 2014-02-20 || <=9.3.3 || 9.3.3-1 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1912}} || {{Pkg|python}} {{Pkg|python2}} || 2014-02-07 || ? || 2.7.6-3 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2013-4496}} {{CVE|CVE-2013-6442}} || {{Pkg|samba}} || 2014-03-14 || ? || 4.1.6 || 2d || Fixed ({{Bug|39424}}) || None<br />
|-<br />
| {{CVE|CVE-2014-0504}} || {{Pkg|flashplugin}} || 2014-03-12 || ? || 11.2.202.346 || 1d || Fixed ({{Bug|39385}}) || None<br />
|-<br />
| {{CVE|CVE-2014-0106}} || {{Pkg|sudo}} || || 1.8.9.p5 || 1.8.10 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-2285}} {{CVE|CVE-2014-2284}} || {{Pkg|net-snmp}} || 2014-03-05 || ? || 5.7.2.1-2 || 8d || Fixed ({{Bug|39190}}) || None<br />
|-<br />
| {{CVE|CVE-2014-0092}} || {{Pkg|gnutls}} || 2014-03-04 || <3.2.12 || 3.2.12-1 || 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-2242}} {{CVE|CVE-2014-2243}} {{CVE|CVE-2014-2244}} || {{Pkg|mediawiki}} || 2014-03-14 || <1.22.3 || 1.22.3 || 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-2093}} {{CVE|CVE-2014-2094}} {{CVE|CVE-2014-2095}} {{CVE|CVE-2014-2096}} || {{Pkg|catfish}} || 2014-02-25 || <1.0.1 || 1.0.1 || 8d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0497}} || {{Pkg|flashplugin}} || 2014-02-04 || ? || 11.2.202.346 || 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0015}} || {{Pkg|curl}} || 2014-01-29 || <7.35 || 7.35 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1610}} || {{Pkg|mediawiki}} || 2014-01-29 || <1.22.2 || 1.22.2 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0021}} || {{Pkg|chrony}} || 2014-01-17 || <1.29.1-1 || 1.29.1-1 || 14d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1875}} || {{Pkg|perl-capture-tiny}} || 2014-02-06 || ? || 0.24-1 || 4d || Fixed ({{Bug|38862}}) || None<br />
|-<br />
| {{CVE|CVE-2013-6493}} || {{Pkg|icedtea-web-java7}} || 2014-02-05 || <1.4.2 || 1.4.2 || 0d || Fixed || None<br />
|- <br />
| {{CVE|CVE-2014-1858}} {{CVE|CVE-2014-1859}} || {{Pkg|python-numpy}} || 2014-02-06 || ? || 1.8.0-2 || 4d || Fixed ({{Bug|38863}}) || None<br />
|-<br />
| {{CVE|CVE-2014-1932}} {{CVE|CVE-2014-1933}} || {{Pkg|python-pillow}} || 2014-02-10 || <2.3.1 || 2.3.1 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1935}} || {{Pkg|9base}} || 2014-02-10 || ? || ? || ? || ? ||<br />
|-<br />
| {{CVE|CVE-2014-1949}} [http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-1949.html temp link] || {{Pkg|cinnamon-screensaver}} || 2014-02-12 || 2.0.3 || ? || ? || ? ||<br />
|-<br />
| {{CVE|CVE-2014-1959}} || {{Pkg|gnutls}} || 2014-02-13 || <3.2.11 || 3.2.11 || 2d || Fixed || None<br />
|- <br />
| {{CVE|CVE-2014-1943}} {{CVE|CVE-2014-2270}} || {{Pkg|file}} || 2014-02-10 || <5.17 || 5.17-1 || 3d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0001}} {{CVE|CVE-2014-0412}} {{CVE|CVE-2014-0437}} {{CVE|CVE-2014-0420}} {{CVE|CVE-2014-0393}} {{CVE|CVE-2014-0386}} {{CVE|CVE-2014-0401}} {{CVE|CVE-2014-0402}} || {{Pkg|mariadb}} || 2014-01-31 || <5.5.35 || 5.5.35-1 || 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1447}} || {{Pkg|libvirt}} || 2014-01-16 || <1.2.1 || 1.2.1 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0979}} || lightdm-gtk* || 2014-01-07 || ? || ? || 25d || Fixed ({{Bug|38715}}) || None<br />
|-<br />
| {{CVE|CVE-2014-1475}} {{CVE|CVE-2014-1476}} || {{Pkg|drupal}} || 2014-01-15 || <7.26 || 7.26-1 || 12d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0019}} || {{Pkg|socat}} || 2014-01-29 || <1.7.2.3 || 1.7.2.3 || 0d || Fixed || None<br />
|- <br />
| {{CVE|CVE-2014-1838}} {{CVE|CVE-2014-1839}} || {{Pkg|python-logilab-common}} || 2014-01-31 || ? || ? || 3d || Fixed [https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737051] || None<br />
|-<br />
| {{CVE|CVE-2014-0368}} {{CVE|CVE-2014-0373}} {{CVE|CVE-2014-0376}} {{CVE|CVE-2014-0411}} {{CVE|CVE-2014-0416}} {{CVE|CVE-2014-0422}} {{CVE|CVE-2014-0423}} {{CVE|CVE-2014-0428}} || *-openjdk-* || 2014-01-15 || ? || ? || 2d || ? ||<br />
|-<br />
| {{CVE|CVE-2014-1402}} || {{Pkg|python-jinja}} || 2014-01-10 || <2.7.2 || 2.7.2 || 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2013-6462}} || {{Pkg|libxfont}} || 2014-01-07 || <1.4.7 || 1.4.7 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1235}} || {{Pkg|graphviz}} || 2014-01-07 || <2.36.0 || 2.34.0-3 || 3d || Fixed ({{Bug|38441}}) || None<br />
|-<br />
| {{CVE|CVE-2014-0978}} || {{Pkg|freerdp}} || 2014-01-10 || <1.0.2 || 1.0.2-5 || 67d || Fixed ({{Bug|38802}}) || None<br />
|-<br />
|}</div>
Anthraxx
https://wiki.archlinux.org/index.php?title=Security_Advisories&diff=452883
Security Advisories
2016-10-04T13:23:42Z
<p>Anthraxx: systemd advisory</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Related articles start}}<br />
{{Related|Arch CVE Monitoring Team}}<br />
{{Related|CVE}}<br />
{{Related|Security Advisories/Examples}}<br />
{{Related articles end}}<br />
<br />
Security Advisories are published by the community driven [[Arch CVE Monitoring Team]] to the public [https://mailman.archlinux.org/mailman/listinfo/arch-security arch-security] list.<br />
All published advisories can be found below, however if you want to be up-to-date its recommended to subscribe to the [https://mailman.archlinux.org/mailman/listinfo/arch-security list]. All assigned CVE's are tracked at the relevant CVE page [[CVE]], by the [[Arch_CVE_Monitoring_Team|ACMT]].<br />
<br />
==Scheduled Advisories==<br />
<br />
==Recent Advisories==<br />
Here is an archive of security advisories posted to the [https://mailman.archlinux.org/mailman/listinfo/arch-security arch-security] list.<br />
<br />
=== October 2016 ===<br />
* [03 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000730.html ASA-201610-2] {{pkg|systemd}} denial of service<br />
* [03 October 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-October/000729.html ASA-201610-1] {{pkg|chromium}} arbitrary code execution<br />
<br />
=== September 2016 ===<br />
* [30 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000728.html ASA-201609-32] {{pkg|wordpress}} multiple issues<br />
* [30 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000727.html ASA-201609-31] {{pkg|c-ares}} arbitrary code execution<br />
* [28 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000726.html ASA-201609-30] {{pkg|openssl}} denial of service<br />
* [28 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000725.html ASA-201609-29] {{pkg|bind}} denial of service<br />
* [27 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000724.html ASA-201609-28] {{pkg|lib32-openssl}} denial of service<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000723.html ASA-201609-27] {{pkg|wireshark-cli}} denial of service<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000722.html ASA-201609-26] {{pkg|lib32-gnutls}} certificate verification bypass<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000721.html ASA-201609-25] {{pkg|gnutls}} certificate verification bypass<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000720.html ASA-201609-24] {{pkg|lib32-openssl}} multiple issues<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000719.html ASA-201609-23] {{pkg|openssl}} multiple issues<br />
* [22 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000718.html ASA-201609-22] {{pkg|firefox}} multiple issues<br />
* [22 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000717.html ASA-201609-21] {{pkg|tomcat7}} proxy injection<br />
* [22 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000716.html ASA-201609-20] {{pkg|irssi}} arbitrary code execution<br />
* [20 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000715.html ASA-201609-19] {{pkg|curl}} denial of service<br />
* [20 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000714.html ASA-201609-18] {{pkg|lib32-curl}} denial of service<br />
* [20 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000713.html ASA-201609-17] {{pkg|lib32-jansson}} denial of service<br />
* [18 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000712.html ASA-201609-16] {{pkg|php}} multiple issues<br />
* [17 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000711.html ASA-201609-15] {{pkg|jansson}} denial of service<br />
* [17 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000710.html ASA-201609-14] {{pkg|lib32-libgcrypt}} information disclosure<br />
* [17 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000709.html ASA-201609-13] {{pkg|chromium}} multiple issues<br />
* [15 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000708.html ASA-201609-12] {{pkg|lib32-flashplugin}} multiple issues<br />
* [15 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000707.html ASA-201609-11] {{pkg|flashplugin}} multiple issues<br />
* [14 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000706.html ASA-201609-10] {{pkg|mariadb}} multiple issues<br />
* [13 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000705.html ASA-201609-9] {{pkg|powerdns}} denial of service<br />
* [13 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000704.html ASA-201609-8] {{pkg|libtorrent-rasterbar}} denial of service<br />
* [10 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000703.html ASA-201609-7] {{pkg|tomcat8}} proxy injection<br />
* [09 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000702.html ASA-201609-6] {{pkg|graphicsmagick}} multiple issues<br />
* [09 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000701.html ASA-201609-5] {{pkg|file-roller}} directory traversal<br />
* [09 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000700.html ASA-201609-4] {{pkg|wordpress}} multiple issues<br />
* [04 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000699.html ASA-201609-3] {{pkg|thunderbird}} arbitrary code execution<br />
* [01 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000698.html ASA-201609-2] {{pkg|webkit2gtk}} multiple issues<br />
* [01 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000697.html ASA-201609-1] {{pkg|chromium}} multiple issues<br />
<br />
=== August 2016 ===<br />
* [30 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000696.html ASA-201608-22] {{pkg|mupdf}} arbitrary code execution<br />
* [30 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000695.html ASA-201608-21] {{pkg|mupdf}} arbitrary code execution<br />
* [27 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000694.html ASA-201608-20] {{pkg|wireshark-cli}} denial of service<br />
* [26 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000693.html ASA-201608-19] {{pkg|mediawiki}} multiple issues<br />
* [22 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000692.html ASA-201608-18] {{pkg|libgcrypt}} information disclosure<br />
* [21 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000691.html ASA-201608-17] {{pkg|linux-lts}} information disclosure<br />
* [17 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000690.html ASA-201608-16] {{pkg|chromium}} multiple issues<br />
* [17 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000689.html ASA-201608-15] {{pkg|linux-zen}} information disclosure<br />
* [14 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000688.html ASA-201608-14] {{pkg|postgresql}} multiple issues<br />
* [14 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000687.html ASA-201608-13] {{pkg|linux-grsec}} information disclosure<br />
* [14 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000686.html ASA-201608-12] {{pkg|linux}} information disclosure<br />
* [11 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000685.html ASA-201608-11] {{pkg|websvn}} cross-site scripting<br />
* [10 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000684.html ASA-201608-10] {{pkg|jq}} arbitrary code execution<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000683.html ASA-201608-9] {{pkg|curl}} multiple issues<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000682.html ASA-201608-8] {{pkg|libupnp}} arbitrary filesystem access<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000681.html ASA-201608-7] {{pkg|lib32-glibc}} denial of service<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000680.html ASA-201608-6] {{pkg|glibc}} denial of service<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000679.html ASA-201608-5] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000678.html ASA-201608-4] {{pkg|jre7-openjdk}} multiple issues<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000677.html ASA-201608-3] {{pkg|jdk7-openjdk}} multiple issues<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000676.html ASA-201608-2] {{pkg|firefox}} multiple issues<br />
* [02 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000675.html ASA-201608-1] {{pkg|openssh}} information leakage<br />
<br />
=== July 2016 ===<br />
* [30 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000674.html ASA-201607-14] {{pkg|libidn}} denial of service<br />
* [29 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000673.html ASA-201607-13] {{pkg|imagemagick}} information leakage<br />
* [24 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000672.html ASA-201607-12] {{pkg|chromium}} multiple issues<br />
* [22 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000671.html ASA-201607-11] {{pkg|python2-django}} cross site scripting<br />
* [22 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000670.html ASA-201607-10] {{pkg|python-django}} cross site scripting<br />
* [21 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000669.html ASA-201607-9] {{pkg|drupal}} proxy injection<br />
* [20 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000668.html ASA-201607-8] {{pkg|bind}} denial of service<br />
* [18 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000667.html ASA-201607-7] {{pkg|lib32-flashplugin}} multiple issues<br />
* [18 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000666.html ASA-201607-6] {{pkg|flashplugin}} multiple issues<br />
* [17 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000665.html ASA-201607-5] {{pkg|gimp}} arbitrary code execution<br />
* [10 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000664.html ASA-201607-4] {{pkg|thunderbird}} arbitrary code execution<br />
* [05 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000663.html ASA-201607-3] {{pkg|libreoffice-fresh}} arbitrary code execution<br />
* [05 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000662.html ASA-201607-2] {{pkg|xerces-c}} denial of service<br />
* [05 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000661.html ASA-201607-1] {{pkg|libarchive}} arbitrary code execution<br />
<br />
=== June 2016 ===<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000660.html ASA-201606-25] {{pkg|phpmyadmin}} multiple issues<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000659.html ASA-201606-24] {{pkg|libpurple}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000658.html ASA-201606-23] {{pkg|libdwarf}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000657.html ASA-201606-22] {{pkg|xerces-c}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000656.html ASA-201606-21] {{pkg|vlc}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000655.html ASA-201606-20] {{pkg|chromium}} arbitrary code execution<br />
* [20 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000654.html ASA-201606-19] {{pkg|wget}} arbitrary file upload<br />
* [20 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000653.html ASA-201606-18] {{pkg|lib32-flashplugin}} multiple issues<br />
* [19 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000652.html ASA-201606-17] {{pkg|lib32-glibc}} denial of service<br />
* [19 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000651.html ASA-201606-16] {{pkg|glibc}} denial of service<br />
* [19 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000650.html ASA-201606-15] {{pkg|flashplugin}} multiple issues<br />
* [13 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000649.html ASA-201606-14] {{pkg|lib32-expat}} multiple issues<br />
* [13 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000648.html ASA-201606-13] {{pkg|expat}} multiple issues<br />
* [10 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000647.html ASA-201606-12] {{pkg|lib32-gnutls}} arbitrary file overwrite<br />
* [10 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000646.html ASA-201606-11] {{pkg|haproxy}} denial of service<br />
* [10 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000645.html ASA-201606-10] {{pkg|gnutls}} arbitrary file overwrite<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000644.html ASA-201606-9] {{pkg|qemu-arch-extra}} multiple issues<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000643.html ASA-201606-8] {{pkg|qemu}} multiple issues<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000642.html ASA-201606-7] {{pkg|firefox}} multiple issues<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000641.html ASA-201606-6] {{pkg|subversion}} multiple issues<br />
* [5 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000640.html ASA-201606-5] {{pkg|chromium}} multiple issues<br />
* [4 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000639.html ASA-201606-4] {{pkg|ntp}} distributed denial of service amplification<br />
* [4 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000638.html ASA-201606-3] {{pkg|webkit2gtk}} arbitrary code execution<br />
* [1 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000637.html ASA-201606-2] {{pkg|nginx-mainline}} denial of service<br />
* [1 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000636.html ASA-201606-1] {{pkg|nginx}} denial of service<br />
<br />
=== May 2016 ===<br />
<br />
* [28 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000635.html ASA-201605-28] {{pkg|chromium}} multiple issues<br />
* [26 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000634.html ASA-201605-27] {{pkg|libxml2}} multiple issues<br />
* [24 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000633.html ASA-201605-26] {{pkg|libndp}} man-in-the-middle<br />
* [19 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000632.html ASA-201605-25] {{pkg|bugzilla}} cross-site scripting<br />
* [18 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000631.html ASA-201605-24] {{pkg|p7zip}} arbitrary code execution<br />
* [18 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000630.html ASA-201605-23] {{pkg|lib32-expat}} arbitrary code execution<br />
* [18 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000629.html ASA-201605-22] {{pkg|expat}} arbitrary code execution<br />
* [15 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000628.html ASA-201605-21] {{pkg|thunderbird}} arbitrary code execution<br />
* [13 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000627.html ASA-201605-20] {{pkg|lib32-glibc}} multiple issues<br />
* [13 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000626.html ASA-201605-19] {{pkg|glibc}} multiple issues<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000625.html ASA-201605-18] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000624.html ASA-201605-17] {{pkg|libksba}} denial of service<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000623.html ASA-201605-16] {{pkg|flashplugin}} arbitrary code execution<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000622.html ASA-201605-15] {{pkg|chromium}} multiple issues<br />
* [10 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000621.html ASA-201605-14] {{pkg|cacti}} sql injection<br />
* [10 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000620.html ASA-201605-13] {{pkg|squid}} multiple issues<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000619.html ASA-201605-12] {{pkg|mencoder}} denial of service<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000618.html ASA-201605-11] {{pkg|mplayer}} denial of service<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000617.html ASA-201605-10] {{pkg|mercurial}} arbitrary code execution<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000616.html ASA-201605-9] {{pkg|latex2rtf}} arbitrary code execution<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000615.html ASA-201605-8] {{pkg|gd}} arbitrary code execution<br />
* [05 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000614.html ASA-201605-7] {{pkg|chromium}} multiple issues<br />
* [05 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000613.html ASA-201605-6] {{pkg|imagemagick}} arbitrary code execution<br />
* [05 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000612.html ASA-201605-5] {{pkg|quassel-core}} denial of service<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000611.html ASA-201605-4] {{pkg|lib32-openssl}} multiple issues<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000610.html ASA-201605-3] {{pkg|openssl}} multiple issues<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000609.html ASA-201605-2] {{pkg|jasper}} multiple issues<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000608.html ASA-201605-1] {{pkg|imlib2}} multiple issues<br />
<br />
=== April 2016 ===<br />
<br />
* [30 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000607.html ASA-201604-15] {{pkg|firefox}} multiple issues<br />
* [23 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000606.html ASA-201604-14] {{pkg|squid}} multiple issues<br />
* [23 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000605.html ASA-201604-13] {{pkg|samba}} multiple issues<br />
* [23 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000604.html ASA-201604-12] {{pkg|thunderbird}} multiple issues<br />
* [22 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000603.html ASA-201604-11] {{pkg|pgpdump}} denial of service<br />
* [17 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000602.html ASA-201604-10] {{pkg|chromium}} multiple issues<br />
* [17 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000601.html ASA-201604-9] {{pkg|libtasn1}} denial of service<br />
* [14 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000600.html ASA-201604-8] {{pkg|lhasa}} arbitrary code execution<br />
* [10 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000599.html ASA-201604-7] {{pkg|flashplugin}} arbitrary code execution<br />
* [06 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000598.html ASA-201604-6] {{pkg|mercurial}} arbitrary code execution<br />
* [04 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000597.html ASA-201604-5] {{pkg|optipng}} arbitrary code execution<br />
* [02 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000596.html ASA-201604-4] {{pkg|squid}} denial of service<br />
* [01 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000595.html ASA-201604-3] {{pkg|jre7-openjdk-headless}} sandbox escape<br />
* [01 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000594.html ASA-201604-2] {{pkg|jre7-openjdk}} sandbox escape<br />
* [01 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000593.html ASA-201604-1] {{pkg|jdk7-openjdk}} sandbox escape<br />
<br />
=== March 2016 ===<br />
<br />
* [29 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000592.html ASA-201603-27] {{pkg|jre8-openjdk-headless}} sandbox escape<br />
* [29 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000591.html ASA-201603-26] {{pkg|jre8-openjdk}} sandbox escape<br />
* [29 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000590.html ASA-201603-25] {{pkg|jdk8-openjdk}} sandbox escape<br />
* [26 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000589.html ASA-201603-24] {{pkg|chromium}} multiple issues<br />
* [24 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000588.html ASA-201603-23] {{pkg|expat}} arbitrary code execution<br />
* [24 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000587.html ASA-201603-22] {{pkg|botan}} multiple issues<br />
* [20 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000586.html ASA-201603-21] {{pkg|thunderbird}} multiple issues<br />
* [20 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000585.html ASA-201603-20] {{pkg|git}} remote command execution<br />
* [14 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000584.html ASA-201603-19] {{pkg|dropbear}} command injection<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000583.html ASA-201603-18] {{pkg|pcre}} arbitrary code execution<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000582.html ASA-201603-17] {{pkg|wireshark-gtk}} denial of service<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000581.html ASA-201603-16] {{pkg|wireshark-qt}} denial of service<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000580.html ASA-201603-15] {{pkg|wireshark-cli}} denial of service<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000579.html ASA-201603-14] {{pkg|pidgin-otr}} arbitrary code execution<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000578.html ASA-201603-13] {{pkg|bind}} denial of service<br />
* [11 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000577.html ASA-201603-12] {{pkg|openssh}} command injection<br />
* [11 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000576.html ASA-201603-11] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [11 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000575.html ASA-201603-10] {{pkg|flashplugin}} arbitrary code execution<br />
* [10 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000574.html ASA-201603-9] {{pkg|perl}} improper input validation<br />
* [10 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000573.html ASA-201603-8] {{pkg|exim}} privilege escalation<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000572.html ASA-201603-7] {{pkg|bind}} denial of service<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000571.html ASA-201603-6] {{pkg|libotr}} arbitrary code execution<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000570.html ASA-201603-5] {{pkg|chromium}} multiple issues<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000569.html ASA-201603-4] {{pkg|firefox}} multiple issues<br />
* [7 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000568.html ASA-201603-3] {{pkg|lib32-openssl}} multiple issues<br />
* [7 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000567.html ASA-201603-2] {{pkg|openssl}} multiple issues<br />
* [3 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000566.html ASA-201603-1] {{pkg|chromium}} multiple issues<br />
<br />
=== February 2016 ===<br />
<br />
* [28 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000565.html ASA-201602-24] {{pkg|cacti}} SQL injection<br />
* [28 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000564.html ASA-201602-23] {{pkg|lib32-glibc}} unbound stack usage<br />
* [28 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000563.html ASA-201602-22] {{pkg|glibc}} unbound stack usage<br />
* [25 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000562.html ASA-201602-21] {{pkg|lib32-libssh2}} man-in-the-middle<br />
* [25 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000561.html ASA-201602-20] {{pkg|libssh2}} man-in-the-middle<br />
* [24 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000560.html ASA-201602-19] {{pkg|libgcrypt}} secret key extraction<br />
* [23 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000559.html ASA-201602-18] {{pkg|libssh}} man-in-the-middle<br />
* [21 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000558.html ASA-201602-17] {{pkg|chromium}} multiple issues<br />
* [21 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000557.html ASA-201602-16] {{pkg|thunderbird}} multiple issues<br />
* [17 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000555.html ASA-201602-15] {{pkg|lib32-glibc}} multiple issues<br />
* [17 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000554.html ASA-201602-14] {{pkg|glibc}} multiple issues<br />
* [13 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000553.html ASA-201602-13] {{pkg|nghttp2}} denial of service<br />
* [13 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000552.html ASA-201602-12] {{pkg|firefox}} same-origin policy bypass<br />
* [10 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000551.html ASA-201602-11] {{pkg|botan}} multiple issues<br />
* [10 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000550.html ASA-201602-10] {{pkg|kscreenlocker}} access restriction bypass<br />
* [6 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000549.html ASA-201602-9] {{pkg|lib32-libsndfile}} multiple issues<br />
* [6 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000548.html ASA-201602-8] {{pkg|libsndfile}} multiple issues<br />
* [4 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000547.html ASA-201602-7] {{pkg|libbsd}} denial of service<br />
* [3 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000546.html ASA-201602-6] {{pkg|lib32-nettle}} improper cryptographic calculations<br />
* [3 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000545.html ASA-201602-5] {{pkg|nettle}} improper cryptographic calculations<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000544.html ASA-201602-4] {{pkg|lib32-curl}} man-in-the-middle<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000543.html ASA-201602-3] {{pkg|curl}} man-in-the-middle<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000542.html ASA-201602-2] {{pkg|python2-django}} permission bypass<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000540.html ASA-201602-1] {{pkg|python-django}} permission bypass<br />
<br />
=== January 2016 ===<br />
* [29 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000539.html ASA-201601-33] {{pkg|lib32-openssl}} man-in-the-middle<br />
* [29 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000538.html ASA-201601-32] {{pkg|openssl}} man-in-the-middle<br />
* [27 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000536.html ASA-201601-31] {{pkg|nginx}} denial of service<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000535.html ASA-201601-30] {{pkg|blueman}} privilege escalation<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000534.html ASA-201601-29] {{pkg|mbedtls}} man-in-the-middle<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000533.html ASA-201601-28] {{pkg|chromium}} multiple issues<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000532.html ASA-201601-27] {{pkg|privoxy}} denial of service<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000531.html ASA-201601-26] {{pkg|linux-lts}} privilege escalation<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000530.html ASA-201601-25] {{pkg|ecryptfs-utils}} privilege escalation<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000529.html ASA-201601-24] {{pkg|python2-rsa}} signature forgery<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000528.html ASA-201601-23] {{pkg|python-rsa}} signature forgery<br />
* [21 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000527.html ASA-201601-22] {{pkg|libdwarf}} denial of service<br />
* [21 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000526.html ASA-201601-21] {{pkg|bind}} denial of service<br />
* [20 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000525.html ASA-201601-20] {{pkg|linux}} privilege escalation<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000524.html ASA-201601-19] {{pkg|ntp}} time alteration<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000523.html ASA-201601-18] {{pkg|roundcubemail}} remote code execution<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000522.html ASA-201601-17] {{pkg|ffmpeg}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000521.html ASA-201601-16] {{pkg|syncthing}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000520.html ASA-201601-15] {{pkg|keybase}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000519.html ASA-201601-14] {{pkg|hub}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000518.html ASA-201601-13] {{pkg|go-ipfs}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000517.html ASA-201601-12] {{pkg|docker}} information leakage<br />
* [16 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000516.html ASA-201601-11] {{pkg|go}} information leakage<br />
* [14 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000515.html ASA-201601-10] {{pkg|php}} multiple issues<br />
* [14 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000512.html ASA-201601-9] {{pkg|openssh}} multiple issues<br />
* [13 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000487.html ASA-201601-8] {{pkg|libxslt}} denial of service<br />
* [11 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000486.html ASA-201601-7] {{pkg|dhcpcd}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000485.html ASA-201601-6] {{pkg|wireshark-qt}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000484.html ASA-201601-5] {{pkg|wireshark-gtk}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000483.html ASA-201601-4] {{pkg|wireshark-cli}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000482.html ASA-201601-3] {{pkg|gajim}} man-in-the-middle<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000481.html ASA-201601-2] {{pkg|wordpress}} cross-side scripting<br />
* [02 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000480.html ASA-201601-1] {{pkg|rtmpdump}} multiple issues<br />
<br />
=== December 2015 ===<br />
<br />
* [28 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000479.html ASA-201512-19] {{pkg|openvpn}} out-of-bound read<br />
* [28 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000478.html ASA-201512-18] {{pkg|libpng}} buffer overflow<br />
* [28 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000477.html ASA-201512-17] {{pkg|flashplugin}}, {{pkg|lib32-flashplugin}} multiple issues<br />
* [25 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000476.html ASA-201512-16] {{pkg|nghttp2}} use-after-free<br />
* [25 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000475.html ASA-201512-15] {{pkg|mediawiki}} multiple issues<br />
* [25 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000474.html ASA-201512-14] {{pkg|thunderbird}} multiple issues<br />
* [22 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000473.html ASA-201512-13] {{pkg|claws-mail}} buffer overflow<br />
* [17 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000472.html ASA-201512-12] {{pkg|python2-pyamf}} XML external entity injection<br />
* [17 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000471.html ASA-201512-11] {{pkg|ruby}} unsafe tainted string usage<br />
* [16 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000468.html ASA-201512-10] {{pkg|bind}} denial of service<br />
* [15 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000467.html ASA-201512-9] {{pkg|firefox}} multiple issues<br />
* [10 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000466.html ASA-201512-8] {{pkg|keepassx}} information disclosure<br />
* [09 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000465.html ASA-201512-7] {{pkg|flashplugin}} multiple issues<br />
* [09 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000464.html ASA-201512-6] {{pkg|libxml2}} multiple issues<br />
* [09 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000463.html ASA-201512-5] {{pkg|chromium}} multiple issues<br />
* [05 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000462.html ASA-201512-4] {{pkg|nodejs}} denial of service<br />
* [05 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000460.html ASA-201512-3] {{pkg|python-django}} {{pkg|python2-django}} information leakage<br />
* [05 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000459.html ASA-201512-2] {{pkg|openssl}} {{pkg|lib32-openssl}} multiple issues<br />
* [02 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000440.html ASA-201512-1] {{pkg|chromium}} multiple issues<br />
<br />
=== November 2015 ===<br />
<br />
* [18 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000439.html ASA-201511-11] {{pkg|jenkins}} multiple issues<br />
* [17 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000438.html ASA-201511-10] {{pkg|lib32-libpng}} multiple issues<br />
* [17 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000437.html ASA-201511-9] {{pkg|libpng}} multiple issues<br />
* [13 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000436.html ASA-201511-8] {{pkg|chromium}} information leakage<br />
* [12 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000435.html ASA-201511-7] {{pkg|putty}} arbitrary code execution<br />
* [12 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000434.html ASA-201511-6] {{pkg|powerdns}} denial of service<br />
* [11 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000433.html ASA-201511-5] {{pkg|flashplugin}} multiple issues<br />
* [06 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000432.html ASA-201511-4] {{pkg|nspr}} arbitrary code execution<br />
* [06 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000431.html ASA-201511-3] {{pkg|nss}} arbitrary code execution<br />
* [04 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000430.html ASA-201511-2] {{pkg|firefox}} multiple issues<br />
* [03 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000429.html ASA-201511-1] {{pkg|unzip}} multiple issues<br />
<br />
=== October 2015 ===<br />
<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000428.html ASA-201510-26] {{pkg|mariadb}} denial of service<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000427.html ASA-201510-25] {{pkg|lldpd}} denial of service<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000426.html ASA-201510-24] {{pkg|wordpress}} multiple issues<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000425.html ASA-201510-23] {{pkg|phpmyadmin}} content spoofing<br />
* [27 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000424.html ASA-201510-22] {{pkg|vorbis-tools}} denial of service<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000423.html ASA-201510-21] {{pkg|drupal}} open redirect<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000422.html ASA-201510-20] {{pkg|jre8-openjdk-headless}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000421.html ASA-201510-19] {{pkg|jre8-openjdk}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000420.html ASA-201510-18] {{pkg|jdk8-openjdk}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000419.html ASA-201510-17] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000418.html ASA-201510-16] {{pkg|jre7-openjdk}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000417.html ASA-201510-15] {{pkg|jdk7-openjdk}} multiple issues<br />
* [22 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000416.html ASA-201510-14] {{pkg|ntp}} multiple issues<br />
* [19 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000415.html ASA-201510-13] {{pkg|spice}} multiple issues<br />
* [18 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000414.html ASA-201510-12] {{pkg|flashplugin}} arbitrary code execution<br />
* [18 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000413.html ASA-201510-11] {{pkg|miniupnpc}} arbitrary code execution<br />
* [16 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000412.html ASA-201510-10] {{pkg|firefox}} cross-origin restriction bypass<br />
* [15 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000411.html ASA-201510-9] {{pkg|mbedtls}} arbitrary code execution<br />
* [14 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000410.html ASA-201510-8] {{pkg|chromium}} multiple issues<br />
* [14 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000409.html ASA-201510-7] {{pkg|flashplugin}} multiple issues<br />
* [10 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000408.html ASA-201510-6] {{pkg|gdk-pixbuf2}} multiple issues<br />
* [08 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000407.html ASA-201510-5] {{pkg|opensmtpd}} multiple issues<br />
* [08 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000406.html ASA-201510-4] {{pkg|bugzilla}} unauthorized account creation<br />
* [05 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000405.html ASA-201510-3] {{pkg|nodejs}} denial of service<br />
* [05 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000404.html ASA-201510-2] {{pkg|hostapd}} denial of service<br />
* [05 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000403.html ASA-201510-1] {{pkg|libunwind}} denial of service<br />
<br />
=== September 2015 ===<br />
* [28 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000401.html ASA-201509-11] {{pkg|chromium}} cross-origin bypass<br />
* [25 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000400.html ASA-201509-10] {{pkg|rpcbind}} denial of service<br />
* [23 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000399.html ASA-201509-9] {{pkg|firefox}} multiple issues<br />
* [22 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000398.html ASA-201509-8] {{pkg|flashplugin}} multiple issues<br />
* [21 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000397.html ASA-201509-7] {{pkg|wordpress}} multiple issues<br />
* [13 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000395.html ASA-201509-6] {{pkg|icedtea-web}} multiple issues<br />
* [13 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000394.html ASA-201509-5] {{pkg|libvdpau}} {{pkg|lib32-libvdpau}} multiple issues<br />
* [13 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000393.html ASA-201509-4] {{pkg|openldap}} denial of service<br />
* [07 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000392.html ASA-201509-3] {{pkg|powerdns}} denial of service<br />
* [03 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000391.html ASA-201509-2] {{pkg|bind}} denial of service<br />
* [02 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000390.html ASA-201509-1] {{pkg|chromium}} multiple issues<br />
<br />
=== August 2015 ===<br />
* [28 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000389.html ASA-201508-12] {{pkg|firefox}} multiple issues<br />
* [26 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000388.html ASA-201508-11] {{pkg|pcre}} arbitrary code execution<br />
* [26 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000387.html ASA-201508-10] {{pkg|jasper}} denial of service<br />
* [25 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000386.html ASA-201508-9] {{pkg|django}} denial of service<br />
* [25 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000385.html ASA-201508-8] {{pkg|gnutls}} denial of service<br />
* [16 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000384.html ASA-201508-7] {{pkg|glibc}} denial of service<br />
* [14 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000383.html ASA-201508-6] {{pkg|freeradius}} insufficient CRL validation<br />
* [14 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000382.html ASA-201508-5] {{pkg|subversion}} authentication bypass<br />
* [12 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000381.html ASA-201508-4] {{pkg|firefox}} multiple issues<br />
* [11 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000380.html ASA-201508-3] {{pkg|ppp}} denial of service<br />
* [07 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000379.html ASA-201508-2] {{pkg|wordpress}} multiple issues<br />
* [07 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000378.html ASA-201508-1] {{pkg|firefox}} information leakage<br />
<br />
=== July 2015 ===<br />
* [29 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000377.html ASA-201507-23] {{pkg|pacman}} silent downgrade<br />
* [29 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000376.html ASA-201507-22] {{pkg|bind}} denial of service<br />
* [29 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000375.html ASA-201507-21] {{pkg|qemu}} multiple issues<br />
* [24 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000374.html ASA-201507-20] {{pkg|crypto++}} private key recovery<br />
* [24 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000373.html ASA-201507-19] {{pkg|libuser}} privilege escalation<br />
* [23 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000371.html ASA-201507-18] {{pkg|chromium}} multiple issues<br />
* [23 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000372.html ASA-201507-17] {{pkg|openssh}} authentication limits bypass<br />
* [22 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000370.html ASA-201507-16] {{pkg|jre7-openjdk}} multiple issues<br />
* [17 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000369.html ASA-201507-15] {{pkg|apache}} multiple issues<br />
* [16 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000368.html ASA-201507-14] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [16 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000367.html ASA-201507-13] {{pkg|flashplugin}} arbitrary code execution<br />
* [13 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000366.html ASA-201507-12] {{pkg|lib32-openssl}} man-in-the-middle<br />
* [12 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000365.html ASA-201507-11] {{pkg|lib32-krb5}} multiple issues<br />
* [12 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000364.html ASA-201507-10] {{pkg|krb5}} multiple issues<br />
* [11 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000363.html ASA-201507-9] {{pkg|thunderbird}} multiple issues<br />
* [09 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000362.html ASA-201507-8] {{pkg|openssl}} man-in-the-middle<br />
* [08 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000361.html ASA-201507-7] {{pkg|flashplugin}} remote code execution<br />
* [07 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000360.html ASA-201507-6] {{pkg|bind}} denial of service<br />
* [07 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000359.html ASA-201507-5] {{pkg|ntp}} denial of service<br />
* [04 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000358.html ASA-201507-4] {{pkg|openssh}} XSECURITY restrictions bypass<br />
* [04 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000357.html ASA-201507-3] {{pkg|haproxy}} information leakage<br />
* [03 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000356.html ASA-201507-2] {{pkg|firefox}} remote code execution<br />
* [03 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000355.html ASA-201507-1] {{pkg|wesnoth}} information leakage<br />
<br />
=== June 2015 ===<br />
* [24 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000346.html ASA-201506-5] {{pkg|flashplugin}} remote code execution<br />
* [22 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000345.html ASA-201506-4] {{pkg|curl}} information leakage<br />
* [12 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000344.html ASA-201506-3] {{pkg|openssl}} multiple issues<br />
* [10 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000343.html ASA-201506-2] {{pkg|cups}} multiple issues<br />
* [01 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000342.html ASA-201506-1] {{pkg|pcre}} buffer overflow<br />
<br />
=== May 2015 ===<br />
* [28 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000341.html ASA-201505-20] {{pkg|curl}} information leakage<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000340.html ASA-201505-19] {{pkg|webkitgtk2}} man-in-the-middle<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000339.html ASA-201505-18] {{pkg|webkitgtk}} man-in-the-middle<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000338.html ASA-201505-17] {{pkg|postgresql}} multiple issues<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000337.html ASA-201505-16] {{pkg|pgbouncer}} denial of service<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000336.html ASA-201505-15] {{pkg|nbd}} denial of service<br />
* [21 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000335.html ASA-201505-14] {{pkg|chromium}} multiple issues<br />
* [18 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000332.html ASA-201505-13] {{pkg|thunderbird}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000331.html ASA-201505-12] {{pkg|wireshark-gtk}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000330.html ASA-201505-11] {{pkg|wireshark-qt}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000329.html ASA-201505-10] {{pkg|wireshark-cli}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000328.html ASA-201505-9] {{pkg|qemu}} arbitrary code execution<br />
* [13 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000321.html ASA-201505-8] {{pkg|tomcat6}} denial of service<br />
* [13 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000320.html ASA-201505-7] {{pkg|firefox}} multiple issues<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000319.html ASA-201505-6] {{pkg|docker}} multiple issues<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000318.html ASA-201505-5] {{pkg|libtasn1}} arbitrary code execution<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000317.html ASA-201505-4] {{pkg|mariadb-clients}} multiple issues<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000316.html ASA-201505-3] {{pkg|mariadb}} multiple issues<br />
* [03 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000315.html ASA-201505-2] {{pkg|clamav}} multiple issues<br />
* [01 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000314.html ASA-201505-1] {{pkg|squid}} weak certificate validation<br />
<br />
=== Apr 2015 ===<br />
* [30 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000313.html ASA-201504-32] {{pkg|perl-xml-libxml}} xml external entity injection<br />
* [29 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000312.html ASA-201504-31] {{pkg|dovecot}} denial of service<br />
* [29 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000311.html ASA-201504-30] {{pkg|chromium}} multiple issues<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000310.html ASA-201504-29] {{pkg|wpa_supplicant}} arbitrary code execution<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000309.html ASA-201504-28] {{pkg|curl}} multiple issues<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000308.html ASA-201504-27] {{pkg|powerdns-recursor}} denial of service<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000307.html ASA-201504-26] {{pkg|powerdns}} denial of service<br />
* [23 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000305.html ASA-201504-25] {{pkg|glibc}} arbitrary code execution<br />
* [22 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000304.html ASA-201504-24] {{pkg|firefox}} arbitrary code execution<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000302.html ASA-201504-23] {{pkg|jre8-openjdk-headless}} multiple issues<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000301.html ASA-201504-22] {{pkg|jre8-openjdk}} multiple issues<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000300.html ASA-201504-21] {{pkg|jdk8-openjdk}} multiple issues<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000299.html ASA-201504-20] {{pkg|tcpdump}} denial of service<br />
* [18 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000298.html ASA-201504-19] {{pkg|chromium}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000297.html ASA-201504-18] {{pkg|flashplugin}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000296.html ASA-201504-17] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000295.html ASA-201504-16] {{pkg|jre7-openjdk}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000294.html ASA-201504-15] {{pkg|jdk7-openjdk}} multiple issues<br />
* [15 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000291.html ASA-201504-14] {{pkg|php}} multiple issues<br />
* [14 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000282.html ASA-201504-13] {{pkg|ruby}} permissive certificate matching<br />
* [11 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000281.html ASA-201504-12] {{pkg|icecast}} denial of service<br />
* [10 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000280.html ASA-201504-11] {{pkg|mediawiki}} multiple issues<br />
* [09 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000279.html ASA-201504-10] {{pkg|libssh2}} out-of-bounds read<br />
* [08 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000278.html ASA-201504-9] {{pkg|chrony}} denial of service<br />
* [08 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000275.html ASA-201504-8] {{pkg|ntp}} multiple issues<br />
* [07 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000274.html ASA-201504-7] {{pkg|tor}} multiple issues<br />
* [04 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000272.html ASA-201504-6] {{pkg|thunderbird}} multiple issues<br />
* [04 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000273.html ASA-201504-5] {{pkg|java-batik}} xml external entity injection<br />
* [04 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000271.html ASA-201504-4] {{pkg|firefox}} certificate verification bypass<br />
* [03 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000270.html ASA-201504-3] {{pkg|libtasn1}} stack overflow<br />
* [02 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000269.html ASA-201504-2] {{pkg|chromium}} remote code execution<br />
* [01 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000268.html ASA-201504-1] {{pkg|firefox}} multiple issues<br />
<br />
=== Mar 2015 ===<br />
* [31 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000267.html ASA-201503-26] {{pkg|musl}} arbitrary code execution<br />
* [28 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000266.html ASA-201503-25] {{pkg|php}} zip integer overflow<br />
* [25 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000265.html ASA-201503-24] {{pkg|vorbis-tools}} denial of service<br />
* [24 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000264.html ASA-201503-23] {{pkg|util-linux}} command injection<br />
* [23 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000263.html ASA-201503-22] {{pkg|cpio}} directory traversal<br />
* [21 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000262.html ASA-201503-21] {{pkg|firefox}} multiple issues<br />
* [20 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000261.html ASA-201503-20] {{pkg|tcpdump}} multiple issues<br />
* [20 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000260.html ASA-201503-19] {{pkg|xerces-c}} denial of service<br />
* [20 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000259.html ASA-201503-18] {{pkg|drupal}} multiple issues<br />
* [19 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000258.html ASA-201503-17] {{pkg|lib32-openssl}} multiple issues<br />
* [19 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000257.html ASA-201503-16] {{pkg|openssl}} multiple issues<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000256.html ASA-201503-15] {{pkg|libxfont}} multiple issues<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000255.html ASA-201503-14] {{pkg|ecryptfs-utils}} hard-coded passphrase salt<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000254.html ASA-201503-13] {{pkg|ettercap-gtk}} multiple issues<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000253.html ASA-201503-12] {{pkg|ettercap}} multiple issues<br />
* [16 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000252.html ASA-201503-11] {{pkg|flashplugin}} multiple issues<br />
* [16 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000251.html ASA-201503-10] {{pkg|librsync}} checksum collision<br />
* [15 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000250.html ASA-201503-9] {{pkg|unzip}} arbitrary code execution<br />
* [12 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000249.html ASA-201503-8] {{pkg|e2fsprogs}} arbitrary code execution<br />
* [11 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000248.html ASA-201503-7] {{pkg|python2-django}} {{pkg|python-django}} cross site scripting<br />
* [09 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000247.html ASA-201503-6] {{pkg|mutt}} denial of service<br />
* [05 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000245.html ASA-201503-5] {{pkg|chromium}} multiple issues<br />
* [05 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000244.html ASA-201503-4] {{pkg|grep}} denial of service<br />
* [02 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000243.html ASA-201503-3] {{pkg|lib32-elfutils}} directory traversal<br />
* [02 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000242.html ASA-201503-2] {{pkg|elfutils}} directory traversal<br />
* [02 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000241.html ASA-201503-1] {{pkg|putty}} information disclosure<br />
<br />
=== Feb 2015 ===<br />
* [25 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000238.html ASA-201502-15] {{pkg|thunderbird}} multiple issues<br />
* [25 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000237.html ASA-201502-14] {{pkg|firefox}} multiple issues<br />
* [23 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000236.html ASA-201502-13] {{pkg|samba}} arbitrary code execution<br />
* [17 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000235.html ASA-201502-12] {{pkg|krb5}} multiple issues<br />
* [11 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000234.html ASA-201502-11] {{pkg|xorg-server}} information leak and denial of service<br />
* [10 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000233.html ASA-201502-10] {{pkg|dbus}} denial of service<br />
* [09 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000232.html ASA-201502-9] {{pkg|pigz}} remote write to arbitrary file<br />
* [09 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000231.html ASA-201502-8] {{pkg|glibc}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000230.html ASA-201502-7] {{pkg|ntp}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000229.html ASA-201502-6] {{pkg|clamav}} arbitrary code execution<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000228.html ASA-201502-5] {{pkg|chromium}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000227.html ASA-201502-4] {{pkg|postgresql}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000226.html ASA-201502-3] {{pkg|mantisbt}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000225.html ASA-201502-2] {{pkg|flashplugin}} remote code execution<br />
* [03 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000224.html ASA-201502-1] {{pkg|privoxy}} denial of service<br />
<br />
=== Jan 2015 ===<br />
* [28 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000223.html ASA-201501-24] {{pkg|patch}} multiple issues<br />
* [27 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000222.html ASA-201501-23] {{pkg|jasper}} arbitrary code execution<br />
* [26 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000220.html ASA-201501-22] {{pkg|flashplugin}} multiple issues<br />
* [25 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000219.html ASA-201501-21] {{pkg|chromium}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000218.html ASA-201501-20] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000217.html ASA-201501-19] {{pkg|jre7-openjdk}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000216.html ASA-201501-18] {{pkg|jdk7-openjdk}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000215.html ASA-201501-17] {{pkg|php}} remote code execution<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000212.html ASA-201501-16] {{pkg|jre8-openjdk-headless}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000211.html ASA-201501-15] {{pkg|jre8-openjdk}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000210.html ASA-201501-14] {{pkg|jdk8-openjdk}} multiple issues<br />
* [20 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000209.html ASA-201501-13] {{pkg|polarssl}} remote code execution<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000208.html ASA-201501-12] {{pkg|libssh}} denial of service<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000207.html ASA-201501-11] {{pkg|tinyproxy}} denial of service<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000206.html ASA-201501-10] {{pkg|samba}} privilege elevation<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000205.html ASA-201501-9] {{pkg|curl}} url request injection<br />
* [15 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000204.html ASA-201501-8] {{pkg|flashplugin}} multiple issues<br />
* [14 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000203.html ASA-201501-7] {{pkg|thunderbird}} multiple issues<br />
* [14 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000202.html ASA-201501-6] {{pkg|firefox}} multiple issues<br />
* [14 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000201.html ASA-201501-5] {{pkg|cpio}} heap buffer overflow<br />
* [13 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000200.html ASA-201501-4] {{pkg|libevent}} heap overflow<br />
* [10 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000199.html ASA-201501-3] {{pkg|unzip}} arbitrary code execution<br />
* [09 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000198.html ASA-201501-2] {{pkg|openssl}} multiple issues<br />
* [07 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000192.html ASA-201501-1] {{pkg|imagemagick}} multiple issues<br />
<br />
=== Dec 2014 ===<br />
* [22 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000189.html ASA-201412-24] {{pkg|ntp}} multiple issues<br />
* [18 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000183.html ASA-201412-23] {{pkg|php}} use after free<br />
* [18 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000182.html ASA-201412-22] {{pkg|jasper}} arbitrary code execution<br />
* [18 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000181.html ASA-201412-21] {{pkg|glibc}} arbitrary code execution<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000178.html ASA-201412-20] {{pkg|unrtf}} arbitrary code execution<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000177.html ASA-201412-19] {{pkg|dokuwiki}} cross-site scripting<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000176.html ASA-201412-18] {{pkg|nss}} signature forgery<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000175.html ASA-201412-17] {{pkg|subversion}} denial of service<br />
* [15 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000174.html ASA-201412-16] {{pkg|docker}} multiple issues<br />
* [15 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000173.html ASA-201412-15] {{pkg|python2}} multiple issues<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000172.html ASA-201412-14] {{pkg|xorg-server}} multiple issues<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000171.html ASA-201412-13] {{pkg|flashplugin}} multiple issues<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000170.html ASA-201412-12] {{pkg|nvidia}} arbitrary code execution<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000169.html ASA-201412-11] {{pkg|nvidia-340xx}} arbitrary code execution<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000168.html ASA-201412-10] {{pkg|nvidia-304xx}} arbitrary code execution<br />
* [09 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000167.html ASA-201412-9] {{pkg|powerdns-recursor}} denial of service<br />
* [09 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000166.html ASA-201412-8] {{pkg|unbound}} denial of service<br />
* [08 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000165.html ASA-201412-7] {{pkg|bind}} denial of service<br />
* [08 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000164.html ASA-201412-6] {{pkg|mantisbt}} multiple issues<br />
* [04 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000163.html ASA-201412-5] {{pkg|antiword}} buffer overflow<br />
* [03 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000162.html ASA-201412-4] {{pkg|graphviz}} format string vulnerability<br />
* [03 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000161.html ASA-201412-3] {{pkg|firefox}} multiple issues<br />
* [02 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000160.html ASA-201412-2] {{pkg|openvpn}} denial of service<br />
* [01 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000159.html ASA-201412-1] {{pkg|gnupg}} denial of service<br />
<br />
=== Nov 2014 ===<br />
* [28 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000156.html ASA-201411-31] {{pkg|libksba}} denial of service<br />
* [28 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000157.html ASA-201411-32] {{pkg|icecast}} information leak<br />
* [28 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000158.html ASA-201411-33] {{pkg|libjpeg-turbo}} denial of service <br />
* [26 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000155.html ASA-201411-30] {{pkg|flac}} arbitrary code execution<br />
* [26 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000154.html ASA-201411-29] {{pkg|pcre}} heap buffer overflow<br />
* [23 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000153.html ASA-201411-28] {{pkg|dbus}} denial of service<br />
* [21 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000152.html ASA-201411-27] {{pkg|glibc}} command execution<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000151.html ASA-201411-26] {{pkg|chromium}} multiple issues<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000150.html ASA-201411-25] {{pkg|drupal}} session hijacking and denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000149.html ASA-201411-24] {{pkg|wireshark-qt}} denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000148.html ASA-201411-23] {{pkg|wireshark-gtk}} denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000147.html ASA-201411-22] {{pkg|wireshark-cli}} denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000146.html ASA-201411-21] {{pkg|clamav}} denial of service<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000145.html ASA-201411-20] {{pkg|avr-binutils}} multiple issues<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000144.html ASA-201411-19] {{pkg|mingw-w64-binutils}} multiple issues<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000143.html ASA-201411-18] {{pkg|arm-none-eabi-binutils}} multiple issues<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000142.html ASA-201411-17] {{pkg|binutils}} multiple issues<br />
* [17 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000141.html ASA-201411-16] {{pkg|ruby}} denial of service<br />
* [17 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000140.html ASA-201411-15] {{pkg|linux-lts}} local denial of service, privilege escalation<br />
* [17 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000139.html ASA-201411-14] {{pkg|linux}} local denial of service, privilege escalation<br />
* [13 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000138.html ASA-201411-13] {{pkg|php}} denial of service<br />
* [13 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000137.html ASA-201411-12] {{pkg|imagemagick}} denial of service<br />
* [13 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000136.html ASA-201411-11] {{pkg|flashplugin}} remote code execution<br />
* [12 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000135.html ASA-201411-10] {{pkg|gnutls}} out-of-bounds memory write<br />
* [12 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000134.html ASA-201411-9] {{pkg|file}} denial of service through out-of-bounds read<br />
* [12 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000133.html ASA-201411-8] {{pkg|mantisbt}} arbitrary code execution and unrestricted access<br />
* [11 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000132.html ASA-201411-7] {{pkg|curl}} out-of-bounds read<br />
* [10 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000131.html ASA-201411-6] {{pkg|kdebase-workspace}} local privilege escalation<br />
* [09 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000130.html ASA-201411-5] {{pkg|konversation}} denial of service<br />
* [06 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000129.html ASA-201411-4] {{pkg|polarssl}} multiple issues<br />
* [05 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000128.html ASA-201411-3] {{pkg|mantisbt}} sql injection<br />
* [03 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000127.html ASA-201411-2] {{pkg|aircrack-ng}} multiple vulnerabilities<br />
* [01 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000126.html ASA-201411-1] {{pkg|tnftp}} arbitrary command execution<br />
<br />
=== Oct 2014 ===<br />
<br />
* [29 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000125.html ASA-201410-14] {{pkg|wget}} arbitrary filesystem access<br />
* [27 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000124.html ASA-201410-13] {{pkg|ejabberd}} circumvention of encryption<br />
* [24 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000123.html ASA-201410-12] {{pkg|libxml2}} Denial of service<br />
* [24 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000122.html ASA-201410-11] {{pkg|ctags}} Denial of service<br />
* [23 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000121.html ASA-201410-10] {{pkg|libvncserver}} Remote code execution and Remote DoS<br />
* [22 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000120.html ASA-201410-9] {{pkg|libpurple}} Remote DoS and Information leakage<br />
* [20 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000119.html ASA-201410-8] {{pkg|wpa_supplicant}}, {{pkg|hostapd}} Arbitrary command execution<br />
* [16 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000118.html ASA-201410-7] {{pkg|drupal}} SQL Injection<br />
* [16 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000117.html ASA-201410-6] {{pkg|openssl}} Memory leak and poodle mitigation<br />
* [15 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000116.html ASA-201410-4] {{pkg|zeromq}} Man-in-the-middle downgrade and replay attack<br />
* [8 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000115.html ASA-201410-5] {{pkg|rsyslog}} Denial of service<br />
* [4 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000114.html ASA-201410-3] {{pkg|mediawiki}} Cross-site Scripting (XSS) and UI redressing<br />
* [2 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000113.html ASA-201410-2] {{pkg|jenkins}} Multiple issues<br />
* [1 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000112.html ASA-201410-1] {{pkg|rsyslog}} Remote denial of service<br />
<br />
=== Sep 2014 ===<br />
<br />
* [29 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000111.html ASA-201409-5] {{pkg|libvirt}} Out-of-bounds read access<br />
* [29 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000109.html ASA-201409-4] {{pkg|mediawiki}} Cross-site Scripting (XSS)<br />
* [26 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000102.html ASA-201409-3] {{pkg|python2}} Information leakage through integer overflow<br />
* [26 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000099.html ASA-201409-2] {{pkg|bash}} Remote code execution<br />
* [25 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000097.html ASA-201409-1] {{pkg|nss}} Signature forgery attack<br />
<br />
==Publishing a new advisory==<br />
<br />
We try to always wait for the vulnerability to have been fixed in the corresponding package before issuing an advisory.<br />
In case of an extremely critical vulnerability,<br />
we may issue an advisory before the package has been fixed, but only if a work-around exists. <br />
<br />
If you want to publish a new advisory, please check that:<br />
* the corresponding Arch Linux package is really vulnerable ;<br />
* the tracking [[Arch_CVE_Monitoring_Team#Procedure|Procedure]] has been completed;<br />
* no Arch Linux Security Advisory for this vulnerability has been published yet ;<br />
* no upcoming Security Advisory for this vulnerability has been claimed in the "[[#Scheduled Advisories|Scheduled Advisories]]" list of this page, as it would mean that someone is already working on an advisory ;<br />
* the current maintainer has been notified, either by flagging the package ouf-of-date if an upstream release fixing the issue exists and/or by creating a new [https://bugs.archlinux.org/ bug-tracker] entry (see the exact procedure [[Arch_CVE_Monitoring_Team#Procedure|here]]).<br />
<br />
You may then:<br />
* add a line in the "[[#Scheduled Advisories|Scheduled Advisories]]" list of this page, indicating that you are going to publish an advisory soon ;<br />
* use the following template as an example to write the advisory ;<br />
* ensure that every line in the advisory is properly wrapped after 72 characters<br />
* send the advisory to the [https://mailman.archlinux.org/mailman/listinfo/arch-security arch-security] mailing-list (note that it would be nice if you could send a PGP-signed e-mail, but it is not required).<br />
* move the published advisory from "[[#Scheduled Advisories|Scheduled Advisories]]" to "[[#Recent Advisories|Recent Advisories]]"<br />
* adapt the [[CVE#Documented_CVE.27s|CVE]] tracking page for the fixed package and add a link to the appropriate ASA.<br />
<br />
===Templates===<br />
<br />
{{bc|<nowiki><br />
Subject:<br />
[ASA-<YYYYMM-N>] <Package>: <Vulnerability Type><br />
<br />
Body:<br />
Arch Linux Security Advisory ASA-YYYYMM-N<br />
=========================================<br />
<br />
Severity: Low, Medium, High, Critical<br />
Date : YYYY-MM-DD<br />
CVE-ID : <CVE-ID><br />
Package : <package><br />
Type : <Vulnerability Type><br />
Remote : <Yes/No><br />
Link : https://wiki.archlinux.org/index.php/CVE<br />
<br />
Summary<br />
=======<br />
<br />
The package <package> before version <Arch Linux fixed version> is vulnerable to <Vulnerability type>.<br />
<br />
Resolution<br />
==========<br />
<br />
Upgrade to <Arch Linux fixed version>.<br />
<br />
# pacman -Syu "<package>>=<Arch Linux fixed version>"<br />
<br />
The problem has been fixed upstream in version <upstream fixed version>.<br />
<br />
Workaround<br />
==========<br />
<br />
<Is there a way to mitigate this vulnerability without upgrading?><br />
<br />
Description<br />
===========<br />
<br />
<Long description, for example from original advisory>.<br />
<br />
Impact<br />
======<br />
<br />
<<br />
What is it that an attacker can do? Does this need existing<br />
pre-conditions to be exploited (valid credentials, physical access)?<br />
Is this remotely exploitable?<br />
>.<br />
<br />
References<br />
==========<br />
<br />
<CVE-Link><br />
<Upstream report><br />
<Arch Linux Bug-Tracker><br />
</nowiki>}}<br />
<br />
===Vim-Snippet===<br />
<br />
Vim-Snippet for vim-ultisnips plugin for easy completing the archlinux template. Just install {{pkg|vim-ultisnips}} and copy the text below in your {{ic|~/.vim/UltiSnips/all.snippets}} you can jump through the tabstops with {{ic|CTRL+j}}.<br />
<br />
{{bc|<nowiki><br />
snippet archsec "arch security form" <br />
Arch Linux Security Advisory ASA-`date -I -u | egrep -o '[0-9]{4}'``date -I -u | egrep -o '[0-9]{2}' | sed '3q;d'`-${1}<br />
========================================${1/./=/g} <br />
<br />
Severity: ${2} <br />
Date : `date -I -u` <br />
CVE-ID : $3 <br />
Package : $4 <br />
Type : $5<br />
Remote : ${6} <br />
Link : https://wiki.archlinux.org/index.php/CVE <br />
<br />
Summary<br />
=======<br />
<br />
The package $4 before version $7 is vulnerable to $5 ${8} <br />
<br />
Resolution<br />
==========<br />
<br />
Upgrade to $7.<br />
<br />
# pacman -Syu "$4>=$7" <br />
<br />
${9:The problems have been fixed upstream in version ${7/-\d+$/./}} <br />
<br />
Workaround<br />
========== <br />
<br />
${10:None.} <br />
<br />
Description <br />
=========== <br />
<br />
${3/(CVE-....-....)(\s?)/- $1(?2: : )()\n\n/g} <br />
<br />
Impact<br />
====== <br />
<br />
A${6/(Yes)|(No)/(?1: remote )(?2: local )/}attacker is able to ${12} <br />
<br />
References<br />
========== <br />
<br />
${3/(CVE-....-....)(\s?)/https:\/\/access.redhat.com\/security\/cve\/$1\n/g}<br />
${13}<br />
endsnippet<br />
<br />
</nowiki>}}</div>
Anthraxx
https://wiki.archlinux.org/index.php?title=Steam/Troubleshooting&diff=452610
Steam/Troubleshooting
2016-10-01T12:54:11Z
<p>Anthraxx: /* Native runtime */ be more specific about the new steam-native wrapper provided through the official steam package as that should be used instead of manually setting STEAM_RUNTIME=0 (explenation added as note)</p>
<hr />
<div>[[Category:Gaming]]<br />
[[ru:Steam/Troubleshooting]]<br />
[[ja:Steam/トラブルシューティング]]<br />
{{Tip|The {{ic|/usr/bin/steam}} script redirects Steam's stdout and stderr to {{ic|/tmp/dumps/${USER}_stdout.txt}}. This means you do not have to run Steam from a terminal emulator to see that output.}}<br />
<br />
{{Note|In addition to being documented here, any bug/fix/error should be, if not already, reported on Valve's bug tracker on their [https://github.com/ValveSoftware/steam-for-linux GitHub page].}}<br />
<br />
== Debugging Steam ==<br />
<br />
It is possible to debug Steam to gain more information which could be useful to find out why something does not work.<br />
<br />
You can set {{ic|DEBUGGER}} environment variable with one of {{ic|gdb}}, {{ic|cgdb}}, {{ic|valgrind}}, {{ic|callgrind}}, {{ic|strace}} and then start {{ic|steam}}.<br />
<br />
For example with {{Pkg|gdb}}<br />
{{bc|1=$ DEBUGGER=gdb steam}}<br />
<br />
{{ic|gdb}} will open, then type {{ic|run}} which will start {{ic|steam}} and once crash happens you can type {{ic|backtrace}} to see call stack.<br />
<br />
== Steam runtime issues ==<br />
<br />
Steam installs its own older versions of some libraries collectively called the "Steam Runtime". These will often conflict with the libraries included in Arch Linux, and out-of-date libraries may be missing important features (Notably, the OpenAL version they ship lacks [[Gaming#Binaural_Audio_with_OpenAL|HRTF]] and surround71 support).<br />
<br />
Some of the possible symptoms of this issue are the Steam client itself crashing or hanging, and/or various errors:<br />
<br />
{{bc|<br />
libGL error: unable to load driver: some_driver_dri.so<br />
libGL error: driver pointer missing<br />
libGL error: failed to load driver: some_driver<br />
libGL error: unable to load driver: swrast_dri.so<br />
libGL error: failed to load driver: swrast}}<br />
<br />
Failed to load libGL: undefined symbol: xcb_send_fd<br />
<br />
ERROR: ld.so: object '~/.local/share/Steam/ubuntu12_32/gameoverlayrenderer.so' from LD_PRELOAD cannot be preloaded (wrong ELF class: ELFCLASS32): ignored.<br />
<br />
OpenGL GLX context is not using direct rendering, which may cause performance problems.<br />
<br />
Could not find required OpenGL entry point 'glGetError'! Either your video card is unsupported or your OpenGL driver needs to be updated.<br />
<br />
{{Note|1=A misconfigured [[firewall]] may cause Steam to fail as it can not connect to its servers. [https://support.steampowered.com/kb_article.php?ref=2198-AGHC-7226] Most games will crash if the Steam API fails to load.}}<br />
<br />
See also [https://github.com/ValveSoftware/steam-runtime/issues/13 upstream issue #13], and these forum threads:<br />
<br />
* https://bbs.archlinux.org/viewtopic.php?id=181171<br />
* https://bbs.archlinux.org/viewtopic.php?id=183141<br />
<br />
=== Dynamic linker ===<br />
<br />
The dynamic linker—see {{man|8|ld.so}}—can be used to force Steam to load the up-to-date system libraries via the {{ic|LD_PRELOAD}} [[environment variable]]. For example:<br />
<br />
LD_PRELOAD='/usr/$LIB/libstdc++.so.6 /usr/$LIB/libgcc_s.so.1 /usr/$LIB/libxcb.so.1 /usr/$LIB/libgpg-error.so' /usr/bin/steam<br />
<br />
{{Note|The {{ic|$LIB}} above is '''not''' a variable, but a directive to the linker to pick the appropriate architecture for the library. The single quotes are required to prevent the shell from treating {{ic|$LIB}} as a variable.}}<br />
<br />
{{Tip|You can put this command in a wrapper script such as {{ic|/usr/local/bin/steam-preload}}, appending {{ic|"$@"}} to preserve command-line arguments. This script can be referred to in a [[desktop file]], for example through {{ic|1=Exec=/usr/local/bin/steam-preload %U}}.}}<br />
<br />
=== Native runtime ===<br />
<br />
