https://wiki.archlinux.org/api.php?action=feedcontributions&user=RbN&feedformat=atom
ArchWiki - User contributions [en]
2024-03-29T07:13:44Z
User contributions
MediaWiki 1.41.0
https://wiki.archlinux.org/index.php?title=Arch_Security_Team&diff=363425
Arch Security Team
2015-03-02T21:56:33Z
<p>RbN: /* Package Categories and Team Members */ remove myself</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Stub|For now, this page is a draft to construct something according to https://mailman.archlinux.org/pipermail/arch-dev-public/2014-March/025952.html}}<br />
<br />
{{Related articles start}}<br />
{{Related|CVE}}<br />
{{Related|Security Advisories}}<br />
{{Related articles end}}<br />
<br />
This article introduces the Arch CVE Monitoring Team (ACMT) and describes best practices for contributing. <br />
<br />
==Introduction==<br />
Arch Linux is a community-driven distribution. It relies upon the efforts of volunteers to maintain and improve the distribution itself and to support fellow community members. <br />
<br />
The importance of software security cannot be overstated. Today's society relies upon computer technology for everything from amusement to indispensable national and local infrastructure. Many rely upon Arch Linux to provide these. <br />
<br />
On March 9, 2014, Allan McRae [https://mailman.archlinux.org/pipermail/arch-dev-public/2014-March/025952.html called] upon our community to assist in securing Arch Linux by monitoring any and all relevant resources for announced [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's). In contrast to security issues which can be fixed by updating, CVE's require patches to be backported. As such, Arch developers must be notified that this is the case. This is where the ACMT comes in.<br />
<br />
The ACMT should embody the efforts of the "security-conscious" part of the Arch users population. Server owners, maintainers of workstations in production environments as well as concerned personal users would gain the benefit of relatively prompt security updates. The ACMT should help alleviate two important problems: finding bugs, communicating with developers. <br />
<br />
The Team is a volunteer maintained service. Volunteers are welcome to help identify and notify packages with security vulnerabilities.<br />
<br />
==Joining the ACMT==<br />
Joining is as simple as helping. Firstly, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch Security mailing list] and/or IRC chan [irc://irc.freenode.net/archlinux-security #archlinux-security]. Secondly, consider the area where you would like to help. It would be ideal to have team members' labor divided across the software ecosystem as equally as possible. This helps the Team to quickly and efficiently find and report CVE's. Software categories are listed [[#Package Categories and Team Members|below]]. However, it is not required that those who wish to volunteer restrict their monitoring in any way. "Global" and multiple-category volunteers are needed and encouraged. <br />
<br />
It is recommended that interested parties please consider monitoring those categories for which there are fewer volunteers. However, it is fully recognized that volunteers contribute best in areas in which they are most interested. Please consider both of these factors when selecting where your primary efforts will be placed. However, please note that it is not required that you restrict your monitoring to any one particular category. ''The goal of the ACMT is to simply keep Arch Linux secure. Any and all efforts are more than welcome and unreservedly appreciated.''<br />
<br />
If you would like to join the Team, please edit this page to include your name in the [[#Package Categories and Team Members|Package Categories and Team Members]] section below. Please place your name beneath the package category for which you will be monitoring. If you do not care to monitor specific categories and you would like to contribute any and all, please place your name in the "Global" category. ''These options are not mutually exclusive.''<br />
<br />
==Participation Guidelines==<br />
<br />
ACMT monitors all packages within the following repositories:<br />
* ''core''<br />
* ''extra''<br />
* ''community''<br />
<br />
Follow mailing lists (both development and user), security advisories (if any) and bug trackers on a regular basis. A few resources are listed below. You will quickly learn the different kind of vulnerabilities if you are unfamiliar. For those who will monitor languages, it is ideal to be able to operate at both the interpreter level (often written in C) and the language level. <br />
<br />
Everyone should file bug reports. If you are unsure how to file a bug report, please refer to the [[Reporting_Bug_Guidelines| Bug Reporting Guidelines]]. <br />
<br />
People with the technical ability are encouraged to not only file bug reports about CVE's, but write/comment patches, test, communicate with upstream developers, among other things.<br />
<br />
==Procedure==<br />
<br />
A security vulnerability has been found in a software package within the Arch Linux official repositories. An ACMT member picks up this information from some mailing list he/she is following.<br />
<br />
* If upstream released a new version that corrects the issue, the ACMT member should flag the package out-of-date ;<br />
** If the package has not been updated after a too long delay, a bug report should then be filed about the security issue.<br />
** If this is an important security issue, a bug report must be filed immediately after flagging the package out-of-date.<br />
* If, on the other hand, upstream releases only a patch, the ACMT member should file a bug report about the security issue.<br />
* For a critical security issue, the member may also want to post pertinent information to the ''arch-security'' mailing-list, which will likely get the attention of the developers.<br />
<br />
If you have a private bug to report, [https://mailman.archlinux.org/pipermail/arch-security/2014-June/000088.html then use security@archlinux.org]. Please note that the address for private bugs reporting is ''security'', not ''arch-security''. A private bug is one that is too sensitive to post where anyone can read and exploit it, e.g. vulnerabilities in Arch Linux infrastructure.<br />
<br />
===Bug Report Template===<br />
<br />
{{bc|<br />
Title : [<pkg-name>] security patch for <CVE-id><br />
Description:<br />
Quick description of the issue (or copy/paste from oss-sec, upstream bug reports, etc.)<br />
upstream bug report [0]<br />
<br />
Resolution:<br />
patch [1] <br />
<br />
Resources:<br />
[0] links to upstream bug report<br />
[1] link to patch<br />
}}<br />
<br />
The criticality of the bug report should be set to either Critical or High, depending on the severity of the issue.<br />
Some updates will be much more critical than others. However, updates are always recommended in the case of any vulnerability.<br />
<br />
Once this process is complete, please add the CVE and later the [[Security Advisories | ASA]] to the [[CVE]] Documented Resolved CVE table.<br />
<br />
==Resources==<br />
===RSS===<br />
;National Vulnerability Database (NVD)<br />
: All CVE vulnerabilites: http://nvd.nist.gov/download/nvd-rss.xml<br />
: All fully analyzed CVE vulnerabilities: http://nvd.nist.gov/download/nvd-rss-analyzed.xml<br />
<br />
===Mailing Lists===<br />
;oss-sec: main list dealing with security of free software, a lot of CVE attributions happen here, required if you wish to follow security news.<br><br />
:info: http://oss-security.openwall.org/wiki/mailing-lists/oss-security<br />
:subscribe: oss-security-subscribe(at)lists.openwall.com<br />
:archive: http://www.openwall.com/lists/oss-security/<br />
<br />
;bugtraq:a full disclosure moderated mailing list (noisy)<br />
:info: http://www.securityfocus.com/archive/1/description<br />
:subscribe: bugtraq-subscribe(at)securityfocus.com<br />
<br />
;full-disclosure: another full-disclosure mailing-list (noisy)<br />
:info: http://lists.grok.org.uk/full-disclosure-charter.html<br />
:subscribe: full-disclosure-request(at)lists.grok.org.uk<br />
<br />
Also consider following the mailing lists for specific packages, such as LibreOffice, X.org, Puppetlabs, ISC, etc.<br />
<br />
===Other Distributions===<br />
Resources of other distributions (to look for CVE, patch, comments etc.):<br />
;RedHat and Fedora:<br />
:rss advisories: https://admin.fedoraproject.org/updates/rss/rss2.0?type=security<br />
:CVE tracker: https://access.redhat.com/security/cve/<CVE-id><br />
:bug tracker: https://bugzilla.redhat.com/show_bug.cgi?id=<CVE-id><br />
<br />
;Ubuntu:<br />
:advisories: http://www.ubuntu.com/usn/atom.xml<br />
:CVE tracker: http://people.canonical.com/~ubuntu-security/cve/?cve=<CVE-id><br />
:database: https://code.launchpad.net/~ubuntu-security/ubuntu-cve-tracker/master<br />
<br />
;Debian:<br />
:CVE tracker: http://security-tracker.debian.org/tracker/<CVE-id><br />
:patch-tracker: http://patch-tracker.debian.org/<br />
:database: http://anonscm.debian.org/viewvc/secure-testing/data/<br />
<br />
;OpenSUSE:<br />
:CVE tracker: http://support.novell.com/security/cve/<CVE-id>.html<br />
<br />
===Other===<br />
;Mitre and NVD links for CVE's:<br />
:http://cve.mitre.org/cgi-bin/cvename.cgi?name=<CVE-id><br />
:http://web.nvd.nist.gov/view/vuln/detail?vulnId=<CVE-id><br />
<br />
NVD and Mitre do not necessarily fill their CVE entry immediately after attribution, so it is not always relevant for Arch. The CVE-id and the "Date Entry Created" fields do not have particular meaning. CVE are attributed by CVE Numbering Authorities (CNA), and each CNA obtain CVE blocks from Mitre when needed/asked, so the CVE ID is not linked to the attribution date. The "Date Entry Created" field often only indicates when the CVE block was given to the CNA, nothing more.<br />
<br />
;Linux Weekly News: LWN provides a daily notice of security updates for various distributions<br />
:http://lwn.net/headlines/newrss<br />
<br />
===More===<br />
For more resources, please see the OpenWall's [http://oss-security.openwall.org/wiki/ Open Source Software Security Wiki]. <br />
<br />
==Package Categories and Team Members==<br />
Below is a list of general package categories. Should you like, you are welcome to add a new category. Please remember the KISS philosophy when editing the list. <br />
<br />
*Global<br />
:[[User:Bwayne|Billy Wayne McCann]]<br />
:[[User:Netmonk|HegemoOn]]<br />
:[[User:Siosm|Timothée Ravier]]<br />
:[[User:rgacogne|Remi Gacogne]]<br />
:[[User:anthraxx|Levente Polyak]]<br />
:[[User:Shibumi|Christian Rebischke]]<br />
:[Your Name Here]<br />
* Kernel<br />
:[[User:thestinger|Daniel Micay]]<br />
:Mark Lee<br />
* Filesystems<br />
:[Your Name Here]<br />
* GNU userland<br />
:[Your Name Here]<br />
* Xorg<br />
:[Your Name Here]<br />
* Systemd<br />
:[Your Name Here]<br />
* Perl and associated software<br />
:[Your Name Here]<br />
* Python and associated software<br />
:[[User:Srl|Scott Lawrence]]<br />
:[Your Name Here]<br />
* Java and associated software<br />
:[Your Name Here]<br />
* Ruby and associated software<br />
:[Your Name Here]<br />
* Gtk/Gnome and associated software<br />
:[Your Name Here]<br />
* QT/KDE and associated software<br />
:[[User:Bwayne|Billy Wayne McCann]] (KDE)<br />
:[Your Name Here]<br />
* Various Windows Managers (please include which WM along with your name)<br />
:[Your Name Here]</div>
RbN
https://wiki.archlinux.org/index.php?title=CVE&diff=306919
CVE
2014-03-24T22:40:04Z
<p>RbN: /* Documented Resolved CVE's */</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Stub|Draft of a table conaining already corrected CVE<br />
TODO: -improve sexyness of the table <br />
- links to Mitre for CVE-id<br />
}}<br />
<br />
{{Related articles start}}<br />
{{Related | Arch_CVE_Monitoring_Team}}<br />
{{Related articles end}}<br />
This article documents [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's) that are found and fixed in Arch Linux. <br />
<br />
==Introduction==<br />
CVE's represent critical security vulnerabilities which must be addressed as quickly as possible. <br />
<br />
Once a CVE has been located and fixed, it is added to the CVE documentation table below.<br />
<br />
==Helping==<br />
This is a community driven project. Please consider joining the [[Arch_CVE_Monitoring_Team | Arch CVE Monitoring Team]]. <br />
<br />
Also, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch security mailing list]. There is an IRC on irc://irc.freenode.net/archlinux-security.<br />
<br />
==Procedure==<br />
<br />
When adding a CVE to the table, add it to the TOP of the table. In the "CVE-id", "package/version", and "Update/bug" columns, create the entry as a hyperlink to the appropriate URL, respectively.<br />
<br />
<br />
The following template may be used to faciliate CVE entries into the table. The first line, "|-" represents the creation of a new row in the table, while the second line should be modified per CVE. <br />
{{hc|CVE Table Addition Template|<nowiki>|-<br />
| [http://link.to.cve CVE-2014-????] || {{Pkg|pkgname}} || date_public || update/bug || fixed_version || time_vulnerable || status (fixed|pending) </nowiki> }}<br />
<br />
The above template should be added after the line<br />
{{bc|<nowiki>! scope="col" width="125px" data-sort-type="text" | CVE-id !! package/version !! Date public !! Update/bug !! Fixed version !! Time vulnerable !! Status</nowiki>}}<br />
<br />
==Documented Resolved CVE's ==<br />
<br><br />
{{Note|Refer to the [[#Procedure]] section when adding new entries.}}<br />
<br />
<br />
{| class="wikitable" style="margin: 1em auto 1em auto; text-align: center;" width="50%"<br />
|height="50px" colspan="7" style="font-size: 125%;"| '''RESOLVED CVE's'''<br />
|-<br />
! scope="col" width="110px" data-sort-type="text" | CVE-id !! package/version !! Date public !! Update/bug !! Fixed version !! Time vulnerable !! Status<br />
<br />
|-<br />
| CVE-2014-1700 CVE-2014-1701 CVE-2014-1702 CVE-2014-1703 CVE-2014-1704 CVE-2014-1705 CVE-2014-1713 CVE-2014-1715 || {{Pkg|chromium}} {{Pkg|v8}} || 11/03/2014 || 32 || 33 || 4d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0098 CVE-2014-0098] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6438 CVE-2013-6438]|| {{Pkg|apache}} || 17/03/2014 || 2.4.8 || 2.4.9 || -1d || fixed <br />
|-<br />
| CVE-2014-1492 || {{Pkg|nss}} || 18/03/2014 || 2.15.5 || 3.16 || - || pending<br />
|-<br />
| CVE-2014-1493 CVE-2014-1494 CVE-2014-1497 CVE-2014-1498 CVE-2014-1499 CVE-2014-1500 CVE-2014-1502 CVE-2014-1504 CVE-2014-1505 CVE-2014-1508 CVE-2014-1509 CVE-2014-1510 CVE-2014-1511 CVE-2014-1512 CVE-2014-1513 CVE-2014-1514 || {{Pkg|firefox}} {{Pkg|thunderbird}} || 18/03/2014 || 27 || 28 || 1d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2240 CVE-2014-2240] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2241 CVE-2014-2241]|| {{Pkg|freetype2}} || || 2.5.2 || 2.5.3 || ? || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2029 CVE-2014-2029 ]|| {{Pkg|xtrabackup}} || 16/02/2014 || 2.1.7 || 2.1.8 || 28d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1958 CVE-2014-1958 ][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2030 CVE-2014-2030 ]|| {{Pkg|imagemagick}} || || || 6.8.8.9-1 || ? || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1943 CVE-2014-1943 ][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2270 CVE-2014-2270 ]|| {{Pkg|php}} || 06/03/2014 || 5.5.9 || 5.5.110 || -1d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0404 CVE-2014-0404 ][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-04046 CVE-2014-0406 ][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0407 CVE-2014-0407 ] || {{Pkg|virtualbox}} || 28/02/2014 || 4.3.4 || 4.3.6 || ? || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2323 CVE-2014-2323 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2324 CVE-2014-2324 ] || {{Pkg|lighttpd}} || 12/03/2014 || 1.4.34 || 1.4.35 || 0d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0333 CVE-2014-0333 ] || {{Pkg|libpng}} || 28/02/2014 || 1.6.9 || 1.6.10 || 9d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0017 CVE-2014-0017 ] || {{Pkg|libssh}} || 04/03/2014 || - || 3.5.7.29 || 5d || fixed <br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/628 CVE-2013-7339] || {{Pkg|linux}} <3.5.7.29|| 20/03/2014 || - || 3.5.7.29 || 0d || fixed <br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2568 CVE-2014-2568] || {{Pkg|linux}} || 18/03/2014 || {{Bug|39566}} || - || - || invalid <br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2524 CVE-2014-2524] || {{Pkg|tigervnc}} || 19/03/2014 || - || 1.3.1 || 1d || FIXED<br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/595 CVE-2013-7338] || {{Pkg|python}} || 19/03/2014 || {{Bug|39540}} || 3.4 beta3 || 2013-12-27:? || pending 3.4 -> [extra]<br />
|-<br />
| [http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html CVE-2014-0133 ] || {{Pkg|nginx}} || 18/03/2014 || - || 1.4.7 || 0d || fixed<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2013-7336 CVE-2013-7336 ] || {{Pkg|libvirt}} || 19/09/2013 || - || libvirt-1.1.1-7.el7 || 0d || fixed<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2523 CVE-2014-2523 ] || {{Pkg|linux}} || 17/03/2014 || - || 3.13-rc5 || ? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0004 CVE-2014-0004 ] || {{Pkg|udisks2}} {{Pkg|udisks}} || 10/03/2014 || 2.1.3 1.0.5 || 2.1.3 1.0.5 || 3d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2281 CVE-2014-2281 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2282 CVE-2014-2282 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2283 CVE-2014-2283 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2299 CVE-2014-2299 ] || {{Pkg|wireshark}} || 10/03/2014 || 1.10.6 || 1.10.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0050 CVE-2014-0050 ] || {{Pkg|tomcat7}} || 06/02/2014 || 7.0.51 || 7.0.51 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0033 CVE-2014-0033 ] || {{Pkg|tomcat6}} || 10/01/2014 || 6.0.37 || 6.0.37 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0032 CVE-2014-0032 ] || {{Pkg|subversion}} || 10/01/2014 || 1.8.6 || 1.8.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0060 CVE-2014-0060 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0061 CVE-2014-0061 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0062 CVE-2014-0062 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0063 CVE-2014-0063 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0064 CVE-2014-0064] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0065 CVE-2014-0065] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0066 CVE-2014-0066] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0067 CVE-2014-0067] || {{Pkg|postgresql}} || 20/02/2014 || 9.3.3 || 9.33 || 0d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1912 CVE-2014-1912 ] || {{Pkg|python}} {{Pkg|python2}} || 07/02/2014 || || || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4496 CVE-2013-4496 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6442 CVE-2013-6442 ] || {{Pkg|samba}} || 14/03/2014 ||{{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0504 CVE-2014-0504 ] || {{Pkg|flashplugin}} || 12/03/2014 || {{Bug|39385}} || 11.2.202.346 || 1d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0106 CVE-2014-0106] || {{Pkg|sudo}}/1.8.9.p5 || || 1.8.10 || || - || fixed<br />
|-<br />
| CVE-2014-2285 CVE-2014-2284 || {{Pkg|net-snmp}} || 05/03/2014 || {{Bug|39190}} || || 8d<br />
|-<br />
| CVE-2014-0092 || {{Pkg|gnutls}} || 04/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2242 CVE-2014-2243 CVE-2014-2244 || {{Pkg|mediawiki}} || 14/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2093 CVE-2014-2094 CVE-2014-2095 CVE-2014-2096 || {{Pkg|catfish}} || 25/02/2014 || || || ??<br />
|-<br />
| CVE-2014-0497|| {{Pkg|flashplugin}} || 04/02/2014 || || || 1d<br />
|-<br />
| CVE-2014-0015 || {{Pkg|curl}} || 29/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-1610 || {{Pkg|mediawiki}} || 29/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-0021 || {{Pkg|chrony}} || 17/01/2014 || || || 14d<br />
|-<br />
| CVE-2014-1875 || {{Pkg|perl-capture-tiny}} || 06/02/2014 || {{Bug|38862}} || || 4d<br />
|-<br />
| CVE-2013-6493 || {{Pkg|icedtea-web-jav}} || 05/02/2014 || || || 0d<br />
|- <br />
| CVE-2014-1858 CVE-2014-1859 || {{Pkg|python-numpy}} || 06/02/2014 || {{Bug|38863}} || || 4d<br />
|-<br />
| CVE-2014-1932 CVE-2014-1933 || {{Pkg|python-pillow}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1934 || {{Pkg|python-eyed3}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1935 || {{Pkg|9base}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1949 || {{Pkg|cinnamon-screensaver}} || 12/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1959 || {{Pkg|gnutls}} || 13/02/2014 || || || 2d<br />
|- <br />
| CVE-2014-2015 || {{Pkg|freeradius}} || 16/02/2014 || || || ??<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1943 CVE-2014-1943 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2270 CVE-2014-2270 ] || {{Pkg|file}} || 10/02/2014 || || || 2d<br />
|-<br />
| CVE-2014-0001 CVE-2014-0412<br> CVE-2014-0437 CVE-2014-0420 <br> CVE-2014-0393 CVE-2014-0386 <br> CVE-2014-0401 CVE-2014-0402 || {{Pkg|mariadb}} || 13/02/2013 || || || -13d<br />
|-<br />
| CVE-2014-1447 || {{Pkg|libvirt}} || 16/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-0979 || lightdm-gtk* || 07/01/2014 || {{Bug|38715}} || || 25d<br />
|-<br />
| CVE-2014-1475 CVE-2014-1476 || {{Pkg|drupal}} || 15/01/2014 || || || 12d<br />
|-<br />
| CVE-2014-0019 || {{Pkg|socat}} || 29/01/2014 || || || 0d<br />
|- <br />
| CVE-2014-1845 CVE-2014-1846 || {{Pkg|enlightment}} || 03/02/2014 || || || -3d<br />
|-<br />
| CVE-2014-1838 CVE-2014-1839 || {{Pkg|python-logilab}} || 31/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-0368 CVE-2014-0373 <br> CVE-2014-0376 CVE-2014-0411 <br> CVE-2014-0416 CVE-2014-0422 <br> CVE-2014-0423 CVE-2014-0428 || *-openjdk-* || 15/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-1402 || {{Pkg|python-jinja}} || 10/01/2014 || || || 1d<br />
|-<br />
| CVE-2013-6462 || {{Pkg|libxfont}} || 07/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-1235 || {{Pkg|graphviz}} || 07/01/2014 || {{Bug|38441}} || || 3d<br />
|-<br />
| CVE-2014-0978 || {{Pkg|freerdp}} || 02/01/2014 || {{Bug|38802}} || || ??<br />
|-<br />
|}</div>
RbN
https://wiki.archlinux.org/index.php?title=CVE&diff=306918
CVE
2014-03-24T22:25:40Z
<p>RbN: /* Documented Resolved CVE's */</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Stub|Draft of a table conaining already corrected CVE<br />
TODO: -improve sexyness of the table <br />
- links to Mitre for CVE-id<br />
}}<br />
<br />
{{Related articles start}}<br />
{{Related | Arch_CVE_Monitoring_Team}}<br />
{{Related articles end}}<br />
This article documents [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's) that are found and fixed in Arch Linux. <br />
<br />
==Introduction==<br />
CVE's represent critical security vulnerabilities which must be addressed as quickly as possible. <br />
<br />
Once a CVE has been located and fixed, it is added to the CVE documentation table below.<br />
<br />
==Helping==<br />
This is a community driven project. Please consider joining the [[Arch_CVE_Monitoring_Team | Arch CVE Monitoring Team]]. <br />
<br />
Also, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch security mailing list]. There is an IRC on irc://irc.freenode.net/archlinux-security.<br />
<br />
==Procedure==<br />
<br />
When adding a CVE to the table, add it to the TOP of the table. In the "CVE-id", "package/version", and "Update/bug" columns, create the entry as a hyperlink to the appropriate URL, respectively.<br />
<br />
<br />
The following template may be used to faciliate CVE entries into the table. The first line, "|-" represents the creation of a new row in the table, while the second line should be modified per CVE. <br />
{{hc|CVE Table Addition Template|<nowiki>|-<br />
| [http://link.to.cve CVE-2014-????] || {{Pkg|pkgname}} || date_public || update/bug || fixed_version || time_vulnerable || status (fixed|pending) </nowiki> }}<br />
<br />
The above template should be added after the line<br />
{{bc|<nowiki>! scope="col" width="125px" data-sort-type="text" | CVE-id !! package/version !! Date public !! Update/bug !! Fixed version !! Time vulnerable !! Status</nowiki>}}<br />
<br />
==Documented Resolved CVE's ==<br />
<br><br />
{{Note|Refer to the [[#Procedure]] section when adding new entries.}}<br />
<br />
<br />
{| class="wikitable" style="margin: 1em auto 1em auto; text-align: center;" width="50%"<br />
|height="50px" colspan="7" style="font-size: 125%;"| '''RESOLVED CVE's'''<br />
|-<br />
! scope="col" width="110px" data-sort-type="text" | CVE-id !! package/version !! Date public !! Update/bug !! Fixed version !! Time vulnerable !! Status<br />
<br />
|-<br />
| CVE-2014-1700 CVE-2014-1701 CVE-2014-1702 CVE-2014-1703 CVE-2014-1704 CVE-2014-1705 CVE-2014-1713 CVE-2014-1715 || {{Pkg|chromium}} || 11/03/2014 || 32 || 33 || 4d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0098 CVE-2014-0098] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6438 CVE-2013-6438]|| {{Pkg|apache}} || 17/03/2014 || 2.4.8 || 2.4.9 || -1d || fixed <br />
|-<br />
| CVE-2014-1492 || {{Pkg|nss}} || 18/03/2014 || 2.15.5 || 3.16 || - || pending<br />
|-<br />
| CVE-2014-1493 CVE-2014-1494 CVE-2014-1497 CVE-2014-1498 CVE-2014-1499 CVE-2014-1500 CVE-2014-1502 CVE-2014-1504 CVE-2014-1505 CVE-2014-1508 CVE-2014-1509 CVE-2014-1510 CVE-2014-1511 CVE-2014-1512 CVE-2014-1513 CVE-2014-1514 || {{Pkg|firefox}} {{Pkg|thunderbird}} || 18/03/2014 || 27 || 28 || 1d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2240 CVE-2014-2240] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2241 CVE-2014-2241]|| {{Pkg|freetype2}} || || 2.5.2 || 2.5.3 || ? || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2029 CVE-2014-2029 ]|| {{Pkg|xtrabackup}} || 16/02/2014 || 2.1.7 || 2.1.8 || 28d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1958 CVE-2014-1958 ][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2030 CVE-2014-2030 ]|| {{Pkg|imagemagick}} || || || 6.8.8.9-1 || ? || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1943 CVE-2014-1943 ][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2270 CVE-2014-2270 ]|| {{Pkg|php}} || 06/03/2014 || 5.5.9 || 5.5.110 || -1d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0404 CVE-2014-0404 ][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-04046 CVE-2014-0406 ][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0407 CVE-2014-0407 ] || {{Pkg|virtualbox}} || 28/02/2014 || 4.3.4 || 4.3.6 || ? || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2323 CVE-2014-2323 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2324 CVE-2014-2324 ] || {{Pkg|lighttpd}} || 12/03/2014 || 1.4.34 || 1.4.35 || 0d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0333 CVE-2014-0333 ] || {{Pkg|libpng}} || 28/02/2014 || 1.6.9 || 1.6.10 || 9d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0017 CVE-2014-0017 ] || {{Pkg|libssh}} || 04/03/2014 || - || 3.5.7.29 || 5d || fixed <br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/628 CVE-2013-7339] || {{Pkg|linux}} <3.5.7.29|| 20/03/2014 || - || 3.5.7.29 || 0d || fixed <br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2568 CVE-2014-2568] || {{Pkg|linux}} || 18/03/2014 || {{Bug|39566}} || - || - || invalid <br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2524 CVE-2014-2524] || {{Pkg|tigervnc}} || 19/03/2014 || - || 1.3.1 || 1d || FIXED<br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/595 CVE-2013-7338] || {{Pkg|python}} || 19/03/2014 || {{Bug|39540}} || 3.4 beta3 || 2013-12-27:? || pending 3.4 -> [extra]<br />
|-<br />
| [http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html CVE-2014-0133 ] || {{Pkg|nginx}} || 18/03/2014 || - || 1.4.7 || 0d || fixed<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2013-7336 CVE-2013-7336 ] || {{Pkg|libvirt}} || 19/09/2013 || - || libvirt-1.1.1-7.el7 || 0d || fixed<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2523 CVE-2014-2523 ] || {{Pkg|linux}} || 17/03/2014 || - || 3.13-rc5 || ? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0004 CVE-2014-0004 ] || {{Pkg|udisks2}} {{Pkg|udisks}} || 10/03/2014 || 2.1.3 1.0.5 || 2.1.3 1.0.5 || 3d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2281 CVE-2014-2281 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2282 CVE-2014-2282 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2283 CVE-2014-2283 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2299 CVE-2014-2299 ] || {{Pkg|wireshark}} || 10/03/2014 || 1.10.6 || 1.10.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0050 CVE-2014-0050 ] || {{Pkg|tomcat7}} || 06/02/2014 || 7.0.51 || 7.0.51 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0033 CVE-2014-0033 ] || {{Pkg|tomcat6}} || 10/01/2014 || 6.0.37 || 6.0.37 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0032 CVE-2014-0032 ] || {{Pkg|subversion}} || 10/01/2014 || 1.8.6 || 1.8.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0060 CVE-2014-0060 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0061 CVE-2014-0061 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0062 CVE-2014-0062 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0063 CVE-2014-0063 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0064 CVE-2014-0064] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0065 CVE-2014-0065] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0066 CVE-2014-0066] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0067 CVE-2014-0067] || {{Pkg|postgresql}} || 20/02/2014 || 9.3.3 || 9.33 || 0d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1912 CVE-2014-1912 ] || {{Pkg|python}} {{Pkg|python2}} || 07/02/2014 || || || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4496 CVE-2013-4496 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6442 CVE-2013-6442 ] || {{Pkg|samba}} || 14/03/2014 ||{{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0504 CVE-2014-0504 ] || {{Pkg|flashplugin}} || 12/03/2014 || {{Bug|39385}} || 11.2.202.346 || 1d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0106 CVE-2014-0106] || {{Pkg|sudo}}/1.8.9.p5 || || 1.8.10 || || - || fixed<br />
|-<br />
| CVE-2014-2285 CVE-2014-2284 || {{Pkg|net-snmp}} || 05/03/2014 || {{Bug|39190}} || || 8d<br />
|-<br />
| CVE-2014-0092 || {{Pkg|gnutls}} || 04/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2242 CVE-2014-2243 CVE-2014-2244 || {{Pkg|mediawiki}} || 14/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2093 CVE-2014-2094 CVE-2014-2095 CVE-2014-2096 || {{Pkg|catfish}} || 25/02/2014 || || || ??<br />
|-<br />
| CVE-2014-0497|| {{Pkg|flashplugin}} || 04/02/2014 || || || 1d<br />
|-<br />
| CVE-2014-0015 || {{Pkg|curl}} || 29/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-1610 || {{Pkg|mediawiki}} || 29/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-0021 || {{Pkg|chrony}} || 17/01/2014 || || || 14d<br />
|-<br />
| CVE-2014-1875 || {{Pkg|perl-capture-tiny}} || 06/02/2014 || {{Bug|38862}} || || 4d<br />
|-<br />
| CVE-2013-6493 || {{Pkg|icedtea-web-jav}} || 05/02/2014 || || || 0d<br />
|- <br />
| CVE-2014-1858 CVE-2014-1859 || {{Pkg|python-numpy}} || 06/02/2014 || {{Bug|38863}} || || 4d<br />
|-<br />
| CVE-2014-1932 CVE-2014-1933 || {{Pkg|python-pillow}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1934 || {{Pkg|python-eyed3}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1935 || {{Pkg|9base}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1949 || {{Pkg|cinnamon-screensaver}} || 12/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1959 || {{Pkg|gnutls}} || 13/02/2014 || || || 2d<br />
|- <br />
| CVE-2014-2015 || {{Pkg|freeradius}} || 16/02/2014 || || || ??<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1943 CVE-2014-1943 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2270 CVE-2014-2270 ] || {{Pkg|file}} || 10/02/2014 || || || 2d<br />
|-<br />
| CVE-2014-0001 CVE-2014-0412<br> CVE-2014-0437 CVE-2014-0420 <br> CVE-2014-0393 CVE-2014-0386 <br> CVE-2014-0401 CVE-2014-0402 || {{Pkg|mariadb}} || 13/02/2013 || || || -13d<br />
|-<br />
| CVE-2014-1447 || {{Pkg|libvirt}} || 16/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-0979 || lightdm-gtk* || 07/01/2014 || {{Bug|38715}} || || 25d<br />
|-<br />
| CVE-2014-1475 CVE-2014-1476 || {{Pkg|drupal}} || 15/01/2014 || || || 12d<br />
|-<br />
| CVE-2014-0019 || {{Pkg|socat}} || 29/01/2014 || || || 0d<br />
|- <br />
| CVE-2014-1845 CVE-2014-1846 || {{Pkg|enlightment}} || 03/02/2014 || || || -3d<br />
|-<br />
| CVE-2014-1838 CVE-2014-1839 || {{Pkg|python-logilab}} || 31/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-0368 CVE-2014-0373 <br> CVE-2014-0376 CVE-2014-0411 <br> CVE-2014-0416 CVE-2014-0422 <br> CVE-2014-0423 CVE-2014-0428 || *-openjdk-* || 15/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-1402 || {{Pkg|python-jinja}} || 10/01/2014 || || || 1d<br />
|-<br />
| CVE-2013-6462 || {{Pkg|libxfont}} || 07/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-1235 || {{Pkg|graphviz}} || 07/01/2014 || {{Bug|38441}} || || 3d<br />
|-<br />
| CVE-2014-0978 || {{Pkg|freerdp}} || 02/01/2014 || {{Bug|38802}} || || ??<br />
|-<br />
|}</div>
RbN
https://wiki.archlinux.org/index.php?title=CVE&diff=306917
CVE
2014-03-24T22:18:03Z
<p>RbN: /* Documented Resolved CVE's */</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Stub|Draft of a table conaining already corrected CVE<br />
TODO: -improve sexyness of the table <br />
- links to Mitre for CVE-id<br />
}}<br />
<br />
{{Related articles start}}<br />
{{Related | Arch_CVE_Monitoring_Team}}<br />
{{Related articles end}}<br />
This article documents [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's) that are found and fixed in Arch Linux. <br />
<br />
==Introduction==<br />
CVE's represent critical security vulnerabilities which must be addressed as quickly as possible. <br />
<br />
Once a CVE has been located and fixed, it is added to the CVE documentation table below.<br />
<br />
==Helping==<br />
