https://wiki.archlinux.org/api.php?action=feedcontributions&user=Bwayne&feedformat=atomArchWiki - User contributions [en]2024-03-28T19:09:48ZUser contributionsMediaWiki 1.41.0https://wiki.archlinux.org/index.php?title=World_of_Warcraft&diff=339629World of Warcraft2014-10-10T23:44:51Z<p>Bwayne: /* Troubleshooting */ Adding how to troubleshoot particular error message</p>
<hr />
<div>[[Category:Gaming]]<br />
[[Category:Wine]]<br />
{{Out of date}}<br />
<br />
World of Warcraft (WoW) is a Massively Multiplayer Online Role-Playing Game (MMORPG) by Blizzard Entertainment taking place in the fictional world of Azeroth, the world that previous Blizzard titles in the Realtime Stategy (RTS) Warcraft series. For more information about the game itself, visit [http://www.worldofwarcraft.com/ the Official World of Warcraft website].<br />
<br />
This article will describe how install and run in on Arch Linux using [http://winehq.org/ Wine].<br />
<br />
Some of this information was provided by http://wowpedia.org/World_of_Warcraft_functionality_on_Wine which is the best general source of information on WoW on Wine.<br />
<br />
==Installing Wine==<br />
See [[Wine]].<br />
<br />
==Installing the Game==<br />
There are five options for installing World of Warcraft. <br />
<br />
===Downloading and installing via Blizzard's client===<br />
<br />
The most straightforward way of installing World of Warcraft on Linux is usually this method, while it may not be the fastest. On slower connections, however, you may not wish to use this method due to the fact that you will have to download the entire game, including patches.<br />
<br />
It is known to work with Wine 1.1.39 which can be downloaded off [http://www.winehq.org/ Wine's website] and compiled. However, you may wish to try with the newest version from the extra section, installed via Pacman like so:<br />
<br />
# pacman -S wine<br />
<br />
====Downloading the Client====<br />
<br />
First step is to download the client.<br />
European users can download it off the european World of Warcraft website [http://www.wow-europe.com/en/downloads/client/index.html here,] while people from the United States would probably want to download the [http://www.worldofwarcraft.com/downloads/wowclient-download.html US client.]<br />
<br />
====Installing the Game====<br />
<br />
Once the client is downloaded run the file with Wine:<br />
wine World-of-Warcraft-Setup-enGB.exe<br />
<br />
====Troubleshooting====<br />
<br />
=====Not able to agree to terms=====<br />
<br />
In case you can not see the license text, you probably have to install gecko, since the license is rendered as HTML.<br />
<br />
To install it (on 64 bit enable [multilib])<br />
pacman -S wine_gecko<br />
<br />
In some versions of Wine, you can not agree to the terms even though you scrolled down. Try to compile the latest Wine from source. Or use a version of Wine it is known to work with, i.e. 1.1.39, '''1.7.10''' (please add more here).<br />
<br />
=====Wine crashes while reading terms=====<br />
<br />
Wine crashes as soon as the terms which must be agreed to install the game opens. This is because the installer fetches the terms from a website somewhere, and therefore uses a browser implementation to show them. Wine's implementation of this is named [Gecko http://wiki.winehq.org/Gecko], and this must be installed in order for the installation to work!<br />
<br />
=====Battle.net cannot connect=====<br />
<br />
The new (V5) battle.net installer will not be able to connect without libldap. To install:<br />
<br />
pacman -S lib32-libldap<br />
<br />
=====Error Message: This application failed to start because it could not find or load the qt platform plugin windows=====<br />
<br />
Use winecfg to change Battle.net.exe to use Windows XP mode.<br />
<br />
===Copying the CDs to a folder===<br />
<br />
This method's goal is to copy the 5 install CDs to a folder. This seems to solve problems with deciding whether a CD is mounted and needs changing or not ; I think this is a fundamental problem because Windows does not have the basic concept of mounting and unmounting drives.<br />
<br />
mkdir /mnt/temp<br />
cd /mnt/temp<br />
<br />
mount /mnt/cdrom<br />
cp -R /mnt/cdrom/* /mnt/temp<br />
umount /mnt/cdrom<br />
(repeat above for each of the 5 CDs)<br />
<br />
Then run the World of Warcraft Installer with :<br />
<br />
wine Installer.exe<br />
<br />
===Copying an Existing Installation===<br />
<br />
The third is to simply copy an exisiting WoW installation from a Windows drive to Linux. <br />
<br />
'''NOTE:''' If you do not alreay have Wine installed, or have not run World of Warcraft with Wine before, you should skip down to [[#Installing Wine]], then come back to this section. ''Please DO NOT SKIP this section unless you are absolutely sure you know what you are doing.''<br />
<br />
Copy the C:\Program Files\World of Warcraft directory from Windows to ~/.wine/drive_c/Program Files/World of Warcraft.<br />
<br />
Example (assuming your windows partition is mounted at {{Ic|/mnt/windows}} and you are in your home directory) (Quotes are needed because of the spaces in the file names):<br />
<br />
cp -R "/mnt/windows/Program Files/World of Warcraft" ".wine/drive_c/Program Files/World of Warcraft"<br />
<br />
This will ensure that Wine knows about your WoW and will be able to configure it properly, and also ensures that WoW will not notice it has even been moved at all.<br />
<br />
Now that you have WoW installed, skip down to [[#Post-Installation]].<br />
<br />
===New Installation from CD===<br />
'''NOTE:''' We will assume that your Wine CD-ROM drive is "D:\" for this guide. Please use the correct letter as set up in the [[#Installing Wine]] section.<br />
<br />
Insert the first CD, mount it, and start the installation with:<br />
<br />
wine "D:\Installer.exe"<br />
<br />
When it asks for the next cd, simply unmount your CD drive and mount the next CD. Make absolutely sure that you mount the CD before telling the installer to load the CD, or it may make the installation fail. If you have any issues installing using the CDs, please read the next section.<br />
<br />
The WoW installation uses all 5 CDs, so it will take a while. Go outside and get some fresh air while the CD loads, because soon you will not have any "free time". :P<br />
<br />
===New Installation from DVD===<br />
'''NOTE:''' Note that on some WoW DVD's the installer executable is hidden and you need to mount the disc with the 'unhide' option. To do this type in a terminal:<br />
mount -t iso9660 -o ro,unhide /dev/cdrom /media/cdrom/<br />
<br />
Insert first the DVD. If it will be mounted automatically - just unmount.<br />
<br />
# umount /media/dvd<br />
<br />
Now mount manually<br />
<br />
# mount -t iso9660 /dev/dvd0 /mnt/dvd<br />
<br />
Now you will find the Install.exe on the DVD<br />
<br />
~ wine /mnt/dvd/Installer.exe<br />
<br />
==Installing Patches==<br />
Now we will need to update WoW. As of Noevember 30th 2010, the latest version of World of Warcraft is 4.0.3.13329. This will change over time, of course. The best place I have found to access the latest patches is http://www.wowpedia.org/Patch_mirrors<br />
<br />
I think the simplest way of updating World of Warcraft is to download the patches (links are at the Patch Wiki) and copy them into the working directory for World of Warcraft. I have had problems with the Blizzard Downloaders either not working at all, or working very slowly. If you download them, you can reuse them if you reinstall or have an accident.<br />
<br />
When you have downloaded the files into their own folder for neatness, copy these patches into the World of Warcraft working directory.<br />
cp * ~/.wine/drive_c/Program\ Files/World\ of\ Warcraft/<br />
<br />
The 1.12.x patch needs to be unzipped into the working directory<br />
<br />
cd ~/.wine/drive_c/Program\ Files/World\ of\ Warcraft/<br />
unzip wow-1.12.x-to-2.0.1-engb-patch-3.zip<br />
<br />
The simplest way to install the patches seems to be to run World of Warcraft. It detects that you have downloaded the patches and does not do it again.<br />
<br />
cd ~/.wine/drive_c/Program\ Files/World\ of\ Warcraft/<br />
wine WoW.exe<br />
<br />
You have to keep going round 5 times, it does get a bit dull, but it is fairly reliable. Accept the offer to Install the Gecko renderer when it comes up on your first patch install.<br />
<br />
The original Wiki says you can install patches with Wine as follows:<br />
<br />
wine wow-VERSION-LANG-patch.exe<br />
<br />
This method is currently still working.<br />
<br />
If the Launcher (it displays a little box with News and Play) seems to stop when downloading, close its window and re-run WoW.exe<br />
<br />
'''UPDATED for 4.3'''<br />
<br />
If the Launcher crashes when downloading patches start backgrounddownloader and deactivate peer to peer and restart the launcher. Now everything will download and install.<br />
<br />
==Configuration==<br />
<br />
The World of Warcraft configuration file is kept in the WTF directory (do Blizzard have a sense of humour ?)<br />
<br />
Edit it with<br />
<br />
gedit WTF/Config.wtf<br />
<br />
===Using OpenGL===<br />
<br />
Add the following line which makes WoW run in OpenGL instead of DirectX Mode.<br />
Doing so though will result in lower quality graphics as it appears the OpenGL renderer isn't updated as frequently. D3D9 has more graphical features (like stencil shadows, liquid water, sunshafts) and higher shader model.<br />
<br />
SET gxApi "opengl"<br />
<br />
===Resolution and Colour depth===<br />
<br />
You can change the following two lines to set the default WoW resolution. I have a 19" Monitor so I can use the following.<br />
<br />
SET gxColorBits "24"<br />
SET gxResolution "1440x900"<br />
<br />
===Windowing===<br />
<br />
You can run in a Window by setting this, which is confirmed to work in Wine.<br />
<br />
SET gxWindow "1" <br />
<br />
===Black textures issue===<br />
<br />
If you're using an Intel graphics card and you can see black textures in the game (or the game crashes in OpenGL mode), you should enable S3TC texture compression support. <br />
It can be enabled through {{Pkg|driconf}} or by installing {{Pkg|libtxc_dxtn}}.<br />
<br />
===Sound Issues===<br />
<br />
====Configuring the Buffer====<br />
If the sound makes a horrendous racket with squeaks and white noise try :<br />
<br />
SET SoundOutputSystem "1" <br />
SET SoundBufferSize "100"<br />
<br />
====Stuttering or Static Sound====<br />
Run {{Ic|winecfg}}, and in the "Audio" tab, selected "OSS" as the sound driver, using "Standard" hardware acceleration and driver emulation enabled.<br />
<br />
You can also set WoW to run at a higher "nice level", which will usually improve sound performance ({{Ic|renice}} must be run as root):<br />
<br />
sudo renice -15 `pidof WoW.exe`<br />
<br />
==Performance Tweaks==<br />
<br />
1. Here is a performance tweak that can boost your FPS significantly (everything without quotes):<br />
<br />
- Open Wine's version of the registry editor by running "regedit"<br />
- Navigate to HKEY_CURRENT_USER\Software\Wine\ <br />
- Select the "Wine" folder, right-click onto the folder symbol and select New-> Key and rename it to "OpenGL"<br />
- Select the OpenGL-Key, then right-click into the right-hand pane, chose New-> String Value and hit enter<br />
- Rename "New Value #1" to "DisabledExtensions"<br />
- Double-Click on the renamed Key and enter "GL_ARB_vertex_buffer_object" into the "value" field<br />
<br />
That was it, close the registry editor again, your changes will be saved automatically.<br />
<br />
2. If you are finding it annoying that turning your character by let us say 90 degree takes n seconds normally, but n+m seconds in pupolated areas (in other words: that the polygon count of your surroundings affects the camera turning speed), apply something to "GL_ARB_vertex_buffer_object", like let us say a "2", so it looks like this: "GL_ARB_vertex_buffer_object2". You will still have the performance boost of the above tweak, but with a smoother feeling.<br />
<br />
You can also find [http://appdb.winehq.org/objectManager.php?bIsQueue=false&bIsRejected=false&sClass=comment&sAction=add&sReturnTo=http%3A%2F%2Fappdb.winehq.org%2FobjectManager.php%3FsClass%3Dversion%26amp%3BiId%3D25610&sTitle=Post+new+comment&iVersionId=25610&iThread=80686 this] comment on WineHQ very useful. It can double your FPS.<br />
<br />
===For NVIDIA users===<br />
As of version 310.14 of the nvidia driver, an option exists for threaded OpenGL performance optimization. WoW benefits greatly from utilizing this. <br />
<br />
(Sidenote: this makes the 'RGL' patch/library/hack redundant for nVidia users)<br />
<br />
Exporting __GL_THREADED_OPTIMIZATIONS=1 enables the optimizations. Example of launching WoW with these optimizations:<br />
__GL_THREADED_OPTIMIZATIONS=1 wine Wow.exe -opengl<br />
Once you've confirmed the game works well for you (applies to any game, not just WoW) you can turn off debugging output to potentially improve performance further:<br />
WINEDEBUG=-all __GL_THREADED_OPTIMIZATIONS=1 wine Wow.exe -opengl $> /dev/null<br />
<br />
====NVIDIA users and Direct3D mode====<br />
If running the game in Direct3D mode, in conjunction with the above optimization, compiling Wine with the [http://bugs.winehq.org/show_bug.cgi?id=11674#c263 ''"Use glBufferSubDataARB for dynamic buffer uploads"''] patch should yield a further performance increase. This patch does not appear to increase performance in OpenGL mode, though OpenGL mode generally results in higher framerates anyway... albeit at the cost of the game's more advanced Direct3D eye candy.<br />
<br />
'''NOTE: You MUST turn off Wine's debugging to benefit from this'''<br />
WINEDEBUG=-all __GL_THREADED_OPTIMIZATIONS=1 wine Wow.exe<br />
<br />
==== GLXUnsupportedPrivateRequest Problem ====<br />
<br />
On 64 bit systesm, if you're using bumblebee and using optirun to run game with Nvidia Graphic card on your system, you will encounter this error:<br />
<br />
X Error of failed request: GLXUnsupportedPrivateRequest<br />
<br />
In most cases installing {{pkg|lib32-virtualgl}} will solve this problem. [https://bbs.archlinux.org/viewtopic.php?pid=1381891#p1381891 bbs]<br />
<br />
===AMD CPU users====<br />
As WoW significant benefits from L3-Cache you should check if your Processor/Bios has a L3-allocation Option available,<br />
BSP-Only allocation is what worked for me pretty well.<br />
By switching from all-cores allocation to BSP-only the FPS on my system did jump from ~70 outdoors to over 120+. This was done on a II X4 640 with Nvidia Graphics Card(proprietary driver) using -opengl and the thread optimization.<br />
<br />
===CPU/I-O Schedulers====<br />
You can greatly increase World of Warcraft performance by choosing the right schedulers for your machine. Currently, the most-recent version of wine in the official repositories is not configured to fully take advantage of the linux-ck kernel. Instead, it is recommended that wine gamers use the CFS scheduler. Also, World of Warcraft runs better with the deadline I/O scheduler (as opposed to noop, cfq, bfq, etc). You can check if you will benefit from switching I/O schedulers first by determining which I/O scheduler you are using on your drive:<br />
# fdisk -l *to determine the hard drive arch is installed on*<br />
# cat /sys/block/sdX/queue/scheduler *Where X is the letter of the drive fdisk reports*<br />
# echo deadline > /sys/block/sdX/queue/scheduler<br />
<br />
<br />
This is a temporary fix (it does not set deadline permanently), but you may gain an additional 5-30fps, by enabling deadline as the I/O scheduler. Moreover, feel free to play around with other schedulers to pick the one which runs best on your machine, especially if you have an SSD<br />
<br />
==Links==<br />
* [http://appdb.winehq.org/appview.php?iVersionId=6482 World of Warcraft in the wine APPDB]<br />
* [http://www.wowpedia.org/Main_Page Wowpedia]<br />
* [http://www.wowpedia.org/Patch_mirrors Patch Mirrors]</div>Bwaynehttps://wiki.archlinux.org/index.php?title=World_of_Warcraft&diff=339628World of Warcraft2014-10-10T23:44:13Z<p>Bwayne: /* Troubleshooting */</p>
<hr />
<div>[[Category:Gaming]]<br />
[[Category:Wine]]<br />
{{Out of date}}<br />
<br />
World of Warcraft (WoW) is a Massively Multiplayer Online Role-Playing Game (MMORPG) by Blizzard Entertainment taking place in the fictional world of Azeroth, the world that previous Blizzard titles in the Realtime Stategy (RTS) Warcraft series. For more information about the game itself, visit [http://www.worldofwarcraft.com/ the Official World of Warcraft website].<br />
<br />
This article will describe how install and run in on Arch Linux using [http://winehq.org/ Wine].<br />
<br />
Some of this information was provided by http://wowpedia.org/World_of_Warcraft_functionality_on_Wine which is the best general source of information on WoW on Wine.<br />
<br />
==Installing Wine==<br />
See [[Wine]].<br />
<br />
==Installing the Game==<br />
There are five options for installing World of Warcraft. <br />
<br />
===Downloading and installing via Blizzard's client===<br />
<br />
The most straightforward way of installing World of Warcraft on Linux is usually this method, while it may not be the fastest. On slower connections, however, you may not wish to use this method due to the fact that you will have to download the entire game, including patches.<br />
<br />
It is known to work with Wine 1.1.39 which can be downloaded off [http://www.winehq.org/ Wine's website] and compiled. However, you may wish to try with the newest version from the extra section, installed via Pacman like so:<br />
<br />
# pacman -S wine<br />
<br />
====Downloading the Client====<br />
<br />
First step is to download the client.<br />
European users can download it off the european World of Warcraft website [http://www.wow-europe.com/en/downloads/client/index.html here,] while people from the United States would probably want to download the [http://www.worldofwarcraft.com/downloads/wowclient-download.html US client.]<br />
<br />
====Installing the Game====<br />
<br />
Once the client is downloaded run the file with Wine:<br />
wine World-of-Warcraft-Setup-enGB.exe<br />
<br />
====Troubleshooting====<br />
<br />
=====Not able to agree to terms=====<br />
<br />
In case you can not see the license text, you probably have to install gecko, since the license is rendered as HTML.<br />
<br />
To install it (on 64 bit enable [multilib])<br />
pacman -S wine_gecko<br />
<br />
In some versions of Wine, you can not agree to the terms even though you scrolled down. Try to compile the latest Wine from source. Or use a version of Wine it is known to work with, i.e. 1.1.39, '''1.7.10''' (please add more here).<br />
<br />
=====Wine crashes while reading terms=====<br />
<br />
Wine crashes as soon as the terms which must be agreed to install the game opens. This is because the installer fetches the terms from a website somewhere, and therefore uses a browser implementation to show them. Wine's implementation of this is named [Gecko http://wiki.winehq.org/Gecko], and this must be installed in order for the installation to work!<br />
<br />
=====Battle.net cannot connect=====<br />
<br />
The new (V5) battle.net installer will not be able to connect without libldap. To install:<br />
<br />
pacman -S lib32-libldap<br />
<br />
<br />
=====Error Message: This application failed to start because it could not find or load the qt platform plugin windows=====<br />
<br />
Use winecfg to change Battle.net.exe to use Windows XP mode.<br />
<br />
===Copying the CDs to a folder===<br />
<br />
This method's goal is to copy the 5 install CDs to a folder. This seems to solve problems with deciding whether a CD is mounted and needs changing or not ; I think this is a fundamental problem because Windows does not have the basic concept of mounting and unmounting drives.<br />
<br />
mkdir /mnt/temp<br />
cd /mnt/temp<br />
<br />
mount /mnt/cdrom<br />
cp -R /mnt/cdrom/* /mnt/temp<br />
umount /mnt/cdrom<br />
(repeat above for each of the 5 CDs)<br />
<br />
Then run the World of Warcraft Installer with :<br />
<br />
wine Installer.exe<br />
<br />
===Copying an Existing Installation===<br />
<br />
The third is to simply copy an exisiting WoW installation from a Windows drive to Linux. <br />
<br />
'''NOTE:''' If you do not alreay have Wine installed, or have not run World of Warcraft with Wine before, you should skip down to [[#Installing Wine]], then come back to this section. ''Please DO NOT SKIP this section unless you are absolutely sure you know what you are doing.''<br />
<br />
Copy the C:\Program Files\World of Warcraft directory from Windows to ~/.wine/drive_c/Program Files/World of Warcraft.<br />
<br />
Example (assuming your windows partition is mounted at {{Ic|/mnt/windows}} and you are in your home directory) (Quotes are needed because of the spaces in the file names):<br />
<br />
cp -R "/mnt/windows/Program Files/World of Warcraft" ".wine/drive_c/Program Files/World of Warcraft"<br />
<br />
This will ensure that Wine knows about your WoW and will be able to configure it properly, and also ensures that WoW will not notice it has even been moved at all.<br />
<br />
Now that you have WoW installed, skip down to [[#Post-Installation]].<br />
<br />
===New Installation from CD===<br />
'''NOTE:''' We will assume that your Wine CD-ROM drive is "D:\" for this guide. Please use the correct letter as set up in the [[#Installing Wine]] section.<br />
<br />
Insert the first CD, mount it, and start the installation with:<br />
<br />
wine "D:\Installer.exe"<br />
<br />
When it asks for the next cd, simply unmount your CD drive and mount the next CD. Make absolutely sure that you mount the CD before telling the installer to load the CD, or it may make the installation fail. If you have any issues installing using the CDs, please read the next section.<br />
<br />
The WoW installation uses all 5 CDs, so it will take a while. Go outside and get some fresh air while the CD loads, because soon you will not have any "free time". :P<br />
<br />
===New Installation from DVD===<br />
'''NOTE:''' Note that on some WoW DVD's the installer executable is hidden and you need to mount the disc with the 'unhide' option. To do this type in a terminal:<br />
mount -t iso9660 -o ro,unhide /dev/cdrom /media/cdrom/<br />
<br />
Insert first the DVD. If it will be mounted automatically - just unmount.<br />
<br />
# umount /media/dvd<br />
<br />
Now mount manually<br />
<br />
# mount -t iso9660 /dev/dvd0 /mnt/dvd<br />
<br />
Now you will find the Install.exe on the DVD<br />
<br />
~ wine /mnt/dvd/Installer.exe<br />
<br />
==Installing Patches==<br />
Now we will need to update WoW. As of Noevember 30th 2010, the latest version of World of Warcraft is 4.0.3.13329. This will change over time, of course. The best place I have found to access the latest patches is http://www.wowpedia.org/Patch_mirrors<br />
<br />
I think the simplest way of updating World of Warcraft is to download the patches (links are at the Patch Wiki) and copy them into the working directory for World of Warcraft. I have had problems with the Blizzard Downloaders either not working at all, or working very slowly. If you download them, you can reuse them if you reinstall or have an accident.<br />
<br />
When you have downloaded the files into their own folder for neatness, copy these patches into the World of Warcraft working directory.<br />
cp * ~/.wine/drive_c/Program\ Files/World\ of\ Warcraft/<br />
<br />
The 1.12.x patch needs to be unzipped into the working directory<br />
<br />
cd ~/.wine/drive_c/Program\ Files/World\ of\ Warcraft/<br />
unzip wow-1.12.x-to-2.0.1-engb-patch-3.zip<br />
<br />
The simplest way to install the patches seems to be to run World of Warcraft. It detects that you have downloaded the patches and does not do it again.<br />
<br />
cd ~/.wine/drive_c/Program\ Files/World\ of\ Warcraft/<br />
wine WoW.exe<br />
<br />
You have to keep going round 5 times, it does get a bit dull, but it is fairly reliable. Accept the offer to Install the Gecko renderer when it comes up on your first patch install.<br />
<br />
The original Wiki says you can install patches with Wine as follows:<br />
<br />
wine wow-VERSION-LANG-patch.exe<br />
<br />
This method is currently still working.<br />
<br />
If the Launcher (it displays a little box with News and Play) seems to stop when downloading, close its window and re-run WoW.exe<br />
<br />
'''UPDATED for 4.3'''<br />
<br />
If the Launcher crashes when downloading patches start backgrounddownloader and deactivate peer to peer and restart the launcher. Now everything will download and install.<br />
<br />
==Configuration==<br />
<br />
The World of Warcraft configuration file is kept in the WTF directory (do Blizzard have a sense of humour ?)<br />
<br />
Edit it with<br />
<br />
gedit WTF/Config.wtf<br />
<br />
===Using OpenGL===<br />
<br />
Add the following line which makes WoW run in OpenGL instead of DirectX Mode.<br />
Doing so though will result in lower quality graphics as it appears the OpenGL renderer isn't updated as frequently. D3D9 has more graphical features (like stencil shadows, liquid water, sunshafts) and higher shader model.<br />
<br />
SET gxApi "opengl"<br />
<br />
===Resolution and Colour depth===<br />
<br />
You can change the following two lines to set the default WoW resolution. I have a 19" Monitor so I can use the following.<br />
<br />
SET gxColorBits "24"<br />
SET gxResolution "1440x900"<br />
<br />
===Windowing===<br />
<br />
You can run in a Window by setting this, which is confirmed to work in Wine.<br />
<br />
SET gxWindow "1" <br />
<br />
===Black textures issue===<br />
<br />
If you're using an Intel graphics card and you can see black textures in the game (or the game crashes in OpenGL mode), you should enable S3TC texture compression support. <br />
It can be enabled through {{Pkg|driconf}} or by installing {{Pkg|libtxc_dxtn}}.<br />
<br />
===Sound Issues===<br />
<br />
====Configuring the Buffer====<br />
If the sound makes a horrendous racket with squeaks and white noise try :<br />
<br />
SET SoundOutputSystem "1" <br />
SET SoundBufferSize "100"<br />
<br />
====Stuttering or Static Sound====<br />
Run {{Ic|winecfg}}, and in the "Audio" tab, selected "OSS" as the sound driver, using "Standard" hardware acceleration and driver emulation enabled.<br />
<br />
You can also set WoW to run at a higher "nice level", which will usually improve sound performance ({{Ic|renice}} must be run as root):<br />
<br />
sudo renice -15 `pidof WoW.exe`<br />
<br />
==Performance Tweaks==<br />
<br />
1. Here is a performance tweak that can boost your FPS significantly (everything without quotes):<br />
<br />
- Open Wine's version of the registry editor by running "regedit"<br />
- Navigate to HKEY_CURRENT_USER\Software\Wine\ <br />
- Select the "Wine" folder, right-click onto the folder symbol and select New-> Key and rename it to "OpenGL"<br />
- Select the OpenGL-Key, then right-click into the right-hand pane, chose New-> String Value and hit enter<br />
- Rename "New Value #1" to "DisabledExtensions"<br />
- Double-Click on the renamed Key and enter "GL_ARB_vertex_buffer_object" into the "value" field<br />
<br />
That was it, close the registry editor again, your changes will be saved automatically.<br />
<br />
2. If you are finding it annoying that turning your character by let us say 90 degree takes n seconds normally, but n+m seconds in pupolated areas (in other words: that the polygon count of your surroundings affects the camera turning speed), apply something to "GL_ARB_vertex_buffer_object", like let us say a "2", so it looks like this: "GL_ARB_vertex_buffer_object2". You will still have the performance boost of the above tweak, but with a smoother feeling.<br />
<br />
You can also find [http://appdb.winehq.org/objectManager.php?bIsQueue=false&bIsRejected=false&sClass=comment&sAction=add&sReturnTo=http%3A%2F%2Fappdb.winehq.org%2FobjectManager.php%3FsClass%3Dversion%26amp%3BiId%3D25610&sTitle=Post+new+comment&iVersionId=25610&iThread=80686 this] comment on WineHQ very useful. It can double your FPS.<br />
<br />
===For NVIDIA users===<br />
As of version 310.14 of the nvidia driver, an option exists for threaded OpenGL performance optimization. WoW benefits greatly from utilizing this. <br />
<br />
(Sidenote: this makes the 'RGL' patch/library/hack redundant for nVidia users)<br />
<br />
Exporting __GL_THREADED_OPTIMIZATIONS=1 enables the optimizations. Example of launching WoW with these optimizations:<br />
__GL_THREADED_OPTIMIZATIONS=1 wine Wow.exe -opengl<br />
Once you've confirmed the game works well for you (applies to any game, not just WoW) you can turn off debugging output to potentially improve performance further:<br />
WINEDEBUG=-all __GL_THREADED_OPTIMIZATIONS=1 wine Wow.exe -opengl $> /dev/null<br />
<br />
====NVIDIA users and Direct3D mode====<br />
If running the game in Direct3D mode, in conjunction with the above optimization, compiling Wine with the [http://bugs.winehq.org/show_bug.cgi?id=11674#c263 ''"Use glBufferSubDataARB for dynamic buffer uploads"''] patch should yield a further performance increase. This patch does not appear to increase performance in OpenGL mode, though OpenGL mode generally results in higher framerates anyway... albeit at the cost of the game's more advanced Direct3D eye candy.<br />
<br />
'''NOTE: You MUST turn off Wine's debugging to benefit from this'''<br />
WINEDEBUG=-all __GL_THREADED_OPTIMIZATIONS=1 wine Wow.exe<br />
<br />
==== GLXUnsupportedPrivateRequest Problem ====<br />
<br />
On 64 bit systesm, if you're using bumblebee and using optirun to run game with Nvidia Graphic card on your system, you will encounter this error:<br />
<br />
X Error of failed request: GLXUnsupportedPrivateRequest<br />
<br />
In most cases installing {{pkg|lib32-virtualgl}} will solve this problem. [https://bbs.archlinux.org/viewtopic.php?pid=1381891#p1381891 bbs]<br />
<br />
===AMD CPU users====<br />
As WoW significant benefits from L3-Cache you should check if your Processor/Bios has a L3-allocation Option available,<br />
BSP-Only allocation is what worked for me pretty well.<br />
By switching from all-cores allocation to BSP-only the FPS on my system did jump from ~70 outdoors to over 120+. This was done on a II X4 640 with Nvidia Graphics Card(proprietary driver) using -opengl and the thread optimization.<br />
<br />
===CPU/I-O Schedulers====<br />
You can greatly increase World of Warcraft performance by choosing the right schedulers for your machine. Currently, the most-recent version of wine in the official repositories is not configured to fully take advantage of the linux-ck kernel. Instead, it is recommended that wine gamers use the CFS scheduler. Also, World of Warcraft runs better with the deadline I/O scheduler (as opposed to noop, cfq, bfq, etc). You can check if you will benefit from switching I/O schedulers first by determining which I/O scheduler you are using on your drive:<br />
# fdisk -l *to determine the hard drive arch is installed on*<br />
# cat /sys/block/sdX/queue/scheduler *Where X is the letter of the drive fdisk reports*<br />
# echo deadline > /sys/block/sdX/queue/scheduler<br />
<br />
<br />
This is a temporary fix (it does not set deadline permanently), but you may gain an additional 5-30fps, by enabling deadline as the I/O scheduler. Moreover, feel free to play around with other schedulers to pick the one which runs best on your machine, especially if you have an SSD<br />
<br />
==Links==<br />
* [http://appdb.winehq.org/appview.php?iVersionId=6482 World of Warcraft in the wine APPDB]<br />
* [http://www.wowpedia.org/Main_Page Wowpedia]<br />
* [http://www.wowpedia.org/Patch_mirrors Patch Mirrors]</div>Bwaynehttps://wiki.archlinux.org/index.php?title=Infinality&diff=316605Infinality2014-05-25T03:13:56Z<p>Bwayne: /* Installation */ added a note on adding the key ID to pacman keyring. this question arises around once a week on IRC.</p>
<hr />
<div>[[Category:Fonts]]<br />
[[ja:Infinality-bundle+fonts]]<br />
{{Related articles start}}<br />
{{Related|Fonts}}<br />
{{Related|Font configuration}}<br />
{{Related|MS Fonts}}<br />
{{Related articles end}}<br />
'''Infinality-bundle''' is a collection of software providing an easy, "install-and-forget" method of improving text rendering in Arch Linux. The packages are fully compatible with system libraries available in the ''extra'' repository and are meant to be used as drop-in replacements for them.<br />
<br />
Currently, the bundle comprises:<br />
<br />
* ''freetype2-infinality-ultimate'' - {{Pkg|freetype2}} built with [http://www.infinality.net/blog/ Infinality] and additional patches.<br />
* ''fontconfig-infinality-ultimate'' - {{Pkg|fontconfig}} optimized for use with ''freetype2-infinality-ultimate'', including separate configuration presets for free (default), MS and custom font collections.<br />
* ''cairo-infinality-ultimate'' - {{Pkg|cairo}} built with Ubuntu and additional patches.<br />
<br />
All libraries are built in a clean chroot environment and are available for both i686 and x86_64 architectures, including multilib support.<br />
<br />
For best results and users' convenience, a complementary repository ''infinality-bundle-fonts'' is available, offering a wide selection of all necessary typefaces needed to create and reproduce hypertext documents. All fonts were manually selected, ensuring high quality text rendering as well as compatibility with proprietary equivalents used for the Web and the office. All fonts are 100% freely available and are licensed under GPL, OFL, Apache or compatible, non-restrictive licenses.<br />
<br />
By default, no post installation configuration is required. However, for maximum flexibility users can easily customize the bundle depending on their needs.<br />
<br />
== Installation ==<br />
<br />
Add the [[Unofficial user repositories#infinality-bundle|infinality-bundle]] repository to {{ic|pacman.conf}}, then [[pacman|install]] the ''infinality-bundle'' meta package.<br />
<br />
{{Note|Do not forget to add key ID 962DDE58 to your pacman keyring. See [[Pacman-key#Adding unofficial keys]] to detailed instructions.}}<br />
<br />
If you want to access multilib libraries in x86_64 architecture as well, add also the [[Unofficial user repositories#infinality-bundle-multilib|infinality-bundle-multilib]] repository, then [[pacman|install]] the ''infinality-bundle-multilib'' meta package.<br />
<br />
Additionaly, if you want to use a comprehensive collection of free fonts from the ''infinality-bundle-fonts'' repository, also add the [[Unofficial user repositories#infinality-bundle-fonts|infinality-bundle-fonts]] repository, then [[pacman|install]] the ''ibfonts-meta-base'', and optionally ''ibfonts-meta-extended'', meta packages.<br />
<br />
{{Note|When pacman resolves dependencies and encounters a conflicting package, e.g.:<br />
<br />
{{bc|<br />
resolving dependencies...<br />
looking for inter-conflicts...<br />
:: freetype2-infinality-ultimate and freetype2 are in conflict. Remove freetype2? [y/N]<br />
}}<br />
<br />
answer {{ic|yes}}.}}<br />
<br />
Finally, restart the X server to see the changes.<br />
<br />
{{Tip|In case of occasional server down times, there is always a backup copy of the repositories available via [https://www.dropbox.com/sh/is3v56e4y0tujuz/3UHuzwufZd Dropbox].}}<br />
<br />
== Recommended fonts with restricted licenses ==<br />
<br />
Below you will find a list of fonts that cannot be freely redistributed and thus could not be included in the ''infinality-bundle-fonts'' collection as binary packages. However, they can still be installed and used free of charge under specified conditions. Source packages can be found in the [[AUR]]. Please, read the EULAs for details before you use the fonts!<br />
<br />
*{{AUR|otf-brill}}<br />
*{{AUR|otf-neris}}<br />
*{{AUR|ttf-aller}}<br />
*{{AUR|ttf-envy-code-r}}<br />
<br />
== Customization and troubleshooting ==<br />
<br />
* If you want to install even more fonts, there is an additional ''infinality-bundle-fonts-extra'' collection. Run<br />
<br />
# pacman -Ss infinality-bundle-fonts-extra<br />
<br />
to list available packages.<br />
<br />
{{Note|<br />
* Before you install any third party font from either [[official repositories]] or the [[AUR]], always check if it is available in the ''infinality-bundle-fonts'' collection.<br />
* '''Do not''' attempt to install the entire ''infinality-bundle-fonts-extra'' group. Unless you know for sure you need any of the fonts available there, you will only unnecessarily clutter your hard drive and decrease performance of the font cache. ''ibfonts-meta-extended'' should suffice in most, even very complex, use scenarios.<br />
}}<br />
<br />
* If you want to override default font substitutions set in {{ic|/etc/fonts/conf.d/37-repl-global-''preset''.conf}} or add new ones, use {{ic|/etc/fonts/conf.d/36-repl-custom.conf}} to do so. You will need to duplicate the template (16 lines of code) for each font family to be replaced and provide appropriate font names.<br />
<br />
* One frequent issue users may face with this repositories is that the package database or signatures do not correspond. Often a simple force refresh of the package lists ({{ic|pacman -Syy}}) will fix the issue. If that fails, try removing the infinality-bundle files from {{ic|/var/lib/pacman/sync}} and then resyncing again.<br />
<br />
* It is possible to skip installation of ''infinality-bundle-fonts'' if you want to use Microsoft proprietary font collection instead. If this is the case, you have to activate fontconfig MS preset to ensure the correct set of fonts is selected. To do so, issue<br />
<br />
{{hc|# fc-presets set|<br />
1) custom<br />
2) ms<br />
3) free<br />
4) reset<br />
5) quit<br />
Enter your choice...<br />
}}<br />
<br />
and select {{ic|2}}.<br />
<br />
Run {{ic|fc-presets help}} for more information.<br />
<br />
* If you would rather use a custom font collection, there is a {{ic|custom}} preset available that should let you adjust fontconfig parameters accordingly. When you activate the {{ic|custom}} preset, the content of 'custom' configuration files ({{ic|/etc/fonts/conf.avail.infinality/custom}}) can be freely modified. When you are done, do not forget to create a backup copy of the 'custom' directory.<br />
<br />
* To solve rendering issues in Google Chrome browser described [https://bbs.archlinux.org/viewtopic.php?pid=1344172#p1344172 in this post], edit {{ic|/etc/fonts/fonts.conf}} file and uncomment the following entry:<br />
<br />
{{bc|<nowiki><!--match target="pattern"><br />
<edit name="dpi" mode="assign"><br />
<double>72</double><br />
</edit><br />
</match--></nowiki>}}<br />
<br />
* Emacs users have reported issues with the default variable pitch typeface after installation of ''infinality-bundle-fonts''. To make Emacs behave correctly with free fonts, you have to specify a variable pitch family in {{ic|$HOME/.emacs}}, which can be any but Noto Sans (a.k.a. 'sans' or 'system font'), e.g.:<br />
<br />
{{bc|<br />
(custom-set-faces<br />
'(default ((t (:family "Liberation Mono" :slant normal :weight regular :height 98))))<br />
'(variable-pitch ((t (:family "Liberation Sans" :slant normal :weight regular :height 98 )))))<br />
}}<br />
<br />
* GIMP users have reported issues with the subpixel rendering of text in images. The best course of action is to disable subpixel rendering completely for GIMP. Add a file {{ic|/etc/gimp/2.0/fonts.conf}} (or {{ic|~/gimp-2.8/fonts.conf}} for a single user) with the following content:<br />
<br />
{{hc|/etc/gimp/2.0/fonts.conf|<nowiki><br />
<fontconfig><br />
<match target="font"><br />
<edit name="rgba" mode="assign"><br />
<const>none</const><br />
</edit><br />
</match><br />
</fontconfig><br />
</nowiki>}}<br />
<br />
* Users of popular Desktop Environments (Gnome, KDE, Xfce4, Cinnamon, LXDE) should adjust font settings via their DE's control panel. Basically, the settings should duplicate those found in the freetype2 configuration file ({{ic|/etc/profile.d/infinality-settings.sh}}):<br />
<br />
{{bc|<br />
Xft.antialias: 1<br />
Xft.autohint: 0<br />
Xft.dpi: 96<br />
Xft.hinting: 1<br />
Xft.hintstyle: hintfull<br />
Xft.lcdfilter: lcddefault<br />
Xft.rgba: rgb<br />
}}<br />
<br />
If your DE's control panel does not let you set any of the above, adjust only those available.<br />
<br />
* Some language specifics diacritics / glyphs are displayed inconsistently using default font.<br />
<br />
This is usually the case with websites (notably blogs) utilizing predefined CSS templates that make use of web fonts missing support for extended Latin scripts (most often A and B). Even though this is not a problem with any of the infinality-bundle components and thus should be fixed by the author / maintainer of the problematic site, it can still be got round by creating a relevant font replacement rule in fontconfig. If you want to use this option, activate {{ic|36-repl-missing-glyphs.conf}} first:<br />
<br />
$ cd /etc/fonts/conf.d<br />
$ ln -s ../conf.avail.infinality/36-repl-missing-glyphs.conf .<br />
<br />
and then edit the file accordingly following the provided example.<br />
<br />
{{Note|Default fonts for non-Latin scripts are set in {{ic|65-non-latin-''preset''.conf}} (default settings).}}<br />
<br />
* Overriding default replacement rules and adding custom ones is possible with {{ic|35-repl-custom.conf}}. The file is activated by default, so all you need to do is edit if you want to use it.<br />
<br />
* If you experience general problems with fonts (e.g. certain glyphs are not loaded in PDF documents, while a font family providing them has been correctly installed), start troubleshooting by issuing<br />
<br />
# fc-cache -fr<br />
<br />
This will remove the entire font cache and recreate it from scratch.<br />
<br />
* ''fontconfig-infinality-ultimate'' is updated frequently, usually every 3-4 weeks, after a number of recently reported minor bugs has been fixed. As every fix is immediately committed to the GitHub repository, users who chose {{AUR|fontconfig-infinality-ultimate-git}} from the AUR will get them sooner, i.e. when they rebuild the package.<br />
<br />
{{Note|<br />
''fontconfig-infinality-ultimate-git'' is a development branch of the package available in the [infinality-bundle] repository. Keep in mind that it is not a stable release and can break at times.}}<br />
<br />
{{Note|<br />
When '''reporting bugs''', please report all code-related issues (incorrect rendering, fontconfig problems, etc.) at GitHub [https://github.com/bohoomil/fontconfig-ultimate/issues Issues * bohoomil/fontconfig-ultimate] and Arch specific, including problems regarding maintenance, packaging and general questions, in dedicated threads at Arch Forums. Before filing a report, make sure that [infinality-bundle] packages were correctly installed and customized.}}<br />
<br />
== See also ==<br />
<br />
* [http://bohoomil.com Infinality bundle and fonts] - the home page of the project (to be updated soon)<br />
* [https://github.com/bohoomil/fontconfig-ultimate fontconfig-ultimate] - git repository providing all patches, configuration files and build scripts for the entire ''infinality-bundle+fonts'' collection in separate branches <br />
* [https://bbs.archlinux.org/viewtopic.php?id=162098 infinality-bundle: good looking fonts made (even) easier] - ''infinality-bundle'' support thread in the Arch Linux Forums<br />
* [https://bbs.archlinux.org/viewtopic.php?id=170976 infinality-bundle-fonts: a free multilingual font collection for Arch] - ''infinality-bundle-fonts'' support thread in the Arch Linux Forums</div>Bwaynehttps://wiki.archlinux.org/index.php?title=Unofficial_user_repositories&diff=316603Unofficial user repositories2014-05-25T03:04:54Z<p>Bwayne: Clarified the process of adding/enabling a signed repository</p>
<hr />
<div>[[Category:Package management]]<br />
{{Related articles start}}<br />
{{Related|pacman-key}}<br />
{{Related|Official repositories}}<br />
{{Related articles end}} <br />
Because the AUR only allows users to upload PKGBUILD and other package build related files, but does not provide a means for distributing a binary package, a user may want to create a binary repository of their packages elsewhere. See [[Pacman tips#Custom local repository]] for more information.<br />
<br />
== Using a Signed Repository ==<br />
<br />
If you are looking to add a signed repository to your {{ic|pacman.conf}}, then find the key ID corresponding to the desired signed repository below. The key must then be added to the pacman keyring. Usually, the key already exists on a keyserver and can be automatically imported with: {{bc|# pacman-key -r ''keyid''}} Otherwise, if a link to the keyfile is provided, download it and then run: {{bc|# pacman-key --add ''/path/to/downloaded/keyfile''}}<br />
<br />
For more information see [[Pacman-key#Adding unofficial keys]]. <br />
<br />
== Adding Your Repository to this Page ==<br />
<br />
If you have your own repository, please add it to this page, so that all the other users will know where to find your packages. Please keep the following rules when adding new repositories:<br />
<br />
* Keep the lists in alphabetical order.<br />
* Include some information about the maintainer: include at least a (nick)name and some form of contact information (web site, email address, user page on ArchWiki or the forums, etc.).<br />
* If the repository is of the ''signed'' variety, please include a key-id, possibly using it as the anchor for a link to its keyserver; if the key is not on a keyserver, include a link to the key file.<br />
* Include some short description (e.g. the category of packages provided in the repository).<br />
* If there is a page (either on ArchWiki or external) containing more information about the repository, include a link to it.<br />
* If possible, avoid using comments in code blocks. The formatted description is much more readable. Users who want some comments in their {{ic|pacman.conf}} can easily create it on their own.<br />
<br />
<br />
{{Expansion|Please fill in the missing information about maintainers.}}<br />
<br />
== Any ==<br />
<br />
"Any" repositories are architecture-independent. In other words, they can be used on both i686 and x86_64 systems.<br />
<br />
=== Signed ===<br />
<br />
==== bioinformatics-any ====<br />
<br />
* '''Maintainer:''' [https://aur.archlinux.org/account/decryptedepsilon/ decryptedepsilon]<br />
* '''Description:''' A repository containing some python packages and genome browser for Bioinformatics<br />
* '''Key-ID:''' 60442BA4<br />
<br />
{{bc|<nowiki><br />
[bioinformatics-any]<br />
Server = http://decryptedepsilon.bl.ee/repo/any<br />
</nowiki>}}<br />
<br />
==== infinality-bundle-fonts ====<br />
<br />
* '''Maintainer:''' [http://bohoomil.com/ bohoomil]<br />
* '''Description:''' infinality-bundle-fonts repository.<br />
* '''Upstream page:''' [http://bohoomil.com/ Infinality bundle & fonts]<br />
* '''Key-ID:''' 962DDE58<br />
<br />
{{bc|<nowiki><br />
[infinality-bundle-fonts]<br />
Server = http://bohoomil.com/repo/fonts<br />
</nowiki>}}<br />
<br />
==== xyne-any ====<br />
<br />
* '''Maintainer:''' [https://www.archlinux.org/trustedusers/#xyne Xyne]<br />
* '''Description:''' A repository for Xyne's own projects containing packages for "any" architecture.<br />
* '''Upstream page:''' http://xyne.archlinux.ca/projects/<br />
* '''Key-ID:''' Not needed, as maintainer is a TU<br />
<br />
{{Note|Use this repository only if there is no matching {{ic|[xyne-*]}} repository for your architecture.}}<br />
<br />
{{bc|<nowiki><br />
[xyne-any]<br />
Server = http://xyne.archlinux.ca/repos/xyne<br />
</nowiki>}}<br />
<br />
=== Unsigned ===<br />
<br />
==== archlinuxgr-any ====<br />
* '''Maintainer:'''<br />
* '''Description:''' The Hellenic (Greek) unofficial Arch Linux repository with many interesting packages.<br />
<br />
{{bc|<nowiki><br />
[archlinuxgr-any]<br />
Server = http://archlinuxgr.tiven.org/archlinux/any<br />
</nowiki>}}<br />
<br />
== Both i686 and x86_64 ==<br />
<br />
Repositories with both i686 and x86_64 versions. The {{ic|$arch}} variable will be set automatically by pacman.<br />
<br />
=== Signed ===<br />
<br />
==== arcanisrepo ====<br />
<br />
* '''Maintainer:''' [https://www.archlinux.org/trustedusers/#arcanis arcanis]<br />
* '''Description:''' A repository with some AUR packages including packages from VCS<br />
* '''Key-ID:''' Not needed, as maintainer is a TU<br />
<br />
{{bc|<nowiki><br />
[arcanisrepo]<br />
Server = ftp://repo.arcanis.name/repo/$arch<br />
</nowiki>}}<br />
<br />
==== bbqlinux ====<br />
<br />
* '''Maintainer:''' [https://plus.google.com/u/0/+DanielHillenbrand/about Daniel Hillenbrand]<br />
* '''Description:''' Packages for Android Development<br />
* '''Upstream Page:''' http://bbqlinux.org/<br />
* '''Key-ID:''' Get the bbqlinux-keyring package, as it contains the needed keys.<br />
<br />
{{bc|<nowiki><br />
[bbqlinux]<br />
Server = http://packages.bbqlinux.org/$arch<br />
</nowiki>}}<br />
==== carstene1ns ====<br />
<br />
* '''Maintainer:''' [[User:Carstene1ns|Carsten Teibes]]<br />
* '''Description:''' AUR packages maintained and/or used by Carsten Teibes (games/Wii/lib32/Python)<br />
* '''Upstream page:''' http://arch.carsten-teibes.de (still under construction)<br />
* '''Key-ID:''' 2476B20B<br />
<br />
{{bc|<nowiki><br />
[carstene1ns]<br />
Server = http://repo.carsten-teibes.de/$arch<br />
</nowiki>}}<br />
<br />
==== catalyst ====<br />
<br />
* '''Maintainer:''' [[User:Vi0L0 | Vi0l0]]<br />
* '''Description:''' ATI Catalyst proprietary drivers.<br />
* '''Upstream Page:''' http://catalyst.wirephire.com<br />
* '''Key-ID:''' 653C3094<br />
<br />
{{bc|<nowiki><br />
[catalyst]<br />
Server = http://catalyst.wirephire.com/repo/catalyst/$arch<br />
## Mirrors, if the primary server does not work or is too slow:<br />
#Server = http://70.239.162.206/catalyst-mirror/repo/catalyst/$arch<br />
#Server = http://mirror.rts-informatique.fr/archlinux-catalyst/repo/catalyst/$arch<br />
#Server = http://mirror.hactar.bz/Vi0L0/catalyst/$arch<br />
</nowiki>}}<br />
<br />
==== catalyst-hd234k ====<br />
<br />
* '''Maintainer:''' [[User:Vi0L0 | Vi0l0]]<br />
* '''Description:''' ATI Catalyst proprietary drivers.<br />
* '''Upstream Page:''' http://catalyst.wirephire.com<br />
* '''Key-ID:''' 653C3094<br />
<br />
{{bc|<nowiki><br />
[catalyst-hd234k]<br />
Server = http://catalyst.wirephire.com/repo/catalyst-hd234k/$arch<br />
## Mirrors, if the primary server does not work or is too slow:<br />
#Server = http://70.239.162.206/catalyst-mirror/repo/catalyst-hd234k/$arch<br />
#Server = http://mirror.rts-informatique.fr/archlinux-catalyst/repo/catalyst-hd234k/$arch<br />
#Server = http://mirror.hactar.bz/Vi0L0/catalyst-hd234k/$arch<br />
</nowiki>}}<br />
<br />
==== city ====<br />
<br />
* '''Maintainer:''' [https://www.archlinux.org/trustedusers/#bgyorgy Balló György]<br />
* '''Description:''' Experimental/unpopular packages.<br />
* '''Upstream page:''' http://pkgbuild.com/~bgyorgy/city.html<br />
* '''Key-ID:''' Not needed, as maintainer is a TU<br />
<br />
{{bc|<nowiki><br />
[city]<br />
Server = http://pkgbuild.com/~bgyorgy/$repo/os/$arch<br />
</nowiki>}}<br />
<br />
==== crypto ====<br />
<br />
* '''Maintainer:'''<br />
* '''Description:''' Includes tomb, tomb-git, and other related software.<br />