To force Steam to use only your system libraries, run it with<br />
<br />
$ steam-native<br />
<br />
Or through the menu entry "Steam (Native)" provided by the steam-native.desktop file.<br />
<br />
{{Note|1=Always use this wrapper as (besides setting STEAM_RUNTIME=0) it also ensures to contain common workarounds and roundups like DBUS_FATAL_WARNINGS=0 to avoid coredumps on shutdown}}<br />
<br />
This wrapper can be called in another wrapper script or .desktop file, as with the [[#Dynamic linker]] solution. However, if you are missing any libraries from the Steam runtime, individual games or Steam itself may fail to launch. To find the required libraries run:<br />
<br />
$ cd ~/.local/share/Steam/ubuntu12_32<br />
$ file * | grep ELF | cut -d: -f1 | LD_LIBRARY_PATH=. xargs ldd | grep 'not found' | sort | uniq<br />
<br />
{{Note|The libraries must be 32-bit, some of which are only available for x86_64 in the [[AUR]].}}<br />
<br />
Alternatively, while Steam is running, the following command will show which non-system libraries Steam is using (not all of these are part of the Steam runtime):<br />
<br />
$ for i in $(pgrep steam); do sed '/\.local/!d;s/.* //g' /proc/$i/maps; done | sort | uniq<br />
<br />
==== Libraries for x86_64 ====<br />
<br />
The minimum required libraries needed on an x86_64 system are<br />
<br />
* {{pkg|lib32-openal}}<br />
* {{pkg|lib32-nss}}<br />
* {{pkg|lib32-gtk2}}<br />
* {{pkg|lib32-gtk3}}<br />
* {{pkg|lib32-libcanberra}}<br />
* {{Pkg|lib32-gconf}}<br />
* {{Pkg|lib32-dbus-glib}}<br />
* {{Pkg|lib32-libnm-glib}}<br />
* {{Pkg|lib32-libudev0-shim}}<br />
<br />
Some games may require additional libraries in order to launch without the runtime. See [[Steam/Game-specific troubleshooting]].<br />
<br />
The meta-package {{pkg|steam-native-runtime}} includes all of these libraries (as well as some game-specific libraries) as dependencies, to simplify the install process.<br />
<br />
If you want the Steam tray icon to work, you will need {{AUR|lib32-libappindicator-gtk2}} from the [[AUR]].<br />
<br />
== Multiple monitors setup ==<br />
{{Accuracy|relating a wrong ELF class and disabling displays is inaccurate at best}}<br />
Setup with multiple monitors can cause<br />
{{ic|ERROR: ld.so: object '~/.local/share/Steam/ubuntu12_32/gameoverlayrenderer.so' from LD_PRELOAD cannot be preloaded (wrong ELF class: ELFCLASS32): ignored.}} error which will make game unable to start. If you stuck on this error and have multiple monitors, try to disable all additional displays, and then run a game. You can enable them after the game successfully started. <br />
<br />
Also you can try this:<br />
export LD_LIBRARY_PATH=/usr/lib32/nvidia:/usr/lib/nvidia:$LD_LIBRARY_PATH<br />
and then run steam.<br />
<br />
== Native runtime: steam.sh line 756 Segmentation fault ==<br />
<br />
: Valve GitHub [https://github.com/ValveSoftware/steam-for-linux/issues/3863 issue 3863]<br />
<br />
As per the bug report above, Steam crashes with {{ic|/home/<username>/.local/share/Steam/steam.sh: line 756: <variable numeric code> Segmentation fault (core dumped)}} when running with STEAM_RUNTIME=0.<br />
<br />
This happens because steamclient.so is linked to libudev.so.0 ({{AUR|lib32-libudev0}}) which conflicts with libudev.so.1 ({{Pkg|lib32-systemd}})<br />
<br />
The only proposed workaround is copying Steam's packaged 32-bit versions of libusb and libgudev to /usr/lib32:<br />
<br />
{{bc|# cp $HOME/.local/share/Steam/ubuntu12_32/steam-runtime/i386/usr/lib/i386-linux-gnu/libgudev* /usr/lib32<br />
# cp $HOME/.local/share/Steam/ubuntu12_32/steam-runtime/i386/lib/i386-linux-gnu/libusb* /usr/lib32}}<br />
<br />
Notice that the workaround is necessary because the bug affects systems with lib32-libgudev and lib32-libusb installed.<br />
<br />
Alternatively it has been successful to prioritize the loading of the libudev.so.1 (see [https://github.com/ValveSoftware/steam-for-linux/issues/3863#issuecomment-203929113 comment on the same issue]):<br />
{{bc|1=$ LD_PRELOAD=/usr/lib32/libudev.so.1 STEAM_RUNTIME=0 steam}}<br />
<br />
== The close button only minimizes the window ==<br />
<br />
: Valve GitHub [https://github.com/ValveSoftware/steam-for-linux/issues/1025 issue 1025]<br />
<br />
To close the Steam window (and remove it from the taskbar) when you press '''x''', but keep Steam running in the tray, export the environment variable {{ic|1=STEAM_FRAME_FORCE_CLOSE=1}}. See [[Environment variables#Graphical applications]].<br />
<br />
Steam provides a script located at {{ic|/usr/bin/steam}} that will be run when launching Steam; adding {{ic|1=export STEAM_FRAME_FORCE_CLOSE=1}} to this file will export the environment variable for Steam on application launch.<br />
<br />
== Audio not working or 756 Segmentation fault ==<br />
<br />
First try to install {{Pkg|pulseaudio}} and {{Pkg|pulseaudio-alsa}} and if you run a x86_64 system {{Pkg|lib32-libpulse}} and {{Pkg|lib32-alsa-plugins}}.<br />
<br />
If you do not have audio in the videos which play within the Steam client, it is possible that the ALSA libs packaged with Steam are not working.<br />
<br />
Attempting to playback a video within the steam client results in an error similar to:<br />
<br />
ALSA lib pcm_dmix.c:1018:(snd_pcm_dmix_open) unable to open slave<br />
<br />
A workaround is to rename or delete the {{ic|alsa-lib}} folder and the {{ic|libasound.so.*}} files. They can be found at:<br />
<br />
~/.steam/steam/ubuntu12_32/steam-runtime/i386/usr/lib/i386-linux-gnu/<br />
<br />
An alternative workaround is to add the {{ic|libasound.so.*}} library to the '''LD_PRELOAD''' environment variable:<br />
<br />
LD_PRELOAD='/usr/$LIB/libasound.so.2 '${LD_PRELOAD} steam<br />
<br />
If audio still won't work, adding the Pulseaudio-libs to the '''LD_PRELOAD''' variable may help:<br />
<br />
LD_PRELOAD='/usr/$LIB/libpulse.so.0 /usr/$LIB/libpulse-simple.so.0 '${LD_PRELOAD}<br />
<br />
Be adviced that their names may change over time. If so, it is necessary to take a look in <br />
<br />
~/.steam/ubuntu12_32/steam-runtime/i386/usr/lib/i386-linux-gnu<br />
<br />
and find the new libs and their versions.<br />
<br />
Bugs reports have been filed: [https://github.com/ValveSoftware/steam-for-linux/issues/3376 #3376] and [https://github.com/ValveSoftware/steam-for-linux/issues/3504 #3504]<br />
<br />
== Text is corrupt or missing ==<br />
<br />
The Steam Support [https://support.steampowered.com/kb_article.php?ref=1974-YFKL-4947 instructions] for Windows seem to work on Linux also.<br />
<br />
You can install them via the {{AUR|steam-fonts}} package, or manually by downloading and [[fonts#Manual installation|installing]] [https://support.steampowered.com/downloads/1974-YFKL-4947/SteamFonts.zip SteamFonts.zip].<br />
<br />
{{Note|When steam cannot find the Arial fonts, font-config likes to fall back onto the Helveticia bitmap font. Steam does not render this and possibly other bitmap fonts correctly, so either removing problem fonts or [[Font configuration#Disable bitmap fonts|disabling bitmap fonts]] will most likely fix the issue without installing the Arial or ArialBold fonts.<br />
<br />
The font being used in place of Arial can be found with the command {{bc|$ fc-match -v Arial}}}}<br />
<br />
== SetLocale('en_US.UTF-8') fails at game startup ==<br />
<br />
Uncomment {{ic|en_US.UTF-8 UTF-8}} in {{ic|/etc/locale.gen}} and then run {{ic|locale-gen}} as root.<br />
<br />
== The game crashes immediately after start ==<br />
<br />
First, right-click on the game, choose Properties, and click the "Set Launch Options" button. In that text box put:<br />
{{bc|<nowiki>LD_PRELOAD='./libcxxrt.so:/usr/$LIB/libstdc++.so.6' %command%</nowiki>}}<br />
And try the game again. Some games work with this and some games don't.<br />
<br />
Then if your game still crashes immediately, try disabling: ''"Enable the Steam Overlay while in-game"'' in game ''Properties''.<br />
<br />
And finally, if those don't work, you should check Steam's output for any error from the game. You may encounter the following:<br />
* munmap_chunk(): invalid pointer<br />
* free(): invalid pointer<br />
<br />
In these particular cases, try replacing the libsteam_api.so file from the problematic game with one from a game that works fine. This error usually happens for games that were not updated recently when Steam runtime is disabled. This error has been encountered with at least AYIM, Bastion and Monaco.<br />
<br />
== OpenGL not using direct rendering / Steam crashes Xorg ==<br />
<br />
Sometimes presented with the error message "OpenGL GLX context is not using direct rendering, which may cause performance problems." [https://support.steampowered.com/kb_article.php?ref=9938-EYZB-7457]<br />
<br />
If you still encounter this problem after addressing [[#Steam runtime issues]], you have probably not installed your 32-bit graphics driver correctly. See [[Xorg#Driver installation]] for which packages to install.<br />
<br />
You can check/test if it is installed correctly by installing {{Pkg|lib32-mesa-demos}} and running the following command:<br />
<br />
$ glxinfo32 | grep OpenGL.<br />
<br />
== No audio in certain games ==<br />
<br />
If there is no audio in certain games, and the suggestions provided in [[Steam/Game-specific troubleshooting]] do not fix the problem, [[#Native runtime]] may provide a successful workaround. (See the note about "Steam Runtime issues" at the top of this section.)<br />
<br />
=== FMOD sound engine ===<br />
<br />
While troubleshooting a sound issue, it became evident that the following games (as examples) use the 'FMOD' audio middleware package:<br />
<br />
* Hotline Miami<br />
* Hotline Miami 2<br />
* Transistor<br />
<br />
This package is a bit buggy, and as a result while sound can appear to be working fine for the rest of your system, some games may still have problems.<br />
<br />
It usually occurs when an unused sound device is used as default for ALSA. See [[Advanced Linux Sound Architecture#Set the default sound card]].<br />
<br />
== Missing libc ==<br />
<br />
Verify that {{Pkg|lib32-glibc}} is installed.<br />
<br />
This could also be due to a corrupt Steam executable. Check the output of:<br />
<br />
$ ldd ~/.local/share/Steam/ubuntu12_32/steam<br />
<br />
Should {{ic|ldd}} claim that it is not a dynamic executable, then Steam likely corrupted the binary during an update. The following should fix the issue:<br />
<br />
$ cd ~/.local/share/Steam/<br />
$ ./steam.sh --reset<br />
<br />
If it doesn't, try to delete the {{ic|~/.local/share/Steam/}} directory and launch steam again, telling it to reinstall itself.<br />
<br />
This error message can also occur due to a bug in steam which occurs when your {{ic|$HOME}} directory ends in a slash (Valve GitHub [https://github.com/ValveSoftware/steam-for-linux/issues/3730 issue 3730]). This can be fixed by editing {{ic|/etc/passwd}} and changing {{ic|/home/<username>/}} to {{ic|home/<username>}}, then logging out and in again. Afterwards, steam should repair itself automatically.<br />
<br />
== Missing libGL ==<br />
<br />
You may encounter this error when you launch Steam at first time.<br />
<br />
You are missing the following 32-bit libraries, and Steam may not run: libGL.so.1<br />
<br />
Make sure you have installed the {{ic|lib32}} version of all your video drivers as described in [[Xorg#Driver installation]].<br />
<br />
If you get this error after reinstalling your Nvidia proprietary drivers, or switching from a version to another, [[reinstall]] {{Pkg|lib32-nvidia-utils}} and {{Pkg|lib32-nvidia-libgl}}.<br />
<br />
== Games do not launch on older intel hardware ==<br />
<br />
On older Intel hardware, if the game immediately crashes when run, it may be because your hardware does not directly support the latest OpenGL. It appears as a gameoverlayrenderer.so error in /tmp/dumps/mobile_stdout.txt, but looking in /tmp/gameoverlayrenderer.log it shows a GLXBadFBConfig error. <br />
<br />
This can be fixed, however, by forcing the game to use a later version of OpenGL than it wants. Right click on the game, select Properties. Then, click "Set Launch Options" in the "General" tab and paste the following:<br />
<br />
MESA_GL_VERSION_OVERRIDE=3.1 MESA_GLSL_VERSION_OVERRIDE=140 %command%<br />
<br />
== 2k games do not run on xfs partitions ==<br />
<br />
{{Expansion|Seems to be a general issue, e.g. [https://github.com/ValveSoftware/Source-1-Games/issues/1685]}}<br />
<br />
If you are running 2k games such as Civilization 5 on xfs partitions, then the game may not start or run properly due to how the game loads files as it starts.<br />
[https://bbs.archlinux.org/viewtopic.php?id=185222]<br />
<br />
== Unable to add library folder because of missing execute permissions ==<br />
<br />
If you add another steam library folder on another drive, you might receive the error message ''"New Steam library folder must be on a filesystem mounted with execute permissions"''.<br />
<br />
Make sure you are mounting the filesystem with the correct flags in your {{ic|/etc/fstab}}, usually by adding {{ic|exec}} to the list of mount parameter. The parameter must occur after any {{ic|user}} or {{ic|users}} parameter since these can imply {{ic|noexec}}.<br />
<br />
This error might also occur if you are readding a library folder and Steam is unable to find a contained {{ic|steamapps}} folder. Previous versions used {{ic|SteamApps}} instead, so ensure the name is fully lowercase.<br />
<br />
This error can also occur because of steam runtime issues and may be fixed following the [[#Dynamic linker]] section.<br />
<br />
== Steam controller not being detected correctly ==<br />
<br />
See [[Gamepad#Steam Controller]].<br />
<br />
== VERSION_ID: unbound variable ==<br />
<br />
In Steam's output, you may see the following line:<br />
/home/user/.local/share/Steam/steam.sh: line 161: VERSION_ID: unbound variable<br />
This is because steam.sh parses {{ic|/etc/os-release}} and expects a VERSION_ID which Arch does not have.<br />
This error is unimportant but you can fix it by adding the following line to {{ic|/etc/os-release}}:<br />
VERSION_ID="2015.11.01"<br />
<br />
== Steam hangs on "Installing breakpad exception handler..." ==<br />
<br />
[https://bbs.archlinux.org/viewtopic.php?id=177245 BBS#177245]<br />
<br />
Steam has the following output:<br />
<br />
Running Steam on arch rolling 64-bit<br />
STEAM_RUNTIME is enabled automatically<br />
Installing breakpad exception handler for appid(steam)/version(0_client)<br />
<br />
Then nothing else happens. This is likely related to mis-matched {{ic|lib32-nvidia-*}} packages.<br />
<br />
== 'GLBCXX_3.X.XX' not found when using Bumblebee ==<br />
<br />
This error is likely caused because Steam packages its own out of date {{ic|libstdc++.so.6}}. See [[#Steam runtime issues]] about working around the bad library. See also GitHub [https://github.com/ValveSoftware/steam-for-linux/issues/3773 issue 3773].<br />
<br />
== Prevent Memory Dumps Consuming RAM ==<br />
<br />
Every time steam crashes, it writes a memory dump to '''/tmp/dumps/'''. If Steam falls into a crash loop, and it often does, the dump files can start consuming considerable space. Since '''/tmp''' on Arch is mounted as tmpfs, memory and swap file can be consumed needlessly. To prevent this, you can make a symbolic link to '''/dev/null''' or create and modify permissions on '''/tmp/dumps'''. Then Steam will be unable to write dump files to the directory. This also has the added benefit of Steam not uploading these dumps to Valve's servers.<br />
<br />
# ln -s /dev/null /tmp/dumps<br />
<br />
or<br />
<br />
# mkdir /tmp/dumps<br />
# chmod 600 /tmp/dumps<br />
<br />
== Killing standalone compositors when launching games ==<br />
<br />
Further to this, utilising the {{ic|%command%}} switch, you can kill standalone compositors (such as Xcompmgr or [[Compton]]) - which can cause lag and tearing in some games on some systems - and relaunch them after the game ends by adding the following to your game's launch options.<br />
<br />
killall compton && %command%; compton -b &<br />
<br />
Replace {{ic|compton}} in the above command with whatever your compositor is. You can also add -options to {{ic|%command%}} or {{ic|compton}}, of course.<br />
<br />
Steam will latch on to any processes launched after {{ic|%command%}} and your Steam status will show as in game. So in this example, we run the compositor through {{ic|nohup}} so it is not attached to Steam (it will keep running if you close Steam) and follow it with an ampersand so that the line of commands ends, clearing your Steam status.<br />
<br />
== In Home Streaming does not work from archlinux host to archlinux guest ==<br />
<br />
Chances are you are missing {{Pkg|lib32-libcanberra}}. Once you [[install]] that, it should work as expected.<br />
<br />
With that, steam should no longer crash when trying to launch a game through in home streaming.</div>
Anthraxx
https://wiki.archlinux.org/index.php?title=CVE&diff=452435
CVE
2016-09-30T12:27:20Z
<p>Anthraxx: /* Documented CVE's */ adding wordpress issues</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Related articles start}}<br />
{{Related|Arch CVE Monitoring Team}}<br />
{{Related|Security Advisories}}<br />
{{Related|Security Advisories/Examples}}<br />
{{Related articles end}}<br />
This article documents [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's) that are found and fixed in Arch Linux. <br />
<br />
== Introduction ==<br />
<br />
CVE's represent critical security vulnerabilities which must be addressed as quickly as possible. <br />
<br />
Once a CVE has been located and fixed, it is added to the CVE documentation table below.<br />
<br />
== Helping ==<br />
<br />
This is a community driven project. Please consider joining the [[Arch CVE Monitoring Team]]. <br />
<br />
Also, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch security mailing list]. There is an IRC on irc://irc.freenode.net/archlinux-security.<br />
<br />
== Procedure ==<br />
<br />
When adding a CVE to the table, add it to the TOP of the table. Use Wiki markup to create links in the "CVE-ID", "Package", and "Status" columns. The following template may be used to ease the process of adding CVE entries into the table. The first line, "|-" represents the creation of a new row in the table, while the second line should be modified per CVE:<br />
<br />
{{hc|CVE Table Addition Template|<nowiki><br />
|-<br />
| {{CVE|CVE-2016-????}} || {{Pkg|pkgname}} || Disclosure date || Affected versions || Fixed in version || Arch Linux response time || Status(Fixed|Pending|Invalid) (Bug reports) || {{ASA|ASA-??????-??}}<br />
</nowiki>}}<br />
<br />
{{Note|<br />
* If the CVE is not found in [http://nvd.nist.gov/home.cfm NVD], just include a link to different database in the first column: {{ic|<nowiki>[http://link.to.cve CVE-2014-????]</nowiki>}}<br />
* The "Disclosure date" field should be expressed in [[Wikipedia:ISO 8601|ISO 8601 format]] to avoid any confusion. Example: 2014-03-22.<br />
* The "Arch Linux response time" field corresponds to the time between the public release of a vulnerability and the date the package update fixing the vulnerability is made available in the official stable repositories. The "Time really vulnerable" is potentially much lengthier but is harder to estimate.<br />
}}<br />
<br />
The above "CVE-template" should be added after the line:<br />
<br />
{{bc|<nowiki>! scope="col" width="125px" data-sort-type="text" | CVE-ID !! Package !! Disclosure date !! Affected versions !! Fixed in version !! Arch Linux response time !! Status (and related bug reports) !! ASA-ID</nowiki>}}<br />
<br />
== Response time ==<br />
<br />
The response time is the time taken to get a fixed package to the stable repositories.<br />
<br />
== Documented CVE's ==<br />
<br />
{{Note|Refer to the [[#Procedure]] section when adding new entries.}}<br />
<br />
{| class="wikitable sortable" style="margin: 1em auto 1em auto; text-align: center;" width="100%"<br />
! height="50px" colspan="8" style="font-size: 125%;"| '''TRACKED CVE's'''<br />
|-<br />
! scope="col" width="130px" data-sort-type="text" | CVE-ID !! Package !! Disclosure date !! Affected versions !! Fixed in Arch Linux package version !! Arch Linux response time !! Status (and related bug reports) !! ASA-ID<br />
|- <br />
| {{CVE|CVE-2016-7168}} {{CVE|CVE-2016-7169}} [https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/] || {{pkg|wordpress}} || 2016-09-29 || <= 4.6.0-1 || 4.6.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000728.html ASA-201609-32]<br />
|- <br />
| {{CVE|CVE-2016-5180}} [https://c-ares.haxx.se/adv_20160929.html] || {{pkg|c-ares}} || 2016-09-29 || <= 1.11.0-1 || 1.12.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000727.html ASA-201609-31]<br />
|- <br />
| {{CVE|CVE-2016-2776}} [https://kb.isc.org/article/AA-01419/0] || {{pkg|bind}} || 2016-07-27 || <= 9.10.4.P2-1 || 9.10.4.P3-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000725.html ASA-201607-29]<br />
|-<br />
| {{CVE|CVE-2016-7052}} [https://www.openssl.org/news/secadv/20160926.txt] || {{pkg|lib32-openssl}} || 2016-09-26 || <= 1:1.0.2.i-1 || 1:1.0.2.j-1 || || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000724.html ASA-201609-28]<br />
|- <br />
| {{CVE|CVE-2016-7052}} [https://www.openssl.org/news/secadv/20160926.txt] || {{pkg|openssl}} || 2016-09-26 || <= 1.0.2.i-1 || 1.0.2.j-1 || || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000726.html ASA-201609-30]<br />
|- <br />
| {{CVE|CVE-2016-6309}} [https://www.openssl.org/news/secadv/20160926.txt] || {{pkg|lib32-openssl}} || 2016-09-26 || <= 1:1.0.2.i-1 || || || Not Affected || None<br />
|- <br />
| {{CVE|CVE-2016-6309}} [https://www.openssl.org/news/secadv/20160926.txt] || {{pkg|openssl}} || 2016-09-26 || <= 1.0.2.i-1 || || || Not Affected || None<br />
|- <br />
| {{CVE|CVE-2016-2177}} {{CVE|CVE-2016-2178}} {{CVE|CVE-2016-2179}} {{CVE|CVE-2016-2180}} {{CVE|CVE-2016-2181}} {{CVE|CVE-2016-2182}} {{CVE|CVE-2016-2183}} {{CVE|CVE-2016-6302}} {{CVE|CVE-2016-6303}} {{CVE|CVE-2016-6304}} {{CVE|CVE-2016-6306}} [http://eprint.iacr.org/2016/594] [https://www.openssl.org/news/secadv/20160922.txt] || {{pkg|openssl}} || 2016-09-22 || <= 1.0.2.h-1 || 1.0.2.i-1 || <1d || Fixed ({{bug|49616}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000719.html ASA-201609-23]<br />
|- <br />
| {{CVE|CVE-2016-2177}} {{CVE|CVE-2016-2178}} {{CVE|CVE-2016-2179}} {{CVE|CVE-2016-2180}} {{CVE|CVE-2016-2181}} {{CVE|CVE-2016-2182}} {{CVE|CVE-2016-2183}} {{CVE|CVE-2016-6302}} {{CVE|CVE-2016-6303}} {{CVE|CVE-2016-6304}} {{CVE|CVE-2016-6306}} [http://eprint.iacr.org/2016/594] [https://www.openssl.org/news/secadv/20160922.txt] || {{pkg|lib32-openssl}} || 2016-09-22 || <= 1:1.0.2.h-1 || 1:1.0.2.i-1 || <1d || Fixed ({{bug|49616}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000720.html ASA-201609-24]<br />
|- <br />
| {{CVE|CVE-2016-7044}} {{CVE|CVE-2016-7045}} [https://irssi.org/security/irssi_sa_2016.txt] || {{pkg|irssi}} || 2016-09-21 || <= 0.8.19-2 || 0.8.20-1 || || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000716.html ASA-201609-20]<br />
|- <br />
| {{CVE|CVE-2016-5270}} {{CVE|CVE-2016-5271}} {{CVE|CVE-2016-5272}} {{CVE|CVE-2016-5273}} {{CVE|CVE-2016-5276}} {{CVE|CVE-2016-5274}} {{CVE|CVE-2016-5277}} {{CVE|CVE-2016-5275}} {{CVE|CVE-2016-5278}} {{CVE|CVE-2016-5279}} {{CVE|CVE-2016-5280}} {{CVE|CVE-2016-5281}} {{CVE|CVE-2016-5282}} {{CVE|CVE-2016-5283}} {{CVE|CVE-2016-5284}} {{CVE|CVE-2016-5256}} {{CVE|CVE-2016-5257}} [https://www.mozilla.org/en-US/security/advisories/mfsa2016-85/] || {{pkg|firefox}} || 2016-09-13 || <= 48.0.2-1 || 49.0-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000718.html ASA-201609-22]<br />
|- <br />
| {{CVE|CVE-2016-5388}} || {{pkg|tomcat7}} || 2016-09-18 || <= 7.0.70-1 || 7.0.72-1 || || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000717.html ASA-201609-21]<br />
|- <br />
| {{CVE|CVE-2016-7420}} [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7420] || {{pkg|crypto++}} || 2016-09-18 || <= 5.6.4-2 || || || '''Vulnerable''' || <br />
|- <br />
| {{CVE|CVE-2016-7444}} [http://seclists.org/oss-sec/2016/q3/545] [https://www.gnutls.org/security.html#GNUTLS-SA-2016-3] || {{pkg|gnutls}} || 2016-09-08 || <= 3.4.14-1 || 3.4.15-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000721.html ASA-201609-25]<br />
|- <br />
| {{CVE|CVE-2016-7444}} [http://seclists.org/oss-sec/2016/q3/545] [https://www.gnutls.org/security.html#GNUTLS-SA-2016-3] || {{pkg|lib32-gnutls}} || 2016-09-08 || <= 3.4.14-1 || 3.4.15-1 || 13d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000722.html ASA-201609-26]<br />
|- <br />
| {{CVE|CVE-2016-5170}} {{CVE|CVE-2016-5171}} {{CVE|CVE-2016-5172}} {{CVE|CVE-2016-5173}} {{CVE|CVE-2016-5174}} {{CVE|CVE-2016-5175}} [https://googlechromereleases.blogspot.fr/2016/09/stable-channel-update-for-desktop_13.html] || {{pkg|chromium}} || 2016-09-13 || <= 53.0.2785.101-1 || 53.0.2785.116-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000709.html ASA-201609-13]<br />
|- <br />
| {{CVE|CVE-2016-7412}} {{CVE|CVE-2016-7413}} {{CVE|CVE-2016-7414}} {{CVE|CVE-2016-7416}} {{CVE|CVE-2016-7417}} {{CVE|CVE-2016-7418}} [http://www.openwall.com/lists/oss-security/2016/09/15/10] || {{pkg|php}} || 2016-09-15 || <= 7.0.10-1 || 7.0.11-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000712.html ASA-201609-16]<br />
|- <br />
| {{CVE|CVE-2016-6352}} [https://bugzilla.redhat.com/show_bug.cgi?id=1349751] || {{pkg|lib32-gdk-pixbuf2}} || 2016-08-31 || <= 2.34.0-1 || || || '''Vulnerable''' ||<br />
|- <br />
| {{CVE|CVE-2016-6352}} [https://bugzilla.redhat.com/show_bug.cgi?id=1349751] || {{pkg|gdk-pixbuf2}} || 2016-08-31 || <= 2.34.0-2 || || || '''Vulnerable''' ||<br />
|- <br />
| {{CVE|CVE-2016-7167}} [https://curl.haxx.se/docs/adv_20160914.html] || {{pkg|curl}} || 2016-09-14 || <= 7.50.2-1 || 7.50.3-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000715.html ASA-201609-19]<br />
|- <br />
| {{CVE|CVE-2016-7167}} [https://curl.haxx.se/docs/adv_20160914.html] || {{pkg|lib32-curl}} || 2016-09-14 || <= 7.50.0-1 || 7.50.3-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000714.html ASA-201609-18]<br />
|- <br />
| {{CVE|CVE-2016-4271}} {{CVE|CVE-2016-4272}} {{CVE|CVE-2016-4274}} {{CVE|CVE-2016-4275}} {{CVE|CVE-2016-4276}} {{CVE|CVE-2016-4277}} {{CVE|CVE-2016-4278}} {{CVE|CVE-2016-4279}} {{CVE|CVE-2016-4280}} {{CVE|CVE-2016-4281}} {{CVE|CVE-2016-4282}} {{CVE|CVE-2016-4283}} {{CVE|CVE-2016-4284}} {{CVE|CVE-2016-4285}} {{CVE|CVE-2016-4287}} {{CVE|CVE-2016-6921}} {{CVE|CVE-2016-6922}} {{CVE|CVE-2016-6923}} {{CVE|CVE-2016-6924}} {{CVE|CVE-2016-6925}} {{CVE|CVE-2016-6926}} {{CVE|CVE-2016-6927}} {{CVE|CVE-2016-6929}} {{CVE|CVE-2016-6930}} {{CVE|CVE-2016-6931}} {{CVE|CVE-2016-6932}} [https://helpx.adobe.com/security/products/flash-player/apsb16-29.html] || {{pkg|flashplugin}} {{pkg|lib32-flashplugin}} || 2016-09-13 || <= 11.2.202.632-1 || 11.2.202.635-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000707.html ASA-201609-11] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000708.html ASA-201609-12]<br />
|- <br />
| {{CVE|CVE-2016-6662}} {{CVE|CVE-2016-6663}} [https://mariadb.org/mariadb-server-versions-remote-root-code-execution-vulnerability-cve-2016-6662/] [https://jira.mariadb.org/browse/MDEV-10465] [http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html] || {{Pkg|mariadb}} || 2016-09-13 || <= 10.1.16-2 || 10.1.17-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000706.html ASA-201609-10]<br />
|-<br />
| {{CVE|CVE-2016-7180}} {{CVE|CVE-2016-7175}} {{CVE|CVE-2016-7176}} {{CVE|CVE-2016-7177}} {{CVE|CVE-2016-7178}} {{CVE|CVE-2016-7179}} [https://www.wireshark.org/security/wnpa-sec-2016-50.html] [https://www.wireshark.org/security/wnpa-sec-2016-51.html] [https://www.wireshark.org/security/wnpa-sec-2016-52.html] [https://www.wireshark.org/security/wnpa-sec-2016-53.html] [https://www.wireshark.org/security/wnpa-sec-2016-54.html] [https://www.wireshark.org/security/wnpa-sec-2016-55.html] || {{pkg|wireshark-cli}} || 2016-09-09 || <= 2.0.5-1 || 2.2.0-1 || 15d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000723.html ASA-201609-27]<br />
|- <br />
| {{CVE|CVE-2016-5388}} [https://www.apache.org/security/asf-httpoxy-response.txt] || {{pkg|tomcat8}} || 2016-07-18 || <= 8.0.36-1 || 8.0.37-1 || 52d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000703.html ASA-201609-7] <br />
|-<br />
| {{CVE|CVE-2016-7164}} [http://ftp.gnome.org/mirror/gnome.org/sources/file-roller/3.20/file-roller-3.20.3.news] || {{pkg|file-roller}} || 2016-09-08 || <= 3.20.2-1 || 3.20.3-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000701.html ASA-201609-5]<br />
|-<br />
| {{CVE|CVE-2016-5426}} {{CVE|CVE-2016-5427}} [http://seclists.org/oss-sec/2016/q3/464] [https://doc.powerdns.com/md/security/powerdns-advisory-2016-01/] || {{pkg|powerdns}} || 2016-09-08 || 3.4.9-1 || 4.0.1-3 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000705.html ASA-201609-9]<br />
|-<br />
| {{CVE|CVE-2016-7164}} [http://seclists.org/oss-sec/2016/q3/443] || {{pkg|libtorrent-rasterbar}} || 2016-09-08 || <= 1:1.1-3 || 1:1.1.1-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000704.html ASA-201609-8]<br />
|-<br />
| {{CVE|CVE-2016-7141}} [https://curl.haxx.se/docs/adv_20160907.html] || {{pkg|curl}} || 2016-09-07 || N/A || N/A || - || Not Affected || None<br />
|-<br />
| {{CVE|CVE-2016-2835}} {{CVE|CVE-2016-2836}} [https://www.mozilla.org/en-US/security/advisories/mfsa2016-62/] || {{pkg|thunderbird}} || 2016-08-30 || <= 45.2.0-2 || 45.3.0-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000699.html ASA-201609-3]<br />
|-<br />
| {{CVE|CVE-2016-7134}} {{CVE|CVE-2016-7133}} {{CVE|CVE-2016-7132}} {{CVE|CVE-2016-7131}} {{CVE|CVE-2016-7130}} {{CVE|CVE-2016-7129}} {{CVE|CVE-2016-7128}} {{CVE|CVE-2016-7127}} {{CVE|CVE-2016-7126}} {{CVE|CVE-2016-7125}} {{CVE|CVE-2016-7124}} [http://www.openwall.com/lists/oss-security/2016/09/02/9] || {{pkg|php}} || 2016-09-03 || <= 7.0.10-1 || 7.0.11-1 || || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-5147}} {{CVE|CVE-2016-5148}} {{CVE|CVE-2016-5149}} {{CVE|CVE-2016-5150}} {{CVE|CVE-2016-5151}} {{CVE|CVE-2016-5152}} {{CVE|CVE-2016-5153}} {{CVE|CVE-2016-5154}} {{CVE|CVE-2016-5155}} {{CVE|CVE-2016-5156}} {{CVE|CVE-2016-5157}} {{CVE|CVE-2016-5158}} {{CVE|CVE-2016-5159}} {{CVE|CVE-2016-5160}} {{CVE|CVE-2016-5161}} {{CVE|CVE-2016-5162}} {{CVE|CVE-2016-5163}} {{CVE|CVE-2016-5164}} {{CVE|CVE-2016-5165}} {{CVE|CVE-2016-5166}} {{CVE|CVE-2016-5167}} [https://googlechromereleases.blogspot.fr/2016/08/stable-channel-update-for-desktop_31.html] || {{pkg|chromium}} || 2016-08-31 || <= 52.0.2743.116-1 || 53.0.2785.89-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000697.html ASA-201609-1]<br />
|-<br />
| {{CVE|CVE-2016-6525}} [http://bugs.ghostscript.com/show_bug.cgi?id=696954] || {{Pkg|mupdf}} || 2016-07-19 || <= 1.9a-4 || 1.9a-5 || 1d || Fixed ([https://bugs.archlinux.org/task/50590 FS#50590 ]) || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000696.html ASA-201608-22] <br />
|-<br />
| {{CVE|CVE-2016-6265}} [http://bugs.ghostscript.com/show_bug.cgi?id=696941] || {{Pkg|mupdf}} || 2016-07-19 || <= 1.9a-3 || 1.9a-4 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000695.html ASA-201608-21] <br />
|-<br />
| {{CVE|CVE-2016-4590}} {{CVE|CVE-2016-4591}} {{CVE|CVE-2016-4622}} {{CVE|CVE-2016-4624}} [https://webkitgtk.org/2016/08/24/webkitgtk2.12.4-released.html] [https://webkitgtk.org/security/WSA-2016-0005.html] || {{pkg|webkit2gtk}} || 2016-08-24 || <= 2.12.3-1 || 2.12.4-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000698.html ASA-201609-2]<br />
|-<br />
| {{CVE|CVE-2016-6331}} {{CVE|CVE-2016-6332}} {{CVE|CVE-2016-6333}} {{CVE|CVE-2016-6334}} {{CVE|CVE-2016-6335}} {{CVE|CVE-2016-6336}} {{CVE|CVE-2016-6337}} [https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html] || {{pkg|mediawiki}} || 2016-08-23 || <= 1.27.0-1 || 1.27.1-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000693.html ASA-201608-19] <br />
|-<br />
| {{CVE|CVE-2016-6313}} [https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html] || {{pkg|lib32-libgcrypt}} || 2016-08-17 || <= 1.7.2-1 || 1.7.3-1 || 31d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000710.html ASA-201609-14]<br />
|-<br />
| {{CVE|CVE-2016-6313}} [https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html] || {{pkg|libgcrypt}} || 2016-08-17 || <= 1.7.2-1 || 1.7.3-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000692.html ASA-201608-18]<br />
|-<br />
| {{CVE|CVE-2016-5423}} {{CVE|CVE-2016-5424}} [https://www.postgresql.org/about/news/1688/] || {{pkg|postgresql}} {{pkg|postgresql-libs}} || 2016-08-11 || <= 9.5.3-1 || 9.5.4-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000688.html ASA-201608-14]<br />
|-<br />
| {{CVE|CVE-2016-5696}} [http://seclists.org/oss-sec/2016/q3/44] [https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=75ff39ccc1bd5d3c455b6822ab09e533c551f758] || {{pkg|linux}} || 2016-07-12 || <= 4.6.4-1 || 4.7-1 || 31d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000686.html ASA-201608-12]<br />
|-<br />
| {{CVE|CVE-2016-5696}} [http://seclists.org/oss-sec/2016/q3/44] [https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=75ff39ccc1bd5d3c455b6822ab09e533c551f758] || {{pkg|linux-grsec}} || 2016-07-12 || <= 4.6.5.201607312210-1 || 4.7.201608131240-1 || 33d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000687.html ASA-201608-13]<br />
|-<br />
| {{CVE|CVE-2016-5696}} [http://seclists.org/oss-sec/2016/q3/44] [https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=75ff39ccc1bd5d3c455b6822ab09e533c551f758] || {{pkg|linux-lts}} || 2016-07-12 || <= 4.4.16-1 || 4.4.19-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000691.html ASA-201608-17]<br />
|-<br />
| {{CVE|CVE-2016-5696}} [http://seclists.org/oss-sec/2016/q3/44] [https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=75ff39ccc1bd5d3c455b6822ab09e533c551f758] || {{pkg|linux-zen}} || 2016-07-12 || <= 4.6.5-1 || 4.7-1 || 35d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000689.html ASA-201608-15]<br />
|-<br />
| {{CVE|CVE-2016-5139}} {{CVE|CVE-2016-5140}} {{CVE|CVE-2016-5141}} {{CVE|CVE-2016-5142}} {{CVE|CVE-2016-5143}} {{CVE|CVE-2016-5144}} {{CVE|CVE-2016-5145}} {{CVE|CVE-2016-5146}} [https://googlechromereleases.blogspot.fr/2016/08/stable-channel-update-for-desktop.html] || {{pkg|chromium}} || 2016-08-03 || <= 52.0.2743.85-2 || 52.0.2743.116-1 || 14d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000690.html ASA-201608-16]<br />
|-<br />
| {{CVE|CVE-2016-6255}} || {{pkg|libupnp}} || 2016-08-08 || <= 1.6.19-1 || 1.6.20-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000682.html ASA-201608-8]<br />
|-<br />
| {{CVE|CVE-2016-3075}} {{CVE|CVE-2016-5417}} [https://sourceware.org/bugzilla/show_bug.cgi?id=19879] [https://sourceware.org/bugzilla/show_bug.cgi?id=19257] || {{pkg|glibc}} {{pkg|lib32-glibc}} || 2016-08-02 || <= 2.23-5 || 2.24-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000680.html ASA-201608-6] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000681.html ASA-201608-7]<br />
|-<br />
| {{CVE|CVE-2016-3458}} {{CVE|CVE-2016-3500}} {{CVE|CVE-2016-3508}} {{CVE|CVE-2016-3550}} {{CVE|CVE-2016-3598}} {{CVE|CVE-2016-3606}} {{CVE|CVE-2016-3610}} [http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2016-July/036560.html] || {{pkg|jdk7-openjdk}} {{pkg|jre7-openjdk}} {{pkg|jre7-openjdk-headless}} || 2016-07-29 || <= 7.u101_2.6.6 || 7.u111_2.6.7 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000677.html ASA-201608-3] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000678.html ASA-201608-4] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000679.html ASA-201608-5]<br />
|-<br />
| {{CVE|CVE-2016-0718}} {{CVE|CVE-2016-2830}} {{CVE|CVE-2016-2835}} {{CVE|CVE-2016-2836}} {{CVE|CVE-2016-2837}} {{CVE|CVE-2016-2838}} {{CVE|CVE-2016-2839}} {{CVE|CVE-2016-5250}} {{CVE|CVE-2016-5251}} {{CVE|CVE-2016-5252}} {{CVE|CVE-2016-5254}} {{CVE|CVE-2016-5255}} {{CVE|CVE-2016-5258}} {{CVE|CVE-2016-5259}} {{CVE|CVE-2016-5260}} {{CVE|CVE-2016-5261}} {{CVE|CVE-2016-5262}} {{CVE|CVE-2016-5263}} {{CVE|CVE-2016-5264}} {{CVE|CVE-2016-5265}} {{CVE|CVE-2016-5266}} {{CVE|CVE-2016-5268}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox48] || {{pkg|firefox}} || 2016-08-02 || <= 47.0.1-1 || 48.0-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000676.html ASA-201608-2]<br />
|-<br />
| {{CVE|CVE-2016-5419}} {{CVE|CVE-2016-5420}} {{CVE|CVE-2016-5421}} [https://curl.haxx.se/docs/adv_20160803A.html] [https://curl.haxx.se/docs/adv_20160803B.html] [https://curl.haxx.se/docs/adv_20160803C.html] || {{pkg|curl}} || 2016-08-03 || <= 7.50.0-1 || 7.50.1-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000683.html ASA-201608-9]<br />
|-<br />
| {{CVE|CVE-2016-6210}} [http://www.openssh.com/txt/release-7.3] [http://seclists.org/fulldisclosure/2016/Jul/51] || {{pkg|openssh}} || 2016-07-14 || <= 7.2p2-2 || 7.3p1-1 || 16d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000675.html ASA-201608-1]<br />
|-<br />
| {{CVE|CVE-2016-6503}} {CVE|CVE-2016-6504}} {{CVE|CVE-2016-6507}} [http://seclists.org/oss-sec/2016/q3/217] [[http://www.wireshark.org/security/wnpa-sec-2016-39.html] [http://www.wireshark.org/security/wnpa-sec-2016-40.html] [http://www.wireshark.org/security/wnpa-sec-2016-43.html] || {{pkg|wireshark-cli}} || 2016-07-28 || <= 2.0.4-1 || - || - || Not Affected || None<br />
|-<br />
| {{CVE|CVE-2016-6505}} {{CVE|CVE-2016-6506}} {{CVE|CVE-2016-6508}} {{CVE|CVE-2016-6509}} {{CVE|CVE-2016-6510}} {{CVE|CVE-2016-6511}} {{CVE|CVE-2016-6512}} {{CVE|CVE-2016-6513}} [http://seclists.org/oss-sec/2016/q3/217] [http://www.wireshark.org/security/wnpa-sec-2016-41.html] [http://www.wireshark.org/security/wnpa-sec-2016-42.html] [http://www.wireshark.org/security/wnpa-sec-2016-44.html] [http://www.wireshark.org/security/wnpa-sec-2016-45.html] [http://www.wireshark.org/security/wnpa-sec-2016-46.html] [http://www.wireshark.org/security/wnpa-sec-2016-47.html] [http://www.wireshark.org/security/wnpa-sec-2016-48.html] [http://www.wireshark.org/security/wnpa-sec-2016-49.html] || {{pkg|wireshark-cli}} || 2016-07-28 || <= 2.0.4-1 || 2.0.5-1 || 26d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000694.html ASA-201608-20]<br />
|-<br />
| {{CVE|CVE-2016-6491}} [http://seclists.org/oss-sec/2016/q3/194] [http://git.imagemagick.org/repos/ImageMagick/commit/5cb6c1acd3e3b12f9260daf207db432df7f792c2] || {{pkg|imagemagick}} || 2016-07-27 || <= 6.9.5.2-1 || 6.9.5.3-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000673.html ASA-201607-13]<br />
|-<br />
| {{CVE|CVE-2015-8948}} {{CVE|CVE-2016-6261}} {{CVE|CVE-2016-6262}} {{CVE|CVE-2016-6263}} || {{Pkg|libidn}} || 2016-07-20 || <= 1.32-1 || 1.33-1 || 10d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000674.html ASA-201607-14]<br />
|-<br />
| {{CVE|CVE-2016-6186}} || {{Pkg|python-django}} {{Pkg|python2-django}}|| 2016-07-18 || <= 1.9.8-1 || 1.9.8-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000670.html ASA-201607-10] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000671.html ASA-201607-11]<br />
|-<br />
| {{CVE|CVE-2016-1705}} {{CVE|CVE-2016-1706}} {{CVE|CVE-2016-1708}} {{CVE|CVE-2016-1709}} {{CVE|CVE-2016-1710}} {{CVE|CVE-2016-1711}} {{CVE|CVE-2016-5127}} {{CVE|CVE-2016-5128}} {{CVE|CVE-2016-5129}} {{CVE|CVE-2016-5130}} {{CVE|CVE-2016-5131}} {{CVE|CVE-2016-5132}} {{CVE|CVE-2016-5133}} {{CVE|CVE-2016-5134}} {{CVE|CVE-2016-5135}} {{CVE|CVE-2016-5136}} {{CVE|CVE-2016-5137}} [https://googlechromereleases.blogspot.fr/2016/07/stable-channel-update.html] || {{pkg|chromium}} || 2016-07-20 || <= 51.0.2704.106-1 || 52.0.2743.82-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000672.html ASA-201607-12]<br />
|-<br />
| {{CVE|CVE-2016-5385}} [https://www.drupal.org/SA-CORE-2016-003] || {{pkg|drupal}} || 2016-07-18 || <= 8.1.6-1 || 8.1.7-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000669.html ASA-201607-9]<br />
|-<br />
| {{CVE|CVE-2016-2775}} [https://kb.isc.org/article/AA-01393/74/CVE-2016-2775] || {{pkg|bind}} || 2016-07-19 || <= 9.10.4.P1-2 || 9.10.4.P2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000668.html ASA-201607-8]<br />
|-<br />
|{{CVE|CVE-2016-4173}} {{CVE|CVE-2016-4174}} {{CVE|CVE-2016-4175}} {{CVE|CVE-2016-4176}} {{CVE|CVE-2016-4177}} {{CVE|CVE-2016-4179}} {{CVE|CVE-2016-4180}} {{CVE|CVE-2016-4181}} {{CVE|CVE-2016-4182}} {{CVE|CVE-2016-4183}} {{CVE|CVE-2016-4184}} {{CVE|CVE-2016-4185}} {{CVE|CVE-2016-4186}} {{CVE|CVE-2016-4187}} {{CVE|CVE-2016-4188}} {{CVE|CVE-2016-4189}} {{CVE|CVE-2016-4190}} {{CVE|CVE-2016-4217}} {{CVE|CVE-2016-4218}} {{CVE|CVE-2016-4219}} {{CVE|CVE-2016-4220}} {{CVE|CVE-2016-4221}} {{CVE|CVE-2016-4222}} {{CVE|CVE-2016-4223}} {{CVE|CVE-2016-4224}} {{CVE|CVE-2016-4225}} {{CVE|CVE-2016-4226}} {{CVE|CVE-2016-4227}} {{CVE|CVE-2016-4228}} {{CVE|CVE-2016-4229}} {{CVE|CVE-2016-4230}} {{CVE|CVE-2016-4231}} {{CVE|CVE-2016-4232}} {{CVE|CVE-2016-4233}} {{CVE|CVE-2016-4234}} {{CVE|CVE-2016-4235}} {{CVE|CVE-2016-4236}} {{CVE|CVE-2016-4237}} {{CVE|CVE-2016-4238}} {{CVE|CVE-2016-4239}} {{CVE|CVE-2016-4240}} {{CVE|CVE-2016-4241}} {{CVE|CVE-2016-4242}} {{CVE|CVE-2016-4243}} {{CVE|CVE-2016-4244}} {{CVE|CVE-2016-4245}} {{CVE|CVE-2016-4246}} {{CVE|CVE-2016-4247}} {{CVE|CVE-2016-4248}} || {{pkg|flashplugin}} {{pkg|lib32-flashplugin}} || 2016-07-12 || <= 11.2.202.626-1 || 11.2.202.632-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000666.html ASA-201607-6] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000667.html ASA-201607-7]<br />
|-<br />
| {{CVE|CVE-2016-2815}} {{CVE|CVE-2016-2818}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird45.2] || {{pkg|thunderbird}} || 2016-06-30 || <= 45.1.1-2 || 45.2.0-1 || 10d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000664.html ASA-201607-4]<br />
|-<br />
| {{CVE|CVE-2016-4979}} [https://httpd.apache.org/security/vulnerabilities_24.html] || {{pkg|apache}} || 2016-07-05 || 2.4.18-2.4.20 || 2.4.23-1 || || Fixed ({{bug|49958}}) || None<br />
|-<br />
| {{CVE|CVE-2016-4994}} [https://bugzilla.gnome.org/show_bug.cgi?id=767873] || {{pkg|gimp}} || 2016-06-21 || <= 2.8.16-2 || 2.8.18-1 || 26d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000665.html ASA-201607-5]<br />
|-<br />
| {{CVE|CVE-2016-4472}} [https://bugzilla.redhat.com/show_bug.cgi?id=1344251] || {{pkg|expat}} || 2016-06-30 || <= 2.1.1-3 || 2.2.0-1 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-3189}} [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3189] || {{pkg|bzip2}} || 2016-06-30 || <= 1.0.6-5 || || || '''Vulnerable''' ||<br />
|-<br />
| {{CVE|CVE-2016-4463}} [http://seclists.org/bugtraq/2016/Jun/115] || {{pkg|xerces-c}} || 2016-06-29 || <= 3.1.3-2 || 3.1.4-1 || <3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000662.html ASA-201607-2]<br />
|-<br />
| {{CVE|CVE-2016-4324}} [http://www.talosintelligence.com/reports/TALOS-2016-0126/] || {{pkg|libreoffice-fresh}} || 2016-06-27 || <= 5.1.3-2 || 5.1.4-1 || <0d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000663.html ASA-201607-3]<br />
|-<br />
| {{CVE|CVE-2016-5701}} {{CVE|CVE-2016-5702}} {{CVE|CVE-2016-5703}} {{CVE|CVE-2016-5704}} {{CVE|CVE-2016-5705}} {{CVE|CVE-2016-5706}} {{CVE|CVE-2016-5730}} {{CVE|CVE-2016-5731}} {{CVE|CVE-2016-5732}} {{CVE|CVE-2016-5733}} {{CVE|CVE-2016-5734}} {{CVE|CVE-2016-5739}} [https://www.phpmyadmin.net/security/PMASA-2016-17/] [https://www.phpmyadmin.net/security/PMASA-2016-18/] [https://www.phpmyadmin.net/security/PMASA-2016-19/] [https://www.phpmyadmin.net/security/PMASA-2016-20/] [https://www.phpmyadmin.net/security/PMASA-2016-21/] [https://www.phpmyadmin.net/security/PMASA-2016-22/] [https://www.phpmyadmin.net/security/PMASA-2016-23/] [https://www.phpmyadmin.net/security/PMASA-2016-24/] [https://www.phpmyadmin.net/security/PMASA-2016-25/] [https://www.phpmyadmin.net/security/PMASA-2016-26/] [https://www.phpmyadmin.net/security/PMASA-2016-27/] [https://www.phpmyadmin.net/security/PMASA-2016-28/] || {{pkg|phpmyadmin}} || 2016-06-23 || <= 4.6.2-1 || 4.6.3-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000660.html ASA-201606-25]<br />
|-<br />
| {{CVE|CVE-2016-1704}} [https://googlechromereleases.blogspot.fr/2016/06/stable-channel-update_16.html] || {{pkg|chromium}} || 2016-01-16 || <= 51.0.2704.84-1 || 51.0.2704.103-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000655.html ASA-201606-20]<br />
|-<br />
| {{CVE|CVE-2016-2365}} {{CVE|CVE-2016-2366}} {{CVE|CVE-2016-2367}} {{CVE|CVE-2016-2368}} {{CVE|CVE-2016-2369}} {{CVE|CVE-2016-2370}} {{CVE|CVE-2016-2371}} {{CVE|CVE-2016-2372}} {{CVE|CVE-2016-2373}} {{CVE|CVE-2016-2374}} {{CVE|CVE-2016-2375}} {{CVE|CVE-2016-2376}} {{CVE|CVE-2016-2377}} {{CVE|CVE-2016-2378}} {{CVE|CVE-2016-2380}} {{CVE|CVE-2016-4323}} [http://blog.talosintel.com/2016/06/vulnerability-spotlight-pidgin.html] || {{pkg|libpurple}} || 2016-01-21 || <= 2.10.12-4 || 2.11.0-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000659.html ASA-201606-24]<br />
|-<br />
| {{CVE|CVE-2016-1541}} [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1541] || {{pkg|libarchive}} || 2016-01-17 || <= 3.1.2-8 || 3.2.0-1 || 47d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000661.html ASA-201607-1]<br />
|-<br />
| {{CVE|CVE-2016-5875}} {{CVE|CVE-2016-5314}} {{CVE|CVE-2016-5315}} {{CVE|CVE-2016-5316}} {{CVE|CVE-2016-5317}} {{CVE|CVE-2016-5320}} {{CVE|CVE-2016-5321}} {{CVE|CVE-2016-5322}} {{CVE|CVE-2016-5323}} {{CVE|CVE-2016-5102}} {{CVE|CVE-2016-3991}} {{CVE|CVE-2016-3990}} {{CVE|CVE-2016-3945}} {{CVE|CVE-2016-3658}} {{CVE|CVE-2016-3634}} {{CVE|CVE-2016-3633}} {{CVE|CVE-2016-3632}} {{CVE|CVE-2016-3631}} {{CVE|CVE-2016-3625}} {{CVE|CVE-2016-3624}} {{CVE|CVE-2016-3623}} {{CVE|CVE-2016-3622}} {{CVE|CVE-2016-3621}} {{CVE|CVE-2016-3620}} {{CVE|CVE-2016-3619}} {{CVE|CVE-2016-3186}} {{CVE|CVE-2015-8668}} {{CVE|CVE-2015-7313}} {{CVE|CVE-2014-8130}} {{CVE|CVE-2014-8127}} {{CVE|CVE-2010-2596}} {{CVE|CVE-2016-6223}} [http://www.openwall.com/lists/oss-security/2016/06/15/1] [http://www.openwall.com/lists/oss-security/2016/06/15/2] [http://www.openwall.com/lists/oss-security/2016/06/15/3] [http://www.openwall.com/lists/oss-security/2016/06/15/5] [http://www.openwall.com/lists/oss-security/2016/06/15/6] [http://www.openwall.com/lists/oss-security/2016/06/15/7] [http://www.openwall.com/lists/oss-security/2016/06/15/8] [http://www.openwall.com/lists/oss-security/2016/06/15/9] [https://security-tracker.debian.org/tracker/source-package/tiff] [http://www.openwall.com/lists/oss-security/2016/07/13/3] || {{pkg|libtiff}} || 2016-06-19 || <= 4.0.6-2 || || || '''Vulnerable''' ||<br />
|-<br />
| {{CVE|CVE-2016-4122}} {{CVE|CVE-2016-4123}} {{CVE|CVE-2016-4124}} {{CVE|CVE-2016-4125}} {{CVE|CVE-2016-4127}} {{CVE|CVE-2016-4128}} {{CVE|CVE-2016-4129}} {{CVE|CVE-2016-4130}} {{CVE|CVE-2016-4131}} {{CVE|CVE-2016-4132}} {{CVE|CVE-2016-4133}} {{CVE|CVE-2016-4134}} {{CVE|CVE-2016-4135}} {{CVE|CVE-2016-4136}} {{CVE|CVE-2016-4137}} {{CVE|CVE-2016-4138}} {{CVE|CVE-2016-4139}} {{CVE|CVE-2016-4140}} {{CVE|CVE-2016-4141}} {{CVE|CVE-2016-4142}} {{CVE|CVE-2016-4143}} {{CVE|CVE-2016-4144}} {{CVE|CVE-2016-4145}} {{CVE|CVE-2016-4146}} {{CVE|CVE-2016-4147}} {{CVE|CVE-2016-4148}} {{CVE|CVE-2016-4149}} {{CVE|CVE-2016-4150}} {{CVE|CVE-2016-4151}} {{CVE|CVE-2016-4152}} {{CVE|CVE-2016-4153}} {{CVE|CVE-2016-4154}} {{CVE|CVE-2016-4155}} {{CVE|CVE-2016-4156}} {{CVE|CVE-2016-4166}} {{CVE|CVE-2016-4171}} [https://helpx.adobe.com/security/products/flash-player/apsb16-18.html] || {{pkg|flashplugin}} {{pkg|lib32-flashplugin}} || 2016-06-16 || <= 11.2.202.621-1 || 11.2.202.626-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000650.html ASA-201606-15] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000653.html ASA-201606-18]<br />
|-<br />
| {{CVE|CVE-2016-4971}} [https://lists.gnu.org/archive/html/bug-wget/2016-06/msg00033.html] || {{pkg|wget}} || 2016-06-09 || <= 1.17.1-2 || 1.18-1 || 11d || Fixed ({{bug|49730}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000654.html ASA-201606-19]<br />
|-<br />
| {{CVE|CVE-2012-6702}} {{CVE|CVE-2016-5300}} || {{pkg|expat}} {{pkg|lib32-expat}} || 2016-06-07 || <= 2.1.1-2 || 2.1.1-3 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000648.html ASA-201606-13] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000649.html ASA-201606-14]<br />
|-<br />
| {{CVE|CVE-2016-5360}} [http://seclists.org/oss-sec/2016/q2/512] || {{pkg|haproxy}} || 2016-06-09 || <= 1.6.5-3 || 1.6.5-4 || 1d || Fixed ({{bug|49638}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000646.html ASA-201606-11]<br />
|-<br />
| {{CVE|CVE-2016-2815}} {{CVE|CVE-2016-2818}} {{CVE|CVE-2016-2819}} {{CVE|CVE-2016-2821}} {{CVE|CVE-2016-2822}} {{CVE|CVE-2016-2825}} {{CVE|CVE-2016-2828}} {{CVE|CVE-2016-2829}} {{CVE|CVE-2016-2831}} {{CVE|CVE-2016-2832}} {{CVE|CVE-2016-2833}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox47] || {{pkg|firefox}} || 2016-06-07 || <= 46.0.1-1 || 47.0-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000642.html ASA-201606-7]<br />
|-<br />
| {{CVE|CVE-2016-4456}} [https://marc.ttias.be/oss-security/2016-06/msg00043.php] [http://gnutls.org/security.html#GNUTLS-SA-2016-1] || {{pkg|gnutls}} {{pkg|lib32-gnutls}} || 2016-06-06 || <= 3.4.12-1 || 3.4.13-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000645.html ASA-201606-10] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000647.html ASA-201606-12]<br />
|-<br />
| {{CVE|CVE-2015-8899}} [http://www.openwall.com/lists/oss-security/2016/06/04/2] || {{pkg|dnsmasq}} || 2016-06-04 || <= 2.75-1 || 2.76-1 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-4953}} {{CVE|CVE-2016-4954}} {{CVE|CVE-2016-4955}} {{CVE|CVE-2016-4956}} {{CVE|CVE-2016-4957}} [http://support.ntp.org/bin/view/Main/SecurityNotice#June_2016_ntp_4_2_8p8_NTP_Securi] || {{pkg|ntp}} || 2016-06-02 || <= 4.2.8.p7-1 || 4.2.8.p8-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000639.html ASA-201606-4]<br />
|-<br />
| {{CVE|CVE-2016-4429}} [https://sourceware.org/bugzilla/show_bug.cgi?id=20112] || {{pkg|glibc}} {{pkg|lib32-glibc}} || 2016-05-18 || <= 2.23-4 || 2.23-5 || 25d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000651.html ASA-201606-16] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000652.html ASA-201606-17]<br />
|-<br />
| {{CVE|CVE-2016-5244}} {{CVE|CVE-2016-5243}} [http://www.openwall.com/lists/oss-security/2016/06/03/5] [http://www.openwall.com/lists/oss-security/2016/06/03/4] || {{pkg|linux}} || 2016-06-03 || <= 4.6.1 || || || Not Affected ||<br />
|-<br />
| {{CVE|CVE-2016-1696}} {{CVE|CVE-2016-1697}} {{CVE|CVE-2016-1698}} {{CVE|CVE-2016-1699}} {{CVE|CVE-2016-1700}} {{CVE|CVE-2016-1701}} {{CVE|CVE-2016-1702}} {{CVE|CVE-2016-1703}} [http://googlechromereleases.blogspot.fr/2016/06/stable-channel-update.html] || {{pkg|chromium}} || 2016-06-01 || <= 51.0.2704.63-1 || 51.0.2704.79-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000640.html ASA-201606-5]<br />
|-<br />
| {{CVE|CVE-2016-4450}} [http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html] [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4450] || {{pkg|nginx-mainline}} || 2016-05-31 || <= 1.11-1 || 1.11.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000637.html ASA-201606-2]<br />
|-<br />
| {{CVE|CVE-2016-4450}} [http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html] [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4450] || {{pkg|nginx}} || 2016-05-31 || <= 1.10-1 || 1.10.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000636.html ASA-201606-1]<br />
|-<br />
| {{CVE|CVE-2016-1857}} [http://webkitgtk.org/security/WSA-2016-0004.html] || {{pkg|webkit2gtk}} || 2016-05-30 || <= 2.12.2-1 || 2.12.3-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000638.html ASA-201606-3]<br />
|-<br />
| {{CVE|CVE-2016-5108}} [http://www.openwall.com/lists/oss-security/2016/05/27/7] || {{pkg|vlc}} || 2016-05-27 || <= 2.2.3-3 || 2.2.4-1 || 11d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000656.html ASA-201606-21]<br />
|-<br />
| {{CVE|CVE-2016-5104}} [http://www.openwall.com/lists/oss-security/2016/05/26/6] || {{pkg|libusbmuxd}} || 2016-05-26 || <= 1.0.10-1 || || || '''Vulnerable''' ||<br />
|-<br />
| {{CVE|CVE-2016-5104}} [http://www.openwall.com/lists/oss-security/2016/05/26/6] || {{pkg|libimobiledevice}} || 2016-05-26 || <= 1.2.0-3 || || || '''Vulnerable''' ||<br />
|-<br />
| {{CVE|CVE-2016-5103}} [http://www.openwall.com/lists/oss-security/2016/05/26/5] || {{pkg|roundcubemail}} || 2016-05-26 || <= 1.2rc-1 || 1.2.0-1 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-1762}} {{CVE|CVE-2016-1833}} {{CVE|CVE-2016-1834}} {{CVE|CVE-2016-1835}} {{CVE|CVE-2016-1836}} {{CVE|CVE-2016-1837}} {{CVE|CVE-2016-1838}} {{CVE|CVE-2016-1839}} {{CVE|CVE-2016-1840}} {{CVE|CVE-2016-3627}} {{CVE|CVE-2016-3705}} {{CVE|CVE-2016-4483}} [https://git.gnome.org/browse/libxml2/log/] || {{pkg|libxml2}} || 2016-05-23 || <= 2.9.3-2 || 2.9.4+0+gbdec218-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000634.html ASA-201605-27]<br />
|-<br />
| {{CVE|CVE-2016-1672}} {{CVE|CVE-2016-1673}} {{CVE|CVE-2016-1674}} {{CVE|CVE-2016-1675}} {{CVE|CVE-2016-1676}} {{CVE|CVE-2016-1677}} {{CVE|CVE-2016-1678}} {{CVE|CVE-2016-1679}} {{CVE|CVE-2016-1680}} {{CVE|CVE-2016-1681}} {{CVE|CVE-2016-1682}} {{CVE|CVE-2016-1683}} {{CVE|CVE-2016-1684}} {{CVE|CVE-2016-1685}} {{CVE|CVE-2016-1686}} {{CVE|CVE-2016-1687}} {{CVE|CVE-2016-1688}} {{CVE|CVE-2016-1689}} {{CVE|CVE-2016-1690}} {{CVE|CVE-2016-1691}} {{CVE|CVE-2016-1692}} {{CVE|CVE-2016-1693}} {{CVE|CVE-2016-1694}} {{CVE|CVE-2016-1695}} [http://googlechromereleases.blogspot.fr/2016/05/stable-channel-update_25.html] || {{pkg|chromium}} || 2016-05-25 || <= 50.0.2661.102-1 || 51.0.2704.63-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000635.html ASA-201605-28]<br />
|-<br />
| {{CVE|CVE-2016-5027}} {{CVE|CVE-2016-5028}} {{CVE|CVE-2016-5029}} {{CVE|CVE-2016-5030}} {{CVE|CVE-2016-5031}} {{CVE|CVE-2016-5032}} {{CVE|CVE-2016-5033}} {{CVE|CVE-2016-5034}} {{CVE|CVE-2016-5035}} {{CVE|CVE-2016-5036}} {{CVE|CVE-2016-5037}} {{CVE|CVE-2016-5038}} {{CVE|CVE-2016-5039}} {{CVE|CVE-2016-5040}} {{CVE|CVE-2016-5041}} {{CVE|CVE-2016-5042}} {{CVE|CVE-2016-5043}} {{CVE|CVE-2016-5044}} [http://seclists.org/oss-sec/2016/q2/393] [https://www.prevanders.net/dwarfbug.html] || {{pkg|libdwarf}} || 2016-05-24 || <= 20160507-1 || 20160613-1 || 27d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000658.html ASA-201606-23]<br />
|-<br />
| {{CVE|CVE-2015-1283}} {{CVE|CVE-2016-0718}} [http://seclists.org/oss-sec/2016/q2/360] || {{pkg|expat}} {{pkg|lib32-expat}} || 2016-05-17 || <= 2.1.1-1 || 2.1.1-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000629.html ASA-201605-22] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000630.html ASA-201605-23]<br />
|-<br />
| {{CVE|CVE-2016-2334}} {{CVE|CVE-2016-2335}} [http://www.talosintel.com/reports/TALOS-2016-0093/] [http://www.talosintel.com/reports/TALOS-2016-0094/] || {{pkg|p7zip}} || 2016-05-10 || <= 15.14.1-1 || 15.14.1-2 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000631.html ASA-201605-24]<br />
|-<br />
| {{CVE|CVE-2016-3698}} [https://github.com/jpirko/libndp/commit/2af9a55b38b55abbf05fd116ec097d4029115839] || {{pkg|libndp}} || 2016-05-17 || <= 1.5-1 || 1.6-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000633.html ASA-201605-26]<br />
|-<br />
| {{CVE|CVE-2016-2803}} [http://seclists.org/bugtraq/2016/May/72] || {{pkg|bugzilla}} || 2016-05-16 || <= 5.0.2-1 || 5.0.3-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000632.html ASA-201605-25]<br />
|-<br />
| {{CVE|CVE-2016-2099}} [https://issues.apache.org/jira/browse/XERCESC-2066] [http://www.openwall.com/lists/oss-security/2016/05/09/7] || {{pkg|xerces-c}} || 2016-05-09 || <= 3.1.3-1 || 3.1.3-2 || 46d || Fixed ({{bug|49353}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000656.html ASA-201606-22]<br />
|-<br />
| [http://blog.jetbrains.com/blog/2016/05/11/security-update-for-intellij-based-ides-v2016-1-and-older-versions/] || {{pkg|intellij-idea-community-edition}} {{pkg|intellij-idea-libs}} || 2016-05-11 || <= 1:2016.1.1-1 || 1:2016.1.2-1 || 3d || Fixed ({{bug|49329}}) || None<br />
|-<br />
| {{CVE|CVE-2016-2804}} {{CVE|CVE-2016-2805}} {{CVE|CVE-2016-2806}} {{CVE|CVE-2016-2807}} [https://www.mozilla.org/en-US/security/advisories/mfsa2016-39/] || {{pkg|thunderbird}} || 2016-05-10 || <= 45.0-1 || 45.1.0-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000628.html ASA-201605-21]<br />
|-<br />
| {{CVE|CVE-2016-1667}} {{CVE|CVE-2016-1668}} {{CVE|CVE-2016-1669}} {{CVE|CVE-2016-1670}} [http://googlechromereleases.blogspot.fr/2016/05/stable-channel-update.html] || {{pkg|chromium}} || 2016-05-11 || <= 50.0.2661.94-1 || 50.0.2661.102-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000622.html ASA-201605-15] <br />
|-<br />
| {{CVE|CVE-2016-3706}} {{CVE|CVE-2016-1234}} [https://sourceware.org/bugzilla/show_bug.cgi?id=20010] || {{pkg|glibc}} {{pkg|lib32-glibc}} || 2016-04-27 || <= 2.23-2 || 2.23-4 || 17d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000626.html ASA-201605-19] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000627.html ASA-201605-20]<br />
|-<br />
| {{CVE|CVE-2016-1096}} {{CVE|CVE-2016-1097}} {{CVE|CVE-2016-1098}} {{CVE|CVE-2016-1099}} {{CVE|CVE-2016-1100}} {{CVE|CVE-2016-1101}} {{CVE|CVE-2016-1102}} {{CVE|CVE-2016-1103}} {{CVE|CVE-2016-1104}} {{CVE|CVE-2016-1105}} {{CVE|CVE-2016-1106}} {{CVE|CVE-2016-1107}} {{CVE|CVE-2016-1108}} {{CVE|CVE-2016-1109}} {{CVE|CVE-2016-1110}} {{CVE|CVE-2016-4108}} {{CVE|CVE-2016-4109}} {{CVE|CVE-2016-4110}} {{CVE|CVE-2016-4111}} {{CVE|CVE-2016-4112}} {{CVE|CVE-2016-4113}} {{CVE|CVE-2016-4114}} {{CVE|CVE-2016-4115}} {{CVE|CVE-2016-4116}} {{CVE|CVE-2016-4117}} [https://helpx.adobe.com/security/products/flash-player/apsa16-02.html] || {{pkg|flashplugin}} {{pkg|lib32-flashplugin}} || 2016-05-10 || <= 11.2.202.616-2 || 11.2.202.621-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000623.html ASA-201605-16] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000625.html ASA-201605-18]<br />
|-<br />
| {{CVE|CVE-2015-8558}} {{CVE|CVE-2016-3710}} {{CVE|CVE-2016-3712}} {{CVE|CVE-2016-5105}} {{CVE|CVE-2016-5107}} {{CVE|CVE-2016-5106}} [http://xenbits.xen.org/xsa/advisory-179.html] [http://www.openwall.com/lists/oss-security/2016/05/25/7] || {{pkg|qemu}} {{pkg|qemu-arch-extra}} || 2016-05-10 || <= 2.5.1-1 || 2.6.0-1 || 28d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000643.html ASA-201606-8] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000644.html ASA-201606-9]<br />
|-<br />
| {{CVE|CVE-2015-8558}} {{CVE|CVE-2016-3710}} {{CVE|CVE-2016-3712}} {{CVE|CVE-2016-5105}} {{CVE|CVE-2016-5107}} {{CVE|CVE-2016-5106}} [http://xenbits.xen.org/xsa/advisory-179.html] [http://www.openwall.com/lists/oss-security/2016/05/25/7] || {{pkg|qemu-guest-agent}} {{pkg|qemu-block-gluster}} {{pkg|qemu-block-iscsi}} {{pkg|qemu-block-rbd}} || 2016-05-10 || <= 2.5.1-1 || - || - || Not Affected || None<br />
|-<br />
| {{CVE|CVE-2016-1926}} [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1926] [http://www.openvas.org/OVSA20160113.html] || {{pkg|greenbone-security-assistant}} || 2016-01-16 || <= 6.0.6-2 || || || '''Vulnerable''' || <br />
|-<br />
| {{CVE|CVE-2016-3659}} [http://bugs.cacti.net/view.php?id=2673] || {{pkg|cacti}} || 2016-03-31 || <= 0.8.8_g-3 || 0.8.8_h-1 || 40d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000621.html ASA-201605-14]<br />
|-<br />
| {{CVE|CVE-2016-4554}} {{CVE|CVE-2016-4555}} {{CVE|CVE-2016-4556}} [http://www.squid-cache.org/Advisories/SQUID-2016_8.txt] [http://www.squid-cache.org/Advisories/SQUID-2016_9.txt] || {{pkg|squid}} || 2016-05-09 || <= 3.5.17-1 || 3.5.19-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000620.html ASA-201605-13]<br />
|-<br />
| {{CVE|CVE-2015-8106}} [http://www.openwall.com/lists/oss-security/2015/11/16/39] || {{pkg|latex2rtf}} || 2015-11-16 || <= 2.3.8-1 || 2.3.10-1 || ~6m || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000616.html ASA-201605-9]<br />
|-<br />
| {{CVE|CVE-2016-3105}} [https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.8_.2F_3.8.1_.282016-5-1.29] || {{pkg|mercurial}} || 2016-05-01 || <= 3.7.3-1 || 3.8.1-1 || 5d || Fixed ({{bug|49239}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000617.html ASA-201605-10] <br />
|-<br />
| {{CVE|CVE-2016-1236}} [http://www.openwall.com/lists/oss-security/2016/05/05/22] || {{pkg|websvn}} || 2016-05-05 || <= 2.3.3-6 || 2.3.3-7 || 98d || Fixed ({{bug|50344}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000685.html ASA-201608-11]<br />
|-<br />
| {{CVE|CVE-2016-4414}} [http://marc.info/?l=oss-security&m=146204310020229&w=2] || {{pkg|quassel-client}} {{pkg|quassel-monolithic}} || 2016-04-30 || <= 0.12.3-1 || - || - || Not Affected || None<br />
|-<br />
| {{CVE|CVE-2016-4352}} [http://www.openwall.com/lists/oss-security/2016/04/29/7] || {{pkg|mencoder}} {{pkg|mplayer}} || 2016-05-03 || <= 37379-7 || 37857-1 || 3d || Fixed ({{bug|49195}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000618.html ASA-201605-11] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000619.html ASA-201605-12]<br />
|-<br />
| {{CVE|CVE-2016-4574}} [http://www.openwall.com/lists/oss-security/2016/05/10/4] || {{pkg|libksba}} || 2016-05-03 || <= 1.3.3-1 || 1.3.4-1 || 9d || Fixed ({{bug|49289}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000624.html ASA-201605-17]<br />
|-<br />
| {{CVE|CVE-2016-4354}} {{CVE|CVE-2016-4353}} {{CVE|CVE-2016-4355}} {{CVE|CVE-2016-4356}} [http://www.openwall.com/lists/oss-security/2016/04/29/8] || {{pkg|libksba}} || 2016-04-10 || <= 1.3.2-1 || 1.3.3-1 || 18d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-4348}} {{CVE|CVE-2016-4347}} [http://www.openwall.com/lists/oss-security/2016/04/30/3] || {{pkg|librsvg}} || 2016-05-03 || <= 2:2.40.2-2 || 2:2.40.15-2 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-4415}} {{CVE|CVE-2016-4416}} {{CVE|CVE-2016-4417}} {{CVE|CVE-2016-4418}} {{CVE|CVE-2016-4419}} {{CVE|CVE-2016-4420}} {{CVE|CVE-2016-4421}} {{CVE|CVE-2016-4076}} {{CVE|CVE-2016-4077}} {{CVE|CVE-2016-4078}} {{CVE|CVE-2016-4079}} {{CVE|CVE-2016-4080}} {{CVE|CVE-2016-4081}} {{CVE|CVE-2016-4006}} {{CVE|CVE-2016-4082}} {{CVE|CVE-2016-4083}} {{CVE|CVE-2016-4084}} {{CVE|CVE-2016-4085}} [http://www.openwall.com/lists/oss-security/2016/04/25/2] || {{pkg|wireshark-cli}} {{pkg|wireshark-qt}} {{pkg|wireshark-gtk}} || 2016-05-03 || <= 2.0.2-1 || 2.0.3-1 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-3714}} [http://www.openwall.com/lists/oss-security/2016/05/03/13] [http://www.openwall.com/lists/oss-security/2016/05/03/14]|| {{pkg|imagemagick}} || 2016-05-03 || <= 6.9.3.8-1 || 6.9.3.10-1 || 3d || Fixed ({{bug|49203}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000613.html ASA-201605-6]<br />
|-<br />
| {{CVE|CVE-2016-4477}} {{CVE|CVE-2016-4476}} [http://www.openwall.com/lists/oss-security/2016/05/03/2] || {{pkg|hostapd}} || 2016-05-03 || <= 2.5-2 || || || '''Vulnerable''' ({{bug|49196}}) || <br />
|-<br />
| {{CVE|CVE-2016-4477}} {{CVE|CVE-2016-4476}} [http://www.openwall.com/lists/oss-security/2016/05/03/2] || {{pkg|wpa_supplicant}} || 2016-05-03 || <= 1:2.5-3 || || || '''Vulnerable''' ({{bug|49196}}) || <br />
|-<br />
| {{CVE|CVE-2016-2105}} {{CVE|CVE-2016-2106}} {{CVE|CVE-2016-2107}} {{CVE|CVE-2016-2109}} {{CVE|CVE-2016-2176}} [https://www.openssl.org/news/secadv/20160503.txt] || {{pkg|openssl}} {{pkg|lib32-openssl}} || 2016-05-03 || <= 1.0.2.g-3 || 1.0.2.h-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000610.html ASA-201605-3] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000611.html ASA-201605-4]<br />
|-<br />
| {{CVE|CVE-2016-4425}} [https://github.com/akheron/jansson/issues/282] [http://marc.info/?l=oss-security&m=146219323703639&w=2] || {{pkg|jansson}} || 2016-05-02 || <= 2.7-1 || 2.8-1 || 137d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000711.html ASA-201609-15]<br />
|-<br />
| {{CVE|CVE-2016-4425}} [https://github.com/akheron/jansson/issues/282] [http://marc.info/?l=oss-security&m=146219323703639&w=2] || {{pkg|lib32-jansson}} || 2016-05-02 || <= 2.7-2 || 2.8-1 || 140d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000713.html ASA-201609-17]<br />
|-<br />
| {{CVE|CVE-2016-1660}} {{CVE|CVE-2016-1661}} {{CVE|CVE-2016-1662}} {{CVE|CVE-2016-1663}} {{CVE|CVE-2016-1664}} {{CVE|CVE-2016-1665}} {{CVE|CVE-2016-1666}} [http://googlechromereleases.blogspot.fr/2016/04/stable-channel-update_28.html] || {{pkg|chromium}} || 2016-04-28 || <= 50.0.2661.75-1 || 50.0.2661.94-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000614.html ASA-201605-7]<br />
|-<br />
| {{CVE|CVE-2015-8869}} || {{pkg|ocaml}} || 2016-04-29 || <= 4.02.3-2 || || || '''Vulnerable''' || <br />
|-<br />
| {{CVE|CVE-2016-4414}} [http://marc.info/?l=oss-security&m=146204310020229&w=2] || {{pkg|quassel-core}} || 2016-04-30 || <= 0.12.3-1 || 0.12.4-1 || 6d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000612.html ASA-201605-5]<br />
|-<br />
| {{CVE|CVE-2016-2167}} {{CVE|CVE-2016-2168}} [https://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgfn1iKueW51EpmXzXi_URNfGNofZSgOyW1_jnSeNm5DQ@mail.gmail.com%3E] || {{pkg|subversion}} || 2016-04-28 || <= 1.9.3-2 || 1.9.4-1 || 38d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000641.html ASA-201606-6]<br />
|-<br />
| {{CVE|CVE-2015-7704}} {{CVE|CVE-2015-8138}} {{CVE|CVE-2016-1547}} {{CVE|CVE-2016-1548}} {{CVE|CVE-2016-1549}} {{CVE|CVE-2016-1550}} {{CVE|CVE-2016-1551}} {{CVE|CVE-2016-2516}} {{CVE|CVE-2016-2517}} {{CVE|CVE-2016-2518}} {{CVE|CVE-2016-2519}} [http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security] || {{pkg|ntp}} || 2016-04-26 || <= 4.2.8.p6-3 || 4.2.8.p7-1 || 6d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-2804}} {{CVE|CVE-2016-2805}} {{CVE|CVE-2016-2806}} {{CVE|CVE-2016-2807}} {{CVE|CVE-2016-2808}} {{CVE|CVE-2016-2811}} {{CVE|CVE-2016-2812}} {{CVE|CVE-2016-2814}} {{CVE|CVE-2016-2816}} {{CVE|CVE-2016-2817}} {{CVE|CVE-2016-2820}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox46] || {{pkg|firefox}} || 2016-04-26 || <= 45.0.2-1 || 46.0-2 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000607.html ASA-201604-15]<br />
|-<br />
| {{CVE|CVE-2015-8863}} [http://seclists.org/oss-sec/2016/q2/134] || {{pkg|jq}} || 2016-04-23 || <= 1.5-3 || 1.5-4 || 109d || Fixed ({{bug|50330}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000684.html ASA-201608-10]<br />
|-<br />
| {{CVE|CVE-2016-3074}} [http://seclists.org/oss-sec/2016/q2/128] || {{pkg|gd}} || 2016-04-21 || <= 2.1.1-3 || 2.1.1-4 || 15d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000615.html ASA-201605-8]<br />
|-<br />
| {{CVE|CVE-2016-4051}} {{CVE|CVE-2016-4052}} {{CVE|CVE-2016-4053}} {{CVE|CVE-2016-4054}} [http://www.squid-cache.org/Advisories/SQUID-2016_5.txt] [http://www.squid-cache.org/Advisories/SQUID-2016_6.txt] || {{pkg|squid}} || 2016-04-20 || <= 3.5.16-1 || 3.5.17-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000606.html ASA-201604-14]<br />
|-<br />
| {{CVE|CVE-2016-4021}} [https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2016-030.txt] || {{pkg|pgpdump}} || 2016-04-12 || <= 0.29-2 || 0.30-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000603.html ASA-201604-11]<br />
|-<br />
| {{CVE|CVE-2016-1955}} {{CVE|CVE-2016-1956}} [https://www.mozilla.org/en-US/security/advisories/mfsa2016-18/] [https://www.mozilla.org/en-US/security/advisories/mfsa2016-19/] || {{pkg|thunderbird}} || 2016-04-12 || <= 38.7.2-1 || 45.0-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000604.html ASA-201604-12]<br />
|-<br />
| {{CVE|CVE-2016-2347}} [http://www.talosintel.com/reports/TALOS-2016-0095/] || {{pkg|lhasa}} || 2016-04-14 || <= 0.3.0-1 || 0.3.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000600.html ASA-201604-8]<br />
|-<br />
| {{CVE|CVE-2016-1651}} {{CVE|CVE-2016-1652}} {{CVE|CVE-2016-1653}} {{CVE|CVE-2016-1654}} {{CVE|CVE-2016-1655}} {{CVE|CVE-2016-1656}} {{CVE|CVE-2016-1657}} {{CVE|CVE-2016-1658}} {{CVE|CVE-2016-1659}} [http://googlechromereleases.blogspot.fr/2016/04/stable-channel-update_13.html] || {{pkg|chromium}} || 2016-04-13|| <= 49.0.2623.112-1 || 50.0.2661.75-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000602.html ASA-201604-10]<br />
|-<br />
| {{CVE|CVE-2015-5370}} {{CVE|CVE-2016-2110}} {{CVE|CVE-2016-2111}} {{CVE|CVE-2016-2112}} {{CVE|CVE-2016-2113}} {{CVE|CVE-2016-2114}} {{CVE|CVE-2016-2115}} {{CVE|CVE-2016-2118}} [https://www.samba.org/samba/history/security.html] [http://badlock.org/] || {{pkg|samba}} || 2016-04-12|| <= 4.4.0-1 || 4.4.2-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000605.html ASA-201604-13]<br />
|-<br />
| {{CVE|CVE-2016-4008}} [http://article.gmane.org/gmane.comp.security.oss.general/19286] || {{pkg|libtasn1}} || 2016-04-11|| <= 4.7-1 || 4.8-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000601.html ASA-201604-9]<br />
|-<br />
| {{CVE|CVE-2011-5326}} {{CVE|CVE-2016-3993}} {{CVE|CVE-2016-3994}} {{CVE|CVE-2016-4024}} [https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=785369] [http://article.gmane.org/gmane.comp.security.oss.general/19276] || {{pkg|imlib2}} || 2016-04-09 || <= 1.4.8-1 || 1.4.9-1 || 23d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000608.html ASA-201605-1]<br />
|-<br />
| {{CVE|CVE-2014-9771}} [http://www.openwall.com/lists/oss-security/2016/04/09/3] || {{pkg|imlib2}} || 2016-04-09 || <= 1.4.5-6 || 1.4.6-1 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-1006}} {{CVE|CVE-2016-1011}} {{CVE|CVE-2016-1012}} {{CVE|CVE-2016-1013}} {{CVE|CVE-2016-1014}} {{CVE|CVE-2016-1015}} {{CVE|CVE-2016-1016}} {{CVE|CVE-2016-1017}} {{CVE|CVE-2016-1018}} {{CVE|CVE-2016-1019}} {{CVE|CVE-2016-1020}} {{CVE|CVE-2016-1021}} {{CVE|CVE-2016-1022}} {{CVE|CVE-2016-1023}} {{CVE|CVE-2016-1024}} {{CVE|CVE-2016-1025}} {{CVE|CVE-2016-1026}} {{CVE|CVE-2016-1027}} {{CVE|CVE-2016-1028}} {{CVE|CVE-2016-1029}} {{CVE|CVE-2016-1030}} {{CVE|CVE-2016-1031}} {{CVE|CVE-2016-1032}} {{CVE|CVE-2016-1033}} [https://helpx.adobe.com/security/products/flash-player/apsa16-01.html] [https://helpx.adobe.com/security/products/flash-player/apsb16-10.html] || {{pkg|flashplugin}} || 2016-04-05 || <= 11.2.202.577-1 || 11.2.202.616-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000599.html ASA-201604-7]<br />
|-<br />
| {{CVE|CVE-2016-3630}} {{CVE|CVE-2016-3068}} {{CVE|CVE-2016-3069}} [https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.29] || {{pkg|mercurial}} || 2016-03-29 || <= 3.7.2-1 || 3.7.3-1 || 8d || Fixed ({{bug|48821}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000598.html ASA-201604-6]<br />
|-<br />
| {{CVE|CVE-2016-2191}} [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2191] [https://sourceforge.net/p/optipng/bugs/59/] [http://www.openwall.com/lists/oss-security/2016/04/04/2]|| {{Pkg|optipng}} || 2016-04-04 || <= 0.7.5-2 || 0.7.6-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000597.html ASA-201604-5]<br />
|-<br />
| {{CVE|CVE-2016-3947}} [http://www.squid-cache.org/Advisories/SQUID-2016_3.txt] || {{Pkg|squid}} || 2016-04-01 || <= 3.5.15-2 || 3.5.16 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000596.html ASA-201604-4]<br />
|-<br />
| {{CVE|CVE-2016-0636}} [http://www.oracle.com/technetwork/topics/security/alert-cve-2016-0636-2949497.html] [http://blog.fuseyism.com/index.php/2016/03/25/security-icedtea-2-6-5-for-openjdk-7-released/] || {{pkg|jdk7-openjdk}} {{pkg|jre7-openjdk}} {{pkg|jre7-openjdk-headless}} || 2016-03-24 || <= 7.u95_2.6.4-1 || 7.u99_2.6.5-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000593.html ASA-201604-1] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000594.html ASA-201604-2] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000595.html ASA-201604-3]<br />
|-<br />
| {{CVE|CVE-2016-0636}} [http://www.oracle.com/technetwork/topics/security/alert-cve-2016-0636-2949497.html] || {{pkg|jdk8-openjdk}} {{pkg|jre8-openjdk}} {{pkg|jre8-openjdk-headless}} || 2016-03-23 || <= 8.u74-1 || 8.u77-1 || 6d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000590.html ASA-201603-25] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000591.html ASA-201603-26] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000592.html ASA-201603-27]<br />
|-<br />
| {{CVE|CVE-2016-1646}} {{CVE|CVE-2016-1647}} {{CVE|CVE-2016-1648}} {{CVE|CVE-2016-1649}} {{CVE|CVE-2016-1650}} [http://googlechromereleases.blogspot.fr/2016/03/stable-channel-update_24.html] || {{pkg|chromium}} || 2016-03-24 || <= 49.0.2623.87-1 || 49.0.2623.108-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000589.html ASA-201603-24]<br />
|-<br />
| {{CVE|CVE-2016-2849}} {{CVE|CVE-2016-2850}} [http://botan.randombit.net/security.html#id1] || {{pkg|botan}} || 2016-03-20 || <= 1.11.28-1 || 1.11.29-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000587.html ASA-201603-22]<br />
|-<br />
| {{CVE|CVE-2016-1952}} {{CVE|CVE-2016-1953}} {{CVE|CVE-2016-1954}} {{CVE|CVE-2016-1957}} {{CVE|CVE-2016-1960}} {{CVE|CVE-2016-1961}} {{CVE|CVE-2016-1964}} {{CVE|CVE-2016-1966}} {{CVE|CVE-2016-1974}} {{CVE|CVE-2016-1977}} {{CVE|CVE-2016-2790}} {{CVE|CVE-2016-2791}} {{CVE|CVE-2016-2792}} {{CVE|CVE-2016-2793}} {{CVE|CVE-2016-2794}} {{CVE|CVE-2016-2795}} {{CVE|CVE-2016-2796}} {{CVE|CVE-2016-2797}} {{CVE|CVE-2016-2798}} {{CVE|CVE-2016-2799}} {{CVE|CVE-2016-2800}} {{CVE|CVE-2016-2801}} {{CVE|CVE-2016-2802}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird38.7] || {{pkg|thunderbird}} || 2016-03-14 || <= 38.6.0-1 || 38.7.0-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000586.html ASA-201603-21]<br />
|-<br />
| {{CVE|CVE-2016-2324}} [http://seclists.org/oss-sec/2016/q1/653] || {{pkg|git}} || 2016-03-15 || <= 2.7.3-1 || 2.7.4-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000585.html ASA-201603-20]<br />
|-<br />
| {{CVE|CVE-2016-3116}} [https://matt.ucc.asn.au/dropbear/CHANGES] || {{pkg|dropbear}} || 2016-03-13 || <= 2015.71-1 || 2016.72-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000584.html ASA-201603-19]<br />
|-<br />
| {{CVE|CVE-2015-1283}} [https://sourceforge.net/p/expat/bugs/528/] || {{pkg|expat}} || 2016-03-12 || <= 2.1.0-4 || 2.1.1-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000588.html ASA-201603-23]<br />
|-<br />
| {{CVE|CVE-2016-2088}} [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2088] {{CVE|CVE-2016-1286}} [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1286] {{CVE|CVE-2016-1285}} [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1285] || {{pkg|bind}} || 2016-03-10 || <= 9.10.3.P3-3 || 9.10.3.P4-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000578.html ASA-201603-13]<br />
|-<br />
| {{CVE|CVE-2016-0960}} {{CVE|CVE-2016-0961}} {{CVE|CVE-2016-0962}} {{CVE|CVE-2016-0963}} {{CVE|CVE-2016-0986}} {{CVE|CVE-2016-0987}} {{CVE|CVE-2016-0988}} {{CVE|CVE-2016-0989}} {{CVE|CVE-2016-0990}} {{CVE|CVE-2016-0991}} {{CVE|CVE-2016-0992}} {{CVE|CVE-2016-0993}} {{CVE|CVE-2016-0994}} {{CVE|CVE-2016-0995}} {{CVE|CVE-2016-0996}} {{CVE|CVE-2016-0997}} {{CVE|CVE-2016-0998}} {{CVE|CVE-2016-0999}} {{CVE|CVE-2016-1000}} {{CVE|CVE-2016-1001}} {{CVE|CVE-2016-1002}} {{CVE|CVE-2016-1005}} {{CVE|CVE-2016-1010}} [https://helpx.adobe.com/security/products/flash-player/apsb16-08.html] || {{pkg|lib32-flashplugin}} || 2016-03-10 || <= 11.2.202.569-1 || 11.2.202.577-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000576.html ASA-201603-11]<br />
|-<br />
| {{CVE|CVE-2016-0960}} {{CVE|CVE-2016-0961}} {{CVE|CVE-2016-0962}} {{CVE|CVE-2016-0963}} {{CVE|CVE-2016-0986}} {{CVE|CVE-2016-0987}} {{CVE|CVE-2016-0988}} {{CVE|CVE-2016-0989}} {{CVE|CVE-2016-0990}} {{CVE|CVE-2016-0991}} {{CVE|CVE-2016-0992}} {{CVE|CVE-2016-0993}} {{CVE|CVE-2016-0994}} {{CVE|CVE-2016-0995}} {{CVE|CVE-2016-0996}} {{CVE|CVE-2016-0997}} {{CVE|CVE-2016-0998}} {{CVE|CVE-2016-0999}} {{CVE|CVE-2016-1000}} {{CVE|CVE-2016-1001}} {{CVE|CVE-2016-1002}} {{CVE|CVE-2016-1005}} {{CVE|CVE-2016-1010}} [https://helpx.adobe.com/security/products/flash-player/apsb16-08.html] || {{pkg|flashplugin}} || 2016-03-10 || <= 11.2.202.569-1 || 11.2.202.577-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000575.html ASA-201603-10]<br />
|-<br />
| {{CVE|CVE-2016-3115}} [http://www.openssh.com/txt/x11fwd.adv] || {{pkg|openssh}} || 2016-03-10 || <= 7.2p1-1 || 7.2p2-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000577.html ASA-201603-12]<br />
|-<br />
| {{CVE|CVE-2015-8833}} [http://seclists.org/oss-sec/2016/q1/572] || {{pkg|pidgin-otr}} || 2016-03-09 || <= 4.0.1-2 || 4.0.2-1 || 3d || Fixed ({{bug|48537}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000579.html ASA-201603-14]<br />
|-<br />
| {{CVE|CVE-2016-2774}} [https://kb.isc.org/article/AA-01354] || {{pkg|dhcp}} || 2016-03-09 || <= 4.3.3.p1-1 || 4.3.4-1 || 21d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-1531}} [http://www.exim.org/static/doc/CVE-2016-1531.txt] || {{pkg|exim}} || 2016-03-06 || <= 4.86.1-1 || 4.86.2-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000573.html ASA-201603-8]<br />
|-<br />
| {{CVE|CVE-2016-1577}} {{CVE|CVE-2016-2089}} {{CVE|CVE-2016-2116}} || {{pkg|jasper}} || 2016-03-06 || <= 1.900.1-14 || 1.900.1-15 || ~2m || Fixed ({{bug|48511}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000609.html ASA-201605-2]<br />
|-<br />
| {{CVE|CVE-2016-1285}} {{CVE|CVE-2016-1286}} [https://kb.isc.org/article/AA-01352/] [https://kb.isc.org/article/AA-01353/] || {{pkg|bind}} || 2016-03-09 || <= 9.10.3.P3-3 || 9.10.3.P4-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000572.html ASA-201603-7]<br />
|-<br />
| {{CVE|CVE-2016-2851}} [https://otr.cypherpunks.ca/] || {{pkg|libotr}} || 2016-03-09 || <= 4.1.0-1 || 4.1.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000571.html ASA-201603-6]<br />
|-<br />
| {{CVE|CVE-2016-1643}} {{CVE|CVE-2016-1644}} {{CVE|CVE-2016-1645}} || {{pkg|chromium}} || 2016-03-09 || <= 49.0.2623.75-1 || 49.0.2623.87-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000570.html ASA-201603-5]<br />
|-<br />
| {{CVE|CVE-2016-1952}} {{CVE|CVE-2016-1953}} {{CVE|CVE-2016-1954}} {{CVE|CVE-2016-1955}} {{CVE|CVE-2016-1956}} {{CVE|CVE-2016-1957}} {{CVE|CVE-2016-1958}} {{CVE|CVE-2016-1959}} {{CVE|CVE-2016-1960}} {{CVE|CVE-2016-1961}} {{CVE|CVE-2016-1962}} {{CVE|CVE-2016-1963}} {{CVE|CVE-2016-1964}} {{CVE|CVE-2016-1965}} {{CVE|CVE-2016-1966}} {{CVE|CVE-2016-1967}} {{CVE|CVE-2016-1968}} {{CVE|CVE-2016-1970}} {{CVE|CVE-2016-1971}} {{CVE|CVE-2016-1972}} {{CVE|CVE-2016-1973}} {{CVE|CVE-2016-1974}} {{CVE|CVE-2016-1975}} {{CVE|CVE-2016-1976}} {{CVE|CVE-2016-1977}} {{CVE|CVE-2016-2790}} {{CVE|CVE-2016-2791}} {{CVE|CVE-2016-2792}} {{CVE|CVE-2016-2793}} {{CVE|CVE-2016-2794}} {{CVE|CVE-2016-2795}} {{CVE|CVE-2016-2796}} {{CVE|CVE-2016-2797}} {{CVE|CVE-2016-2798}} {{CVE|CVE-2016-2799}} {{CVE|CVE-2016-2800}} {{CVE|CVE-2016-2801}} {{CVE|CVE-2016-2802}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox45] || {{pkg|firefox}} || 2016-03-08 || <= 44.0.2-2 || 45.0-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000569.html ASA-201603-4]<br />
|-<br />
| {{CVE|CVE-2016-2532}} {{CVE|CVE-2016-2531}} {{CVE|CVE-2016-2530}} {{CVE|CVE-2016-2529}} {{CVE|CVE-2016-2528}} {{CVE|CVE-2016-2527}} {{CVE|CVE-2016-2526}} {{CVE|CVE-2016-2525}} {{CVE|CVE-2016-2524}} {{CVE|CVE-2016-2523}} {{CVE|CVE-2016-2522}} {{CVE|CVE-2016-2521}} || {{pkg|wireshark-cli}} {{pkg|wireshark-qt}} {{pkg|wireshark-gtk}} || 2016-03-07 || <= 2.0.1-2 || 2.0.2-1 || 5d || Fixed ({{bug|48536}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000580.html ASA-201603-15] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000581.html ASA-201603-16] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000582.html ASA-201603-17]<br />
|-<br />
| {{CVE|CVE-2016-2381}} [https://www.debian.org/security/2016/dsa-3501] || {{pkg|perl}} || 2016-03-07 || <= 5.22.1-1 || 5.22.1-2 || 3d || Fixed ({{Bug|48482}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000574.html ASA-201603-9]<br />
|-<br />