This is a community driven project. Please consider joining the [[Arch_CVE_Monitoring_Team | Arch CVE Monitoring Team]]. <br />
<br />
Also, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch security mailing list]. There is an IRC on irc://irc.freenode.net/archlinux-security.<br />
<br />
==Procedure==<br />
<br />
When adding a CVE to the table, add it to the TOP of the table. In the "CVE-id", "package/version", and "Update/bug" columns, create the entry as a hyperlink to the appropriate URL, respectively.<br />
<br />
<br />
The following template may be used to faciliate CVE entries into the table. The first line, "|-" represents the creation of a new row in the table, while the second line should be modified per CVE. <br />
{{hc|CVE Table Addition Template|<nowiki>|-<br />
| [http://link.to.cve CVE-2014-????] || {{Pkg|pkgname}} || date_public || update/bug || fixed_version || time_vulnerable || status (fixed|pending) </nowiki> }}<br />
<br />
The above template should be added after the line<br />
{{bc|<nowiki>! scope="col" width="125px" data-sort-type="text" | CVE-id !! package/version !! Date public !! Update/bug !! Fixed version !! Time vulnerable !! Status</nowiki>}}<br />
<br />
==Documented Resolved CVE's ==<br />
<br><br />
{{Note|Refer to the [[#Procedure]] section when adding new entries.}}<br />
<br />
<br />
{| class="wikitable" style="margin: 1em auto 1em auto; text-align: center;" width="50%"<br />
|height="50px" colspan="7" style="font-size: 125%;"| '''RESOLVED CVE's'''<br />
|-<br />
! scope="col" width="110px" data-sort-type="text" | CVE-id !! package/version !! Date public !! Update/bug !! Fixed version !! Time vulnerable !! Status<br />
|-<br />
| CVE-2014-1700 CVE-2014-1701 CVE-2014-1702 CVE-2014-1703 CVE-2014-1704 CVE-2014-1705 CVE-2014-1713 CVE-2014-1715 || {{Pkg|chromium}} || 11/03/2014 || 32 || 33 || 4d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0098 CVE-2014-0098] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6438 CVE-2013-6438]|| {{Pkg|apache}} || 17/03/2014 || 2.4.8 || 2.4.9 || -1d || fixed <br />
|-<br />
| CVE-2014-1493 CVE-2014-1494 CVE-2014-1497 CVE-2014-1498 CVE-2014-1499 CVE-2014-1500 CVE-2014-1502 CVE-2014-1504 CVE-2014-1505 CVE-2014-1508 CVE-2014-1509 CVE-2014-1510 CVE-2014-1511 CVE-2014-1512 CVE-2014-1513 CVE-2014-1514 || {{Pkg|firefox}} {{Pkg|thunderbird}} || 18/03/2014 || 27 || 28 || 1d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2240 CVE-2014-2240] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2241 CVE-2014-2241]|| {{Pkg|freetype2}} || || 2.5.2 || 2.5.3 || ? || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2029 CVE-2014-2029 ]|| {{Pkg|xtrabackup}} || 16/02/2014 || 2.1.7 || 2.1.8 || 28d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1958 CVE-2014-1958 ][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2030 CVE-2014-2030 ]|| {{Pkg|imagemagick}} || || || 6.8.8.9-1 || ? || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1943 CVE-2014-1943 ][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2270 CVE-2014-2270 ]|| {{Pkg|php}} || 06/03/2014 || 5.5.9 || 5.5.110 || -1d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0404 CVE-2014-0404 ][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-04046 CVE-2014-0406 ][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0407 CVE-2014-0407 ] || {{Pkg|virtualbox}} || 28/02/2014 || 4.3.4 || 4.3.6 || ? || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2323 CVE-2014-2323 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2324 CVE-2014-2324 ] || {{Pkg|lighttpd}} || 12/03/2014 || 1.4.34 || 1.4.35 || 0d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0333 CVE-2014-0333 ] || {{Pkg|libpng}} || 28/02/2014 || 1.6.9 || 1.6.10 || 9d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0017 CVE-2014-0017 ] || {{Pkg|libssh}} || 04/03/2014 || - || 3.5.7.29 || 5d || fixed <br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/628 CVE-2013-7339] || {{Pkg|linux}} <3.5.7.29|| 20/03/2014 || - || 3.5.7.29 || 0d || fixed <br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2568 CVE-2014-2568] || {{Pkg|linux}} || 18/03/2014 || {{Bug|39566}} || - || - || invalid <br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2524 CVE-2014-2524] || {{Pkg|tigervnc}} || 19/03/2014 || - || 1.3.1 || 1d || FIXED<br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/595 CVE-2013-7338] || {{Pkg|python}} || 19/03/2014 || {{Bug|39540}} || 3.4 beta3 || 2013-12-27:? || pending 3.4 -> [extra]<br />
|-<br />
| [http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html CVE-2014-0133 ] || {{Pkg|nginx}} || 18/03/2014 || - || 1.4.7 || 0d || fixed<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2013-7336 CVE-2013-7336 ] || {{Pkg|libvirt}} || 19/09/2013 || - || libvirt-1.1.1-7.el7 || 0d || fixed<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2523 CVE-2014-2523 ] || {{Pkg|linux}} || 17/03/2014 || - || 3.13-rc5 || ? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0004 CVE-2014-0004 ] || {{Pkg|udisks2}} {{Pkg|udisks}} || 10/03/2014 || 2.1.3 1.0.5 || 2.1.3 1.0.5 || 3d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2281 CVE-2014-2281 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2282 CVE-2014-2282 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2283 CVE-2014-2283 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2299 CVE-2014-2299 ] || {{Pkg|wireshark}} || 10/03/2014 || 1.10.6 || 1.10.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0050 CVE-2014-0050 ] || {{Pkg|tomcat7}} || 06/02/2014 || 7.0.51 || 7.0.51 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0033 CVE-2014-0033 ] || {{Pkg|tomcat6}} || 10/01/2014 || 6.0.37 || 6.0.37 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0032 CVE-2014-0032 ] || {{Pkg|subversion}} || 10/01/2014 || 1.8.6 || 1.8.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0060 CVE-2014-0060 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0061 CVE-2014-0061 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0062 CVE-2014-0062 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0063 CVE-2014-0063 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0064 CVE-2014-0064] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0065 CVE-2014-0065] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0066 CVE-2014-0066] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0067 CVE-2014-0067] || {{Pkg|postgresql}} || 20/02/2014 || 9.3.3 || 9.33 || 0d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1912 CVE-2014-1912 ] || {{Pkg|python}} {{Pkg|python2}} || 07/02/2014 || || || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4496 CVE-2013-4496 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6442 CVE-2013-6442 ] || {{Pkg|samba}} || 14/03/2014 ||{{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0504 CVE-2014-0504 ] || {{Pkg|flashplugin}} || 12/03/2014 || {{Bug|39385}} || 11.2.202.346 || 1d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0106 CVE-2014-0106] || {{Pkg|sudo}}/1.8.9.p5 || || 1.8.10 || || - || fixed<br />
|-<br />
| CVE-2014-2285 CVE-2014-2284 || {{Pkg|net-snmp}} || 05/03/2014 || {{Bug|39190}} || || 8d<br />
|-<br />
| CVE-2014-0092 || {{Pkg|gnutls}} || 04/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2242 CVE-2014-2243 CVE-2014-2244 || {{Pkg|mediawiki}} || 14/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2093 CVE-2014-2094 CVE-2014-2095 CVE-2014-2096 || {{Pkg|catfish}} || 25/02/2014 || || || ??<br />
|-<br />
| CVE-2014-0497|| {{Pkg|flashplugin}} || 04/02/2014 || || || 1d<br />
|-<br />
| CVE-2014-0015 || {{Pkg|curl}} || 29/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-1610 || {{Pkg|mediawiki}} || 29/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-0021 || {{Pkg|chrony}} || 17/01/2014 || || || 14d<br />
|-<br />
| CVE-2014-1875 || {{Pkg|perl-capture-tiny}} || 06/02/2014 || {{Bug|38862}} || || 4d<br />
|-<br />
| CVE-2013-6493 || {{Pkg|icedtea-web-jav}} || 05/02/2014 || || || 0d<br />
|- <br />
| CVE-2014-1858 CVE-2014-1859 || {{Pkg|python-numpy}} || 06/02/2014 || {{Bug|38863}} || || 4d<br />
|-<br />
| CVE-2014-1932 CVE-2014-1933 || {{Pkg|python-pillow}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1934 || {{Pkg|python-eyed3}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1935 || {{Pkg|9base}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1949 || {{Pkg|cinnamon-screensaver}} || 12/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1959 || {{Pkg|gnutls}} || 13/02/2014 || || || 2d<br />
|- <br />
| CVE-2014-2015 || {{Pkg|freeradius}} || 16/02/2014 || || || ??<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1943 CVE-2014-1943 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2270 CVE-2014-2270 ] || {{Pkg|file}} || 10/02/2014 || || || 2d<br />
|-<br />
| CVE-2014-0001 CVE-2014-0412<br> CVE-2014-0437 CVE-2014-0420 <br> CVE-2014-0393 CVE-2014-0386 <br> CVE-2014-0401 CVE-2014-0402 || {{Pkg|mariadb}} || 13/02/2013 || || || -13d<br />
|-<br />
| CVE-2014-1447 || {{Pkg|libvirt}} || 16/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-0979 || lightdm-gtk* || 07/01/2014 || {{Bug|38715}} || || 25d<br />
|-<br />
| CVE-2014-1475 CVE-2014-1476 || {{Pkg|drupal}} || 15/01/2014 || || || 12d<br />
|-<br />
| CVE-2014-0019 || {{Pkg|socat}} || 29/01/2014 || || || 0d<br />
|- <br />
| CVE-2014-1845 CVE-2014-1846 || {{Pkg|enlightment}} || 03/02/2014 || || || -3d<br />
|-<br />
| CVE-2014-1838 CVE-2014-1839 || {{Pkg|python-logilab}} || 31/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-0368 CVE-2014-0373 <br> CVE-2014-0376 CVE-2014-0411 <br> CVE-2014-0416 CVE-2014-0422 <br> CVE-2014-0423 CVE-2014-0428 || *-openjdk-* || 15/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-1402 || {{Pkg|python-jinja}} || 10/01/2014 || || || 1d<br />
|-<br />
| CVE-2013-6462 || {{Pkg|libxfont}} || 07/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-1235 || {{Pkg|graphviz}} || 07/01/2014 || {{Bug|38441}} || || 3d<br />
|-<br />
| CVE-2014-0978 || {{Pkg|freerdp}} || 02/01/2014 || {{Bug|38802}} || || ??<br />
|-<br />
|}</div>
RbN
https://wiki.archlinux.org/index.php?title=CVE&diff=306916
CVE
2014-03-24T22:15:03Z
<p>RbN: /* Documented Resolved CVE's */</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Stub|Draft of a table conaining already corrected CVE<br />
TODO: -improve sexyness of the table <br />
- links to Mitre for CVE-id<br />
}}<br />
<br />
{{Related articles start}}<br />
{{Related | Arch_CVE_Monitoring_Team}}<br />
{{Related articles end}}<br />
This article documents [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's) that are found and fixed in Arch Linux. <br />
<br />
==Introduction==<br />
CVE's represent critical security vulnerabilities which must be addressed as quickly as possible. <br />
<br />
Once a CVE has been located and fixed, it is added to the CVE documentation table below.<br />
<br />
==Helping==<br />
This is a community driven project. Please consider joining the [[Arch_CVE_Monitoring_Team | Arch CVE Monitoring Team]]. <br />
<br />
Also, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch security mailing list]. There is an IRC on irc://irc.freenode.net/archlinux-security.<br />
<br />
==Procedure==<br />
<br />
When adding a CVE to the table, add it to the TOP of the table. In the "CVE-id", "package/version", and "Update/bug" columns, create the entry as a hyperlink to the appropriate URL, respectively.<br />
<br />
<br />
The following template may be used to faciliate CVE entries into the table. The first line, "|-" represents the creation of a new row in the table, while the second line should be modified per CVE. <br />
{{hc|CVE Table Addition Template|<nowiki>|-<br />
| [http://link.to.cve CVE-2014-????] || {{Pkg|pkgname}} || date_public || update/bug || fixed_version || time_vulnerable || status (fixed|pending) </nowiki> }}<br />
<br />
The above template should be added after the line<br />
{{bc|<nowiki>! scope="col" width="125px" data-sort-type="text" | CVE-id !! package/version !! Date public !! Update/bug !! Fixed version !! Time vulnerable !! Status</nowiki>}}<br />
<br />
==Documented Resolved CVE's ==<br />
<br><br />
{{Note|Refer to the [[#Procedure]] section when adding new entries.}}<br />
<br />
<br />
{| class="wikitable" style="margin: 1em auto 1em auto; text-align: center;" width="50%"<br />
|height="50px" colspan="7" style="font-size: 125%;"| '''RESOLVED CVE's'''<br />
|-<br />
! scope="col" width="110px" data-sort-type="text" | CVE-id !! package/version !! Date public !! Update/bug !! Fixed version !! Time vulnerable !! Status<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0098 CVE-2014-0098] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6438 CVE-2013-6438]|| {{Pkg|apache}} || 17/03/2014 || 2.4.8 || 2.4.9 || -1d || fixed <br />
|-<br />
| CVE-2014-1493 CVE-2014-1494 CVE-2014-1497 CVE-2014-1498 CVE-2014-1499 CVE-2014-1500 CVE-2014-1502 CVE-2014-1504 CVE-2014-1505 CVE-2014-1508 CVE-2014-1509 CVE-2014-1510 CVE-2014-1511 CVE-2014-1512 CVE-2014-1513 CVE-2014-1514 || {{Pkg|firefox}} {{Pkg|thunderbird}} || 18/03/2014 || 27 || 28 || 1d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2240 CVE-2014-2240] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2241 CVE-2014-2241]|| {{Pkg|freetype2}} || || 2.5.2 || 2.5.3 || ? || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2029 CVE-2014-2029 ]|| {{Pkg|xtrabackup}} || 16/02/2014 || 2.1.7 || 2.1.8 || 28d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1958 CVE-2014-1958 ][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2030 CVE-2014-2030 ]|| {{Pkg|imagemagick}} || || || 6.8.8.9-1 || ? || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1943 CVE-2014-1943 ][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2270 CVE-2014-2270 ]|| {{Pkg|php}} || 06/03/2014 || 5.5.9 || 5.5.110 || -1d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0404 CVE-2014-0404 ][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-04046 CVE-2014-0406 ][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0407 CVE-2014-0407 ] || {{Pkg|virtualbox}} || 28/02/2014 || 4.3.4 || 4.3.6 || ? || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2323 CVE-2014-2323 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2324 CVE-2014-2324 ] || {{Pkg|lighttpd}} || 12/03/2014 || 1.4.34 || 1.4.35 || 0d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0333 CVE-2014-0333 ] || {{Pkg|libpng}} || 28/02/2014 || 1.6.9 || 1.6.10 || 9d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0017 CVE-2014-0017 ] || {{Pkg|libssh}} || 04/03/2014 || - || 3.5.7.29 || 5d || fixed <br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/628 CVE-2013-7339] || {{Pkg|linux}} <3.5.7.29|| 20/03/2014 || - || 3.5.7.29 || 0d || fixed <br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2568 CVE-2014-2568] || {{Pkg|linux}} || 18/03/2014 || {{Bug|39566}} || - || - || invalid <br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2524 CVE-2014-2524] || {{Pkg|tigervnc}} || 19/03/2014 || - || 1.3.1 || 1d || FIXED<br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/595 CVE-2013-7338] || {{Pkg|python}} || 19/03/2014 || {{Bug|39540}} || 3.4 beta3 || 2013-12-27:? || pending 3.4 -> [extra]<br />
|-<br />
| [http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html CVE-2014-0133 ] || {{Pkg|nginx}} || 18/03/2014 || - || 1.4.7 || 0d || fixed<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2013-7336 CVE-2013-7336 ] || {{Pkg|libvirt}} || 19/09/2013 || - || libvirt-1.1.1-7.el7 || 0d || fixed<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2523 CVE-2014-2523 ] || {{Pkg|linux}} || 17/03/2014 || - || 3.13-rc5 || ? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0004 CVE-2014-0004 ] || {{Pkg|udisks2}} {{Pkg|udisks}} || 10/03/2014 || 2.1.3 1.0.5 || 2.1.3 1.0.5 || 3d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2281 CVE-2014-2281 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2282 CVE-2014-2282 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2283 CVE-2014-2283 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2299 CVE-2014-2299 ] || {{Pkg|wireshark}} || 10/03/2014 || 1.10.6 || 1.10.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0050 CVE-2014-0050 ] || {{Pkg|tomcat7}} || 06/02/2014 || 7.0.51 || 7.0.51 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0033 CVE-2014-0033 ] || {{Pkg|tomcat6}} || 10/01/2014 || 6.0.37 || 6.0.37 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0032 CVE-2014-0032 ] || {{Pkg|subversion}} || 10/01/2014 || 1.8.6 || 1.8.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0060 CVE-2014-0060 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0061 CVE-2014-0061 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0062 CVE-2014-0062 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0063 CVE-2014-0063 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0064 CVE-2014-0064] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0065 CVE-2014-0065] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0066 CVE-2014-0066] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0067 CVE-2014-0067] || {{Pkg|postgresql}} || 20/02/2014 || 9.3.3 || 9.33 || 0d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1912 CVE-2014-1912 ] || {{Pkg|python}} {{Pkg|python2}} || 07/02/2014 || || || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4496 CVE-2013-4496 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6442 CVE-2013-6442 ] || {{Pkg|samba}} || 14/03/2014 ||{{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0504 CVE-2014-0504 ] || {{Pkg|flashplugin}} || 12/03/2014 || {{Bug|39385}} || 11.2.202.346 || 1d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0106 CVE-2014-0106] || {{Pkg|sudo}}/1.8.9.p5 || || 1.8.10 || || - || fixed<br />
|-<br />
| CVE-2014-2285 CVE-2014-2284 || {{Pkg|net-snmp}} || 05/03/2014 || {{Bug|39190}} || || 8d<br />
|-<br />
| CVE-2014-0092 || {{Pkg|gnutls}} || 04/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2242 CVE-2014-2243 CVE-2014-2244 || {{Pkg|mediawiki}} || 14/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2093 CVE-2014-2094 CVE-2014-2095 CVE-2014-2096 || {{Pkg|catfish}} || 25/02/2014 || || || ??<br />
|-<br />
| CVE-2014-0497|| {{Pkg|flashplugin}} || 04/02/2014 || || || 1d<br />
|-<br />
| CVE-2014-0015 || {{Pkg|curl}} || 29/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-1610 || {{Pkg|mediawiki}} || 29/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-0021 || {{Pkg|chrony}} || 17/01/2014 || || || 14d<br />
|-<br />
| CVE-2014-1875 || {{Pkg|perl-capture-tiny}} || 06/02/2014 || {{Bug|38862}} || || 4d<br />
|-<br />
| CVE-2013-6493 || {{Pkg|icedtea-web-jav}} || 05/02/2014 || || || 0d<br />
|- <br />
| CVE-2014-1858 CVE-2014-1859 || {{Pkg|python-numpy}} || 06/02/2014 || {{Bug|38863}} || || 4d<br />
|-<br />
| CVE-2014-1932 CVE-2014-1933 || {{Pkg|python-pillow}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1934 || {{Pkg|python-eyed3}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1935 || {{Pkg|9base}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1949 || {{Pkg|cinnamon-screensaver}} || 12/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1959 || {{Pkg|gnutls}} || 13/02/2014 || || || 2d<br />
|- <br />
| CVE-2014-2015 || {{Pkg|freeradius}} || 16/02/2014 || || || ??<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1943 CVE-2014-1943 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2270 CVE-2014-2270 ] || {{Pkg|file}} || 10/02/2014 || || || 2d<br />
|-<br />
| CVE-2014-0001 CVE-2014-0412<br> CVE-2014-0437 CVE-2014-0420 <br> CVE-2014-0393 CVE-2014-0386 <br> CVE-2014-0401 CVE-2014-0402 || {{Pkg|mariadb}} || 13/02/2013 || || || -13d<br />
|-<br />
| CVE-2014-1447 || {{Pkg|libvirt}} || 16/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-0979 || lightdm-gtk* || 07/01/2014 || {{Bug|38715}} || || 25d<br />
|-<br />
| CVE-2014-1475 CVE-2014-1476 || {{Pkg|drupal}} || 15/01/2014 || || || 12d<br />
|-<br />
| CVE-2014-0019 || {{Pkg|socat}} || 29/01/2014 || || || 0d<br />
|- <br />
| CVE-2014-1845 CVE-2014-1846 || {{Pkg|enlightment}} || 03/02/2014 || || || -3d<br />
|-<br />
| CVE-2014-1838 CVE-2014-1839 || {{Pkg|python-logilab}} || 31/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-0368 CVE-2014-0373 <br> CVE-2014-0376 CVE-2014-0411 <br> CVE-2014-0416 CVE-2014-0422 <br> CVE-2014-0423 CVE-2014-0428 || *-openjdk-* || 15/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-1402 || {{Pkg|python-jinja}} || 10/01/2014 || || || 1d<br />
|-<br />
| CVE-2013-6462 || {{Pkg|libxfont}} || 07/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-1235 || {{Pkg|graphviz}} || 07/01/2014 || {{Bug|38441}} || || 3d<br />
|-<br />
| CVE-2014-0978 || {{Pkg|freerdp}} || 02/01/2014 || {{Bug|38802}} || || ??<br />
|-<br />
|}</div>
RbN
https://wiki.archlinux.org/index.php?title=CVE&diff=306915
CVE
2014-03-24T22:11:03Z
<p>RbN: /* Documented Resolved CVE's */</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Stub|Draft of a table conaining already corrected CVE<br />
TODO: -improve sexyness of the table <br />
- links to Mitre for CVE-id<br />
}}<br />
<br />
{{Related articles start}}<br />
{{Related | Arch_CVE_Monitoring_Team}}<br />
{{Related articles end}}<br />
This article documents [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's) that are found and fixed in Arch Linux. <br />
<br />
==Introduction==<br />
CVE's represent critical security vulnerabilities which must be addressed as quickly as possible. <br />
<br />
Once a CVE has been located and fixed, it is added to the CVE documentation table below.<br />
<br />
==Helping==<br />
This is a community driven project. Please consider joining the [[Arch_CVE_Monitoring_Team | Arch CVE Monitoring Team]]. <br />
<br />
Also, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch security mailing list]. There is an IRC on irc://irc.freenode.net/archlinux-security.<br />
<br />
==Procedure==<br />
<br />
When adding a CVE to the table, add it to the TOP of the table. In the "CVE-id", "package/version", and "Update/bug" columns, create the entry as a hyperlink to the appropriate URL, respectively.<br />
<br />
<br />
The following template may be used to faciliate CVE entries into the table. The first line, "|-" represents the creation of a new row in the table, while the second line should be modified per CVE. <br />
{{hc|CVE Table Addition Template|<nowiki>|-<br />
| [http://link.to.cve CVE-2014-????] || {{Pkg|pkgname}} || date_public || update/bug || fixed_version || time_vulnerable || status (fixed|pending) </nowiki> }}<br />
<br />
The above template should be added after the line<br />
{{bc|<nowiki>! scope="col" width="125px" data-sort-type="text" | CVE-id !! package/version !! Date public !! Update/bug !! Fixed version !! Time vulnerable !! Status</nowiki>}}<br />
<br />
==Documented Resolved CVE's ==<br />
<br><br />
{{Note|Refer to the [[#Procedure]] section when adding new entries.}}<br />
<br />
<br />
{| class="wikitable" style="margin: 1em auto 1em auto; text-align: center;" width="50%"<br />
|height="50px" colspan="7" style="font-size: 125%;"| '''RESOLVED CVE's'''<br />
|-<br />
! scope="col" width="110px" data-sort-type="text" | CVE-id !! package/version !! Date public !! Update/bug !! Fixed version !! Time vulnerable !! Status<br />
|-<br />
| CVE-2014-1493 CVE-2014-1494 CVE-2014-1497 CVE-2014-1498 CVE-2014-1499 CVE-2014-1500 CVE-2014-1502 CVE-2014-1504 CVE-2014-1505 CVE-2014-1508 CVE-2014-1509 CVE-2014-1510 CVE-2014-1511 CVE-2014-1512 CVE-2014-1513 CVE-2014-1514 || {{Pkg|firefox}} {{Pkg|thunderbird}} || 18/03/2014 || 27 || 28 || 1d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2240 CVE-2014-2240] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2241 CVE-2014-2241]|| {{Pkg|freetype2}} || || 2.5.2 || 2.5.3 || ? || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2029 CVE-2014-2029 ]|| {{Pkg|xtrabackup}} || 16/02/2014 || 2.1.7 || 2.1.8 || 28d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1958 CVE-2014-1958 ][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2030 CVE-2014-2030 ]|| {{Pkg|imagemagick}} || || || 6.8.8.9-1 || ? || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1943 CVE-2014-1943 ][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2270 CVE-2014-2270 ]|| {{Pkg|php}} || 06/03/2014 || 5.5.9 || 5.5.110 || -1d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0404 CVE-2014-0404 ][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-04046 CVE-2014-0406 ][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0407 CVE-2014-0407 ] || {{Pkg|virtualbox}} || 28/02/2014 || 4.3.4 || 4.3.6 || ? || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2323 CVE-2014-2323 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2324 CVE-2014-2324 ] || {{Pkg|lighttpd}} || 12/03/2014 || 1.4.34 || 1.4.35 || 0d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0333 CVE-2014-0333 ] || {{Pkg|libpng}} || 28/02/2014 || 1.6.9 || 1.6.10 || 9d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0017 CVE-2014-0017 ] || {{Pkg|libssh}} || 04/03/2014 || - || 3.5.7.29 || 5d || fixed <br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/628 CVE-2013-7339] || {{Pkg|linux}} <3.5.7.29|| 20/03/2014 || - || 3.5.7.29 || 0d || fixed <br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2568 CVE-2014-2568] || {{Pkg|linux}} || 18/03/2014 || {{Bug|39566}} || - || - || invalid <br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2524 CVE-2014-2524] || {{Pkg|tigervnc}} || 19/03/2014 || - || 1.3.1 || 1d || FIXED<br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/595 CVE-2013-7338] || {{Pkg|python}} || 19/03/2014 || {{Bug|39540}} || 3.4 beta3 || 2013-12-27:? || pending 3.4 -> [extra]<br />
|-<br />
| [http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html CVE-2014-0133 ] || {{Pkg|nginx}} || 18/03/2014 || - || 1.4.7 || 0d || fixed<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2013-7336 CVE-2013-7336 ] || {{Pkg|libvirt}} || 19/09/2013 || - || libvirt-1.1.1-7.el7 || 0d || fixed<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2523 CVE-2014-2523 ] || {{Pkg|linux}} || 17/03/2014 || - || 3.13-rc5 || ? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0004 CVE-2014-0004 ] || {{Pkg|udisks2}} {{Pkg|udisks}} || 10/03/2014 || 2.1.3 1.0.5 || 2.1.3 1.0.5 || 3d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2281 CVE-2014-2281 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2282 CVE-2014-2282 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2283 CVE-2014-2283 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2299 CVE-2014-2299 ] || {{Pkg|wireshark}} || 10/03/2014 || 1.10.6 || 1.10.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0050 CVE-2014-0050 ] || {{Pkg|tomcat7}} || 06/02/2014 || 7.0.51 || 7.0.51 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0033 CVE-2014-0033 ] || {{Pkg|tomcat6}} || 10/01/2014 || 6.0.37 || 6.0.37 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0032 CVE-2014-0032 ] || {{Pkg|subversion}} || 10/01/2014 || 1.8.6 || 1.8.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0060 CVE-2014-0060 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0061 CVE-2014-0061 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0062 CVE-2014-0062 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0063 CVE-2014-0063 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0064 CVE-2014-0064] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0065 CVE-2014-0065] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0066 CVE-2014-0066] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0067 CVE-2014-0067] || {{Pkg|postgresql}} || 20/02/2014 || 9.3.3 || 9.33 || 0d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1912 CVE-2014-1912 ] || {{Pkg|python}} {{Pkg|python2}} || 07/02/2014 || || || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4496 CVE-2013-4496 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6442 CVE-2013-6442 ] || {{Pkg|samba}} || 14/03/2014 ||{{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0504 CVE-2014-0504 ] || {{Pkg|flashplugin}} || 12/03/2014 || {{Bug|39385}} || 11.2.202.346 || 1d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0106 CVE-2014-0106] || {{Pkg|sudo}}/1.8.9.p5 || || 1.8.10 || || - || fixed<br />
|-<br />
| CVE-2014-2285 CVE-2014-2284 || {{Pkg|net-snmp}} || 05/03/2014 || {{Bug|39190}} || || 8d<br />
|-<br />
| CVE-2014-0092 || {{Pkg|gnutls}} || 04/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2242 CVE-2014-2243 CVE-2014-2244 || {{Pkg|mediawiki}} || 14/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2093 CVE-2014-2094 CVE-2014-2095 CVE-2014-2096 || {{Pkg|catfish}} || 25/02/2014 || || || ??<br />
|-<br />
| CVE-2014-0497|| {{Pkg|flashplugin}} || 04/02/2014 || || || 1d<br />
|-<br />
| CVE-2014-0015 || {{Pkg|curl}} || 29/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-1610 || {{Pkg|mediawiki}} || 29/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-0021 || {{Pkg|chrony}} || 17/01/2014 || || || 14d<br />
|-<br />
| CVE-2014-1875 || {{Pkg|perl-capture-tiny}} || 06/02/2014 || {{Bug|38862}} || || 4d<br />
|-<br />
| CVE-2013-6493 || {{Pkg|icedtea-web-jav}} || 05/02/2014 || || || 0d<br />
|- <br />
| CVE-2014-1858 CVE-2014-1859 || {{Pkg|python-numpy}} || 06/02/2014 || {{Bug|38863}} || || 4d<br />
|-<br />
| CVE-2014-1932 CVE-2014-1933 || {{Pkg|python-pillow}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1934 || {{Pkg|python-eyed3}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1935 || {{Pkg|9base}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1949 || {{Pkg|cinnamon-screensaver}} || 12/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1959 || {{Pkg|gnutls}} || 13/02/2014 || || || 2d<br />
|- <br />
| CVE-2014-2015 || {{Pkg|freeradius}} || 16/02/2014 || || || ??<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1943 CVE-2014-1943 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2270 CVE-2014-2270 ] || {{Pkg|file}} || 10/02/2014 || || || 2d<br />
|-<br />
| CVE-2014-0001 CVE-2014-0412<br> CVE-2014-0437 CVE-2014-0420 <br> CVE-2014-0393 CVE-2014-0386 <br> CVE-2014-0401 CVE-2014-0402 || {{Pkg|mariadb}} || 13/02/2013 || || || -13d<br />
|-<br />
| CVE-2014-1447 || {{Pkg|libvirt}} || 16/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-0979 || lightdm-gtk* || 07/01/2014 || {{Bug|38715}} || || 25d<br />
|-<br />
| CVE-2014-1475 CVE-2014-1476 || {{Pkg|drupal}} || 15/01/2014 || || || 12d<br />
|-<br />
| CVE-2014-0019 || {{Pkg|socat}} || 29/01/2014 || || || 0d<br />
|- <br />
| CVE-2014-1845 CVE-2014-1846 || {{Pkg|enlightment}} || 03/02/2014 || || || -3d<br />
|-<br />
| CVE-2014-1838 CVE-2014-1839 || {{Pkg|python-logilab}} || 31/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-0368 CVE-2014-0373 <br> CVE-2014-0376 CVE-2014-0411 <br> CVE-2014-0416 CVE-2014-0422 <br> CVE-2014-0423 CVE-2014-0428 || *-openjdk-* || 15/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-1402 || {{Pkg|python-jinja}} || 10/01/2014 || || || 1d<br />
|-<br />
| CVE-2013-6462 || {{Pkg|libxfont}} || 07/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-1235 || {{Pkg|graphviz}} || 07/01/2014 || {{Bug|38441}} || || 3d<br />
|-<br />
| CVE-2014-0978 || {{Pkg|freerdp}} || 02/01/2014 || {{Bug|38802}} || || ??<br />
|-<br />
|}</div>
RbN
https://wiki.archlinux.org/index.php?title=CVE&diff=306914
CVE
2014-03-24T22:09:27Z
<p>RbN: /* Documented Resolved CVE's */</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Stub|Draft of a table conaining already corrected CVE<br />
TODO: -improve sexyness of the table <br />
- links to Mitre for CVE-id<br />
}}<br />
<br />
{{Related articles start}}<br />
{{Related | Arch_CVE_Monitoring_Team}}<br />
{{Related articles end}}<br />
This article documents [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's) that are found and fixed in Arch Linux. <br />
<br />
==Introduction==<br />
CVE's represent critical security vulnerabilities which must be addressed as quickly as possible. <br />
<br />
Once a CVE has been located and fixed, it is added to the CVE documentation table below.<br />
<br />
==Helping==<br />
This is a community driven project. Please consider joining the [[Arch_CVE_Monitoring_Team | Arch CVE Monitoring Team]]. <br />
<br />
Also, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch security mailing list]. There is an IRC on irc://irc.freenode.net/archlinux-security.<br />
<br />
==Procedure==<br />
<br />
When adding a CVE to the table, add it to the TOP of the table. In the "CVE-id", "package/version", and "Update/bug" columns, create the entry as a hyperlink to the appropriate URL, respectively.<br />
<br />
<br />
The following template may be used to faciliate CVE entries into the table. The first line, "|-" represents the creation of a new row in the table, while the second line should be modified per CVE. <br />
{{hc|CVE Table Addition Template|<nowiki>|-<br />
| [http://link.to.cve CVE-2014-????] || {{Pkg|pkgname}} || date_public || update/bug || fixed_version || time_vulnerable || status (fixed|pending) </nowiki> }}<br />
<br />
The above template should be added after the line<br />
{{bc|<nowiki>! scope="col" width="125px" data-sort-type="text" | CVE-id !! package/version !! Date public !! Update/bug !! Fixed version !! Time vulnerable !! Status</nowiki>}}<br />
<br />
==Documented Resolved CVE's ==<br />
<br><br />
{{Note|Refer to the [[#Procedure]] section when adding new entries.}}<br />
<br />
<br />
{| class="wikitable" style="margin: 1em auto 1em auto; text-align: center;" width="50%"<br />
|height="50px" colspan="7" style="font-size: 125%;"| '''RESOLVED CVE's'''<br />
|-<br />
! scope="col" width="110px" data-sort-type="text" | CVE-id !! package/version !! Date public !! Update/bug !! Fixed version !! Time vulnerable !! Status<br />
|-<br />