<br />
{{bc|<nowiki><br />
[crypto]<br />
Server = http://tomb.dyne.org/arch_repo/$arch<br />
</nowiki>}}<br />
<br />
==== demz-repo-archiso ====<br />
<br />
* '''Maintainer:''' [http://demizerone.com Jesus Alvarez (demizer)]<br />
* '''Description:''' Packages for installing ZFS from an Arch ISO live disk<br />
* '''Upstream page:''' https://github.com/demizer/archzfs<br />
* '''Key-ID:''' 0EE7A126<br />
<br />
==== demz-repo-core ====<br />
<br />
* '''Maintainer:''' [http://demizerone.com Jesus Alvarez (demizer)]<br />
* '''Description:''' Packages for ZFS on Arch Linux.<br />
* '''Upstream page:''' https://github.com/demizer/archzfs<br />
* '''Key-ID:''' 0EE7A126<br />
<br />
{{bc|<nowiki><br />
[demz-repo-core]<br />
Server = http://demizerone.com/$repo/$arch<br />
</nowiki>}}<br />
<br />
{{bc|<nowiki><br />
[demz-repo-archiso]<br />
Server = http://demizerone.com/$repo/$arch<br />
</nowiki>}}<br />
<br />
==== infinality-bundle ====<br />
<br />
* '''Maintainer:''' [http://bohoomil.com/ bohoomil]<br />
* '''Description:''' infinality-bundle main repository.<br />
* '''Upstream page:''' [http://bohoomil.com/ Infinality bundle & fonts]<br />
* '''Key-ID:''' 962DDE58<br />
<br />
{{bc|<nowiki><br />
[infinality-bundle]<br />
Server = http://bohoomil.com/repo/$arch<br />
</nowiki>}}<br />
<br />
==== lxqt-git ====<br />
<br />
* '''Maintiner:''' [http://www.stobbstechnical.com/ stobbsm]<br />
* '''Description:''' lxqt-git weekly build repository<br />
* '''Key-ID:''' 26EBCC57<br />
<br />
{{bc|<nowiki><br />
[lxqt-git]<br />
Server = http://repo.stobbstechnical.com/$arch<br />
</nowiki>}}<br />
<br />
==== metalgamer ====<br />
<br />
* '''Maintainer:''' [http://metalgamer.eu/ metalgamer]<br />
* '''Description:''' Packages I use and/or maintain on the AUR.<br />
* '''Key ID:''' F55313FB<br />
<br />
{{bc|<nowiki><br />
[metalgamer]<br />
Server = http://repo.metalgamer.eu/$arch<br />
</nowiki>}}<br />
<br />
==== pipelight ====<br />
<br />
* '''Maintainer:''' <br />
* '''Description:''' Pipelight and wine-compholio<br />
* '''Upstream page:''' [http://fds-team.de/ fds-team.de]<br />
* '''Key-ID:''' E49CC0415DC2D5CA<br />
* '''Keyfile:''' http://repos.fds-team.de/Release.key<br />
{{bc|<nowiki>[pipelight]<br />
Server = http://repos.fds-team.de/stable/arch/$arch</nowiki>}}<br />
<br />
==== repo-ck ====<br />
<br />
* '''Maintainer:''' [[User:Graysky|graysky]]<br />
* '''Description:''' Kernel and modules with Brain Fuck Scheduler and all the goodies in the ck1 patch set.<br />
* '''Upstream page:''' [http://repo-ck.com repo-ck.com]<br />
* '''Wiki:''' [[repo-ck]]<br />
* '''Key-ID:''' 5EE46C4C<br />
<br />
{{bc|<nowiki><br />
[repo-ck]<br />
Server = http://repo-ck.com/$arch<br />
</nowiki>}}<br />
<br />
==== sergej-repo ====<br />
<br />
* '''Maintainer:''' [https://www.archlinux.org/trustedusers/#spupykin Sergej Pupykin]<br />
* '''Description:''' psi-plus, owncloud-git, ziproxy, android, MySQL, and other stuff. Some packages also available for armv7h.<br />
* '''Key-ID:''' Not required, as maintainer is a TU<br />
<br />
{{bc|<nowiki><br />
[sergej-repo]<br />
Server = http://repo.p5n.pp.ru/$repo/os/$arch<br />
</nowiki>}}<br />
<br />
=== Unsigned ===<br />
<br />
{{Note|Users will need to add the following to these entries: {{ic|1=SigLevel = PackageOptional}}}}<br />
<br />
==== alucryd ====<br />
<br />
* '''Maintainer:''' [https://www.archlinux.org/trustedusers/#alucryd Maxime Gauduin]<br />
* '''Description:''' Repository containing various packages Maxime Gauduin maintains (or not) in the AUR.<br />
<br />
{{bc|<nowiki><br />
[alucryd]<br />
Server = http://pkgbuild.com/~alucryd/$repo/$arch<br />
</nowiki>}}<br />
<br />
==== archaudio ====<br />
<br />
* '''Maintainer:''' [[User:Schivmeister|Ray Rashif]], [https://aur.archlinux.org/account/jhernberg Joakim Hernberg]<br />
* '''Description:''' Pro-audio packages<br />
<br />
{{bc|<nowiki><br />
[archaudio-production]<br />
Server = http://repos.archaudio.org/$repo/$arch<br />
</nowiki>}}<br />
<br />
==== archie-repo ====<br />
* '''Maintainer:''' [https://aur.archlinux.org/account/Kalinda/ Kalinda]<br />
* '''Description:''' Repo for wine-silverlight, pipelight, and some misc packages.<br />
<br />
{{bc|<nowiki><br />
[archie-repo]<br />
Server = http://andontie.net/archie-repo/$arch<br />
</nowiki>}}<br />
<br />
==== archlinuxcn ====<br />
<br />
* '''Maintainer:'''<br />
* '''Description:''' The Chinese Arch Linux communities packages.<br />
<br />
{{bc|<nowiki><br />
[archlinuxcn]<br />
Server = http://repo.archlinuxcn.org/$arch<br />
</nowiki>}}<br />
<br />
==== archlinuxfr ====<br />
<br />
* '''Maintainer:'''<br />
* '''Description:'''<br />
* '''Upstream page:''' http://afur.archlinux.fr<br />
<br />
{{bc|<nowiki><br />
[archlinuxfr]<br />
Server = http://repo.archlinux.fr/$arch<br />
</nowiki>}}<br />
<br />
==== archlinuxgis ====<br />
{{Note|Off-line since 2014-03-29.}}<br />
* '''Maintainer:'''<br />
* '''Description:''' Maintainers needed - low bandwidth<br />
<br />
{{bc|<nowiki><br />
[archlinuxgis]<br />
Server = http://archlinuxgis.no-ip.org/$arch<br />
</nowiki>}}<br />
<br />
==== archlinuxgr ====<br />
<br />
* '''Maintainer:'''<br />
* '''Description:'''<br />
<br />
{{bc|<nowiki><br />
[archlinuxgr]<br />
Server = http://archlinuxgr.tiven.org/archlinux/$arch<br />
</nowiki>}}<br />
<br />
==== archlinuxgr-kde4 ====<br />
<br />
* '''Maintainer:'''<br />
* '''Description:''' KDE4 packages (plasmoids, themes etc) provided by the Hellenic (Greek) Arch Linux community<br />
<br />
{{bc|<nowiki><br />
[archlinuxgr-kde4]<br />
Server = http://archlinuxgr.tiven.org/archlinux-kde4/$arch<br />
</nowiki>}}<br />
<br />
==== archstuff ====<br />
{{Note|Off-line since 2014-01-06.}}<br />
* '''Maintainer:'''<br />
* '''Description:''' AUR's most voted and many bin32-* and lib32-* packages.<br />
<br />
{{bc|<nowiki><br />
[archstuff]<br />
Server = http://archstuff.vs169092.vserver.de/$arch<br />
</nowiki>}}<br />
<br />
==== arsch ====<br />
<br />
* '''Maintainer:'''<br />
* '''Description:''' From users of orgizm.net<br />
<br />
{{bc|<nowiki><br />
[arsch]<br />
Server = http://arsch.orgizm.net/$arch<br />
</nowiki>}}<br />
<br />
==== aurbin ====<br />
<br />
* '''Maintainer:'''<br />
* '''Description:''' Automated build of AUR packages<br />
* '''Upstream page:''' http://aurbin.net/<br />
<br />
{{bc|<nowiki><br />
[aurbin]<br />
Server = http://aurbin.net/$arch<br />
</nowiki>}}<br />
<br />
==== cinnamon ====<br />
<br />
* '''Maintainer:'''<br />
* '''Description:''' Stable and actively developed Cinnamon packages (Applets, Themes, Extensions), plus others (Hotot, qBitTorrent, GTK themes, Perl modules, and more).<br />
<br />
{{bc|<nowiki><br />
[cinnamon]<br />
Server = http://archlinux.zoelife4u.org/cinnamon/$arch<br />
</nowiki>}}<br />
<br />
==== ede ====<br />
<br />
* '''Maintainer:'''<br />
* '''Description:''' Equinox Desktop Environment repository<br />
<br />
{{bc|<nowiki><br />
[ede]<br />
Server = http://www.equinox-project.org/repos/arch/$arch<br />
</nowiki>}}<br />
<br />
==== haskell-core ====<br />
<br />
* '''Maintainer:''' Magnus Therning<br />
* '''Description:''' Arch-Haskell repository<br />
* '''Upstream page:''' https://github.com/archhaskell/habs<br />
<br />
{{bc|<nowiki><br />
[haskell-core]<br />
Server = http://xsounds.org/~haskell/core/$arch<br />
</nowiki>}}<br />
<br />
==== heftig ====<br />
<br />
* '''Maintainer:''' [https://www.archlinux.org/trustedusers/#heftig Jan Steffens]<br />
* '''Description:''' Includes linux-zen and aurora (Firefox development build - works alongside {{Pkg|firefox}} in the ''extra'' repository).<br />
* '''Upstream page:''' https://bbs.archlinux.org/viewtopic.php?id=117157<br />
<br />
{{bc|<nowiki><br />
[heftig]<br />
Server = http://pkgbuild.com/~heftig/repo/$arch<br />
</nowiki>}}<br />
<br />
==== herecura-stable ====<br />
<br />
* '''Maintainer:'''<br />
* '''Description:''' additional packages not found in the ''community'' repository<br />
<br />
{{bc|<nowiki><br />
[herecura-stable]<br />
Server = http://repo.herecura.be/herecura-stable/$arch<br />
</nowiki>}}<br />
<br />
==== herecura-testing ====<br />
<br />
* '''Maintainer:'''<br />
* '''Description:''' additional packages for testing build against stable arch<br />
<br />
{{bc|<nowiki><br />
[herecura-testing]<br />
Server = http://repo.herecura.be/herecura-testing/$arch<br />
</nowiki>}}<br />
<br />
==== mesa-git ====<br />
<br />
* '''Maintainer:'''<br />
* '''Description:''' Mesa git builds for the ''testing'' and ''multilib-testing'' repositories<br />
<br />
{{bc|<nowiki><br />
[mesa-git]<br />
Server = http://pkgbuild.com/~lcarlier/$repo/$arch<br />
</nowiki>}}<br />
<br />
==== oracle ====<br />
<br />
* '''Maintainer:'''<br />
* '''Description:''' Oracle database client<br />
<br />
{{Warning|By adding this you are agreeing to the Oracle license at http://www.oracle.com/technetwork/licenses/instant-client-lic-152016.html}}<br />
<br />
{{bc|<nowiki><br />
[oracle]<br />
Server = http://linux.shikadi.net/arch/$repo/$arch/<br />
</nowiki>}}<br />
<br />
==== pantheon ====<br />
<br />
* '''Maintainer:''' [https://www.archlinux.org/trustedusers/#alucryd Maxime Gauduin]<br />
* '''Description:''' Repository containing Pantheon-related packages<br />
<br />
{{bc|<nowiki><br />
[pantheon]<br />
Server = http://pkgbuild.com/~alucryd/$repo/$arch<br />
</nowiki>}}<br />
<br />
==== paulburton-fitbitd ====<br />
<br />
* '''Maintainer:'''<br />
* '''Description:''' Contains fitbitd for synchronizing FitBit trackers<br />
<br />
{{bc|<nowiki><br />
[paulburton-fitbitd]<br />
Server = http://www.paulburton.eu/arch/fitbitd/$arch<br />
</nowiki>}}<br />
<br />
==== pfkernel ====<br />
<br />
* '''Maintainer:''' [[User:Nous|nous]]<br />
* '''Description:''' Generic and optimized binaries of the ARCH kernel patched with BFS, TuxOnIce, BFQ, Aufs3, linux-pf, kernel26-pf, gdm-old, nvidia-pf, nvidia-96xx, xchat-greek, arora-git<br />
* '''Note:''' To browse through the repository, one needs to append {{ic|index.html}} after the server URL (this is an intentional quirk of Dropbox). For example, for x86_64, point your browser to http://dl.dropbox.com/u/11734958/x86_64/index.html or start at http://tiny.cc/linux-pf<br />
<br />
{{bc|<nowiki><br />
[pfkernel]<br />
Server = http://dl.dropbox.com/u/11734958/$arch<br />
</nowiki>}}<br />
<br />
==== suckless ====<br />
<br />
* '''Maintainer:'''<br />
* '''Description:''' suckless.org packages<br />
<br />
{{bc|<nowiki><br />
[suckless]<br />
Server = http://dl.suckless.org/arch/$arch<br />
</nowiki>}}<br />
<br />
==== unity ====<br />
<br />
* '''Maintainer:'''<br />
* '''Description:''' unity packages for Arch<br />
<br />
{{bc|<nowiki><br />
[unity]<br />
Server = http://unity.xe-xe.org/$arch<br />
</nowiki>}}<br />
<br />
==== unity-extra ====<br />
<br />
* '''Maintainer:'''<br />
* '''Description:''' unity extra packages for Arch<br />
<br />
{{bc|<nowiki><br />
[unity-extra]<br />
Server = http://unity.xe-xe.org/extra/$arch<br />
</nowiki>}}<br />
<br />
==== home_tarakbumba_archlinux_Arch_Extra_standard ====<br />
<br />
* '''Maintainer:'''<br />
* '''Description:''' Contains a few pre-built AUR packages (zemberek, firefox-kde-opensuse, etc.)<br />
<br />
{{bc|<nowiki><br />
[home_tarakbumba_archlinux_Arch_Extra_standard]<br />
Server = http://download.opensuse.org/repositories/home:/tarakbumba:/archlinux/Arch_Extra_standard/$arch<br />
</nowiki>}}<br />
<br />
== i686 only ==<br />
<br />
=== Signed ===<br />
<br />
==== eee-ck ====<br />
<br />
* '''Maintainer:'''<br />
* '''Description:''' Kernel and modules optimized for Asus Eee PC 701, with -ck patchset.<br />
<br />
{{bc|<nowiki><br />
[eee-ck]<br />
Server = http://zembla.shatteredsymmetry.com/repo<br />
</nowiki>}}<br />
<br />
==== xyne-i686 ====<br />
<br />
* '''Maintainer:''' [https://www.archlinux.org/trustedusers/#xyne Xyne]<br />
* '''Description:''' A repository for Xyne's own projects containing packages for the "i686" architecture.<br />
* '''Upstream page:''' http://xyne.archlinux.ca/projects/<br />
* '''Key-ID:''' Not required, as maintainer is a TU<br />
<br />
{{Note|This includes all packages in [[#xyne-any|<nowiki>[xyne-any]</nowiki>]].}}<br />
<br />
{{bc|<nowiki><br />
[xyne-i686]<br />
Server = http://xyne.archlinux.ca/repos/xyne<br />
</nowiki>}}<br />
<br />
=== Unsigned ===<br />
<br />
==== andrwe ====<br />
<br />
* '''Maintainer:''' Andrwe Lord Weber<br />
* '''Description:''' each program I'm using on x86_64 is compiled for i686 too<br />
* '''Upstream page:''' http://andrwe.org/linux/repository<br />
<br />
{{bc|<nowiki><br />
[andrwe]<br />
Server = http://repo.andrwe.org/i686<br />
</nowiki>}}<br />
<br />
==== batchbin ====<br />
{{Expansion|Who is the maintainer?}}<br />
{{Note|Offline since 2014-02-15.}}<br />
* '''Maintainer:'''<br />
* '''Description:''' My personal projects and utilities which I feel can benefit others.<br />
<br />
{{bc|<nowiki><br />
[batchbin]<br />
Server = http://batchbin.ueuo.com/archlinux<br />
</nowiki>}}<br />
<br />
==== esclinux ====<br />
<br />
* '''Maintainer:'''<br />
* '''Description:''' Mostly games, interactive fiction, and abc notation stuff already on the AUR.<br />
<br />
{{bc|<nowiki><br />
[esclinux]<br />
Server = http://download.tuxfamily.org/esclinuxcd/ressources/repo/i686/<br />
</nowiki>}}<br />
<br />
==== kpiche ====<br />
<br />
* '''Maintainer:'''<br />
* '''Description:''' Stable OpenSync packages.<br />
<br />
{{bc|<nowiki><br />
[kpiche]<br />
Server = http://kpiche.archlinux.ca/repo<br />
</nowiki>}}<br />
<br />
==== kernel26-pae ====<br />
<br />
* '''Maintainer:'''<br />
* '''Description:''' PAE-enabled 32-bit kernel 2.6.39<br />
<br />
{{bc|<nowiki><br />
[kernel26-pae]<br />
Server = http://kernel26-pae.archlinux.ca/<br />
</nowiki>}}<br />
<br />
==== linux-pae ====<br />
<br />
* '''Maintainer:'''<br />
* '''Description:''' PAE-enabled 32-bit kernel 3.0<br />
<br />
{{bc|<nowiki><br />
[linux-pae]<br />
Server = http://pae.archlinux.ca/<br />
</nowiki>}}<br />
<br />
==== rfad ====<br />
<br />
* '''Maintainer:''' requiem [at] archlinux.us <br />
* '''Description:''' Repository made by haxit<br />
<br />
{{bc|<nowiki><br />
[rfad]<br />
Server = http://web.ncf.ca/ey723/archlinux/repo/<br />
</nowiki>}}<br />
<br />
==== studioidefix ====<br />
<br />
* '''Maintainer:'''<br />
* '''Description:''' Precompiled boxee packages.<br />
<br />
{{bc|<nowiki><br />
[studioidefix]<br />
Server = http://studioidefix.googlecode.com/hg/repo/i686<br />
</nowiki>}}<br />
<br />
== x86_64 only ==<br />
<br />
=== Signed ===<br />
<br />
==== apathism ====<br />
<br />
* '''Maintainer:''' Koryabkin Ivan ([https://aur.archlinux.org/account/apathism/ apathism])<br />
* '''Upstream page:''' https://apathism.net/<br />
* '''Description:''' AUR packages that would take long to build, such as {{AUR|firefox-kde-opensuse}}.<br />
* '''Key-ID:''' 3E37398D<br />
* '''Keyfile:''' http://apathism.net/archlinux/apathism.key<br />
<br />
{{bc|<nowiki><br />
[apathism]<br />
Server = http://apathism.net/archlinux/<br />
</nowiki>}}<br />
<br />
==== bioinformatics ====<br />
<br />
* '''Maintainer:''' [https://aur.archlinux.org/account/decryptedepsilon/ decryptedepsilon]<br />
* '''Description:''' A repository containing some software tools for Bioinformatics<br />
* '''Key-ID:''' 60442BA4<br />
<br />
{{bc|<nowiki><br />
[bioinformatics]<br />
Server = http://decryptedepsilon.bl.ee/repo/x86_64<br />
</nowiki>}}<br />
<br />
==== freifunk-rheinland ====<br />
<br />
* '''Maintainer:''' nomaster<br />
* '''Description:''' Packages for the Freifunk project: batman-adv, batctl, fastd and dependencies.<br />
<br />
{{bc|<nowiki><br />
[freifunk-rheinland]<br />
Server = http://mirror.fluxent.de/archlinux-custom/$repo/os/$arch<br />
</nowiki>}}<br />
<br />
==== heimdal ====<br />
{{Note|Offline since 2014-03-06.}}<br />
* '''Maintainer:'''<br />
* '''Description:''' Packages are compiled against Heimdal instead of MIT KRB5. Meant to be dropped before {{ic|[core]}} in {{ic|pacman.conf}}. All packages are signed.<br />
* '''Upstream page:''' https://github.com/Kiwilight/Heimdal-Pkgbuilds<br />
{{Warning|Be careful. Do not use this unless you know what you are doing because many of these packages override packages from the ''core'' and ''extra'' repositories}}<br />
<br />
{{bc|<nowiki><br />
[heimdal]<br />
Server = http://www.kiwilight.com/heimdal/$arch/<br />
</nowiki>}}<br />
<br />
==== infinality-bundle-multilib ====<br />
<br />
* '''Maintainer:''' [http://bohoomil.com/ bohoomil]<br />
* '''Description:''' infinality-bundle multilib repository.<br />
* '''Upstream page:''' [http://bohoomil.com/ Infinality bundle & fonts]<br />
* '''Key-ID:''' 962DDE58<br />
<br />
{{bc|<nowiki><br />
[infinality-bundle-multilib]<br />
Server = http://bohoomil.com/repo/multilib/$arch<br />
</nowiki>}}<br />
<br />
==== siosm-aur ====<br />
<br />
* '''Maintainer:''' [https://tim.siosm.fr/about/ Timothee Ravier]<br />
* '''Description:''' packages also available in the Arch User Repository, sometimes with minor fixes<br />
* '''Upstream page:''' https://tim.siosm.fr/repositories/<br />
* '''Key-ID:''' 78688F83<br />
<br />
{{bc|<nowiki><br />
[siosm-aur]<br />
Server = http://repo.siosm.fr/$repo/<br />
</nowiki>}}<br />
<br />
==== siosm-selinux ====<br />
<br />
* '''Maintainer:''' [https://tim.siosm.fr/about/ Timothee Ravier]<br />
* '''Description:''' packages required for SELinux support – work in progress (notably, missing an Arch Linux-compatible SELinux policy). See the [[SELinux]] page for details.<br />
* '''Upstream page:''' https://tim.siosm.fr/repositories/<br />
* '''Key-ID:''' 78688F83<br />
<br />
{{bc|<nowiki><br />
[siosm-selinux]<br />
Server = http://repo.siosm.fr/$repo/<br />
</nowiki>}}<br />
<br />
==== subtitlecomposer ====<br />
<br />
* '''Maintainer:''' Mladen Milinkovic (maxrd2)<br />
* '''Description:''' Subtitle Composer stable and nightly builds<br />
* '''Upstream page:''' https://github.com/maxrd2/subtitlecomposer<br />
* '''Key-ID:''' EA8CEBEE<br />
<br />
{{bc|<nowiki><br />
[subtitlecomposer]<br />
Server = http://smoothware.net/$repo/$arch<br />
</nowiki>}}<br />
<br />
==== xyne-x86_64 ====<br />
<br />
* '''Maintainer:''' [https://www.archlinux.org/trustedusers/#xyne Xyne]<br />
* '''Description:''' A repository for Xyne's own projects containing packages for the "x86_64" architecture.<br />
* '''Upstream page:''' http://xyne.archlinux.ca/projects/<br />
* '''Key-ID:''' Not required, as maintainer is a TU<br />
<br />
{{Note|This includes all packages in [[#xyne-any|<nowiki>[xyne-any]</nowiki>]].}}<br />
<br />
{{bc|<nowiki><br />
[xyne-x86_64]<br />
Server = http://xyne.archlinux.ca/repos/xyne<br />
</nowiki>}}<br />
<br />
=== Unsigned ===<br />
<br />
{{Note|Users will need to add the following to these entries: {{ic|1=SigLevel = PackageOptional}}}}<br />
<br />
==== andrwe ====<br />
<br />
* '''Maintainer:''' Andrwe Lord Weber<br />
* '''Description:''' contains programs I'm using on many systems<br />
* '''Upstream page:''' http://andrwe.dyndns.org/doku.php/blog/repository {{Dead link|2013|11|30}}<br />
<br />
{{bc|<nowiki><br />
[andrwe]<br />
Server = http://repo.andrwe.org/x86_64<br />
</nowiki>}}<br />
<br />
==== archstudio ====<br />
<br />
* '''Maintainer:'''<br />
* '''Description:''' Audio and Music Packages optimized for Intel Core i3, i5, and i7.<br />
* '''Upstream page:''' http://www.xsounds.org/~archstudio<br />
<br />
{{bc|<nowiki><br />
[archstudio]<br />
Server = http://www.xsounds.org/~archstudio/x86_64<br />
</nowiki>}}<br />
<br />
==== brtln ====<br />
<br />
* '''Maintainer:''' [https://www.archlinux.org/trustedusers/#bpiotrowski Bartłomiej Piotrowski]<br />
* '''Description:''' Some VCS packages.<br />
<br />
{{bc|<nowiki><br />
[brtln]<br />
Server = http://pkgbuild.com/~barthalion/brtln/$arch/<br />
</nowiki>}}<br />
<br />
==== hawaii ====<br />
<br />
* '''Maintainer:'''<br />
* '''Description:''' hawaii Qt5/Wayland-based desktop environment<br />
* '''Upstream page:''' http://www.maui-project.org/<br />
<br />
{{bc|<nowiki><br />
[hawaii]<br />
Server = http://archive.maui-project.org/archlinux/$repo/os/$arch<br />
</nowiki>}}<br />
<br />
==== miusystem ====<br />
<br />
* '''Maintainer:''' Theodore Keloglou <thodoris-12@hotmail.com><br />
* '''Description:''' Packages that I use and might interest others<br />
<br />
{{bc|<nowiki><br />
[miusystem]<br />
Server = https://miusystem.com/archlinux-repo<br />
</nowiki>}}<br />
<br />
==== pnsft-pur ====<br />
<br />
* '''Maintainer:'''<br />
* '''Description:''' Japanese input method packages Mozc (vanilla) and libkkc<br />
<br />
{{bc|<nowiki><br />
[pnsft-pur]<br />
Server = http://downloads.sourceforge.net/project/pnsft-aur/pur/x86_64<br />
</nowiki>}}<br />
<br />
==== mingw-w64 ====<br />
<br />
* '''Maintainer:'''<br />
* '''Description:''' Almost all mingw-w64 packages in the AUR updated every 8 hours.<br />
* '''Upstream page:''' http://arch.linuxx.org<br />
<br />
{{bc|<nowiki><br />
[mingw-w64]<br />
Server = http://downloads.sourceforge.net/project/mingw-w64-archlinux/$arch<br />
Server = http://arch.linuxx.org/archlinux/$repo/os/$arch<br />
</nowiki>}}<br />
<br />
==== rightscale ====<br />
<br />
* '''Maintainer:''' Chris Fordham <chris@fordham-nagy.id.au><br />
* '''Description:''' Packages for RightScale including the RightLink cloud instance agent. Install the package, rightscale-agent.<br />
<br />
{{bc|<nowiki><br />
[rightscale]<br />
Server = https://s3-us-west-1.amazonaws.com/archlinux-rightscale/$arch<br />
</nowiki>}}<br />
<br />
==== seiichiro ====<br />
<br />
* '''Maintainer:'''<br />
* '''Description:''' VDR and some plugins, mms, foo2zjs-drivers<br />
<br />
{{bc|<nowiki><br />
[seiichiro]<br />
Server = http://repo.seiichiro0185.org/x86_64<br />
</nowiki>}}<br />
<br />
==== studioidefix ====<br />
<br />
* '''Maintainer:'''<br />
* '''Description:''' Precompiled boxee packages.<br />
<br />
{{bc|<nowiki><br />
[studioidefix]<br />
Server = http://studioidefix.googlecode.com/hg/repo/x86_64<br />
</nowiki>}}<br />
<br />
==== zen ====<br />
{{Note|Offline since 2014-03-06.}}<br />
* '''Maintainer:'''<br />
* '''Description:''' Various and zengeist AUR packages.<br />
<br />
{{bc|<nowiki><br />
[zen]<br />
Server = http://zloduch.cz/archlinux/x86_64<br />
</nowiki>}}<br />
<br />
== armv6h only ==<br />
<br />
=== Unsigned ===<br />
<br />
==== arch-fook-armv6h ====<br />
<br />
* '''Maintainer:''' Jaska Kivelä <jaska@kivela.net><br />
* '''Description:''' Stuff that I have compiled for my Raspberry PI. Including Enlightenment and home automation stuff.<br />
<br />
{{bc|<nowiki><br />
[arch-fook-armv6h]<br />
Server = http://kivela.net/jaska/arch-fook-armv6h<br />
</nowiki>}}</div>Bwaynehttps://wiki.archlinux.org/index.php?title=CVE&diff=315452CVE2014-05-17T14:03:15Z<p>Bwayne: /* Documented Resolved CVE's */</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Stub|Draft of a table containing already corrected CVE<br />
TODO: - improve sexiness of the table <br />
- links to Mitre for CVE-id<br />
}}<br />
<br />
{{Related articles start}}<br />
{{Related|Arch CVE Monitoring Team}}<br />
{{Related articles end}}<br />
This article documents [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's) that are found and fixed in Arch Linux. <br />
<br />
==Introduction==<br />
CVE's represent critical security vulnerabilities which must be addressed as quickly as possible. <br />
<br />
Once a CVE has been located and fixed, it is added to the CVE documentation table below.<br />
<br />
==Helping==<br />
This is a community driven project. Please consider joining the [[Arch_CVE_Monitoring_Team | Arch CVE Monitoring Team]]. <br />
<br />
Also, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch security mailing list]. There is an IRC on irc://irc.freenode.net/archlinux-security.<br />
<br />
==Procedure==<br />
<br />
When adding a CVE to the table, add it to the TOP of the table. Use Wiki markup to create links in the "CVE-ID", "Package", and "Status" columns. The following template may be used to ease the process of adding CVE entries into the table. The first line, "|-" represents the creation of a new row in the table, while the second line should be modified per CVE:<br />
{{hc|CVE Table Addition Template|<nowiki><br />
|-<br />
| {{CVE|CVE-2014-????}} || {{Pkg|pkgname}} || Disclosure date || Affected versions || Fixed in version || Arch Linux response time || Status(Fixed|Pending|Invalid) (Bug reports)<br />
</nowiki>}}<br />
<br />
{{Note|If the CVE is not found in [http://nvd.nist.gov/home.cfm NVD], just include a link to different database in the first column: {{ic|<nowiki>[http://link.to.cve CVE-2014-????]</nowiki>}}}}<br />
<br />
{{Note|The "Date public" field should be expressed in [[Wikipedia:ISO 8601|ISO 8601 format]] to avoid any confusion. Example: 2014-03-22.}}<br />
<br />
{{Note|The "Arch Linux response time" field corresponds to the time between the public release of a vulnerability and the date the package update fixing the vulnerability is made available in the official stable repositories. The "Time really vulnerable" is potentially much lengthier but is harder to estimate.}}<br />
<br />
The above "CVE-template" should be added after the line:<br />
{{bc|<nowiki>! scope="col" width="125px" data-sort-type="text" | CVE-ID !! Package !! Disclosure date !! Affected versions !! Fixed in version !! Arch Linux response time !! Status (and related bug reports)</nowiki>}}<br />
<br />
==Documented Resolved CVE's ==<br />
<br><br />
{{Note|Refer to the [[#Procedure]] section when adding new entries.}}<br />
<br />
{| class="wikitable" style="margin: 1em auto 1em auto; text-align: center;" width="50%"<br />
|height="50px" colspan="7" style="font-size: 125%;"| '''RESOLVED CVE's'''<br />
|-<br />
! scope="col" width="110px" data-sort-type="text" | CVE-ID !! Package !! Disclosure date !! Affected versions !! Fixed in version !! Arch Linux response time !! Status (and related bug reports)<br />
|-<br />
| {{CVE|CVE-2014-0209}} {{CVE|CVE-2014-0210}} {{CVE|CVE-2014-0211}}|| {{Pkg|libXfont}} || 2014-05-13 || < 1.4.18 || 1.4.18 || 3 days || Pending {{Bug|40409 }}<br />
|-<br />
| {{CVE|CVE-2014-0196}} [https://bugzilla.redhat.com/show_bug.cgi?id=1094232 temp-link] || {{Pkg|linux}} {{Pkg|linux-lts}} {{pkg|linux-grsec}} || 2014-05-05 || 2.6.31 - 3.14 || 3.14.3-2 ({{pkg|linux}}), 3.10.39-2 ({{pkg|linux-lts}}), 3.14.3.201405121814-1 ({{pkg|linux-grsec}}) || 7d ({{pkg|linux}}), 8d {{pkg|linux-lts}}, <1d ({{pkg|linux-grsec}}) || Fixed in {{pkg|linux}} ({{Bug|40232}}), Fixed in {{pkg|linux-lts}}, Fixed in {{pkg|linux-grsec}}<br />
|-<br />
| {{CVE|CVE-2014-2905}} {{CVE|CVE-2014-2906}} {{CVE|CVE-2014-2914}} [https://bugzilla.redhat.com/show_bug.cgi?id=1092091 temp-link] || {{Pkg|fish}} || 2014-04-28 || 1.16.0 - 2.1.0 || 2.2.1 || <0 || Patched<br />
|-<br />
| {{CVE|CVE-2014-0160}} || {{Pkg|openssl}} || 2014-04-07 || 1.0.1 - 1.0.1f || 1.0.1g || ~1d || Fixed ({{Bug|39775}})<br />
|-<br />
| {{CVE|CVE-2014-1700}} {{CVE|CVE-2014-1701}} {{CVE|CVE-2014-1702}} {{CVE|CVE-2014-1703}} {{CVE|CVE-2014-1704}} {{CVE|CVE-2014-1705}} {{CVE|CVE-2014-1713}} {{CVE|CVE-2014-1715}} || {{Pkg|chromium}} {{Pkg|v8}} || 2014-03-11 || 32 || 33 || 4d || Fixed <br />
|-<br />
| {{CVE|CVE-2014-0098}} {{CVE|CVE-2013-6438}}|| {{Pkg|apache}} || 2014-03-17 || 2.4.8 || 2.4.9 || -1d || Fixed <br />
|-<br />
| {{CVE|CVE-2014-1492}} || {{Pkg|nss}} || 2014-03-18 || 2.15.5 || 3.16 || ? || Pending (?)<br />
|-<br />
| {{CVE|CVE-2014-1493}} {{CVE|CVE-2014-1494}} {{CVE|CVE-2014-1497}} {{CVE|CVE-2014-1498}} {{CVE|CVE-2014-1499}} {{CVE|CVE-2014-1500}} {{CVE|CVE-2014-1502}} {{CVE|CVE-2014-1504}} {{CVE|CVE-2014-1505}} {{CVE|CVE-2014-1508}} {{CVE|CVE-2014-1509}} {{CVE|CVE-2014-1510}} {{CVE|CVE-2014-1511}} {{CVE|CVE-2014-1512}} {{CVE|CVE-2014-1513}} {{CVE|CVE-2014-1514}} || {{Pkg|firefox}} {{Pkg|thunderbird}} || 2014-03-18 || 27 || 28 || 1d || Fixed <br />
|-<br />
| {{CVE|CVE-2014-2240}} {{CVE|CVE-2014-2241}}|| {{Pkg|freetype2}} || ? || 2.5.2 || 2.5.3 || ? || Fixed <br />
|-<br />
| {{CVE|CVE-2014-2029}}|| {{Pkg|xtrabackup}} || 2014-02-16 || 2.1.7 || 2.1.8 || 28d || Fixed <br />
|-<br />
| {{CVE|CVE-2014-1958}} {{CVE|CVE-2014-2030}}|| {{Pkg|imagemagick}} || ? || ? || 6.8.8.9-1 || ? || Fixed <br />
|-<br />
| {{CVE|CVE-2014-1943}} {{CVE|CVE-2014-2270}}|| {{Pkg|php}} || 2014-03-06 || 5.5.9 || 5.5.110 || -1d || Fixed <br />
|-<br />
| {{CVE|CVE-2014-0404}} {{CVE|CVE-2014-0406}} {{CVE|CVE-2014-0407}} || {{Pkg|virtualbox}} || 2014-02-28 || 4.3.4 || 4.3.6 || ? || Fixed <br />
|-<br />
| {{CVE|CVE-2014-2323}} {{CVE|CVE-2014-2324}} || {{Pkg|lighttpd}} || 2014-03-12 || 1.4.34 || 1.4.35 || 0d || Fixed <br />
|-<br />
| {{CVE|CVE-2014-0333}} || {{Pkg|libpng}} || 2014-02-28 || 1.6.9 || 1.6.10 || 9d || Fixed <br />
|-<br />
| {{CVE|CVE-2014-0017}} || {{Pkg|libssh}} || 2014-03-04 || ? || 3.5.7.29 || 5d || Fixed <br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/628 CVE-2013-7339] || {{Pkg|linux}} || 2014-03-20 || < 3.5.7.29 || 3.5.7.29 || 0d || Fixed <br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2568 CVE-2014-2568] || {{Pkg|linux}} || 2014-03-18 || ? || ? || ? || Invalid ({{Bug|39566}})<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2524 CVE-2014-2524] || {{Pkg|tigervnc}} || 2014-03-19 || ? || 1.3.1 || 1d || Fixed<br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/595 CVE-2013-7338] || {{Pkg|python}} || 2014-03-19 || 3.4beta (?) || 3.4 || 2013-12-27:? || Fixed ({{Bug|39540}})<br />
|-<br />
| [http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html CVE-2014-0133 ] || {{Pkg|nginx}} || 2014-03-18 || ? || 1.4.7 || 0d || Fixed<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2013-7336 CVE-2013-7336 ] || {{Pkg|libvirt}} || 2013-09-19 || ? || 1.1.1-7 (in RHEL 7) || 0d || Fixed<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2523 CVE-2014-2523 ] || {{Pkg|linux}} || 2014-03-17 || ? || 3.13-rc5 || ? || Fixed<br />
|-<br />
| {{CVE|CVE-2014-0004}} || {{Pkg|udisks2}} & {{Pkg|udisks}} || 2014-03-10 || 2.1.3 / 1.0.5 || 2.1.3 / 1.0.5 || 3d || Fixed<br />
|-<br />
| {{CVE|CVE-2014-2281}} {{CVE|CVE-2014-2282}} {{CVE|CVE-2014-2283}} {{CVE|CVE-2014-2299}} || {{Pkg|wireshark}} || 2014-03-10 || 1.10.6 || 1.10.6 || ? || Fixed<br />
|-<br />
| {{CVE|CVE-2014-0050}} || {{Pkg|tomcat7}} || 2014-02-06 || 7.0.51 || 7.0.51 || ? || Fixed<br />
|-<br />
| {{CVE|CVE-2014-0033}} || {{Pkg|tomcat6}} || 2014-01-10 || 6.0.37 || 6.0.37 || ? || Fixed<br />
|-<br />
| {{CVE|CVE-2014-0032}} || {{Pkg|subversion}} || 2014-01-10 || 1.8.6 || 1.8.6 || ? || Fixed<br />
|-<br />
| {{CVE|CVE-2014-0060}} {{CVE|CVE-2014-0061}} {{CVE|CVE-2014-0062}} {{CVE|CVE-2014-0063}} {{CVE|CVE-2014-0064}} {{CVE|CVE-2014-0065}} {{CVE|CVE-2014-0066}} {{CVE|CVE-2014-0067}} || {{Pkg|postgresql}} || 2014-02-20 || 9.3.3 || 9.33 || 0d || Fixed<br />
|-<br />
| {{CVE|CVE-2014-1912}} || {{Pkg|python}} {{Pkg|python2}} || 2014-02-07 || ? || ? || ? || Fixed<br />
|-<br />
| {{CVE|CVE-2013-4496}} {{CVE|CVE-2013-6442}} || {{Pkg|samba}} || 2014-03-14 || ? || 4.1.6 || 2d || Fixed ({{Bug|39424}})<br />
|-<br />
| {{CVE|CVE-2014-0504}} || {{Pkg|flashplugin}} || 2014-03-12 || ? || 11.2.202.346 || 1d || Fixed ({{Bug|39385}})<br />
|-<br />
| {{CVE|CVE-2014-0106}} || {{Pkg|sudo}} || 1.8.9.p5 || 1.8.10 || ? || ? || Fixed<br />
|-<br />
| {{CVE|CVE-2014-2285}} {{CVE|CVE-2014-2284}} || {{Pkg|net-snmp}} || 2014-03-05 || ? || ? || 8d || Fixed ({{Bug|39190}})<br />
|-<br />
| {{CVE|CVE-2014-0092}} || {{Pkg|gnutls}} || 2014-03-04 || ? || ? || 1d || ?<br />
|-<br />
| {{CVE|CVE-2014-2242}} {{CVE|CVE-2014-2243}} {{CVE|CVE-2014-2244}} || {{Pkg|mediawiki}} || 2014-03-14 || ? || ? || 1d || ?<br />
|-<br />
| {{CVE|CVE-2014-2093}} {{CVE|CVE-2014-2094}} {{CVE|CVE-2014-2095}} {{CVE|CVE-2014-2096}} || {{Pkg|catfish}} || 2014-02-25 || ? || ? || ? || ?<br />
|-<br />
| {{CVE|CVE-2014-0497}} || {{Pkg|flashplugin}} || 2014-02-04 || ? || ? || 1d || ?<br />
|-<br />
| {{CVE|CVE-2014-0015}} || {{Pkg|curl}} || 2014-01-29 || ? || ? || 3d || ?<br />
|-<br />
| {{CVE|CVE-2014-1610}} || {{Pkg|mediawiki}} || 2014-01-29 || ? || ? || 0d || ?<br />
|-<br />
| {{CVE|CVE-2014-0021}} || {{Pkg|chrony}} || 2014-01-17 || ? || ? || 14d || ?<br />
|-<br />
| {{CVE|CVE-2014-1875}} || {{Pkg|perl-capture-tiny}} || 2014-02-06 || ? || ? || 4d || Fixed ({{Bug|38862}})<br />
|-<br />
| {{CVE|CVE-2013-6493}} || {{Pkg|icedtea-web-jav}} || 2014-02-05 || ? || ? || 0d || ?<br />
|- <br />
| {{CVE|CVE-2014-1858}} {{CVE|CVE-2014-1859}} || {{Pkg|python-numpy}} || 2014-02-06 || ? || ? || 4d || Fixed ({{Bug|38863}})<br />
|-<br />
| {{CVE|CVE-2014-1932}} {{CVE|CVE-2014-1933}} || {{Pkg|python-pillow}} || 2014-02-10 || ? || ? || ? || ?<br />
|-<br />
| {{CVE|CVE-2014-1934}} || {{Pkg|python-eyed3}} || 2014-02-10 || ? || ? || ? || ?<br />
|-<br />
| {{CVE|CVE-2014-1935}} || {{Pkg|9base}} || 2014-02-10 || ? || ? || ? || ?<br />
|-<br />
| {{CVE|CVE-2014-1949}} || {{Pkg|cinnamon-screensaver}} || 2014-02-12 || ? || ? || ? || ?<br />
|-<br />
| {{CVE|CVE-2014-1959}} || {{Pkg|gnutls}} || 2014-02-13 || ? || ? || 2d || ?<br />
|- <br />
| {{CVE|CVE-2014-2015}} || {{Pkg|freeradius}} || 2014-02-16 || ? || ? || ? || ?<br />
|-<br />
| {{CVE|CVE-2014-1943}} {{CVE|CVE-2014-2270}} || {{Pkg|file}} || 2014-02-10 || ? || ? || 2d || ?<br />
|-<br />
| {{CVE|CVE-2014-0001}} {{CVE|CVE-2014-0412}} {{CVE|CVE-2014-0437}} {{CVE|CVE-2014-0420}} {{CVE|CVE-2014-0393}} {{CVE|CVE-2014-0386}} {{CVE|CVE-2014-0401}} {{CVE|CVE-2014-0402}} || {{Pkg|mariadb}} || 2013-02-13 || ? || ? || -13d || ?<br />
|-<br />
| {{CVE|CVE-2014-1447}} || {{Pkg|libvirt}} || 2014-01-16 || ? || ? || 2d || ?<br />
|-<br />
| {{CVE|CVE-2014-0979}} || lightdm-gtk* || 2014-01-07 || ? || ? || 25d || Fixed ({{Bug|38715}})<br />
|-<br />
| {{CVE|CVE-2014-1475}} {{CVE|CVE-2014-1476}} || {{Pkg|drupal}} || 2014-01-15 || ? || ? || 12d || ?<br />
|-<br />
| {{CVE|CVE-2014-0019}} || {{Pkg|socat}} || 2014-01-29 || ? || ? || 0d || ?<br />
|- <br />
| {{CVE|CVE-2014-1845}} {{CVE|CVE-2014-1846}} || {{Pkg|enlightment}} || 2014-02-03 || ? || ? || -3d || ?<br />
|-<br />
| {{CVE|CVE-2014-1838}} {{CVE|CVE-2014-1839}} || {{Pkg|python-logilab}} || 2014-01-31 || ? || ? || 3d || ?<br />
|-<br />
| {{CVE|CVE-2014-0368}} {{CVE|CVE-2014-0373}} {{CVE|CVE-2014-0376}} {{CVE|CVE-2014-0411}} {{CVE|CVE-2014-0416}} {{CVE|CVE-2014-0422}} {{CVE|CVE-2014-0423}} {{CVE|CVE-2014-0428}} || *-openjdk-* || 2014-01-15 || ? || ? || 2d || ?<br />
|-<br />
| {{CVE|CVE-2014-1402}} || {{Pkg|python-jinja}} || 2014-01-10 || ? || ? || 1d || ?<br />
|-<br />
| {{CVE|CVE-2013-6462}} || {{Pkg|libxfont}} || 2014-01-07 || ? || ? || 0d || ?<br />
|-<br />
| {{CVE|CVE-2014-1235}} || {{Pkg|graphviz}} || 2014-01-07 || ? || ? || 3d || Fixed ({{Bug|38441}})<br />
|-<br />
| {{CVE|CVE-2014-0978}} || {{Pkg|freerdp}} || 2014-01-02 || ? || ? || ? || Pending? ({{Bug|38802}})<br />
|-<br />
|}</div>Bwaynehttps://wiki.archlinux.org/index.php?title=CVE&diff=314264CVE2014-05-10T02:54:27Z<p>Bwayne: /* Documented Resolved CVE's */</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Stub|Draft of a table containing already corrected CVE<br />
TODO: - improve sexiness of the table <br />
- links to Mitre for CVE-id<br />
}}<br />
<br />
{{Related articles start}}<br />
{{Related | Arch_CVE_Monitoring_Team}}<br />
{{Related articles end}}<br />
This article documents [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's) that are found and fixed in Arch Linux. <br />
<br />
==Introduction==<br />
CVE's represent critical security vulnerabilities which must be addressed as quickly as possible. <br />
<br />
Once a CVE has been located and fixed, it is added to the CVE documentation table below.<br />
<br />
==Helping==<br />
This is a community driven project. Please consider joining the [[Arch_CVE_Monitoring_Team | Arch CVE Monitoring Team]]. <br />
<br />
Also, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch security mailing list]. There is an IRC on irc://irc.freenode.net/archlinux-security.<br />
<br />
==Procedure==<br />
<br />
When adding a CVE to the table, add it to the TOP of the table. Use Wiki markup to create links in the "CVE-ID", "Package", and "Status" columns. The following template may be used to ease the process of adding CVE entries into the table. The first line, "|-" represents the creation of a new row in the table, while the second line should be modified per CVE:<br />
{{hc|CVE Table Addition Template|<nowiki><br />
|-<br />
| {{CVE|CVE-2014-????}} || {{Pkg|pkgname}} || Disclosure date || Affected versions || Fixed in version || Arch Linux response time || Status(Fixed|Pending|Invalid) (Bug reports)<br />
</nowiki>}}<br />
<br />
{{Note|If the CVE is not found in [http://nvd.nist.gov/home.cfm NVD], just include a link to different database in the first column: {{ic|<nowiki>[http://link.to.cve CVE-2014-????]</nowiki>}}}}<br />
<br />
{{Note|The "Date public" field should be expressed in [[Wikipedia:ISO 8601|ISO 8601 format]] to avoid any confusion. Example: 2014-03-22.}}<br />
<br />
{{Note|The "Arch Linux response time" field corresponds to the time between the public release of a vulnerability and the date the package update fixing the vulnerability is made available in the official stable repositories. The "Time really vulnerable" is potentially much lengthier but is harder to estimate.}}<br />
<br />
The above "CVE-template" should be added after the line:<br />
{{bc|<nowiki>! scope="col" width="125px" data-sort-type="text" | CVE-ID !! Package !! Disclosure date !! Affected versions !! Fixed in version !! Arch Linux response time !! Status (and related bug reports)</nowiki>}}<br />
<br />
==Documented Resolved CVE's ==<br />
<br><br />
{{Note|Refer to the [[#Procedure]] section when adding new entries.}}<br />
<br />
<br />
{| class="wikitable" style="margin: 1em auto 1em auto; text-align: center;" width="50%"<br />
|height="50px" colspan="7" style="font-size: 125%;"| '''RESOLVED CVE's'''<br />
|-<br />
! scope="col" width="110px" data-sort-type="text" | CVE-ID !! Package !! Disclosure date !! Affected versions !! Fixed in version !! Arch Linux response time !! Status (and related bug reports)<br />
|-<br />
| {{CVE|CVE-2014-0196}} [https://bugzilla.redhat.com/show_bug.cgi?id=1094232 temp-link] || {{Pkg|linux}} {{pkg|linux-grsec}} || 2014-05-05 || 2.6.31 - 3.14 || ? || <1d ({{pkg|linux-grsec}}) || Pending for {{pkg|linux}} ({{Bug|40232}}), Fixed in {{pkg|linux-grsec}}<br />
|-<br />
| {{CVE|CVE-2014-2905}} {{CVE|CVE-2014-2906}} {{CVE|CVE-2014-2914}} [https://bugzilla.redhat.com/show_bug.cgi?id=1092091 temp-link] || {{Pkg|fish}} || 2014-04-28 || 1.16.0 - 2.1.0 || 2.2.1 || <0 || Patched<br />
|-<br />
| {{CVE|CVE-2014-0160}} || {{Pkg|openssl}} || 2014-04-07 || 1.0.1 - 1.0.1f || 1.0.1g || ~1d || Fixed ({{Bug|39775}})<br />
|-<br />
| {{CVE|CVE-2014-1700}} {{CVE|CVE-2014-1701}} {{CVE|CVE-2014-1702}} {{CVE|CVE-2014-1703}} {{CVE|CVE-2014-1704}} {{CVE|CVE-2014-1705}} {{CVE|CVE-2014-1713}} {{CVE|CVE-2014-1715}} || {{Pkg|chromium}} {{Pkg|v8}} || 2014-03-11 || 32 || 33 || 4d || Fixed <br />
|-<br />
| {{CVE|CVE-2014-0098}} {{CVE|CVE-2013-6438}}|| {{Pkg|apache}} || 2014-03-17 || 2.4.8 || 2.4.9 || -1d || Fixed <br />
|-<br />
| {{CVE|CVE-2014-1492}} || {{Pkg|nss}} || 2014-03-18 || 2.15.5 || 3.16 || ? || Pending (?)<br />
|-<br />
| {{CVE|CVE-2014-1493}} {{CVE|CVE-2014-1494}} {{CVE|CVE-2014-1497}} {{CVE|CVE-2014-1498}} {{CVE|CVE-2014-1499}} {{CVE|CVE-2014-1500}} {{CVE|CVE-2014-1502}} {{CVE|CVE-2014-1504}} {{CVE|CVE-2014-1505}} {{CVE|CVE-2014-1508}} {{CVE|CVE-2014-1509}} {{CVE|CVE-2014-1510}} {{CVE|CVE-2014-1511}} {{CVE|CVE-2014-1512}} {{CVE|CVE-2014-1513}} {{CVE|CVE-2014-1514}} || {{Pkg|firefox}} {{Pkg|thunderbird}} || 2014-03-18 || 27 || 28 || 1d || Fixed <br />
|-<br />
| {{CVE|CVE-2014-2240}} {{CVE|CVE-2014-2241}}|| {{Pkg|freetype2}} || ? || 2.5.2 || 2.5.3 || ? || Fixed <br />
|-<br />
| {{CVE|CVE-2014-2029}}|| {{Pkg|xtrabackup}} || 2014-02-16 || 2.1.7 || 2.1.8 || 28d || Fixed <br />
|-<br />
| {{CVE|CVE-2014-1958}} {{CVE|CVE-2014-2030}}|| {{Pkg|imagemagick}} || ? || ? || 6.8.8.9-1 || ? || Fixed <br />
|-<br />
| {{CVE|CVE-2014-1943}} {{CVE|CVE-2014-2270}}|| {{Pkg|php}} || 2014-03-06 || 5.5.9 || 5.5.110 || -1d || Fixed <br />
|-<br />
| {{CVE|CVE-2014-0404}} {{CVE|CVE-2014-0406}} {{CVE|CVE-2014-0407}} || {{Pkg|virtualbox}} || 2014-02-28 || 4.3.4 || 4.3.6 || ? || Fixed <br />
|-<br />
| {{CVE|CVE-2014-2323}} {{CVE|CVE-2014-2324}} || {{Pkg|lighttpd}} || 2014-03-12 || 1.4.34 || 1.4.35 || 0d || Fixed <br />
|-<br />
| {{CVE|CVE-2014-0333}} || {{Pkg|libpng}} || 2014-02-28 || 1.6.9 || 1.6.10 || 9d || Fixed <br />
|-<br />
| {{CVE|CVE-2014-0017}} || {{Pkg|libssh}} || 2014-03-04 || ? || 3.5.7.29 || 5d || Fixed <br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/628 CVE-2013-7339] || {{Pkg|linux}} || 2014-03-20 || < 3.5.7.29 || 3.5.7.29 || 0d || Fixed <br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2568 CVE-2014-2568] || {{Pkg|linux}} || 2014-03-18 || ? || ? || ? || Invalid ({{Bug|39566}})<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2524 CVE-2014-2524] || {{Pkg|tigervnc}} || 2014-03-19 || ? || 1.3.1 || 1d || Fixed<br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/595 CVE-2013-7338] || {{Pkg|python}} || 2014-03-19 || 3.4beta (?) || 3.4 || 2013-12-27:? || Fixed ({{Bug|39540}})<br />
|-<br />
| [http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html CVE-2014-0133 ] || {{Pkg|nginx}} || 2014-03-18 || ? || 1.4.7 || 0d || Fixed<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2013-7336 CVE-2013-7336 ] || {{Pkg|libvirt}} || 2013-09-19 || ? || 1.1.1-7 (in RHEL 7) || 0d || Fixed<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2523 CVE-2014-2523 ] || {{Pkg|linux}} || 2014-03-17 || ? || 3.13-rc5 || ? || Fixed<br />
|-<br />
| {{CVE|CVE-2014-0004}} || {{Pkg|udisks2}} & {{Pkg|udisks}} || 2014-03-10 || 2.1.3 / 1.0.5 || 2.1.3 / 1.0.5 || 3d || Fixed<br />
|-<br />
| {{CVE|CVE-2014-2281}} {{CVE|CVE-2014-2282}} {{CVE|CVE-2014-2283}} {{CVE|CVE-2014-2299}} || {{Pkg|wireshark}} || 2014-03-10 || 1.10.6 || 1.10.6 || ? || Fixed<br />
|-<br />
| {{CVE|CVE-2014-0050}} || {{Pkg|tomcat7}} || 2014-02-06 || 7.0.51 || 7.0.51 || ? || Fixed<br />
|-<br />
| {{CVE|CVE-2014-0033}} || {{Pkg|tomcat6}} || 2014-01-10 || 6.0.37 || 6.0.37 || ? || Fixed<br />
|-<br />
| {{CVE|CVE-2014-0032}} || {{Pkg|subversion}} || 2014-01-10 || 1.8.6 || 1.8.6 || ? || Fixed<br />
|-<br />
| {{CVE|CVE-2014-0060}} {{CVE|CVE-2014-0061}} {{CVE|CVE-2014-0062}} {{CVE|CVE-2014-0063}} {{CVE|CVE-2014-0064}} {{CVE|CVE-2014-0065}} {{CVE|CVE-2014-0066}} {{CVE|CVE-2014-0067}} || {{Pkg|postgresql}} || 2014-02-20 || 9.3.3 || 9.33 || 0d || Fixed<br />
|-<br />
| {{CVE|CVE-2014-1912}} || {{Pkg|python}} {{Pkg|python2}} || 2014-02-07 || ? || ? || ? || Fixed<br />
|-<br />
| {{CVE|CVE-2013-4496}} {{CVE|CVE-2013-6442}} || {{Pkg|samba}} || 2014-03-14 || ? || 4.1.6 || 2d || Fixed ({{Bug|39424}})<br />
|-<br />
| {{CVE|CVE-2014-0504}} || {{Pkg|flashplugin}} || 2014-03-12 || ? || 11.2.202.346 || 1d || Fixed ({{Bug|39385}})<br />
|-<br />
| {{CVE|CVE-2014-0106}} || {{Pkg|sudo}} || 1.8.9.p5 || 1.8.10 || ? || ? || Fixed<br />
|-<br />
| {{CVE|CVE-2014-2285}} {{CVE|CVE-2014-2284}} || {{Pkg|net-snmp}} || 2014-03-05 || ? || ? || 8d || Fixed ({{Bug|39190}})<br />
|-<br />
| {{CVE|CVE-2014-0092}} || {{Pkg|gnutls}} || 2014-03-04 || ? || ? || 1d || ?<br />
|-<br />
| {{CVE|CVE-2014-2242}} {{CVE|CVE-2014-2243}} {{CVE|CVE-2014-2244}} || {{Pkg|mediawiki}} || 2014-03-14 || ? || ? || 1d || ?<br />
|-<br />
| {{CVE|CVE-2014-2093}} {{CVE|CVE-2014-2094}} {{CVE|CVE-2014-2095}} {{CVE|CVE-2014-2096}} || {{Pkg|catfish}} || 2014-02-25 || ? || ? || ? || ?<br />
|-<br />
| {{CVE|CVE-2014-0497}} || {{Pkg|flashplugin}} || 2014-02-04 || ? || ? || 1d || ?<br />
|-<br />
| {{CVE|CVE-2014-0015}} || {{Pkg|curl}} || 2014-01-29 || ? || ? || 3d || ?<br />
|-<br />
| {{CVE|CVE-2014-1610}} || {{Pkg|mediawiki}} || 2014-01-29 || ? || ? || 0d || ?<br />
|-<br />
| {{CVE|CVE-2014-0021}} || {{Pkg|chrony}} || 2014-01-17 || ? || ? || 14d || ?<br />
|-<br />
| {{CVE|CVE-2014-1875}} || {{Pkg|perl-capture-tiny}} || 2014-02-06 || ? || ? || 4d || Fixed ({{Bug|38862}})<br />
|-<br />
| {{CVE|CVE-2013-6493}} || {{Pkg|icedtea-web-jav}} || 2014-02-05 || ? || ? || 0d || ?<br />
|- <br />
| {{CVE|CVE-2014-1858}} {{CVE|CVE-2014-1859}} || {{Pkg|python-numpy}} || 2014-02-06 || ? || ? || 4d || Fixed ({{Bug|38863}})<br />
|-<br />
| {{CVE|CVE-2014-1932}} {{CVE|CVE-2014-1933}} || {{Pkg|python-pillow}} || 2014-02-10 || ? || ? || ? || ?<br />
|-<br />
| {{CVE|CVE-2014-1934}} || {{Pkg|python-eyed3}} || 2014-02-10 || ? || ? || ? || ?<br />
|-<br />
| {{CVE|CVE-2014-1935}} || {{Pkg|9base}} || 2014-02-10 || ? || ? || ? || ?<br />
|-<br />
| {{CVE|CVE-2014-1949}} || {{Pkg|cinnamon-screensaver}} || 2014-02-12 || ? || ? || ? || ?<br />
|-<br />
| {{CVE|CVE-2014-1959}} || {{Pkg|gnutls}} || 2014-02-13 || ? || ? || 2d || ?<br />
|- <br />
| {{CVE|CVE-2014-2015}} || {{Pkg|freeradius}} || 2014-02-16 || ? || ? || ? || ?<br />
|-<br />
| {{CVE|CVE-2014-1943}} {{CVE|CVE-2014-2270}} || {{Pkg|file}} || 2014-02-10 || ? || ? || 2d || ?<br />
|-<br />
| {{CVE|CVE-2014-0001}} {{CVE|CVE-2014-0412}} {{CVE|CVE-2014-0437}} {{CVE|CVE-2014-0420}} {{CVE|CVE-2014-0393}} {{CVE|CVE-2014-0386}} {{CVE|CVE-2014-0401}} {{CVE|CVE-2014-0402}} || {{Pkg|mariadb}} || 2013-02-13 || ? || ? || -13d || ?<br />
|-<br />
| {{CVE|CVE-2014-1447}} || {{Pkg|libvirt}} || 2014-01-16 || ? || ? || 2d || ?<br />
|-<br />
| {{CVE|CVE-2014-0979}} || lightdm-gtk* || 2014-01-07 || ? || ? || 25d || Fixed ({{Bug|38715}})<br />
|-<br />
| {{CVE|CVE-2014-1475}} {{CVE|CVE-2014-1476}} || {{Pkg|drupal}} || 2014-01-15 || ? || ? || 12d || ?<br />
|-<br />
| {{CVE|CVE-2014-0019}} || {{Pkg|socat}} || 2014-01-29 || ? || ? || 0d || ?<br />
|- <br />
| {{CVE|CVE-2014-1845}} {{CVE|CVE-2014-1846}} || {{Pkg|enlightment}} || 2014-02-03 || ? || ? || -3d || ?<br />
|-<br />
| {{CVE|CVE-2014-1838}} {{CVE|CVE-2014-1839}} || {{Pkg|python-logilab}} || 2014-01-31 || ? || ? || 3d || ?<br />
|-<br />
| {{CVE|CVE-2014-0368}} {{CVE|CVE-2014-0373}} {{CVE|CVE-2014-0376}} {{CVE|CVE-2014-0411}} {{CVE|CVE-2014-0416}} {{CVE|CVE-2014-0422}} {{CVE|CVE-2014-0423}} {{CVE|CVE-2014-0428}} || *-openjdk-* || 2014-01-15 || ? || ? || 2d || ?<br />
|-<br />
| {{CVE|CVE-2014-1402}} || {{Pkg|python-jinja}} || 2014-01-10 || ? || ? || 1d || ?<br />
|-<br />
| {{CVE|CVE-2013-6462}} || {{Pkg|libxfont}} || 2014-01-07 || ? || ? || 0d || ?<br />
|-<br />
| {{CVE|CVE-2014-1235}} || {{Pkg|graphviz}} || 2014-01-07 || ? || ? || 3d || Fixed ({{Bug|38441}})<br />
|-<br />
| {{CVE|CVE-2014-0978}} || {{Pkg|freerdp}} || 2014-01-02 || ? || ? || ? || Pending? ({{Bug|38802}})<br />
|-<br />
|}</div>Bwaynehttps://wiki.archlinux.org/index.php?title=CVE&diff=312963CVE2014-05-02T01:18:01Z<p>Bwayne: /* Documented Resolved CVE's */ added [fish] CVE data</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Stub|Draft of a table containing already corrected CVE<br />
TODO: - improve sexiness of the table <br />
- links to Mitre for CVE-id<br />
}}<br />
<br />
{{Related articles start}}<br />
{{Related | Arch_CVE_Monitoring_Team}}<br />
{{Related articles end}}<br />
This article documents [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's) that are found and fixed in Arch Linux. <br />
<br />
==Introduction==<br />
CVE's represent critical security vulnerabilities which must be addressed as quickly as possible. <br />
<br />
Once a CVE has been located and fixed, it is added to the CVE documentation table below.<br />
<br />
==Helping==<br />
This is a community driven project. Please consider joining the [[Arch_CVE_Monitoring_Team | Arch CVE Monitoring Team]]. <br />
<br />
Also, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch security mailing list]. There is an IRC on irc://irc.freenode.net/archlinux-security.<br />
<br />
==Procedure==<br />
<br />
When adding a CVE to the table, add it to the TOP of the table. Use Wiki markup to create links in the "CVE-ID", "Package", and "Status" columns. The following template may be used to ease the process of adding CVE entries into the table. The first line, "|-" represents the creation of a new row in the table, while the second line should be modified per CVE:<br />
{{hc|CVE Table Addition Template|<nowiki><br />
|-<br />
| {{CVE|CVE-2014-????}} || {{Pkg|pkgname}} || Disclosure date || Affected versions || Fixed in version || Arch Linux response time || Status(Fixed|Pending|Invalid) (Bug reports)<br />
</nowiki>}}<br />
<br />
{{Note|If the CVE is not found in [http://nvd.nist.gov/home.cfm NVD], just include a link to different database in the first column: {{ic|<nowiki>[http://link.to.cve CVE-2014-????]</nowiki>}}}}<br />
<br />
{{Note|The "Date public" field should be expressed in [[Wikipedia:ISO 8601|ISO 8601 format]] to avoid any confusion. Example: 2014-03-22.}}<br />
<br />
{{Note|The "Arch Linux response time" field corresponds to the time between the public release of a vulnerability and the date the package update fixing the vulnerability is made available in the official stable repositories. The "Time really vulnerable" is potentially much lengthier but is harder to estimate.}}<br />
<br />
The above "CVE-template" should be added after the line:<br />
{{bc|<nowiki>! scope="col" width="125px" data-sort-type="text" | CVE-ID !! Package !! Disclosure date !! Affected versions !! Fixed in version !! Arch Linux response time !! Status (and related bug reports)</nowiki>}}<br />
<br />
==Documented Resolved CVE's ==<br />
<br><br />
{{Note|Refer to the [[#Procedure]] section when adding new entries.}}<br />
<br />
<br />
{| class="wikitable" style="margin: 1em auto 1em auto; text-align: center;" width="50%"<br />
|height="50px" colspan="7" style="font-size: 125%;"| '''RESOLVED CVE's'''<br />
|-<br />
! scope="col" width="110px" data-sort-type="text" | CVE-ID !! Package !! Disclosure date !! Affected versions !! Fixed in version !! Arch Linux response time !! Status (and related bug reports)<br />
|-<br />
| {{CVE|CVE-2014-2905}} {{CVE|CVE-2014-2906}} {{CVE|CVE-2014-2914}} [https://bugzilla.redhat.com/show_bug.cgi?id=1092091 temp-link] || {{Pkg|fish}} || 2014-04-28 || 1.16.0 - 2.1.0 || 2.2.1 || <0 || Pending<br />
|-<br />
| {{CVE|CVE-2014-0160}} || {{Pkg|openssl}} || 2014-04-07 || 1.0.1 - 1.0.1f || 1.0.1g || ~1d || Fixed ({{Bug|39775}})<br />
|-<br />
| {{CVE|CVE-2014-1700}} {{CVE|CVE-2014-1701}} {{CVE|CVE-2014-1702}} {{CVE|CVE-2014-1703}} {{CVE|CVE-2014-1704}} {{CVE|CVE-2014-1705}} {{CVE|CVE-2014-1713}} {{CVE|CVE-2014-1715}} || {{Pkg|chromium}} {{Pkg|v8}} || 2014-03-11 || 32 || 33 || 4d || Fixed <br />
|-<br />
| {{CVE|CVE-2014-0098}} {{CVE|CVE-2013-6438}}|| {{Pkg|apache}} || 2014-03-17 || 2.4.8 || 2.4.9 || -1d || Fixed <br />
|-<br />
| {{CVE|CVE-2014-1492}} || {{Pkg|nss}} || 2014-03-18 || 2.15.5 || 3.16 || ? || Pending (?)<br />
|-<br />
| {{CVE|CVE-2014-1493}} {{CVE|CVE-2014-1494}} {{CVE|CVE-2014-1497}} {{CVE|CVE-2014-1498}} {{CVE|CVE-2014-1499}} {{CVE|CVE-2014-1500}} {{CVE|CVE-2014-1502}} {{CVE|CVE-2014-1504}} {{CVE|CVE-2014-1505}} {{CVE|CVE-2014-1508}} {{CVE|CVE-2014-1509}} {{CVE|CVE-2014-1510}} {{CVE|CVE-2014-1511}} {{CVE|CVE-2014-1512}} {{CVE|CVE-2014-1513}} {{CVE|CVE-2014-1514}} || {{Pkg|firefox}} {{Pkg|thunderbird}} || 2014-03-18 || 27 || 28 || 1d || Fixed <br />
|-<br />
| {{CVE|CVE-2014-2240}} {{CVE|CVE-2014-2241}}|| {{Pkg|freetype2}} || ? || 2.5.2 || 2.5.3 || ? || Fixed <br />
|-<br />
| {{CVE|CVE-2014-2029}}|| {{Pkg|xtrabackup}} || 2014-02-16 || 2.1.7 || 2.1.8 || 28d || Fixed <br />
|-<br />
| {{CVE|CVE-2014-1958}} {{CVE|CVE-2014-2030}}|| {{Pkg|imagemagick}} || ? || ? || 6.8.8.9-1 || ? || Fixed <br />
|-<br />
| {{CVE|CVE-2014-1943}} {{CVE|CVE-2014-2270}}|| {{Pkg|php}} || 2014-03-06 || 5.5.9 || 5.5.110 || -1d || Fixed <br />