| {{CVE|CVE-2015-8126}} {{CVE|CVE-2016-1630}} {{CVE|CVE-2016-1631}} {{CVE|CVE-2016-1632}} {{CVE|CVE-2016-1633}} {{CVE|CVE-2016-1634}} {{CVE|CVE-2016-1635}} {{CVE|CVE-2016-1636}} {{CVE|CVE-2016-1637}} {{CVE|CVE-2016-1638}} {{CVE|CVE-2016-1639}} {{CVE|CVE-2016-1640}} {{CVE|CVE-2016-1641}} {{CVE|CVE-2016-1642}} [http://googlechromereleases.blogspot.fr/2016/03/stable-channel-update.html] || {{pkg|chromium}} || 2016-03-02 || <= 48.0.2564.116-1 || 49.0.2623.75-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000566.html ASA-201603-1]<br />
|-<br />
| {{CVE|CVE-2016-0702}} {{CVE|CVE-2016-0705}} {{CVE|CVE-2016-0797}} {{CVE|CVE-2016-0798}} {{CVE|CVE-2016-0799}} {{CVE|CVE-2016-0800}} [https://www.openssl.org/news/secadv/20160301.txt] || {{pkg|openssl}} || 2016-03-01 || <= 1.0.2.f-1 || 1.0.2.g-3 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000567.html ASA-201603-2]<br />
|-<br />
| {{CVE|CVE-2016-0702}} {{CVE|CVE-2016-0705}} {{CVE|CVE-2016-0797}} {{CVE|CVE-2016-0798}} {{CVE|CVE-2016-0799}} {{CVE|CVE-2016-0800}} [https://www.openssl.org/news/secadv/20160301.txt] || {{pkg|lib32-openssl}} || 2016-03-01 || <= 1.0.2.f-1 || 1.0.2.g-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000568.html ASA-201603-3]<br />
|-<br />
| {{CVE|CVE-2015-7511}} [https://lists.gnupg.org/pipermail/gnupg-announce/2016q1/000384.html] || {{pkg|libgcrypt}} || 2016-02-09 || <= 1.6.4-1 || 1.6.5-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000560.html ASA-201602-19]<br />
|-<br />
| {{CVE|CVE-2016-0739}} [https://www.libssh.org/2016/02/23/libssh-0-7-3-security-and-bugfix-release/] || {{pkg|libssh}} || 2016-02-23 || <= 0.7.2-1 || 0.7.3-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000559.html ASA-201602-18]<br />
|-<br />
| {{CVE|CVE-2016-0787}} [https://www.libssh2.org/adv_20160223.html] || {{pkg|libssh2}} || 2016-02-23 || <= 1.6.0-1 || 1.7.0-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000561.html ASA-201602-20]<br />
|-<br />
| {{CVE|CVE-2016-0787}} [https://www.libssh2.org/adv_20160223.html] || {{pkg|lib32-libssh2}} || 2016-02-23 || <= 1.6.0-1 || 1.7.0-1 ||3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000562.html ASA-201602-21]<br />
|-<br />
| {{CVE|CVE-2016-1629}} [http://googlechromereleases.blogspot.fr/2016/02/stable-channel-update_18.html] || {{pkg|chromium}} || 2016-02-18 || <= 48.0.2564.109-1 || 48.0.2564.116-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000558.html ASA-201602-17]<br />
|-<br />
| {{CVE|CVE-2015-7575}} {{CVE|CVE-2016-1523}} {{CVE|CVE-2016-1930}} {{CVE|CVE-2016-1931}} {{CVE|CVE-2016-1935}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird38.6] || {{pkg|thunderbird}} || 2016-02-11 || <= 38.5.1-1 || 38.6.0-1 || 6d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000557.html ASA-201602-16]<br />
|-<br />
| {{CVE|CVE-2015-7547}} {{CVE|CVE-2015-8776}} {{CVE|CVE-2015-8777}} {{CVE|CVE-2015-8778}} {{CVE|CVE-2015-8779}} [https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html] [https://googleonlinesecurity.blogspot.de/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html] || {{pkg|glibc}} || 2016-02-16 || <= 2.22-3 || 2.22-4 || 1d || Fixed ({{Bug|48213}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000555.html ASA-201602-15]<br />
|-<br />
| {{CVE|CVE-2015-7547}} {{CVE|CVE-2015-8776}} {{CVE|CVE-2015-8777}} {{CVE|CVE-2015-8778}} {{CVE|CVE-2015-8779}} [https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html] [https://googleonlinesecurity.blogspot.de/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html] || {{pkg|lib32-glibc}} || 2016-02-16 || <= 2.22-3.1 || 2.22-4 || 1d || Fixed ({{Bug|48213}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000554.html ASA-201602-14]<br />
|-<br />
| {{CVE|CVE-2016-1622}} {{CVE|CVE-2016-1623}} {{CVE|CVE-2016-1624}} {{CVE|CVE-2016-1625}} {{CVE|CVE-2016-1626}} {{CVE|CVE-2016-1627}} [http://googlechromereleases.blogspot.fr/2016/02/stable-channel-update_9.html]|| {{pkg|chromium}} || 2016-02-09 || <= 48.0.2564.103-1 || 48.0.2564.109-1 || 6d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-1949}} [https://www.mozilla.org/en-US/security/advisories/mfsa2016-13/]|| {{pkg|firefox}} || 2016-02-11 || <= 44.0.1-1 || 44.0.2-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000552.html ASA-201602-12]<br />
|-<br />
| {{CVE|CVE-2016-1544}} [https://nghttp2.org/blog/2016/02/11/nghttp2-v1-7-1/]|| {{pkg|nghttp2}} || 2016-02-11 || <= 1.7.0-1 || 1.7.1-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000553.html ASA-201602-13]<br />
|-<br />
| {{CVE|CVE-2014-2312}} [https://www.kde.org/info/security/advisory-20160209-1.txt]|| {{pkg|kscreenlocker}} || 2016-02-10 || <= 5.5.4-1 || 5.5.4-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000550.html ASA-201602-10]<br />
|-<br />
| {{CVE|CVE-2014-9496}} {{CVE|CVE-2014-9756}} {{CVE|CVE-2015-7805}} || {{pkg|libsndfile}} {{pkg|lib32-libsndfile}} || 2016-02-01 || <= 1.0.25-3 || 1.0.26-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000548.html ASA-201602-8] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000549.html ASA-201602-9]<br />
|-<br />
| {{CVE|CVE-2015-8803}} {{CVE|CVE-2015-8804}} {{CVE|CVE-2015-8805}} [https://blog.fuzzing-project.org/38-Miscomputations-of-elliptic-curve-scalar-multiplications-in-Nettle.html] || {{pkg|nettle}} {{pkg|lib32-nettle}} || 2016-02-03 || <= 3.1-1 || 3.2-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000545.html ASA-201602-5] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000546.html ASA-201602-6]<br />
|-<br />
| {{CVE|CVE-2016-2194}} {{CVE|CVE-2016-2195}} {{CVE|CVE-2016-2196}} [http://botan.randombit.net/security.html#id1] || {{pkg|botan}} || 2016-02-01 || <= 1.11.25-2 || 1.11.28-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000551.html ASA-201602-11]<br />
|-<br />
| {{CVE|CVE-2014-9761}} [http://seclists.org/oss-sec/2016/q1/153] || {{pkg|lib32-glibc}} || 2016-02-01 || <= 2.22-4 || 2.23-1 || 27d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000564.html ASA-201602-23]<br />
|-<br />
| {{CVE|CVE-2014-9761}} [http://seclists.org/oss-sec/2016/q1/153] || {{pkg|glibc}} || 2016-02-01 || <= 2.22-4 || 2.23-1 || 27d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000563.html ASA-201602-22]<br />
|-<br />
| {{CVE|CVE-2016-2048}} [https://www.djangoproject.com/weblog/2016/feb/01/releases-192-and-189/] || {{pkg|python-django}} {{pkg|python2-django}} || 2016-02-01 || <= 1.9.1-1 || 1.9.2-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000540.html ASA-201602-1] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000542.html ASA-201602-2]<br />
|-<br />
| {{CVE|CVE-2016-2090}} [http://article.gmane.org/gmane.comp.security.oss.general/18715] [http://cgit.freedesktop.org/libbsd/commit/?id=c8f0723d2b4520bdd6b9eb7c3e7976de726d7ff7] [https://bugs.freedesktop.org/show_bug.cgi?id=93881] [https://blog.fuzzing-project.org/36-Heap-buffer-overflow-in-fgetwln-function-of-libbsd.html] || {{pkg|libbsd}} || 2016-01-27 || <= 0.8.1-1 || 0.8.2-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000547.html ASA-201602-7]<br />
|-<br />
| {{CVE|CVE-2015-3197}} {{CVE|CVE-2015-4000}} {{CVE|CVE-2016-0701}} [https://openssl.org/news/secadv/20160128.txt] || {{pkg|openssl}} {{pkg|lib32-openssl}} || 2016-01-28 || <= 1.0.2.e-1 || 1.0.2.f-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000538.html ASA-201601-32] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000539.html ASA-201601-33]<br />
|-<br />
| {{CVE|CVE-2016-0755}} [http://curl.haxx.se/docs/adv_20160127A.html] || {{pkg|curl}} {{pkg|lib32-curl}} || 2016-01-27 || <= 7.46.0-1 || 7.47.0-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000543.html ASA-201602-3] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000544.html ASA-201602-4]<br />
|-<br />
| {{CVE|CVE-2016-0742}} {{CVE|CVE-2016-0746}} {{CVE|CVE-2016-0747}} [http://mailman.nginx.org/pipermail/nginx-announce/2016/000168.html] || {{pkg|nginx}} || 2016-01-26 || <= 1.8.0-2 || 1.8.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000536.html ASA-201601-31]<br />
|-<br />
| {{CVE|CVE-2016-1982}} {{CVE|CVE-2016-1983}} [http://seclists.org/oss-sec/2016/q1/179] || {{pkg|privoxy}} || 2016-01-21 || <= 3.0.23-1 || 3.0.24-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000532.html ASA-201601-27]<br />
|-<br />
| {{CVE|CVE-2016-1572}} [https://bugs.launchpad.net/ecryptfs/+bug/1530566] || {{pkg|ecryptfs-utils}} || 2016-01-21 || <= 108-1 || 108-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000530.html ASA-201601-25]<br />
|-<br />
| {{CVE|CVE-2016-1612}} {{CVE|CVE-2016-1613}} {{CVE|CVE-2016-1614}} {{CVE|CVE-2016-1615}} {{CVE|CVE-2016-1616}} {{CVE|CVE-2016-1617}} {{CVE|CVE-2016-1618}} {{CVE|CVE-2016-1619}} {{CVE|CVE-2016-1620}} [http://googlechromereleases.blogspot.fr/2016/01/stable-channel-update_20.html] || {{pkg|chromium}} || 2016-01-20 || <= 47.0.2526.111-1 || 48.0.2564.82-1 || 1d|| Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000533.html ASA-201601-28]<br />
|-<br />
| {{CVE|CVE-2015-8704}} {{CVE|CVE-2015-8705}} [https://kb.isc.org/article/AA-01335] [https://kb.isc.org/article/AA-01336] || {{pkg|bind}} || 2016-01-19 || <= 9.10.3.P2-1 || 9.10.3.P3-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000526.html ASA-201601-21]<br />
|-<br />
| {{CVE|CVE-2016-0728}} [http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/] || {{pkg|linux-lts}} || 2016-01-19 || <= 4.1.15-1 || 4.1.16-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000531.html ASA-201601-26]<br />
|-<br />
| {{CVE|CVE-2016-0728}} [http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/] || {{pkg|linux}} || 2016-01-19 || <= 4.3.3-2 || 4.3.3-3 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000525.html ASA-201601-20]<br />
|-<br />
| {{CVE|CVE-2015-5300}} [http://support.ntp.org/bin/view/Main/NtpBug2956] || {{pkg|ntp}} || 2016-01-07 || <= 4.2.8.p4-1 || 4.2.8.p5-1 || 10d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000524.html ASA-201601-19]<br />
|-<br />
| {{CVE|CVE-2015-8618}} [https://groups.google.com/forum/#!topic/golang-dev/MEATuOi_ei4] || {{pkg|syncthing}} || 2016-01-13 || <= 0.12.14-1 || 0.12.14-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000521.html ASA-201601-16]<br />
|-<br />
| {{CVE|CVE-2015-8618}} [https://groups.google.com/forum/#!topic/golang-dev/MEATuOi_ei4] || {{pkg|keybase}} || 2016-01-13 || <= 1.0.8.0-1 || 1.0.8.0-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000520.html ASA-201601-15]<br />
|-<br />
| {{CVE|CVE-2015-8618}} [https://groups.google.com/forum/#!topic/golang-dev/MEATuOi_ei4] || {{pkg|hub}} || 2016-01-13 || <= 2.2.2-1 || 2.2.2-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000519.html ASA-201601-14]<br />
|-<br />
| {{CVE|CVE-2015-8618}} [https://groups.google.com/forum/#!topic/golang-dev/MEATuOi_ei4] || {{pkg|go-ipfs}} || 2016-01-13 || <= 0.3.11-1 || 0.3.11-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000518.html ASA-201601-13]<br />
|-<br />
| {{CVE|CVE-2015-8618}} [https://groups.google.com/forum/#!topic/golang-dev/MEATuOi_ei4] || {{pkg|docker}} || 2016-01-13 || <= 1:1.9.1-1 || 1:1.9.1-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000517.html ASA-201601-12]<br />
|-<br />
| {{CVE|CVE-2015-8770}} [http://seclists.org/bugtraq/2016/Jan/60] || {{pkg|roundcubemail}} || 2015-12-26 || <= 1.2beta-1 || 1.2beta-2 || 20d || Fixed ({{bug|47764}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000523.html ASA-201601-18]<br />
|-<br />
| {{CVE|CVE-2016-1903}} {{CVE|CVE-2016-1904}} [http://seclists.org/oss-sec/2016/q1/100] || {{pkg|php}} || 2016-01-14 || <= 7.0.1-1 || 7.0.2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000515.html ASA-201601-10]<br />
|-<br />
| {{CVE|CVE-2016-0777}} {{CVE|CVE-2016-0778}} [http://www.openssh.com/txt/release-7.1p2] || {{pkg|openssh}} || 2016-01-14 || <= 7.1p1-1 || 7.1p2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000512.html ASA-201601-9]<br />
|-<br />
| {{CVE|CVE-2016-2213}} [http://www.openwall.com/lists/oss-security/2016/02/03/2] || {{pkg|ffmpeg}} || 2016-02-03 || <= 2.8.4-1 || 2.8.5-1 || 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-1897}} {{CVE|CVE-2016-1898}} [http://seclists.org/oss-sec/2016/q1/85] || {{pkg|ffmpeg}} || 2016-01-13 || <= 1:2.8.4-2 || 1:2.8.4-3 || <1d || Fixed ({{Bug|47738}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000522.html ASA-201601-17]<br />
|-<br />
| {{CVE|CVE-2016-1897}} {{CVE|CVE-2016-1898}} [http://seclists.org/oss-sec/2016/q1/85] || {{pkg|mplayer}} || 2016-01-13 || <= 37379-6 || 37379-7 || 17d || Fixed ({{Bug|47944}}) || None<br />
|-<br />
| {{CVE|CVE-2015-8618}} [https://groups.google.com/forum/#!topic/golang-dev/MEATuOi_ei4] || {{pkg|go}} || 2016-01-13 || <= 2:1.5.2-1 || 2:1.5.3-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000516.html ASA-201601-11]<br />
|-<br />
|{{CVE|CVE-2015-8742}} {{CVE|CVE-2015-8741}} {{CVE|CVE-2015-8740}} {{CVE|CVE-2015-8738}} {{CVE|CVE-2015-8739}} {{CVE|CVE-2015-8737}} {{CVE|CVE-2015-8736}} {{CVE|CVE-2015-8735}} {{CVE|CVE-2015-8734}} {{CVE|CVE-2015-8733}} {{CVE|CVE-2015-8732}} {{CVE|CVE-2015-8730}} {{CVE|CVE-2015-8731}} {{CVE|CVE-2015-8729}} {{CVE|CVE-2015-8728}} {{CVE|CVE-2015-8727}} {{CVE|CVE-2015-8726}} {{CVE|CVE-2015-8725}} {{CVE|CVE-2015-8724}} {{CVE|CVE-2015-8723}} {{CVE|CVE-2015-8722}} {{CVE|CVE-2015-8721}} {{CVE|CVE-2015-8720}} {{CVE|CVE-2015-8718}} {{CVE|CVE-2015-8711}} || {{Pkg|wireshark-cli}} {{Pkg|wireshark-gtk}} {{Pkg|wireshark-qt}} || 2016-01-04 || <= 2.0.0 || 2.0.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000483.html ASA-201601-4] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000484.html ASA-201601-5] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000485.html ASA-201601-6]<br />
|-<br />
| {{CVE|CVE-2016-1564}} [http://article.gmane.org/gmane.comp.security.oss.general/18527] || {{Pkg|wordpress}} || 2016-01-08 || <= 4.4-1 || 4.4.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000481.html ASA-201601-2]<br />
|-<br />
| {{CVE|CVE-2015-8751}} [https://bugzilla.redhat.com/show_bug.cgi?id=1294039] [http://article.gmane.org/gmane.comp.security.oss.general/18523] || {{Pkg|jasper}} || 2016-01-07 || 1.900.1-15 || || || '''Vulnerable''' || <br />
|-<br />
| {{CVE|CVE-2015-8750}} [https://bugzilla.redhat.com/show_bug.cgi?id=1294264] [https://github.com/tomhughes/libdwarf/commit/11750a2838e52953013e3114ef27b3c7b1780697] || {{Pkg|libdwarf}} || 2016-01-07 || 20150507-1 || 20160115-1 || 13d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000527.html ASA-201601-22]<br />
|-<br />
| {{CVE|CVE-2016-1503}} {{CVE|CVE-2016-1504}} [http://article.gmane.org/gmane.comp.security.oss.general/18516] || {{Pkg|dhcpcd}} || 2016-01-07 || <= 6.9.4-1 || 6.10.0-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000486.html ASA-201601-7]<br />
|-<br />
| {{CVE|CVE-2015-7575}} [http://www.mitls.org/pages/attacks/SLOTH] [https://tls.mbed.org/tech-updates/releases/mbedtls-2.2.1-2.1.4-1.3.16-and-polarssl.1.2.19-released] || {{pkg|mbedtls}} || 2016-01-04 || 2.2.0-1 || 2.2.1-1 || 21d || Fixed ({{bug|47783}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000534.html ASA-201601-29]<br />
|-<br />
| {{CVE|CVE-2015-8688}} [http://gultsch.de/gajim_roster_push_and_message_interception.html] || {{pkg|gajim}} || 2015-12-20 || <= 0.16.4-1 || 0.16.5-1 || 20d || Fixed ({{bug|47647}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000482.html ASA-201601-3]<br />
|-<br />
| {{CVE|CVE-2016-1494}} [https://bitbucket.org/sybren/python-rsa/pull-requests/14/security-fix-bb06-attack-in-verify-by/diff] [https://blog.filippo.io/bleichenbacher-06-signature-forgery-in-python-rsa/] || {{pkg|python-rsa}} {{pkg|python2-rsa}} || 2016-01-05 || <= 3.2.3-1 || 3.3-1 || 13d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000528.html ASA-201601-23] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000529.html ASA-201601-24]<br />
|-<br />
| {{CVE|CVE-2016-1283}} [https://bugs.exim.org/show_bug.cgi?id=1767] [http://article.gmane.org/gmane.comp.security.oss.general/18481] || {{pkg|pcre}} || 2016-01-02 || <= 8.38-2 || 8.38-3 || 71d|| Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000583.html ASA-201603-18]<br />
|-<br />
|[http://article.gmane.org/gmane.comp.security.oss.general/18466] || {{Pkg|rtmpdump}} || 2015-12-23 || <= 20140918-2 || 1:2.4.r96.fa8646d-1 || 7d || Fixed ({{bug|47564}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000480.html ASA-201601-1]<br />
|-<br />
| {{CVE|CVE-2015-8472}} [http://seclists.org/oss-sec/2015/q4/439] || {{pkg|libpng}} || 2015-12-03 || <= 1.6.19-1 || 1.6.20-1 || 25d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000477.html ASA-201512-18]<br />
|-<br />
| {{CVE|CVE-2015-8459}} {{CVE|CVE-2015-8460}} {{CVE|CVE-2015-8634}} {{CVE|CVE-2015-8635}} {{CVE|CVE-2015-8636}} {{CVE|CVE-2015-8638}} {{CVE|CVE-2015-8639}} {{CVE|CVE-2015-8640}} {{CVE|CVE-2015-8641}} {{CVE|CVE-2015-8642}} {{CVE|CVE-2015-8643}} {{CVE|CVE-2015-8644}} {{CVE|CVE-2015-8645}} {{CVE|CVE-2015-8646}} {{CVE|CVE-2015-8647}} {{CVE|CVE-2015-8648}} {{CVE|CVE-2015-8649}} {{CVE|CVE-2015-8650}} {{CVE|CVE-2015-8651}} [https://helpx.adobe.com/security/products/flash-player/apsb16-01.html] || {{pkg|flashplugin}} {{pkg|lib32-flashplugin}} || 2015-12-28 || <= 11.2.202.554-1 || 11.2.202.559-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000477.html ASA-201512-17]<br />
|-<br />
| {{CVE|CVE-2015-7554}} {{CVE|CVE-2015-8683}} [http://seclists.org/oss-sec/2015/q4/584] [http://seclists.org/oss-sec/2015/q4/590] || {{pkg|libtiff}} || 2015-12-25 || <= 4.0.6-2 || || || '''Vulnerable''' || <br />
|-<br />
| {{CVE|CVE-2015-7201}} {{CVE|CVE-2015-7205}} {{CVE|CVE-2015-7212}} {{CVE|CVE-2015-7213}} {{CVE|CVE-2015-7214}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird38.5] || {{pkg|thunderbird}} || 2015-12-23 || <= 38.4.0-2 || 38.5.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000474.html ASA-201512-14]<br />
|-<br />
| {{CVE|CVE-2015-8612}} [http://seclists.org/oss-sec/2015/q4/541] || {{pkg|blueman}} || 2015-12-18 || <= 2.0.2-1 || 2.0.3-1 || 38d || Fixed ({{bug|47784}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000535.html ASA-201601-30]<br />
|-<br />
| {{CVE|CVE-2015-8659}} [http://seclists.org/oss-sec/2015/q4/576] || {{pkg|nghttp2}} || 2015-12-23 || <= 1.5.0-2 || 1.6.0-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000476.html ASA-201512-16]<br />
|-<br />
| {{CVE|CVE-2015-7555}} [http://seclists.org/oss-sec/2015/q4/548] || {{pkg|giflib}} || 2015-12-21 || <= 5.1.1-1 || 5.1.2-1 || 43d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-7557}} {{CVE|CVE-2015-7558}} [http://seclists.org/oss-sec/2015/q4/549] || {{pkg|librsvg}} || 2015-12-21 || <= 2:2.40.11-1 || 2:2.40.13-1 || 45d || Fixed ({{bug|47785}}) || None<br />
|-<br />
| {{CVE|CVE-2015-8622}} {{CVE|CVE-2015-8623}} {{CVE|CVE-2015-8624}} {{CVE|CVE-2015-8625}} {{CVE|CVE-2015-8626}} {{CVE|CVE-2015-8627}} {{CVE|CVE-2015-8628}} [http://seclists.org/oss-sec/2015/q4/552] || {{pkg|mediawiki}} || 2015-12-17 || <= 1.26.0-1 || 1.26.2-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000475.html ASA-201512-15]<br />
|-<br />
| {{CVE|CVE-2015-8614}} [http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3557] || {{pkg|claws-mail}} || 2015-12-21 || <= 3.13.0-1 || 3.13.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000473.html ASA-201512-13]<br />
|-<br />
| {{CVE|CVE-2015-8369}} {{CVE|CVE-2015-8604}} {{CVE|CVE-2015-8377}} {{CVE|CVE-2016-2313}} [http://www.openwall.com/lists/oss-security/2016/02/09/3] [https://bugs.mageia.org/show_bug.cgi?id=17352] [http://www.openwall.com/lists/oss-security/2016/01/04/8] || {{pkg|cacti}} || 2015-12-17 || <= 0.8.8_f-3 || 0.8.8_g-2 || 72d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000565.html ASA-201602-24]<br />
|-<br />
| [https://blog.fuzzing-project.org/32-Out-of-bounds-read-in-OpenVPN.html] || {{pkg|openvpn}} || 2015-12-18 || <= 2.3.8-2 || 2.3.9-1 || 9d || Fixed ({{bug|47498}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000479.html ASA-201512-19]<br />
|-<br />
| {{CVE|CVE-2015-8549}} [http://www.ocert.org/advisories/ocert-2015-011.html] || {{pkg|python2-pyamf}} || 2015-12-17 || <= 0.7.2-1 || 0.8.0-2 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000472.html ASA-201512-12]<br />
|-<br />
| {{CVE|CVE-2015-7551}} [https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/] || {{pkg|ruby}} || 2015-12-16 || <= 2.2.3-1 || 2.2.4-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000471.html ASA-201512-11]<br />
|-<br />
| {{CVE|CVE-2015-7201}} {{CVE|CVE-2015-7202}} {{CVE|CVE-2015-7203}} {{CVE|CVE-2015-7204}} {{CVE|CVE-2015-7205}} {{CVE|CVE-2015-7207}} {{CVE|CVE-2015-7208}} {{CVE|CVE-2015-7210}} {{CVE|CVE-2015-7211}} {{CVE|CVE-2015-7212}} {{CVE|CVE-2015-7213}} {{CVE|CVE-2015-7214}} {{CVE|CVE-2015-7215}} {{CVE|CVE-2015-7216}} {{CVE|CVE-2015-7217}} {{CVE|CVE-2015-7218}} {{CVE|CVE-2015-7219}} {{CVE|CVE-2015-7220}} {{CVE|CVE-2015-7221}} {{CVE|CVE-2015-7222}} {{CVE|CVE-2015-7223}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox43] || {{pkg|firefox}} || 2015-12-15 || <= 42.0-3 || 43.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000467.html ASA-201512-9]<br />
|-<br />
| {{CVE|CVE-2015-8000}} [https://kb.isc.org/article/AA-01317] || {{pkg|bind}} || 2015-12-15 || <= 9.10.3-2 || 9.10.3.P2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000468.html ASA-201512-10]<br />
|-<br />
| {{CVE|CVE-2015-8370}} [http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html#fix] || {{pkg|grub}} || 2015-12-15 || <= 1:2.02.beta2-5 || 1:2.02.beta2-6 || 3d || Fixed ({{bug|47386}}) || None<br />
|-<br />
| {{CVE|CVE-2015-8378}} [https://www.keepassx.org/news/2015/12/551] || {{pkg|keepassx}} || 2015-12-08 || <= 0.4.3-7 || 0.4.4-1 || <2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000466.html ASA-201512-8]<br />
|-<br />
| {{CVE|CVE-2015-8045}} {{CVE|CVE-2015-8047}} {{CVE|CVE-2015-8048}} {{CVE|CVE-2015-8049}} {{CVE|CVE-2015-8050}} {{CVE|CVE-2015-8055}} {{CVE|CVE-2015-8056}} {{CVE|CVE-2015-8057}} {{CVE|CVE-2015-8058}} {{CVE|CVE-2015-8059}} {{CVE|CVE-2015-8060}} {{CVE|CVE-2015-8061}} {{CVE|CVE-2015-8062}} {{CVE|CVE-2015-8063}} {{CVE|CVE-2015-8064}} {{CVE|CVE-2015-8065}} {{CVE|CVE-2015-8066}} {{CVE|CVE-2015-8067}} {{CVE|CVE-2015-8068}} {{CVE|CVE-2015-8069}} {{CVE|CVE-2015-8070}} {{CVE|CVE-2015-8071}} {{CVE|CVE-2015-8401}} {{CVE|CVE-2015-8402}} {{CVE|CVE-2015-8403}} {{CVE|CVE-2015-8404}} {{CVE|CVE-2015-8405}} {{CVE|CVE-2015-8406}} {{CVE|CVE-2015-8407}} {{CVE|CVE-2015-8408}} {{CVE|CVE-2015-8409}} {{CVE|CVE-2015-8410}} {{CVE|CVE-2015-8411}} {{CVE|CVE-2015-8412}} {{CVE|CVE-2015-8413}} {{CVE|CVE-2015-8414}} {{CVE|CVE-2015-8415}} {{CVE|CVE-2015-8416}} {{CVE|CVE-2015-8417}} {{CVE|CVE-2015-8418}} {{CVE|CVE-2015-8419}} {{CVE|CVE-2015-8420}} {{CVE|CVE-2015-8421}} {{CVE|CVE-2015-8422}} {{CVE|CVE-2015-8423}} {{CVE|CVE-2015-8424}} {{CVE|CVE-2015-8425}} {{CVE|CVE-2015-8426}} {{CVE|CVE-2015-8427}} {{CVE|CVE-2015-8428}} {{CVE|CVE-2015-8429}} {{CVE|CVE-2015-8430}} {{CVE|CVE-2015-8431}} {{CVE|CVE-2015-8432}} {{CVE|CVE-2015-8433}} {{CVE|CVE-2015-8434}} {{CVE|CVE-2015-8435}} {{CVE|CVE-2015-8436}} {{CVE|CVE-2015-8437}} {{CVE|CVE-2015-8438}} {{CVE|CVE-2015-8439}} {{CVE|CVE-2015-8440}} {{CVE|CVE-2015-8441}} {{CVE|CVE-2015-8442}} {{CVE|CVE-2015-8443}} {{CVE|CVE-2015-8444}} {{CVE|CVE-2015-8445}} {{CVE|CVE-2015-8446}} {{CVE|CVE-2015-8447}} {{CVE|CVE-2015-8448}} {{CVE|CVE-2015-8449}} {{CVE|CVE-2015-8450}} {{CVE|CVE-2015-8451}} {{CVE|CVE-2015-8452}} {{CVE|CVE-2015-8453}} {{CVE|CVE-2015-8454}} {{CVE|CVE-2015-8455}} [https://helpx.adobe.com/security/products/flash-player/apsb15-32.html] || {{pkg|flashplugin}} || 2015-12-08 || <= 11.2.202.548-1 || 11.2.202.554-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000465.html ASA-201512-7]<br />
|-<br />
| {{CVE|CVE-2015-6788}} {{CVE|CVE-2015-6789}} {{CVE|CVE-2015-6790}} {{CVE|CVE-2015-6791}} [http://googlechromereleases.blogspot.fr/2015/12/stable-channel-update_8.html] || {{pkg|chromium}} || 2015-12-08 || <= 47.0.2526.73-1 || 47.0.2526.80-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000463.html ASA-201512-5]<br />
|-<br />
| {{CVE|CVE-2015-3193}} {{CVE|CVE-2015-3194}} {{CVE|CVE-2015-3195}} {{CVE|CVE-2015-3196}} {{CVE|CVE-2015-1794}} [https://www.openssl.org/news/secadv/20151203.txt] || {{pkg|openssl}} {{pkg|lib32-openssl}} || 2015-12-03 || <= 1.0.2.d-1 || 1.0.2.e-1 || <3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000459.html ASA-201512-2]<br />
|-<br />
| {{CVE|CVE-2015-6764}} {{CVE|CVE-2015-6765}} {{CVE|CVE-2015-6766}} {{CVE|CVE-2015-6767}} {{CVE|CVE-2015-6768}} {{CVE|CVE-2015-6769}} {{CVE|CVE-2015-6770}} {{CVE|CVE-2015-6771}} {{CVE|CVE-2015-6772}} {{CVE|CVE-2015-6773}} {{CVE|CVE-2015-6774}} {{CVE|CVE-2015-6775}} {{CVE|CVE-2015-6776}} {{CVE|CVE-2015-6777}} {{CVE|CVE-2015-6778}} {{CVE|CVE-2015-6779}} {{CVE|CVE-2015-6780}} {{CVE|CVE-2015-6781}} {{CVE|CVE-2015-6782}} {{CVE|CVE-2015-6783}} {{CVE|CVE-2015-6784}} {{CVE|CVE-2015-6785}} {{CVE|CVE-2015-6786}} {{CVE|CVE-2015-6787}} [http://googlechromereleases.blogspot.fr/2015/12/stable-channel-update.html] || {{pkg|chromium}} || 2015-12-01 || <= 46.0.2490.86-1 || 47.0.2526.73-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000440.html ASA-201512-1]<br />
|-<br />
| {{CVE|CVE-2015-6764}} {{CVE|CVE-2015-8027}} [https://nodejs.org/en/blog/vulnerability/cve-2015-8027_cve-2015-6764/] || {{pkg|nodejs}} || 2015-11-25 || <= 5.1.0-1 || 5.1.1-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000462.html ASA-201512-4]<br />
|-<br />
| {{CVE|CVE-2015-8213}} [https://www.djangoproject.com/weblog/2015/nov/24/security-releases-issued/ templink] || {{pkg|python-django}} {{pkg|python2-django}} || 2015-11-24 || <= 1.8.6-1 || 1.8.7-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000460.html ASA-201512-3]<br />
|-<br />
| {{CVE|CVE-2015-1819}} {{CVE|CVE-2015-5312}} {{CVE|CVE-2015-7941}} {{CVE|CVE-2015-7942}} {{CVE|CVE-2015-7497}} {{CVE|CVE-2015-7498}} {{CVE|CVE-2015-7499}} {{CVE|CVE-2015-7500}} {{CVE|CVE-2015-8035}} {{CVE|CVE-2015-8242}} [https://mail.gnome.org/archives/xml/2015-November/msg00012.html templink] || {{pkg|libxml2}} || 2015-11-20 || <= 2.9.2-2 || 2.9.3-1 || 19d || Fixed ({{bug|47095}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000464.html ASA-201512-6]<br />
|-<br />
| {{CVE|CVE-2015-7981}} {{CVE|CVE-2015-8126}} [http://seclists.org/oss-sec/2015/q4/264 templink] [http://seclists.org/oss-sec/2015/q4/161 templink] || {{pkg|libpng}} {{pkg|lib32-libpng}} || 2015-11-12 || <= 1.6.18-1 || 1.6.19-1 || 5d || Fixed ({{bug|47069}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000437.html ASA-201511-9] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000438.html ASA-201511-10]<br />
|-<br />
| {{CVE|CVE-2015-5309}} [http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-ech-overflow.html templink] || {{pkg|putty}} || 2015-11-12 || <= 0.65-1 || 0.66-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000435.html ASA-201511-7]<br />
|-<br />
| {{CVE|CVE-2015-7651}} {{CVE|CVE-2015-7652}} {{CVE|CVE-2015-7653}} {{CVE|CVE-2015-7654}} {{CVE|CVE-2015-7655}} {{CVE|CVE-2015-7656}} {{CVE|CVE-2015-7657}} {{CVE|CVE-2015-7658}} {{CVE|CVE-2015-7659}} {{CVE|CVE-2015-7660}} {{CVE|CVE-2015-7661}} {{CVE|CVE-2015-7662}} {{CVE|CVE-2015-7663}} {{CVE|CVE-2015-8042}} {{CVE|CVE-2015-8043}} {{CVE|CVE-2015-8044}} {{CVE|CVE-2015-8046}} [https://helpx.adobe.com/security/products/flash-player/apsb15-28.html templink] || {{pkg|flashplugin}} || 2015-11-10 || <= 11.2.202.540-1 || 11.2.202.548-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000433.html ASA-201511-5]<br />
|-<br />
| {{CVE|CVE-2015-1302}} [http://googlechromereleases.blogspot.fr/2015/11/stable-channel-update.html templink] || {{pkg|chromium}} || 2015-11-10 || <= 46.0.2490.80-2 || 46.0.2490.86-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000436.html ASA-201511-8]<br />
|-<br />
| {{CVE|CVE-2015-5311}} [https://doc.powerdns.com/md/security/powerdns-advisory-2015-03/ templink] || {{pkg|powerdns}} || 2015-11-09 || <= 3.4.6-2 || 3.4.7-1 || 3d || Fixed ({{bug|47014}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000434.html ASA-201511-6]<br />
|-<br />
| {{CVE|CVE-2015-4513}} {{CVE|CVE-2015-4514}} {{CVE|CVE-2015-4515}} {{CVE|CVE-2015-4518}} {{CVE|CVE-2015-7181}} {{CVE|CVE-2015-7182}} {{CVE|CVE-2015-7183}} {{CVE|CVE-2015-7187}} {{CVE|CVE-2015-7188}} {{CVE|CVE-2015-7189}} {{CVE|CVE-2015-7193}} {{CVE|CVE-2015-7194}} {{CVE|CVE-2015-7195}} {{CVE|CVE-2015-7196}} {{CVE|CVE-2015-7197}} {{CVE|CVE-2015-7198}} {{CVE|CVE-2015-7199}} {{CVE|CVE-2015-7200}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2015-11-03 || <= 41.0.2-2 || 42.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000430.html ASA-201511-2]<br />
|-<br />
| {{CVE|CVE-2015-7183}} [http://www.mail-archive.com/dev-tech-crypto@lists.mozilla.org/msg12386.html templink] || {{pkg|nspr}} || 2015-11-03 || <= 4.10.9-1 || 4.10.10-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000432.html ASA-201511-4]<br />
|-<br />
| {{CVE|CVE-2015-7181}} {{CVE|CVE-2015-7182}} [http://www.mail-archive.com/dev-tech-crypto@lists.mozilla.org/msg12386.html templink] || {{pkg|nss}} || 2015-11-03 || <= 3.20-1 || 3.20.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000431.html ASA-201511-3]<br />
|-<br />
| {{CVE|CVE-2015-7696}} {{CVE|CVE-2015-7697}} [http://seclists.org/oss-sec/2015/q3/512 templink] || {{pkg|unzip}} || 2015-10-30 || <= 6.0-10 || 6.0-11 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000429.html ASA-201511-1]<br />
|-<br />
| {{CVE|CVE-2015-8011}} {{CVE|CVE-2015-8012}} [http://seclists.org/oss-sec/2015/q4/198 templink] || {{pkg|lldpd}} || 2015-10-17 || <= 0.7.18-1 || 0.7.19-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000427.html ASA-201510-25]<br />
|-<br />
| {{CVE|CVE-2015-5714}} {{CVE|CVE-2015-5715}} {{CVE|CVE-2015-7989}} [https://codex.wordpress.org/Version_4.3.1 templink] || {{pkg|wordpress}} || 2015-10-18 || <= 4.3.0-1 || 4.3.1-1 || 11d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000426.html ASA-201510-24]<br />
|-<br />
| {{CVE|CVE-2015-7873}} [https://www.phpmyadmin.net/security/PMASA-2015-5/ templink] || {{pkg|phpmyadmin}} || 2015-10-23 || <= 4.5.0-1 || 4.5.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000425.html ASA-201510-23]<br />
|-<br />
| {{CVE|CVE-2015-7995}} [https://bugzilla.redhat.com/show_bug.cgi?id=1257962 templink] || {{pkg|libxslt}} || 2015-10-27 || <= 1.1.28-3 || 1.1.28-4 || 73d || Fixed ({{bug|47681}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000487.html ASA-201601-8]<br />
|-<br />
| {{CVE|CVE-2015-7943}} [https://www.drupal.org/SA-CORE-2015-004 templink] || {{pkg|drupal}} || 2015-10-21 || <= 7.40-1 || 7.41-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000423.html ASA-201510-21]<br />
|-<br />
| {{CVE|CVE-2015-4913}} {{CVE|CVE-2015-4870}} {{CVE|CVE-2015-4861}} {{CVE|CVE-2015-4858}} {{CVE|CVE-2015-4836}} {{CVE|CVE-2015-4830}} {{CVE|CVE-2015-4826}} {{CVE|CVE-2015-4815}} {{CVE|CVE-2015-4802}} {{CVE|CVE-2015-4792}} || {{pkg|mariadb}} || 2015-10-22 || <= 10.0.21-3 || 10.0.22-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000428.html ASA-201510-26] <br />
|-<br />
| {{CVE|CVE-2015-4734}} {{CVE|CVE-2015-4803}} {{CVE|CVE-2015-4805}} {{CVE|CVE-2015-4806}} {{CVE|CVE-2015-4810}} {{CVE|CVE-2015-4835}} {{CVE|CVE-2015-4840}} {{CVE|CVE-2015-4842}} {{CVE|CVE-2015-4843}} {{CVE|CVE-2015-4844}} {{CVE|CVE-2015-4860}} {{CVE|CVE-2015-4868}} {{CVE|CVE-2015-4872}} {{CVE|CVE-2015-4881}} {{CVE|CVE-2015-4882}} {{CVE|CVE-2015-4883}} {{CVE|CVE-2015-4893}} {{CVE|CVE-2015-4901}} {{CVE|CVE-2015-4902}} {{CVE|CVE-2015-4903}} {{CVE|CVE-2015-4906}} {{CVE|CVE-2015-4908}} {{CVE|CVE-2015-4911}} {{CVE|CVE-2015-4916}} || {{pkg|jdk8-openjdk}} {{pkg|jre8-openjdk}} {{pkg|jre8-openjdk-headless}} || 2015-09-22 || <= 8.u60-1 || 8.u65-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000420.html ASA-201510-18] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000421.html ASA-201510-19] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000422.html ASA-201510-20]<br />
|-<br />
| {{CVE|CVE-2015-4734}} {{CVE|CVE-2015-4803}} {{CVE|CVE-2015-4805}} {{CVE|CVE-2015-4806}} {{CVE|CVE-2015-4810}} {{CVE|CVE-2015-4835}} {{CVE|CVE-2015-4840}} {{CVE|CVE-2015-4842}} {{CVE|CVE-2015-4843}} {{CVE|CVE-2015-4844}} {{CVE|CVE-2015-4860}} {{CVE|CVE-2015-4871}} {{CVE|CVE-2015-4872}} {{CVE|CVE-2015-4881}} {{CVE|CVE-2015-4882}} {{CVE|CVE-2015-4883}} {{CVE|CVE-2015-4893}} {{CVE|CVE-2015-4902}} {{CVE|CVE-2015-4903}} {{CVE|CVE-2015-4911}} || {{pkg|jdk7-openjdk}} {{pkg|jre7-openjdk}} {{pkg|jre7-openjdk-headless}} || 2015-09-22 || <= 7.u85_2.6.1-2 || 7.u91_2.6.2-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000417.html ASA-201510-15] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000418.html ASA-201510-16] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000419.html ASA-201510-17]<br />
|-<br />
| {{CVE|CVE-2015-7691}} {{CVE|CVE-2015-7692}} {{CVE|CVE-2015-7701}} {{CVE|CVE-2015-7702}} {{CVE|CVE-2015-7703}} {{CVE|CVE-2015-7704}} {{CVE|CVE-2015-7705}} {{CVE|CVE-2015-7848}} {{CVE|CVE-2015-7849}} {{CVE|CVE-2015-7850}} {{CVE|CVE-2015-7851}} {{CVE|CVE-2015-7852}} {{CVE|CVE-2015-7853}} {{CVE|CVE-2015-7854}} {{CVE|CVE-2015-7855}} {{CVE|CVE-2015-7871}} [http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities templink] [http://blog.talosintel.com/2015/10/ntpd-vulnerabilities.html templink] || {{pkg|ntp}} || 2015-10-21 || <= 4.2.8.p3-1 || 4.2.8.p4-1 || 1d || Fixed ({{bug|46826}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000416.html ASA-201510-14]<br />
|-<br />
| {{CVE|CVE-2015-6031}} [http://talosintel.com/reports/TALOS-2015-0035/ templink] || {{pkg|miniupnpc}} || 2015-09-15 || <= 1.9.20150730-1 || 1.9.20151008-1 || 30d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000413.html ASA-201510-11]<br />
|-<br />
| {{CVE|CVE-2015-7645}} {{CVE|CVE-2015-7647}} {{CVE|CVE-2015-7648}} [https://helpx.adobe.com/security/products/flash-player/apsa15-05.html templink] [https://helpx.adobe.com/security/products/flash-player/apsb15-27.html templink] || {{pkg|flashplugin}} || 2015-10-14 || <= 11.2.202.535-1 || 11.2.202.540-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000414.html ASA-201510-12]<br />
|-<br />
| {{CVE|CVE-2015-7184}} [https://www.mozilla.org/en-US/security/advisories/mfsa2015-115/ templink] || {{pkg|firefox}} || 2015-10-15 || <= 41.0.1-1 || 41.0.2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000412.html ASA-201510-10]<br />
|-<br />
| {{CVE|CVE-2015-5260}} {{CVE|CVE-2015-5261}} {{CVE|CVE-2015-3247}} [http://lists.freedesktop.org/archives/spice-devel/2015-October/022168.html templink] [https://bugzilla.redhat.com/show_bug.cgi?id=1260822 templink] [https://bugzilla.redhat.com/show_bug.cgi?id=1261889 templink] [https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797976;msg=21 templink] || {{pkg|spice}} || 2015-09-08 || <= 0.12.5-1 || 0.12.6-1 || 41d || Fixed ({{bug|46738}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000415.html ASA-201510-13]<br />
|-<br />
| {{CVE|CVE-2015-6755}} {{CVE|CVE-2015-6756}} {{CVE|CVE-2015-6757}} {{CVE|CVE-2015-6758}} {{CVE|CVE-2015-6759}} {{CVE|CVE-2015-6760}} {{CVE|CVE-2015-6761}} {{CVE|CVE-2015-6762}} {{CVE|CVE-2015-6763}} [http://googlechromereleases.blogspot.fr/2015/10/stable-channel-update.html templink] || {{pkg|chromium}} || 2015-10-13 || <= 45.0.2454.101-2 || 46.0.2490.71-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000410.html ASA-201510-8]<br />
|-<br />
| {{CVE|CVE-2015-5569}} {{CVE|CVE-2015-7625}} {{CVE|CVE-2015-7626}} {{CVE|CVE-2015-7627}} {{CVE|CVE-2015-7628}} {{CVE|CVE-2015-7629}} {{CVE|CVE-2015-7630}} {{CVE|CVE-2015-7631}} {{CVE|CVE-2015-7632}} {{CVE|CVE-2015-7633}} {{CVE|CVE-2015-7634}} {{CVE|CVE-2015-7643}} {{CVE|CVE-2015-7644}} [https://helpx.adobe.com/security/products/flash-player/apsb15-25.html templink] || {{pkg|flashplugin}} || 2015-10-13 || <= 11.2.202.521-1 || 11.2.202.535-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000409.html ASA-201510-7]<br />
|-<br />
| {{CVE|CVE-2015-5291}} [https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2015-01 templink] || {{pkg|mbedtls}} || 2015-10-05 || <= 2.1.1-1 || 2.1.2-1 || 10d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000411.html ASA-201510-9]<br />
|-<br />
| {{CVE|CVE-2015-7384}} [https://nodejs.org/en/blog/release/v4.1.2/ templink] || {{pkg|nodejs}} || 2015-10-05 || <= 4.1.1-1 || 4.1.2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000405.html ASA-201510-3]<br />
|-<br />
| {{CVE|CVE-2015-7687}} [http://seclists.org/oss-sec/2015/q4/17 templink] [https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3f8e2fe24f3ff174d8515b82607e951e054f68f6 templink] || {{pkg|opensmtpd}} || 2015-10-02 || <= 5.7.1p1-1 || 5.7.3p1-1 || 6d || Fixed ({{bug|46605}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000407.html ASA-201510-5]<br />
|-<br />
| {{CVE|CVE-2015-7673}} {{CVE|CVE-2015-7674}} [http://seclists.org/oss-sec/2015/q4/18 templink] [http://seclists.org/oss-sec/2015/q4/19 templink] || {{pkg|gdk-pixbuf2}} || 2015-10-01 || <= 2.31.7-1 || 2.32.1-1 || 9d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000408.html ASA-201510-6]<br />
|-<br />
| {{CVE|CVE-2015-1335}} [https://github.com/lxc/lxc/commit/6de26af93d3dd87c8b21a42fdf20f30fa1c1948d templink] || {{pkg|lxc}} || 2015-09-29 || <= 1:1.1.3-2 || - || - || Not Affected ({{bug|46574}}) || None<br />
|-<br />
| {{CVE|CVE-2015-6972}} {{CVE|CVE-2015-6973}} [http://hyp3rlinx.altervista.org/advisories/AS-OPENFIRE-XSS.txt templink] [http://hyp3rlinx.altervista.org/advisories/AS-OPENFIRE-CSRF.txt templink] [https://igniterealtime.org/issues/browse/OF-942] || {{pkg|openfire}} || 2015-09-14 || <= 4.0.3-1 || || || '''Vulnerable''' ||<br />
|-<br />
| {{CVE|CVE-2015-4499}} [https://www.bugzilla.org/security/4.2.14/ templink] || {{pkg|bugzilla}} || 2015-09-10 || <= 5.0-1 || 5.0.1-1 || 28d || Fixed ({{bug|46573}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000406.html ASA-201510-4]<br />
|-<br />
| {{CVE|CVE-2015-4141}} {{CVE|CVE-2015-4142}} {{CVE|CVE-2015-4143}} {{CVE|CVE-2015-4144}} {{CVE|CVE-2015-4145}} {{CVE|CVE-2015-4146}} [http://w1.fi/security/2015-2/ templink] [http://w1.fi/security/2015-3/ templink] [http://w1.fi/security/2015-4/ templink] [http://w1.fi/security/2015-5/ templink] || {{pkg|hostapd}} || 2015-05-04 || <= 2.4-2 || 2.5-1 || ~150d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000404.html ASA-201510-2]<br />
|-<br />
| {{CVE|CVE-2015-3239}} [https://bugzilla.redhat.com/show_bug.cgi?id=1232265 templink] || {{pkg|libunwind}} || 2015-06-16 || <= 1.1-2 || 1.1-3 || ~110d || Fixed ({{bug|46474}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000403.html ASA-201510-1]<br />
|-<br />
| {{CVE|CVE-2015-1303}} {{CVE|CVE-2015-1304}} [http://googlechromereleases.blogspot.fr/2015/09/stable-channel-update_24.html templink] || {{pkg|chromium}} || 2015-09-24 || <= 45.0.2454.99-1 || 45.0.2454.101-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000401.html ASA-201509-11]<br />
|-<br />
| {{CVE|CVE-2015-4500}} {{CVE|CVE-2015-4501}} {{CVE|CVE-2015-4502}} {{CVE|CVE-2015-4504}} {{CVE|CVE-2015-4506}} {{CVE|CVE-2015-4507}} {{CVE|CVE-2015-4508}} {{CVE|CVE-2015-4509}} {{CVE|CVE-2015-4510}} {{CVE|CVE-2015-4511}} {{CVE|CVE-2015-4512}} {{CVE|CVE-2015-4516}} {{CVE|CVE-2015-4517}} {{CVE|CVE-2015-4519}} {{CVE|CVE-2015-4520}} {{CVE|CVE-2015-4521}} {{CVE|CVE-2015-4522}} {{CVE|CVE-2015-7174}} {{CVE|CVE-2015-7175}} {{CVE|CVE-2015-7176}} {{CVE|CVE-2015-7177}} {{CVE|CVE-2015-7180}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox41 templink] || {{pkg|firefox}} || 2015-09-22 || <= 40.0.3-1 || 41.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000399.html ASA-201509-9]<br />
|-<br />
| {{CVE|CVE-2015-5567}} {{CVE|CVE-2015-5568}} {{CVE|CVE-2015-5570}} {{CVE|CVE-2015-5571}} {{CVE|CVE-2015-5572}} {{CVE|CVE-2015-5573}} {{CVE|CVE-2015-5574}} {{CVE|CVE-2015-5575}} {{CVE|CVE-2015-5576}} {{CVE|CVE-2015-5577}} {{CVE|CVE-2015-5578}} {{CVE|CVE-2015-5579}} {{CVE|CVE-2015-5580}} {{CVE|CVE-2015-5581}} {{CVE|CVE-2015-5582}} {{CVE|CVE-2015-5584}} {{CVE|CVE-2015-5587}} {{CVE|CVE-2015-5588}} {{CVE|CVE-2015-6676}} {{CVE|CVE-2015-6677}} {{CVE|CVE-2015-6678}} {{CVE|CVE-2015-6679}} {{CVE|CVE-2015-6682}} [https://helpx.adobe.com/security/products/flash-player/apsb15-23.html templink] || {{pkg|flashplugin}} || 2015-09-21 || <= 11.2.202.508-1 || 11.2.202.521-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000398.html ASA-201510-8]<br />
|-<br />
| {{CVE|CVE-2015-7236}} [http://seclists.org/oss-sec/2015/q3/561 templink] || {{pkg|rpcbind}} || 2015-09-17 || <= 0.2.3-1 || 0.2.3-2 || 7d || Fixed ({{bug|46341}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000400.html ASA-201509-10]<br />
|-<br />
| {{CVE|CVE-2015-5714}} {{CVE|CVE-2015-5715}} [https://wordpress.org/news/2015/09/wordpress-4-3-1/ templink] || {{pkg|wordpress}} || 2015-09-15 || <= 4.3-1 || 4.3.1-1 || 5d || Fixed ({{bug|46340}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000397.html ASA-201510-7]<br />
|-<br />
| {{CVE|CVE-2015-6908}} [http://www.openwall.com/lists/oss-security/2015/09/11/5 templink] || {{pkg|openldap}} || 2015-09-09 || <= 2.4.42-1 || 2.4.42-2 || 3d || Fixed ({{bug|46265}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000393.html ASA-201509-4]<br />
|-<br />
| {{CVE|CVE-2015-5722}} {{CVE|CVE-2015-5986}} [https://www.isc.org/blogs/cve-2015-5986-an-incorrect-boundary-check-can-trigger-a-require-assertion-failure-in-openpgpkey_61-c/ templink] [https://www.isc.org/blogs/cve-2015-5722-parsing-malformed-keys-may-cause-bind-to-exit-due-to-a-failed-assertion-in-buffer-c/ templink] || {{pkg|bind}} || 2015-09-02 || <= 9.10.2.P3-1 || 9.10.2.P4-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000391.html ASA-201509-2]<br />
|-<br />
| {{CVE|CVE-2015-5198}} {{CVE|CVE-2015-5199}} {{CVE|CVE-2015-5200}} [http://lists.x.org/archives/xorg-announce/2015-August/002630.html templink] || {{pkg|libvdpau}} {{pkg|lib32-libvdpau}} || 2015-08-31 || <= 1.1-1 || 1.1.1-1 || 13d || Fixed ({{bug|46266}}) ({{bug|46267}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000394.html ASA-201509-5]<br />
|-<br />
| {{CVE|CVE-2015-1291}} {{CVE|CVE-2015-1292}} {{CVE|CVE-2015-1293}} {{CVE|CVE-2015-1294}} {{CVE|CVE-2015-1295}} {{CVE|CVE-2015-1296}} {{CVE|CVE-2015-1297}} {{CVE|CVE-2015-1298}} {{CVE|CVE-2015-1299}} {{CVE|CVE-2015-1300}} {{CVE|CVE-2015-1301}} [http://googlechromereleases.blogspot.fr/2015/09/stable-channel-update.html templink] || {{pkg|chromium}} || 2015-09-01 || <= 44.0.2403.157-1 || 45.0.2454.85-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000390.html ASA-201509-1]<br />
|-<br />
| {{CVE|CVE-2015-5230}} [https://doc.powerdns.com/md/security/powerdns-advisory-2015-02/ templink] || {{pkg|powerdns}} || 2015-09-02 || <= 3.4.5-1 || 3.4.6-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000392.html ASA-201509-3]<br />
|-<br />
| {{CVE|CVE-2015-5317}} {{CVE|CVE-2015-5318}} {{CVE|CVE-2015-5319}} {{CVE|CVE-2015-5320}} {{CVE|CVE-2015-5321}} {{CVE|CVE-2015-5322}} {{CVE|CVE-2015-5323}} {{CVE|CVE-2015-5324}} {{CVE|CVE-2015-5325}} {{CVE|CVE-2015-5326}} {{CVE|CVE-2015-8103}} [https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11 templink] [http://seclists.org/bugtraq/2015/Aug/161 templink] || {{pkg|jenkins}} || 2015-08-28 || <= 1.627-1 || 1.638-1 || 60d || Fixed ({{bug|46268}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000439.html ASA-201511-11]<br />
|-<br />
| {{CVE|CVE-2015-6749}} [http://seclists.org/oss-sec/2015/q3/457 templink] || {{pkg|vorbis-tools}} || 2015-08-30 || <= 1.4.0-5 || 1.4.0-6 || >60d || Fixed ({{bug|46269}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000424.html ASA-201510-22]<br />
|-<br />
| {{CVE|CVE-2015-4497}} {{CVE|CVE-2015-4498}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox40.0.3 templink] || {{pkg|firefox}} || 2015-08-27 || <= 40.0.2-1 || 40.0.3-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000389.html ASA-201508-12]<br />
|-<br />
| {{CVE|CVE-2015-5949}} [http://www.ocert.org/advisories/ocert-2015-009.html templink] || {{pkg|vlc}} || 2015-08-20 || <= 2.2.1-6 || 2.2.2-1 || 179d || Fixed ({{bug|46037}}) || None<br />
|-<br />
| {{CVE|CVE-2015-5963}} [https://www.djangoproject.com/weblog/2015/aug/18/security-releases/ templink] || {{pkg|python-django}} {{pkg|python2-django}} || 2015-08-18 || <= 1.8.3-1 || 1.8.4-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000386.html ASA-201508-9]<br />
|-<br />
| {{CVE|CVE-2015-5221}} [http://seclists.org/oss-sec/2015/q3/408 templink] || {{pkg|jasper}} || 2015-08-16 || <= 1.900.1-15 || || || '''Vulnerable''' || <br />
|-<br />
| {{CVE|CVE-2015-5203}} [http://seclists.org/oss-sec/2015/q3/366 templink] || {{pkg|jasper}} || 2015-08-16 || <= 1.900.1-15 || || || '''Vulnerable''' || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000387.html ASA-201508-10]<br />
|-<br />
| CVE Pending [http://seclists.org/oss-sec/2015/q3/295 templink] || {{pkg|pcre}} || 2015-08-05 || <= 8.37-2 || 8.37-3 || 12d || Fixed ({{bug|45945}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000388.html ASA-201508-11]<br />
|-<br />
| {{CVE|CVE-2015-4473}} {{CVE|CVE-2015-4474}} {{CVE|CVE-2015-4475}} {{CVE|CVE-2015-4477}} {{CVE|CVE-2015-4478}} {{CVE|CVE-2015-4479}} {{CVE|CVE-2015-4480}} {{CVE|CVE-2015-4482}} {{CVE|CVE-2015-4483}} {{CVE|CVE-2015-4484}} {{CVE|CVE-2015-4485}} {{CVE|CVE-2015-4486}} {{CVE|CVE-2015-4487}} {{CVE|CVE-2015-4488}} {{CVE|CVE-2015-4489}} {{CVE|CVE-2015-4490}} {{CVE|CVE-2015-4491}} {{CVE|CVE-2015-4492}} {{CVE|CVE-2015-4493}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox40 templink] || {{pkg|firefox}} || 2015-08-11 || <= 39.0.3-1 || 40.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000381.html ASA-201508-4]<br />
|-<br />
| {{CVE|CVE-2014-8121}} [https://access.redhat.com/security/cve/CVE-2014-8121 templink] || {{pkg|glibc}} || 2015-02-23 || <= 2.21-4 || 2.22-1 || ~180d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000384.html ASA-201508-7]<br />
|-<br />
| {{CVE|CVE-2015-4680}} [http://www.ocert.org/advisories/ocert-2015-008.html templink] || {{pkg|freeradius}} || 2015-06-22 || <= 3.0.8-2 || 3.0.9-1 || ~50d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000383.html ASA-201508-6]<br />
|-<br />
| {{CVE|CVE-2015-3184}} {{CVE|CVE-2015-3187}} [https://subversion.apache.org/security/CVE-2015-3184-advisory.txt templink] [https://subversion.apache.org/security/CVE-2015-3187-advisory.txt templink] || {{pkg|subversion}} || 2015-08-05 || <= 1.8.13-2 || 1.9.0-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000382.html ASA-201508-5]<br />
|-<br />
| {{CVE|CVE-2015-6251}} [http://www.gnutls.org/security.html#GNUTLS-SA-2015-3 templink] || {{pkg|gnutls}} || 2015-08-10 || <= 3.4.3-1 || 3.4.4.1-1 || 10d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000385.html ASA-201508-8]<br />
|-<br />
| {{CVE|CVE-2015-4495}} [https://www.mozilla.org/en-US/security/advisories/mfsa2015-78/ templink] || {{pkg|firefox}} || 2015-08-06 || <= 39.0-1 || 39.0.3-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000378.html ASA-201508-1]<br />
|-<br />
| {{CVE|CVE-2015-2213}} {{CVE|CVE-2015-5730}} {{CVE|CVE-2015-5731}} {{CVE|CVE-2015-5732}} {{CVE|CVE-2015-5733}} {{CVE|CVE-2015-5734}} [https://codex.wordpress.org/Version_4.2.4 templink] || {{pkg|wordpress}} || 2015-08-04 || <= 4.2.3-1 || 4.2.4.-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000379.html ASA-201508-2]<br />
|-<br />
| {{CVE|CVE-2015-3245}} {{CVE|CVE-2015-3246}} [http://seclists.org/oss-sec/2015/q3/185 templink] || {{pkg|libuser}} || 2015-07-22 || <= 0.61-1 || 0.62-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000373.html ASA-201507-19]<br />
|-<br />
| {{CVE|CVE-2015-5600}} [https://kingcope.wordpress.com/2015/07/16/openssh-keyboard-interactive-authentication-brute-force-vulnerability-maxauthtries-bypass/ templink] || {{pkg|openssh}} || 2015-07-22 || <= 6.9p1-1 || 6.9p1-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000372.html ASA-201507-17]<br />
|-<br />
| {{CVE|CVE-2015-1270}} {{CVE|CVE-2015-1271}} {{CVE|CVE-2015-1272}} {{CVE|CVE-2015-1273}} {{CVE|CVE-2015-1274}} {{CVE|CVE-2015-1276}} {{CVE|CVE-2015-1277}} {{CVE|CVE-2015-1278}} {{CVE|CVE-2015-1279}} {{CVE|CVE-2015-1280}} {{CVE|CVE-2015-1281}} {{CVE|CVE-2015-1282}} {{CVE|CVE-2015-1283}} {{CVE|CVE-2015-1284}} {{CVE|CVE-2015-1285}} {{CVE|CVE-2015-1286}} {{CVE|CVE-2015-1287}} {{CVE|CVE-2015-1288}} {{CVE|CVE-2015-1289}} [http://googlechromereleases.blogspot.fr/2015/07/stable-channel-update_21.html templink] || {{pkg|chromium}} || 2015-07-21 || <= 43.0.2357.134-1 || 44.0.2403.89-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000371.html ASA-201507-18]<br />
|-<br />
| {{CVE|CVE-2015-2590}} {{CVE|CVE-2015-2601}} {{CVE|CVE-2015-2613}} {{CVE|CVE-2015-2621}} {{CVE|CVE-2015-2625}} {{CVE|CVE-2015-2628}} {{CVE|CVE-2015-2632}} {{CVE|CVE-2015-2808}} {{CVE|CVE-2015-4000}} {{CVE|CVE-2015-4731}} {{CVE|CVE-2015-4732}} {{CVE|CVE-2015-4733}} {{CVE|CVE-2015-4748}} {{CVE|CVE-2015-4749}} {{CVE|CVE-2015-4760}} [http://blog.fuseyism.com/index.php/2015/07/21/security-icedtea-2-6-1-for-openjdk-7-released/ templink] || {{pkg|jre7-openjdk}} || 2015-07-21 || <= 7.u80_2.6.0-1 || 7.u85_2.6.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000370.html ASA-201507-16]<br />
|-<br />
| {{CVE|CVE-2015-5122}} {{CVE|CVE-2015-5123}} [https://helpx.adobe.com/security/products/flash-player/apsb15-18.html templink] || {{pkg|lib32-flashplugin}} || 2015-07-09 || <= 11.2.202.481-1 || 11.2.202.491-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000368.html ASA-201507-14]<br />
|-<br />
| {{CVE|CVE-2015-5122}} {{CVE|CVE-2015-5123}} [https://helpx.adobe.com/security/products/flash-player/apsb15-18.html templink] || {{pkg|flashplugin}} || 2015-07-09 || <= 11.2.202.481-1 || 11.2.202.491-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000367.html ASA-201507-13]<br />
|-<br />
| {{CVE|CVE-2015-0228}} {{CVE|CVE-2015-0253}} {{CVE|CVE-2015-3183}} {{CVE|CVE-2015-3185}} [http://www.apache.org/dist/httpd/CHANGES_2.4.16 templink] || {{pkg|apache}} || 2015-07-15 || <= 2.4.12-4 || 2.4.16-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000369.html ASA-201507-15]<br />
|-<br />
| {{CVE|CVE-2015-2724}} {{CVE|CVE-2015-2725}} {{CVE|CVE-2015-2726}} {{CVE|CVE-2015-2731}} {{CVE|CVE-2015-2734}} {{CVE|CVE-2015-2735}} {{CVE|CVE-2015-2736}} {{CVE|CVE-2015-2737}} {{CVE|CVE-2015-2738}} {{CVE|CVE-2015-2739}} {{CVE|CVE-2015-2740}} {{CVE|CVE-2015-2741}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird38.1 templink] || {{pkg|thunderbird}} || 2015-07-09 || <= 38.0.1-1 || 38.1.0-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000363.html ASA-201507-9]<br />
|-<br />
| {{CVE|CVE-2015-1793}} [https://openssl.org/news/secadv_20150709.txt templink] || {{pkg|lib32-openssl}} || 2015-07-09 || <= 1.0.2.c-1 || 1.0.2.d-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000366.html ASA-201507-12]<br />
|-<br />
| {{CVE|CVE-2015-1793}} [https://openssl.org/news/secadv_20150709.txt templink] || {{pkg|openssl}} || 2015-07-09 || <= 1.0.2.c-1 || 1.0.2.d-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000362.html ASA-201507-8]<br />
|-<br />
| {{CVE|CVE-2014-0578}} {{CVE|CVE-2015-3114}} {{CVE|CVE-2015-3115}} {{CVE|CVE-2015-3116}} {{CVE|CVE-2015-3117}} {{CVE|CVE-2015-3118}} {{CVE|CVE-2015-3119}} {{CVE|CVE-2015-3120}} {{CVE|CVE-2015-3121}} {{CVE|CVE-2015-3122}} {{CVE|CVE-2015-3123}} {{CVE|CVE-2015-3124}} {{CVE|CVE-2015-3125}} {{CVE|CVE-2015-3126}} {{CVE|CVE-2015-3127}} {{CVE|CVE-2015-3128}} {{CVE|CVE-2015-3129}} {{CVE|CVE-2015-3130}} {{CVE|CVE-2015-3131}} {{CVE|CVE-2015-3132}} {{CVE|CVE-2015-3133}} {{CVE|CVE-2015-3134}} {{CVE|CVE-2015-3135}} {{CVE|CVE-2015-3136}} {{CVE|CVE-2015-3137}} {{CVE|CVE-2015-4428}} {{CVE|CVE-2015-4429}} {{CVE|CVE-2015-4430}} {{CVE|CVE-2015-4431}} {{CVE|CVE-2015-4432}} {{CVE|CVE-2015-4433}} {{CVE|CVE-2015-5116}} {{CVE|CVE-2015-5117}} {{CVE|CVE-2015-5118}} {{CVE|CVE-2015-5119}} [https://helpx.adobe.com/security/products/flash-player/apsb15-16.html templink] [https://www.kb.cert.org/vuls/id/561288 templink] || {{pkg|flashplugin}} || 2015-07-07 || <= 11.2.202.468-1 || 11.2.202.481-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000361.html ASA-201507-7]<br />
|-<br />
| {{CVE|CVE-2015-4620}} [https://kb.isc.org/article/AA-01267/ templink] || {{pkg|bind}} || 2015-07-07 || <= 9.10.2.P1-1 || 9.10.2.P2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000360.html ASA-201507-6]<br />
|-<br />
| {{CVE|CVE-2015-5382}} [http://www.openwall.com/lists/oss-security/2015/07/07/3 templink] || {{pkg|roundcubemail}} || 2015-07-06 || <= 1.1.1-1 || 1.1.2-1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-5355}} {{CVE|CVE-2015-2694}} [http://krbdev.mit.edu/rt/NoAuth/krb5-1.13/fixed-1.13.2.html templink] || {{pkg|lib32-krb5}} || 2015-05-08 || <= 1.13.1-1 || 1.13.2-1 || 63d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000365.html ASA-201507-11]<br />
|-<br />
| {{CVE|CVE-2014-5355}} {{CVE|CVE-2015-2694}} [http://krbdev.mit.edu/rt/NoAuth/krb5-1.13/fixed-1.13.2.html templink] || {{pkg|krb5}} || 2015-05-08 || <= 1.13.1-1 || 1.13.2-1 || 63d || Fixed ({{bug|45575}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000364.html ASA-201507-10]<br />
|-<br />
| {{CVE|CVE-2015-3281}} [http://marc.info/?l=haproxy&m=143593901506748&w=2 templink] || {{pkg|haproxy}} || 2015-07-03 || <= 1.5.12-1 || 1.5.14-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000357.html ASA-201507-3]<br />
|-<br />
| {{CVE|CVE-2015-2722}} {{CVE|CVE-2015-2724}} {{CVE|CVE-2015-2725}} {{CVE|CVE-2015-2726}} {{CVE|CVE-2015-2727}} {{CVE|CVE-2015-2728}} {{CVE|CVE-2015-2729}} {{CVE|CVE-2015-2731}} {{CVE|CVE-2015-2733}} {{CVE|CVE-2015-2734}} {{CVE|CVE-2015-2735}} {{CVE|CVE-2015-2736}} {{CVE|CVE-2015-2737}} {{CVE|CVE-2015-2739}} {{CVE|CVE-2015-2740}} {{CVE|CVE-2015-2741}} {{CVE|CVE-2015-2743}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2015-07-02 || <= 38.0.5 || 39.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000356.html ASA-201507-2]<br />
|- <br />
| {{CVE|CVE-2015-5352}} [http://www.openwall.com/lists/oss-security/2015/07/01/10 templink] || {{pkg|openssh}} || 2015-06-29 || <= 6.8p1-3 || 6.9p1-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000358.html ASA-201507-4]<br />
|-<br />
| {{CVE|CVE-2015-5146}} [http://support.ntp.org/bin/view/Main/SecurityNotice#June_2015_NTP_Security_Vulnerabi templink] || {{pkg|ntp}} || 2015-06-29 || <= 4.2.8p2-1 || 4.2.8p3-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000359.html ASA-201507-5]<br />
|-<br />
| {{CVE|CVE-2015-2141}} [https://lists.ubuntu.com/archives/ubuntu-devel-discuss/2015-June/015585.html templink] [https://github.com/weidai11/cryptopp/commit/9425e16437439e68c7d96abef922167d68fafaff commit] || {{pkg|crypto++}} || 2015-06-28 || <= 5.6.2-2 || 5.6.2-3 || 28d || Fixed ({{bug|45498}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000374.html ASA-201507-20]<br />
|-<br />
| {{CVE|CVE-2015-5073}} [https://bugs.exim.org/show_bug.cgi?id=1651 templink] [http://vcs.pcre.org/pcre?view=revision&revision=1571 commit] || {{pkg|pcre}} || 2015-06-26 || <= 8.37-2 || 8.37-3 || ~52d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-5069}} {{CVE|CVE-2015-5070}} [http://www.openwall.com/lists/oss-security/2015/06/25/12 templink] || {{pkg|wesnoth}} || 2015-06-24 || <= 1.12.2-3 || 1.12.4-1 || < 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000355.html ASA-201507-1]<br />
|-<br />
| {{CVE|CVE-2015-3113}} [https://helpx.adobe.com/security/products/flash-player/apsb15-14.html templink] || {{pkg|flashplugin}} || 2015-06-23 || <= 11.2.202.466-1 || 11.2.202.468-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-June/000346.html ASA-201506-5]<br />
|-<br />
| {{CVE|CVE-2015-3236}} {{CVE|CVE-2015-3237}} [http://curl.haxx.se/docs/adv_20150617A.html templink] [http://curl.haxx.se/docs/adv_20150617B.html templink] || {{pkg|lib32-curl}} || 2015-06-17 || <= 7.42.1-1 || 7.43.0-1 || 47d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-June/000345.html ASA-201506-4]<br />
|-<br />
| {{CVE|CVE-2015-3236}} {{CVE|CVE-2015-3237}} [http://curl.haxx.se/docs/adv_20150617A.html templink] [http://curl.haxx.se/docs/adv_20150617B.html templink] || {{pkg|curl}} || 2015-06-17 || <= 7.42.1-1 || 7.43.0-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-June/000345.html ASA-201506-4]<br />
|-<br />
| {{CVE|CVE-2009-1364}} {{CVE|CVE-2006-3376}} {{CVE|CVE-2007-0455}} {{CVE|CVE-2007-2756}} {{CVE|CVE-2007-3472}} {{CVE|CVE-2007-3473}} {{CVE|CVE-2007-3477}} {{CVE|CVE-2009-3546}} {{CVE|CVE-2015-0848}} {{CVE|CVE-2015-4588}} {{CVE|CVE-2015-4695}} {{CVE|CVE-2015-4696}} [http://www.openwall.com/lists/oss-security/2015/06/16/4 templink] || {{pkg|libwmf}} || 2015-06-01 || <= 0.2.8.4-13 || || || '''Vulnerable''' ({{bug|49162}}) ||<br />
|-<br />
| {{CVE|CVE-2015-2325}} {{CVE|CVE-2015-2326}} {{CVE|CVE-2015-3414}} {{CVE|CVE-2015-3415}} {{CVE|CVE-2015-3416}} [http://php.net/ChangeLog-5.php#5.6.10 templink] || {{pkg|php}} || 2015-06-11 || <= 5.6.9-2 || 5.6.10-1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-3885}} [http://www.ocert.org/advisories/ocert-2015-006.html templink] || {{pkg|libraw}} || 2015-05-11 || <= 0.16.0-3 || 0.16.1 || 5d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-3885}} [http://www.ocert.org/advisories/ocert-2015-006.html templink] || {{pkg|dcraw}} || 2015-05-11 || <= 9.25.0-1 || 9.26.0-1 || ~1m || Fixed || None <br />
|-<br />
| {{CVE|CVE-2015-3885}} [http://www.ocert.org/advisories/ocert-2015-006.html templink] || {{pkg|gimp-ufraw}} || 2015-05-11 || <= 0.21-1 || 0.22-1 || 45d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-3885}} [http://www.ocert.org/advisories/ocert-2015-006.html templink] || {{pkg|rawtherapee}} || 2015-05-11 || <= 1:4.2-1 || 1:4.2+448.g26d182d-1 || ~5m || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-3885}} [http://www.ocert.org/advisories/ocert-2015-006.html templink] || {{pkg|rawstudio}} || 2015-05-11 || <= 2.0-12 || 2.0_git20160107-1 || ~11m || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-1158}} {{CVE|CVE-2015-1159}} [http://www.cups.org/str.php?L4609 templink] || {{pkg|cups}} || 2015-06-08 || <= 2.0.2-4 || 2.0.3-1 || 1d || Fixed ({{bug|45279}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-June/000343.html ASA-201506-2]<br />
|-<br />
| {{CVE|CVE-2015-1788}} {{CVE|CVE-2015-1789}} {{CVE|CVE-2015-1790}} {{CVE|CVE-2015-1791}} {{CVE|CVE-2015-1792}} {{CVE|CVE-2015-4000}} [https://www.openssl.org/news/secadv_20150611.txt templink] [https://git.openssl.org/?p=openssl.git;a=commit;h=98ece4eebfb6cd45cc8d550c6ac0022965071afc templink] || {{pkg|openssl}} || 2015-06-11 || <= 1.0.2.a-1 || 1.0.2.b-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-June/000344.html ASA-201506-3]<br />
|-<br />
| {{CVE|CVE-2015-3210}} [https://bugs.exim.org/show_bug.cgi?id=1636 templink] || {{pkg|pcre}} || 2015-05-29 || <= 8.37-1 || 8.37-2 || 7d || Fixed ({{bug|45207}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-June/000342.html ASA-201506-1]<br />
|-<br />
| {{CVE|CVE-2015-3165}} {{CVE|CVE-2015-3166}} {{CVE|CVE-2015-3167}} [http://www.postgresql.org/about/news/1587/ templink] || {{pkg|postgresql}} || 2015-05-22 || <= 9.4.1-1 || 9.4.2-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000338.html ASA-201505-17]<br />
|-<br />
| {{CVE|CVE-2015-4054}} [http://www.openwall.com/lists/oss-security/2015/05/22/5 templink] || {{pkg|pgbouncer}} || 2015-04-09 || <= 1.5.4-6 || 1.5.5-1 || 26d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000337.html ASA-201505-16]<br />
|-<br />
| {{CVE|CVE-2015-1251}} {{CVE|CVE-2015-1252}} {{CVE|CVE-2015-1253}} {{CVE|CVE-2015-1254}} {{CVE|CVE-2015-1255}} {{CVE|CVE-2015-1256}} {{CVE|CVE-2015-1257}} {{CVE|CVE-2015-1258}} {{CVE|CVE-2015-1259}} {{CVE|CVE-2015-1260}} {{CVE|CVE-2015-1263}} {{CVE|CVE-2015-1264}} {{CVE|CVE-2015-1265}} [http://googlechromereleases.blogspot.fr/2015/05/stable-channel-update_19.html templink] || {{pkg|chromium}} || 2015-05-19 || <= 42.0.2311.135-1 || 43.0.2357.65-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000335.html ASA-201505-14]<br />
|-<br />
| {{CVE|CVE-2015-3808}} {{CVE|CVE-2015-3809}} {{CVE|CVE-2015-3810}} {{CVE|CVE-2015-3811}} {{CVE|CVE-2015-3812}} {{CVE|CVE-2015-3813}} {{CVE|CVE-2015-3814}} {{CVE|CVE-2015-3815}} [https://wireshark.org/docs/relnotes/wireshark-1.12.5.html templink] || {{pkg|wireshark-cli}} {{pkg|wireshark-qt}} {{pkg|wireshark-gtk}} || 2015-05-11 || <= 1.12.4-4 || 1.12.5-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000329.html ASA-201505-10] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000330.html ASA-201505-11] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000331.html ASA-201505-12]<br />
|-<br />
| {{CVE|CVE-2015-3456}} [https://securityblog.redhat.com/2015/05/13/venom-dont-get-bitten/ templink] || {{pkg|qemu}} || 2015-05-13 || <= 2.2.1-4 || 2.2.1-5 || 1d || Fixed ({{bug|44958}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000328.html ASA-201505-9]<br />
|-<br />
| {{CVE|CVE-2014-0230}} [https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.44 templink] || {{pkg|tomcat6}} || 2015-04-09 || <= 6.0.43-2 || 6.0.44-1 || 34d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000321.html ASA-201505-8]<br />
|-<br />
| {{CVE|CVE-2015-2708}} {{CVE|CVE-2015-2709}} {{CVE|CVE-2015-2710}} {{CVE|CVE-2015-2713}} {{CVE|CVE-2015-2716}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird31.7 templink] || {{pkg|thunderbird}} || 2015-05-12 || <= 31.6.0-2 || 31.7.0-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000332.html ASA-201505-13]<br />
|-<br />
| {{CVE|CVE-2015-2708}} {{CVE|CVE-2015-2709}} {{CVE|CVE-2015-2710}} {{CVE|CVE-2015-2711}} {{CVE|CVE-2015-2712}} {{CVE|CVE-2015-2713}} {{CVE|CVE-2015-2715}} {{CVE|CVE-2015-2716}} {{CVE|CVE-2015-2717}} {{CVE|CVE-2015-2718}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox38 templink] || {{pkg|firefox}} || 2015-05-12 || <= 37.0.2-1 || 38.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000320.html ASA-201505-7] <br />
|-<br />
| {{CVE|CVE-2015-3622}} [http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commitdiff;h=f979435 templink] || {{pkg|libtasn1}} || 2015-04-20 || <= 4.5-1 || 4.4-1 || 16d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000318.html ASA-201505-5]<br />
|-<br />
| {{CVE|CVE-2014-8964}} [https://mariadb.com/kb/en/mariadb/mariadb-10018-release-notes/ templink] || {{pkg|mariadb-clients}} || 2015-05-07 || <= 10.0.17-1 || 10.0.18-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000317.html ASA-201505-4]<br />
|-<br />
| {{CVE|CVE-2014-8964}} {{CVE|CVE-2015-0499}} {{CVE|CVE-2015-0501}} {{CVE|CVE-2015-0505}} {{CVE|CVE-2015-2571}} [https://mariadb.com/kb/en/mariadb/mariadb-10018-release-notes/ templink] || {{pkg|mariadb}} || 2015-05-07 || <= 10.0.17-1 || 10.0.18-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000316.html ASA-201505-3]<br />
|-<br />
| {{CVE|CVE-2015-3627}} {{CVE|CVE-2015-3629}} {{CVE|CVE-2015-3630}} {{CVE|CVE-2015-3631}} [http://seclists.org/oss-sec/2015/q2/389 templink] || {{pkg|docker}} || 2015-05-07 || <= 1:1.6.0-1 || 1:1.6.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000319.html ASA-201505-6]<br />
|-<br />
| {{CVE|CVE-2015-0847}} [http://sourceforge.net/p/nbd/mailman/message/34091218/ templink] || {{pkg|nbd}} || 2015-05-07 || <= 3.10-1 || 3.11-1 || 19d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000336.html ASA-201505-15]<br />
|-<br />
| {{CVE|CVE-2015-1858}} {{CVE|CVE-2015-1859}} {{CVE|CVE-2015-1860}} [http://lists.qt-project.org/pipermail/announce/2015-April/000067.html templink] || {{pkg|qt5-base}} || 2015-04-13 || <= 5.4.1-5 || 5.4.2-1 || 50d || Fixed || None <br />
|-<br />
| {{CVE|CVE-2015-1858}} {{CVE|CVE-2015-1859}} {{CVE|CVE-2015-1860}} [http://lists.qt-project.org/pipermail/announce/2015-April/000067.html templink] || {{pkg|qt4}} || 2015-04-13 || <= 4.8.6-6 || 4.8.7-1 || 50d || Fixed || None <br />
|-<br />
| {{CVE|CVE-2015-3414}} {{CVE|CVE-2015-3415}} {{CVE|CVE-2015-3416}} [http://seclists.org/fulldisclosure/2015/Apr/31 templink] || {{pkg|sqlite}} || 2015-04-24 || <= 3.8.8.3-1 || 3.8.9-1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-2170}} {{CVE|CVE-2015-2221}} {{CVE|CVE-2015-2222}} {{CVE|CVE-2015-2305}} {{CVE|CVE-2015-2668}} [http://blog.clamav.net/2015/04/clamav-0987-has-been-released.html templink] || {{pkg|clamav}} || 2015-04-29 || <= 0.98.6-1 || 0.98.7-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000315.html ASA-201505-2]<br />
|-<br />
| {{CVE|CVE-2015-3455}} [http://www.openwall.com/lists/oss-security/2015/04/30/2 templink] || {{pkg|squid}} || 2015-04-29 || <= 3.5.3-2 || 3.5.4-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000314.html ASA-201505-1]<br />
|-<br />
| {{CVE|CVE-2015-3451}} [http://www.openwall.com/lists/oss-security/2015/04/30/1 templink] || {{pkg|perl-xml-libxml}} || 2015-04-30 || <= 2.0118-3 || 2.0119-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000313.html ASA-201504-32]<br />
|-<br />
| {{CVE|CVE-2015-3152}} [http://www.openwall.com/lists/oss-security/2015/04/29/4 templink] || {{pkg|mariadb}} {{pkg|mariadb-clients}} || 2015-04-29 || <= 10.0.17-2 || 10.0.20-1 || 52d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-3153}} [http://curl.haxx.se/docs/adv_20150429.html templink] || {{pkg|curl}} || 2015-04-29 || <= 7.42.0-1 || 7.42.1-1 || 29d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000341.html ASA-201505-20]<br />
|-<br />
| {{CVE|CVE-2015-1243}} {{CVE|CVE-2015-1250}} [http://googlechromereleases.blogspot.fr/2015/04/stable-channel-update_28.html templink] || {{pkg|chromium}} || 2015-04-28 || <= 42.0.2311.90-1 || 42.0.2311.135-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000311.html ASA-201504-30]<br />
|-<br />
| {{CVE|CVE-2015-3420}} [http://seclists.org/oss-sec/2015/q2/288 templink] || {{pkg|dovecot}} || 2015-04-24 || <= 2.2.16-1 || 2.2.16-2 || 4d || Fixed ({{bug|44757}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000312.html ASA-201504-31]<br />
|-<br />
| {{CVE|CVE-2015-1868}} [https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/ templink] || {{pkg|powerdns-recursor}} || 2015-04-23 || <= 3.7.1-1 || 3.7.2-1 || 1d || Fixed ({{Bug|44708}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000308.html ASA-201504-27]<br />
|-<br />
| {{CVE|CVE-2015-1868}} [https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/ templink] || {{pkg|powerdns}} || 2015-04-23 || <= 3.4.3-2 || 3.4.4-1 || 1d || Fixed ({{Bug|44708}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000307.html ASA-201504-26]<br />
|-<br />
| {{CVE|CVE-2015-1863}} [http://w1.fi/security/2015-1/wpa_supplicant-p2p-ssid-overflow.txt templink] || {{pkg|wpa_supplicant}} || 2015-04-22 || <= 2.3-1 || 2.4-1 (1:2.3-1) || 2d || Fixed ({{Bug|44695}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000310.html ASA-201504-29]<br />
|-<br />
| {{CVE|CVE-2015-1781}} [https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=2959eda9272a033863c271aff62095abd01bd4e3;hp=7bf8fb104226407b75103b95525364c4667c869f templink] || {{pkg|glibc}} || 2015-04-21 || <= 2.21-2 || 2.21-3 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000305.html ASA-201504-25]<br />
|-<br />
| {{CVE|CVE-2015-3143}} {{CVE|CVE-2015-3144}} {{CVE|CVE-2015-3145}} {{CVE|CVE-2015-3148}} [http://curl.haxx.se/docs/vuln-7.41.0.html templink] || {{pkg|curl}} || 2015-04-22 || <= 7.41.0-1 || 7.42.0-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000309.html ASA-201504-28]<br />
|-<br />
| {{CVE|CVE-2015-2706}} [https://www.mozilla.org/en-US/security/advisories/mfsa2015-45/ templink] || {{pkg|firefox}} || 2015-04-20 || <= 37.0.1-3 || 37.0.2-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000304.html ASA-201504-24]<br />
|-<br />
| {{CVE|CVE-2015-3138}} [https://github.com/the-tcpdump-group/tcpdump/issues/446 templink] || {{pkg|tcpdump}} || 2015-03-24 || <= 4.7.3-1 || 4.7.3-2 || 26d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000299.html ASA-201504-20]<br />
|-<br />
| {{CVE|CVE-2015-0346}} {{CVE|CVE-2015-0347}} {{CVE|CVE-2015-0348}} {{CVE|CVE-2015-0349}} {{CVE|CVE-2015-0350}} {{CVE|CVE-2015-0351}} {{CVE|CVE-2015-0352}} {{CVE|CVE-2015-0353}} {{CVE|CVE-2015-0354}} {{CVE|CVE-2015-0355}} {{CVE|CVE-2015-0356}} {{CVE|CVE-2015-0357}} {{CVE|CVE-2015-0358}} {{CVE|CVE-2015-0359}} {{CVE|CVE-2015-0360}} {{CVE|CVE-2015-3038}} {{CVE|CVE-2015-3039}} {{CVE|CVE-2015-3040}} {{CVE|CVE-2015-3041}} {{CVE|CVE-2015-3042}} {{CVE|CVE-2015-3043}} {{CVE|CVE-2015-3044}} [https://helpx.adobe.com/security/products/flash-player/apsb15-06.html templink] || {{pkg|flashplugin}} || 2015-04-14 || <= 11.2.202.451-1 || 11.2.202.457-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000297.html ASA-201504-18]<br />
|-<br />
| {{CVE|CVE-2015-1351}} {{CVE|CVE-2015-1352}} {{CVE|CVE-2015-2783}} {{CVE|CVE-2015-3330}} {{CVE|CVE-2015-3329}} [https://php.net/ChangeLog-5.php#5.6.8 templink] || {{pkg|php}} || 2015-04-17 || <= 5.6.7.-2 || 5.6.8-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000291.html ASA-201504-14]<br />
|-<br />
| {{CVE|CVE-2015-0460}} {{CVE|CVE-2015-0469}} {{CVE|CVE-2015-0470}} {{CVE|CVE-2015-0477}} {{CVE|CVE-2015-0478}} {{CVE|CVE-2015-0480}} {{CVE|CVE-2015-0488}} || {{pkg|jdk8-openjdk}} {{pkg|jre8-openjdk}} {{pkg|jre8-openjdk-headless}} || 2015-04-14 || <= 8.u40-1 || 8.u45-1 || 6d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000300.html ASA-201504-21] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000301.html ASA-201504-22] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000302.html ASA-201504-23]<br />
|-<br />
| {{CVE|CVE-2015-0460}} {{CVE|CVE-2015-0469}} {{CVE|CVE-2015-0477}} {{CVE|CVE-2015-0478}} {{CVE|CVE-2015-0480}} {{CVE|CVE-2015-0488}} [http://blog.fuseyism.com/index.php/2015/04/15/security-icedtea-2-5-5-for-openjdk-7-released/ templink] || {{pkg|jdk7-openjdk}} {{pkg|jre7-openjdk}} {{pkg|jre7-openjdk-headless}} || 2015-04-14 || <= 7.u75_2.5.4-1 || 7.u79_2.5.5-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000294.html ASA-201504-15] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000295.html ASA-201504-16] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000296.html ASA-201504-17]<br />
|-<br />
| {{CVE|CVE-2015-3310}} [http://www.openwall.com/lists/oss-security/2015/04/16/7 templink] || {{pkg|ppp}} || 2015-04-13 || <= 2.4.7-1 || 2.4.7-2 || ~4m || Fixed ({{bug|44607}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000380.html ASA-201508-3]<br />
|-<br />
| {{CVE|CVE-2015-3308}} [http://www.openwall.com/lists/oss-security/2015/04/16/6 templink] || {{pkg|gnutls}} || 2015-03-30 || <= 3.3.13-1 || 3.3.14-1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-1235}} {{CVE|CVE-2015-1236}} {{CVE|CVE-2015-1237}} {{CVE|CVE-2015-1238}} {{CVE|CVE-2015-1240}} {{CVE|CVE-2015-1241}} {{CVE|CVE-2015-1242}} {{CVE|CVE-2015-1244}} {{CVE|CVE-2015-1245}} {{CVE|CVE-2015-1246}} {{CVE|CVE-2015-1247}} {{CVE|CVE-2015-1248}} {{CVE|CVE-2015-1249}} [http://googlechromereleases.blogspot.fr/2015/04/stable-channel-update_14.html templink] || {{pkg|chromium}} || 2015-04-14 || <= 41.0.2272.118-2 || 42.0.2311.90-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000298.html ASA-201504-19]<br />
|-<br />
| {{CVE|CVE-2015-1855}} [https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/ templink] || {{pkg|ruby}} || 2015-04-13 || <= 2.2.1-1 || 2.2.2-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000282.html ASA-201504-13]<br />
|-<br />
| {{CVE|CVE-2015-3026}} [http://seclists.org/oss-sec/2015/q2/80 templink] || {{pkg|icecast}} || 2015-04-08 || <= 2.4.1-1 || 2.4.2-1 || 3d || Fixed ({{bug|44503}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000281.html ASA-201504-12]<br />
|-<br />
| {{CVE|CVE-2015-1798}} [http://seclists.org/oss-sec/2015/q2/63 templink] || {{pkg|chrony}} || 2015-04-08 || <= 1.31-2 || 1.31.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000278.html ASA-201504-9]<br />
|-<br />
| {{CVE|CVE-2015-1798}} {{CVE|CVE-2015-1799}} [http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities templink] || {{pkg|ntp}} || 2015-04-07 || <= 4.2.8p1 || 4.2.8p2-1 || <1d || Fixed ({{bug|44492}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000275.html ASA-201504-8]<br />
|-<br />
| {{CVE|CVE-2015-2931}} {{CVE|CVE-2015-2932}} {{CVE|CVE-2015-2933}} {{CVE|CVE-2015-2934}} {{CVE|CVE-2015-2935}} {{CVE|CVE-2015-2936}} {{CVE|CVE-2015-2937}} {{CVE|CVE-2015-2938}} {{CVE|CVE-2015-2939}} {{CVE|CVE-2015-2940}} {{CVE|CVE-2015-2941}} {{CVE|CVE-2015-2942}} [http://seclists.org/oss-sec/2015/q2/61 templink] || {{pkg|mediawiki}} || 2015-04-07 || <= 1.24.1-1 || 1.24.2-1 || 0d || Fixed ({{bug|44489}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000280.html ASA-201504-11]<br />
|-<br />
| {{CVE|CVE-2015-2928}} {{CVE|CVE-2015-2929}} [http://seclists.org/oss-sec/2015/q2/56 templink] || {{pkg|tor}} || 2015-04-06 || <= 0.2.5.11-1 || 0.2.5.12-1 || <1d || Fixed ({{bug|44482}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000274.html ASA-201504-7]<br />
|-<br />
| {{CVE|CVE-2015-0799}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2015-04-03 || <= 37.0-1 || 37.0.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000271.html ASA-201504-4]<br />
|-<br />
| {{CVE|CVE-2015-1233}} {{CVE|CVE-2015-1234}} [http://googlechromereleases.blogspot.fr/2015/04/stable-channel-update.html templink] || {{pkg|chromium}} || 2015-04-01 || <= 41.0.2272.101-1 || 41.0.2272.118-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000269.html ASA-201504-2]<br />
|-<br />
| {{CVE|CVE-2015-0801}} {{CVE|CVE-2015-0807}} {{CVE|CVE-2015-0813}} {{CVE|CVE-2015-0814}} {{CVE|CVE-2015-0815}} {{CVE|CVE-2015-0816}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/ templink] || {{pkg|thunderbird}} || 2015-03-31 || <= 31.5.0-1 || 31.6.0-1|| 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000272.html ASA-201504-6]<br />
|-<br />
| {{CVE|CVE-2015-0801}} {{CVE|CVE-2015-0802}} {{CVE|CVE-2015-0803}} {{CVE|CVE-2015-0804}} {{CVE|CVE-2015-0805}} {{CVE|CVE-2015-0806}} {{CVE|CVE-2015-0807}} {{CVE|CVE-2015-0808}} {{CVE|CVE-2015-0811}} {{CVE|CVE-2015-0812}} {{CVE|CVE-2015-0813}} {{CVE|CVE-2015-0814}} {{CVE|CVE-2015-0815}} {{CVE|CVE-2015-0816}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2015-03-31 || <= 36.0.4-1 || 37.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000268.html ASA-201504-1]<br />
|-<br />
| {{CVE|CVE-2015-1817}} [http://www.openwall.com/lists/oss-security/2015/03/30/3 templink] || {{pkg|musl}} || 2015-03-29 || <= 1.1.7-1 || 1.1.8-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000267.html ASA-201503-26]<br />
|-<br />
| {{CVE|CVE-2015-2782}} {{CVE|CVE-2015-0556}} {{CVE|CVE-2015-0557}} [http://www.openwall.com/lists/oss-security/2015/03/29/1 templink] || {{pkg|arj}} || 2015-03-28 || <= 3.10.22-8 || 3.10.22-10 || 10d || Fixed ({{bug|44411}}) ({{bug|44488}}) || None<br />
|-<br />
| {{CVE|CVE-2015-0250}} [http://seclists.org/fulldisclosure/2015/Mar/142 templink] || {{pkg|java-batik}} || 2015-03-17 || <= 1.7-12 || 1.8-1 || 17d || Fixed ({{bug|44410}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000273.html ASA-201504-5]<br />
|-<br />
| {{CVE|CVE-2015-2806}} [http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=4d4f992826a4962790ecd0cce6fbba4a415ce149 templink] || {{pkg|libtasn1}} || 2015-03-29 || <= 4.3-1 || 4.4-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000270.html ASA-201504-3]<br />
|-<br />
| {{CVE|CVE-2015-0817}} {{CVE|CVE-2015-0818}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2015-03-20 || <= 36.0.1-1 || 36.0.3-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000262.html ASA-201503-21]<br />
|-<br />
| {{CVE|CVE-2015-2559}} [https://www.drupal.org/SA-CORE-2015-001 templink] || {{pkg|drupal}} || 2015-03-19 || <= 7.34-1 || 7.35-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000259.html ASA-201503-18]<br />
|-<br />
| {{CVE|CVE-2015-0252}} [https://xerces.apache.org/xerces-c/secadv/CVE-2015-0252.txt templink] || {{pkg|xerces-c}} || 2015-03-19 || <= 3.1.1-5 || 3.1.2-1 || 1d || Fixed ({{bug|44272}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000260.html ASA-201503-19]<br />
|-<br />
| {{CVE|CVE-2015-2330}} [http://www.openwall.com/lists/oss-security/2015/03/18/4 templink] || {{pkg|webkitgtk}} {{pkg|webkitgtk2}} || 2015-03-17 || <= 2.4.8-1 || 2.4.9-1 || 30d || Fixed ({{bug|44237}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000339.html ASA-201505-18] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000340.html ASA-201505-19]<br />
|-<br />
| {{CVE|CVE-2015-2305}} {{CVE|CVE-2015-2331}} {{CVE|CVE-2015-2348}} {{CVE|CVE-2015-2787}} [https://bugs.php.net/bug.php?id=69253 templink] || {{pkg|php}} || 2015-03-18 || <= 5.6.6-1 || 5.6.7-1 || 10d || Fixed ({{bug|44236}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000266.html ASA-201503-25]<br />
|-<br />
| {{CVE|CVE-2015-0204}} {{CVE|CVE-2015-0207}} {{CVE|CVE-2015-0208}} {{CVE|CVE-2015-0209}} {{CVE|CVE-2015-0285}} {{CVE|CVE-2015-0286}} {{CVE|CVE-2015-0287}} {{CVE|CVE-2015-0288}} {{CVE|CVE-2015-0289}} {{CVE|CVE-2015-0290}} {{CVE|CVE-2015-0291}} {{CVE|CVE-2015-0293}} {{CVE|CVE-2015-1787}} [https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=28a00bcd8e318da18031b2ac8778c64147cd54f9 commit-0288] [https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2b31fcc0b5e7329e13806822a5709dbd51c5c8a4 commit-0285] [https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ba5d0113e8bcb26857ae58a11b219aeb7bc2408a commit-0209] [https://security-tracker.debian.org/tracker/CVE-2015-0288 Debian-Bug-tracker] [https://www.openssl.org/news/secadv_20150319.txt advisory] || {{pkg|openssl}} {{pkg|lib32-openssl}} || 2015-03-17 || <= 1.0.2-1 || 1.0.2.a-1 || 2d || Fixed ({{bug|44227}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000257.html ASA-201503-16] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000258.html ASA-201503-17]<br />
|-<br />
| {{CVE|CVE-2015-1802}} {{CVE|CVE-2015-1803}} {{CVE|CVE-2015-1804}} [http://www.openwall.com/lists/oss-security/2015/03/17/5 templink] || {{pkg|libxfont}} || 2015-03-17 || <= 1.5.0-1 || 1.5.1-1 || <1d || Fixed ({{bug|44226}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000256.html ASA-201503-15]<br />
|-<br />
| {{CVE|CVE-2015-0332}} {{CVE|CVE-2015-0333}} {{CVE|CVE-2015-0334}} {{CVE|CVE-2015-0335}} {{CVE|CVE-2015-0336}} {{CVE|CVE-2015-0337}} {{CVE|CVE-2015-0338}} {{CVE|CVE-2015-0339}} {{CVE|CVE-2015-0340}} {{CVE|CVE-2015-0341}} {{CVE|CVE-2015-0342}} [https://helpx.adobe.com/security/products/flash-player/apsb15-05.html templink] || {{pkg|flashplugin}} || 2015-03-12 || <= 11.2.202.442-1 || 11.2.202.451-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000252.html ASA-201503-11]<br />
|-<br />
| {{CVE|CVE-2014-9687}} [http://www.openwall.com/lists/oss-security/2015/02/10/10 templink] || {{pkg|ecryptfs-utils}} || 2015-02-10 || <= 104-1 || 106-1 || 37d || Fixed ({{bug|44157}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000255.html ASA-201503-14]<br />
|-<br />
| {{CVE|CVE-2015-1782}} [http://www.libssh2.org/adv_20150311.html templink] || {{pkg|libssh2}} || 2015-03-11 || <= 1.4.3-1 || 1.5.0-1 || 29d || Fixed ({{bug|44146}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000279.html ASA-201504-10]<br />
|-<br />
| {{CVE|CVE-2015-2241}} [https://www.djangoproject.com/weblog/2015/mar/09/security-releases/ templink] || {{pkg|python-django}} {{pkg|python2-django}} || 2015-03-09 || <= 1.7.5-1 || 1.7.6-1 || 2d || Fixed ({{bug|44122}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000248.html ASA-201503-7]<br />
|-<br />
| {{CVE|CVE-2015-1212}} {{CVE|CVE-2015-1213}} {{CVE|CVE-2015-1214}} {{CVE|CVE-2015-1215}} {{CVE|CVE-2015-1216}} {{CVE|CVE-2015-1217}} {{CVE|CVE-2015-1218}} {{CVE|CVE-2015-1219}} {{CVE|CVE-2015-1220}} {{CVE|CVE-2015-1221}} {{CVE|CVE-2015-1222}} {{CVE|CVE-2015-1223}} {{CVE|CVE-2015-1224}} {{CVE|CVE-2015-1225}} {{CVE|CVE-2015-1226}} {{CVE|CVE-2015-1227}} {{CVE|CVE-2015-1228}} {{CVE|CVE-2015-1229}} {{CVE|CVE-2015-1230}} {{CVE|CVE-2015-1231}} [http://googlechromereleases.blogspot.fr/2015/03/stable-channel-update.html templink] || {{pkg|chromium}} || 2015-03-03 || <= 40.0.2214.115-1 || 41.0.2272.76-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000245.html ASA-201503-5]<br />
|-<br />
| {{CVE|CVE-2015-1572}} [https://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=49d0fe2a14f2a23da2fe299643379b8c1d37df73 templink] || {{pkg|e2fsprogs}} || 2015-02-06 || <= 1.42.12-1 || 1.42.12-2 || 6d || Fixed ({{bug|44015}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000249.html ASA-201503-8]<br />
|-<br />