| CVE-2014-1493 CVE-2014-1494 CVE-2014-1497 CVE-2014-1498 CVE-2014-1499 CVE-2014-1500 CVE-2014-1502 CVE-2014-1504 CVE-2014-1505 CVE-2014-1508 CVE-2014-1509 CVE-2014-1510 CVE-2014-1511 CVE-2014-1512 CVE-2014-1513 CVE-2014-1514 || {{Pkg|firefox}} || 18/03/2014 || 27 || 28 || 1d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2240 CVE-2014-2240] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2241 CVE-2014-2241]|| {{Pkg|freetype2}} || || 2.5.2 || 2.5.3 || ? || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2029 CVE-2014-2029 ]|| {{Pkg|xtrabackup}} || 16/02/2014 || 2.1.7 || 2.1.8 || 28d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1958 CVE-2014-1958 ][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2030 CVE-2014-2030 ]|| {{Pkg|imagemagick}} || || || 6.8.8.9-1 || ? || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1943 CVE-2014-1943 ][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2270 CVE-2014-2270 ]|| {{Pkg|php}} || 06/03/2014 || 5.5.9 || 5.5.110 || -1d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0404 CVE-2014-0404 ][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-04046 CVE-2014-0406 ][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0407 CVE-2014-0407 ] || {{Pkg|virtualbox}} || 28/02/2014 || 4.3.4 || 4.3.6 || ? || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2323 CVE-2014-2323 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2324 CVE-2014-2324 ] || {{Pkg|lighttpd}} || 12/03/2014 || 1.4.34 || 1.4.35 || 0d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0333 CVE-2014-0333 ] || {{Pkg|libpng}} || 28/02/2014 || 1.6.9 || 1.6.10 || 9d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0017 CVE-2014-0017 ] || {{Pkg|libssh}} || 04/03/2014 || - || 3.5.7.29 || 5d || fixed <br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/628 CVE-2013-7339] || {{Pkg|linux}} <3.5.7.29|| 20/03/2014 || - || 3.5.7.29 || 0d || fixed <br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2568 CVE-2014-2568] || {{Pkg|linux}} || 18/03/2014 || {{Bug|39566}} || - || - || invalid <br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2524 CVE-2014-2524] || {{Pkg|tigervnc}} || 19/03/2014 || - || 1.3.1 || 1d || FIXED<br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/595 CVE-2013-7338] || {{Pkg|python}} || 19/03/2014 || {{Bug|39540}} || 3.4 beta3 || 2013-12-27:? || pending 3.4 -> [extra]<br />
|-<br />
| [http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html CVE-2014-0133 ] || {{Pkg|nginx}} || 18/03/2014 || - || 1.4.7 || 0d || fixed<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2013-7336 CVE-2013-7336 ] || {{Pkg|libvirt}} || 19/09/2013 || - || libvirt-1.1.1-7.el7 || 0d || fixed<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2523 CVE-2014-2523 ] || {{Pkg|linux}} || 17/03/2014 || - || 3.13-rc5 || ? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0004 CVE-2014-0004 ] || {{Pkg|udisks2}} {{Pkg|udisks}} || 10/03/2014 || 2.1.3 1.0.5 || 2.1.3 1.0.5 || 3d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2281 CVE-2014-2281 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2282 CVE-2014-2282 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2283 CVE-2014-2283 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2299 CVE-2014-2299 ] || {{Pkg|wireshark}} || 10/03/2014 || 1.10.6 || 1.10.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0050 CVE-2014-0050 ] || {{Pkg|tomcat7}} || 06/02/2014 || 7.0.51 || 7.0.51 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0033 CVE-2014-0033 ] || {{Pkg|tomcat6}} || 10/01/2014 || 6.0.37 || 6.0.37 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0032 CVE-2014-0032 ] || {{Pkg|subversion}} || 10/01/2014 || 1.8.6 || 1.8.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0060 CVE-2014-0060 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0061 CVE-2014-0061 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0062 CVE-2014-0062 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0063 CVE-2014-0063 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0064 CVE-2014-0064] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0065 CVE-2014-0065] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0066 CVE-2014-0066] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0067 CVE-2014-0067] || {{Pkg|postgresql}} || 20/02/2014 || 9.3.3 || 9.33 || 0d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1912 CVE-2014-1912 ] || {{Pkg|python}} {{Pkg|python2}} || 07/02/2014 || || || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4496 CVE-2013-4496 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6442 CVE-2013-6442 ] || {{Pkg|samba}} || 14/03/2014 ||{{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0504 CVE-2014-0504 ] || {{Pkg|flashplugin}} || 12/03/2014 || {{Bug|39385}} || 11.2.202.346 || 1d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0106 CVE-2014-0106] || {{Pkg|sudo}}/1.8.9.p5 || || 1.8.10 || || - || fixed<br />
|-<br />
| CVE-2014-2285 CVE-2014-2284 || {{Pkg|net-snmp}} || 05/03/2014 || {{Bug|39190}} || || 8d<br />
|-<br />
| CVE-2014-0092 || {{Pkg|gnutls}} || 04/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2242 CVE-2014-2243 CVE-2014-2244 || {{Pkg|mediawiki}} || 14/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2093 CVE-2014-2094 CVE-2014-2095 CVE-2014-2096 || {{Pkg|catfish}} || 25/02/2014 || || || ??<br />
|-<br />
| CVE-2014-0497|| {{Pkg|flashplugin}} || 04/02/2014 || || || 1d<br />
|-<br />
| CVE-2014-0015 || {{Pkg|curl}} || 29/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-1610 || {{Pkg|mediawiki}} || 29/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-0021 || {{Pkg|chrony}} || 17/01/2014 || || || 14d<br />
|-<br />
| CVE-2014-1875 || {{Pkg|perl-capture-tiny}} || 06/02/2014 || {{Bug|38862}} || || 4d<br />
|-<br />
| CVE-2013-6493 || {{Pkg|icedtea-web-jav}} || 05/02/2014 || || || 0d<br />
|- <br />
| CVE-2014-1858 CVE-2014-1859 || {{Pkg|python-numpy}} || 06/02/2014 || {{Bug|38863}} || || 4d<br />
|-<br />
| CVE-2014-1932 CVE-2014-1933 || {{Pkg|python-pillow}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1934 || {{Pkg|python-eyed3}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1935 || {{Pkg|9base}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1949 || {{Pkg|cinnamon-screensaver}} || 12/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1959 || {{Pkg|gnutls}} || 13/02/2014 || || || 2d<br />
|- <br />
| CVE-2014-2015 || {{Pkg|freeradius}} || 16/02/2014 || || || ??<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1943 CVE-2014-1943 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2270 CVE-2014-2270 ] || {{Pkg|file}} || 10/02/2014 || || || 2d<br />
|-<br />
| CVE-2014-0001 CVE-2014-0412<br> CVE-2014-0437 CVE-2014-0420 <br> CVE-2014-0393 CVE-2014-0386 <br> CVE-2014-0401 CVE-2014-0402 || {{Pkg|mariadb}} || 13/02/2013 || || || -13d<br />
|-<br />
| CVE-2014-1447 || {{Pkg|libvirt}} || 16/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-0979 || lightdm-gtk* || 07/01/2014 || {{Bug|38715}} || || 25d<br />
|-<br />
| CVE-2014-1475 CVE-2014-1476 || {{Pkg|drupal}} || 15/01/2014 || || || 12d<br />
|-<br />
| CVE-2014-0019 || {{Pkg|socat}} || 29/01/2014 || || || 0d<br />
|- <br />
| CVE-2014-1845 CVE-2014-1846 || {{Pkg|enlightment}} || 03/02/2014 || || || -3d<br />
|-<br />
| CVE-2014-1838 CVE-2014-1839 || {{Pkg|python-logilab}} || 31/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-0368 CVE-2014-0373 <br> CVE-2014-0376 CVE-2014-0411 <br> CVE-2014-0416 CVE-2014-0422 <br> CVE-2014-0423 CVE-2014-0428 || *-openjdk-* || 15/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-1402 || {{Pkg|python-jinja}} || 10/01/2014 || || || 1d<br />
|-<br />
| CVE-2013-6462 || {{Pkg|libxfont}} || 07/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-1235 || {{Pkg|graphviz}} || 07/01/2014 || {{Bug|38441}} || || 3d<br />
|-<br />
| CVE-2014-0978 || {{Pkg|freerdp}} || 02/01/2014 || {{Bug|38802}} || || ??<br />
|-<br />
|}</div>
RbN
https://wiki.archlinux.org/index.php?title=CVE&diff=306913
CVE
2014-03-24T21:57:22Z
<p>RbN: /* Documented Resolved CVE's */</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Stub|Draft of a table conaining already corrected CVE<br />
TODO: -improve sexyness of the table <br />
- links to Mitre for CVE-id<br />
}}<br />
<br />
{{Related articles start}}<br />
{{Related | Arch_CVE_Monitoring_Team}}<br />
{{Related articles end}}<br />
This article documents [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's) that are found and fixed in Arch Linux. <br />
<br />
==Introduction==<br />
CVE's represent critical security vulnerabilities which must be addressed as quickly as possible. <br />
<br />
Once a CVE has been located and fixed, it is added to the CVE documentation table below.<br />
<br />
==Helping==<br />
This is a community driven project. Please consider joining the [[Arch_CVE_Monitoring_Team | Arch CVE Monitoring Team]]. <br />
<br />
Also, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch security mailing list]. There is an IRC on irc://irc.freenode.net/archlinux-security.<br />
<br />
==Procedure==<br />
<br />
When adding a CVE to the table, add it to the TOP of the table. In the "CVE-id", "package/version", and "Update/bug" columns, create the entry as a hyperlink to the appropriate URL, respectively.<br />
<br />
<br />
The following template may be used to faciliate CVE entries into the table. The first line, "|-" represents the creation of a new row in the table, while the second line should be modified per CVE. <br />
{{hc|CVE Table Addition Template|<nowiki>|-<br />
| [http://link.to.cve CVE-2014-????] || {{Pkg|pkgname}} || date_public || update/bug || fixed_version || time_vulnerable || status (fixed|pending) </nowiki> }}<br />
<br />
The above template should be added after the line<br />
{{bc|<nowiki>! scope="col" width="125px" data-sort-type="text" | CVE-id !! package/version !! Date public !! Update/bug !! Fixed version !! Time vulnerable !! Status</nowiki>}}<br />
<br />
==Documented Resolved CVE's ==<br />
<br><br />
{{Note|Refer to the [[#Procedure]] section when adding new entries.}}<br />
<br />
<br />
{| class="wikitable" style="margin: 1em auto 1em auto; text-align: center;" width="50%"<br />
|height="50px" colspan="7" style="font-size: 125%;"| '''RESOLVED CVE's'''<br />
|-<br />
! scope="col" width="125px" data-sort-type="text" | CVE-id !! package/version !! Date public !! Update/bug !! Fixed version !! Time vulnerable !! Status<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2240 CVE-2014-2240] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2241 CVE-2014-2241]|| {{Pkg|freetype2}} || || 2.5.2 || 2.5.3 || ? || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2029 CVE-2014-2029 ]|| {{Pkg|xtrabackup}} || 16/02/2014 || 2.1.7 || 2.1.8 || 28d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1958 CVE-2014-1958 ][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2030 CVE-2014-2030 ]|| {{Pkg|imagemagick}} || || || 6.8.8.9-1 || ? || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1943 CVE-2014-1943 ][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2270 CVE-2014-2270 ]|| {{Pkg|php}} || 06/03/2014 || 5.5.9 || 5.5.110 || -1d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0404 CVE-2014-0404 ][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-04046 CVE-2014-0406 ][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0407 CVE-2014-0407 ] || {{Pkg|virtualbox}} || 28/02/2014 || 4.3.4 || 4.3.6 || ? || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2323 CVE-2014-2323 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2324 CVE-2014-2324 ] || {{Pkg|lighttpd}} || 12/03/2014 || 1.4.34 || 1.4.35 || 0d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0333 CVE-2014-0333 ] || {{Pkg|libpng}} || 28/02/2014 || 1.6.9 || 1.6.10 || 9d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0017 CVE-2014-0017 ] || {{Pkg|libssh}} || 04/03/2014 || - || 3.5.7.29 || 5d || fixed <br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/628 CVE-2013-7339] || {{Pkg|linux}} <3.5.7.29|| 20/03/2014 || - || 3.5.7.29 || 0d || fixed <br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2568 CVE-2014-2568] || {{Pkg|linux}} || 18/03/2014 || {{Bug|39566}} || - || - || invalid <br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2524 CVE-2014-2524] || {{Pkg|tigervnc}} || 19/03/2014 || - || 1.3.1 || 1d || FIXED<br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/595 CVE-2013-7338] || {{Pkg|python}} || 19/03/2014 || {{Bug|39540}} || 3.4 beta3 || 2013-12-27:? || pending 3.4 -> [extra]<br />
|-<br />
| [http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html CVE-2014-0133 ] || {{Pkg|nginx}} || 18/03/2014 || - || 1.4.7 || 0d || fixed<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2013-7336 CVE-2013-7336 ] || {{Pkg|libvirt}} || 19/09/2013 || - || libvirt-1.1.1-7.el7 || 0d || fixed<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2523 CVE-2014-2523 ] || {{Pkg|linux}} || 17/03/2014 || - || 3.13-rc5 || ? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0004 CVE-2014-0004 ] || {{Pkg|udisks2}} {{Pkg|udisks}} || 10/03/2014 || 2.1.3 1.0.5 || 2.1.3 1.0.5 || 3d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2281 CVE-2014-2281 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2282 CVE-2014-2282 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2283 CVE-2014-2283 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2299 CVE-2014-2299 ] || {{Pkg|wireshark}} || 10/03/2014 || 1.10.6 || 1.10.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0050 CVE-2014-0050 ] || {{Pkg|tomcat7}} || 06/02/2014 || 7.0.51 || 7.0.51 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0033 CVE-2014-0033 ] || {{Pkg|tomcat6}} || 10/01/2014 || 6.0.37 || 6.0.37 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0032 CVE-2014-0032 ] || {{Pkg|subversion}} || 10/01/2014 || 1.8.6 || 1.8.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0060 CVE-2014-0060 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0061 CVE-2014-0061 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0062 CVE-2014-0062 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0063 CVE-2014-0063 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0064 CVE-2014-0064] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0065 CVE-2014-0065] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0066 CVE-2014-0066] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0067 CVE-2014-0067] || {{Pkg|postgresql}} || 20/02/2014 || 9.3.3 || 9.33 || 0d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1912 CVE-2014-1912 ] || {{Pkg|python}} {{Pkg|python2}} || 07/02/2014 || || || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4496 CVE-2013-4496 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6442 CVE-2013-6442 ] || {{Pkg|samba}} || 14/03/2014 ||{{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0504 CVE-2014-0504 ] || {{Pkg|flashplugin}} || 12/03/2014 || {{Bug|39385}} || 11.2.202.346 || 1d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0106 CVE-2014-0106] || {{Pkg|sudo}}/1.8.9.p5 || || 1.8.10 || || - || fixed<br />
|-<br />
| CVE-2014-2285 CVE-2014-2284 || {{Pkg|net-snmp}} || 05/03/2014 || {{Bug|39190}} || || 8d<br />
|-<br />
| CVE-2014-0092 || {{Pkg|gnutls}} || 04/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2242 CVE-2014-2243 CVE-2014-2244 || {{Pkg|mediawiki}} || 14/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2093 CVE-2014-2094 CVE-2014-2095 CVE-2014-2096 || {{Pkg|catfish}} || 25/02/2014 || || || ??<br />
|-<br />
| CVE-2014-0497|| {{Pkg|flashplugin}} || 04/02/2014 || || || 1d<br />
|-<br />
| CVE-2014-0015 || {{Pkg|curl}} || 29/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-1610 || {{Pkg|mediawiki}} || 29/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-0021 || {{Pkg|chrony}} || 17/01/2014 || || || 14d<br />
|-<br />
| CVE-2014-1875 || {{Pkg|perl-capture-tiny}} || 06/02/2014 || {{Bug|38862}} || || 4d<br />
|-<br />
| CVE-2013-6493 || {{Pkg|icedtea-web-jav}} || 05/02/2014 || || || 0d<br />
|- <br />
| CVE-2014-1858 CVE-2014-1859 || {{Pkg|python-numpy}} || 06/02/2014 || {{Bug|38863}} || || 4d<br />
|-<br />
| CVE-2014-1932 CVE-2014-1933 || {{Pkg|python-pillow}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1934 || {{Pkg|python-eyed3}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1935 || {{Pkg|9base}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1949 || {{Pkg|cinnamon-screensaver}} || 12/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1959 || {{Pkg|gnutls}} || 13/02/2014 || || || 2d<br />
|- <br />
| CVE-2014-2015 || {{Pkg|freeradius}} || 16/02/2014 || || || ??<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1943 CVE-2014-1943 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2270 CVE-2014-2270 ] || {{Pkg|file}} || 10/02/2014 || || || 2d<br />
|-<br />
| CVE-2014-0001 CVE-2014-0412<br> CVE-2014-0437 CVE-2014-0420 <br> CVE-2014-0393 CVE-2014-0386 <br> CVE-2014-0401 CVE-2014-0402 || {{Pkg|mariadb}} || 13/02/2013 || || || -13d<br />
|-<br />
| CVE-2014-1447 || {{Pkg|libvirt}} || 16/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-0979 || lightdm-gtk* || 07/01/2014 || {{Bug|38715}} || || 25d<br />
|-<br />
| CVE-2014-1475 CVE-2014-1476 || {{Pkg|drupal}} || 15/01/2014 || || || 12d<br />
|-<br />
| CVE-2014-0019 || {{Pkg|socat}} || 29/01/2014 || || || 0d<br />
|- <br />
| CVE-2014-1845 CVE-2014-1846 || {{Pkg|enlightment}} || 03/02/2014 || || || -3d<br />
|-<br />
| CVE-2014-1838 CVE-2014-1839 || {{Pkg|python-logilab}} || 31/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-0368 CVE-2014-0373 <br> CVE-2014-0376 CVE-2014-0411 <br> CVE-2014-0416 CVE-2014-0422 <br> CVE-2014-0423 CVE-2014-0428 || *-openjdk-* || 15/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-1402 || {{Pkg|python-jinja}} || 10/01/2014 || || || 1d<br />
|-<br />
| CVE-2013-6462 || {{Pkg|libxfont}} || 07/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-1235 || {{Pkg|graphviz}} || 07/01/2014 || {{Bug|38441}} || || 3d<br />
|-<br />
| CVE-2014-0978 || {{Pkg|freerdp}} || 02/01/2014 || {{Bug|38802}} || || ??<br />
|-<br />
|}</div>
RbN
https://wiki.archlinux.org/index.php?title=CVE&diff=306911
CVE
2014-03-24T21:51:35Z
<p>RbN: /* Documented Resolved CVE's */</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Stub|Draft of a table conaining already corrected CVE<br />
TODO: -improve sexyness of the table <br />
- links to Mitre for CVE-id<br />
}}<br />
<br />
{{Related articles start}}<br />
{{Related | Arch_CVE_Monitoring_Team}}<br />
{{Related articles end}}<br />
This article documents [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's) that are found and fixed in Arch Linux. <br />
<br />
==Introduction==<br />
CVE's represent critical security vulnerabilities which must be addressed as quickly as possible. <br />
<br />
Once a CVE has been located and fixed, it is added to the CVE documentation table below.<br />
<br />
==Helping==<br />
This is a community driven project. Please consider joining the [[Arch_CVE_Monitoring_Team | Arch CVE Monitoring Team]]. <br />
<br />
Also, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch security mailing list]. There is an IRC on irc://irc.freenode.net/archlinux-security.<br />
<br />
==Procedure==<br />
<br />
When adding a CVE to the table, add it to the TOP of the table. In the "CVE-id", "package/version", and "Update/bug" columns, create the entry as a hyperlink to the appropriate URL, respectively.<br />
<br />
<br />
The following template may be used to faciliate CVE entries into the table. The first line, "|-" represents the creation of a new row in the table, while the second line should be modified per CVE. <br />
{{hc|CVE Table Addition Template|<nowiki>|-<br />
| [http://link.to.cve CVE-2014-????] || {{Pkg|pkgname}} || date_public || update/bug || fixed_version || time_vulnerable || status (fixed|pending) </nowiki> }}<br />
<br />
The above template should be added after the line<br />
{{bc|<nowiki>! scope="col" width="125px" data-sort-type="text" | CVE-id !! package/version !! Date public !! Update/bug !! Fixed version !! Time vulnerable !! Status</nowiki>}}<br />
<br />
==Documented Resolved CVE's ==<br />
<br><br />
{{Note|Refer to the [[#Procedure]] section when adding new entries.}}<br />
<br />
<br />
{| class="wikitable" style="margin: 1em auto 1em auto; text-align: center;" width="50%"<br />
|height="50px" colspan="7" style="font-size: 125%;"| '''RESOLVED CVE's'''<br />
|-<br />
! scope="col" width="125px" data-sort-type="text" | CVE-id !! package/version !! Date public !! Update/bug !! Fixed version !! Time vulnerable !! Status<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2240 CVE-2014-2240] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2241 CVE-2014-2241]|| {{Pkg|freetype2}} || || 2.5.2 || 2.5.3 || ? || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2029 CVE-2014-2029 ]|| {{Pkg|xtrabackup}} || 16/02/2014 || 2.1.7 || 2.1.8 || 28d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1958 CVE-2014-1958 ][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2030 CVE-2014-2030 ]|| {{Pkg|imagemagick}} || || || 6.8.8.9-1 || ? || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1943 CVE-2014-1943 ][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2270 CVE-2014-2270 ]|| {{Pkg|php}} || 06/03/2014 || 5.5.9 || 5.5.110 || -1d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0404 CVE-2014-0404 ][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-04046 CVE-2014-0406 ][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0407 CVE-2014-0407 ] || {{Pkg|virtualbox}} || 28/02/2014 || 4.3.4 || 4.3.6 || ? || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2323 CVE-2014-2323 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2324 CVE-2014-2324 ] || {{Pkg|lighttpd}} || 12/03/2014 || 1.4.34 || 1.4.35 || 0d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0333 CVE-2014-0333 ] || {{Pkg|libpng}} || 28/02/2014 || 1.6.9 || 1.6.10 || 9d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0017 CVE-2014-0017 ] || {{Pkg|libssh}} || 04/03/2014 || - || 3.5.7.29 || 5d || fixed <br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/628 CVE-2013-7339] || {{Pkg|linux}} <3.5.7.29|| 20/03/2014 || - || 3.5.7.29 || 0d || fixed <br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2568 CVE-2014-2568] || {{Pkg|linux}} || 18/03/2014 || {{Bug|39566}} || - || - || invalid <br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2524 CVE-2014-2524] || {{Pkg|tigervnc}} || 19/03/2014 || - || 1.3.1 || 1d || FIXED<br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/595 CVE-2013-7338] || {{Pkg|python}} || 19/03/2014 || {{Bug|39540}} || 3.4 beta3 || 2013-12-27:? || pending 3.4 -> [extra]<br />
|-<br />
| [http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html CVE-2014-0133 ] || {{Pkg|nginx}} || 18/03/2014 || - || 1.4.7 || 0d || fixed<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2013-7336 CVE-2013-7336 ] || {{Pkg|libvirt}} || 19/09/2013 || - || libvirt-1.1.1-7.el7 || 0d || fixed<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2523 CVE-2014-2523 ] || {{Pkg|linux}} || 17/03/2014 || - || 3.13-rc5 || ? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0004 CVE-2014-0004 ] || {{Pkg|udisks2}} {{Pkg|udisks}} || 10/03/2014 || 2.1.3 1.0.5 || 2.1.3 1.0.5 || 3d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2281 CVE-2014-2281 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2282 CVE-2014-2282 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2283 CVE-2014-2283 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2299 CVE-2014-2299 ] || {{Pkg|wireshark}} || 10/03/2014 || 1.10.6 || 1.10.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0050 CVE-2014-0050 ] || {{Pkg|tomcat7}} || 06/02/2014 || 7.0.51 || 7.0.51 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0033 CVE-2014-0033 ] || {{Pkg|tomcat6}} || 10/01/2014 || 6.0.37 || 6.0.37 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0032 CVE-2014-0032 ] || {{Pkg|subversion}} || 10/01/2014 || 1.8.6 || 1.8.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0060 CVE-2014-0060 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0061 CVE-2014-0061 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0062 CVE-2014-0062 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0063 CVE-2014-0063 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0064 CVE-2014-0064] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0065 CVE-2014-0065] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0066 CVE-2014-0066] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0067 CVE-2014-0067] || {{Pkg|postgresql}} || 20/02/2014 || 9.3.3 || 9.33 || 0d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1912 CVE-2014-1912 ] || {{Pkg|python}} {{Pkg|python2}} || 07/02/2014 || || || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4496 CVE-2013-4496 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6442 CVE-2013-6442 ] || {{Pkg|samba}} || 14/03/2014 ||{{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0504 CVE-2014-0504 ] || {{Pkg|flashplugin}} || 12/03/2014 || {{Bug|39385}} || 11.2.202.346 || 1d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0106 CVE-2014-0106] || {{Pkg|sudo}}/1.8.9.p5 || || 1.8.10 || || - || fixed<br />
|-<br />
| CVE-2014-2285 CVE-2014-2284 || {{Pkg|net-snmp}} || 05/03/2014 || {{Bug|39190}} || || 8d<br />
|-<br />
| CVE-2014-0092 || {{Pkg|gnutls}} || 04/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2242 CVE-2014-2243 CVE-2014-2244 || {{Pkg|mediawiki}} || 14/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2096 CVE-2014-2093 || {{Pkg|catfish}} || 25/02/2014 || || || ??<br />
|-<br />
| CVE-2014-0497|| {{Pkg|flashplugin}} || 04/02/2014 || || || 1d<br />
|-<br />
| CVE-2014-0015 || {{Pkg|curl}} || 29/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-1610 || {{Pkg|mediawiki}} || 29/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-0021 || {{Pkg|chrony}} || 17/01/2014 || || || 14d<br />
|-<br />
| CVE-2014-1875 || {{Pkg|perl-capture-tiny}} || 06/02/2014 || {{Bug|38862}} || || 4d<br />
|-<br />
| CVE-2013-6493 || {{Pkg|icedtea-web-jav}} || 05/02/2014 || || || 0d<br />
|- <br />
| CVE-2014-1858 CVE-2014-1859 || {{Pkg|python-numpy}} || 06/02/2014 || {{Bug|38863}} || || 4d<br />
|-<br />
| CVE-2014-1932 CVE-2014-1933 || {{Pkg|python-pillow}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1934 || {{Pkg|python-eyed3}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1935 || {{Pkg|9base}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1949 || {{Pkg|cinnamon-screensaver}} || 12/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1959 || {{Pkg|gnutls}} || 13/02/2014 || || || 2d<br />
|- <br />
| CVE-2014-2015 || {{Pkg|freeradius}} || 16/02/2014 || || || ??<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1943 CVE-2014-1943 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2270 CVE-2014-2270 ] || {{Pkg|file}} || 10/02/2014 || || || 2d<br />
|-<br />
| CVE-2014-0001 CVE-2014-0412<br> CVE-2014-0437 CVE-2014-0420 <br> CVE-2014-0393 CVE-2014-0386 <br> CVE-2014-0401 CVE-2014-0402 || {{Pkg|mariadb}} || 13/02/2013 || || || -13d<br />
|-<br />
| CVE-2014-1447 || {{Pkg|libvirt}} || 16/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-0979 || lightdm-gtk* || 07/01/2014 || {{Bug|38715}} || || 25d<br />
|-<br />
| CVE-2014-1475 CVE-2014-1476 || {{Pkg|drupal}} || 15/01/2014 || || || 12d<br />
|-<br />
| CVE-2014-0019 || {{Pkg|socat}} || 29/01/2014 || || || 0d<br />
|- <br />
| CVE-2014-1845 CVE-2014-1846 || {{Pkg|enlightment}} || 03/02/2014 || || || -3d<br />
|-<br />
| CVE-2014-1838 CVE-2014-1839 || {{Pkg|python-logilab}} || 31/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-0368 CVE-2014-0373 <br> CVE-2014-0376 CVE-2014-0411 <br> CVE-2014-0416 CVE-2014-0422 <br> CVE-2014-0423 CVE-2014-0428 || *-openjdk-* || 15/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-1402 || {{Pkg|python-jinja}} || 10/01/2014 || || || 1d<br />
|-<br />
| CVE-2013-6462 || {{Pkg|libxfont}} || 07/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-1235 || {{Pkg|graphviz}} || 07/01/2014 || {{Bug|38441}} || || 3d<br />
|-<br />
| CVE-2014-0978 || {{Pkg|freerdp}} || 02/01/2014 || {{Bug|38802}} || || ??<br />
|-<br />
|}</div>
RbN
https://wiki.archlinux.org/index.php?title=CVE&diff=306910
CVE
2014-03-24T21:49:50Z
<p>RbN: /* Documented Resolved CVE's */</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Stub|Draft of a table conaining already corrected CVE<br />
TODO: -improve sexyness of the table <br />
- links to Mitre for CVE-id<br />
}}<br />
<br />
{{Related articles start}}<br />
{{Related | Arch_CVE_Monitoring_Team}}<br />
{{Related articles end}}<br />
This article documents [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's) that are found and fixed in Arch Linux. <br />
<br />
==Introduction==<br />
CVE's represent critical security vulnerabilities which must be addressed as quickly as possible. <br />
<br />
Once a CVE has been located and fixed, it is added to the CVE documentation table below.<br />
<br />
==Helping==<br />
This is a community driven project. Please consider joining the [[Arch_CVE_Monitoring_Team | Arch CVE Monitoring Team]]. <br />
<br />
Also, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch security mailing list]. There is an IRC on irc://irc.freenode.net/archlinux-security.<br />
<br />
==Procedure==<br />
<br />
When adding a CVE to the table, add it to the TOP of the table. In the "CVE-id", "package/version", and "Update/bug" columns, create the entry as a hyperlink to the appropriate URL, respectively.<br />
<br />
<br />
The following template may be used to faciliate CVE entries into the table. The first line, "|-" represents the creation of a new row in the table, while the second line should be modified per CVE. <br />
{{hc|CVE Table Addition Template|<nowiki>|-<br />
| [http://link.to.cve CVE-2014-????] || {{Pkg|pkgname}} || date_public || update/bug || fixed_version || time_vulnerable || status (fixed|pending) </nowiki> }}<br />
<br />
The above template should be added after the line<br />
{{bc|<nowiki>! scope="col" width="125px" data-sort-type="text" | CVE-id !! package/version !! Date public !! Update/bug !! Fixed version !! Time vulnerable !! Status</nowiki>}}<br />
<br />
==Documented Resolved CVE's ==<br />
<br><br />
{{Note|Refer to the [[#Procedure]] section when adding new entries.}}<br />
<br />
<br />
{| class="wikitable" style="margin: 1em auto 1em auto; text-align: center;" width="50%"<br />
|height="50px" colspan="7" style="font-size: 125%;"| '''RESOLVED CVE's'''<br />
|-<br />
! scope="col" width="125px" data-sort-type="text" | CVE-id !! package/version !! Date public !! Update/bug !! Fixed version !! Time vulnerable !! Status<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2240 CVE-2014-2240] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2241 CVE-2014-2241]|| {{Pkg|freetype2}} || || 2.5.2 || 2.5.3 || ? || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2029 CVE-2014-2029 ]|| {{Pkg|xtrabackup}} || 16/02/2014 || 2.1.7 || 2.1.8 || 28d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1958 CVE-2014-1958 ][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2030 CVE-2014-2030 ]|| {{Pkg|imagemagick}} || || || 6.8.8.9-1 || ? || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1943 CVE-2014-1943 ][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2270 CVE-2014-2270 ]|| {{Pkg|php}} || 06/03/2014 || 5.5.9 || 5.5.110 || -1d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0404 CVE-2014-0404 ][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-04046 CVE-2014-0406 ][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0407 CVE-2014-0407 ] || {{Pkg|virtualbox}} || 28/02/2014 || 4.3.4 || 4.3.6 || ? || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2323 CVE-2014-2323 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2324 CVE-2014-2324 ] || {{Pkg|lighttpd}} || 12/03/2014 || 1.4.34 || 1.4.35 || 0d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0333 CVE-2014-0333 ] || {{Pkg|libpng}} || 28/02/2014 || 1.6.9 || 1.6.10 || 9d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0017 CVE-2014-0017 ] || {{Pkg|libssh}} || 04/03/2014 || - || 3.5.7.29 || 5d || fixed <br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/628 CVE-2013-7339] || {{Pkg|linux}} <3.5.7.29|| 20/03/2014 || - || 3.5.7.29 || 0d || fixed <br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2568 CVE-2014-2568] || {{Pkg|linux}} || 18/03/2014 || {{Bug|39566}} || - || - || invalid <br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2524 CVE-2014-2524] || {{Pkg|tigervnc}} || 19/03/2014 || - || 1.3.1 || 1d || FIXED<br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/595 CVE-2013-7338] || {{Pkg|python}} || 19/03/2014 || {{Bug|39540}} || 3.4 beta3 || 2013-12-27:? || pending 3.4 -> [extra]<br />
|-<br />
| [http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html CVE-2014-0133 ] || {{Pkg|nginx}} || 18/03/2014 || - || 1.4.7 || 0d || fixed<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2013-7336 CVE-2013-7336 ] || {{Pkg|libvirt}} || 19/09/2013 || - || libvirt-1.1.1-7.el7 || 0d || fixed<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2523 CVE-2014-2523 ] || {{Pkg|linux}} || 17/03/2014 || - || 3.13-rc5 || ? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0004 CVE-2014-0004 ] || {{Pkg|udisks2}} {{Pkg|udisks}} || 10/03/2014 || 2.1.3 1.0.5 || 2.1.3 1.0.5 || 3d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2281 CVE-2014-2281 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2283 CVE-2014-2283 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2299 CVE-2014-2299 ] || {{Pkg|wireshark}} || 10/03/2014 || 1.10.6 || 1.10.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0050 CVE-2014-0050 ] || {{Pkg|tomcat7}} || 06/02/2014 || 7.0.51 || 7.0.51 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0033 CVE-2014-0033 ] || {{Pkg|tomcat6}} || 10/01/2014 || 6.0.37 || 6.0.37 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0032 CVE-2014-0032 ] || {{Pkg|subversion}} || 10/01/2014 || 1.8.6 || 1.8.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0060 CVE-2014-0060 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0061 CVE-2014-0061 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0062 CVE-2014-0062 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0063 CVE-2014-0063 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0064 CVE-2014-0064] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0065 CVE-2014-0065] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0066 CVE-2014-0066] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0067 CVE-2014-0067] || {{Pkg|postgresql}} || 20/02/2014 || 9.3.3 || 9.33 || 0d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1912 CVE-2014-1912 ] || {{Pkg|python}} {{Pkg|python2}} || 07/02/2014 || || || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4496 CVE-2013-4496 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6442 CVE-2013-6442 ] || {{Pkg|samba}} || 14/03/2014 ||{{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0504 CVE-2014-0504 ] || {{Pkg|flashplugin}} || 12/03/2014 || {{Bug|39385}} || 11.2.202.346 || 1d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0106 CVE-2014-0106] || {{Pkg|sudo}}/1.8.9.p5 || || 1.8.10 || || - || fixed<br />