|-<br />
| {{CVE|CVE-2014-0404}} {{CVE|CVE-2014-0406}} {{CVE|CVE-2014-0407}} || {{Pkg|virtualbox}} || 2014-02-28 || 4.3.4 || 4.3.6 || ? || Fixed <br />
|-<br />
| {{CVE|CVE-2014-2323}} {{CVE|CVE-2014-2324}} || {{Pkg|lighttpd}} || 2014-03-12 || 1.4.34 || 1.4.35 || 0d || Fixed <br />
|-<br />
| {{CVE|CVE-2014-0333}} || {{Pkg|libpng}} || 2014-02-28 || 1.6.9 || 1.6.10 || 9d || Fixed <br />
|-<br />
| {{CVE|CVE-2014-0017}} || {{Pkg|libssh}} || 2014-03-04 || ? || 3.5.7.29 || 5d || Fixed <br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/628 CVE-2013-7339] || {{Pkg|linux}} || 2014-03-20 || < 3.5.7.29 || 3.5.7.29 || 0d || Fixed <br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2568 CVE-2014-2568] || {{Pkg|linux}} || 2014-03-18 || ? || ? || ? || Invalid ({{Bug|39566}})<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2524 CVE-2014-2524] || {{Pkg|tigervnc}} || 2014-03-19 || ? || 1.3.1 || 1d || Fixed<br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/595 CVE-2013-7338] || {{Pkg|python}} || 2014-03-19 || 3.4beta (?) || 3.4 || 2013-12-27:? || Fixed ({{Bug|39540}})<br />
|-<br />
| [http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html CVE-2014-0133 ] || {{Pkg|nginx}} || 2014-03-18 || ? || 1.4.7 || 0d || Fixed<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2013-7336 CVE-2013-7336 ] || {{Pkg|libvirt}} || 2013-09-19 || ? || 1.1.1-7 (in RHEL 7) || 0d || Fixed<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2523 CVE-2014-2523 ] || {{Pkg|linux}} || 2014-03-17 || ? || 3.13-rc5 || ? || Fixed<br />
|-<br />
| {{CVE|CVE-2014-0004}} || {{Pkg|udisks2}} & {{Pkg|udisks}} || 2014-03-10 || 2.1.3 / 1.0.5 || 2.1.3 / 1.0.5 || 3d || Fixed<br />
|-<br />
| {{CVE|CVE-2014-2281}} {{CVE|CVE-2014-2282}} {{CVE|CVE-2014-2283}} {{CVE|CVE-2014-2299}} || {{Pkg|wireshark}} || 2014-03-10 || 1.10.6 || 1.10.6 || ? || Fixed<br />
|-<br />
| {{CVE|CVE-2014-0050}} || {{Pkg|tomcat7}} || 2014-02-06 || 7.0.51 || 7.0.51 || ? || Fixed<br />
|-<br />
| {{CVE|CVE-2014-0033}} || {{Pkg|tomcat6}} || 2014-01-10 || 6.0.37 || 6.0.37 || ? || Fixed<br />
|-<br />
| {{CVE|CVE-2014-0032}} || {{Pkg|subversion}} || 2014-01-10 || 1.8.6 || 1.8.6 || ? || Fixed<br />
|-<br />
| {{CVE|CVE-2014-0060}} {{CVE|CVE-2014-0061}} {{CVE|CVE-2014-0062}} {{CVE|CVE-2014-0063}} {{CVE|CVE-2014-0064}} {{CVE|CVE-2014-0065}} {{CVE|CVE-2014-0066}} {{CVE|CVE-2014-0067}} || {{Pkg|postgresql}} || 2014-02-20 || 9.3.3 || 9.33 || 0d || Fixed<br />
|-<br />
| {{CVE|CVE-2014-1912}} || {{Pkg|python}} {{Pkg|python2}} || 2014-02-07 || ? || ? || ? || Fixed<br />
|-<br />
| {{CVE|CVE-2013-4496}} {{CVE|CVE-2013-6442}} || {{Pkg|samba}} || 2014-03-14 || ? || 4.1.6 || 2d || Fixed ({{Bug|39424}})<br />
|-<br />
| {{CVE|CVE-2014-0504}} || {{Pkg|flashplugin}} || 2014-03-12 || ? || 11.2.202.346 || 1d || Fixed ({{Bug|39385}})<br />
|-<br />
| {{CVE|CVE-2014-0106}} || {{Pkg|sudo}} || 1.8.9.p5 || 1.8.10 || ? || ? || Fixed<br />
|-<br />
| {{CVE|CVE-2014-2285}} {{CVE|CVE-2014-2284}} || {{Pkg|net-snmp}} || 2014-03-05 || ? || ? || 8d || Fixed ({{Bug|39190}})<br />
|-<br />
| {{CVE|CVE-2014-0092}} || {{Pkg|gnutls}} || 2014-03-04 || ? || ? || 1d || ?<br />
|-<br />
| {{CVE|CVE-2014-2242}} {{CVE|CVE-2014-2243}} {{CVE|CVE-2014-2244}} || {{Pkg|mediawiki}} || 2014-03-14 || ? || ? || 1d || ?<br />
|-<br />
| {{CVE|CVE-2014-2093}} {{CVE|CVE-2014-2094}} {{CVE|CVE-2014-2095}} {{CVE|CVE-2014-2096}} || {{Pkg|catfish}} || 2014-02-25 || ? || ? || ? || ?<br />
|-<br />
| {{CVE|CVE-2014-0497}} || {{Pkg|flashplugin}} || 2014-02-04 || ? || ? || 1d || ?<br />
|-<br />
| {{CVE|CVE-2014-0015}} || {{Pkg|curl}} || 2014-01-29 || ? || ? || 3d || ?<br />
|-<br />
| {{CVE|CVE-2014-1610}} || {{Pkg|mediawiki}} || 2014-01-29 || ? || ? || 0d || ?<br />
|-<br />
| {{CVE|CVE-2014-0021}} || {{Pkg|chrony}} || 2014-01-17 || ? || ? || 14d || ?<br />
|-<br />
| {{CVE|CVE-2014-1875}} || {{Pkg|perl-capture-tiny}} || 2014-02-06 || ? || ? || 4d || Fixed ({{Bug|38862}})<br />
|-<br />
| {{CVE|CVE-2013-6493}} || {{Pkg|icedtea-web-jav}} || 2014-02-05 || ? || ? || 0d || ?<br />
|- <br />
| {{CVE|CVE-2014-1858}} {{CVE|CVE-2014-1859}} || {{Pkg|python-numpy}} || 2014-02-06 || ? || ? || 4d || Fixed ({{Bug|38863}})<br />
|-<br />
| {{CVE|CVE-2014-1932}} {{CVE|CVE-2014-1933}} || {{Pkg|python-pillow}} || 2014-02-10 || ? || ? || ? || ?<br />
|-<br />
| {{CVE|CVE-2014-1934}} || {{Pkg|python-eyed3}} || 2014-02-10 || ? || ? || ? || ?<br />
|-<br />
| {{CVE|CVE-2014-1935}} || {{Pkg|9base}} || 2014-02-10 || ? || ? || ? || ?<br />
|-<br />
| {{CVE|CVE-2014-1949}} || {{Pkg|cinnamon-screensaver}} || 2014-02-12 || ? || ? || ? || ?<br />
|-<br />
| {{CVE|CVE-2014-1959}} || {{Pkg|gnutls}} || 2014-02-13 || ? || ? || 2d || ?<br />
|- <br />
| {{CVE|CVE-2014-2015}} || {{Pkg|freeradius}} || 2014-02-16 || ? || ? || ? || ?<br />
|-<br />
| {{CVE|CVE-2014-1943}} {{CVE|CVE-2014-2270}} || {{Pkg|file}} || 2014-02-10 || ? || ? || 2d || ?<br />
|-<br />
| {{CVE|CVE-2014-0001}} {{CVE|CVE-2014-0412}} {{CVE|CVE-2014-0437}} {{CVE|CVE-2014-0420}} {{CVE|CVE-2014-0393}} {{CVE|CVE-2014-0386}} {{CVE|CVE-2014-0401}} {{CVE|CVE-2014-0402}} || {{Pkg|mariadb}} || 2013-02-13 || ? || ? || -13d || ?<br />
|-<br />
| {{CVE|CVE-2014-1447}} || {{Pkg|libvirt}} || 2014-01-16 || ? || ? || 2d || ?<br />
|-<br />
| {{CVE|CVE-2014-0979}} || lightdm-gtk* || 2014-01-07 || ? || ? || 25d || Fixed ({{Bug|38715}})<br />
|-<br />
| {{CVE|CVE-2014-1475}} {{CVE|CVE-2014-1476}} || {{Pkg|drupal}} || 2014-01-15 || ? || ? || 12d || ?<br />
|-<br />
| {{CVE|CVE-2014-0019}} || {{Pkg|socat}} || 2014-01-29 || ? || ? || 0d || ?<br />
|- <br />
| {{CVE|CVE-2014-1845}} {{CVE|CVE-2014-1846}} || {{Pkg|enlightment}} || 2014-02-03 || ? || ? || -3d || ?<br />
|-<br />
| {{CVE|CVE-2014-1838}} {{CVE|CVE-2014-1839}} || {{Pkg|python-logilab}} || 2014-01-31 || ? || ? || 3d || ?<br />
|-<br />
| {{CVE|CVE-2014-0368}} {{CVE|CVE-2014-0373}} {{CVE|CVE-2014-0376}} {{CVE|CVE-2014-0411}} {{CVE|CVE-2014-0416}} {{CVE|CVE-2014-0422}} {{CVE|CVE-2014-0423}} {{CVE|CVE-2014-0428}} || *-openjdk-* || 2014-01-15 || ? || ? || 2d || ?<br />
|-<br />
| {{CVE|CVE-2014-1402}} || {{Pkg|python-jinja}} || 2014-01-10 || ? || ? || 1d || ?<br />
|-<br />
| {{CVE|CVE-2013-6462}} || {{Pkg|libxfont}} || 2014-01-07 || ? || ? || 0d || ?<br />
|-<br />
| {{CVE|CVE-2014-1235}} || {{Pkg|graphviz}} || 2014-01-07 || ? || ? || 3d || Fixed ({{Bug|38441}})<br />
|-<br />
| {{CVE|CVE-2014-0978}} || {{Pkg|freerdp}} || 2014-01-02 || ? || ? || ? || Pending? ({{Bug|38802}})<br />
|-<br />
|}</div>Bwaynehttps://wiki.archlinux.org/index.php?title=CVE&diff=306243CVE2014-03-21T13:50:47Z<p>Bwayne: /* Documented Resolved CVE's */ added [linux] CVE-2013-7339</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Stub|Draft of a table conaining already corrected CVE<br />
TODO: -improve sexyness of the table <br />
- links to Mitre for CVE-id<br />
}}<br />
<br />
{{Related articles start}}<br />
{{Related | Arch_CVE_Monitoring_Team}}<br />
{{Related articles end}}<br />
This article documents [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's) that are found and fixed in Arch Linux. <br />
<br />
==Introduction==<br />
CVE's represent critical security vulnerabilities which must be addressed as quickly as possible. <br />
<br />
Once a CVE has been located and fixed, it is added to the CVE documentation table below.<br />
<br />
==Helping==<br />
This is a community driven project. Please consider joining the [[Arch_CVE_Monitoring_Team | Arch CVE Monitoring Team]]. <br />
<br />
Also, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch security mailing list]. There is an IRC on irc://irc.freenode.net/archlinux-security.<br />
<br />
==Procedure==<br />
<br />
When adding a CVE to the table, add it to the TOP of the table. In the "CVE-id", "package/version", and "Update/bug" columns, create the entry as a hyperlink to the appropriate URL, respectively.<br />
<br />
<br />
The following template may be used to faciliate CVE entries into the table. The first line, "|-" represents the creation of a new row in the table, while the second line should be modified per CVE. <br />
{{hc|CVE Table Addition Template|<nowiki>|-<br />
| [http://link.to.cve CVE-2014-????] || {{Pkg|pkgname}} || date_public || update/bug || fixed_version || time_vulnerable || status (fixed|pending) </nowiki> }}<br />
<br />
The above template should be added after the line<br />
{{bc|<nowiki>! scope="col" width="125px" data-sort-type="text" | CVE-id !! package/version !! Date public !! Update/bug !! Fixed version !! Time vulnerable !! Status</nowiki>}}<br />
<br />
==Documented Resolved CVE's ==<br />
<br><br />
{{Note|Refer to the [[#Procedure]] section when adding new entries.}}<br />
<br />
<br />
{| class="wikitable" style="margin: 1em auto 1em auto; text-align: center;" width="50%"<br />
|height="50px" colspan="7" style="font-size: 125%;"| '''RESOLVED CVE's'''<br />
|-<br />
! scope="col" width="125px" data-sort-type="text" | CVE-id !! package/version !! Date public !! Update/bug !! Fixed version !! Time vulnerable !! Status<br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/628 CVE-2013-7339] || {{Pkg|linux}} <3.5.7.29|| 20/03/2014 || - || 3.5.7.29 || 0d || fixed <br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2568 CVE-2014-2568] || {{Pkg|linux}} || 18/03/2014 || {{Bug|2568}} || - || 18/03/2014 -- ?? || pending <br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2524 CVE-2014-2524] || {{Pkg|tigervnc}} || 19/03/2014 || - || 1.3.1 || 1d || FIXED<br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/595 CVE-2013-7338] || {{Pkg|python}} || 19/03/2014 || {{Bug|39540}} || 3.4 beta3 || 2013-12-27:? || pending 3.4 -> [extra]<br />
|-<br />
| [http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html CVE-2014-0133 ] || {{Pkg|nginx}} || 18/03/2014 || - || 1.4.7 || 0d || fixed<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2013-7336 CVE-2013-7336 ] || {{Pkg|libvirt}} || 19/09/2013 || - || libvirt-1.1.1-7.el7 || 0d || fixed<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2523 CVE-2014-2523 ] || {{Pkg|linux}} || 17/03/2014 || - || 3.13-rc5 || ? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0004 CVE-2014-0004 ] || {{Pkg|udisks2}} {{Pkg|udisks}} || 10/03/2014 || 2.1.3 1.0.5 || 2.1.3 1.0.5 || 3d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2281 CVE-2014-2281 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2283 CVE-2014-2283 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2299 CVE-2014-2299 ] || {{Pkg|wireshark}} || 10/03/2014 || 1.10.6 || 1.10.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0050 CVE-2014-0050 ] || {{Pkg|tomcat7}} || 06/02/2014 || 7.0.51 || 7.0.51 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0033 CVE-2014-0033 ] || {{Pkg|tomcat6}} || 10/01/2014 || 6.0.37 || 6.0.37 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0032 CVE-2014-0032 ] || {{Pkg|subversion}} || 10/01/2014 || 1.8.6 || 1.8.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0060 CVE-2014-0060 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0061 CVE-2014-0061 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0062 CVE-2014-0062 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0063 CVE-2014-0063 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0064 CVE-2014-0064] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0065 CVE-2014-0065] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0066 CVE-2014-0066] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0067 CVE-2014-0067] || {{Pkg|postgresql}} || 20/02/2014 || 9.3.3 || 9.33 || 0d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1912 CVE-2014-1912 ] || {{Pkg|python}} {{Pkg|python2}} || 07/02/2014 || || || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4496 CVE-2013-4496 ] || {{Pkg|samba}}|| 14/03/2014 || {{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6442 CVE-2013-6442 ] || {{Pkg|samba}} || 14/03/2014 ||{{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0504 CVE-2014-0504 ] || {{Pkg|flashplugin}} || 12/03/2014 || {{Bug|39385}} || 11.2.202.346 || 1d || fixed<br />
|-<br />
| CVE-2014-0106 || {{Pkg|sudo}}/1.8.9.p5 || || 1.8.10 || || - || pending<br />
|-<br />
| CVE-2014-2285 CVE-2014-2284 || {{Pkg|net-snmp}} || 05/03/2014 || {{Bug|39190}} || || 8d<br />
|-<br />
| CVE-2014-0092 || {{Pkg|gnutls}} || 04/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2242 CVE-2014-2243 <br> CVE-2014-2242 || {{Pkg|mediawiki}} || 14/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2096 CVE-2014-2093 || {{Pkg|catfish}} || 25/02/2014 || || || ??<br />
|-<br />
| CVE-2014-0497|| {{Pkg|flashplugin}} || 04/02/2014 || || || 1d<br />
|-<br />
| CVE-2014-0015 || {{Pkg|curl}} || 29/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-1610 || {{Pkg|mediawiki}} || 29/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-0021 || {{Pkg|chrony}} || 17/01/2014 || || || 14d<br />
|-<br />
| CVE-2014-1875 || {{Pkg|perl-capture-tiny}} || 06/02/2014 || {{Bug|38862}} || || 4d<br />
|-<br />
| CVE-2013-6493 || {{Pkg|icedtea-web-jav}} || 05/02/2014 || || || 0d<br />
|- <br />
| CVE-2014-1858 CVE-2014-1859 || {{Pkg|python-numpy}} || 06/02/2014 || {{Bug|38863}} || || 4d<br />
|-<br />
| CVE-2014-1932 CVE-2014-1933 || {{Pkg|python-pillow}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1934 || {{Pkg|python-eyed3}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1935 || {{Pkg|9base}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1949 || {{Pkg|cinnamon-screensaver}} || 12/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1959 || {{Pkg|gnutls}} || 13/02/2014 || || || 2d<br />
|- <br />
| CVE-2014-2015 || {{Pkg|freeradius}} || 16/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1943 || {{Pkg|file}} || 10/02/2014 || || || 2d<br />
|-<br />
| CVE-2014-0001 CVE-2014-0412<br> CVE-2014-0437 CVE-2014-0420 <br> CVE-2014-0393 CVE-2014-0386 <br> CVE-2014-0401 CVE-2014-0402 || {{Pkg|mariadb}} || 13/02/2013 || || || -13d<br />
|-<br />
| CVE-2014-1447 || {{Pkg|libvirt}} || 16/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-0979 || lightdm-gtk* || 07/01/2014 || {{Bug|38715}} || || 25d<br />
|-<br />
| CVE-2014-1475 CVE-2014-1476 || {{Pkg|drupal}} || 15/01/2014 || || || 12d<br />
|-<br />
| CVE-2014-0019 || {{Pkg|socat}} || 29/01/2014 || || || 0d<br />
|- <br />
| CVE-2014-1845 CVE-2014-1846 || {{Pkg|enlightment}} || 03/02/2014 || || || -3d<br />
|-<br />
| CVE-2014-1838 CVE-2014-1839 || {{Pkg|python-logilab}} || 31/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-0368 CVE-2014-0373 <br> CVE-2014-0376 CVE-2014-0411 <br> CVE-2014-0416 CVE-2014-0422 <br> CVE-2014-0423 CVE-2014-0428 || *-openjdk-* || 15/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-1402 || {{Pkg|python-jinja}} || 10/01/2014 || || || 1d<br />
|-<br />
| CVE-2013-6462 || {{Pkg|libxfont}} || 07/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-1235 || {{Pkg|graphviz}} || 07/01/2014 || {{Bug|38441}} || || 3d<br />
|-<br />
| CVE-2014-0978 || {{Pkg|freerdp}} || 02/01/2014 || {{Bug|38802}} || || ??<br />
|-<br />
|}</div>Bwaynehttps://wiki.archlinux.org/index.php?title=CVE&diff=306235CVE2014-03-21T13:02:10Z<p>Bwayne: /* Documented Resolved CVE's */ added CVE-2014-2568 pkg=linux</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Stub|Draft of a table conaining already corrected CVE<br />
TODO: -improve sexyness of the table <br />
- links to Mitre for CVE-id<br />
}}<br />
<br />
{{Related articles start}}<br />
{{Related | Arch_CVE_Monitoring_Team}}<br />
{{Related articles end}}<br />
This article documents [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's) that are found and fixed in Arch Linux. <br />
<br />
==Introduction==<br />
CVE's represent critical security vulnerabilities which must be addressed as quickly as possible. <br />
<br />
Once a CVE has been located and fixed, it is added to the CVE documentation table below.<br />
<br />
==Helping==<br />
This is a community driven project. Please consider joining the [[Arch_CVE_Monitoring_Team | Arch CVE Monitoring Team]]. <br />
<br />
Also, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch security mailing list]. There is an IRC on irc://irc.freenode.net/archlinux-security.<br />
<br />
==Procedure==<br />
<br />
When adding a CVE to the table, add it to the TOP of the table. In the "CVE-id", "package/version", and "Update/bug" columns, create the entry as a hyperlink to the appropriate URL, respectively.<br />
<br />
<br />
The following template may be used to faciliate CVE entries into the table. The first line, "|-" represents the creation of a new row in the table, while the second line should be modified per CVE. <br />
{{hc|CVE Table Addition Template|<nowiki>|-<br />
| [http://link.to.cve CVE-2014-????] || {{Pkg|pkgname}} || date_public || update/bug || fixed_version || time_vulnerable || status (fixed|pending) </nowiki> }}<br />
<br />
The above template should be added after the line<br />
{{bc|<nowiki>! scope="col" width="125px" data-sort-type="text" | CVE-id !! package/version !! Date public !! Update/bug !! Fixed version !! Time vulnerable !! Status</nowiki>}}<br />
<br />
==Documented Resolved CVE's ==<br />
<br><br />
{{Note|Refer to the [[#Procedure]] section when adding new entries.}}<br />
<br />
<br />
{| class="wikitable" style="margin: 1em auto 1em auto; text-align: center;" width="50%"<br />
|height="50px" colspan="7" style="font-size: 125%;"| '''RESOLVED CVE's'''<br />
|-<br />
! scope="col" width="125px" data-sort-type="text" | CVE-id !! package/version !! Date public !! Update/bug !! Fixed version !! Time vulnerable !! Status<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2568 CVE-2014-2568] || {{Pkg|linux}} || 18/03/2014 || {{Bug|2568}} || - || 18/03/2014 -- ?? || pending <br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2524 CVE-2014-2524] || {{Pkg|tigervnc}} || 19/03/2014 || - || 1.3.1 || 1d || FIXED<br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/595 CVE-2013-7338] || {{Pkg|python}} || 19/03/2014 || {{Bug|39540}} || 3.4 beta3 || 2013-12-27:? || pending 3.4 -> [extra]<br />
|-<br />
| [http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html CVE-2014-0133 ] || {{Pkg|nginx}} || 18/03/2014 || - || 1.4.7 || 0d || fixed<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2013-7336 CVE-2013-7336 ] || {{Pkg|libvirt}} || 19/09/2013 || - || libvirt-1.1.1-7.el7 || 0d || fixed<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2523 CVE-2014-2523 ] || {{Pkg|linux}} || 17/03/2014 || - || 3.13-rc5 || ? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0004 CVE-2014-0004 ] || {{Pkg|udisks2}} {{Pkg|udisks}} || 10/03/2014 || 2.1.3 1.0.5 || 2.1.3 1.0.5 || 3d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2281 CVE-2014-2281 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2283 CVE-2014-2283 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2299 CVE-2014-2299 ] || {{Pkg|wireshark}} || 10/03/2014 || 1.10.6 || 1.10.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0050 CVE-2014-0050 ] || {{Pkg|tomcat7}} || 06/02/2014 || 7.0.51 || 7.0.51 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0033 CVE-2014-0033 ] || {{Pkg|tomcat6}} || 10/01/2014 || 6.0.37 || 6.0.37 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0032 CVE-2014-0032 ] || {{Pkg|subversion}} || 10/01/2014 || 1.8.6 || 1.8.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0060 CVE-2014-0060 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0061 CVE-2014-0061 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0062 CVE-2014-0062 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0063 CVE-2014-0063 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0064 CVE-2014-0064] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0065 CVE-2014-0065] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0066 CVE-2014-0066] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0067 CVE-2014-0067] || {{Pkg|postgresql}} || 20/02/2014 || 9.3.3 || 9.33 || 0d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1912 CVE-2014-1912 ] || {{Pkg|python}} {{Pkg|python2}} || 07/02/2014 || || || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4496 CVE-2013-4496 ] || {{Pkg|samba}}|| 14/03/2014 || {{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6442 CVE-2013-6442 ] || {{Pkg|samba}} || 14/03/2014 ||{{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0504 CVE-2014-0504 ] || {{Pkg|flashplugin}} || 12/03/2014 || {{Bug|39385}} || 11.2.202.346 || 1d || fixed<br />
|-<br />
| CVE-2014-0106 || {{Pkg|sudo}}/1.8.9.p5 || || 1.8.10 || || - || pending<br />
|-<br />
| CVE-2014-2285 CVE-2014-2284 || {{Pkg|net-snmp}} || 05/03/2014 || {{Bug|39190}} || || 8d<br />
|-<br />
| CVE-2014-0092 || {{Pkg|gnutls}} || 04/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2242 CVE-2014-2243 <br> CVE-2014-2242 || {{Pkg|mediawiki}} || 14/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2096 CVE-2014-2093 || {{Pkg|catfish}} || 25/02/2014 || || || ??<br />
|-<br />
| CVE-2014-0497|| {{Pkg|flashplugin}} || 04/02/2014 || || || 1d<br />
|-<br />
| CVE-2014-0015 || {{Pkg|curl}} || 29/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-1610 || {{Pkg|mediawiki}} || 29/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-0021 || {{Pkg|chrony}} || 17/01/2014 || || || 14d<br />
|-<br />
| CVE-2014-1875 || {{Pkg|perl-capture-tiny}} || 06/02/2014 || {{Bug|38862}} || || 4d<br />
|-<br />
| CVE-2013-6493 || {{Pkg|icedtea-web-jav}} || 05/02/2014 || || || 0d<br />
|- <br />
| CVE-2014-1858 CVE-2014-1859 || {{Pkg|python-numpy}} || 06/02/2014 || {{Bug|38863}} || || 4d<br />
|-<br />
| CVE-2014-1932 CVE-2014-1933 || {{Pkg|python-pillow}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1934 || {{Pkg|python-eyed3}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1935 || {{Pkg|9base}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1949 || {{Pkg|cinnamon-screensaver}} || 12/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1959 || {{Pkg|gnutls}} || 13/02/2014 || || || 2d<br />
|- <br />
| CVE-2014-2015 || {{Pkg|freeradius}} || 16/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1943 || {{Pkg|file}} || 10/02/2014 || || || 2d<br />
|-<br />
| CVE-2014-0001 CVE-2014-0412<br> CVE-2014-0437 CVE-2014-0420 <br> CVE-2014-0393 CVE-2014-0386 <br> CVE-2014-0401 CVE-2014-0402 || {{Pkg|mariadb}} || 13/02/2013 || || || -13d<br />
|-<br />
| CVE-2014-1447 || {{Pkg|libvirt}} || 16/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-0979 || lightdm-gtk* || 07/01/2014 || {{Bug|38715}} || || 25d<br />
|-<br />
| CVE-2014-1475 CVE-2014-1476 || {{Pkg|drupal}} || 15/01/2014 || || || 12d<br />
|-<br />
| CVE-2014-0019 || {{Pkg|socat}} || 29/01/2014 || || || 0d<br />
|- <br />
| CVE-2014-1845 CVE-2014-1846 || {{Pkg|enlightment}} || 03/02/2014 || || || -3d<br />
|-<br />
| CVE-2014-1838 CVE-2014-1839 || {{Pkg|python-logilab}} || 31/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-0368 CVE-2014-0373 <br> CVE-2014-0376 CVE-2014-0411 <br> CVE-2014-0416 CVE-2014-0422 <br> CVE-2014-0423 CVE-2014-0428 || *-openjdk-* || 15/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-1402 || {{Pkg|python-jinja}} || 10/01/2014 || || || 1d<br />
|-<br />
| CVE-2013-6462 || {{Pkg|libxfont}} || 07/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-1235 || {{Pkg|graphviz}} || 07/01/2014 || {{Bug|38441}} || || 3d<br />
|-<br />
| CVE-2014-0978 || {{Pkg|freerdp}} || 02/01/2014 || {{Bug|38802}} || || ??<br />
|-<br />
|}</div>Bwaynehttps://wiki.archlinux.org/index.php?title=User:Bwayne&diff=306226User:Bwayne2014-03-21T12:00:05Z<p>Bwayne: </p>
<hr />
<div>__NOTOC__<br />
Page for Arch user and ArchWiki contributor Billy Wayne McCann. Any information you require that is not listed below may be found via the [http://www.noagendashow.com/ Global Citizen-Slave Information Network]. <br />
<br />
===Involvement===<br />
Member of the [[Arch_CVE_Monitoring_Team|Arch CVE Monitoring Team]].<br />
<br />
===Profession===<br />
Computational Chemist<br />
<br />
===Location===<br />
United States<br />
<br />
===Contacts===<br />
thebillywayne ~et~ gmail.com<br><br />
irc://irc.freenode.net:bwayne<br><br />
https://plus.google.com/+BillyWayneMcCann<br />
<br />
===AUR Packages===<br />
[https://aur.archlinux.org/packages/molden/ Molden] <br><br />
[https://aur.archlinux.org/packages/molekel/ Molekel]<br><br />
<br />
===PGP Key===<br />
[http://pgp.mit.edu/pks/lookup?op=get&search=0x223A2CAA56146040 0x223A2CAA56146040] <br><br />
(fingerprint E540 A552 3C48 C24F CE7D 9C0A 223A 2CAA 5614 6040)</div>Bwaynehttps://wiki.archlinux.org/index.php?title=Arch_Security_Team&diff=306225Arch Security Team2014-03-21T11:57:52Z<p>Bwayne: /* Joining the ACMT */</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Stub|For now, this page is a draft to construct something according to https://mailman.archlinux.org/pipermail/arch-dev-public/2014-March/025952.html}}<br />
<br />
{{Related articles start}}<br />
{{Related|Security Task Force}}<br />
{{Related|CVE-2014}}<br />
{{Related articles end}}<br />
<br />
<br />
This article introduces the Arch CVE Monitoring Team (ACMT) and describes best practices for contributing. <br />
<br />
<br />
==Introduction==<br />
Arch Linux is a community-driven distribution. It relies upon the efforts of volunteers to maintain and improve the distribution itself and to support fellow community members. <br />
<br />
The importance of software security cannot be overstated. Today's society relies upon computer technology for everything from amusement to indispensable national and local infrastructure. Many rely upon Arch Linux to provide these. <br />
<br />
On March 9, 2014, Allan McRae [https://mailman.archlinux.org/pipermail/arch-dev-public/2014-March/025952.html called] upon our community to assist in securing Arch Linux by monitoring any and all relevant resources for announced [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's). In contrast to security issues which can be fixed by updating, CVE's require patches to be backported. As such, Arch developers must be notified that this is the case. This is where the ACMT comes in.<br />
<br />
The ACMT should embody the efforts of the "security-conscious" part of the Arch users population. Server owners, maintainers of workstations in production environments as well as concerned personal users would gain the benefit of relatively prompt security updates. The ACMT should help alleviate two important problems: finding bugs, communicating with developers. <br />
<br />
The Team is a volunteer maintained service. Volunteers are welcome to help identify and notify packages with security vulnerabilities.<br />
<br />
==Joining the ACMT==<br />
Joining is as simple as helping. Firstly, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch Security mailing list] and/or IRC chan [irc://irc.freenode.net/archlinux-security #archlinux-security]. Secondly, consider the area where you'd like to help. It would be ideal to have team members' labor divided across the software ecosystem as equally as possible. This helps the Team to quickly and efficiently find and report CVE's. Software categories are listed [[Arch_CVE_Monitoring_Team#Package_Categories_and_Team_Members|below]]. However, it is not required that those who wish to volunteer restrict their monitoring in any way. "Global" and multiple-category volunteers are needed and encouraged. <br />
<br />
It is recommended that interested parties please consider monitoring those categories for which there are fewer volunteers. However, it is fully recognized that volunteers contribute best in areas in which they're most interested. Please consider both of these factors when selecting where your primary efforts will be placed. However, please note that it is not required that you restrict your monitoring to any one particular category. ''The goal of the ACMT is to simply keep Arch Linux secure. Any and all efforts are more than welcome and unreservedly appreciated.''<br />
<br />
If you would like to join the Team, please edit this page to include your name in the [[Arch_CVE_Monitoring_Team#Package_Categories_and_Team_Members|Package Categories and Team Members]] section below. Please place your name beneath the package category for which you will be monitoring. If you do not care to monitor specific categories and you would like to contribute any and all, please place your name in the "Global" category. ''These options are not mutually exclusive.''<br />
<br />
==Participation Guidelines==<br />
<br />
ACMT monitors all packages within the following repositories:<br />
* ''core''<br />
* ''extra''<br />
* ''community''<br />
<br />
Follow mailing lists (both development and user), security advisories (if any) and bug trackers on a regular basis. A few resources are listed below. You will quickly learn the different kind of vulnerabilities if you are unfamiliar. For those who will monitor languages, it is ideal to be able to operate at both the interpreter level (often written in C) and the language level. <br />
<br />
Everyone should file bug reports. If you are unsure how to file a bug report, please refer to the [[Reporting_Bug_Guidelines| Bug Reporting Guidelines]]. <br />
<br />
People with the technical ability are encouraged to not only file bug reports about CVE's, but write/comment patches, test, communicate with upstream developers, among other things.<br />
<br />
==Procedure==<br />
A critical security exploit has been found in a software package within the Arch Linux official repositories. An ACMT member picks up this information from some mailing list he/she is following. If upstream released a new version that corrects the issue, the ACMT member should flag the package out-of-date and post pertinent information to the arch-security mailing list, which will likely get the attention of the developers. If, on the other hand, upstream releases only a patch, the ACMT member should file a bug report.<br />
<br />
====Bug Report Template====<br />
<br />
{{bc|<br />
Title : [<pkg-name>] security patch for <CVE-id><br />
Description:<br />
Quick description of the issue (or copy/paste from oss-sec, upstream bug reports, etc.)<br />
upstream bug report [0]<br />
<br />
Resolution:<br />
patch [1] <br />
<br />
Resources:<br />
[0] links to upstream bug report<br />
[1] link to patch<br />
}}<br />
<br />
The criticality of the bug report should be set to either Critical or High, depending on the severity of the issue.<br />
Some updates will be much more critical than others. However, updates are always recommended in the case of any vulnerability.<br />
<br />
Once this process is complete, please add the CVE to the [[CVE-2014]] Documented Resolved CVE table.<br />
<br />
==Resources==<br />
===RSS===<br />
;National Vulnerability Database (NVD)<br />
: All CVE vulnerabilites: http://nvd.nist.gov/download/nvd-rss.xml<br />
: All fully analyzed CVE vulnerabilities: http://nvd.nist.gov/download/nvd-rss-analyzed.xml<br />
<br />
===Mailing Lists===<br />
;oss-sec: main list dealing with security of free software, a lot of CVE attributions happen here, required if you wish to follow security news.<br><br />
:info: http://oss-security.openwall.org/wiki/mailing-lists/oss-security<br />
:subscribe: oss-security-subscribe(at)lists.openwall.com<br />
:archive: http://www.openwall.com/lists/oss-security/<br />
<br />
;bugtraq:a full disclosure moderated mailing list (noisy)<br />
:info: http://www.securityfocus.com/archive/1/description<br />
:subscribe: bugtraq-subscribe(at)securityfocus.com<br />
<br />
;full-disclosure: another full-disclosure mailing-list (noisy)<br />
:info: http://lists.grok.org.uk/full-disclosure-charter.html<br />
:subscribe: full-disclosure-request(at)lists.grok.org.uk<br />
<br />
Also consider following the mailing lists for specific packages, such as LibreOffice, X.org, Puppetlabs, ISC, etc.<br />
<br />
===Other Distributions===<br />
Resources of other distributions (to look for CVE, patch, comments etc.):<br />
;RedHat and Fedora:<br />
:rss advisories: https://admin.fedoraproject.org/updates/rss/rss2.0?type=security<br />
:CVE tracker: https://access.redhat.com/security/cve/<CVE-id><br />
:bug tracker: https://bugzilla.redhat.com/show_bug.cgi?id=<CVE-id><br />
<br />
;Ubuntu:<br />
:advisories: http://www.ubuntu.com/usn/atom.xml<br />
:CVE tracker: http://people.canonical.com/~ubuntu-security/cve/?cve=<CVE-id><br />
:database: https://code.launchpad.net/~ubuntu-security/ubuntu-cve-tracker/master<br />
<br />
;Debian:<br />
:CVE tracker: http://security-tracker.debian.org/tracker/<CVE-id><br />
:patch-tracker: http://patch-tracker.debian.org/<br />
:database: http://anonscm.debian.org/viewvc/secure-testing/data/<br />
<br />
;OpenSUSE:<br />
:CVE tracker: http://support.novell.com/security/cve/<CVE-id>.html<br />
<br />
===Other===<br />
;Mitre and NVD links for CVE's:<br />
:http://cve.mitre.org/cgi-bin/cvename.cgi?name=<CVE-id><br />
:http://web.nvd.nist.gov/view/vuln/detail?vulnId=<CVE-id><br />
<br />
NVD and Mitre do not necessarily fill their CVE entry immediately after attribution, so it's not always relevant for Arch. The CVE-id and the "Date Entry Created" fields do not have particular meaning. CVE are attributed by CVE Numbering Authorities (CNA), and each CNA obtain CVE blocks from Mitre when needed/asked, so the CVE ID is not linked to the attribution date. The "Date Entry Created" field often only indicates when the CVE block was given to the CNA, nothing more.<br />
<br />
;Linux Weekly News: LWN provides a daily notice of security updates for various distributions<br />
:http://lwn.net/headlines/newrss<br />
<br />
===More===<br />
For more resources, please see the OpenWall's [http://oss-security.openwall.org/wiki/ Open Source Software Security Wiki]. <br />
<br />
<br />
==Package Categories and Team Members==<br />
Below is a list of general package categories. Should you like, you are welcome to add a new category. Please remember the KISS philosophy when editing the list. <br />
<br />
*Global<br />
:[[User:Bwayne|Billy Wayne McCann]]<br />
:[[User:Netmonk|HegemoOn]]<br />
:[Your Name Here]<br />
* Kernel<br />
:Mark Lee<br />
* Filesystems<br />
:[Your Name Here]<br />
* GNU userland<br />
:[[User:RbN|RbN]]<br />
* Xorg<br />
:[[User:RbN|RbN]]<br />
* Systemd<br />
:[[User:RbN|RbN]]<br />
* Perl and associated software<br />
:[Your Name Here]<br />
* Python and associated software<br />
:[[User:Srl|Scott Lawrence]]<br />
:[Your Name Here]<br />
* Java and associated software<br />
:[Your Name Here]<br />
* Ruby and associated software<br />
:[Your Name Here]<br />
* Gtk/Gnome and associated software<br />
:[Your Name Here]<br />
* QT/KDE and associated software<br />
:[[User:Bwayne|Billy Wayne McCann]] (KDE)<br />
:[Your Name Here]<br />
* Various Windows Managers (please include which WM along with your name)<br />
:[Your Name Here]</div>Bwaynehttps://wiki.archlinux.org/index.php?title=CVE&diff=306224CVE2014-03-21T11:55:48Z<p>Bwayne: /* Helping */</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Stub|Draft of a table conaining already corrected CVE<br />
TODO: -improve sexyness of the table <br />
- links to Mitre for CVE-id<br />
}}<br />
<br />
{{Related articles start}}<br />
{{Related | Arch_CVE_Monitoring_Team}}<br />
{{Related articles end}}<br />
This article documents [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's) that are found and fixed in Arch Linux. <br />
<br />
==Introduction==<br />
CVE's represent critical security vulnerabilities which must be addressed as quickly as possible. <br />
<br />
Once a CVE has been located and fixed, it is added to the CVE documentation table below.<br />
<br />
==Helping==<br />
This is a community driven project. Please consider joining the [[Arch_CVE_Monitoring_Team | Arch CVE Monitoring Team]]. <br />
<br />
Also, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch security mailing list]. There is an IRC on irc://irc.freenode.net/archlinux-security.<br />
<br />
==Procedure==<br />
<br />
When adding a CVE to the table, add it to the TOP of the table. In the "CVE-id", "package/version", and "Update/bug" columns, create the entry as a hyperlink to the appropriate URL, respectively.<br />
<br />
<br />
The following template may be used to faciliate CVE entries into the table. The first line, "|-" represents the creation of a new row in the table, while the second line should be modified per CVE. <br />
{{hc|CVE Table Addition Template|<nowiki>|-<br />
| [http://link.to.cve CVE-2014-????] || {{Pkg|pkgname}} || date_public || update/bug || fixed_version || time_vulnerable || status (fixed|pending) </nowiki> }}<br />
<br />
The above template should be added after the line<br />
{{bc|<nowiki>! scope="col" width="125px" data-sort-type="text" | CVE-id !! package/version !! Date public !! Update/bug !! Fixed version !! Time vulnerable !! Status</nowiki>}}<br />
<br />
==Documented Resolved CVE's ==<br />
<br><br />
{{Note|Refer to the [[#Procedure]] section when adding new entries.}}<br />
<br />
<br />
{| class="wikitable" style="margin: 1em auto 1em auto; text-align: center;" width="50%"<br />
|height="50px" colspan="7" style="font-size: 125%;"| '''RESOLVED CVE's'''<br />
|-<br />
! scope="col" width="125px" data-sort-type="text" | CVE-id !! package/version !! Date public !! Update/bug !! Fixed version !! Time vulnerable !! Status<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2524 CVE-2014-2524] || {{Pkg|tigervnc}} || 19/03/2014 || - || 1.3.1 || 1d || FIXED<br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/595 CVE-2013-7338] || {{Pkg|python}} || 19/03/2014 || {{Bug|39540}} || 3.4 beta3 || 2013-12-27:? || pending 3.4 -> [extra]<br />
|-<br />
| [http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html CVE-2014-0133 ] || {{Pkg|nginx}} || 18/03/2014 || - || 1.4.7 || 0d || fixed<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2013-7336 CVE-2013-7336 ] || {{Pkg|libvirt}} || 19/09/2013 || - || libvirt-1.1.1-7.el7 || 0d || fixed<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2523 CVE-2014-2523 ] || {{Pkg|linux}} || 17/03/2014 || - || 3.13-rc5 || ? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0004 CVE-2014-0004 ] || {{Pkg|udisks2}} {{Pkg|udisks}} || 10/03/2014 || 2.1.3 1.0.5 || 2.1.3 1.0.5 || 3d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2281 CVE-2014-2281 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2283 CVE-2014-2283 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2299 CVE-2014-2299 ] || {{Pkg|wireshark}} || 10/03/2014 || 1.10.6 || 1.10.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0050 CVE-2014-0050 ] || {{Pkg|tomcat7}} || 06/02/2014 || 7.0.51 || 7.0.51 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0033 CVE-2014-0033 ] || {{Pkg|tomcat6}} || 10/01/2014 || 6.0.37 || 6.0.37 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0032 CVE-2014-0032 ] || {{Pkg|subversion}} || 10/01/2014 || 1.8.6 || 1.8.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0060 CVE-2014-0060 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0061 CVE-2014-0061 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0062 CVE-2014-0062 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0063 CVE-2014-0063 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0064 CVE-2014-0064] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0065 CVE-2014-0065] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0066 CVE-2014-0066] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0067 CVE-2014-0067] || {{Pkg|postgresql}} || 20/02/2014 || 9.3.3 || 9.33 || 0d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1912 CVE-2014-1912 ] || {{Pkg|python}} {{Pkg|python2}} || 07/02/2014 || || || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4496 CVE-2013-4496 ] || {{Pkg|samba}}|| 14/03/2014 || {{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6442 CVE-2013-6442 ] || {{Pkg|samba}} || 14/03/2014 ||{{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0504 CVE-2014-0504 ] || {{Pkg|flashplugin}} || 12/03/2014 || {{Bug|39385}} || 11.2.202.346 || 1d || fixed<br />
|-<br />
| CVE-2014-0106 || {{Pkg|sudo}}/1.8.9.p5 || || 1.8.10 || || - || pending<br />
|-<br />
| CVE-2014-2285 CVE-2014-2284 || {{Pkg|net-snmp}} || 05/03/2014 || {{Bug|39190}} || || 8d<br />
|-<br />
| CVE-2014-0092 || {{Pkg|gnutls}} || 04/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2242 CVE-2014-2243 <br> CVE-2014-2242 || {{Pkg|mediawiki}} || 14/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2096 CVE-2014-2093 || {{Pkg|catfish}} || 25/02/2014 || || || ??<br />
|-<br />
| CVE-2014-0497|| {{Pkg|flashplugin}} || 04/02/2014 || || || 1d<br />
|-<br />
| CVE-2014-0015 || {{Pkg|curl}} || 29/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-1610 || {{Pkg|mediawiki}} || 29/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-0021 || {{Pkg|chrony}} || 17/01/2014 || || || 14d<br />
|-<br />
| CVE-2014-1875 || {{Pkg|perl-capture-tiny}} || 06/02/2014 || {{Bug|38862}} || || 4d<br />
|-<br />
| CVE-2013-6493 || {{Pkg|icedtea-web-jav}} || 05/02/2014 || || || 0d<br />
|- <br />
| CVE-2014-1858 CVE-2014-1859 || {{Pkg|python-numpy}} || 06/02/2014 || {{Bug|38863}} || || 4d<br />
|-<br />
| CVE-2014-1932 CVE-2014-1933 || {{Pkg|python-pillow}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1934 || {{Pkg|python-eyed3}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1935 || {{Pkg|9base}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1949 || {{Pkg|cinnamon-screensaver}} || 12/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1959 || {{Pkg|gnutls}} || 13/02/2014 || || || 2d<br />
|- <br />
| CVE-2014-2015 || {{Pkg|freeradius}} || 16/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1943 || {{Pkg|file}} || 10/02/2014 || || || 2d<br />
|-<br />
| CVE-2014-0001 CVE-2014-0412<br> CVE-2014-0437 CVE-2014-0420 <br> CVE-2014-0393 CVE-2014-0386 <br> CVE-2014-0401 CVE-2014-0402 || {{Pkg|mariadb}} || 13/02/2013 || || || -13d<br />
|-<br />
| CVE-2014-1447 || {{Pkg|libvirt}} || 16/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-0979 || lightdm-gtk* || 07/01/2014 || {{Bug|38715}} || || 25d<br />
|-<br />
| CVE-2014-1475 CVE-2014-1476 || {{Pkg|drupal}} || 15/01/2014 || || || 12d<br />
|-<br />
| CVE-2014-0019 || {{Pkg|socat}} || 29/01/2014 || || || 0d<br />
|- <br />
| CVE-2014-1845 CVE-2014-1846 || {{Pkg|enlightment}} || 03/02/2014 || || || -3d<br />
|-<br />
| CVE-2014-1838 CVE-2014-1839 || {{Pkg|python-logilab}} || 31/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-0368 CVE-2014-0373 <br> CVE-2014-0376 CVE-2014-0411 <br> CVE-2014-0416 CVE-2014-0422 <br> CVE-2014-0423 CVE-2014-0428 || *-openjdk-* || 15/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-1402 || {{Pkg|python-jinja}} || 10/01/2014 || || || 1d<br />
|-<br />
| CVE-2013-6462 || {{Pkg|libxfont}} || 07/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-1235 || {{Pkg|graphviz}} || 07/01/2014 || {{Bug|38441}} || || 3d<br />
|-<br />
| CVE-2014-0978 || {{Pkg|freerdp}} || 02/01/2014 || {{Bug|38802}} || || ??<br />
|-<br />
|}</div>Bwaynehttps://wiki.archlinux.org/index.php?title=CVE&diff=306223CVE2014-03-21T11:50:13Z<p>Bwayne: /* Procedure */</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Stub|Draft of a table conaining already corrected CVE<br />
TODO: -improve sexyness of the table <br />
- links to Mitre for CVE-id<br />
}}<br />
<br />
{{Related articles start}}<br />
{{Related | Arch_CVE_Monitoring_Team}}<br />
{{Related articles end}}<br />
This article documents [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's) that are found and fixed in Arch Linux. <br />
<br />
==Introduction==<br />
CVE's represent critical security vulnerabilities which must be addressed as quickly as possible. <br />
<br />
Once a CVE has been located and fixed, it is added to the CVE documentation table below.<br />
<br />
==Helping==<br />
This is a community driven project. Please consider joining the [[Arch_CVE_Monitoring_Team | Arch CVE Monitoring Team]]. <br />
<br />
Also, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch security mailing list]. There is an IRC on irc.freenode.net#archlinux-security.<br />
<br />
==Procedure==<br />
<br />
When adding a CVE to the table, add it to the TOP of the table. In the "CVE-id", "package/version", and "Update/bug" columns, create the entry as a hyperlink to the appropriate URL, respectively.<br />
<br />
<br />
The following template may be used to faciliate CVE entries into the table. The first line, "|-" represents the creation of a new row in the table, while the second line should be modified per CVE. <br />
{{hc|CVE Table Addition Template|<nowiki>|-<br />
| [http://link.to.cve CVE-2014-????] || {{Pkg|pkgname}} || date_public || update/bug || fixed_version || time_vulnerable || status (fixed|pending) </nowiki> }}<br />
<br />
The above template should be added after the line<br />
{{bc|<nowiki>! scope="col" width="125px" data-sort-type="text" | CVE-id !! package/version !! Date public !! Update/bug !! Fixed version !! Time vulnerable !! Status</nowiki>}}<br />
<br />
==Documented Resolved CVE's ==<br />
<br><br />
{{Note|Refer to the [[#Procedure]] section when adding new entries.}}<br />
<br />
<br />
{| class="wikitable" style="margin: 1em auto 1em auto; text-align: center;" width="50%"<br />
|height="50px" colspan="7" style="font-size: 125%;"| '''RESOLVED CVE's'''<br />
|-<br />
! scope="col" width="125px" data-sort-type="text" | CVE-id !! package/version !! Date public !! Update/bug !! Fixed version !! Time vulnerable !! Status<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2524 CVE-2014-2524] || {{Pkg|tigervnc}} || 19/03/2014 || - || 1.3.1 || 1d || FIXED<br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/595 CVE-2013-7338] || {{Pkg|python}} || 19/03/2014 || {{Bug|39540}} || 3.4 beta3 || 2013-12-27:? || pending 3.4 -> [extra]<br />
|-<br />
| [http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html CVE-2014-0133 ] || {{Pkg|nginx}} || 18/03/2014 || - || 1.4.7 || 0d || fixed<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2013-7336 CVE-2013-7336 ] || {{Pkg|libvirt}} || 19/09/2013 || - || libvirt-1.1.1-7.el7 || 0d || fixed<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2523 CVE-2014-2523 ] || {{Pkg|linux}} || 17/03/2014 || - || 3.13-rc5 || ? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0004 CVE-2014-0004 ] || {{Pkg|udisks2}} {{Pkg|udisks}} || 10/03/2014 || 2.1.3 1.0.5 || 2.1.3 1.0.5 || 3d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2281 CVE-2014-2281 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2283 CVE-2014-2283 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2299 CVE-2014-2299 ] || {{Pkg|wireshark}} || 10/03/2014 || 1.10.6 || 1.10.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0050 CVE-2014-0050 ] || {{Pkg|tomcat7}} || 06/02/2014 || 7.0.51 || 7.0.51 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0033 CVE-2014-0033 ] || {{Pkg|tomcat6}} || 10/01/2014 || 6.0.37 || 6.0.37 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0032 CVE-2014-0032 ] || {{Pkg|subversion}} || 10/01/2014 || 1.8.6 || 1.8.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0060 CVE-2014-0060 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0061 CVE-2014-0061 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0062 CVE-2014-0062 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0063 CVE-2014-0063 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0064 CVE-2014-0064] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0065 CVE-2014-0065] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0066 CVE-2014-0066] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0067 CVE-2014-0067] || {{Pkg|postgresql}} || 20/02/2014 || 9.3.3 || 9.33 || 0d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1912 CVE-2014-1912 ] || {{Pkg|python}} {{Pkg|python2}} || 07/02/2014 || || || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4496 CVE-2013-4496 ] || {{Pkg|samba}}|| 14/03/2014 || {{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6442 CVE-2013-6442 ] || {{Pkg|samba}} || 14/03/2014 ||{{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0504 CVE-2014-0504 ] || {{Pkg|flashplugin}} || 12/03/2014 || {{Bug|39385}} || 11.2.202.346 || 1d || fixed<br />
|-<br />
| CVE-2014-0106 || {{Pkg|sudo}}/1.8.9.p5 || || 1.8.10 || || - || pending<br />
|-<br />
| CVE-2014-2285 CVE-2014-2284 || {{Pkg|net-snmp}} || 05/03/2014 || {{Bug|39190}} || || 8d<br />
|-<br />
| CVE-2014-0092 || {{Pkg|gnutls}} || 04/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2242 CVE-2014-2243 <br> CVE-2014-2242 || {{Pkg|mediawiki}} || 14/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2096 CVE-2014-2093 || {{Pkg|catfish}} || 25/02/2014 || || || ??<br />
|-<br />
| CVE-2014-0497|| {{Pkg|flashplugin}} || 04/02/2014 || || || 1d<br />
|-<br />
| CVE-2014-0015 || {{Pkg|curl}} || 29/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-1610 || {{Pkg|mediawiki}} || 29/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-0021 || {{Pkg|chrony}} || 17/01/2014 || || || 14d<br />
|-<br />
| CVE-2014-1875 || {{Pkg|perl-capture-tiny}} || 06/02/2014 || {{Bug|38862}} || || 4d<br />
|-<br />
| CVE-2013-6493 || {{Pkg|icedtea-web-jav}} || 05/02/2014 || || || 0d<br />
|- <br />
| CVE-2014-1858 CVE-2014-1859 || {{Pkg|python-numpy}} || 06/02/2014 || {{Bug|38863}} || || 4d<br />
|-<br />
| CVE-2014-1932 CVE-2014-1933 || {{Pkg|python-pillow}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1934 || {{Pkg|python-eyed3}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1935 || {{Pkg|9base}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1949 || {{Pkg|cinnamon-screensaver}} || 12/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1959 || {{Pkg|gnutls}} || 13/02/2014 || || || 2d<br />
|- <br />
| CVE-2014-2015 || {{Pkg|freeradius}} || 16/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1943 || {{Pkg|file}} || 10/02/2014 || || || 2d<br />
|-<br />
| CVE-2014-0001 CVE-2014-0412<br> CVE-2014-0437 CVE-2014-0420 <br> CVE-2014-0393 CVE-2014-0386 <br> CVE-2014-0401 CVE-2014-0402 || {{Pkg|mariadb}} || 13/02/2013 || || || -13d<br />
|-<br />
| CVE-2014-1447 || {{Pkg|libvirt}} || 16/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-0979 || lightdm-gtk* || 07/01/2014 || {{Bug|38715}} || || 25d<br />
|-<br />
| CVE-2014-1475 CVE-2014-1476 || {{Pkg|drupal}} || 15/01/2014 || || || 12d<br />
|-<br />
| CVE-2014-0019 || {{Pkg|socat}} || 29/01/2014 || || || 0d<br />
|- <br />
| CVE-2014-1845 CVE-2014-1846 || {{Pkg|enlightment}} || 03/02/2014 || || || -3d<br />
|-<br />
| CVE-2014-1838 CVE-2014-1839 || {{Pkg|python-logilab}} || 31/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-0368 CVE-2014-0373 <br> CVE-2014-0376 CVE-2014-0411 <br> CVE-2014-0416 CVE-2014-0422 <br> CVE-2014-0423 CVE-2014-0428 || *-openjdk-* || 15/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-1402 || {{Pkg|python-jinja}} || 10/01/2014 || || || 1d<br />
|-<br />
| CVE-2013-6462 || {{Pkg|libxfont}} || 07/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-1235 || {{Pkg|graphviz}} || 07/01/2014 || {{Bug|38441}} || || 3d<br />
|-<br />
| CVE-2014-0978 || {{Pkg|freerdp}} || 02/01/2014 || {{Bug|38802}} || || ??<br />
|-<br />
|}</div>Bwaynehttps://wiki.archlinux.org/index.php?title=CVE&diff=306222CVE2014-03-21T11:47:07Z<p>Bwayne: /* Documented Resolved CVE's */</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Stub|Draft of a table conaining already corrected CVE<br />
TODO: -improve sexyness of the table <br />
- links to Mitre for CVE-id<br />
}}<br />
<br />
{{Related articles start}}<br />
{{Related | Arch_CVE_Monitoring_Team}}<br />
{{Related articles end}}<br />
This article documents [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's) that are found and fixed in Arch Linux. <br />
<br />
==Introduction==<br />
CVE's represent critical security vulnerabilities which must be addressed as quickly as possible. <br />
<br />