| {{CVE|CVE-2015-2157}} [http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/private-key-not-wiped-2.html templink] || {{pkg|putty}} || 2015-03-02 || <= 0.63-1 || 0.64-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000241.html ASA-201503-1]<br />
|-<br />
| {{CVE|CVE-2015-0822}} {{CVE|CVE-2015-0827}} {{CVE|CVE-2015-0831}} {{CVE|CVE-2015-0835}} {{CVE|CVE-2015-0836}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/ templink] || {{pkg|thunderbird}} || 2015-02-24 || <= 31.4.0-1 || 31.5.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000238.html ASA-201502-15]<br />
|-<br />
| {{CVE|CVE-2015-0819}} {{CVE|CVE-2015-0821}} {{CVE|CVE-2015-0822}} {{CVE|CVE-2015-0823}} {{CVE|CVE-2015-0824}} {{CVE|CVE-2015-0825}} {{CVE|CVE-2015-0826}} {{CVE|CVE-2015-0827}} {{CVE|CVE-2015-0829}} {{CVE|CVE-2015-0830}} {{CVE|CVE-2015-0831}} {{CVE|CVE-2015-0832}} {{CVE|CVE-2015-0834}} {{CVE|CVE-2015-0835}} {{CVE|CVE-2015-0836}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2015-02-24 || <= 35.0.1-1 || 36.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000237.html ASA-201502-14]<br />
|-<br />
| {{CVE|CVE-2015-0240}} [https://www.samba.org/samba/history/samba-4.1.17.html templink] || {{pkg|samba}} || 2015-02-23 || <= 4.1.16-1 || 4.1.17-1 || <1d || Fixed ({{bug|43923}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000236.html ASA-201502-13]<br />
|-<br />
| {{CVE|CVE-2014-9636}} [http://www.openwall.com/lists/oss-security/2014/11/02/2 templink] || {{pkg|unzip}} || 2014-11-02 || <= 6.0-9 || 6.0-10 || 75d || Fixed ({{bug|44171}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000250.html ASA-201503-9]<br />
|-<br />
| {{CVE|CVE-2015-1315}} [http://www.openwall.com/lists/oss-security/2015/02/17/4 templink] || {{pkg|unzip}} || 2014-11-02 || <= 6.0-9 || 6.0-9 || - || Not Affected || None<br />
|-<br />
| {{CVE|CVE-2014-9680}} [http://www.sudo.ws/sudo/alerts/tz.html templink] || {{pkg|sudo}} || 2015-02-09 || <= 1.8.12-1 || 1.8.12-1 || 4d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-5352}} {{CVE|CVE-2014-5353}} {{CVE|CVE-2014-5354}} {{CVE|CVE-2014-9421}} {{CVE|CVE-2014-9422}} {{CVE|CVE-2014-9423}} [http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2015-001.txt templink] [http://www.openwall.com/lists/oss-security/2014/12/16/1 templink] || {{pkg|krb5}} || 2015-02-03 || <= 1.13-1 || 1.13.1-1 || 14d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000235.html ASA-201502-12] <br />
|-<br />
| {{CVE|CVE-2015-0255}} [http://www.x.org/wiki/Development/Security/Advisory-2015-02-10/ templink] || {{pkg|xorg-server}} || 2015-02-10 || <= 1.16.3-2|| 1.16.4-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000234.html ASA-201502-11]<br />
|-<br />
| {{CVE|CVE-2015-1191}} [http://www.openwall.com/lists/oss-security/2015/01/18/3 templink] || {{pkg|pigz}} || 2015-01-18 || <= 2.3.1-1 || 2.3.3-1 || 21d || Fixed ({{bug|43748}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000232.html ASA-201502-9]<br />
|-<br />
| {{CVE|CVE-2015-0245}} [http://lists.freedesktop.org/archives/dbus/2015-February/016553.html templink] || {{pkg|dbus}} || 2015-02-09 || <= 1.8.14-1 || 1.8.16-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000233.html ASA-201502-10]<br />
|-<br />
| {{CVE|CVE-2015-1472}} {{CVE|CVE-2015-1473}} || {{pkg|glibc}} || 2015-02-05 || <= 2.20-6 || 2.21-1 ||4d || Fixed ({{bug|43747}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000231.html ASA-201502-8]<br />
|-<br />
| {{CVE|CVE-2014-9297}} {{CVE|CVE-2014-9298}} [http://support.ntp.org/bin/view/Main/SecurityNotice#vallen_is_not_validated_in_sever templink] [http://support.ntp.org/bin/view/Main/SecurityNotice#1_can_be_spoofed_on_some_OSes_so templink]|| {{pkg|ntp}} || 2015-02-04 || <= 4.2.8-1 || 4.2.8.p1-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000230.html ASA-201502-7]<br />
|-<br />
| {{CVE|CVE-2014-9328}} || {{pkg|clamav}} || 2015-01-28 || <= 0.98.5-1 || 0.98.6-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000229.html ASA-201502-6]<br />
|-<br />
| {{CVE|CVE-2015-1209}} {{CVE|CVE-2015-1210}} {{CVE|CVE-2015-1211}} {{CVE|CVE-2015-1212}} [http://googlechromereleases.blogspot.fr/2015/02/stable-channel-update.html templink] || {{pkg|chromium}} || 2015-02-05 || <= 40.0.2214.94-1 || 40.0.2214.111-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000228.html ASA-201502-5]<br />
|-<br />
| {{CVE|CVE-2015-0313}} {{CVE|CVE-2015-0314}} {{CVE|CVE-2015-0315}} {{CVE|CVE-2015-0316}} {{CVE|CVE-2015-0317}} {{CVE|CVE-2015-0318}} {{CVE|CVE-2015-0319}} {{CVE|CVE-2015-0320}} {{CVE|CVE-2015-0321}} {{CVE|CVE-2015-0322}} {{CVE|CVE-2015-0323}} {{CVE|CVE-2015-0324}} {{CVE|CVE-2015-0325}} {{CVE|CVE-2015-0326}} {{CVE|CVE-2015-0327}} {{CVE|CVE-2015-0328}} {{CVE|CVE-2015-0329}} {{CVE|CVE-2015-0330}} [https://helpx.adobe.com/security/products/flash-player/apsb15-04.html templink] || {{pkg|flashplugin}} || 2015-02-05 || <= 11.2.202.440-1 || 11.2.202.442-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000225.html ASA-201502-2]<br />
|-<br />
| {{CVE|CVE-2014-8161}} {{CVE|CVE-2015-0241}} {{CVE|CVE-2015-0243}} {{CVE|CVE-2015-0244}} [http://www.postgresql.org/docs/9.4/static/release-9-4-1.html templink] || {{pkg|postgresql}} || 2015-02-05 || <= 9.4.0-1 || 9.4.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000227.html ASA-201502-4]<br />
|-<br />
| {{CVE|CVE-2015-1380}} {{CVE|CVE-2015-1381}} {{CVE|CVE-2015-1382}} [http://seclists.org/oss-sec/2015/q1/285 templink] || {{pkg|privoxy}} || 2015-01-26 || <= 3.0.22-1 || 3.0.23-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000224.html ASA-201502-1]<br />
|-<br />
| {{CVE|CVE-2015-0235}} [https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-0235 templink] || {{pkg|glibc}} || 2015-01-27 || < 2.18-1 || 2.18-1 || < 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-0311}} {{CVE|CVE-2015-0301}} {{CVE|CVE-2015-0302}} {{CVE|CVE-2015-0303}} {{CVE|CVE-2015-0304}} {{CVE|CVE-2015-0305}} {{CVE|CVE-2015-0306}} {{CVE|CVE-2015-0307}} {{CVE|CVE-2015-0308}} {{CVE|CVE-2015-0309}} [https://helpx.adobe.com/security/products/flash-player/apsb15-01.html templink] || {{pkg|flashplugin}} || 2015-01-23 || <= 11.2.202.438-1 || 11.2.202.440-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000220.html ASA-201501-22]<br />
|-<br />
| {{CVE|CVE-2015-0231}} {{CVE|CVE-2014-9427}} {{CVE|CVE-2015-0232}} [https://bugs.php.net/bug.php?id=68710 templink] [https://bugs.php.net/bug.php?id=68618 templink] [https://bugs.php.net/bug.php?id=68799 templink] || {{pkg|php}} || 2015-01-22 || <= 5.6.4-1 || 5.6.5-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000215.html ASA-201501-17]<br />
|-<br />
| {{CVE|CVE-2014-9638}} {{CVE|CVE-2014-9639}} {{CVE|CVE-2014-9640}} [http://www.openwall.com/lists/oss-security/2015/01/22/9 templink] || {{pkg|vorbis-tools}} || 2015-01-21 || <= 1.4.0-4 || 1.4.0-5 || 64d || Fixed ({{bug|44172}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000265.html ASA-201503-24]<br />
|-<br />
| {{CVE|CVE-2015-1345}} [http://seclists.org/oss-sec/2015/q1/179 templink] || {{pkg|grep}} || 2015-01-18 || <= 2.21-1 || 2.21-2 || 46d || Fixed ({{bug|44017}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000244.html ASA-201503-4]<br />
|-<br />
| {{CVE|CVE-2014-7923}} {{CVE|CVE-2014-7924}} {{CVE|CVE-2014-7925}} {{CVE|CVE-2014-7926}} {{CVE|CVE-2014-7927}} {{CVE|CVE-2014-7928}} {{CVE|CVE-2014-7930}} {{CVE|CVE-2014-7931}} {{CVE|CVE-2014-7929}} {{CVE|CVE-2014-7932}} {{CVE|CVE-2014-7933}} {{CVE|CVE-2014-7934}} {{CVE|CVE-2014-7935}} {{CVE|CVE-2014-7936}} {{CVE|CVE-2014-7937}} {{CVE|CVE-2014-7938}} {{CVE|CVE-2014-7939}} {{CVE|CVE-2014-7940}} {{CVE|CVE-2014-7941}} {{CVE|CVE-2014-7942}} {{CVE|CVE-2014-7943}} {{CVE|CVE-2014-7944}} {{CVE|CVE-2014-7945}} {{CVE|CVE-2014-7946}} {{CVE|CVE-2014-7947}} {{CVE|CVE-2014-7948}} {{CVE|CVE-2015-1205}} [http://googlechromereleases.blogspot.fr/2015/01/stable-update.html templink] || {{pkg|chromium}} || 2015-01-22 || <= 39.0.2171.99-1 || 40.0.2214.91-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000219.html ASA-201501-21]<br />
|-<br />
| {{CVE|CVE-2014-3566}} {{CVE|CVE-2014-6549}} {{CVE|CVE-2014-6585}} {{CVE|CVE-2014-6587}} {{CVE|CVE-2014-6591}} {{CVE|CVE-2014-6593}} {{CVE|CVE-2014-6601}} {{CVE|CVE-2015-0383}} {{CVE|CVE-2015-0395}} {{CVE|CVE-2015-0400}} {{CVE|CVE-2015-0403}} {{CVE|CVE-2015-0406}} {{CVE|CVE-2015-0407}} {{CVE|CVE-2015-0408}} {{CVE|CVE-2015-0410}} {{CVE|CVE-2015-0412}} {{CVE|CVE-2015-0413}} {{CVE|CVE-2015-0421}} {{CVE|CVE-2015-0437}} [http://www.oracle.com/technetwork/topics/security/cpujan2015verbose-1972976.html#JAVA templink] || {{pkg|jdk8-openjdk}} {{pkg|jre8-openjdk}} {{pkg|jre8-openjdk-headless}} || 2015-01-22 || <= 8.u25-2 || 8.u31-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000210.html ASA-201501-14] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000211.html ASA-201501-15] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000212.html ASA-201501-16]<br />
|-<br />
| {{CVE|CVE-2014-3566}} {{CVE|CVE-2014-6585}} {{CVE|CVE-2014-6587}} {{CVE|CVE-2014-6591}} {{CVE|CVE-2014-6593}} {{CVE|CVE-2014-6601}} {{CVE|CVE-2015-0383}} {{CVE|CVE-2015-0395}} {{CVE|CVE-2015-0407}} {{CVE|CVE-2015-0408}} {{CVE|CVE-2015-0410}} {{CVE|CVE-2015-0412}} [http://www.oracle.com/technetwork/topics/security/cpujan2015verbose-1972976.html#JAVA templink] || {{pkg|jdk7-openjdk}} {{pkg|jre7-openjdk}} {{pkg|jre7-openjdk-headless}} || 2015-01-22 || <= 7.u71_2.5.3-3 || 7.u75_2.5.4-1 || || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000216.html ASA-201501-18] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000217.html ASA-201501-19] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000218.html ASA-201501-20]<br />
|-<br />
| {{CVE|CVE-2014-8157}} {{CVE|CVE-2014-8158}} [http://seclists.org/oss-sec/2015/q1/210 templink] || {{pkg|jasper}} || 2015-01-22 || <= 1.900.1-12 || 1.900.1-13 || 5d || Fixed ({{bug|43592}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000222.html ASA-201501-23]<br />
|-<br />
| {{CVE|CVE-2014-8132}} [http://www.libssh.org/2014/12/19/libssh-0-6-4-security-and-bugfix-release/ templink] || {{pkg|libssh}} || 2014-12-19 || <= 0.6.3-1 || 0.6.4-1 || 26d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000208.html ASA-201501-12]<br />
|-<br />
| {{CVE|CVE-2015-1182}} [https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-04 templink] || {{pkg|polarssl}} || 2012-09-19 || <= 1.3.9-1 || 1.3.9-2 || 1d || Fixed ({{bug|43508}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000209.html ASA-201501-13]<br />
|-<br />
| {{CVE|CVE-2012-3505}} [http://www.openwall.com/lists/oss-security/2012/08/18/1 templink] || {{pkg|tinyproxy}} || 2012-09-10 || <= 1.8.3-1 || 1.8.4-1 || > 740d || Fixed ({{bug|38400}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000207.html ASA-201501-11]<br />
|-<br />
| {{CVE|CVE-2014-9447}} [https://git.fedorahosted.org/cgit/elfutils.git/commit/?id=147018e729e7c22eeabf15b82d26e4bf68a0d18e templink] || {{pkg|elfutils}} || 2015-01-19 || <= 0.161-2 || 0.161-3 || 42d || Fixed ({{bug|44019}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000242.html ASA-201503-2]<br />
|-<br />
| {{CVE|CVE-2014-9447}} [https://git.fedorahosted.org/cgit/elfutils.git/commit/?id=147018e729e7c22eeabf15b82d26e4bf68a0d18e templink] || {{pkg|lib32-elfutils}} || 2015-01-19 || <= 0.161-1 || 0.161-2 || 42d || Fixed ({{bug|44020}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000243.html ASA-201503-3]<br />
|-<br />
| {{CVE|CVE-2014-8143}} [https://www.samba.org/samba/security/CVE-2014-8143 templink] || {{pkg|samba}} || 2015-01-15 || <= 4.1.15-1 || 4.1.16-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000206.html ASA-201501-10]<br />
|-<br />
| {{CVE|CVE-2015-1197}} [http://www.openwall.com/lists/oss-security/2015/01/18/7 templink] || {{pkg|cpio}} || 2015-01-16 || <= 2.11-5 || 2.11-6 || 65d || Fixed ({{bug|44173}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000263.html ASA-201503-22]<br />
|-<br />
| {{CVE|CVE-2015-1196}} {{CVE|CVE-2014-9637}} [http://www.openwall.com/lists/oss-security/2015/01/18/6 templink] [https://savannah.gnu.org/bugs/?44051 templink] || {{pkg|patch}} || 2015-01-14 || <= 2.7.1-3 || 2.7.3-1 || 14d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000223.html ASA-201501-24]<br />
|-<br />
| {{CVE|CVE-2014-9571}} {{CVE|CVE-2014-9572}} {{CVE|CVE-2014-9573}} {{CVE|CVE-2014-9624}} {{CVE|CVE-2015-1042}} [http://www.openwall.com/lists/oss-security/2015/01/17/1 templink] [http://www.openwall.com/lists/oss-security/2015/01/17/3 templink] [http://www.openwall.com/lists/oss-security/2015/01/17/2 templink] [http://www.openwall.com/lists/oss-security/2015/01/18/11 templink] || {{pkg|mantisbt}} || 2015-01-17 || <= 1.2.18-1 || 1.2.19-1 || 20d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000226.html ASA-201502-3]<br />
|-<br />
| {{CVE|CVE-2014-8634}} {{CVE|CVE-2014-8635}} {{CVE|CVE-2014-8638}} {{CVE|CVE-2014-8639}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/ templink] || {{pkg|thunderbird}} || 2015-01-13 || <= 31.3.0-1 || 31.4.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000203.html ASA-201501-7]<br />
|-<br />
| {{CVE|CVE-2014-8634}} {{CVE|CVE-2014-8635}} {{CVE|CVE-2014-8636}} {{CVE|CVE-2014-8637}} {{CVE|CVE-2014-8638}} {{CVE|CVE-2014-8639}} {{CVE|CVE-2014-8640}} {{CVE|CVE-2014-8641}} {{CVE|CVE-2014-8642}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2015-01-13 || <= 34.0.5-1 || 35.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000202.html ASA-201501-6]<br />
|-<br />
| {{CVE|CVE-2014-3571}} {{CVE|CVE-2015-0206}} {{CVE|CVE-2014-3569}} {{CVE|CVE-2014-3572}} {{CVE|CVE-2015-0205}} {{CVE|CVE-2014-8275}} {{CVE|CVE-2014-3570}} [https://www.openssl.org/news/secadv_20150108.txt templink] || {{pkg|openssl}} || 2015-01-08 || <= 1.0.1.j-1 || 1.0.1.k-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000198.html ASA-201501-2]<br />
|-<br />
| {{CVE|CVE-2014-8150}} [http://curl.haxx.se/docs/adv_20150108B.html templink] || {{pkg|curl}} || 2015-01-08 || <= 7.39.0-1 || 7.40.0-1 || 10d || Fixed ({{bug|43379}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000205.html ASA-201501-9]<br />
|-<br />
| {{CVE|CVE-2014-6272}} [http://archives.seul.org/libevent/users/Jan-2015/msg00010.html templink] || {{pkg|libevent}} || 2015-01-05 || <= 2.0.21-3 || 2.0.22-1 || 7d || Fixed ({{bug|43366}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000200.html ASA-201501-4] <br />
|-<br />
| {{CVE|CVE-2014-8139}} {{CVE|CVE-2014-8140}} {{CVE|CVE-2014-8141}} [http://www.ocert.org/advisories/ocert-2014-011.html templink] || {{pkg|unzip}} || 2014-12-22 || <= 6.0-7 || 6.0-9 || 17d || Fixed ({{bug|43300}}) ({{bug|43391}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000199.html ASA-201501-3]<br />
|-<br />
| {{CVE|CVE-2014-6395}} {{CVE|CVE-2014-6396}} {{CVE|CVE-2014-9376}} {{CVE|CVE-2014-9377}} {{CVE|CVE-2014-9378}} {{CVE|CVE-2014-9379}} {{CVE|CVE-2014-9380}} {{CVE|CVE-2014-9381}} [https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/ templink] || {{pkg|ettercap}} {{pkg|ettercap-gtk}} || 2014-12-16 || <= 0.8.1-2 || 0.8.2-1 || 89d || Fixed ({{bug|44174}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000253.html ASA-201503-12] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000254.html ASA-201503-13]<br />
|-<br />
| {{CVE|CVE-2014-9425}} [https://bugs.php.net/bug.php?id=68676 templink] || {{pkg|php}} || 2014-12-29 || <= 5.6.4-1 || 5.6.5-1 || 6d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-9295}} {{CVE|CVE-2014-9296}} [http://support.ntp.org/bin/view/Main/SecurityNotice#Buffer_overflow_in_ctl_putdata templink] || {{pkg|ntp}} || 2014-12-19 || < 4.2.8-1 || 4.2.8-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000189.html ASA-201412-24]<br />
|-<br />
| {{CVE|CVE-2014-8142}} [https://bugzilla.redhat.com/show_bug.cgi?id=1175718 templink] || {{pkg|php}} || 2014-12-18 || <= 5.6.3-1 || 5.6.4-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000183.html ASA-201412-23]<br />
|-<br />
| {{CVE|CVE-2014-8137}} {{CVE|CVE-2011-4516}} {{CVE|CVE-2011-4517}} [https://marc.info/?l=oss-security&m=141891163026757&w=2 templink] || {{pkg|jasper}} || 2014-12-18 || <= 1.900.1-11 || 1.900.1-12 || 1d || Fixed ({{bug|43155}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000182.html ASA-201412-22]<br />
|-<br />
| {{CVE|CVE-2014-9029}} [https://marc.info/?l=oss-security&m=141770163916268&w=2 templink] || {{pkg|jasper}} || 2014-12-04 || <= 1.900.1-10 || 1.900.1-12 || 6d || Fixed ({{bug|43044}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000182.html ASA-201412-22]<br />
|-<br />
| {{CVE|CVE-2012-3406}} {{CVE|CVE-2014-9402}} [http://www.openwall.com/lists/oss-security/2014/12/18/1 templink] || {{pkg|glibc}} {{pkg|lib32-glibc}} || 2014-12-17 || <= 2.20-4 || 2.20-5 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000181.html ASA-201412-21]<br />
|-<br />
| {{CVE|CVE-2014-9253}} [http://seclists.org/oss-sec/2014/q4/1050 templink] || {{pkg|dokuwiki}} || 2014-12-15 || <= 20140929_a-1 || 20140929_b-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000177.html ASA-201412-19]<br />
|-<br />
| {{CVE|CVE-2014-3580}} {{CVE|CVE-2014-8108}} [https://subversion.apache.org/security/CVE-2014-3580-advisory.txt templink] [https://subversion.apache.org/security/CVE-2014-8108-advisory.txt templink] || {{pkg|subversion}} || 2014-12-16 || <= 1.8.10-1 || 1.8.11-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000175.html ASA-201412-17]<br />
|-<br />
| {{CVE|CVE-2014-9356}} {{CVE|CVE-2014-9357}} {{CVE|CVE-2014-9358}} [http://www.securityfocus.com/archive/1/534215 templink] || {{pkg|docker}} || 2014-12-12 || <= 1:1.3.2-1 || 1:1.4.0-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000174.html ASA-201412-16]<br />
|-<br />
| {{CVE|CVE-2013-1752}} {{CVE|CVE-2013-1753}} {{CVE|CVE-2014-9365}} [https://hg.python.org/cpython/raw-file/v2.7.9/Misc/NEWS templink] || {{pkg|python2}} || 2014-12-11 || <= 2.7.8-1 || 2.7.9-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000173.html ASA-201412-15]<br />
|-<br />
| {{CVE|CVE-2014-0580}} {{CVE|CVE-2014-0587}} {{CVE|CVE-2014-8443}} {{CVE|CVE-2014-9162}} {{CVE|CVE-2014-9163}} {{CVE|CVE-2014-9164}} [https://helpx.adobe.com/security/products/flash-player/apsb14-27.html templink] || {{pkg|flashplugin}} || 2014-12-09 || <= 11.2.202.424-1 || 11.2.202.425-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000171.html ASA-201412-13]<br />
|-<br />
| {{CVE|CVE-2014-8091}} {{CVE|CVE-2014-8092}} {{CVE|CVE-2014-8093}} {{CVE|CVE-2014-8094}} {{CVE|CVE-2014-8095}} {{CVE|CVE-2014-8096}} {{CVE|CVE-2014-8097}} {{CVE|CVE-2014-8098}} {{CVE|CVE-2014-8099}} {{CVE|CVE-2014-8100}} {{CVE|CVE-2014-8101}} {{CVE|CVE-2014-8102}} {{CVE|CVE-2014-8103}} [http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/ templink] || {{pkg|xorg-server}} || 2014-12-09 || <= 1.16.2-1 || 1.16.2.901-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000172.html ASA-201412-14]<br />
|-<br />
| {{CVE|CVE-2014-8093}} {{CVE|CVE-2014-8098}} {{CVE|CVE-2014-8298}} [https://nvidia.custhelp.com/app/answers/detail/a_id/3610 templink] || {{pkg|nvidia}} {{pkg|nvidia-lts}} || 2014-12-09 || <= 343.22-6 || 343.36-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000170.html ASA-201412-12]<br />
|-<br />
| {{CVE|CVE-2014-8093}} {{CVE|CVE-2014-8098}} {{CVE|CVE-2014-8298}} [https://nvidia.custhelp.com/app/answers/detail/a_id/3610 templink] || {{pkg|nvidia-340xx}} {{pkg|nvidia-340xx-lts}} || 2014-12-09 || <= 340.58-3 || 340.65-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000169.html ASA-201412-11]<br />
|-<br />
| {{CVE|CVE-2014-8093}} {{CVE|CVE-2014-8098}} {{CVE|CVE-2014-8298}} [https://nvidia.custhelp.com/app/answers/detail/a_id/3610 templink] || {{pkg|nvidia-304xx}} {{pkg|nvidia-304xx-lts}} || 2014-12-09 || < 304.125-1 || 304.125-1 || < 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000168.html ASA-201412-10]<br />
|-<br />
| {{CVE|CVE-2014-8601}} [http://doc.powerdns.com/md/security/powerdns-advisory-2014-02/ templink] || {{pkg|powerdns-recursor}} || 2014-12-09 || <= 3.6.1-1 || 3.6.2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000167.html ASA-201412-9]<br />
|-<br />
| {{CVE|CVE-2014-8602}} [https://unbound.net/downloads/CVE-2014-8602.txt templink] || {{pkg|unbound}} || 2014-12-09 || <= 1.5.0-1 || 1.5.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000166.html ASA-201412-8]<br />
|-<br />
| {{CVE|CVE-2014-8500}} {{CVE|CVE-2014-8680}} [http://svnweb.freebsd.org/ports?view=revision&revision=374305 templink] || {{pkg|bind}} || 2014-12-08 || <= 9.10.1-2 || 9.10.1.P1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000165.html ASA-201412-7]<br />
|-<br />
| {{CVE|CVE-2014-9274}} {{CVE|CVE-2014-9275}} [http://seclists.org/oss-sec/2014/q4/904 templink] || {{pkg|unrtf}} || 2014-12-04 || <= 0.21.5-1 || 0.21.7-1 || 10d || Fixed ({{bug|43131}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000178.html ASA-201412-20]<br />
|-<br />
| {{CVE|CVE-2014-1587}} {{CVE|CVE-2014-1588}} {{CVE|CVE-2014-1589}} {{CVE|CVE-2014-1590}} {{CVE|CVE-2014-1591}} {{CVE|CVE-2014-1592}} {{CVE|CVE-2014-1593}} {{CVE|CVE-2014-1594}} {{CVE|CVE-2014-8631}} {{CVE|CVE-2014-8632}} [https://www.mozilla.org/fr/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2014-12-02 || <= 33.1.1-1 || 34.0.5-1 || < 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000161.html ASA-201412-3]<br />
|-<br />
| {{CVE|CVE-2014-9157}} [http://seclists.org/oss-sec/2014/q4/872 templink] || {{pkg|graphviz}} || 2014-11-25 || <= 2.38.0-2 || 2.38.0-3 || 8d || Fixed ({{bug|42983}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000162.html ASA-201412-4]<br />
|-<br />
| {{CVE|CVE-2014-8123}} [http://seclists.org/oss-sec/2014/q4/874 templink] || {{pkg|antiword}} || 2014-12-01 || <= 0.37-4 || 0.37-5 || 3d || Fixed ({{bug|42982}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000163.html ASA-201412-5]<br />
|-<br />
| {{CVE|CVE-2014-8104}} [https://forums.openvpn.net/topic17625.html templink] || {{pkg|openvpn}} || 2014-11-30 || <= 2.3.5-1 || 2.3.6-1 || 4d || Fixed ({{bug|42975}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000160.html ASA-201412-2]<br />
|-<br />
| {{CVE|CVE-2014-9087}} [http://seclists.org/oss-sec/2014/q4/801 templink] || {{pkg|gnupg}} || 2014-11-25 || <= 2.1.0-5 || 2.1.0-6 || 4d || Fixed ({{bug|42943}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000159.html ASA-201412-1]<br />
|-<br />
| {{CVE|CVE-2014-9087}} [http://seclists.org/oss-sec/2014/q4/801 templink] || {{pkg|libksba}} || 2014-11-25 || <= 1.3.1-1 || 1.3.2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000156.html ASA-201411-31]<br />
|-<br />
| {{CVE|CVE-2014-9114}} [http://seclists.org/oss-sec/2014/q4/819 templink] || {{pkg|util-linux}} || 2014-11-27 || <= 2.25.2-1 || 2.26.1-3 || 117d || Fixed ({{bug|43886}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000264.html ASA-201503-23]<br />
|-<br />
| {{CVE|CVE-2014-9112}} [http://seclists.org/oss-sec/2014/q4/818 templink] || {{pkg|cpio}} || 2014-11-26 || <= 2.11-4 || 2.11-5 || 20d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000201.html ASA-201501-5]<br />
|-<br />
| {{CVE|CVE-2014-9116}} [http://seclists.org/oss-sec/2014/q4/835 templink] || {{pkg|mutt}} || 2014-11-27 || <= 1.5.23-1 || 1.5.23-2 || 71d || Fixed ({{bug|44110}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000247.html ASA-201503-6]<br />
|-<br />
| {{CVE|CVE-2014-9093}} [https://bugs.freedesktop.org/show_bug.cgi?id=86449 templink] || {{pkg|libreoffice-fresh}} || 2014-11-19 || <= 4.3.4-1 ||4.3.5-1 || 31d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-9092}} [https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768369#114 templink] || {{pkg|libjpeg-turbo}} || 2014-11-26 || <= 1.3.1-2 || 1.3.1-3 || 2d || Fixed ({{bug|42922}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000158.html ASA-201411-33]<br />
|-<br />
| {{CVE|CVE-2014-9272}} {{CVE|CVE-2014-9270}} {{CVE|CVE-2014-8987}} {{CVE|CVE-2014-9271}} {{CVE|CVE-2014-9281}} {{CVE|CVE-2014-8986}} {{CVE|CVE-2014-9269}} {{CVE|CVE-2014-9280}} {{CVE|CVE-2014-9089}} {{CVE|CVE-2014-9279}} {{CVE|CVE-2014-8988}} {{CVE|CVE-2014-8553}} {{CVE|CVE-2014-6387}} {{CVE|CVE-2014-6316}} {{CVE|CVE-2014-9117}} [https://www.mantisbt.org/bugs/view.php?id=17841 templink] [https://www.mantisbt.org/bugs/view.php?id=17811 templink] [http://seclists.org/oss-sec/2014/q4/955 templink] || {{pkg|mantisbt}} || 2014-11-25 || <= 1.2.17-4 || 1.2.18-1 || 13d || Fixed ({{bug|42920}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000164.html ASA-201412-6]<br />
|-<br />
| {{CVE|CVE-2014-9090}} [https://marc.info/?l=oss-security&m=141698775601426&w=2 templink] || {{pkg|linux}} {{pkg|linux-lts}} || 2014-11-26 || <= 3.18-rc6 || 3.19 || - || Not Affected || None<br />
|-<br />
| {{CVE|CVE-2014-9018}} {{CVE|CVE-2014-9091}} [http://seclists.org/oss-sec/2014/q4/694 templink] || {{pkg|icecast}} || 2014-11-20 || <= 2.4.0-1 || 2.4.1-1 || 8d || Fixed ({{bug|42912}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000157.html ASA-201411-32]<br />
|-<br />
| {{CVE|CVE-2014-8964}} [http://bugs.exim.org/show_bug.cgi?id=1546 templink] || {{pkg|pcre}} || 2014-11-18 || <= 8.36-1 || 8.36-2 || 8d || Fixed ({{bug|42860}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000154.html ASA-201411-29]<br />
|-<br />
| {{CVE|CVE-2014-8962}} {{CVE|CVE-2014-9028}} [http://www.ocert.org/advisories/ocert-2014-008.html templink] || {{pkg|flac}} || 2014-11-25 || <= 1.3.0-4 || 1.3.0-5 || < 1d || Fixed ({{bug|42898}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000155.html ASA-201411-30]<br />
|-<br />
| {{CVE|CVE-2014-7899}} {{CVE|CVE-2014-7900}} {{CVE|CVE-2014-7901}} {{CVE|CVE-2014-7902}} {{CVE|CVE-2014-7903}} {{CVE|CVE-2014-7904}} {{CVE|CVE-2014-7906}} {{CVE|CVE-2014-7907}} {{CVE|CVE-2014-7908}} {{CVE|CVE-2014-7909}} {{CVE|CVE-2014-7910}} [http://googlechromereleases.blogspot.in/2014/11/stable-channel-update_18.html templink] || {{pkg|chromium}} || 2014-11-20 || <= 38.0.2125.122-1 || 39.0.2171.65-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000151.html ASA-201411-26]<br />
|-<br />
| {{CVE|CVE-2014-9015}} {{CVE|CVE-2014-9016}} [http://seclists.org/oss-sec/2014/q4/697 templink] || {{pkg|drupal}} || 2014-11-19 || <= 7.33-1 || 7.34-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000150.html ASA-201411-25]<br />
|-<br />
| {{CVE|CVE-2013-6497}} [http://seclists.org/oss-sec/2014/q4/673 templink] || {{pkg|clamav}} || 2014-11-18 || <= 0.98.4-1 || 0.98.5-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000146.html ASA-201411-21]<br />
|-<br />
| {{CVE|CVE-2014-7817}} [https://sourceware.org/bugzilla/show_bug.cgi?id=17625 templink] || {{pkg|glibc}} {{pkg|lib32-glibc}} || 2014-11-19 || <= 2.20-2 || 2.20.3 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000152.html ASA-201411-27]<br />
|-<br />
| {{CVE|CVE-2014-8600}} [https://www.kde.org/info/security/advisory-20141113-1.txt templink] || {{pkg|kwebkitpart}} || 2014-11-18 || <= 1.3.4-2 || 1.3.4-3 || 4d || Fixed ({{bug|44170}} {{bug|42775}}) || None<br />
|-<br />
| {{CVE|CVE-2014-8767}} {{CVE|CVE-2014-8768}} {{CVE|CVE-2014-8769}} {{CVE|CVE-2014-9140}} {{CVE|CVE-2015-0261}} {{CVE|CVE-2015-2153}} {{CVE|CVE-2015-2154}} {{CVE|CVE-2015-2155}} [http://www.securityfocus.com/archive/1/534011/30/0/threaded templink] [http://www.securityfocus.com/archive/1/534010/30/0/threaded templink] [http://www.securityfocus.com/archive/1/534009/30/0/threaded templink] [https://github.com/the-tcpdump-group/tcpdump/commit/0f95d441e4b5d7512cc5c326c8668a120e048eda templink] || {{pkg|tcpdump}} || 2014-11-18 || <= 4.6.2-1 || 4.7.3-1 || 88d || Fixed ({{bug|44153}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000261.html ASA-201503-20]<br />
|-<br />
| {{CVE|CVE-2014-8090}} || {{pkg|ruby}} || 2014-11-13 || <= 2.1.4-1 || 2.1.5-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000141.html ASA-201411-16]<br />
|-<br />
| {{CVE|CVE-2014-7823}} || {{pkg|libvirt}} || 2014-11-13 || <= 1.2.10-1 ||1.2.11-1 ||33d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-8710}} {{CVE|CVE-2014-8711}} {{CVE|CVE-2014-8712}} {{CVE|CVE-2014-8713}} {{CVE|CVE-2014-8714}} [https://www.wireshark.org/security/wnpa-sec-2014-20.html templink] [https://www.wireshark.org/security/wnpa-sec-2014-21.html templink] [https://www.wireshark.org/security/wnpa-sec-2014-22.html templink] || {{pkg|wireshark-cli}} {{pkg|wireshark-gtk}} {{pkg|wireshark-qt}} || 2014-11-13 || <= 1.12.1-1 || 1.12.2-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000147.html ASA-201411-22] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000148.html ASA-201411-23] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000149.html ASA-201411-24]<br />
|-<br />
| {{CVE|CVE-2014-0573}} {{CVE|CVE-2014-0574}} {{CVE|CVE-2014-0576}} {{CVE|CVE-2014-0577}} {{CVE|CVE-2014-0581}} {{CVE|CVE-2014-0582}} {{CVE|CVE-2014-0583}} {{CVE|CVE-2014-0584}} {{CVE|CVE-2014-0585}} {{CVE|CVE-2014-0586}} {{CVE|CVE-2014-0588}} {{CVE|CVE-2014-0589}} {{CVE|CVE-2014-0590}} {{CVE|CVE-2014-8437}} {{CVE|CVE-2014-8438}} {{CVE|CVE-2014-8440}} {{CVE|CVE-2014-8441}} {{CVE|CVE-2014-8442}} [https://helpx.adobe.com/security/products/flash-player/apsb14-24.html templink] || {{pkg|flashplugin}} || 2014-11-11 || <= 11.2.202.411-1 || 11.2.202.418-1 || <1d || Fixed ({{bug|42769}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000136.html ASA-201411-11]<br />
|-<br />
| {{CVE|CVE-2014-3710}} [https://bugzilla.redhat.com/show_bug.cgi?id=1155071 templink] || {{pkg|php}} || 2014-10-29 || <= 5.6.2-2 || 5.6.3-1 || 14d || Fixed ({{bug|42764}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000138.html ASA-201411-13]<br />
|-<br />
| {{CVE|CVE-2014-8564}} [http://www.gnutls.org/security.html#GNUTLS-SA-2014-5 templink]|| {{pkg|gnutls}} || 2014-11-10 || <= 3.3.9-1 ||3.3.10-1 ||<1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000135.html ASA-201411-10]<br />
|-<br />
| {{CVE|CVE-2014-8716}} [http://seclists.org/oss-sec/2014/q4/591 templink]|| {{pkg|imagemagick}} || 2014-11-12 || <= 6.8.9.9-1 || 6.8.9.10-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000137.html ASA-201411-12]<br />
|-<br />
| {{CVE|CVE-2014-3710}} [https://bugzilla.redhat.com/show_bug.cgi?id=1155071 templink] || {{pkg|file}} || 2014-10-29 || <= 5.20-1 || 5.20-2 || 12d || Fixed ({{bug|42759}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000134.html ASA-201411-9]<br />
|-<br />
| {{CVE|CVE-2014-1569}} [https://bugzilla.mozilla.org/show_bug.cgi?id=1064670 templink] || {{pkg|nss}} || 2014-11-07 || <= 3.17.2-1 || 3.17.3-1 || 22d || Fixed ({{bug|42760}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000176.html ASA-201412-18]<br />
|-<br />
| {{CVE|CVE-2014-7824}} [http://www.openwall.com/lists/oss-security/2014/11/10/2 templink] || {{pkg|dbus}} || 2014-11-10 || <= 1.8.8-1 || 1.8.10-1 || 14d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000153.html ASA-201411-28]<br />
|-<br />
| {{CVE|CVE-2014-8598}} {{CVE|CVE-2014-7146}} [http://www.openwall.com/lists/oss-security/2014/11/07/27 templink] [http://www.openwall.com/lists/oss-security/2014/11/07/28 templink]|| {{pkg|mantisbt}} || 2014-11-08 || <= 1.2.17-3 || 1.2.17-4 || <4d || Fixed ({{bug|42761}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000133.html ASA-201411-8]<br />
|-<br />
| {{CVE|CVE-2014-8483}} [https://www.kde.org/info/security/advisory-20141104-1.txt templink] || {{pkg|konversation}} || 2014-11-04 || <= 1.5-1 || 1.5.1-1 || <4d || Fixed ({{bug|42698}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000130.html ASA-201411-5]<br />
|-<br />
| {{CVE|CVE-2014-3707}} [http://curl.haxx.se/docs/adv_20141105.html templink]|| {{pkg|curl}} || 2014-11-05 || <= 7.38.0-3 || 7.39.0-1 || 6d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000132.html ASA-201411-7]<br />
|-<br />
| {{CVE|CVE-2014-8651}} [http://seclists.org/oss-sec/2014/q4/520 templink]|| {{pkg|kdebase-workspace}} || 2014-11-04 || <= 4.11.13-1 || 4.11.13-2 || 6d || Fixed ({{bug|42679}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000131.html ASA-201411-6]<br />
|-<br />
| {{CVE|CVE-2014-8627}} {{CVE|CVE-2014-8628}} [http://www.openwall.com/lists/oss-security/2014/11/04/6 templink]|| {{pkg|polarssl}} || 2014-10-23 || <= 1.3.8-3 || 1.3.9-1 || 11d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000129.html ASA-201411-4]<br />
|-<br />
| {{CVE|CVE-2014-8321}} {{CVE|CVE-2014-8322}} {{CVE|CVE-2014-8323}} {{CVE|CVE-2014-8324}} [http://www.securityfocus.com/archive/1/533869/30/0/threaded templink]|| {{pkg|aircrack-ng}} || 2014-11-02 || <= 1.2beta3-1 || 1.2rc1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000127.html ASA-201411-2]<br />
|-<br />
| {{CVE|CVE-2014-8554}} [http://www.openwall.com/lists/oss-security/2014/10/30/9 templink]|| {{pkg|mantisbt}} || 2014-10-30 || <= 1.2.17-2 || 1.2.17-3 || 5d || Fixed ({{bug|42683}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000128.html ASA-201411-3]<br />
|-<br />
| {{CVE|CVE-2014-8354}} {{CVE|CVE-2014-8355}} {{CVE|CVE-2014-8561}} {{CVE|CVE-2014-8562}} [http://seclists.org/oss-sec/2014/q4/466 templink]|| {{pkg|imagemagick}} || 2014-10-29 || <= 6.8.9.8-1 || 6.8.9.9-1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-8517}} [http://seclists.org/oss-sec/2014/q4/459 templink]|| {{pkg|tnftp}} || 2014-10-28 || <= 20130505-2 || 20141031-1 || 4d || Fixed ({{bug|42646}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000126.html ASA-201411-1]<br />
|-<br />
| {{CVE|CVE-2014-4877}} [http://git.savannah.gnu.org/cgit/wget.git/commit/?id=18b0979357ed7dc4e11d4f2b1d7e0f5932d82aa7 templink]|| {{pkg|wget}} || 2014-10-27 || <= 1.15-1 || 1.16-1 || <2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000125.html ASA-201410-14]<br />
|-<br />
| {{CVE|CVE-2014-8484}} {{CVE|CVE-2014-8485}} {{CVE|CVE-2014-8501}} {{CVE|CVE-2014-8502}} {{CVE|CVE-2014-8503}} {{CVE|CVE-2014-8504}} {{CVE|CVE-2014-8737}} {{CVE|CVE-2014-8738}} [http://seclists.org/oss-sec/2014/q4/424 templink] [http://seclists.org/oss-sec/2014/q4/599 tmplink] [http://seclists.org/oss-sec/2014/q4/600 templink] || {{pkg|avr-binutils}} || 2014-10-23 || <= 2.24-2 || 2.24-3 || 27d || Fixed ({{bug|42773}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000145.html ASA-201411-20]<br />
|-<br />
| {{CVE|CVE-2014-8484}} {{CVE|CVE-2014-8485}} {{CVE|CVE-2014-8501}} {{CVE|CVE-2014-8502}} {{CVE|CVE-2014-8503}} {{CVE|CVE-2014-8504}} {{CVE|CVE-2014-8737}} {{CVE|CVE-2014-8738}} [http://seclists.org/oss-sec/2014/q4/424 templink] [http://seclists.org/oss-sec/2014/q4/599 tmplink] [http://seclists.org/oss-sec/2014/q4/600 templink] || {{pkg|mingw-w64-binutils}} || 2014-10-23 || <= 2.24-1 || 2.24-2 || 26d || Fixed ({{bug|42773}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000144.html ASA-201411-19]<br />
|-<br />
| {{CVE|CVE-2014-8484}} {{CVE|CVE-2014-8485}} {{CVE|CVE-2014-8501}} {{CVE|CVE-2014-8502}} {{CVE|CVE-2014-8503}} {{CVE|CVE-2014-8504}} {{CVE|CVE-2014-8737}} {{CVE|CVE-2014-8738}} [http://seclists.org/oss-sec/2014/q4/424 templink] [http://seclists.org/oss-sec/2014/q4/599 tmplink] [http://seclists.org/oss-sec/2014/q4/600 templink] || {{pkg|arm-none-eabi-binutils}} || 2014-10-23 || <= 2.24-2 || 2.24-3 || 26d || Fixed ({{bug|42773}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000143.html ASA-201411-18]<br />
|-<br />
| {{CVE|CVE-2014-8484}} {{CVE|CVE-2014-8485}} {{CVE|CVE-2014-8501}} {{CVE|CVE-2014-8502}} {{CVE|CVE-2014-8503}} {{CVE|CVE-2014-8504}} {{CVE|CVE-2014-8737}} {{CVE|CVE-2014-8738}} [http://seclists.org/oss-sec/2014/q4/424 templink] [http://seclists.org/oss-sec/2014/q4/599 tmplink] [http://seclists.org/oss-sec/2014/q4/600 templink] || {{pkg|binutils}} || 2014-10-23 || <= 2.24-7 || 2.24-8 || 26d || Fixed ({{bug|42773}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000142.html ASA-201411-17]<br />
|-<br />
| {{CVE|CVE-2014-8559}} [http://www.openwall.com/lists/oss-security/2014/10/30/7 templink] || {{pkg|linux}}, {{pkg|linux-lts}} || 2014-10-30 || <= 3.17.3-1, <= 3.14.24-1 ||3.17.4-1 3.14.25-1 || ~23d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-3610}} {{CVE|CVE-2014-3611}} {{CVE|CVE-2014-3646}} {{CVE|CVE-2014-3647}} {{CVE|CVE-2014-7825}} {{CVE|CVE-2014-7826}} {{CVE|CVE-2014-8369}} [http://permalink.gmane.org/gmane.comp.security.oss.general/14526 templink] [http://seclists.org/oss-sec/2014/q4/548 templink] || {{pkg|linux}}, {{pkg|linux-lts}} || 2014-10-21 || <= 3.17.2-1, <= 3.14.23-1 || 3.17.3-1, 3.14.24-1 || || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000139.html ASA-201411-14] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000140.html ASA-201411-15]<br />
|-<br />
| {{CVE|CVE-2014-8480}} {{CVE|CVE-2014-8481}} [http://permalink.gmane.org/gmane.comp.security.oss.general/14526 templink] || {{pkg|linux}} || 2014-10-21 || <= 3.17.2-1 || 3.17.3-1 || || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000139.html ASA-201411-14]<br />
|-<br />
| {{CVE|CVE-2014-3695}} {{CVE|CVE-2014-3696}} {{CVE|CVE-2014-3698}} [https://pidgin.im/news/security/ templink] || {{pkg|libpurple}} || 2014-10-22 || <= 2.10.9-2 || 2.10.10-1 || < 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000120.html ASA-201410-9]<br />
|-<br />
| {{CVE|CVE-2014-8760}} || {{pkg|ejabberd}} || 2014-10-13 || <= 14.07-1 || 14.07-2 || 14d || Fixed ({{bug|42541}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000124.html ASA-201410-13]<br />
|-<br />
| {{CVE|CVE-2014-3686}} || {{pkg|wpa_supplicant}}, {{pkg|hostapd}} || 2014-10-09 || <= 2.2-2 || 2.3-1 || ~10d || Fixed ({{bug|42401}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000119.html ASA-201410-8]<br />
|-<br />
| {{CVE|CVE-2014-0191}} {{CVE|CVE-2014-3660}} || {{pkg|libxml2}} || 2014-10-16 || <= 2.9.1-5 || 2.9.2-1 || 8d || Fixed ({{bug|40790}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000123.html ASA-201410-12]<br />
|-<br />
| {{CVE|CVE-2014-3704}} [https://www.drupal.org/SA-CORE-2014-005 templink] || {{pkg|drupal}} || 2014-10-15 || <= 7.31-2 || 7.32-1 || 1d || Fixed ({{bug|42388}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000118.html ASA-201410-7]<br />
|-<br />
| {{CVE|CVE-2014-3513}} {{CVE|CVE-2014-3566}} {{CVE|CVE-2014-3567}} {{CVE|CVE-2014-3568}} [https://www.openssl.org/news/secadv_20141015.txt templink] [https://www.openssl.org/~bodo/ssl-poodle.pdf temp link] || {{pkg|openssl}} || 2014-10-15 || <= 1.0.1.i-1 || 1.0.1.j-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000117.html ASA-201410-6]<br />
|-<br />
| {{CVE|CVE-2014-8242}} [http://www.openwall.com/lists/oss-security/2014/10/13/2 temp link] || {{pkg|librsync}} || 2014-10-12 || <= 0.9.7-7 || 1.0.0-1 || 166d || Fixed ({{bug|44175}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000251.html ASA-201503-10]<br />
|-<br />
| {{CVE|CVE-2014-7203}} {{CVE|CVE-2014-7202}} [http://seclists.org/oss-sec/2014/q3/776 temp link] || {{pkg|zeromq}} || 2014-09-27 || <= 4.0.4-4 || 4.0.5-1 || 18d || Fixed ({{bug|42381}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000116.html ASA-201410-4]<br />
|-<br />
| {{CVE|CVE-2014-6051}} {{CVE|CVE-2014-6052}} {{CVE|CVE-2014-6053}} {{CVE|CVE-2014-6054}} {{CVE|CVE-2014-6055}} [http://seclists.org/oss-sec/2014/q3/639 temp link] || {{pkg|libvncserver}} || 2014-09-23 || <= 0.9.9-3 || 0.9.10-1 || 31d || Fixed ({{bug|42321}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000121.html ASA-201410-10]<br />
|-<br />
| {{CVE|CVE-2014-3683}} [http://www.rsyslog.com/remote-syslog-pri-vulnerability-cve-2014-3683/ temp link] || {{pkg|rsyslog}} || 2014-10-02 || <= 8.4.1-1 || 8.4.2-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000115.html ASA-201410-5]<br />
|-<br />
| {{CVE|CVE-2014-7204}} [http://seclists.org/oss-sec/2014/q3/842 temp link] || {{pkg|ctags}} || 2014-09-29 || <= 5.8-4 || 5.8-5 || 26d || Fixed ({{bug|42246}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000122.html ASA-201410-11]<br />
|-<br />
| {{CVE|CVE-2014-7295}} [https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-October/000163.html temp link] || {{pkg|mediawiki}} || 2014-10-02 || <= 1.23.4-1 || 1.23.5-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000114.html ASA-201410-3]<br />
|-<br />
| {{CVE|CVE-2014-3661}} {{CVE|CVE-2014-3662}} {{CVE|CVE-2014-3663}} {{CVE|CVE-2014-3664}} {{CVE|CVE-2014-3680}} {{CVE|CVE-2014-3681}} {{CVE|CVE-2014-3666}} {{CVE|CVE-2014-3667}} {{CVE|CVE-2013-2186}} {{CVE|CVE-2014-1869}} {{CVE|CVE-2014-3678}} {{CVE|CVE-2014-3679}} [https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01 temp link] || {{pkg|jenkins}} || 2014-10-01 || <= 1.582-1 || 1.583-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000113.html ASA-201410-2]<br />
|-<br />
| {{CVE|CVE-2014-3634}} [http://www.rsyslog.com/remote-syslog-pri-vulnerability/ temp link] || {{pkg|rsyslog}} || 2014-09-30 || <= 8.4.0-1 || 8.4.1-1 || 1d || Fixed ({{bug|42200}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000112.html ASA-201410-1]<br />
|-<br />
| {{CVE|CVE-2014-3657}} {{CVE|CVE-2014-3633}} [https://www.debian.org/security/2014/dsa-3038 temp link] || {{pkg|libvirt}} || 2014-09-26 || <= 1.2.8-1 || 1.2.8-2 || 3d || Fixed ({{bug|42159}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-September/000111.html ASA-201409-5]<br />
|-<br />
| {{CVE|CVE-2014-7199}} [https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-September/000161.html temp link] || {{pkg|mediawiki}} || 2014-09-24 || <= 1.23.3-1 || 1.23.4-1 || 5d || Fixed ({{bug|42161}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-September/000109.html ASA-201409-4]<br />
|-<br />
| {{CVE|CVE-2014-7185}} [http://bugs.python.org/issue21831 temp link] || {{pkg|python2}} || 2014-09-24 || < 2.7.8 || 2.7.8-1 || < 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-September/000102.html ASA-201409-3]<br />
|-<br />
| {{CVE|CVE-2014-1568}} [https://www.mozilla.org/security/announce/2014/mfsa2014-73.html temp link] || {{pkg|nss}} || 2014-09-24 || < 3.17.1 || 3.17.1-1 || < 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-September/000097.html ASA-201409-1]<br />
|-<br />
| {{CVE|CVE-2014-6271}} {{CVE|CVE-2014-7169}} {{CVE|CVE-2014-7186}} {{CVE|CVE-2014-7187}} {{CVE|CVE-2014-6277}} {{CVE|CVE-2014-6278}} [http://seclists.org/oss-sec/2014/q3/649 temp link] || {{pkg|bash}} || 2014-09-24 || <= 4.3.024-1 || 4.3.026-1 || 2d || Fixed ({{bug|42109}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-September/000099.html ASA-201409-2]<br />
|-<br />
| {{CVE|CVE-2014-3635}} {{CVE|CVE-2014-3636}} {{CVE|CVE-2014-3637}} {{CVE|CVE-2014-3638}} {{CVE|CVE-2014-3639}} [http://www.openwall.com/lists/oss-security/2014/09/16/9 temp link] || {{pkg|dbus}} {{pkg|libdbus}} {{pkg|lib32-libdbus}} || 2014-09-16 || < 1.8.8 || 1.8.8-1 || 1d || Fixed ({{bug|41993}}) || None<br />
|-<br />
| {{CVE|CVE-2014-3613}} {{CVE|CVE-2014-3620}} [http://curl.haxx.se/docs/security.html temp link] || {{pkg|curl}} {{pkg|lib32-curl}}|| 2014-09-10 || < 7.38.0 || 7.38.0-1 || 5d ({{pkg|curl}}), 7d ({{pkg|lib32-curl}}) || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-3609}} [http://www.squid-cache.org/Advisories/SQUID-2014_2.txt temp link] || {{pkg|squid}} || 2014-08-28 || < 3.4.7 || 3.4.7-1 || < 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-5119}} [https://sourceware.org/bugzilla/show_bug.cgi?id=17187 temp link] || {{pkg|glibc}} || 2014-07-21 || <= 2.19 || 2.20-2 || 55d || Fixed ({{bug|41713}}) || None<br />
|-<br />
| {{CVE|CVE-2014-3508}} {{CVE|CVE-2014-5139}} {{CVE|CVE-2014-3509}} {{CVE|CVE-2014-3505}} {{CVE|CVE-2014-3506}} {{CVE|CVE-2014-3507}} {{CVE|CVE-2014-3510}} {{CVE|CVE-2014-3511}} {{CVE|CVE-2014-3512}} [https://www.openssl.org/news/secadv_20140806.txt temp link] || {{pkg|openssl}} || 2014-08-06 || < 1.0.1.i || 1.0.1.i-1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0226}} [http://www.zerodayinitiative.com/advisories/ZDI-14-236/ temp link] || {{pkg|apache}} || 2014-07-15 || < 2.4.10 || 2.4.10-1 || ~7d || Fixed ({{bug|41244}}) || None<br />
|-<br />
| {{CVE|CVE-2014-4943}} [http://www.openwall.com/lists/oss-security/2014/07/17/1 temp link] || {{pkg|linux}}, {{pkg|linux-lts}}, {{pkg|linux-grsec}} || 2014-07-16 || || 3.15.5.201407170639-1 {{pkg|linux-grsec}}, 3.14.16 ({{pkg|linux-lts}}), 3.16 ({{pkg|linux}}) || 1d ({{pkg|linux-grsec}}), 23d ({{pkg|linux-lts}}), 27d {{pkg|linux}} || Fixed in {{pkg|linux}}, {{pkg|linux-lts}} ({{bug|41231}}), Fixed in {{pkg|linux-grsec}} || None<br />
|-<br />
| {{CVE|CVE-2014-0475}} [http://www.openwall.com/lists/oss-security/2014/07/10/7 temp link] || {{pkg|glibc}} || 2014-07-10 || <=2.19 || 2.20-2 || 66d || Fixed ({{bug|41166}}) || None<br />
|-<br />
| {{CVE|CVE-2014-4699}} [http://www.openwall.com/lists/oss-security/2014/07/04/4 temp link] || {{Pkg|linux}}, {{pkg|linux-lts}}, {{pkg|linux-grsec}} || 2014-07-04 || || 3.15.3.201407060933-1 {{pkg|linux-grsec}}, 3.15.4-1 {{pkg|linux}}, 3.14.11-1 {{pkg|linux-lts}} || 2d ({{pkg|linux-grsec}}), 3d ({{pkg|linux}}, {{pkg|linux-lts}}) || Fixed ({{bug|41115}}) || None<br />
|-<br />
| {{CVE|CVE-2014-4715}} [http://www.openwall.com/lists/oss-security/2014/07/02/13 temp link] || {{Pkg|lz4}} || 2014-07-02 || || 119-1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-4611}} [http://www.openwall.com/lists/oss-security/2014/06/26/25 temp link] || {{Pkg|linux}}, {{pkg|linux-grsec}}, {{pkg|lz4}} || 2014-06-26 || || 3.15.2-1 ({{pkg|linux}}), 3.15.2.201406262058-1 ({{pkg|linux-grsec}}), 118-1 {{pkg|lz4}} || <1d ({{pkg|linux}}, {{pkg|linux-grsec}}, {{pkg|lz4}}) || Fixed in {{pkg|linux}} ({{bug|40992}}), Fixed in {{pkg|linux-grsec}}, Fixed in {{pkg|lz4}} ({{bug|40997}}) || None<br />
|-<br />
| {{CVE|CVE-2014-4610}} [http://www.openwall.com/lists/oss-security/2014/06/26/23 temp link] || {{Pkg|ffmpeg}} || 2014-06-26 || || 1:2.2.4-1 || <2d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-4609}} [http://www.openwall.com/lists/oss-security/2014/06/26/22 temp link] || {{Pkg|gst-libav}} || 2014-06-26 || 1.2.4-1 || 1.2.4-2 (with libav 9.14) || 2d || Fixed ({{bug|40995}}) || None<br />
|-<br />
| {{CVE|CVE-2014-4608}} [http://www.openwall.com/lists/oss-security/2014/06/26/21 temp link] || {{Pkg|linux}}, {{pkg|linux-lts}}, {{pkg|linux-grsec}} || 2014-06-26 || || 3.15.2-1 ({{pkg|linux}}), 3.10.45-1 ({{pkg|linux-lts}}), 3.15.2.201406262058-1 ({{pkg|linux-grsec}}) || <1d ({{pkg|linux}}, {{pkg|linux-lts}}, {{pkg|linux-grsec}}) || Fixed in {{pkg|linux}} and {{pkg|linux-lts}} ({{bug|40992}}), Fixed in {{pkg|linux-grsec}} || None<br />
|-<br />
| {{CVE|CVE-2014-4607}} [http://www.openwall.com/lists/oss-security/2014/06/26/20 temp link] || {{Pkg|lzo2}} || 2014-06-26 || || 2.07-2 || 3d || Fixed ({{bug|40993}}) || None<br />
|-<br />
| {{CVE|CVE-2014-4617}} [http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000345.html temp link] || {{Pkg|gnupg}} || 2014-06-24 || < 2.0.24 || 2.0.24 || 7d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0244}} {{CVE|CVE-2014-3493}} [https://www.samba.org/samba/history/samba-4.1.9.html temp link] || {{Pkg|samba}} || 2014-06-23 || < 4.1.9 || 4.1.9 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1545}} [https://www.mozilla.org/security/announce/2014/mfsa2014-55.html temp link] || {{Pkg|nspr}} || 2014-06-10 || < 4.10.6 || 4.10.6 || ~1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-3859}} || {{Pkg|bind}} || 2014-06-11 || 9.10.0, 9.10.0-P1 || 9.10.0-P2 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-3477}} || {{Pkg|dbus}} || 2014-06-10 || <= 1.8.2 || 1.8.4 || 3d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0195}} {{CVE|CVE-2014-0198}} {{CVE|CVE-2010-5298}} {{CVE|CVE-2014-3470}} {{CVE|CVE-2014-0224}} {{CVE|CVE-2014-0221}} [http://www.openssl.org/news/secadv_20140605.txt temp link] || {{Pkg|openssl}} || 2014-06-05 || 1.0.1 - 1.0.1g || 1.0.1h || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-3153}} [http://seclists.org/oss-sec/2014/q2/467 temp link]|| {{Pkg|linux}}, {{pkg|linux-lts}}, {{Pkg|linux-grsec}} || 2014-06-05 || ? || 3.14.6 ({{pkg|linux}}), 3.10.42-1 ({{pkg|linux-lts}}), 3.14.5.201406051310-1 ({{pkg|linux-grsec}})|| 3d ({{pkg|linux}}, {{pkg|linux-lts}}), <1d ({{pkg|linux-grsec}}) || Fixed in {{pkg|linux}} ({{bug|40715}}), Fixed in {{pkg|linux-lts}}, Fixed in {{pkg|linux-grsec}} || None<br />
|-<br />
| {{CVE|CVE-2014-3466}} [https://bugzilla.redhat.com/show_bug.cgi?id=1101932 temp link]|| {{Pkg|gnutls}} || 2014-05-30 || < 3.3.3 || 3.3.3 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0209}} {{CVE|CVE-2014-0210}} {{CVE|CVE-2014-0211}}|| {{Pkg|libxfont}} || 2014-05-13 || < 1.4.18 || 1.4.18 || 3d || Fixed ({{Bug|40409 }}) || None<br />
|-<br />
| {{CVE|CVE-2014-0196}} [https://bugzilla.redhat.com/show_bug.cgi?id=1094232 temp-link] || {{Pkg|linux}}, {{Pkg|linux-lts}}, {{pkg|linux-grsec}} || 2014-05-05 || 2.6.31 - 3.14 || 3.14.3-2 ({{pkg|linux}}), 3.10.39-2 ({{pkg|linux-lts}}), 3.14.3.201405121814-1 ({{pkg|linux-grsec}}) || 7d ({{pkg|linux}}), 8d {{pkg|linux-lts}}, <1d ({{pkg|linux-grsec}}) || Fixed in {{pkg|linux}} ({{Bug|40232}}), Fixed in {{pkg|linux-lts}}, Fixed in {{pkg|linux-grsec}} || None<br />
|-<br />
| {{CVE|CVE-2014-2905}} {{CVE|CVE-2014-2906}} {{CVE|CVE-2014-2914}} [https://bugzilla.redhat.com/show_bug.cgi?id=1092091 temp-link] || {{Pkg|fish}} || 2014-04-28 || 1.16.0 - 2.1.0 || 2.2.1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0160}} || {{Pkg|openssl}} || 2014-04-07 || 1.0.1 - 1.0.1f || 1.0.1g || ~1d || Fixed ({{Bug|39775}}) || None<br />
|-<br />
| {{CVE|CVE-2014-1700}} {{CVE|CVE-2014-1701}} {{CVE|CVE-2014-1702}} {{CVE|CVE-2014-1703}} {{CVE|CVE-2014-1704}} {{CVE|CVE-2014-1705}} {{CVE|CVE-2014-1713}} {{CVE|CVE-2014-1715}} || {{Pkg|chromium}} {{Pkg|v8}} || 2014-03-11 || 32 || 33 || 4d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0098}} {{CVE|CVE-2013-6438}}|| {{Pkg|apache}} || 2014-03-17 || 2.4.8 || 2.4.9 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1492}} || {{Pkg|nss}} || 2014-03-18 || 3.15.5 || 3.16 || 22d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1493}} {{CVE|CVE-2014-1494}} {{CVE|CVE-2014-1497}} {{CVE|CVE-2014-1498}} {{CVE|CVE-2014-1499}} {{CVE|CVE-2014-1500}} {{CVE|CVE-2014-1502}} {{CVE|CVE-2014-1504}} {{CVE|CVE-2014-1505}} {{CVE|CVE-2014-1508}} {{CVE|CVE-2014-1509}} {{CVE|CVE-2014-1510}} {{CVE|CVE-2014-1511}} {{CVE|CVE-2014-1512}} {{CVE|CVE-2014-1513}} {{CVE|CVE-2014-1514}} || {{Pkg|firefox}} {{Pkg|thunderbird}} || 2014-03-18 || 27 || 28 || 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-2240}} {{CVE|CVE-2014-2241}}|| {{Pkg|freetype2}} || ? || 2.5.2 || 2.5.3 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-2029}}|| {{Pkg|xtrabackup}} || 2014-02-16 || 2.1.7 || 2.1.8 || 28d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1958}} {{CVE|CVE-2014-2030}}|| {{Pkg|imagemagick}} || ? || ? || 6.8.8.9-1 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1943}} {{CVE|CVE-2014-2270}}|| {{Pkg|php}} || 2014-03-06 || 5.5.9 || 5.5.110 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0404}} {{CVE|CVE-2014-0406}} {{CVE|CVE-2014-0407}} || {{Pkg|virtualbox}} || 2014-02-28 || 4.3.4 || 4.3.6 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-2323}} {{CVE|CVE-2014-2324}} || {{Pkg|lighttpd}} || 2014-03-12 || 1.4.34 || 1.4.35 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0333}} || {{Pkg|libpng}} || 2014-02-28 || 1.6.9 || 1.6.10 || 9d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0017}} || {{Pkg|libssh}} || 2014-03-04 || ? || 0.5.5-3 || 5d || Fixed || None<br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/628 CVE-2013-7339] || {{Pkg|linux}} || 2014-03-20 || < 3.5.7.29 || 3.5.7.29 || 0d || Fixed || None<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2568 CVE-2014-2568] || {{Pkg|linux}} || 2014-03-18 || ? || ? || ? || Not Affected ({{Bug|39566}}) ||<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2524 CVE-2014-2524] || {{Pkg|tigervnc}} || 2014-03-19 || ? || 1.3.1 || 1d || Fixed || None<br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/595 CVE-2013-7338] || {{Pkg|python}} || 2014-03-19 || 3.4beta || 3.4 || ? || Fixed ({{Bug|39540}}) || None<br />
|-<br />
| [http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html CVE-2014-0133 ] || {{Pkg|nginx}} || 2014-03-18 || ? || 1.4.7 || 0d || Fixed || None<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2013-7336 CVE-2013-7336 ] || {{Pkg|libvirt}} || 2013-09-19 || ? || 1.1.1-7 (in RHEL 7) || 0d || Fixed || None<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2523 CVE-2014-2523 ] || {{Pkg|linux}} || 2014-03-17 || ? || 3.13-rc5 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0004}} || {{Pkg|udisks2}} & {{Pkg|udisks}} || 2014-03-10 || 2.1.3 / 1.0.5 || 2.1.3 / 1.0.5 || 3d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-2281}} {{CVE|CVE-2014-2282}} {{CVE|CVE-2014-2283}} {{CVE|CVE-2014-2299}} || {{Pkg|wireshark-cli}} || 2014-03-10 || 1.10.6 || 1.10.6 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0050}} || {{Pkg|tomcat7}} || 2014-02-06 || 7.0.51 || 7.0.51 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0033}} || {{Pkg|tomcat6}} || 2014-01-10 || 6.0.37 || 6.0.37 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0032}} || {{Pkg|subversion}} || 2014-01-10 || 1.8.6 || 1.8.6 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0060}} {{CVE|CVE-2014-0061}} {{CVE|CVE-2014-0062}} {{CVE|CVE-2014-0063}} {{CVE|CVE-2014-0064}} {{CVE|CVE-2014-0065}} {{CVE|CVE-2014-0066}} {{CVE|CVE-2014-0067}} || {{Pkg|postgresql}} || 2014-02-20 || <=9.3.3 || 9.3.3-1 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1912}} || {{Pkg|python}} {{Pkg|python2}} || 2014-02-07 || ? || 2.7.6-3 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2013-4496}} {{CVE|CVE-2013-6442}} || {{Pkg|samba}} || 2014-03-14 || ? || 4.1.6 || 2d || Fixed ({{Bug|39424}}) || None<br />
|-<br />
| {{CVE|CVE-2014-0504}} || {{Pkg|flashplugin}} || 2014-03-12 || ? || 11.2.202.346 || 1d || Fixed ({{Bug|39385}}) || None<br />
|-<br />
| {{CVE|CVE-2014-0106}} || {{Pkg|sudo}} || || 1.8.9.p5 || 1.8.10 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-2285}} {{CVE|CVE-2014-2284}} || {{Pkg|net-snmp}} || 2014-03-05 || ? || 5.7.2.1-2 || 8d || Fixed ({{Bug|39190}}) || None<br />
|-<br />
| {{CVE|CVE-2014-0092}} || {{Pkg|gnutls}} || 2014-03-04 || <3.2.12 || 3.2.12-1 || 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-2242}} {{CVE|CVE-2014-2243}} {{CVE|CVE-2014-2244}} || {{Pkg|mediawiki}} || 2014-03-14 || <1.22.3 || 1.22.3 || 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-2093}} {{CVE|CVE-2014-2094}} {{CVE|CVE-2014-2095}} {{CVE|CVE-2014-2096}} || {{Pkg|catfish}} || 2014-02-25 || <1.0.1 || 1.0.1 || 8d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0497}} || {{Pkg|flashplugin}} || 2014-02-04 || ? || 11.2.202.346 || 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0015}} || {{Pkg|curl}} || 2014-01-29 || <7.35 || 7.35 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1610}} || {{Pkg|mediawiki}} || 2014-01-29 || <1.22.2 || 1.22.2 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0021}} || {{Pkg|chrony}} || 2014-01-17 || <1.29.1-1 || 1.29.1-1 || 14d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1875}} || {{Pkg|perl-capture-tiny}} || 2014-02-06 || ? || 0.24-1 || 4d || Fixed ({{Bug|38862}}) || None<br />
|-<br />
| {{CVE|CVE-2013-6493}} || {{Pkg|icedtea-web-java7}} || 2014-02-05 || <1.4.2 || 1.4.2 || 0d || Fixed || None<br />
|- <br />
| {{CVE|CVE-2014-1858}} {{CVE|CVE-2014-1859}} || {{Pkg|python-numpy}} || 2014-02-06 || ? || 1.8.0-2 || 4d || Fixed ({{Bug|38863}}) || None<br />
|-<br />
| {{CVE|CVE-2014-1932}} {{CVE|CVE-2014-1933}} || {{Pkg|python-pillow}} || 2014-02-10 || <2.3.1 || 2.3.1 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1935}} || {{Pkg|9base}} || 2014-02-10 || ? || ? || ? || ? ||<br />
|-<br />
| {{CVE|CVE-2014-1949}} [http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-1949.html temp link] || {{Pkg|cinnamon-screensaver}} || 2014-02-12 || 2.0.3 || ? || ? || ? ||<br />
|-<br />
| {{CVE|CVE-2014-1959}} || {{Pkg|gnutls}} || 2014-02-13 || <3.2.11 || 3.2.11 || 2d || Fixed || None<br />
|- <br />
| {{CVE|CVE-2014-1943}} {{CVE|CVE-2014-2270}} || {{Pkg|file}} || 2014-02-10 || <5.17 || 5.17-1 || 3d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0001}} {{CVE|CVE-2014-0412}} {{CVE|CVE-2014-0437}} {{CVE|CVE-2014-0420}} {{CVE|CVE-2014-0393}} {{CVE|CVE-2014-0386}} {{CVE|CVE-2014-0401}} {{CVE|CVE-2014-0402}} || {{Pkg|mariadb}} || 2014-01-31 || <5.5.35 || 5.5.35-1 || 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1447}} || {{Pkg|libvirt}} || 2014-01-16 || <1.2.1 || 1.2.1 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0979}} || lightdm-gtk* || 2014-01-07 || ? || ? || 25d || Fixed ({{Bug|38715}}) || None<br />
|-<br />
| {{CVE|CVE-2014-1475}} {{CVE|CVE-2014-1476}} || {{Pkg|drupal}} || 2014-01-15 || <7.26 || 7.26-1 || 12d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0019}} || {{Pkg|socat}} || 2014-01-29 || <1.7.2.3 || 1.7.2.3 || 0d || Fixed || None<br />
|- <br />
| {{CVE|CVE-2014-1838}} {{CVE|CVE-2014-1839}} || {{Pkg|python-logilab-common}} || 2014-01-31 || ? || ? || 3d || Fixed [https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737051] || None<br />
|-<br />
| {{CVE|CVE-2014-0368}} {{CVE|CVE-2014-0373}} {{CVE|CVE-2014-0376}} {{CVE|CVE-2014-0411}} {{CVE|CVE-2014-0416}} {{CVE|CVE-2014-0422}} {{CVE|CVE-2014-0423}} {{CVE|CVE-2014-0428}} || *-openjdk-* || 2014-01-15 || ? || ? || 2d || ? ||<br />
|-<br />
| {{CVE|CVE-2014-1402}} || {{Pkg|python-jinja}} || 2014-01-10 || <2.7.2 || 2.7.2 || 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2013-6462}} || {{Pkg|libxfont}} || 2014-01-07 || <1.4.7 || 1.4.7 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1235}} || {{Pkg|graphviz}} || 2014-01-07 || <2.36.0 || 2.34.0-3 || 3d || Fixed ({{Bug|38441}}) || None<br />
|-<br />
| {{CVE|CVE-2014-0978}} || {{Pkg|freerdp}} || 2014-01-10 || <1.0.2 || 1.0.2-5 || 67d || Fixed ({{Bug|38802}}) || None<br />
|-<br />
|}</div>
Anthraxx
https://wiki.archlinux.org/index.php?title=Security_Advisories&diff=452434
Security Advisories
2016-09-30T12:25:45Z
<p>Anthraxx: wordpress advisory</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Related articles start}}<br />
{{Related|Arch CVE Monitoring Team}}<br />
{{Related|CVE}}<br />
{{Related|Security Advisories/Examples}}<br />
{{Related articles end}}<br />
<br />
Security Advisories are published by the community driven [[Arch CVE Monitoring Team]] to the public [https://mailman.archlinux.org/mailman/listinfo/arch-security arch-security] list.<br />
All published advisories can be found below, however if you want to be up-to-date its recommended to subscribe to the [https://mailman.archlinux.org/mailman/listinfo/arch-security list]. All assigned CVE's are tracked at the relevant CVE page [[CVE]], by the [[Arch_CVE_Monitoring_Team|ACMT]].<br />
<br />
==Scheduled Advisories==<br />
<br />
==Recent Advisories==<br />
Here is an archive of security advisories posted to the [https://mailman.archlinux.org/mailman/listinfo/arch-security arch-security] list.<br />
<br />
=== September 2016 ===<br />
* [30 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000728.html ASA-201609-32] {{pkg|wordpress}} multiple issues<br />
* [30 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000727.html ASA-201609-31] {{pkg|c-ares}} arbitrary code execution<br />
* [28 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000726.html ASA-201609-30] {{pkg|openssl}} denial of service<br />
* [28 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000725.html ASA-201609-29] {{pkg|bind}} denial of service<br />
* [27 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000724.html ASA-201609-28] {{pkg|lib32-openssl}} denial of service<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000723.html ASA-201609-27] {{pkg|wireshark-cli}} denial of service<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000722.html ASA-201609-26] {{pkg|lib32-gnutls}} certificate verification bypass<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000721.html ASA-201609-25] {{pkg|gnutls}} certificate verification bypass<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000720.html ASA-201609-24] {{pkg|lib32-openssl}} multiple issues<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000719.html ASA-201609-23] {{pkg|openssl}} multiple issues<br />
* [22 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000718.html ASA-201609-22] {{pkg|firefox}} multiple issues<br />
* [22 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000717.html ASA-201609-21] {{pkg|tomcat7}} proxy injection<br />
* [22 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000716.html ASA-201609-20] {{pkg|irssi}} arbitrary code execution<br />
* [20 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000715.html ASA-201609-19] {{pkg|curl}} denial of service<br />
* [20 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000714.html ASA-201609-18] {{pkg|lib32-curl}} denial of service<br />
* [20 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000713.html ASA-201609-17] {{pkg|lib32-jansson}} denial of service<br />
* [18 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000712.html ASA-201609-16] {{pkg|php}} multiple issues<br />
* [17 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000711.html ASA-201609-15] {{pkg|jansson}} denial of service<br />
* [17 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000710.html ASA-201609-14] {{pkg|lib32-libgcrypt}} information disclosure<br />
* [17 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000709.html ASA-201609-13] {{pkg|chromium}} multiple issues<br />
* [15 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000708.html ASA-201609-12] {{pkg|lib32-flashplugin}} multiple issues<br />
* [15 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000707.html ASA-201609-11] {{pkg|flashplugin}} multiple issues<br />
* [14 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000706.html ASA-201609-10] {{pkg|mariadb}} multiple issues<br />
* [13 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000705.html ASA-201609-9] {{pkg|powerdns}} denial of service<br />
* [13 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000704.html ASA-201609-8] {{pkg|libtorrent-rasterbar}} denial of service<br />
* [10 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000703.html ASA-201609-7] {{pkg|tomcat8}} proxy injection<br />
* [09 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000702.html ASA-201609-6] {{pkg|graphicsmagick}} multiple issues<br />
* [09 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000701.html ASA-201609-5] {{pkg|file-roller}} directory traversal<br />
* [09 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000700.html ASA-201609-4] {{pkg|wordpress}} multiple issues<br />
* [04 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000699.html ASA-201609-3] {{pkg|thunderbird}} arbitrary code execution<br />
* [01 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000698.html ASA-201609-2] {{pkg|webkit2gtk}} multiple issues<br />
* [01 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000697.html ASA-201609-1] {{pkg|chromium}} multiple issues<br />
<br />
=== August 2016 ===<br />
* [30 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000696.html ASA-201608-22] {{pkg|mupdf}} arbitrary code execution<br />
* [30 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000695.html ASA-201608-21] {{pkg|mupdf}} arbitrary code execution<br />
* [27 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000694.html ASA-201608-20] {{pkg|wireshark-cli}} denial of service<br />
* [26 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000693.html ASA-201608-19] {{pkg|mediawiki}} multiple issues<br />
* [22 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000692.html ASA-201608-18] {{pkg|libgcrypt}} information disclosure<br />
* [21 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000691.html ASA-201608-17] {{pkg|linux-lts}} information disclosure<br />
* [17 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000690.html ASA-201608-16] {{pkg|chromium}} multiple issues<br />
* [17 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000689.html ASA-201608-15] {{pkg|linux-zen}} information disclosure<br />
* [14 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000688.html ASA-201608-14] {{pkg|postgresql}} multiple issues<br />
* [14 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000687.html ASA-201608-13] {{pkg|linux-grsec}} information disclosure<br />
* [14 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000686.html ASA-201608-12] {{pkg|linux}} information disclosure<br />
* [11 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000685.html ASA-201608-11] {{pkg|websvn}} cross-site scripting<br />
* [10 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000684.html ASA-201608-10] {{pkg|jq}} arbitrary code execution<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000683.html ASA-201608-9] {{pkg|curl}} multiple issues<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000682.html ASA-201608-8] {{pkg|libupnp}} arbitrary filesystem access<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000681.html ASA-201608-7] {{pkg|lib32-glibc}} denial of service<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000680.html ASA-201608-6] {{pkg|glibc}} denial of service<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000679.html ASA-201608-5] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000678.html ASA-201608-4] {{pkg|jre7-openjdk}} multiple issues<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000677.html ASA-201608-3] {{pkg|jdk7-openjdk}} multiple issues<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000676.html ASA-201608-2] {{pkg|firefox}} multiple issues<br />
* [02 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000675.html ASA-201608-1] {{pkg|openssh}} information leakage<br />
<br />
=== July 2016 ===<br />
* [30 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000674.html ASA-201607-14] {{pkg|libidn}} denial of service<br />
* [29 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000673.html ASA-201607-13] {{pkg|imagemagick}} information leakage<br />
* [24 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000672.html ASA-201607-12] {{pkg|chromium}} multiple issues<br />
* [22 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000671.html ASA-201607-11] {{pkg|python2-django}} cross site scripting<br />
* [22 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000670.html ASA-201607-10] {{pkg|python-django}} cross site scripting<br />
* [21 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000669.html ASA-201607-9] {{pkg|drupal}} proxy injection<br />
* [20 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000668.html ASA-201607-8] {{pkg|bind}} denial of service<br />
* [18 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000667.html ASA-201607-7] {{pkg|lib32-flashplugin}} multiple issues<br />
* [18 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000666.html ASA-201607-6] {{pkg|flashplugin}} multiple issues<br />
* [17 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000665.html ASA-201607-5] {{pkg|gimp}} arbitrary code execution<br />
* [10 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000664.html ASA-201607-4] {{pkg|thunderbird}} arbitrary code execution<br />
* [05 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000663.html ASA-201607-3] {{pkg|libreoffice-fresh}} arbitrary code execution<br />
* [05 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000662.html ASA-201607-2] {{pkg|xerces-c}} denial of service<br />
* [05 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000661.html ASA-201607-1] {{pkg|libarchive}} arbitrary code execution<br />
<br />
=== June 2016 ===<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000660.html ASA-201606-25] {{pkg|phpmyadmin}} multiple issues<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000659.html ASA-201606-24] {{pkg|libpurple}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000658.html ASA-201606-23] {{pkg|libdwarf}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000657.html ASA-201606-22] {{pkg|xerces-c}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000656.html ASA-201606-21] {{pkg|vlc}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000655.html ASA-201606-20] {{pkg|chromium}} arbitrary code execution<br />
* [20 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000654.html ASA-201606-19] {{pkg|wget}} arbitrary file upload<br />
* [20 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000653.html ASA-201606-18] {{pkg|lib32-flashplugin}} multiple issues<br />
* [19 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000652.html ASA-201606-17] {{pkg|lib32-glibc}} denial of service<br />
* [19 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000651.html ASA-201606-16] {{pkg|glibc}} denial of service<br />
* [19 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000650.html ASA-201606-15] {{pkg|flashplugin}} multiple issues<br />
* [13 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000649.html ASA-201606-14] {{pkg|lib32-expat}} multiple issues<br />
* [13 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000648.html ASA-201606-13] {{pkg|expat}} multiple issues<br />
* [10 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000647.html ASA-201606-12] {{pkg|lib32-gnutls}} arbitrary file overwrite<br />
* [10 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000646.html ASA-201606-11] {{pkg|haproxy}} denial of service<br />
* [10 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000645.html ASA-201606-10] {{pkg|gnutls}} arbitrary file overwrite<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000644.html ASA-201606-9] {{pkg|qemu-arch-extra}} multiple issues<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000643.html ASA-201606-8] {{pkg|qemu}} multiple issues<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000642.html ASA-201606-7] {{pkg|firefox}} multiple issues<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000641.html ASA-201606-6] {{pkg|subversion}} multiple issues<br />
* [5 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000640.html ASA-201606-5] {{pkg|chromium}} multiple issues<br />
* [4 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000639.html ASA-201606-4] {{pkg|ntp}} distributed denial of service amplification<br />
* [4 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000638.html ASA-201606-3] {{pkg|webkit2gtk}} arbitrary code execution<br />
* [1 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000637.html ASA-201606-2] {{pkg|nginx-mainline}} denial of service<br />
* [1 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000636.html ASA-201606-1] {{pkg|nginx}} denial of service<br />
<br />
=== May 2016 ===<br />
<br />
* [28 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000635.html ASA-201605-28] {{pkg|chromium}} multiple issues<br />
* [26 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000634.html ASA-201605-27] {{pkg|libxml2}} multiple issues<br />
* [24 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000633.html ASA-201605-26] {{pkg|libndp}} man-in-the-middle<br />
* [19 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000632.html ASA-201605-25] {{pkg|bugzilla}} cross-site scripting<br />
* [18 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000631.html ASA-201605-24] {{pkg|p7zip}} arbitrary code execution<br />
* [18 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000630.html ASA-201605-23] {{pkg|lib32-expat}} arbitrary code execution<br />
* [18 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000629.html ASA-201605-22] {{pkg|expat}} arbitrary code execution<br />
* [15 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000628.html ASA-201605-21] {{pkg|thunderbird}} arbitrary code execution<br />
* [13 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000627.html ASA-201605-20] {{pkg|lib32-glibc}} multiple issues<br />
* [13 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000626.html ASA-201605-19] {{pkg|glibc}} multiple issues<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000625.html ASA-201605-18] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000624.html ASA-201605-17] {{pkg|libksba}} denial of service<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000623.html ASA-201605-16] {{pkg|flashplugin}} arbitrary code execution<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000622.html ASA-201605-15] {{pkg|chromium}} multiple issues<br />
* [10 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000621.html ASA-201605-14] {{pkg|cacti}} sql injection<br />
* [10 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000620.html ASA-201605-13] {{pkg|squid}} multiple issues<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000619.html ASA-201605-12] {{pkg|mencoder}} denial of service<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000618.html ASA-201605-11] {{pkg|mplayer}} denial of service<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000617.html ASA-201605-10] {{pkg|mercurial}} arbitrary code execution<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000616.html ASA-201605-9] {{pkg|latex2rtf}} arbitrary code execution<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000615.html ASA-201605-8] {{pkg|gd}} arbitrary code execution<br />
* [05 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000614.html ASA-201605-7] {{pkg|chromium}} multiple issues<br />
* [05 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000613.html ASA-201605-6] {{pkg|imagemagick}} arbitrary code execution<br />
* [05 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000612.html ASA-201605-5] {{pkg|quassel-core}} denial of service<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000611.html ASA-201605-4] {{pkg|lib32-openssl}} multiple issues<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000610.html ASA-201605-3] {{pkg|openssl}} multiple issues<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000609.html ASA-201605-2] {{pkg|jasper}} multiple issues<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000608.html ASA-201605-1] {{pkg|imlib2}} multiple issues<br />
<br />
=== April 2016 ===<br />
<br />
* [30 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000607.html ASA-201604-15] {{pkg|firefox}} multiple issues<br />
* [23 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000606.html ASA-201604-14] {{pkg|squid}} multiple issues<br />
* [23 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000605.html ASA-201604-13] {{pkg|samba}} multiple issues<br />
* [23 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000604.html ASA-201604-12] {{pkg|thunderbird}} multiple issues<br />
* [22 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000603.html ASA-201604-11] {{pkg|pgpdump}} denial of service<br />
* [17 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000602.html ASA-201604-10] {{pkg|chromium}} multiple issues<br />
* [17 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000601.html ASA-201604-9] {{pkg|libtasn1}} denial of service<br />
* [14 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000600.html ASA-201604-8] {{pkg|lhasa}} arbitrary code execution<br />
* [10 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000599.html ASA-201604-7] {{pkg|flashplugin}} arbitrary code execution<br />
* [06 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000598.html ASA-201604-6] {{pkg|mercurial}} arbitrary code execution<br />
* [04 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000597.html ASA-201604-5] {{pkg|optipng}} arbitrary code execution<br />
* [02 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000596.html ASA-201604-4] {{pkg|squid}} denial of service<br />
* [01 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000595.html ASA-201604-3] {{pkg|jre7-openjdk-headless}} sandbox escape<br />
* [01 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000594.html ASA-201604-2] {{pkg|jre7-openjdk}} sandbox escape<br />
* [01 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000593.html ASA-201604-1] {{pkg|jdk7-openjdk}} sandbox escape<br />
<br />
=== March 2016 ===<br />
<br />
* [29 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000592.html ASA-201603-27] {{pkg|jre8-openjdk-headless}} sandbox escape<br />
* [29 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000591.html ASA-201603-26] {{pkg|jre8-openjdk}} sandbox escape<br />
* [29 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000590.html ASA-201603-25] {{pkg|jdk8-openjdk}} sandbox escape<br />
* [26 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000589.html ASA-201603-24] {{pkg|chromium}} multiple issues<br />
* [24 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000588.html ASA-201603-23] {{pkg|expat}} arbitrary code execution<br />
* [24 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000587.html ASA-201603-22] {{pkg|botan}} multiple issues<br />
* [20 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000586.html ASA-201603-21] {{pkg|thunderbird}} multiple issues<br />
* [20 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000585.html ASA-201603-20] {{pkg|git}} remote command execution<br />
* [14 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000584.html ASA-201603-19] {{pkg|dropbear}} command injection<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000583.html ASA-201603-18] {{pkg|pcre}} arbitrary code execution<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000582.html ASA-201603-17] {{pkg|wireshark-gtk}} denial of service<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000581.html ASA-201603-16] {{pkg|wireshark-qt}} denial of service<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000580.html ASA-201603-15] {{pkg|wireshark-cli}} denial of service<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000579.html ASA-201603-14] {{pkg|pidgin-otr}} arbitrary code execution<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000578.html ASA-201603-13] {{pkg|bind}} denial of service<br />
* [11 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000577.html ASA-201603-12] {{pkg|openssh}} command injection<br />
* [11 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000576.html ASA-201603-11] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [11 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000575.html ASA-201603-10] {{pkg|flashplugin}} arbitrary code execution<br />
* [10 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000574.html ASA-201603-9] {{pkg|perl}} improper input validation<br />
* [10 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000573.html ASA-201603-8] {{pkg|exim}} privilege escalation<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000572.html ASA-201603-7] {{pkg|bind}} denial of service<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000571.html ASA-201603-6] {{pkg|libotr}} arbitrary code execution<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000570.html ASA-201603-5] {{pkg|chromium}} multiple issues<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000569.html ASA-201603-4] {{pkg|firefox}} multiple issues<br />
* [7 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000568.html ASA-201603-3] {{pkg|lib32-openssl}} multiple issues<br />
* [7 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000567.html ASA-201603-2] {{pkg|openssl}} multiple issues<br />
* [3 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000566.html ASA-201603-1] {{pkg|chromium}} multiple issues<br />
<br />
=== February 2016 ===<br />
<br />
* [28 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000565.html ASA-201602-24] {{pkg|cacti}} SQL injection<br />
* [28 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000564.html ASA-201602-23] {{pkg|lib32-glibc}} unbound stack usage<br />
* [28 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000563.html ASA-201602-22] {{pkg|glibc}} unbound stack usage<br />
* [25 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000562.html ASA-201602-21] {{pkg|lib32-libssh2}} man-in-the-middle<br />
* [25 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000561.html ASA-201602-20] {{pkg|libssh2}} man-in-the-middle<br />
* [24 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000560.html ASA-201602-19] {{pkg|libgcrypt}} secret key extraction<br />
* [23 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000559.html ASA-201602-18] {{pkg|libssh}} man-in-the-middle<br />
* [21 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000558.html ASA-201602-17] {{pkg|chromium}} multiple issues<br />