|-<br />
| CVE-2014-2285 CVE-2014-2284 || {{Pkg|net-snmp}} || 05/03/2014 || {{Bug|39190}} || || 8d<br />
|-<br />
| CVE-2014-0092 || {{Pkg|gnutls}} || 04/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2242 CVE-2014-2243 CVE-2014-2244 || {{Pkg|mediawiki}} || 14/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2096 CVE-2014-2093 || {{Pkg|catfish}} || 25/02/2014 || || || ??<br />
|-<br />
| CVE-2014-0497|| {{Pkg|flashplugin}} || 04/02/2014 || || || 1d<br />
|-<br />
| CVE-2014-0015 || {{Pkg|curl}} || 29/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-1610 || {{Pkg|mediawiki}} || 29/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-0021 || {{Pkg|chrony}} || 17/01/2014 || || || 14d<br />
|-<br />
| CVE-2014-1875 || {{Pkg|perl-capture-tiny}} || 06/02/2014 || {{Bug|38862}} || || 4d<br />
|-<br />
| CVE-2013-6493 || {{Pkg|icedtea-web-jav}} || 05/02/2014 || || || 0d<br />
|- <br />
| CVE-2014-1858 CVE-2014-1859 || {{Pkg|python-numpy}} || 06/02/2014 || {{Bug|38863}} || || 4d<br />
|-<br />
| CVE-2014-1932 CVE-2014-1933 || {{Pkg|python-pillow}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1934 || {{Pkg|python-eyed3}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1935 || {{Pkg|9base}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1949 || {{Pkg|cinnamon-screensaver}} || 12/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1959 || {{Pkg|gnutls}} || 13/02/2014 || || || 2d<br />
|- <br />
| CVE-2014-2015 || {{Pkg|freeradius}} || 16/02/2014 || || || ??<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1943 CVE-2014-1943 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2270 CVE-2014-2270 ] || {{Pkg|file}} || 10/02/2014 || || || 2d<br />
|-<br />
| CVE-2014-0001 CVE-2014-0412<br> CVE-2014-0437 CVE-2014-0420 <br> CVE-2014-0393 CVE-2014-0386 <br> CVE-2014-0401 CVE-2014-0402 || {{Pkg|mariadb}} || 13/02/2013 || || || -13d<br />
|-<br />
| CVE-2014-1447 || {{Pkg|libvirt}} || 16/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-0979 || lightdm-gtk* || 07/01/2014 || {{Bug|38715}} || || 25d<br />
|-<br />
| CVE-2014-1475 CVE-2014-1476 || {{Pkg|drupal}} || 15/01/2014 || || || 12d<br />
|-<br />
| CVE-2014-0019 || {{Pkg|socat}} || 29/01/2014 || || || 0d<br />
|- <br />
| CVE-2014-1845 CVE-2014-1846 || {{Pkg|enlightment}} || 03/02/2014 || || || -3d<br />
|-<br />
| CVE-2014-1838 CVE-2014-1839 || {{Pkg|python-logilab}} || 31/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-0368 CVE-2014-0373 <br> CVE-2014-0376 CVE-2014-0411 <br> CVE-2014-0416 CVE-2014-0422 <br> CVE-2014-0423 CVE-2014-0428 || *-openjdk-* || 15/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-1402 || {{Pkg|python-jinja}} || 10/01/2014 || || || 1d<br />
|-<br />
| CVE-2013-6462 || {{Pkg|libxfont}} || 07/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-1235 || {{Pkg|graphviz}} || 07/01/2014 || {{Bug|38441}} || || 3d<br />
|-<br />
| CVE-2014-0978 || {{Pkg|freerdp}} || 02/01/2014 || {{Bug|38802}} || || ??<br />
|-<br />
|}</div>
RbN
https://wiki.archlinux.org/index.php?title=CVE&diff=306909
CVE
2014-03-24T21:44:57Z
<p>RbN: /* Documented Resolved CVE's */</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Stub|Draft of a table conaining already corrected CVE<br />
TODO: -improve sexyness of the table <br />
- links to Mitre for CVE-id<br />
}}<br />
<br />
{{Related articles start}}<br />
{{Related | Arch_CVE_Monitoring_Team}}<br />
{{Related articles end}}<br />
This article documents [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's) that are found and fixed in Arch Linux. <br />
<br />
==Introduction==<br />
CVE's represent critical security vulnerabilities which must be addressed as quickly as possible. <br />
<br />
Once a CVE has been located and fixed, it is added to the CVE documentation table below.<br />
<br />
==Helping==<br />
This is a community driven project. Please consider joining the [[Arch_CVE_Monitoring_Team | Arch CVE Monitoring Team]]. <br />
<br />
Also, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch security mailing list]. There is an IRC on irc://irc.freenode.net/archlinux-security.<br />
<br />
==Procedure==<br />
<br />
When adding a CVE to the table, add it to the TOP of the table. In the "CVE-id", "package/version", and "Update/bug" columns, create the entry as a hyperlink to the appropriate URL, respectively.<br />
<br />
<br />
The following template may be used to faciliate CVE entries into the table. The first line, "|-" represents the creation of a new row in the table, while the second line should be modified per CVE. <br />
{{hc|CVE Table Addition Template|<nowiki>|-<br />
| [http://link.to.cve CVE-2014-????] || {{Pkg|pkgname}} || date_public || update/bug || fixed_version || time_vulnerable || status (fixed|pending) </nowiki> }}<br />
<br />
The above template should be added after the line<br />
{{bc|<nowiki>! scope="col" width="125px" data-sort-type="text" | CVE-id !! package/version !! Date public !! Update/bug !! Fixed version !! Time vulnerable !! Status</nowiki>}}<br />
<br />
==Documented Resolved CVE's ==<br />
<br><br />
{{Note|Refer to the [[#Procedure]] section when adding new entries.}}<br />
<br />
<br />
{| class="wikitable" style="margin: 1em auto 1em auto; text-align: center;" width="50%"<br />
|height="50px" colspan="7" style="font-size: 125%;"| '''RESOLVED CVE's'''<br />
|-<br />
! scope="col" width="125px" data-sort-type="text" | CVE-id !! package/version !! Date public !! Update/bug !! Fixed version !! Time vulnerable !! Status<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2240 CVE-1014-2240] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2241 CVE-1014-2241]|| {{Pkg|freetype2}} || || 2.5.2 || 2.5.3 || ? || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2029 CVE-2014-2029 ]|| {{Pkg|xtrabackup}} || 16/02/2014 || 2.1.7 || 2.1.8 || 28d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1958 CVE-2014-1958 ][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2030 CVE-2014-2030 ]|| {{Pkg|imagemagick}} || || || 6.8.8.9-1 || ? || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1943 CVE-2014-1943 ][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2270 CVE-2014-2270 ]|| {{Pkg|php}} || 06/03/2014 || 5.5.9 || 5.5.110 || -1d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0404 CVE-2014-0404 ][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-04046 CVE-2014-0406 ][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0407 CVE-2014-0407 ] || {{Pkg|virtualbox}} || 28/02/2014 || 4.3.4 || 4.3.6 || ? || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2323 CVE-2014-2323 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2324 CVE-2014-2324 ] || {{Pkg|lighttpd}} || 12/03/2014 || 1.4.34 || 1.4.35 || 0d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0333 CVE-2014-0333 ] || {{Pkg|libpng}} || 28/02/2014 || 1.6.9 || 1.6.10 || 9d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0017 CVE-2014-0017 ] || {{Pkg|libssh}} || 04/03/2014 || - || 3.5.7.29 || 5d || fixed <br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/628 CVE-2013-7339] || {{Pkg|linux}} <3.5.7.29|| 20/03/2014 || - || 3.5.7.29 || 0d || fixed <br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2568 CVE-2014-2568] || {{Pkg|linux}} || 18/03/2014 || {{Bug|39566}} || - || - || invalid <br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2524 CVE-2014-2524] || {{Pkg|tigervnc}} || 19/03/2014 || - || 1.3.1 || 1d || FIXED<br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/595 CVE-2013-7338] || {{Pkg|python}} || 19/03/2014 || {{Bug|39540}} || 3.4 beta3 || 2013-12-27:? || pending 3.4 -> [extra]<br />
|-<br />
| [http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html CVE-2014-0133 ] || {{Pkg|nginx}} || 18/03/2014 || - || 1.4.7 || 0d || fixed<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2013-7336 CVE-2013-7336 ] || {{Pkg|libvirt}} || 19/09/2013 || - || libvirt-1.1.1-7.el7 || 0d || fixed<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2523 CVE-2014-2523 ] || {{Pkg|linux}} || 17/03/2014 || - || 3.13-rc5 || ? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0004 CVE-2014-0004 ] || {{Pkg|udisks2}} {{Pkg|udisks}} || 10/03/2014 || 2.1.3 1.0.5 || 2.1.3 1.0.5 || 3d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2281 CVE-2014-2281 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2283 CVE-2014-2283 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2299 CVE-2014-2299 ] || {{Pkg|wireshark}} || 10/03/2014 || 1.10.6 || 1.10.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0050 CVE-2014-0050 ] || {{Pkg|tomcat7}} || 06/02/2014 || 7.0.51 || 7.0.51 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0033 CVE-2014-0033 ] || {{Pkg|tomcat6}} || 10/01/2014 || 6.0.37 || 6.0.37 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0032 CVE-2014-0032 ] || {{Pkg|subversion}} || 10/01/2014 || 1.8.6 || 1.8.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0060 CVE-2014-0060 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0061 CVE-2014-0061 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0062 CVE-2014-0062 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0063 CVE-2014-0063 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0064 CVE-2014-0064] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0065 CVE-2014-0065] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0066 CVE-2014-0066] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0067 CVE-2014-0067] || {{Pkg|postgresql}} || 20/02/2014 || 9.3.3 || 9.33 || 0d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1912 CVE-2014-1912 ] || {{Pkg|python}} {{Pkg|python2}} || 07/02/2014 || || || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4496 CVE-2013-4496 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6442 CVE-2013-6442 ] || {{Pkg|samba}} || 14/03/2014 ||{{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0504 CVE-2014-0504 ] || {{Pkg|flashplugin}} || 12/03/2014 || {{Bug|39385}} || 11.2.202.346 || 1d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0106 CVE-2014-0106] || {{Pkg|sudo}}/1.8.9.p5 || || 1.8.10 || || - || fixed<br />
|-<br />
| CVE-2014-2285 CVE-2014-2284 || {{Pkg|net-snmp}} || 05/03/2014 || {{Bug|39190}} || || 8d<br />
|-<br />
| CVE-2014-0092 || {{Pkg|gnutls}} || 04/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2242 CVE-2014-2243 CVE-2014-2244 || {{Pkg|mediawiki}} || 14/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2096 CVE-2014-2093 || {{Pkg|catfish}} || 25/02/2014 || || || ??<br />
|-<br />
| CVE-2014-0497|| {{Pkg|flashplugin}} || 04/02/2014 || || || 1d<br />
|-<br />
| CVE-2014-0015 || {{Pkg|curl}} || 29/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-1610 || {{Pkg|mediawiki}} || 29/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-0021 || {{Pkg|chrony}} || 17/01/2014 || || || 14d<br />
|-<br />
| CVE-2014-1875 || {{Pkg|perl-capture-tiny}} || 06/02/2014 || {{Bug|38862}} || || 4d<br />
|-<br />
| CVE-2013-6493 || {{Pkg|icedtea-web-jav}} || 05/02/2014 || || || 0d<br />
|- <br />
| CVE-2014-1858 CVE-2014-1859 || {{Pkg|python-numpy}} || 06/02/2014 || {{Bug|38863}} || || 4d<br />
|-<br />
| CVE-2014-1932 CVE-2014-1933 || {{Pkg|python-pillow}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1934 || {{Pkg|python-eyed3}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1935 || {{Pkg|9base}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1949 || {{Pkg|cinnamon-screensaver}} || 12/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1959 || {{Pkg|gnutls}} || 13/02/2014 || || || 2d<br />
|- <br />
| CVE-2014-2015 || {{Pkg|freeradius}} || 16/02/2014 || || || ??<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1943 CVE-2014-1943 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2270 CVE-2014-2270 ] || {{Pkg|file}} || 10/02/2014 || || || 2d<br />
|-<br />
| CVE-2014-0001 CVE-2014-0412<br> CVE-2014-0437 CVE-2014-0420 <br> CVE-2014-0393 CVE-2014-0386 <br> CVE-2014-0401 CVE-2014-0402 || {{Pkg|mariadb}} || 13/02/2013 || || || -13d<br />
|-<br />
| CVE-2014-1447 || {{Pkg|libvirt}} || 16/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-0979 || lightdm-gtk* || 07/01/2014 || {{Bug|38715}} || || 25d<br />
|-<br />
| CVE-2014-1475 CVE-2014-1476 || {{Pkg|drupal}} || 15/01/2014 || || || 12d<br />
|-<br />
| CVE-2014-0019 || {{Pkg|socat}} || 29/01/2014 || || || 0d<br />
|- <br />
| CVE-2014-1845 CVE-2014-1846 || {{Pkg|enlightment}} || 03/02/2014 || || || -3d<br />
|-<br />
| CVE-2014-1838 CVE-2014-1839 || {{Pkg|python-logilab}} || 31/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-0368 CVE-2014-0373 <br> CVE-2014-0376 CVE-2014-0411 <br> CVE-2014-0416 CVE-2014-0422 <br> CVE-2014-0423 CVE-2014-0428 || *-openjdk-* || 15/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-1402 || {{Pkg|python-jinja}} || 10/01/2014 || || || 1d<br />
|-<br />
| CVE-2013-6462 || {{Pkg|libxfont}} || 07/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-1235 || {{Pkg|graphviz}} || 07/01/2014 || {{Bug|38441}} || || 3d<br />
|-<br />
| CVE-2014-0978 || {{Pkg|freerdp}} || 02/01/2014 || {{Bug|38802}} || || ??<br />
|-<br />
|}</div>
RbN
https://wiki.archlinux.org/index.php?title=CVE&diff=306908
CVE
2014-03-24T21:44:41Z
<p>RbN: /* Documented Resolved CVE's */</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Stub|Draft of a table conaining already corrected CVE<br />
TODO: -improve sexyness of the table <br />
- links to Mitre for CVE-id<br />
}}<br />
<br />
{{Related articles start}}<br />
{{Related | Arch_CVE_Monitoring_Team}}<br />
{{Related articles end}}<br />
This article documents [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's) that are found and fixed in Arch Linux. <br />
<br />
==Introduction==<br />
CVE's represent critical security vulnerabilities which must be addressed as quickly as possible. <br />
<br />
Once a CVE has been located and fixed, it is added to the CVE documentation table below.<br />
<br />
==Helping==<br />
This is a community driven project. Please consider joining the [[Arch_CVE_Monitoring_Team | Arch CVE Monitoring Team]]. <br />
<br />
Also, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch security mailing list]. There is an IRC on irc://irc.freenode.net/archlinux-security.<br />
<br />
==Procedure==<br />
<br />
When adding a CVE to the table, add it to the TOP of the table. In the "CVE-id", "package/version", and "Update/bug" columns, create the entry as a hyperlink to the appropriate URL, respectively.<br />
<br />
<br />
The following template may be used to faciliate CVE entries into the table. The first line, "|-" represents the creation of a new row in the table, while the second line should be modified per CVE. <br />
{{hc|CVE Table Addition Template|<nowiki>|-<br />
| [http://link.to.cve CVE-2014-????] || {{Pkg|pkgname}} || date_public || update/bug || fixed_version || time_vulnerable || status (fixed|pending) </nowiki> }}<br />
<br />
The above template should be added after the line<br />
{{bc|<nowiki>! scope="col" width="125px" data-sort-type="text" | CVE-id !! package/version !! Date public !! Update/bug !! Fixed version !! Time vulnerable !! Status</nowiki>}}<br />
<br />
==Documented Resolved CVE's ==<br />
<br><br />
{{Note|Refer to the [[#Procedure]] section when adding new entries.}}<br />
<br />
<br />
{| class="wikitable" style="margin: 1em auto 1em auto; text-align: center;" width="50%"<br />
|height="50px" colspan="7" style="font-size: 125%;"| '''RESOLVED CVE's'''<br />
|-<br />
! scope="col" width="125px" data-sort-type="text" | CVE-id !! package/version !! Date public !! Update/bug !! Fixed version !! Time vulnerable !! Status<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2240 CVE-1014-2240][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2241 CVE-1014-2241]|| {{Pkg|freetype2}} || || 2.5.2 || 2.5.3 || ? || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2029 CVE-2014-2029 ]|| {{Pkg|xtrabackup}} || 16/02/2014 || 2.1.7 || 2.1.8 || 28d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1958 CVE-2014-1958 ][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2030 CVE-2014-2030 ]|| {{Pkg|imagemagick}} || || || 6.8.8.9-1 || ? || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1943 CVE-2014-1943 ][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2270 CVE-2014-2270 ]|| {{Pkg|php}} || 06/03/2014 || 5.5.9 || 5.5.110 || -1d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0404 CVE-2014-0404 ][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-04046 CVE-2014-0406 ][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0407 CVE-2014-0407 ] || {{Pkg|virtualbox}} || 28/02/2014 || 4.3.4 || 4.3.6 || ? || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2323 CVE-2014-2323 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2324 CVE-2014-2324 ] || {{Pkg|lighttpd}} || 12/03/2014 || 1.4.34 || 1.4.35 || 0d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0333 CVE-2014-0333 ] || {{Pkg|libpng}} || 28/02/2014 || 1.6.9 || 1.6.10 || 9d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0017 CVE-2014-0017 ] || {{Pkg|libssh}} || 04/03/2014 || - || 3.5.7.29 || 5d || fixed <br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/628 CVE-2013-7339] || {{Pkg|linux}} <3.5.7.29|| 20/03/2014 || - || 3.5.7.29 || 0d || fixed <br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2568 CVE-2014-2568] || {{Pkg|linux}} || 18/03/2014 || {{Bug|39566}} || - || - || invalid <br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2524 CVE-2014-2524] || {{Pkg|tigervnc}} || 19/03/2014 || - || 1.3.1 || 1d || FIXED<br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/595 CVE-2013-7338] || {{Pkg|python}} || 19/03/2014 || {{Bug|39540}} || 3.4 beta3 || 2013-12-27:? || pending 3.4 -> [extra]<br />
|-<br />
| [http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html CVE-2014-0133 ] || {{Pkg|nginx}} || 18/03/2014 || - || 1.4.7 || 0d || fixed<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2013-7336 CVE-2013-7336 ] || {{Pkg|libvirt}} || 19/09/2013 || - || libvirt-1.1.1-7.el7 || 0d || fixed<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2523 CVE-2014-2523 ] || {{Pkg|linux}} || 17/03/2014 || - || 3.13-rc5 || ? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0004 CVE-2014-0004 ] || {{Pkg|udisks2}} {{Pkg|udisks}} || 10/03/2014 || 2.1.3 1.0.5 || 2.1.3 1.0.5 || 3d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2281 CVE-2014-2281 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2283 CVE-2014-2283 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2299 CVE-2014-2299 ] || {{Pkg|wireshark}} || 10/03/2014 || 1.10.6 || 1.10.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0050 CVE-2014-0050 ] || {{Pkg|tomcat7}} || 06/02/2014 || 7.0.51 || 7.0.51 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0033 CVE-2014-0033 ] || {{Pkg|tomcat6}} || 10/01/2014 || 6.0.37 || 6.0.37 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0032 CVE-2014-0032 ] || {{Pkg|subversion}} || 10/01/2014 || 1.8.6 || 1.8.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0060 CVE-2014-0060 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0061 CVE-2014-0061 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0062 CVE-2014-0062 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0063 CVE-2014-0063 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0064 CVE-2014-0064] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0065 CVE-2014-0065] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0066 CVE-2014-0066] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0067 CVE-2014-0067] || {{Pkg|postgresql}} || 20/02/2014 || 9.3.3 || 9.33 || 0d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1912 CVE-2014-1912 ] || {{Pkg|python}} {{Pkg|python2}} || 07/02/2014 || || || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4496 CVE-2013-4496 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6442 CVE-2013-6442 ] || {{Pkg|samba}} || 14/03/2014 ||{{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0504 CVE-2014-0504 ] || {{Pkg|flashplugin}} || 12/03/2014 || {{Bug|39385}} || 11.2.202.346 || 1d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0106 CVE-2014-0106] || {{Pkg|sudo}}/1.8.9.p5 || || 1.8.10 || || - || fixed<br />
|-<br />
| CVE-2014-2285 CVE-2014-2284 || {{Pkg|net-snmp}} || 05/03/2014 || {{Bug|39190}} || || 8d<br />
|-<br />
| CVE-2014-0092 || {{Pkg|gnutls}} || 04/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2242 CVE-2014-2243 CVE-2014-2244 || {{Pkg|mediawiki}} || 14/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2096 CVE-2014-2093 || {{Pkg|catfish}} || 25/02/2014 || || || ??<br />
|-<br />
| CVE-2014-0497|| {{Pkg|flashplugin}} || 04/02/2014 || || || 1d<br />
|-<br />
| CVE-2014-0015 || {{Pkg|curl}} || 29/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-1610 || {{Pkg|mediawiki}} || 29/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-0021 || {{Pkg|chrony}} || 17/01/2014 || || || 14d<br />
|-<br />
| CVE-2014-1875 || {{Pkg|perl-capture-tiny}} || 06/02/2014 || {{Bug|38862}} || || 4d<br />
|-<br />
| CVE-2013-6493 || {{Pkg|icedtea-web-jav}} || 05/02/2014 || || || 0d<br />
|- <br />
| CVE-2014-1858 CVE-2014-1859 || {{Pkg|python-numpy}} || 06/02/2014 || {{Bug|38863}} || || 4d<br />
|-<br />
| CVE-2014-1932 CVE-2014-1933 || {{Pkg|python-pillow}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1934 || {{Pkg|python-eyed3}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1935 || {{Pkg|9base}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1949 || {{Pkg|cinnamon-screensaver}} || 12/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1959 || {{Pkg|gnutls}} || 13/02/2014 || || || 2d<br />
|- <br />
| CVE-2014-2015 || {{Pkg|freeradius}} || 16/02/2014 || || || ??<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1943 CVE-2014-1943 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2270 CVE-2014-2270 ] || {{Pkg|file}} || 10/02/2014 || || || 2d<br />
|-<br />
| CVE-2014-0001 CVE-2014-0412<br> CVE-2014-0437 CVE-2014-0420 <br> CVE-2014-0393 CVE-2014-0386 <br> CVE-2014-0401 CVE-2014-0402 || {{Pkg|mariadb}} || 13/02/2013 || || || -13d<br />
|-<br />
| CVE-2014-1447 || {{Pkg|libvirt}} || 16/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-0979 || lightdm-gtk* || 07/01/2014 || {{Bug|38715}} || || 25d<br />
|-<br />
| CVE-2014-1475 CVE-2014-1476 || {{Pkg|drupal}} || 15/01/2014 || || || 12d<br />
|-<br />
| CVE-2014-0019 || {{Pkg|socat}} || 29/01/2014 || || || 0d<br />
|- <br />
| CVE-2014-1845 CVE-2014-1846 || {{Pkg|enlightment}} || 03/02/2014 || || || -3d<br />
|-<br />
| CVE-2014-1838 CVE-2014-1839 || {{Pkg|python-logilab}} || 31/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-0368 CVE-2014-0373 <br> CVE-2014-0376 CVE-2014-0411 <br> CVE-2014-0416 CVE-2014-0422 <br> CVE-2014-0423 CVE-2014-0428 || *-openjdk-* || 15/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-1402 || {{Pkg|python-jinja}} || 10/01/2014 || || || 1d<br />
|-<br />
| CVE-2013-6462 || {{Pkg|libxfont}} || 07/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-1235 || {{Pkg|graphviz}} || 07/01/2014 || {{Bug|38441}} || || 3d<br />
|-<br />
| CVE-2014-0978 || {{Pkg|freerdp}} || 02/01/2014 || {{Bug|38802}} || || ??<br />
|-<br />
|}</div>
RbN
https://wiki.archlinux.org/index.php?title=CVE&diff=306907
CVE
2014-03-24T21:39:42Z
<p>RbN: /* Documented Resolved CVE's */</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Stub|Draft of a table conaining already corrected CVE<br />
TODO: -improve sexyness of the table <br />
- links to Mitre for CVE-id<br />
}}<br />
<br />
{{Related articles start}}<br />
{{Related | Arch_CVE_Monitoring_Team}}<br />
{{Related articles end}}<br />
This article documents [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's) that are found and fixed in Arch Linux. <br />
<br />
==Introduction==<br />
CVE's represent critical security vulnerabilities which must be addressed as quickly as possible. <br />
<br />
Once a CVE has been located and fixed, it is added to the CVE documentation table below.<br />
<br />
==Helping==<br />
This is a community driven project. Please consider joining the [[Arch_CVE_Monitoring_Team | Arch CVE Monitoring Team]]. <br />
<br />
Also, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch security mailing list]. There is an IRC on irc://irc.freenode.net/archlinux-security.<br />
<br />
==Procedure==<br />
<br />
When adding a CVE to the table, add it to the TOP of the table. In the "CVE-id", "package/version", and "Update/bug" columns, create the entry as a hyperlink to the appropriate URL, respectively.<br />
<br />
<br />
The following template may be used to faciliate CVE entries into the table. The first line, "|-" represents the creation of a new row in the table, while the second line should be modified per CVE. <br />
{{hc|CVE Table Addition Template|<nowiki>|-<br />
| [http://link.to.cve CVE-2014-????] || {{Pkg|pkgname}} || date_public || update/bug || fixed_version || time_vulnerable || status (fixed|pending) </nowiki> }}<br />
<br />
The above template should be added after the line<br />
{{bc|<nowiki>! scope="col" width="125px" data-sort-type="text" | CVE-id !! package/version !! Date public !! Update/bug !! Fixed version !! Time vulnerable !! Status</nowiki>}}<br />
<br />
==Documented Resolved CVE's ==<br />
<br><br />
{{Note|Refer to the [[#Procedure]] section when adding new entries.}}<br />
<br />
<br />
{| class="wikitable" style="margin: 1em auto 1em auto; text-align: center;" width="50%"<br />
|height="50px" colspan="7" style="font-size: 125%;"| '''RESOLVED CVE's'''<br />
|-<br />
! scope="col" width="125px" data-sort-type="text" | CVE-id !! package/version !! Date public !! Update/bug !! Fixed version !! Time vulnerable !! Status<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2029 CVE-2014-2029 ]|| {{Pkg|xtrabackup}} || 16/02/2014 || 2.1.7 || 2.1.8 || 28d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1958 CVE-2014-1958 ][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2030 CVE-2014-2030 ]|| {{Pkg|imagemagick}} || || || 6.8.8.9-1 || ? || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1943 CVE-2014-1943 ][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2270 CVE-2014-2270 ]|| {{Pkg|php}} || 06/03/2014 || 5.5.9 || 5.5.110 || -1d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0404 CVE-2014-0404 ][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-04046 CVE-2014-0406 ][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0407 CVE-2014-0407 ] || {{Pkg|virtualbox}} || 28/02/2014 || 4.3.4 || 4.3.6 || ? || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2323 CVE-2014-2323 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2324 CVE-2014-2324 ] || {{Pkg|lighttpd}} || 12/03/2014 || 1.4.34 || 1.4.35 || 0d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0333 CVE-2014-0333 ] || {{Pkg|libpng}} || 28/02/2014 || 1.6.9 || 1.6.10 || 9d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0017 CVE-2014-0017 ] || {{Pkg|libssh}} || 04/03/2014 || - || 3.5.7.29 || 5d || fixed <br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/628 CVE-2013-7339] || {{Pkg|linux}} <3.5.7.29|| 20/03/2014 || - || 3.5.7.29 || 0d || fixed <br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2568 CVE-2014-2568] || {{Pkg|linux}} || 18/03/2014 || {{Bug|39566}} || - || - || invalid <br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2524 CVE-2014-2524] || {{Pkg|tigervnc}} || 19/03/2014 || - || 1.3.1 || 1d || FIXED<br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/595 CVE-2013-7338] || {{Pkg|python}} || 19/03/2014 || {{Bug|39540}} || 3.4 beta3 || 2013-12-27:? || pending 3.4 -> [extra]<br />
|-<br />
| [http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html CVE-2014-0133 ] || {{Pkg|nginx}} || 18/03/2014 || - || 1.4.7 || 0d || fixed<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2013-7336 CVE-2013-7336 ] || {{Pkg|libvirt}} || 19/09/2013 || - || libvirt-1.1.1-7.el7 || 0d || fixed<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2523 CVE-2014-2523 ] || {{Pkg|linux}} || 17/03/2014 || - || 3.13-rc5 || ? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0004 CVE-2014-0004 ] || {{Pkg|udisks2}} {{Pkg|udisks}} || 10/03/2014 || 2.1.3 1.0.5 || 2.1.3 1.0.5 || 3d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2281 CVE-2014-2281 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2283 CVE-2014-2283 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2299 CVE-2014-2299 ] || {{Pkg|wireshark}} || 10/03/2014 || 1.10.6 || 1.10.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0050 CVE-2014-0050 ] || {{Pkg|tomcat7}} || 06/02/2014 || 7.0.51 || 7.0.51 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0033 CVE-2014-0033 ] || {{Pkg|tomcat6}} || 10/01/2014 || 6.0.37 || 6.0.37 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0032 CVE-2014-0032 ] || {{Pkg|subversion}} || 10/01/2014 || 1.8.6 || 1.8.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0060 CVE-2014-0060 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0061 CVE-2014-0061 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0062 CVE-2014-0062 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0063 CVE-2014-0063 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0064 CVE-2014-0064] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0065 CVE-2014-0065] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0066 CVE-2014-0066] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0067 CVE-2014-0067] || {{Pkg|postgresql}} || 20/02/2014 || 9.3.3 || 9.33 || 0d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1912 CVE-2014-1912 ] || {{Pkg|python}} {{Pkg|python2}} || 07/02/2014 || || || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4496 CVE-2013-4496 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6442 CVE-2013-6442 ] || {{Pkg|samba}} || 14/03/2014 ||{{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0504 CVE-2014-0504 ] || {{Pkg|flashplugin}} || 12/03/2014 || {{Bug|39385}} || 11.2.202.346 || 1d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0106 CVE-2014-0106] || {{Pkg|sudo}}/1.8.9.p5 || || 1.8.10 || || - || fixed<br />
|-<br />
| CVE-2014-2285 CVE-2014-2284 || {{Pkg|net-snmp}} || 05/03/2014 || {{Bug|39190}} || || 8d<br />
|-<br />
| CVE-2014-0092 || {{Pkg|gnutls}} || 04/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2242 CVE-2014-2243 CVE-2014-2244 || {{Pkg|mediawiki}} || 14/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2096 CVE-2014-2093 || {{Pkg|catfish}} || 25/02/2014 || || || ??<br />
|-<br />
| CVE-2014-0497|| {{Pkg|flashplugin}} || 04/02/2014 || || || 1d<br />
|-<br />
| CVE-2014-0015 || {{Pkg|curl}} || 29/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-1610 || {{Pkg|mediawiki}} || 29/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-0021 || {{Pkg|chrony}} || 17/01/2014 || || || 14d<br />
|-<br />
| CVE-2014-1875 || {{Pkg|perl-capture-tiny}} || 06/02/2014 || {{Bug|38862}} || || 4d<br />
|-<br />
| CVE-2013-6493 || {{Pkg|icedtea-web-jav}} || 05/02/2014 || || || 0d<br />
|- <br />
| CVE-2014-1858 CVE-2014-1859 || {{Pkg|python-numpy}} || 06/02/2014 || {{Bug|38863}} || || 4d<br />
|-<br />
| CVE-2014-1932 CVE-2014-1933 || {{Pkg|python-pillow}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1934 || {{Pkg|python-eyed3}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1935 || {{Pkg|9base}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1949 || {{Pkg|cinnamon-screensaver}} || 12/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1959 || {{Pkg|gnutls}} || 13/02/2014 || || || 2d<br />
|- <br />
| CVE-2014-2015 || {{Pkg|freeradius}} || 16/02/2014 || || || ??<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1943 CVE-2014-1943 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2270 CVE-2014-2270 ] || {{Pkg|file}} || 10/02/2014 || || || 2d<br />
|-<br />
| CVE-2014-0001 CVE-2014-0412<br> CVE-2014-0437 CVE-2014-0420 <br> CVE-2014-0393 CVE-2014-0386 <br> CVE-2014-0401 CVE-2014-0402 || {{Pkg|mariadb}} || 13/02/2013 || || || -13d<br />
|-<br />
| CVE-2014-1447 || {{Pkg|libvirt}} || 16/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-0979 || lightdm-gtk* || 07/01/2014 || {{Bug|38715}} || || 25d<br />
|-<br />
| CVE-2014-1475 CVE-2014-1476 || {{Pkg|drupal}} || 15/01/2014 || || || 12d<br />
|-<br />
| CVE-2014-0019 || {{Pkg|socat}} || 29/01/2014 || || || 0d<br />
|- <br />
| CVE-2014-1845 CVE-2014-1846 || {{Pkg|enlightment}} || 03/02/2014 || || || -3d<br />
|-<br />
| CVE-2014-1838 CVE-2014-1839 || {{Pkg|python-logilab}} || 31/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-0368 CVE-2014-0373 <br> CVE-2014-0376 CVE-2014-0411 <br> CVE-2014-0416 CVE-2014-0422 <br> CVE-2014-0423 CVE-2014-0428 || *-openjdk-* || 15/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-1402 || {{Pkg|python-jinja}} || 10/01/2014 || || || 1d<br />
|-<br />
| CVE-2013-6462 || {{Pkg|libxfont}} || 07/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-1235 || {{Pkg|graphviz}} || 07/01/2014 || {{Bug|38441}} || || 3d<br />
|-<br />
| CVE-2014-0978 || {{Pkg|freerdp}} || 02/01/2014 || {{Bug|38802}} || || ??<br />
|-<br />
|}</div>
RbN
https://wiki.archlinux.org/index.php?title=CVE&diff=306904
CVE
2014-03-24T21:38:20Z
<p>RbN: /* Documented Resolved CVE's */</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Stub|Draft of a table conaining already corrected CVE<br />
TODO: -improve sexyness of the table <br />
- links to Mitre for CVE-id<br />
}}<br />
<br />
{{Related articles start}}<br />
{{Related | Arch_CVE_Monitoring_Team}}<br />
{{Related articles end}}<br />
This article documents [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's) that are found and fixed in Arch Linux. <br />
<br />
==Introduction==<br />
CVE's represent critical security vulnerabilities which must be addressed as quickly as possible. <br />
<br />
Once a CVE has been located and fixed, it is added to the CVE documentation table below.<br />
<br />
==Helping==<br />
This is a community driven project. Please consider joining the [[Arch_CVE_Monitoring_Team | Arch CVE Monitoring Team]]. <br />
<br />
Also, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch security mailing list]. There is an IRC on irc://irc.freenode.net/archlinux-security.<br />
<br />