Once a CVE has been located and fixed, it is added to the CVE documentation table below.<br />
<br />
==Helping==<br />
This is a community driven project. Please consider joining the [[Arch_CVE_Monitoring_Team | Arch CVE Monitoring Team]]. <br />
<br />
Also, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch security mailing list]. There is an IRC on irc.freenode.net#archlinux-security.<br />
<br />
==Procedure==<br />
<br />
When adding a CVE to the table, add it to the TOP of the table. In the "CVE-id", "package/version", and "Update/bug" columns, create the entry as a hyperlink to the appropriate URL, respectively.<br />
<br />
<br />
The following template may be used to faciliate CVE entries into the table. The first line, "|-" represents the creation of a new row in the table, while the second line should be modified per CVE. <br />
{{hc|CVE Table Addition Template|<nowiki>|-<br />
| [http://link.to.cve CVE-2014-????] || {{Pkg|pkgname}} || date_public || update/bug || fixed_version || time_vulnerable || status (fixed|pending) </nowiki> }}<br />
<br />
==Documented Resolved CVE's ==<br />
<br><br />
{{Note|Refer to the [[#Procedure]] section when adding new entries.}}<br />
<br />
<br />
{| class="wikitable" style="margin: 1em auto 1em auto; text-align: center;" width="50%"<br />
|height="50px" colspan="7" style="font-size: 125%;"| '''RESOLVED CVE's'''<br />
|-<br />
! scope="col" width="125px" data-sort-type="text" | CVE-id !! package/version !! Date public !! Update/bug !! Fixed version !! Time vulnerable !! Status<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2524 CVE-2014-2524] || {{Pkg|tigervnc}} || 19/03/2014 || - || 1.3.1 || 1d || FIXED<br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/595 CVE-2013-7338] || {{Pkg|python}} || 19/03/2014 || {{Bug|39540}} || 3.4 beta3 || 2013-12-27:? || pending 3.4 -> [extra]<br />
|-<br />
| [http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html CVE-2014-0133 ] || {{Pkg|nginx}} || 18/03/2014 || - || 1.4.7 || 0d || fixed<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2013-7336 CVE-2013-7336 ] || {{Pkg|libvirt}} || 19/09/2013 || - || libvirt-1.1.1-7.el7 || 0d || fixed<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2523 CVE-2014-2523 ] || {{Pkg|linux}} || 17/03/2014 || - || 3.13-rc5 || ? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0004 CVE-2014-0004 ] || {{Pkg|udisks2}} {{Pkg|udisks}} || 10/03/2014 || 2.1.3 1.0.5 || 2.1.3 1.0.5 || 3d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2281 CVE-2014-2281 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2283 CVE-2014-2283 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2299 CVE-2014-2299 ] || {{Pkg|wireshark}} || 10/03/2014 || 1.10.6 || 1.10.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0050 CVE-2014-0050 ] || {{Pkg|tomcat7}} || 06/02/2014 || 7.0.51 || 7.0.51 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0033 CVE-2014-0033 ] || {{Pkg|tomcat6}} || 10/01/2014 || 6.0.37 || 6.0.37 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0032 CVE-2014-0032 ] || {{Pkg|subversion}} || 10/01/2014 || 1.8.6 || 1.8.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0060 CVE-2014-0060 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0061 CVE-2014-0061 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0062 CVE-2014-0062 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0063 CVE-2014-0063 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0064 CVE-2014-0064] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0065 CVE-2014-0065] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0066 CVE-2014-0066] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0067 CVE-2014-0067] || {{Pkg|postgresql}} || 20/02/2014 || 9.3.3 || 9.33 || 0d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1912 CVE-2014-1912 ] || {{Pkg|python}} {{Pkg|python2}} || 07/02/2014 || || || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4496 CVE-2013-4496 ] || {{Pkg|samba}}|| 14/03/2014 || {{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6442 CVE-2013-6442 ] || {{Pkg|samba}} || 14/03/2014 ||{{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0504 CVE-2014-0504 ] || {{Pkg|flashplugin}} || 12/03/2014 || {{Bug|39385}} || 11.2.202.346 || 1d || fixed<br />
|-<br />
| CVE-2014-0106 || {{Pkg|sudo}}/1.8.9.p5 || || 1.8.10 || || - || pending<br />
|-<br />
| CVE-2014-2285 CVE-2014-2284 || {{Pkg|net-snmp}} || 05/03/2014 || {{Bug|39190}} || || 8d<br />
|-<br />
| CVE-2014-0092 || {{Pkg|gnutls}} || 04/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2242 CVE-2014-2243 <br> CVE-2014-2242 || {{Pkg|mediawiki}} || 14/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2096 CVE-2014-2093 || {{Pkg|catfish}} || 25/02/2014 || || || ??<br />
|-<br />
| CVE-2014-0497|| {{Pkg|flashplugin}} || 04/02/2014 || || || 1d<br />
|-<br />
| CVE-2014-0015 || {{Pkg|curl}} || 29/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-1610 || {{Pkg|mediawiki}} || 29/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-0021 || {{Pkg|chrony}} || 17/01/2014 || || || 14d<br />
|-<br />
| CVE-2014-1875 || {{Pkg|perl-capture-tiny}} || 06/02/2014 || {{Bug|38862}} || || 4d<br />
|-<br />
| CVE-2013-6493 || {{Pkg|icedtea-web-jav}} || 05/02/2014 || || || 0d<br />
|- <br />
| CVE-2014-1858 CVE-2014-1859 || {{Pkg|python-numpy}} || 06/02/2014 || {{Bug|38863}} || || 4d<br />
|-<br />
| CVE-2014-1932 CVE-2014-1933 || {{Pkg|python-pillow}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1934 || {{Pkg|python-eyed3}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1935 || {{Pkg|9base}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1949 || {{Pkg|cinnamon-screensaver}} || 12/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1959 || {{Pkg|gnutls}} || 13/02/2014 || || || 2d<br />
|- <br />
| CVE-2014-2015 || {{Pkg|freeradius}} || 16/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1943 || {{Pkg|file}} || 10/02/2014 || || || 2d<br />
|-<br />
| CVE-2014-0001 CVE-2014-0412<br> CVE-2014-0437 CVE-2014-0420 <br> CVE-2014-0393 CVE-2014-0386 <br> CVE-2014-0401 CVE-2014-0402 || {{Pkg|mariadb}} || 13/02/2013 || || || -13d<br />
|-<br />
| CVE-2014-1447 || {{Pkg|libvirt}} || 16/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-0979 || lightdm-gtk* || 07/01/2014 || {{Bug|38715}} || || 25d<br />
|-<br />
| CVE-2014-1475 CVE-2014-1476 || {{Pkg|drupal}} || 15/01/2014 || || || 12d<br />
|-<br />
| CVE-2014-0019 || {{Pkg|socat}} || 29/01/2014 || || || 0d<br />
|- <br />
| CVE-2014-1845 CVE-2014-1846 || {{Pkg|enlightment}} || 03/02/2014 || || || -3d<br />
|-<br />
| CVE-2014-1838 CVE-2014-1839 || {{Pkg|python-logilab}} || 31/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-0368 CVE-2014-0373 <br> CVE-2014-0376 CVE-2014-0411 <br> CVE-2014-0416 CVE-2014-0422 <br> CVE-2014-0423 CVE-2014-0428 || *-openjdk-* || 15/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-1402 || {{Pkg|python-jinja}} || 10/01/2014 || || || 1d<br />
|-<br />
| CVE-2013-6462 || {{Pkg|libxfont}} || 07/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-1235 || {{Pkg|graphviz}} || 07/01/2014 || {{Bug|38441}} || || 3d<br />
|-<br />
| CVE-2014-0978 || {{Pkg|freerdp}} || 02/01/2014 || {{Bug|38802}} || || ??<br />
|-<br />
|}</div>Bwaynehttps://wiki.archlinux.org/index.php?title=CVE&diff=306221CVE2014-03-21T11:46:09Z<p>Bwayne: /* Procedure */ Added a template for new entries.</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Stub|Draft of a table conaining already corrected CVE<br />
TODO: -improve sexyness of the table <br />
- links to Mitre for CVE-id<br />
}}<br />
<br />
{{Related articles start}}<br />
{{Related | Arch_CVE_Monitoring_Team}}<br />
{{Related articles end}}<br />
This article documents [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's) that are found and fixed in Arch Linux. <br />
<br />
==Introduction==<br />
CVE's represent critical security vulnerabilities which must be addressed as quickly as possible. <br />
<br />
Once a CVE has been located and fixed, it is added to the CVE documentation table below.<br />
<br />
==Helping==<br />
This is a community driven project. Please consider joining the [[Arch_CVE_Monitoring_Team | Arch CVE Monitoring Team]]. <br />
<br />
Also, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch security mailing list]. There is an IRC on irc.freenode.net#archlinux-security.<br />
<br />
==Procedure==<br />
<br />
When adding a CVE to the table, add it to the TOP of the table. In the "CVE-id", "package/version", and "Update/bug" columns, create the entry as a hyperlink to the appropriate URL, respectively.<br />
<br />
<br />
The following template may be used to faciliate CVE entries into the table. The first line, "|-" represents the creation of a new row in the table, while the second line should be modified per CVE. <br />
{{hc|CVE Table Addition Template|<nowiki>|-<br />
| [http://link.to.cve CVE-2014-????] || {{Pkg|pkgname}} || date_public || update/bug || fixed_version || time_vulnerable || status (fixed|pending) </nowiki> }}<br />
<br />
==Documented Resolved CVE's ==<br />
<br><br />
{{Note|Refer to the [[#Procedure]] section when adding new entries.}}<br />
<br />
<br />
{| class="wikitable sortable" style="margin: 1em auto 1em auto; text-align: center;" width="50%"<br />
|height="50px" colspan="7" style="font-size: 125%;"| '''RESOLVED CVE's'''<br />
|-<br />
! scope="col" width="125px" data-sort-type="text" | CVE-id || package/version || Date public || Update/bug || Fixed version || Time vulnerable || Status<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2524 CVE-2014-2524] || {{Pkg|tigervnc}} || 19/03/2014 || - || 1.3.1 || 1d || FIXED<br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/595 CVE-2013-7338] || {{Pkg|python}} || 19/03/2014 || {{Bug|39540}} || 3.4 beta3 || 2013-12-27:? || pending 3.4 -> [extra]<br />
|-<br />
| [http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html CVE-2014-0133 ] || {{Pkg|nginx}} || 18/03/2014 || - || 1.4.7 || 0d || fixed<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2013-7336 CVE-2013-7336 ] || {{Pkg|libvirt}} || 19/09/2013 || - || libvirt-1.1.1-7.el7 || 0d || fixed<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2523 CVE-2014-2523 ] || {{Pkg|linux}} || 17/03/2014 || - || 3.13-rc5 || ? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0004 CVE-2014-0004 ] || {{Pkg|udisks2}} {{Pkg|udisks}} || 10/03/2014 || 2.1.3 1.0.5 || 2.1.3 1.0.5 || 3d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2281 CVE-2014-2281 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2283 CVE-2014-2283 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2299 CVE-2014-2299 ] || {{Pkg|wireshark}} || 10/03/2014 || 1.10.6 || 1.10.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0050 CVE-2014-0050 ] || {{Pkg|tomcat7}} || 06/02/2014 || 7.0.51 || 7.0.51 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0033 CVE-2014-0033 ] || {{Pkg|tomcat6}} || 10/01/2014 || 6.0.37 || 6.0.37 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0032 CVE-2014-0032 ] || {{Pkg|subversion}} || 10/01/2014 || 1.8.6 || 1.8.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0060 CVE-2014-0060 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0061 CVE-2014-0061 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0062 CVE-2014-0062 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0063 CVE-2014-0063 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0064 CVE-2014-0064] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0065 CVE-2014-0065] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0066 CVE-2014-0066] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0067 CVE-2014-0067] || {{Pkg|postgresql}} || 20/02/2014 || 9.3.3 || 9.33 || 0d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1912 CVE-2014-1912 ] || {{Pkg|python}} {{Pkg|python2}} || 07/02/2014 || || || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4496 CVE-2013-4496 ] || {{Pkg|samba}}|| 14/03/2014 || {{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6442 CVE-2013-6442 ] || {{Pkg|samba}} || 14/03/2014 ||{{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0504 CVE-2014-0504 ] || {{Pkg|flashplugin}} || 12/03/2014 || {{Bug|39385}} || 11.2.202.346 || 1d || fixed<br />
|-<br />
| CVE-2014-0106 || {{Pkg|sudo}}/1.8.9.p5 || || 1.8.10 || || - || pending<br />
|-<br />
| CVE-2014-2285 CVE-2014-2284 || {{Pkg|net-snmp}} || 05/03/2014 || {{Bug|39190}} || || 8d<br />
|-<br />
| CVE-2014-0092 || {{Pkg|gnutls}} || 04/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2242 CVE-2014-2243 <br> CVE-2014-2242 || {{Pkg|mediawiki}} || 14/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2096 CVE-2014-2093 || {{Pkg|catfish}} || 25/02/2014 || || || ??<br />
|-<br />
| CVE-2014-0497|| {{Pkg|flashplugin}} || 04/02/2014 || || || 1d<br />
|-<br />
| CVE-2014-0015 || {{Pkg|curl}} || 29/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-1610 || {{Pkg|mediawiki}} || 29/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-0021 || {{Pkg|chrony}} || 17/01/2014 || || || 14d<br />
|-<br />
| CVE-2014-1875 || {{Pkg|perl-capture-tiny}} || 06/02/2014 || {{Bug|38862}} || || 4d<br />
|-<br />
| CVE-2013-6493 || {{Pkg|icedtea-web-jav}} || 05/02/2014 || || || 0d<br />
|- <br />
| CVE-2014-1858 CVE-2014-1859 || {{Pkg|python-numpy}} || 06/02/2014 || {{Bug|38863}} || || 4d<br />
|-<br />
| CVE-2014-1932 CVE-2014-1933 || {{Pkg|python-pillow}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1934 || {{Pkg|python-eyed3}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1935 || {{Pkg|9base}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1949 || {{Pkg|cinnamon-screensaver}} || 12/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1959 || {{Pkg|gnutls}} || 13/02/2014 || || || 2d<br />
|- <br />
| CVE-2014-2015 || {{Pkg|freeradius}} || 16/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1943 || {{Pkg|file}} || 10/02/2014 || || || 2d<br />
|-<br />
| CVE-2014-0001 CVE-2014-0412<br> CVE-2014-0437 CVE-2014-0420 <br> CVE-2014-0393 CVE-2014-0386 <br> CVE-2014-0401 CVE-2014-0402 || {{Pkg|mariadb}} || 13/02/2013 || || || -13d<br />
|-<br />
| CVE-2014-1447 || {{Pkg|libvirt}} || 16/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-0979 || lightdm-gtk* || 07/01/2014 || {{Bug|38715}} || || 25d<br />
|-<br />
| CVE-2014-1475 CVE-2014-1476 || {{Pkg|drupal}} || 15/01/2014 || || || 12d<br />
|-<br />
| CVE-2014-0019 || {{Pkg|socat}} || 29/01/2014 || || || 0d<br />
|- <br />
| CVE-2014-1845 CVE-2014-1846 || {{Pkg|enlightment}} || 03/02/2014 || || || -3d<br />
|-<br />
| CVE-2014-1838 CVE-2014-1839 || {{Pkg|python-logilab}} || 31/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-0368 CVE-2014-0373 <br> CVE-2014-0376 CVE-2014-0411 <br> CVE-2014-0416 CVE-2014-0422 <br> CVE-2014-0423 CVE-2014-0428 || *-openjdk-* || 15/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-1402 || {{Pkg|python-jinja}} || 10/01/2014 || || || 1d<br />
|-<br />
| CVE-2013-6462 || {{Pkg|libxfont}} || 07/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-1235 || {{Pkg|graphviz}} || 07/01/2014 || {{Bug|38441}} || || 3d<br />
|-<br />
| CVE-2014-0978 || {{Pkg|freerdp}} || 02/01/2014 || {{Bug|38802}} || || ??<br />
|-<br />
|}</div>Bwaynehttps://wiki.archlinux.org/index.php?title=CVE&diff=306219CVE2014-03-21T11:26:42Z<p>Bwayne: /* Documented Resolved CVE's */ Added CVE-2014-2524 tigervnc</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Stub|Draft of a table conaining already corrected CVE<br />
TODO: -improve sexyness of the table <br />
- links to Mitre for CVE-id<br />
}}<br />
<br />
{{Related articles start}}<br />
{{Related | Arch_CVE_Monitoring_Team}}<br />
{{Related articles end}}<br />
This article documents [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's) that are found and fixed in Arch Linux. <br />
<br />
==Introduction==<br />
CVE's represent critical security vulnerabilities which must be addressed as quickly as possible. <br />
<br />
Once a CVE has been located and fixed, it is added to the CVE documentation table below.<br />
<br />
==Helping==<br />
This is a community driven project. Please consider joining the [[Arch_CVE_Monitoring_Team | Arch CVE Monitoring Team]]. <br />
<br />
Also, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch security mailing list]. There is an IRC on irc.freenode.net#archlinux-security.<br />
<br />
==Procedure==<br />
<br />
When adding a CVE to the table, add it to the TOP of the table. In the "CVE-id", "package/version", and "Update/bug" columns, create the entry as a hyperlink to the appropriate URL, respectively. <br />
<br />
==Documented Resolved CVE's ==<br />
<br><br />
{{Note|Refer to the [[#Procedure]] section when adding new entries.}}<br />
<br />
<br />
{| class="wikitable sortable" style="margin: 1em auto 1em auto; text-align: center;" width="50%"<br />
|height="50px" colspan="7" style="font-size: 125%;"| '''RESOLVED CVE's'''<br />
|-<br />
! scope="col" width="125px" data-sort-type="text" | CVE-id || package/version || Date public || Update/bug || Fixed version || Time vulnerable || Status<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2524 CVE-2014-2524] || {{Pkg|tigervnc}} || 19/03/2014 || - || 1.3.1 || 1d || FIXED<br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/595 CVE-2013-7338] || {{Pkg|python}} || 19/03/2014 || {{Bug|39540}} || 3.4 beta3 || 2013-12-27:? || pending 3.4 -> [extra]<br />
|-<br />
| [http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html CVE-2014-0133 ] || {{Pkg|nginx}} || 18/03/2014 || - || 1.4.7 || 0d || fixed<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2013-7336 CVE-2013-7336 ] || {{Pkg|libvirt}} || 19/09/2013 || - || libvirt-1.1.1-7.el7 || 0d || fixed<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2523 CVE-2014-2523 ] || {{Pkg|linux}} || 17/03/2014 || - || 3.13-rc5 || ? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0004 CVE-2014-0004 ] || {{Pkg|udisks2}} {{Pkg|udisks}} || 10/03/2014 || 2.1.3 1.0.5 || 2.1.3 1.0.5 || 3d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2281 CVE-2014-2281 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2283 CVE-2014-2283 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2299 CVE-2014-2299 ] || {{Pkg|wireshark}} || 10/03/2014 || 1.10.6 || 1.10.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0050 CVE-2014-0050 ] || {{Pkg|tomcat7}} || 06/02/2014 || 7.0.51 || 7.0.51 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0033 CVE-2014-0033 ] || {{Pkg|tomcat6}} || 10/01/2014 || 6.0.37 || 6.0.37 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0032 CVE-2014-0032 ] || {{Pkg|subversion}} || 10/01/2014 || 1.8.6 || 1.8.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0060 CVE-2014-0060 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0061 CVE-2014-0061 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0062 CVE-2014-0062 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0063 CVE-2014-0063 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0064 CVE-2014-0064] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0065 CVE-2014-0065] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0066 CVE-2014-0066] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0067 CVE-2014-0067] || {{Pkg|postgresql}} || 20/02/2014 || 9.3.3 || 9.33 || 0d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1912 CVE-2014-1912 ] || {{Pkg|python}} {{Pkg|python2}} || 07/02/2014 || || || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4496 CVE-2013-4496 ] || {{Pkg|samba}}|| 14/03/2014 || {{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6442 CVE-2013-6442 ] || {{Pkg|samba}} || 14/03/2014 ||{{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0504 CVE-2014-0504 ] || {{Pkg|flashplugin}} || 12/03/2014 || {{Bug|39385}} || 11.2.202.346 || 1d || fixed<br />
|-<br />
| CVE-2014-0106 || {{Pkg|sudo}}/1.8.9.p5 || || 1.8.10 || || - || pending<br />
|-<br />
| CVE-2014-2285 CVE-2014-2284 || {{Pkg|net-snmp}} || 05/03/2014 || {{Bug|39190}} || || 8d<br />
|-<br />
| CVE-2014-0092 || {{Pkg|gnutls}} || 04/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2242 CVE-2014-2243 <br> CVE-2014-2242 || {{Pkg|mediawiki}} || 14/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2096 CVE-2014-2093 || {{Pkg|catfish}} || 25/02/2014 || || || ??<br />
|-<br />
| CVE-2014-0497|| {{Pkg|flashplugin}} || 04/02/2014 || || || 1d<br />
|-<br />
| CVE-2014-0015 || {{Pkg|curl}} || 29/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-1610 || {{Pkg|mediawiki}} || 29/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-0021 || {{Pkg|chrony}} || 17/01/2014 || || || 14d<br />
|-<br />
| CVE-2014-1875 || {{Pkg|perl-capture-tiny}} || 06/02/2014 || {{Bug|38862}} || || 4d<br />
|-<br />
| CVE-2013-6493 || {{Pkg|icedtea-web-jav}} || 05/02/2014 || || || 0d<br />
|- <br />
| CVE-2014-1858 CVE-2014-1859 || {{Pkg|python-numpy}} || 06/02/2014 || {{Bug|38863}} || || 4d<br />
|-<br />
| CVE-2014-1932 CVE-2014-1933 || {{Pkg|python-pillow}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1934 || {{Pkg|python-eyed3}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1935 || {{Pkg|9base}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1949 || {{Pkg|cinnamon-screensaver}} || 12/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1959 || {{Pkg|gnutls}} || 13/02/2014 || || || 2d<br />
|- <br />
| CVE-2014-2015 || {{Pkg|freeradius}} || 16/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1943 || {{Pkg|file}} || 10/02/2014 || || || 2d<br />
|-<br />
| CVE-2014-0001 CVE-2014-0412<br> CVE-2014-0437 CVE-2014-0420 <br> CVE-2014-0393 CVE-2014-0386 <br> CVE-2014-0401 CVE-2014-0402 || {{Pkg|mariadb}} || 13/02/2013 || || || -13d<br />
|-<br />
| CVE-2014-1447 || {{Pkg|libvirt}} || 16/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-0979 || lightdm-gtk* || 07/01/2014 || {{Bug|38715}} || || 25d<br />
|-<br />
| CVE-2014-1475 CVE-2014-1476 || {{Pkg|drupal}} || 15/01/2014 || || || 12d<br />
|-<br />
| CVE-2014-0019 || {{Pkg|socat}} || 29/01/2014 || || || 0d<br />
|- <br />
| CVE-2014-1845 CVE-2014-1846 || {{Pkg|enlightment}} || 03/02/2014 || || || -3d<br />
|-<br />
| CVE-2014-1838 CVE-2014-1839 || {{Pkg|python-logilab}} || 31/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-0368 CVE-2014-0373 <br> CVE-2014-0376 CVE-2014-0411 <br> CVE-2014-0416 CVE-2014-0422 <br> CVE-2014-0423 CVE-2014-0428 || *-openjdk-* || 15/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-1402 || {{Pkg|python-jinja}} || 10/01/2014 || || || 1d<br />
|-<br />
| CVE-2013-6462 || {{Pkg|libxfont}} || 07/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-1235 || {{Pkg|graphviz}} || 07/01/2014 || {{Bug|38441}} || || 3d<br />
|-<br />
| CVE-2014-0978 || {{Pkg|freerdp}} || 02/01/2014 || {{Bug|38802}} || || ??<br />
|-<br />
|}</div>Bwaynehttps://wiki.archlinux.org/index.php?title=CVE&diff=305621CVE2014-03-19T16:23:42Z<p>Bwayne: /* Documented Resolved CVE's */</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Stub|Draft of a table conaining already corrected CVE<br />
TODO: -improve sexyness of the table <br />
- links to Mitre for CVE-id<br />
}}<br />
<br />
{{Related articles start}}<br />
{{Related | Arch_CVE_Monitoring_Team}}<br />
{{Related articles end}}<br />
This article documents [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's) that are found and fixed in Arch Linux. <br />
<br />
==Introduction==<br />
CVE's represent critical security vulnerabilities which must be addressed as quickly as possible. <br />
<br />
Once a CVE has been located and fixed, it is added to the CVE documentation table below.<br />
<br />
==Helping==<br />
This is a community driven project. Please consider joining the [[Arch_CVE_Monitoring_Team | Arch CVE Monitoring Team]]. <br />
<br />
Also, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch security mailing list]. There is an IRC on irc.freenode.net#archlinux-security.<br />
<br />
==Procedure==<br />
<br />
When adding a CVE to the table, add it to the TOP of the table. In the "CVE-id", "package/version", and "Update/bug" columns, create the entry as a hyperlink to the appropriate URL, respectively. <br />
<br />
==Documented Resolved CVE's ==<br />
<br><br />
{{Note|Refer to the [[#Procedure]] section when adding new entries.}}<br />
<br />
<br />
{| class="wikitable sortable" style="margin: 1em auto 1em auto; text-align: center;" width="50%"<br />
|height="50px" colspan="7" style="font-size: 125%;"| '''RESOLVED CVE's'''<br />
|-<br />
! scope="col" width="125px" data-sort-type="text" | CVE-id <br />
! package/version <br />
! data-sort-type="date"| Date public <br />
! Update/bug <br />
! Fixed version<br />
! Time vulnerable<br />
! Status<br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/595 CVE-2013-7338] || {{Pkg|python}} || 19/03/2014 || {{Bug|39540}} || 3.4 beta3 || 2013-12-27:? || pending 3.4 -> [extra]<br />
|-<br />
| [http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html CVE-2014-0133 ] || {{Pkg|nginx}} || 18/03/2014 || - || 1.4.7 || 0d || fixed<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2013-7336 CVE-2013-7336 ] || {{Pkg|libvirt}} || 19/09/2013 || - || libvirt-1.1.1-7.el7 || 0d || fixed<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2523 CVE-2014-2523 ] || {{Pkg|linux}} || 17/03/2014 || - || 3.13-rc5 || ? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0004 CVE-2014-0004 ] || {{Pkg|udisks2}} {{Pkg|udisks}} || 10/03/2014 || 2.1.3 1.0.5 || 2.1.3 1.0.5 || 3d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2281 CVE-2014-2281 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2283 CVE-2014-2283 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2299 CVE-2014-2299 ] || {{Pkg|wireshark}} || 10/03/2014 || 1.10.6 || 1.10.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0050 CVE-2014-0050 ] || {{Pkg|tomcat7}} || 06/02/2014 || 7.0.51 || 7.0.51 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0033 CVE-2014-0033 ] || {{Pkg|tomcat6}} || 10/01/2014 || 6.0.37 || 6.0.37 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0032 CVE-2014-0032 ] || {{Pkg|subversion}} || 10/01/2014 || 1.8.6 || 1.8.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0060 CVE-2014-0060 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0061 CVE-2014-0061 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0062 CVE-2014-0062 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0063 CVE-2014-0063 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0064 CVE-2014-0064] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0065 CVE-2014-0065] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0066 CVE-2014-0066] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0067 CVE-2014-0067] || {{Pkg|postgresql}} || 20/02/2014 || 9.3.3 || 9.33 || 0d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1912 CVE-2014-1912 ] || {{Pkg|python}} {{Pkg|python2}} || 07/02/2014 || || || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4496 CVE-2013-4496 ] || {{Pkg|samba}}|| 14/03/2014 || {{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6442 CVE-2013-6442 ] || {{Pkg|samba}} || 14/03/2014 ||{{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0504 CVE-2014-0504 ] || {{Pkg|flashplugin}} || 12/03/2014 || {{Bug|39385}} || 11.2.202.346 || 1d || fixed<br />
|-<br />
| CVE-2014-0106 || {{Pkg|sudo}}/1.8.9.p5 || || 1.8.10 || || - || pending<br />
|-<br />
| CVE-2014-2285 CVE-2014-2284 || {{Pkg|net-snmp}} || 05/03/2014 || {{Bug|39190}} || || 8d<br />
|-<br />
| CVE-2014-0092 || {{Pkg|gnutls}} || 04/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2242 CVE-2014-2243 <br> CVE-2014-2242 || {{Pkg|mediawiki}} || 14/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2096 CVE-2014-2093 || {{Pkg|catfish}} || 25/02/2014 || || || ??<br />
|-<br />
| CVE-2014-0497|| {{Pkg|flashplugin}} || 04/02/2014 || || || 1d<br />
|-<br />
| CVE-2014-0015 || {{Pkg|curl}} || 29/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-1610 || {{Pkg|mediawiki}} || 29/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-0021 || {{Pkg|chrony}} || 17/01/2014 || || || 14d<br />
|-<br />
| CVE-2014-1875 || {{Pkg|perl-capture-tiny}} || 06/02/2014 || {{Bug|38862}} || || 4d<br />
|-<br />
| CVE-2013-6493 || {{Pkg|icedtea-web-jav}} || 05/02/2014 || || || 0d<br />
|- <br />
| CVE-2014-1858 CVE-2014-1859 || {{Pkg|python-numpy}} || 06/02/2014 || {{Bug|38863}} || || 4d<br />
|-<br />
| CVE-2014-1932 CVE-2014-1933 || {{Pkg|python-pillow}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1934 || {{Pkg|python-eyed3}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1935 || {{Pkg|9base}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1949 || {{Pkg|cinnamon-screensaver}} || 12/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1959 || {{Pkg|gnutls}} || 13/02/2014 || || || 2d<br />
|- <br />
| CVE-2014-2015 || {{Pkg|freeradius}} || 16/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1943 || {{Pkg|file}} || 10/02/2014 || || || 2d<br />
|-<br />
| CVE-2014-0001 CVE-2014-0412<br> CVE-2014-0437 CVE-2014-0420 <br> CVE-2014-0393 CVE-2014-0386 <br> CVE-2014-0401 CVE-2014-0402 || {{Pkg|mariadb}} || 13/02/2013 || || || -13d<br />
|-<br />
| CVE-2014-1447 || {{Pkg|libvirt}} || 16/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-0979 || lightdm-gtk* || 07/01/2014 || {{Bug|38715}} || || 25d<br />
|-<br />
| CVE-2014-1475 CVE-2014-1476 || {{Pkg|drupal}} || 15/01/2014 || || || 12d<br />
|-<br />
| CVE-2014-0019 || {{Pkg|socat}} || 29/01/2014 || || || 0d<br />
|- <br />
| CVE-2014-1845 CVE-2014-1846 || {{Pkg|enlightment}} || 03/02/2014 || || || -3d<br />
|-<br />
| CVE-2014-1838 CVE-2014-1839 || {{Pkg|python-logilab}} || 31/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-0368 CVE-2014-0373 <br> CVE-2014-0376 CVE-2014-0411 <br> CVE-2014-0416 CVE-2014-0422 <br> CVE-2014-0423 CVE-2014-0428 || *-openjdk-* || 15/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-1402 || {{Pkg|python-jinja}} || 10/01/2014 || || || 1d<br />
|-<br />
| CVE-2013-6462 || {{Pkg|libxfont}} || 07/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-1235 || {{Pkg|graphviz}} || 07/01/2014 || {{Bug|38441}} || || 3d<br />
|-<br />
| CVE-2014-0978 || {{Pkg|freerdp}} || 02/01/2014 || {{Bug|38802}} || || ??<br />
|-<br />
|}</div>Bwaynehttps://wiki.archlinux.org/index.php?title=CVE&diff=305620CVE2014-03-19T16:17:23Z<p>Bwayne: /* Documented Resolved CVE's */</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Stub|Draft of a table conaining already corrected CVE<br />
TODO: -improve sexyness of the table <br />
- links to Mitre for CVE-id<br />
}}<br />
<br />
{{Related articles start}}<br />
{{Related | Arch_CVE_Monitoring_Team}}<br />
{{Related articles end}}<br />
This article documents [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's) that are found and fixed in Arch Linux. <br />
<br />
==Introduction==<br />
CVE's represent critical security vulnerabilities which must be addressed as quickly as possible. <br />
<br />
Once a CVE has been located and fixed, it is added to the CVE documentation table below.<br />
<br />
==Helping==<br />
This is a community driven project. Please consider joining the [[Arch_CVE_Monitoring_Team | Arch CVE Monitoring Team]]. <br />
<br />
Also, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch security mailing list]. There is an IRC on irc.freenode.net#archlinux-security.<br />
<br />
==Procedure==<br />
<br />
When adding a CVE to the table, add it to the TOP of the table. In the "CVE-id", "package/version", and "Update/bug" columns, create the entry as a hyperlink to the appropriate URL, respectively. <br />
<br />
==Documented Resolved CVE's ==<br />
<br><br />
{{Note|Refer to the [[#Procedure]] section when adding new entries.}}<br />
<br />
<br />
{| class="wikitable sortable" style="margin: 1em auto 1em auto; text-align: center;" width="50%"<br />
|height="50px" colspan="7" style="font-size: 125%;"| '''RESOLVED CVE's'''<br />
|-<br />
! scope="col" width="125px" data-sort-type="text" | CVE-id <br />
! package/version <br />
! data-sort-type="date"| Date public <br />
! Update/bug <br />
! Fixed version<br />
! Time vulnerable<br />
! Status<br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/595 CVE-2013-7338] || {{Pkg|python}} || 19/02/2014 || {{Bug|39540}} || 3.4 beta3 || 2013-12-27:? || pending 3.4 -> [extra]<br />
|-<br />
| [http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html CVE-2014-0133 ] || {{Pkg|nginx}} || 18/03/2014 || - || 1.4.7 || 0d || fixed<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2013-7336 CVE-2013-7336 ] || {{Pkg|libvirt}} || 19/09/2013 || - || libvirt-1.1.1-7.el7 || 0d || fixed<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2523 CVE-2014-2523 ] || {{Pkg|linux}} || 17/03/2014 || - || 3.13-rc5 || ? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0004 CVE-2014-0004 ] || {{Pkg|udisks2}} {{Pkg|udisks}} || 10/03/2014 || 2.1.3 1.0.5 || 2.1.3 1.0.5 || 3d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2281 CVE-2014-2281 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2283 CVE-2014-2283 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2299 CVE-2014-2299 ] || {{Pkg|wireshark}} || 10/03/2014 || 1.10.6 || 1.10.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0050 CVE-2014-0050 ] || {{Pkg|tomcat7}} || 06/02/2014 || 7.0.51 || 7.0.51 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0033 CVE-2014-0033 ] || {{Pkg|tomcat6}} || 10/01/2014 || 6.0.37 || 6.0.37 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0032 CVE-2014-0032 ] || {{Pkg|subversion}} || 10/01/2014 || 1.8.6 || 1.8.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0060 CVE-2014-0060 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0061 CVE-2014-0061 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0062 CVE-2014-0062 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0063 CVE-2014-0063 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0064 CVE-2014-0064] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0065 CVE-2014-0065] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0066 CVE-2014-0066] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0067 CVE-2014-0067] || {{Pkg|postgresql}} || 20/02/2014 || 9.3.3 || 9.33 || 0d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1912 CVE-2014-1912 ] || {{Pkg|python}} {{Pkg|python2}} || 07/02/2014 || || || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4496 CVE-2013-4496 ] || {{Pkg|samba}}|| 14/03/2014 || {{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6442 CVE-2013-6442 ] || {{Pkg|samba}} || 14/03/2014 ||{{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0504 CVE-2014-0504 ] || {{Pkg|flashplugin}} || 12/03/2014 || {{Bug|39385}} || 11.2.202.346 || 1d || fixed<br />
|-<br />
| CVE-2014-0106 || {{Pkg|sudo}}/1.8.9.p5 || || 1.8.10 || || - || pending<br />
|-<br />
| CVE-2014-2285 CVE-2014-2284 || {{Pkg|net-snmp}} || 05/03/2014 || {{Bug|39190}} || || 8d<br />
|-<br />
| CVE-2014-0092 || {{Pkg|gnutls}} || 04/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2242 CVE-2014-2243 <br> CVE-2014-2242 || {{Pkg|mediawiki}} || 14/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2096 CVE-2014-2093 || {{Pkg|catfish}} || 25/02/2014 || || || ??<br />
|-<br />
| CVE-2014-0497|| {{Pkg|flashplugin}} || 04/02/2014 || || || 1d<br />
|-<br />
| CVE-2014-0015 || {{Pkg|curl}} || 29/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-1610 || {{Pkg|mediawiki}} || 29/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-0021 || {{Pkg|chrony}} || 17/01/2014 || || || 14d<br />
|-<br />
| CVE-2014-1875 || {{Pkg|perl-capture-tiny}} || 06/02/2014 || {{Bug|38862}} || || 4d<br />
|-<br />
| CVE-2013-6493 || {{Pkg|icedtea-web-jav}} || 05/02/2014 || || || 0d<br />
|- <br />
| CVE-2014-1858 CVE-2014-1859 || {{Pkg|python-numpy}} || 06/02/2014 || {{Bug|38863}} || || 4d<br />
|-<br />
| CVE-2014-1932 CVE-2014-1933 || {{Pkg|python-pillow}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1934 || {{Pkg|python-eyed3}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1935 || {{Pkg|9base}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1949 || {{Pkg|cinnamon-screensaver}} || 12/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1959 || {{Pkg|gnutls}} || 13/02/2014 || || || 2d<br />
|- <br />
| CVE-2014-2015 || {{Pkg|freeradius}} || 16/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1943 || {{Pkg|file}} || 10/02/2014 || || || 2d<br />
|-<br />
| CVE-2014-0001 CVE-2014-0412<br> CVE-2014-0437 CVE-2014-0420 <br> CVE-2014-0393 CVE-2014-0386 <br> CVE-2014-0401 CVE-2014-0402 || {{Pkg|mariadb}} || 13/02/2013 || || || -13d<br />
|-<br />
| CVE-2014-1447 || {{Pkg|libvirt}} || 16/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-0979 || lightdm-gtk* || 07/01/2014 || {{Bug|38715}} || || 25d<br />
|-<br />
| CVE-2014-1475 CVE-2014-1476 || {{Pkg|drupal}} || 15/01/2014 || || || 12d<br />
|-<br />
| CVE-2014-0019 || {{Pkg|socat}} || 29/01/2014 || || || 0d<br />
|- <br />
| CVE-2014-1845 CVE-2014-1846 || {{Pkg|enlightment}} || 03/02/2014 || || || -3d<br />
|-<br />
| CVE-2014-1838 CVE-2014-1839 || {{Pkg|python-logilab}} || 31/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-0368 CVE-2014-0373 <br> CVE-2014-0376 CVE-2014-0411 <br> CVE-2014-0416 CVE-2014-0422 <br> CVE-2014-0423 CVE-2014-0428 || *-openjdk-* || 15/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-1402 || {{Pkg|python-jinja}} || 10/01/2014 || || || 1d<br />
|-<br />
| CVE-2013-6462 || {{Pkg|libxfont}} || 07/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-1235 || {{Pkg|graphviz}} || 07/01/2014 || {{Bug|38441}} || || 3d<br />
|-<br />
| CVE-2014-0978 || {{Pkg|freerdp}} || 02/01/2014 || {{Bug|38802}} || || ??<br />
|-<br />
|}</div>Bwaynehttps://wiki.archlinux.org/index.php?title=CVE&diff=305619CVE2014-03-19T16:16:51Z<p>Bwayne: /* Documented Resolved CVE's */</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Stub|Draft of a table conaining already corrected CVE<br />
TODO: -improve sexyness of the table <br />
- links to Mitre for CVE-id<br />
}}<br />
<br />
{{Related articles start}}<br />
{{Related | Arch_CVE_Monitoring_Team}}<br />
{{Related articles end}}<br />
This article documents [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's) that are found and fixed in Arch Linux. <br />
<br />
==Introduction==<br />
CVE's represent critical security vulnerabilities which must be addressed as quickly as possible. <br />
<br />
Once a CVE has been located and fixed, it is added to the CVE documentation table below.<br />
<br />
==Helping==<br />
This is a community driven project. Please consider joining the [[Arch_CVE_Monitoring_Team | Arch CVE Monitoring Team]]. <br />
<br />
Also, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch security mailing list]. There is an IRC on irc.freenode.net#archlinux-security.<br />
<br />
==Procedure==<br />
<br />
When adding a CVE to the table, add it to the TOP of the table. In the "CVE-id", "package/version", and "Update/bug" columns, create the entry as a hyperlink to the appropriate URL, respectively. <br />
<br />
==Documented Resolved CVE's ==<br />
<br><br />
{{Note|Refer to the [[#Procedure]] section when adding new entries.}}<br />
<br />
<br />
{| class="wikitable sortable" style="margin: 1em auto 1em auto; text-align: center;" width="50%"<br />
|height="50px" colspan="7" style="font-size: 125%;"| '''RESOLVED CVE's'''<br />
|-<br />
! scope="col" width="125px" data-sort-type="text" | CVE-id <br />
! package/version <br />
! data-sort-type="date"| Date public <br />
! Update/bug <br />
! Fixed version<br />
! Time vulnerable<br />
! Status<br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/595 CVE-2013-7338] || {{Pkg|python}} || 19/02/2014 || {{Bug|39540}} || 3.{3,4} || 2013-12-27:? || pending 3.4 -> [extra]<br />
|-<br />
| [http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html CVE-2014-0133 ] || {{Pkg|nginx}} || 18/03/2014 || - || 1.4.7 || 0d || fixed<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2013-7336 CVE-2013-7336 ] || {{Pkg|libvirt}} || 19/09/2013 || - || libvirt-1.1.1-7.el7 || 0d || fixed<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2523 CVE-2014-2523 ] || {{Pkg|linux}} || 17/03/2014 || - || 3.13-rc5 || ? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0004 CVE-2014-0004 ] || {{Pkg|udisks2}} {{Pkg|udisks}} || 10/03/2014 || 2.1.3 1.0.5 || 2.1.3 1.0.5 || 3d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2281 CVE-2014-2281 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2283 CVE-2014-2283 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2299 CVE-2014-2299 ] || {{Pkg|wireshark}} || 10/03/2014 || 1.10.6 || 1.10.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0050 CVE-2014-0050 ] || {{Pkg|tomcat7}} || 06/02/2014 || 7.0.51 || 7.0.51 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0033 CVE-2014-0033 ] || {{Pkg|tomcat6}} || 10/01/2014 || 6.0.37 || 6.0.37 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0032 CVE-2014-0032 ] || {{Pkg|subversion}} || 10/01/2014 || 1.8.6 || 1.8.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0060 CVE-2014-0060 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0061 CVE-2014-0061 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0062 CVE-2014-0062 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0063 CVE-2014-0063 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0064 CVE-2014-0064] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0065 CVE-2014-0065] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0066 CVE-2014-0066] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0067 CVE-2014-0067] || {{Pkg|postgresql}} || 20/02/2014 || 9.3.3 || 9.33 || 0d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1912 CVE-2014-1912 ] || {{Pkg|python}} {{Pkg|python2}} || 07/02/2014 || || || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4496 CVE-2013-4496 ] || {{Pkg|samba}}|| 14/03/2014 || {{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6442 CVE-2013-6442 ] || {{Pkg|samba}} || 14/03/2014 ||{{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0504 CVE-2014-0504 ] || {{Pkg|flashplugin}} || 12/03/2014 || {{Bug|39385}} || 11.2.202.346 || 1d || fixed<br />
|-<br />
| CVE-2014-0106 || {{Pkg|sudo}}/1.8.9.p5 || || 1.8.10 || || - || pending<br />
|-<br />
| CVE-2014-2285 CVE-2014-2284 || {{Pkg|net-snmp}} || 05/03/2014 || {{Bug|39190}} || || 8d<br />
|-<br />
| CVE-2014-0092 || {{Pkg|gnutls}} || 04/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2242 CVE-2014-2243 <br> CVE-2014-2242 || {{Pkg|mediawiki}} || 14/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2096 CVE-2014-2093 || {{Pkg|catfish}} || 25/02/2014 || || || ??<br />
|-<br />
| CVE-2014-0497|| {{Pkg|flashplugin}} || 04/02/2014 || || || 1d<br />
|-<br />
| CVE-2014-0015 || {{Pkg|curl}} || 29/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-1610 || {{Pkg|mediawiki}} || 29/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-0021 || {{Pkg|chrony}} || 17/01/2014 || || || 14d<br />
|-<br />
| CVE-2014-1875 || {{Pkg|perl-capture-tiny}} || 06/02/2014 || {{Bug|38862}} || || 4d<br />
|-<br />
| CVE-2013-6493 || {{Pkg|icedtea-web-jav}} || 05/02/2014 || || || 0d<br />
|- <br />
| CVE-2014-1858 CVE-2014-1859 || {{Pkg|python-numpy}} || 06/02/2014 || {{Bug|38863}} || || 4d<br />
|-<br />
| CVE-2014-1932 CVE-2014-1933 || {{Pkg|python-pillow}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1934 || {{Pkg|python-eyed3}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1935 || {{Pkg|9base}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1949 || {{Pkg|cinnamon-screensaver}} || 12/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1959 || {{Pkg|gnutls}} || 13/02/2014 || || || 2d<br />
|- <br />
| CVE-2014-2015 || {{Pkg|freeradius}} || 16/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1943 || {{Pkg|file}} || 10/02/2014 || || || 2d<br />
|-<br />
| CVE-2014-0001 CVE-2014-0412<br> CVE-2014-0437 CVE-2014-0420 <br> CVE-2014-0393 CVE-2014-0386 <br> CVE-2014-0401 CVE-2014-0402 || {{Pkg|mariadb}} || 13/02/2013 || || || -13d<br />
|-<br />
| CVE-2014-1447 || {{Pkg|libvirt}} || 16/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-0979 || lightdm-gtk* || 07/01/2014 || {{Bug|38715}} || || 25d<br />
|-<br />
| CVE-2014-1475 CVE-2014-1476 || {{Pkg|drupal}} || 15/01/2014 || || || 12d<br />
|-<br />
| CVE-2014-0019 || {{Pkg|socat}} || 29/01/2014 || || || 0d<br />
|- <br />
| CVE-2014-1845 CVE-2014-1846 || {{Pkg|enlightment}} || 03/02/2014 || || || -3d<br />
|-<br />
| CVE-2014-1838 CVE-2014-1839 || {{Pkg|python-logilab}} || 31/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-0368 CVE-2014-0373 <br> CVE-2014-0376 CVE-2014-0411 <br> CVE-2014-0416 CVE-2014-0422 <br> CVE-2014-0423 CVE-2014-0428 || *-openjdk-* || 15/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-1402 || {{Pkg|python-jinja}} || 10/01/2014 || || || 1d<br />
|-<br />
| CVE-2013-6462 || {{Pkg|libxfont}} || 07/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-1235 || {{Pkg|graphviz}} || 07/01/2014 || {{Bug|38441}} || || 3d<br />
|-<br />
| CVE-2014-0978 || {{Pkg|freerdp}} || 02/01/2014 || {{Bug|38802}} || || ??<br />
|-<br />
|}</div>Bwaynehttps://wiki.archlinux.org/index.php?title=CVE&diff=305616CVE2014-03-19T16:04:18Z<p>Bwayne: /* Documented Resolved CVE's */</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Stub|Draft of a table conaining already corrected CVE<br />
TODO: -improve sexyness of the table <br />
- links to Mitre for CVE-id<br />
}}<br />
<br />
{{Related articles start}}<br />
{{Related | Arch_CVE_Monitoring_Team}}<br />
{{Related articles end}}<br />
This article documents [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's) that are found and fixed in Arch Linux. <br />
<br />
==Introduction==<br />
CVE's represent critical security vulnerabilities which must be addressed as quickly as possible. <br />
<br />
Once a CVE has been located and fixed, it is added to the CVE documentation table below.<br />
<br />
==Helping==<br />
This is a community driven project. Please consider joining the [[Arch_CVE_Monitoring_Team | Arch CVE Monitoring Team]]. <br />
<br />
Also, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch security mailing list]. There is an IRC on irc.freenode.net#archlinux-security.<br />
<br />
==Procedure==<br />
<br />
When adding a CVE to the table, add it to the TOP of the table. In the "CVE-id", "package/version", and "Update/bug" columns, create the entry as a hyperlink to the appropriate URL, respectively. <br />
<br />
==Documented Resolved CVE's ==<br />
<br><br />
{{Note|Refer to the [[#Procedure]] section when adding new entries.}}<br />
<br />
<br />
{| class="wikitable sortable" style="margin: 1em auto 1em auto; text-align: center;" width="50%"<br />
|height="50px" colspan="7" style="font-size: 125%;"| '''RESOLVED CVE's'''<br />
|-<br />
! scope="col" width="125px" data-sort-type="text" | CVE-id <br />
! package/version <br />
! data-sort-type="date"| Date public <br />
! Update/bug <br />
! Fixed version<br />
! Time vulnerable<br />
! Status<br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/595 CVE-2013-7338] || {{Pkg|python}} || 19/02/2014 || {{Bug|39540}} || 3.{3,4} || awaiting closure || pending<br />
|-<br />
| [http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html CVE-2014-0133 ] || {{Pkg|nginx}} || 18/03/2014 || - || 1.4.7 || 0d || fixed<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2013-7336 CVE-2013-7336 ] || {{Pkg|libvirt}} || 19/09/2013 || - || libvirt-1.1.1-7.el7 || 0d || fixed<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2523 CVE-2014-2523 ] || {{Pkg|linux}} || 17/03/2014 || - || 3.13-rc5 || ? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0004 CVE-2014-0004 ] || {{Pkg|udisks2}} {{Pkg|udisks}} || 10/03/2014 || 2.1.3 1.0.5 || 2.1.3 1.0.5 || 3d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2281 CVE-2014-2281 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2283 CVE-2014-2283 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2299 CVE-2014-2299 ] || {{Pkg|wireshark}} || 10/03/2014 || 1.10.6 || 1.10.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0050 CVE-2014-0050 ] || {{Pkg|tomcat7}} || 06/02/2014 || 7.0.51 || 7.0.51 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0033 CVE-2014-0033 ] || {{Pkg|tomcat6}} || 10/01/2014 || 6.0.37 || 6.0.37 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0032 CVE-2014-0032 ] || {{Pkg|subversion}} || 10/01/2014 || 1.8.6 || 1.8.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0060 CVE-2014-0060 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0061 CVE-2014-0061 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0062 CVE-2014-0062 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0063 CVE-2014-0063 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0064 CVE-2014-0064] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0065 CVE-2014-0065] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0066 CVE-2014-0066] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0067 CVE-2014-0067] || {{Pkg|postgresql}} || 20/02/2014 || 9.3.3 || 9.33 || 0d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1912 CVE-2014-1912 ] || {{Pkg|python}} {{Pkg|python2}} || 07/02/2014 || || || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4496 CVE-2013-4496 ] || {{Pkg|samba}}|| 14/03/2014 || {{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6442 CVE-2013-6442 ] || {{Pkg|samba}} || 14/03/2014 ||{{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0504 CVE-2014-0504 ] || {{Pkg|flashplugin}} || 12/03/2014 || {{Bug|39385}} || 11.2.202.346 || 1d || fixed<br />
|-<br />
| CVE-2014-0106 || {{Pkg|sudo}}/1.8.9.p5 || || 1.8.10 || || - || pending<br />
|-<br />
| CVE-2014-2285 CVE-2014-2284 || {{Pkg|net-snmp}} || 05/03/2014 || {{Bug|39190}} || || 8d<br />
|-<br />
| CVE-2014-0092 || {{Pkg|gnutls}} || 04/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2242 CVE-2014-2243 <br> CVE-2014-2242 || {{Pkg|mediawiki}} || 14/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2096 CVE-2014-2093 || {{Pkg|catfish}} || 25/02/2014 || || || ??<br />
|-<br />
| CVE-2014-0497|| {{Pkg|flashplugin}} || 04/02/2014 || || || 1d<br />
|-<br />
| CVE-2014-0015 || {{Pkg|curl}} || 29/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-1610 || {{Pkg|mediawiki}} || 29/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-0021 || {{Pkg|chrony}} || 17/01/2014 || || || 14d<br />
|-<br />
| CVE-2014-1875 || {{Pkg|perl-capture-tiny}} || 06/02/2014 || {{Bug|38862}} || || 4d<br />
|-<br />
| CVE-2013-6493 || {{Pkg|icedtea-web-jav}} || 05/02/2014 || || || 0d<br />
|- <br />
| CVE-2014-1858 CVE-2014-1859 || {{Pkg|python-numpy}} || 06/02/2014 || {{Bug|38863}} || || 4d<br />
|-<br />
| CVE-2014-1932 CVE-2014-1933 || {{Pkg|python-pillow}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1934 || {{Pkg|python-eyed3}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1935 || {{Pkg|9base}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1949 || {{Pkg|cinnamon-screensaver}} || 12/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1959 || {{Pkg|gnutls}} || 13/02/2014 || || || 2d<br />
|- <br />
| CVE-2014-2015 || {{Pkg|freeradius}} || 16/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1943 || {{Pkg|file}} || 10/02/2014 || || || 2d<br />
|-<br />
| CVE-2014-0001 CVE-2014-0412<br> CVE-2014-0437 CVE-2014-0420 <br> CVE-2014-0393 CVE-2014-0386 <br> CVE-2014-0401 CVE-2014-0402 || {{Pkg|mariadb}} || 13/02/2013 || || || -13d<br />
|-<br />
| CVE-2014-1447 || {{Pkg|libvirt}} || 16/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-0979 || lightdm-gtk* || 07/01/2014 || {{Bug|38715}} || || 25d<br />
|-<br />
| CVE-2014-1475 CVE-2014-1476 || {{Pkg|drupal}} || 15/01/2014 || || || 12d<br />
|-<br />
| CVE-2014-0019 || {{Pkg|socat}} || 29/01/2014 || || || 0d<br />
|- <br />
| CVE-2014-1845 CVE-2014-1846 || {{Pkg|enlightment}} || 03/02/2014 || || || -3d<br />
|-<br />