* [21 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000557.html ASA-201602-16] {{pkg|thunderbird}} multiple issues<br />
* [17 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000555.html ASA-201602-15] {{pkg|lib32-glibc}} multiple issues<br />
* [17 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000554.html ASA-201602-14] {{pkg|glibc}} multiple issues<br />
* [13 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000553.html ASA-201602-13] {{pkg|nghttp2}} denial of service<br />
* [13 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000552.html ASA-201602-12] {{pkg|firefox}} same-origin policy bypass<br />
* [10 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000551.html ASA-201602-11] {{pkg|botan}} multiple issues<br />
* [10 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000550.html ASA-201602-10] {{pkg|kscreenlocker}} access restriction bypass<br />
* [6 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000549.html ASA-201602-9] {{pkg|lib32-libsndfile}} multiple issues<br />
* [6 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000548.html ASA-201602-8] {{pkg|libsndfile}} multiple issues<br />
* [4 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000547.html ASA-201602-7] {{pkg|libbsd}} denial of service<br />
* [3 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000546.html ASA-201602-6] {{pkg|lib32-nettle}} improper cryptographic calculations<br />
* [3 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000545.html ASA-201602-5] {{pkg|nettle}} improper cryptographic calculations<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000544.html ASA-201602-4] {{pkg|lib32-curl}} man-in-the-middle<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000543.html ASA-201602-3] {{pkg|curl}} man-in-the-middle<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000542.html ASA-201602-2] {{pkg|python2-django}} permission bypass<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000540.html ASA-201602-1] {{pkg|python-django}} permission bypass<br />
<br />
=== January 2016 ===<br />
* [29 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000539.html ASA-201601-33] {{pkg|lib32-openssl}} man-in-the-middle<br />
* [29 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000538.html ASA-201601-32] {{pkg|openssl}} man-in-the-middle<br />
* [27 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000536.html ASA-201601-31] {{pkg|nginx}} denial of service<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000535.html ASA-201601-30] {{pkg|blueman}} privilege escalation<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000534.html ASA-201601-29] {{pkg|mbedtls}} man-in-the-middle<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000533.html ASA-201601-28] {{pkg|chromium}} multiple issues<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000532.html ASA-201601-27] {{pkg|privoxy}} denial of service<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000531.html ASA-201601-26] {{pkg|linux-lts}} privilege escalation<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000530.html ASA-201601-25] {{pkg|ecryptfs-utils}} privilege escalation<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000529.html ASA-201601-24] {{pkg|python2-rsa}} signature forgery<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000528.html ASA-201601-23] {{pkg|python-rsa}} signature forgery<br />
* [21 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000527.html ASA-201601-22] {{pkg|libdwarf}} denial of service<br />
* [21 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000526.html ASA-201601-21] {{pkg|bind}} denial of service<br />
* [20 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000525.html ASA-201601-20] {{pkg|linux}} privilege escalation<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000524.html ASA-201601-19] {{pkg|ntp}} time alteration<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000523.html ASA-201601-18] {{pkg|roundcubemail}} remote code execution<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000522.html ASA-201601-17] {{pkg|ffmpeg}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000521.html ASA-201601-16] {{pkg|syncthing}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000520.html ASA-201601-15] {{pkg|keybase}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000519.html ASA-201601-14] {{pkg|hub}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000518.html ASA-201601-13] {{pkg|go-ipfs}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000517.html ASA-201601-12] {{pkg|docker}} information leakage<br />
* [16 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000516.html ASA-201601-11] {{pkg|go}} information leakage<br />
* [14 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000515.html ASA-201601-10] {{pkg|php}} multiple issues<br />
* [14 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000512.html ASA-201601-9] {{pkg|openssh}} multiple issues<br />
* [13 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000487.html ASA-201601-8] {{pkg|libxslt}} denial of service<br />
* [11 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000486.html ASA-201601-7] {{pkg|dhcpcd}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000485.html ASA-201601-6] {{pkg|wireshark-qt}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000484.html ASA-201601-5] {{pkg|wireshark-gtk}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000483.html ASA-201601-4] {{pkg|wireshark-cli}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000482.html ASA-201601-3] {{pkg|gajim}} man-in-the-middle<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000481.html ASA-201601-2] {{pkg|wordpress}} cross-side scripting<br />
* [02 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000480.html ASA-201601-1] {{pkg|rtmpdump}} multiple issues<br />
<br />
=== December 2015 ===<br />
<br />
* [28 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000479.html ASA-201512-19] {{pkg|openvpn}} out-of-bound read<br />
* [28 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000478.html ASA-201512-18] {{pkg|libpng}} buffer overflow<br />
* [28 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000477.html ASA-201512-17] {{pkg|flashplugin}}, {{pkg|lib32-flashplugin}} multiple issues<br />
* [25 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000476.html ASA-201512-16] {{pkg|nghttp2}} use-after-free<br />
* [25 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000475.html ASA-201512-15] {{pkg|mediawiki}} multiple issues<br />
* [25 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000474.html ASA-201512-14] {{pkg|thunderbird}} multiple issues<br />
* [22 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000473.html ASA-201512-13] {{pkg|claws-mail}} buffer overflow<br />
* [17 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000472.html ASA-201512-12] {{pkg|python2-pyamf}} XML external entity injection<br />
* [17 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000471.html ASA-201512-11] {{pkg|ruby}} unsafe tainted string usage<br />
* [16 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000468.html ASA-201512-10] {{pkg|bind}} denial of service<br />
* [15 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000467.html ASA-201512-9] {{pkg|firefox}} multiple issues<br />
* [10 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000466.html ASA-201512-8] {{pkg|keepassx}} information disclosure<br />
* [09 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000465.html ASA-201512-7] {{pkg|flashplugin}} multiple issues<br />
* [09 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000464.html ASA-201512-6] {{pkg|libxml2}} multiple issues<br />
* [09 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000463.html ASA-201512-5] {{pkg|chromium}} multiple issues<br />
* [05 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000462.html ASA-201512-4] {{pkg|nodejs}} denial of service<br />
* [05 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000460.html ASA-201512-3] {{pkg|python-django}} {{pkg|python2-django}} information leakage<br />
* [05 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000459.html ASA-201512-2] {{pkg|openssl}} {{pkg|lib32-openssl}} multiple issues<br />
* [02 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000440.html ASA-201512-1] {{pkg|chromium}} multiple issues<br />
<br />
=== November 2015 ===<br />
<br />
* [18 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000439.html ASA-201511-11] {{pkg|jenkins}} multiple issues<br />
* [17 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000438.html ASA-201511-10] {{pkg|lib32-libpng}} multiple issues<br />
* [17 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000437.html ASA-201511-9] {{pkg|libpng}} multiple issues<br />
* [13 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000436.html ASA-201511-8] {{pkg|chromium}} information leakage<br />
* [12 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000435.html ASA-201511-7] {{pkg|putty}} arbitrary code execution<br />
* [12 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000434.html ASA-201511-6] {{pkg|powerdns}} denial of service<br />
* [11 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000433.html ASA-201511-5] {{pkg|flashplugin}} multiple issues<br />
* [06 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000432.html ASA-201511-4] {{pkg|nspr}} arbitrary code execution<br />
* [06 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000431.html ASA-201511-3] {{pkg|nss}} arbitrary code execution<br />
* [04 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000430.html ASA-201511-2] {{pkg|firefox}} multiple issues<br />
* [03 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000429.html ASA-201511-1] {{pkg|unzip}} multiple issues<br />
<br />
=== October 2015 ===<br />
<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000428.html ASA-201510-26] {{pkg|mariadb}} denial of service<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000427.html ASA-201510-25] {{pkg|lldpd}} denial of service<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000426.html ASA-201510-24] {{pkg|wordpress}} multiple issues<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000425.html ASA-201510-23] {{pkg|phpmyadmin}} content spoofing<br />
* [27 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000424.html ASA-201510-22] {{pkg|vorbis-tools}} denial of service<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000423.html ASA-201510-21] {{pkg|drupal}} open redirect<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000422.html ASA-201510-20] {{pkg|jre8-openjdk-headless}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000421.html ASA-201510-19] {{pkg|jre8-openjdk}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000420.html ASA-201510-18] {{pkg|jdk8-openjdk}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000419.html ASA-201510-17] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000418.html ASA-201510-16] {{pkg|jre7-openjdk}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000417.html ASA-201510-15] {{pkg|jdk7-openjdk}} multiple issues<br />
* [22 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000416.html ASA-201510-14] {{pkg|ntp}} multiple issues<br />
* [19 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000415.html ASA-201510-13] {{pkg|spice}} multiple issues<br />
* [18 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000414.html ASA-201510-12] {{pkg|flashplugin}} arbitrary code execution<br />
* [18 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000413.html ASA-201510-11] {{pkg|miniupnpc}} arbitrary code execution<br />
* [16 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000412.html ASA-201510-10] {{pkg|firefox}} cross-origin restriction bypass<br />
* [15 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000411.html ASA-201510-9] {{pkg|mbedtls}} arbitrary code execution<br />
* [14 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000410.html ASA-201510-8] {{pkg|chromium}} multiple issues<br />
* [14 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000409.html ASA-201510-7] {{pkg|flashplugin}} multiple issues<br />
* [10 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000408.html ASA-201510-6] {{pkg|gdk-pixbuf2}} multiple issues<br />
* [08 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000407.html ASA-201510-5] {{pkg|opensmtpd}} multiple issues<br />
* [08 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000406.html ASA-201510-4] {{pkg|bugzilla}} unauthorized account creation<br />
* [05 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000405.html ASA-201510-3] {{pkg|nodejs}} denial of service<br />
* [05 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000404.html ASA-201510-2] {{pkg|hostapd}} denial of service<br />
* [05 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000403.html ASA-201510-1] {{pkg|libunwind}} denial of service<br />
<br />
=== September 2015 ===<br />
* [28 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000401.html ASA-201509-11] {{pkg|chromium}} cross-origin bypass<br />
* [25 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000400.html ASA-201509-10] {{pkg|rpcbind}} denial of service<br />
* [23 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000399.html ASA-201509-9] {{pkg|firefox}} multiple issues<br />
* [22 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000398.html ASA-201509-8] {{pkg|flashplugin}} multiple issues<br />
* [21 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000397.html ASA-201509-7] {{pkg|wordpress}} multiple issues<br />
* [13 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000395.html ASA-201509-6] {{pkg|icedtea-web}} multiple issues<br />
* [13 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000394.html ASA-201509-5] {{pkg|libvdpau}} {{pkg|lib32-libvdpau}} multiple issues<br />
* [13 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000393.html ASA-201509-4] {{pkg|openldap}} denial of service<br />
* [07 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000392.html ASA-201509-3] {{pkg|powerdns}} denial of service<br />
* [03 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000391.html ASA-201509-2] {{pkg|bind}} denial of service<br />
* [02 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000390.html ASA-201509-1] {{pkg|chromium}} multiple issues<br />
<br />
=== August 2015 ===<br />
* [28 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000389.html ASA-201508-12] {{pkg|firefox}} multiple issues<br />
* [26 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000388.html ASA-201508-11] {{pkg|pcre}} arbitrary code execution<br />
* [26 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000387.html ASA-201508-10] {{pkg|jasper}} denial of service<br />
* [25 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000386.html ASA-201508-9] {{pkg|django}} denial of service<br />
* [25 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000385.html ASA-201508-8] {{pkg|gnutls}} denial of service<br />
* [16 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000384.html ASA-201508-7] {{pkg|glibc}} denial of service<br />
* [14 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000383.html ASA-201508-6] {{pkg|freeradius}} insufficient CRL validation<br />
* [14 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000382.html ASA-201508-5] {{pkg|subversion}} authentication bypass<br />
* [12 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000381.html ASA-201508-4] {{pkg|firefox}} multiple issues<br />
* [11 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000380.html ASA-201508-3] {{pkg|ppp}} denial of service<br />
* [07 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000379.html ASA-201508-2] {{pkg|wordpress}} multiple issues<br />
* [07 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000378.html ASA-201508-1] {{pkg|firefox}} information leakage<br />
<br />
=== July 2015 ===<br />
* [29 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000377.html ASA-201507-23] {{pkg|pacman}} silent downgrade<br />
* [29 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000376.html ASA-201507-22] {{pkg|bind}} denial of service<br />
* [29 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000375.html ASA-201507-21] {{pkg|qemu}} multiple issues<br />
* [24 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000374.html ASA-201507-20] {{pkg|crypto++}} private key recovery<br />
* [24 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000373.html ASA-201507-19] {{pkg|libuser}} privilege escalation<br />
* [23 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000371.html ASA-201507-18] {{pkg|chromium}} multiple issues<br />
* [23 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000372.html ASA-201507-17] {{pkg|openssh}} authentication limits bypass<br />
* [22 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000370.html ASA-201507-16] {{pkg|jre7-openjdk}} multiple issues<br />
* [17 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000369.html ASA-201507-15] {{pkg|apache}} multiple issues<br />
* [16 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000368.html ASA-201507-14] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [16 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000367.html ASA-201507-13] {{pkg|flashplugin}} arbitrary code execution<br />
* [13 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000366.html ASA-201507-12] {{pkg|lib32-openssl}} man-in-the-middle<br />
* [12 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000365.html ASA-201507-11] {{pkg|lib32-krb5}} multiple issues<br />
* [12 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000364.html ASA-201507-10] {{pkg|krb5}} multiple issues<br />
* [11 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000363.html ASA-201507-9] {{pkg|thunderbird}} multiple issues<br />
* [09 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000362.html ASA-201507-8] {{pkg|openssl}} man-in-the-middle<br />
* [08 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000361.html ASA-201507-7] {{pkg|flashplugin}} remote code execution<br />
* [07 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000360.html ASA-201507-6] {{pkg|bind}} denial of service<br />
* [07 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000359.html ASA-201507-5] {{pkg|ntp}} denial of service<br />
* [04 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000358.html ASA-201507-4] {{pkg|openssh}} XSECURITY restrictions bypass<br />
* [04 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000357.html ASA-201507-3] {{pkg|haproxy}} information leakage<br />
* [03 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000356.html ASA-201507-2] {{pkg|firefox}} remote code execution<br />
* [03 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000355.html ASA-201507-1] {{pkg|wesnoth}} information leakage<br />
<br />
=== June 2015 ===<br />
* [24 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000346.html ASA-201506-5] {{pkg|flashplugin}} remote code execution<br />
* [22 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000345.html ASA-201506-4] {{pkg|curl}} information leakage<br />
* [12 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000344.html ASA-201506-3] {{pkg|openssl}} multiple issues<br />
* [10 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000343.html ASA-201506-2] {{pkg|cups}} multiple issues<br />
* [01 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000342.html ASA-201506-1] {{pkg|pcre}} buffer overflow<br />
<br />
=== May 2015 ===<br />
* [28 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000341.html ASA-201505-20] {{pkg|curl}} information leakage<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000340.html ASA-201505-19] {{pkg|webkitgtk2}} man-in-the-middle<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000339.html ASA-201505-18] {{pkg|webkitgtk}} man-in-the-middle<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000338.html ASA-201505-17] {{pkg|postgresql}} multiple issues<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000337.html ASA-201505-16] {{pkg|pgbouncer}} denial of service<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000336.html ASA-201505-15] {{pkg|nbd}} denial of service<br />
* [21 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000335.html ASA-201505-14] {{pkg|chromium}} multiple issues<br />
* [18 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000332.html ASA-201505-13] {{pkg|thunderbird}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000331.html ASA-201505-12] {{pkg|wireshark-gtk}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000330.html ASA-201505-11] {{pkg|wireshark-qt}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000329.html ASA-201505-10] {{pkg|wireshark-cli}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000328.html ASA-201505-9] {{pkg|qemu}} arbitrary code execution<br />
* [13 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000321.html ASA-201505-8] {{pkg|tomcat6}} denial of service<br />
* [13 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000320.html ASA-201505-7] {{pkg|firefox}} multiple issues<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000319.html ASA-201505-6] {{pkg|docker}} multiple issues<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000318.html ASA-201505-5] {{pkg|libtasn1}} arbitrary code execution<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000317.html ASA-201505-4] {{pkg|mariadb-clients}} multiple issues<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000316.html ASA-201505-3] {{pkg|mariadb}} multiple issues<br />
* [03 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000315.html ASA-201505-2] {{pkg|clamav}} multiple issues<br />
* [01 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000314.html ASA-201505-1] {{pkg|squid}} weak certificate validation<br />
<br />
=== Apr 2015 ===<br />
* [30 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000313.html ASA-201504-32] {{pkg|perl-xml-libxml}} xml external entity injection<br />
* [29 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000312.html ASA-201504-31] {{pkg|dovecot}} denial of service<br />
* [29 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000311.html ASA-201504-30] {{pkg|chromium}} multiple issues<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000310.html ASA-201504-29] {{pkg|wpa_supplicant}} arbitrary code execution<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000309.html ASA-201504-28] {{pkg|curl}} multiple issues<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000308.html ASA-201504-27] {{pkg|powerdns-recursor}} denial of service<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000307.html ASA-201504-26] {{pkg|powerdns}} denial of service<br />
* [23 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000305.html ASA-201504-25] {{pkg|glibc}} arbitrary code execution<br />
* [22 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000304.html ASA-201504-24] {{pkg|firefox}} arbitrary code execution<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000302.html ASA-201504-23] {{pkg|jre8-openjdk-headless}} multiple issues<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000301.html ASA-201504-22] {{pkg|jre8-openjdk}} multiple issues<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000300.html ASA-201504-21] {{pkg|jdk8-openjdk}} multiple issues<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000299.html ASA-201504-20] {{pkg|tcpdump}} denial of service<br />
* [18 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000298.html ASA-201504-19] {{pkg|chromium}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000297.html ASA-201504-18] {{pkg|flashplugin}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000296.html ASA-201504-17] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000295.html ASA-201504-16] {{pkg|jre7-openjdk}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000294.html ASA-201504-15] {{pkg|jdk7-openjdk}} multiple issues<br />
* [15 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000291.html ASA-201504-14] {{pkg|php}} multiple issues<br />
* [14 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000282.html ASA-201504-13] {{pkg|ruby}} permissive certificate matching<br />
* [11 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000281.html ASA-201504-12] {{pkg|icecast}} denial of service<br />
* [10 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000280.html ASA-201504-11] {{pkg|mediawiki}} multiple issues<br />
* [09 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000279.html ASA-201504-10] {{pkg|libssh2}} out-of-bounds read<br />
* [08 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000278.html ASA-201504-9] {{pkg|chrony}} denial of service<br />
* [08 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000275.html ASA-201504-8] {{pkg|ntp}} multiple issues<br />
* [07 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000274.html ASA-201504-7] {{pkg|tor}} multiple issues<br />
* [04 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000272.html ASA-201504-6] {{pkg|thunderbird}} multiple issues<br />
* [04 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000273.html ASA-201504-5] {{pkg|java-batik}} xml external entity injection<br />
* [04 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000271.html ASA-201504-4] {{pkg|firefox}} certificate verification bypass<br />
* [03 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000270.html ASA-201504-3] {{pkg|libtasn1}} stack overflow<br />
* [02 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000269.html ASA-201504-2] {{pkg|chromium}} remote code execution<br />
* [01 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000268.html ASA-201504-1] {{pkg|firefox}} multiple issues<br />
<br />
=== Mar 2015 ===<br />
* [31 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000267.html ASA-201503-26] {{pkg|musl}} arbitrary code execution<br />
* [28 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000266.html ASA-201503-25] {{pkg|php}} zip integer overflow<br />
* [25 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000265.html ASA-201503-24] {{pkg|vorbis-tools}} denial of service<br />
* [24 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000264.html ASA-201503-23] {{pkg|util-linux}} command injection<br />
* [23 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000263.html ASA-201503-22] {{pkg|cpio}} directory traversal<br />
* [21 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000262.html ASA-201503-21] {{pkg|firefox}} multiple issues<br />
* [20 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000261.html ASA-201503-20] {{pkg|tcpdump}} multiple issues<br />
* [20 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000260.html ASA-201503-19] {{pkg|xerces-c}} denial of service<br />
* [20 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000259.html ASA-201503-18] {{pkg|drupal}} multiple issues<br />
* [19 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000258.html ASA-201503-17] {{pkg|lib32-openssl}} multiple issues<br />
* [19 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000257.html ASA-201503-16] {{pkg|openssl}} multiple issues<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000256.html ASA-201503-15] {{pkg|libxfont}} multiple issues<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000255.html ASA-201503-14] {{pkg|ecryptfs-utils}} hard-coded passphrase salt<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000254.html ASA-201503-13] {{pkg|ettercap-gtk}} multiple issues<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000253.html ASA-201503-12] {{pkg|ettercap}} multiple issues<br />
* [16 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000252.html ASA-201503-11] {{pkg|flashplugin}} multiple issues<br />
* [16 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000251.html ASA-201503-10] {{pkg|librsync}} checksum collision<br />
* [15 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000250.html ASA-201503-9] {{pkg|unzip}} arbitrary code execution<br />
* [12 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000249.html ASA-201503-8] {{pkg|e2fsprogs}} arbitrary code execution<br />
* [11 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000248.html ASA-201503-7] {{pkg|python2-django}} {{pkg|python-django}} cross site scripting<br />
* [09 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000247.html ASA-201503-6] {{pkg|mutt}} denial of service<br />
* [05 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000245.html ASA-201503-5] {{pkg|chromium}} multiple issues<br />
* [05 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000244.html ASA-201503-4] {{pkg|grep}} denial of service<br />
* [02 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000243.html ASA-201503-3] {{pkg|lib32-elfutils}} directory traversal<br />
* [02 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000242.html ASA-201503-2] {{pkg|elfutils}} directory traversal<br />
* [02 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000241.html ASA-201503-1] {{pkg|putty}} information disclosure<br />
<br />
=== Feb 2015 ===<br />
* [25 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000238.html ASA-201502-15] {{pkg|thunderbird}} multiple issues<br />
* [25 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000237.html ASA-201502-14] {{pkg|firefox}} multiple issues<br />
* [23 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000236.html ASA-201502-13] {{pkg|samba}} arbitrary code execution<br />
* [17 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000235.html ASA-201502-12] {{pkg|krb5}} multiple issues<br />
* [11 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000234.html ASA-201502-11] {{pkg|xorg-server}} information leak and denial of service<br />
* [10 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000233.html ASA-201502-10] {{pkg|dbus}} denial of service<br />
* [09 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000232.html ASA-201502-9] {{pkg|pigz}} remote write to arbitrary file<br />
* [09 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000231.html ASA-201502-8] {{pkg|glibc}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000230.html ASA-201502-7] {{pkg|ntp}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000229.html ASA-201502-6] {{pkg|clamav}} arbitrary code execution<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000228.html ASA-201502-5] {{pkg|chromium}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000227.html ASA-201502-4] {{pkg|postgresql}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000226.html ASA-201502-3] {{pkg|mantisbt}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000225.html ASA-201502-2] {{pkg|flashplugin}} remote code execution<br />
* [03 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000224.html ASA-201502-1] {{pkg|privoxy}} denial of service<br />
<br />
=== Jan 2015 ===<br />
* [28 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000223.html ASA-201501-24] {{pkg|patch}} multiple issues<br />
* [27 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000222.html ASA-201501-23] {{pkg|jasper}} arbitrary code execution<br />
* [26 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000220.html ASA-201501-22] {{pkg|flashplugin}} multiple issues<br />
* [25 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000219.html ASA-201501-21] {{pkg|chromium}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000218.html ASA-201501-20] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000217.html ASA-201501-19] {{pkg|jre7-openjdk}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000216.html ASA-201501-18] {{pkg|jdk7-openjdk}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000215.html ASA-201501-17] {{pkg|php}} remote code execution<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000212.html ASA-201501-16] {{pkg|jre8-openjdk-headless}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000211.html ASA-201501-15] {{pkg|jre8-openjdk}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000210.html ASA-201501-14] {{pkg|jdk8-openjdk}} multiple issues<br />
* [20 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000209.html ASA-201501-13] {{pkg|polarssl}} remote code execution<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000208.html ASA-201501-12] {{pkg|libssh}} denial of service<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000207.html ASA-201501-11] {{pkg|tinyproxy}} denial of service<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000206.html ASA-201501-10] {{pkg|samba}} privilege elevation<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000205.html ASA-201501-9] {{pkg|curl}} url request injection<br />
* [15 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000204.html ASA-201501-8] {{pkg|flashplugin}} multiple issues<br />
* [14 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000203.html ASA-201501-7] {{pkg|thunderbird}} multiple issues<br />
* [14 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000202.html ASA-201501-6] {{pkg|firefox}} multiple issues<br />
* [14 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000201.html ASA-201501-5] {{pkg|cpio}} heap buffer overflow<br />
* [13 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000200.html ASA-201501-4] {{pkg|libevent}} heap overflow<br />
* [10 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000199.html ASA-201501-3] {{pkg|unzip}} arbitrary code execution<br />
* [09 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000198.html ASA-201501-2] {{pkg|openssl}} multiple issues<br />
* [07 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000192.html ASA-201501-1] {{pkg|imagemagick}} multiple issues<br />
<br />
=== Dec 2014 ===<br />
* [22 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000189.html ASA-201412-24] {{pkg|ntp}} multiple issues<br />
* [18 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000183.html ASA-201412-23] {{pkg|php}} use after free<br />
* [18 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000182.html ASA-201412-22] {{pkg|jasper}} arbitrary code execution<br />
* [18 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000181.html ASA-201412-21] {{pkg|glibc}} arbitrary code execution<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000178.html ASA-201412-20] {{pkg|unrtf}} arbitrary code execution<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000177.html ASA-201412-19] {{pkg|dokuwiki}} cross-site scripting<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000176.html ASA-201412-18] {{pkg|nss}} signature forgery<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000175.html ASA-201412-17] {{pkg|subversion}} denial of service<br />
* [15 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000174.html ASA-201412-16] {{pkg|docker}} multiple issues<br />
* [15 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000173.html ASA-201412-15] {{pkg|python2}} multiple issues<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000172.html ASA-201412-14] {{pkg|xorg-server}} multiple issues<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000171.html ASA-201412-13] {{pkg|flashplugin}} multiple issues<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000170.html ASA-201412-12] {{pkg|nvidia}} arbitrary code execution<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000169.html ASA-201412-11] {{pkg|nvidia-340xx}} arbitrary code execution<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000168.html ASA-201412-10] {{pkg|nvidia-304xx}} arbitrary code execution<br />
* [09 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000167.html ASA-201412-9] {{pkg|powerdns-recursor}} denial of service<br />
* [09 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000166.html ASA-201412-8] {{pkg|unbound}} denial of service<br />
* [08 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000165.html ASA-201412-7] {{pkg|bind}} denial of service<br />
* [08 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000164.html ASA-201412-6] {{pkg|mantisbt}} multiple issues<br />
* [04 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000163.html ASA-201412-5] {{pkg|antiword}} buffer overflow<br />
* [03 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000162.html ASA-201412-4] {{pkg|graphviz}} format string vulnerability<br />
* [03 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000161.html ASA-201412-3] {{pkg|firefox}} multiple issues<br />
* [02 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000160.html ASA-201412-2] {{pkg|openvpn}} denial of service<br />
* [01 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000159.html ASA-201412-1] {{pkg|gnupg}} denial of service<br />
<br />
=== Nov 2014 ===<br />
* [28 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000156.html ASA-201411-31] {{pkg|libksba}} denial of service<br />
* [28 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000157.html ASA-201411-32] {{pkg|icecast}} information leak<br />
* [28 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000158.html ASA-201411-33] {{pkg|libjpeg-turbo}} denial of service <br />
* [26 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000155.html ASA-201411-30] {{pkg|flac}} arbitrary code execution<br />
* [26 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000154.html ASA-201411-29] {{pkg|pcre}} heap buffer overflow<br />
* [23 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000153.html ASA-201411-28] {{pkg|dbus}} denial of service<br />
* [21 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000152.html ASA-201411-27] {{pkg|glibc}} command execution<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000151.html ASA-201411-26] {{pkg|chromium}} multiple issues<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000150.html ASA-201411-25] {{pkg|drupal}} session hijacking and denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000149.html ASA-201411-24] {{pkg|wireshark-qt}} denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000148.html ASA-201411-23] {{pkg|wireshark-gtk}} denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000147.html ASA-201411-22] {{pkg|wireshark-cli}} denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000146.html ASA-201411-21] {{pkg|clamav}} denial of service<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000145.html ASA-201411-20] {{pkg|avr-binutils}} multiple issues<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000144.html ASA-201411-19] {{pkg|mingw-w64-binutils}} multiple issues<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000143.html ASA-201411-18] {{pkg|arm-none-eabi-binutils}} multiple issues<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000142.html ASA-201411-17] {{pkg|binutils}} multiple issues<br />
* [17 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000141.html ASA-201411-16] {{pkg|ruby}} denial of service<br />
* [17 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000140.html ASA-201411-15] {{pkg|linux-lts}} local denial of service, privilege escalation<br />
* [17 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000139.html ASA-201411-14] {{pkg|linux}} local denial of service, privilege escalation<br />
* [13 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000138.html ASA-201411-13] {{pkg|php}} denial of service<br />
* [13 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000137.html ASA-201411-12] {{pkg|imagemagick}} denial of service<br />
* [13 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000136.html ASA-201411-11] {{pkg|flashplugin}} remote code execution<br />
* [12 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000135.html ASA-201411-10] {{pkg|gnutls}} out-of-bounds memory write<br />
* [12 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000134.html ASA-201411-9] {{pkg|file}} denial of service through out-of-bounds read<br />
* [12 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000133.html ASA-201411-8] {{pkg|mantisbt}} arbitrary code execution and unrestricted access<br />
* [11 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000132.html ASA-201411-7] {{pkg|curl}} out-of-bounds read<br />
* [10 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000131.html ASA-201411-6] {{pkg|kdebase-workspace}} local privilege escalation<br />
* [09 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000130.html ASA-201411-5] {{pkg|konversation}} denial of service<br />
* [06 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000129.html ASA-201411-4] {{pkg|polarssl}} multiple issues<br />
* [05 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000128.html ASA-201411-3] {{pkg|mantisbt}} sql injection<br />
* [03 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000127.html ASA-201411-2] {{pkg|aircrack-ng}} multiple vulnerabilities<br />
* [01 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000126.html ASA-201411-1] {{pkg|tnftp}} arbitrary command execution<br />
<br />
=== Oct 2014 ===<br />
<br />
* [29 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000125.html ASA-201410-14] {{pkg|wget}} arbitrary filesystem access<br />
* [27 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000124.html ASA-201410-13] {{pkg|ejabberd}} circumvention of encryption<br />
* [24 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000123.html ASA-201410-12] {{pkg|libxml2}} Denial of service<br />
* [24 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000122.html ASA-201410-11] {{pkg|ctags}} Denial of service<br />
* [23 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000121.html ASA-201410-10] {{pkg|libvncserver}} Remote code execution and Remote DoS<br />
* [22 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000120.html ASA-201410-9] {{pkg|libpurple}} Remote DoS and Information leakage<br />
* [20 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000119.html ASA-201410-8] {{pkg|wpa_supplicant}}, {{pkg|hostapd}} Arbitrary command execution<br />
* [16 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000118.html ASA-201410-7] {{pkg|drupal}} SQL Injection<br />
* [16 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000117.html ASA-201410-6] {{pkg|openssl}} Memory leak and poodle mitigation<br />
* [15 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000116.html ASA-201410-4] {{pkg|zeromq}} Man-in-the-middle downgrade and replay attack<br />
* [8 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000115.html ASA-201410-5] {{pkg|rsyslog}} Denial of service<br />
* [4 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000114.html ASA-201410-3] {{pkg|mediawiki}} Cross-site Scripting (XSS) and UI redressing<br />
* [2 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000113.html ASA-201410-2] {{pkg|jenkins}} Multiple issues<br />
* [1 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000112.html ASA-201410-1] {{pkg|rsyslog}} Remote denial of service<br />
<br />
=== Sep 2014 ===<br />
<br />
* [29 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000111.html ASA-201409-5] {{pkg|libvirt}} Out-of-bounds read access<br />
* [29 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000109.html ASA-201409-4] {{pkg|mediawiki}} Cross-site Scripting (XSS)<br />
* [26 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000102.html ASA-201409-3] {{pkg|python2}} Information leakage through integer overflow<br />
* [26 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000099.html ASA-201409-2] {{pkg|bash}} Remote code execution<br />
* [25 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000097.html ASA-201409-1] {{pkg|nss}} Signature forgery attack<br />
<br />
==Publishing a new advisory==<br />
<br />
We try to always wait for the vulnerability to have been fixed in the corresponding package before issuing an advisory.<br />
In case of an extremely critical vulnerability,<br />
we may issue an advisory before the package has been fixed, but only if a work-around exists. <br />
<br />
If you want to publish a new advisory, please check that:<br />
* the corresponding Arch Linux package is really vulnerable ;<br />
* the tracking [[Arch_CVE_Monitoring_Team#Procedure|Procedure]] has been completed;<br />
* no Arch Linux Security Advisory for this vulnerability has been published yet ;<br />
* no upcoming Security Advisory for this vulnerability has been claimed in the "[[#Scheduled Advisories|Scheduled Advisories]]" list of this page, as it would mean that someone is already working on an advisory ;<br />
* the current maintainer has been notified, either by flagging the package ouf-of-date if an upstream release fixing the issue exists and/or by creating a new [https://bugs.archlinux.org/ bug-tracker] entry (see the exact procedure [[Arch_CVE_Monitoring_Team#Procedure|here]]).<br />
<br />
You may then:<br />
* add a line in the "[[#Scheduled Advisories|Scheduled Advisories]]" list of this page, indicating that you are going to publish an advisory soon ;<br />
* use the following template as an example to write the advisory ;<br />
* ensure that every line in the advisory is properly wrapped after 72 characters<br />
* send the advisory to the [https://mailman.archlinux.org/mailman/listinfo/arch-security arch-security] mailing-list (note that it would be nice if you could send a PGP-signed e-mail, but it is not required).<br />
* move the published advisory from "[[#Scheduled Advisories|Scheduled Advisories]]" to "[[#Recent Advisories|Recent Advisories]]"<br />
* adapt the [[CVE#Documented_CVE.27s|CVE]] tracking page for the fixed package and add a link to the appropriate ASA.<br />
<br />
===Templates===<br />
<br />
{{bc|<nowiki><br />
Subject:<br />
[ASA-<YYYYMM-N>] <Package>: <Vulnerability Type><br />
<br />
Body:<br />
Arch Linux Security Advisory ASA-YYYYMM-N<br />
=========================================<br />
<br />
Severity: Low, Medium, High, Critical<br />
Date : YYYY-MM-DD<br />
CVE-ID : <CVE-ID><br />
Package : <package><br />
Type : <Vulnerability Type><br />
Remote : <Yes/No><br />
Link : https://wiki.archlinux.org/index.php/CVE<br />
<br />
Summary<br />
=======<br />
<br />
The package <package> before version <Arch Linux fixed version> is vulnerable to <Vulnerability type>.<br />
<br />
Resolution<br />
==========<br />
<br />
Upgrade to <Arch Linux fixed version>.<br />
<br />
# pacman -Syu "<package>>=<Arch Linux fixed version>"<br />
<br />
The problem has been fixed upstream in version <upstream fixed version>.<br />
<br />
Workaround<br />
==========<br />
<br />
<Is there a way to mitigate this vulnerability without upgrading?><br />
<br />
Description<br />
===========<br />
<br />
<Long description, for example from original advisory>.<br />
<br />
Impact<br />
======<br />
<br />
<<br />
What is it that an attacker can do? Does this need existing<br />
pre-conditions to be exploited (valid credentials, physical access)?<br />
Is this remotely exploitable?<br />
>.<br />
<br />
References<br />
==========<br />
<br />
<CVE-Link><br />
<Upstream report><br />
<Arch Linux Bug-Tracker><br />
</nowiki>}}<br />
<br />
===Vim-Snippet===<br />
<br />
Vim-Snippet for vim-ultisnips plugin for easy completing the archlinux template. Just install {{pkg|vim-ultisnips}} and copy the text below in your {{ic|~/.vim/UltiSnips/all.snippets}} you can jump through the tabstops with {{ic|CTRL+j}}.<br />
<br />
{{bc|<nowiki><br />
snippet archsec "arch security form" <br />
Arch Linux Security Advisory ASA-`date -I -u | egrep -o '[0-9]{4}'``date -I -u | egrep -o '[0-9]{2}' | sed '3q;d'`-${1}<br />
========================================${1/./=/g} <br />
<br />
Severity: ${2} <br />
Date : `date -I -u` <br />
CVE-ID : $3 <br />
Package : $4 <br />
Type : $5<br />
Remote : ${6} <br />
Link : https://wiki.archlinux.org/index.php/CVE <br />
<br />
Summary<br />
=======<br />
<br />
The package $4 before version $7 is vulnerable to $5 ${8} <br />
<br />
Resolution<br />
==========<br />
<br />
Upgrade to $7.<br />
<br />
# pacman -Syu "$4>=$7" <br />
<br />
${9:The problems have been fixed upstream in version ${7/-\d+$/./}} <br />
<br />
Workaround<br />
========== <br />
<br />
${10:None.} <br />
<br />
Description <br />
=========== <br />
<br />
${3/(CVE-....-....)(\s?)/- $1(?2: : )()\n\n/g} <br />
<br />
Impact<br />
====== <br />
<br />
A${6/(Yes)|(No)/(?1: remote )(?2: local )/}attacker is able to ${12} <br />
<br />
References<br />
========== <br />
<br />
${3/(CVE-....-....)(\s?)/https:\/\/access.redhat.com\/security\/cve\/$1\n/g}<br />
${13}<br />
endsnippet<br />
<br />
</nowiki>}}</div>
Anthraxx
https://wiki.archlinux.org/index.php?title=CVE&diff=452321
CVE
2016-09-28T12:39:07Z
<p>Anthraxx: /* Documented CVE's */ adding openssl advisory</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Related articles start}}<br />
{{Related|Arch CVE Monitoring Team}}<br />
{{Related|Security Advisories}}<br />
{{Related|Security Advisories/Examples}}<br />
{{Related articles end}}<br />
This article documents [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's) that are found and fixed in Arch Linux. <br />
<br />
== Introduction ==<br />
<br />
CVE's represent critical security vulnerabilities which must be addressed as quickly as possible. <br />
<br />
Once a CVE has been located and fixed, it is added to the CVE documentation table below.<br />
<br />
== Helping ==<br />
<br />
This is a community driven project. Please consider joining the [[Arch CVE Monitoring Team]]. <br />
<br />
Also, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch security mailing list]. There is an IRC on irc://irc.freenode.net/archlinux-security.<br />
<br />
== Procedure ==<br />
<br />
When adding a CVE to the table, add it to the TOP of the table. Use Wiki markup to create links in the "CVE-ID", "Package", and "Status" columns. The following template may be used to ease the process of adding CVE entries into the table. The first line, "|-" represents the creation of a new row in the table, while the second line should be modified per CVE:<br />
<br />
{{hc|CVE Table Addition Template|<nowiki><br />
|-<br />
| {{CVE|CVE-2016-????}} || {{Pkg|pkgname}} || Disclosure date || Affected versions || Fixed in version || Arch Linux response time || Status(Fixed|Pending|Invalid) (Bug reports) || {{ASA|ASA-??????-??}}<br />
</nowiki>}}<br />
<br />
{{Note|<br />
* If the CVE is not found in [http://nvd.nist.gov/home.cfm NVD], just include a link to different database in the first column: {{ic|<nowiki>[http://link.to.cve CVE-2014-????]</nowiki>}}<br />
* The "Disclosure date" field should be expressed in [[Wikipedia:ISO 8601|ISO 8601 format]] to avoid any confusion. Example: 2014-03-22.<br />
* The "Arch Linux response time" field corresponds to the time between the public release of a vulnerability and the date the package update fixing the vulnerability is made available in the official stable repositories. The "Time really vulnerable" is potentially much lengthier but is harder to estimate.<br />
}}<br />
<br />
The above "CVE-template" should be added after the line:<br />
<br />
{{bc|<nowiki>! scope="col" width="125px" data-sort-type="text" | CVE-ID !! Package !! Disclosure date !! Affected versions !! Fixed in version !! Arch Linux response time !! Status (and related bug reports) !! ASA-ID</nowiki>}}<br />
<br />
== Response time ==<br />
<br />
The response time is the time taken to get a fixed package to the stable repositories.<br />
<br />
== Documented CVE's ==<br />
<br />
{{Note|Refer to the [[#Procedure]] section when adding new entries.}}<br />
<br />
{| class="wikitable sortable" style="margin: 1em auto 1em auto; text-align: center;" width="100%"<br />
! height="50px" colspan="8" style="font-size: 125%;"| '''TRACKED CVE's'''<br />
|-<br />
! scope="col" width="130px" data-sort-type="text" | CVE-ID !! Package !! Disclosure date !! Affected versions !! Fixed in Arch Linux package version !! Arch Linux response time !! Status (and related bug reports) !! ASA-ID<br />
|- <br />
| {{CVE|CVE-2016-2776}} [https://kb.isc.org/article/AA-01419/0] || {{pkg|bind}} || 2016-07-27 || <= 9.10.4.P2-1 || 9.10.4.P3-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000725.html ASA-201607-29]<br />
|-<br />
| {{CVE|CVE-2016-7052}} [https://www.openssl.org/news/secadv/20160926.txt] || {{pkg|lib32-openssl}} || 2016-09-26 || <= 1:1.0.2.i-1 || 1:1.0.2.j-1 || || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000724.html ASA-201609-28]<br />
|- <br />
| {{CVE|CVE-2016-7052}} [https://www.openssl.org/news/secadv/20160926.txt] || {{pkg|openssl}} || 2016-09-26 || <= 1.0.2.i-1 || 1.0.2.j-1 || || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000726.html ASA-201609-30]<br />
|- <br />
| {{CVE|CVE-2016-6309}} [https://www.openssl.org/news/secadv/20160926.txt] || {{pkg|lib32-openssl}} || 2016-09-26 || <= 1:1.0.2.i-1 || || || Not Affected || None<br />
|- <br />
| {{CVE|CVE-2016-6309}} [https://www.openssl.org/news/secadv/20160926.txt] || {{pkg|openssl}} || 2016-09-26 || <= 1.0.2.i-1 || || || Not Affected || None<br />
|- <br />
| {{CVE|CVE-2016-2177}} {{CVE|CVE-2016-2178}} {{CVE|CVE-2016-2179}} {{CVE|CVE-2016-2180}} {{CVE|CVE-2016-2181}} {{CVE|CVE-2016-2182}} {{CVE|CVE-2016-2183}} {{CVE|CVE-2016-6302}} {{CVE|CVE-2016-6303}} {{CVE|CVE-2016-6304}} {{CVE|CVE-2016-6306}} [http://eprint.iacr.org/2016/594] [https://www.openssl.org/news/secadv/20160922.txt] || {{pkg|openssl}} || 2016-09-22 || <= 1.0.2.h-1 || 1.0.2.i-1 || <1d || Fixed ({{bug|49616}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000719.html ASA-201609-23]<br />
|- <br />
| {{CVE|CVE-2016-2177}} {{CVE|CVE-2016-2178}} {{CVE|CVE-2016-2179}} {{CVE|CVE-2016-2180}} {{CVE|CVE-2016-2181}} {{CVE|CVE-2016-2182}} {{CVE|CVE-2016-2183}} {{CVE|CVE-2016-6302}} {{CVE|CVE-2016-6303}} {{CVE|CVE-2016-6304}} {{CVE|CVE-2016-6306}} [http://eprint.iacr.org/2016/594] [https://www.openssl.org/news/secadv/20160922.txt] || {{pkg|lib32-openssl}} || 2016-09-22 || <= 1:1.0.2.h-1 || 1:1.0.2.i-1 || <1d || Fixed ({{bug|49616}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000720.html ASA-201609-24]<br />
|- <br />
| {{CVE|CVE-2016-7044}} {{CVE|CVE-2016-7045}} [https://irssi.org/security/irssi_sa_2016.txt] || {{pkg|irssi}} || 2016-09-21 || <= 0.8.19-2 || 0.8.20-1 || || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000716.html ASA-201609-20]<br />
|- <br />
| {{CVE|CVE-2016-5270}} {{CVE|CVE-2016-5271}} {{CVE|CVE-2016-5272}} {{CVE|CVE-2016-5273}} {{CVE|CVE-2016-5276}} {{CVE|CVE-2016-5274}} {{CVE|CVE-2016-5277}} {{CVE|CVE-2016-5275}} {{CVE|CVE-2016-5278}} {{CVE|CVE-2016-5279}} {{CVE|CVE-2016-5280}} {{CVE|CVE-2016-5281}} {{CVE|CVE-2016-5282}} {{CVE|CVE-2016-5283}} {{CVE|CVE-2016-5284}} {{CVE|CVE-2016-5256}} {{CVE|CVE-2016-5257}} [https://www.mozilla.org/en-US/security/advisories/mfsa2016-85/] || {{pkg|firefox}} || 2016-09-13 || <= 48.0.2-1 || 49.0-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000718.html ASA-201609-22]<br />
|- <br />
| {{CVE|CVE-2016-5388}} || {{pkg|tomcat7}} || 2016-09-18 || <= 7.0.70-1 || 7.0.72-1 || || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000717.html ASA-201609-21]<br />
|- <br />
| {{CVE|CVE-2016-7420}} [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7420] || {{pkg|crypto++}} || 2016-09-18 || <= 5.6.4-2 || || || '''Vulnerable''' || <br />
|- <br />
| {{CVE|CVE-2016-7444}} [http://seclists.org/oss-sec/2016/q3/545] [https://www.gnutls.org/security.html#GNUTLS-SA-2016-3] || {{pkg|gnutls}} || 2016-09-08 || <= 3.4.14-1 || 3.4.15-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000721.html ASA-201609-25]<br />
|- <br />
| {{CVE|CVE-2016-7444}} [http://seclists.org/oss-sec/2016/q3/545] [https://www.gnutls.org/security.html#GNUTLS-SA-2016-3] || {{pkg|lib32-gnutls}} || 2016-09-08 || <= 3.4.14-1 || 3.4.15-1 || 13d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000722.html ASA-201609-26]<br />
|- <br />
| {{CVE|CVE-2016-5170}} {{CVE|CVE-2016-5171}} {{CVE|CVE-2016-5172}} {{CVE|CVE-2016-5173}} {{CVE|CVE-2016-5174}} {{CVE|CVE-2016-5175}} [https://googlechromereleases.blogspot.fr/2016/09/stable-channel-update-for-desktop_13.html] || {{pkg|chromium}} || 2016-09-13 || <= 53.0.2785.101-1 || 53.0.2785.116-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000709.html ASA-201609-13]<br />
|- <br />
| {{CVE|CVE-2016-7412}} {{CVE|CVE-2016-7413}} {{CVE|CVE-2016-7414}} {{CVE|CVE-2016-7416}} {{CVE|CVE-2016-7417}} {{CVE|CVE-2016-7418}} [http://www.openwall.com/lists/oss-security/2016/09/15/10] || {{pkg|php}} || 2016-09-15 || <= 7.0.10-1 || 7.0.11-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000712.html ASA-201609-16]<br />
|- <br />
| {{CVE|CVE-2016-6352}} [https://bugzilla.redhat.com/show_bug.cgi?id=1349751] || {{pkg|lib32-gdk-pixbuf2}} || 2016-08-31 || <= 2.34.0-1 || || || '''Vulnerable''' ||<br />
|- <br />
| {{CVE|CVE-2016-6352}} [https://bugzilla.redhat.com/show_bug.cgi?id=1349751] || {{pkg|gdk-pixbuf2}} || 2016-08-31 || <= 2.34.0-2 || || || '''Vulnerable''' ||<br />
|- <br />
| {{CVE|CVE-2016-7167}} [https://curl.haxx.se/docs/adv_20160914.html] || {{pkg|curl}} || 2016-09-14 || <= 7.50.2-1 || 7.50.3-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000715.html ASA-201609-19]<br />
|- <br />
| {{CVE|CVE-2016-7167}} [https://curl.haxx.se/docs/adv_20160914.html] || {{pkg|lib32-curl}} || 2016-09-14 || <= 7.50.0-1 || 7.50.3-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000714.html ASA-201609-18]<br />
|- <br />
| {{CVE|CVE-2016-4271}} {{CVE|CVE-2016-4272}} {{CVE|CVE-2016-4274}} {{CVE|CVE-2016-4275}} {{CVE|CVE-2016-4276}} {{CVE|CVE-2016-4277}} {{CVE|CVE-2016-4278}} {{CVE|CVE-2016-4279}} {{CVE|CVE-2016-4280}} {{CVE|CVE-2016-4281}} {{CVE|CVE-2016-4282}} {{CVE|CVE-2016-4283}} {{CVE|CVE-2016-4284}} {{CVE|CVE-2016-4285}} {{CVE|CVE-2016-4287}} {{CVE|CVE-2016-6921}} {{CVE|CVE-2016-6922}} {{CVE|CVE-2016-6923}} {{CVE|CVE-2016-6924}} {{CVE|CVE-2016-6925}} {{CVE|CVE-2016-6926}} {{CVE|CVE-2016-6927}} {{CVE|CVE-2016-6929}} {{CVE|CVE-2016-6930}} {{CVE|CVE-2016-6931}} {{CVE|CVE-2016-6932}} [https://helpx.adobe.com/security/products/flash-player/apsb16-29.html] || {{pkg|flashplugin}} {{pkg|lib32-flashplugin}} || 2016-09-13 || <= 11.2.202.632-1 || 11.2.202.635-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000707.html ASA-201609-11] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000708.html ASA-201609-12]<br />
|- <br />
| {{CVE|CVE-2016-6662}} {{CVE|CVE-2016-6663}} [https://mariadb.org/mariadb-server-versions-remote-root-code-execution-vulnerability-cve-2016-6662/] [https://jira.mariadb.org/browse/MDEV-10465] [http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html] || {{Pkg|mariadb}} || 2016-09-13 || <= 10.1.16-2 || 10.1.17-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000706.html ASA-201609-10]<br />
|-<br />
| {{CVE|CVE-2016-7180}} {{CVE|CVE-2016-7175}} {{CVE|CVE-2016-7176}} {{CVE|CVE-2016-7177}} {{CVE|CVE-2016-7178}} {{CVE|CVE-2016-7179}} [https://www.wireshark.org/security/wnpa-sec-2016-50.html] [https://www.wireshark.org/security/wnpa-sec-2016-51.html] [https://www.wireshark.org/security/wnpa-sec-2016-52.html] [https://www.wireshark.org/security/wnpa-sec-2016-53.html] [https://www.wireshark.org/security/wnpa-sec-2016-54.html] [https://www.wireshark.org/security/wnpa-sec-2016-55.html] || {{pkg|wireshark-cli}} || 2016-09-09 || <= 2.0.5-1 || 2.2.0-1 || 15d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000723.html ASA-201609-27]<br />
|- <br />
| {{CVE|CVE-2016-5388}} [https://www.apache.org/security/asf-httpoxy-response.txt] || {{pkg|tomcat8}} || 2016-07-18 || <= 8.0.36-1 || 8.0.37-1 || 52d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000703.html ASA-201609-7] <br />
|-<br />
| {{CVE|CVE-2016-7164}} [http://ftp.gnome.org/mirror/gnome.org/sources/file-roller/3.20/file-roller-3.20.3.news] || {{pkg|file-roller}} || 2016-09-08 || <= 3.20.2-1 || 3.20.3-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000701.html ASA-201609-5]<br />
|-<br />
| {{CVE|CVE-2016-5426}} {{CVE|CVE-2016-5427}} [http://seclists.org/oss-sec/2016/q3/464] [https://doc.powerdns.com/md/security/powerdns-advisory-2016-01/] || {{pkg|powerdns}} || 2016-09-08 || 3.4.9-1 || 4.0.1-3 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000705.html ASA-201609-9]<br />
|-<br />
| {{CVE|CVE-2016-7164}} [http://seclists.org/oss-sec/2016/q3/443] || {{pkg|libtorrent-rasterbar}} || 2016-09-08 || <= 1:1.1-3 || 1:1.1.1-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000704.html ASA-201609-8]<br />
|-<br />
| {{CVE|CVE-2016-7141}} [https://curl.haxx.se/docs/adv_20160907.html] || {{pkg|curl}} || 2016-09-07 || N/A || N/A || - || Not Affected || None<br />
|-<br />
| {{CVE|CVE-2016-2835}} {{CVE|CVE-2016-2836}} [https://www.mozilla.org/en-US/security/advisories/mfsa2016-62/] || {{pkg|thunderbird}} || 2016-08-30 || <= 45.2.0-2 || 45.3.0-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000699.html ASA-201609-3]<br />
|-<br />
| {{CVE|CVE-2016-7134}} {{CVE|CVE-2016-7133}} {{CVE|CVE-2016-7132}} {{CVE|CVE-2016-7131}} {{CVE|CVE-2016-7130}} {{CVE|CVE-2016-7129}} {{CVE|CVE-2016-7128}} {{CVE|CVE-2016-7127}} {{CVE|CVE-2016-7126}} {{CVE|CVE-2016-7125}} {{CVE|CVE-2016-7124}} [http://www.openwall.com/lists/oss-security/2016/09/02/9] || {{pkg|php}} || 2016-09-03 || <= 7.0.10-1 || 7.0.11-1 || || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-5147}} {{CVE|CVE-2016-5148}} {{CVE|CVE-2016-5149}} {{CVE|CVE-2016-5150}} {{CVE|CVE-2016-5151}} {{CVE|CVE-2016-5152}} {{CVE|CVE-2016-5153}} {{CVE|CVE-2016-5154}} {{CVE|CVE-2016-5155}} {{CVE|CVE-2016-5156}} {{CVE|CVE-2016-5157}} {{CVE|CVE-2016-5158}} {{CVE|CVE-2016-5159}} {{CVE|CVE-2016-5160}} {{CVE|CVE-2016-5161}} {{CVE|CVE-2016-5162}} {{CVE|CVE-2016-5163}} {{CVE|CVE-2016-5164}} {{CVE|CVE-2016-5165}} {{CVE|CVE-2016-5166}} {{CVE|CVE-2016-5167}} [https://googlechromereleases.blogspot.fr/2016/08/stable-channel-update-for-desktop_31.html] || {{pkg|chromium}} || 2016-08-31 || <= 52.0.2743.116-1 || 53.0.2785.89-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000697.html ASA-201609-1]<br />
|-<br />
| {{CVE|CVE-2016-6525}} [http://bugs.ghostscript.com/show_bug.cgi?id=696954] || {{Pkg|mupdf}} || 2016-07-19 || <= 1.9a-4 || 1.9a-5 || 1d || Fixed ([https://bugs.archlinux.org/task/50590 FS#50590 ]) || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000696.html ASA-201608-22] <br />
|-<br />
| {{CVE|CVE-2016-6265}} [http://bugs.ghostscript.com/show_bug.cgi?id=696941] || {{Pkg|mupdf}} || 2016-07-19 || <= 1.9a-3 || 1.9a-4 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000695.html ASA-201608-21] <br />
|-<br />
| {{CVE|CVE-2016-4590}} {{CVE|CVE-2016-4591}} {{CVE|CVE-2016-4622}} {{CVE|CVE-2016-4624}} [https://webkitgtk.org/2016/08/24/webkitgtk2.12.4-released.html] [https://webkitgtk.org/security/WSA-2016-0005.html] || {{pkg|webkit2gtk}} || 2016-08-24 || <= 2.12.3-1 || 2.12.4-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000698.html ASA-201609-2]<br />
|-<br />
| {{CVE|CVE-2016-6331}} {{CVE|CVE-2016-6332}} {{CVE|CVE-2016-6333}} {{CVE|CVE-2016-6334}} {{CVE|CVE-2016-6335}} {{CVE|CVE-2016-6336}} {{CVE|CVE-2016-6337}} [https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html] || {{pkg|mediawiki}} || 2016-08-23 || <= 1.27.0-1 || 1.27.1-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000693.html ASA-201608-19] <br />
|-<br />
| {{CVE|CVE-2016-6313}} [https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html] || {{pkg|lib32-libgcrypt}} || 2016-08-17 || <= 1.7.2-1 || 1.7.3-1 || 31d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000710.html ASA-201609-14]<br />
|-<br />
| {{CVE|CVE-2016-6313}} [https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html] || {{pkg|libgcrypt}} || 2016-08-17 || <= 1.7.2-1 || 1.7.3-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000692.html ASA-201608-18]<br />
|-<br />
| {{CVE|CVE-2016-5423}} {{CVE|CVE-2016-5424}} [https://www.postgresql.org/about/news/1688/] || {{pkg|postgresql}} {{pkg|postgresql-libs}} || 2016-08-11 || <= 9.5.3-1 || 9.5.4-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000688.html ASA-201608-14]<br />
|-<br />
| {{CVE|CVE-2016-5696}} [http://seclists.org/oss-sec/2016/q3/44] [https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=75ff39ccc1bd5d3c455b6822ab09e533c551f758] || {{pkg|linux}} || 2016-07-12 || <= 4.6.4-1 || 4.7-1 || 31d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000686.html ASA-201608-12]<br />
|-<br />
| {{CVE|CVE-2016-5696}} [http://seclists.org/oss-sec/2016/q3/44] [https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=75ff39ccc1bd5d3c455b6822ab09e533c551f758] || {{pkg|linux-grsec}} || 2016-07-12 || <= 4.6.5.201607312210-1 || 4.7.201608131240-1 || 33d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000687.html ASA-201608-13]<br />
|-<br />
| {{CVE|CVE-2016-5696}} [http://seclists.org/oss-sec/2016/q3/44] [https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=75ff39ccc1bd5d3c455b6822ab09e533c551f758] || {{pkg|linux-lts}} || 2016-07-12 || <= 4.4.16-1 || 4.4.19-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000691.html ASA-201608-17]<br />
|-<br />
| {{CVE|CVE-2016-5696}} [http://seclists.org/oss-sec/2016/q3/44] [https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=75ff39ccc1bd5d3c455b6822ab09e533c551f758] || {{pkg|linux-zen}} || 2016-07-12 || <= 4.6.5-1 || 4.7-1 || 35d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000689.html ASA-201608-15]<br />
|-<br />
| {{CVE|CVE-2016-5139}} {{CVE|CVE-2016-5140}} {{CVE|CVE-2016-5141}} {{CVE|CVE-2016-5142}} {{CVE|CVE-2016-5143}} {{CVE|CVE-2016-5144}} {{CVE|CVE-2016-5145}} {{CVE|CVE-2016-5146}} [https://googlechromereleases.blogspot.fr/2016/08/stable-channel-update-for-desktop.html] || {{pkg|chromium}} || 2016-08-03 || <= 52.0.2743.85-2 || 52.0.2743.116-1 || 14d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000690.html ASA-201608-16]<br />
|-<br />
| {{CVE|CVE-2016-6255}} || {{pkg|libupnp}} || 2016-08-08 || <= 1.6.19-1 || 1.6.20-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000682.html ASA-201608-8]<br />
|-<br />
| {{CVE|CVE-2016-3075}} {{CVE|CVE-2016-5417}} [https://sourceware.org/bugzilla/show_bug.cgi?id=19879] [https://sourceware.org/bugzilla/show_bug.cgi?id=19257] || {{pkg|glibc}} {{pkg|lib32-glibc}} || 2016-08-02 || <= 2.23-5 || 2.24-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000680.html ASA-201608-6] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000681.html ASA-201608-7]<br />
|-<br />
| {{CVE|CVE-2016-3458}} {{CVE|CVE-2016-3500}} {{CVE|CVE-2016-3508}} {{CVE|CVE-2016-3550}} {{CVE|CVE-2016-3598}} {{CVE|CVE-2016-3606}} {{CVE|CVE-2016-3610}} [http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2016-July/036560.html] || {{pkg|jdk7-openjdk}} {{pkg|jre7-openjdk}} {{pkg|jre7-openjdk-headless}} || 2016-07-29 || <= 7.u101_2.6.6 || 7.u111_2.6.7 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000677.html ASA-201608-3] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000678.html ASA-201608-4] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000679.html ASA-201608-5]<br />
|-<br />
| {{CVE|CVE-2016-0718}} {{CVE|CVE-2016-2830}} {{CVE|CVE-2016-2835}} {{CVE|CVE-2016-2836}} {{CVE|CVE-2016-2837}} {{CVE|CVE-2016-2838}} {{CVE|CVE-2016-2839}} {{CVE|CVE-2016-5250}} {{CVE|CVE-2016-5251}} {{CVE|CVE-2016-5252}} {{CVE|CVE-2016-5254}} {{CVE|CVE-2016-5255}} {{CVE|CVE-2016-5258}} {{CVE|CVE-2016-5259}} {{CVE|CVE-2016-5260}} {{CVE|CVE-2016-5261}} {{CVE|CVE-2016-5262}} {{CVE|CVE-2016-5263}} {{CVE|CVE-2016-5264}} {{CVE|CVE-2016-5265}} {{CVE|CVE-2016-5266}} {{CVE|CVE-2016-5268}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox48] || {{pkg|firefox}} || 2016-08-02 || <= 47.0.1-1 || 48.0-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000676.html ASA-201608-2]<br />
|-<br />
| {{CVE|CVE-2016-5419}} {{CVE|CVE-2016-5420}} {{CVE|CVE-2016-5421}} [https://curl.haxx.se/docs/adv_20160803A.html] [https://curl.haxx.se/docs/adv_20160803B.html] [https://curl.haxx.se/docs/adv_20160803C.html] || {{pkg|curl}} || 2016-08-03 || <= 7.50.0-1 || 7.50.1-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000683.html ASA-201608-9]<br />
|-<br />
| {{CVE|CVE-2016-6210}} [http://www.openssh.com/txt/release-7.3] [http://seclists.org/fulldisclosure/2016/Jul/51] || {{pkg|openssh}} || 2016-07-14 || <= 7.2p2-2 || 7.3p1-1 || 16d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000675.html ASA-201608-1]<br />
|-<br />
| {{CVE|CVE-2016-6503}} {CVE|CVE-2016-6504}} {{CVE|CVE-2016-6507}} [http://seclists.org/oss-sec/2016/q3/217] [[http://www.wireshark.org/security/wnpa-sec-2016-39.html] [http://www.wireshark.org/security/wnpa-sec-2016-40.html] [http://www.wireshark.org/security/wnpa-sec-2016-43.html] || {{pkg|wireshark-cli}} || 2016-07-28 || <= 2.0.4-1 || - || - || Not Affected || None<br />
|-<br />
| {{CVE|CVE-2016-6505}} {{CVE|CVE-2016-6506}} {{CVE|CVE-2016-6508}} {{CVE|CVE-2016-6509}} {{CVE|CVE-2016-6510}} {{CVE|CVE-2016-6511}} {{CVE|CVE-2016-6512}} {{CVE|CVE-2016-6513}} [http://seclists.org/oss-sec/2016/q3/217] [http://www.wireshark.org/security/wnpa-sec-2016-41.html] [http://www.wireshark.org/security/wnpa-sec-2016-42.html] [http://www.wireshark.org/security/wnpa-sec-2016-44.html] [http://www.wireshark.org/security/wnpa-sec-2016-45.html] [http://www.wireshark.org/security/wnpa-sec-2016-46.html] [http://www.wireshark.org/security/wnpa-sec-2016-47.html] [http://www.wireshark.org/security/wnpa-sec-2016-48.html] [http://www.wireshark.org/security/wnpa-sec-2016-49.html] || {{pkg|wireshark-cli}} || 2016-07-28 || <= 2.0.4-1 || 2.0.5-1 || 26d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000694.html ASA-201608-20]<br />
|-<br />
| {{CVE|CVE-2016-6491}} [http://seclists.org/oss-sec/2016/q3/194] [http://git.imagemagick.org/repos/ImageMagick/commit/5cb6c1acd3e3b12f9260daf207db432df7f792c2] || {{pkg|imagemagick}} || 2016-07-27 || <= 6.9.5.2-1 || 6.9.5.3-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000673.html ASA-201607-13]<br />
|-<br />
| {{CVE|CVE-2015-8948}} {{CVE|CVE-2016-6261}} {{CVE|CVE-2016-6262}} {{CVE|CVE-2016-6263}} || {{Pkg|libidn}} || 2016-07-20 || <= 1.32-1 || 1.33-1 || 10d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000674.html ASA-201607-14]<br />
|-<br />
| {{CVE|CVE-2016-6186}} || {{Pkg|python-django}} {{Pkg|python2-django}}|| 2016-07-18 || <= 1.9.8-1 || 1.9.8-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000670.html ASA-201607-10] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000671.html ASA-201607-11]<br />
|-<br />
| {{CVE|CVE-2016-1705}} {{CVE|CVE-2016-1706}} {{CVE|CVE-2016-1708}} {{CVE|CVE-2016-1709}} {{CVE|CVE-2016-1710}} {{CVE|CVE-2016-1711}} {{CVE|CVE-2016-5127}} {{CVE|CVE-2016-5128}} {{CVE|CVE-2016-5129}} {{CVE|CVE-2016-5130}} {{CVE|CVE-2016-5131}} {{CVE|CVE-2016-5132}} {{CVE|CVE-2016-5133}} {{CVE|CVE-2016-5134}} {{CVE|CVE-2016-5135}} {{CVE|CVE-2016-5136}} {{CVE|CVE-2016-5137}} [https://googlechromereleases.blogspot.fr/2016/07/stable-channel-update.html] || {{pkg|chromium}} || 2016-07-20 || <= 51.0.2704.106-1 || 52.0.2743.82-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000672.html ASA-201607-12]<br />
|-<br />
| {{CVE|CVE-2016-5385}} [https://www.drupal.org/SA-CORE-2016-003] || {{pkg|drupal}} || 2016-07-18 || <= 8.1.6-1 || 8.1.7-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000669.html ASA-201607-9]<br />
|-<br />
| {{CVE|CVE-2016-2775}} [https://kb.isc.org/article/AA-01393/74/CVE-2016-2775] || {{pkg|bind}} || 2016-07-19 || <= 9.10.4.P1-2 || 9.10.4.P2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000668.html ASA-201607-8]<br />
|-<br />
|{{CVE|CVE-2016-4173}} {{CVE|CVE-2016-4174}} {{CVE|CVE-2016-4175}} {{CVE|CVE-2016-4176}} {{CVE|CVE-2016-4177}} {{CVE|CVE-2016-4179}} {{CVE|CVE-2016-4180}} {{CVE|CVE-2016-4181}} {{CVE|CVE-2016-4182}} {{CVE|CVE-2016-4183}} {{CVE|CVE-2016-4184}} {{CVE|CVE-2016-4185}} {{CVE|CVE-2016-4186}} {{CVE|CVE-2016-4187}} {{CVE|CVE-2016-4188}} {{CVE|CVE-2016-4189}} {{CVE|CVE-2016-4190}} {{CVE|CVE-2016-4217}} {{CVE|CVE-2016-4218}} {{CVE|CVE-2016-4219}} {{CVE|CVE-2016-4220}} {{CVE|CVE-2016-4221}} {{CVE|CVE-2016-4222}} {{CVE|CVE-2016-4223}} {{CVE|CVE-2016-4224}} {{CVE|CVE-2016-4225}} {{CVE|CVE-2016-4226}} {{CVE|CVE-2016-4227}} {{CVE|CVE-2016-4228}} {{CVE|CVE-2016-4229}} {{CVE|CVE-2016-4230}} {{CVE|CVE-2016-4231}} {{CVE|CVE-2016-4232}} {{CVE|CVE-2016-4233}} {{CVE|CVE-2016-4234}} {{CVE|CVE-2016-4235}} {{CVE|CVE-2016-4236}} {{CVE|CVE-2016-4237}} {{CVE|CVE-2016-4238}} {{CVE|CVE-2016-4239}} {{CVE|CVE-2016-4240}} {{CVE|CVE-2016-4241}} {{CVE|CVE-2016-4242}} {{CVE|CVE-2016-4243}} {{CVE|CVE-2016-4244}} {{CVE|CVE-2016-4245}} {{CVE|CVE-2016-4246}} {{CVE|CVE-2016-4247}} {{CVE|CVE-2016-4248}} || {{pkg|flashplugin}} {{pkg|lib32-flashplugin}} || 2016-07-12 || <= 11.2.202.626-1 || 11.2.202.632-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000666.html ASA-201607-6] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000667.html ASA-201607-7]<br />
|-<br />
| {{CVE|CVE-2016-2815}} {{CVE|CVE-2016-2818}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird45.2] || {{pkg|thunderbird}} || 2016-06-30 || <= 45.1.1-2 || 45.2.0-1 || 10d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000664.html ASA-201607-4]<br />
|-<br />
| {{CVE|CVE-2016-4979}} [https://httpd.apache.org/security/vulnerabilities_24.html] || {{pkg|apache}} || 2016-07-05 || 2.4.18-2.4.20 || 2.4.23-1 || || Fixed ({{bug|49958}}) || None<br />
|-<br />
| {{CVE|CVE-2016-4994}} [https://bugzilla.gnome.org/show_bug.cgi?id=767873] || {{pkg|gimp}} || 2016-06-21 || <= 2.8.16-2 || 2.8.18-1 || 26d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000665.html ASA-201607-5]<br />
|-<br />
| {{CVE|CVE-2016-4472}} [https://bugzilla.redhat.com/show_bug.cgi?id=1344251] || {{pkg|expat}} || 2016-06-30 || <= 2.1.1-3 || 2.2.0-1 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-3189}} [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3189] || {{pkg|bzip2}} || 2016-06-30 || <= 1.0.6-5 || || || '''Vulnerable''' ||<br />
|-<br />
| {{CVE|CVE-2016-4463}} [http://seclists.org/bugtraq/2016/Jun/115] || {{pkg|xerces-c}} || 2016-06-29 || <= 3.1.3-2 || 3.1.4-1 || <3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000662.html ASA-201607-2]<br />
|-<br />
| {{CVE|CVE-2016-4324}} [http://www.talosintelligence.com/reports/TALOS-2016-0126/] || {{pkg|libreoffice-fresh}} || 2016-06-27 || <= 5.1.3-2 || 5.1.4-1 || <0d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000663.html ASA-201607-3]<br />
|-<br />
| {{CVE|CVE-2016-5701}} {{CVE|CVE-2016-5702}} {{CVE|CVE-2016-5703}} {{CVE|CVE-2016-5704}} {{CVE|CVE-2016-5705}} {{CVE|CVE-2016-5706}} {{CVE|CVE-2016-5730}} {{CVE|CVE-2016-5731}} {{CVE|CVE-2016-5732}} {{CVE|CVE-2016-5733}} {{CVE|CVE-2016-5734}} {{CVE|CVE-2016-5739}} [https://www.phpmyadmin.net/security/PMASA-2016-17/] [https://www.phpmyadmin.net/security/PMASA-2016-18/] [https://www.phpmyadmin.net/security/PMASA-2016-19/] [https://www.phpmyadmin.net/security/PMASA-2016-20/] [https://www.phpmyadmin.net/security/PMASA-2016-21/] [https://www.phpmyadmin.net/security/PMASA-2016-22/] [https://www.phpmyadmin.net/security/PMASA-2016-23/] [https://www.phpmyadmin.net/security/PMASA-2016-24/] [https://www.phpmyadmin.net/security/PMASA-2016-25/] [https://www.phpmyadmin.net/security/PMASA-2016-26/] [https://www.phpmyadmin.net/security/PMASA-2016-27/] [https://www.phpmyadmin.net/security/PMASA-2016-28/] || {{pkg|phpmyadmin}} || 2016-06-23 || <= 4.6.2-1 || 4.6.3-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000660.html ASA-201606-25]<br />
|-<br />
| {{CVE|CVE-2016-1704}} [https://googlechromereleases.blogspot.fr/2016/06/stable-channel-update_16.html] || {{pkg|chromium}} || 2016-01-16 || <= 51.0.2704.84-1 || 51.0.2704.103-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000655.html ASA-201606-20]<br />
|-<br />
| {{CVE|CVE-2016-2365}} {{CVE|CVE-2016-2366}} {{CVE|CVE-2016-2367}} {{CVE|CVE-2016-2368}} {{CVE|CVE-2016-2369}} {{CVE|CVE-2016-2370}} {{CVE|CVE-2016-2371}} {{CVE|CVE-2016-2372}} {{CVE|CVE-2016-2373}} {{CVE|CVE-2016-2374}} {{CVE|CVE-2016-2375}} {{CVE|CVE-2016-2376}} {{CVE|CVE-2016-2377}} {{CVE|CVE-2016-2378}} {{CVE|CVE-2016-2380}} {{CVE|CVE-2016-4323}} [http://blog.talosintel.com/2016/06/vulnerability-spotlight-pidgin.html] || {{pkg|libpurple}} || 2016-01-21 || <= 2.10.12-4 || 2.11.0-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000659.html ASA-201606-24]<br />
|-<br />
| {{CVE|CVE-2016-1541}} [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1541] || {{pkg|libarchive}} || 2016-01-17 || <= 3.1.2-8 || 3.2.0-1 || 47d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-July/000661.html ASA-201607-1]<br />
|-<br />
| {{CVE|CVE-2016-5875}} {{CVE|CVE-2016-5314}} {{CVE|CVE-2016-5315}} {{CVE|CVE-2016-5316}} {{CVE|CVE-2016-5317}} {{CVE|CVE-2016-5320}} {{CVE|CVE-2016-5321}} {{CVE|CVE-2016-5322}} {{CVE|CVE-2016-5323}} {{CVE|CVE-2016-5102}} {{CVE|CVE-2016-3991}} {{CVE|CVE-2016-3990}} {{CVE|CVE-2016-3945}} {{CVE|CVE-2016-3658}} {{CVE|CVE-2016-3634}} {{CVE|CVE-2016-3633}} {{CVE|CVE-2016-3632}} {{CVE|CVE-2016-3631}} {{CVE|CVE-2016-3625}} {{CVE|CVE-2016-3624}} {{CVE|CVE-2016-3623}} {{CVE|CVE-2016-3622}} {{CVE|CVE-2016-3621}} {{CVE|CVE-2016-3620}} {{CVE|CVE-2016-3619}} {{CVE|CVE-2016-3186}} {{CVE|CVE-2015-8668}} {{CVE|CVE-2015-7313}} {{CVE|CVE-2014-8130}} {{CVE|CVE-2014-8127}} {{CVE|CVE-2010-2596}} {{CVE|CVE-2016-6223}} [http://www.openwall.com/lists/oss-security/2016/06/15/1] [http://www.openwall.com/lists/oss-security/2016/06/15/2] [http://www.openwall.com/lists/oss-security/2016/06/15/3] [http://www.openwall.com/lists/oss-security/2016/06/15/5] [http://www.openwall.com/lists/oss-security/2016/06/15/6] [http://www.openwall.com/lists/oss-security/2016/06/15/7] [http://www.openwall.com/lists/oss-security/2016/06/15/8] [http://www.openwall.com/lists/oss-security/2016/06/15/9] [https://security-tracker.debian.org/tracker/source-package/tiff] [http://www.openwall.com/lists/oss-security/2016/07/13/3] || {{pkg|libtiff}} || 2016-06-19 || <= 4.0.6-2 || || || '''Vulnerable''' ||<br />
|-<br />
| {{CVE|CVE-2016-4122}} {{CVE|CVE-2016-4123}} {{CVE|CVE-2016-4124}} {{CVE|CVE-2016-4125}} {{CVE|CVE-2016-4127}} {{CVE|CVE-2016-4128}} {{CVE|CVE-2016-4129}} {{CVE|CVE-2016-4130}} {{CVE|CVE-2016-4131}} {{CVE|CVE-2016-4132}} {{CVE|CVE-2016-4133}} {{CVE|CVE-2016-4134}} {{CVE|CVE-2016-4135}} {{CVE|CVE-2016-4136}} {{CVE|CVE-2016-4137}} {{CVE|CVE-2016-4138}} {{CVE|CVE-2016-4139}} {{CVE|CVE-2016-4140}} {{CVE|CVE-2016-4141}} {{CVE|CVE-2016-4142}} {{CVE|CVE-2016-4143}} {{CVE|CVE-2016-4144}} {{CVE|CVE-2016-4145}} {{CVE|CVE-2016-4146}} {{CVE|CVE-2016-4147}} {{CVE|CVE-2016-4148}} {{CVE|CVE-2016-4149}} {{CVE|CVE-2016-4150}} {{CVE|CVE-2016-4151}} {{CVE|CVE-2016-4152}} {{CVE|CVE-2016-4153}} {{CVE|CVE-2016-4154}} {{CVE|CVE-2016-4155}} {{CVE|CVE-2016-4156}} {{CVE|CVE-2016-4166}} {{CVE|CVE-2016-4171}} [https://helpx.adobe.com/security/products/flash-player/apsb16-18.html] || {{pkg|flashplugin}} {{pkg|lib32-flashplugin}} || 2016-06-16 || <= 11.2.202.621-1 || 11.2.202.626-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000650.html ASA-201606-15] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000653.html ASA-201606-18]<br />
|-<br />
| {{CVE|CVE-2016-4971}} [https://lists.gnu.org/archive/html/bug-wget/2016-06/msg00033.html] || {{pkg|wget}} || 2016-06-09 || <= 1.17.1-2 || 1.18-1 || 11d || Fixed ({{bug|49730}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000654.html ASA-201606-19]<br />
|-<br />
| {{CVE|CVE-2012-6702}} {{CVE|CVE-2016-5300}} || {{pkg|expat}} {{pkg|lib32-expat}} || 2016-06-07 || <= 2.1.1-2 || 2.1.1-3 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000648.html ASA-201606-13] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000649.html ASA-201606-14]<br />
|-<br />
| {{CVE|CVE-2016-5360}} [http://seclists.org/oss-sec/2016/q2/512] || {{pkg|haproxy}} || 2016-06-09 || <= 1.6.5-3 || 1.6.5-4 || 1d || Fixed ({{bug|49638}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000646.html ASA-201606-11]<br />
|-<br />
| {{CVE|CVE-2016-2815}} {{CVE|CVE-2016-2818}} {{CVE|CVE-2016-2819}} {{CVE|CVE-2016-2821}} {{CVE|CVE-2016-2822}} {{CVE|CVE-2016-2825}} {{CVE|CVE-2016-2828}} {{CVE|CVE-2016-2829}} {{CVE|CVE-2016-2831}} {{CVE|CVE-2016-2832}} {{CVE|CVE-2016-2833}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox47] || {{pkg|firefox}} || 2016-06-07 || <= 46.0.1-1 || 47.0-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000642.html ASA-201606-7]<br />