==Procedure==<br />
<br />
When adding a CVE to the table, add it to the TOP of the table. In the "CVE-id", "package/version", and "Update/bug" columns, create the entry as a hyperlink to the appropriate URL, respectively.<br />
<br />
<br />
The following template may be used to faciliate CVE entries into the table. The first line, "|-" represents the creation of a new row in the table, while the second line should be modified per CVE. <br />
{{hc|CVE Table Addition Template|<nowiki>|-<br />
| [http://link.to.cve CVE-2014-????] || {{Pkg|pkgname}} || date_public || update/bug || fixed_version || time_vulnerable || status (fixed|pending) </nowiki> }}<br />
<br />
The above template should be added after the line<br />
{{bc|<nowiki>! scope="col" width="125px" data-sort-type="text" | CVE-id !! package/version !! Date public !! Update/bug !! Fixed version !! Time vulnerable !! Status</nowiki>}}<br />
<br />
==Documented Resolved CVE's ==<br />
<br><br />
{{Note|Refer to the [[#Procedure]] section when adding new entries.}}<br />
<br />
<br />
{| class="wikitable" style="margin: 1em auto 1em auto; text-align: center;" width="50%"<br />
|height="50px" colspan="7" style="font-size: 125%;"| '''RESOLVED CVE's'''<br />
|-<br />
! scope="col" width="125px" data-sort-type="text" | CVE-id !! package/version !! Date public !! Update/bug !! Fixed version !! Time vulnerable !! Status<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2029 CVE-2014-2029 ]|| {{Pkg|xtrabackup}} || 16/02/2014 || 2.1.7 || 2.1.8 || 28d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1958 CVE-2014-1958 ][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2030 CVE-2014-2030 ]|| {{Pkg|imagemagick}} || || || 6.8.8.9-1 || ? || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1943 CVE-2014-1943 ][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2270 CVE-2014-2270 ]|| {{Pkg|php}} || 06/03/2014 || 5.5.9 || 5.5.110 || -1d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0404 CVE-2014-0404 ][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-04046 CVE-2014-0406 ][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0407 CVE-2014-0407 ] || {{Pkg|virtualbox}} || 28/02/2014 || 4.3.4 || 4.3.6 || ? || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2323 CVE-2014-2323 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2324 CVE-2014-2324 ] || {{Pkg|lighttpd}} || 12/03/2014 || 1.4.34 || 1.4.35 || 0d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0333 CVE-2014-0333 ] || {{Pkg|libpng}} || 28/02/2014 || 1.6.9 || 1.6.10 || 9d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0017 CVE-2014-0017 ] || {{Pkg|libssh}} || 04/03/2014 || - || 3.5.7.29 || 5d || fixed <br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/628 CVE-2013-7339] || {{Pkg|linux}} <3.5.7.29|| 20/03/2014 || - || 3.5.7.29 || 0d || fixed <br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2568 CVE-2014-2568] || {{Pkg|linux}} || 18/03/2014 || {{Bug|39566}} || - || - || invalid <br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2524 CVE-2014-2524] || {{Pkg|tigervnc}} || 19/03/2014 || - || 1.3.1 || 1d || FIXED<br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/595 CVE-2013-7338] || {{Pkg|python}} || 19/03/2014 || {{Bug|39540}} || 3.4 beta3 || 2013-12-27:? || pending 3.4 -> [extra]<br />
|-<br />
| [http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html CVE-2014-0133 ] || {{Pkg|nginx}} || 18/03/2014 || - || 1.4.7 || 0d || fixed<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2013-7336 CVE-2013-7336 ] || {{Pkg|libvirt}} || 19/09/2013 || - || libvirt-1.1.1-7.el7 || 0d || fixed<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2523 CVE-2014-2523 ] || {{Pkg|linux}} || 17/03/2014 || - || 3.13-rc5 || ? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0004 CVE-2014-0004 ] || {{Pkg|udisks2}} {{Pkg|udisks}} || 10/03/2014 || 2.1.3 1.0.5 || 2.1.3 1.0.5 || 3d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2281 CVE-2014-2281 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2283 CVE-2014-2283 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2299 CVE-2014-2299 ] || {{Pkg|wireshark}} || 10/03/2014 || 1.10.6 || 1.10.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0050 CVE-2014-0050 ] || {{Pkg|tomcat7}} || 06/02/2014 || 7.0.51 || 7.0.51 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0033 CVE-2014-0033 ] || {{Pkg|tomcat6}} || 10/01/2014 || 6.0.37 || 6.0.37 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0032 CVE-2014-0032 ] || {{Pkg|subversion}} || 10/01/2014 || 1.8.6 || 1.8.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0060 CVE-2014-0060 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0061 CVE-2014-0061 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0062 CVE-2014-0062 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0063 CVE-2014-0063 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0064 CVE-2014-0064] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0065 CVE-2014-0065] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0066 CVE-2014-0066] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0067 CVE-2014-0067] || {{Pkg|postgresql}} || 20/02/2014 || 9.3.3 || 9.33 || 0d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1912 CVE-2014-1912 ] || {{Pkg|python}} {{Pkg|python2}} || 07/02/2014 || || || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4496 CVE-2013-4496 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6442 CVE-2013-6442 ] || {{Pkg|samba}} || 14/03/2014 ||{{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0504 CVE-2014-0504 ] || {{Pkg|flashplugin}} || 12/03/2014 || {{Bug|39385}} || 11.2.202.346 || 1d || fixed<br />
|-<br />
| CVE-2014-0106 || {{Pkg|sudo}}/1.8.9.p5 || || 1.8.10 || || - || pending<br />
|-<br />
| CVE-2014-2285 CVE-2014-2284 || {{Pkg|net-snmp}} || 05/03/2014 || {{Bug|39190}} || || 8d<br />
|-<br />
| CVE-2014-0092 || {{Pkg|gnutls}} || 04/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2242 CVE-2014-2243 CVE-2014-2244 || {{Pkg|mediawiki}} || 14/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2096 CVE-2014-2093 || {{Pkg|catfish}} || 25/02/2014 || || || ??<br />
|-<br />
| CVE-2014-0497|| {{Pkg|flashplugin}} || 04/02/2014 || || || 1d<br />
|-<br />
| CVE-2014-0015 || {{Pkg|curl}} || 29/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-1610 || {{Pkg|mediawiki}} || 29/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-0021 || {{Pkg|chrony}} || 17/01/2014 || || || 14d<br />
|-<br />
| CVE-2014-1875 || {{Pkg|perl-capture-tiny}} || 06/02/2014 || {{Bug|38862}} || || 4d<br />
|-<br />
| CVE-2013-6493 || {{Pkg|icedtea-web-jav}} || 05/02/2014 || || || 0d<br />
|- <br />
| CVE-2014-1858 CVE-2014-1859 || {{Pkg|python-numpy}} || 06/02/2014 || {{Bug|38863}} || || 4d<br />
|-<br />
| CVE-2014-1932 CVE-2014-1933 || {{Pkg|python-pillow}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1934 || {{Pkg|python-eyed3}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1935 || {{Pkg|9base}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1949 || {{Pkg|cinnamon-screensaver}} || 12/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1959 || {{Pkg|gnutls}} || 13/02/2014 || || || 2d<br />
|- <br />
| CVE-2014-2015 || {{Pkg|freeradius}} || 16/02/2014 || || || ??<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1943 CVE-2014-1943 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2270 CVE-2014-2270 ] || {{Pkg|file}} || 10/02/2014 || || || 2d<br />
|-<br />
| CVE-2014-0001 CVE-2014-0412<br> CVE-2014-0437 CVE-2014-0420 <br> CVE-2014-0393 CVE-2014-0386 <br> CVE-2014-0401 CVE-2014-0402 || {{Pkg|mariadb}} || 13/02/2013 || || || -13d<br />
|-<br />
| CVE-2014-1447 || {{Pkg|libvirt}} || 16/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-0979 || lightdm-gtk* || 07/01/2014 || {{Bug|38715}} || || 25d<br />
|-<br />
| CVE-2014-1475 CVE-2014-1476 || {{Pkg|drupal}} || 15/01/2014 || || || 12d<br />
|-<br />
| CVE-2014-0019 || {{Pkg|socat}} || 29/01/2014 || || || 0d<br />
|- <br />
| CVE-2014-1845 CVE-2014-1846 || {{Pkg|enlightment}} || 03/02/2014 || || || -3d<br />
|-<br />
| CVE-2014-1838 CVE-2014-1839 || {{Pkg|python-logilab}} || 31/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-0368 CVE-2014-0373 <br> CVE-2014-0376 CVE-2014-0411 <br> CVE-2014-0416 CVE-2014-0422 <br> CVE-2014-0423 CVE-2014-0428 || *-openjdk-* || 15/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-1402 || {{Pkg|python-jinja}} || 10/01/2014 || || || 1d<br />
|-<br />
| CVE-2013-6462 || {{Pkg|libxfont}} || 07/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-1235 || {{Pkg|graphviz}} || 07/01/2014 || {{Bug|38441}} || || 3d<br />
|-<br />
| CVE-2014-0978 || {{Pkg|freerdp}} || 02/01/2014 || {{Bug|38802}} || || ??<br />
|-<br />
|}</div>
RbN
https://wiki.archlinux.org/index.php?title=CVE&diff=306900
CVE
2014-03-24T21:36:36Z
<p>RbN: /* Documented Resolved CVE's */</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Stub|Draft of a table conaining already corrected CVE<br />
TODO: -improve sexyness of the table <br />
- links to Mitre for CVE-id<br />
}}<br />
<br />
{{Related articles start}}<br />
{{Related | Arch_CVE_Monitoring_Team}}<br />
{{Related articles end}}<br />
This article documents [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's) that are found and fixed in Arch Linux. <br />
<br />
==Introduction==<br />
CVE's represent critical security vulnerabilities which must be addressed as quickly as possible. <br />
<br />
Once a CVE has been located and fixed, it is added to the CVE documentation table below.<br />
<br />
==Helping==<br />
This is a community driven project. Please consider joining the [[Arch_CVE_Monitoring_Team | Arch CVE Monitoring Team]]. <br />
<br />
Also, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch security mailing list]. There is an IRC on irc://irc.freenode.net/archlinux-security.<br />
<br />
==Procedure==<br />
<br />
When adding a CVE to the table, add it to the TOP of the table. In the "CVE-id", "package/version", and "Update/bug" columns, create the entry as a hyperlink to the appropriate URL, respectively.<br />
<br />
<br />
The following template may be used to faciliate CVE entries into the table. The first line, "|-" represents the creation of a new row in the table, while the second line should be modified per CVE. <br />
{{hc|CVE Table Addition Template|<nowiki>|-<br />
| [http://link.to.cve CVE-2014-????] || {{Pkg|pkgname}} || date_public || update/bug || fixed_version || time_vulnerable || status (fixed|pending) </nowiki> }}<br />
<br />
The above template should be added after the line<br />
{{bc|<nowiki>! scope="col" width="125px" data-sort-type="text" | CVE-id !! package/version !! Date public !! Update/bug !! Fixed version !! Time vulnerable !! Status</nowiki>}}<br />
<br />
==Documented Resolved CVE's ==<br />
<br><br />
{{Note|Refer to the [[#Procedure]] section when adding new entries.}}<br />
<br />
<br />
{| class="wikitable" style="margin: 1em auto 1em auto; text-align: center;" width="50%"<br />
|height="50px" colspan="7" style="font-size: 125%;"| '''RESOLVED CVE's'''<br />
|-<br />
! scope="col" width="125px" data-sort-type="text" | CVE-id !! package/version !! Date public !! Update/bug !! Fixed version !! Time vulnerable !! Status<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2029 CVE-2014-2029 ]|| {{Pkg|xtrabackup}} || 16/02/2014 || 2.1.7 || 2.1.8 || 28d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1958 CVE-2014-1958 ][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2030 CVE-2014-2030 ]|| {{Pkg|imagemagick}} || || || 6.8.8.9-1 || ? || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1943 CVE-2014-1943 ][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2270 CVE-2014-2270 ]|| {{Pkg|php}} || 06/03/2014 || 5.5.9 || 5.5.110 || -1d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0404 CVE-2014-0404 ][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-04046 CVE-2014-0406 ][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0407 CVE-2014-0407 ] || {{Pkg|virtualbox}} || 28/02/2014 || 4.3.4 || 4.3.6 || ? || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2323 CVE-2014-2323 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2324 CVE-2014-2324 ] || {{Pkg|lighttpd}} || 12/03/2014 || 1.4.34 || 1.4.35 || 0d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0333 CVE-2014-0333 ] || {{Pkg|libpng}} || 28/02/2014 || 1.6.9 || 1.6.10 || 9d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0017 CVE-2014-0017 ] || {{Pkg|libssh}} || 04/03/2014 || - || 3.5.7.29 || 5d || fixed <br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/628 CVE-2013-7339] || {{Pkg|linux}} <3.5.7.29|| 20/03/2014 || - || 3.5.7.29 || 0d || fixed <br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2568 CVE-2014-2568] || {{Pkg|linux}} || 18/03/2014 || {{Bug|39566}} || - || - || invalid <br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2524 CVE-2014-2524] || {{Pkg|tigervnc}} || 19/03/2014 || - || 1.3.1 || 1d || FIXED<br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/595 CVE-2013-7338] || {{Pkg|python}} || 19/03/2014 || {{Bug|39540}} || 3.4 beta3 || 2013-12-27:? || pending 3.4 -> [extra]<br />
|-<br />
| [http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html CVE-2014-0133 ] || {{Pkg|nginx}} || 18/03/2014 || - || 1.4.7 || 0d || fixed<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2013-7336 CVE-2013-7336 ] || {{Pkg|libvirt}} || 19/09/2013 || - || libvirt-1.1.1-7.el7 || 0d || fixed<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2523 CVE-2014-2523 ] || {{Pkg|linux}} || 17/03/2014 || - || 3.13-rc5 || ? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0004 CVE-2014-0004 ] || {{Pkg|udisks2}} {{Pkg|udisks}} || 10/03/2014 || 2.1.3 1.0.5 || 2.1.3 1.0.5 || 3d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2281 CVE-2014-2281 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2283 CVE-2014-2283 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2299 CVE-2014-2299 ] || {{Pkg|wireshark}} || 10/03/2014 || 1.10.6 || 1.10.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0050 CVE-2014-0050 ] || {{Pkg|tomcat7}} || 06/02/2014 || 7.0.51 || 7.0.51 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0033 CVE-2014-0033 ] || {{Pkg|tomcat6}} || 10/01/2014 || 6.0.37 || 6.0.37 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0032 CVE-2014-0032 ] || {{Pkg|subversion}} || 10/01/2014 || 1.8.6 || 1.8.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0060 CVE-2014-0060 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0061 CVE-2014-0061 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0062 CVE-2014-0062 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0063 CVE-2014-0063 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0064 CVE-2014-0064] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0065 CVE-2014-0065] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0066 CVE-2014-0066] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0067 CVE-2014-0067] || {{Pkg|postgresql}} || 20/02/2014 || 9.3.3 || 9.33 || 0d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1912 CVE-2014-1912 ] || {{Pkg|python}} {{Pkg|python2}} || 07/02/2014 || || || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4496 CVE-2013-4496 ] || {{Pkg|samba}}|| 14/03/2014 || {{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6442 CVE-2013-6442 ] || {{Pkg|samba}} || 14/03/2014 ||{{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0504 CVE-2014-0504 ] || {{Pkg|flashplugin}} || 12/03/2014 || {{Bug|39385}} || 11.2.202.346 || 1d || fixed<br />
|-<br />
| CVE-2014-0106 || {{Pkg|sudo}}/1.8.9.p5 || || 1.8.10 || || - || pending<br />
|-<br />
| CVE-2014-2285 CVE-2014-2284 || {{Pkg|net-snmp}} || 05/03/2014 || {{Bug|39190}} || || 8d<br />
|-<br />
| CVE-2014-0092 || {{Pkg|gnutls}} || 04/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2242 CVE-2014-2243 CVE-2014-2244 || {{Pkg|mediawiki}} || 14/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2096 CVE-2014-2093 || {{Pkg|catfish}} || 25/02/2014 || || || ??<br />
|-<br />
| CVE-2014-0497|| {{Pkg|flashplugin}} || 04/02/2014 || || || 1d<br />
|-<br />
| CVE-2014-0015 || {{Pkg|curl}} || 29/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-1610 || {{Pkg|mediawiki}} || 29/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-0021 || {{Pkg|chrony}} || 17/01/2014 || || || 14d<br />
|-<br />
| CVE-2014-1875 || {{Pkg|perl-capture-tiny}} || 06/02/2014 || {{Bug|38862}} || || 4d<br />
|-<br />
| CVE-2013-6493 || {{Pkg|icedtea-web-jav}} || 05/02/2014 || || || 0d<br />
|- <br />
| CVE-2014-1858 CVE-2014-1859 || {{Pkg|python-numpy}} || 06/02/2014 || {{Bug|38863}} || || 4d<br />
|-<br />
| CVE-2014-1932 CVE-2014-1933 || {{Pkg|python-pillow}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1934 || {{Pkg|python-eyed3}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1935 || {{Pkg|9base}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1949 || {{Pkg|cinnamon-screensaver}} || 12/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1959 || {{Pkg|gnutls}} || 13/02/2014 || || || 2d<br />
|- <br />
| CVE-2014-2015 || {{Pkg|freeradius}} || 16/02/2014 || || || ??<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1943 CVE-2014-1943 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2270 CVE-2014-2270 ] || {{Pkg|file}} || 10/02/2014 || || || 2d<br />
|-<br />
| CVE-2014-0001 CVE-2014-0412<br> CVE-2014-0437 CVE-2014-0420 <br> CVE-2014-0393 CVE-2014-0386 <br> CVE-2014-0401 CVE-2014-0402 || {{Pkg|mariadb}} || 13/02/2013 || || || -13d<br />
|-<br />
| CVE-2014-1447 || {{Pkg|libvirt}} || 16/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-0979 || lightdm-gtk* || 07/01/2014 || {{Bug|38715}} || || 25d<br />
|-<br />
| CVE-2014-1475 CVE-2014-1476 || {{Pkg|drupal}} || 15/01/2014 || || || 12d<br />
|-<br />
| CVE-2014-0019 || {{Pkg|socat}} || 29/01/2014 || || || 0d<br />
|- <br />
| CVE-2014-1845 CVE-2014-1846 || {{Pkg|enlightment}} || 03/02/2014 || || || -3d<br />
|-<br />
| CVE-2014-1838 CVE-2014-1839 || {{Pkg|python-logilab}} || 31/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-0368 CVE-2014-0373 <br> CVE-2014-0376 CVE-2014-0411 <br> CVE-2014-0416 CVE-2014-0422 <br> CVE-2014-0423 CVE-2014-0428 || *-openjdk-* || 15/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-1402 || {{Pkg|python-jinja}} || 10/01/2014 || || || 1d<br />
|-<br />
| CVE-2013-6462 || {{Pkg|libxfont}} || 07/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-1235 || {{Pkg|graphviz}} || 07/01/2014 || {{Bug|38441}} || || 3d<br />
|-<br />
| CVE-2014-0978 || {{Pkg|freerdp}} || 02/01/2014 || {{Bug|38802}} || || ??<br />
|-<br />
|}</div>
RbN
https://wiki.archlinux.org/index.php?title=CVE&diff=306899
CVE
2014-03-24T21:33:10Z
<p>RbN: /* Documented Resolved CVE's */</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Stub|Draft of a table conaining already corrected CVE<br />
TODO: -improve sexyness of the table <br />
- links to Mitre for CVE-id<br />
}}<br />
<br />
{{Related articles start}}<br />
{{Related | Arch_CVE_Monitoring_Team}}<br />
{{Related articles end}}<br />
This article documents [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's) that are found and fixed in Arch Linux. <br />
<br />
==Introduction==<br />
CVE's represent critical security vulnerabilities which must be addressed as quickly as possible. <br />
<br />
Once a CVE has been located and fixed, it is added to the CVE documentation table below.<br />
<br />
==Helping==<br />
This is a community driven project. Please consider joining the [[Arch_CVE_Monitoring_Team | Arch CVE Monitoring Team]]. <br />
<br />
Also, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch security mailing list]. There is an IRC on irc://irc.freenode.net/archlinux-security.<br />
<br />
==Procedure==<br />
<br />
When adding a CVE to the table, add it to the TOP of the table. In the "CVE-id", "package/version", and "Update/bug" columns, create the entry as a hyperlink to the appropriate URL, respectively.<br />
<br />
<br />
The following template may be used to faciliate CVE entries into the table. The first line, "|-" represents the creation of a new row in the table, while the second line should be modified per CVE. <br />
{{hc|CVE Table Addition Template|<nowiki>|-<br />
| [http://link.to.cve CVE-2014-????] || {{Pkg|pkgname}} || date_public || update/bug || fixed_version || time_vulnerable || status (fixed|pending) </nowiki> }}<br />
<br />
The above template should be added after the line<br />
{{bc|<nowiki>! scope="col" width="125px" data-sort-type="text" | CVE-id !! package/version !! Date public !! Update/bug !! Fixed version !! Time vulnerable !! Status</nowiki>}}<br />
<br />
==Documented Resolved CVE's ==<br />
<br><br />
{{Note|Refer to the [[#Procedure]] section when adding new entries.}}<br />
<br />
<br />
{| class="wikitable" style="margin: 1em auto 1em auto; text-align: center;" width="50%"<br />
|height="50px" colspan="7" style="font-size: 125%;"| '''RESOLVED CVE's'''<br />
|-<br />
! scope="col" width="125px" data-sort-type="text" | CVE-id !! package/version !! Date public !! Update/bug !! Fixed version !! Time vulnerable !! Status<br />
<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1958 CVE-2014-1958 ][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2030 CVE-2014-2030 ]|| {{Pkg|imagemagick}} || || || 6.8.8.9-1 || ? || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1943 CVE-2014-1943 ][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2270 CVE-2014-2270 ]|| {{Pkg|php}} || 06/03/2014 || 5.5.9 || 5.5.110 || -1d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0404 CVE-2014-0404 ][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-04046 CVE-2014-0406 ][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0407 CVE-2014-0407 ] || {{Pkg|virtualbox}} || 28/02/2014 || 4.3.4 || 4.3.6 || ? || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2323 CVE-2014-2323 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2324 CVE-2014-2324 ] || {{Pkg|lighttpd}} || 12/03/2014 || 1.4.34 || 1.4.35 || 0d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0333 CVE-2014-0333 ] || {{Pkg|libpng}} || 28/02/2014 || 1.6.9 || 1.6.10 || 9d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0017 CVE-2014-0017 ] || {{Pkg|libssh}} || 04/03/2014 || - || 3.5.7.29 || 5d || fixed <br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/628 CVE-2013-7339] || {{Pkg|linux}} <3.5.7.29|| 20/03/2014 || - || 3.5.7.29 || 0d || fixed <br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2568 CVE-2014-2568] || {{Pkg|linux}} || 18/03/2014 || {{Bug|39566}} || - || - || invalid <br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2524 CVE-2014-2524] || {{Pkg|tigervnc}} || 19/03/2014 || - || 1.3.1 || 1d || FIXED<br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/595 CVE-2013-7338] || {{Pkg|python}} || 19/03/2014 || {{Bug|39540}} || 3.4 beta3 || 2013-12-27:? || pending 3.4 -> [extra]<br />
|-<br />
| [http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html CVE-2014-0133 ] || {{Pkg|nginx}} || 18/03/2014 || - || 1.4.7 || 0d || fixed<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2013-7336 CVE-2013-7336 ] || {{Pkg|libvirt}} || 19/09/2013 || - || libvirt-1.1.1-7.el7 || 0d || fixed<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2523 CVE-2014-2523 ] || {{Pkg|linux}} || 17/03/2014 || - || 3.13-rc5 || ? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0004 CVE-2014-0004 ] || {{Pkg|udisks2}} {{Pkg|udisks}} || 10/03/2014 || 2.1.3 1.0.5 || 2.1.3 1.0.5 || 3d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2281 CVE-2014-2281 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2283 CVE-2014-2283 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2299 CVE-2014-2299 ] || {{Pkg|wireshark}} || 10/03/2014 || 1.10.6 || 1.10.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0050 CVE-2014-0050 ] || {{Pkg|tomcat7}} || 06/02/2014 || 7.0.51 || 7.0.51 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0033 CVE-2014-0033 ] || {{Pkg|tomcat6}} || 10/01/2014 || 6.0.37 || 6.0.37 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0032 CVE-2014-0032 ] || {{Pkg|subversion}} || 10/01/2014 || 1.8.6 || 1.8.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0060 CVE-2014-0060 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0061 CVE-2014-0061 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0062 CVE-2014-0062 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0063 CVE-2014-0063 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0064 CVE-2014-0064] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0065 CVE-2014-0065] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0066 CVE-2014-0066] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0067 CVE-2014-0067] || {{Pkg|postgresql}} || 20/02/2014 || 9.3.3 || 9.33 || 0d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1912 CVE-2014-1912 ] || {{Pkg|python}} {{Pkg|python2}} || 07/02/2014 || || || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4496 CVE-2013-4496 ] || {{Pkg|samba}}|| 14/03/2014 || {{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6442 CVE-2013-6442 ] || {{Pkg|samba}} || 14/03/2014 ||{{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0504 CVE-2014-0504 ] || {{Pkg|flashplugin}} || 12/03/2014 || {{Bug|39385}} || 11.2.202.346 || 1d || fixed<br />
|-<br />
| CVE-2014-0106 || {{Pkg|sudo}}/1.8.9.p5 || || 1.8.10 || || - || pending<br />
|-<br />
| CVE-2014-2285 CVE-2014-2284 || {{Pkg|net-snmp}} || 05/03/2014 || {{Bug|39190}} || || 8d<br />
|-<br />
| CVE-2014-0092 || {{Pkg|gnutls}} || 04/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2242 CVE-2014-2243 CVE-2014-2244 || {{Pkg|mediawiki}} || 14/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2096 CVE-2014-2093 || {{Pkg|catfish}} || 25/02/2014 || || || ??<br />
|-<br />
| CVE-2014-0497|| {{Pkg|flashplugin}} || 04/02/2014 || || || 1d<br />
|-<br />
| CVE-2014-0015 || {{Pkg|curl}} || 29/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-1610 || {{Pkg|mediawiki}} || 29/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-0021 || {{Pkg|chrony}} || 17/01/2014 || || || 14d<br />
|-<br />
| CVE-2014-1875 || {{Pkg|perl-capture-tiny}} || 06/02/2014 || {{Bug|38862}} || || 4d<br />
|-<br />
| CVE-2013-6493 || {{Pkg|icedtea-web-jav}} || 05/02/2014 || || || 0d<br />
|- <br />
| CVE-2014-1858 CVE-2014-1859 || {{Pkg|python-numpy}} || 06/02/2014 || {{Bug|38863}} || || 4d<br />
|-<br />
| CVE-2014-1932 CVE-2014-1933 || {{Pkg|python-pillow}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1934 || {{Pkg|python-eyed3}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1935 || {{Pkg|9base}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1949 || {{Pkg|cinnamon-screensaver}} || 12/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1959 || {{Pkg|gnutls}} || 13/02/2014 || || || 2d<br />
|- <br />
| CVE-2014-2015 || {{Pkg|freeradius}} || 16/02/2014 || || || ??<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1943 CVE-2014-1943 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2270 CVE-2014-2270 ] || {{Pkg|file}} || 10/02/2014 || || || 2d<br />
|-<br />
| CVE-2014-0001 CVE-2014-0412<br> CVE-2014-0437 CVE-2014-0420 <br> CVE-2014-0393 CVE-2014-0386 <br> CVE-2014-0401 CVE-2014-0402 || {{Pkg|mariadb}} || 13/02/2013 || || || -13d<br />
|-<br />
| CVE-2014-1447 || {{Pkg|libvirt}} || 16/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-0979 || lightdm-gtk* || 07/01/2014 || {{Bug|38715}} || || 25d<br />
|-<br />
| CVE-2014-1475 CVE-2014-1476 || {{Pkg|drupal}} || 15/01/2014 || || || 12d<br />
|-<br />
| CVE-2014-0019 || {{Pkg|socat}} || 29/01/2014 || || || 0d<br />
|- <br />
| CVE-2014-1845 CVE-2014-1846 || {{Pkg|enlightment}} || 03/02/2014 || || || -3d<br />
|-<br />
| CVE-2014-1838 CVE-2014-1839 || {{Pkg|python-logilab}} || 31/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-0368 CVE-2014-0373 <br> CVE-2014-0376 CVE-2014-0411 <br> CVE-2014-0416 CVE-2014-0422 <br> CVE-2014-0423 CVE-2014-0428 || *-openjdk-* || 15/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-1402 || {{Pkg|python-jinja}} || 10/01/2014 || || || 1d<br />
|-<br />
| CVE-2013-6462 || {{Pkg|libxfont}} || 07/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-1235 || {{Pkg|graphviz}} || 07/01/2014 || {{Bug|38441}} || || 3d<br />
|-<br />
| CVE-2014-0978 || {{Pkg|freerdp}} || 02/01/2014 || {{Bug|38802}} || || ??<br />
|-<br />
|}</div>
RbN
https://wiki.archlinux.org/index.php?title=CVE&diff=306897
CVE
2014-03-24T21:30:05Z
<p>RbN: /* Documented Resolved CVE's */</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Stub|Draft of a table conaining already corrected CVE<br />
TODO: -improve sexyness of the table <br />
- links to Mitre for CVE-id<br />
}}<br />
<br />
{{Related articles start}}<br />
{{Related | Arch_CVE_Monitoring_Team}}<br />
{{Related articles end}}<br />
This article documents [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's) that are found and fixed in Arch Linux. <br />
<br />
==Introduction==<br />
CVE's represent critical security vulnerabilities which must be addressed as quickly as possible. <br />
<br />
Once a CVE has been located and fixed, it is added to the CVE documentation table below.<br />
<br />
==Helping==<br />
This is a community driven project. Please consider joining the [[Arch_CVE_Monitoring_Team | Arch CVE Monitoring Team]]. <br />
<br />
Also, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch security mailing list]. There is an IRC on irc://irc.freenode.net/archlinux-security.<br />
<br />
==Procedure==<br />
<br />
When adding a CVE to the table, add it to the TOP of the table. In the "CVE-id", "package/version", and "Update/bug" columns, create the entry as a hyperlink to the appropriate URL, respectively.<br />
<br />
<br />
The following template may be used to faciliate CVE entries into the table. The first line, "|-" represents the creation of a new row in the table, while the second line should be modified per CVE. <br />
{{hc|CVE Table Addition Template|<nowiki>|-<br />
| [http://link.to.cve CVE-2014-????] || {{Pkg|pkgname}} || date_public || update/bug || fixed_version || time_vulnerable || status (fixed|pending) </nowiki> }}<br />
<br />
The above template should be added after the line<br />
{{bc|<nowiki>! scope="col" width="125px" data-sort-type="text" | CVE-id !! package/version !! Date public !! Update/bug !! Fixed version !! Time vulnerable !! Status</nowiki>}}<br />
<br />
==Documented Resolved CVE's ==<br />
<br><br />
{{Note|Refer to the [[#Procedure]] section when adding new entries.}}<br />
<br />
<br />
{| class="wikitable" style="margin: 1em auto 1em auto; text-align: center;" width="50%"<br />
|height="50px" colspan="7" style="font-size: 125%;"| '''RESOLVED CVE's'''<br />
|-<br />
! scope="col" width="125px" data-sort-type="text" | CVE-id !! package/version !! Date public !! Update/bug !! Fixed version !! Time vulnerable !! Status<br />
<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1958 CVE-2014-1958 ][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2030 CVE-2014-2030 ]|| {{Pkg|imagemagick}} || || || 6.8.8.9-1 || ? || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1943 CVE-2014-1943 ][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2270 CVE-2014-2270 ]|| {{Pkg|php}} || 06/03/2014 || 5.5.9 || 5.5.110 || -1d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0404 CVE-2014-0404 ][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-04046 CVE-2014-0406 ][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0407 CVE-2014-0407 ] || {{Pkg|virtualbox}} || 28/02/2014 || 4.3.4 || 4.3.6 || ? || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2323 CVE-2014-2323 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2324 CVE-2014-2324 ] || {{Pkg|lighttpd}} || 12/03/2014 || 1.4.34 || 1.4.35 || 0d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0333 CVE-2014-0333 ] || {{Pkg|libpng}} || 28/02/2014 || 1.6.9 || 1.6.10 || 9d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0017 CVE-2014-0017 ] || {{Pkg|libssh}} || 04/03/2014 || - || 3.5.7.29 || 5d || fixed <br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/628 CVE-2013-7339] || {{Pkg|linux}} <3.5.7.29|| 20/03/2014 || - || 3.5.7.29 || 0d || fixed <br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2568 CVE-2014-2568] || {{Pkg|linux}} || 18/03/2014 || {{Bug|39566}} || - || - || invalid <br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2524 CVE-2014-2524] || {{Pkg|tigervnc}} || 19/03/2014 || - || 1.3.1 || 1d || FIXED<br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/595 CVE-2013-7338] || {{Pkg|python}} || 19/03/2014 || {{Bug|39540}} || 3.4 beta3 || 2013-12-27:? || pending 3.4 -> [extra]<br />
|-<br />
| [http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html CVE-2014-0133 ] || {{Pkg|nginx}} || 18/03/2014 || - || 1.4.7 || 0d || fixed<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2013-7336 CVE-2013-7336 ] || {{Pkg|libvirt}} || 19/09/2013 || - || libvirt-1.1.1-7.el7 || 0d || fixed<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2523 CVE-2014-2523 ] || {{Pkg|linux}} || 17/03/2014 || - || 3.13-rc5 || ? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0004 CVE-2014-0004 ] || {{Pkg|udisks2}} {{Pkg|udisks}} || 10/03/2014 || 2.1.3 1.0.5 || 2.1.3 1.0.5 || 3d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2281 CVE-2014-2281 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2283 CVE-2014-2283 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2299 CVE-2014-2299 ] || {{Pkg|wireshark}} || 10/03/2014 || 1.10.6 || 1.10.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0050 CVE-2014-0050 ] || {{Pkg|tomcat7}} || 06/02/2014 || 7.0.51 || 7.0.51 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0033 CVE-2014-0033 ] || {{Pkg|tomcat6}} || 10/01/2014 || 6.0.37 || 6.0.37 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0032 CVE-2014-0032 ] || {{Pkg|subversion}} || 10/01/2014 || 1.8.6 || 1.8.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0060 CVE-2014-0060 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0061 CVE-2014-0061 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0062 CVE-2014-0062 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0063 CVE-2014-0063 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0064 CVE-2014-0064] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0065 CVE-2014-0065] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0066 CVE-2014-0066] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0067 CVE-2014-0067] || {{Pkg|postgresql}} || 20/02/2014 || 9.3.3 || 9.33 || 0d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1912 CVE-2014-1912 ] || {{Pkg|python}} {{Pkg|python2}} || 07/02/2014 || || || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4496 CVE-2013-4496 ] || {{Pkg|samba}}|| 14/03/2014 || {{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6442 CVE-2013-6442 ] || {{Pkg|samba}} || 14/03/2014 ||{{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0504 CVE-2014-0504 ] || {{Pkg|flashplugin}} || 12/03/2014 || {{Bug|39385}} || 11.2.202.346 || 1d || fixed<br />