| CVE-2014-1838 CVE-2014-1839 || {{Pkg|python-logilab}} || 31/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-0368 CVE-2014-0373 <br> CVE-2014-0376 CVE-2014-0411 <br> CVE-2014-0416 CVE-2014-0422 <br> CVE-2014-0423 CVE-2014-0428 || *-openjdk-* || 15/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-1402 || {{Pkg|python-jinja}} || 10/01/2014 || || || 1d<br />
|-<br />
| CVE-2013-6462 || {{Pkg|libxfont}} || 07/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-1235 || {{Pkg|graphviz}} || 07/01/2014 || {{Bug|38441}} || || 3d<br />
|-<br />
| CVE-2014-0978 || {{Pkg|freerdp}} || 02/01/2014 || {{Bug|38802}} || || ??<br />
|-<br />
|}</div>Bwaynehttps://wiki.archlinux.org/index.php?title=CVE&diff=305531CVE2014-03-18T22:09:21Z<p>Bwayne: /* Documented Resolved CVE's */</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Stub|Draft of a table conaining already corrected CVE<br />
TODO: -improve sexyness of the table <br />
- links to Mitre for CVE-id<br />
}}<br />
<br />
{{Related articles start}}<br />
{{Related | Arch_CVE_Monitoring_Team}}<br />
{{Related articles end}}<br />
This article documents [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's) that are found and fixed in Arch Linux. <br />
<br />
==Introduction==<br />
CVE's represent critical security vulnerabilities which must be addressed as quickly as possible. <br />
<br />
Once a CVE has been located and fixed, it is added to the CVE documentation table below.<br />
<br />
==Helping==<br />
This is a community driven project. Please consider joining the [[Arch_CVE_Monitoring_Team | Arch CVE Monitoring Team]]. <br />
<br />
Also, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch security mailing list]. There is an IRC on irc.freenode.net#archlinux-security.<br />
<br />
==Procedure==<br />
<br />
When adding a CVE to the table, add it to the TOP of the table. In the "CVE-id", "package/version", and "Update/bug" columns, create the entry as a hyperlink to the appropriate URL, respectively. <br />
<br />
==Documented Resolved CVE's ==<br />
<br><br />
{{Note|Refer to the [[#Procedure]] section when adding new entries.}}<br />
<br />
<br />
{| class="wikitable sortable" style="margin: 1em auto 1em auto; text-align: center;" width="50%"<br />
|height="50px" colspan="7" style="font-size: 125%;"| '''RESOLVED CVE's'''<br />
|-<br />
! scope="col" width="125px" data-sort-type="text" | CVE-id <br />
! package/version <br />
! data-sort-type="date"| Date public <br />
! Update/bug <br />
! Fixed version<br />
! Time vulnerable<br />
! Status<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2013-7336 CVE-2013-7336 ] || {{Pkg|libvirt}} || 19/09/2013 || - || libvirt-1.1.1-7.el7 || 0d || fixed<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2523 CVE-2014-2523 ] || {{Pkg|linux}} || 17/03/2014 || - || 3.13-rc5 || ? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0004 CVE-2014-0004 ] || {{Pkg|udisks2}} {{Pkg|udisks}} || 10/03/2014 || 2.1.3 1.0.5 || 2.1.3 1.0.5 || 3d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2281 CVE-2014-2281 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2283 CVE-2014-2283 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2299 CVE-2014-2299 ] || {{Pkg|wireshark}} || 10/03/2014 || 1.10.6 || 1.10.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0050 CVE-2014-0050 ] || {{Pkg|tomcat7}} || 06/02/2014 || 7.0.51 || 7.0.51 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0033 CVE-2014-0033 ] || {{Pkg|tomcat6}} || 10/01/2014 || 6.0.37 || 6.0.37 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0032 CVE-2014-0032 ] || {{Pkg|subversion}} || 10/01/2014 || 1.8.6 || 1.8.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0060 CVE-2014-0060 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0061 CVE-2014-0061 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0062 CVE-2014-0062 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0063 CVE-2014-0063 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0064 CVE-2014-0064] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0065 CVE-2014-0065] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0066 CVE-2014-0066] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0067 CVE-2014-0067] || {{Pkg|postgresql}} || 20/02/2014 || 9.3.3 || 9.33 || 0d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1912 CVE-2014-1912 ] || {{Pkg|python}} {{Pkg|python2}} || 07/02/2014 || || || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4496 CVE-2013-4496 ] || {{Pkg|samba}}|| 14/03/2014 || {{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6442 CVE-2013-6442 ] || {{Pkg|samba}} || 14/03/2014 ||{{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0504 CVE-2014-0504 ] || {{Pkg|flashplugin}} || 12/03/2014 || {{Bug|39385}} || 11.2.202.346 || 1d || fixed<br />
|-<br />
| CVE-2014-0106 || {{Pkg|sudo}}/1.8.9.p5 || || 1.8.10 || || - || pending<br />
|-<br />
| CVE-2014-2285 CVE-2014-2284 || {{Pkg|net-snmp}} || 05/03/2014 || {{Bug|39190}} || || 8d<br />
|-<br />
| CVE-2014-0092 || {{Pkg|gnutls}} || 04/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2242 CVE-2014-2243 <br> CVE-2014-2242 || {{Pkg|mediawiki}} || 14/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2096 CVE-2014-2093 || {{Pkg|catfish}} || 25/02/2014 || || || ??<br />
|-<br />
| CVE-2014-0497|| {{Pkg|flashplugin}} || 04/02/2014 || || || 1d<br />
|-<br />
| CVE-2014-0015 || {{Pkg|curl}} || 29/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-1610 || {{Pkg|mediawiki}} || 29/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-0021 || {{Pkg|chrony}} || 17/01/2014 || || || 14d<br />
|-<br />
| CVE-2014-1875 || {{Pkg|perl-capture-tiny}} || 06/02/2014 || {{Bug|38862}} || || 4d<br />
|-<br />
| CVE-2013-6493 || {{Pkg|icedtea-web-jav}} || 05/02/2014 || || || 0d<br />
|- <br />
| CVE-2014-1858 CVE-2014-1859 || {{Pkg|python-numpy}} || 06/02/2014 || {{Bug|38863}} || || 4d<br />
|-<br />
| CVE-2014-1932 CVE-2014-1933 || {{Pkg|python-pillow}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1934 || {{Pkg|python-eyed3}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1935 || {{Pkg|9base}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1949 || {{Pkg|cinnamon-screensaver}} || 12/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1959 || {{Pkg|gnutls}} || 13/02/2014 || || || 2d<br />
|- <br />
| CVE-2014-2015 || {{Pkg|freeradius}} || 16/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1943 || {{Pkg|file}} || 10/02/2014 || || || 2d<br />
|-<br />
| CVE-2014-0001 CVE-2014-0412<br> CVE-2014-0437 CVE-2014-0420 <br> CVE-2014-0393 CVE-2014-0386 <br> CVE-2014-0401 CVE-2014-0402 || {{Pkg|mariadb}} || 13/02/2013 || || || -13d<br />
|-<br />
| CVE-2014-1447 || {{Pkg|libvirt}} || 16/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-0979 || lightdm-gtk* || 07/01/2014 || {{Bug|38715}} || || 25d<br />
|-<br />
| CVE-2014-1475 CVE-2014-1476 || {{Pkg|drupal}} || 15/01/2014 || || || 12d<br />
|-<br />
| CVE-2014-0019 || {{Pkg|socat}} || 29/01/2014 || || || 0d<br />
|- <br />
| CVE-2014-1845 CVE-2014-1846 || {{Pkg|enlightment}} || 03/02/2014 || || || -3d<br />
|-<br />
| CVE-2014-1838 CVE-2014-1839 || {{Pkg|python-logilab}} || 31/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-0368 CVE-2014-0373 <br> CVE-2014-0376 CVE-2014-0411 <br> CVE-2014-0416 CVE-2014-0422 <br> CVE-2014-0423 CVE-2014-0428 || *-openjdk-* || 15/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-1402 || {{Pkg|python-jinja}} || 10/01/2014 || || || 1d<br />
|-<br />
| CVE-2013-6462 || {{Pkg|libxfont}} || 07/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-1235 || {{Pkg|graphviz}} || 07/01/2014 || {{Bug|38441}} || || 3d<br />
|-<br />
| CVE-2014-0978 || {{Pkg|freerdp}} || 02/01/2014 || {{Bug|38802}} || || ??<br />
|-<br />
|}</div>Bwaynehttps://wiki.archlinux.org/index.php?title=Arch_Security_Team&diff=305500Arch Security Team2014-03-18T17:33:59Z<p>Bwayne: /* Bug Report Template */</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Stub|For now, this page is a draft to construct something according to https://mailman.archlinux.org/pipermail/arch-dev-public/2014-March/025952.html}}<br />
<br />
{{Related articles start}}<br />
{{Related|Security Task Force}}<br />
{{Related|CVE-2014}}<br />
{{Related articles end}}<br />
<br />
<br />
This article introduces the Arch CVE Monitoring Team (ACMT) and describes best practices for contributing. <br />
<br />
<br />
==Introduction==<br />
Arch Linux is a community-driven distribution. It relies upon the efforts of volunteers to maintain and improve the distribution itself and to support fellow community members. <br />
<br />
The importance of software security cannot be overstated. Today's society relies upon computer technology for everything from amusement to indispensable national and local infrastructure. Many rely upon Arch Linux to provide these. <br />
<br />
On March 9, 2014, Allan McRae [https://mailman.archlinux.org/pipermail/arch-dev-public/2014-March/025952.html called] upon our community to assist in securing Arch Linux by monitoring any and all relevant resources for announced [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's). In contrast to security issues which can be fixed by updating, CVE's require patches to be backported. As such, Arch developers must be notified that this is the case. This is where the ACMT comes in.<br />
<br />
The ACMT should embody the efforts of the "security-conscious" part of the Arch users population. Server owners, maintainers of workstations in production environments as well as concerned personal users would gain the benefit of relatively prompt security updates. The ACMT should help alleviate two important problems: finding bugs, communicating with developers. <br />
<br />
The Team is a volunteer maintained service. Volunteers are welcome to help identify and notify packages with security vulnerabilities.<br />
<br />
==Joining the ACMT==<br />
Joining is as simple as helping. Firstly, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch Security mailing list] and/or IRC chan #archlinux-security. Secondly, consider the area where you'd like to help. It would be ideal to have team members' labor divided across the software ecosystem as equally as possible. This helps the Team to quickly and efficiently find and report CVE's. Software categories are listed [[Arch_CVE_Monitoring_Team#Package_Categories_and_Team_Members|below]]. However, it is not required that those who wish to volunteer restrict their monitoring in any way. "Global" and multiple-category volunteers are needed and encouraged. <br />
<br />
It is recommended that interested parties please consider monitoring those categories for which there are fewer volunteers. However, it is fully recognized that volunteers contribute best in areas in which they're most interested. Please consider both of these factors when selecting where your primary efforts will be placed. However, please note that it is not required that you restrict your monitoring to any one particular category. ''The goal of the ACMT is to simply keep Arch Linux secure. Any and all efforts are more than welcome and unreservedly appreciated.''<br />
<br />
If you would like to join the Team, please edit this page to include your name in the [[Arch_CVE_Monitoring_Team#Package_Categories_and_Team_Members|Package Categories and Team Members]] section below. Please place your name beneath the package category for which you will be monitoring. If you do not care to monitor specific categories and you would like to contribute any and all, please place your name in the "Global" category. ''These options are not mutually exclusive.''<br />
<br />
==Participation Guidelines==<br />
<br />
ACMT monitors all packages within the following repositories:<br />
* ''core''<br />
* ''extra''<br />
* ''community''<br />
<br />
Follow mailing lists (both development and user), security advisories (if any) and bug trackers on a regular basis. A few resources are listed below. You will quickly learn the different kind of vulnerabilities if you are unfamiliar. For those who will monitor languages, it is ideal to be able to operate at both the interpreter level (often written in C) and the language level. <br />
<br />
Everyone should file bug reports. If you are unsure how to file a bug report, please refer to the [[Reporting_Bug_Guidelines| Bug Reporting Guidelines]]. <br />
<br />
People with the technical ability are encouraged to not only file bug reports about CVE's, but write/comment patches, test, communicate with upstream developers, among other things.<br />
<br />
==Procedure==<br />
A critical security exploit has been found in a software package within the Arch Linux official repositories. An ACMT member picks up this information from some mailing list he/she is following. If upstream released a new version that corrects the issue, the ACMT member should flag the package out-of-date and post pertinent information to the arch-security mailing list, which will likely get the attention of the developers. If, on the other hand, upstream releases only a patch, the ACMT member should file a bug report.<br />
<br />
====Bug Report Template====<br />
<br />
{{bc|<br />
Title : [<pkg-name>] security patch for <CVE-id><br />
Description:<br />
Quick description of the issue (or copy/paste from oss-sec, upstream bug reports, etc.)<br />
upstream bug report [0]<br />
<br />
Resolution:<br />
patch [1] <br />
<br />
Resources:<br />
[0] links to upstream bug report<br />
[1] link to patch<br />
}}<br />
<br />
The criticality of the bug report should be set to either Critical or High, depending on the severity of the issue.<br />
Some updates will be much more critical than others. However, updates are always recommended in the case of any vulnerability.<br />
<br />
Once this process is complete, please add the CVE to the [[CVE-2014]] Documented Resolved CVE table.<br />
<br />
==Resources==<br />
===RSS===<br />
;National Vulnerability Database (NVD)<br />
: All CVE vulnerabilites: http://nvd.nist.gov/download/nvd-rss.xml<br />
: All fully analyzed CVE vulnerabilities: http://nvd.nist.gov/download/nvd-rss-analyzed.xml<br />
<br />
===Mailing Lists===<br />
;oss-sec: main list dealing with security of free software, a lot of CVE attributions happen here, required if you wish to follow security news.<br><br />
:info: http://oss-security.openwall.org/wiki/mailing-lists/oss-security<br />
:subscribe: oss-security-subscribe(at)lists.openwall.com<br />
:archive: http://www.openwall.com/lists/oss-security/<br />
<br />
;bugtraq:a full disclosure moderated mailing list (noisy)<br />
:info: http://www.securityfocus.com/archive/1/description<br />
:subscribe: bugtraq-subscribe(at)securityfocus.com<br />
<br />
;full-disclosure: another full-disclosure mailing-list (noisy)<br />
:info: http://lists.grok.org.uk/full-disclosure-charter.html<br />
:subscribe: full-disclosure-request(at)lists.grok.org.uk<br />
<br />
Also consider following the mailing lists for specific packages, such as LibreOffice, X.org, Puppetlabs, ISC, etc.<br />
<br />
===Other Distributions===<br />
Resources of other distributions (to look for CVE, patch, comments etc.):<br />
;RedHat and Fedora:<br />
:rss advisories: https://admin.fedoraproject.org/updates/rss/rss2.0?type=security<br />
:CVE tracker: https://access.redhat.com/security/cve/<CVE-id><br />
:bug tracker: https://bugzilla.redhat.com/show_bug.cgi?id=<CVE-id><br />
<br />
;Ubuntu:<br />
:advisories: http://www.ubuntu.com/usn/atom.xml<br />
:CVE tracker: http://people.canonical.com/~ubuntu-security/cve/?cve=<CVE-id><br />
:database: https://code.launchpad.net/~ubuntu-security/ubuntu-cve-tracker/master<br />
<br />
;Debian:<br />
:CVE tracker: http://security-tracker.debian.org/tracker/<CVE-id><br />
:patch-tracker: http://patch-tracker.debian.org/<br />
:database: http://anonscm.debian.org/viewvc/secure-testing/data/<br />
<br />
;OpenSUSE:<br />
:CVE tracker: http://support.novell.com/security/cve/<CVE-id>.html<br />
<br />
===Other===<br />
;Mitre and NVD links for CVE's:<br />
:http://cve.mitre.org/cgi-bin/cvename.cgi?name=<CVE-id><br />
:http://web.nvd.nist.gov/view/vuln/detail?vulnId=<CVE-id><br />
<br />
NVD and Mitre do not necessarily fill their CVE entry immediately after attribution, so it's not always relevant for Arch. The CVE-id and the "Date Entry Created" fields do not have particular meaning. CVE are attributed by CVE Numbering Authorities (CNA), and each CNA obtain CVE blocks from Mitre when needed/asked, so the CVE ID is not linked to the attribution date. The "Date Entry Created" field often only indicates when the CVE block was given to the CNA, nothing more.<br />
<br />
;Linux Weekly News: LWN provides a daily notice of security updates for various distributions<br />
:http://lwn.net/headlines/newrss<br />
<br />
===More===<br />
For more resources, please see the OpenWall's [http://oss-security.openwall.org/wiki/ Open Source Software Security Wiki]. <br />
<br />
<br />
==Package Categories and Team Members==<br />
Below is a list of general package categories. Should you like, you are welcome to add a new category. Please remember the KISS philosophy when editing the list. <br />
<br />
*Global<br />
:[[User:Bwayne|Billy Wayne McCann]]<br />
:[[User:Netmonk|HegemoOn]]<br />
:[Your Name Here]<br />
* Kernel<br />
:Mark Lee<br />
* Filesystems<br />
:[Your Name Here]<br />
* GNU userland<br />
:[[User:RbN|RbN]]<br />
* Xorg<br />
:[[User:RbN|RbN]]<br />
* Systemd<br />
:[[User:RbN|RbN]]<br />
* Perl and associated software<br />
:[Your Name Here]<br />
* Python and associated software<br />
:[[User:Srl|Scott Lawrence]]<br />
:[Your Name Here]<br />
* Java and associated software<br />
:[Your Name Here]<br />
* Ruby and associated software<br />
:[Your Name Here]<br />
* Gtk/Gnome and associated software<br />
:[Your Name Here]<br />
* QT/KDE and associated software<br />
:[[User:Bwayne|Billy Wayne McCann]] (KDE)<br />
:[Your Name Here]<br />
* Various Windows Managers (please include which WM along with your name)<br />
:[Your Name Here]</div>Bwaynehttps://wiki.archlinux.org/index.php?title=Arch_Security_Team&diff=305499Arch Security Team2014-03-18T17:33:18Z<p>Bwayne: /* Procedure */ Added instructions to place entry in CVE-2014 table.</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Stub|For now, this page is a draft to construct something according to https://mailman.archlinux.org/pipermail/arch-dev-public/2014-March/025952.html}}<br />
<br />
{{Related articles start}}<br />
{{Related|Security Task Force}}<br />
{{Related|CVE-2014}}<br />
{{Related articles end}}<br />
<br />
<br />
This article introduces the Arch CVE Monitoring Team (ACMT) and describes best practices for contributing. <br />
<br />
<br />
==Introduction==<br />
Arch Linux is a community-driven distribution. It relies upon the efforts of volunteers to maintain and improve the distribution itself and to support fellow community members. <br />
<br />
The importance of software security cannot be overstated. Today's society relies upon computer technology for everything from amusement to indispensable national and local infrastructure. Many rely upon Arch Linux to provide these. <br />
<br />
On March 9, 2014, Allan McRae [https://mailman.archlinux.org/pipermail/arch-dev-public/2014-March/025952.html called] upon our community to assist in securing Arch Linux by monitoring any and all relevant resources for announced [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's). In contrast to security issues which can be fixed by updating, CVE's require patches to be backported. As such, Arch developers must be notified that this is the case. This is where the ACMT comes in.<br />
<br />
The ACMT should embody the efforts of the "security-conscious" part of the Arch users population. Server owners, maintainers of workstations in production environments as well as concerned personal users would gain the benefit of relatively prompt security updates. The ACMT should help alleviate two important problems: finding bugs, communicating with developers. <br />
<br />
The Team is a volunteer maintained service. Volunteers are welcome to help identify and notify packages with security vulnerabilities.<br />
<br />
==Joining the ACMT==<br />
Joining is as simple as helping. Firstly, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch Security mailing list] and/or IRC chan #archlinux-security. Secondly, consider the area where you'd like to help. It would be ideal to have team members' labor divided across the software ecosystem as equally as possible. This helps the Team to quickly and efficiently find and report CVE's. Software categories are listed [[Arch_CVE_Monitoring_Team#Package_Categories_and_Team_Members|below]]. However, it is not required that those who wish to volunteer restrict their monitoring in any way. "Global" and multiple-category volunteers are needed and encouraged. <br />
<br />
It is recommended that interested parties please consider monitoring those categories for which there are fewer volunteers. However, it is fully recognized that volunteers contribute best in areas in which they're most interested. Please consider both of these factors when selecting where your primary efforts will be placed. However, please note that it is not required that you restrict your monitoring to any one particular category. ''The goal of the ACMT is to simply keep Arch Linux secure. Any and all efforts are more than welcome and unreservedly appreciated.''<br />
<br />
If you would like to join the Team, please edit this page to include your name in the [[Arch_CVE_Monitoring_Team#Package_Categories_and_Team_Members|Package Categories and Team Members]] section below. Please place your name beneath the package category for which you will be monitoring. If you do not care to monitor specific categories and you would like to contribute any and all, please place your name in the "Global" category. ''These options are not mutually exclusive.''<br />
<br />
==Participation Guidelines==<br />
<br />
ACMT monitors all packages within the following repositories:<br />
* ''core''<br />
* ''extra''<br />
* ''community''<br />
<br />
Follow mailing lists (both development and user), security advisories (if any) and bug trackers on a regular basis. A few resources are listed below. You will quickly learn the different kind of vulnerabilities if you are unfamiliar. For those who will monitor languages, it is ideal to be able to operate at both the interpreter level (often written in C) and the language level. <br />
<br />
Everyone should file bug reports. If you are unsure how to file a bug report, please refer to the [[Reporting_Bug_Guidelines| Bug Reporting Guidelines]]. <br />
<br />
People with the technical ability are encouraged to not only file bug reports about CVE's, but write/comment patches, test, communicate with upstream developers, among other things.<br />
<br />
==Procedure==<br />
A critical security exploit has been found in a software package within the Arch Linux official repositories. An ACMT member picks up this information from some mailing list he/she is following. If upstream released a new version that corrects the issue, the ACMT member should flag the package out-of-date and post pertinent information to the arch-security mailing list, which will likely get the attention of the developers. If, on the other hand, upstream releases only a patch, the ACMT member should file a bug report.<br />
<br />
===Bug Report Template===<br />
<br />
{{bc|<br />
Title : [<pkg-name>] security patch for <CVE-id><br />
Description:<br />
Quick description of the issue (or copy/paste from oss-sec, upstream bug reports, etc.)<br />
upstream bug report [0]<br />
<br />
Resolution:<br />
patch [1] <br />
<br />
Resources:<br />
[0] links to upstream bug report<br />
[1] link to patch<br />
}}<br />
<br />
The criticality of the bug report should be set to either Critical or High, depending on the severity of the issue.<br />
Some updates will be much more critical than others. However, updates are always recommended in the case of any vulnerability.<br />
<br />
Once this process is complete, please add the CVE to the [[CVE-2014]] Documented Resolved CVE table.<br />
<br />
==Resources==<br />
===RSS===<br />
;National Vulnerability Database (NVD)<br />
: All CVE vulnerabilites: http://nvd.nist.gov/download/nvd-rss.xml<br />
: All fully analyzed CVE vulnerabilities: http://nvd.nist.gov/download/nvd-rss-analyzed.xml<br />
<br />
===Mailing Lists===<br />
;oss-sec: main list dealing with security of free software, a lot of CVE attributions happen here, required if you wish to follow security news.<br><br />
:info: http://oss-security.openwall.org/wiki/mailing-lists/oss-security<br />
:subscribe: oss-security-subscribe(at)lists.openwall.com<br />
:archive: http://www.openwall.com/lists/oss-security/<br />
<br />
;bugtraq:a full disclosure moderated mailing list (noisy)<br />
:info: http://www.securityfocus.com/archive/1/description<br />
:subscribe: bugtraq-subscribe(at)securityfocus.com<br />
<br />
;full-disclosure: another full-disclosure mailing-list (noisy)<br />
:info: http://lists.grok.org.uk/full-disclosure-charter.html<br />
:subscribe: full-disclosure-request(at)lists.grok.org.uk<br />
<br />
Also consider following the mailing lists for specific packages, such as LibreOffice, X.org, Puppetlabs, ISC, etc.<br />
<br />
===Other Distributions===<br />
Resources of other distributions (to look for CVE, patch, comments etc.):<br />
;RedHat and Fedora:<br />
:rss advisories: https://admin.fedoraproject.org/updates/rss/rss2.0?type=security<br />
:CVE tracker: https://access.redhat.com/security/cve/<CVE-id><br />
:bug tracker: https://bugzilla.redhat.com/show_bug.cgi?id=<CVE-id><br />
<br />
;Ubuntu:<br />
:advisories: http://www.ubuntu.com/usn/atom.xml<br />
:CVE tracker: http://people.canonical.com/~ubuntu-security/cve/?cve=<CVE-id><br />
:database: https://code.launchpad.net/~ubuntu-security/ubuntu-cve-tracker/master<br />
<br />
;Debian:<br />
:CVE tracker: http://security-tracker.debian.org/tracker/<CVE-id><br />
:patch-tracker: http://patch-tracker.debian.org/<br />
:database: http://anonscm.debian.org/viewvc/secure-testing/data/<br />
<br />
;OpenSUSE:<br />
:CVE tracker: http://support.novell.com/security/cve/<CVE-id>.html<br />
<br />
===Other===<br />
;Mitre and NVD links for CVE's:<br />
:http://cve.mitre.org/cgi-bin/cvename.cgi?name=<CVE-id><br />
:http://web.nvd.nist.gov/view/vuln/detail?vulnId=<CVE-id><br />
<br />
NVD and Mitre do not necessarily fill their CVE entry immediately after attribution, so it's not always relevant for Arch. The CVE-id and the "Date Entry Created" fields do not have particular meaning. CVE are attributed by CVE Numbering Authorities (CNA), and each CNA obtain CVE blocks from Mitre when needed/asked, so the CVE ID is not linked to the attribution date. The "Date Entry Created" field often only indicates when the CVE block was given to the CNA, nothing more.<br />
<br />
;Linux Weekly News: LWN provides a daily notice of security updates for various distributions<br />
:http://lwn.net/headlines/newrss<br />
<br />
===More===<br />
For more resources, please see the OpenWall's [http://oss-security.openwall.org/wiki/ Open Source Software Security Wiki]. <br />
<br />
<br />
==Package Categories and Team Members==<br />
Below is a list of general package categories. Should you like, you are welcome to add a new category. Please remember the KISS philosophy when editing the list. <br />
<br />
*Global<br />
:[[User:Bwayne|Billy Wayne McCann]]<br />
:[[User:Netmonk|HegemoOn]]<br />
:[Your Name Here]<br />
* Kernel<br />
:Mark Lee<br />
* Filesystems<br />
:[Your Name Here]<br />
* GNU userland<br />
:[[User:RbN|RbN]]<br />
* Xorg<br />
:[[User:RbN|RbN]]<br />
* Systemd<br />
:[[User:RbN|RbN]]<br />
* Perl and associated software<br />
:[Your Name Here]<br />
* Python and associated software<br />
:[[User:Srl|Scott Lawrence]]<br />
:[Your Name Here]<br />
* Java and associated software<br />
:[Your Name Here]<br />
* Ruby and associated software<br />
:[Your Name Here]<br />
* Gtk/Gnome and associated software<br />
:[Your Name Here]<br />
* QT/KDE and associated software<br />
:[[User:Bwayne|Billy Wayne McCann]] (KDE)<br />
:[Your Name Here]<br />
* Various Windows Managers (please include which WM along with your name)<br />
:[Your Name Here]</div>Bwaynehttps://wiki.archlinux.org/index.php?title=CVE&diff=305441CVE2014-03-18T13:44:30Z<p>Bwayne: /* Documented Resolved CVE's */</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Stub|Draft of a table conaining already corrected CVE<br />
TODO: -improve sexyness of the table <br />
- links to Mitre for CVE-id<br />
}}<br />
<br />
{{Related articles start}}<br />
{{Related | Arch_CVE_Monitoring_Team}}<br />
{{Related articles end}}<br />
This article documents [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's) that are found and fixed in Arch Linux. <br />
<br />
==Introduction==<br />
CVE's represent critical security vulnerabilities which must be addressed as quickly as possible. <br />
<br />
Once a CVE has been located and fixed, it is added to the CVE documentation table below.<br />
<br />
==Helping==<br />
This is a community driven project. Please consider joining the [[Arch_CVE_Monitoring_Team | Arch CVE Monitoring Team]]. <br />
<br />
Also, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch security mailing list]. There is an IRC on irc.freenode.net#arch-security. <br />
<br />
==Procedure==<br />
<br />
When adding a CVE to the table, add it to the TOP of the table. In the "CVE-id", "package/version", and "Update/bug" columns, create the entry as a hyperlink to the appropriate URL, respectively. <br />
<br />
==Documented Resolved CVE's ==<br />
<br><br />
{{Note|Refer to the [[#Procedure]] section when adding new entries.}}<br />
<br />
<br />
{| class="wikitable sortable" style="margin: 1em auto 1em auto; text-align: center;" width="50%"<br />
|height="50px" colspan="7" style="font-size: 125%;"| '''RESOLVED CVE's'''<br />
|-<br />
! scope="col" width="125px" data-sort-type="text" | CVE-id <br />
! package/version <br />
! data-sort-type="date"| Date public <br />
! Update/bug <br />
! Fixed version<br />
! Time vulnerable<br />
! Status<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2523 CVE-2014-2523 ] || {{Pkg|linux}} || 17/03/2014 || - || 3.13-rc5 || ? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0004 CVE-2014-0004 ] || {{Pkg|udisks2}} {{Pkg|udisks}} || 10/03/2014 || 2.1.3 1.0.5 || 2.1.3 1.0.5 || 3d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2281 CVE-2014-2281 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2283 CVE-2014-2283 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2299 CVE-2014-2299 ] || {{Pkg|wireshark}} || 10/03/2014 || 1.10.6 || 1.10.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0050 CVE-2014-0050 ] || {{Pkg|tomcat7}} || 06/02/2014 || 7.0.51 || 7.0.51 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0033 CVE-2014-0033 ] || {{Pkg|tomcat6}} || 10/01/2014 || 6.0.37 || 6.0.37 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0032 CVE-2014-0032 ] || {{Pkg|subversion}} || 10/01/2014 || 1.8.6 || 1.8.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0060 CVE-2014-0060 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0061 CVE-2014-0061 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0062 CVE-2014-0062 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0063 CVE-2014-0063 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0064 CVE-2014-0064] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0065 CVE-2014-0065] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0066 CVE-2014-0066] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0067 CVE-2014-0067] || {{Pkg|postgresql}} || 20/02/2014 || 9.3.3 || 9.33 || 0d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1912 CVE-2014-1912 ] || {{Pkg|python}} {{Pkg|python2}} || 07/02/2014 || || || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4496 CVE-2013-4496 ] || {{Pkg|samba}}|| 14/03/2014 || {{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6442 CVE-2013-6442 ] || {{Pkg|samba}} || 14/03/2014 ||{{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0504 CVE-2014-0504 ] || {{Pkg|flashplugin}} || 12/03/2014 || {{Bug|39385}} || 11.2.202.346 || 1d || fixed<br />
|-<br />
| CVE-2014-0106 || {{Pkg|sudo}}/1.8.9.p5 || || 1.8.10 || || - || pending<br />
|-<br />
| CVE-2014-2285 CVE-2014-2284 || {{Pkg|net-snmp}} || 05/03/2014 || {{Bug|39190}} || || 8d<br />
|-<br />
| CVE-2014-0092 || {{Pkg|gnutls}} || 04/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2242 CVE-2014-2243 <br> CVE-2014-2242 || {{Pkg|mediawiki}} || 14/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2096 CVE-2014-2093 || {{Pkg|catfish}} || 25/02/2014 || || || ??<br />
|-<br />
| CVE-2014-0497|| {{Pkg|flashplugin}} || 04/02/2014 || || || 1d<br />
|-<br />
| CVE-2014-0015 || {{Pkg|curl}} || 29/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-1610 || {{Pkg|mediawiki}} || 29/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-0021 || {{Pkg|chrony}} || 17/01/2014 || || || 14d<br />
|-<br />
| CVE-2014-1875 || {{Pkg|perl-capture-tiny}} || 06/02/2014 || {{Bug|38862}} || || 4d<br />
|-<br />
| CVE-2013-6493 || {{Pkg|icedtea-web-jav}} || 05/02/2014 || || || 0d<br />
|- <br />
| CVE-2014-1858 CVE-2014-1859 || {{Pkg|python-numpy}} || 06/02/2014 || {{Bug|38863}} || || 4d<br />
|-<br />
| CVE-2014-1932 CVE-2014-1933 || {{Pkg|python-pillow}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1934 || {{Pkg|python-eyed3}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1935 || {{Pkg|9base}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1949 || {{Pkg|cinnamon-screensaver}} || 12/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1959 || {{Pkg|gnutls}} || 13/02/2014 || || || 2d<br />
|- <br />
| CVE-2014-2015 || {{Pkg|freeradius}} || 16/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1943 || {{Pkg|file}} || 10/02/2014 || || || 2d<br />
|-<br />
| CVE-2014-0001 CVE-2014-0412<br> CVE-2014-0437 CVE-2014-0420 <br> CVE-2014-0393 CVE-2014-0386 <br> CVE-2014-0401 CVE-2014-0402 || {{Pkg|mariadb}} || 13/02/2013 || || || -13d<br />
|-<br />
| CVE-2014-1447 || {{Pkg|libvirt}} || 16/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-0979 || lightdm-gtk* || 07/01/2014 || {{Bug|38715}} || || 25d<br />
|-<br />
| CVE-2014-1475 CVE-2014-1476 || {{Pkg|drupal}} || 15/01/2014 || || || 12d<br />
|-<br />
| CVE-2014-0019 || {{Pkg|socat}} || 29/01/2014 || || || 0d<br />
|- <br />
| CVE-2014-1845 CVE-2014-1846 || {{Pkg|enlightment}} || 03/02/2014 || || || -3d<br />
|-<br />
| CVE-2014-1838 CVE-2014-1839 || {{Pkg|python-logilab}} || 31/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-0368 CVE-2014-0373 <br> CVE-2014-0376 CVE-2014-0411 <br> CVE-2014-0416 CVE-2014-0422 <br> CVE-2014-0423 CVE-2014-0428 || *-openjdk-* || 15/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-1402 || {{Pkg|python-jinja}} || 10/01/2014 || || || 1d<br />
|-<br />
| CVE-2013-6462 || {{Pkg|libxfont}} || 07/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-1235 || {{Pkg|graphviz}} || 07/01/2014 || {{Bug|38441}} || || 3d<br />
|-<br />
| CVE-2014-0978 || {{Pkg|freerdp}} || 02/01/2014 || {{Bug|38802}} || || ??<br />
|-<br />
|}</div>Bwaynehttps://wiki.archlinux.org/index.php?title=CVE&diff=305440CVE2014-03-18T13:43:57Z<p>Bwayne: /* Documented Resolved CVE's */</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Stub|Draft of a table conaining already corrected CVE<br />
TODO: -improve sexyness of the table <br />
- links to Mitre for CVE-id<br />
}}<br />
<br />
{{Related articles start}}<br />
{{Related | Arch_CVE_Monitoring_Team}}<br />
{{Related articles end}}<br />
This article documents [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's) that are found and fixed in Arch Linux. <br />
<br />
==Introduction==<br />
CVE's represent critical security vulnerabilities which must be addressed as quickly as possible. <br />
<br />
Once a CVE has been located and fixed, it is added to the CVE documentation table below.<br />
<br />
==Helping==<br />
This is a community driven project. Please consider joining the [[Arch_CVE_Monitoring_Team | Arch CVE Monitoring Team]]. <br />
<br />
Also, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch security mailing list]. There is an IRC on irc.freenode.net#arch-security. <br />
<br />
==Procedure==<br />
<br />
When adding a CVE to the table, add it to the TOP of the table. In the "CVE-id", "package/version", and "Update/bug" columns, create the entry as a hyperlink to the appropriate URL, respectively. <br />
<br />
==Documented Resolved CVE's ==<br />
<br><br />
{{Note|Refer to the [[#Procedure]] section when adding new entries.}}<br />
<br />
<br />
{| class="wikitable sortable" style="margin: 1em auto 1em auto; text-align: center;" width="50%"<br />
|height="50px" colspan="7" style="font-size: 125%;"| '''RESOLVED CVE's'''<br />
|-<br />
! scope="col" width="125px" data-sort-type="text" | CVE-id <br />
! package/version <br />
! data-sort-type="date"| Date public <br />
! Update/bug <br />
! Fixed version<br />
! Time vulnerable<br />
! Status<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2523 CVE-2014-2523 ] || {{Pkg|linux}} || 17/03/2014 || ? || 3.13-rc5 || ? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0004 CVE-2014-0004 ] || {{Pkg|udisks2}} {{Pkg|udisks}} || 10/03/2014 || 2.1.3 1.0.5 || 2.1.3 1.0.5 || 3d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2281 CVE-2014-2281 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2283 CVE-2014-2283 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2299 CVE-2014-2299 ] || {{Pkg|wireshark}} || 10/03/2014 || 1.10.6 || 1.10.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0050 CVE-2014-0050 ] || {{Pkg|tomcat7}} || 06/02/2014 || 7.0.51 || 7.0.51 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0033 CVE-2014-0033 ] || {{Pkg|tomcat6}} || 10/01/2014 || 6.0.37 || 6.0.37 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0032 CVE-2014-0032 ] || {{Pkg|subversion}} || 10/01/2014 || 1.8.6 || 1.8.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0060 CVE-2014-0060 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0061 CVE-2014-0061 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0062 CVE-2014-0062 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0063 CVE-2014-0063 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0064 CVE-2014-0064] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0065 CVE-2014-0065] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0066 CVE-2014-0066] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0067 CVE-2014-0067] || {{Pkg|postgresql}} || 20/02/2014 || 9.3.3 || 9.33 || 0d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1912 CVE-2014-1912 ] || {{Pkg|python}} {{Pkg|python2}} || 07/02/2014 || || || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4496 CVE-2013-4496 ] || {{Pkg|samba}}|| 14/03/2014 || {{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6442 CVE-2013-6442 ] || {{Pkg|samba}} || 14/03/2014 ||{{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0504 CVE-2014-0504 ] || {{Pkg|flashplugin}} || 12/03/2014 || {{Bug|39385}} || 11.2.202.346 || 1d || fixed<br />
|-<br />
| CVE-2014-0106 || {{Pkg|sudo}}/1.8.9.p5 || || 1.8.10 || || - || pending<br />
|-<br />
| CVE-2014-2285 CVE-2014-2284 || {{Pkg|net-snmp}} || 05/03/2014 || {{Bug|39190}} || || 8d<br />
|-<br />
| CVE-2014-0092 || {{Pkg|gnutls}} || 04/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2242 CVE-2014-2243 <br> CVE-2014-2242 || {{Pkg|mediawiki}} || 14/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2096 CVE-2014-2093 || {{Pkg|catfish}} || 25/02/2014 || || || ??<br />
|-<br />
| CVE-2014-0497|| {{Pkg|flashplugin}} || 04/02/2014 || || || 1d<br />
|-<br />
| CVE-2014-0015 || {{Pkg|curl}} || 29/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-1610 || {{Pkg|mediawiki}} || 29/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-0021 || {{Pkg|chrony}} || 17/01/2014 || || || 14d<br />
|-<br />
| CVE-2014-1875 || {{Pkg|perl-capture-tiny}} || 06/02/2014 || {{Bug|38862}} || || 4d<br />
|-<br />
| CVE-2013-6493 || {{Pkg|icedtea-web-jav}} || 05/02/2014 || || || 0d<br />
|- <br />
| CVE-2014-1858 CVE-2014-1859 || {{Pkg|python-numpy}} || 06/02/2014 || {{Bug|38863}} || || 4d<br />
|-<br />
| CVE-2014-1932 CVE-2014-1933 || {{Pkg|python-pillow}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1934 || {{Pkg|python-eyed3}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1935 || {{Pkg|9base}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1949 || {{Pkg|cinnamon-screensaver}} || 12/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1959 || {{Pkg|gnutls}} || 13/02/2014 || || || 2d<br />
|- <br />
| CVE-2014-2015 || {{Pkg|freeradius}} || 16/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1943 || {{Pkg|file}} || 10/02/2014 || || || 2d<br />
|-<br />
| CVE-2014-0001 CVE-2014-0412<br> CVE-2014-0437 CVE-2014-0420 <br> CVE-2014-0393 CVE-2014-0386 <br> CVE-2014-0401 CVE-2014-0402 || {{Pkg|mariadb}} || 13/02/2013 || || || -13d<br />
|-<br />
| CVE-2014-1447 || {{Pkg|libvirt}} || 16/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-0979 || lightdm-gtk* || 07/01/2014 || {{Bug|38715}} || || 25d<br />
|-<br />
| CVE-2014-1475 CVE-2014-1476 || {{Pkg|drupal}} || 15/01/2014 || || || 12d<br />
|-<br />
| CVE-2014-0019 || {{Pkg|socat}} || 29/01/2014 || || || 0d<br />
|- <br />
| CVE-2014-1845 CVE-2014-1846 || {{Pkg|enlightment}} || 03/02/2014 || || || -3d<br />
|-<br />
| CVE-2014-1838 CVE-2014-1839 || {{Pkg|python-logilab}} || 31/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-0368 CVE-2014-0373 <br> CVE-2014-0376 CVE-2014-0411 <br> CVE-2014-0416 CVE-2014-0422 <br> CVE-2014-0423 CVE-2014-0428 || *-openjdk-* || 15/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-1402 || {{Pkg|python-jinja}} || 10/01/2014 || || || 1d<br />
|-<br />
| CVE-2013-6462 || {{Pkg|libxfont}} || 07/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-1235 || {{Pkg|graphviz}} || 07/01/2014 || {{Bug|38441}} || || 3d<br />
|-<br />
| CVE-2014-0978 || {{Pkg|freerdp}} || 02/01/2014 || {{Bug|38802}} || || ??<br />
|-<br />
|}</div>Bwaynehttps://wiki.archlinux.org/index.php?title=CVE&diff=305439CVE2014-03-18T13:43:13Z<p>Bwayne: /* Documented Resolved CVE's */ added CVE-2014-2523</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Stub|Draft of a table conaining already corrected CVE<br />
TODO: -improve sexyness of the table <br />
- links to Mitre for CVE-id<br />
}}<br />
<br />
{{Related articles start}}<br />
{{Related | Arch_CVE_Monitoring_Team}}<br />
{{Related articles end}}<br />
This article documents [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's) that are found and fixed in Arch Linux. <br />
<br />
==Introduction==<br />
CVE's represent critical security vulnerabilities which must be addressed as quickly as possible. <br />
<br />
Once a CVE has been located and fixed, it is added to the CVE documentation table below.<br />
<br />
==Helping==<br />
This is a community driven project. Please consider joining the [[Arch_CVE_Monitoring_Team | Arch CVE Monitoring Team]]. <br />
<br />
Also, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch security mailing list]. There is an IRC on irc.freenode.net#arch-security. <br />
<br />
==Procedure==<br />
<br />
When adding a CVE to the table, add it to the TOP of the table. In the "CVE-id", "package/version", and "Update/bug" columns, create the entry as a hyperlink to the appropriate URL, respectively. <br />
<br />
==Documented Resolved CVE's ==<br />
<br><br />
{{Note|Refer to the [[#Procedure]] section when adding new entries.}}<br />
<br />
<br />
{| class="wikitable sortable" style="margin: 1em auto 1em auto; text-align: center;" width="50%"<br />
|height="50px" colspan="7" style="font-size: 125%;"| '''RESOLVED CVE's'''<br />
|-<br />
! scope="col" width="125px" data-sort-type="text" | CVE-id <br />
! package/version <br />
! data-sort-type="date"| Date public <br />
! Update/bug <br />
! Fixed version<br />
! Time vulnerable<br />
! Status<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2523 CVE-2014-2523] || {{Pkg|linux}} || 17/03/2014 || ? || 3.13-rc5 || ? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0004 CVE-2014-0004 ] || {{Pkg|udisks2}} {{Pkg|udisks}} || 10/03/2014 || 2.1.3 1.0.5 || 2.1.3 1.0.5 || 3d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2281 CVE-2014-2281 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2283 CVE-2014-2283 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2299 CVE-2014-2299 ] || {{Pkg|wireshark}} || 10/03/2014 || 1.10.6 || 1.10.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0050 CVE-2014-0050 ] || {{Pkg|tomcat7}} || 06/02/2014 || 7.0.51 || 7.0.51 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0033 CVE-2014-0033 ] || {{Pkg|tomcat6}} || 10/01/2014 || 6.0.37 || 6.0.37 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0032 CVE-2014-0032 ] || {{Pkg|subversion}} || 10/01/2014 || 1.8.6 || 1.8.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0060 CVE-2014-0060 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0061 CVE-2014-0061 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0062 CVE-2014-0062 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0063 CVE-2014-0063 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0064 CVE-2014-0064] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0065 CVE-2014-0065] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0066 CVE-2014-0066] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0067 CVE-2014-0067] || {{Pkg|postgresql}} || 20/02/2014 || 9.3.3 || 9.33 || 0d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1912 CVE-2014-1912 ] || {{Pkg|python}} {{Pkg|python2}} || 07/02/2014 || || || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4496 CVE-2013-4496 ] || {{Pkg|samba}}|| 14/03/2014 || {{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6442 CVE-2013-6442 ] || {{Pkg|samba}} || 14/03/2014 ||{{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0504 CVE-2014-0504 ] || {{Pkg|flashplugin}} || 12/03/2014 || {{Bug|39385}} || 11.2.202.346 || 1d || fixed<br />
|-<br />
| CVE-2014-0106 || {{Pkg|sudo}}/1.8.9.p5 || || 1.8.10 || || - || pending<br />
|-<br />
| CVE-2014-2285 CVE-2014-2284 || {{Pkg|net-snmp}} || 05/03/2014 || {{Bug|39190}} || || 8d<br />
|-<br />
| CVE-2014-0092 || {{Pkg|gnutls}} || 04/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2242 CVE-2014-2243 <br> CVE-2014-2242 || {{Pkg|mediawiki}} || 14/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2096 CVE-2014-2093 || {{Pkg|catfish}} || 25/02/2014 || || || ??<br />
|-<br />
| CVE-2014-0497|| {{Pkg|flashplugin}} || 04/02/2014 || || || 1d<br />
|-<br />
| CVE-2014-0015 || {{Pkg|curl}} || 29/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-1610 || {{Pkg|mediawiki}} || 29/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-0021 || {{Pkg|chrony}} || 17/01/2014 || || || 14d<br />
|-<br />
| CVE-2014-1875 || {{Pkg|perl-capture-tiny}} || 06/02/2014 || {{Bug|38862}} || || 4d<br />
|-<br />
| CVE-2013-6493 || {{Pkg|icedtea-web-jav}} || 05/02/2014 || || || 0d<br />
|- <br />
| CVE-2014-1858 CVE-2014-1859 || {{Pkg|python-numpy}} || 06/02/2014 || {{Bug|38863}} || || 4d<br />
|-<br />
| CVE-2014-1932 CVE-2014-1933 || {{Pkg|python-pillow}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1934 || {{Pkg|python-eyed3}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1935 || {{Pkg|9base}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1949 || {{Pkg|cinnamon-screensaver}} || 12/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1959 || {{Pkg|gnutls}} || 13/02/2014 || || || 2d<br />
|- <br />
| CVE-2014-2015 || {{Pkg|freeradius}} || 16/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1943 || {{Pkg|file}} || 10/02/2014 || || || 2d<br />
|-<br />
| CVE-2014-0001 CVE-2014-0412<br> CVE-2014-0437 CVE-2014-0420 <br> CVE-2014-0393 CVE-2014-0386 <br> CVE-2014-0401 CVE-2014-0402 || {{Pkg|mariadb}} || 13/02/2013 || || || -13d<br />
|-<br />
| CVE-2014-1447 || {{Pkg|libvirt}} || 16/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-0979 || lightdm-gtk* || 07/01/2014 || {{Bug|38715}} || || 25d<br />
|-<br />
| CVE-2014-1475 CVE-2014-1476 || {{Pkg|drupal}} || 15/01/2014 || || || 12d<br />
|-<br />
| CVE-2014-0019 || {{Pkg|socat}} || 29/01/2014 || || || 0d<br />
|- <br />
| CVE-2014-1845 CVE-2014-1846 || {{Pkg|enlightment}} || 03/02/2014 || || || -3d<br />
|-<br />
| CVE-2014-1838 CVE-2014-1839 || {{Pkg|python-logilab}} || 31/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-0368 CVE-2014-0373 <br> CVE-2014-0376 CVE-2014-0411 <br> CVE-2014-0416 CVE-2014-0422 <br> CVE-2014-0423 CVE-2014-0428 || *-openjdk-* || 15/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-1402 || {{Pkg|python-jinja}} || 10/01/2014 || || || 1d<br />
|-<br />
| CVE-2013-6462 || {{Pkg|libxfont}} || 07/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-1235 || {{Pkg|graphviz}} || 07/01/2014 || {{Bug|38441}} || || 3d<br />
|-<br />
| CVE-2014-0978 || {{Pkg|freerdp}} || 02/01/2014 || {{Bug|38802}} || || ??<br />
|-<br />
|}</div>Bwaynehttps://wiki.archlinux.org/index.php?title=CVE&diff=305434CVE2014-03-18T13:28:30Z<p>Bwayne: /* Documented Resolved CVE's */</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Stub|Draft of a table conaining already corrected CVE<br />
TODO: -improve sexyness of the table <br />
- links to Mitre for CVE-id<br />
}}<br />
<br />
{{Related articles start}}<br />
{{Related | Arch_CVE_Monitoring_Team}}<br />
{{Related articles end}}<br />
This article documents [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's) that are found and fixed in Arch Linux. <br />
<br />
==Introduction==<br />
CVE's represent critical security vulnerabilities which must be addressed as quickly as possible. <br />
<br />
Once a CVE has been located and fixed, it is added to the CVE documentation table below.<br />
<br />
==Helping==<br />
This is a community driven project. Please consider joining the [[Arch_CVE_Monitoring_Team | Arch CVE Monitoring Team]]. <br />
<br />
Also, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch security mailing list]. There is an IRC on irc.freenode.net#arch-security. <br />
<br />
==Procedure==<br />
<br />
When adding a CVE to the table, add it to the TOP of the table. In the "CVE-id", "package/version", and "Update/bug" columns, create the entry as a hyperlink to the appropriate URL, respectively. <br />
<br />
==Documented Resolved CVE's ==<br />
<br><br />
{{Note|Refer to the [[#Procedure]] section when adding new entries.}}<br />
<br />
<br />
{| class="wikitable sortable" style="margin: 1em auto 1em auto; text-align: center;" width="50%"<br />
|height="50px" colspan="7" style="font-size: 125%;"| '''RESOLVED CVE's'''<br />
|-<br />
! scope="col" width="125px" data-sort-type="text" | CVE-id <br />
! package/version <br />
! data-sort-type="date"| Date public <br />
! Update/bug <br />
! Fixed version<br />
! Time vulnerable<br />