|-<br />
| {{CVE|CVE-2016-4456}} [https://marc.ttias.be/oss-security/2016-06/msg00043.php] [http://gnutls.org/security.html#GNUTLS-SA-2016-1] || {{pkg|gnutls}} {{pkg|lib32-gnutls}} || 2016-06-06 || <= 3.4.12-1 || 3.4.13-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000645.html ASA-201606-10] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000647.html ASA-201606-12]<br />
|-<br />
| {{CVE|CVE-2015-8899}} [http://www.openwall.com/lists/oss-security/2016/06/04/2] || {{pkg|dnsmasq}} || 2016-06-04 || <= 2.75-1 || 2.76-1 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-4953}} {{CVE|CVE-2016-4954}} {{CVE|CVE-2016-4955}} {{CVE|CVE-2016-4956}} {{CVE|CVE-2016-4957}} [http://support.ntp.org/bin/view/Main/SecurityNotice#June_2016_ntp_4_2_8p8_NTP_Securi] || {{pkg|ntp}} || 2016-06-02 || <= 4.2.8.p7-1 || 4.2.8.p8-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000639.html ASA-201606-4]<br />
|-<br />
| {{CVE|CVE-2016-4429}} [https://sourceware.org/bugzilla/show_bug.cgi?id=20112] || {{pkg|glibc}} {{pkg|lib32-glibc}} || 2016-05-18 || <= 2.23-4 || 2.23-5 || 25d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000651.html ASA-201606-16] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000652.html ASA-201606-17]<br />
|-<br />
| {{CVE|CVE-2016-5244}} {{CVE|CVE-2016-5243}} [http://www.openwall.com/lists/oss-security/2016/06/03/5] [http://www.openwall.com/lists/oss-security/2016/06/03/4] || {{pkg|linux}} || 2016-06-03 || <= 4.6.1 || || || Not Affected ||<br />
|-<br />
| {{CVE|CVE-2016-1696}} {{CVE|CVE-2016-1697}} {{CVE|CVE-2016-1698}} {{CVE|CVE-2016-1699}} {{CVE|CVE-2016-1700}} {{CVE|CVE-2016-1701}} {{CVE|CVE-2016-1702}} {{CVE|CVE-2016-1703}} [http://googlechromereleases.blogspot.fr/2016/06/stable-channel-update.html] || {{pkg|chromium}} || 2016-06-01 || <= 51.0.2704.63-1 || 51.0.2704.79-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000640.html ASA-201606-5]<br />
|-<br />
| {{CVE|CVE-2016-4450}} [http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html] [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4450] || {{pkg|nginx-mainline}} || 2016-05-31 || <= 1.11-1 || 1.11.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000637.html ASA-201606-2]<br />
|-<br />
| {{CVE|CVE-2016-4450}} [http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html] [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4450] || {{pkg|nginx}} || 2016-05-31 || <= 1.10-1 || 1.10.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000636.html ASA-201606-1]<br />
|-<br />
| {{CVE|CVE-2016-1857}} [http://webkitgtk.org/security/WSA-2016-0004.html] || {{pkg|webkit2gtk}} || 2016-05-30 || <= 2.12.2-1 || 2.12.3-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000638.html ASA-201606-3]<br />
|-<br />
| {{CVE|CVE-2016-5108}} [http://www.openwall.com/lists/oss-security/2016/05/27/7] || {{pkg|vlc}} || 2016-05-27 || <= 2.2.3-3 || 2.2.4-1 || 11d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000656.html ASA-201606-21]<br />
|-<br />
| {{CVE|CVE-2016-5104}} [http://www.openwall.com/lists/oss-security/2016/05/26/6] || {{pkg|libusbmuxd}} || 2016-05-26 || <= 1.0.10-1 || || || '''Vulnerable''' ||<br />
|-<br />
| {{CVE|CVE-2016-5104}} [http://www.openwall.com/lists/oss-security/2016/05/26/6] || {{pkg|libimobiledevice}} || 2016-05-26 || <= 1.2.0-3 || || || '''Vulnerable''' ||<br />
|-<br />
| {{CVE|CVE-2016-5103}} [http://www.openwall.com/lists/oss-security/2016/05/26/5] || {{pkg|roundcubemail}} || 2016-05-26 || <= 1.2rc-1 || 1.2.0-1 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-1762}} {{CVE|CVE-2016-1833}} {{CVE|CVE-2016-1834}} {{CVE|CVE-2016-1835}} {{CVE|CVE-2016-1836}} {{CVE|CVE-2016-1837}} {{CVE|CVE-2016-1838}} {{CVE|CVE-2016-1839}} {{CVE|CVE-2016-1840}} {{CVE|CVE-2016-3627}} {{CVE|CVE-2016-3705}} {{CVE|CVE-2016-4483}} [https://git.gnome.org/browse/libxml2/log/] || {{pkg|libxml2}} || 2016-05-23 || <= 2.9.3-2 || 2.9.4+0+gbdec218-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000634.html ASA-201605-27]<br />
|-<br />
| {{CVE|CVE-2016-1672}} {{CVE|CVE-2016-1673}} {{CVE|CVE-2016-1674}} {{CVE|CVE-2016-1675}} {{CVE|CVE-2016-1676}} {{CVE|CVE-2016-1677}} {{CVE|CVE-2016-1678}} {{CVE|CVE-2016-1679}} {{CVE|CVE-2016-1680}} {{CVE|CVE-2016-1681}} {{CVE|CVE-2016-1682}} {{CVE|CVE-2016-1683}} {{CVE|CVE-2016-1684}} {{CVE|CVE-2016-1685}} {{CVE|CVE-2016-1686}} {{CVE|CVE-2016-1687}} {{CVE|CVE-2016-1688}} {{CVE|CVE-2016-1689}} {{CVE|CVE-2016-1690}} {{CVE|CVE-2016-1691}} {{CVE|CVE-2016-1692}} {{CVE|CVE-2016-1693}} {{CVE|CVE-2016-1694}} {{CVE|CVE-2016-1695}} [http://googlechromereleases.blogspot.fr/2016/05/stable-channel-update_25.html] || {{pkg|chromium}} || 2016-05-25 || <= 50.0.2661.102-1 || 51.0.2704.63-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000635.html ASA-201605-28]<br />
|-<br />
| {{CVE|CVE-2016-5027}} {{CVE|CVE-2016-5028}} {{CVE|CVE-2016-5029}} {{CVE|CVE-2016-5030}} {{CVE|CVE-2016-5031}} {{CVE|CVE-2016-5032}} {{CVE|CVE-2016-5033}} {{CVE|CVE-2016-5034}} {{CVE|CVE-2016-5035}} {{CVE|CVE-2016-5036}} {{CVE|CVE-2016-5037}} {{CVE|CVE-2016-5038}} {{CVE|CVE-2016-5039}} {{CVE|CVE-2016-5040}} {{CVE|CVE-2016-5041}} {{CVE|CVE-2016-5042}} {{CVE|CVE-2016-5043}} {{CVE|CVE-2016-5044}} [http://seclists.org/oss-sec/2016/q2/393] [https://www.prevanders.net/dwarfbug.html] || {{pkg|libdwarf}} || 2016-05-24 || <= 20160507-1 || 20160613-1 || 27d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000658.html ASA-201606-23]<br />
|-<br />
| {{CVE|CVE-2015-1283}} {{CVE|CVE-2016-0718}} [http://seclists.org/oss-sec/2016/q2/360] || {{pkg|expat}} {{pkg|lib32-expat}} || 2016-05-17 || <= 2.1.1-1 || 2.1.1-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000629.html ASA-201605-22] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000630.html ASA-201605-23]<br />
|-<br />
| {{CVE|CVE-2016-2334}} {{CVE|CVE-2016-2335}} [http://www.talosintel.com/reports/TALOS-2016-0093/] [http://www.talosintel.com/reports/TALOS-2016-0094/] || {{pkg|p7zip}} || 2016-05-10 || <= 15.14.1-1 || 15.14.1-2 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000631.html ASA-201605-24]<br />
|-<br />
| {{CVE|CVE-2016-3698}} [https://github.com/jpirko/libndp/commit/2af9a55b38b55abbf05fd116ec097d4029115839] || {{pkg|libndp}} || 2016-05-17 || <= 1.5-1 || 1.6-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000633.html ASA-201605-26]<br />
|-<br />
| {{CVE|CVE-2016-2803}} [http://seclists.org/bugtraq/2016/May/72] || {{pkg|bugzilla}} || 2016-05-16 || <= 5.0.2-1 || 5.0.3-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000632.html ASA-201605-25]<br />
|-<br />
| {{CVE|CVE-2016-2099}} [https://issues.apache.org/jira/browse/XERCESC-2066] [http://www.openwall.com/lists/oss-security/2016/05/09/7] || {{pkg|xerces-c}} || 2016-05-09 || <= 3.1.3-1 || 3.1.3-2 || 46d || Fixed ({{bug|49353}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000656.html ASA-201606-22]<br />
|-<br />
| [http://blog.jetbrains.com/blog/2016/05/11/security-update-for-intellij-based-ides-v2016-1-and-older-versions/] || {{pkg|intellij-idea-community-edition}} {{pkg|intellij-idea-libs}} || 2016-05-11 || <= 1:2016.1.1-1 || 1:2016.1.2-1 || 3d || Fixed ({{bug|49329}}) || None<br />
|-<br />
| {{CVE|CVE-2016-2804}} {{CVE|CVE-2016-2805}} {{CVE|CVE-2016-2806}} {{CVE|CVE-2016-2807}} [https://www.mozilla.org/en-US/security/advisories/mfsa2016-39/] || {{pkg|thunderbird}} || 2016-05-10 || <= 45.0-1 || 45.1.0-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000628.html ASA-201605-21]<br />
|-<br />
| {{CVE|CVE-2016-1667}} {{CVE|CVE-2016-1668}} {{CVE|CVE-2016-1669}} {{CVE|CVE-2016-1670}} [http://googlechromereleases.blogspot.fr/2016/05/stable-channel-update.html] || {{pkg|chromium}} || 2016-05-11 || <= 50.0.2661.94-1 || 50.0.2661.102-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000622.html ASA-201605-15] <br />
|-<br />
| {{CVE|CVE-2016-3706}} {{CVE|CVE-2016-1234}} [https://sourceware.org/bugzilla/show_bug.cgi?id=20010] || {{pkg|glibc}} {{pkg|lib32-glibc}} || 2016-04-27 || <= 2.23-2 || 2.23-4 || 17d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000626.html ASA-201605-19] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000627.html ASA-201605-20]<br />
|-<br />
| {{CVE|CVE-2016-1096}} {{CVE|CVE-2016-1097}} {{CVE|CVE-2016-1098}} {{CVE|CVE-2016-1099}} {{CVE|CVE-2016-1100}} {{CVE|CVE-2016-1101}} {{CVE|CVE-2016-1102}} {{CVE|CVE-2016-1103}} {{CVE|CVE-2016-1104}} {{CVE|CVE-2016-1105}} {{CVE|CVE-2016-1106}} {{CVE|CVE-2016-1107}} {{CVE|CVE-2016-1108}} {{CVE|CVE-2016-1109}} {{CVE|CVE-2016-1110}} {{CVE|CVE-2016-4108}} {{CVE|CVE-2016-4109}} {{CVE|CVE-2016-4110}} {{CVE|CVE-2016-4111}} {{CVE|CVE-2016-4112}} {{CVE|CVE-2016-4113}} {{CVE|CVE-2016-4114}} {{CVE|CVE-2016-4115}} {{CVE|CVE-2016-4116}} {{CVE|CVE-2016-4117}} [https://helpx.adobe.com/security/products/flash-player/apsa16-02.html] || {{pkg|flashplugin}} {{pkg|lib32-flashplugin}} || 2016-05-10 || <= 11.2.202.616-2 || 11.2.202.621-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000623.html ASA-201605-16] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000625.html ASA-201605-18]<br />
|-<br />
| {{CVE|CVE-2015-8558}} {{CVE|CVE-2016-3710}} {{CVE|CVE-2016-3712}} {{CVE|CVE-2016-5105}} {{CVE|CVE-2016-5107}} {{CVE|CVE-2016-5106}} [http://xenbits.xen.org/xsa/advisory-179.html] [http://www.openwall.com/lists/oss-security/2016/05/25/7] || {{pkg|qemu}} {{pkg|qemu-arch-extra}} || 2016-05-10 || <= 2.5.1-1 || 2.6.0-1 || 28d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000643.html ASA-201606-8] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000644.html ASA-201606-9]<br />
|-<br />
| {{CVE|CVE-2015-8558}} {{CVE|CVE-2016-3710}} {{CVE|CVE-2016-3712}} {{CVE|CVE-2016-5105}} {{CVE|CVE-2016-5107}} {{CVE|CVE-2016-5106}} [http://xenbits.xen.org/xsa/advisory-179.html] [http://www.openwall.com/lists/oss-security/2016/05/25/7] || {{pkg|qemu-guest-agent}} {{pkg|qemu-block-gluster}} {{pkg|qemu-block-iscsi}} {{pkg|qemu-block-rbd}} || 2016-05-10 || <= 2.5.1-1 || - || - || Not Affected || None<br />
|-<br />
| {{CVE|CVE-2016-1926}} [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1926] [http://www.openvas.org/OVSA20160113.html] || {{pkg|greenbone-security-assistant}} || 2016-01-16 || <= 6.0.6-2 || || || '''Vulnerable''' || <br />
|-<br />
| {{CVE|CVE-2016-3659}} [http://bugs.cacti.net/view.php?id=2673] || {{pkg|cacti}} || 2016-03-31 || <= 0.8.8_g-3 || 0.8.8_h-1 || 40d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000621.html ASA-201605-14]<br />
|-<br />
| {{CVE|CVE-2016-4554}} {{CVE|CVE-2016-4555}} {{CVE|CVE-2016-4556}} [http://www.squid-cache.org/Advisories/SQUID-2016_8.txt] [http://www.squid-cache.org/Advisories/SQUID-2016_9.txt] || {{pkg|squid}} || 2016-05-09 || <= 3.5.17-1 || 3.5.19-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000620.html ASA-201605-13]<br />
|-<br />
| {{CVE|CVE-2015-8106}} [http://www.openwall.com/lists/oss-security/2015/11/16/39] || {{pkg|latex2rtf}} || 2015-11-16 || <= 2.3.8-1 || 2.3.10-1 || ~6m || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000616.html ASA-201605-9]<br />
|-<br />
| {{CVE|CVE-2016-3105}} [https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.8_.2F_3.8.1_.282016-5-1.29] || {{pkg|mercurial}} || 2016-05-01 || <= 3.7.3-1 || 3.8.1-1 || 5d || Fixed ({{bug|49239}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000617.html ASA-201605-10] <br />
|-<br />
| {{CVE|CVE-2016-1236}} [http://www.openwall.com/lists/oss-security/2016/05/05/22] || {{pkg|websvn}} || 2016-05-05 || <= 2.3.3-6 || 2.3.3-7 || 98d || Fixed ({{bug|50344}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000685.html ASA-201608-11]<br />
|-<br />
| {{CVE|CVE-2016-4414}} [http://marc.info/?l=oss-security&m=146204310020229&w=2] || {{pkg|quassel-client}} {{pkg|quassel-monolithic}} || 2016-04-30 || <= 0.12.3-1 || - || - || Not Affected || None<br />
|-<br />
| {{CVE|CVE-2016-4352}} [http://www.openwall.com/lists/oss-security/2016/04/29/7] || {{pkg|mencoder}} {{pkg|mplayer}} || 2016-05-03 || <= 37379-7 || 37857-1 || 3d || Fixed ({{bug|49195}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000618.html ASA-201605-11] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000619.html ASA-201605-12]<br />
|-<br />
| {{CVE|CVE-2016-4574}} [http://www.openwall.com/lists/oss-security/2016/05/10/4] || {{pkg|libksba}} || 2016-05-03 || <= 1.3.3-1 || 1.3.4-1 || 9d || Fixed ({{bug|49289}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000624.html ASA-201605-17]<br />
|-<br />
| {{CVE|CVE-2016-4354}} {{CVE|CVE-2016-4353}} {{CVE|CVE-2016-4355}} {{CVE|CVE-2016-4356}} [http://www.openwall.com/lists/oss-security/2016/04/29/8] || {{pkg|libksba}} || 2016-04-10 || <= 1.3.2-1 || 1.3.3-1 || 18d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-4348}} {{CVE|CVE-2016-4347}} [http://www.openwall.com/lists/oss-security/2016/04/30/3] || {{pkg|librsvg}} || 2016-05-03 || <= 2:2.40.2-2 || 2:2.40.15-2 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-4415}} {{CVE|CVE-2016-4416}} {{CVE|CVE-2016-4417}} {{CVE|CVE-2016-4418}} {{CVE|CVE-2016-4419}} {{CVE|CVE-2016-4420}} {{CVE|CVE-2016-4421}} {{CVE|CVE-2016-4076}} {{CVE|CVE-2016-4077}} {{CVE|CVE-2016-4078}} {{CVE|CVE-2016-4079}} {{CVE|CVE-2016-4080}} {{CVE|CVE-2016-4081}} {{CVE|CVE-2016-4006}} {{CVE|CVE-2016-4082}} {{CVE|CVE-2016-4083}} {{CVE|CVE-2016-4084}} {{CVE|CVE-2016-4085}} [http://www.openwall.com/lists/oss-security/2016/04/25/2] || {{pkg|wireshark-cli}} {{pkg|wireshark-qt}} {{pkg|wireshark-gtk}} || 2016-05-03 || <= 2.0.2-1 || 2.0.3-1 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-3714}} [http://www.openwall.com/lists/oss-security/2016/05/03/13] [http://www.openwall.com/lists/oss-security/2016/05/03/14]|| {{pkg|imagemagick}} || 2016-05-03 || <= 6.9.3.8-1 || 6.9.3.10-1 || 3d || Fixed ({{bug|49203}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000613.html ASA-201605-6]<br />
|-<br />
| {{CVE|CVE-2016-4477}} {{CVE|CVE-2016-4476}} [http://www.openwall.com/lists/oss-security/2016/05/03/2] || {{pkg|hostapd}} || 2016-05-03 || <= 2.5-2 || || || '''Vulnerable''' ({{bug|49196}}) || <br />
|-<br />
| {{CVE|CVE-2016-4477}} {{CVE|CVE-2016-4476}} [http://www.openwall.com/lists/oss-security/2016/05/03/2] || {{pkg|wpa_supplicant}} || 2016-05-03 || <= 1:2.5-3 || || || '''Vulnerable''' ({{bug|49196}}) || <br />
|-<br />
| {{CVE|CVE-2016-2105}} {{CVE|CVE-2016-2106}} {{CVE|CVE-2016-2107}} {{CVE|CVE-2016-2109}} {{CVE|CVE-2016-2176}} [https://www.openssl.org/news/secadv/20160503.txt] || {{pkg|openssl}} {{pkg|lib32-openssl}} || 2016-05-03 || <= 1.0.2.g-3 || 1.0.2.h-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000610.html ASA-201605-3] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000611.html ASA-201605-4]<br />
|-<br />
| {{CVE|CVE-2016-4425}} [https://github.com/akheron/jansson/issues/282] [http://marc.info/?l=oss-security&m=146219323703639&w=2] || {{pkg|jansson}} || 2016-05-02 || <= 2.7-1 || 2.8-1 || 137d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000711.html ASA-201609-15]<br />
|-<br />
| {{CVE|CVE-2016-4425}} [https://github.com/akheron/jansson/issues/282] [http://marc.info/?l=oss-security&m=146219323703639&w=2] || {{pkg|lib32-jansson}} || 2016-05-02 || <= 2.7-2 || 2.8-1 || 140d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-September/000713.html ASA-201609-17]<br />
|-<br />
| {{CVE|CVE-2016-1660}} {{CVE|CVE-2016-1661}} {{CVE|CVE-2016-1662}} {{CVE|CVE-2016-1663}} {{CVE|CVE-2016-1664}} {{CVE|CVE-2016-1665}} {{CVE|CVE-2016-1666}} [http://googlechromereleases.blogspot.fr/2016/04/stable-channel-update_28.html] || {{pkg|chromium}} || 2016-04-28 || <= 50.0.2661.75-1 || 50.0.2661.94-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000614.html ASA-201605-7]<br />
|-<br />
| {{CVE|CVE-2015-8869}} || {{pkg|ocaml}} || 2016-04-29 || <= 4.02.3-2 || || || '''Vulnerable''' || <br />
|-<br />
| {{CVE|CVE-2016-4414}} [http://marc.info/?l=oss-security&m=146204310020229&w=2] || {{pkg|quassel-core}} || 2016-04-30 || <= 0.12.3-1 || 0.12.4-1 || 6d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000612.html ASA-201605-5]<br />
|-<br />
| {{CVE|CVE-2016-2167}} {{CVE|CVE-2016-2168}} [https://mail-archives.apache.org/mod_mbox/subversion-announce/201604.mbox/%3CCAP_GPNgfn1iKueW51EpmXzXi_URNfGNofZSgOyW1_jnSeNm5DQ@mail.gmail.com%3E] || {{pkg|subversion}} || 2016-04-28 || <= 1.9.3-2 || 1.9.4-1 || 38d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-June/000641.html ASA-201606-6]<br />
|-<br />
| {{CVE|CVE-2015-7704}} {{CVE|CVE-2015-8138}} {{CVE|CVE-2016-1547}} {{CVE|CVE-2016-1548}} {{CVE|CVE-2016-1549}} {{CVE|CVE-2016-1550}} {{CVE|CVE-2016-1551}} {{CVE|CVE-2016-2516}} {{CVE|CVE-2016-2517}} {{CVE|CVE-2016-2518}} {{CVE|CVE-2016-2519}} [http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security] || {{pkg|ntp}} || 2016-04-26 || <= 4.2.8.p6-3 || 4.2.8.p7-1 || 6d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-2804}} {{CVE|CVE-2016-2805}} {{CVE|CVE-2016-2806}} {{CVE|CVE-2016-2807}} {{CVE|CVE-2016-2808}} {{CVE|CVE-2016-2811}} {{CVE|CVE-2016-2812}} {{CVE|CVE-2016-2814}} {{CVE|CVE-2016-2816}} {{CVE|CVE-2016-2817}} {{CVE|CVE-2016-2820}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox46] || {{pkg|firefox}} || 2016-04-26 || <= 45.0.2-1 || 46.0-2 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000607.html ASA-201604-15]<br />
|-<br />
| {{CVE|CVE-2015-8863}} [http://seclists.org/oss-sec/2016/q2/134] || {{pkg|jq}} || 2016-04-23 || <= 1.5-3 || 1.5-4 || 109d || Fixed ({{bug|50330}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-August/000684.html ASA-201608-10]<br />
|-<br />
| {{CVE|CVE-2016-3074}} [http://seclists.org/oss-sec/2016/q2/128] || {{pkg|gd}} || 2016-04-21 || <= 2.1.1-3 || 2.1.1-4 || 15d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000615.html ASA-201605-8]<br />
|-<br />
| {{CVE|CVE-2016-4051}} {{CVE|CVE-2016-4052}} {{CVE|CVE-2016-4053}} {{CVE|CVE-2016-4054}} [http://www.squid-cache.org/Advisories/SQUID-2016_5.txt] [http://www.squid-cache.org/Advisories/SQUID-2016_6.txt] || {{pkg|squid}} || 2016-04-20 || <= 3.5.16-1 || 3.5.17-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000606.html ASA-201604-14]<br />
|-<br />
| {{CVE|CVE-2016-4021}} [https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2016-030.txt] || {{pkg|pgpdump}} || 2016-04-12 || <= 0.29-2 || 0.30-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000603.html ASA-201604-11]<br />
|-<br />
| {{CVE|CVE-2016-1955}} {{CVE|CVE-2016-1956}} [https://www.mozilla.org/en-US/security/advisories/mfsa2016-18/] [https://www.mozilla.org/en-US/security/advisories/mfsa2016-19/] || {{pkg|thunderbird}} || 2016-04-12 || <= 38.7.2-1 || 45.0-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000604.html ASA-201604-12]<br />
|-<br />
| {{CVE|CVE-2016-2347}} [http://www.talosintel.com/reports/TALOS-2016-0095/] || {{pkg|lhasa}} || 2016-04-14 || <= 0.3.0-1 || 0.3.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000600.html ASA-201604-8]<br />
|-<br />
| {{CVE|CVE-2016-1651}} {{CVE|CVE-2016-1652}} {{CVE|CVE-2016-1653}} {{CVE|CVE-2016-1654}} {{CVE|CVE-2016-1655}} {{CVE|CVE-2016-1656}} {{CVE|CVE-2016-1657}} {{CVE|CVE-2016-1658}} {{CVE|CVE-2016-1659}} [http://googlechromereleases.blogspot.fr/2016/04/stable-channel-update_13.html] || {{pkg|chromium}} || 2016-04-13|| <= 49.0.2623.112-1 || 50.0.2661.75-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000602.html ASA-201604-10]<br />
|-<br />
| {{CVE|CVE-2015-5370}} {{CVE|CVE-2016-2110}} {{CVE|CVE-2016-2111}} {{CVE|CVE-2016-2112}} {{CVE|CVE-2016-2113}} {{CVE|CVE-2016-2114}} {{CVE|CVE-2016-2115}} {{CVE|CVE-2016-2118}} [https://www.samba.org/samba/history/security.html] [http://badlock.org/] || {{pkg|samba}} || 2016-04-12|| <= 4.4.0-1 || 4.4.2-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000605.html ASA-201604-13]<br />
|-<br />
| {{CVE|CVE-2016-4008}} [http://article.gmane.org/gmane.comp.security.oss.general/19286] || {{pkg|libtasn1}} || 2016-04-11|| <= 4.7-1 || 4.8-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000601.html ASA-201604-9]<br />
|-<br />
| {{CVE|CVE-2011-5326}} {{CVE|CVE-2016-3993}} {{CVE|CVE-2016-3994}} {{CVE|CVE-2016-4024}} [https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=785369] [http://article.gmane.org/gmane.comp.security.oss.general/19276] || {{pkg|imlib2}} || 2016-04-09 || <= 1.4.8-1 || 1.4.9-1 || 23d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000608.html ASA-201605-1]<br />
|-<br />
| {{CVE|CVE-2014-9771}} [http://www.openwall.com/lists/oss-security/2016/04/09/3] || {{pkg|imlib2}} || 2016-04-09 || <= 1.4.5-6 || 1.4.6-1 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-1006}} {{CVE|CVE-2016-1011}} {{CVE|CVE-2016-1012}} {{CVE|CVE-2016-1013}} {{CVE|CVE-2016-1014}} {{CVE|CVE-2016-1015}} {{CVE|CVE-2016-1016}} {{CVE|CVE-2016-1017}} {{CVE|CVE-2016-1018}} {{CVE|CVE-2016-1019}} {{CVE|CVE-2016-1020}} {{CVE|CVE-2016-1021}} {{CVE|CVE-2016-1022}} {{CVE|CVE-2016-1023}} {{CVE|CVE-2016-1024}} {{CVE|CVE-2016-1025}} {{CVE|CVE-2016-1026}} {{CVE|CVE-2016-1027}} {{CVE|CVE-2016-1028}} {{CVE|CVE-2016-1029}} {{CVE|CVE-2016-1030}} {{CVE|CVE-2016-1031}} {{CVE|CVE-2016-1032}} {{CVE|CVE-2016-1033}} [https://helpx.adobe.com/security/products/flash-player/apsa16-01.html] [https://helpx.adobe.com/security/products/flash-player/apsb16-10.html] || {{pkg|flashplugin}} || 2016-04-05 || <= 11.2.202.577-1 || 11.2.202.616-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000599.html ASA-201604-7]<br />
|-<br />
| {{CVE|CVE-2016-3630}} {{CVE|CVE-2016-3068}} {{CVE|CVE-2016-3069}} [https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.29] || {{pkg|mercurial}} || 2016-03-29 || <= 3.7.2-1 || 3.7.3-1 || 8d || Fixed ({{bug|48821}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000598.html ASA-201604-6]<br />
|-<br />
| {{CVE|CVE-2016-2191}} [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2191] [https://sourceforge.net/p/optipng/bugs/59/] [http://www.openwall.com/lists/oss-security/2016/04/04/2]|| {{Pkg|optipng}} || 2016-04-04 || <= 0.7.5-2 || 0.7.6-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000597.html ASA-201604-5]<br />
|-<br />
| {{CVE|CVE-2016-3947}} [http://www.squid-cache.org/Advisories/SQUID-2016_3.txt] || {{Pkg|squid}} || 2016-04-01 || <= 3.5.15-2 || 3.5.16 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000596.html ASA-201604-4]<br />
|-<br />
| {{CVE|CVE-2016-0636}} [http://www.oracle.com/technetwork/topics/security/alert-cve-2016-0636-2949497.html] [http://blog.fuseyism.com/index.php/2016/03/25/security-icedtea-2-6-5-for-openjdk-7-released/] || {{pkg|jdk7-openjdk}} {{pkg|jre7-openjdk}} {{pkg|jre7-openjdk-headless}} || 2016-03-24 || <= 7.u95_2.6.4-1 || 7.u99_2.6.5-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-April/000593.html ASA-201604-1] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000594.html ASA-201604-2] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000595.html ASA-201604-3]<br />
|-<br />
| {{CVE|CVE-2016-0636}} [http://www.oracle.com/technetwork/topics/security/alert-cve-2016-0636-2949497.html] || {{pkg|jdk8-openjdk}} {{pkg|jre8-openjdk}} {{pkg|jre8-openjdk-headless}} || 2016-03-23 || <= 8.u74-1 || 8.u77-1 || 6d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000590.html ASA-201603-25] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000591.html ASA-201603-26] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000592.html ASA-201603-27]<br />
|-<br />
| {{CVE|CVE-2016-1646}} {{CVE|CVE-2016-1647}} {{CVE|CVE-2016-1648}} {{CVE|CVE-2016-1649}} {{CVE|CVE-2016-1650}} [http://googlechromereleases.blogspot.fr/2016/03/stable-channel-update_24.html] || {{pkg|chromium}} || 2016-03-24 || <= 49.0.2623.87-1 || 49.0.2623.108-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000589.html ASA-201603-24]<br />
|-<br />
| {{CVE|CVE-2016-2849}} {{CVE|CVE-2016-2850}} [http://botan.randombit.net/security.html#id1] || {{pkg|botan}} || 2016-03-20 || <= 1.11.28-1 || 1.11.29-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000587.html ASA-201603-22]<br />
|-<br />
| {{CVE|CVE-2016-1952}} {{CVE|CVE-2016-1953}} {{CVE|CVE-2016-1954}} {{CVE|CVE-2016-1957}} {{CVE|CVE-2016-1960}} {{CVE|CVE-2016-1961}} {{CVE|CVE-2016-1964}} {{CVE|CVE-2016-1966}} {{CVE|CVE-2016-1974}} {{CVE|CVE-2016-1977}} {{CVE|CVE-2016-2790}} {{CVE|CVE-2016-2791}} {{CVE|CVE-2016-2792}} {{CVE|CVE-2016-2793}} {{CVE|CVE-2016-2794}} {{CVE|CVE-2016-2795}} {{CVE|CVE-2016-2796}} {{CVE|CVE-2016-2797}} {{CVE|CVE-2016-2798}} {{CVE|CVE-2016-2799}} {{CVE|CVE-2016-2800}} {{CVE|CVE-2016-2801}} {{CVE|CVE-2016-2802}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird38.7] || {{pkg|thunderbird}} || 2016-03-14 || <= 38.6.0-1 || 38.7.0-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000586.html ASA-201603-21]<br />
|-<br />
| {{CVE|CVE-2016-2324}} [http://seclists.org/oss-sec/2016/q1/653] || {{pkg|git}} || 2016-03-15 || <= 2.7.3-1 || 2.7.4-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000585.html ASA-201603-20]<br />
|-<br />
| {{CVE|CVE-2016-3116}} [https://matt.ucc.asn.au/dropbear/CHANGES] || {{pkg|dropbear}} || 2016-03-13 || <= 2015.71-1 || 2016.72-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000584.html ASA-201603-19]<br />
|-<br />
| {{CVE|CVE-2015-1283}} [https://sourceforge.net/p/expat/bugs/528/] || {{pkg|expat}} || 2016-03-12 || <= 2.1.0-4 || 2.1.1-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000588.html ASA-201603-23]<br />
|-<br />
| {{CVE|CVE-2016-2088}} [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2088] {{CVE|CVE-2016-1286}} [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1286] {{CVE|CVE-2016-1285}} [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1285] || {{pkg|bind}} || 2016-03-10 || <= 9.10.3.P3-3 || 9.10.3.P4-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000578.html ASA-201603-13]<br />
|-<br />
| {{CVE|CVE-2016-0960}} {{CVE|CVE-2016-0961}} {{CVE|CVE-2016-0962}} {{CVE|CVE-2016-0963}} {{CVE|CVE-2016-0986}} {{CVE|CVE-2016-0987}} {{CVE|CVE-2016-0988}} {{CVE|CVE-2016-0989}} {{CVE|CVE-2016-0990}} {{CVE|CVE-2016-0991}} {{CVE|CVE-2016-0992}} {{CVE|CVE-2016-0993}} {{CVE|CVE-2016-0994}} {{CVE|CVE-2016-0995}} {{CVE|CVE-2016-0996}} {{CVE|CVE-2016-0997}} {{CVE|CVE-2016-0998}} {{CVE|CVE-2016-0999}} {{CVE|CVE-2016-1000}} {{CVE|CVE-2016-1001}} {{CVE|CVE-2016-1002}} {{CVE|CVE-2016-1005}} {{CVE|CVE-2016-1010}} [https://helpx.adobe.com/security/products/flash-player/apsb16-08.html] || {{pkg|lib32-flashplugin}} || 2016-03-10 || <= 11.2.202.569-1 || 11.2.202.577-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000576.html ASA-201603-11]<br />
|-<br />
| {{CVE|CVE-2016-0960}} {{CVE|CVE-2016-0961}} {{CVE|CVE-2016-0962}} {{CVE|CVE-2016-0963}} {{CVE|CVE-2016-0986}} {{CVE|CVE-2016-0987}} {{CVE|CVE-2016-0988}} {{CVE|CVE-2016-0989}} {{CVE|CVE-2016-0990}} {{CVE|CVE-2016-0991}} {{CVE|CVE-2016-0992}} {{CVE|CVE-2016-0993}} {{CVE|CVE-2016-0994}} {{CVE|CVE-2016-0995}} {{CVE|CVE-2016-0996}} {{CVE|CVE-2016-0997}} {{CVE|CVE-2016-0998}} {{CVE|CVE-2016-0999}} {{CVE|CVE-2016-1000}} {{CVE|CVE-2016-1001}} {{CVE|CVE-2016-1002}} {{CVE|CVE-2016-1005}} {{CVE|CVE-2016-1010}} [https://helpx.adobe.com/security/products/flash-player/apsb16-08.html] || {{pkg|flashplugin}} || 2016-03-10 || <= 11.2.202.569-1 || 11.2.202.577-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000575.html ASA-201603-10]<br />
|-<br />
| {{CVE|CVE-2016-3115}} [http://www.openssh.com/txt/x11fwd.adv] || {{pkg|openssh}} || 2016-03-10 || <= 7.2p1-1 || 7.2p2-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000577.html ASA-201603-12]<br />
|-<br />
| {{CVE|CVE-2015-8833}} [http://seclists.org/oss-sec/2016/q1/572] || {{pkg|pidgin-otr}} || 2016-03-09 || <= 4.0.1-2 || 4.0.2-1 || 3d || Fixed ({{bug|48537}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000579.html ASA-201603-14]<br />
|-<br />
| {{CVE|CVE-2016-2774}} [https://kb.isc.org/article/AA-01354] || {{pkg|dhcp}} || 2016-03-09 || <= 4.3.3.p1-1 || 4.3.4-1 || 21d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-1531}} [http://www.exim.org/static/doc/CVE-2016-1531.txt] || {{pkg|exim}} || 2016-03-06 || <= 4.86.1-1 || 4.86.2-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000573.html ASA-201603-8]<br />
|-<br />
| {{CVE|CVE-2016-1577}} {{CVE|CVE-2016-2089}} {{CVE|CVE-2016-2116}} || {{pkg|jasper}} || 2016-03-06 || <= 1.900.1-14 || 1.900.1-15 || ~2m || Fixed ({{bug|48511}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-May/000609.html ASA-201605-2]<br />
|-<br />
| {{CVE|CVE-2016-1285}} {{CVE|CVE-2016-1286}} [https://kb.isc.org/article/AA-01352/] [https://kb.isc.org/article/AA-01353/] || {{pkg|bind}} || 2016-03-09 || <= 9.10.3.P3-3 || 9.10.3.P4-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000572.html ASA-201603-7]<br />
|-<br />
| {{CVE|CVE-2016-2851}} [https://otr.cypherpunks.ca/] || {{pkg|libotr}} || 2016-03-09 || <= 4.1.0-1 || 4.1.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000571.html ASA-201603-6]<br />
|-<br />
| {{CVE|CVE-2016-1643}} {{CVE|CVE-2016-1644}} {{CVE|CVE-2016-1645}} || {{pkg|chromium}} || 2016-03-09 || <= 49.0.2623.75-1 || 49.0.2623.87-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000570.html ASA-201603-5]<br />
|-<br />
| {{CVE|CVE-2016-1952}} {{CVE|CVE-2016-1953}} {{CVE|CVE-2016-1954}} {{CVE|CVE-2016-1955}} {{CVE|CVE-2016-1956}} {{CVE|CVE-2016-1957}} {{CVE|CVE-2016-1958}} {{CVE|CVE-2016-1959}} {{CVE|CVE-2016-1960}} {{CVE|CVE-2016-1961}} {{CVE|CVE-2016-1962}} {{CVE|CVE-2016-1963}} {{CVE|CVE-2016-1964}} {{CVE|CVE-2016-1965}} {{CVE|CVE-2016-1966}} {{CVE|CVE-2016-1967}} {{CVE|CVE-2016-1968}} {{CVE|CVE-2016-1970}} {{CVE|CVE-2016-1971}} {{CVE|CVE-2016-1972}} {{CVE|CVE-2016-1973}} {{CVE|CVE-2016-1974}} {{CVE|CVE-2016-1975}} {{CVE|CVE-2016-1976}} {{CVE|CVE-2016-1977}} {{CVE|CVE-2016-2790}} {{CVE|CVE-2016-2791}} {{CVE|CVE-2016-2792}} {{CVE|CVE-2016-2793}} {{CVE|CVE-2016-2794}} {{CVE|CVE-2016-2795}} {{CVE|CVE-2016-2796}} {{CVE|CVE-2016-2797}} {{CVE|CVE-2016-2798}} {{CVE|CVE-2016-2799}} {{CVE|CVE-2016-2800}} {{CVE|CVE-2016-2801}} {{CVE|CVE-2016-2802}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox45] || {{pkg|firefox}} || 2016-03-08 || <= 44.0.2-2 || 45.0-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000569.html ASA-201603-4]<br />
|-<br />
| {{CVE|CVE-2016-2532}} {{CVE|CVE-2016-2531}} {{CVE|CVE-2016-2530}} {{CVE|CVE-2016-2529}} {{CVE|CVE-2016-2528}} {{CVE|CVE-2016-2527}} {{CVE|CVE-2016-2526}} {{CVE|CVE-2016-2525}} {{CVE|CVE-2016-2524}} {{CVE|CVE-2016-2523}} {{CVE|CVE-2016-2522}} {{CVE|CVE-2016-2521}} || {{pkg|wireshark-cli}} {{pkg|wireshark-qt}} {{pkg|wireshark-gtk}} || 2016-03-07 || <= 2.0.1-2 || 2.0.2-1 || 5d || Fixed ({{bug|48536}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000580.html ASA-201603-15] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000581.html ASA-201603-16] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000582.html ASA-201603-17]<br />
|-<br />
| {{CVE|CVE-2016-2381}} [https://www.debian.org/security/2016/dsa-3501] || {{pkg|perl}} || 2016-03-07 || <= 5.22.1-1 || 5.22.1-2 || 3d || Fixed ({{Bug|48482}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000574.html ASA-201603-9]<br />
|-<br />
| {{CVE|CVE-2015-8126}} {{CVE|CVE-2016-1630}} {{CVE|CVE-2016-1631}} {{CVE|CVE-2016-1632}} {{CVE|CVE-2016-1633}} {{CVE|CVE-2016-1634}} {{CVE|CVE-2016-1635}} {{CVE|CVE-2016-1636}} {{CVE|CVE-2016-1637}} {{CVE|CVE-2016-1638}} {{CVE|CVE-2016-1639}} {{CVE|CVE-2016-1640}} {{CVE|CVE-2016-1641}} {{CVE|CVE-2016-1642}} [http://googlechromereleases.blogspot.fr/2016/03/stable-channel-update.html] || {{pkg|chromium}} || 2016-03-02 || <= 48.0.2564.116-1 || 49.0.2623.75-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000566.html ASA-201603-1]<br />
|-<br />
| {{CVE|CVE-2016-0702}} {{CVE|CVE-2016-0705}} {{CVE|CVE-2016-0797}} {{CVE|CVE-2016-0798}} {{CVE|CVE-2016-0799}} {{CVE|CVE-2016-0800}} [https://www.openssl.org/news/secadv/20160301.txt] || {{pkg|openssl}} || 2016-03-01 || <= 1.0.2.f-1 || 1.0.2.g-3 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000567.html ASA-201603-2]<br />
|-<br />
| {{CVE|CVE-2016-0702}} {{CVE|CVE-2016-0705}} {{CVE|CVE-2016-0797}} {{CVE|CVE-2016-0798}} {{CVE|CVE-2016-0799}} {{CVE|CVE-2016-0800}} [https://www.openssl.org/news/secadv/20160301.txt] || {{pkg|lib32-openssl}} || 2016-03-01 || <= 1.0.2.f-1 || 1.0.2.g-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000568.html ASA-201603-3]<br />
|-<br />
| {{CVE|CVE-2015-7511}} [https://lists.gnupg.org/pipermail/gnupg-announce/2016q1/000384.html] || {{pkg|libgcrypt}} || 2016-02-09 || <= 1.6.4-1 || 1.6.5-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000560.html ASA-201602-19]<br />
|-<br />
| {{CVE|CVE-2016-0739}} [https://www.libssh.org/2016/02/23/libssh-0-7-3-security-and-bugfix-release/] || {{pkg|libssh}} || 2016-02-23 || <= 0.7.2-1 || 0.7.3-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000559.html ASA-201602-18]<br />
|-<br />
| {{CVE|CVE-2016-0787}} [https://www.libssh2.org/adv_20160223.html] || {{pkg|libssh2}} || 2016-02-23 || <= 1.6.0-1 || 1.7.0-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000561.html ASA-201602-20]<br />
|-<br />
| {{CVE|CVE-2016-0787}} [https://www.libssh2.org/adv_20160223.html] || {{pkg|lib32-libssh2}} || 2016-02-23 || <= 1.6.0-1 || 1.7.0-1 ||3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000562.html ASA-201602-21]<br />
|-<br />
| {{CVE|CVE-2016-1629}} [http://googlechromereleases.blogspot.fr/2016/02/stable-channel-update_18.html] || {{pkg|chromium}} || 2016-02-18 || <= 48.0.2564.109-1 || 48.0.2564.116-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000558.html ASA-201602-17]<br />
|-<br />
| {{CVE|CVE-2015-7575}} {{CVE|CVE-2016-1523}} {{CVE|CVE-2016-1930}} {{CVE|CVE-2016-1931}} {{CVE|CVE-2016-1935}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird38.6] || {{pkg|thunderbird}} || 2016-02-11 || <= 38.5.1-1 || 38.6.0-1 || 6d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000557.html ASA-201602-16]<br />
|-<br />
| {{CVE|CVE-2015-7547}} {{CVE|CVE-2015-8776}} {{CVE|CVE-2015-8777}} {{CVE|CVE-2015-8778}} {{CVE|CVE-2015-8779}} [https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html] [https://googleonlinesecurity.blogspot.de/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html] || {{pkg|glibc}} || 2016-02-16 || <= 2.22-3 || 2.22-4 || 1d || Fixed ({{Bug|48213}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000555.html ASA-201602-15]<br />
|-<br />
| {{CVE|CVE-2015-7547}} {{CVE|CVE-2015-8776}} {{CVE|CVE-2015-8777}} {{CVE|CVE-2015-8778}} {{CVE|CVE-2015-8779}} [https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html] [https://googleonlinesecurity.blogspot.de/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html] || {{pkg|lib32-glibc}} || 2016-02-16 || <= 2.22-3.1 || 2.22-4 || 1d || Fixed ({{Bug|48213}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000554.html ASA-201602-14]<br />
|-<br />
| {{CVE|CVE-2016-1622}} {{CVE|CVE-2016-1623}} {{CVE|CVE-2016-1624}} {{CVE|CVE-2016-1625}} {{CVE|CVE-2016-1626}} {{CVE|CVE-2016-1627}} [http://googlechromereleases.blogspot.fr/2016/02/stable-channel-update_9.html]|| {{pkg|chromium}} || 2016-02-09 || <= 48.0.2564.103-1 || 48.0.2564.109-1 || 6d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-1949}} [https://www.mozilla.org/en-US/security/advisories/mfsa2016-13/]|| {{pkg|firefox}} || 2016-02-11 || <= 44.0.1-1 || 44.0.2-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000552.html ASA-201602-12]<br />
|-<br />
| {{CVE|CVE-2016-1544}} [https://nghttp2.org/blog/2016/02/11/nghttp2-v1-7-1/]|| {{pkg|nghttp2}} || 2016-02-11 || <= 1.7.0-1 || 1.7.1-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000553.html ASA-201602-13]<br />
|-<br />
| {{CVE|CVE-2014-2312}} [https://www.kde.org/info/security/advisory-20160209-1.txt]|| {{pkg|kscreenlocker}} || 2016-02-10 || <= 5.5.4-1 || 5.5.4-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000550.html ASA-201602-10]<br />
|-<br />
| {{CVE|CVE-2014-9496}} {{CVE|CVE-2014-9756}} {{CVE|CVE-2015-7805}} || {{pkg|libsndfile}} {{pkg|lib32-libsndfile}} || 2016-02-01 || <= 1.0.25-3 || 1.0.26-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000548.html ASA-201602-8] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000549.html ASA-201602-9]<br />
|-<br />
| {{CVE|CVE-2015-8803}} {{CVE|CVE-2015-8804}} {{CVE|CVE-2015-8805}} [https://blog.fuzzing-project.org/38-Miscomputations-of-elliptic-curve-scalar-multiplications-in-Nettle.html] || {{pkg|nettle}} {{pkg|lib32-nettle}} || 2016-02-03 || <= 3.1-1 || 3.2-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000545.html ASA-201602-5] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000546.html ASA-201602-6]<br />
|-<br />
| {{CVE|CVE-2016-2194}} {{CVE|CVE-2016-2195}} {{CVE|CVE-2016-2196}} [http://botan.randombit.net/security.html#id1] || {{pkg|botan}} || 2016-02-01 || <= 1.11.25-2 || 1.11.28-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000551.html ASA-201602-11]<br />
|-<br />
| {{CVE|CVE-2014-9761}} [http://seclists.org/oss-sec/2016/q1/153] || {{pkg|lib32-glibc}} || 2016-02-01 || <= 2.22-4 || 2.23-1 || 27d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000564.html ASA-201602-23]<br />
|-<br />
| {{CVE|CVE-2014-9761}} [http://seclists.org/oss-sec/2016/q1/153] || {{pkg|glibc}} || 2016-02-01 || <= 2.22-4 || 2.23-1 || 27d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000563.html ASA-201602-22]<br />
|-<br />
| {{CVE|CVE-2016-2048}} [https://www.djangoproject.com/weblog/2016/feb/01/releases-192-and-189/] || {{pkg|python-django}} {{pkg|python2-django}} || 2016-02-01 || <= 1.9.1-1 || 1.9.2-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000540.html ASA-201602-1] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000542.html ASA-201602-2]<br />
|-<br />
| {{CVE|CVE-2016-2090}} [http://article.gmane.org/gmane.comp.security.oss.general/18715] [http://cgit.freedesktop.org/libbsd/commit/?id=c8f0723d2b4520bdd6b9eb7c3e7976de726d7ff7] [https://bugs.freedesktop.org/show_bug.cgi?id=93881] [https://blog.fuzzing-project.org/36-Heap-buffer-overflow-in-fgetwln-function-of-libbsd.html] || {{pkg|libbsd}} || 2016-01-27 || <= 0.8.1-1 || 0.8.2-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000547.html ASA-201602-7]<br />
|-<br />
| {{CVE|CVE-2015-3197}} {{CVE|CVE-2015-4000}} {{CVE|CVE-2016-0701}} [https://openssl.org/news/secadv/20160128.txt] || {{pkg|openssl}} {{pkg|lib32-openssl}} || 2016-01-28 || <= 1.0.2.e-1 || 1.0.2.f-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000538.html ASA-201601-32] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000539.html ASA-201601-33]<br />
|-<br />
| {{CVE|CVE-2016-0755}} [http://curl.haxx.se/docs/adv_20160127A.html] || {{pkg|curl}} {{pkg|lib32-curl}} || 2016-01-27 || <= 7.46.0-1 || 7.47.0-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000543.html ASA-201602-3] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000544.html ASA-201602-4]<br />
|-<br />
| {{CVE|CVE-2016-0742}} {{CVE|CVE-2016-0746}} {{CVE|CVE-2016-0747}} [http://mailman.nginx.org/pipermail/nginx-announce/2016/000168.html] || {{pkg|nginx}} || 2016-01-26 || <= 1.8.0-2 || 1.8.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000536.html ASA-201601-31]<br />
|-<br />
| {{CVE|CVE-2016-1982}} {{CVE|CVE-2016-1983}} [http://seclists.org/oss-sec/2016/q1/179] || {{pkg|privoxy}} || 2016-01-21 || <= 3.0.23-1 || 3.0.24-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000532.html ASA-201601-27]<br />
|-<br />
| {{CVE|CVE-2016-1572}} [https://bugs.launchpad.net/ecryptfs/+bug/1530566] || {{pkg|ecryptfs-utils}} || 2016-01-21 || <= 108-1 || 108-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000530.html ASA-201601-25]<br />
|-<br />
| {{CVE|CVE-2016-1612}} {{CVE|CVE-2016-1613}} {{CVE|CVE-2016-1614}} {{CVE|CVE-2016-1615}} {{CVE|CVE-2016-1616}} {{CVE|CVE-2016-1617}} {{CVE|CVE-2016-1618}} {{CVE|CVE-2016-1619}} {{CVE|CVE-2016-1620}} [http://googlechromereleases.blogspot.fr/2016/01/stable-channel-update_20.html] || {{pkg|chromium}} || 2016-01-20 || <= 47.0.2526.111-1 || 48.0.2564.82-1 || 1d|| Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000533.html ASA-201601-28]<br />
|-<br />
| {{CVE|CVE-2015-8704}} {{CVE|CVE-2015-8705}} [https://kb.isc.org/article/AA-01335] [https://kb.isc.org/article/AA-01336] || {{pkg|bind}} || 2016-01-19 || <= 9.10.3.P2-1 || 9.10.3.P3-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000526.html ASA-201601-21]<br />
|-<br />
| {{CVE|CVE-2016-0728}} [http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/] || {{pkg|linux-lts}} || 2016-01-19 || <= 4.1.15-1 || 4.1.16-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000531.html ASA-201601-26]<br />
|-<br />
| {{CVE|CVE-2016-0728}} [http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/] || {{pkg|linux}} || 2016-01-19 || <= 4.3.3-2 || 4.3.3-3 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000525.html ASA-201601-20]<br />
|-<br />
| {{CVE|CVE-2015-5300}} [http://support.ntp.org/bin/view/Main/NtpBug2956] || {{pkg|ntp}} || 2016-01-07 || <= 4.2.8.p4-1 || 4.2.8.p5-1 || 10d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000524.html ASA-201601-19]<br />
|-<br />
| {{CVE|CVE-2015-8618}} [https://groups.google.com/forum/#!topic/golang-dev/MEATuOi_ei4] || {{pkg|syncthing}} || 2016-01-13 || <= 0.12.14-1 || 0.12.14-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000521.html ASA-201601-16]<br />
|-<br />
| {{CVE|CVE-2015-8618}} [https://groups.google.com/forum/#!topic/golang-dev/MEATuOi_ei4] || {{pkg|keybase}} || 2016-01-13 || <= 1.0.8.0-1 || 1.0.8.0-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000520.html ASA-201601-15]<br />
|-<br />
| {{CVE|CVE-2015-8618}} [https://groups.google.com/forum/#!topic/golang-dev/MEATuOi_ei4] || {{pkg|hub}} || 2016-01-13 || <= 2.2.2-1 || 2.2.2-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000519.html ASA-201601-14]<br />
|-<br />
| {{CVE|CVE-2015-8618}} [https://groups.google.com/forum/#!topic/golang-dev/MEATuOi_ei4] || {{pkg|go-ipfs}} || 2016-01-13 || <= 0.3.11-1 || 0.3.11-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000518.html ASA-201601-13]<br />
|-<br />
| {{CVE|CVE-2015-8618}} [https://groups.google.com/forum/#!topic/golang-dev/MEATuOi_ei4] || {{pkg|docker}} || 2016-01-13 || <= 1:1.9.1-1 || 1:1.9.1-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000517.html ASA-201601-12]<br />
|-<br />
| {{CVE|CVE-2015-8770}} [http://seclists.org/bugtraq/2016/Jan/60] || {{pkg|roundcubemail}} || 2015-12-26 || <= 1.2beta-1 || 1.2beta-2 || 20d || Fixed ({{bug|47764}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000523.html ASA-201601-18]<br />
|-<br />
| {{CVE|CVE-2016-1903}} {{CVE|CVE-2016-1904}} [http://seclists.org/oss-sec/2016/q1/100] || {{pkg|php}} || 2016-01-14 || <= 7.0.1-1 || 7.0.2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000515.html ASA-201601-10]<br />
|-<br />
| {{CVE|CVE-2016-0777}} {{CVE|CVE-2016-0778}} [http://www.openssh.com/txt/release-7.1p2] || {{pkg|openssh}} || 2016-01-14 || <= 7.1p1-1 || 7.1p2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000512.html ASA-201601-9]<br />
|-<br />
| {{CVE|CVE-2016-2213}} [http://www.openwall.com/lists/oss-security/2016/02/03/2] || {{pkg|ffmpeg}} || 2016-02-03 || <= 2.8.4-1 || 2.8.5-1 || 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2016-1897}} {{CVE|CVE-2016-1898}} [http://seclists.org/oss-sec/2016/q1/85] || {{pkg|ffmpeg}} || 2016-01-13 || <= 1:2.8.4-2 || 1:2.8.4-3 || <1d || Fixed ({{Bug|47738}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000522.html ASA-201601-17]<br />
|-<br />
| {{CVE|CVE-2016-1897}} {{CVE|CVE-2016-1898}} [http://seclists.org/oss-sec/2016/q1/85] || {{pkg|mplayer}} || 2016-01-13 || <= 37379-6 || 37379-7 || 17d || Fixed ({{Bug|47944}}) || None<br />
|-<br />
| {{CVE|CVE-2015-8618}} [https://groups.google.com/forum/#!topic/golang-dev/MEATuOi_ei4] || {{pkg|go}} || 2016-01-13 || <= 2:1.5.2-1 || 2:1.5.3-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000516.html ASA-201601-11]<br />
|-<br />
|{{CVE|CVE-2015-8742}} {{CVE|CVE-2015-8741}} {{CVE|CVE-2015-8740}} {{CVE|CVE-2015-8738}} {{CVE|CVE-2015-8739}} {{CVE|CVE-2015-8737}} {{CVE|CVE-2015-8736}} {{CVE|CVE-2015-8735}} {{CVE|CVE-2015-8734}} {{CVE|CVE-2015-8733}} {{CVE|CVE-2015-8732}} {{CVE|CVE-2015-8730}} {{CVE|CVE-2015-8731}} {{CVE|CVE-2015-8729}} {{CVE|CVE-2015-8728}} {{CVE|CVE-2015-8727}} {{CVE|CVE-2015-8726}} {{CVE|CVE-2015-8725}} {{CVE|CVE-2015-8724}} {{CVE|CVE-2015-8723}} {{CVE|CVE-2015-8722}} {{CVE|CVE-2015-8721}} {{CVE|CVE-2015-8720}} {{CVE|CVE-2015-8718}} {{CVE|CVE-2015-8711}} || {{Pkg|wireshark-cli}} {{Pkg|wireshark-gtk}} {{Pkg|wireshark-qt}} || 2016-01-04 || <= 2.0.0 || 2.0.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000483.html ASA-201601-4] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000484.html ASA-201601-5] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000485.html ASA-201601-6]<br />
|-<br />
| {{CVE|CVE-2016-1564}} [http://article.gmane.org/gmane.comp.security.oss.general/18527] || {{Pkg|wordpress}} || 2016-01-08 || <= 4.4-1 || 4.4.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000481.html ASA-201601-2]<br />
|-<br />
| {{CVE|CVE-2015-8751}} [https://bugzilla.redhat.com/show_bug.cgi?id=1294039] [http://article.gmane.org/gmane.comp.security.oss.general/18523] || {{Pkg|jasper}} || 2016-01-07 || 1.900.1-15 || || || '''Vulnerable''' || <br />
|-<br />
| {{CVE|CVE-2015-8750}} [https://bugzilla.redhat.com/show_bug.cgi?id=1294264] [https://github.com/tomhughes/libdwarf/commit/11750a2838e52953013e3114ef27b3c7b1780697] || {{Pkg|libdwarf}} || 2016-01-07 || 20150507-1 || 20160115-1 || 13d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000527.html ASA-201601-22]<br />
|-<br />
| {{CVE|CVE-2016-1503}} {{CVE|CVE-2016-1504}} [http://article.gmane.org/gmane.comp.security.oss.general/18516] || {{Pkg|dhcpcd}} || 2016-01-07 || <= 6.9.4-1 || 6.10.0-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000486.html ASA-201601-7]<br />
|-<br />
| {{CVE|CVE-2015-7575}} [http://www.mitls.org/pages/attacks/SLOTH] [https://tls.mbed.org/tech-updates/releases/mbedtls-2.2.1-2.1.4-1.3.16-and-polarssl.1.2.19-released] || {{pkg|mbedtls}} || 2016-01-04 || 2.2.0-1 || 2.2.1-1 || 21d || Fixed ({{bug|47783}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000534.html ASA-201601-29]<br />
|-<br />
| {{CVE|CVE-2015-8688}} [http://gultsch.de/gajim_roster_push_and_message_interception.html] || {{pkg|gajim}} || 2015-12-20 || <= 0.16.4-1 || 0.16.5-1 || 20d || Fixed ({{bug|47647}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000482.html ASA-201601-3]<br />
|-<br />
| {{CVE|CVE-2016-1494}} [https://bitbucket.org/sybren/python-rsa/pull-requests/14/security-fix-bb06-attack-in-verify-by/diff] [https://blog.filippo.io/bleichenbacher-06-signature-forgery-in-python-rsa/] || {{pkg|python-rsa}} {{pkg|python2-rsa}} || 2016-01-05 || <= 3.2.3-1 || 3.3-1 || 13d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000528.html ASA-201601-23] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000529.html ASA-201601-24]<br />
|-<br />
| {{CVE|CVE-2016-1283}} [https://bugs.exim.org/show_bug.cgi?id=1767] [http://article.gmane.org/gmane.comp.security.oss.general/18481] || {{pkg|pcre}} || 2016-01-02 || <= 8.38-2 || 8.38-3 || 71d|| Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-March/000583.html ASA-201603-18]<br />
|-<br />
|[http://article.gmane.org/gmane.comp.security.oss.general/18466] || {{Pkg|rtmpdump}} || 2015-12-23 || <= 20140918-2 || 1:2.4.r96.fa8646d-1 || 7d || Fixed ({{bug|47564}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000480.html ASA-201601-1]<br />
|-<br />
| {{CVE|CVE-2015-8472}} [http://seclists.org/oss-sec/2015/q4/439] || {{pkg|libpng}} || 2015-12-03 || <= 1.6.19-1 || 1.6.20-1 || 25d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000477.html ASA-201512-18]<br />
|-<br />
| {{CVE|CVE-2015-8459}} {{CVE|CVE-2015-8460}} {{CVE|CVE-2015-8634}} {{CVE|CVE-2015-8635}} {{CVE|CVE-2015-8636}} {{CVE|CVE-2015-8638}} {{CVE|CVE-2015-8639}} {{CVE|CVE-2015-8640}} {{CVE|CVE-2015-8641}} {{CVE|CVE-2015-8642}} {{CVE|CVE-2015-8643}} {{CVE|CVE-2015-8644}} {{CVE|CVE-2015-8645}} {{CVE|CVE-2015-8646}} {{CVE|CVE-2015-8647}} {{CVE|CVE-2015-8648}} {{CVE|CVE-2015-8649}} {{CVE|CVE-2015-8650}} {{CVE|CVE-2015-8651}} [https://helpx.adobe.com/security/products/flash-player/apsb16-01.html] || {{pkg|flashplugin}} {{pkg|lib32-flashplugin}} || 2015-12-28 || <= 11.2.202.554-1 || 11.2.202.559-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000477.html ASA-201512-17]<br />
|-<br />
| {{CVE|CVE-2015-7554}} {{CVE|CVE-2015-8683}} [http://seclists.org/oss-sec/2015/q4/584] [http://seclists.org/oss-sec/2015/q4/590] || {{pkg|libtiff}} || 2015-12-25 || <= 4.0.6-2 || || || '''Vulnerable''' || <br />
|-<br />
| {{CVE|CVE-2015-7201}} {{CVE|CVE-2015-7205}} {{CVE|CVE-2015-7212}} {{CVE|CVE-2015-7213}} {{CVE|CVE-2015-7214}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird38.5] || {{pkg|thunderbird}} || 2015-12-23 || <= 38.4.0-2 || 38.5.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000474.html ASA-201512-14]<br />
|-<br />
| {{CVE|CVE-2015-8612}} [http://seclists.org/oss-sec/2015/q4/541] || {{pkg|blueman}} || 2015-12-18 || <= 2.0.2-1 || 2.0.3-1 || 38d || Fixed ({{bug|47784}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000535.html ASA-201601-30]<br />
|-<br />
| {{CVE|CVE-2015-8659}} [http://seclists.org/oss-sec/2015/q4/576] || {{pkg|nghttp2}} || 2015-12-23 || <= 1.5.0-2 || 1.6.0-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000476.html ASA-201512-16]<br />
|-<br />
| {{CVE|CVE-2015-7555}} [http://seclists.org/oss-sec/2015/q4/548] || {{pkg|giflib}} || 2015-12-21 || <= 5.1.1-1 || 5.1.2-1 || 43d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-7557}} {{CVE|CVE-2015-7558}} [http://seclists.org/oss-sec/2015/q4/549] || {{pkg|librsvg}} || 2015-12-21 || <= 2:2.40.11-1 || 2:2.40.13-1 || 45d || Fixed ({{bug|47785}}) || None<br />
|-<br />
| {{CVE|CVE-2015-8622}} {{CVE|CVE-2015-8623}} {{CVE|CVE-2015-8624}} {{CVE|CVE-2015-8625}} {{CVE|CVE-2015-8626}} {{CVE|CVE-2015-8627}} {{CVE|CVE-2015-8628}} [http://seclists.org/oss-sec/2015/q4/552] || {{pkg|mediawiki}} || 2015-12-17 || <= 1.26.0-1 || 1.26.2-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000475.html ASA-201512-15]<br />
|-<br />
| {{CVE|CVE-2015-8614}} [http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3557] || {{pkg|claws-mail}} || 2015-12-21 || <= 3.13.0-1 || 3.13.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000473.html ASA-201512-13]<br />
|-<br />
| {{CVE|CVE-2015-8369}} {{CVE|CVE-2015-8604}} {{CVE|CVE-2015-8377}} {{CVE|CVE-2016-2313}} [http://www.openwall.com/lists/oss-security/2016/02/09/3] [https://bugs.mageia.org/show_bug.cgi?id=17352] [http://www.openwall.com/lists/oss-security/2016/01/04/8] || {{pkg|cacti}} || 2015-12-17 || <= 0.8.8_f-3 || 0.8.8_g-2 || 72d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2016-February/000565.html ASA-201602-24]<br />
|-<br />
| [https://blog.fuzzing-project.org/32-Out-of-bounds-read-in-OpenVPN.html] || {{pkg|openvpn}} || 2015-12-18 || <= 2.3.8-2 || 2.3.9-1 || 9d || Fixed ({{bug|47498}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000479.html ASA-201512-19]<br />
|-<br />
| {{CVE|CVE-2015-8549}} [http://www.ocert.org/advisories/ocert-2015-011.html] || {{pkg|python2-pyamf}} || 2015-12-17 || <= 0.7.2-1 || 0.8.0-2 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000472.html ASA-201512-12]<br />
|-<br />
| {{CVE|CVE-2015-7551}} [https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/] || {{pkg|ruby}} || 2015-12-16 || <= 2.2.3-1 || 2.2.4-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000471.html ASA-201512-11]<br />
|-<br />
| {{CVE|CVE-2015-7201}} {{CVE|CVE-2015-7202}} {{CVE|CVE-2015-7203}} {{CVE|CVE-2015-7204}} {{CVE|CVE-2015-7205}} {{CVE|CVE-2015-7207}} {{CVE|CVE-2015-7208}} {{CVE|CVE-2015-7210}} {{CVE|CVE-2015-7211}} {{CVE|CVE-2015-7212}} {{CVE|CVE-2015-7213}} {{CVE|CVE-2015-7214}} {{CVE|CVE-2015-7215}} {{CVE|CVE-2015-7216}} {{CVE|CVE-2015-7217}} {{CVE|CVE-2015-7218}} {{CVE|CVE-2015-7219}} {{CVE|CVE-2015-7220}} {{CVE|CVE-2015-7221}} {{CVE|CVE-2015-7222}} {{CVE|CVE-2015-7223}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox43] || {{pkg|firefox}} || 2015-12-15 || <= 42.0-3 || 43.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000467.html ASA-201512-9]<br />
|-<br />
| {{CVE|CVE-2015-8000}} [https://kb.isc.org/article/AA-01317] || {{pkg|bind}} || 2015-12-15 || <= 9.10.3-2 || 9.10.3.P2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000468.html ASA-201512-10]<br />
|-<br />
| {{CVE|CVE-2015-8370}} [http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html#fix] || {{pkg|grub}} || 2015-12-15 || <= 1:2.02.beta2-5 || 1:2.02.beta2-6 || 3d || Fixed ({{bug|47386}}) || None<br />
|-<br />
| {{CVE|CVE-2015-8378}} [https://www.keepassx.org/news/2015/12/551] || {{pkg|keepassx}} || 2015-12-08 || <= 0.4.3-7 || 0.4.4-1 || <2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000466.html ASA-201512-8]<br />
|-<br />
| {{CVE|CVE-2015-8045}} {{CVE|CVE-2015-8047}} {{CVE|CVE-2015-8048}} {{CVE|CVE-2015-8049}} {{CVE|CVE-2015-8050}} {{CVE|CVE-2015-8055}} {{CVE|CVE-2015-8056}} {{CVE|CVE-2015-8057}} {{CVE|CVE-2015-8058}} {{CVE|CVE-2015-8059}} {{CVE|CVE-2015-8060}} {{CVE|CVE-2015-8061}} {{CVE|CVE-2015-8062}} {{CVE|CVE-2015-8063}} {{CVE|CVE-2015-8064}} {{CVE|CVE-2015-8065}} {{CVE|CVE-2015-8066}} {{CVE|CVE-2015-8067}} {{CVE|CVE-2015-8068}} {{CVE|CVE-2015-8069}} {{CVE|CVE-2015-8070}} {{CVE|CVE-2015-8071}} {{CVE|CVE-2015-8401}} {{CVE|CVE-2015-8402}} {{CVE|CVE-2015-8403}} {{CVE|CVE-2015-8404}} {{CVE|CVE-2015-8405}} {{CVE|CVE-2015-8406}} {{CVE|CVE-2015-8407}} {{CVE|CVE-2015-8408}} {{CVE|CVE-2015-8409}} {{CVE|CVE-2015-8410}} {{CVE|CVE-2015-8411}} {{CVE|CVE-2015-8412}} {{CVE|CVE-2015-8413}} {{CVE|CVE-2015-8414}} {{CVE|CVE-2015-8415}} {{CVE|CVE-2015-8416}} {{CVE|CVE-2015-8417}} {{CVE|CVE-2015-8418}} {{CVE|CVE-2015-8419}} {{CVE|CVE-2015-8420}} {{CVE|CVE-2015-8421}} {{CVE|CVE-2015-8422}} {{CVE|CVE-2015-8423}} {{CVE|CVE-2015-8424}} {{CVE|CVE-2015-8425}} {{CVE|CVE-2015-8426}} {{CVE|CVE-2015-8427}} {{CVE|CVE-2015-8428}} {{CVE|CVE-2015-8429}} {{CVE|CVE-2015-8430}} {{CVE|CVE-2015-8431}} {{CVE|CVE-2015-8432}} {{CVE|CVE-2015-8433}} {{CVE|CVE-2015-8434}} {{CVE|CVE-2015-8435}} {{CVE|CVE-2015-8436}} {{CVE|CVE-2015-8437}} {{CVE|CVE-2015-8438}} {{CVE|CVE-2015-8439}} {{CVE|CVE-2015-8440}} {{CVE|CVE-2015-8441}} {{CVE|CVE-2015-8442}} {{CVE|CVE-2015-8443}} {{CVE|CVE-2015-8444}} {{CVE|CVE-2015-8445}} {{CVE|CVE-2015-8446}} {{CVE|CVE-2015-8447}} {{CVE|CVE-2015-8448}} {{CVE|CVE-2015-8449}} {{CVE|CVE-2015-8450}} {{CVE|CVE-2015-8451}} {{CVE|CVE-2015-8452}} {{CVE|CVE-2015-8453}} {{CVE|CVE-2015-8454}} {{CVE|CVE-2015-8455}} [https://helpx.adobe.com/security/products/flash-player/apsb15-32.html] || {{pkg|flashplugin}} || 2015-12-08 || <= 11.2.202.548-1 || 11.2.202.554-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000465.html ASA-201512-7]<br />
|-<br />
| {{CVE|CVE-2015-6788}} {{CVE|CVE-2015-6789}} {{CVE|CVE-2015-6790}} {{CVE|CVE-2015-6791}} [http://googlechromereleases.blogspot.fr/2015/12/stable-channel-update_8.html] || {{pkg|chromium}} || 2015-12-08 || <= 47.0.2526.73-1 || 47.0.2526.80-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000463.html ASA-201512-5]<br />
|-<br />
| {{CVE|CVE-2015-3193}} {{CVE|CVE-2015-3194}} {{CVE|CVE-2015-3195}} {{CVE|CVE-2015-3196}} {{CVE|CVE-2015-1794}} [https://www.openssl.org/news/secadv/20151203.txt] || {{pkg|openssl}} {{pkg|lib32-openssl}} || 2015-12-03 || <= 1.0.2.d-1 || 1.0.2.e-1 || <3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000459.html ASA-201512-2]<br />
|-<br />
| {{CVE|CVE-2015-6764}} {{CVE|CVE-2015-6765}} {{CVE|CVE-2015-6766}} {{CVE|CVE-2015-6767}} {{CVE|CVE-2015-6768}} {{CVE|CVE-2015-6769}} {{CVE|CVE-2015-6770}} {{CVE|CVE-2015-6771}} {{CVE|CVE-2015-6772}} {{CVE|CVE-2015-6773}} {{CVE|CVE-2015-6774}} {{CVE|CVE-2015-6775}} {{CVE|CVE-2015-6776}} {{CVE|CVE-2015-6777}} {{CVE|CVE-2015-6778}} {{CVE|CVE-2015-6779}} {{CVE|CVE-2015-6780}} {{CVE|CVE-2015-6781}} {{CVE|CVE-2015-6782}} {{CVE|CVE-2015-6783}} {{CVE|CVE-2015-6784}} {{CVE|CVE-2015-6785}} {{CVE|CVE-2015-6786}} {{CVE|CVE-2015-6787}} [http://googlechromereleases.blogspot.fr/2015/12/stable-channel-update.html] || {{pkg|chromium}} || 2015-12-01 || <= 46.0.2490.86-1 || 47.0.2526.73-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000440.html ASA-201512-1]<br />
|-<br />
| {{CVE|CVE-2015-6764}} {{CVE|CVE-2015-8027}} [https://nodejs.org/en/blog/vulnerability/cve-2015-8027_cve-2015-6764/] || {{pkg|nodejs}} || 2015-11-25 || <= 5.1.0-1 || 5.1.1-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000462.html ASA-201512-4]<br />
|-<br />
| {{CVE|CVE-2015-8213}} [https://www.djangoproject.com/weblog/2015/nov/24/security-releases-issued/ templink] || {{pkg|python-django}} {{pkg|python2-django}} || 2015-11-24 || <= 1.8.6-1 || 1.8.7-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000460.html ASA-201512-3]<br />
|-<br />
| {{CVE|CVE-2015-1819}} {{CVE|CVE-2015-5312}} {{CVE|CVE-2015-7941}} {{CVE|CVE-2015-7942}} {{CVE|CVE-2015-7497}} {{CVE|CVE-2015-7498}} {{CVE|CVE-2015-7499}} {{CVE|CVE-2015-7500}} {{CVE|CVE-2015-8035}} {{CVE|CVE-2015-8242}} [https://mail.gnome.org/archives/xml/2015-November/msg00012.html templink] || {{pkg|libxml2}} || 2015-11-20 || <= 2.9.2-2 || 2.9.3-1 || 19d || Fixed ({{bug|47095}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-December/000464.html ASA-201512-6]<br />
|-<br />
| {{CVE|CVE-2015-7981}} {{CVE|CVE-2015-8126}} [http://seclists.org/oss-sec/2015/q4/264 templink] [http://seclists.org/oss-sec/2015/q4/161 templink] || {{pkg|libpng}} {{pkg|lib32-libpng}} || 2015-11-12 || <= 1.6.18-1 || 1.6.19-1 || 5d || Fixed ({{bug|47069}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000437.html ASA-201511-9] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000438.html ASA-201511-10]<br />
|-<br />
| {{CVE|CVE-2015-5309}} [http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-ech-overflow.html templink] || {{pkg|putty}} || 2015-11-12 || <= 0.65-1 || 0.66-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000435.html ASA-201511-7]<br />
|-<br />
| {{CVE|CVE-2015-7651}} {{CVE|CVE-2015-7652}} {{CVE|CVE-2015-7653}} {{CVE|CVE-2015-7654}} {{CVE|CVE-2015-7655}} {{CVE|CVE-2015-7656}} {{CVE|CVE-2015-7657}} {{CVE|CVE-2015-7658}} {{CVE|CVE-2015-7659}} {{CVE|CVE-2015-7660}} {{CVE|CVE-2015-7661}} {{CVE|CVE-2015-7662}} {{CVE|CVE-2015-7663}} {{CVE|CVE-2015-8042}} {{CVE|CVE-2015-8043}} {{CVE|CVE-2015-8044}} {{CVE|CVE-2015-8046}} [https://helpx.adobe.com/security/products/flash-player/apsb15-28.html templink] || {{pkg|flashplugin}} || 2015-11-10 || <= 11.2.202.540-1 || 11.2.202.548-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000433.html ASA-201511-5]<br />
|-<br />
| {{CVE|CVE-2015-1302}} [http://googlechromereleases.blogspot.fr/2015/11/stable-channel-update.html templink] || {{pkg|chromium}} || 2015-11-10 || <= 46.0.2490.80-2 || 46.0.2490.86-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000436.html ASA-201511-8]<br />
|-<br />
| {{CVE|CVE-2015-5311}} [https://doc.powerdns.com/md/security/powerdns-advisory-2015-03/ templink] || {{pkg|powerdns}} || 2015-11-09 || <= 3.4.6-2 || 3.4.7-1 || 3d || Fixed ({{bug|47014}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000434.html ASA-201511-6]<br />
|-<br />
| {{CVE|CVE-2015-4513}} {{CVE|CVE-2015-4514}} {{CVE|CVE-2015-4515}} {{CVE|CVE-2015-4518}} {{CVE|CVE-2015-7181}} {{CVE|CVE-2015-7182}} {{CVE|CVE-2015-7183}} {{CVE|CVE-2015-7187}} {{CVE|CVE-2015-7188}} {{CVE|CVE-2015-7189}} {{CVE|CVE-2015-7193}} {{CVE|CVE-2015-7194}} {{CVE|CVE-2015-7195}} {{CVE|CVE-2015-7196}} {{CVE|CVE-2015-7197}} {{CVE|CVE-2015-7198}} {{CVE|CVE-2015-7199}} {{CVE|CVE-2015-7200}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2015-11-03 || <= 41.0.2-2 || 42.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000430.html ASA-201511-2]<br />
|-<br />
| {{CVE|CVE-2015-7183}} [http://www.mail-archive.com/dev-tech-crypto@lists.mozilla.org/msg12386.html templink] || {{pkg|nspr}} || 2015-11-03 || <= 4.10.9-1 || 4.10.10-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000432.html ASA-201511-4]<br />
|-<br />
| {{CVE|CVE-2015-7181}} {{CVE|CVE-2015-7182}} [http://www.mail-archive.com/dev-tech-crypto@lists.mozilla.org/msg12386.html templink] || {{pkg|nss}} || 2015-11-03 || <= 3.20-1 || 3.20.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000431.html ASA-201511-3]<br />
|-<br />
| {{CVE|CVE-2015-7696}} {{CVE|CVE-2015-7697}} [http://seclists.org/oss-sec/2015/q3/512 templink] || {{pkg|unzip}} || 2015-10-30 || <= 6.0-10 || 6.0-11 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000429.html ASA-201511-1]<br />
|-<br />
| {{CVE|CVE-2015-8011}} {{CVE|CVE-2015-8012}} [http://seclists.org/oss-sec/2015/q4/198 templink] || {{pkg|lldpd}} || 2015-10-17 || <= 0.7.18-1 || 0.7.19-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000427.html ASA-201510-25]<br />
|-<br />
| {{CVE|CVE-2015-5714}} {{CVE|CVE-2015-5715}} {{CVE|CVE-2015-7989}} [https://codex.wordpress.org/Version_4.3.1 templink] || {{pkg|wordpress}} || 2015-10-18 || <= 4.3.0-1 || 4.3.1-1 || 11d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000426.html ASA-201510-24]<br />
|-<br />
| {{CVE|CVE-2015-7873}} [https://www.phpmyadmin.net/security/PMASA-2015-5/ templink] || {{pkg|phpmyadmin}} || 2015-10-23 || <= 4.5.0-1 || 4.5.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000425.html ASA-201510-23]<br />
|-<br />
| {{CVE|CVE-2015-7995}} [https://bugzilla.redhat.com/show_bug.cgi?id=1257962 templink] || {{pkg|libxslt}} || 2015-10-27 || <= 1.1.28-3 || 1.1.28-4 || 73d || Fixed ({{bug|47681}}) || [https://lists.archlinux.org/pipermail/arch-security/2016-January/000487.html ASA-201601-8]<br />
|-<br />
| {{CVE|CVE-2015-7943}} [https://www.drupal.org/SA-CORE-2015-004 templink] || {{pkg|drupal}} || 2015-10-21 || <= 7.40-1 || 7.41-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000423.html ASA-201510-21]<br />
|-<br />
| {{CVE|CVE-2015-4913}} {{CVE|CVE-2015-4870}} {{CVE|CVE-2015-4861}} {{CVE|CVE-2015-4858}} {{CVE|CVE-2015-4836}} {{CVE|CVE-2015-4830}} {{CVE|CVE-2015-4826}} {{CVE|CVE-2015-4815}} {{CVE|CVE-2015-4802}} {{CVE|CVE-2015-4792}} || {{pkg|mariadb}} || 2015-10-22 || <= 10.0.21-3 || 10.0.22-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000428.html ASA-201510-26] <br />
|-<br />
| {{CVE|CVE-2015-4734}} {{CVE|CVE-2015-4803}} {{CVE|CVE-2015-4805}} {{CVE|CVE-2015-4806}} {{CVE|CVE-2015-4810}} {{CVE|CVE-2015-4835}} {{CVE|CVE-2015-4840}} {{CVE|CVE-2015-4842}} {{CVE|CVE-2015-4843}} {{CVE|CVE-2015-4844}} {{CVE|CVE-2015-4860}} {{CVE|CVE-2015-4868}} {{CVE|CVE-2015-4872}} {{CVE|CVE-2015-4881}} {{CVE|CVE-2015-4882}} {{CVE|CVE-2015-4883}} {{CVE|CVE-2015-4893}} {{CVE|CVE-2015-4901}} {{CVE|CVE-2015-4902}} {{CVE|CVE-2015-4903}} {{CVE|CVE-2015-4906}} {{CVE|CVE-2015-4908}} {{CVE|CVE-2015-4911}} {{CVE|CVE-2015-4916}} || {{pkg|jdk8-openjdk}} {{pkg|jre8-openjdk}} {{pkg|jre8-openjdk-headless}} || 2015-09-22 || <= 8.u60-1 || 8.u65-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000420.html ASA-201510-18] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000421.html ASA-201510-19] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000422.html ASA-201510-20]<br />
|-<br />
| {{CVE|CVE-2015-4734}} {{CVE|CVE-2015-4803}} {{CVE|CVE-2015-4805}} {{CVE|CVE-2015-4806}} {{CVE|CVE-2015-4810}} {{CVE|CVE-2015-4835}} {{CVE|CVE-2015-4840}} {{CVE|CVE-2015-4842}} {{CVE|CVE-2015-4843}} {{CVE|CVE-2015-4844}} {{CVE|CVE-2015-4860}} {{CVE|CVE-2015-4871}} {{CVE|CVE-2015-4872}} {{CVE|CVE-2015-4881}} {{CVE|CVE-2015-4882}} {{CVE|CVE-2015-4883}} {{CVE|CVE-2015-4893}} {{CVE|CVE-2015-4902}} {{CVE|CVE-2015-4903}} {{CVE|CVE-2015-4911}} || {{pkg|jdk7-openjdk}} {{pkg|jre7-openjdk}} {{pkg|jre7-openjdk-headless}} || 2015-09-22 || <= 7.u85_2.6.1-2 || 7.u91_2.6.2-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000417.html ASA-201510-15] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000418.html ASA-201510-16] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000419.html ASA-201510-17]<br />
|-<br />
| {{CVE|CVE-2015-7691}} {{CVE|CVE-2015-7692}} {{CVE|CVE-2015-7701}} {{CVE|CVE-2015-7702}} {{CVE|CVE-2015-7703}} {{CVE|CVE-2015-7704}} {{CVE|CVE-2015-7705}} {{CVE|CVE-2015-7848}} {{CVE|CVE-2015-7849}} {{CVE|CVE-2015-7850}} {{CVE|CVE-2015-7851}} {{CVE|CVE-2015-7852}} {{CVE|CVE-2015-7853}} {{CVE|CVE-2015-7854}} {{CVE|CVE-2015-7855}} {{CVE|CVE-2015-7871}} [http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities templink] [http://blog.talosintel.com/2015/10/ntpd-vulnerabilities.html templink] || {{pkg|ntp}} || 2015-10-21 || <= 4.2.8.p3-1 || 4.2.8.p4-1 || 1d || Fixed ({{bug|46826}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000416.html ASA-201510-14]<br />
|-<br />
| {{CVE|CVE-2015-6031}} [http://talosintel.com/reports/TALOS-2015-0035/ templink] || {{pkg|miniupnpc}} || 2015-09-15 || <= 1.9.20150730-1 || 1.9.20151008-1 || 30d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000413.html ASA-201510-11]<br />
|-<br />
| {{CVE|CVE-2015-7645}} {{CVE|CVE-2015-7647}} {{CVE|CVE-2015-7648}} [https://helpx.adobe.com/security/products/flash-player/apsa15-05.html templink] [https://helpx.adobe.com/security/products/flash-player/apsb15-27.html templink] || {{pkg|flashplugin}} || 2015-10-14 || <= 11.2.202.535-1 || 11.2.202.540-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000414.html ASA-201510-12]<br />
|-<br />
| {{CVE|CVE-2015-7184}} [https://www.mozilla.org/en-US/security/advisories/mfsa2015-115/ templink] || {{pkg|firefox}} || 2015-10-15 || <= 41.0.1-1 || 41.0.2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000412.html ASA-201510-10]<br />
|-<br />
| {{CVE|CVE-2015-5260}} {{CVE|CVE-2015-5261}} {{CVE|CVE-2015-3247}} [http://lists.freedesktop.org/archives/spice-devel/2015-October/022168.html templink] [https://bugzilla.redhat.com/show_bug.cgi?id=1260822 templink] [https://bugzilla.redhat.com/show_bug.cgi?id=1261889 templink] [https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797976;msg=21 templink] || {{pkg|spice}} || 2015-09-08 || <= 0.12.5-1 || 0.12.6-1 || 41d || Fixed ({{bug|46738}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000415.html ASA-201510-13]<br />
|-<br />
| {{CVE|CVE-2015-6755}} {{CVE|CVE-2015-6756}} {{CVE|CVE-2015-6757}} {{CVE|CVE-2015-6758}} {{CVE|CVE-2015-6759}} {{CVE|CVE-2015-6760}} {{CVE|CVE-2015-6761}} {{CVE|CVE-2015-6762}} {{CVE|CVE-2015-6763}} [http://googlechromereleases.blogspot.fr/2015/10/stable-channel-update.html templink] || {{pkg|chromium}} || 2015-10-13 || <= 45.0.2454.101-2 || 46.0.2490.71-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000410.html ASA-201510-8]<br />
|-<br />
| {{CVE|CVE-2015-5569}} {{CVE|CVE-2015-7625}} {{CVE|CVE-2015-7626}} {{CVE|CVE-2015-7627}} {{CVE|CVE-2015-7628}} {{CVE|CVE-2015-7629}} {{CVE|CVE-2015-7630}} {{CVE|CVE-2015-7631}} {{CVE|CVE-2015-7632}} {{CVE|CVE-2015-7633}} {{CVE|CVE-2015-7634}} {{CVE|CVE-2015-7643}} {{CVE|CVE-2015-7644}} [https://helpx.adobe.com/security/products/flash-player/apsb15-25.html templink] || {{pkg|flashplugin}} || 2015-10-13 || <= 11.2.202.521-1 || 11.2.202.535-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000409.html ASA-201510-7]<br />
|-<br />
| {{CVE|CVE-2015-5291}} [https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2015-01 templink] || {{pkg|mbedtls}} || 2015-10-05 || <= 2.1.1-1 || 2.1.2-1 || 10d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000411.html ASA-201510-9]<br />
|-<br />
| {{CVE|CVE-2015-7384}} [https://nodejs.org/en/blog/release/v4.1.2/ templink] || {{pkg|nodejs}} || 2015-10-05 || <= 4.1.1-1 || 4.1.2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000405.html ASA-201510-3]<br />
|-<br />
| {{CVE|CVE-2015-7687}} [http://seclists.org/oss-sec/2015/q4/17 templink] [https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3f8e2fe24f3ff174d8515b82607e951e054f68f6 templink] || {{pkg|opensmtpd}} || 2015-10-02 || <= 5.7.1p1-1 || 5.7.3p1-1 || 6d || Fixed ({{bug|46605}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000407.html ASA-201510-5]<br />
|-<br />
| {{CVE|CVE-2015-7673}} {{CVE|CVE-2015-7674}} [http://seclists.org/oss-sec/2015/q4/18 templink] [http://seclists.org/oss-sec/2015/q4/19 templink] || {{pkg|gdk-pixbuf2}} || 2015-10-01 || <= 2.31.7-1 || 2.32.1-1 || 9d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000408.html ASA-201510-6]<br />
|-<br />
| {{CVE|CVE-2015-1335}} [https://github.com/lxc/lxc/commit/6de26af93d3dd87c8b21a42fdf20f30fa1c1948d templink] || {{pkg|lxc}} || 2015-09-29 || <= 1:1.1.3-2 || - || - || Not Affected ({{bug|46574}}) || None<br />
|-<br />
| {{CVE|CVE-2015-6972}} {{CVE|CVE-2015-6973}} [http://hyp3rlinx.altervista.org/advisories/AS-OPENFIRE-XSS.txt templink] [http://hyp3rlinx.altervista.org/advisories/AS-OPENFIRE-CSRF.txt templink] [https://igniterealtime.org/issues/browse/OF-942] || {{pkg|openfire}} || 2015-09-14 || <= 4.0.3-1 || || || '''Vulnerable''' ||<br />
|-<br />
| {{CVE|CVE-2015-4499}} [https://www.bugzilla.org/security/4.2.14/ templink] || {{pkg|bugzilla}} || 2015-09-10 || <= 5.0-1 || 5.0.1-1 || 28d || Fixed ({{bug|46573}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000406.html ASA-201510-4]<br />
|-<br />
| {{CVE|CVE-2015-4141}} {{CVE|CVE-2015-4142}} {{CVE|CVE-2015-4143}} {{CVE|CVE-2015-4144}} {{CVE|CVE-2015-4145}} {{CVE|CVE-2015-4146}} [http://w1.fi/security/2015-2/ templink] [http://w1.fi/security/2015-3/ templink] [http://w1.fi/security/2015-4/ templink] [http://w1.fi/security/2015-5/ templink] || {{pkg|hostapd}} || 2015-05-04 || <= 2.4-2 || 2.5-1 || ~150d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000404.html ASA-201510-2]<br />
|-<br />
| {{CVE|CVE-2015-3239}} [https://bugzilla.redhat.com/show_bug.cgi?id=1232265 templink] || {{pkg|libunwind}} || 2015-06-16 || <= 1.1-2 || 1.1-3 || ~110d || Fixed ({{bug|46474}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000403.html ASA-201510-1]<br />
|-<br />
| {{CVE|CVE-2015-1303}} {{CVE|CVE-2015-1304}} [http://googlechromereleases.blogspot.fr/2015/09/stable-channel-update_24.html templink] || {{pkg|chromium}} || 2015-09-24 || <= 45.0.2454.99-1 || 45.0.2454.101-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000401.html ASA-201509-11]<br />
|-<br />
| {{CVE|CVE-2015-4500}} {{CVE|CVE-2015-4501}} {{CVE|CVE-2015-4502}} {{CVE|CVE-2015-4504}} {{CVE|CVE-2015-4506}} {{CVE|CVE-2015-4507}} {{CVE|CVE-2015-4508}} {{CVE|CVE-2015-4509}} {{CVE|CVE-2015-4510}} {{CVE|CVE-2015-4511}} {{CVE|CVE-2015-4512}} {{CVE|CVE-2015-4516}} {{CVE|CVE-2015-4517}} {{CVE|CVE-2015-4519}} {{CVE|CVE-2015-4520}} {{CVE|CVE-2015-4521}} {{CVE|CVE-2015-4522}} {{CVE|CVE-2015-7174}} {{CVE|CVE-2015-7175}} {{CVE|CVE-2015-7176}} {{CVE|CVE-2015-7177}} {{CVE|CVE-2015-7180}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox41 templink] || {{pkg|firefox}} || 2015-09-22 || <= 40.0.3-1 || 41.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000399.html ASA-201509-9]<br />
|-<br />
| {{CVE|CVE-2015-5567}} {{CVE|CVE-2015-5568}} {{CVE|CVE-2015-5570}} {{CVE|CVE-2015-5571}} {{CVE|CVE-2015-5572}} {{CVE|CVE-2015-5573}} {{CVE|CVE-2015-5574}} {{CVE|CVE-2015-5575}} {{CVE|CVE-2015-5576}} {{CVE|CVE-2015-5577}} {{CVE|CVE-2015-5578}} {{CVE|CVE-2015-5579}} {{CVE|CVE-2015-5580}} {{CVE|CVE-2015-5581}} {{CVE|CVE-2015-5582}} {{CVE|CVE-2015-5584}} {{CVE|CVE-2015-5587}} {{CVE|CVE-2015-5588}} {{CVE|CVE-2015-6676}} {{CVE|CVE-2015-6677}} {{CVE|CVE-2015-6678}} {{CVE|CVE-2015-6679}} {{CVE|CVE-2015-6682}} [https://helpx.adobe.com/security/products/flash-player/apsb15-23.html templink] || {{pkg|flashplugin}} || 2015-09-21 || <= 11.2.202.508-1 || 11.2.202.521-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000398.html ASA-201510-8]<br />
|-<br />
| {{CVE|CVE-2015-7236}} [http://seclists.org/oss-sec/2015/q3/561 templink] || {{pkg|rpcbind}} || 2015-09-17 || <= 0.2.3-1 || 0.2.3-2 || 7d || Fixed ({{bug|46341}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000400.html ASA-201509-10]<br />
|-<br />
| {{CVE|CVE-2015-5714}} {{CVE|CVE-2015-5715}} [https://wordpress.org/news/2015/09/wordpress-4-3-1/ templink] || {{pkg|wordpress}} || 2015-09-15 || <= 4.3-1 || 4.3.1-1 || 5d || Fixed ({{bug|46340}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000397.html ASA-201510-7]<br />
|-<br />
| {{CVE|CVE-2015-6908}} [http://www.openwall.com/lists/oss-security/2015/09/11/5 templink] || {{pkg|openldap}} || 2015-09-09 || <= 2.4.42-1 || 2.4.42-2 || 3d || Fixed ({{bug|46265}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000393.html ASA-201509-4]<br />
|-<br />
| {{CVE|CVE-2015-5722}} {{CVE|CVE-2015-5986}} [https://www.isc.org/blogs/cve-2015-5986-an-incorrect-boundary-check-can-trigger-a-require-assertion-failure-in-openpgpkey_61-c/ templink] [https://www.isc.org/blogs/cve-2015-5722-parsing-malformed-keys-may-cause-bind-to-exit-due-to-a-failed-assertion-in-buffer-c/ templink] || {{pkg|bind}} || 2015-09-02 || <= 9.10.2.P3-1 || 9.10.2.P4-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000391.html ASA-201509-2]<br />
|-<br />
| {{CVE|CVE-2015-5198}} {{CVE|CVE-2015-5199}} {{CVE|CVE-2015-5200}} [http://lists.x.org/archives/xorg-announce/2015-August/002630.html templink] || {{pkg|libvdpau}} {{pkg|lib32-libvdpau}} || 2015-08-31 || <= 1.1-1 || 1.1.1-1 || 13d || Fixed ({{bug|46266}}) ({{bug|46267}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000394.html ASA-201509-5]<br />
|-<br />
| {{CVE|CVE-2015-1291}} {{CVE|CVE-2015-1292}} {{CVE|CVE-2015-1293}} {{CVE|CVE-2015-1294}} {{CVE|CVE-2015-1295}} {{CVE|CVE-2015-1296}} {{CVE|CVE-2015-1297}} {{CVE|CVE-2015-1298}} {{CVE|CVE-2015-1299}} {{CVE|CVE-2015-1300}} {{CVE|CVE-2015-1301}} [http://googlechromereleases.blogspot.fr/2015/09/stable-channel-update.html templink] || {{pkg|chromium}} || 2015-09-01 || <= 44.0.2403.157-1 || 45.0.2454.85-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000390.html ASA-201509-1]<br />
|-<br />
| {{CVE|CVE-2015-5230}} [https://doc.powerdns.com/md/security/powerdns-advisory-2015-02/ templink] || {{pkg|powerdns}} || 2015-09-02 || <= 3.4.5-1 || 3.4.6-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-September/000392.html ASA-201509-3]<br />
|-<br />
| {{CVE|CVE-2015-5317}} {{CVE|CVE-2015-5318}} {{CVE|CVE-2015-5319}} {{CVE|CVE-2015-5320}} {{CVE|CVE-2015-5321}} {{CVE|CVE-2015-5322}} {{CVE|CVE-2015-5323}} {{CVE|CVE-2015-5324}} {{CVE|CVE-2015-5325}} {{CVE|CVE-2015-5326}} {{CVE|CVE-2015-8103}} [https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11 templink] [http://seclists.org/bugtraq/2015/Aug/161 templink] || {{pkg|jenkins}} || 2015-08-28 || <= 1.627-1 || 1.638-1 || 60d || Fixed ({{bug|46268}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-November/000439.html ASA-201511-11]<br />
|-<br />
| {{CVE|CVE-2015-6749}} [http://seclists.org/oss-sec/2015/q3/457 templink] || {{pkg|vorbis-tools}} || 2015-08-30 || <= 1.4.0-5 || 1.4.0-6 || >60d || Fixed ({{bug|46269}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-October/000424.html ASA-201510-22]<br />
|-<br />
| {{CVE|CVE-2015-4497}} {{CVE|CVE-2015-4498}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox40.0.3 templink] || {{pkg|firefox}} || 2015-08-27 || <= 40.0.2-1 || 40.0.3-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000389.html ASA-201508-12]<br />
|-<br />
| {{CVE|CVE-2015-5949}} [http://www.ocert.org/advisories/ocert-2015-009.html templink] || {{pkg|vlc}} || 2015-08-20 || <= 2.2.1-6 || 2.2.2-1 || 179d || Fixed ({{bug|46037}}) || None<br />
|-<br />
| {{CVE|CVE-2015-5963}} [https://www.djangoproject.com/weblog/2015/aug/18/security-releases/ templink] || {{pkg|python-django}} {{pkg|python2-django}} || 2015-08-18 || <= 1.8.3-1 || 1.8.4-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000386.html ASA-201508-9]<br />
|-<br />
| {{CVE|CVE-2015-5221}} [http://seclists.org/oss-sec/2015/q3/408 templink] || {{pkg|jasper}} || 2015-08-16 || <= 1.900.1-15 || || || '''Vulnerable''' || <br />
|-<br />
| {{CVE|CVE-2015-5203}} [http://seclists.org/oss-sec/2015/q3/366 templink] || {{pkg|jasper}} || 2015-08-16 || <= 1.900.1-15 || || || '''Vulnerable''' || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000387.html ASA-201508-10]<br />
|-<br />
| CVE Pending [http://seclists.org/oss-sec/2015/q3/295 templink] || {{pkg|pcre}} || 2015-08-05 || <= 8.37-2 || 8.37-3 || 12d || Fixed ({{bug|45945}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000388.html ASA-201508-11]<br />
|-<br />
| {{CVE|CVE-2015-4473}} {{CVE|CVE-2015-4474}} {{CVE|CVE-2015-4475}} {{CVE|CVE-2015-4477}} {{CVE|CVE-2015-4478}} {{CVE|CVE-2015-4479}} {{CVE|CVE-2015-4480}} {{CVE|CVE-2015-4482}} {{CVE|CVE-2015-4483}} {{CVE|CVE-2015-4484}} {{CVE|CVE-2015-4485}} {{CVE|CVE-2015-4486}} {{CVE|CVE-2015-4487}} {{CVE|CVE-2015-4488}} {{CVE|CVE-2015-4489}} {{CVE|CVE-2015-4490}} {{CVE|CVE-2015-4491}} {{CVE|CVE-2015-4492}} {{CVE|CVE-2015-4493}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox40 templink] || {{pkg|firefox}} || 2015-08-11 || <= 39.0.3-1 || 40.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000381.html ASA-201508-4]<br />
|-<br />
| {{CVE|CVE-2014-8121}} [https://access.redhat.com/security/cve/CVE-2014-8121 templink] || {{pkg|glibc}} || 2015-02-23 || <= 2.21-4 || 2.22-1 || ~180d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000384.html ASA-201508-7]<br />
|-<br />
| {{CVE|CVE-2015-4680}} [http://www.ocert.org/advisories/ocert-2015-008.html templink] || {{pkg|freeradius}} || 2015-06-22 || <= 3.0.8-2 || 3.0.9-1 || ~50d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000383.html ASA-201508-6]<br />
|-<br />
| {{CVE|CVE-2015-3184}} {{CVE|CVE-2015-3187}} [https://subversion.apache.org/security/CVE-2015-3184-advisory.txt templink] [https://subversion.apache.org/security/CVE-2015-3187-advisory.txt templink] || {{pkg|subversion}} || 2015-08-05 || <= 1.8.13-2 || 1.9.0-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000382.html ASA-201508-5]<br />
|-<br />
| {{CVE|CVE-2015-6251}} [http://www.gnutls.org/security.html#GNUTLS-SA-2015-3 templink] || {{pkg|gnutls}} || 2015-08-10 || <= 3.4.3-1 || 3.4.4.1-1 || 10d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000385.html ASA-201508-8]<br />
|-<br />
| {{CVE|CVE-2015-4495}} [https://www.mozilla.org/en-US/security/advisories/mfsa2015-78/ templink] || {{pkg|firefox}} || 2015-08-06 || <= 39.0-1 || 39.0.3-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000378.html ASA-201508-1]<br />
|-<br />
| {{CVE|CVE-2015-2213}} {{CVE|CVE-2015-5730}} {{CVE|CVE-2015-5731}} {{CVE|CVE-2015-5732}} {{CVE|CVE-2015-5733}} {{CVE|CVE-2015-5734}} [https://codex.wordpress.org/Version_4.2.4 templink] || {{pkg|wordpress}} || 2015-08-04 || <= 4.2.3-1 || 4.2.4.-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000379.html ASA-201508-2]<br />
|-<br />
| {{CVE|CVE-2015-3245}} {{CVE|CVE-2015-3246}} [http://seclists.org/oss-sec/2015/q3/185 templink] || {{pkg|libuser}} || 2015-07-22 || <= 0.61-1 || 0.62-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000373.html ASA-201507-19]<br />
|-<br />
| {{CVE|CVE-2015-5600}} [https://kingcope.wordpress.com/2015/07/16/openssh-keyboard-interactive-authentication-brute-force-vulnerability-maxauthtries-bypass/ templink] || {{pkg|openssh}} || 2015-07-22 || <= 6.9p1-1 || 6.9p1-2 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000372.html ASA-201507-17]<br />
|-<br />
| {{CVE|CVE-2015-1270}} {{CVE|CVE-2015-1271}} {{CVE|CVE-2015-1272}} {{CVE|CVE-2015-1273}} {{CVE|CVE-2015-1274}} {{CVE|CVE-2015-1276}} {{CVE|CVE-2015-1277}} {{CVE|CVE-2015-1278}} {{CVE|CVE-2015-1279}} {{CVE|CVE-2015-1280}} {{CVE|CVE-2015-1281}} {{CVE|CVE-2015-1282}} {{CVE|CVE-2015-1283}} {{CVE|CVE-2015-1284}} {{CVE|CVE-2015-1285}} {{CVE|CVE-2015-1286}} {{CVE|CVE-2015-1287}} {{CVE|CVE-2015-1288}} {{CVE|CVE-2015-1289}} [http://googlechromereleases.blogspot.fr/2015/07/stable-channel-update_21.html templink] || {{pkg|chromium}} || 2015-07-21 || <= 43.0.2357.134-1 || 44.0.2403.89-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000371.html ASA-201507-18]<br />
|-<br />
| {{CVE|CVE-2015-2590}} {{CVE|CVE-2015-2601}} {{CVE|CVE-2015-2613}} {{CVE|CVE-2015-2621}} {{CVE|CVE-2015-2625}} {{CVE|CVE-2015-2628}} {{CVE|CVE-2015-2632}} {{CVE|CVE-2015-2808}} {{CVE|CVE-2015-4000}} {{CVE|CVE-2015-4731}} {{CVE|CVE-2015-4732}} {{CVE|CVE-2015-4733}} {{CVE|CVE-2015-4748}} {{CVE|CVE-2015-4749}} {{CVE|CVE-2015-4760}} [http://blog.fuseyism.com/index.php/2015/07/21/security-icedtea-2-6-1-for-openjdk-7-released/ templink] || {{pkg|jre7-openjdk}} || 2015-07-21 || <= 7.u80_2.6.0-1 || 7.u85_2.6.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000370.html ASA-201507-16]<br />
|-<br />