|-<br />
| CVE-2014-0106 || {{Pkg|sudo}}/1.8.9.p5 || || 1.8.10 || || - || pending<br />
|-<br />
| CVE-2014-2285 CVE-2014-2284 || {{Pkg|net-snmp}} || 05/03/2014 || {{Bug|39190}} || || 8d<br />
|-<br />
| CVE-2014-0092 || {{Pkg|gnutls}} || 04/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2242 CVE-2014-2243 <br> CVE-2014-2242 || {{Pkg|mediawiki}} || 14/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2096 CVE-2014-2093 || {{Pkg|catfish}} || 25/02/2014 || || || ??<br />
|-<br />
| CVE-2014-0497|| {{Pkg|flashplugin}} || 04/02/2014 || || || 1d<br />
|-<br />
| CVE-2014-0015 || {{Pkg|curl}} || 29/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-1610 || {{Pkg|mediawiki}} || 29/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-0021 || {{Pkg|chrony}} || 17/01/2014 || || || 14d<br />
|-<br />
| CVE-2014-1875 || {{Pkg|perl-capture-tiny}} || 06/02/2014 || {{Bug|38862}} || || 4d<br />
|-<br />
| CVE-2013-6493 || {{Pkg|icedtea-web-jav}} || 05/02/2014 || || || 0d<br />
|- <br />
| CVE-2014-1858 CVE-2014-1859 || {{Pkg|python-numpy}} || 06/02/2014 || {{Bug|38863}} || || 4d<br />
|-<br />
| CVE-2014-1932 CVE-2014-1933 || {{Pkg|python-pillow}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1934 || {{Pkg|python-eyed3}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1935 || {{Pkg|9base}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1949 || {{Pkg|cinnamon-screensaver}} || 12/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1959 || {{Pkg|gnutls}} || 13/02/2014 || || || 2d<br />
|- <br />
| CVE-2014-2015 || {{Pkg|freeradius}} || 16/02/2014 || || || ??<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1943 CVE-2014-1943 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2270 CVE-2014-2270 ] || {{Pkg|file}} || 10/02/2014 || || || 2d<br />
|-<br />
| CVE-2014-0001 CVE-2014-0412<br> CVE-2014-0437 CVE-2014-0420 <br> CVE-2014-0393 CVE-2014-0386 <br> CVE-2014-0401 CVE-2014-0402 || {{Pkg|mariadb}} || 13/02/2013 || || || -13d<br />
|-<br />
| CVE-2014-1447 || {{Pkg|libvirt}} || 16/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-0979 || lightdm-gtk* || 07/01/2014 || {{Bug|38715}} || || 25d<br />
|-<br />
| CVE-2014-1475 CVE-2014-1476 || {{Pkg|drupal}} || 15/01/2014 || || || 12d<br />
|-<br />
| CVE-2014-0019 || {{Pkg|socat}} || 29/01/2014 || || || 0d<br />
|- <br />
| CVE-2014-1845 CVE-2014-1846 || {{Pkg|enlightment}} || 03/02/2014 || || || -3d<br />
|-<br />
| CVE-2014-1838 CVE-2014-1839 || {{Pkg|python-logilab}} || 31/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-0368 CVE-2014-0373 <br> CVE-2014-0376 CVE-2014-0411 <br> CVE-2014-0416 CVE-2014-0422 <br> CVE-2014-0423 CVE-2014-0428 || *-openjdk-* || 15/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-1402 || {{Pkg|python-jinja}} || 10/01/2014 || || || 1d<br />
|-<br />
| CVE-2013-6462 || {{Pkg|libxfont}} || 07/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-1235 || {{Pkg|graphviz}} || 07/01/2014 || {{Bug|38441}} || || 3d<br />
|-<br />
| CVE-2014-0978 || {{Pkg|freerdp}} || 02/01/2014 || {{Bug|38802}} || || ??<br />
|-<br />
|}</div>
RbN
https://wiki.archlinux.org/index.php?title=CVE&diff=306896
CVE
2014-03-24T21:29:41Z
<p>RbN: /* Documented Resolved CVE's */</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Stub|Draft of a table conaining already corrected CVE<br />
TODO: -improve sexyness of the table <br />
- links to Mitre for CVE-id<br />
}}<br />
<br />
{{Related articles start}}<br />
{{Related | Arch_CVE_Monitoring_Team}}<br />
{{Related articles end}}<br />
This article documents [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's) that are found and fixed in Arch Linux. <br />
<br />
==Introduction==<br />
CVE's represent critical security vulnerabilities which must be addressed as quickly as possible. <br />
<br />
Once a CVE has been located and fixed, it is added to the CVE documentation table below.<br />
<br />
==Helping==<br />
This is a community driven project. Please consider joining the [[Arch_CVE_Monitoring_Team | Arch CVE Monitoring Team]]. <br />
<br />
Also, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch security mailing list]. There is an IRC on irc://irc.freenode.net/archlinux-security.<br />
<br />
==Procedure==<br />
<br />
When adding a CVE to the table, add it to the TOP of the table. In the "CVE-id", "package/version", and "Update/bug" columns, create the entry as a hyperlink to the appropriate URL, respectively.<br />
<br />
<br />
The following template may be used to faciliate CVE entries into the table. The first line, "|-" represents the creation of a new row in the table, while the second line should be modified per CVE. <br />
{{hc|CVE Table Addition Template|<nowiki>|-<br />
| [http://link.to.cve CVE-2014-????] || {{Pkg|pkgname}} || date_public || update/bug || fixed_version || time_vulnerable || status (fixed|pending) </nowiki> }}<br />
<br />
The above template should be added after the line<br />
{{bc|<nowiki>! scope="col" width="125px" data-sort-type="text" | CVE-id !! package/version !! Date public !! Update/bug !! Fixed version !! Time vulnerable !! Status</nowiki>}}<br />
<br />
==Documented Resolved CVE's ==<br />
<br><br />
{{Note|Refer to the [[#Procedure]] section when adding new entries.}}<br />
<br />
<br />
{| class="wikitable" style="margin: 1em auto 1em auto; text-align: center;" width="50%"<br />
|height="50px" colspan="7" style="font-size: 125%;"| '''RESOLVED CVE's'''<br />
|-<br />
! scope="col" width="125px" data-sort-type="text" | CVE-id !! package/version !! Date public !! Update/bug !! Fixed version !! Time vulnerable !! Status<br />
<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1958 CVE-2014-1958 ][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2030 CVE-2014-2030 ]|| {{Pkg|iamegpagick}} || || || 6.8.8.9-1 || ? || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1943 CVE-2014-1943 ][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2270 CVE-2014-2270 ]|| {{Pkg|php}} || 06/03/2014 || 5.5.9 || 5.5.110 || -1d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0404 CVE-2014-0404 ][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-04046 CVE-2014-0406 ][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0407 CVE-2014-0407 ] || {{Pkg|virtualbox}} || 28/02/2014 || 4.3.4 || 4.3.6 || ? || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2323 CVE-2014-2323 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2324 CVE-2014-2324 ] || {{Pkg|lighttpd}} || 12/03/2014 || 1.4.34 || 1.4.35 || 0d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0333 CVE-2014-0333 ] || {{Pkg|libpng}} || 28/02/2014 || 1.6.9 || 1.6.10 || 9d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0017 CVE-2014-0017 ] || {{Pkg|libssh}} || 04/03/2014 || - || 3.5.7.29 || 5d || fixed <br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/628 CVE-2013-7339] || {{Pkg|linux}} <3.5.7.29|| 20/03/2014 || - || 3.5.7.29 || 0d || fixed <br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2568 CVE-2014-2568] || {{Pkg|linux}} || 18/03/2014 || {{Bug|39566}} || - || - || invalid <br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2524 CVE-2014-2524] || {{Pkg|tigervnc}} || 19/03/2014 || - || 1.3.1 || 1d || FIXED<br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/595 CVE-2013-7338] || {{Pkg|python}} || 19/03/2014 || {{Bug|39540}} || 3.4 beta3 || 2013-12-27:? || pending 3.4 -> [extra]<br />
|-<br />
| [http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html CVE-2014-0133 ] || {{Pkg|nginx}} || 18/03/2014 || - || 1.4.7 || 0d || fixed<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2013-7336 CVE-2013-7336 ] || {{Pkg|libvirt}} || 19/09/2013 || - || libvirt-1.1.1-7.el7 || 0d || fixed<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2523 CVE-2014-2523 ] || {{Pkg|linux}} || 17/03/2014 || - || 3.13-rc5 || ? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0004 CVE-2014-0004 ] || {{Pkg|udisks2}} {{Pkg|udisks}} || 10/03/2014 || 2.1.3 1.0.5 || 2.1.3 1.0.5 || 3d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2281 CVE-2014-2281 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2283 CVE-2014-2283 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2299 CVE-2014-2299 ] || {{Pkg|wireshark}} || 10/03/2014 || 1.10.6 || 1.10.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0050 CVE-2014-0050 ] || {{Pkg|tomcat7}} || 06/02/2014 || 7.0.51 || 7.0.51 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0033 CVE-2014-0033 ] || {{Pkg|tomcat6}} || 10/01/2014 || 6.0.37 || 6.0.37 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0032 CVE-2014-0032 ] || {{Pkg|subversion}} || 10/01/2014 || 1.8.6 || 1.8.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0060 CVE-2014-0060 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0061 CVE-2014-0061 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0062 CVE-2014-0062 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0063 CVE-2014-0063 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0064 CVE-2014-0064] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0065 CVE-2014-0065] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0066 CVE-2014-0066] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0067 CVE-2014-0067] || {{Pkg|postgresql}} || 20/02/2014 || 9.3.3 || 9.33 || 0d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1912 CVE-2014-1912 ] || {{Pkg|python}} {{Pkg|python2}} || 07/02/2014 || || || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4496 CVE-2013-4496 ] || {{Pkg|samba}}|| 14/03/2014 || {{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6442 CVE-2013-6442 ] || {{Pkg|samba}} || 14/03/2014 ||{{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0504 CVE-2014-0504 ] || {{Pkg|flashplugin}} || 12/03/2014 || {{Bug|39385}} || 11.2.202.346 || 1d || fixed<br />
|-<br />
| CVE-2014-0106 || {{Pkg|sudo}}/1.8.9.p5 || || 1.8.10 || || - || pending<br />
|-<br />
| CVE-2014-2285 CVE-2014-2284 || {{Pkg|net-snmp}} || 05/03/2014 || {{Bug|39190}} || || 8d<br />
|-<br />
| CVE-2014-0092 || {{Pkg|gnutls}} || 04/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2242 CVE-2014-2243 <br> CVE-2014-2242 || {{Pkg|mediawiki}} || 14/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2096 CVE-2014-2093 || {{Pkg|catfish}} || 25/02/2014 || || || ??<br />
|-<br />
| CVE-2014-0497|| {{Pkg|flashplugin}} || 04/02/2014 || || || 1d<br />
|-<br />
| CVE-2014-0015 || {{Pkg|curl}} || 29/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-1610 || {{Pkg|mediawiki}} || 29/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-0021 || {{Pkg|chrony}} || 17/01/2014 || || || 14d<br />
|-<br />
| CVE-2014-1875 || {{Pkg|perl-capture-tiny}} || 06/02/2014 || {{Bug|38862}} || || 4d<br />
|-<br />
| CVE-2013-6493 || {{Pkg|icedtea-web-jav}} || 05/02/2014 || || || 0d<br />
|- <br />
| CVE-2014-1858 CVE-2014-1859 || {{Pkg|python-numpy}} || 06/02/2014 || {{Bug|38863}} || || 4d<br />
|-<br />
| CVE-2014-1932 CVE-2014-1933 || {{Pkg|python-pillow}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1934 || {{Pkg|python-eyed3}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1935 || {{Pkg|9base}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1949 || {{Pkg|cinnamon-screensaver}} || 12/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1959 || {{Pkg|gnutls}} || 13/02/2014 || || || 2d<br />
|- <br />
| CVE-2014-2015 || {{Pkg|freeradius}} || 16/02/2014 || || || ??<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1943 CVE-2014-1943 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2270 CVE-2014-2270 ] || {{Pkg|file}} || 10/02/2014 || || || 2d<br />
|-<br />
| CVE-2014-0001 CVE-2014-0412<br> CVE-2014-0437 CVE-2014-0420 <br> CVE-2014-0393 CVE-2014-0386 <br> CVE-2014-0401 CVE-2014-0402 || {{Pkg|mariadb}} || 13/02/2013 || || || -13d<br />
|-<br />
| CVE-2014-1447 || {{Pkg|libvirt}} || 16/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-0979 || lightdm-gtk* || 07/01/2014 || {{Bug|38715}} || || 25d<br />
|-<br />
| CVE-2014-1475 CVE-2014-1476 || {{Pkg|drupal}} || 15/01/2014 || || || 12d<br />
|-<br />
| CVE-2014-0019 || {{Pkg|socat}} || 29/01/2014 || || || 0d<br />
|- <br />
| CVE-2014-1845 CVE-2014-1846 || {{Pkg|enlightment}} || 03/02/2014 || || || -3d<br />
|-<br />
| CVE-2014-1838 CVE-2014-1839 || {{Pkg|python-logilab}} || 31/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-0368 CVE-2014-0373 <br> CVE-2014-0376 CVE-2014-0411 <br> CVE-2014-0416 CVE-2014-0422 <br> CVE-2014-0423 CVE-2014-0428 || *-openjdk-* || 15/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-1402 || {{Pkg|python-jinja}} || 10/01/2014 || || || 1d<br />
|-<br />
| CVE-2013-6462 || {{Pkg|libxfont}} || 07/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-1235 || {{Pkg|graphviz}} || 07/01/2014 || {{Bug|38441}} || || 3d<br />
|-<br />
| CVE-2014-0978 || {{Pkg|freerdp}} || 02/01/2014 || {{Bug|38802}} || || ??<br />
|-<br />
|}</div>
RbN
https://wiki.archlinux.org/index.php?title=CVE&diff=306895
CVE
2014-03-24T21:23:50Z
<p>RbN: /* Documented Resolved CVE's */</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Stub|Draft of a table conaining already corrected CVE<br />
TODO: -improve sexyness of the table <br />
- links to Mitre for CVE-id<br />
}}<br />
<br />
{{Related articles start}}<br />
{{Related | Arch_CVE_Monitoring_Team}}<br />
{{Related articles end}}<br />
This article documents [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's) that are found and fixed in Arch Linux. <br />
<br />
==Introduction==<br />
CVE's represent critical security vulnerabilities which must be addressed as quickly as possible. <br />
<br />
Once a CVE has been located and fixed, it is added to the CVE documentation table below.<br />
<br />
==Helping==<br />
This is a community driven project. Please consider joining the [[Arch_CVE_Monitoring_Team | Arch CVE Monitoring Team]]. <br />
<br />
Also, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch security mailing list]. There is an IRC on irc://irc.freenode.net/archlinux-security.<br />
<br />
==Procedure==<br />
<br />
When adding a CVE to the table, add it to the TOP of the table. In the "CVE-id", "package/version", and "Update/bug" columns, create the entry as a hyperlink to the appropriate URL, respectively.<br />
<br />
<br />
The following template may be used to faciliate CVE entries into the table. The first line, "|-" represents the creation of a new row in the table, while the second line should be modified per CVE. <br />
{{hc|CVE Table Addition Template|<nowiki>|-<br />
| [http://link.to.cve CVE-2014-????] || {{Pkg|pkgname}} || date_public || update/bug || fixed_version || time_vulnerable || status (fixed|pending) </nowiki> }}<br />
<br />
The above template should be added after the line<br />
{{bc|<nowiki>! scope="col" width="125px" data-sort-type="text" | CVE-id !! package/version !! Date public !! Update/bug !! Fixed version !! Time vulnerable !! Status</nowiki>}}<br />
<br />
==Documented Resolved CVE's ==<br />
<br><br />
{{Note|Refer to the [[#Procedure]] section when adding new entries.}}<br />
<br />
<br />
{| class="wikitable" style="margin: 1em auto 1em auto; text-align: center;" width="50%"<br />
|height="50px" colspan="7" style="font-size: 125%;"| '''RESOLVED CVE's'''<br />
|-<br />
! scope="col" width="125px" data-sort-type="text" | CVE-id !! package/version !! Date public !! Update/bug !! Fixed version !! Time vulnerable !! Status<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1943 CVE-2014-1943 ][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2270 CVE-2014-2270 ]|| {{Pkg|php}} || 06/03/2014 || 5.5.9 || 5.5.110 || -1d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0404 CVE-2014-0404 ][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-04046 CVE-2014-0406 ][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0407 CVE-2014-0407 ] || {{Pkg|virtualbox}} || 28/02/2014 || 4.3.4 || 4.3.6 || ? || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2323 CVE-2014-2323 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2324 CVE-2014-2324 ] || {{Pkg|lighttpd}} || 12/03/2014 || 1.4.34 || 1.4.35 || 0d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0333 CVE-2014-0333 ] || {{Pkg|libpng}} || 28/02/2014 || 1.6.9 || 1.6.10 || 9d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0017 CVE-2014-0017 ] || {{Pkg|libssh}} || 04/03/2014 || - || 3.5.7.29 || 5d || fixed <br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/628 CVE-2013-7339] || {{Pkg|linux}} <3.5.7.29|| 20/03/2014 || - || 3.5.7.29 || 0d || fixed <br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2568 CVE-2014-2568] || {{Pkg|linux}} || 18/03/2014 || {{Bug|39566}} || - || - || invalid <br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2524 CVE-2014-2524] || {{Pkg|tigervnc}} || 19/03/2014 || - || 1.3.1 || 1d || FIXED<br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/595 CVE-2013-7338] || {{Pkg|python}} || 19/03/2014 || {{Bug|39540}} || 3.4 beta3 || 2013-12-27:? || pending 3.4 -> [extra]<br />
|-<br />
| [http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html CVE-2014-0133 ] || {{Pkg|nginx}} || 18/03/2014 || - || 1.4.7 || 0d || fixed<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2013-7336 CVE-2013-7336 ] || {{Pkg|libvirt}} || 19/09/2013 || - || libvirt-1.1.1-7.el7 || 0d || fixed<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2523 CVE-2014-2523 ] || {{Pkg|linux}} || 17/03/2014 || - || 3.13-rc5 || ? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0004 CVE-2014-0004 ] || {{Pkg|udisks2}} {{Pkg|udisks}} || 10/03/2014 || 2.1.3 1.0.5 || 2.1.3 1.0.5 || 3d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2281 CVE-2014-2281 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2283 CVE-2014-2283 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2299 CVE-2014-2299 ] || {{Pkg|wireshark}} || 10/03/2014 || 1.10.6 || 1.10.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0050 CVE-2014-0050 ] || {{Pkg|tomcat7}} || 06/02/2014 || 7.0.51 || 7.0.51 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0033 CVE-2014-0033 ] || {{Pkg|tomcat6}} || 10/01/2014 || 6.0.37 || 6.0.37 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0032 CVE-2014-0032 ] || {{Pkg|subversion}} || 10/01/2014 || 1.8.6 || 1.8.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0060 CVE-2014-0060 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0061 CVE-2014-0061 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0062 CVE-2014-0062 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0063 CVE-2014-0063 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0064 CVE-2014-0064] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0065 CVE-2014-0065] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0066 CVE-2014-0066] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0067 CVE-2014-0067] || {{Pkg|postgresql}} || 20/02/2014 || 9.3.3 || 9.33 || 0d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1912 CVE-2014-1912 ] || {{Pkg|python}} {{Pkg|python2}} || 07/02/2014 || || || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4496 CVE-2013-4496 ] || {{Pkg|samba}}|| 14/03/2014 || {{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6442 CVE-2013-6442 ] || {{Pkg|samba}} || 14/03/2014 ||{{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0504 CVE-2014-0504 ] || {{Pkg|flashplugin}} || 12/03/2014 || {{Bug|39385}} || 11.2.202.346 || 1d || fixed<br />
|-<br />
| CVE-2014-0106 || {{Pkg|sudo}}/1.8.9.p5 || || 1.8.10 || || - || pending<br />
|-<br />
| CVE-2014-2285 CVE-2014-2284 || {{Pkg|net-snmp}} || 05/03/2014 || {{Bug|39190}} || || 8d<br />
|-<br />
| CVE-2014-0092 || {{Pkg|gnutls}} || 04/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2242 CVE-2014-2243 <br> CVE-2014-2242 || {{Pkg|mediawiki}} || 14/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2096 CVE-2014-2093 || {{Pkg|catfish}} || 25/02/2014 || || || ??<br />
|-<br />
| CVE-2014-0497|| {{Pkg|flashplugin}} || 04/02/2014 || || || 1d<br />
|-<br />
| CVE-2014-0015 || {{Pkg|curl}} || 29/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-1610 || {{Pkg|mediawiki}} || 29/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-0021 || {{Pkg|chrony}} || 17/01/2014 || || || 14d<br />
|-<br />
| CVE-2014-1875 || {{Pkg|perl-capture-tiny}} || 06/02/2014 || {{Bug|38862}} || || 4d<br />
|-<br />
| CVE-2013-6493 || {{Pkg|icedtea-web-jav}} || 05/02/2014 || || || 0d<br />
|- <br />
| CVE-2014-1858 CVE-2014-1859 || {{Pkg|python-numpy}} || 06/02/2014 || {{Bug|38863}} || || 4d<br />
|-<br />
| CVE-2014-1932 CVE-2014-1933 || {{Pkg|python-pillow}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1934 || {{Pkg|python-eyed3}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1935 || {{Pkg|9base}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1949 || {{Pkg|cinnamon-screensaver}} || 12/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1959 || {{Pkg|gnutls}} || 13/02/2014 || || || 2d<br />
|- <br />
| CVE-2014-2015 || {{Pkg|freeradius}} || 16/02/2014 || || || ??<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1943 CVE-2014-1943 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2270 CVE-2014-2270 ] || {{Pkg|file}} || 10/02/2014 || || || 2d<br />
|-<br />
| CVE-2014-0001 CVE-2014-0412<br> CVE-2014-0437 CVE-2014-0420 <br> CVE-2014-0393 CVE-2014-0386 <br> CVE-2014-0401 CVE-2014-0402 || {{Pkg|mariadb}} || 13/02/2013 || || || -13d<br />
|-<br />
| CVE-2014-1447 || {{Pkg|libvirt}} || 16/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-0979 || lightdm-gtk* || 07/01/2014 || {{Bug|38715}} || || 25d<br />
|-<br />
| CVE-2014-1475 CVE-2014-1476 || {{Pkg|drupal}} || 15/01/2014 || || || 12d<br />
|-<br />
| CVE-2014-0019 || {{Pkg|socat}} || 29/01/2014 || || || 0d<br />
|- <br />
| CVE-2014-1845 CVE-2014-1846 || {{Pkg|enlightment}} || 03/02/2014 || || || -3d<br />
|-<br />
| CVE-2014-1838 CVE-2014-1839 || {{Pkg|python-logilab}} || 31/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-0368 CVE-2014-0373 <br> CVE-2014-0376 CVE-2014-0411 <br> CVE-2014-0416 CVE-2014-0422 <br> CVE-2014-0423 CVE-2014-0428 || *-openjdk-* || 15/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-1402 || {{Pkg|python-jinja}} || 10/01/2014 || || || 1d<br />
|-<br />
| CVE-2013-6462 || {{Pkg|libxfont}} || 07/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-1235 || {{Pkg|graphviz}} || 07/01/2014 || {{Bug|38441}} || || 3d<br />
|-<br />
| CVE-2014-0978 || {{Pkg|freerdp}} || 02/01/2014 || {{Bug|38802}} || || ??<br />
|-<br />
|}</div>
RbN
https://wiki.archlinux.org/index.php?title=CVE&diff=306894
CVE
2014-03-24T21:18:35Z
<p>RbN: /* Documented Resolved CVE's */</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Stub|Draft of a table conaining already corrected CVE<br />
TODO: -improve sexyness of the table <br />
- links to Mitre for CVE-id<br />
}}<br />
<br />
{{Related articles start}}<br />
{{Related | Arch_CVE_Monitoring_Team}}<br />
{{Related articles end}}<br />
This article documents [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's) that are found and fixed in Arch Linux. <br />
<br />
==Introduction==<br />
CVE's represent critical security vulnerabilities which must be addressed as quickly as possible. <br />
<br />
Once a CVE has been located and fixed, it is added to the CVE documentation table below.<br />
<br />
==Helping==<br />
This is a community driven project. Please consider joining the [[Arch_CVE_Monitoring_Team | Arch CVE Monitoring Team]]. <br />
<br />
Also, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch security mailing list]. There is an IRC on irc://irc.freenode.net/archlinux-security.<br />
<br />
==Procedure==<br />
<br />
When adding a CVE to the table, add it to the TOP of the table. In the "CVE-id", "package/version", and "Update/bug" columns, create the entry as a hyperlink to the appropriate URL, respectively.<br />
<br />
<br />
The following template may be used to faciliate CVE entries into the table. The first line, "|-" represents the creation of a new row in the table, while the second line should be modified per CVE. <br />
{{hc|CVE Table Addition Template|<nowiki>|-<br />
| [http://link.to.cve CVE-2014-????] || {{Pkg|pkgname}} || date_public || update/bug || fixed_version || time_vulnerable || status (fixed|pending) </nowiki> }}<br />
<br />
The above template should be added after the line<br />
{{bc|<nowiki>! scope="col" width="125px" data-sort-type="text" | CVE-id !! package/version !! Date public !! Update/bug !! Fixed version !! Time vulnerable !! Status</nowiki>}}<br />
<br />
==Documented Resolved CVE's ==<br />
<br><br />
{{Note|Refer to the [[#Procedure]] section when adding new entries.}}<br />
<br />
<br />
{| class="wikitable" style="margin: 1em auto 1em auto; text-align: center;" width="50%"<br />
|height="50px" colspan="7" style="font-size: 125%;"| '''RESOLVED CVE's'''<br />
|-<br />
! scope="col" width="125px" data-sort-type="text" | CVE-id !! package/version !! Date public !! Update/bug !! Fixed version !! Time vulnerable !! Status<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1943 CVE-2014-1943 ][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2270 CVE-2014-2270 ]|| {{Pkg|php}} || 06/03/2014 || 5.5.9 || 5.5.110 || -1d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0404 CVE-2014-0404 ][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-04046 CVE-2014-0406 ][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0407 CVE-2014-0407 ] || {{Pkg|virtualbox}} || 28/02/2014 || 4.3.4 || 4.3.6 || ? || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2323 CVE-2014-2323 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2324 CVE-2014-2324 ] || {{Pkg|lighttpd}} || 12/03/2014 || 1.4.34 || 1.4.35 || 0d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0333 CVE-2014-0333 ] || {{Pkg|libpng}} || 28/02/2014 || 1.6.9 || 1.6.10 || 9d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0017 CVE-2014-0017 ] || {{Pkg|libssh}} || 04/03/2014 || - || 3.5.7.29 || 5d || fixed <br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/628 CVE-2013-7339] || {{Pkg|linux}} <3.5.7.29|| 20/03/2014 || - || 3.5.7.29 || 0d || fixed <br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2568 CVE-2014-2568] || {{Pkg|linux}} || 18/03/2014 || {{Bug|39566}} || - || - || invalid <br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2524 CVE-2014-2524] || {{Pkg|tigervnc}} || 19/03/2014 || - || 1.3.1 || 1d || FIXED<br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/595 CVE-2013-7338] || {{Pkg|python}} || 19/03/2014 || {{Bug|39540}} || 3.4 beta3 || 2013-12-27:? || pending 3.4 -> [extra]<br />
|-<br />
| [http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html CVE-2014-0133 ] || {{Pkg|nginx}} || 18/03/2014 || - || 1.4.7 || 0d || fixed<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2013-7336 CVE-2013-7336 ] || {{Pkg|libvirt}} || 19/09/2013 || - || libvirt-1.1.1-7.el7 || 0d || fixed<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2523 CVE-2014-2523 ] || {{Pkg|linux}} || 17/03/2014 || - || 3.13-rc5 || ? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0004 CVE-2014-0004 ] || {{Pkg|udisks2}} {{Pkg|udisks}} || 10/03/2014 || 2.1.3 1.0.5 || 2.1.3 1.0.5 || 3d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2281 CVE-2014-2281 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2283 CVE-2014-2283 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2299 CVE-2014-2299 ] || {{Pkg|wireshark}} || 10/03/2014 || 1.10.6 || 1.10.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0050 CVE-2014-0050 ] || {{Pkg|tomcat7}} || 06/02/2014 || 7.0.51 || 7.0.51 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0033 CVE-2014-0033 ] || {{Pkg|tomcat6}} || 10/01/2014 || 6.0.37 || 6.0.37 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0032 CVE-2014-0032 ] || {{Pkg|subversion}} || 10/01/2014 || 1.8.6 || 1.8.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0060 CVE-2014-0060 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0061 CVE-2014-0061 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0062 CVE-2014-0062 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0063 CVE-2014-0063 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0064 CVE-2014-0064] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0065 CVE-2014-0065] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0066 CVE-2014-0066] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0067 CVE-2014-0067] || {{Pkg|postgresql}} || 20/02/2014 || 9.3.3 || 9.33 || 0d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1912 CVE-2014-1912 ] || {{Pkg|python}} {{Pkg|python2}} || 07/02/2014 || || || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4496 CVE-2013-4496 ] || {{Pkg|samba}}|| 14/03/2014 || {{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6442 CVE-2013-6442 ] || {{Pkg|samba}} || 14/03/2014 ||{{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0504 CVE-2014-0504 ] || {{Pkg|flashplugin}} || 12/03/2014 || {{Bug|39385}} || 11.2.202.346 || 1d || fixed<br />
|-<br />
| CVE-2014-0106 || {{Pkg|sudo}}/1.8.9.p5 || || 1.8.10 || || - || pending<br />
|-<br />
| CVE-2014-2285 CVE-2014-2284 || {{Pkg|net-snmp}} || 05/03/2014 || {{Bug|39190}} || || 8d<br />
|-<br />
| CVE-2014-0092 || {{Pkg|gnutls}} || 04/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2242 CVE-2014-2243 <br> CVE-2014-2242 || {{Pkg|mediawiki}} || 14/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2096 CVE-2014-2093 || {{Pkg|catfish}} || 25/02/2014 || || || ??<br />
|-<br />
| CVE-2014-0497|| {{Pkg|flashplugin}} || 04/02/2014 || || || 1d<br />
|-<br />
| CVE-2014-0015 || {{Pkg|curl}} || 29/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-1610 || {{Pkg|mediawiki}} || 29/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-0021 || {{Pkg|chrony}} || 17/01/2014 || || || 14d<br />
|-<br />
| CVE-2014-1875 || {{Pkg|perl-capture-tiny}} || 06/02/2014 || {{Bug|38862}} || || 4d<br />
|-<br />
| CVE-2013-6493 || {{Pkg|icedtea-web-jav}} || 05/02/2014 || || || 0d<br />
|- <br />
| CVE-2014-1858 CVE-2014-1859 || {{Pkg|python-numpy}} || 06/02/2014 || {{Bug|38863}} || || 4d<br />
|-<br />
| CVE-2014-1932 CVE-2014-1933 || {{Pkg|python-pillow}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1934 || {{Pkg|python-eyed3}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1935 || {{Pkg|9base}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1949 || {{Pkg|cinnamon-screensaver}} || 12/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1959 || {{Pkg|gnutls}} || 13/02/2014 || || || 2d<br />
|- <br />
| CVE-2014-2015 || {{Pkg|freeradius}} || 16/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1943 || {{Pkg|file}} || 10/02/2014 || || || 2d<br />
|-<br />
| CVE-2014-0001 CVE-2014-0412<br> CVE-2014-0437 CVE-2014-0420 <br> CVE-2014-0393 CVE-2014-0386 <br> CVE-2014-0401 CVE-2014-0402 || {{Pkg|mariadb}} || 13/02/2013 || || || -13d<br />
|-<br />
| CVE-2014-1447 || {{Pkg|libvirt}} || 16/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-0979 || lightdm-gtk* || 07/01/2014 || {{Bug|38715}} || || 25d<br />
|-<br />
| CVE-2014-1475 CVE-2014-1476 || {{Pkg|drupal}} || 15/01/2014 || || || 12d<br />
|-<br />
| CVE-2014-0019 || {{Pkg|socat}} || 29/01/2014 || || || 0d<br />
|- <br />
| CVE-2014-1845 CVE-2014-1846 || {{Pkg|enlightment}} || 03/02/2014 || || || -3d<br />
|-<br />
| CVE-2014-1838 CVE-2014-1839 || {{Pkg|python-logilab}} || 31/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-0368 CVE-2014-0373 <br> CVE-2014-0376 CVE-2014-0411 <br> CVE-2014-0416 CVE-2014-0422 <br> CVE-2014-0423 CVE-2014-0428 || *-openjdk-* || 15/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-1402 || {{Pkg|python-jinja}} || 10/01/2014 || || || 1d<br />
|-<br />
| CVE-2013-6462 || {{Pkg|libxfont}} || 07/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-1235 || {{Pkg|graphviz}} || 07/01/2014 || {{Bug|38441}} || || 3d<br />
|-<br />
| CVE-2014-0978 || {{Pkg|freerdp}} || 02/01/2014 || {{Bug|38802}} || || ??<br />
|-<br />
|}</div>
RbN
https://wiki.archlinux.org/index.php?title=CVE&diff=306893
CVE
2014-03-24T21:18:14Z
<p>RbN: /* Documented Resolved CVE's */</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Stub|Draft of a table conaining already corrected CVE<br />
TODO: -improve sexyness of the table <br />
- links to Mitre for CVE-id<br />
}}<br />
<br />
{{Related articles start}}<br />
{{Related | Arch_CVE_Monitoring_Team}}<br />
{{Related articles end}}<br />
This article documents [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's) that are found and fixed in Arch Linux. <br />
<br />
==Introduction==<br />
CVE's represent critical security vulnerabilities which must be addressed as quickly as possible. <br />
<br />
Once a CVE has been located and fixed, it is added to the CVE documentation table below.<br />
<br />
==Helping==<br />
This is a community driven project. Please consider joining the [[Arch_CVE_Monitoring_Team | Arch CVE Monitoring Team]]. <br />
<br />
Also, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch security mailing list]. There is an IRC on irc://irc.freenode.net/archlinux-security.<br />
<br />
==Procedure==<br />
<br />
When adding a CVE to the table, add it to the TOP of the table. In the "CVE-id", "package/version", and "Update/bug" columns, create the entry as a hyperlink to the appropriate URL, respectively.<br />
<br />
<br />
The following template may be used to faciliate CVE entries into the table. The first line, "|-" represents the creation of a new row in the table, while the second line should be modified per CVE. <br />
{{hc|CVE Table Addition Template|<nowiki>|-<br />
| [http://link.to.cve CVE-2014-????] || {{Pkg|pkgname}} || date_public || update/bug || fixed_version || time_vulnerable || status (fixed|pending) </nowiki> }}<br />
<br />
The above template should be added after the line<br />