! Status<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2523 CVE-2014-2523] || {{Pkg|linux}} || 17/03/2014 || ? || ? || ? || ?<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0004 CVE-2014-0004 ] || {{Pkg|udisks2}} {{Pkg|udisks}} || 10/03/2014 || 2.1.3 1.0.5 || 2.1.3 1.0.5 || 3d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2281 CVE-2014-2281 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2283 CVE-2014-2283 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2299 CVE-2014-2299 ] || {{Pkg|wireshark}} || 10/03/2014 || 1.10.6 || 1.10.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0050 CVE-2014-0050 ] || {{Pkg|tomcat7}} || 06/02/2014 || 7.0.51 || 7.0.51 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0033 CVE-2014-0033 ] || {{Pkg|tomcat6}} || 10/01/2014 || 6.0.37 || 6.0.37 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0032 CVE-2014-0032 ] || {{Pkg|subversion}} || 10/01/2014 || 1.8.6 || 1.8.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0060 CVE-2014-0060 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0061 CVE-2014-0061 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0062 CVE-2014-0062 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0063 CVE-2014-0063 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0064 CVE-2014-0064] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0065 CVE-2014-0065] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0066 CVE-2014-0066] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0067 CVE-2014-0067] || {{Pkg|postgresql}} || 20/02/2014 || 9.3.3 || 9.33 || 0d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1912 CVE-2014-1912 ] || {{Pkg|python}} {{Pkg|python2}} || 07/02/2014 || || || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4496 CVE-2013-4496 ] || {{Pkg|samba}}|| 14/03/2014 || {{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6442 CVE-2013-6442 ] || {{Pkg|samba}} || 14/03/2014 ||{{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0504 CVE-2014-0504 ] || {{Pkg|flashplugin}} || 12/03/2014 || {{Bug|39385}} || 11.2.202.346 || 1d || fixed<br />
|-<br />
| CVE-2014-0106 || {{Pkg|sudo}}/1.8.9.p5 || || 1.8.10 || || - || pending<br />
|-<br />
| CVE-2014-2285 CVE-2014-2284 || {{Pkg|net-snmp}} || 05/03/2014 || {{Bug|39190}} || || 8d<br />
|-<br />
| CVE-2014-0092 || {{Pkg|gnutls}} || 04/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2242 CVE-2014-2243 <br> CVE-2014-2242 || {{Pkg|mediawiki}} || 14/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2096 CVE-2014-2093 || {{Pkg|catfish}} || 25/02/2014 || || || ??<br />
|-<br />
| CVE-2014-0497|| {{Pkg|flashplugin}} || 04/02/2014 || || || 1d<br />
|-<br />
| CVE-2014-0015 || {{Pkg|curl}} || 29/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-1610 || {{Pkg|mediawiki}} || 29/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-0021 || {{Pkg|chrony}} || 17/01/2014 || || || 14d<br />
|-<br />
| CVE-2014-1875 || {{Pkg|perl-capture-tiny}} || 06/02/2014 || {{Bug|38862}} || || 4d<br />
|-<br />
| CVE-2013-6493 || {{Pkg|icedtea-web-jav}} || 05/02/2014 || || || 0d<br />
|- <br />
| CVE-2014-1858 CVE-2014-1859 || {{Pkg|python-numpy}} || 06/02/2014 || {{Bug|38863}} || || 4d<br />
|-<br />
| CVE-2014-1932 CVE-2014-1933 || {{Pkg|python-pillow}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1934 || {{Pkg|python-eyed3}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1935 || {{Pkg|9base}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1949 || {{Pkg|cinnamon-screensaver}} || 12/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1959 || {{Pkg|gnutls}} || 13/02/2014 || || || 2d<br />
|- <br />
| CVE-2014-2015 || {{Pkg|freeradius}} || 16/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1943 || {{Pkg|file}} || 10/02/2014 || || || 2d<br />
|-<br />
| CVE-2014-0001 CVE-2014-0412<br> CVE-2014-0437 CVE-2014-0420 <br> CVE-2014-0393 CVE-2014-0386 <br> CVE-2014-0401 CVE-2014-0402 || {{Pkg|mariadb}} || 13/02/2013 || || || -13d<br />
|-<br />
| CVE-2014-1447 || {{Pkg|libvirt}} || 16/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-0979 || lightdm-gtk* || 07/01/2014 || {{Bug|38715}} || || 25d<br />
|-<br />
| CVE-2014-1475 CVE-2014-1476 || {{Pkg|drupal}} || 15/01/2014 || || || 12d<br />
|-<br />
| CVE-2014-0019 || {{Pkg|socat}} || 29/01/2014 || || || 0d<br />
|- <br />
| CVE-2014-1845 CVE-2014-1846 || {{Pkg|enlightment}} || 03/02/2014 || || || -3d<br />
|-<br />
| CVE-2014-1838 CVE-2014-1839 || {{Pkg|python-logilab}} || 31/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-0368 CVE-2014-0373 <br> CVE-2014-0376 CVE-2014-0411 <br> CVE-2014-0416 CVE-2014-0422 <br> CVE-2014-0423 CVE-2014-0428 || *-openjdk-* || 15/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-1402 || {{Pkg|python-jinja}} || 10/01/2014 || || || 1d<br />
|-<br />
| CVE-2013-6462 || {{Pkg|libxfont}} || 07/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-1235 || {{Pkg|graphviz}} || 07/01/2014 || {{Bug|38441}} || || 3d<br />
|-<br />
| CVE-2014-0978 || {{Pkg|freerdp}} || 02/01/2014 || {{Bug|38802}} || || ??<br />
|-<br />
|}</div>Bwaynehttps://wiki.archlinux.org/index.php?title=CVE&diff=305433CVE2014-03-18T13:27:54Z<p>Bwayne: /* Documented Resolved CVE's */</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Stub|Draft of a table conaining already corrected CVE<br />
TODO: -improve sexyness of the table <br />
- links to Mitre for CVE-id<br />
}}<br />
<br />
{{Related articles start}}<br />
{{Related | Arch_CVE_Monitoring_Team}}<br />
{{Related articles end}}<br />
This article documents [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's) that are found and fixed in Arch Linux. <br />
<br />
==Introduction==<br />
CVE's represent critical security vulnerabilities which must be addressed as quickly as possible. <br />
<br />
Once a CVE has been located and fixed, it is added to the CVE documentation table below.<br />
<br />
==Helping==<br />
This is a community driven project. Please consider joining the [[Arch_CVE_Monitoring_Team | Arch CVE Monitoring Team]]. <br />
<br />
Also, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch security mailing list]. There is an IRC on irc.freenode.net#arch-security. <br />
<br />
==Procedure==<br />
<br />
When adding a CVE to the table, add it to the TOP of the table. In the "CVE-id", "package/version", and "Update/bug" columns, create the entry as a hyperlink to the appropriate URL, respectively. <br />
<br />
==Documented Resolved CVE's ==<br />
<br><br />
{{Note|Refer to the [[#Procedure]] section when adding new entries.}}<br />
<br />
<br />
{| class="wikitable sortable" style="margin: 1em auto 1em auto; text-align: center;" width="50%"<br />
|height="50px" colspan="7" style="font-size: 125%;"| '''RESOLVED CVE's'''<br />
|-<br />
! scope="col" width="125px" data-sort-type="text" | CVE-id <br />
! package/version <br />
! data-sort-type="date"| Date public <br />
! Update/bug <br />
! Fixed version<br />
! Time vulnerable<br />
! Status<br />
|<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2523 CVE-2014-2523] || {{Pkg|linux}} || 17/03/2014 || ? || ? || ? || ?<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0004 CVE-2014-0004 ] || {{Pkg|udisks2}} {{Pkg|udisks}} || 10/03/2014 || 2.1.3 1.0.5 || 2.1.3 1.0.5 || 3d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2281 CVE-2014-2281 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2283 CVE-2014-2283 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2299 CVE-2014-2299 ] || {{Pkg|wireshark}} || 10/03/2014 || 1.10.6 || 1.10.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0050 CVE-2014-0050 ] || {{Pkg|tomcat7}} || 06/02/2014 || 7.0.51 || 7.0.51 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0033 CVE-2014-0033 ] || {{Pkg|tomcat6}} || 10/01/2014 || 6.0.37 || 6.0.37 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0032 CVE-2014-0032 ] || {{Pkg|subversion}} || 10/01/2014 || 1.8.6 || 1.8.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0060 CVE-2014-0060 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0061 CVE-2014-0061 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0062 CVE-2014-0062 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0063 CVE-2014-0063 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0064 CVE-2014-0064] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0065 CVE-2014-0065] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0066 CVE-2014-0066] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0067 CVE-2014-0067] || {{Pkg|postgresql}} || 20/02/2014 || 9.3.3 || 9.33 || 0d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1912 CVE-2014-1912 ] || {{Pkg|python}} {{Pkg|python2}} || 07/02/2014 || || || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4496 CVE-2013-4496 ] || {{Pkg|samba}}|| 14/03/2014 || {{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6442 CVE-2013-6442 ] || {{Pkg|samba}} || 14/03/2014 ||{{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0504 CVE-2014-0504 ] || {{Pkg|flashplugin}} || 12/03/2014 || {{Bug|39385}} || 11.2.202.346 || 1d || fixed<br />
|-<br />
| CVE-2014-0106 || {{Pkg|sudo}}/1.8.9.p5 || || 1.8.10 || || - || pending<br />
|-<br />
| CVE-2014-2285 CVE-2014-2284 || {{Pkg|net-snmp}} || 05/03/2014 || {{Bug|39190}} || || 8d<br />
|-<br />
| CVE-2014-0092 || {{Pkg|gnutls}} || 04/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2242 CVE-2014-2243 <br> CVE-2014-2242 || {{Pkg|mediawiki}} || 14/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2096 CVE-2014-2093 || {{Pkg|catfish}} || 25/02/2014 || || || ??<br />
|-<br />
| CVE-2014-0497|| {{Pkg|flashplugin}} || 04/02/2014 || || || 1d<br />
|-<br />
| CVE-2014-0015 || {{Pkg|curl}} || 29/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-1610 || {{Pkg|mediawiki}} || 29/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-0021 || {{Pkg|chrony}} || 17/01/2014 || || || 14d<br />
|-<br />
| CVE-2014-1875 || {{Pkg|perl-capture-tiny}} || 06/02/2014 || {{Bug|38862}} || || 4d<br />
|-<br />
| CVE-2013-6493 || {{Pkg|icedtea-web-jav}} || 05/02/2014 || || || 0d<br />
|- <br />
| CVE-2014-1858 CVE-2014-1859 || {{Pkg|python-numpy}} || 06/02/2014 || {{Bug|38863}} || || 4d<br />
|-<br />
| CVE-2014-1932 CVE-2014-1933 || {{Pkg|python-pillow}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1934 || {{Pkg|python-eyed3}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1935 || {{Pkg|9base}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1949 || {{Pkg|cinnamon-screensaver}} || 12/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1959 || {{Pkg|gnutls}} || 13/02/2014 || || || 2d<br />
|- <br />
| CVE-2014-2015 || {{Pkg|freeradius}} || 16/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1943 || {{Pkg|file}} || 10/02/2014 || || || 2d<br />
|-<br />
| CVE-2014-0001 CVE-2014-0412<br> CVE-2014-0437 CVE-2014-0420 <br> CVE-2014-0393 CVE-2014-0386 <br> CVE-2014-0401 CVE-2014-0402 || {{Pkg|mariadb}} || 13/02/2013 || || || -13d<br />
|-<br />
| CVE-2014-1447 || {{Pkg|libvirt}} || 16/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-0979 || lightdm-gtk* || 07/01/2014 || {{Bug|38715}} || || 25d<br />
|-<br />
| CVE-2014-1475 CVE-2014-1476 || {{Pkg|drupal}} || 15/01/2014 || || || 12d<br />
|-<br />
| CVE-2014-0019 || {{Pkg|socat}} || 29/01/2014 || || || 0d<br />
|- <br />
| CVE-2014-1845 CVE-2014-1846 || {{Pkg|enlightment}} || 03/02/2014 || || || -3d<br />
|-<br />
| CVE-2014-1838 CVE-2014-1839 || {{Pkg|python-logilab}} || 31/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-0368 CVE-2014-0373 <br> CVE-2014-0376 CVE-2014-0411 <br> CVE-2014-0416 CVE-2014-0422 <br> CVE-2014-0423 CVE-2014-0428 || *-openjdk-* || 15/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-1402 || {{Pkg|python-jinja}} || 10/01/2014 || || || 1d<br />
|-<br />
| CVE-2013-6462 || {{Pkg|libxfont}} || 07/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-1235 || {{Pkg|graphviz}} || 07/01/2014 || {{Bug|38441}} || || 3d<br />
|-<br />
| CVE-2014-0978 || {{Pkg|freerdp}} || 02/01/2014 || {{Bug|38802}} || || ??<br />
|-<br />
|}</div>Bwaynehttps://wiki.archlinux.org/index.php?title=CVE&diff=305432CVE2014-03-18T13:27:01Z<p>Bwayne: /* Documented Resolved CVE's */</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Stub|Draft of a table conaining already corrected CVE<br />
TODO: -improve sexyness of the table <br />
- links to Mitre for CVE-id<br />
}}<br />
<br />
{{Related articles start}}<br />
{{Related | Arch_CVE_Monitoring_Team}}<br />
{{Related articles end}}<br />
This article documents [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's) that are found and fixed in Arch Linux. <br />
<br />
==Introduction==<br />
CVE's represent critical security vulnerabilities which must be addressed as quickly as possible. <br />
<br />
Once a CVE has been located and fixed, it is added to the CVE documentation table below.<br />
<br />
==Helping==<br />
This is a community driven project. Please consider joining the [[Arch_CVE_Monitoring_Team | Arch CVE Monitoring Team]]. <br />
<br />
Also, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch security mailing list]. There is an IRC on irc.freenode.net#arch-security. <br />
<br />
==Procedure==<br />
<br />
When adding a CVE to the table, add it to the TOP of the table. In the "CVE-id", "package/version", and "Update/bug" columns, create the entry as a hyperlink to the appropriate URL, respectively. <br />
<br />
==Documented Resolved CVE's ==<br />
<br><br />
{{Note|Refer to the [[#Procedure]] section when adding new entries.}}<br />
<br />
<br />
{| class="wikitable sortable" style="margin: 1em auto 1em auto; text-align: center;" width="50%"<br />
|height="50px" colspan="7" style="font-size: 125%;"| '''RESOLVED CVE's'''<br />
|-<br />
! scope="col" width="125px" data-sort-type="text" | CVE-id <br />
! package/version <br />
! data-sort-type="date"| Date public <br />
! Update/bug <br />
! Fixed version<br />
! Time vulnerable<br />
! Status<br />
|-<br />
|<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2523 CVE-2014-2523] || {{Pkg|linux}} || 17/03/2014 || ? || ? || ? || <awaiting dev response><br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0004 CVE-2014-0004 ] || {{Pkg|udisks2}} {{Pkg|udisks}} || 10/03/2014 || 2.1.3 1.0.5 || 2.1.3 1.0.5 || 3d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2281 CVE-2014-2281 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2283 CVE-2014-2283 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2299 CVE-2014-2299 ] || {{Pkg|wireshark}} || 10/03/2014 || 1.10.6 || 1.10.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0050 CVE-2014-0050 ] || {{Pkg|tomcat7}} || 06/02/2014 || 7.0.51 || 7.0.51 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0033 CVE-2014-0033 ] || {{Pkg|tomcat6}} || 10/01/2014 || 6.0.37 || 6.0.37 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0032 CVE-2014-0032 ] || {{Pkg|subversion}} || 10/01/2014 || 1.8.6 || 1.8.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0060 CVE-2014-0060 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0061 CVE-2014-0061 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0062 CVE-2014-0062 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0063 CVE-2014-0063 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0064 CVE-2014-0064] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0065 CVE-2014-0065] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0066 CVE-2014-0066] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0067 CVE-2014-0067] || {{Pkg|postgresql}} || 20/02/2014 || 9.3.3 || 9.33 || 0d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1912 CVE-2014-1912 ] || {{Pkg|python}} {{Pkg|python2}} || 07/02/2014 || || || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4496 CVE-2013-4496 ] || {{Pkg|samba}}|| 14/03/2014 || {{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6442 CVE-2013-6442 ] || {{Pkg|samba}} || 14/03/2014 ||{{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0504 CVE-2014-0504 ] || {{Pkg|flashplugin}} || 12/03/2014 || {{Bug|39385}} || 11.2.202.346 || 1d || fixed<br />
|-<br />
| CVE-2014-0106 || {{Pkg|sudo}}/1.8.9.p5 || || 1.8.10 || || - || pending<br />
|-<br />
| CVE-2014-2285 CVE-2014-2284 || {{Pkg|net-snmp}} || 05/03/2014 || {{Bug|39190}} || || 8d<br />
|-<br />
| CVE-2014-0092 || {{Pkg|gnutls}} || 04/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2242 CVE-2014-2243 <br> CVE-2014-2242 || {{Pkg|mediawiki}} || 14/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2096 CVE-2014-2093 || {{Pkg|catfish}} || 25/02/2014 || || || ??<br />
|-<br />
| CVE-2014-0497|| {{Pkg|flashplugin}} || 04/02/2014 || || || 1d<br />
|-<br />
| CVE-2014-0015 || {{Pkg|curl}} || 29/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-1610 || {{Pkg|mediawiki}} || 29/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-0021 || {{Pkg|chrony}} || 17/01/2014 || || || 14d<br />
|-<br />
| CVE-2014-1875 || {{Pkg|perl-capture-tiny}} || 06/02/2014 || {{Bug|38862}} || || 4d<br />
|-<br />
| CVE-2013-6493 || {{Pkg|icedtea-web-jav}} || 05/02/2014 || || || 0d<br />
|- <br />
| CVE-2014-1858 CVE-2014-1859 || {{Pkg|python-numpy}} || 06/02/2014 || {{Bug|38863}} || || 4d<br />
|-<br />
| CVE-2014-1932 CVE-2014-1933 || {{Pkg|python-pillow}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1934 || {{Pkg|python-eyed3}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1935 || {{Pkg|9base}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1949 || {{Pkg|cinnamon-screensaver}} || 12/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1959 || {{Pkg|gnutls}} || 13/02/2014 || || || 2d<br />
|- <br />
| CVE-2014-2015 || {{Pkg|freeradius}} || 16/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1943 || {{Pkg|file}} || 10/02/2014 || || || 2d<br />
|-<br />
| CVE-2014-0001 CVE-2014-0412<br> CVE-2014-0437 CVE-2014-0420 <br> CVE-2014-0393 CVE-2014-0386 <br> CVE-2014-0401 CVE-2014-0402 || {{Pkg|mariadb}} || 13/02/2013 || || || -13d<br />
|-<br />
| CVE-2014-1447 || {{Pkg|libvirt}} || 16/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-0979 || lightdm-gtk* || 07/01/2014 || {{Bug|38715}} || || 25d<br />
|-<br />
| CVE-2014-1475 CVE-2014-1476 || {{Pkg|drupal}} || 15/01/2014 || || || 12d<br />
|-<br />
| CVE-2014-0019 || {{Pkg|socat}} || 29/01/2014 || || || 0d<br />
|- <br />
| CVE-2014-1845 CVE-2014-1846 || {{Pkg|enlightment}} || 03/02/2014 || || || -3d<br />
|-<br />
| CVE-2014-1838 CVE-2014-1839 || {{Pkg|python-logilab}} || 31/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-0368 CVE-2014-0373 <br> CVE-2014-0376 CVE-2014-0411 <br> CVE-2014-0416 CVE-2014-0422 <br> CVE-2014-0423 CVE-2014-0428 || *-openjdk-* || 15/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-1402 || {{Pkg|python-jinja}} || 10/01/2014 || || || 1d<br />
|-<br />
| CVE-2013-6462 || {{Pkg|libxfont}} || 07/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-1235 || {{Pkg|graphviz}} || 07/01/2014 || {{Bug|38441}} || || 3d<br />
|-<br />
| CVE-2014-0978 || {{Pkg|freerdp}} || 02/01/2014 || {{Bug|38802}} || || ??<br />
|-<br />
|}</div>Bwaynehttps://wiki.archlinux.org/index.php?title=Arch_Security_Team&diff=305393Arch Security Team2014-03-18T00:48:17Z<p>Bwayne: /* Package Categories and Team Members */</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Stub|For now, this page is a draft to construct something according to https://mailman.archlinux.org/pipermail/arch-dev-public/2014-March/025952.html}}<br />
<br />
{{Related articles start}}<br />
{{Related|Security Task Force}}<br />
{{Related|CVE-2014}}<br />
{{Related articles end}}<br />
<br />
<br />
This article introduces the Arch CVE Monitoring Team (ACMT) and describes best practices for contributing. <br />
<br />
<br />
==Introduction==<br />
Arch Linux is a community-driven distribution. It relies upon the efforts of volunteers to maintain and improve the distribution itself and to support fellow community members. <br />
<br />
The importance of software security cannot be overstated. Today's society relies upon computer technology for everything from amusement to indispensable national and local infrastructure. Many rely upon Arch Linux to provide these. <br />
<br />
On March 9, 2014, Allan McRae [https://mailman.archlinux.org/pipermail/arch-dev-public/2014-March/025952.html called] upon our community to assist in securing Arch Linux by monitoring any and all relevant resources for announced [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's). In contrast to security issues which can be fixed by updating, CVE's require patches to be backported. As such, Arch developers must be notified that this is the case. This is where the ACMT comes in.<br />
<br />
The ACMT should embody the efforts of the "security-conscious" part of the Arch users population. Server owners, maintainers of workstations in production environments as well as concerned personal users would gain the benefit of relatively prompt security updates. The ACMT should help alleviate two important problems: finding bugs, communicating with developers. <br />
<br />
The Team is a volunteer maintained service. Volunteers are welcome to help identify and notify packages with security vulnerabilities.<br />
<br />
==Joining the ACMT==<br />
Joining is as simple as helping. Firstly, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch Security mailing list] and/or IRC chan #archlinux-security. Secondly, consider the area where you'd like to help. It would be ideal to have team members' labor divided across the software ecosystem as equally as possible. This helps the Team to quickly and efficiently find and report CVE's. Software categories are listed [[Arch_CVE_Monitoring_Team#Package_Categories_and_Team_Members|below]]. However, it is not required that those who wish to volunteer restrict their monitoring in any way. "Global" and multiple-category volunteers are needed and encouraged. <br />
<br />
It is recommended that interested parties please consider monitoring those categories for which there are fewer volunteers. However, it is fully recognized that volunteers contribute best in areas in which they're most interested. Please consider both of these factors when selecting where your primary efforts will be placed. However, please note that it is not required that you restrict your monitoring to any one particular category. ''The goal of the ACMT is to simply keep Arch Linux secure. Any and all efforts are more than welcome and unreservedly appreciated.''<br />
<br />
If you would like to join the Team, please edit this page to include your name in the [[Arch_CVE_Monitoring_Team#Package_Categories_and_Team_Members|Package Categories and Team Members]] section below. Please place your name beneath the package category for which you will be monitoring. If you do not care to monitor specific categories and you would like to contribute any and all, please place your name in the "Global" category. ''These options are not mutually exclusive.''<br />
<br />
==Participation Guidelines==<br />
<br />
ACMT monitors all packages within the following repositories:<br />
* ''core''<br />
* ''extra''<br />
* ''community''<br />
<br />
Follow mailing lists (both development and user), security advisories (if any) and bug trackers on a regular basis. A few resources are listed below. You will quickly learn the different kind of vulnerabilities if you are unfamiliar. For those who will monitor languages, it is ideal to be able to operate at both the interpreter level (often written in C) and the language level. <br />
<br />
Everyone should file bug reports. If you are unsure how to file a bug report, please refer to the [[Reporting_Bug_Guidelines| Bug Reporting Guidelines]]. <br />
<br />
People with the technical ability are encouraged to not only file bug reports about CVE's, but write/comment patches, test, communicate with upstream developers, among other things.<br />
<br />
==Procedure==<br />
A critical security exploit has been found in a software package within the Arch Linux official repositories. An ACMT member picks up this information from some mailing list he/she is following. If upstream released a new version that corrects the issue, the ACMT member should flag the package out-of-date and post pertinent information to the arch-security mailing list, which will likely get the attention of the developers. If, on the other hand, upstream releases only a patch, the ACMT member should file a bug report.<br />
<br />
===Bug Report Template===<br />
<br />
{{bc|<br />
Title : [<pkg-name>] security patch for <CVE-id><br />
Description:<br />
Quick description of the issue (or copy/paste from oss-sec, upstream bug reports, etc.)<br />
upstream bug report [0]<br />
<br />
Resolution:<br />
patch [1] <br />
<br />
Resources:<br />
[0] links to upstream bug report<br />
[1] link to patch<br />
}}<br />
<br />
The criticality of the bug report should be set to either Critical or High, depending on the severity of the issue.<br />
Some updates will be much more critical than others. However, updates are always recommended in the case of any vulnerability.<br />
<br />
==Resources==<br />
===RSS===<br />
;National Vulnerability Database (NVD)<br />
: All CVE vulnerabilites: http://nvd.nist.gov/download/nvd-rss.xml<br />
: All fully analyzed CVE vulnerabilities: http://nvd.nist.gov/download/nvd-rss-analyzed.xml<br />
<br />
===Mailing Lists===<br />
;oss-sec: main list dealing with security of free software, a lot of CVE attributions happen here, required if you wish to follow security news.<br><br />
:info: http://oss-security.openwall.org/wiki/mailing-lists/oss-security<br />
:subscribe: oss-security-subscribe(at)lists.openwall.com<br />
:archive: http://www.openwall.com/lists/oss-security/<br />
<br />
;bugtraq:a full disclosure moderated mailing list (noisy)<br />
:info: http://www.securityfocus.com/archive/1/description<br />
:subscribe: bugtraq-subscribe(at)securityfocus.com<br />
<br />
;full-disclosure: another full-disclosure mailing-list (noisy)<br />
:info: http://lists.grok.org.uk/full-disclosure-charter.html<br />
:subscribe: full-disclosure-request(at)lists.grok.org.uk<br />
<br />
Also consider following the mailing lists for specific packages, such as LibreOffice, X.org, Puppetlabs, ISC, etc.<br />
<br />
===Other Distributions===<br />
Resources of other distributions (to look for CVE, patch, comments etc.):<br />
;RedHat and Fedora:<br />
:rss advisories: https://admin.fedoraproject.org/updates/rss/rss2.0?type=security<br />
:CVE tracker: https://access.redhat.com/security/cve/<CVE-id><br />
:bug tracker: https://bugzilla.redhat.com/show_bug.cgi?id=<CVE-id><br />
<br />
;Ubuntu:<br />
:advisories: http://www.ubuntu.com/usn/atom.xml<br />
:CVE tracker: http://people.canonical.com/~ubuntu-security/cve/?cve=<CVE-id><br />
:database: https://code.launchpad.net/~ubuntu-security/ubuntu-cve-tracker/master<br />
<br />
;Debian:<br />
:CVE tracker: http://security-tracker.debian.org/tracker/<CVE-id><br />
:patch-tracker: http://patch-tracker.debian.org/<br />
:database: http://anonscm.debian.org/viewvc/secure-testing/data/<br />
<br />
;OpenSUSE:<br />
:CVE tracker: http://support.novell.com/security/cve/<CVE-id>.html<br />
<br />
===Other===<br />
;Mitre and NVD links for CVE's:<br />
:http://cve.mitre.org/cgi-bin/cvename.cgi?name=<CVE-id><br />
:http://web.nvd.nist.gov/view/vuln/detail?vulnId=<CVE-id><br />
<br />
NVD and Mitre do not necessarily fill their CVE entry immediately after attribution, so it's not always relevant for Arch. The CVE-id and the "Date Entry Created" fields do not have particular meaning. CVE are attributed by CVE Numbering Authorities (CNA), and each CNA obtain CVE blocks from Mitre when needed/asked, so the CVE ID is not linked to the attribution date. The "Date Entry Created" field often only indicates when the CVE block was given to the CNA, nothing more.<br />
<br />
;Linux Weekly News: LWN provides a daily notice of security updates for various distributions<br />
:http://lwn.net/headlines/newrss<br />
<br />
===More===<br />
For more resources, please see the OpenWall's [http://oss-security.openwall.org/wiki/ Open Source Software Security Wiki]. <br />
<br />
<br />
==Package Categories and Team Members==<br />
Below is a list of general package categories. Should you like, you are welcome to add a new category. Please remember the KISS philosophy when editing the list. <br />
<br />
*Global<br />
:[[User:Bwayne|Billy Wayne McCann]]<br />
:[Your Name Here]<br />
* Kernel<br />
:Mark Lee<br />
* Filesystems<br />
:[Your Name Here]<br />
* GNU userland<br />
:[[User:RbN|RbN]]<br />
* Xorg<br />
:[[User:RbN|RbN]]<br />
* Systemd<br />
:[[User:RbN|RbN]]<br />
* Perl and associated software<br />
:[Your Name Here]<br />
* Python and associated software<br />
:[[User:Srl|Scott Lawrence]]<br />
:[Your Name Here]<br />
* Java and associated software<br />
:[Your Name Here]<br />
* Ruby and associated software<br />
:[Your Name Here]<br />
* Gtk/Gnome and associated software<br />
:[Your Name Here]<br />
* QT/KDE and associated software<br />
:[[User:Bwayne|Billy Wayne McCann]] (KDE)<br />
:[Your Name Here]<br />
* Various Windows Managers (please include which WM along with your name)<br />
:[Your Name Here]</div>Bwaynehttps://wiki.archlinux.org/index.php?title=User:Bwayne&diff=304620User:Bwayne2014-03-15T15:59:05Z<p>Bwayne: </p>
<hr />
<div>Page for Arch user and ArchWiki contributor Billy Wayne McCann. Any information you require that is not listed below may be found via the [http://www.noagendashow.com/ Global Citizen-Slave Information Network]. <br />
<br />
===Involvement===<br />
Member of the [[Arch_CVE_Monitoring_Team|Arch CVE Monitoring Team]].<br />
<br />
===Profession===<br />
Computational Chemist<br />
<br />
===Location===<br />
United States<br />
<br />
===Contacts===<br />
thebillywayne ~et~ gmail.com<br><br />
irc://irc.freenode.net:bwayne<br><br />
https://plus.google.com/+BillyWayneMcCann<br />
<br />
===AUR Packages===<br />
[https://aur.archlinux.org/packages/molden/ Molden] <br><br />
[https://aur.archlinux.org/packages/molekel/ Molekel]<br><br />
<br />
===PGP Key===<br />
[http://pgp.mit.edu/pks/lookup?op=get&search=0x223A2CAA56146040 0x223A2CAA56146040] <br><br />
(fingerprint E540 A552 3C48 C24F CE7D 9C0A 223A 2CAA 5614 6040)</div>Bwaynehttps://wiki.archlinux.org/index.php?title=User:Bwayne&diff=304618User:Bwayne2014-03-15T15:58:02Z<p>Bwayne: Created page with "Page for Arch user and ArchWiki contributor Billy Wayne McCann. Any information which you require which isn't listed below may be found via the [http://www.noagendashow.com/ G..."</p>
<hr />
<div>Page for Arch user and ArchWiki contributor Billy Wayne McCann. Any information which you require which isn't listed below may be found via the [http://www.noagendashow.com/ Global Citizen-Slave Information Network]. <br />
<br />
===Involvement===<br />
Member of the [[Arch_CVE_Monitoring_Team|Arch CVE Monitoring Team]].<br />
<br />
===Profession===<br />
Computational Chemist<br />
<br />
===Location===<br />
United States<br />
<br />
===Contacts===<br />
thebillywayne ~et~ gmail.com<br><br />
irc://irc.freenode.net:bwayne<br><br />
https://plus.google.com/+BillyWayneMcCann<br />
<br />
===AUR Packages===<br />
[https://aur.archlinux.org/packages/molden/ Molden] <br><br />
[https://aur.archlinux.org/packages/molekel/ Molekel]<br><br />
<br />
===PGP Key===<br />
[http://pgp.mit.edu/pks/lookup?op=get&search=0x223A2CAA56146040 0x223A2CAA56146040] <br><br />
(fingerprint E540 A552 3C48 C24F CE7D 9C0A 223A 2CAA 5614 6040)</div>Bwaynehttps://wiki.archlinux.org/index.php?title=CVE&diff=304570CVE2014-03-15T03:21:42Z<p>Bwayne: /* Documented Resolved CVE's */</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Stub|Draft of a table conaining already corrected CVE<br />
TODO: -improve sexyness of the table <br />
- links to Mitre for CVE-id<br />
}}<br />
<br />
{{Related articles start}}<br />
{{Related | Arch_CVE_Monitoring_Team}}<br />
{{Related articles end}}<br />
This article documents [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's) that are found and fixed in Arch Linux. <br />
<br />
==Introduction==<br />
CVE's represent critical security vulnerabilities which must be addressed as quickly as possible. <br />
<br />
Once a CVE has been located and fixed, it is added to the CVE documentation table below.<br />
<br />
==Helping==<br />
This is a community driven project. Please consider joining the [[Arch_CVE_Monitoring_Team | Arch CVE Monitoring Team]]. <br />
<br />
Also, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch security mailing list]. There is an IRC on irc.freenode.net#arch-security. <br />
<br />
==Procedure==<br />
<br />
When adding a CVE to the table, add it to the TOP of the table. In the "CVE-id", "package/version", and "Update/bug" columns, create the entry as a hyperlink to the appropriate URL, respectively. <br />
<br />
==Documented Resolved CVE's ==<br />
<br><br />
{{Note|Refer to the [[#Procedure]] section when adding new entries.}}<br />
<br />
<br />
{| class="wikitable sortable" border="5" cellpadding="5" cellspacing="5" style="margin: 1em auto 1em auto; text-align: center;" width=50%<br />
|height="50px" colspan=6 style="font-size: 125%;"| '''RESOLVED CVE's'''<br />
|-<br />
! scope="col" width=150px data-sort-type="text" | CVE-id <br />
! package/version <br />
! data-sort-type="date"| Date public <br />
! Update/bug <br />
! Fixed version<br />
! Time vulnerable<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4496 CVE-2013-4496 ] || {{Pkg|samba}}|| 14/03/2014 || {{Bug|39424}} || 4.1.6 || 2d<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6442 CVE-2013-6442 ] || {{Pkg|samba}} || 14/03/2014 ||{{Bug|39424}} || 4.1.6 || 2d<br />
|-<br />
| [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0504 CVE-2014-0504 ] || {{Pkg|flashplugin}} || 12/03/2014 || {{Bug|39385}} || 11.2.202.346 || 1d<br />
|-<br />
| CVE-2014-0106 || {{Pkg|sudo}}/1.8.9.p5 || || 1.8.10 || || -<br />
|-<br />
| CVE-2014-2285 CVE-2014-2284 || {{Pkg|net-snmp}} || 05/03/2014 || {{Bug|39190}} || || 8d<br />
|-<br />
| CVE-2014-0092 || {{Pkg|gnutls}} || 04/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2242 CVE-2014-2243 <br> CVE-2014-2242 || {{Pkg|mediawiki}} || 14/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2096 CVE-2014-2093 || {{Pkg|catfish}} || 25/02/2014 || || || ??<br />
|-<br />
| CVE-2014-0497|| {{Pkg|flashplugin}} || 04/02/2014 || || || 1d<br />
|-<br />
| CVE-2014-0015 || {{Pkg|curl}} || 29/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-1610 || {{Pkg|mediawiki}} || 29/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-0021 || {{Pkg|chrony}} || 17/01/2014 || || || 14d<br />
|-<br />
| CVE-2014-1875 || {{Pkg|perl-capture-tiny}} || 06/02/2014 || {{Bug|38862}} || || 4d<br />
|-<br />
| CVE-2013-6493 || {{Pkg|icedtea-web-jav}} || 05/02/2014 || || || 0d<br />
|- <br />
| CVE-2014-1858 CVE-2014-1859 || {{Pkg|python-numpy}} || 06/02/2014 || {{Bug|38863}} || || 4d<br />
|-<br />
| CVE-2014-1932 CVE-2014-1933 || {{Pkg|python-pillow}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1934 || {{Pkg|python-eyed3}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1935 || {{Pkg|9base}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1949 || {{Pkg|cinnamon-screensaver}} || 12/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1959 || {{Pkg|gnutls}} || 13/02/2014 || || || 2d<br />
|- <br />
| CVE-2014-2015 || {{Pkg|freeradius}} || 16/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1943 || {{Pkg|file}} || 10/02/2014 || || || 2d<br />
|-<br />
| CVE-2014-0001 CVE-2014-0412<br> CVE-2014-0437 CVE-2014-0420 <br> CVE-2014-0393 CVE-2014-0386 <br> CVE-2014-0401 CVE-2014-0402 || {{Pkg|mariadb}} || 13/02/2013 || || || -13d<br />
|-<br />
| CVE-2014-1447 || {{Pkg|libvirt}} || 16/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-0979 || lightdm-gtk* || 07/01/2014 || {{Bug|38715}} || || 25d<br />
|-<br />
| CVE-2014-1475 CVE-2014-1476 || {{Pkg|drupal}} || 15/01/2014 || || || 12d<br />
|-<br />
| CVE-2014-0019 || {{Pkg|socat}} || 29/01/2014 || || || 0d<br />
|- <br />
| CVE-2014-1845 CVE-2014-1846 || {{Pkg|enlightment}} || 03/02/2014 || || || -3d<br />
|-<br />
| CVE-2014-1838 CVE-2014-1839 || {{Pkg|python-logilab}} || 31/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-0368 CVE-2014-0373 <br> CVE-2014-0376 CVE-2014-0411 <br> CVE-2014-0416 CVE-2014-0422 <br> CVE-2014-0423 CVE-2014-0428 || *-openjdk-* || 15/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-1402 || {{Pkg|python-jinja}} || 10/01/2014 || || || 1d<br />
|-<br />
| CVE-2013-6462 || {{Pkg|libxfont}} || 07/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-1235 || {{Pkg|graphviz}} || 07/01/2014 || {{Bug|38441}} || || 3d<br />
|-<br />
| CVE-2014-0978 || {{Pkg|freerdp}} || 02/01/2014 || {{Bug|38802}} || || ??<br />
|-<br />
|}</div>Bwaynehttps://wiki.archlinux.org/index.php?title=CVE&diff=304526CVE2014-03-14T21:20:07Z<p>Bwayne: /* Documented Resolved CVE's */</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Stub|Draft of a table conaining already corrected CVE<br />
TODO: -improve sexyness of the table <br />
- links to Mitre for CVE-id<br />
}}<br />
<br />
{{Related articles start}}<br />
{{Related | Arch_CVE_Monitoring_Team}}<br />
{{Related articles end}}<br />
This article documents [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's) that are found and fixed in Arch Linux. <br />
<br />
==Introduction==<br />
CVE's represent critical security vulnerabilities which must be addressed as quickly as possible. <br />
<br />
Once a CVE has been located and fixed, it is added to the CVE documentation table below.<br />
<br />
==Helping==<br />
This is a community driven project. Please consider joining the [[Arch_CVE_Monitoring_Team | Arch CVE Monitoring Team]]. <br />
<br />
Also, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch security mailing list]. There is an IRC on irc.freenode.net#arch-security. <br />
<br />
==Procedure==<br />
<br />
When adding a CVE to the table, add it to the TOP of the table. In the "CVE-id", "package/version", and "Update/bug" columns, create the entry as a hyperlink to the appropriate URL, respectively. <br />
<br />
==Documented Resolved CVE's ==<br />
<br><br />
{{Note|Refer to the [[#Procedure]] section when adding new entries.}}<br />
<br />
<br />
{| class="wikitable sortable" border="5" cellpadding="5" cellspacing="5" style="margin: 1em auto 1em auto; text-align: center;" width=50%<br />
|height="50px" colspan=6 style="font-size: 125%;"| '''RESOLVED CVE's'''<br />
|-<br />
! scope="col" width=150px data-sort-type="text" | CVE-id <br />
! package/version <br />
! data-sort-type="date"| Date public <br />
! Update/bug <br />
! Fixed version<br />
! Time vulnerable<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4496 CVE-2013-4496 ] || {{Pkg|samba}}|| 14/03/2014 || {{Bug|39424}} || 4.1.6 || 2d<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6442 CVE-2013-6442 ] || {{Pkg|samba}} || 14/03/2014 ||{{Bug|39424}} || 4.1.6 || 2d<br />
|-<br />
| CVE-2014-0106 || {{Pkg|sudo}}/1.8.9.p5 || || 1.8.10 || || -<br />
|-<br />
| CVE-2014-2285 CVE-2014-2284 || {{Pkg|net-snmp}} || 05/03/2014 || {{Bug|39190}} || || 8d<br />
|-<br />
| CVE-2014-0092 || {{Pkg|gnutls}} || 04/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2242 CVE-2014-2243 <br> CVE-2014-2242 || {{Pkg|mediawiki}} || 14/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2096 CVE-2014-2093 || {{Pkg|catfish}} || 25/02/2014 || || || ??<br />
|-<br />
| CVE-2014-0497|| {{Pkg|flashplugin}} || 04/02/2014 || || || 1d<br />
|-<br />
| CVE-2014-0015 || {{Pkg|curl}} || 29/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-1610 || {{Pkg|mediawiki}} || 29/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-0021 || {{Pkg|chrony}} || 17/01/2014 || || || 14d<br />
|-<br />
| CVE-2014-1875 || {{Pkg|perl-capture-tiny}} || 06/02/2014 || {{Bug|38862}} || || 4d<br />
|-<br />
| CVE-2013-6493 || {{Pkg|icedtea-web-jav}} || 05/02/2014 || || || 0d<br />
|- <br />
| CVE-2014-1858 CVE-2014-1859 || {{Pkg|python-numpy}} || 06/02/2014 || {{Bug|38863}} || || 4d<br />
|-<br />
| CVE-2014-1932 CVE-2014-1933 || {{Pkg|python-pillow}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1934 || {{Pkg|python-eyed3}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1935 || {{Pkg|9base}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1949 || {{Pkg|cinnamon-screensaver}} || 12/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1959 || {{Pkg|gnutls}} || 13/02/2014 || || || 2d<br />
|- <br />
| CVE-2014-2015 || {{Pkg|freeradius}} || 16/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1943 || {{Pkg|file}} || 10/02/2014 || || || 2d<br />
|-<br />
| CVE-2014-0001 CVE-2014-0412<br> CVE-2014-0437 CVE-2014-0420 <br> CVE-2014-0393 CVE-2014-0386 <br> CVE-2014-0401 CVE-2014-0402 || {{Pkg|mariadb}} || 13/02/2013 || || || -13d<br />
|-<br />
| CVE-2014-1447 || {{Pkg|libvirt}} || 16/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-0979 || lightdm-gtk* || 07/01/2014 || {{Bug|38715}} || || 25d<br />
|-<br />
| CVE-2014-1475 CVE-2014-1476 || {{Pkg|drupal}} || 15/01/2014 || || || 12d<br />
|-<br />
| CVE-2014-0019 || {{Pkg|socat}} || 29/01/2014 || || || 0d<br />
|- <br />
| CVE-2014-1845 CVE-2014-1846 || {{Pkg|enlightment}} || 03/02/2014 || || || -3d<br />
|-<br />
| CVE-2014-1838 CVE-2014-1839 || {{Pkg|python-logilab}} || 31/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-0368 CVE-2014-0373 <br> CVE-2014-0376 CVE-2014-0411 <br> CVE-2014-0416 CVE-2014-0422 <br> CVE-2014-0423 CVE-2014-0428 || *-openjdk-* || 15/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-1402 || {{Pkg|python-jinja}} || 10/01/2014 || || || 1d<br />
|-<br />
| CVE-2013-6462 || {{Pkg|libxfont}} || 07/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-1235 || {{Pkg|graphviz}} || 07/01/2014 || {{Bug|38441}} || || 3d<br />
|-<br />
| CVE-2014-0978 || {{Pkg|freerdp}} || 02/01/2014 || {{Bug|38802}} || || ??<br />
|-<br />
|}</div>Bwaynehttps://wiki.archlinux.org/index.php?title=CVE&diff=304525CVE2014-03-14T21:17:55Z<p>Bwayne: </p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Stub|Draft of a table conaining already corrected CVE<br />
TODO: -improve sexyness of the table <br />
- links to Mitre for CVE-id<br />
}}<br />
<br />
{{Related articles start}}<br />
{{Related | Arch_CVE_Monitoring_Team}}<br />
{{Related articles end}}<br />
This article documents [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's) that are found and fixed in Arch Linux. <br />
<br />
==Introduction==<br />
CVE's represent critical security vulnerabilities which must be addressed as quickly as possible. <br />
<br />
Once a CVE has been located and fixed, it is added to the CVE documentation table below.<br />
<br />
==Helping==<br />
This is a community driven project. Please consider joining the [[Arch_CVE_Monitoring_Team | Arch CVE Monitoring Team]]. <br />
<br />
Also, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch security mailing list]. There is an IRC on irc.freenode.net#arch-security. <br />
<br />
==Procedure==<br />
<br />
When adding a CVE to the table, add it to the TOP of the table. In the "CVE-id", "package/version", and "Update/bug" columns, create the entry as a hyperlink to the appropriate URL, respectively. <br />
<br />
==Documented Resolved CVE's ==<br />
<br />
{{Note|Refer to the [[#Procedure]] section when adding new entries.}}<br />
<br />
<br />
{| class="wikitable sortable" border="5" cellpadding="5" cellspacing="5" style="margin: 1em auto 1em auto; text-align: center;" width=50%<br />
|height="50px" colspan=6 style="font-size: 125%;"| '''RESOLVED CVE's'''<br />
|-<br />
! scope="col" width=150px data-sort-type="text" | CVE-id <br />
! package/version <br />
! data-sort-type="date"| Date public <br />
! Update/bug <br />
! Fixed version<br />
! Time vulnerable<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4496 CVE-2013-4496 ] || {{Pkg|samba}}|| 14/03/2014 || {{Bug|39424}} || 4.1.6 || 2d<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6442 CVE-2013-6442 ] || {{Pkg|samba}} || 14/03/2014 ||{{Bug|39424}} || 4.1.6 || 2d<br />
|-<br />
| CVE-2014-0106 || {{Pkg|sudo}}/1.8.9.p5 || || 1.8.10 || || -<br />
|-<br />
| CVE-2014-2285 CVE-2014-2284 || {{Pkg|net-snmp}} || 05/03/2014 || {{Bug|39190}} || || 8d<br />
|-<br />
| CVE-2014-0092 || {{Pkg|gnutls}} || 04/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2242 CVE-2014-2243 <br> CVE-2014-2242 || {{Pkg|mediawiki}} || 14/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2096 CVE-2014-2093 || {{Pkg|catfish}} || 25/02/2014 || || || ??<br />
|-<br />
| CVE-2014-0497|| {{Pkg|flashplugin}} || 04/02/2014 || || || 1d<br />
|-<br />
| CVE-2014-0015 || {{Pkg|curl}} || 29/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-1610 || {{Pkg|mediawiki}} || 29/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-0021 || {{Pkg|chrony}} || 17/01/2014 || || || 14d<br />
|-<br />
| CVE-2014-1875 || {{Pkg|perl-capture-tiny}} || 06/02/2014 || {{Bug|38862}} || || 4d<br />
|-<br />
| CVE-2013-6493 || {{Pkg|icedtea-web-jav}} || 05/02/2014 || || || 0d<br />
|- <br />
| CVE-2014-1858 CVE-2014-1859 || {{Pkg|python-numpy}} || 06/02/2014 || {{Bug|38863}} || || 4d<br />
|-<br />
| CVE-2014-1932 CVE-2014-1933 || {{Pkg|python-pillow}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1934 || {{Pkg|python-eyed3}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1935 || {{Pkg|9base}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1949 || {{Pkg|cinnamon-screensaver}} || 12/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1959 || {{Pkg|gnutls}} || 13/02/2014 || || || 2d<br />
|- <br />
| CVE-2014-2015 || {{Pkg|freeradius}} || 16/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1943 || {{Pkg|file}} || 10/02/2014 || || || 2d<br />
|-<br />
| CVE-2014-0001 CVE-2014-0412<br> CVE-2014-0437 CVE-2014-0420 <br> CVE-2014-0393 CVE-2014-0386 <br> CVE-2014-0401 CVE-2014-0402 || {{Pkg|mariadb}} || 13/02/2013 || || || -13d<br />
|-<br />
| CVE-2014-1447 || {{Pkg|libvirt}} || 16/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-0979 || lightdm-gtk* || 07/01/2014 || {{Bug|38715}} || || 25d<br />
|-<br />
| CVE-2014-1475 CVE-2014-1476 || {{Pkg|drupal}} || 15/01/2014 || || || 12d<br />
|-<br />
| CVE-2014-0019 || {{Pkg|socat}} || 29/01/2014 || || || 0d<br />
|- <br />
| CVE-2014-1845 CVE-2014-1846 || {{Pkg|enlightment}} || 03/02/2014 || || || -3d<br />
|-<br />
| CVE-2014-1838 CVE-2014-1839 || {{Pkg|python-logilab}} || 31/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-0368 CVE-2014-0373 <br> CVE-2014-0376 CVE-2014-0411 <br> CVE-2014-0416 CVE-2014-0422 <br> CVE-2014-0423 CVE-2014-0428 || *-openjdk-* || 15/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-1402 || {{Pkg|python-jinja}} || 10/01/2014 || || || 1d<br />
|-<br />
| CVE-2013-6462 || {{Pkg|libxfont}} || 07/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-1235 || {{Pkg|graphviz}} || 07/01/2014 || {{Bug|38441}} || || 3d<br />
|-<br />
| CVE-2014-0978 || {{Pkg|freerdp}} || 02/01/2014 || {{Bug|38802}} || || ??<br />
|-<br />
|}</div>Bwaynehttps://wiki.archlinux.org/index.php?title=CVE&diff=304524CVE2014-03-14T21:13:11Z<p>Bwayne: /* Documented Resolved CVE's */</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Stub|Draft of a table conaining already corrected CVE<br />
TODO: -improve sexyness of the table <br />
- links to Mitre for CVE-id<br />
}}<br />
<br />
{{Related articles start}}<br />
{{Related|Arch_CVE_Monitoring_Team}}<br />
{{Related articles end}}<br />
This article documents [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's) that are found and fixed in Arch Linux. <br />
<br />
==Introduction==<br />
CVE's represent critical security vulnerabilities which must be addressed as quickly as possible. <br />
<br />
Once a CVE has been located and fixed, it is added to the CVE documentation table below.<br />
<br />
==Helping==<br />
This is a community driven project. Please consider joining the [[Arch_CVE_Monitoring_Team | Arch CVE Monitoring Team]]. <br />
<br />
Also, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch security mailing list]. There is an IRC on irc.freenode.net#arch-security. <br />
<br />
==Procedure==<br />
<br />
When adding a CVE to the table, add it to the TOP of the table. In the "CVE-id", "package/version", and "Update/bug" columns, create the entry as a hyperlink to the appropriate URL, respectively. <br />
<br />
==Documented Resolved CVE's ==<br />
<br />
{{Note|Refer to the [[#Procedure]] section when adding new entries.}}<br />
<br />
<br />
{| class="wikitable sortable" border="5" cellpadding="5" cellspacing="5" style="margin: 1em auto 1em auto; text-align: center;" width=50%<br />
|height="50px" colspan=6 style="font-size: 125%;"| '''RESOLVED CVE's'''<br />
|-<br />
! scope="col" width=150px data-sort-type="text" | CVE-id <br />
! package/version <br />
! data-sort-type="date"| Date public <br />
! Update/bug <br />
! Fixed version<br />
! Time vulnerable<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4496 CVE-2013-4496 ] || {{Pkg|samba}}|| 14/03/2014 || {{Bug|39424}} || 4.1.6 || 2d<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6442 CVE-2013-6442 ] || {{Pkg|samba}} || 14/03/2014 ||{{Bug|39424}} || 4.1.6 || 2d<br />
|-<br />
| CVE-2014-0106 || {{Pkg|sudo}}/1.8.9.p5 || || 1.8.10 || || -<br />
|-<br />
| CVE-2014-2285 CVE-2014-2284 || {{Pkg|net-snmp}} || 05/03/2014 || {{Bug|39190}} || || 8d<br />
|-<br />
| CVE-2014-0092 || {{Pkg|gnutls}} || 04/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2242 CVE-2014-2243 <br> CVE-2014-2242 || {{Pkg|mediawiki}} || 14/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2096 CVE-2014-2093 || {{Pkg|catfish}} || 25/02/2014 || || || ??<br />
|-<br />
| CVE-2014-0497|| {{Pkg|flashplugin}} || 04/02/2014 || || || 1d<br />
|-<br />
| CVE-2014-0015 || {{Pkg|curl}} || 29/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-1610 || {{Pkg|mediawiki}} || 29/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-0021 || {{Pkg|chrony}} || 17/01/2014 || || || 14d<br />
|-<br />
| CVE-2014-1875 || {{Pkg|perl-capture-tiny}} || 06/02/2014 || {{Bug|38862}} || || 4d<br />
|-<br />
| CVE-2013-6493 || {{Pkg|icedtea-web-jav}} || 05/02/2014 || || || 0d<br />
|- <br />
| CVE-2014-1858 CVE-2014-1859 || {{Pkg|python-numpy}} || 06/02/2014 || {{Bug|38863}} || || 4d<br />
|-<br />
| CVE-2014-1932 CVE-2014-1933 || {{Pkg|python-pillow}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1934 || {{Pkg|python-eyed3}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1935 || {{Pkg|9base}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1949 || {{Pkg|cinnamon-screensaver}} || 12/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1959 || {{Pkg|gnutls}} || 13/02/2014 || || || 2d<br />
|- <br />
| CVE-2014-2015 || {{Pkg|freeradius}} || 16/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1943 || {{Pkg|file}} || 10/02/2014 || || || 2d<br />
|-<br />
| CVE-2014-0001 CVE-2014-0412<br> CVE-2014-0437 CVE-2014-0420 <br> CVE-2014-0393 CVE-2014-0386 <br> CVE-2014-0401 CVE-2014-0402 || {{Pkg|mariadb}} || 13/02/2013 || || || -13d<br />
|-<br />
| CVE-2014-1447 || {{Pkg|libvirt}} || 16/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-0979 || lightdm-gtk* || 07/01/2014 || {{Bug|38715}} || || 25d<br />
|-<br />
| CVE-2014-1475 CVE-2014-1476 || {{Pkg|drupal}} || 15/01/2014 || || || 12d<br />
|-<br />
| CVE-2014-0019 || {{Pkg|socat}} || 29/01/2014 || || || 0d<br />
|- <br />
| CVE-2014-1845 CVE-2014-1846 || {{Pkg|enlightment}} || 03/02/2014 || || || -3d<br />
|-<br />
| CVE-2014-1838 CVE-2014-1839 || {{Pkg|python-logilab}} || 31/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-0368 CVE-2014-0373 <br> CVE-2014-0376 CVE-2014-0411 <br> CVE-2014-0416 CVE-2014-0422 <br> CVE-2014-0423 CVE-2014-0428 || *-openjdk-* || 15/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-1402 || {{Pkg|python-jinja}} || 10/01/2014 || || || 1d<br />
|-<br />
| CVE-2013-6462 || {{Pkg|libxfont}} || 07/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-1235 || {{Pkg|graphviz}} || 07/01/2014 || {{Bug|38441}} || || 3d<br />
|-<br />
| CVE-2014-0978 || {{Pkg|freerdp}} || 02/01/2014 || {{Bug|38802}} || || ??<br />
|-<br />
|}</div>Bwaynehttps://wiki.archlinux.org/index.php?title=CVE&diff=304523CVE2014-03-14T20:59:33Z<p>Bwayne: /* Documented Resolved CVE's */</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Stub|Draft of a table conaining already corrected CVE<br />
TODO: -improve sexyness of the table <br />
- links to Mitre for CVE-id<br />
}}<br />
<br />
{{Related articles start}}<br />
{{Related|Arch_CVE_Monitoring_Team}}<br />
{{Related articles end}}<br />
This article documents [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's) that are found and fixed in Arch Linux. <br />
<br />
==Introduction==<br />