| {{CVE|CVE-2015-5122}} {{CVE|CVE-2015-5123}} [https://helpx.adobe.com/security/products/flash-player/apsb15-18.html templink] || {{pkg|lib32-flashplugin}} || 2015-07-09 || <= 11.2.202.481-1 || 11.2.202.491-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000368.html ASA-201507-14]<br />
|-<br />
| {{CVE|CVE-2015-5122}} {{CVE|CVE-2015-5123}} [https://helpx.adobe.com/security/products/flash-player/apsb15-18.html templink] || {{pkg|flashplugin}} || 2015-07-09 || <= 11.2.202.481-1 || 11.2.202.491-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000367.html ASA-201507-13]<br />
|-<br />
| {{CVE|CVE-2015-0228}} {{CVE|CVE-2015-0253}} {{CVE|CVE-2015-3183}} {{CVE|CVE-2015-3185}} [http://www.apache.org/dist/httpd/CHANGES_2.4.16 templink] || {{pkg|apache}} || 2015-07-15 || <= 2.4.12-4 || 2.4.16-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000369.html ASA-201507-15]<br />
|-<br />
| {{CVE|CVE-2015-2724}} {{CVE|CVE-2015-2725}} {{CVE|CVE-2015-2726}} {{CVE|CVE-2015-2731}} {{CVE|CVE-2015-2734}} {{CVE|CVE-2015-2735}} {{CVE|CVE-2015-2736}} {{CVE|CVE-2015-2737}} {{CVE|CVE-2015-2738}} {{CVE|CVE-2015-2739}} {{CVE|CVE-2015-2740}} {{CVE|CVE-2015-2741}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird38.1 templink] || {{pkg|thunderbird}} || 2015-07-09 || <= 38.0.1-1 || 38.1.0-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000363.html ASA-201507-9]<br />
|-<br />
| {{CVE|CVE-2015-1793}} [https://openssl.org/news/secadv_20150709.txt templink] || {{pkg|lib32-openssl}} || 2015-07-09 || <= 1.0.2.c-1 || 1.0.2.d-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000366.html ASA-201507-12]<br />
|-<br />
| {{CVE|CVE-2015-1793}} [https://openssl.org/news/secadv_20150709.txt templink] || {{pkg|openssl}} || 2015-07-09 || <= 1.0.2.c-1 || 1.0.2.d-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000362.html ASA-201507-8]<br />
|-<br />
| {{CVE|CVE-2014-0578}} {{CVE|CVE-2015-3114}} {{CVE|CVE-2015-3115}} {{CVE|CVE-2015-3116}} {{CVE|CVE-2015-3117}} {{CVE|CVE-2015-3118}} {{CVE|CVE-2015-3119}} {{CVE|CVE-2015-3120}} {{CVE|CVE-2015-3121}} {{CVE|CVE-2015-3122}} {{CVE|CVE-2015-3123}} {{CVE|CVE-2015-3124}} {{CVE|CVE-2015-3125}} {{CVE|CVE-2015-3126}} {{CVE|CVE-2015-3127}} {{CVE|CVE-2015-3128}} {{CVE|CVE-2015-3129}} {{CVE|CVE-2015-3130}} {{CVE|CVE-2015-3131}} {{CVE|CVE-2015-3132}} {{CVE|CVE-2015-3133}} {{CVE|CVE-2015-3134}} {{CVE|CVE-2015-3135}} {{CVE|CVE-2015-3136}} {{CVE|CVE-2015-3137}} {{CVE|CVE-2015-4428}} {{CVE|CVE-2015-4429}} {{CVE|CVE-2015-4430}} {{CVE|CVE-2015-4431}} {{CVE|CVE-2015-4432}} {{CVE|CVE-2015-4433}} {{CVE|CVE-2015-5116}} {{CVE|CVE-2015-5117}} {{CVE|CVE-2015-5118}} {{CVE|CVE-2015-5119}} [https://helpx.adobe.com/security/products/flash-player/apsb15-16.html templink] [https://www.kb.cert.org/vuls/id/561288 templink] || {{pkg|flashplugin}} || 2015-07-07 || <= 11.2.202.468-1 || 11.2.202.481-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000361.html ASA-201507-7]<br />
|-<br />
| {{CVE|CVE-2015-4620}} [https://kb.isc.org/article/AA-01267/ templink] || {{pkg|bind}} || 2015-07-07 || <= 9.10.2.P1-1 || 9.10.2.P2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000360.html ASA-201507-6]<br />
|-<br />
| {{CVE|CVE-2015-5382}} [http://www.openwall.com/lists/oss-security/2015/07/07/3 templink] || {{pkg|roundcubemail}} || 2015-07-06 || <= 1.1.1-1 || 1.1.2-1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-5355}} {{CVE|CVE-2015-2694}} [http://krbdev.mit.edu/rt/NoAuth/krb5-1.13/fixed-1.13.2.html templink] || {{pkg|lib32-krb5}} || 2015-05-08 || <= 1.13.1-1 || 1.13.2-1 || 63d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000365.html ASA-201507-11]<br />
|-<br />
| {{CVE|CVE-2014-5355}} {{CVE|CVE-2015-2694}} [http://krbdev.mit.edu/rt/NoAuth/krb5-1.13/fixed-1.13.2.html templink] || {{pkg|krb5}} || 2015-05-08 || <= 1.13.1-1 || 1.13.2-1 || 63d || Fixed ({{bug|45575}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000364.html ASA-201507-10]<br />
|-<br />
| {{CVE|CVE-2015-3281}} [http://marc.info/?l=haproxy&m=143593901506748&w=2 templink] || {{pkg|haproxy}} || 2015-07-03 || <= 1.5.12-1 || 1.5.14-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000357.html ASA-201507-3]<br />
|-<br />
| {{CVE|CVE-2015-2722}} {{CVE|CVE-2015-2724}} {{CVE|CVE-2015-2725}} {{CVE|CVE-2015-2726}} {{CVE|CVE-2015-2727}} {{CVE|CVE-2015-2728}} {{CVE|CVE-2015-2729}} {{CVE|CVE-2015-2731}} {{CVE|CVE-2015-2733}} {{CVE|CVE-2015-2734}} {{CVE|CVE-2015-2735}} {{CVE|CVE-2015-2736}} {{CVE|CVE-2015-2737}} {{CVE|CVE-2015-2739}} {{CVE|CVE-2015-2740}} {{CVE|CVE-2015-2741}} {{CVE|CVE-2015-2743}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2015-07-02 || <= 38.0.5 || 39.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000356.html ASA-201507-2]<br />
|- <br />
| {{CVE|CVE-2015-5352}} [http://www.openwall.com/lists/oss-security/2015/07/01/10 templink] || {{pkg|openssh}} || 2015-06-29 || <= 6.8p1-3 || 6.9p1-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000358.html ASA-201507-4]<br />
|-<br />
| {{CVE|CVE-2015-5146}} [http://support.ntp.org/bin/view/Main/SecurityNotice#June_2015_NTP_Security_Vulnerabi templink] || {{pkg|ntp}} || 2015-06-29 || <= 4.2.8p2-1 || 4.2.8p3-1 || 8d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000359.html ASA-201507-5]<br />
|-<br />
| {{CVE|CVE-2015-2141}} [https://lists.ubuntu.com/archives/ubuntu-devel-discuss/2015-June/015585.html templink] [https://github.com/weidai11/cryptopp/commit/9425e16437439e68c7d96abef922167d68fafaff commit] || {{pkg|crypto++}} || 2015-06-28 || <= 5.6.2-2 || 5.6.2-3 || 28d || Fixed ({{bug|45498}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000374.html ASA-201507-20]<br />
|-<br />
| {{CVE|CVE-2015-5073}} [https://bugs.exim.org/show_bug.cgi?id=1651 templink] [http://vcs.pcre.org/pcre?view=revision&revision=1571 commit] || {{pkg|pcre}} || 2015-06-26 || <= 8.37-2 || 8.37-3 || ~52d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-5069}} {{CVE|CVE-2015-5070}} [http://www.openwall.com/lists/oss-security/2015/06/25/12 templink] || {{pkg|wesnoth}} || 2015-06-24 || <= 1.12.2-3 || 1.12.4-1 || < 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-July/000355.html ASA-201507-1]<br />
|-<br />
| {{CVE|CVE-2015-3113}} [https://helpx.adobe.com/security/products/flash-player/apsb15-14.html templink] || {{pkg|flashplugin}} || 2015-06-23 || <= 11.2.202.466-1 || 11.2.202.468-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-June/000346.html ASA-201506-5]<br />
|-<br />
| {{CVE|CVE-2015-3236}} {{CVE|CVE-2015-3237}} [http://curl.haxx.se/docs/adv_20150617A.html templink] [http://curl.haxx.se/docs/adv_20150617B.html templink] || {{pkg|lib32-curl}} || 2015-06-17 || <= 7.42.1-1 || 7.43.0-1 || 47d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-June/000345.html ASA-201506-4]<br />
|-<br />
| {{CVE|CVE-2015-3236}} {{CVE|CVE-2015-3237}} [http://curl.haxx.se/docs/adv_20150617A.html templink] [http://curl.haxx.se/docs/adv_20150617B.html templink] || {{pkg|curl}} || 2015-06-17 || <= 7.42.1-1 || 7.43.0-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-June/000345.html ASA-201506-4]<br />
|-<br />
| {{CVE|CVE-2009-1364}} {{CVE|CVE-2006-3376}} {{CVE|CVE-2007-0455}} {{CVE|CVE-2007-2756}} {{CVE|CVE-2007-3472}} {{CVE|CVE-2007-3473}} {{CVE|CVE-2007-3477}} {{CVE|CVE-2009-3546}} {{CVE|CVE-2015-0848}} {{CVE|CVE-2015-4588}} {{CVE|CVE-2015-4695}} {{CVE|CVE-2015-4696}} [http://www.openwall.com/lists/oss-security/2015/06/16/4 templink] || {{pkg|libwmf}} || 2015-06-01 || <= 0.2.8.4-13 || || || '''Vulnerable''' ({{bug|49162}}) ||<br />
|-<br />
| {{CVE|CVE-2015-2325}} {{CVE|CVE-2015-2326}} {{CVE|CVE-2015-3414}} {{CVE|CVE-2015-3415}} {{CVE|CVE-2015-3416}} [http://php.net/ChangeLog-5.php#5.6.10 templink] || {{pkg|php}} || 2015-06-11 || <= 5.6.9-2 || 5.6.10-1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-3885}} [http://www.ocert.org/advisories/ocert-2015-006.html templink] || {{pkg|libraw}} || 2015-05-11 || <= 0.16.0-3 || 0.16.1 || 5d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-3885}} [http://www.ocert.org/advisories/ocert-2015-006.html templink] || {{pkg|dcraw}} || 2015-05-11 || <= 9.25.0-1 || 9.26.0-1 || ~1m || Fixed || None <br />
|-<br />
| {{CVE|CVE-2015-3885}} [http://www.ocert.org/advisories/ocert-2015-006.html templink] || {{pkg|gimp-ufraw}} || 2015-05-11 || <= 0.21-1 || 0.22-1 || 45d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-3885}} [http://www.ocert.org/advisories/ocert-2015-006.html templink] || {{pkg|rawtherapee}} || 2015-05-11 || <= 1:4.2-1 || 1:4.2+448.g26d182d-1 || ~5m || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-3885}} [http://www.ocert.org/advisories/ocert-2015-006.html templink] || {{pkg|rawstudio}} || 2015-05-11 || <= 2.0-12 || 2.0_git20160107-1 || ~11m || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-1158}} {{CVE|CVE-2015-1159}} [http://www.cups.org/str.php?L4609 templink] || {{pkg|cups}} || 2015-06-08 || <= 2.0.2-4 || 2.0.3-1 || 1d || Fixed ({{bug|45279}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-June/000343.html ASA-201506-2]<br />
|-<br />
| {{CVE|CVE-2015-1788}} {{CVE|CVE-2015-1789}} {{CVE|CVE-2015-1790}} {{CVE|CVE-2015-1791}} {{CVE|CVE-2015-1792}} {{CVE|CVE-2015-4000}} [https://www.openssl.org/news/secadv_20150611.txt templink] [https://git.openssl.org/?p=openssl.git;a=commit;h=98ece4eebfb6cd45cc8d550c6ac0022965071afc templink] || {{pkg|openssl}} || 2015-06-11 || <= 1.0.2.a-1 || 1.0.2.b-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-June/000344.html ASA-201506-3]<br />
|-<br />
| {{CVE|CVE-2015-3210}} [https://bugs.exim.org/show_bug.cgi?id=1636 templink] || {{pkg|pcre}} || 2015-05-29 || <= 8.37-1 || 8.37-2 || 7d || Fixed ({{bug|45207}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-June/000342.html ASA-201506-1]<br />
|-<br />
| {{CVE|CVE-2015-3165}} {{CVE|CVE-2015-3166}} {{CVE|CVE-2015-3167}} [http://www.postgresql.org/about/news/1587/ templink] || {{pkg|postgresql}} || 2015-05-22 || <= 9.4.1-1 || 9.4.2-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000338.html ASA-201505-17]<br />
|-<br />
| {{CVE|CVE-2015-4054}} [http://www.openwall.com/lists/oss-security/2015/05/22/5 templink] || {{pkg|pgbouncer}} || 2015-04-09 || <= 1.5.4-6 || 1.5.5-1 || 26d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000337.html ASA-201505-16]<br />
|-<br />
| {{CVE|CVE-2015-1251}} {{CVE|CVE-2015-1252}} {{CVE|CVE-2015-1253}} {{CVE|CVE-2015-1254}} {{CVE|CVE-2015-1255}} {{CVE|CVE-2015-1256}} {{CVE|CVE-2015-1257}} {{CVE|CVE-2015-1258}} {{CVE|CVE-2015-1259}} {{CVE|CVE-2015-1260}} {{CVE|CVE-2015-1263}} {{CVE|CVE-2015-1264}} {{CVE|CVE-2015-1265}} [http://googlechromereleases.blogspot.fr/2015/05/stable-channel-update_19.html templink] || {{pkg|chromium}} || 2015-05-19 || <= 42.0.2311.135-1 || 43.0.2357.65-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000335.html ASA-201505-14]<br />
|-<br />
| {{CVE|CVE-2015-3808}} {{CVE|CVE-2015-3809}} {{CVE|CVE-2015-3810}} {{CVE|CVE-2015-3811}} {{CVE|CVE-2015-3812}} {{CVE|CVE-2015-3813}} {{CVE|CVE-2015-3814}} {{CVE|CVE-2015-3815}} [https://wireshark.org/docs/relnotes/wireshark-1.12.5.html templink] || {{pkg|wireshark-cli}} {{pkg|wireshark-qt}} {{pkg|wireshark-gtk}} || 2015-05-11 || <= 1.12.4-4 || 1.12.5-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000329.html ASA-201505-10] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000330.html ASA-201505-11] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000331.html ASA-201505-12]<br />
|-<br />
| {{CVE|CVE-2015-3456}} [https://securityblog.redhat.com/2015/05/13/venom-dont-get-bitten/ templink] || {{pkg|qemu}} || 2015-05-13 || <= 2.2.1-4 || 2.2.1-5 || 1d || Fixed ({{bug|44958}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000328.html ASA-201505-9]<br />
|-<br />
| {{CVE|CVE-2014-0230}} [https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.44 templink] || {{pkg|tomcat6}} || 2015-04-09 || <= 6.0.43-2 || 6.0.44-1 || 34d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000321.html ASA-201505-8]<br />
|-<br />
| {{CVE|CVE-2015-2708}} {{CVE|CVE-2015-2709}} {{CVE|CVE-2015-2710}} {{CVE|CVE-2015-2713}} {{CVE|CVE-2015-2716}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/#thunderbird31.7 templink] || {{pkg|thunderbird}} || 2015-05-12 || <= 31.6.0-2 || 31.7.0-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000332.html ASA-201505-13]<br />
|-<br />
| {{CVE|CVE-2015-2708}} {{CVE|CVE-2015-2709}} {{CVE|CVE-2015-2710}} {{CVE|CVE-2015-2711}} {{CVE|CVE-2015-2712}} {{CVE|CVE-2015-2713}} {{CVE|CVE-2015-2715}} {{CVE|CVE-2015-2716}} {{CVE|CVE-2015-2717}} {{CVE|CVE-2015-2718}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox38 templink] || {{pkg|firefox}} || 2015-05-12 || <= 37.0.2-1 || 38.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000320.html ASA-201505-7] <br />
|-<br />
| {{CVE|CVE-2015-3622}} [http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commitdiff;h=f979435 templink] || {{pkg|libtasn1}} || 2015-04-20 || <= 4.5-1 || 4.4-1 || 16d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000318.html ASA-201505-5]<br />
|-<br />
| {{CVE|CVE-2014-8964}} [https://mariadb.com/kb/en/mariadb/mariadb-10018-release-notes/ templink] || {{pkg|mariadb-clients}} || 2015-05-07 || <= 10.0.17-1 || 10.0.18-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000317.html ASA-201505-4]<br />
|-<br />
| {{CVE|CVE-2014-8964}} {{CVE|CVE-2015-0499}} {{CVE|CVE-2015-0501}} {{CVE|CVE-2015-0505}} {{CVE|CVE-2015-2571}} [https://mariadb.com/kb/en/mariadb/mariadb-10018-release-notes/ templink] || {{pkg|mariadb}} || 2015-05-07 || <= 10.0.17-1 || 10.0.18-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000316.html ASA-201505-3]<br />
|-<br />
| {{CVE|CVE-2015-3627}} {{CVE|CVE-2015-3629}} {{CVE|CVE-2015-3630}} {{CVE|CVE-2015-3631}} [http://seclists.org/oss-sec/2015/q2/389 templink] || {{pkg|docker}} || 2015-05-07 || <= 1:1.6.0-1 || 1:1.6.1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000319.html ASA-201505-6]<br />
|-<br />
| {{CVE|CVE-2015-0847}} [http://sourceforge.net/p/nbd/mailman/message/34091218/ templink] || {{pkg|nbd}} || 2015-05-07 || <= 3.10-1 || 3.11-1 || 19d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000336.html ASA-201505-15]<br />
|-<br />
| {{CVE|CVE-2015-1858}} {{CVE|CVE-2015-1859}} {{CVE|CVE-2015-1860}} [http://lists.qt-project.org/pipermail/announce/2015-April/000067.html templink] || {{pkg|qt5-base}} || 2015-04-13 || <= 5.4.1-5 || 5.4.2-1 || 50d || Fixed || None <br />
|-<br />
| {{CVE|CVE-2015-1858}} {{CVE|CVE-2015-1859}} {{CVE|CVE-2015-1860}} [http://lists.qt-project.org/pipermail/announce/2015-April/000067.html templink] || {{pkg|qt4}} || 2015-04-13 || <= 4.8.6-6 || 4.8.7-1 || 50d || Fixed || None <br />
|-<br />
| {{CVE|CVE-2015-3414}} {{CVE|CVE-2015-3415}} {{CVE|CVE-2015-3416}} [http://seclists.org/fulldisclosure/2015/Apr/31 templink] || {{pkg|sqlite}} || 2015-04-24 || <= 3.8.8.3-1 || 3.8.9-1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-2170}} {{CVE|CVE-2015-2221}} {{CVE|CVE-2015-2222}} {{CVE|CVE-2015-2305}} {{CVE|CVE-2015-2668}} [http://blog.clamav.net/2015/04/clamav-0987-has-been-released.html templink] || {{pkg|clamav}} || 2015-04-29 || <= 0.98.6-1 || 0.98.7-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000315.html ASA-201505-2]<br />
|-<br />
| {{CVE|CVE-2015-3455}} [http://www.openwall.com/lists/oss-security/2015/04/30/2 templink] || {{pkg|squid}} || 2015-04-29 || <= 3.5.3-2 || 3.5.4-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000314.html ASA-201505-1]<br />
|-<br />
| {{CVE|CVE-2015-3451}} [http://www.openwall.com/lists/oss-security/2015/04/30/1 templink] || {{pkg|perl-xml-libxml}} || 2015-04-30 || <= 2.0118-3 || 2.0119-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000313.html ASA-201504-32]<br />
|-<br />
| {{CVE|CVE-2015-3152}} [http://www.openwall.com/lists/oss-security/2015/04/29/4 templink] || {{pkg|mariadb}} {{pkg|mariadb-clients}} || 2015-04-29 || <= 10.0.17-2 || 10.0.20-1 || 52d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-3153}} [http://curl.haxx.se/docs/adv_20150429.html templink] || {{pkg|curl}} || 2015-04-29 || <= 7.42.0-1 || 7.42.1-1 || 29d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000341.html ASA-201505-20]<br />
|-<br />
| {{CVE|CVE-2015-1243}} {{CVE|CVE-2015-1250}} [http://googlechromereleases.blogspot.fr/2015/04/stable-channel-update_28.html templink] || {{pkg|chromium}} || 2015-04-28 || <= 42.0.2311.90-1 || 42.0.2311.135-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000311.html ASA-201504-30]<br />
|-<br />
| {{CVE|CVE-2015-3420}} [http://seclists.org/oss-sec/2015/q2/288 templink] || {{pkg|dovecot}} || 2015-04-24 || <= 2.2.16-1 || 2.2.16-2 || 4d || Fixed ({{bug|44757}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000312.html ASA-201504-31]<br />
|-<br />
| {{CVE|CVE-2015-1868}} [https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/ templink] || {{pkg|powerdns-recursor}} || 2015-04-23 || <= 3.7.1-1 || 3.7.2-1 || 1d || Fixed ({{Bug|44708}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000308.html ASA-201504-27]<br />
|-<br />
| {{CVE|CVE-2015-1868}} [https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/ templink] || {{pkg|powerdns}} || 2015-04-23 || <= 3.4.3-2 || 3.4.4-1 || 1d || Fixed ({{Bug|44708}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000307.html ASA-201504-26]<br />
|-<br />
| {{CVE|CVE-2015-1863}} [http://w1.fi/security/2015-1/wpa_supplicant-p2p-ssid-overflow.txt templink] || {{pkg|wpa_supplicant}} || 2015-04-22 || <= 2.3-1 || 2.4-1 (1:2.3-1) || 2d || Fixed ({{Bug|44695}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000310.html ASA-201504-29]<br />
|-<br />
| {{CVE|CVE-2015-1781}} [https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=2959eda9272a033863c271aff62095abd01bd4e3;hp=7bf8fb104226407b75103b95525364c4667c869f templink] || {{pkg|glibc}} || 2015-04-21 || <= 2.21-2 || 2.21-3 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000305.html ASA-201504-25]<br />
|-<br />
| {{CVE|CVE-2015-3143}} {{CVE|CVE-2015-3144}} {{CVE|CVE-2015-3145}} {{CVE|CVE-2015-3148}} [http://curl.haxx.se/docs/vuln-7.41.0.html templink] || {{pkg|curl}} || 2015-04-22 || <= 7.41.0-1 || 7.42.0-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000309.html ASA-201504-28]<br />
|-<br />
| {{CVE|CVE-2015-2706}} [https://www.mozilla.org/en-US/security/advisories/mfsa2015-45/ templink] || {{pkg|firefox}} || 2015-04-20 || <= 37.0.1-3 || 37.0.2-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000304.html ASA-201504-24]<br />
|-<br />
| {{CVE|CVE-2015-3138}} [https://github.com/the-tcpdump-group/tcpdump/issues/446 templink] || {{pkg|tcpdump}} || 2015-03-24 || <= 4.7.3-1 || 4.7.3-2 || 26d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000299.html ASA-201504-20]<br />
|-<br />
| {{CVE|CVE-2015-0346}} {{CVE|CVE-2015-0347}} {{CVE|CVE-2015-0348}} {{CVE|CVE-2015-0349}} {{CVE|CVE-2015-0350}} {{CVE|CVE-2015-0351}} {{CVE|CVE-2015-0352}} {{CVE|CVE-2015-0353}} {{CVE|CVE-2015-0354}} {{CVE|CVE-2015-0355}} {{CVE|CVE-2015-0356}} {{CVE|CVE-2015-0357}} {{CVE|CVE-2015-0358}} {{CVE|CVE-2015-0359}} {{CVE|CVE-2015-0360}} {{CVE|CVE-2015-3038}} {{CVE|CVE-2015-3039}} {{CVE|CVE-2015-3040}} {{CVE|CVE-2015-3041}} {{CVE|CVE-2015-3042}} {{CVE|CVE-2015-3043}} {{CVE|CVE-2015-3044}} [https://helpx.adobe.com/security/products/flash-player/apsb15-06.html templink] || {{pkg|flashplugin}} || 2015-04-14 || <= 11.2.202.451-1 || 11.2.202.457-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000297.html ASA-201504-18]<br />
|-<br />
| {{CVE|CVE-2015-1351}} {{CVE|CVE-2015-1352}} {{CVE|CVE-2015-2783}} {{CVE|CVE-2015-3330}} {{CVE|CVE-2015-3329}} [https://php.net/ChangeLog-5.php#5.6.8 templink] || {{pkg|php}} || 2015-04-17 || <= 5.6.7.-2 || 5.6.8-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000291.html ASA-201504-14]<br />
|-<br />
| {{CVE|CVE-2015-0460}} {{CVE|CVE-2015-0469}} {{CVE|CVE-2015-0470}} {{CVE|CVE-2015-0477}} {{CVE|CVE-2015-0478}} {{CVE|CVE-2015-0480}} {{CVE|CVE-2015-0488}} || {{pkg|jdk8-openjdk}} {{pkg|jre8-openjdk}} {{pkg|jre8-openjdk-headless}} || 2015-04-14 || <= 8.u40-1 || 8.u45-1 || 6d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000300.html ASA-201504-21] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000301.html ASA-201504-22] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000302.html ASA-201504-23]<br />
|-<br />
| {{CVE|CVE-2015-0460}} {{CVE|CVE-2015-0469}} {{CVE|CVE-2015-0477}} {{CVE|CVE-2015-0478}} {{CVE|CVE-2015-0480}} {{CVE|CVE-2015-0488}} [http://blog.fuseyism.com/index.php/2015/04/15/security-icedtea-2-5-5-for-openjdk-7-released/ templink] || {{pkg|jdk7-openjdk}} {{pkg|jre7-openjdk}} {{pkg|jre7-openjdk-headless}} || 2015-04-14 || <= 7.u75_2.5.4-1 || 7.u79_2.5.5-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000294.html ASA-201504-15] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000295.html ASA-201504-16] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000296.html ASA-201504-17]<br />
|-<br />
| {{CVE|CVE-2015-3310}} [http://www.openwall.com/lists/oss-security/2015/04/16/7 templink] || {{pkg|ppp}} || 2015-04-13 || <= 2.4.7-1 || 2.4.7-2 || ~4m || Fixed ({{bug|44607}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-August/000380.html ASA-201508-3]<br />
|-<br />
| {{CVE|CVE-2015-3308}} [http://www.openwall.com/lists/oss-security/2015/04/16/6 templink] || {{pkg|gnutls}} || 2015-03-30 || <= 3.3.13-1 || 3.3.14-1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-1235}} {{CVE|CVE-2015-1236}} {{CVE|CVE-2015-1237}} {{CVE|CVE-2015-1238}} {{CVE|CVE-2015-1240}} {{CVE|CVE-2015-1241}} {{CVE|CVE-2015-1242}} {{CVE|CVE-2015-1244}} {{CVE|CVE-2015-1245}} {{CVE|CVE-2015-1246}} {{CVE|CVE-2015-1247}} {{CVE|CVE-2015-1248}} {{CVE|CVE-2015-1249}} [http://googlechromereleases.blogspot.fr/2015/04/stable-channel-update_14.html templink] || {{pkg|chromium}} || 2015-04-14 || <= 41.0.2272.118-2 || 42.0.2311.90-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000298.html ASA-201504-19]<br />
|-<br />
| {{CVE|CVE-2015-1855}} [https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/ templink] || {{pkg|ruby}} || 2015-04-13 || <= 2.2.1-1 || 2.2.2-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000282.html ASA-201504-13]<br />
|-<br />
| {{CVE|CVE-2015-3026}} [http://seclists.org/oss-sec/2015/q2/80 templink] || {{pkg|icecast}} || 2015-04-08 || <= 2.4.1-1 || 2.4.2-1 || 3d || Fixed ({{bug|44503}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000281.html ASA-201504-12]<br />
|-<br />
| {{CVE|CVE-2015-1798}} [http://seclists.org/oss-sec/2015/q2/63 templink] || {{pkg|chrony}} || 2015-04-08 || <= 1.31-2 || 1.31.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000278.html ASA-201504-9]<br />
|-<br />
| {{CVE|CVE-2015-1798}} {{CVE|CVE-2015-1799}} [http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities templink] || {{pkg|ntp}} || 2015-04-07 || <= 4.2.8p1 || 4.2.8p2-1 || <1d || Fixed ({{bug|44492}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000275.html ASA-201504-8]<br />
|-<br />
| {{CVE|CVE-2015-2931}} {{CVE|CVE-2015-2932}} {{CVE|CVE-2015-2933}} {{CVE|CVE-2015-2934}} {{CVE|CVE-2015-2935}} {{CVE|CVE-2015-2936}} {{CVE|CVE-2015-2937}} {{CVE|CVE-2015-2938}} {{CVE|CVE-2015-2939}} {{CVE|CVE-2015-2940}} {{CVE|CVE-2015-2941}} {{CVE|CVE-2015-2942}} [http://seclists.org/oss-sec/2015/q2/61 templink] || {{pkg|mediawiki}} || 2015-04-07 || <= 1.24.1-1 || 1.24.2-1 || 0d || Fixed ({{bug|44489}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000280.html ASA-201504-11]<br />
|-<br />
| {{CVE|CVE-2015-2928}} {{CVE|CVE-2015-2929}} [http://seclists.org/oss-sec/2015/q2/56 templink] || {{pkg|tor}} || 2015-04-06 || <= 0.2.5.11-1 || 0.2.5.12-1 || <1d || Fixed ({{bug|44482}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000274.html ASA-201504-7]<br />
|-<br />
| {{CVE|CVE-2015-0799}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2015-04-03 || <= 37.0-1 || 37.0.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000271.html ASA-201504-4]<br />
|-<br />
| {{CVE|CVE-2015-1233}} {{CVE|CVE-2015-1234}} [http://googlechromereleases.blogspot.fr/2015/04/stable-channel-update.html templink] || {{pkg|chromium}} || 2015-04-01 || <= 41.0.2272.101-1 || 41.0.2272.118-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000269.html ASA-201504-2]<br />
|-<br />
| {{CVE|CVE-2015-0801}} {{CVE|CVE-2015-0807}} {{CVE|CVE-2015-0813}} {{CVE|CVE-2015-0814}} {{CVE|CVE-2015-0815}} {{CVE|CVE-2015-0816}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/ templink] || {{pkg|thunderbird}} || 2015-03-31 || <= 31.5.0-1 || 31.6.0-1|| 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000272.html ASA-201504-6]<br />
|-<br />
| {{CVE|CVE-2015-0801}} {{CVE|CVE-2015-0802}} {{CVE|CVE-2015-0803}} {{CVE|CVE-2015-0804}} {{CVE|CVE-2015-0805}} {{CVE|CVE-2015-0806}} {{CVE|CVE-2015-0807}} {{CVE|CVE-2015-0808}} {{CVE|CVE-2015-0811}} {{CVE|CVE-2015-0812}} {{CVE|CVE-2015-0813}} {{CVE|CVE-2015-0814}} {{CVE|CVE-2015-0815}} {{CVE|CVE-2015-0816}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2015-03-31 || <= 36.0.4-1 || 37.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000268.html ASA-201504-1]<br />
|-<br />
| {{CVE|CVE-2015-1817}} [http://www.openwall.com/lists/oss-security/2015/03/30/3 templink] || {{pkg|musl}} || 2015-03-29 || <= 1.1.7-1 || 1.1.8-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000267.html ASA-201503-26]<br />
|-<br />
| {{CVE|CVE-2015-2782}} {{CVE|CVE-2015-0556}} {{CVE|CVE-2015-0557}} [http://www.openwall.com/lists/oss-security/2015/03/29/1 templink] || {{pkg|arj}} || 2015-03-28 || <= 3.10.22-8 || 3.10.22-10 || 10d || Fixed ({{bug|44411}}) ({{bug|44488}}) || None<br />
|-<br />
| {{CVE|CVE-2015-0250}} [http://seclists.org/fulldisclosure/2015/Mar/142 templink] || {{pkg|java-batik}} || 2015-03-17 || <= 1.7-12 || 1.8-1 || 17d || Fixed ({{bug|44410}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000273.html ASA-201504-5]<br />
|-<br />
| {{CVE|CVE-2015-2806}} [http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=4d4f992826a4962790ecd0cce6fbba4a415ce149 templink] || {{pkg|libtasn1}} || 2015-03-29 || <= 4.3-1 || 4.4-1 || 5d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000270.html ASA-201504-3]<br />
|-<br />
| {{CVE|CVE-2015-0817}} {{CVE|CVE-2015-0818}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2015-03-20 || <= 36.0.1-1 || 36.0.3-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000262.html ASA-201503-21]<br />
|-<br />
| {{CVE|CVE-2015-2559}} [https://www.drupal.org/SA-CORE-2015-001 templink] || {{pkg|drupal}} || 2015-03-19 || <= 7.34-1 || 7.35-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000259.html ASA-201503-18]<br />
|-<br />
| {{CVE|CVE-2015-0252}} [https://xerces.apache.org/xerces-c/secadv/CVE-2015-0252.txt templink] || {{pkg|xerces-c}} || 2015-03-19 || <= 3.1.1-5 || 3.1.2-1 || 1d || Fixed ({{bug|44272}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000260.html ASA-201503-19]<br />
|-<br />
| {{CVE|CVE-2015-2330}} [http://www.openwall.com/lists/oss-security/2015/03/18/4 templink] || {{pkg|webkitgtk}} {{pkg|webkitgtk2}} || 2015-03-17 || <= 2.4.8-1 || 2.4.9-1 || 30d || Fixed ({{bug|44237}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-May/000339.html ASA-201505-18] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000340.html ASA-201505-19]<br />
|-<br />
| {{CVE|CVE-2015-2305}} {{CVE|CVE-2015-2331}} {{CVE|CVE-2015-2348}} {{CVE|CVE-2015-2787}} [https://bugs.php.net/bug.php?id=69253 templink] || {{pkg|php}} || 2015-03-18 || <= 5.6.6-1 || 5.6.7-1 || 10d || Fixed ({{bug|44236}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000266.html ASA-201503-25]<br />
|-<br />
| {{CVE|CVE-2015-0204}} {{CVE|CVE-2015-0207}} {{CVE|CVE-2015-0208}} {{CVE|CVE-2015-0209}} {{CVE|CVE-2015-0285}} {{CVE|CVE-2015-0286}} {{CVE|CVE-2015-0287}} {{CVE|CVE-2015-0288}} {{CVE|CVE-2015-0289}} {{CVE|CVE-2015-0290}} {{CVE|CVE-2015-0291}} {{CVE|CVE-2015-0293}} {{CVE|CVE-2015-1787}} [https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=28a00bcd8e318da18031b2ac8778c64147cd54f9 commit-0288] [https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2b31fcc0b5e7329e13806822a5709dbd51c5c8a4 commit-0285] [https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ba5d0113e8bcb26857ae58a11b219aeb7bc2408a commit-0209] [https://security-tracker.debian.org/tracker/CVE-2015-0288 Debian-Bug-tracker] [https://www.openssl.org/news/secadv_20150319.txt advisory] || {{pkg|openssl}} {{pkg|lib32-openssl}} || 2015-03-17 || <= 1.0.2-1 || 1.0.2.a-1 || 2d || Fixed ({{bug|44227}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000257.html ASA-201503-16] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000258.html ASA-201503-17]<br />
|-<br />
| {{CVE|CVE-2015-1802}} {{CVE|CVE-2015-1803}} {{CVE|CVE-2015-1804}} [http://www.openwall.com/lists/oss-security/2015/03/17/5 templink] || {{pkg|libxfont}} || 2015-03-17 || <= 1.5.0-1 || 1.5.1-1 || <1d || Fixed ({{bug|44226}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000256.html ASA-201503-15]<br />
|-<br />
| {{CVE|CVE-2015-0332}} {{CVE|CVE-2015-0333}} {{CVE|CVE-2015-0334}} {{CVE|CVE-2015-0335}} {{CVE|CVE-2015-0336}} {{CVE|CVE-2015-0337}} {{CVE|CVE-2015-0338}} {{CVE|CVE-2015-0339}} {{CVE|CVE-2015-0340}} {{CVE|CVE-2015-0341}} {{CVE|CVE-2015-0342}} [https://helpx.adobe.com/security/products/flash-player/apsb15-05.html templink] || {{pkg|flashplugin}} || 2015-03-12 || <= 11.2.202.442-1 || 11.2.202.451-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000252.html ASA-201503-11]<br />
|-<br />
| {{CVE|CVE-2014-9687}} [http://www.openwall.com/lists/oss-security/2015/02/10/10 templink] || {{pkg|ecryptfs-utils}} || 2015-02-10 || <= 104-1 || 106-1 || 37d || Fixed ({{bug|44157}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000255.html ASA-201503-14]<br />
|-<br />
| {{CVE|CVE-2015-1782}} [http://www.libssh2.org/adv_20150311.html templink] || {{pkg|libssh2}} || 2015-03-11 || <= 1.4.3-1 || 1.5.0-1 || 29d || Fixed ({{bug|44146}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-April/000279.html ASA-201504-10]<br />
|-<br />
| {{CVE|CVE-2015-2241}} [https://www.djangoproject.com/weblog/2015/mar/09/security-releases/ templink] || {{pkg|python-django}} {{pkg|python2-django}} || 2015-03-09 || <= 1.7.5-1 || 1.7.6-1 || 2d || Fixed ({{bug|44122}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000248.html ASA-201503-7]<br />
|-<br />
| {{CVE|CVE-2015-1212}} {{CVE|CVE-2015-1213}} {{CVE|CVE-2015-1214}} {{CVE|CVE-2015-1215}} {{CVE|CVE-2015-1216}} {{CVE|CVE-2015-1217}} {{CVE|CVE-2015-1218}} {{CVE|CVE-2015-1219}} {{CVE|CVE-2015-1220}} {{CVE|CVE-2015-1221}} {{CVE|CVE-2015-1222}} {{CVE|CVE-2015-1223}} {{CVE|CVE-2015-1224}} {{CVE|CVE-2015-1225}} {{CVE|CVE-2015-1226}} {{CVE|CVE-2015-1227}} {{CVE|CVE-2015-1228}} {{CVE|CVE-2015-1229}} {{CVE|CVE-2015-1230}} {{CVE|CVE-2015-1231}} [http://googlechromereleases.blogspot.fr/2015/03/stable-channel-update.html templink] || {{pkg|chromium}} || 2015-03-03 || <= 40.0.2214.115-1 || 41.0.2272.76-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000245.html ASA-201503-5]<br />
|-<br />
| {{CVE|CVE-2015-1572}} [https://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=49d0fe2a14f2a23da2fe299643379b8c1d37df73 templink] || {{pkg|e2fsprogs}} || 2015-02-06 || <= 1.42.12-1 || 1.42.12-2 || 6d || Fixed ({{bug|44015}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000249.html ASA-201503-8]<br />
|-<br />
| {{CVE|CVE-2015-2157}} [http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/private-key-not-wiped-2.html templink] || {{pkg|putty}} || 2015-03-02 || <= 0.63-1 || 0.64-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000241.html ASA-201503-1]<br />
|-<br />
| {{CVE|CVE-2015-0822}} {{CVE|CVE-2015-0827}} {{CVE|CVE-2015-0831}} {{CVE|CVE-2015-0835}} {{CVE|CVE-2015-0836}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/ templink] || {{pkg|thunderbird}} || 2015-02-24 || <= 31.4.0-1 || 31.5.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000238.html ASA-201502-15]<br />
|-<br />
| {{CVE|CVE-2015-0819}} {{CVE|CVE-2015-0821}} {{CVE|CVE-2015-0822}} {{CVE|CVE-2015-0823}} {{CVE|CVE-2015-0824}} {{CVE|CVE-2015-0825}} {{CVE|CVE-2015-0826}} {{CVE|CVE-2015-0827}} {{CVE|CVE-2015-0829}} {{CVE|CVE-2015-0830}} {{CVE|CVE-2015-0831}} {{CVE|CVE-2015-0832}} {{CVE|CVE-2015-0834}} {{CVE|CVE-2015-0835}} {{CVE|CVE-2015-0836}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2015-02-24 || <= 35.0.1-1 || 36.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000237.html ASA-201502-14]<br />
|-<br />
| {{CVE|CVE-2015-0240}} [https://www.samba.org/samba/history/samba-4.1.17.html templink] || {{pkg|samba}} || 2015-02-23 || <= 4.1.16-1 || 4.1.17-1 || <1d || Fixed ({{bug|43923}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000236.html ASA-201502-13]<br />
|-<br />
| {{CVE|CVE-2014-9636}} [http://www.openwall.com/lists/oss-security/2014/11/02/2 templink] || {{pkg|unzip}} || 2014-11-02 || <= 6.0-9 || 6.0-10 || 75d || Fixed ({{bug|44171}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000250.html ASA-201503-9]<br />
|-<br />
| {{CVE|CVE-2015-1315}} [http://www.openwall.com/lists/oss-security/2015/02/17/4 templink] || {{pkg|unzip}} || 2014-11-02 || <= 6.0-9 || 6.0-9 || - || Not Affected || None<br />
|-<br />
| {{CVE|CVE-2014-9680}} [http://www.sudo.ws/sudo/alerts/tz.html templink] || {{pkg|sudo}} || 2015-02-09 || <= 1.8.12-1 || 1.8.12-1 || 4d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-5352}} {{CVE|CVE-2014-5353}} {{CVE|CVE-2014-5354}} {{CVE|CVE-2014-9421}} {{CVE|CVE-2014-9422}} {{CVE|CVE-2014-9423}} [http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2015-001.txt templink] [http://www.openwall.com/lists/oss-security/2014/12/16/1 templink] || {{pkg|krb5}} || 2015-02-03 || <= 1.13-1 || 1.13.1-1 || 14d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000235.html ASA-201502-12] <br />
|-<br />
| {{CVE|CVE-2015-0255}} [http://www.x.org/wiki/Development/Security/Advisory-2015-02-10/ templink] || {{pkg|xorg-server}} || 2015-02-10 || <= 1.16.3-2|| 1.16.4-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000234.html ASA-201502-11]<br />
|-<br />
| {{CVE|CVE-2015-1191}} [http://www.openwall.com/lists/oss-security/2015/01/18/3 templink] || {{pkg|pigz}} || 2015-01-18 || <= 2.3.1-1 || 2.3.3-1 || 21d || Fixed ({{bug|43748}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000232.html ASA-201502-9]<br />
|-<br />
| {{CVE|CVE-2015-0245}} [http://lists.freedesktop.org/archives/dbus/2015-February/016553.html templink] || {{pkg|dbus}} || 2015-02-09 || <= 1.8.14-1 || 1.8.16-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000233.html ASA-201502-10]<br />
|-<br />
| {{CVE|CVE-2015-1472}} {{CVE|CVE-2015-1473}} || {{pkg|glibc}} || 2015-02-05 || <= 2.20-6 || 2.21-1 ||4d || Fixed ({{bug|43747}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000231.html ASA-201502-8]<br />
|-<br />
| {{CVE|CVE-2014-9297}} {{CVE|CVE-2014-9298}} [http://support.ntp.org/bin/view/Main/SecurityNotice#vallen_is_not_validated_in_sever templink] [http://support.ntp.org/bin/view/Main/SecurityNotice#1_can_be_spoofed_on_some_OSes_so templink]|| {{pkg|ntp}} || 2015-02-04 || <= 4.2.8-1 || 4.2.8.p1-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000230.html ASA-201502-7]<br />
|-<br />
| {{CVE|CVE-2014-9328}} || {{pkg|clamav}} || 2015-01-28 || <= 0.98.5-1 || 0.98.6-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000229.html ASA-201502-6]<br />
|-<br />
| {{CVE|CVE-2015-1209}} {{CVE|CVE-2015-1210}} {{CVE|CVE-2015-1211}} {{CVE|CVE-2015-1212}} [http://googlechromereleases.blogspot.fr/2015/02/stable-channel-update.html templink] || {{pkg|chromium}} || 2015-02-05 || <= 40.0.2214.94-1 || 40.0.2214.111-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000228.html ASA-201502-5]<br />
|-<br />
| {{CVE|CVE-2015-0313}} {{CVE|CVE-2015-0314}} {{CVE|CVE-2015-0315}} {{CVE|CVE-2015-0316}} {{CVE|CVE-2015-0317}} {{CVE|CVE-2015-0318}} {{CVE|CVE-2015-0319}} {{CVE|CVE-2015-0320}} {{CVE|CVE-2015-0321}} {{CVE|CVE-2015-0322}} {{CVE|CVE-2015-0323}} {{CVE|CVE-2015-0324}} {{CVE|CVE-2015-0325}} {{CVE|CVE-2015-0326}} {{CVE|CVE-2015-0327}} {{CVE|CVE-2015-0328}} {{CVE|CVE-2015-0329}} {{CVE|CVE-2015-0330}} [https://helpx.adobe.com/security/products/flash-player/apsb15-04.html templink] || {{pkg|flashplugin}} || 2015-02-05 || <= 11.2.202.440-1 || 11.2.202.442-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000225.html ASA-201502-2]<br />
|-<br />
| {{CVE|CVE-2014-8161}} {{CVE|CVE-2015-0241}} {{CVE|CVE-2015-0243}} {{CVE|CVE-2015-0244}} [http://www.postgresql.org/docs/9.4/static/release-9-4-1.html templink] || {{pkg|postgresql}} || 2015-02-05 || <= 9.4.0-1 || 9.4.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000227.html ASA-201502-4]<br />
|-<br />
| {{CVE|CVE-2015-1380}} {{CVE|CVE-2015-1381}} {{CVE|CVE-2015-1382}} [http://seclists.org/oss-sec/2015/q1/285 templink] || {{pkg|privoxy}} || 2015-01-26 || <= 3.0.22-1 || 3.0.23-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000224.html ASA-201502-1]<br />
|-<br />
| {{CVE|CVE-2015-0235}} [https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-0235 templink] || {{pkg|glibc}} || 2015-01-27 || < 2.18-1 || 2.18-1 || < 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2015-0311}} {{CVE|CVE-2015-0301}} {{CVE|CVE-2015-0302}} {{CVE|CVE-2015-0303}} {{CVE|CVE-2015-0304}} {{CVE|CVE-2015-0305}} {{CVE|CVE-2015-0306}} {{CVE|CVE-2015-0307}} {{CVE|CVE-2015-0308}} {{CVE|CVE-2015-0309}} [https://helpx.adobe.com/security/products/flash-player/apsb15-01.html templink] || {{pkg|flashplugin}} || 2015-01-23 || <= 11.2.202.438-1 || 11.2.202.440-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000220.html ASA-201501-22]<br />
|-<br />
| {{CVE|CVE-2015-0231}} {{CVE|CVE-2014-9427}} {{CVE|CVE-2015-0232}} [https://bugs.php.net/bug.php?id=68710 templink] [https://bugs.php.net/bug.php?id=68618 templink] [https://bugs.php.net/bug.php?id=68799 templink] || {{pkg|php}} || 2015-01-22 || <= 5.6.4-1 || 5.6.5-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000215.html ASA-201501-17]<br />
|-<br />
| {{CVE|CVE-2014-9638}} {{CVE|CVE-2014-9639}} {{CVE|CVE-2014-9640}} [http://www.openwall.com/lists/oss-security/2015/01/22/9 templink] || {{pkg|vorbis-tools}} || 2015-01-21 || <= 1.4.0-4 || 1.4.0-5 || 64d || Fixed ({{bug|44172}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000265.html ASA-201503-24]<br />
|-<br />
| {{CVE|CVE-2015-1345}} [http://seclists.org/oss-sec/2015/q1/179 templink] || {{pkg|grep}} || 2015-01-18 || <= 2.21-1 || 2.21-2 || 46d || Fixed ({{bug|44017}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000244.html ASA-201503-4]<br />
|-<br />
| {{CVE|CVE-2014-7923}} {{CVE|CVE-2014-7924}} {{CVE|CVE-2014-7925}} {{CVE|CVE-2014-7926}} {{CVE|CVE-2014-7927}} {{CVE|CVE-2014-7928}} {{CVE|CVE-2014-7930}} {{CVE|CVE-2014-7931}} {{CVE|CVE-2014-7929}} {{CVE|CVE-2014-7932}} {{CVE|CVE-2014-7933}} {{CVE|CVE-2014-7934}} {{CVE|CVE-2014-7935}} {{CVE|CVE-2014-7936}} {{CVE|CVE-2014-7937}} {{CVE|CVE-2014-7938}} {{CVE|CVE-2014-7939}} {{CVE|CVE-2014-7940}} {{CVE|CVE-2014-7941}} {{CVE|CVE-2014-7942}} {{CVE|CVE-2014-7943}} {{CVE|CVE-2014-7944}} {{CVE|CVE-2014-7945}} {{CVE|CVE-2014-7946}} {{CVE|CVE-2014-7947}} {{CVE|CVE-2014-7948}} {{CVE|CVE-2015-1205}} [http://googlechromereleases.blogspot.fr/2015/01/stable-update.html templink] || {{pkg|chromium}} || 2015-01-22 || <= 39.0.2171.99-1 || 40.0.2214.91-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000219.html ASA-201501-21]<br />
|-<br />
| {{CVE|CVE-2014-3566}} {{CVE|CVE-2014-6549}} {{CVE|CVE-2014-6585}} {{CVE|CVE-2014-6587}} {{CVE|CVE-2014-6591}} {{CVE|CVE-2014-6593}} {{CVE|CVE-2014-6601}} {{CVE|CVE-2015-0383}} {{CVE|CVE-2015-0395}} {{CVE|CVE-2015-0400}} {{CVE|CVE-2015-0403}} {{CVE|CVE-2015-0406}} {{CVE|CVE-2015-0407}} {{CVE|CVE-2015-0408}} {{CVE|CVE-2015-0410}} {{CVE|CVE-2015-0412}} {{CVE|CVE-2015-0413}} {{CVE|CVE-2015-0421}} {{CVE|CVE-2015-0437}} [http://www.oracle.com/technetwork/topics/security/cpujan2015verbose-1972976.html#JAVA templink] || {{pkg|jdk8-openjdk}} {{pkg|jre8-openjdk}} {{pkg|jre8-openjdk-headless}} || 2015-01-22 || <= 8.u25-2 || 8.u31-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000210.html ASA-201501-14] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000211.html ASA-201501-15] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000212.html ASA-201501-16]<br />
|-<br />
| {{CVE|CVE-2014-3566}} {{CVE|CVE-2014-6585}} {{CVE|CVE-2014-6587}} {{CVE|CVE-2014-6591}} {{CVE|CVE-2014-6593}} {{CVE|CVE-2014-6601}} {{CVE|CVE-2015-0383}} {{CVE|CVE-2015-0395}} {{CVE|CVE-2015-0407}} {{CVE|CVE-2015-0408}} {{CVE|CVE-2015-0410}} {{CVE|CVE-2015-0412}} [http://www.oracle.com/technetwork/topics/security/cpujan2015verbose-1972976.html#JAVA templink] || {{pkg|jdk7-openjdk}} {{pkg|jre7-openjdk}} {{pkg|jre7-openjdk-headless}} || 2015-01-22 || <= 7.u71_2.5.3-3 || 7.u75_2.5.4-1 || || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000216.html ASA-201501-18] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000217.html ASA-201501-19] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000218.html ASA-201501-20]<br />
|-<br />
| {{CVE|CVE-2014-8157}} {{CVE|CVE-2014-8158}} [http://seclists.org/oss-sec/2015/q1/210 templink] || {{pkg|jasper}} || 2015-01-22 || <= 1.900.1-12 || 1.900.1-13 || 5d || Fixed ({{bug|43592}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000222.html ASA-201501-23]<br />
|-<br />
| {{CVE|CVE-2014-8132}} [http://www.libssh.org/2014/12/19/libssh-0-6-4-security-and-bugfix-release/ templink] || {{pkg|libssh}} || 2014-12-19 || <= 0.6.3-1 || 0.6.4-1 || 26d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000208.html ASA-201501-12]<br />
|-<br />
| {{CVE|CVE-2015-1182}} [https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-04 templink] || {{pkg|polarssl}} || 2012-09-19 || <= 1.3.9-1 || 1.3.9-2 || 1d || Fixed ({{bug|43508}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000209.html ASA-201501-13]<br />
|-<br />
| {{CVE|CVE-2012-3505}} [http://www.openwall.com/lists/oss-security/2012/08/18/1 templink] || {{pkg|tinyproxy}} || 2012-09-10 || <= 1.8.3-1 || 1.8.4-1 || > 740d || Fixed ({{bug|38400}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000207.html ASA-201501-11]<br />
|-<br />
| {{CVE|CVE-2014-9447}} [https://git.fedorahosted.org/cgit/elfutils.git/commit/?id=147018e729e7c22eeabf15b82d26e4bf68a0d18e templink] || {{pkg|elfutils}} || 2015-01-19 || <= 0.161-2 || 0.161-3 || 42d || Fixed ({{bug|44019}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000242.html ASA-201503-2]<br />
|-<br />
| {{CVE|CVE-2014-9447}} [https://git.fedorahosted.org/cgit/elfutils.git/commit/?id=147018e729e7c22eeabf15b82d26e4bf68a0d18e templink] || {{pkg|lib32-elfutils}} || 2015-01-19 || <= 0.161-1 || 0.161-2 || 42d || Fixed ({{bug|44020}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000243.html ASA-201503-3]<br />
|-<br />
| {{CVE|CVE-2014-8143}} [https://www.samba.org/samba/security/CVE-2014-8143 templink] || {{pkg|samba}} || 2015-01-15 || <= 4.1.15-1 || 4.1.16-1 || 4d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000206.html ASA-201501-10]<br />
|-<br />
| {{CVE|CVE-2015-1197}} [http://www.openwall.com/lists/oss-security/2015/01/18/7 templink] || {{pkg|cpio}} || 2015-01-16 || <= 2.11-5 || 2.11-6 || 65d || Fixed ({{bug|44173}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000263.html ASA-201503-22]<br />
|-<br />
| {{CVE|CVE-2015-1196}} {{CVE|CVE-2014-9637}} [http://www.openwall.com/lists/oss-security/2015/01/18/6 templink] [https://savannah.gnu.org/bugs/?44051 templink] || {{pkg|patch}} || 2015-01-14 || <= 2.7.1-3 || 2.7.3-1 || 14d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000223.html ASA-201501-24]<br />
|-<br />
| {{CVE|CVE-2014-9571}} {{CVE|CVE-2014-9572}} {{CVE|CVE-2014-9573}} {{CVE|CVE-2014-9624}} {{CVE|CVE-2015-1042}} [http://www.openwall.com/lists/oss-security/2015/01/17/1 templink] [http://www.openwall.com/lists/oss-security/2015/01/17/3 templink] [http://www.openwall.com/lists/oss-security/2015/01/17/2 templink] [http://www.openwall.com/lists/oss-security/2015/01/18/11 templink] || {{pkg|mantisbt}} || 2015-01-17 || <= 1.2.18-1 || 1.2.19-1 || 20d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-February/000226.html ASA-201502-3]<br />
|-<br />
| {{CVE|CVE-2014-8634}} {{CVE|CVE-2014-8635}} {{CVE|CVE-2014-8638}} {{CVE|CVE-2014-8639}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/ templink] || {{pkg|thunderbird}} || 2015-01-13 || <= 31.3.0-1 || 31.4.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000203.html ASA-201501-7]<br />
|-<br />
| {{CVE|CVE-2014-8634}} {{CVE|CVE-2014-8635}} {{CVE|CVE-2014-8636}} {{CVE|CVE-2014-8637}} {{CVE|CVE-2014-8638}} {{CVE|CVE-2014-8639}} {{CVE|CVE-2014-8640}} {{CVE|CVE-2014-8641}} {{CVE|CVE-2014-8642}} [https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2015-01-13 || <= 34.0.5-1 || 35.0-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000202.html ASA-201501-6]<br />
|-<br />
| {{CVE|CVE-2014-3571}} {{CVE|CVE-2015-0206}} {{CVE|CVE-2014-3569}} {{CVE|CVE-2014-3572}} {{CVE|CVE-2015-0205}} {{CVE|CVE-2014-8275}} {{CVE|CVE-2014-3570}} [https://www.openssl.org/news/secadv_20150108.txt templink] || {{pkg|openssl}} || 2015-01-08 || <= 1.0.1.j-1 || 1.0.1.k-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000198.html ASA-201501-2]<br />
|-<br />
| {{CVE|CVE-2014-8150}} [http://curl.haxx.se/docs/adv_20150108B.html templink] || {{pkg|curl}} || 2015-01-08 || <= 7.39.0-1 || 7.40.0-1 || 10d || Fixed ({{bug|43379}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000205.html ASA-201501-9]<br />
|-<br />
| {{CVE|CVE-2014-6272}} [http://archives.seul.org/libevent/users/Jan-2015/msg00010.html templink] || {{pkg|libevent}} || 2015-01-05 || <= 2.0.21-3 || 2.0.22-1 || 7d || Fixed ({{bug|43366}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000200.html ASA-201501-4] <br />
|-<br />
| {{CVE|CVE-2014-8139}} {{CVE|CVE-2014-8140}} {{CVE|CVE-2014-8141}} [http://www.ocert.org/advisories/ocert-2014-011.html templink] || {{pkg|unzip}} || 2014-12-22 || <= 6.0-7 || 6.0-9 || 17d || Fixed ({{bug|43300}}) ({{bug|43391}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000199.html ASA-201501-3]<br />
|-<br />
| {{CVE|CVE-2014-6395}} {{CVE|CVE-2014-6396}} {{CVE|CVE-2014-9376}} {{CVE|CVE-2014-9377}} {{CVE|CVE-2014-9378}} {{CVE|CVE-2014-9379}} {{CVE|CVE-2014-9380}} {{CVE|CVE-2014-9381}} [https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/ templink] || {{pkg|ettercap}} {{pkg|ettercap-gtk}} || 2014-12-16 || <= 0.8.1-2 || 0.8.2-1 || 89d || Fixed ({{bug|44174}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000253.html ASA-201503-12] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000254.html ASA-201503-13]<br />
|-<br />
| {{CVE|CVE-2014-9425}} [https://bugs.php.net/bug.php?id=68676 templink] || {{pkg|php}} || 2014-12-29 || <= 5.6.4-1 || 5.6.5-1 || 6d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-9295}} {{CVE|CVE-2014-9296}} [http://support.ntp.org/bin/view/Main/SecurityNotice#Buffer_overflow_in_ctl_putdata templink] || {{pkg|ntp}} || 2014-12-19 || < 4.2.8-1 || 4.2.8-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000189.html ASA-201412-24]<br />
|-<br />
| {{CVE|CVE-2014-8142}} [https://bugzilla.redhat.com/show_bug.cgi?id=1175718 templink] || {{pkg|php}} || 2014-12-18 || <= 5.6.3-1 || 5.6.4-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000183.html ASA-201412-23]<br />
|-<br />
| {{CVE|CVE-2014-8137}} {{CVE|CVE-2011-4516}} {{CVE|CVE-2011-4517}} [https://marc.info/?l=oss-security&m=141891163026757&w=2 templink] || {{pkg|jasper}} || 2014-12-18 || <= 1.900.1-11 || 1.900.1-12 || 1d || Fixed ({{bug|43155}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000182.html ASA-201412-22]<br />
|-<br />
| {{CVE|CVE-2014-9029}} [https://marc.info/?l=oss-security&m=141770163916268&w=2 templink] || {{pkg|jasper}} || 2014-12-04 || <= 1.900.1-10 || 1.900.1-12 || 6d || Fixed ({{bug|43044}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000182.html ASA-201412-22]<br />
|-<br />
| {{CVE|CVE-2012-3406}} {{CVE|CVE-2014-9402}} [http://www.openwall.com/lists/oss-security/2014/12/18/1 templink] || {{pkg|glibc}} {{pkg|lib32-glibc}} || 2014-12-17 || <= 2.20-4 || 2.20-5 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000181.html ASA-201412-21]<br />
|-<br />
| {{CVE|CVE-2014-9253}} [http://seclists.org/oss-sec/2014/q4/1050 templink] || {{pkg|dokuwiki}} || 2014-12-15 || <= 20140929_a-1 || 20140929_b-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000177.html ASA-201412-19]<br />
|-<br />
| {{CVE|CVE-2014-3580}} {{CVE|CVE-2014-8108}} [https://subversion.apache.org/security/CVE-2014-3580-advisory.txt templink] [https://subversion.apache.org/security/CVE-2014-8108-advisory.txt templink] || {{pkg|subversion}} || 2014-12-16 || <= 1.8.10-1 || 1.8.11-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000175.html ASA-201412-17]<br />
|-<br />
| {{CVE|CVE-2014-9356}} {{CVE|CVE-2014-9357}} {{CVE|CVE-2014-9358}} [http://www.securityfocus.com/archive/1/534215 templink] || {{pkg|docker}} || 2014-12-12 || <= 1:1.3.2-1 || 1:1.4.0-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000174.html ASA-201412-16]<br />
|-<br />
| {{CVE|CVE-2013-1752}} {{CVE|CVE-2013-1753}} {{CVE|CVE-2014-9365}} [https://hg.python.org/cpython/raw-file/v2.7.9/Misc/NEWS templink] || {{pkg|python2}} || 2014-12-11 || <= 2.7.8-1 || 2.7.9-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000173.html ASA-201412-15]<br />
|-<br />
| {{CVE|CVE-2014-0580}} {{CVE|CVE-2014-0587}} {{CVE|CVE-2014-8443}} {{CVE|CVE-2014-9162}} {{CVE|CVE-2014-9163}} {{CVE|CVE-2014-9164}} [https://helpx.adobe.com/security/products/flash-player/apsb14-27.html templink] || {{pkg|flashplugin}} || 2014-12-09 || <= 11.2.202.424-1 || 11.2.202.425-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000171.html ASA-201412-13]<br />
|-<br />
| {{CVE|CVE-2014-8091}} {{CVE|CVE-2014-8092}} {{CVE|CVE-2014-8093}} {{CVE|CVE-2014-8094}} {{CVE|CVE-2014-8095}} {{CVE|CVE-2014-8096}} {{CVE|CVE-2014-8097}} {{CVE|CVE-2014-8098}} {{CVE|CVE-2014-8099}} {{CVE|CVE-2014-8100}} {{CVE|CVE-2014-8101}} {{CVE|CVE-2014-8102}} {{CVE|CVE-2014-8103}} [http://www.x.org/wiki/Development/Security/Advisory-2014-12-09/ templink] || {{pkg|xorg-server}} || 2014-12-09 || <= 1.16.2-1 || 1.16.2.901-1 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000172.html ASA-201412-14]<br />
|-<br />
| {{CVE|CVE-2014-8093}} {{CVE|CVE-2014-8098}} {{CVE|CVE-2014-8298}} [https://nvidia.custhelp.com/app/answers/detail/a_id/3610 templink] || {{pkg|nvidia}} {{pkg|nvidia-lts}} || 2014-12-09 || <= 343.22-6 || 343.36-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000170.html ASA-201412-12]<br />
|-<br />
| {{CVE|CVE-2014-8093}} {{CVE|CVE-2014-8098}} {{CVE|CVE-2014-8298}} [https://nvidia.custhelp.com/app/answers/detail/a_id/3610 templink] || {{pkg|nvidia-340xx}} {{pkg|nvidia-340xx-lts}} || 2014-12-09 || <= 340.58-3 || 340.65-1 || 3d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000169.html ASA-201412-11]<br />
|-<br />
| {{CVE|CVE-2014-8093}} {{CVE|CVE-2014-8098}} {{CVE|CVE-2014-8298}} [https://nvidia.custhelp.com/app/answers/detail/a_id/3610 templink] || {{pkg|nvidia-304xx}} {{pkg|nvidia-304xx-lts}} || 2014-12-09 || < 304.125-1 || 304.125-1 || < 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000168.html ASA-201412-10]<br />
|-<br />
| {{CVE|CVE-2014-8601}} [http://doc.powerdns.com/md/security/powerdns-advisory-2014-02/ templink] || {{pkg|powerdns-recursor}} || 2014-12-09 || <= 3.6.1-1 || 3.6.2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000167.html ASA-201412-9]<br />
|-<br />
| {{CVE|CVE-2014-8602}} [https://unbound.net/downloads/CVE-2014-8602.txt templink] || {{pkg|unbound}} || 2014-12-09 || <= 1.5.0-1 || 1.5.1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000166.html ASA-201412-8]<br />
|-<br />
| {{CVE|CVE-2014-8500}} {{CVE|CVE-2014-8680}} [http://svnweb.freebsd.org/ports?view=revision&revision=374305 templink] || {{pkg|bind}} || 2014-12-08 || <= 9.10.1-2 || 9.10.1.P1-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000165.html ASA-201412-7]<br />
|-<br />
| {{CVE|CVE-2014-9274}} {{CVE|CVE-2014-9275}} [http://seclists.org/oss-sec/2014/q4/904 templink] || {{pkg|unrtf}} || 2014-12-04 || <= 0.21.5-1 || 0.21.7-1 || 10d || Fixed ({{bug|43131}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000178.html ASA-201412-20]<br />
|-<br />
| {{CVE|CVE-2014-1587}} {{CVE|CVE-2014-1588}} {{CVE|CVE-2014-1589}} {{CVE|CVE-2014-1590}} {{CVE|CVE-2014-1591}} {{CVE|CVE-2014-1592}} {{CVE|CVE-2014-1593}} {{CVE|CVE-2014-1594}} {{CVE|CVE-2014-8631}} {{CVE|CVE-2014-8632}} [https://www.mozilla.org/fr/security/known-vulnerabilities/firefox/ templink] || {{pkg|firefox}} || 2014-12-02 || <= 33.1.1-1 || 34.0.5-1 || < 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000161.html ASA-201412-3]<br />
|-<br />
| {{CVE|CVE-2014-9157}} [http://seclists.org/oss-sec/2014/q4/872 templink] || {{pkg|graphviz}} || 2014-11-25 || <= 2.38.0-2 || 2.38.0-3 || 8d || Fixed ({{bug|42983}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000162.html ASA-201412-4]<br />
|-<br />
| {{CVE|CVE-2014-8123}} [http://seclists.org/oss-sec/2014/q4/874 templink] || {{pkg|antiword}} || 2014-12-01 || <= 0.37-4 || 0.37-5 || 3d || Fixed ({{bug|42982}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000163.html ASA-201412-5]<br />
|-<br />
| {{CVE|CVE-2014-8104}} [https://forums.openvpn.net/topic17625.html templink] || {{pkg|openvpn}} || 2014-11-30 || <= 2.3.5-1 || 2.3.6-1 || 4d || Fixed ({{bug|42975}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000160.html ASA-201412-2]<br />
|-<br />
| {{CVE|CVE-2014-9087}} [http://seclists.org/oss-sec/2014/q4/801 templink] || {{pkg|gnupg}} || 2014-11-25 || <= 2.1.0-5 || 2.1.0-6 || 4d || Fixed ({{bug|42943}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000159.html ASA-201412-1]<br />
|-<br />
| {{CVE|CVE-2014-9087}} [http://seclists.org/oss-sec/2014/q4/801 templink] || {{pkg|libksba}} || 2014-11-25 || <= 1.3.1-1 || 1.3.2-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000156.html ASA-201411-31]<br />
|-<br />
| {{CVE|CVE-2014-9114}} [http://seclists.org/oss-sec/2014/q4/819 templink] || {{pkg|util-linux}} || 2014-11-27 || <= 2.25.2-1 || 2.26.1-3 || 117d || Fixed ({{bug|43886}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000264.html ASA-201503-23]<br />
|-<br />
| {{CVE|CVE-2014-9112}} [http://seclists.org/oss-sec/2014/q4/818 templink] || {{pkg|cpio}} || 2014-11-26 || <= 2.11-4 || 2.11-5 || 20d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2015-January/000201.html ASA-201501-5]<br />
|-<br />
| {{CVE|CVE-2014-9116}} [http://seclists.org/oss-sec/2014/q4/835 templink] || {{pkg|mutt}} || 2014-11-27 || <= 1.5.23-1 || 1.5.23-2 || 71d || Fixed ({{bug|44110}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000247.html ASA-201503-6]<br />
|-<br />
| {{CVE|CVE-2014-9093}} [https://bugs.freedesktop.org/show_bug.cgi?id=86449 templink] || {{pkg|libreoffice-fresh}} || 2014-11-19 || <= 4.3.4-1 ||4.3.5-1 || 31d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-9092}} [https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768369#114 templink] || {{pkg|libjpeg-turbo}} || 2014-11-26 || <= 1.3.1-2 || 1.3.1-3 || 2d || Fixed ({{bug|42922}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000158.html ASA-201411-33]<br />
|-<br />
| {{CVE|CVE-2014-9272}} {{CVE|CVE-2014-9270}} {{CVE|CVE-2014-8987}} {{CVE|CVE-2014-9271}} {{CVE|CVE-2014-9281}} {{CVE|CVE-2014-8986}} {{CVE|CVE-2014-9269}} {{CVE|CVE-2014-9280}} {{CVE|CVE-2014-9089}} {{CVE|CVE-2014-9279}} {{CVE|CVE-2014-8988}} {{CVE|CVE-2014-8553}} {{CVE|CVE-2014-6387}} {{CVE|CVE-2014-6316}} {{CVE|CVE-2014-9117}} [https://www.mantisbt.org/bugs/view.php?id=17841 templink] [https://www.mantisbt.org/bugs/view.php?id=17811 templink] [http://seclists.org/oss-sec/2014/q4/955 templink] || {{pkg|mantisbt}} || 2014-11-25 || <= 1.2.17-4 || 1.2.18-1 || 13d || Fixed ({{bug|42920}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000164.html ASA-201412-6]<br />
|-<br />
| {{CVE|CVE-2014-9090}} [https://marc.info/?l=oss-security&m=141698775601426&w=2 templink] || {{pkg|linux}} {{pkg|linux-lts}} || 2014-11-26 || <= 3.18-rc6 || 3.19 || - || Not Affected || None<br />
|-<br />
| {{CVE|CVE-2014-9018}} {{CVE|CVE-2014-9091}} [http://seclists.org/oss-sec/2014/q4/694 templink] || {{pkg|icecast}} || 2014-11-20 || <= 2.4.0-1 || 2.4.1-1 || 8d || Fixed ({{bug|42912}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000157.html ASA-201411-32]<br />
|-<br />
| {{CVE|CVE-2014-8964}} [http://bugs.exim.org/show_bug.cgi?id=1546 templink] || {{pkg|pcre}} || 2014-11-18 || <= 8.36-1 || 8.36-2 || 8d || Fixed ({{bug|42860}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000154.html ASA-201411-29]<br />
|-<br />
| {{CVE|CVE-2014-8962}} {{CVE|CVE-2014-9028}} [http://www.ocert.org/advisories/ocert-2014-008.html templink] || {{pkg|flac}} || 2014-11-25 || <= 1.3.0-4 || 1.3.0-5 || < 1d || Fixed ({{bug|42898}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000155.html ASA-201411-30]<br />
|-<br />
| {{CVE|CVE-2014-7899}} {{CVE|CVE-2014-7900}} {{CVE|CVE-2014-7901}} {{CVE|CVE-2014-7902}} {{CVE|CVE-2014-7903}} {{CVE|CVE-2014-7904}} {{CVE|CVE-2014-7906}} {{CVE|CVE-2014-7907}} {{CVE|CVE-2014-7908}} {{CVE|CVE-2014-7909}} {{CVE|CVE-2014-7910}} [http://googlechromereleases.blogspot.in/2014/11/stable-channel-update_18.html templink] || {{pkg|chromium}} || 2014-11-20 || <= 38.0.2125.122-1 || 39.0.2171.65-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000151.html ASA-201411-26]<br />
|-<br />
| {{CVE|CVE-2014-9015}} {{CVE|CVE-2014-9016}} [http://seclists.org/oss-sec/2014/q4/697 templink] || {{pkg|drupal}} || 2014-11-19 || <= 7.33-1 || 7.34-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000150.html ASA-201411-25]<br />
|-<br />
| {{CVE|CVE-2013-6497}} [http://seclists.org/oss-sec/2014/q4/673 templink] || {{pkg|clamav}} || 2014-11-18 || <= 0.98.4-1 || 0.98.5-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000146.html ASA-201411-21]<br />
|-<br />
| {{CVE|CVE-2014-7817}} [https://sourceware.org/bugzilla/show_bug.cgi?id=17625 templink] || {{pkg|glibc}} {{pkg|lib32-glibc}} || 2014-11-19 || <= 2.20-2 || 2.20.3 || 2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000152.html ASA-201411-27]<br />
|-<br />
| {{CVE|CVE-2014-8600}} [https://www.kde.org/info/security/advisory-20141113-1.txt templink] || {{pkg|kwebkitpart}} || 2014-11-18 || <= 1.3.4-2 || 1.3.4-3 || 4d || Fixed ({{bug|44170}} {{bug|42775}}) || None<br />
|-<br />
| {{CVE|CVE-2014-8767}} {{CVE|CVE-2014-8768}} {{CVE|CVE-2014-8769}} {{CVE|CVE-2014-9140}} {{CVE|CVE-2015-0261}} {{CVE|CVE-2015-2153}} {{CVE|CVE-2015-2154}} {{CVE|CVE-2015-2155}} [http://www.securityfocus.com/archive/1/534011/30/0/threaded templink] [http://www.securityfocus.com/archive/1/534010/30/0/threaded templink] [http://www.securityfocus.com/archive/1/534009/30/0/threaded templink] [https://github.com/the-tcpdump-group/tcpdump/commit/0f95d441e4b5d7512cc5c326c8668a120e048eda templink] || {{pkg|tcpdump}} || 2014-11-18 || <= 4.6.2-1 || 4.7.3-1 || 88d || Fixed ({{bug|44153}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000261.html ASA-201503-20]<br />
|-<br />
| {{CVE|CVE-2014-8090}} || {{pkg|ruby}} || 2014-11-13 || <= 2.1.4-1 || 2.1.5-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000141.html ASA-201411-16]<br />
|-<br />
| {{CVE|CVE-2014-7823}} || {{pkg|libvirt}} || 2014-11-13 || <= 1.2.10-1 ||1.2.11-1 ||33d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-8710}} {{CVE|CVE-2014-8711}} {{CVE|CVE-2014-8712}} {{CVE|CVE-2014-8713}} {{CVE|CVE-2014-8714}} [https://www.wireshark.org/security/wnpa-sec-2014-20.html templink] [https://www.wireshark.org/security/wnpa-sec-2014-21.html templink] [https://www.wireshark.org/security/wnpa-sec-2014-22.html templink] || {{pkg|wireshark-cli}} {{pkg|wireshark-gtk}} {{pkg|wireshark-qt}} || 2014-11-13 || <= 1.12.1-1 || 1.12.2-1 || 7d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000147.html ASA-201411-22] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000148.html ASA-201411-23] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000149.html ASA-201411-24]<br />
|-<br />
| {{CVE|CVE-2014-0573}} {{CVE|CVE-2014-0574}} {{CVE|CVE-2014-0576}} {{CVE|CVE-2014-0577}} {{CVE|CVE-2014-0581}} {{CVE|CVE-2014-0582}} {{CVE|CVE-2014-0583}} {{CVE|CVE-2014-0584}} {{CVE|CVE-2014-0585}} {{CVE|CVE-2014-0586}} {{CVE|CVE-2014-0588}} {{CVE|CVE-2014-0589}} {{CVE|CVE-2014-0590}} {{CVE|CVE-2014-8437}} {{CVE|CVE-2014-8438}} {{CVE|CVE-2014-8440}} {{CVE|CVE-2014-8441}} {{CVE|CVE-2014-8442}} [https://helpx.adobe.com/security/products/flash-player/apsb14-24.html templink] || {{pkg|flashplugin}} || 2014-11-11 || <= 11.2.202.411-1 || 11.2.202.418-1 || <1d || Fixed ({{bug|42769}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000136.html ASA-201411-11]<br />
|-<br />
| {{CVE|CVE-2014-3710}} [https://bugzilla.redhat.com/show_bug.cgi?id=1155071 templink] || {{pkg|php}} || 2014-10-29 || <= 5.6.2-2 || 5.6.3-1 || 14d || Fixed ({{bug|42764}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000138.html ASA-201411-13]<br />
|-<br />
| {{CVE|CVE-2014-8564}} [http://www.gnutls.org/security.html#GNUTLS-SA-2014-5 templink]|| {{pkg|gnutls}} || 2014-11-10 || <= 3.3.9-1 ||3.3.10-1 ||<1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000135.html ASA-201411-10]<br />
|-<br />
| {{CVE|CVE-2014-8716}} [http://seclists.org/oss-sec/2014/q4/591 templink]|| {{pkg|imagemagick}} || 2014-11-12 || <= 6.8.9.9-1 || 6.8.9.10-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000137.html ASA-201411-12]<br />
|-<br />
| {{CVE|CVE-2014-3710}} [https://bugzilla.redhat.com/show_bug.cgi?id=1155071 templink] || {{pkg|file}} || 2014-10-29 || <= 5.20-1 || 5.20-2 || 12d || Fixed ({{bug|42759}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000134.html ASA-201411-9]<br />
|-<br />
| {{CVE|CVE-2014-1569}} [https://bugzilla.mozilla.org/show_bug.cgi?id=1064670 templink] || {{pkg|nss}} || 2014-11-07 || <= 3.17.2-1 || 3.17.3-1 || 22d || Fixed ({{bug|42760}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-December/000176.html ASA-201412-18]<br />
|-<br />
| {{CVE|CVE-2014-7824}} [http://www.openwall.com/lists/oss-security/2014/11/10/2 templink] || {{pkg|dbus}} || 2014-11-10 || <= 1.8.8-1 || 1.8.10-1 || 14d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000153.html ASA-201411-28]<br />
|-<br />
| {{CVE|CVE-2014-8598}} {{CVE|CVE-2014-7146}} [http://www.openwall.com/lists/oss-security/2014/11/07/27 templink] [http://www.openwall.com/lists/oss-security/2014/11/07/28 templink]|| {{pkg|mantisbt}} || 2014-11-08 || <= 1.2.17-3 || 1.2.17-4 || <4d || Fixed ({{bug|42761}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000133.html ASA-201411-8]<br />
|-<br />
| {{CVE|CVE-2014-8483}} [https://www.kde.org/info/security/advisory-20141104-1.txt templink] || {{pkg|konversation}} || 2014-11-04 || <= 1.5-1 || 1.5.1-1 || <4d || Fixed ({{bug|42698}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000130.html ASA-201411-5]<br />
|-<br />
| {{CVE|CVE-2014-3707}} [http://curl.haxx.se/docs/adv_20141105.html templink]|| {{pkg|curl}} || 2014-11-05 || <= 7.38.0-3 || 7.39.0-1 || 6d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000132.html ASA-201411-7]<br />
|-<br />
| {{CVE|CVE-2014-8651}} [http://seclists.org/oss-sec/2014/q4/520 templink]|| {{pkg|kdebase-workspace}} || 2014-11-04 || <= 4.11.13-1 || 4.11.13-2 || 6d || Fixed ({{bug|42679}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000131.html ASA-201411-6]<br />
|-<br />
| {{CVE|CVE-2014-8627}} {{CVE|CVE-2014-8628}} [http://www.openwall.com/lists/oss-security/2014/11/04/6 templink]|| {{pkg|polarssl}} || 2014-10-23 || <= 1.3.8-3 || 1.3.9-1 || 11d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000129.html ASA-201411-4]<br />
|-<br />
| {{CVE|CVE-2014-8321}} {{CVE|CVE-2014-8322}} {{CVE|CVE-2014-8323}} {{CVE|CVE-2014-8324}} [http://www.securityfocus.com/archive/1/533869/30/0/threaded templink]|| {{pkg|aircrack-ng}} || 2014-11-02 || <= 1.2beta3-1 || 1.2rc1-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000127.html ASA-201411-2]<br />
|-<br />
| {{CVE|CVE-2014-8554}} [http://www.openwall.com/lists/oss-security/2014/10/30/9 templink]|| {{pkg|mantisbt}} || 2014-10-30 || <= 1.2.17-2 || 1.2.17-3 || 5d || Fixed ({{bug|42683}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000128.html ASA-201411-3]<br />
|-<br />
| {{CVE|CVE-2014-8354}} {{CVE|CVE-2014-8355}} {{CVE|CVE-2014-8561}} {{CVE|CVE-2014-8562}} [http://seclists.org/oss-sec/2014/q4/466 templink]|| {{pkg|imagemagick}} || 2014-10-29 || <= 6.8.9.8-1 || 6.8.9.9-1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-8517}} [http://seclists.org/oss-sec/2014/q4/459 templink]|| {{pkg|tnftp}} || 2014-10-28 || <= 20130505-2 || 20141031-1 || 4d || Fixed ({{bug|42646}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000126.html ASA-201411-1]<br />
|-<br />
| {{CVE|CVE-2014-4877}} [http://git.savannah.gnu.org/cgit/wget.git/commit/?id=18b0979357ed7dc4e11d4f2b1d7e0f5932d82aa7 templink]|| {{pkg|wget}} || 2014-10-27 || <= 1.15-1 || 1.16-1 || <2d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000125.html ASA-201410-14]<br />
|-<br />
| {{CVE|CVE-2014-8484}} {{CVE|CVE-2014-8485}} {{CVE|CVE-2014-8501}} {{CVE|CVE-2014-8502}} {{CVE|CVE-2014-8503}} {{CVE|CVE-2014-8504}} {{CVE|CVE-2014-8737}} {{CVE|CVE-2014-8738}} [http://seclists.org/oss-sec/2014/q4/424 templink] [http://seclists.org/oss-sec/2014/q4/599 tmplink] [http://seclists.org/oss-sec/2014/q4/600 templink] || {{pkg|avr-binutils}} || 2014-10-23 || <= 2.24-2 || 2.24-3 || 27d || Fixed ({{bug|42773}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000145.html ASA-201411-20]<br />
|-<br />
| {{CVE|CVE-2014-8484}} {{CVE|CVE-2014-8485}} {{CVE|CVE-2014-8501}} {{CVE|CVE-2014-8502}} {{CVE|CVE-2014-8503}} {{CVE|CVE-2014-8504}} {{CVE|CVE-2014-8737}} {{CVE|CVE-2014-8738}} [http://seclists.org/oss-sec/2014/q4/424 templink] [http://seclists.org/oss-sec/2014/q4/599 tmplink] [http://seclists.org/oss-sec/2014/q4/600 templink] || {{pkg|mingw-w64-binutils}} || 2014-10-23 || <= 2.24-1 || 2.24-2 || 26d || Fixed ({{bug|42773}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000144.html ASA-201411-19]<br />
|-<br />
| {{CVE|CVE-2014-8484}} {{CVE|CVE-2014-8485}} {{CVE|CVE-2014-8501}} {{CVE|CVE-2014-8502}} {{CVE|CVE-2014-8503}} {{CVE|CVE-2014-8504}} {{CVE|CVE-2014-8737}} {{CVE|CVE-2014-8738}} [http://seclists.org/oss-sec/2014/q4/424 templink] [http://seclists.org/oss-sec/2014/q4/599 tmplink] [http://seclists.org/oss-sec/2014/q4/600 templink] || {{pkg|arm-none-eabi-binutils}} || 2014-10-23 || <= 2.24-2 || 2.24-3 || 26d || Fixed ({{bug|42773}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000143.html ASA-201411-18]<br />
|-<br />
| {{CVE|CVE-2014-8484}} {{CVE|CVE-2014-8485}} {{CVE|CVE-2014-8501}} {{CVE|CVE-2014-8502}} {{CVE|CVE-2014-8503}} {{CVE|CVE-2014-8504}} {{CVE|CVE-2014-8737}} {{CVE|CVE-2014-8738}} [http://seclists.org/oss-sec/2014/q4/424 templink] [http://seclists.org/oss-sec/2014/q4/599 tmplink] [http://seclists.org/oss-sec/2014/q4/600 templink] || {{pkg|binutils}} || 2014-10-23 || <= 2.24-7 || 2.24-8 || 26d || Fixed ({{bug|42773}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000142.html ASA-201411-17]<br />
|-<br />
| {{CVE|CVE-2014-8559}} [http://www.openwall.com/lists/oss-security/2014/10/30/7 templink] || {{pkg|linux}}, {{pkg|linux-lts}} || 2014-10-30 || <= 3.17.3-1, <= 3.14.24-1 ||3.17.4-1 3.14.25-1 || ~23d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-3610}} {{CVE|CVE-2014-3611}} {{CVE|CVE-2014-3646}} {{CVE|CVE-2014-3647}} {{CVE|CVE-2014-7825}} {{CVE|CVE-2014-7826}} {{CVE|CVE-2014-8369}} [http://permalink.gmane.org/gmane.comp.security.oss.general/14526 templink] [http://seclists.org/oss-sec/2014/q4/548 templink] || {{pkg|linux}}, {{pkg|linux-lts}} || 2014-10-21 || <= 3.17.2-1, <= 3.14.23-1 || 3.17.3-1, 3.14.24-1 || || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000139.html ASA-201411-14] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000140.html ASA-201411-15]<br />
|-<br />
| {{CVE|CVE-2014-8480}} {{CVE|CVE-2014-8481}} [http://permalink.gmane.org/gmane.comp.security.oss.general/14526 templink] || {{pkg|linux}} || 2014-10-21 || <= 3.17.2-1 || 3.17.3-1 || || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-November/000139.html ASA-201411-14]<br />
|-<br />
| {{CVE|CVE-2014-3695}} {{CVE|CVE-2014-3696}} {{CVE|CVE-2014-3698}} [https://pidgin.im/news/security/ templink] || {{pkg|libpurple}} || 2014-10-22 || <= 2.10.9-2 || 2.10.10-1 || < 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000120.html ASA-201410-9]<br />
|-<br />
| {{CVE|CVE-2014-8760}} || {{pkg|ejabberd}} || 2014-10-13 || <= 14.07-1 || 14.07-2 || 14d || Fixed ({{bug|42541}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000124.html ASA-201410-13]<br />
|-<br />
| {{CVE|CVE-2014-3686}} || {{pkg|wpa_supplicant}}, {{pkg|hostapd}} || 2014-10-09 || <= 2.2-2 || 2.3-1 || ~10d || Fixed ({{bug|42401}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000119.html ASA-201410-8]<br />
|-<br />
| {{CVE|CVE-2014-0191}} {{CVE|CVE-2014-3660}} || {{pkg|libxml2}} || 2014-10-16 || <= 2.9.1-5 || 2.9.2-1 || 8d || Fixed ({{bug|40790}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000123.html ASA-201410-12]<br />
|-<br />
| {{CVE|CVE-2014-3704}} [https://www.drupal.org/SA-CORE-2014-005 templink] || {{pkg|drupal}} || 2014-10-15 || <= 7.31-2 || 7.32-1 || 1d || Fixed ({{bug|42388}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000118.html ASA-201410-7]<br />
|-<br />
| {{CVE|CVE-2014-3513}} {{CVE|CVE-2014-3566}} {{CVE|CVE-2014-3567}} {{CVE|CVE-2014-3568}} [https://www.openssl.org/news/secadv_20141015.txt templink] [https://www.openssl.org/~bodo/ssl-poodle.pdf temp link] || {{pkg|openssl}} || 2014-10-15 || <= 1.0.1.i-1 || 1.0.1.j-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000117.html ASA-201410-6]<br />
|-<br />
| {{CVE|CVE-2014-8242}} [http://www.openwall.com/lists/oss-security/2014/10/13/2 temp link] || {{pkg|librsync}} || 2014-10-12 || <= 0.9.7-7 || 1.0.0-1 || 166d || Fixed ({{bug|44175}}) || [https://lists.archlinux.org/pipermail/arch-security/2015-March/000251.html ASA-201503-10]<br />
|-<br />
| {{CVE|CVE-2014-7203}} {{CVE|CVE-2014-7202}} [http://seclists.org/oss-sec/2014/q3/776 temp link] || {{pkg|zeromq}} || 2014-09-27 || <= 4.0.4-4 || 4.0.5-1 || 18d || Fixed ({{bug|42381}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000116.html ASA-201410-4]<br />
|-<br />
| {{CVE|CVE-2014-6051}} {{CVE|CVE-2014-6052}} {{CVE|CVE-2014-6053}} {{CVE|CVE-2014-6054}} {{CVE|CVE-2014-6055}} [http://seclists.org/oss-sec/2014/q3/639 temp link] || {{pkg|libvncserver}} || 2014-09-23 || <= 0.9.9-3 || 0.9.10-1 || 31d || Fixed ({{bug|42321}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000121.html ASA-201410-10]<br />
|-<br />
| {{CVE|CVE-2014-3683}} [http://www.rsyslog.com/remote-syslog-pri-vulnerability-cve-2014-3683/ temp link] || {{pkg|rsyslog}} || 2014-10-02 || <= 8.4.1-1 || 8.4.2-1 || 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000115.html ASA-201410-5]<br />
|-<br />
| {{CVE|CVE-2014-7204}} [http://seclists.org/oss-sec/2014/q3/842 temp link] || {{pkg|ctags}} || 2014-09-29 || <= 5.8-4 || 5.8-5 || 26d || Fixed ({{bug|42246}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000122.html ASA-201410-11]<br />
|-<br />
| {{CVE|CVE-2014-7295}} [https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-October/000163.html temp link] || {{pkg|mediawiki}} || 2014-10-02 || <= 1.23.4-1 || 1.23.5-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000114.html ASA-201410-3]<br />
|-<br />
| {{CVE|CVE-2014-3661}} {{CVE|CVE-2014-3662}} {{CVE|CVE-2014-3663}} {{CVE|CVE-2014-3664}} {{CVE|CVE-2014-3680}} {{CVE|CVE-2014-3681}} {{CVE|CVE-2014-3666}} {{CVE|CVE-2014-3667}} {{CVE|CVE-2013-2186}} {{CVE|CVE-2014-1869}} {{CVE|CVE-2014-3678}} {{CVE|CVE-2014-3679}} [https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01 temp link] || {{pkg|jenkins}} || 2014-10-01 || <= 1.582-1 || 1.583-1 || <1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000113.html ASA-201410-2]<br />
|-<br />
| {{CVE|CVE-2014-3634}} [http://www.rsyslog.com/remote-syslog-pri-vulnerability/ temp link] || {{pkg|rsyslog}} || 2014-09-30 || <= 8.4.0-1 || 8.4.1-1 || 1d || Fixed ({{bug|42200}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-October/000112.html ASA-201410-1]<br />
|-<br />
| {{CVE|CVE-2014-3657}} {{CVE|CVE-2014-3633}} [https://www.debian.org/security/2014/dsa-3038 temp link] || {{pkg|libvirt}} || 2014-09-26 || <= 1.2.8-1 || 1.2.8-2 || 3d || Fixed ({{bug|42159}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-September/000111.html ASA-201409-5]<br />
|-<br />
| {{CVE|CVE-2014-7199}} [https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-September/000161.html temp link] || {{pkg|mediawiki}} || 2014-09-24 || <= 1.23.3-1 || 1.23.4-1 || 5d || Fixed ({{bug|42161}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-September/000109.html ASA-201409-4]<br />
|-<br />
| {{CVE|CVE-2014-7185}} [http://bugs.python.org/issue21831 temp link] || {{pkg|python2}} || 2014-09-24 || < 2.7.8 || 2.7.8-1 || < 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-September/000102.html ASA-201409-3]<br />
|-<br />
| {{CVE|CVE-2014-1568}} [https://www.mozilla.org/security/announce/2014/mfsa2014-73.html temp link] || {{pkg|nss}} || 2014-09-24 || < 3.17.1 || 3.17.1-1 || < 1d || Fixed || [https://lists.archlinux.org/pipermail/arch-security/2014-September/000097.html ASA-201409-1]<br />
|-<br />
| {{CVE|CVE-2014-6271}} {{CVE|CVE-2014-7169}} {{CVE|CVE-2014-7186}} {{CVE|CVE-2014-7187}} {{CVE|CVE-2014-6277}} {{CVE|CVE-2014-6278}} [http://seclists.org/oss-sec/2014/q3/649 temp link] || {{pkg|bash}} || 2014-09-24 || <= 4.3.024-1 || 4.3.026-1 || 2d || Fixed ({{bug|42109}}) || [https://lists.archlinux.org/pipermail/arch-security/2014-September/000099.html ASA-201409-2]<br />
|-<br />
| {{CVE|CVE-2014-3635}} {{CVE|CVE-2014-3636}} {{CVE|CVE-2014-3637}} {{CVE|CVE-2014-3638}} {{CVE|CVE-2014-3639}} [http://www.openwall.com/lists/oss-security/2014/09/16/9 temp link] || {{pkg|dbus}} {{pkg|libdbus}} {{pkg|lib32-libdbus}} || 2014-09-16 || < 1.8.8 || 1.8.8-1 || 1d || Fixed ({{bug|41993}}) || None<br />
|-<br />
| {{CVE|CVE-2014-3613}} {{CVE|CVE-2014-3620}} [http://curl.haxx.se/docs/security.html temp link] || {{pkg|curl}} {{pkg|lib32-curl}}|| 2014-09-10 || < 7.38.0 || 7.38.0-1 || 5d ({{pkg|curl}}), 7d ({{pkg|lib32-curl}}) || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-3609}} [http://www.squid-cache.org/Advisories/SQUID-2014_2.txt temp link] || {{pkg|squid}} || 2014-08-28 || < 3.4.7 || 3.4.7-1 || < 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-5119}} [https://sourceware.org/bugzilla/show_bug.cgi?id=17187 temp link] || {{pkg|glibc}} || 2014-07-21 || <= 2.19 || 2.20-2 || 55d || Fixed ({{bug|41713}}) || None<br />
|-<br />
| {{CVE|CVE-2014-3508}} {{CVE|CVE-2014-5139}} {{CVE|CVE-2014-3509}} {{CVE|CVE-2014-3505}} {{CVE|CVE-2014-3506}} {{CVE|CVE-2014-3507}} {{CVE|CVE-2014-3510}} {{CVE|CVE-2014-3511}} {{CVE|CVE-2014-3512}} [https://www.openssl.org/news/secadv_20140806.txt temp link] || {{pkg|openssl}} || 2014-08-06 || < 1.0.1.i || 1.0.1.i-1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0226}} [http://www.zerodayinitiative.com/advisories/ZDI-14-236/ temp link] || {{pkg|apache}} || 2014-07-15 || < 2.4.10 || 2.4.10-1 || ~7d || Fixed ({{bug|41244}}) || None<br />
|-<br />
| {{CVE|CVE-2014-4943}} [http://www.openwall.com/lists/oss-security/2014/07/17/1 temp link] || {{pkg|linux}}, {{pkg|linux-lts}}, {{pkg|linux-grsec}} || 2014-07-16 || || 3.15.5.201407170639-1 {{pkg|linux-grsec}}, 3.14.16 ({{pkg|linux-lts}}), 3.16 ({{pkg|linux}}) || 1d ({{pkg|linux-grsec}}), 23d ({{pkg|linux-lts}}), 27d {{pkg|linux}} || Fixed in {{pkg|linux}}, {{pkg|linux-lts}} ({{bug|41231}}), Fixed in {{pkg|linux-grsec}} || None<br />
|-<br />
| {{CVE|CVE-2014-0475}} [http://www.openwall.com/lists/oss-security/2014/07/10/7 temp link] || {{pkg|glibc}} || 2014-07-10 || <=2.19 || 2.20-2 || 66d || Fixed ({{bug|41166}}) || None<br />
|-<br />
| {{CVE|CVE-2014-4699}} [http://www.openwall.com/lists/oss-security/2014/07/04/4 temp link] || {{Pkg|linux}}, {{pkg|linux-lts}}, {{pkg|linux-grsec}} || 2014-07-04 || || 3.15.3.201407060933-1 {{pkg|linux-grsec}}, 3.15.4-1 {{pkg|linux}}, 3.14.11-1 {{pkg|linux-lts}} || 2d ({{pkg|linux-grsec}}), 3d ({{pkg|linux}}, {{pkg|linux-lts}}) || Fixed ({{bug|41115}}) || None<br />
|-<br />
| {{CVE|CVE-2014-4715}} [http://www.openwall.com/lists/oss-security/2014/07/02/13 temp link] || {{Pkg|lz4}} || 2014-07-02 || || 119-1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-4611}} [http://www.openwall.com/lists/oss-security/2014/06/26/25 temp link] || {{Pkg|linux}}, {{pkg|linux-grsec}}, {{pkg|lz4}} || 2014-06-26 || || 3.15.2-1 ({{pkg|linux}}), 3.15.2.201406262058-1 ({{pkg|linux-grsec}}), 118-1 {{pkg|lz4}} || <1d ({{pkg|linux}}, {{pkg|linux-grsec}}, {{pkg|lz4}}) || Fixed in {{pkg|linux}} ({{bug|40992}}), Fixed in {{pkg|linux-grsec}}, Fixed in {{pkg|lz4}} ({{bug|40997}}) || None<br />
|-<br />
| {{CVE|CVE-2014-4610}} [http://www.openwall.com/lists/oss-security/2014/06/26/23 temp link] || {{Pkg|ffmpeg}} || 2014-06-26 || || 1:2.2.4-1 || <2d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-4609}} [http://www.openwall.com/lists/oss-security/2014/06/26/22 temp link] || {{Pkg|gst-libav}} || 2014-06-26 || 1.2.4-1 || 1.2.4-2 (with libav 9.14) || 2d || Fixed ({{bug|40995}}) || None<br />
|-<br />
| {{CVE|CVE-2014-4608}} [http://www.openwall.com/lists/oss-security/2014/06/26/21 temp link] || {{Pkg|linux}}, {{pkg|linux-lts}}, {{pkg|linux-grsec}} || 2014-06-26 || || 3.15.2-1 ({{pkg|linux}}), 3.10.45-1 ({{pkg|linux-lts}}), 3.15.2.201406262058-1 ({{pkg|linux-grsec}}) || <1d ({{pkg|linux}}, {{pkg|linux-lts}}, {{pkg|linux-grsec}}) || Fixed in {{pkg|linux}} and {{pkg|linux-lts}} ({{bug|40992}}), Fixed in {{pkg|linux-grsec}} || None<br />
|-<br />
| {{CVE|CVE-2014-4607}} [http://www.openwall.com/lists/oss-security/2014/06/26/20 temp link] || {{Pkg|lzo2}} || 2014-06-26 || || 2.07-2 || 3d || Fixed ({{bug|40993}}) || None<br />
|-<br />
| {{CVE|CVE-2014-4617}} [http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000345.html temp link] || {{Pkg|gnupg}} || 2014-06-24 || < 2.0.24 || 2.0.24 || 7d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0244}} {{CVE|CVE-2014-3493}} [https://www.samba.org/samba/history/samba-4.1.9.html temp link] || {{Pkg|samba}} || 2014-06-23 || < 4.1.9 || 4.1.9 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1545}} [https://www.mozilla.org/security/announce/2014/mfsa2014-55.html temp link] || {{Pkg|nspr}} || 2014-06-10 || < 4.10.6 || 4.10.6 || ~1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-3859}} || {{Pkg|bind}} || 2014-06-11 || 9.10.0, 9.10.0-P1 || 9.10.0-P2 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-3477}} || {{Pkg|dbus}} || 2014-06-10 || <= 1.8.2 || 1.8.4 || 3d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0195}} {{CVE|CVE-2014-0198}} {{CVE|CVE-2010-5298}} {{CVE|CVE-2014-3470}} {{CVE|CVE-2014-0224}} {{CVE|CVE-2014-0221}} [http://www.openssl.org/news/secadv_20140605.txt temp link] || {{Pkg|openssl}} || 2014-06-05 || 1.0.1 - 1.0.1g || 1.0.1h || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-3153}} [http://seclists.org/oss-sec/2014/q2/467 temp link]|| {{Pkg|linux}}, {{pkg|linux-lts}}, {{Pkg|linux-grsec}} || 2014-06-05 || ? || 3.14.6 ({{pkg|linux}}), 3.10.42-1 ({{pkg|linux-lts}}), 3.14.5.201406051310-1 ({{pkg|linux-grsec}})|| 3d ({{pkg|linux}}, {{pkg|linux-lts}}), <1d ({{pkg|linux-grsec}}) || Fixed in {{pkg|linux}} ({{bug|40715}}), Fixed in {{pkg|linux-lts}}, Fixed in {{pkg|linux-grsec}} || None<br />
|-<br />
| {{CVE|CVE-2014-3466}} [https://bugzilla.redhat.com/show_bug.cgi?id=1101932 temp link]|| {{Pkg|gnutls}} || 2014-05-30 || < 3.3.3 || 3.3.3 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0209}} {{CVE|CVE-2014-0210}} {{CVE|CVE-2014-0211}}|| {{Pkg|libxfont}} || 2014-05-13 || < 1.4.18 || 1.4.18 || 3d || Fixed ({{Bug|40409 }}) || None<br />
|-<br />
| {{CVE|CVE-2014-0196}} [https://bugzilla.redhat.com/show_bug.cgi?id=1094232 temp-link] || {{Pkg|linux}}, {{Pkg|linux-lts}}, {{pkg|linux-grsec}} || 2014-05-05 || 2.6.31 - 3.14 || 3.14.3-2 ({{pkg|linux}}), 3.10.39-2 ({{pkg|linux-lts}}), 3.14.3.201405121814-1 ({{pkg|linux-grsec}}) || 7d ({{pkg|linux}}), 8d {{pkg|linux-lts}}, <1d ({{pkg|linux-grsec}}) || Fixed in {{pkg|linux}} ({{Bug|40232}}), Fixed in {{pkg|linux-lts}}, Fixed in {{pkg|linux-grsec}} || None<br />
|-<br />