{{bc|<nowiki>! scope="col" width="125px" data-sort-type="text" | CVE-id !! package/version !! Date public !! Update/bug !! Fixed version !! Time vulnerable !! Status</nowiki>}}<br />
<br />
==Documented Resolved CVE's ==<br />
<br><br />
{{Note|Refer to the [[#Procedure]] section when adding new entries.}}<br />
<br />
<br />
{| class="wikitable" style="margin: 1em auto 1em auto; text-align: center;" width="50%"<br />
|height="50px" colspan="7" style="font-size: 125%;"| '''RESOLVED CVE's'''<br />
|-<br />
! scope="col" width="125px" data-sort-type="text" | CVE-id !! package/version !! Date public !! Update/bug !! Fixed version !! Time vulnerable !! Status<br />
CVE-2014-0404 CVE-2014-0406 CVE-2014-0407<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1943 CVE-2014-1943 ][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2270 CVE-2014-2270 ]|| {{Pkg|php}} || 06/03/2014 || 5.5.9 || 5.5.110 || -1d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0404 CVE-2014-0404 ][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-04046 CVE-2014-0406 ][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0407 CVE-2014-0407 ] || {{Pkg|virtualbox}} || 28/02/2014 || 4.3.4 || 4.3.6 || ? || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2323 CVE-2014-2323 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2324 CVE-2014-2324 ] || {{Pkg|lighttpd}} || 12/03/2014 || 1.4.34 || 1.4.35 || 0d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0333 CVE-2014-0333 ] || {{Pkg|libpng}} || 28/02/2014 || 1.6.9 || 1.6.10 || 9d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0017 CVE-2014-0017 ] || {{Pkg|libssh}} || 04/03/2014 || - || 3.5.7.29 || 5d || fixed <br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/628 CVE-2013-7339] || {{Pkg|linux}} <3.5.7.29|| 20/03/2014 || - || 3.5.7.29 || 0d || fixed <br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2568 CVE-2014-2568] || {{Pkg|linux}} || 18/03/2014 || {{Bug|39566}} || - || - || invalid <br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2524 CVE-2014-2524] || {{Pkg|tigervnc}} || 19/03/2014 || - || 1.3.1 || 1d || FIXED<br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/595 CVE-2013-7338] || {{Pkg|python}} || 19/03/2014 || {{Bug|39540}} || 3.4 beta3 || 2013-12-27:? || pending 3.4 -> [extra]<br />
|-<br />
| [http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html CVE-2014-0133 ] || {{Pkg|nginx}} || 18/03/2014 || - || 1.4.7 || 0d || fixed<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2013-7336 CVE-2013-7336 ] || {{Pkg|libvirt}} || 19/09/2013 || - || libvirt-1.1.1-7.el7 || 0d || fixed<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2523 CVE-2014-2523 ] || {{Pkg|linux}} || 17/03/2014 || - || 3.13-rc5 || ? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0004 CVE-2014-0004 ] || {{Pkg|udisks2}} {{Pkg|udisks}} || 10/03/2014 || 2.1.3 1.0.5 || 2.1.3 1.0.5 || 3d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2281 CVE-2014-2281 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2283 CVE-2014-2283 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2299 CVE-2014-2299 ] || {{Pkg|wireshark}} || 10/03/2014 || 1.10.6 || 1.10.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0050 CVE-2014-0050 ] || {{Pkg|tomcat7}} || 06/02/2014 || 7.0.51 || 7.0.51 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0033 CVE-2014-0033 ] || {{Pkg|tomcat6}} || 10/01/2014 || 6.0.37 || 6.0.37 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0032 CVE-2014-0032 ] || {{Pkg|subversion}} || 10/01/2014 || 1.8.6 || 1.8.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0060 CVE-2014-0060 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0061 CVE-2014-0061 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0062 CVE-2014-0062 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0063 CVE-2014-0063 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0064 CVE-2014-0064] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0065 CVE-2014-0065] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0066 CVE-2014-0066] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0067 CVE-2014-0067] || {{Pkg|postgresql}} || 20/02/2014 || 9.3.3 || 9.33 || 0d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1912 CVE-2014-1912 ] || {{Pkg|python}} {{Pkg|python2}} || 07/02/2014 || || || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4496 CVE-2013-4496 ] || {{Pkg|samba}}|| 14/03/2014 || {{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6442 CVE-2013-6442 ] || {{Pkg|samba}} || 14/03/2014 ||{{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0504 CVE-2014-0504 ] || {{Pkg|flashplugin}} || 12/03/2014 || {{Bug|39385}} || 11.2.202.346 || 1d || fixed<br />
|-<br />
| CVE-2014-0106 || {{Pkg|sudo}}/1.8.9.p5 || || 1.8.10 || || - || pending<br />
|-<br />
| CVE-2014-2285 CVE-2014-2284 || {{Pkg|net-snmp}} || 05/03/2014 || {{Bug|39190}} || || 8d<br />
|-<br />
| CVE-2014-0092 || {{Pkg|gnutls}} || 04/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2242 CVE-2014-2243 <br> CVE-2014-2242 || {{Pkg|mediawiki}} || 14/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2096 CVE-2014-2093 || {{Pkg|catfish}} || 25/02/2014 || || || ??<br />
|-<br />
| CVE-2014-0497|| {{Pkg|flashplugin}} || 04/02/2014 || || || 1d<br />
|-<br />
| CVE-2014-0015 || {{Pkg|curl}} || 29/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-1610 || {{Pkg|mediawiki}} || 29/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-0021 || {{Pkg|chrony}} || 17/01/2014 || || || 14d<br />
|-<br />
| CVE-2014-1875 || {{Pkg|perl-capture-tiny}} || 06/02/2014 || {{Bug|38862}} || || 4d<br />
|-<br />
| CVE-2013-6493 || {{Pkg|icedtea-web-jav}} || 05/02/2014 || || || 0d<br />
|- <br />
| CVE-2014-1858 CVE-2014-1859 || {{Pkg|python-numpy}} || 06/02/2014 || {{Bug|38863}} || || 4d<br />
|-<br />
| CVE-2014-1932 CVE-2014-1933 || {{Pkg|python-pillow}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1934 || {{Pkg|python-eyed3}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1935 || {{Pkg|9base}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1949 || {{Pkg|cinnamon-screensaver}} || 12/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1959 || {{Pkg|gnutls}} || 13/02/2014 || || || 2d<br />
|- <br />
| CVE-2014-2015 || {{Pkg|freeradius}} || 16/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1943 || {{Pkg|file}} || 10/02/2014 || || || 2d<br />
|-<br />
| CVE-2014-0001 CVE-2014-0412<br> CVE-2014-0437 CVE-2014-0420 <br> CVE-2014-0393 CVE-2014-0386 <br> CVE-2014-0401 CVE-2014-0402 || {{Pkg|mariadb}} || 13/02/2013 || || || -13d<br />
|-<br />
| CVE-2014-1447 || {{Pkg|libvirt}} || 16/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-0979 || lightdm-gtk* || 07/01/2014 || {{Bug|38715}} || || 25d<br />
|-<br />
| CVE-2014-1475 CVE-2014-1476 || {{Pkg|drupal}} || 15/01/2014 || || || 12d<br />
|-<br />
| CVE-2014-0019 || {{Pkg|socat}} || 29/01/2014 || || || 0d<br />
|- <br />
| CVE-2014-1845 CVE-2014-1846 || {{Pkg|enlightment}} || 03/02/2014 || || || -3d<br />
|-<br />
| CVE-2014-1838 CVE-2014-1839 || {{Pkg|python-logilab}} || 31/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-0368 CVE-2014-0373 <br> CVE-2014-0376 CVE-2014-0411 <br> CVE-2014-0416 CVE-2014-0422 <br> CVE-2014-0423 CVE-2014-0428 || *-openjdk-* || 15/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-1402 || {{Pkg|python-jinja}} || 10/01/2014 || || || 1d<br />
|-<br />
| CVE-2013-6462 || {{Pkg|libxfont}} || 07/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-1235 || {{Pkg|graphviz}} || 07/01/2014 || {{Bug|38441}} || || 3d<br />
|-<br />
| CVE-2014-0978 || {{Pkg|freerdp}} || 02/01/2014 || {{Bug|38802}} || || ??<br />
|-<br />
|}</div>
RbN
https://wiki.archlinux.org/index.php?title=CVE&diff=306890
CVE
2014-03-24T21:13:04Z
<p>RbN: /* Documented Resolved CVE's */</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Stub|Draft of a table conaining already corrected CVE<br />
TODO: -improve sexyness of the table <br />
- links to Mitre for CVE-id<br />
}}<br />
<br />
{{Related articles start}}<br />
{{Related | Arch_CVE_Monitoring_Team}}<br />
{{Related articles end}}<br />
This article documents [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's) that are found and fixed in Arch Linux. <br />
<br />
==Introduction==<br />
CVE's represent critical security vulnerabilities which must be addressed as quickly as possible. <br />
<br />
Once a CVE has been located and fixed, it is added to the CVE documentation table below.<br />
<br />
==Helping==<br />
This is a community driven project. Please consider joining the [[Arch_CVE_Monitoring_Team | Arch CVE Monitoring Team]]. <br />
<br />
Also, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch security mailing list]. There is an IRC on irc://irc.freenode.net/archlinux-security.<br />
<br />
==Procedure==<br />
<br />
When adding a CVE to the table, add it to the TOP of the table. In the "CVE-id", "package/version", and "Update/bug" columns, create the entry as a hyperlink to the appropriate URL, respectively.<br />
<br />
<br />
The following template may be used to faciliate CVE entries into the table. The first line, "|-" represents the creation of a new row in the table, while the second line should be modified per CVE. <br />
{{hc|CVE Table Addition Template|<nowiki>|-<br />
| [http://link.to.cve CVE-2014-????] || {{Pkg|pkgname}} || date_public || update/bug || fixed_version || time_vulnerable || status (fixed|pending) </nowiki> }}<br />
<br />
The above template should be added after the line<br />
{{bc|<nowiki>! scope="col" width="125px" data-sort-type="text" | CVE-id !! package/version !! Date public !! Update/bug !! Fixed version !! Time vulnerable !! Status</nowiki>}}<br />
<br />
==Documented Resolved CVE's ==<br />
<br><br />
{{Note|Refer to the [[#Procedure]] section when adding new entries.}}<br />
<br />
<br />
{| class="wikitable" style="margin: 1em auto 1em auto; text-align: center;" width="50%"<br />
|height="50px" colspan="7" style="font-size: 125%;"| '''RESOLVED CVE's'''<br />
|-<br />
! scope="col" width="125px" data-sort-type="text" | CVE-id !! package/version !! Date public !! Update/bug !! Fixed version !! Time vulnerable !! Status<br />
CVE-2014-0404 CVE-2014-0406 CVE-2014-0407<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0404 CVE-2014-0404 ][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-04046 CVE-2014-0406 ][http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0407 CVE-2014-0407 ] || {{Pkg|virtualbox}} || 28/02/2014 || 4.3.4 || 4.3.6 || ? || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2323 CVE-2014-2323 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2324 CVE-2014-2324 ] || {{Pkg|lighttpd}} || 12/03/2014 || 1.4.34 || 1.4.35 || 0d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0333 CVE-2014-0333 ] || {{Pkg|libpng}} || 28/02/2014 || 1.6.9 || 1.6.10 || 9d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0017 CVE-2014-0017 ] || {{Pkg|libssh}} || 04/03/2014 || - || 3.5.7.29 || 5d || fixed <br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/628 CVE-2013-7339] || {{Pkg|linux}} <3.5.7.29|| 20/03/2014 || - || 3.5.7.29 || 0d || fixed <br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2568 CVE-2014-2568] || {{Pkg|linux}} || 18/03/2014 || {{Bug|39566}} || - || - || invalid <br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2524 CVE-2014-2524] || {{Pkg|tigervnc}} || 19/03/2014 || - || 1.3.1 || 1d || FIXED<br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/595 CVE-2013-7338] || {{Pkg|python}} || 19/03/2014 || {{Bug|39540}} || 3.4 beta3 || 2013-12-27:? || pending 3.4 -> [extra]<br />
|-<br />
| [http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html CVE-2014-0133 ] || {{Pkg|nginx}} || 18/03/2014 || - || 1.4.7 || 0d || fixed<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2013-7336 CVE-2013-7336 ] || {{Pkg|libvirt}} || 19/09/2013 || - || libvirt-1.1.1-7.el7 || 0d || fixed<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2523 CVE-2014-2523 ] || {{Pkg|linux}} || 17/03/2014 || - || 3.13-rc5 || ? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0004 CVE-2014-0004 ] || {{Pkg|udisks2}} {{Pkg|udisks}} || 10/03/2014 || 2.1.3 1.0.5 || 2.1.3 1.0.5 || 3d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2281 CVE-2014-2281 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2283 CVE-2014-2283 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2299 CVE-2014-2299 ] || {{Pkg|wireshark}} || 10/03/2014 || 1.10.6 || 1.10.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0050 CVE-2014-0050 ] || {{Pkg|tomcat7}} || 06/02/2014 || 7.0.51 || 7.0.51 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0033 CVE-2014-0033 ] || {{Pkg|tomcat6}} || 10/01/2014 || 6.0.37 || 6.0.37 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0032 CVE-2014-0032 ] || {{Pkg|subversion}} || 10/01/2014 || 1.8.6 || 1.8.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0060 CVE-2014-0060 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0061 CVE-2014-0061 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0062 CVE-2014-0062 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0063 CVE-2014-0063 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0064 CVE-2014-0064] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0065 CVE-2014-0065] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0066 CVE-2014-0066] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0067 CVE-2014-0067] || {{Pkg|postgresql}} || 20/02/2014 || 9.3.3 || 9.33 || 0d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1912 CVE-2014-1912 ] || {{Pkg|python}} {{Pkg|python2}} || 07/02/2014 || || || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4496 CVE-2013-4496 ] || {{Pkg|samba}}|| 14/03/2014 || {{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6442 CVE-2013-6442 ] || {{Pkg|samba}} || 14/03/2014 ||{{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0504 CVE-2014-0504 ] || {{Pkg|flashplugin}} || 12/03/2014 || {{Bug|39385}} || 11.2.202.346 || 1d || fixed<br />
|-<br />
| CVE-2014-0106 || {{Pkg|sudo}}/1.8.9.p5 || || 1.8.10 || || - || pending<br />
|-<br />
| CVE-2014-2285 CVE-2014-2284 || {{Pkg|net-snmp}} || 05/03/2014 || {{Bug|39190}} || || 8d<br />
|-<br />
| CVE-2014-0092 || {{Pkg|gnutls}} || 04/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2242 CVE-2014-2243 <br> CVE-2014-2242 || {{Pkg|mediawiki}} || 14/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2096 CVE-2014-2093 || {{Pkg|catfish}} || 25/02/2014 || || || ??<br />
|-<br />
| CVE-2014-0497|| {{Pkg|flashplugin}} || 04/02/2014 || || || 1d<br />
|-<br />
| CVE-2014-0015 || {{Pkg|curl}} || 29/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-1610 || {{Pkg|mediawiki}} || 29/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-0021 || {{Pkg|chrony}} || 17/01/2014 || || || 14d<br />
|-<br />
| CVE-2014-1875 || {{Pkg|perl-capture-tiny}} || 06/02/2014 || {{Bug|38862}} || || 4d<br />
|-<br />
| CVE-2013-6493 || {{Pkg|icedtea-web-jav}} || 05/02/2014 || || || 0d<br />
|- <br />
| CVE-2014-1858 CVE-2014-1859 || {{Pkg|python-numpy}} || 06/02/2014 || {{Bug|38863}} || || 4d<br />
|-<br />
| CVE-2014-1932 CVE-2014-1933 || {{Pkg|python-pillow}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1934 || {{Pkg|python-eyed3}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1935 || {{Pkg|9base}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1949 || {{Pkg|cinnamon-screensaver}} || 12/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1959 || {{Pkg|gnutls}} || 13/02/2014 || || || 2d<br />
|- <br />
| CVE-2014-2015 || {{Pkg|freeradius}} || 16/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1943 || {{Pkg|file}} || 10/02/2014 || || || 2d<br />
|-<br />
| CVE-2014-0001 CVE-2014-0412<br> CVE-2014-0437 CVE-2014-0420 <br> CVE-2014-0393 CVE-2014-0386 <br> CVE-2014-0401 CVE-2014-0402 || {{Pkg|mariadb}} || 13/02/2013 || || || -13d<br />
|-<br />
| CVE-2014-1447 || {{Pkg|libvirt}} || 16/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-0979 || lightdm-gtk* || 07/01/2014 || {{Bug|38715}} || || 25d<br />
|-<br />
| CVE-2014-1475 CVE-2014-1476 || {{Pkg|drupal}} || 15/01/2014 || || || 12d<br />
|-<br />
| CVE-2014-0019 || {{Pkg|socat}} || 29/01/2014 || || || 0d<br />
|- <br />
| CVE-2014-1845 CVE-2014-1846 || {{Pkg|enlightment}} || 03/02/2014 || || || -3d<br />
|-<br />
| CVE-2014-1838 CVE-2014-1839 || {{Pkg|python-logilab}} || 31/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-0368 CVE-2014-0373 <br> CVE-2014-0376 CVE-2014-0411 <br> CVE-2014-0416 CVE-2014-0422 <br> CVE-2014-0423 CVE-2014-0428 || *-openjdk-* || 15/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-1402 || {{Pkg|python-jinja}} || 10/01/2014 || || || 1d<br />
|-<br />
| CVE-2013-6462 || {{Pkg|libxfont}} || 07/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-1235 || {{Pkg|graphviz}} || 07/01/2014 || {{Bug|38441}} || || 3d<br />
|-<br />
| CVE-2014-0978 || {{Pkg|freerdp}} || 02/01/2014 || {{Bug|38802}} || || ??<br />
|-<br />
|}</div>
RbN
https://wiki.archlinux.org/index.php?title=CVE&diff=306889
CVE
2014-03-24T21:01:56Z
<p>RbN: CVE-2014-2323 CVE-2014-2324</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Stub|Draft of a table conaining already corrected CVE<br />
TODO: -improve sexyness of the table <br />
- links to Mitre for CVE-id<br />
}}<br />
<br />
{{Related articles start}}<br />
{{Related | Arch_CVE_Monitoring_Team}}<br />
{{Related articles end}}<br />
This article documents [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's) that are found and fixed in Arch Linux. <br />
<br />
==Introduction==<br />
CVE's represent critical security vulnerabilities which must be addressed as quickly as possible. <br />
<br />
Once a CVE has been located and fixed, it is added to the CVE documentation table below.<br />
<br />
==Helping==<br />
This is a community driven project. Please consider joining the [[Arch_CVE_Monitoring_Team | Arch CVE Monitoring Team]]. <br />
<br />
Also, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch security mailing list]. There is an IRC on irc://irc.freenode.net/archlinux-security.<br />
<br />
==Procedure==<br />
<br />
When adding a CVE to the table, add it to the TOP of the table. In the "CVE-id", "package/version", and "Update/bug" columns, create the entry as a hyperlink to the appropriate URL, respectively.<br />
<br />
<br />
The following template may be used to faciliate CVE entries into the table. The first line, "|-" represents the creation of a new row in the table, while the second line should be modified per CVE. <br />
{{hc|CVE Table Addition Template|<nowiki>|-<br />
| [http://link.to.cve CVE-2014-????] || {{Pkg|pkgname}} || date_public || update/bug || fixed_version || time_vulnerable || status (fixed|pending) </nowiki> }}<br />
<br />
The above template should be added after the line<br />
{{bc|<nowiki>! scope="col" width="125px" data-sort-type="text" | CVE-id !! package/version !! Date public !! Update/bug !! Fixed version !! Time vulnerable !! Status</nowiki>}}<br />
<br />
==Documented Resolved CVE's ==<br />
<br><br />
{{Note|Refer to the [[#Procedure]] section when adding new entries.}}<br />
<br />
<br />
{| class="wikitable" style="margin: 1em auto 1em auto; text-align: center;" width="50%"<br />
|height="50px" colspan="7" style="font-size: 125%;"| '''RESOLVED CVE's'''<br />
|-<br />
! scope="col" width="125px" data-sort-type="text" | CVE-id !! package/version !! Date public !! Update/bug !! Fixed version !! Time vulnerable !! Status<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2323 CVE-2014-2323 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2324 CVE-2014-2324 ] || {{Pkg|lighttpd}} || 12/03/2014 || 1.4.34 || 1.4.35 || 0d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0333 CVE-2014-0333 ] || {{Pkg|libpng}} || 28/02/2014 || 1.6.9 || 1.6.10 || 9d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0017 CVE-2014-0017 ] || {{Pkg|libssh}} || 04/03/2014 || - || 3.5.7.29 || 5d || fixed <br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/628 CVE-2013-7339] || {{Pkg|linux}} <3.5.7.29|| 20/03/2014 || - || 3.5.7.29 || 0d || fixed <br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2568 CVE-2014-2568] || {{Pkg|linux}} || 18/03/2014 || {{Bug|39566}} || - || - || invalid <br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2524 CVE-2014-2524] || {{Pkg|tigervnc}} || 19/03/2014 || - || 1.3.1 || 1d || FIXED<br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/595 CVE-2013-7338] || {{Pkg|python}} || 19/03/2014 || {{Bug|39540}} || 3.4 beta3 || 2013-12-27:? || pending 3.4 -> [extra]<br />
|-<br />
| [http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html CVE-2014-0133 ] || {{Pkg|nginx}} || 18/03/2014 || - || 1.4.7 || 0d || fixed<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2013-7336 CVE-2013-7336 ] || {{Pkg|libvirt}} || 19/09/2013 || - || libvirt-1.1.1-7.el7 || 0d || fixed<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2523 CVE-2014-2523 ] || {{Pkg|linux}} || 17/03/2014 || - || 3.13-rc5 || ? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0004 CVE-2014-0004 ] || {{Pkg|udisks2}} {{Pkg|udisks}} || 10/03/2014 || 2.1.3 1.0.5 || 2.1.3 1.0.5 || 3d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2281 CVE-2014-2281 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2283 CVE-2014-2283 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2299 CVE-2014-2299 ] || {{Pkg|wireshark}} || 10/03/2014 || 1.10.6 || 1.10.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0050 CVE-2014-0050 ] || {{Pkg|tomcat7}} || 06/02/2014 || 7.0.51 || 7.0.51 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0033 CVE-2014-0033 ] || {{Pkg|tomcat6}} || 10/01/2014 || 6.0.37 || 6.0.37 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0032 CVE-2014-0032 ] || {{Pkg|subversion}} || 10/01/2014 || 1.8.6 || 1.8.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0060 CVE-2014-0060 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0061 CVE-2014-0061 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0062 CVE-2014-0062 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0063 CVE-2014-0063 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0064 CVE-2014-0064] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0065 CVE-2014-0065] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0066 CVE-2014-0066] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0067 CVE-2014-0067] || {{Pkg|postgresql}} || 20/02/2014 || 9.3.3 || 9.33 || 0d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1912 CVE-2014-1912 ] || {{Pkg|python}} {{Pkg|python2}} || 07/02/2014 || || || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4496 CVE-2013-4496 ] || {{Pkg|samba}}|| 14/03/2014 || {{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6442 CVE-2013-6442 ] || {{Pkg|samba}} || 14/03/2014 ||{{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0504 CVE-2014-0504 ] || {{Pkg|flashplugin}} || 12/03/2014 || {{Bug|39385}} || 11.2.202.346 || 1d || fixed<br />
|-<br />
| CVE-2014-0106 || {{Pkg|sudo}}/1.8.9.p5 || || 1.8.10 || || - || pending<br />
|-<br />
| CVE-2014-2285 CVE-2014-2284 || {{Pkg|net-snmp}} || 05/03/2014 || {{Bug|39190}} || || 8d<br />
|-<br />
| CVE-2014-0092 || {{Pkg|gnutls}} || 04/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2242 CVE-2014-2243 <br> CVE-2014-2242 || {{Pkg|mediawiki}} || 14/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2096 CVE-2014-2093 || {{Pkg|catfish}} || 25/02/2014 || || || ??<br />
|-<br />
| CVE-2014-0497|| {{Pkg|flashplugin}} || 04/02/2014 || || || 1d<br />
|-<br />
| CVE-2014-0015 || {{Pkg|curl}} || 29/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-1610 || {{Pkg|mediawiki}} || 29/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-0021 || {{Pkg|chrony}} || 17/01/2014 || || || 14d<br />
|-<br />
| CVE-2014-1875 || {{Pkg|perl-capture-tiny}} || 06/02/2014 || {{Bug|38862}} || || 4d<br />
|-<br />
| CVE-2013-6493 || {{Pkg|icedtea-web-jav}} || 05/02/2014 || || || 0d<br />
|- <br />
| CVE-2014-1858 CVE-2014-1859 || {{Pkg|python-numpy}} || 06/02/2014 || {{Bug|38863}} || || 4d<br />
|-<br />
| CVE-2014-1932 CVE-2014-1933 || {{Pkg|python-pillow}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1934 || {{Pkg|python-eyed3}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1935 || {{Pkg|9base}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1949 || {{Pkg|cinnamon-screensaver}} || 12/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1959 || {{Pkg|gnutls}} || 13/02/2014 || || || 2d<br />
|- <br />
| CVE-2014-2015 || {{Pkg|freeradius}} || 16/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1943 || {{Pkg|file}} || 10/02/2014 || || || 2d<br />
|-<br />
| CVE-2014-0001 CVE-2014-0412<br> CVE-2014-0437 CVE-2014-0420 <br> CVE-2014-0393 CVE-2014-0386 <br> CVE-2014-0401 CVE-2014-0402 || {{Pkg|mariadb}} || 13/02/2013 || || || -13d<br />
|-<br />
| CVE-2014-1447 || {{Pkg|libvirt}} || 16/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-0979 || lightdm-gtk* || 07/01/2014 || {{Bug|38715}} || || 25d<br />
|-<br />
| CVE-2014-1475 CVE-2014-1476 || {{Pkg|drupal}} || 15/01/2014 || || || 12d<br />
|-<br />
| CVE-2014-0019 || {{Pkg|socat}} || 29/01/2014 || || || 0d<br />
|- <br />
| CVE-2014-1845 CVE-2014-1846 || {{Pkg|enlightment}} || 03/02/2014 || || || -3d<br />
|-<br />
| CVE-2014-1838 CVE-2014-1839 || {{Pkg|python-logilab}} || 31/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-0368 CVE-2014-0373 <br> CVE-2014-0376 CVE-2014-0411 <br> CVE-2014-0416 CVE-2014-0422 <br> CVE-2014-0423 CVE-2014-0428 || *-openjdk-* || 15/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-1402 || {{Pkg|python-jinja}} || 10/01/2014 || || || 1d<br />
|-<br />
| CVE-2013-6462 || {{Pkg|libxfont}} || 07/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-1235 || {{Pkg|graphviz}} || 07/01/2014 || {{Bug|38441}} || || 3d<br />
|-<br />
| CVE-2014-0978 || {{Pkg|freerdp}} || 02/01/2014 || {{Bug|38802}} || || ??<br />
|-<br />
|}</div>
RbN
https://wiki.archlinux.org/index.php?title=CVE&diff=306888
CVE
2014-03-24T20:55:50Z
<p>RbN: CVE-2014-0333</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Stub|Draft of a table conaining already corrected CVE<br />
TODO: -improve sexyness of the table <br />
- links to Mitre for CVE-id<br />
}}<br />
<br />
{{Related articles start}}<br />
{{Related | Arch_CVE_Monitoring_Team}}<br />
{{Related articles end}}<br />
This article documents [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's) that are found and fixed in Arch Linux. <br />
<br />
==Introduction==<br />
CVE's represent critical security vulnerabilities which must be addressed as quickly as possible. <br />
<br />
Once a CVE has been located and fixed, it is added to the CVE documentation table below.<br />
<br />
==Helping==<br />
This is a community driven project. Please consider joining the [[Arch_CVE_Monitoring_Team | Arch CVE Monitoring Team]]. <br />
<br />
Also, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch security mailing list]. There is an IRC on irc://irc.freenode.net/archlinux-security.<br />
<br />
==Procedure==<br />
<br />
When adding a CVE to the table, add it to the TOP of the table. In the "CVE-id", "package/version", and "Update/bug" columns, create the entry as a hyperlink to the appropriate URL, respectively.<br />
<br />
<br />
The following template may be used to faciliate CVE entries into the table. The first line, "|-" represents the creation of a new row in the table, while the second line should be modified per CVE. <br />
{{hc|CVE Table Addition Template|<nowiki>|-<br />
| [http://link.to.cve CVE-2014-????] || {{Pkg|pkgname}} || date_public || update/bug || fixed_version || time_vulnerable || status (fixed|pending) </nowiki> }}<br />
<br />
The above template should be added after the line<br />
{{bc|<nowiki>! scope="col" width="125px" data-sort-type="text" | CVE-id !! package/version !! Date public !! Update/bug !! Fixed version !! Time vulnerable !! Status</nowiki>}}<br />
<br />
==Documented Resolved CVE's ==<br />
<br><br />
{{Note|Refer to the [[#Procedure]] section when adding new entries.}}<br />
<br />
<br />
{| class="wikitable" style="margin: 1em auto 1em auto; text-align: center;" width="50%"<br />
|height="50px" colspan="7" style="font-size: 125%;"| '''RESOLVED CVE's'''<br />
|-<br />
! scope="col" width="125px" data-sort-type="text" | CVE-id !! package/version !! Date public !! Update/bug !! Fixed version !! Time vulnerable !! Status<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0333 CVE-2014-0333 ] || {{Pkg|libpng}} || 28/02/2014 || 1.6.9 || 1.6.10 || 9d || fixed <br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0017 CVE-2014-0017 ] || {{Pkg|libssh}} || 04/03/2014 || - || 3.5.7.29 || 5d || fixed <br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/628 CVE-2013-7339] || {{Pkg|linux}} <3.5.7.29|| 20/03/2014 || - || 3.5.7.29 || 0d || fixed <br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2568 CVE-2014-2568] || {{Pkg|linux}} || 18/03/2014 || {{Bug|39566}} || - || - || invalid <br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2524 CVE-2014-2524] || {{Pkg|tigervnc}} || 19/03/2014 || - || 1.3.1 || 1d || FIXED<br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/595 CVE-2013-7338] || {{Pkg|python}} || 19/03/2014 || {{Bug|39540}} || 3.4 beta3 || 2013-12-27:? || pending 3.4 -> [extra]<br />
|-<br />
| [http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html CVE-2014-0133 ] || {{Pkg|nginx}} || 18/03/2014 || - || 1.4.7 || 0d || fixed<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2013-7336 CVE-2013-7336 ] || {{Pkg|libvirt}} || 19/09/2013 || - || libvirt-1.1.1-7.el7 || 0d || fixed<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2523 CVE-2014-2523 ] || {{Pkg|linux}} || 17/03/2014 || - || 3.13-rc5 || ? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0004 CVE-2014-0004 ] || {{Pkg|udisks2}} {{Pkg|udisks}} || 10/03/2014 || 2.1.3 1.0.5 || 2.1.3 1.0.5 || 3d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2281 CVE-2014-2281 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2283 CVE-2014-2283 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2299 CVE-2014-2299 ] || {{Pkg|wireshark}} || 10/03/2014 || 1.10.6 || 1.10.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0050 CVE-2014-0050 ] || {{Pkg|tomcat7}} || 06/02/2014 || 7.0.51 || 7.0.51 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0033 CVE-2014-0033 ] || {{Pkg|tomcat6}} || 10/01/2014 || 6.0.37 || 6.0.37 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0032 CVE-2014-0032 ] || {{Pkg|subversion}} || 10/01/2014 || 1.8.6 || 1.8.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0060 CVE-2014-0060 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0061 CVE-2014-0061 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0062 CVE-2014-0062 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0063 CVE-2014-0063 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0064 CVE-2014-0064] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0065 CVE-2014-0065] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0066 CVE-2014-0066] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0067 CVE-2014-0067] || {{Pkg|postgresql}} || 20/02/2014 || 9.3.3 || 9.33 || 0d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1912 CVE-2014-1912 ] || {{Pkg|python}} {{Pkg|python2}} || 07/02/2014 || || || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4496 CVE-2013-4496 ] || {{Pkg|samba}}|| 14/03/2014 || {{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6442 CVE-2013-6442 ] || {{Pkg|samba}} || 14/03/2014 ||{{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0504 CVE-2014-0504 ] || {{Pkg|flashplugin}} || 12/03/2014 || {{Bug|39385}} || 11.2.202.346 || 1d || fixed<br />
|-<br />
| CVE-2014-0106 || {{Pkg|sudo}}/1.8.9.p5 || || 1.8.10 || || - || pending<br />
|-<br />
| CVE-2014-2285 CVE-2014-2284 || {{Pkg|net-snmp}} || 05/03/2014 || {{Bug|39190}} || || 8d<br />
|-<br />
| CVE-2014-0092 || {{Pkg|gnutls}} || 04/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2242 CVE-2014-2243 <br> CVE-2014-2242 || {{Pkg|mediawiki}} || 14/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2096 CVE-2014-2093 || {{Pkg|catfish}} || 25/02/2014 || || || ??<br />
|-<br />
| CVE-2014-0497|| {{Pkg|flashplugin}} || 04/02/2014 || || || 1d<br />
|-<br />
| CVE-2014-0015 || {{Pkg|curl}} || 29/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-1610 || {{Pkg|mediawiki}} || 29/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-0021 || {{Pkg|chrony}} || 17/01/2014 || || || 14d<br />
|-<br />
| CVE-2014-1875 || {{Pkg|perl-capture-tiny}} || 06/02/2014 || {{Bug|38862}} || || 4d<br />
|-<br />
| CVE-2013-6493 || {{Pkg|icedtea-web-jav}} || 05/02/2014 || || || 0d<br />
|- <br />
| CVE-2014-1858 CVE-2014-1859 || {{Pkg|python-numpy}} || 06/02/2014 || {{Bug|38863}} || || 4d<br />
|-<br />
| CVE-2014-1932 CVE-2014-1933 || {{Pkg|python-pillow}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1934 || {{Pkg|python-eyed3}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1935 || {{Pkg|9base}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1949 || {{Pkg|cinnamon-screensaver}} || 12/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1959 || {{Pkg|gnutls}} || 13/02/2014 || || || 2d<br />
|- <br />
| CVE-2014-2015 || {{Pkg|freeradius}} || 16/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1943 || {{Pkg|file}} || 10/02/2014 || || || 2d<br />
|-<br />
| CVE-2014-0001 CVE-2014-0412<br> CVE-2014-0437 CVE-2014-0420 <br> CVE-2014-0393 CVE-2014-0386 <br> CVE-2014-0401 CVE-2014-0402 || {{Pkg|mariadb}} || 13/02/2013 || || || -13d<br />
|-<br />
| CVE-2014-1447 || {{Pkg|libvirt}} || 16/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-0979 || lightdm-gtk* || 07/01/2014 || {{Bug|38715}} || || 25d<br />
|-<br />
| CVE-2014-1475 CVE-2014-1476 || {{Pkg|drupal}} || 15/01/2014 || || || 12d<br />
|-<br />
| CVE-2014-0019 || {{Pkg|socat}} || 29/01/2014 || || || 0d<br />
|- <br />
| CVE-2014-1845 CVE-2014-1846 || {{Pkg|enlightment}} || 03/02/2014 || || || -3d<br />
|-<br />
| CVE-2014-1838 CVE-2014-1839 || {{Pkg|python-logilab}} || 31/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-0368 CVE-2014-0373 <br> CVE-2014-0376 CVE-2014-0411 <br> CVE-2014-0416 CVE-2014-0422 <br> CVE-2014-0423 CVE-2014-0428 || *-openjdk-* || 15/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-1402 || {{Pkg|python-jinja}} || 10/01/2014 || || || 1d<br />
|-<br />