CVE's represent critical security vulnerabilities which must be addressed as quickly as possible. <br />
<br />
Once a CVE has been located and fixed, it is added to the CVE documentation table below.<br />
<br />
==Helping==<br />
This is a community driven project. Please consider joining the [[Arch_CVE_Monitoring_Team | Arch CVE Monitoring Team]]. <br />
<br />
Also, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch security mailing list]. There is an IRC on irc.freenode.net#arch-security. <br />
<br />
==Procedure==<br />
<br />
When adding a CVE to the table, add it to the TOP of the table. In the "CVE-id", "package/version", and "Update/bug" columns, create the entry as a hyperlink to the appropriate URL, respectively. <br />
<br />
==Documented Resolved CVE's ==<br />
<br />
{{Note|Refer to the [[#Procedure]] section when adding new entries.}}<br />
<br />
<br />
{| class="wikitable" border="5" cellpadding="5" cellspacing="5" style="margin: lem auto 1em auto; text-align: center;" width=50%<br />
|height="50px" colspan=6 style="font-size: 125%;"| '''RESOLVED CVE's'''<br />
|-<br />
!CVE-id !! package/version !! Date public !! Update/bug !! Fixed version !! Time vulnerable<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4496 CVE-2013-4496 ] || {{Pkg|samba}}|| 14/03/2014 || {{Bug|39424}} || 4.1.6 || 2d<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6442 CVE-2013-6442 ] || {{Pkg|samba}} || 14/03/2014 ||{{Bug|39424}} || 4.1.6 || 2d<br />
|-<br />
| CVE-2014-0106 || {{Pkg|sudo}}/1.8.9.p5 || || 1.8.10 || || -<br />
|-<br />
| CVE-2014-2285 CVE-2014-2284 || {{Pkg|net-snmp}} || 05/03/2014 || {{Bug|39190}} || || 8d<br />
|-<br />
| CVE-2014-0092 || {{Pkg|gnutls}} || 04/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2242 CVE-2014-2243 <br> CVE-2014-2242 || {{Pkg|mediawiki}} || 14/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2096 CVE-2014-2093 || {{Pkg|catfish}} || 25/02/2014 || || || ??<br />
|-<br />
| CVE-2014-0497|| {{Pkg|flashplugin}} || 04/02/2014 || || || 1d<br />
|-<br />
| CVE-2014-0015 || {{Pkg|curl}} || 29/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-1610 || {{Pkg|mediawiki}} || 29/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-0021 || {{Pkg|chrony}} || 17/01/2014 || || || 14d<br />
|-<br />
| CVE-2014-1875 || {{Pkg|perl-capture-tiny}} || 06/02/2014 || {{Bug|38862}} || || 4d<br />
|-<br />
| CVE-2013-6493 || {{Pkg|icedtea-web-jav}} || 05/02/2014 || || || 0d<br />
|- <br />
| CVE-2014-1858 CVE-2014-1859 || {{Pkg|python-numpy}} || 06/02/2014 || {{Bug|38863}} || || 4d<br />
|-<br />
| CVE-2014-1932 CVE-2014-1933 || {{Pkg|python-pillow}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1934 || {{Pkg|python-eyed3}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1935 || {{Pkg|9base}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1949 || {{Pkg|cinnamon-screensaver}} || 12/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1959 || {{Pkg|gnutls}} || 13/02/2014 || || || 2d<br />
|- <br />
| CVE-2014-2015 || {{Pkg|freeradius}} || 16/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1943 || {{Pkg|file}} || 10/02/2014 || || || 2d<br />
|-<br />
| CVE-2014-0001 CVE-2014-0412<br> CVE-2014-0437 CVE-2014-0420 <br> CVE-2014-0393 CVE-2014-0386 <br> CVE-2014-0401 CVE-2014-0402 || {{Pkg|mariadb}} || 13/02/2013 || || || -13d<br />
|-<br />
| CVE-2014-1447 || {{Pkg|libvirt}} || 16/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-0979 || lightdm-gtk* || 07/01/2014 || {{Bug|38715}} || || 25d<br />
|-<br />
| CVE-2014-1475 CVE-2014-1476 || {{Pkg|drupal}} || 15/01/2014 || || || 12d<br />
|-<br />
| CVE-2014-0019 || {{Pkg|socat}} || 29/01/2014 || || || 0d<br />
|- <br />
| CVE-2014-1845 CVE-2014-1846 || {{Pkg|enlightment}} || 03/02/2014 || || || -3d<br />
|-<br />
| CVE-2014-1838 CVE-2014-1839 || {{Pkg|python-logilab}} || 31/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-0368 CVE-2014-0373 <br> CVE-2014-0376 CVE-2014-0411 <br> CVE-2014-0416 CVE-2014-0422 <br> CVE-2014-0423 CVE-2014-0428 || *-openjdk-* || 15/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-1402 || {{Pkg|python-jinja}} || 10/01/2014 || || || 1d<br />
|-<br />
| CVE-2013-6462 || {{Pkg|libxfont}} || 07/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-1235 || {{Pkg|graphviz}} || 07/01/2014 || {{Bug|38441}} || || 3d<br />
|-<br />
| CVE-2014-0978 || {{Pkg|freerdp}} || 02/01/2014 || {{Bug|38802}} || || ??<br />
|-<br />
|}</div>Bwaynehttps://wiki.archlinux.org/index.php?title=CVE&diff=304517CVE2014-03-14T20:37:43Z<p>Bwayne: /* Documented Resolved CVE's */</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Stub|Draft of a table conaining already corrected CVE<br />
TODO: -improve sexyness of the table <br />
- links to Mitre for CVE-id<br />
}}<br />
<br />
{{Related articles start}}<br />
{{Related|Arch_CVE_Monitoring_Team}}<br />
{{Related articles end}}<br />
This article documents [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's) that are found and fixed in Arch Linux. <br />
<br />
==Introduction==<br />
CVE's represent critical security vulnerabilities which must be addressed as quickly as possible. <br />
<br />
Once a CVE has been located and fixed, it is added to the CVE documentation table below.<br />
<br />
==Helping==<br />
This is a community driven project. Please consider joining the [[Arch_CVE_Monitoring_Team | Arch CVE Monitoring Team]]. <br />
<br />
Also, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch security mailing list]. There is an IRC on irc.freenode.net#arch-security. <br />
<br />
==Procedure==<br />
<br />
When adding a CVE to the table, add it to the TOP of the table. In the "CVE-id", "package/version", and "Update/bug" columns, create the entry as a hyperlink to the appropriate URL, respectively. <br />
<br />
==Documented Resolved CVE's ==<br />
<br />
{{Note|Refer to the [[#Procedure]] section when adding new entries.}}<br />
<br />
<br />
{| class="wikitable" border="5" cellpadding="5" cellspacing="5" style="margin: lem auto 1em auto; text-align: center;" width=50%<br />
! scope="col" width=150px| CVE-id !! package/version !! Date public !! Update/bug !! Fixed version !! Time vulnerable<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4496 CVE-2013-4496 ] || {{Pkg|samba}}|| 14/03/2014 || {{Bug|39424}} || 4.1.6 || 2d<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6442 CVE-2013-6442 ] || {{Pkg|samba}} || 14/03/2014 ||{{Bug|39424}} || 4.1.6 || 2d<br />
|-<br />
| CVE-2014-0106 || {{Pkg|sudo}}/1.8.9.p5 || || 1.8.10 || || -<br />
|-<br />
| CVE-2014-2285 CVE-2014-2284 || {{Pkg|net-snmp}} || 05/03/2014 || {{Bug|39190}} || || 8d<br />
|-<br />
| CVE-2014-0092 || {{Pkg|gnutls}} || 04/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2242 CVE-2014-2243 <br> CVE-2014-2242 || {{Pkg|mediawiki}} || 14/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2096 CVE-2014-2093 || {{Pkg|catfish}} || 25/02/2014 || || || ??<br />
|-<br />
| CVE-2014-0497|| {{Pkg|flashplugin}} || 04/02/2014 || || || 1d<br />
|-<br />
| CVE-2014-0015 || {{Pkg|curl}} || 29/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-1610 || {{Pkg|mediawiki}} || 29/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-0021 || {{Pkg|chrony}} || 17/01/2014 || || || 14d<br />
|-<br />
| CVE-2014-1875 || {{Pkg|perl-capture-tiny}} || 06/02/2014 || {{Bug|38862}} || || 4d<br />
|-<br />
| CVE-2013-6493 || {{Pkg|icedtea-web-jav}} || 05/02/2014 || || || 0d<br />
|- <br />
| CVE-2014-1858 CVE-2014-1859 || {{Pkg|python-numpy}} || 06/02/2014 || {{Bug|38863}} || || 4d<br />
|-<br />
| CVE-2014-1932 CVE-2014-1933 || {{Pkg|python-pillow}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1934 || {{Pkg|python-eyed3}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1935 || {{Pkg|9base}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1949 || {{Pkg|cinnamon-screensaver}} || 12/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1959 || {{Pkg|gnutls}} || 13/02/2014 || || || 2d<br />
|- <br />
| CVE-2014-2015 || {{Pkg|freeradius}} || 16/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1943 || {{Pkg|file}} || 10/02/2014 || || || 2d<br />
|-<br />
| CVE-2014-0001 CVE-2014-0412<br> CVE-2014-0437 CVE-2014-0420 <br> CVE-2014-0393 CVE-2014-0386 <br> CVE-2014-0401 CVE-2014-0402 || {{Pkg|mariadb}} || 13/02/2013 || || || -13d<br />
|-<br />
| CVE-2014-1447 || {{Pkg|libvirt}} || 16/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-0979 || lightdm-gtk* || 07/01/2014 || {{Bug|38715}} || || 25d<br />
|-<br />
| CVE-2014-1475 CVE-2014-1476 || {{Pkg|drupal}} || 15/01/2014 || || || 12d<br />
|-<br />
| CVE-2014-0019 || {{Pkg|socat}} || 29/01/2014 || || || 0d<br />
|- <br />
| CVE-2014-1845 CVE-2014-1846 || {{Pkg|enlightment}} || 03/02/2014 || || || -3d<br />
|-<br />
| CVE-2014-1838 CVE-2014-1839 || {{Pkg|python-logilab}} || 31/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-0368 CVE-2014-0373 <br> CVE-2014-0376 CVE-2014-0411 <br> CVE-2014-0416 CVE-2014-0422 <br> CVE-2014-0423 CVE-2014-0428 || *-openjdk-* || 15/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-1402 || {{Pkg|python-jinja}} || 10/01/2014 || || || 1d<br />
|-<br />
| CVE-2013-6462 || {{Pkg|libxfont}} || 07/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-1235 || {{Pkg|graphviz}} || 07/01/2014 || {{Bug|38441}} || || 3d<br />
|-<br />
| CVE-2014-0978 || {{Pkg|freerdp}} || 02/01/2014 || {{Bug|38802}} || || ??<br />
|-<br />
|}</div>Bwaynehttps://wiki.archlinux.org/index.php?title=CVE&diff=304515CVE2014-03-14T20:36:23Z<p>Bwayne: </p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Stub|Draft of a table conaining already corrected CVE<br />
TODO: -improve sexyness of the table <br />
- links to Mitre for CVE-id<br />
}}<br />
<br />
{{Related articles start}}<br />
{{Related|Arch_CVE_Monitoring_Team}}<br />
{{Related articles end}}<br />
This article documents [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's) that are found and fixed in Arch Linux. <br />
<br />
==Introduction==<br />
CVE's represent critical security vulnerabilities which must be addressed as quickly as possible. <br />
<br />
Once a CVE has been located and fixed, it is added to the CVE documentation table below.<br />
<br />
==Helping==<br />
This is a community driven project. Please consider joining the [[Arch_CVE_Monitoring_Team | Arch CVE Monitoring Team]]. <br />
<br />
Also, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch security mailing list]. There is an IRC on irc.freenode.net#arch-security. <br />
<br />
==Procedure==<br />
<br />
When adding a CVE to the table, add it to the TOP of the table. In the "CVE-id", "package/version", and "Update/bug" columns, create the entry as a hyperlink to the appropriate URL, respectively. <br />
<br />
==Documented Resolved CVE's ==<br />
<br />
{{Note|Refer to the [[ArchWiki:CVE-2014#Procedure|procedure]] section when adding new entries.}}<br />
<br />
<br />
{| class="wikitable" border="5" cellpadding="5" cellspacing="5" style="margin: lem auto 1em auto; text-align: center;" width=50%<br />
! scope="col" width=150px| CVE-id !! package/version !! Date public !! Update/bug !! Fixed version !! Time vulnerable<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4496 CVE-2013-4496 ] || {{Pkg|samba}}|| 14/03/2014 || {{Bug|39424}} || 4.1.6 || 2d<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6442 CVE-2013-6442 ] || {{Pkg|samba}} || 14/03/2014 ||{{Bug|39424}} || 4.1.6 || 2d<br />
|-<br />
| CVE-2014-0106 || {{Pkg|sudo}}/1.8.9.p5 || || 1.8.10 || || -<br />
|-<br />
| CVE-2014-2285 CVE-2014-2284 || {{Pkg|net-snmp}} || 05/03/2014 || {{Bug|39190}} || || 8d<br />
|-<br />
| CVE-2014-0092 || {{Pkg|gnutls}} || 04/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2242 CVE-2014-2243 <br> CVE-2014-2242 || {{Pkg|mediawiki}} || 14/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2096 CVE-2014-2093 || {{Pkg|catfish}} || 25/02/2014 || || || ??<br />
|-<br />
| CVE-2014-0497|| {{Pkg|flashplugin}} || 04/02/2014 || || || 1d<br />
|-<br />
| CVE-2014-0015 || {{Pkg|curl}} || 29/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-1610 || {{Pkg|mediawiki}} || 29/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-0021 || {{Pkg|chrony}} || 17/01/2014 || || || 14d<br />
|-<br />
| CVE-2014-1875 || {{Pkg|perl-capture-tiny}} || 06/02/2014 || {{Bug|38862}} || || 4d<br />
|-<br />
| CVE-2013-6493 || {{Pkg|icedtea-web-jav}} || 05/02/2014 || || || 0d<br />
|- <br />
| CVE-2014-1858 CVE-2014-1859 || {{Pkg|python-numpy}} || 06/02/2014 || {{Bug|38863}} || || 4d<br />
|-<br />
| CVE-2014-1932 CVE-2014-1933 || {{Pkg|python-pillow}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1934 || {{Pkg|python-eyed3}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1935 || {{Pkg|9base}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1949 || {{Pkg|cinnamon-screensaver}} || 12/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1959 || {{Pkg|gnutls}} || 13/02/2014 || || || 2d<br />
|- <br />
| CVE-2014-2015 || {{Pkg|freeradius}} || 16/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1943 || {{Pkg|file}} || 10/02/2014 || || || 2d<br />
|-<br />
| CVE-2014-0001 CVE-2014-0412<br> CVE-2014-0437 CVE-2014-0420 <br> CVE-2014-0393 CVE-2014-0386 <br> CVE-2014-0401 CVE-2014-0402 || {{Pkg|mariadb}} || 13/02/2013 || || || -13d<br />
|-<br />
| CVE-2014-1447 || {{Pkg|libvirt}} || 16/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-0979 || lightdm-gtk* || 07/01/2014 || {{Bug|38715}} || || 25d<br />
|-<br />
| CVE-2014-1475 CVE-2014-1476 || {{Pkg|drupal}} || 15/01/2014 || || || 12d<br />
|-<br />
| CVE-2014-0019 || {{Pkg|socat}} || 29/01/2014 || || || 0d<br />
|- <br />
| CVE-2014-1845 CVE-2014-1846 || {{Pkg|enlightment}} || 03/02/2014 || || || -3d<br />
|-<br />
| CVE-2014-1838 CVE-2014-1839 || {{Pkg|python-logilab}} || 31/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-0368 CVE-2014-0373 <br> CVE-2014-0376 CVE-2014-0411 <br> CVE-2014-0416 CVE-2014-0422 <br> CVE-2014-0423 CVE-2014-0428 || *-openjdk-* || 15/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-1402 || {{Pkg|python-jinja}} || 10/01/2014 || || || 1d<br />
|-<br />
| CVE-2013-6462 || {{Pkg|libxfont}} || 07/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-1235 || {{Pkg|graphviz}} || 07/01/2014 || {{Bug|38441}} || || 3d<br />
|-<br />
| CVE-2014-0978 || {{Pkg|freerdp}} || 02/01/2014 || {{Bug|38802}} || || ??<br />
|-<br />
|}</div>Bwaynehttps://wiki.archlinux.org/index.php?title=CVE&diff=304514CVE2014-03-14T20:31:39Z<p>Bwayne: </p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Stub|Draft of a table conaining already corrected CVE<br />
TODO: -improve sexyness of the table <br />
- links to Mitre for CVE-id<br />
}}<br />
<br />
{{Related articles start}}<br />
{{Related|Arch_CVE_Monitoring_Team}}<br />
{{Related articles end}}<br />
This article documents [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's) that are found and fixed in Arch Linux. <br />
<br />
==Introduction==<br />
CVE's represent critical security vulnerabilities which must be addressed as quickly as possible. <br />
<br />
Once a CVE has been located and fixed, it is added to the CVE documentation table below.<br />
<br />
==Helping==<br />
This is a community driven project. Please consider joining the [[Arch_CVE_Monitoring_Team | Arch CVE Monitoring Team]]. <br />
<br />
Also, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch security mailing list]. There is an IRC on irc.freenode.net#arch-security. <br />
<br />
==Procedure==<br />
<br />
When adding a CVE to the table, add it to the TOP of the table. In the "CVE-id", "package/version", and "Update/bug" columns, create the entry as a hyperlink to the appropriate URL, respectively. <br />
<br />
==Documented Resolved CVE's ==<br />
<br />
{{Note|Refer to the [[ArchWiki:CVE-2014#Procedure|procedure]] section when adding new entries.}}<br />
<br />
<br />
{| class="wikitable" border="1" cellpadding="5" cellspacing="0"<br />
! CVE-id !! package/version !! Date public !! Update/bug !! Fixed version !! Time vulnerable<br />
|-<br />
| CVE-2014-0106 || {{Pkg|sudo}}/1.8.9.p5 || || 1.8.10 || || -<br />
|-<br />
| CVE-2014-2285 CVE-2014-2284 || {{Pkg|net-snmp}} || 05/03/2014 || {{Bug|39190}} || || 8d<br />
|-<br />
| CVE-2014-0092 || {{Pkg|gnutls}} || 04/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2242 CVE-2014-2243 <br> CVE-2014-2242 || {{Pkg|mediawiki}} || 14/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2096 CVE-2014-2093 || {{Pkg|catfish}} || 25/02/2014 || || || ??<br />
|-<br />
| CVE-2014-0497|| {{Pkg|flashplugin}} || 04/02/2014 || || || 1d<br />
|-<br />
| CVE-2014-0015 || {{Pkg|curl}} || 29/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-1610 || {{Pkg|mediawiki}} || 29/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-0021 || {{Pkg|chrony}} || 17/01/2014 || || || 14d<br />
|-<br />
| CVE-2014-1875 || {{Pkg|perl-capture-tiny}} || 06/02/2014 || {{Bug|38862}} || || 4d<br />
|-<br />
| CVE-2013-6493 || {{Pkg|icedtea-web-jav}} || 05/02/2014 || || || 0d<br />
|- <br />
| CVE-2014-1858 CVE-2014-1859 || {{Pkg|python-numpy}} || 06/02/2014 || {{Bug|38863}} || || 4d<br />
|-<br />
| CVE-2014-1932 CVE-2014-1933 || {{Pkg|python-pillow}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1934 || {{Pkg|python-eyed3}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1935 || {{Pkg|9base}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1949 || {{Pkg|cinnamon-screensaver}} || 12/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1959 || {{Pkg|gnutls}} || 13/02/2014 || || || 2d<br />
|- <br />
| CVE-2014-2015 || {{Pkg|freeradius}} || 16/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1943 || {{Pkg|file}} || 10/02/2014 || || || 2d<br />
|-<br />
| CVE-2014-0001 CVE-2014-0412<br> CVE-2014-0437 CVE-2014-0420 <br> CVE-2014-0393 CVE-2014-0386 <br> CVE-2014-0401 CVE-2014-0402 || {{Pkg|mariadb}} || 13/02/2013 || || || -13d<br />
|-<br />
| CVE-2014-1447 || {{Pkg|libvirt}} || 16/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-0979 || lightdm-gtk* || 07/01/2014 || {{Bug|38715}} || || 25d<br />
|-<br />
| CVE-2014-1475 CVE-2014-1476 || {{Pkg|drupal}} || 15/01/2014 || || || 12d<br />
|-<br />
| CVE-2014-0019 || {{Pkg|socat}} || 29/01/2014 || || || 0d<br />
|- <br />
| CVE-2014-1845 CVE-2014-1846 || {{Pkg|enlightment}} || 03/02/2014 || || || -3d<br />
|-<br />
| CVE-2014-1838 CVE-2014-1839 || {{Pkg|python-logilab}} || 31/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-0368 CVE-2014-0373 <br> CVE-2014-0376 CVE-2014-0411 <br> CVE-2014-0416 CVE-2014-0422 <br> CVE-2014-0423 CVE-2014-0428 || *-openjdk-* || 15/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-1402 || {{Pkg|python-jinja}} || 10/01/2014 || || || 1d<br />
|-<br />
| CVE-2013-6462 || {{Pkg|libxfont}} || 07/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-1235 || {{Pkg|graphviz}} || 07/01/2014 || {{Bug|38441}} || || 3d<br />
|-<br />
| CVE-2014-0978 || {{Pkg|freerdp}} || 02/01/2014 || {{Bug|38802}} || || ??<br />
|-<br />
|}</div>Bwaynehttps://wiki.archlinux.org/index.php?title=CVE&diff=304513CVE2014-03-14T20:31:07Z<p>Bwayne: </p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Stub|Draft of a table conaining already corrected CVE<br />
TODO: -improve sexyness of the table <br />
- links to Mitre for CVE-id<br />
}}<br />
<br />
{{Related articles start}}<br />
{{Related|Arch_CVE_Monitoring_Team}}<br />
{{Related articles end}}<br />
This article documents [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's) that are found and fixed in Arch Linux. <br />
<br />
==Introduction==<br />
CVE's represent critical security vulnerabilities which must be addressed as quickly as possible. <br />
<br />
Once a CVE has been located and fixed, it is added to the CVE documentation table below.<br />
<br />
==Helping==<br />
This is a community driven project. Please consider joining the [[Arch_CVE_Monitoring_Team | Arch CVE Monitoring Team]]. <br />
<br />
Also, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch security mailing list]. There is an IRC on irc.freenode.net#arch-security. <br />
<br />
==Procedure==<br />
<br />
When adding a CVE to the table, add it to the TOP of the table. In the "CVE-id", "package/version", and "Update/bug" columns, create the entry as a hyperlink to the appropriate URL, respectively. <br />
<br />
==Documented Resolved CVE's ==<br />
<br />
{{Note|Refer to the [[ArchWiki:CVE-2014#Procedure|procedure]] section when adding new entries.}}<br />
<br />
<br />
{| class="wikitable" border="1" cellpadding="5" cellspacing="0"<br />
! CVE-id !! package/version !! Date public !! Update/bug !! Fixed version !! Time vulnerable<br />
|-<br />
| CVE-2014-0106 || {{Pkg|sudo}}/1.8.9.p5 || || 1.8.10 || || -<br />
|-<br />
| CVE-2014-2285 CVE-2014-2284 || {{Pkg|net-snmp}} || 05/03/2014 || {{Bug|39190}} || || 8d<br />
|-<br />
| CVE-2014-0092 || {{Pkg|gnutls}} || 04/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2242 CVE-2014-2243 <br> CVE-2014-2242 || {{Pkg|mediawiki}} || 14/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2096 CVE-2014-2093 || {{Pkg|catfish}} || 25/02/2014 || || || ??<br />
|-<br />
| CVE-2014-0497|| {{Pkg|flashplugin}} || 04/02/2014 || || || 1d<br />
|-<br />
| CVE-2014-0015 || {{Pkg|curl}} || 29/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-1610 || {{Pkg|mediawiki}} || 29/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-0021 || {{Pkg|chrony}} || 17/01/2014 || || || 14d<br />
|-<br />
| CVE-2014-1875 || {{Pkg|perl-capture-tiny}} || 06/02/2014 || {{Bug|38862}} || || 4d<br />
|-<br />
| CVE-2013-6493 || {{Pkg|icedtea-web-jav}} || 05/02/2014 || || || 0d<br />
|- <br />
| CVE-2014-1858 CVE-2014-1859 || {{Pkg|python-numpy}} || 06/02/2014 || {{Bug|38863}} || || 4d<br />
|-<br />
| CVE-2014-1932 CVE-2014-1933 || {{Pkg|python-pillow}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1934 || {{Pkg|python-eyed3}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1935 || {{Pkg|9base}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1949 || {{Pkg|cinnamon-screensaver}} || 12/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1959 || {{Pkg|gnutls}} || 13/02/2014 || || || 2d<br />
|- <br />
| CVE-2014-2015 || {{Pkg|freeradius}} || 16/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1943 || {{Pkg|file}} || 10/02/2014 || || || 2d<br />
|-<br />
| CVE-2014-0001 CVE-2014-0412<br> CVE-2014-0437 CVE-2014-0420 <br> CVE-2014-0393 CVE-2014-0386 <br> CVE-2014-0401 CVE-2014-0402 || {{Pkg|mariadb}} || 13/02/2013 || || || -13d<br />
|-<br />
| CVE-2014-1447 || {{Pkg|libvirt}} || 16/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-0979 || lightdm-gtk* || 07/01/2014 || {{Bug|38715}} || || 25d<br />
|-<br />
| CVE-2014-1475 CVE-2014-1476 || {{Pkg|drupal}} || 15/01/2014 || || || 12d<br />
|-<br />
| CVE-2014-0019 || {{Pkg|socat}} || 29/01/2014 || || || 0d<br />
|- <br />
| CVE-2014-1845 CVE-2014-1846 || {{Pkg|enlightment}} || 03/02/2014 || || || -3d<br />
|-<br />
| CVE-2014-1838 CVE-2014-1839 || {{Pkg|python-logilab}} || 31/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-0368 CVE-2014-0373 CVE-2014-0376 CVE-2014-0411 CVE-2014-0416 CVE-2014-0422 CVE-2014-0423 CVE-2014-0428 || *-openjdk-* || 15/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-1402 || {{Pkg|python-jinja}} || 10/01/2014 || || || 1d<br />
|-<br />
| CVE-2013-6462 || {{Pkg|libxfont}} || 07/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-1235 || {{Pkg|graphviz}} || 07/01/2014 || {{Bug|38441}} || || 3d<br />
|-<br />
| CVE-2014-0978 || {{Pkg|freerdp}} || 02/01/2014 || {{Bug|38802}} || || ??<br />
|-<br />
|}</div>Bwaynehttps://wiki.archlinux.org/index.php?title=CVE&diff=304512CVE2014-03-14T20:30:01Z<p>Bwayne: </p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Stub|Draft of a table conaining already corrected CVE<br />
TODO: -improve sexyness of the table <br />
- links to Mitre for CVE-id<br />
}}<br />
<br />
{{Related articles start}}<br />
{{Related|Arch_CVE_Monitoring_Team}}<br />
{{Related articles end}}<br />
his article documents [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's) that are found and fixed in Arch Linux. <br />
<br />
==Introduction==<br />
CVE's represent critical security vulnerabilities which must be addressed as quickly as possible. <br />
<br />
Once a CVE has been located and fixed, it is added to the CVE documentation table below.<br />
<br />
==Helping==<br />
This is a community driven project. Please consider joining the [[Arch_CVE_Monitoring_Team | Arch CVE Monitoring Team]]. <br />
<br />
Also, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch security mailing list]. There is an IRC on irc.freenode.net#arch-security. <br />
<br />
==Procedure==<br />
<br />
When adding a CVE to the table, add it to the TOP of the table. In the "CVE-id", "package/version", and "Update/bug" columns, create the entry as a hyperlink to the appropriate URL, respectively. <br />
<br />
==Documented Resolved CVE's ==<br />
<br />
{{Note|Refer to the [[ArchWiki:CVE-2014#Procedure|procedure]] section when adding new entries.}}<br />
<br />
<br />
{| class="wikitable" border="1" cellpadding="5" cellspacing="0"<br />
! CVE-id !! package/version !! Date public !! Update/bug !! Fixed version !! Time vulnerable<br />
|-<br />
| CVE-2014-0106 || {{Pkg|sudo}}/1.8.9.p5 || || 1.8.10 || || -<br />
|-<br />
| CVE-2014-2285 CVE-2014-2284 || {{Pkg|net-snmp}} || 05/03/2014 || {{Bug|39190}} || || 8d<br />
|-<br />
| CVE-2014-0092 || {{Pkg|gnutls}} || 04/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2242 CVE-2014-2243 CVE-2014-2242 || {{Pkg|mediawiki}} || 14/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2096 CVE-2014-2093 || {{Pkg|catfish}} || 25/02/2014 || || || ??<br />
|-<br />
| CVE-2014-0497|| {{Pkg|flashplugin}} || 04/02/2014 || || || 1d<br />
|-<br />
| CVE-2014-0015 || {{Pkg|curl}} || 29/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-1610 || {{Pkg|mediawiki}} || 29/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-0021 || {{Pkg|chrony}} || 17/01/2014 || || || 14d<br />
|-<br />
| CVE-2014-1875 || {{Pkg|perl-capture-tiny}} || 06/02/2014 || {{Bug|38862}} || || 4d<br />
|-<br />
| CVE-2013-6493 || {{Pkg|icedtea-web-jav}} || 05/02/2014 || || || 0d<br />
|- <br />
| CVE-2014-1858 CVE-2014-1859 || {{Pkg|python-numpy}} || 06/02/2014 || {{Bug|38863}} || || 4d<br />
|-<br />
| CVE-2014-1932 CVE-2014-1933 || {{Pkg|python-pillow}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1934 || {{Pkg|python-eyed3}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1935 || {{Pkg|9base}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1949 || {{Pkg|cinnamon-screensaver}} || 12/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1959 || {{Pkg|gnutls}} || 13/02/2014 || || || 2d<br />
|- <br />
| CVE-2014-2015 || {{Pkg|freeradius}} || 16/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1943 || {{Pkg|file}} || 10/02/2014 || || || 2d<br />
|-<br />
| CVE-2014-0001 CVE-2014-0412 CVE-2014-0437 CVE-2014-0420 CVE-2014-0393 CVE-2014-0386 CVE-2014-0401 CVE-2014-0402 || {{Pkg|mariadb}} || 13/02/2013 || || || -13d<br />
|-<br />
| CVE-2014-1447 || {{Pkg|libvirt}} || 16/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-0979 || lightdm-gtk* || 07/01/2014 || {{Bug|38715}} || || 25d<br />
|-<br />
| CVE-2014-1475 CVE-2014-1476 || {{Pkg|drupal}} || 15/01/2014 || || || 12d<br />
|-<br />
| CVE-2014-0019 || {{Pkg|socat}} || 29/01/2014 || || || 0d<br />
|- <br />
| CVE-2014-1845 CVE-2014-1846 || {{Pkg|enlightment}} || 03/02/2014 || || || -3d<br />
|-<br />
| CVE-2014-1838 CVE-2014-1839 || {{Pkg|python-logilab}} || 31/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-0368 CVE-2014-0373 CVE-2014-0376 CVE-2014-0411 CVE-2014-0416 CVE-2014-0422 CVE-2014-0423 CVE-2014-0428 || *-openjdk-* || 15/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-1402 || {{Pkg|python-jinja}} || 10/01/2014 || || || 1d<br />
|-<br />
| CVE-2013-6462 || {{Pkg|libxfont}} || 07/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-1235 || {{Pkg|graphviz}} || 07/01/2014 || {{Bug|38441}} || || 3d<br />
|-<br />
| CVE-2014-0978 || {{Pkg|freerdp}} || 02/01/2014 || {{Bug|38802}} || || ??<br />
|-<br />
|}</div>Bwaynehttps://wiki.archlinux.org/index.php?title=Arch_Security_Team&diff=304373Arch Security Team2014-03-13T22:31:23Z<p>Bwayne: /* Participation Guidelines */</p>
<hr />
<div>[[Category:Security]]<br />
{{Stub|For now, this page is a draft to construct something according to https://mailman.archlinux.org/pipermail/arch-dev-public/2014-March/025952.html}}<br />
<br />
{{Related articles start}}<br />
{{Related|Security Task Force}}<br />
{{Related|CVE-2014}}<br />
{{Related articles end}}<br />
<br />
<br />
This article introduces the Arch CVE Monitoring Team (ACMT) and describes best practices for contributing. <br />
<br />
<br />
==Introduction==<br />
Arch Linux is a community-driven distribution. It relies upon the efforts of volunteers to maintain and improve the distribution itself and to support fellow community members. <br />
<br />
The importance of software security cannot be overstated. Today's society relies upon computer technology for everything from amusement to indispensable national and local infrastructure. Many rely upon Arch Linux to provide these. <br />
<br />
On March 9, 2014, Allan McRae [https://mailman.archlinux.org/pipermail/arch-dev-public/2014-March/025952.html called] upon our community to assist in securing Arch Linux by monitoring any and all relevant resources for announced [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's). In contrast to security issues which can be fixed by updating, CVE's require patches to be backported. As such, Arch developers must be notified that this is the case. This is where the ACMT comes in.<br />
<br />
The ACMT should embody the efforts of the "security-conscious" part of the Arch users population. Server owners, maintainers of workstations in production environments as well as concerned personal users would gain the benefit of relatively prompt security updates. The ACMT should help alleviate two important problems: finding bugs, communicating with developers. <br />
<br />
The Team is a volunteer maintained service. Volunteers are welcome to help identify and notify packages with security vulnerabilities.<br />
<br />
==Joining the ACMT==<br />
Joining is as simple as helping. Firstly, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch Security mailing list]. Secondly, consider the area where you'd like to help. It would be ideal to have team members' labor divided across the software ecosystem as equally as possible. This helps the Team to quickly and efficiently find and report CVE's. Software categories are listed [[Arch_CVE_Monitoring_Team#Package_Categories_and_Team_Members|below]]. However, it is not required that those who wish to volunteer restrict their monitoring in any way. "Global" and multiple-category volunteers are needed and encouraged. <br />
<br />
It is recommended that interested parties please consider monitoring those categories for which there are fewer volunteers. However, it is fully recognized that volunteers contribute best in areas in which they're most interested. Please consider both of these factors when selecting where your primary efforts will be placed. However, please note that it is not required that you restrict your monitoring to any one particular category. ''The goal of the ACMT is to simply keep Arch Linux secure. Any and all efforts are more than welcome and unreservedly appreciated.''<br />
<br />
If you would like to join the Team, please edit this page to include your name in the [[Arch_CVE_Monitoring_Team#Package_Categories_and_Team_Members|Package Categories and Team Members]] section below. Please place your name beneath the package category for which you will be monitoring. If you do not care to monitor specific categories and you would like to contribute any and all, please place your name in the "Global" category. ''These options are not mutually exclusive.''<br />
<br />
==Participation Guidelines==<br />
<br />
ACMT monitors all packages within the following repositories:<br />
* ''core''<br />
* ''extra''<br />
* ''community''<br />
<br />
Follow mailing lists (both development and user), security advisories (if any) and bug trackers on a regular basis. A few resources are listed below. You will quickly learn the different kind of vulnerabilities if you are unfamiliar. For those who will monitor languages, it is ideal to be able to operate at both the interpreter level (often written in C) and the language level. <br />
<br />
Everyone should file bug reports. If you are unsure how to file a bug report, please refer to the [[Reporting_Bug_Guidelines| Bug Reporting Guidelines]]. <br />
<br />
People with the technical ability are encouraged to not only file bug reports about CVE's, but write/comment patches, test, communicate with upstream developers, among other things.<br />
<br />
==Procedure==<br />
A critical security exploit has been found in a software package within the Arch Linux official repositories. An ACMT member picks up this information from some mailing list he/she is following. If upstream released a new version that corrects the issue, the ACMT member should flag the package out-of-date and post pertinent information to the arch-security mailing list, which will likely get the attention of the developers. If, on the other hand, upstream releases only a patch, the ACMT member should file a bug report.<br />
<br />
===Bug Report Template===<br />
<br />
{{bc|<br />
Title : [<pkg-name>] security patch for <CVE-id><br />
Description:<br />
Quick description of the issue (or copy/paste from oss-sec, upstream bug reports, etc.)<br />
upstream bug report [0]<br />
<br />
Resolution:<br />
patch [1] <br />
<br />
Resources:<br />
[0] links to upstream bug report<br />
[1] link to patch<br />
}}<br />
<br />
The criticality of the bug report should be set to either Critical or High, depending on the severity of the issue.<br />
Some updates will be much more critical than others. However, updates are always recommended in the case of any vulnerability.<br />
<br />
==Resources==<br />
===RSS===<br />
;National Vulnerability Database (NVD)<br />
: All CVE vulnerabilites: http://nvd.nist.gov/download/nvd-rss.xml<br />
: All fully analyzed CVE vulnerabilities: http://nvd.nist.gov/download/nvd-rss-analyzed.xml<br />
<br />
===Mailing Lists===<br />
;oss-sec: main list dealing with security of free software, a lot of CVE attributions happen here, required if you wish to follow security news.<br><br />
:info: http://oss-security.openwall.org/wiki/mailing-lists/oss-security<br />
:subscribe: oss-security-subscribe(at)lists.openwall.com<br />
:archive: http://www.openwall.com/lists/oss-security/<br />
<br />
;bugtraq:a full disclosure moderated mailing list (noisy)<br />
:info: http://www.securityfocus.com/archive/1/description<br />
:subscribe: bugtraq-subscribe(at)securityfocus.com<br />
<br />
;full-disclosure: another full-disclosure mailing-list (noisy)<br />
:info: http://lists.grok.org.uk/full-disclosure-charter.html<br />
:subscribe: full-disclosure-request(at)lists.grok.org.uk<br />
<br />
Also consider following the mailing lists for specific packages, such as LibreOffice, X.org, Puppetlabs, ISC, etc.<br />
<br />
===Other Distributions===<br />
Resources of other distributions (to look for CVE, patch, comments etc.):<br />
;RedHat and Fedora:<br />
:rss advisories: https://admin.fedoraproject.org/updates/rss/rss2.0?type=security<br />
:CVE tracker: https://access.redhat.com/security/cve/<CVE-id><br />
:bug tracker: https://bugzilla.redhat.com/show_bug.cgi?id=<CVE-id><br />
<br />
;Ubuntu:<br />
:advisories: http://www.ubuntu.com/usn/atom.xml<br />
:CVE tracker: http://people.canonical.com/~ubuntu-security/cve/?cve=<CVE-id><br />
:database: https://code.launchpad.net/~ubuntu-security/ubuntu-cve-tracker/master<br />
<br />
;Debian:<br />
:CVE tracker: http://security-tracker.debian.org/tracker/<CVE-id><br />
:patch-tracker: http://patch-tracker.debian.org/<br />
:database: http://anonscm.debian.org/viewvc/secure-testing/data/<br />
<br />
;OpenSUSE:<br />
:CVE tracker: http://support.novell.com/security/cve/<CVE-id>.html<br />
<br />
===Other===<br />
;Mitre and NVD links for CVE's:<br />
:http://cve.mitre.org/cgi-bin/cvename.cgi?name=<CVE-id><br />
:http://web.nvd.nist.gov/view/vuln/detail?vulnId=<CVE-id><br />
<br />
NVD and Mitre do not necessarily fill their CVE entry immediately after attribution, so it's not always relevant for Arch. The CVE-id and the "Date Entry Created" fields do not have particular meaning. CVE are attributed by CVE Numbering Authorities (CNA), and each CNA obtain CVE blocks from Mitre when needed/asked, so the CVE ID is not linked to the attribution date. The "Date Entry Created" field often only indicates when the CVE block was given to the CNA, nothing more.<br />
<br />
;Linux Weekly News: LWN provides a daily notice of security updates for various distributions<br />
:http://lwn.net/headlines/newrss<br />
<br />
===More===<br />
For more resources, please see the OpenWall's [http://oss-security.openwall.org/wiki/ Open Source Software Security Wiki]. <br />
<br />
<br />
==Package Categories and Team Members==<br />
Below is a list of general package categories. Should you like, you are welcome to add a new category. Please remember the KISS philosophy when editing the list. <br />
<br />
*Global<br />
:Billy Wayne McCann<br />
:[Your Name Here]<br />
* Kernel<br />
:[Your Name Here]<br />
* Filesystems<br />
:[Your Name Here]<br />
* GNU userland<br />
:[[User:RbN|RbN]]<br />
* Xorg<br />
:[[User:RbN|RbN]]<br />
* Systemd<br />
:[[User:RbN|RbN]]<br />
* Perl and associated software<br />
:[Your Name Here]<br />
* Python and associated software<br />
:[Your Name Here]<br />
* Java and associated software<br />
:[Your Name Here]<br />
* Ruby and associated software<br />
:[Your Name Here]<br />
* Gtk/Gnome and associated software<br />
:[Your Name Here]<br />
* QT/KDE and associated software<br />
:Billy Wayne McCann (KDE)<br />
:[Your Name Here]<br />
* Various Windows Managers (please include which WM along with your name)<br />
:[Your Name Here]</div>Bwaynehttps://wiki.archlinux.org/index.php?title=Arch_Security_Team&diff=304372Arch Security Team2014-03-13T22:30:30Z<p>Bwayne: /* Introduction */</p>
<hr />
<div>[[Category:Security]]<br />
{{Stub|For now, this page is a draft to construct something according to https://mailman.archlinux.org/pipermail/arch-dev-public/2014-March/025952.html}}<br />
<br />
{{Related articles start}}<br />
{{Related|Security Task Force}}<br />
{{Related|CVE-2014}}<br />
{{Related articles end}}<br />
<br />
<br />
This article introduces the Arch CVE Monitoring Team (ACMT) and describes best practices for contributing. <br />
<br />
<br />
==Introduction==<br />
Arch Linux is a community-driven distribution. It relies upon the efforts of volunteers to maintain and improve the distribution itself and to support fellow community members. <br />
<br />
The importance of software security cannot be overstated. Today's society relies upon computer technology for everything from amusement to indispensable national and local infrastructure. Many rely upon Arch Linux to provide these. <br />
<br />
On March 9, 2014, Allan McRae [https://mailman.archlinux.org/pipermail/arch-dev-public/2014-March/025952.html called] upon our community to assist in securing Arch Linux by monitoring any and all relevant resources for announced [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's). In contrast to security issues which can be fixed by updating, CVE's require patches to be backported. As such, Arch developers must be notified that this is the case. This is where the ACMT comes in.<br />
<br />
The ACMT should embody the efforts of the "security-conscious" part of the Arch users population. Server owners, maintainers of workstations in production environments as well as concerned personal users would gain the benefit of relatively prompt security updates. The ACMT should help alleviate two important problems: finding bugs, communicating with developers. <br />
<br />
The Team is a volunteer maintained service. Volunteers are welcome to help identify and notify packages with security vulnerabilities.<br />
<br />
==Joining the ACMT==<br />
Joining is as simple as helping. Firstly, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch Security mailing list]. Secondly, consider the area where you'd like to help. It would be ideal to have team members' labor divided across the software ecosystem as equally as possible. This helps the Team to quickly and efficiently find and report CVE's. Software categories are listed [[Arch_CVE_Monitoring_Team#Package_Categories_and_Team_Members|below]]. However, it is not required that those who wish to volunteer restrict their monitoring in any way. "Global" and multiple-category volunteers are needed and encouraged. <br />
<br />
It is recommended that interested parties please consider monitoring those categories for which there are fewer volunteers. However, it is fully recognized that volunteers contribute best in areas in which they're most interested. Please consider both of these factors when selecting where your primary efforts will be placed. However, please note that it is not required that you restrict your monitoring to any one particular category. ''The goal of the ACMT is to simply keep Arch Linux secure. Any and all efforts are more than welcome and unreservedly appreciated.''<br />
<br />
If you would like to join the Team, please edit this page to include your name in the [[Arch_CVE_Monitoring_Team#Package_Categories_and_Team_Members|Package Categories and Team Members]] section below. Please place your name beneath the package category for which you will be monitoring. If you do not care to monitor specific categories and you would like to contribute any and all, please place your name in the "Global" category. ''These options are not mutually exclusive.''<br />
<br />
==Participation Guidelines==<br />
<br />
ALST Will Strive to Monitor all Packages within the following repositories:<br />
* ''core''<br />
* ''extra''<br />
* ''community''<br />
<br />
Follow mailing lists (both development and user), security advisories (if any) and bug trackers on a regular basis. A few resources are listed below. You will quickly learn the different kind of vulnerabilities if you are unfamiliar. For those who will monitor languages, it is ideal to be able to operate at both the interpreter level (often written in C) and the language level. <br />
<br />
Everyone should file bug reports. If you are unsure how to file a bug report, please refer to the [[Reporting_Bug_Guidelines| Bug Reporting Guidelines]]. <br />
<br />
People with the technical ability are encouraged to not only file bug reports about CVE's, but write/comment patches, test, communicate with upstream developers, among other things.<br />
<br />
==Procedure==<br />
A critical security exploit has been found in a software package within the Arch Linux official repositories. An ACMT member picks up this information from some mailing list he/she is following. If upstream released a new version that corrects the issue, the ACMT member should flag the package out-of-date and post pertinent information to the arch-security mailing list, which will likely get the attention of the developers. If, on the other hand, upstream releases only a patch, the ACMT member should file a bug report.<br />
<br />
===Bug Report Template===<br />
<br />
{{bc|<br />
Title : [<pkg-name>] security patch for <CVE-id><br />
Description:<br />
Quick description of the issue (or copy/paste from oss-sec, upstream bug reports, etc.)<br />
upstream bug report [0]<br />
<br />
Resolution:<br />
patch [1] <br />
<br />
Resources:<br />
[0] links to upstream bug report<br />
[1] link to patch<br />
}}<br />
<br />
The criticality of the bug report should be set to either Critical or High, depending on the severity of the issue.<br />
Some updates will be much more critical than others. However, updates are always recommended in the case of any vulnerability.<br />
<br />
==Resources==<br />
===RSS===<br />
;National Vulnerability Database (NVD)<br />
: All CVE vulnerabilites: http://nvd.nist.gov/download/nvd-rss.xml<br />
: All fully analyzed CVE vulnerabilities: http://nvd.nist.gov/download/nvd-rss-analyzed.xml<br />
<br />
===Mailing Lists===<br />
;oss-sec: main list dealing with security of free software, a lot of CVE attributions happen here, required if you wish to follow security news.<br><br />
:info: http://oss-security.openwall.org/wiki/mailing-lists/oss-security<br />
:subscribe: oss-security-subscribe(at)lists.openwall.com<br />
:archive: http://www.openwall.com/lists/oss-security/<br />
<br />
;bugtraq:a full disclosure moderated mailing list (noisy)<br />
:info: http://www.securityfocus.com/archive/1/description<br />
:subscribe: bugtraq-subscribe(at)securityfocus.com<br />
<br />
;full-disclosure: another full-disclosure mailing-list (noisy)<br />
:info: http://lists.grok.org.uk/full-disclosure-charter.html<br />
:subscribe: full-disclosure-request(at)lists.grok.org.uk<br />
<br />
Also consider following the mailing lists for specific packages, such as LibreOffice, X.org, Puppetlabs, ISC, etc.<br />
<br />
===Other Distributions===<br />
Resources of other distributions (to look for CVE, patch, comments etc.):<br />
;RedHat and Fedora:<br />
:rss advisories: https://admin.fedoraproject.org/updates/rss/rss2.0?type=security<br />
:CVE tracker: https://access.redhat.com/security/cve/<CVE-id><br />
:bug tracker: https://bugzilla.redhat.com/show_bug.cgi?id=<CVE-id><br />
<br />
;Ubuntu:<br />
:advisories: http://www.ubuntu.com/usn/atom.xml<br />
:CVE tracker: http://people.canonical.com/~ubuntu-security/cve/?cve=<CVE-id><br />
:database: https://code.launchpad.net/~ubuntu-security/ubuntu-cve-tracker/master<br />
<br />
;Debian:<br />
:CVE tracker: http://security-tracker.debian.org/tracker/<CVE-id><br />
:patch-tracker: http://patch-tracker.debian.org/<br />
:database: http://anonscm.debian.org/viewvc/secure-testing/data/<br />
<br />
;OpenSUSE:<br />
:CVE tracker: http://support.novell.com/security/cve/<CVE-id>.html<br />
<br />
===Other===<br />
;Mitre and NVD links for CVE's:<br />
:http://cve.mitre.org/cgi-bin/cvename.cgi?name=<CVE-id><br />
:http://web.nvd.nist.gov/view/vuln/detail?vulnId=<CVE-id><br />
<br />
NVD and Mitre do not necessarily fill their CVE entry immediately after attribution, so it's not always relevant for Arch. The CVE-id and the "Date Entry Created" fields do not have particular meaning. CVE are attributed by CVE Numbering Authorities (CNA), and each CNA obtain CVE blocks from Mitre when needed/asked, so the CVE ID is not linked to the attribution date. The "Date Entry Created" field often only indicates when the CVE block was given to the CNA, nothing more.<br />
<br />
;Linux Weekly News: LWN provides a daily notice of security updates for various distributions<br />
:http://lwn.net/headlines/newrss<br />
<br />
===More===<br />
For more resources, please see the OpenWall's [http://oss-security.openwall.org/wiki/ Open Source Software Security Wiki]. <br />
<br />
<br />
==Package Categories and Team Members==<br />
Below is a list of general package categories. Should you like, you are welcome to add a new category. Please remember the KISS philosophy when editing the list. <br />
<br />
*Global<br />
:Billy Wayne McCann<br />
:[Your Name Here]<br />
* Kernel<br />
:[Your Name Here]<br />
* Filesystems<br />
:[Your Name Here]<br />
* GNU userland<br />
:[[User:RbN|RbN]]<br />
* Xorg<br />
:[[User:RbN|RbN]]<br />
* Systemd<br />
:[[User:RbN|RbN]]<br />
* Perl and associated software<br />
:[Your Name Here]<br />
* Python and associated software<br />
:[Your Name Here]<br />
* Java and associated software<br />
:[Your Name Here]<br />
* Ruby and associated software<br />
:[Your Name Here]<br />
* Gtk/Gnome and associated software<br />
:[Your Name Here]<br />
* QT/KDE and associated software<br />
:Billy Wayne McCann (KDE)<br />
:[Your Name Here]<br />
* Various Windows Managers (please include which WM along with your name)<br />
:[Your Name Here]</div>Bwaynehttps://wiki.archlinux.org/index.php?title=Arch_Security_Team&diff=304371Arch Security Team2014-03-13T22:26:16Z<p>Bwayne: /* Introduction */</p>
<hr />
<div>[[Category:Security]]<br />
{{Stub|For now, this page is a draft to construct something according to https://mailman.archlinux.org/pipermail/arch-dev-public/2014-March/025952.html}}<br />
<br />
{{Related articles start}}<br />
{{Related|Security Task Force}}<br />
{{Related|CVE-2014}}<br />
{{Related articles end}}<br />
<br />
<br />
This article introduces the Arch CVE Monitoring Team (ACMT) and describes best practices for contributing. <br />
<br />
<br />
==Introduction==<br />
Arch Linux is a community-driven distribution. It relies upon the efforts of volunteers to maintain and improve the distribution itself and to support fellow community members. <br />
<br />
The importance of software security cannot be overstated. Today's society relies upon computer technology for everything from amusement to indispensable national and local infrastructure. Many rely upon Arch Linux to provide these. <br />
<br />
On March 9, 2014, Allan McRae [https://mailman.archlinux.org/pipermail/arch-dev-public/2014-March/025952.html called] upon our community to assist in securing Arch Linux by monitoring any and all relevant resources for announced [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's). In contrast to security issues which can be fixed by updating, CVE's require patches to be backported. As such, Arch developers must be notified that this is the case. This is where the ACMT comes in.<br />
<br />
The ACMT should embody the efforts of the "security-conscious" part of the Arch users population. Server owners, maintainers of workstations in production environments as well as concerned personal users would gain the benefit of relatively prompt security updates. The ACMT should help alleviate two important problems.<br />
<br />
==Joining the ACMT==<br />
Joining is as simple as helping. Firstly, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch Security mailing list]. Secondly, consider the area where you'd like to help. It would be ideal to have team members' labor divided across the software ecosystem as equally as possible. This helps the Team to quickly and efficiently find and report CVE's. Software categories are listed [[Arch_CVE_Monitoring_Team#Package_Categories_and_Team_Members|below]]. However, it is not required that those who wish to volunteer restrict their monitoring in any way. "Global" and multiple-category volunteers are needed and encouraged. <br />
<br />
It is recommended that interested parties please consider monitoring those categories for which there are fewer volunteers. However, it is fully recognized that volunteers contribute best in areas in which they're most interested. Please consider both of these factors when selecting where your primary efforts will be placed. However, please note that it is not required that you restrict your monitoring to any one particular category. ''The goal of the ACMT is to simply keep Arch Linux secure. Any and all efforts are more than welcome and unreservedly appreciated.''<br />
<br />
If you would like to join the Team, please edit this page to include your name in the [[Arch_CVE_Monitoring_Team#Package_Categories_and_Team_Members|Package Categories and Team Members]] section below. Please place your name beneath the package category for which you will be monitoring. If you do not care to monitor specific categories and you would like to contribute any and all, please place your name in the "Global" category. ''These options are not mutually exclusive.''<br />