| {{CVE|CVE-2014-2905}} {{CVE|CVE-2014-2906}} {{CVE|CVE-2014-2914}} [https://bugzilla.redhat.com/show_bug.cgi?id=1092091 temp-link] || {{Pkg|fish}} || 2014-04-28 || 1.16.0 - 2.1.0 || 2.2.1 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0160}} || {{Pkg|openssl}} || 2014-04-07 || 1.0.1 - 1.0.1f || 1.0.1g || ~1d || Fixed ({{Bug|39775}}) || None<br />
|-<br />
| {{CVE|CVE-2014-1700}} {{CVE|CVE-2014-1701}} {{CVE|CVE-2014-1702}} {{CVE|CVE-2014-1703}} {{CVE|CVE-2014-1704}} {{CVE|CVE-2014-1705}} {{CVE|CVE-2014-1713}} {{CVE|CVE-2014-1715}} || {{Pkg|chromium}} {{Pkg|v8}} || 2014-03-11 || 32 || 33 || 4d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0098}} {{CVE|CVE-2013-6438}}|| {{Pkg|apache}} || 2014-03-17 || 2.4.8 || 2.4.9 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1492}} || {{Pkg|nss}} || 2014-03-18 || 3.15.5 || 3.16 || 22d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1493}} {{CVE|CVE-2014-1494}} {{CVE|CVE-2014-1497}} {{CVE|CVE-2014-1498}} {{CVE|CVE-2014-1499}} {{CVE|CVE-2014-1500}} {{CVE|CVE-2014-1502}} {{CVE|CVE-2014-1504}} {{CVE|CVE-2014-1505}} {{CVE|CVE-2014-1508}} {{CVE|CVE-2014-1509}} {{CVE|CVE-2014-1510}} {{CVE|CVE-2014-1511}} {{CVE|CVE-2014-1512}} {{CVE|CVE-2014-1513}} {{CVE|CVE-2014-1514}} || {{Pkg|firefox}} {{Pkg|thunderbird}} || 2014-03-18 || 27 || 28 || 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-2240}} {{CVE|CVE-2014-2241}}|| {{Pkg|freetype2}} || ? || 2.5.2 || 2.5.3 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-2029}}|| {{Pkg|xtrabackup}} || 2014-02-16 || 2.1.7 || 2.1.8 || 28d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1958}} {{CVE|CVE-2014-2030}}|| {{Pkg|imagemagick}} || ? || ? || 6.8.8.9-1 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1943}} {{CVE|CVE-2014-2270}}|| {{Pkg|php}} || 2014-03-06 || 5.5.9 || 5.5.110 || <1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0404}} {{CVE|CVE-2014-0406}} {{CVE|CVE-2014-0407}} || {{Pkg|virtualbox}} || 2014-02-28 || 4.3.4 || 4.3.6 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-2323}} {{CVE|CVE-2014-2324}} || {{Pkg|lighttpd}} || 2014-03-12 || 1.4.34 || 1.4.35 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0333}} || {{Pkg|libpng}} || 2014-02-28 || 1.6.9 || 1.6.10 || 9d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0017}} || {{Pkg|libssh}} || 2014-03-04 || ? || 0.5.5-3 || 5d || Fixed || None<br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/628 CVE-2013-7339] || {{Pkg|linux}} || 2014-03-20 || < 3.5.7.29 || 3.5.7.29 || 0d || Fixed || None<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2568 CVE-2014-2568] || {{Pkg|linux}} || 2014-03-18 || ? || ? || ? || Not Affected ({{Bug|39566}}) ||<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2524 CVE-2014-2524] || {{Pkg|tigervnc}} || 2014-03-19 || ? || 1.3.1 || 1d || Fixed || None<br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/595 CVE-2013-7338] || {{Pkg|python}} || 2014-03-19 || 3.4beta || 3.4 || ? || Fixed ({{Bug|39540}}) || None<br />
|-<br />
| [http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html CVE-2014-0133 ] || {{Pkg|nginx}} || 2014-03-18 || ? || 1.4.7 || 0d || Fixed || None<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2013-7336 CVE-2013-7336 ] || {{Pkg|libvirt}} || 2013-09-19 || ? || 1.1.1-7 (in RHEL 7) || 0d || Fixed || None<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2523 CVE-2014-2523 ] || {{Pkg|linux}} || 2014-03-17 || ? || 3.13-rc5 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0004}} || {{Pkg|udisks2}} & {{Pkg|udisks}} || 2014-03-10 || 2.1.3 / 1.0.5 || 2.1.3 / 1.0.5 || 3d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-2281}} {{CVE|CVE-2014-2282}} {{CVE|CVE-2014-2283}} {{CVE|CVE-2014-2299}} || {{Pkg|wireshark-cli}} || 2014-03-10 || 1.10.6 || 1.10.6 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0050}} || {{Pkg|tomcat7}} || 2014-02-06 || 7.0.51 || 7.0.51 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0033}} || {{Pkg|tomcat6}} || 2014-01-10 || 6.0.37 || 6.0.37 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0032}} || {{Pkg|subversion}} || 2014-01-10 || 1.8.6 || 1.8.6 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0060}} {{CVE|CVE-2014-0061}} {{CVE|CVE-2014-0062}} {{CVE|CVE-2014-0063}} {{CVE|CVE-2014-0064}} {{CVE|CVE-2014-0065}} {{CVE|CVE-2014-0066}} {{CVE|CVE-2014-0067}} || {{Pkg|postgresql}} || 2014-02-20 || <=9.3.3 || 9.3.3-1 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1912}} || {{Pkg|python}} {{Pkg|python2}} || 2014-02-07 || ? || 2.7.6-3 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2013-4496}} {{CVE|CVE-2013-6442}} || {{Pkg|samba}} || 2014-03-14 || ? || 4.1.6 || 2d || Fixed ({{Bug|39424}}) || None<br />
|-<br />
| {{CVE|CVE-2014-0504}} || {{Pkg|flashplugin}} || 2014-03-12 || ? || 11.2.202.346 || 1d || Fixed ({{Bug|39385}}) || None<br />
|-<br />
| {{CVE|CVE-2014-0106}} || {{Pkg|sudo}} || || 1.8.9.p5 || 1.8.10 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-2285}} {{CVE|CVE-2014-2284}} || {{Pkg|net-snmp}} || 2014-03-05 || ? || 5.7.2.1-2 || 8d || Fixed ({{Bug|39190}}) || None<br />
|-<br />
| {{CVE|CVE-2014-0092}} || {{Pkg|gnutls}} || 2014-03-04 || <3.2.12 || 3.2.12-1 || 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-2242}} {{CVE|CVE-2014-2243}} {{CVE|CVE-2014-2244}} || {{Pkg|mediawiki}} || 2014-03-14 || <1.22.3 || 1.22.3 || 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-2093}} {{CVE|CVE-2014-2094}} {{CVE|CVE-2014-2095}} {{CVE|CVE-2014-2096}} || {{Pkg|catfish}} || 2014-02-25 || <1.0.1 || 1.0.1 || 8d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0497}} || {{Pkg|flashplugin}} || 2014-02-04 || ? || 11.2.202.346 || 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0015}} || {{Pkg|curl}} || 2014-01-29 || <7.35 || 7.35 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1610}} || {{Pkg|mediawiki}} || 2014-01-29 || <1.22.2 || 1.22.2 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0021}} || {{Pkg|chrony}} || 2014-01-17 || <1.29.1-1 || 1.29.1-1 || 14d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1875}} || {{Pkg|perl-capture-tiny}} || 2014-02-06 || ? || 0.24-1 || 4d || Fixed ({{Bug|38862}}) || None<br />
|-<br />
| {{CVE|CVE-2013-6493}} || {{Pkg|icedtea-web-java7}} || 2014-02-05 || <1.4.2 || 1.4.2 || 0d || Fixed || None<br />
|- <br />
| {{CVE|CVE-2014-1858}} {{CVE|CVE-2014-1859}} || {{Pkg|python-numpy}} || 2014-02-06 || ? || 1.8.0-2 || 4d || Fixed ({{Bug|38863}}) || None<br />
|-<br />
| {{CVE|CVE-2014-1932}} {{CVE|CVE-2014-1933}} || {{Pkg|python-pillow}} || 2014-02-10 || <2.3.1 || 2.3.1 || ? || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1935}} || {{Pkg|9base}} || 2014-02-10 || ? || ? || ? || ? ||<br />
|-<br />
| {{CVE|CVE-2014-1949}} [http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-1949.html temp link] || {{Pkg|cinnamon-screensaver}} || 2014-02-12 || 2.0.3 || ? || ? || ? ||<br />
|-<br />
| {{CVE|CVE-2014-1959}} || {{Pkg|gnutls}} || 2014-02-13 || <3.2.11 || 3.2.11 || 2d || Fixed || None<br />
|- <br />
| {{CVE|CVE-2014-1943}} {{CVE|CVE-2014-2270}} || {{Pkg|file}} || 2014-02-10 || <5.17 || 5.17-1 || 3d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0001}} {{CVE|CVE-2014-0412}} {{CVE|CVE-2014-0437}} {{CVE|CVE-2014-0420}} {{CVE|CVE-2014-0393}} {{CVE|CVE-2014-0386}} {{CVE|CVE-2014-0401}} {{CVE|CVE-2014-0402}} || {{Pkg|mariadb}} || 2014-01-31 || <5.5.35 || 5.5.35-1 || 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1447}} || {{Pkg|libvirt}} || 2014-01-16 || <1.2.1 || 1.2.1 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0979}} || lightdm-gtk* || 2014-01-07 || ? || ? || 25d || Fixed ({{Bug|38715}}) || None<br />
|-<br />
| {{CVE|CVE-2014-1475}} {{CVE|CVE-2014-1476}} || {{Pkg|drupal}} || 2014-01-15 || <7.26 || 7.26-1 || 12d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-0019}} || {{Pkg|socat}} || 2014-01-29 || <1.7.2.3 || 1.7.2.3 || 0d || Fixed || None<br />
|- <br />
| {{CVE|CVE-2014-1838}} {{CVE|CVE-2014-1839}} || {{Pkg|python-logilab-common}} || 2014-01-31 || ? || ? || 3d || Fixed [https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737051] || None<br />
|-<br />
| {{CVE|CVE-2014-0368}} {{CVE|CVE-2014-0373}} {{CVE|CVE-2014-0376}} {{CVE|CVE-2014-0411}} {{CVE|CVE-2014-0416}} {{CVE|CVE-2014-0422}} {{CVE|CVE-2014-0423}} {{CVE|CVE-2014-0428}} || *-openjdk-* || 2014-01-15 || ? || ? || 2d || ? ||<br />
|-<br />
| {{CVE|CVE-2014-1402}} || {{Pkg|python-jinja}} || 2014-01-10 || <2.7.2 || 2.7.2 || 1d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2013-6462}} || {{Pkg|libxfont}} || 2014-01-07 || <1.4.7 || 1.4.7 || 0d || Fixed || None<br />
|-<br />
| {{CVE|CVE-2014-1235}} || {{Pkg|graphviz}} || 2014-01-07 || <2.36.0 || 2.34.0-3 || 3d || Fixed ({{Bug|38441}}) || None<br />
|-<br />
| {{CVE|CVE-2014-0978}} || {{Pkg|freerdp}} || 2014-01-10 || <1.0.2 || 1.0.2-5 || 67d || Fixed ({{Bug|38802}}) || None<br />
|-<br />
|}</div>
Anthraxx
https://wiki.archlinux.org/index.php?title=Security_Advisories&diff=452320
Security Advisories
2016-09-28T12:38:48Z
<p>Anthraxx: /* Recent Advisories */ adding openssl adivosry</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Related articles start}}<br />
{{Related|Arch CVE Monitoring Team}}<br />
{{Related|CVE}}<br />
{{Related|Security Advisories/Examples}}<br />
{{Related articles end}}<br />
<br />
Security Advisories are published by the community driven [[Arch CVE Monitoring Team]] to the public [https://mailman.archlinux.org/mailman/listinfo/arch-security arch-security] list.<br />
All published advisories can be found below, however if you want to be up-to-date its recommended to subscribe to the [https://mailman.archlinux.org/mailman/listinfo/arch-security list]. All assigned CVE's are tracked at the relevant CVE page [[CVE]], by the [[Arch_CVE_Monitoring_Team|ACMT]].<br />
<br />
==Scheduled Advisories==<br />
<br />
==Recent Advisories==<br />
Here is an archive of security advisories posted to the [https://mailman.archlinux.org/mailman/listinfo/arch-security arch-security] list.<br />
<br />
=== September 2016 ===<br />
* [28 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000726.html ASA-201609-30] {{pkg|openssl}} denial of service<br />
* [28 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000725.html ASA-201609-29] {{pkg|bind}} denial of service<br />
* [27 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000724.html ASA-201609-28] {{pkg|lib32-openssl}} denial of service<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000723.html ASA-201609-27] {{pkg|wireshark-cli}} denial of service<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000722.html ASA-201609-26] {{pkg|lib32-gnutls}} certificate verification bypass<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000721.html ASA-201609-25] {{pkg|gnutls}} certificate verification bypass<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000720.html ASA-201609-24] {{pkg|lib32-openssl}} multiple issues<br />
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000719.html ASA-201609-23] {{pkg|openssl}} multiple issues<br />
* [22 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000718.html ASA-201609-22] {{pkg|firefox}} multiple issues<br />
* [22 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000717.html ASA-201609-21] {{pkg|tomcat7}} proxy injection<br />
* [22 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000716.html ASA-201609-20] {{pkg|irssi}} arbitrary code execution<br />
* [20 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000715.html ASA-201609-19] {{pkg|curl}} denial of service<br />
* [20 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000714.html ASA-201609-18] {{pkg|lib32-curl}} denial of service<br />
* [20 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000713.html ASA-201609-17] {{pkg|lib32-jansson}} denial of service<br />
* [18 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000712.html ASA-201609-16] {{pkg|php}} multiple issues<br />
* [17 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000711.html ASA-201609-15] {{pkg|jansson}} denial of service<br />
* [17 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000710.html ASA-201609-14] {{pkg|lib32-libgcrypt}} information disclosure<br />
* [17 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000709.html ASA-201609-13] {{pkg|chromium}} multiple issues<br />
* [15 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000708.html ASA-201609-12] {{pkg|lib32-flashplugin}} multiple issues<br />
* [15 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000707.html ASA-201609-11] {{pkg|flashplugin}} multiple issues<br />
* [14 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000706.html ASA-201609-10] {{pkg|mariadb}} multiple issues<br />
* [13 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000705.html ASA-201609-9] {{pkg|powerdns}} denial of service<br />
* [13 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000704.html ASA-201609-8] {{pkg|libtorrent-rasterbar}} denial of service<br />
* [10 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000703.html ASA-201609-7] {{pkg|tomcat8}} proxy injection<br />
* [09 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000702.html ASA-201609-6] {{pkg|graphicsmagick}} multiple issues<br />
* [09 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000701.html ASA-201609-5] {{pkg|file-roller}} directory traversal<br />
* [09 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000700.html ASA-201609-4] {{pkg|wordpress}} multiple issues<br />
* [04 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000699.html ASA-201609-3] {{pkg|thunderbird}} arbitrary code execution<br />
* [01 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000698.html ASA-201609-2] {{pkg|webkit2gtk}} multiple issues<br />
* [01 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000697.html ASA-201609-1] {{pkg|chromium}} multiple issues<br />
<br />
=== August 2016 ===<br />
* [30 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000696.html ASA-201608-22] {{pkg|mupdf}} arbitrary code execution<br />
* [30 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000695.html ASA-201608-21] {{pkg|mupdf}} arbitrary code execution<br />
* [27 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000694.html ASA-201608-20] {{pkg|wireshark-cli}} denial of service<br />
* [26 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000693.html ASA-201608-19] {{pkg|mediawiki}} multiple issues<br />
* [22 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000692.html ASA-201608-18] {{pkg|libgcrypt}} information disclosure<br />
* [21 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000691.html ASA-201608-17] {{pkg|linux-lts}} information disclosure<br />
* [17 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000690.html ASA-201608-16] {{pkg|chromium}} multiple issues<br />
* [17 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000689.html ASA-201608-15] {{pkg|linux-zen}} information disclosure<br />
* [14 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000688.html ASA-201608-14] {{pkg|postgresql}} multiple issues<br />
* [14 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000687.html ASA-201608-13] {{pkg|linux-grsec}} information disclosure<br />
* [14 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000686.html ASA-201608-12] {{pkg|linux}} information disclosure<br />
* [11 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000685.html ASA-201608-11] {{pkg|websvn}} cross-site scripting<br />
* [10 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000684.html ASA-201608-10] {{pkg|jq}} arbitrary code execution<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000683.html ASA-201608-9] {{pkg|curl}} multiple issues<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000682.html ASA-201608-8] {{pkg|libupnp}} arbitrary filesystem access<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000681.html ASA-201608-7] {{pkg|lib32-glibc}} denial of service<br />
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000680.html ASA-201608-6] {{pkg|glibc}} denial of service<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000679.html ASA-201608-5] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000678.html ASA-201608-4] {{pkg|jre7-openjdk}} multiple issues<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000677.html ASA-201608-3] {{pkg|jdk7-openjdk}} multiple issues<br />
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000676.html ASA-201608-2] {{pkg|firefox}} multiple issues<br />
* [02 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000675.html ASA-201608-1] {{pkg|openssh}} information leakage<br />
<br />
=== July 2016 ===<br />
* [30 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000674.html ASA-201607-14] {{pkg|libidn}} denial of service<br />
* [29 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000673.html ASA-201607-13] {{pkg|imagemagick}} information leakage<br />
* [24 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000672.html ASA-201607-12] {{pkg|chromium}} multiple issues<br />
* [22 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000671.html ASA-201607-11] {{pkg|python2-django}} cross site scripting<br />
* [22 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000670.html ASA-201607-10] {{pkg|python-django}} cross site scripting<br />
* [21 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000669.html ASA-201607-9] {{pkg|drupal}} proxy injection<br />
* [20 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000668.html ASA-201607-8] {{pkg|bind}} denial of service<br />
* [18 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000667.html ASA-201607-7] {{pkg|lib32-flashplugin}} multiple issues<br />
* [18 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000666.html ASA-201607-6] {{pkg|flashplugin}} multiple issues<br />
* [17 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000665.html ASA-201607-5] {{pkg|gimp}} arbitrary code execution<br />
* [10 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000664.html ASA-201607-4] {{pkg|thunderbird}} arbitrary code execution<br />
* [05 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000663.html ASA-201607-3] {{pkg|libreoffice-fresh}} arbitrary code execution<br />
* [05 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000662.html ASA-201607-2] {{pkg|xerces-c}} denial of service<br />
* [05 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000661.html ASA-201607-1] {{pkg|libarchive}} arbitrary code execution<br />
<br />
=== June 2016 ===<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000660.html ASA-201606-25] {{pkg|phpmyadmin}} multiple issues<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000659.html ASA-201606-24] {{pkg|libpurple}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000658.html ASA-201606-23] {{pkg|libdwarf}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000657.html ASA-201606-22] {{pkg|xerces-c}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000656.html ASA-201606-21] {{pkg|vlc}} arbitrary code execution<br />
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000655.html ASA-201606-20] {{pkg|chromium}} arbitrary code execution<br />
* [20 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000654.html ASA-201606-19] {{pkg|wget}} arbitrary file upload<br />
* [20 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000653.html ASA-201606-18] {{pkg|lib32-flashplugin}} multiple issues<br />
* [19 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000652.html ASA-201606-17] {{pkg|lib32-glibc}} denial of service<br />
* [19 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000651.html ASA-201606-16] {{pkg|glibc}} denial of service<br />
* [19 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000650.html ASA-201606-15] {{pkg|flashplugin}} multiple issues<br />
* [13 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000649.html ASA-201606-14] {{pkg|lib32-expat}} multiple issues<br />
* [13 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000648.html ASA-201606-13] {{pkg|expat}} multiple issues<br />
* [10 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000647.html ASA-201606-12] {{pkg|lib32-gnutls}} arbitrary file overwrite<br />
* [10 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000646.html ASA-201606-11] {{pkg|haproxy}} denial of service<br />
* [10 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000645.html ASA-201606-10] {{pkg|gnutls}} arbitrary file overwrite<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000644.html ASA-201606-9] {{pkg|qemu-arch-extra}} multiple issues<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000643.html ASA-201606-8] {{pkg|qemu}} multiple issues<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000642.html ASA-201606-7] {{pkg|firefox}} multiple issues<br />
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000641.html ASA-201606-6] {{pkg|subversion}} multiple issues<br />
* [5 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000640.html ASA-201606-5] {{pkg|chromium}} multiple issues<br />
* [4 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000639.html ASA-201606-4] {{pkg|ntp}} distributed denial of service amplification<br />
* [4 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000638.html ASA-201606-3] {{pkg|webkit2gtk}} arbitrary code execution<br />
* [1 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000637.html ASA-201606-2] {{pkg|nginx-mainline}} denial of service<br />
* [1 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000636.html ASA-201606-1] {{pkg|nginx}} denial of service<br />
<br />
=== May 2016 ===<br />
<br />
* [28 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000635.html ASA-201605-28] {{pkg|chromium}} multiple issues<br />
* [26 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000634.html ASA-201605-27] {{pkg|libxml2}} multiple issues<br />
* [24 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000633.html ASA-201605-26] {{pkg|libndp}} man-in-the-middle<br />
* [19 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000632.html ASA-201605-25] {{pkg|bugzilla}} cross-site scripting<br />
* [18 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000631.html ASA-201605-24] {{pkg|p7zip}} arbitrary code execution<br />
* [18 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000630.html ASA-201605-23] {{pkg|lib32-expat}} arbitrary code execution<br />
* [18 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000629.html ASA-201605-22] {{pkg|expat}} arbitrary code execution<br />
* [15 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000628.html ASA-201605-21] {{pkg|thunderbird}} arbitrary code execution<br />
* [13 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000627.html ASA-201605-20] {{pkg|lib32-glibc}} multiple issues<br />
* [13 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000626.html ASA-201605-19] {{pkg|glibc}} multiple issues<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000625.html ASA-201605-18] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000624.html ASA-201605-17] {{pkg|libksba}} denial of service<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000623.html ASA-201605-16] {{pkg|flashplugin}} arbitrary code execution<br />
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000622.html ASA-201605-15] {{pkg|chromium}} multiple issues<br />
* [10 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000621.html ASA-201605-14] {{pkg|cacti}} sql injection<br />
* [10 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000620.html ASA-201605-13] {{pkg|squid}} multiple issues<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000619.html ASA-201605-12] {{pkg|mencoder}} denial of service<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000618.html ASA-201605-11] {{pkg|mplayer}} denial of service<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000617.html ASA-201605-10] {{pkg|mercurial}} arbitrary code execution<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000616.html ASA-201605-9] {{pkg|latex2rtf}} arbitrary code execution<br />
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000615.html ASA-201605-8] {{pkg|gd}} arbitrary code execution<br />
* [05 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000614.html ASA-201605-7] {{pkg|chromium}} multiple issues<br />
* [05 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000613.html ASA-201605-6] {{pkg|imagemagick}} arbitrary code execution<br />
* [05 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000612.html ASA-201605-5] {{pkg|quassel-core}} denial of service<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000611.html ASA-201605-4] {{pkg|lib32-openssl}} multiple issues<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000610.html ASA-201605-3] {{pkg|openssl}} multiple issues<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000609.html ASA-201605-2] {{pkg|jasper}} multiple issues<br />
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000608.html ASA-201605-1] {{pkg|imlib2}} multiple issues<br />
<br />
=== April 2016 ===<br />
<br />
* [30 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000607.html ASA-201604-15] {{pkg|firefox}} multiple issues<br />
* [23 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000606.html ASA-201604-14] {{pkg|squid}} multiple issues<br />
* [23 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000605.html ASA-201604-13] {{pkg|samba}} multiple issues<br />
* [23 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000604.html ASA-201604-12] {{pkg|thunderbird}} multiple issues<br />
* [22 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000603.html ASA-201604-11] {{pkg|pgpdump}} denial of service<br />
* [17 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000602.html ASA-201604-10] {{pkg|chromium}} multiple issues<br />
* [17 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000601.html ASA-201604-9] {{pkg|libtasn1}} denial of service<br />
* [14 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000600.html ASA-201604-8] {{pkg|lhasa}} arbitrary code execution<br />
* [10 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000599.html ASA-201604-7] {{pkg|flashplugin}} arbitrary code execution<br />
* [06 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000598.html ASA-201604-6] {{pkg|mercurial}} arbitrary code execution<br />
* [04 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000597.html ASA-201604-5] {{pkg|optipng}} arbitrary code execution<br />
* [02 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000596.html ASA-201604-4] {{pkg|squid}} denial of service<br />
* [01 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000595.html ASA-201604-3] {{pkg|jre7-openjdk-headless}} sandbox escape<br />
* [01 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000594.html ASA-201604-2] {{pkg|jre7-openjdk}} sandbox escape<br />
* [01 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000593.html ASA-201604-1] {{pkg|jdk7-openjdk}} sandbox escape<br />
<br />
=== March 2016 ===<br />
<br />
* [29 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000592.html ASA-201603-27] {{pkg|jre8-openjdk-headless}} sandbox escape<br />
* [29 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000591.html ASA-201603-26] {{pkg|jre8-openjdk}} sandbox escape<br />
* [29 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000590.html ASA-201603-25] {{pkg|jdk8-openjdk}} sandbox escape<br />
* [26 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000589.html ASA-201603-24] {{pkg|chromium}} multiple issues<br />
* [24 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000588.html ASA-201603-23] {{pkg|expat}} arbitrary code execution<br />
* [24 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000587.html ASA-201603-22] {{pkg|botan}} multiple issues<br />
* [20 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000586.html ASA-201603-21] {{pkg|thunderbird}} multiple issues<br />
* [20 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000585.html ASA-201603-20] {{pkg|git}} remote command execution<br />
* [14 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000584.html ASA-201603-19] {{pkg|dropbear}} command injection<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000583.html ASA-201603-18] {{pkg|pcre}} arbitrary code execution<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000582.html ASA-201603-17] {{pkg|wireshark-gtk}} denial of service<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000581.html ASA-201603-16] {{pkg|wireshark-qt}} denial of service<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000580.html ASA-201603-15] {{pkg|wireshark-cli}} denial of service<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000579.html ASA-201603-14] {{pkg|pidgin-otr}} arbitrary code execution<br />
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000578.html ASA-201603-13] {{pkg|bind}} denial of service<br />
* [11 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000577.html ASA-201603-12] {{pkg|openssh}} command injection<br />
* [11 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000576.html ASA-201603-11] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [11 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000575.html ASA-201603-10] {{pkg|flashplugin}} arbitrary code execution<br />
* [10 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000574.html ASA-201603-9] {{pkg|perl}} improper input validation<br />
* [10 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000573.html ASA-201603-8] {{pkg|exim}} privilege escalation<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000572.html ASA-201603-7] {{pkg|bind}} denial of service<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000571.html ASA-201603-6] {{pkg|libotr}} arbitrary code execution<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000570.html ASA-201603-5] {{pkg|chromium}} multiple issues<br />
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000569.html ASA-201603-4] {{pkg|firefox}} multiple issues<br />
* [7 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000568.html ASA-201603-3] {{pkg|lib32-openssl}} multiple issues<br />
* [7 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000567.html ASA-201603-2] {{pkg|openssl}} multiple issues<br />
* [3 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000566.html ASA-201603-1] {{pkg|chromium}} multiple issues<br />
<br />
=== February 2016 ===<br />
<br />
* [28 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000565.html ASA-201602-24] {{pkg|cacti}} SQL injection<br />
* [28 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000564.html ASA-201602-23] {{pkg|lib32-glibc}} unbound stack usage<br />
* [28 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000563.html ASA-201602-22] {{pkg|glibc}} unbound stack usage<br />
* [25 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000562.html ASA-201602-21] {{pkg|lib32-libssh2}} man-in-the-middle<br />
* [25 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000561.html ASA-201602-20] {{pkg|libssh2}} man-in-the-middle<br />
* [24 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000560.html ASA-201602-19] {{pkg|libgcrypt}} secret key extraction<br />
* [23 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000559.html ASA-201602-18] {{pkg|libssh}} man-in-the-middle<br />
* [21 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000558.html ASA-201602-17] {{pkg|chromium}} multiple issues<br />
* [21 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000557.html ASA-201602-16] {{pkg|thunderbird}} multiple issues<br />
* [17 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000555.html ASA-201602-15] {{pkg|lib32-glibc}} multiple issues<br />
* [17 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000554.html ASA-201602-14] {{pkg|glibc}} multiple issues<br />
* [13 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000553.html ASA-201602-13] {{pkg|nghttp2}} denial of service<br />
* [13 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000552.html ASA-201602-12] {{pkg|firefox}} same-origin policy bypass<br />
* [10 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000551.html ASA-201602-11] {{pkg|botan}} multiple issues<br />
* [10 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000550.html ASA-201602-10] {{pkg|kscreenlocker}} access restriction bypass<br />
* [6 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000549.html ASA-201602-9] {{pkg|lib32-libsndfile}} multiple issues<br />
* [6 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000548.html ASA-201602-8] {{pkg|libsndfile}} multiple issues<br />
* [4 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000547.html ASA-201602-7] {{pkg|libbsd}} denial of service<br />
* [3 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000546.html ASA-201602-6] {{pkg|lib32-nettle}} improper cryptographic calculations<br />
* [3 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000545.html ASA-201602-5] {{pkg|nettle}} improper cryptographic calculations<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000544.html ASA-201602-4] {{pkg|lib32-curl}} man-in-the-middle<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000543.html ASA-201602-3] {{pkg|curl}} man-in-the-middle<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000542.html ASA-201602-2] {{pkg|python2-django}} permission bypass<br />
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000540.html ASA-201602-1] {{pkg|python-django}} permission bypass<br />
<br />
=== January 2016 ===<br />
* [29 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000539.html ASA-201601-33] {{pkg|lib32-openssl}} man-in-the-middle<br />
* [29 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000538.html ASA-201601-32] {{pkg|openssl}} man-in-the-middle<br />
* [27 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000536.html ASA-201601-31] {{pkg|nginx}} denial of service<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000535.html ASA-201601-30] {{pkg|blueman}} privilege escalation<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000534.html ASA-201601-29] {{pkg|mbedtls}} man-in-the-middle<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000533.html ASA-201601-28] {{pkg|chromium}} multiple issues<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000532.html ASA-201601-27] {{pkg|privoxy}} denial of service<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000531.html ASA-201601-26] {{pkg|linux-lts}} privilege escalation<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000530.html ASA-201601-25] {{pkg|ecryptfs-utils}} privilege escalation<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000529.html ASA-201601-24] {{pkg|python2-rsa}} signature forgery<br />
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000528.html ASA-201601-23] {{pkg|python-rsa}} signature forgery<br />
* [21 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000527.html ASA-201601-22] {{pkg|libdwarf}} denial of service<br />
* [21 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000526.html ASA-201601-21] {{pkg|bind}} denial of service<br />
* [20 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000525.html ASA-201601-20] {{pkg|linux}} privilege escalation<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000524.html ASA-201601-19] {{pkg|ntp}} time alteration<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000523.html ASA-201601-18] {{pkg|roundcubemail}} remote code execution<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000522.html ASA-201601-17] {{pkg|ffmpeg}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000521.html ASA-201601-16] {{pkg|syncthing}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000520.html ASA-201601-15] {{pkg|keybase}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000519.html ASA-201601-14] {{pkg|hub}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000518.html ASA-201601-13] {{pkg|go-ipfs}} information leakage<br />
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000517.html ASA-201601-12] {{pkg|docker}} information leakage<br />
* [16 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000516.html ASA-201601-11] {{pkg|go}} information leakage<br />
* [14 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000515.html ASA-201601-10] {{pkg|php}} multiple issues<br />
* [14 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000512.html ASA-201601-9] {{pkg|openssh}} multiple issues<br />
* [13 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000487.html ASA-201601-8] {{pkg|libxslt}} denial of service<br />
* [11 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000486.html ASA-201601-7] {{pkg|dhcpcd}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000485.html ASA-201601-6] {{pkg|wireshark-qt}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000484.html ASA-201601-5] {{pkg|wireshark-gtk}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000483.html ASA-201601-4] {{pkg|wireshark-cli}} denial of service<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000482.html ASA-201601-3] {{pkg|gajim}} man-in-the-middle<br />
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000481.html ASA-201601-2] {{pkg|wordpress}} cross-side scripting<br />
* [02 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000480.html ASA-201601-1] {{pkg|rtmpdump}} multiple issues<br />
<br />
=== December 2015 ===<br />
<br />
* [28 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000479.html ASA-201512-19] {{pkg|openvpn}} out-of-bound read<br />
* [28 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000478.html ASA-201512-18] {{pkg|libpng}} buffer overflow<br />
* [28 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000477.html ASA-201512-17] {{pkg|flashplugin}}, {{pkg|lib32-flashplugin}} multiple issues<br />
* [25 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000476.html ASA-201512-16] {{pkg|nghttp2}} use-after-free<br />
* [25 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000475.html ASA-201512-15] {{pkg|mediawiki}} multiple issues<br />
* [25 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000474.html ASA-201512-14] {{pkg|thunderbird}} multiple issues<br />
* [22 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000473.html ASA-201512-13] {{pkg|claws-mail}} buffer overflow<br />
* [17 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000472.html ASA-201512-12] {{pkg|python2-pyamf}} XML external entity injection<br />
* [17 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000471.html ASA-201512-11] {{pkg|ruby}} unsafe tainted string usage<br />
* [16 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000468.html ASA-201512-10] {{pkg|bind}} denial of service<br />
* [15 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000467.html ASA-201512-9] {{pkg|firefox}} multiple issues<br />
* [10 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000466.html ASA-201512-8] {{pkg|keepassx}} information disclosure<br />
* [09 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000465.html ASA-201512-7] {{pkg|flashplugin}} multiple issues<br />
* [09 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000464.html ASA-201512-6] {{pkg|libxml2}} multiple issues<br />
* [09 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000463.html ASA-201512-5] {{pkg|chromium}} multiple issues<br />
* [05 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000462.html ASA-201512-4] {{pkg|nodejs}} denial of service<br />
* [05 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000460.html ASA-201512-3] {{pkg|python-django}} {{pkg|python2-django}} information leakage<br />
* [05 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000459.html ASA-201512-2] {{pkg|openssl}} {{pkg|lib32-openssl}} multiple issues<br />
* [02 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000440.html ASA-201512-1] {{pkg|chromium}} multiple issues<br />
<br />
=== November 2015 ===<br />
<br />
* [18 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000439.html ASA-201511-11] {{pkg|jenkins}} multiple issues<br />
* [17 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000438.html ASA-201511-10] {{pkg|lib32-libpng}} multiple issues<br />
* [17 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000437.html ASA-201511-9] {{pkg|libpng}} multiple issues<br />
* [13 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000436.html ASA-201511-8] {{pkg|chromium}} information leakage<br />
* [12 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000435.html ASA-201511-7] {{pkg|putty}} arbitrary code execution<br />
* [12 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000434.html ASA-201511-6] {{pkg|powerdns}} denial of service<br />
* [11 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000433.html ASA-201511-5] {{pkg|flashplugin}} multiple issues<br />
* [06 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000432.html ASA-201511-4] {{pkg|nspr}} arbitrary code execution<br />
* [06 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000431.html ASA-201511-3] {{pkg|nss}} arbitrary code execution<br />
* [04 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000430.html ASA-201511-2] {{pkg|firefox}} multiple issues<br />
* [03 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000429.html ASA-201511-1] {{pkg|unzip}} multiple issues<br />
<br />
=== October 2015 ===<br />
<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000428.html ASA-201510-26] {{pkg|mariadb}} denial of service<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000427.html ASA-201510-25] {{pkg|lldpd}} denial of service<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000426.html ASA-201510-24] {{pkg|wordpress}} multiple issues<br />
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000425.html ASA-201510-23] {{pkg|phpmyadmin}} content spoofing<br />
* [27 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000424.html ASA-201510-22] {{pkg|vorbis-tools}} denial of service<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000423.html ASA-201510-21] {{pkg|drupal}} open redirect<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000422.html ASA-201510-20] {{pkg|jre8-openjdk-headless}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000421.html ASA-201510-19] {{pkg|jre8-openjdk}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000420.html ASA-201510-18] {{pkg|jdk8-openjdk}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000419.html ASA-201510-17] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000418.html ASA-201510-16] {{pkg|jre7-openjdk}} multiple issues<br />
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000417.html ASA-201510-15] {{pkg|jdk7-openjdk}} multiple issues<br />
* [22 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000416.html ASA-201510-14] {{pkg|ntp}} multiple issues<br />
* [19 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000415.html ASA-201510-13] {{pkg|spice}} multiple issues<br />
* [18 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000414.html ASA-201510-12] {{pkg|flashplugin}} arbitrary code execution<br />
* [18 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000413.html ASA-201510-11] {{pkg|miniupnpc}} arbitrary code execution<br />
* [16 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000412.html ASA-201510-10] {{pkg|firefox}} cross-origin restriction bypass<br />
* [15 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000411.html ASA-201510-9] {{pkg|mbedtls}} arbitrary code execution<br />
* [14 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000410.html ASA-201510-8] {{pkg|chromium}} multiple issues<br />
* [14 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000409.html ASA-201510-7] {{pkg|flashplugin}} multiple issues<br />
* [10 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000408.html ASA-201510-6] {{pkg|gdk-pixbuf2}} multiple issues<br />
* [08 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000407.html ASA-201510-5] {{pkg|opensmtpd}} multiple issues<br />
* [08 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000406.html ASA-201510-4] {{pkg|bugzilla}} unauthorized account creation<br />
* [05 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000405.html ASA-201510-3] {{pkg|nodejs}} denial of service<br />
* [05 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000404.html ASA-201510-2] {{pkg|hostapd}} denial of service<br />
* [05 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000403.html ASA-201510-1] {{pkg|libunwind}} denial of service<br />
<br />
=== September 2015 ===<br />
* [28 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000401.html ASA-201509-11] {{pkg|chromium}} cross-origin bypass<br />
* [25 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000400.html ASA-201509-10] {{pkg|rpcbind}} denial of service<br />
* [23 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000399.html ASA-201509-9] {{pkg|firefox}} multiple issues<br />
* [22 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000398.html ASA-201509-8] {{pkg|flashplugin}} multiple issues<br />
* [21 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000397.html ASA-201509-7] {{pkg|wordpress}} multiple issues<br />
* [13 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000395.html ASA-201509-6] {{pkg|icedtea-web}} multiple issues<br />
* [13 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000394.html ASA-201509-5] {{pkg|libvdpau}} {{pkg|lib32-libvdpau}} multiple issues<br />
* [13 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000393.html ASA-201509-4] {{pkg|openldap}} denial of service<br />
* [07 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000392.html ASA-201509-3] {{pkg|powerdns}} denial of service<br />
* [03 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000391.html ASA-201509-2] {{pkg|bind}} denial of service<br />
* [02 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000390.html ASA-201509-1] {{pkg|chromium}} multiple issues<br />
<br />
=== August 2015 ===<br />
* [28 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000389.html ASA-201508-12] {{pkg|firefox}} multiple issues<br />
* [26 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000388.html ASA-201508-11] {{pkg|pcre}} arbitrary code execution<br />
* [26 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000387.html ASA-201508-10] {{pkg|jasper}} denial of service<br />
* [25 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000386.html ASA-201508-9] {{pkg|django}} denial of service<br />
* [25 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000385.html ASA-201508-8] {{pkg|gnutls}} denial of service<br />
* [16 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000384.html ASA-201508-7] {{pkg|glibc}} denial of service<br />
* [14 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000383.html ASA-201508-6] {{pkg|freeradius}} insufficient CRL validation<br />
* [14 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000382.html ASA-201508-5] {{pkg|subversion}} authentication bypass<br />
* [12 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000381.html ASA-201508-4] {{pkg|firefox}} multiple issues<br />
* [11 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000380.html ASA-201508-3] {{pkg|ppp}} denial of service<br />
* [07 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000379.html ASA-201508-2] {{pkg|wordpress}} multiple issues<br />
* [07 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000378.html ASA-201508-1] {{pkg|firefox}} information leakage<br />
<br />
=== July 2015 ===<br />
* [29 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000377.html ASA-201507-23] {{pkg|pacman}} silent downgrade<br />
* [29 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000376.html ASA-201507-22] {{pkg|bind}} denial of service<br />
* [29 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000375.html ASA-201507-21] {{pkg|qemu}} multiple issues<br />
* [24 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000374.html ASA-201507-20] {{pkg|crypto++}} private key recovery<br />
* [24 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000373.html ASA-201507-19] {{pkg|libuser}} privilege escalation<br />
* [23 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000371.html ASA-201507-18] {{pkg|chromium}} multiple issues<br />
* [23 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000372.html ASA-201507-17] {{pkg|openssh}} authentication limits bypass<br />
* [22 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000370.html ASA-201507-16] {{pkg|jre7-openjdk}} multiple issues<br />
* [17 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000369.html ASA-201507-15] {{pkg|apache}} multiple issues<br />
* [16 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000368.html ASA-201507-14] {{pkg|lib32-flashplugin}} arbitrary code execution<br />
* [16 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000367.html ASA-201507-13] {{pkg|flashplugin}} arbitrary code execution<br />
* [13 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000366.html ASA-201507-12] {{pkg|lib32-openssl}} man-in-the-middle<br />
* [12 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000365.html ASA-201507-11] {{pkg|lib32-krb5}} multiple issues<br />
* [12 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000364.html ASA-201507-10] {{pkg|krb5}} multiple issues<br />
* [11 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000363.html ASA-201507-9] {{pkg|thunderbird}} multiple issues<br />
* [09 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000362.html ASA-201507-8] {{pkg|openssl}} man-in-the-middle<br />
* [08 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000361.html ASA-201507-7] {{pkg|flashplugin}} remote code execution<br />
* [07 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000360.html ASA-201507-6] {{pkg|bind}} denial of service<br />
* [07 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000359.html ASA-201507-5] {{pkg|ntp}} denial of service<br />
* [04 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000358.html ASA-201507-4] {{pkg|openssh}} XSECURITY restrictions bypass<br />
* [04 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000357.html ASA-201507-3] {{pkg|haproxy}} information leakage<br />
* [03 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000356.html ASA-201507-2] {{pkg|firefox}} remote code execution<br />
* [03 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000355.html ASA-201507-1] {{pkg|wesnoth}} information leakage<br />
<br />
=== June 2015 ===<br />
* [24 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000346.html ASA-201506-5] {{pkg|flashplugin}} remote code execution<br />
* [22 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000345.html ASA-201506-4] {{pkg|curl}} information leakage<br />
* [12 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000344.html ASA-201506-3] {{pkg|openssl}} multiple issues<br />
* [10 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000343.html ASA-201506-2] {{pkg|cups}} multiple issues<br />
* [01 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000342.html ASA-201506-1] {{pkg|pcre}} buffer overflow<br />
<br />
=== May 2015 ===<br />
* [28 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000341.html ASA-201505-20] {{pkg|curl}} information leakage<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000340.html ASA-201505-19] {{pkg|webkitgtk2}} man-in-the-middle<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000339.html ASA-201505-18] {{pkg|webkitgtk}} man-in-the-middle<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000338.html ASA-201505-17] {{pkg|postgresql}} multiple issues<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000337.html ASA-201505-16] {{pkg|pgbouncer}} denial of service<br />
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000336.html ASA-201505-15] {{pkg|nbd}} denial of service<br />
* [21 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000335.html ASA-201505-14] {{pkg|chromium}} multiple issues<br />
* [18 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000332.html ASA-201505-13] {{pkg|thunderbird}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000331.html ASA-201505-12] {{pkg|wireshark-gtk}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000330.html ASA-201505-11] {{pkg|wireshark-qt}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000329.html ASA-201505-10] {{pkg|wireshark-cli}} multiple issues<br />
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000328.html ASA-201505-9] {{pkg|qemu}} arbitrary code execution<br />
* [13 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000321.html ASA-201505-8] {{pkg|tomcat6}} denial of service<br />
* [13 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000320.html ASA-201505-7] {{pkg|firefox}} multiple issues<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000319.html ASA-201505-6] {{pkg|docker}} multiple issues<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000318.html ASA-201505-5] {{pkg|libtasn1}} arbitrary code execution<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000317.html ASA-201505-4] {{pkg|mariadb-clients}} multiple issues<br />
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000316.html ASA-201505-3] {{pkg|mariadb}} multiple issues<br />
* [03 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000315.html ASA-201505-2] {{pkg|clamav}} multiple issues<br />
* [01 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000314.html ASA-201505-1] {{pkg|squid}} weak certificate validation<br />
<br />
=== Apr 2015 ===<br />
* [30 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000313.html ASA-201504-32] {{pkg|perl-xml-libxml}} xml external entity injection<br />
* [29 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000312.html ASA-201504-31] {{pkg|dovecot}} denial of service<br />
* [29 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000311.html ASA-201504-30] {{pkg|chromium}} multiple issues<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000310.html ASA-201504-29] {{pkg|wpa_supplicant}} arbitrary code execution<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000309.html ASA-201504-28] {{pkg|curl}} multiple issues<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000308.html ASA-201504-27] {{pkg|powerdns-recursor}} denial of service<br />
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000307.html ASA-201504-26] {{pkg|powerdns}} denial of service<br />
* [23 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000305.html ASA-201504-25] {{pkg|glibc}} arbitrary code execution<br />
* [22 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000304.html ASA-201504-24] {{pkg|firefox}} arbitrary code execution<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000302.html ASA-201504-23] {{pkg|jre8-openjdk-headless}} multiple issues<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000301.html ASA-201504-22] {{pkg|jre8-openjdk}} multiple issues<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000300.html ASA-201504-21] {{pkg|jdk8-openjdk}} multiple issues<br />
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000299.html ASA-201504-20] {{pkg|tcpdump}} denial of service<br />
* [18 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000298.html ASA-201504-19] {{pkg|chromium}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000297.html ASA-201504-18] {{pkg|flashplugin}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000296.html ASA-201504-17] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000295.html ASA-201504-16] {{pkg|jre7-openjdk}} multiple issues<br />
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000294.html ASA-201504-15] {{pkg|jdk7-openjdk}} multiple issues<br />
* [15 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000291.html ASA-201504-14] {{pkg|php}} multiple issues<br />
* [14 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000282.html ASA-201504-13] {{pkg|ruby}} permissive certificate matching<br />
* [11 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000281.html ASA-201504-12] {{pkg|icecast}} denial of service<br />
* [10 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000280.html ASA-201504-11] {{pkg|mediawiki}} multiple issues<br />
* [09 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000279.html ASA-201504-10] {{pkg|libssh2}} out-of-bounds read<br />
* [08 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000278.html ASA-201504-9] {{pkg|chrony}} denial of service<br />
* [08 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000275.html ASA-201504-8] {{pkg|ntp}} multiple issues<br />
* [07 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000274.html ASA-201504-7] {{pkg|tor}} multiple issues<br />
* [04 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000272.html ASA-201504-6] {{pkg|thunderbird}} multiple issues<br />
* [04 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000273.html ASA-201504-5] {{pkg|java-batik}} xml external entity injection<br />
* [04 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000271.html ASA-201504-4] {{pkg|firefox}} certificate verification bypass<br />
* [03 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000270.html ASA-201504-3] {{pkg|libtasn1}} stack overflow<br />
* [02 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000269.html ASA-201504-2] {{pkg|chromium}} remote code execution<br />
* [01 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000268.html ASA-201504-1] {{pkg|firefox}} multiple issues<br />
<br />
=== Mar 2015 ===<br />
* [31 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000267.html ASA-201503-26] {{pkg|musl}} arbitrary code execution<br />
* [28 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000266.html ASA-201503-25] {{pkg|php}} zip integer overflow<br />
* [25 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000265.html ASA-201503-24] {{pkg|vorbis-tools}} denial of service<br />
* [24 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000264.html ASA-201503-23] {{pkg|util-linux}} command injection<br />
* [23 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000263.html ASA-201503-22] {{pkg|cpio}} directory traversal<br />
* [21 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000262.html ASA-201503-21] {{pkg|firefox}} multiple issues<br />
* [20 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000261.html ASA-201503-20] {{pkg|tcpdump}} multiple issues<br />
* [20 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000260.html ASA-201503-19] {{pkg|xerces-c}} denial of service<br />
* [20 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000259.html ASA-201503-18] {{pkg|drupal}} multiple issues<br />
* [19 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000258.html ASA-201503-17] {{pkg|lib32-openssl}} multiple issues<br />
* [19 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000257.html ASA-201503-16] {{pkg|openssl}} multiple issues<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000256.html ASA-201503-15] {{pkg|libxfont}} multiple issues<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000255.html ASA-201503-14] {{pkg|ecryptfs-utils}} hard-coded passphrase salt<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000254.html ASA-201503-13] {{pkg|ettercap-gtk}} multiple issues<br />
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000253.html ASA-201503-12] {{pkg|ettercap}} multiple issues<br />
* [16 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000252.html ASA-201503-11] {{pkg|flashplugin}} multiple issues<br />
* [16 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000251.html ASA-201503-10] {{pkg|librsync}} checksum collision<br />
* [15 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000250.html ASA-201503-9] {{pkg|unzip}} arbitrary code execution<br />
* [12 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000249.html ASA-201503-8] {{pkg|e2fsprogs}} arbitrary code execution<br />
* [11 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000248.html ASA-201503-7] {{pkg|python2-django}} {{pkg|python-django}} cross site scripting<br />
* [09 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000247.html ASA-201503-6] {{pkg|mutt}} denial of service<br />
* [05 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000245.html ASA-201503-5] {{pkg|chromium}} multiple issues<br />
* [05 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000244.html ASA-201503-4] {{pkg|grep}} denial of service<br />
* [02 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000243.html ASA-201503-3] {{pkg|lib32-elfutils}} directory traversal<br />
* [02 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000242.html ASA-201503-2] {{pkg|elfutils}} directory traversal<br />
* [02 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000241.html ASA-201503-1] {{pkg|putty}} information disclosure<br />
<br />
=== Feb 2015 ===<br />
* [25 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000238.html ASA-201502-15] {{pkg|thunderbird}} multiple issues<br />
* [25 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000237.html ASA-201502-14] {{pkg|firefox}} multiple issues<br />
* [23 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000236.html ASA-201502-13] {{pkg|samba}} arbitrary code execution<br />
* [17 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000235.html ASA-201502-12] {{pkg|krb5}} multiple issues<br />
* [11 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000234.html ASA-201502-11] {{pkg|xorg-server}} information leak and denial of service<br />
* [10 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000233.html ASA-201502-10] {{pkg|dbus}} denial of service<br />
* [09 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000232.html ASA-201502-9] {{pkg|pigz}} remote write to arbitrary file<br />
* [09 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000231.html ASA-201502-8] {{pkg|glibc}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000230.html ASA-201502-7] {{pkg|ntp}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000229.html ASA-201502-6] {{pkg|clamav}} arbitrary code execution<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000228.html ASA-201502-5] {{pkg|chromium}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000227.html ASA-201502-4] {{pkg|postgresql}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000226.html ASA-201502-3] {{pkg|mantisbt}} multiple issues<br />
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000225.html ASA-201502-2] {{pkg|flashplugin}} remote code execution<br />
* [03 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000224.html ASA-201502-1] {{pkg|privoxy}} denial of service<br />
<br />
=== Jan 2015 ===<br />
* [28 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000223.html ASA-201501-24] {{pkg|patch}} multiple issues<br />
* [27 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000222.html ASA-201501-23] {{pkg|jasper}} arbitrary code execution<br />
* [26 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000220.html ASA-201501-22] {{pkg|flashplugin}} multiple issues<br />
* [25 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000219.html ASA-201501-21] {{pkg|chromium}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000218.html ASA-201501-20] {{pkg|jre7-openjdk-headless}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000217.html ASA-201501-19] {{pkg|jre7-openjdk}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000216.html ASA-201501-18] {{pkg|jdk7-openjdk}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000215.html ASA-201501-17] {{pkg|php}} remote code execution<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000212.html ASA-201501-16] {{pkg|jre8-openjdk-headless}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000211.html ASA-201501-15] {{pkg|jre8-openjdk}} multiple issues<br />
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000210.html ASA-201501-14] {{pkg|jdk8-openjdk}} multiple issues<br />
* [20 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000209.html ASA-201501-13] {{pkg|polarssl}} remote code execution<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000208.html ASA-201501-12] {{pkg|libssh}} denial of service<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000207.html ASA-201501-11] {{pkg|tinyproxy}} denial of service<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000206.html ASA-201501-10] {{pkg|samba}} privilege elevation<br />
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000205.html ASA-201501-9] {{pkg|curl}} url request injection<br />
* [15 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000204.html ASA-201501-8] {{pkg|flashplugin}} multiple issues<br />
* [14 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000203.html ASA-201501-7] {{pkg|thunderbird}} multiple issues<br />
* [14 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000202.html ASA-201501-6] {{pkg|firefox}} multiple issues<br />
* [14 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000201.html ASA-201501-5] {{pkg|cpio}} heap buffer overflow<br />
* [13 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000200.html ASA-201501-4] {{pkg|libevent}} heap overflow<br />
* [10 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000199.html ASA-201501-3] {{pkg|unzip}} arbitrary code execution<br />
* [09 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000198.html ASA-201501-2] {{pkg|openssl}} multiple issues<br />
* [07 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000192.html ASA-201501-1] {{pkg|imagemagick}} multiple issues<br />
<br />
=== Dec 2014 ===<br />
* [22 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000189.html ASA-201412-24] {{pkg|ntp}} multiple issues<br />
* [18 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000183.html ASA-201412-23] {{pkg|php}} use after free<br />
* [18 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000182.html ASA-201412-22] {{pkg|jasper}} arbitrary code execution<br />
* [18 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000181.html ASA-201412-21] {{pkg|glibc}} arbitrary code execution<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000178.html ASA-201412-20] {{pkg|unrtf}} arbitrary code execution<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000177.html ASA-201412-19] {{pkg|dokuwiki}} cross-site scripting<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000176.html ASA-201412-18] {{pkg|nss}} signature forgery<br />
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000175.html ASA-201412-17] {{pkg|subversion}} denial of service<br />
* [15 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000174.html ASA-201412-16] {{pkg|docker}} multiple issues<br />
* [15 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000173.html ASA-201412-15] {{pkg|python2}} multiple issues<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000172.html ASA-201412-14] {{pkg|xorg-server}} multiple issues<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000171.html ASA-201412-13] {{pkg|flashplugin}} multiple issues<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000170.html ASA-201412-12] {{pkg|nvidia}} arbitrary code execution<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000169.html ASA-201412-11] {{pkg|nvidia-340xx}} arbitrary code execution<br />
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000168.html ASA-201412-10] {{pkg|nvidia-304xx}} arbitrary code execution<br />
* [09 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000167.html ASA-201412-9] {{pkg|powerdns-recursor}} denial of service<br />
* [09 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000166.html ASA-201412-8] {{pkg|unbound}} denial of service<br />
* [08 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000165.html ASA-201412-7] {{pkg|bind}} denial of service<br />
* [08 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000164.html ASA-201412-6] {{pkg|mantisbt}} multiple issues<br />
* [04 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000163.html ASA-201412-5] {{pkg|antiword}} buffer overflow<br />
* [03 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000162.html ASA-201412-4] {{pkg|graphviz}} format string vulnerability<br />
* [03 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000161.html ASA-201412-3] {{pkg|firefox}} multiple issues<br />
* [02 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000160.html ASA-201412-2] {{pkg|openvpn}} denial of service<br />
* [01 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000159.html ASA-201412-1] {{pkg|gnupg}} denial of service<br />
<br />
=== Nov 2014 ===<br />
* [28 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000156.html ASA-201411-31] {{pkg|libksba}} denial of service<br />
* [28 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000157.html ASA-201411-32] {{pkg|icecast}} information leak<br />
* [28 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000158.html ASA-201411-33] {{pkg|libjpeg-turbo}} denial of service <br />
* [26 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000155.html ASA-201411-30] {{pkg|flac}} arbitrary code execution<br />
* [26 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000154.html ASA-201411-29] {{pkg|pcre}} heap buffer overflow<br />
* [23 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000153.html ASA-201411-28] {{pkg|dbus}} denial of service<br />
* [21 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000152.html ASA-201411-27] {{pkg|glibc}} command execution<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000151.html ASA-201411-26] {{pkg|chromium}} multiple issues<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000150.html ASA-201411-25] {{pkg|drupal}} session hijacking and denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000149.html ASA-201411-24] {{pkg|wireshark-qt}} denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000148.html ASA-201411-23] {{pkg|wireshark-gtk}} denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000147.html ASA-201411-22] {{pkg|wireshark-cli}} denial of service<br />
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000146.html ASA-201411-21] {{pkg|clamav}} denial of service<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000145.html ASA-201411-20] {{pkg|avr-binutils}} multiple issues<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000144.html ASA-201411-19] {{pkg|mingw-w64-binutils}} multiple issues<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000143.html ASA-201411-18] {{pkg|arm-none-eabi-binutils}} multiple issues<br />
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000142.html ASA-201411-17] {{pkg|binutils}} multiple issues<br />
* [17 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000141.html ASA-201411-16] {{pkg|ruby}} denial of service<br />
* [17 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000140.html ASA-201411-15] {{pkg|linux-lts}} local denial of service, privilege escalation<br />
* [17 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000139.html ASA-201411-14] {{pkg|linux}} local denial of service, privilege escalation<br />
* [13 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000138.html ASA-201411-13] {{pkg|php}} denial of service<br />
* [13 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000137.html ASA-201411-12] {{pkg|imagemagick}} denial of service<br />
* [13 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000136.html ASA-201411-11] {{pkg|flashplugin}} remote code execution<br />
* [12 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000135.html ASA-201411-10] {{pkg|gnutls}} out-of-bounds memory write<br />
* [12 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000134.html ASA-201411-9] {{pkg|file}} denial of service through out-of-bounds read<br />
* [12 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000133.html ASA-201411-8] {{pkg|mantisbt}} arbitrary code execution and unrestricted access<br />
* [11 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000132.html ASA-201411-7] {{pkg|curl}} out-of-bounds read<br />
* [10 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000131.html ASA-201411-6] {{pkg|kdebase-workspace}} local privilege escalation<br />
* [09 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000130.html ASA-201411-5] {{pkg|konversation}} denial of service<br />
* [06 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000129.html ASA-201411-4] {{pkg|polarssl}} multiple issues<br />
* [05 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000128.html ASA-201411-3] {{pkg|mantisbt}} sql injection<br />
* [03 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000127.html ASA-201411-2] {{pkg|aircrack-ng}} multiple vulnerabilities<br />
* [01 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000126.html ASA-201411-1] {{pkg|tnftp}} arbitrary command execution<br />
<br />
=== Oct 2014 ===<br />
<br />
* [29 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000125.html ASA-201410-14] {{pkg|wget}} arbitrary filesystem access<br />
* [27 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000124.html ASA-201410-13] {{pkg|ejabberd}} circumvention of encryption<br />
* [24 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000123.html ASA-201410-12] {{pkg|libxml2}} Denial of service<br />
* [24 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000122.html ASA-201410-11] {{pkg|ctags}} Denial of service<br />
* [23 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000121.html ASA-201410-10] {{pkg|libvncserver}} Remote code execution and Remote DoS<br />
* [22 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000120.html ASA-201410-9] {{pkg|libpurple}} Remote DoS and Information leakage<br />
* [20 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000119.html ASA-201410-8] {{pkg|wpa_supplicant}}, {{pkg|hostapd}} Arbitrary command execution<br />
* [16 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000118.html ASA-201410-7] {{pkg|drupal}} SQL Injection<br />
* [16 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000117.html ASA-201410-6] {{pkg|openssl}} Memory leak and poodle mitigation<br />
* [15 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000116.html ASA-201410-4] {{pkg|zeromq}} Man-in-the-middle downgrade and replay attack<br />
* [8 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000115.html ASA-201410-5] {{pkg|rsyslog}} Denial of service<br />
* [4 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000114.html ASA-201410-3] {{pkg|mediawiki}} Cross-site Scripting (XSS) and UI redressing<br />
* [2 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000113.html ASA-201410-2] {{pkg|jenkins}} Multiple issues<br />
* [1 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000112.html ASA-201410-1] {{pkg|rsyslog}} Remote denial of service<br />
<br />
=== Sep 2014 ===<br />
<br />
* [29 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000111.html ASA-201409-5] {{pkg|libvirt}} Out-of-bounds read access<br />
* [29 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000109.html ASA-201409-4] {{pkg|mediawiki}} Cross-site Scripting (XSS)<br />
* [26 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000102.html ASA-201409-3] {{pkg|python2}} Information leakage through integer overflow<br />
* [26 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000099.html ASA-201409-2] {{pkg|bash}} Remote code execution<br />
* [25 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000097.html ASA-201409-1] {{pkg|nss}} Signature forgery attack<br />
<br />
==Publishing a new advisory==<br />
<br />
We try to always wait for the vulnerability to have been fixed in the corresponding package before issuing an advisory.<br />
In case of an extremely critical vulnerability,<br />
we may issue an advisory before the package has been fixed, but only if a work-around exists. <br />
<br />
If you want to publish a new advisory, please check that:<br />
* the corresponding Arch Linux package is really vulnerable ;<br />
* the tracking [[Arch_CVE_Monitoring_Team#Procedure|Procedure]] has been completed;<br />
* no Arch Linux Security Advisory for this vulnerability has been published yet ;<br />
* no upcoming Security Advisory for this vulnerability has been claimed in the "[[#Scheduled Advisories|Scheduled Advisories]]" list of this page, as it would mean that someone is already working on an advisory ;<br />
* the current maintainer has been notified, either by flagging the package ouf-of-date if an upstream release fixing the issue exists and/or by creating a new [https://bugs.archlinux.org/ bug-tracker] entry (see the exact procedure [[Arch_CVE_Monitoring_Team#Procedure|here]]).<br />
<br />
You may then:<br />
* add a line in the "[[#Scheduled Advisories|Scheduled Advisories]]" list of this page, indicating that you are going to publish an advisory soon ;<br />
* use the following template as an example to write the advisory ;<br />
* ensure that every line in the advisory is properly wrapped after 72 characters<br />
* send the advisory to the [https://mailman.archlinux.org/mailman/listinfo/arch-security arch-security] mailing-list (note that it would be nice if you could send a PGP-signed e-mail, but it is not required).<br />
* move the published advisory from "[[#Scheduled Advisories|Scheduled Advisories]]" to "[[#Recent Advisories|Recent Advisories]]"<br />
* adapt the [[CVE#Documented_CVE.27s|CVE]] tracking page for the fixed package and add a link to the appropriate ASA.<br />
<br />
===Templates===<br />
<br />
{{bc|<nowiki><br />
Subject:<br />
[ASA-<YYYYMM-N>] <Package>: <Vulnerability Type><br />
<br />
Body:<br />
Arch Linux Security Advisory ASA-YYYYMM-N<br />
=========================================<br />
<br />
Severity: Low, Medium, High, Critical<br />
Date : YYYY-MM-DD<br />
CVE-ID : <CVE-ID><br />
Package : <package><br />
Type : <Vulnerability Type><br />
Remote : <Yes/No><br />
Link : https://wiki.archlinux.org/index.php/CVE<br />
<br />
Summary<br />
=======<br />
<br />
The package <package> before version <Arch Linux fixed version> is vulnerable to <Vulnerability type>.<br />
<br />
Resolution<br />
==========<br />
<br />
Upgrade to <Arch Linux fixed version>.<br />
<br />
# pacman -Syu "<package>>=<Arch Linux fixed version>"<br />
<br />
The problem has been fixed upstream in version <upstream fixed version>.<br />
<br />
Workaround<br />
==========<br />
<br />
<Is there a way to mitigate this vulnerability without upgrading?><br />
<br />
Description<br />
===========<br />
<br />
<Long description, for example from original advisory>.<br />
<br />
Impact<br />
======<br />
<br />
<<br />
What is it that an attacker can do? Does this need existing<br />
pre-conditions to be exploited (valid credentials, physical access)?<br />
Is this remotely exploitable?<br />
>.<br />
<br />
References<br />
==========<br />
<br />
<CVE-Link><br />
<Upstream report><br />
<Arch Linux Bug-Tracker><br />
</nowiki>}}<br />
<br />
===Vim-Snippet===<br />
<br />
Vim-Snippet for vim-ultisnips plugin for easy completing the archlinux template. Just install {{pkg|vim-ultisnips}} and copy the text below in your {{ic|~/.vim/UltiSnips/all.snippets}} you can jump through the tabstops with {{ic|CTRL+j}}.<br />
<br />
{{bc|<nowiki><br />
snippet archsec "arch security form" <br />
Arch Linux Security Advisory ASA-`date -I -u | egrep -o '[0-9]{4}'``date -I -u | egrep -o '[0-9]{2}' | sed '3q;d'`-${1}<br />
========================================${1/./=/g} <br />
<br />
Severity: ${2} <br />
Date : `date -I -u` <br />
CVE-ID : $3 <br />
Package : $4 <br />
Type : $5<br />
Remote : ${6} <br />
Link : https://wiki.archlinux.org/index.php/CVE <br />
<br />
Summary<br />
=======<br />
<br />
The package $4 before version $7 is vulnerable to $5 ${8} <br />
<br />
Resolution<br />
==========<br />
<br />
Upgrade to $7.<br />
<br />
# pacman -Syu "$4>=$7" <br />
<br />
${9:The problems have been fixed upstream in version ${7/-\d+$/./}} <br />
<br />
Workaround<br />
========== <br />
<br />
${10:None.} <br />
<br />
Description <br />
=========== <br />
<br />
${3/(CVE-....-....)(\s?)/- $1(?2: : )()\n\n/g} <br />
<br />
Impact<br />
====== <br />
<br />
A${6/(Yes)|(No)/(?1: remote )(?2: local )/}attacker is able to ${12} <br />
<br />
References<br />
========== <br />
<br />
${3/(CVE-....-....)(\s?)/https:\/\/access.redhat.com\/security\/cve\/$1\n/g}<br />
${13}<br />
endsnippet<br />
<br />
</nowiki>}}</div>
Anthraxx