<br />
==Participation Guidelines==<br />
<br />
ALST Will Strive to Monitor all Packages within the following repositories:<br />
* ''core''<br />
* ''extra''<br />
* ''community''<br />
<br />
Follow mailing lists (both development and user), security advisories (if any) and bug trackers on a regular basis. A few resources are listed below. You will quickly learn the different kind of vulnerabilities if you are unfamiliar. For those who will monitor languages, it is ideal to be able to operate at both the interpreter level (often written in C) and the language level. <br />
<br />
Everyone should file bug reports. If you are unsure how to file a bug report, please refer to the [[Reporting_Bug_Guidelines| Bug Reporting Guidelines]]. <br />
<br />
People with the technical ability are encouraged to not only file bug reports about CVE's, but write/comment patches, test, communicate with upstream developers, among other things.<br />
<br />
==Procedure==<br />
A critical security exploit has been found in a software package within the Arch Linux official repositories. An ACMT member picks up this information from some mailing list he/she is following. If upstream released a new version that corrects the issue, the ACMT member should flag the package out-of-date and post pertinent information to the arch-security mailing list, which will likely get the attention of the developers. If, on the other hand, upstream releases only a patch, the ACMT member should file a bug report.<br />
<br />
===Bug Report Template===<br />
<br />
{{bc|<br />
Title : [<pkg-name>] security patch for <CVE-id><br />
Description:<br />
Quick description of the issue (or copy/paste from oss-sec, upstream bug reports, etc.)<br />
upstream bug report [0]<br />
<br />
Resolution:<br />
patch [1] <br />
<br />
Resources:<br />
[0] links to upstream bug report<br />
[1] link to patch<br />
}}<br />
<br />
The criticality of the bug report should be set to either Critical or High, depending on the severity of the issue.<br />
Some updates will be much more critical than others. However, updates are always recommended in the case of any vulnerability.<br />
<br />
==Resources==<br />
===RSS===<br />
;National Vulnerability Database (NVD)<br />
: All CVE vulnerabilites: http://nvd.nist.gov/download/nvd-rss.xml<br />
: All fully analyzed CVE vulnerabilities: http://nvd.nist.gov/download/nvd-rss-analyzed.xml<br />
<br />
===Mailing Lists===<br />
;oss-sec: main list dealing with security of free software, a lot of CVE attributions happen here, required if you wish to follow security news.<br><br />
:info: http://oss-security.openwall.org/wiki/mailing-lists/oss-security<br />
:subscribe: oss-security-subscribe(at)lists.openwall.com<br />
:archive: http://www.openwall.com/lists/oss-security/<br />
<br />
;bugtraq:a full disclosure moderated mailing list (noisy)<br />
:info: http://www.securityfocus.com/archive/1/description<br />
:subscribe: bugtraq-subscribe(at)securityfocus.com<br />
<br />
;full-disclosure: another full-disclosure mailing-list (noisy)<br />
:info: http://lists.grok.org.uk/full-disclosure-charter.html<br />
:subscribe: full-disclosure-request(at)lists.grok.org.uk<br />
<br />
Also consider following the mailing lists for specific packages, such as LibreOffice, X.org, Puppetlabs, ISC, etc.<br />
<br />
===Other Distributions===<br />
Resources of other distributions (to look for CVE, patch, comments etc.):<br />
;RedHat and Fedora:<br />
:rss advisories: https://admin.fedoraproject.org/updates/rss/rss2.0?type=security<br />
:CVE tracker: https://access.redhat.com/security/cve/<CVE-id><br />
:bug tracker: https://bugzilla.redhat.com/show_bug.cgi?id=<CVE-id><br />
<br />
;Ubuntu:<br />
:advisories: http://www.ubuntu.com/usn/atom.xml<br />
:CVE tracker: http://people.canonical.com/~ubuntu-security/cve/?cve=<CVE-id><br />
:database: https://code.launchpad.net/~ubuntu-security/ubuntu-cve-tracker/master<br />
<br />
;Debian:<br />
:CVE tracker: http://security-tracker.debian.org/tracker/<CVE-id><br />
:patch-tracker: http://patch-tracker.debian.org/<br />
:database: http://anonscm.debian.org/viewvc/secure-testing/data/<br />
<br />
;OpenSUSE:<br />
:CVE tracker: http://support.novell.com/security/cve/<CVE-id>.html<br />
<br />
===Other===<br />
;Mitre and NVD links for CVE's:<br />
:http://cve.mitre.org/cgi-bin/cvename.cgi?name=<CVE-id><br />
:http://web.nvd.nist.gov/view/vuln/detail?vulnId=<CVE-id><br />
<br />
NVD and Mitre do not necessarily fill their CVE entry immediately after attribution, so it's not always relevant for Arch. The CVE-id and the "Date Entry Created" fields do not have particular meaning. CVE are attributed by CVE Numbering Authorities (CNA), and each CNA obtain CVE blocks from Mitre when needed/asked, so the CVE ID is not linked to the attribution date. The "Date Entry Created" field often only indicates when the CVE block was given to the CNA, nothing more.<br />
<br />
;Linux Weekly News: LWN provides a daily notice of security updates for various distributions<br />
:http://lwn.net/headlines/newrss<br />
<br />
===More===<br />
For more resources, please see the OpenWall's [http://oss-security.openwall.org/wiki/ Open Source Software Security Wiki]. <br />
<br />
<br />
==Package Categories and Team Members==<br />
Below is a list of general package categories. Should you like, you are welcome to add a new category. Please remember the KISS philosophy when editing the list. <br />
<br />
*Global<br />
:Billy Wayne McCann<br />
:[Your Name Here]<br />
* Kernel<br />
:[Your Name Here]<br />
* Filesystems<br />
:[Your Name Here]<br />
* GNU userland<br />
:[[User:RbN|RbN]]<br />
* Xorg<br />
:[[User:RbN|RbN]]<br />
* Systemd<br />
:[[User:RbN|RbN]]<br />
* Perl and associated software<br />
:[Your Name Here]<br />
* Python and associated software<br />
:[Your Name Here]<br />
* Java and associated software<br />
:[Your Name Here]<br />
* Ruby and associated software<br />
:[Your Name Here]<br />
* Gtk/Gnome and associated software<br />
:[Your Name Here]<br />
* QT/KDE and associated software<br />
:Billy Wayne McCann (KDE)<br />
:[Your Name Here]<br />
* Various Windows Managers (please include which WM along with your name)<br />
:[Your Name Here]</div>Bwaynehttps://wiki.archlinux.org/index.php?title=Arch_Security_Team&diff=304370Arch Security Team2014-03-13T22:24:34Z<p>Bwayne: /* Participation Guidelines */</p>
<hr />
<div>[[Category:Security]]<br />
{{Stub|For now, this page is a draft to construct something according to https://mailman.archlinux.org/pipermail/arch-dev-public/2014-March/025952.html}}<br />
<br />
{{Related articles start}}<br />
{{Related|Security Task Force}}<br />
{{Related|CVE-2014}}<br />
{{Related articles end}}<br />
<br />
<br />
This article introduces the Arch CVE Monitoring Team (ACMT) and describes best practices for contributing. <br />
<br />
<br />
==Introduction==<br />
Arch Linux is a community-driven distribution. It relies upon the efforts of volunteers to maintain and improve the distribution itself and to support fellow community members. <br />
<br />
The importance of software security cannot be overstated. Today's society relies upon computer technology for everything from amusement to indispensable national and local infrastructure. Many rely upon Arch Linux to provide these. <br />
<br />
On March 9, 2014, Allan McRae [https://mailman.archlinux.org/pipermail/arch-dev-public/2014-March/025952.html called] upon our community to assist in securing Arch Linux by monitoring any and all relevant resources for announced [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's). In contrast to security issues which can be fixed by updating, CVE's require patches to be backported. As such, Arch developers must be notified that this is the case. This is where the ACMT comes in.<br />
<br />
==Joining the ACMT==<br />
Joining is as simple as helping. Firstly, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch Security mailing list]. Secondly, consider the area where you'd like to help. It would be ideal to have team members' labor divided across the software ecosystem as equally as possible. This helps the Team to quickly and efficiently find and report CVE's. Software categories are listed [[Arch_CVE_Monitoring_Team#Package_Categories_and_Team_Members|below]]. However, it is not required that those who wish to volunteer restrict their monitoring in any way. "Global" and multiple-category volunteers are needed and encouraged. <br />
<br />
It is recommended that interested parties please consider monitoring those categories for which there are fewer volunteers. However, it is fully recognized that volunteers contribute best in areas in which they're most interested. Please consider both of these factors when selecting where your primary efforts will be placed. However, please note that it is not required that you restrict your monitoring to any one particular category. ''The goal of the ACMT is to simply keep Arch Linux secure. Any and all efforts are more than welcome and unreservedly appreciated.''<br />
<br />
If you would like to join the Team, please edit this page to include your name in the [[Arch_CVE_Monitoring_Team#Package_Categories_and_Team_Members|Package Categories and Team Members]] section below. Please place your name beneath the package category for which you will be monitoring. If you do not care to monitor specific categories and you would like to contribute any and all, please place your name in the "Global" category. ''These options are not mutually exclusive.''<br />
<br />
==Participation Guidelines==<br />
<br />
ALST Will Strive to Monitor all Packages within the following repositories:<br />
* ''core''<br />
* ''extra''<br />
* ''community''<br />
<br />
Follow mailing lists (both development and user), security advisories (if any) and bug trackers on a regular basis. A few resources are listed below. You will quickly learn the different kind of vulnerabilities if you are unfamiliar. For those who will monitor languages, it is ideal to be able to operate at both the interpreter level (often written in C) and the language level. <br />
<br />
Everyone should file bug reports. If you are unsure how to file a bug report, please refer to the [[Reporting_Bug_Guidelines| Bug Reporting Guidelines]]. <br />
<br />
People with the technical ability are encouraged to not only file bug reports about CVE's, but write/comment patches, test, communicate with upstream developers, among other things.<br />
<br />
==Procedure==<br />
A critical security exploit has been found in a software package within the Arch Linux official repositories. An ACMT member picks up this information from some mailing list he/she is following. If upstream released a new version that corrects the issue, the ACMT member should flag the package out-of-date and post pertinent information to the arch-security mailing list, which will likely get the attention of the developers. If, on the other hand, upstream releases only a patch, the ACMT member should file a bug report.<br />
<br />
===Bug Report Template===<br />
<br />
{{bc|<br />
Title : [<pkg-name>] security patch for <CVE-id><br />
Description:<br />
Quick description of the issue (or copy/paste from oss-sec, upstream bug reports, etc.)<br />
upstream bug report [0]<br />
<br />
Resolution:<br />
patch [1] <br />
<br />
Resources:<br />
[0] links to upstream bug report<br />
[1] link to patch<br />
}}<br />
<br />
The criticality of the bug report should be set to either Critical or High, depending on the severity of the issue.<br />
Some updates will be much more critical than others. However, updates are always recommended in the case of any vulnerability.<br />
<br />
==Resources==<br />
===RSS===<br />
;National Vulnerability Database (NVD)<br />
: All CVE vulnerabilites: http://nvd.nist.gov/download/nvd-rss.xml<br />
: All fully analyzed CVE vulnerabilities: http://nvd.nist.gov/download/nvd-rss-analyzed.xml<br />
<br />
===Mailing Lists===<br />
;oss-sec: main list dealing with security of free software, a lot of CVE attributions happen here, required if you wish to follow security news.<br><br />
:info: http://oss-security.openwall.org/wiki/mailing-lists/oss-security<br />
:subscribe: oss-security-subscribe(at)lists.openwall.com<br />
:archive: http://www.openwall.com/lists/oss-security/<br />
<br />
;bugtraq:a full disclosure moderated mailing list (noisy)<br />
:info: http://www.securityfocus.com/archive/1/description<br />
:subscribe: bugtraq-subscribe(at)securityfocus.com<br />
<br />
;full-disclosure: another full-disclosure mailing-list (noisy)<br />
:info: http://lists.grok.org.uk/full-disclosure-charter.html<br />
:subscribe: full-disclosure-request(at)lists.grok.org.uk<br />
<br />
Also consider following the mailing lists for specific packages, such as LibreOffice, X.org, Puppetlabs, ISC, etc.<br />
<br />
===Other Distributions===<br />
Resources of other distributions (to look for CVE, patch, comments etc.):<br />
;RedHat and Fedora:<br />
:rss advisories: https://admin.fedoraproject.org/updates/rss/rss2.0?type=security<br />
:CVE tracker: https://access.redhat.com/security/cve/<CVE-id><br />
:bug tracker: https://bugzilla.redhat.com/show_bug.cgi?id=<CVE-id><br />
<br />
;Ubuntu:<br />
:advisories: http://www.ubuntu.com/usn/atom.xml<br />
:CVE tracker: http://people.canonical.com/~ubuntu-security/cve/?cve=<CVE-id><br />
:database: https://code.launchpad.net/~ubuntu-security/ubuntu-cve-tracker/master<br />
<br />
;Debian:<br />
:CVE tracker: http://security-tracker.debian.org/tracker/<CVE-id><br />
:patch-tracker: http://patch-tracker.debian.org/<br />
:database: http://anonscm.debian.org/viewvc/secure-testing/data/<br />
<br />
;OpenSUSE:<br />
:CVE tracker: http://support.novell.com/security/cve/<CVE-id>.html<br />
<br />
===Other===<br />
;Mitre and NVD links for CVE's:<br />
:http://cve.mitre.org/cgi-bin/cvename.cgi?name=<CVE-id><br />
:http://web.nvd.nist.gov/view/vuln/detail?vulnId=<CVE-id><br />
<br />
NVD and Mitre do not necessarily fill their CVE entry immediately after attribution, so it's not always relevant for Arch. The CVE-id and the "Date Entry Created" fields do not have particular meaning. CVE are attributed by CVE Numbering Authorities (CNA), and each CNA obtain CVE blocks from Mitre when needed/asked, so the CVE ID is not linked to the attribution date. The "Date Entry Created" field often only indicates when the CVE block was given to the CNA, nothing more.<br />
<br />
;Linux Weekly News: LWN provides a daily notice of security updates for various distributions<br />
:http://lwn.net/headlines/newrss<br />
<br />
===More===<br />
For more resources, please see the OpenWall's [http://oss-security.openwall.org/wiki/ Open Source Software Security Wiki]. <br />
<br />
<br />
==Package Categories and Team Members==<br />
Below is a list of general package categories. Should you like, you are welcome to add a new category. Please remember the KISS philosophy when editing the list. <br />
<br />
*Global<br />
:Billy Wayne McCann<br />
:[Your Name Here]<br />
* Kernel<br />
:[Your Name Here]<br />
* Filesystems<br />
:[Your Name Here]<br />
* GNU userland<br />
:[[User:RbN|RbN]]<br />
* Xorg<br />
:[[User:RbN|RbN]]<br />
* Systemd<br />
:[[User:RbN|RbN]]<br />
* Perl and associated software<br />
:[Your Name Here]<br />
* Python and associated software<br />
:[Your Name Here]<br />
* Java and associated software<br />
:[Your Name Here]<br />
* Ruby and associated software<br />
:[Your Name Here]<br />
* Gtk/Gnome and associated software<br />
:[Your Name Here]<br />
* QT/KDE and associated software<br />
:Billy Wayne McCann (KDE)<br />
:[Your Name Here]<br />
* Various Windows Managers (please include which WM along with your name)<br />
:[Your Name Here]</div>Bwaynehttps://wiki.archlinux.org/index.php?title=Arch_Security_Team&diff=304369Arch Security Team2014-03-13T22:21:39Z<p>Bwayne: /* Bug Report Template */</p>
<hr />
<div>[[Category:Security]]<br />
{{Stub|For now, this page is a draft to construct something according to https://mailman.archlinux.org/pipermail/arch-dev-public/2014-March/025952.html}}<br />
<br />
{{Related articles start}}<br />
{{Related|Security Task Force}}<br />
{{Related|CVE-2014}}<br />
{{Related articles end}}<br />
<br />
<br />
This article introduces the Arch CVE Monitoring Team (ACMT) and describes best practices for contributing. <br />
<br />
<br />
==Introduction==<br />
Arch Linux is a community-driven distribution. It relies upon the efforts of volunteers to maintain and improve the distribution itself and to support fellow community members. <br />
<br />
The importance of software security cannot be overstated. Today's society relies upon computer technology for everything from amusement to indispensable national and local infrastructure. Many rely upon Arch Linux to provide these. <br />
<br />
On March 9, 2014, Allan McRae [https://mailman.archlinux.org/pipermail/arch-dev-public/2014-March/025952.html called] upon our community to assist in securing Arch Linux by monitoring any and all relevant resources for announced [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's). In contrast to security issues which can be fixed by updating, CVE's require patches to be backported. As such, Arch developers must be notified that this is the case. This is where the ACMT comes in.<br />
<br />
==Joining the ACMT==<br />
Joining is as simple as helping. Firstly, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch Security mailing list]. Secondly, consider the area where you'd like to help. It would be ideal to have team members' labor divided across the software ecosystem as equally as possible. This helps the Team to quickly and efficiently find and report CVE's. Software categories are listed [[Arch_CVE_Monitoring_Team#Package_Categories_and_Team_Members|below]]. However, it is not required that those who wish to volunteer restrict their monitoring in any way. "Global" and multiple-category volunteers are needed and encouraged. <br />
<br />
It is recommended that interested parties please consider monitoring those categories for which there are fewer volunteers. However, it is fully recognized that volunteers contribute best in areas in which they're most interested. Please consider both of these factors when selecting where your primary efforts will be placed. However, please note that it is not required that you restrict your monitoring to any one particular category. ''The goal of the ACMT is to simply keep Arch Linux secure. Any and all efforts are more than welcome and unreservedly appreciated.''<br />
<br />
If you would like to join the Team, please edit this page to include your name in the [[Arch_CVE_Monitoring_Team#Package_Categories_and_Team_Members|Package Categories and Team Members]] section below. Please place your name beneath the package category for which you will be monitoring. If you do not care to monitor specific categories and you would like to contribute any and all, please place your name in the "Global" category. ''These options are not mutually exclusive.''<br />
<br />
==Participation Guidelines==<br />
Follow mailing lists (both development and user), security advisories (if any) and bug trackers on a regular basis. A few resources are listed below. You will quickly learn the different kind of vulnerabilities if you are unfamiliar. For those who will monitor languages, it is ideal to be able to operate at both the interpreter level (often written in C) and the language level. <br />
<br />
Everyone should file bug reports. If you are unsure how to file a bug report, please refer to the [[Reporting_Bug_Guidelines| Bug Reporting Guidelines]]. <br />
<br />
People with the technical ability are encouraged to not only file bug reports about CVE's, but write/comment patches, test, communicate with upstream developers, among other things.<br />
<br />
==Procedure==<br />
A critical security exploit has been found in a software package within the Arch Linux official repositories. An ACMT member picks up this information from some mailing list he/she is following. If upstream released a new version that corrects the issue, the ACMT member should flag the package out-of-date and post pertinent information to the arch-security mailing list, which will likely get the attention of the developers. If, on the other hand, upstream releases only a patch, the ACMT member should file a bug report.<br />
<br />
===Bug Report Template===<br />
<br />
{{bc|<br />
Title : [<pkg-name>] security patch for <CVE-id><br />
Description:<br />
Quick description of the issue (or copy/paste from oss-sec, upstream bug reports, etc.)<br />
upstream bug report [0]<br />
<br />
Resolution:<br />
patch [1] <br />
<br />
Resources:<br />
[0] links to upstream bug report<br />
[1] link to patch<br />
}}<br />
<br />
The criticality of the bug report should be set to either Critical or High, depending on the severity of the issue.<br />
Some updates will be much more critical than others. However, updates are always recommended in the case of any vulnerability.<br />
<br />
==Resources==<br />
===RSS===<br />
;National Vulnerability Database (NVD)<br />
: All CVE vulnerabilites: http://nvd.nist.gov/download/nvd-rss.xml<br />
: All fully analyzed CVE vulnerabilities: http://nvd.nist.gov/download/nvd-rss-analyzed.xml<br />
<br />
===Mailing Lists===<br />
;oss-sec: main list dealing with security of free software, a lot of CVE attributions happen here, required if you wish to follow security news.<br><br />
:info: http://oss-security.openwall.org/wiki/mailing-lists/oss-security<br />
:subscribe: oss-security-subscribe(at)lists.openwall.com<br />
:archive: http://www.openwall.com/lists/oss-security/<br />
<br />
;bugtraq:a full disclosure moderated mailing list (noisy)<br />
:info: http://www.securityfocus.com/archive/1/description<br />
:subscribe: bugtraq-subscribe(at)securityfocus.com<br />
<br />
;full-disclosure: another full-disclosure mailing-list (noisy)<br />
:info: http://lists.grok.org.uk/full-disclosure-charter.html<br />
:subscribe: full-disclosure-request(at)lists.grok.org.uk<br />
<br />
Also consider following the mailing lists for specific packages, such as LibreOffice, X.org, Puppetlabs, ISC, etc.<br />
<br />
===Other Distributions===<br />
Resources of other distributions (to look for CVE, patch, comments etc.):<br />
;RedHat and Fedora:<br />
:rss advisories: https://admin.fedoraproject.org/updates/rss/rss2.0?type=security<br />
:CVE tracker: https://access.redhat.com/security/cve/<CVE-id><br />
:bug tracker: https://bugzilla.redhat.com/show_bug.cgi?id=<CVE-id><br />
<br />
;Ubuntu:<br />
:advisories: http://www.ubuntu.com/usn/atom.xml<br />
:CVE tracker: http://people.canonical.com/~ubuntu-security/cve/?cve=<CVE-id><br />
:database: https://code.launchpad.net/~ubuntu-security/ubuntu-cve-tracker/master<br />
<br />
;Debian:<br />
:CVE tracker: http://security-tracker.debian.org/tracker/<CVE-id><br />
:patch-tracker: http://patch-tracker.debian.org/<br />
:database: http://anonscm.debian.org/viewvc/secure-testing/data/<br />
<br />
;OpenSUSE:<br />
:CVE tracker: http://support.novell.com/security/cve/<CVE-id>.html<br />
<br />
===Other===<br />
;Mitre and NVD links for CVE's:<br />
:http://cve.mitre.org/cgi-bin/cvename.cgi?name=<CVE-id><br />
:http://web.nvd.nist.gov/view/vuln/detail?vulnId=<CVE-id><br />
<br />
NVD and Mitre do not necessarily fill their CVE entry immediately after attribution, so it's not always relevant for Arch. The CVE-id and the "Date Entry Created" fields do not have particular meaning. CVE are attributed by CVE Numbering Authorities (CNA), and each CNA obtain CVE blocks from Mitre when needed/asked, so the CVE ID is not linked to the attribution date. The "Date Entry Created" field often only indicates when the CVE block was given to the CNA, nothing more.<br />
<br />
;Linux Weekly News: LWN provides a daily notice of security updates for various distributions<br />
:http://lwn.net/headlines/newrss<br />
<br />
===More===<br />
For more resources, please see the OpenWall's [http://oss-security.openwall.org/wiki/ Open Source Software Security Wiki]. <br />
<br />
<br />
==Package Categories and Team Members==<br />
Below is a list of general package categories. Should you like, you are welcome to add a new category. Please remember the KISS philosophy when editing the list. <br />
<br />
*Global<br />
:Billy Wayne McCann<br />
:[Your Name Here]<br />
* Kernel<br />
:[Your Name Here]<br />
* Filesystems<br />
:[Your Name Here]<br />
* GNU userland<br />
:[[User:RbN|RbN]]<br />
* Xorg<br />
:[[User:RbN|RbN]]<br />
* Systemd<br />
:[[User:RbN|RbN]]<br />
* Perl and associated software<br />
:[Your Name Here]<br />
* Python and associated software<br />
:[Your Name Here]<br />
* Java and associated software<br />
:[Your Name Here]<br />
* Ruby and associated software<br />
:[Your Name Here]<br />
* Gtk/Gnome and associated software<br />
:[Your Name Here]<br />
* QT/KDE and associated software<br />
:Billy Wayne McCann (KDE)<br />
:[Your Name Here]<br />
* Various Windows Managers (please include which WM along with your name)<br />
:[Your Name Here]</div>Bwaynehttps://wiki.archlinux.org/index.php?title=Arch_Security_Team&diff=304368Arch Security Team2014-03-13T22:20:13Z<p>Bwayne: /* Procedure */</p>
<hr />
<div>[[Category:Security]]<br />
{{Stub|For now, this page is a draft to construct something according to https://mailman.archlinux.org/pipermail/arch-dev-public/2014-March/025952.html}}<br />
<br />
{{Related articles start}}<br />
{{Related|Security Task Force}}<br />
{{Related|CVE-2014}}<br />
{{Related articles end}}<br />
<br />
<br />
This article introduces the Arch CVE Monitoring Team (ACMT) and describes best practices for contributing. <br />
<br />
<br />
==Introduction==<br />
Arch Linux is a community-driven distribution. It relies upon the efforts of volunteers to maintain and improve the distribution itself and to support fellow community members. <br />
<br />
The importance of software security cannot be overstated. Today's society relies upon computer technology for everything from amusement to indispensable national and local infrastructure. Many rely upon Arch Linux to provide these. <br />
<br />
On March 9, 2014, Allan McRae [https://mailman.archlinux.org/pipermail/arch-dev-public/2014-March/025952.html called] upon our community to assist in securing Arch Linux by monitoring any and all relevant resources for announced [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's). In contrast to security issues which can be fixed by updating, CVE's require patches to be backported. As such, Arch developers must be notified that this is the case. This is where the ACMT comes in.<br />
<br />
==Joining the ACMT==<br />
Joining is as simple as helping. Firstly, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch Security mailing list]. Secondly, consider the area where you'd like to help. It would be ideal to have team members' labor divided across the software ecosystem as equally as possible. This helps the Team to quickly and efficiently find and report CVE's. Software categories are listed [[Arch_CVE_Monitoring_Team#Package_Categories_and_Team_Members|below]]. However, it is not required that those who wish to volunteer restrict their monitoring in any way. "Global" and multiple-category volunteers are needed and encouraged. <br />
<br />
It is recommended that interested parties please consider monitoring those categories for which there are fewer volunteers. However, it is fully recognized that volunteers contribute best in areas in which they're most interested. Please consider both of these factors when selecting where your primary efforts will be placed. However, please note that it is not required that you restrict your monitoring to any one particular category. ''The goal of the ACMT is to simply keep Arch Linux secure. Any and all efforts are more than welcome and unreservedly appreciated.''<br />
<br />
If you would like to join the Team, please edit this page to include your name in the [[Arch_CVE_Monitoring_Team#Package_Categories_and_Team_Members|Package Categories and Team Members]] section below. Please place your name beneath the package category for which you will be monitoring. If you do not care to monitor specific categories and you would like to contribute any and all, please place your name in the "Global" category. ''These options are not mutually exclusive.''<br />
<br />
==Participation Guidelines==<br />
Follow mailing lists (both development and user), security advisories (if any) and bug trackers on a regular basis. A few resources are listed below. You will quickly learn the different kind of vulnerabilities if you are unfamiliar. For those who will monitor languages, it is ideal to be able to operate at both the interpreter level (often written in C) and the language level. <br />
<br />
Everyone should file bug reports. If you are unsure how to file a bug report, please refer to the [[Reporting_Bug_Guidelines| Bug Reporting Guidelines]]. <br />
<br />
People with the technical ability are encouraged to not only file bug reports about CVE's, but write/comment patches, test, communicate with upstream developers, among other things.<br />
<br />
==Procedure==<br />
A critical security exploit has been found in a software package within the Arch Linux official repositories. An ACMT member picks up this information from some mailing list he/she is following. If upstream released a new version that corrects the issue, the ACMT member should flag the package out-of-date and post pertinent information to the arch-security mailing list, which will likely get the attention of the developers. If, on the other hand, upstream releases only a patch, the ACMT member should file a bug report.<br />
<br />
===Bug Report Template===<br />
<br />
{{bc|<br />
Title : [<pkg-name>] security patch for <CVE-id><br />
Description:<br />
Quick description of the issue or cope/paste from oss-sec, upstream bug reports.<br />
upstream bug report [0]<br />
<br />
Resolution:<br />
patch [1] <br />
<br />
Resources:<br />
[0] links to upstream bug report<br />
[1] link to patch<br />
}}<br />
<br />
The criticality of the bug report should be set to either Critical or High, depending on the severity of the issue.<br />
Some updates will be much more critical than others. However, updates are always recommended in the case of any vulnerability.<br />
<br />
==Resources==<br />
===RSS===<br />
;National Vulnerability Database (NVD)<br />
: All CVE vulnerabilites: http://nvd.nist.gov/download/nvd-rss.xml<br />
: All fully analyzed CVE vulnerabilities: http://nvd.nist.gov/download/nvd-rss-analyzed.xml<br />
<br />
===Mailing Lists===<br />
;oss-sec: main list dealing with security of free software, a lot of CVE attributions happen here, required if you wish to follow security news.<br><br />
:info: http://oss-security.openwall.org/wiki/mailing-lists/oss-security<br />
:subscribe: oss-security-subscribe(at)lists.openwall.com<br />
:archive: http://www.openwall.com/lists/oss-security/<br />
<br />
;bugtraq:a full disclosure moderated mailing list (noisy)<br />
:info: http://www.securityfocus.com/archive/1/description<br />
:subscribe: bugtraq-subscribe(at)securityfocus.com<br />
<br />
;full-disclosure: another full-disclosure mailing-list (noisy)<br />
:info: http://lists.grok.org.uk/full-disclosure-charter.html<br />
:subscribe: full-disclosure-request(at)lists.grok.org.uk<br />
<br />
Also consider following the mailing lists for specific packages, such as LibreOffice, X.org, Puppetlabs, ISC, etc.<br />
<br />
===Other Distributions===<br />
Resources of other distributions (to look for CVE, patch, comments etc.):<br />
;RedHat and Fedora:<br />
:rss advisories: https://admin.fedoraproject.org/updates/rss/rss2.0?type=security<br />
:CVE tracker: https://access.redhat.com/security/cve/<CVE-id><br />
:bug tracker: https://bugzilla.redhat.com/show_bug.cgi?id=<CVE-id><br />
<br />
;Ubuntu:<br />
:advisories: http://www.ubuntu.com/usn/atom.xml<br />
:CVE tracker: http://people.canonical.com/~ubuntu-security/cve/?cve=<CVE-id><br />
:database: https://code.launchpad.net/~ubuntu-security/ubuntu-cve-tracker/master<br />
<br />
;Debian:<br />
:CVE tracker: http://security-tracker.debian.org/tracker/<CVE-id><br />
:patch-tracker: http://patch-tracker.debian.org/<br />
:database: http://anonscm.debian.org/viewvc/secure-testing/data/<br />
<br />
;OpenSUSE:<br />
:CVE tracker: http://support.novell.com/security/cve/<CVE-id>.html<br />
<br />
===Other===<br />
;Mitre and NVD links for CVE's:<br />
:http://cve.mitre.org/cgi-bin/cvename.cgi?name=<CVE-id><br />
:http://web.nvd.nist.gov/view/vuln/detail?vulnId=<CVE-id><br />
<br />
NVD and Mitre do not necessarily fill their CVE entry immediately after attribution, so it's not always relevant for Arch. The CVE-id and the "Date Entry Created" fields do not have particular meaning. CVE are attributed by CVE Numbering Authorities (CNA), and each CNA obtain CVE blocks from Mitre when needed/asked, so the CVE ID is not linked to the attribution date. The "Date Entry Created" field often only indicates when the CVE block was given to the CNA, nothing more.<br />
<br />
;Linux Weekly News: LWN provides a daily notice of security updates for various distributions<br />
:http://lwn.net/headlines/newrss<br />
<br />
===More===<br />
For more resources, please see the OpenWall's [http://oss-security.openwall.org/wiki/ Open Source Software Security Wiki]. <br />
<br />
<br />
==Package Categories and Team Members==<br />
Below is a list of general package categories. Should you like, you are welcome to add a new category. Please remember the KISS philosophy when editing the list. <br />
<br />
*Global<br />
:Billy Wayne McCann<br />
:[Your Name Here]<br />
* Kernel<br />
:[Your Name Here]<br />
* Filesystems<br />
:[Your Name Here]<br />
* GNU userland<br />
:[[User:RbN|RbN]]<br />
* Xorg<br />
:[[User:RbN|RbN]]<br />
* Systemd<br />
:[[User:RbN|RbN]]<br />
* Perl and associated software<br />
:[Your Name Here]<br />
* Python and associated software<br />
:[Your Name Here]<br />
* Java and associated software<br />
:[Your Name Here]<br />
* Ruby and associated software<br />
:[Your Name Here]<br />
* Gtk/Gnome and associated software<br />
:[Your Name Here]<br />
* QT/KDE and associated software<br />
:Billy Wayne McCann (KDE)<br />
:[Your Name Here]<br />
* Various Windows Managers (please include which WM along with your name)<br />
:[Your Name Here]</div>Bwaynehttps://wiki.archlinux.org/index.php?title=Arch_Security_Team&diff=304367Arch Security Team2014-03-13T22:15:23Z<p>Bwayne: </p>
<hr />
<div>[[Category:Security]]<br />
{{Stub|For now, this page is a draft to construct something according to https://mailman.archlinux.org/pipermail/arch-dev-public/2014-March/025952.html}}<br />
<br />
{{Related articles start}}<br />
{{Related|Security Task Force}}<br />
{{Related|CVE-2014}}<br />
{{Related articles end}}<br />
<br />
<br />
This article introduces the Arch CVE Monitoring Team (ACMT) and describes best practices for contributing. <br />
<br />
<br />
==Introduction==<br />
Arch Linux is a community-driven distribution. It relies upon the efforts of volunteers to maintain and improve the distribution itself and to support fellow community members. <br />
<br />
The importance of software security cannot be overstated. Today's society relies upon computer technology for everything from amusement to indispensable national and local infrastructure. Many rely upon Arch Linux to provide these. <br />
<br />
On March 9, 2014, Allan McRae [https://mailman.archlinux.org/pipermail/arch-dev-public/2014-March/025952.html called] upon our community to assist in securing Arch Linux by monitoring any and all relevant resources for announced [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's). In contrast to security issues which can be fixed by updating, CVE's require patches to be backported. As such, Arch developers must be notified that this is the case. This is where the ACMT comes in.<br />
<br />
==Joining the ACMT==<br />
Joining is as simple as helping. Firstly, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch Security mailing list]. Secondly, consider the area where you'd like to help. It would be ideal to have team members' labor divided across the software ecosystem as equally as possible. This helps the Team to quickly and efficiently find and report CVE's. Software categories are listed [[Arch_CVE_Monitoring_Team#Package_Categories_and_Team_Members|below]]. However, it is not required that those who wish to volunteer restrict their monitoring in any way. "Global" and multiple-category volunteers are needed and encouraged. <br />
<br />
It is recommended that interested parties please consider monitoring those categories for which there are fewer volunteers. However, it is fully recognized that volunteers contribute best in areas in which they're most interested. Please consider both of these factors when selecting where your primary efforts will be placed. However, please note that it is not required that you restrict your monitoring to any one particular category. ''The goal of the ACMT is to simply keep Arch Linux secure. Any and all efforts are more than welcome and unreservedly appreciated.''<br />
<br />
If you would like to join the Team, please edit this page to include your name in the [[Arch_CVE_Monitoring_Team#Package_Categories_and_Team_Members|Package Categories and Team Members]] section below. Please place your name beneath the package category for which you will be monitoring. If you do not care to monitor specific categories and you would like to contribute any and all, please place your name in the "Global" category. ''These options are not mutually exclusive.''<br />
<br />
==Participation Guidelines==<br />
Follow mailing lists (both development and user), security advisories (if any) and bug trackers on a regular basis. A few resources are listed below. You will quickly learn the different kind of vulnerabilities if you are unfamiliar. For those who will monitor languages, it is ideal to be able to operate at both the interpreter level (often written in C) and the language level. <br />
<br />
Everyone should file bug reports. If you are unsure how to file a bug report, please refer to the [[Reporting_Bug_Guidelines| Bug Reporting Guidelines]]. <br />
<br />
People with the technical ability are encouraged to not only file bug reports about CVE's, but write/comment patches, test, communicate with upstream developers, among other things.<br />
<br />
==Procedure==<br />
A big security exploit has been found for in a software packaged within Archlinux official repositories. An ALST member picks up this information from some mailing list he/she is following. If upstream released a new version to correct the issue, the ASRT member just flag tha paqke out-of-date, if upstream only released a patch, the ASRT memeber should fill a bug report<br />
<br />
A good template of bug report might be:<br />
<br />
{{bc|<br />
Title : [<pkg-name>] security patch for <CVE-id><br />
Description:<br />
Quick description of the issue or cope/paste from oss-sec, upstream bug reports.<br />
upstream bug report [0]<br />
<br />
Resolution:<br />
patch [1] <br />
<br />
Resources:<br />
[0] links to upstream bug report<br />
[1] link to patch<br />
}}<br />
<br />
The criticity of the bug report should be set to either Critical or High, depending on the severuty of the issue.<br />
Some updates will be much more critical than others, however updates are always recommended in the case of any vulnerability.<br />
==Resources==<br />
===RSS===<br />
;National Vulnerability Database (NVD)<br />
: All CVE vulnerabilites: http://nvd.nist.gov/download/nvd-rss.xml<br />
: All fully analyzed CVE vulnerabilities: http://nvd.nist.gov/download/nvd-rss-analyzed.xml<br />
<br />
===Mailing Lists===<br />
;oss-sec: main list dealing with security of free software, a lot of CVE attributions happen here, required if you wish to follow security news.<br><br />
:info: http://oss-security.openwall.org/wiki/mailing-lists/oss-security<br />
:subscribe: oss-security-subscribe(at)lists.openwall.com<br />
:archive: http://www.openwall.com/lists/oss-security/<br />
<br />
;bugtraq:a full disclosure moderated mailing list (noisy)<br />
:info: http://www.securityfocus.com/archive/1/description<br />
:subscribe: bugtraq-subscribe(at)securityfocus.com<br />
<br />
;full-disclosure: another full-disclosure mailing-list (noisy)<br />
:info: http://lists.grok.org.uk/full-disclosure-charter.html<br />
:subscribe: full-disclosure-request(at)lists.grok.org.uk<br />
<br />
Also consider following the mailing lists for specific packages, such as LibreOffice, X.org, Puppetlabs, ISC, etc.<br />
<br />
===Other Distributions===<br />
Resources of other distributions (to look for CVE, patch, comments etc.):<br />
;RedHat and Fedora:<br />
:rss advisories: https://admin.fedoraproject.org/updates/rss/rss2.0?type=security<br />
:CVE tracker: https://access.redhat.com/security/cve/<CVE-id><br />
:bug tracker: https://bugzilla.redhat.com/show_bug.cgi?id=<CVE-id><br />
<br />
;Ubuntu:<br />
:advisories: http://www.ubuntu.com/usn/atom.xml<br />
:CVE tracker: http://people.canonical.com/~ubuntu-security/cve/?cve=<CVE-id><br />
:database: https://code.launchpad.net/~ubuntu-security/ubuntu-cve-tracker/master<br />
<br />
;Debian:<br />
:CVE tracker: http://security-tracker.debian.org/tracker/<CVE-id><br />
:patch-tracker: http://patch-tracker.debian.org/<br />
:database: http://anonscm.debian.org/viewvc/secure-testing/data/<br />
<br />
;OpenSUSE:<br />
:CVE tracker: http://support.novell.com/security/cve/<CVE-id>.html<br />
<br />
===Other===<br />
;Mitre and NVD links for CVE's:<br />
:http://cve.mitre.org/cgi-bin/cvename.cgi?name=<CVE-id><br />
:http://web.nvd.nist.gov/view/vuln/detail?vulnId=<CVE-id><br />
<br />
NVD and Mitre do not necessarily fill their CVE entry immediately after attribution, so it's not always relevant for Arch. The CVE-id and the "Date Entry Created" fields do not have particular meaning. CVE are attributed by CVE Numbering Authorities (CNA), and each CNA obtain CVE blocks from Mitre when needed/asked, so the CVE ID is not linked to the attribution date. The "Date Entry Created" field often only indicates when the CVE block was given to the CNA, nothing more.<br />
<br />
;Linux Weekly News: LWN provides a daily notice of security updates for various distributions<br />
:http://lwn.net/headlines/newrss<br />
<br />
===More===<br />
For more resources, please see the OpenWall's [http://oss-security.openwall.org/wiki/ Open Source Software Security Wiki]. <br />
<br />
<br />
==Package Categories and Team Members==<br />
Below is a list of general package categories. Should you like, you are welcome to add a new category. Please remember the KISS philosophy when editing the list. <br />
<br />
*Global<br />
:Billy Wayne McCann<br />
:[Your Name Here]<br />
* Kernel<br />
:[Your Name Here]<br />
* Filesystems<br />
:[Your Name Here]<br />
* GNU userland<br />
:[[User:RbN|RbN]]<br />
* Xorg<br />
:[[User:RbN|RbN]]<br />
* Systemd<br />
:[[User:RbN|RbN]]<br />
* Perl and associated software<br />
:[Your Name Here]<br />
* Python and associated software<br />
:[Your Name Here]<br />
* Java and associated software<br />
:[Your Name Here]<br />
* Ruby and associated software<br />
:[Your Name Here]<br />
* Gtk/Gnome and associated software<br />
:[Your Name Here]<br />
* QT/KDE and associated software<br />
:Billy Wayne McCann (KDE)<br />
:[Your Name Here]<br />
* Various Windows Managers (please include which WM along with your name)<br />
:[Your Name Here]</div>Bwaynehttps://wiki.archlinux.org/index.php?title=Arch_Security_Team&diff=304269Arch Security Team2014-03-13T12:52:19Z<p>Bwayne: /* Joining the ACMT */</p>
<hr />
<div>[[Category:Security]]<br />
This article introduces the Arch CVE Monitoring Team (ACMT) and describes best practices for contributing. <br />
<br />
<br />
==Introduction==<br />
Arch Linux is a community-driven distribution. It relies upon the efforts of volunteers to maintain and improve the distribution itself and to support fellow community members. <br />
<br />
The importance of software security cannot be overstated. Today's society relies upon computer technology for everything from amusement to indispensable national and local infrastructure. Many rely upon Arch Linux to provide these. <br />
<br />
On March 9, 2014, Allan McRae [https://mailman.archlinux.org/pipermail/arch-dev-public/2014-March/025952.html called] upon our community to assist in securing Arch Linux by monitoring any and all relevant resources for announced [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's). In contrast to security issues which can be fixed by updating, CVE's require patches to be backported. As such, Arch developers must be notified that this is the case. This is where the ACMT comes in.<br />
<br />
==Joining the ACMT==<br />
Joining is as simple as helping. Firstly, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch Security mailing list]. Secondly, consider the area where you'd like to help. It would be ideal to have team members' labor divided across the software ecosystem as equally as possible. This helps the Team to quickly and efficiently find and report CVE's. Software categories are listed [[Arch_CVE_Monitoring_Team#Package_Categories_and_Team_Members|below]]. However, it is not required that those who wish to volunteer restrict their monitoring in any way. "Global" and multiple-category volunteers are needed and encouraged. <br />
<br />
It is recommended that interested parties please consider monitoring those categories for which there are fewer volunteers. However, it is fully recognized that volunteers contribute best in areas in which they're most interested. Please consider both of these factors when selecting where your primary efforts will be placed. However, please note that it is not required that you restrict your monitoring to any one particular category. ''The goal of the ACMT is to simply keep Arch Linux secure. Any and all efforts are more than welcome and unreservedly appreciated.''<br />
<br />
If you would like to join the Team, please edit this page to include your name in the [[Arch_CVE_Monitoring_Team#Package_Categories_and_Team_Members|Package Categories and Team Members]] section below. Please place your name beneath the package category for which you will be monitoring. If you do not care to monitor specific categories and you would like to contribute any and all, please place your name in the "Global" category. ''These options are not mutually exclusive.''<br />
<br />
==Participation Guidelines==<br />
Follow mailing lists (both development and user), security advisories (if any) and bug trackers on a regular basis. A few resources are listed below. You will quickly learn the different kind of vulnerabilities if you are unfamiliar. For those who will monitor languages, it is ideal to be able to operate at both the interpreter level (often written in C) and the language level. <br />
<br />
Everyone should file bug reports. If you are unsure how to file a bug report, please refer to the [[Reporting_Bug_Guidelines| Bug Reporting Guidelines]]. <br />
<br />
People with the technical ability are encouraged to not only file bug reports about CVE's, but write/comment patches, test, communicate with upstream developers, among other things.<br />
<br />
<br />
==Resources==<br />
===RSS===<br />
;National Vulnerability Database (NVD)<br />
: All CVE vulnerabilites: http://nvd.nist.gov/download/nvd-rss.xml<br />
: All fully analyzed CVE vulnerabilities: http://nvd.nist.gov/download/nvd-rss-analyzed.xml<br />
<br />
===Mailing Lists===<br />
;oss-sec: main list dealing with security of free software, a lot of CVE attributions happen here, required if you wish to follow security news.<br><br />
:info: http://oss-security.openwall.org/wiki/mailing-lists/oss-security<br />
:subscribe: oss-security-subscribe(at)lists.openwall.com<br />
:archive: http://www.openwall.com/lists/oss-security/<br />
<br />
;bugtraq:a full disclosure moderated mailing list (noisy)<br />
:info: http://www.securityfocus.com/archive/1/description<br />
:subscribe: bugtraq-subscribe(at)securityfocus.com<br />
<br />
;full-disclosure: another full-disclosure mailing-list (noisy)<br />
:info: http://lists.grok.org.uk/full-disclosure-charter.html<br />
:subscribe: full-disclosure-request(at)lists.grok.org.uk<br />
<br />
Also consider following the mailing lists for specific packages, such as LibreOffice, X.org, Puppetlabs, ISC, etc.<br />
<br />
===Other Distributions===<br />
Resources of other distributions (to look for CVE, patch, comments etc.):<br />
;RedHat and Fedora:<br />
:rss advisories: https://admin.fedoraproject.org/updates/rss/rss2.0?type=security<br />
:CVE tracker: https://access.redhat.com/security/cve/<CVE-id><br />
:bug tracker: https://bugzilla.redhat.com/show_bug.cgi?id=<CVE-id><br />
<br />
;Ubuntu:<br />
:advisories: http://www.ubuntu.com/usn/atom.xml<br />
:CVE tracker: http://people.canonical.com/~ubuntu-security/cve/?cve=<CVE-id><br />
:database: https://code.launchpad.net/~ubuntu-security/ubuntu-cve-tracker/master<br />
<br />
;Debian:<br />
:CVE tracker: http://security-tracker.debian.org/tracker/<CVE-id><br />
:patch-tracker: http://patch-tracker.debian.org/<br />
:database: http://anonscm.debian.org/viewvc/secure-testing/data/<br />
<br />
;OpenSUSE:<br />
:CVE tracker: http://support.novell.com/security/cve/<CVE-id>.html<br />
<br />
===Other===<br />
;Mitre and NVD links for CVE's:<br />
:http://cve.mitre.org/cgi-bin/cvename.cgi?name=<CVE-id><br />
:http://web.nvd.nist.gov/view/vuln/detail?vulnId=<CVE-id><br />
<br />
NVD and Mitre do not necessarily fill their CVE entry immediately after attribution, so it's not always relevant for Arch. The CVE-id and the "Date Entry Created" fields do not have particular meaning. CVE are attributed by CVE Numbering Authorities (CNA), and each CNA obtain CVE blocks from Mitre when needed/asked, so the CVE ID is not linked to the attribution date. The "Date Entry Created" field often only indicates when the CVE block was given to the CNA, nothing more.<br />
<br />
;Linux Weekly News: LWN provides a daily notice of security updates for various distributions<br />
:http://lwn.net/headlines/newrss<br />
<br />
===More===<br />
For more resources, please see the OpenWall's [http://oss-security.openwall.org/wiki/ Open Source Software Security Wiki]. <br />
<br />
<br />
==Package Categories and Team Members==<br />
Below is a list of general package categories. Should you like, you are welcome to add a new category. Please remember the KISS philosophy when editing the list. <br />
<br />
*Global<br />
:Billy Wayne McCann<br />
:[Your Name Here]<br />
* Kernel<br />
:[Your Name Here]<br />
* Filesystems<br />
:[Your Name Here]<br />
* GNU userland<br />
:[Your Name Here]<br />
* Xorg<br />
:[Your Name Here]<br />
* Systemd<br />
:[Your Name Here]<br />
* Perl and associated software<br />
:[Your Name Here]<br />
* Python and associated software<br />
:[Your Name Here]<br />
* Java and associated software<br />
:[Your Name Here]<br />
* Ruby and associated software<br />
:[Your Name Here]<br />
* Gtk/Gnome and associated software<br />
:[Your Name Here]<br />
* QT/KDE and associated software<br />
:Billy Wayne McCann (KDE)<br />
:[Your Name Here]<br />
* Various Windows Managers (please include which WM along with your name)<br />
:[Your Name Here]</div>Bwayne