| CVE-2013-6462 || {{Pkg|libxfont}} || 07/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-1235 || {{Pkg|graphviz}} || 07/01/2014 || {{Bug|38441}} || || 3d<br />
|-<br />
| CVE-2014-0978 || {{Pkg|freerdp}} || 02/01/2014 || {{Bug|38802}} || || ??<br />
|-<br />
|}</div>
RbN
https://wiki.archlinux.org/index.php?title=CVE&diff=306887
CVE
2014-03-24T20:48:48Z
<p>RbN: /* Documented Resolved CVE's */</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Stub|Draft of a table conaining already corrected CVE<br />
TODO: -improve sexyness of the table <br />
- links to Mitre for CVE-id<br />
}}<br />
<br />
{{Related articles start}}<br />
{{Related | Arch_CVE_Monitoring_Team}}<br />
{{Related articles end}}<br />
This article documents [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's) that are found and fixed in Arch Linux. <br />
<br />
==Introduction==<br />
CVE's represent critical security vulnerabilities which must be addressed as quickly as possible. <br />
<br />
Once a CVE has been located and fixed, it is added to the CVE documentation table below.<br />
<br />
==Helping==<br />
This is a community driven project. Please consider joining the [[Arch_CVE_Monitoring_Team | Arch CVE Monitoring Team]]. <br />
<br />
Also, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch security mailing list]. There is an IRC on irc://irc.freenode.net/archlinux-security.<br />
<br />
==Procedure==<br />
<br />
When adding a CVE to the table, add it to the TOP of the table. In the "CVE-id", "package/version", and "Update/bug" columns, create the entry as a hyperlink to the appropriate URL, respectively.<br />
<br />
<br />
The following template may be used to faciliate CVE entries into the table. The first line, "|-" represents the creation of a new row in the table, while the second line should be modified per CVE. <br />
{{hc|CVE Table Addition Template|<nowiki>|-<br />
| [http://link.to.cve CVE-2014-????] || {{Pkg|pkgname}} || date_public || update/bug || fixed_version || time_vulnerable || status (fixed|pending) </nowiki> }}<br />
<br />
The above template should be added after the line<br />
{{bc|<nowiki>! scope="col" width="125px" data-sort-type="text" | CVE-id !! package/version !! Date public !! Update/bug !! Fixed version !! Time vulnerable !! Status</nowiki>}}<br />
<br />
==Documented Resolved CVE's ==<br />
<br><br />
{{Note|Refer to the [[#Procedure]] section when adding new entries.}}<br />
<br />
<br />
{| class="wikitable" style="margin: 1em auto 1em auto; text-align: center;" width="50%"<br />
|height="50px" colspan="7" style="font-size: 125%;"| '''RESOLVED CVE's'''<br />
|-<br />
! scope="col" width="125px" data-sort-type="text" | CVE-id !! package/version !! Date public !! Update/bug !! Fixed version !! Time vulnerable !! Status<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0017 CVE-2014-0017 ] || {{Pkg|libssh}} || 04/03/2014 || - || 3.5.7.29 || 5d || fixed <br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/628 CVE-2013-7339] || {{Pkg|linux}} <3.5.7.29|| 20/03/2014 || - || 3.5.7.29 || 0d || fixed <br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2568 CVE-2014-2568] || {{Pkg|linux}} || 18/03/2014 || {{Bug|39566}} || - || - || invalid <br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2524 CVE-2014-2524] || {{Pkg|tigervnc}} || 19/03/2014 || - || 1.3.1 || 1d || FIXED<br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/595 CVE-2013-7338] || {{Pkg|python}} || 19/03/2014 || {{Bug|39540}} || 3.4 beta3 || 2013-12-27:? || pending 3.4 -> [extra]<br />
|-<br />
| [http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html CVE-2014-0133 ] || {{Pkg|nginx}} || 18/03/2014 || - || 1.4.7 || 0d || fixed<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2013-7336 CVE-2013-7336 ] || {{Pkg|libvirt}} || 19/09/2013 || - || libvirt-1.1.1-7.el7 || 0d || fixed<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2523 CVE-2014-2523 ] || {{Pkg|linux}} || 17/03/2014 || - || 3.13-rc5 || ? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0004 CVE-2014-0004 ] || {{Pkg|udisks2}} {{Pkg|udisks}} || 10/03/2014 || 2.1.3 1.0.5 || 2.1.3 1.0.5 || 3d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2281 CVE-2014-2281 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2283 CVE-2014-2283 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2299 CVE-2014-2299 ] || {{Pkg|wireshark}} || 10/03/2014 || 1.10.6 || 1.10.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0050 CVE-2014-0050 ] || {{Pkg|tomcat7}} || 06/02/2014 || 7.0.51 || 7.0.51 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0033 CVE-2014-0033 ] || {{Pkg|tomcat6}} || 10/01/2014 || 6.0.37 || 6.0.37 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0032 CVE-2014-0032 ] || {{Pkg|subversion}} || 10/01/2014 || 1.8.6 || 1.8.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0060 CVE-2014-0060 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0061 CVE-2014-0061 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0062 CVE-2014-0062 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0063 CVE-2014-0063 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0064 CVE-2014-0064] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0065 CVE-2014-0065] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0066 CVE-2014-0066] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0067 CVE-2014-0067] || {{Pkg|postgresql}} || 20/02/2014 || 9.3.3 || 9.33 || 0d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1912 CVE-2014-1912 ] || {{Pkg|python}} {{Pkg|python2}} || 07/02/2014 || || || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4496 CVE-2013-4496 ] || {{Pkg|samba}}|| 14/03/2014 || {{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6442 CVE-2013-6442 ] || {{Pkg|samba}} || 14/03/2014 ||{{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0504 CVE-2014-0504 ] || {{Pkg|flashplugin}} || 12/03/2014 || {{Bug|39385}} || 11.2.202.346 || 1d || fixed<br />
|-<br />
| CVE-2014-0106 || {{Pkg|sudo}}/1.8.9.p5 || || 1.8.10 || || - || pending<br />
|-<br />
| CVE-2014-2285 CVE-2014-2284 || {{Pkg|net-snmp}} || 05/03/2014 || {{Bug|39190}} || || 8d<br />
|-<br />
| CVE-2014-0092 || {{Pkg|gnutls}} || 04/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2242 CVE-2014-2243 <br> CVE-2014-2242 || {{Pkg|mediawiki}} || 14/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2096 CVE-2014-2093 || {{Pkg|catfish}} || 25/02/2014 || || || ??<br />
|-<br />
| CVE-2014-0497|| {{Pkg|flashplugin}} || 04/02/2014 || || || 1d<br />
|-<br />
| CVE-2014-0015 || {{Pkg|curl}} || 29/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-1610 || {{Pkg|mediawiki}} || 29/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-0021 || {{Pkg|chrony}} || 17/01/2014 || || || 14d<br />
|-<br />
| CVE-2014-1875 || {{Pkg|perl-capture-tiny}} || 06/02/2014 || {{Bug|38862}} || || 4d<br />
|-<br />
| CVE-2013-6493 || {{Pkg|icedtea-web-jav}} || 05/02/2014 || || || 0d<br />
|- <br />
| CVE-2014-1858 CVE-2014-1859 || {{Pkg|python-numpy}} || 06/02/2014 || {{Bug|38863}} || || 4d<br />
|-<br />
| CVE-2014-1932 CVE-2014-1933 || {{Pkg|python-pillow}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1934 || {{Pkg|python-eyed3}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1935 || {{Pkg|9base}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1949 || {{Pkg|cinnamon-screensaver}} || 12/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1959 || {{Pkg|gnutls}} || 13/02/2014 || || || 2d<br />
|- <br />
| CVE-2014-2015 || {{Pkg|freeradius}} || 16/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1943 || {{Pkg|file}} || 10/02/2014 || || || 2d<br />
|-<br />
| CVE-2014-0001 CVE-2014-0412<br> CVE-2014-0437 CVE-2014-0420 <br> CVE-2014-0393 CVE-2014-0386 <br> CVE-2014-0401 CVE-2014-0402 || {{Pkg|mariadb}} || 13/02/2013 || || || -13d<br />
|-<br />
| CVE-2014-1447 || {{Pkg|libvirt}} || 16/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-0979 || lightdm-gtk* || 07/01/2014 || {{Bug|38715}} || || 25d<br />
|-<br />
| CVE-2014-1475 CVE-2014-1476 || {{Pkg|drupal}} || 15/01/2014 || || || 12d<br />
|-<br />
| CVE-2014-0019 || {{Pkg|socat}} || 29/01/2014 || || || 0d<br />
|- <br />
| CVE-2014-1845 CVE-2014-1846 || {{Pkg|enlightment}} || 03/02/2014 || || || -3d<br />
|-<br />
| CVE-2014-1838 CVE-2014-1839 || {{Pkg|python-logilab}} || 31/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-0368 CVE-2014-0373 <br> CVE-2014-0376 CVE-2014-0411 <br> CVE-2014-0416 CVE-2014-0422 <br> CVE-2014-0423 CVE-2014-0428 || *-openjdk-* || 15/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-1402 || {{Pkg|python-jinja}} || 10/01/2014 || || || 1d<br />
|-<br />
| CVE-2013-6462 || {{Pkg|libxfont}} || 07/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-1235 || {{Pkg|graphviz}} || 07/01/2014 || {{Bug|38441}} || || 3d<br />
|-<br />
| CVE-2014-0978 || {{Pkg|freerdp}} || 02/01/2014 || {{Bug|38802}} || || ??<br />
|-<br />
|}</div>
RbN
https://wiki.archlinux.org/index.php?title=CVE&diff=306886
CVE
2014-03-24T20:48:27Z
<p>RbN: CVE-2014-0017</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Stub|Draft of a table conaining already corrected CVE<br />
TODO: -improve sexyness of the table <br />
- links to Mitre for CVE-id<br />
}}<br />
<br />
{{Related articles start}}<br />
{{Related | Arch_CVE_Monitoring_Team}}<br />
{{Related articles end}}<br />
This article documents [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's) that are found and fixed in Arch Linux. <br />
<br />
==Introduction==<br />
CVE's represent critical security vulnerabilities which must be addressed as quickly as possible. <br />
<br />
Once a CVE has been located and fixed, it is added to the CVE documentation table below.<br />
<br />
==Helping==<br />
This is a community driven project. Please consider joining the [[Arch_CVE_Monitoring_Team | Arch CVE Monitoring Team]]. <br />
<br />
Also, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch security mailing list]. There is an IRC on irc://irc.freenode.net/archlinux-security.<br />
<br />
==Procedure==<br />
<br />
When adding a CVE to the table, add it to the TOP of the table. In the "CVE-id", "package/version", and "Update/bug" columns, create the entry as a hyperlink to the appropriate URL, respectively.<br />
<br />
<br />
The following template may be used to faciliate CVE entries into the table. The first line, "|-" represents the creation of a new row in the table, while the second line should be modified per CVE. <br />
{{hc|CVE Table Addition Template|<nowiki>|-<br />
| [http://link.to.cve CVE-2014-????] || {{Pkg|pkgname}} || date_public || update/bug || fixed_version || time_vulnerable || status (fixed|pending) </nowiki> }}<br />
<br />
The above template should be added after the line<br />
{{bc|<nowiki>! scope="col" width="125px" data-sort-type="text" | CVE-id !! package/version !! Date public !! Update/bug !! Fixed version !! Time vulnerable !! Status</nowiki>}}<br />
<br />
==Documented Resolved CVE's ==<br />
<br><br />
{{Note|Refer to the [[#Procedure]] section when adding new entries.}}<br />
<br />
<br />
{| class="wikitable" style="margin: 1em auto 1em auto; text-align: center;" width="50%"<br />
|height="50px" colspan="7" style="font-size: 125%;"| '''RESOLVED CVE's'''<br />
|-<br />
! scope="col" width="125px" data-sort-type="text" | CVE-id !! package/version !! Date public !! Update/bug !! Fixed version !! Time vulnerable !! Status<br />
-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0017 CVE-2014-0017 ] || {{Pkg|libssh}} || 04/03/2014 || - || 3.5.7.29 || 5d || fixed <br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/628 CVE-2013-7339] || {{Pkg|linux}} <3.5.7.29|| 20/03/2014 || - || 3.5.7.29 || 0d || fixed <br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2568 CVE-2014-2568] || {{Pkg|linux}} || 18/03/2014 || {{Bug|39566}} || - || - || invalid <br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2524 CVE-2014-2524] || {{Pkg|tigervnc}} || 19/03/2014 || - || 1.3.1 || 1d || FIXED<br />
|-<br />
| [http://seclists.org/oss-sec/2014/q1/595 CVE-2013-7338] || {{Pkg|python}} || 19/03/2014 || {{Bug|39540}} || 3.4 beta3 || 2013-12-27:? || pending 3.4 -> [extra]<br />
|-<br />
| [http://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html CVE-2014-0133 ] || {{Pkg|nginx}} || 18/03/2014 || - || 1.4.7 || 0d || fixed<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2013-7336 CVE-2013-7336 ] || {{Pkg|libvirt}} || 19/09/2013 || - || libvirt-1.1.1-7.el7 || 0d || fixed<br />
|-<br />
| [https://access.redhat.com/security/cve/CVE-2014-2523 CVE-2014-2523 ] || {{Pkg|linux}} || 17/03/2014 || - || 3.13-rc5 || ? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0004 CVE-2014-0004 ] || {{Pkg|udisks2}} {{Pkg|udisks}} || 10/03/2014 || 2.1.3 1.0.5 || 2.1.3 1.0.5 || 3d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2281 CVE-2014-2281 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2283 CVE-2014-2283 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2299 CVE-2014-2299 ] || {{Pkg|wireshark}} || 10/03/2014 || 1.10.6 || 1.10.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0050 CVE-2014-0050 ] || {{Pkg|tomcat7}} || 06/02/2014 || 7.0.51 || 7.0.51 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0033 CVE-2014-0033 ] || {{Pkg|tomcat6}} || 10/01/2014 || 6.0.37 || 6.0.37 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0032 CVE-2014-0032 ] || {{Pkg|subversion}} || 10/01/2014 || 1.8.6 || 1.8.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0060 CVE-2014-0060 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0061 CVE-2014-0061 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0062 CVE-2014-0062 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0063 CVE-2014-0063 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0064 CVE-2014-0064] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0065 CVE-2014-0065] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0066 CVE-2014-0066] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0067 CVE-2014-0067] || {{Pkg|postgresql}} || 20/02/2014 || 9.3.3 || 9.33 || 0d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1912 CVE-2014-1912 ] || {{Pkg|python}} {{Pkg|python2}} || 07/02/2014 || || || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4496 CVE-2013-4496 ] || {{Pkg|samba}}|| 14/03/2014 || {{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6442 CVE-2013-6442 ] || {{Pkg|samba}} || 14/03/2014 ||{{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0504 CVE-2014-0504 ] || {{Pkg|flashplugin}} || 12/03/2014 || {{Bug|39385}} || 11.2.202.346 || 1d || fixed<br />
|-<br />
| CVE-2014-0106 || {{Pkg|sudo}}/1.8.9.p5 || || 1.8.10 || || - || pending<br />
|-<br />
| CVE-2014-2285 CVE-2014-2284 || {{Pkg|net-snmp}} || 05/03/2014 || {{Bug|39190}} || || 8d<br />
|-<br />
| CVE-2014-0092 || {{Pkg|gnutls}} || 04/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2242 CVE-2014-2243 <br> CVE-2014-2242 || {{Pkg|mediawiki}} || 14/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2096 CVE-2014-2093 || {{Pkg|catfish}} || 25/02/2014 || || || ??<br />
|-<br />
| CVE-2014-0497|| {{Pkg|flashplugin}} || 04/02/2014 || || || 1d<br />
|-<br />
| CVE-2014-0015 || {{Pkg|curl}} || 29/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-1610 || {{Pkg|mediawiki}} || 29/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-0021 || {{Pkg|chrony}} || 17/01/2014 || || || 14d<br />
|-<br />
| CVE-2014-1875 || {{Pkg|perl-capture-tiny}} || 06/02/2014 || {{Bug|38862}} || || 4d<br />
|-<br />
| CVE-2013-6493 || {{Pkg|icedtea-web-jav}} || 05/02/2014 || || || 0d<br />
|- <br />
| CVE-2014-1858 CVE-2014-1859 || {{Pkg|python-numpy}} || 06/02/2014 || {{Bug|38863}} || || 4d<br />
|-<br />
| CVE-2014-1932 CVE-2014-1933 || {{Pkg|python-pillow}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1934 || {{Pkg|python-eyed3}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1935 || {{Pkg|9base}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1949 || {{Pkg|cinnamon-screensaver}} || 12/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1959 || {{Pkg|gnutls}} || 13/02/2014 || || || 2d<br />
|- <br />
| CVE-2014-2015 || {{Pkg|freeradius}} || 16/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1943 || {{Pkg|file}} || 10/02/2014 || || || 2d<br />
|-<br />
| CVE-2014-0001 CVE-2014-0412<br> CVE-2014-0437 CVE-2014-0420 <br> CVE-2014-0393 CVE-2014-0386 <br> CVE-2014-0401 CVE-2014-0402 || {{Pkg|mariadb}} || 13/02/2013 || || || -13d<br />
|-<br />
| CVE-2014-1447 || {{Pkg|libvirt}} || 16/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-0979 || lightdm-gtk* || 07/01/2014 || {{Bug|38715}} || || 25d<br />
|-<br />
| CVE-2014-1475 CVE-2014-1476 || {{Pkg|drupal}} || 15/01/2014 || || || 12d<br />
|-<br />
| CVE-2014-0019 || {{Pkg|socat}} || 29/01/2014 || || || 0d<br />
|- <br />
| CVE-2014-1845 CVE-2014-1846 || {{Pkg|enlightment}} || 03/02/2014 || || || -3d<br />
|-<br />
| CVE-2014-1838 CVE-2014-1839 || {{Pkg|python-logilab}} || 31/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-0368 CVE-2014-0373 <br> CVE-2014-0376 CVE-2014-0411 <br> CVE-2014-0416 CVE-2014-0422 <br> CVE-2014-0423 CVE-2014-0428 || *-openjdk-* || 15/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-1402 || {{Pkg|python-jinja}} || 10/01/2014 || || || 1d<br />
|-<br />
| CVE-2013-6462 || {{Pkg|libxfont}} || 07/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-1235 || {{Pkg|graphviz}} || 07/01/2014 || {{Bug|38441}} || || 3d<br />
|-<br />
| CVE-2014-0978 || {{Pkg|freerdp}} || 02/01/2014 || {{Bug|38802}} || || ??<br />
|-<br />
|}</div>
RbN
https://wiki.archlinux.org/index.php?title=Talk:CVE&diff=306885
Talk:CVE
2014-03-24T20:42:50Z
<p>RbN: /* Create template for links to CVE report? */</p>
<hr />
<div>== Create template for links to CVE report? ==<br />
<br />
Similar to [[Template:Bug]], it is technically possible to create a template for easier linking to CVE reports. However, it assumes that there is one preferred CVE tracker with fixed URL format. Would you like such template to be created? -- [[User:Lahwaacz|Lahwaacz]] ([[User talk:Lahwaacz|talk]]) 20:22, 14 March 2014 (UTC)<br />
<br />
:Yes, that would be nice, as the table is mostly here to keep an history of corrected CVEs, links to the Mitre database are sufficient for a reader to find more informations if he wants to. The Mitre URL format is http://cve.mitre.org/cgi-bin/cvename.cgi?name=<CVE-id> and should not change as every software community use it.<br />
:-- [[User:RbN|RbN]] 20:43, 17 March 2014 (UTC)<br />
<br />
::The table currently uses links to http://web.nvd.nist.gov/view/vuln/detail?vulnId=<CVE-id> so which one is preferred? -- [[User:Lahwaacz|Lahwaacz]] ([[User talk:Lahwaacz|talk]]) 22:09, 17 March 2014 (UTC)<br />
<br />
::: Usually, NVD and Mitre are linking each other, so it doesn't matter so much. Let's prefer the http://web.nvd.nist.gov/view/vuln/detail?vulnId=<CVE-id> one to be consistent. Thanks.-- [[User:RbN|RbN]] 21:43, 24 March 2014 (UTC)</div>
RbN
https://wiki.archlinux.org/index.php?title=CVE&diff=305380
CVE
2014-03-17T20:47:13Z
<p>RbN: /* Documented Resolved CVE's */</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Stub|Draft of a table conaining already corrected CVE<br />
TODO: -improve sexyness of the table <br />
- links to Mitre for CVE-id<br />
}}<br />
<br />
{{Related articles start}}<br />
{{Related | Arch_CVE_Monitoring_Team}}<br />
{{Related articles end}}<br />
This article documents [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's) that are found and fixed in Arch Linux. <br />
<br />
==Introduction==<br />
CVE's represent critical security vulnerabilities which must be addressed as quickly as possible. <br />
<br />
Once a CVE has been located and fixed, it is added to the CVE documentation table below.<br />
<br />
==Helping==<br />
This is a community driven project. Please consider joining the [[Arch_CVE_Monitoring_Team | Arch CVE Monitoring Team]]. <br />
<br />
Also, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch security mailing list]. There is an IRC on irc.freenode.net#arch-security. <br />
<br />
==Procedure==<br />
<br />
When adding a CVE to the table, add it to the TOP of the table. In the "CVE-id", "package/version", and "Update/bug" columns, create the entry as a hyperlink to the appropriate URL, respectively. <br />
<br />
==Documented Resolved CVE's ==<br />
<br><br />
{{Note|Refer to the [[#Procedure]] section when adding new entries.}}<br />
<br />
<br />
{| class="wikitable sortable" style="margin: 1em auto 1em auto; text-align: center;" width="50%"<br />
|height="50px" colspan="7" style="font-size: 125%;"| '''RESOLVED CVE's'''<br />
|-<br />
! scope="col" width="125px" data-sort-type="text" | CVE-id <br />
! package/version <br />
! data-sort-type="date"| Date public <br />
! Update/bug <br />
! Fixed version<br />
! Time vulnerable<br />
! Status<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0004 CVE-2014-0004 ] || {{Pkg|udisks2}} {{Pkg|udisks}} || 10/03/2014 || 2.1.3 1.0.5 || 2.1.3 1.0.5 || 3d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2281 CVE-2014-2281 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2283 CVE-2014-2283 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2299 CVE-2014-2299 ] || {{Pkg|wireshark}} || 10/03/2014 || 1.10.6 || 1.10.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0050 CVE-2014-0050 ] || {{Pkg|tomcat7}} || 06/02/2014 || 7.0.51 || 7.0.51 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0033 CVE-2014-0033 ] || {{Pkg|tomcat6}} || 10/01/2014 || 6.0.37 || 6.0.37 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0032 CVE-2014-0032 ] || {{Pkg|subversion}} || 10/01/2014 || 1.8.6 || 1.8.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0060 CVE-2014-0060 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0061 CVE-2014-0061 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0062 CVE-2014-0062 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0063 CVE-2014-0063 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0064 CVE-2014-0064] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0065 CVE-2014-0065] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0066 CVE-2014-0066] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0067 CVE-2014-0067] || {{Pkg|postgresql}} || 20/02/2014 || 9.3.3 || 9.33 || 0d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1912 CVE-2014-1912 ] || {{Pkg|python}} {{Pkg|python2}} || 07/02/2014 || || || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4496 CVE-2013-4496 ] || {{Pkg|samba}}|| 14/03/2014 || {{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6442 CVE-2013-6442 ] || {{Pkg|samba}} || 14/03/2014 ||{{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0504 CVE-2014-0504 ] || {{Pkg|flashplugin}} || 12/03/2014 || {{Bug|39385}} || 11.2.202.346 || 1d || fixed<br />
|-<br />
| CVE-2014-0106 || {{Pkg|sudo}}/1.8.9.p5 || || 1.8.10 || || - || pending<br />
|-<br />
| CVE-2014-2285 CVE-2014-2284 || {{Pkg|net-snmp}} || 05/03/2014 || {{Bug|39190}} || || 8d<br />
|-<br />
| CVE-2014-0092 || {{Pkg|gnutls}} || 04/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2242 CVE-2014-2243 <br> CVE-2014-2242 || {{Pkg|mediawiki}} || 14/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2096 CVE-2014-2093 || {{Pkg|catfish}} || 25/02/2014 || || || ??<br />
|-<br />
| CVE-2014-0497|| {{Pkg|flashplugin}} || 04/02/2014 || || || 1d<br />
|-<br />
| CVE-2014-0015 || {{Pkg|curl}} || 29/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-1610 || {{Pkg|mediawiki}} || 29/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-0021 || {{Pkg|chrony}} || 17/01/2014 || || || 14d<br />
|-<br />
| CVE-2014-1875 || {{Pkg|perl-capture-tiny}} || 06/02/2014 || {{Bug|38862}} || || 4d<br />
|-<br />
| CVE-2013-6493 || {{Pkg|icedtea-web-jav}} || 05/02/2014 || || || 0d<br />
|- <br />
| CVE-2014-1858 CVE-2014-1859 || {{Pkg|python-numpy}} || 06/02/2014 || {{Bug|38863}} || || 4d<br />
|-<br />
| CVE-2014-1932 CVE-2014-1933 || {{Pkg|python-pillow}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1934 || {{Pkg|python-eyed3}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1935 || {{Pkg|9base}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1949 || {{Pkg|cinnamon-screensaver}} || 12/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1959 || {{Pkg|gnutls}} || 13/02/2014 || || || 2d<br />
|- <br />
| CVE-2014-2015 || {{Pkg|freeradius}} || 16/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1943 || {{Pkg|file}} || 10/02/2014 || || || 2d<br />
|-<br />
| CVE-2014-0001 CVE-2014-0412<br> CVE-2014-0437 CVE-2014-0420 <br> CVE-2014-0393 CVE-2014-0386 <br> CVE-2014-0401 CVE-2014-0402 || {{Pkg|mariadb}} || 13/02/2013 || || || -13d<br />
|-<br />
| CVE-2014-1447 || {{Pkg|libvirt}} || 16/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-0979 || lightdm-gtk* || 07/01/2014 || {{Bug|38715}} || || 25d<br />
|-<br />
| CVE-2014-1475 CVE-2014-1476 || {{Pkg|drupal}} || 15/01/2014 || || || 12d<br />
|-<br />
| CVE-2014-0019 || {{Pkg|socat}} || 29/01/2014 || || || 0d<br />
|- <br />
| CVE-2014-1845 CVE-2014-1846 || {{Pkg|enlightment}} || 03/02/2014 || || || -3d<br />
|-<br />
| CVE-2014-1838 CVE-2014-1839 || {{Pkg|python-logilab}} || 31/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-0368 CVE-2014-0373 <br> CVE-2014-0376 CVE-2014-0411 <br> CVE-2014-0416 CVE-2014-0422 <br> CVE-2014-0423 CVE-2014-0428 || *-openjdk-* || 15/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-1402 || {{Pkg|python-jinja}} || 10/01/2014 || || || 1d<br />
|-<br />
| CVE-2013-6462 || {{Pkg|libxfont}} || 07/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-1235 || {{Pkg|graphviz}} || 07/01/2014 || {{Bug|38441}} || || 3d<br />
|-<br />
| CVE-2014-0978 || {{Pkg|freerdp}} || 02/01/2014 || {{Bug|38802}} || || ??<br />
|-<br />
|}</div>
RbN
https://wiki.archlinux.org/index.php?title=Talk:CVE&diff=305379
Talk:CVE
2014-03-17T20:45:25Z
<p>RbN: /* Create template for links to CVE report? */</p>
<hr />
<div>== Create template for links to CVE report? ==<br />
<br />
Similar to [[Template:Bug]], it is technically possible to create a template for easier linking to CVE reports. However, it assumes that there is one preferred CVE tracker with fixed URL format. Would you like such template to be created? -- [[User:Lahwaacz|Lahwaacz]] ([[User talk:Lahwaacz|talk]]) 20:22, 14 March 2014 (UTC)<br />
<br />
Yes, that would be nice, as the table is mostly here to keep an history of corrected CVEs, links to the Mitre database are sufficient for a reader to find more informations if he wants to. The Mitre URL format is <br />
http://cve.mitre.org/cgi-bin/cvename.cgi?name=<CVE-id> and should not change as every software community use it.<br />
-- [[User:RbN|RbN]] 20:43, 17 March 2014 (UTC)</div>
RbN
https://wiki.archlinux.org/index.php?title=CVE&diff=305373
CVE
2014-03-17T19:52:54Z
<p>RbN: /* Documented Resolved CVE's */</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Stub|Draft of a table conaining already corrected CVE<br />
TODO: -improve sexyness of the table <br />
- links to Mitre for CVE-id<br />
}}<br />
<br />
{{Related articles start}}<br />
{{Related | Arch_CVE_Monitoring_Team}}<br />
{{Related articles end}}<br />
This article documents [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's) that are found and fixed in Arch Linux. <br />
<br />
==Introduction==<br />
CVE's represent critical security vulnerabilities which must be addressed as quickly as possible. <br />
<br />
Once a CVE has been located and fixed, it is added to the CVE documentation table below.<br />
<br />
==Helping==<br />
This is a community driven project. Please consider joining the [[Arch_CVE_Monitoring_Team | Arch CVE Monitoring Team]]. <br />
<br />
Also, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch security mailing list]. There is an IRC on irc.freenode.net#arch-security. <br />
<br />
==Procedure==<br />
<br />
When adding a CVE to the table, add it to the TOP of the table. In the "CVE-id", "package/version", and "Update/bug" columns, create the entry as a hyperlink to the appropriate URL, respectively. <br />
<br />
==Documented Resolved CVE's ==<br />
<br><br />
{{Note|Refer to the [[#Procedure]] section when adding new entries.}}<br />
<br />
<br />
{| class="wikitable sortable" style="margin: 1em auto 1em auto; text-align: center;" width="50%"<br />
|height="50px" colspan="6" style="font-size: 125%;"| '''RESOLVED CVE's'''<br />
|-<br />
! scope="col" width="125px" data-sort-type="text" | CVE-id <br />
! package/version <br />
! data-sort-type="date"| Date public <br />
! Update/bug <br />
! Fixed version<br />
! Time vulnerable<br />
! Status<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0004 CVE-2014-0004 ] || {{Pkg|udisks2}} {{Pkg|udisks}} || 10/03/2014 || 2.1.3 1.0.5 || 2.1.3 1.0.5 || 3d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2281 CVE-2014-2281 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2283 CVE-2014-2283 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2299 CVE-2014-2299 ] || {{Pkg|wireshark}} || 10/03/2014 || 1.10.6 || 1.10.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0050 CVE-2014-0050 ] || {{Pkg|tomcat7}} || 06/02/2014 || 7.0.51 || 7.0.51 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0033 CVE-2014-0033 ] || {{Pkg|tomcat6}} || 10/01/2014 || 6.0.37 || 6.0.37 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0032 CVE-2014-0032 ] || {{Pkg|subversion}} || 10/01/2014 || 1.8.6 || 1.8.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0060 CVE-2014-0060 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0061 CVE-2014-0061 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0062 CVE-2014-0062 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0063 CVE-2014-0063 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0064 CVE-2014-0064] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0065 CVE-2014-0065] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0066 CVE-2014-0066] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0067 CVE-2014-0067] || {{Pkg|postgresql}} || 20/02/2014 || 9.3.3 || 9.33 || 0d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1912 CVE-2014-1912 ] || {{Pkg|python}} {{Pkg|python2}} || 07/02/2014 || || || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4496 CVE-2013-4496 ] || {{Pkg|samba}}|| 14/03/2014 || {{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6442 CVE-2013-6442 ] || {{Pkg|samba}} || 14/03/2014 ||{{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0504 CVE-2014-0504 ] || {{Pkg|flashplugin}} || 12/03/2014 || {{Bug|39385}} || 11.2.202.346 || 1d || fixed<br />
|-<br />
| CVE-2014-0106 || {{Pkg|sudo}}/1.8.9.p5 || || 1.8.10 || || - || pending<br />
|-<br />
| CVE-2014-2285 CVE-2014-2284 || {{Pkg|net-snmp}} || 05/03/2014 || {{Bug|39190}} || || 8d<br />
|-<br />
| CVE-2014-0092 || {{Pkg|gnutls}} || 04/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2242 CVE-2014-2243 <br> CVE-2014-2242 || {{Pkg|mediawiki}} || 14/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2096 CVE-2014-2093 || {{Pkg|catfish}} || 25/02/2014 || || || ??<br />
|-<br />
| CVE-2014-0497|| {{Pkg|flashplugin}} || 04/02/2014 || || || 1d<br />
|-<br />
| CVE-2014-0015 || {{Pkg|curl}} || 29/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-1610 || {{Pkg|mediawiki}} || 29/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-0021 || {{Pkg|chrony}} || 17/01/2014 || || || 14d<br />
|-<br />
| CVE-2014-1875 || {{Pkg|perl-capture-tiny}} || 06/02/2014 || {{Bug|38862}} || || 4d<br />
|-<br />
| CVE-2013-6493 || {{Pkg|icedtea-web-jav}} || 05/02/2014 || || || 0d<br />
|- <br />
| CVE-2014-1858 CVE-2014-1859 || {{Pkg|python-numpy}} || 06/02/2014 || {{Bug|38863}} || || 4d<br />
|-<br />
| CVE-2014-1932 CVE-2014-1933 || {{Pkg|python-pillow}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1934 || {{Pkg|python-eyed3}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1935 || {{Pkg|9base}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1949 || {{Pkg|cinnamon-screensaver}} || 12/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1959 || {{Pkg|gnutls}} || 13/02/2014 || || || 2d<br />
|- <br />
| CVE-2014-2015 || {{Pkg|freeradius}} || 16/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1943 || {{Pkg|file}} || 10/02/2014 || || || 2d<br />
|-<br />
| CVE-2014-0001 CVE-2014-0412<br> CVE-2014-0437 CVE-2014-0420 <br> CVE-2014-0393 CVE-2014-0386 <br> CVE-2014-0401 CVE-2014-0402 || {{Pkg|mariadb}} || 13/02/2013 || || || -13d<br />
|-<br />
| CVE-2014-1447 || {{Pkg|libvirt}} || 16/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-0979 || lightdm-gtk* || 07/01/2014 || {{Bug|38715}} || || 25d<br />
|-<br />
| CVE-2014-1475 CVE-2014-1476 || {{Pkg|drupal}} || 15/01/2014 || || || 12d<br />
|-<br />
| CVE-2014-0019 || {{Pkg|socat}} || 29/01/2014 || || || 0d<br />
|- <br />
| CVE-2014-1845 CVE-2014-1846 || {{Pkg|enlightment}} || 03/02/2014 || || || -3d<br />
|-<br />
| CVE-2014-1838 CVE-2014-1839 || {{Pkg|python-logilab}} || 31/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-0368 CVE-2014-0373 <br> CVE-2014-0376 CVE-2014-0411 <br> CVE-2014-0416 CVE-2014-0422 <br> CVE-2014-0423 CVE-2014-0428 || *-openjdk-* || 15/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-1402 || {{Pkg|python-jinja}} || 10/01/2014 || || || 1d<br />
|-<br />
| CVE-2013-6462 || {{Pkg|libxfont}} || 07/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-1235 || {{Pkg|graphviz}} || 07/01/2014 || {{Bug|38441}} || || 3d<br />
|-<br />
| CVE-2014-0978 || {{Pkg|freerdp}} || 02/01/2014 || {{Bug|38802}} || || ??<br />
|-<br />
|}</div>
RbN
https://wiki.archlinux.org/index.php?title=CVE&diff=305372
CVE
2014-03-17T19:48:21Z
<p>RbN: /* Documented Resolved CVE's */</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Stub|Draft of a table conaining already corrected CVE<br />
TODO: -improve sexyness of the table <br />
- links to Mitre for CVE-id<br />
}}<br />
<br />
{{Related articles start}}<br />
{{Related | Arch_CVE_Monitoring_Team}}<br />
{{Related articles end}}<br />
This article documents [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's) that are found and fixed in Arch Linux. <br />
<br />
==Introduction==<br />
CVE's represent critical security vulnerabilities which must be addressed as quickly as possible. <br />
<br />
Once a CVE has been located and fixed, it is added to the CVE documentation table below.<br />
<br />
==Helping==<br />
This is a community driven project. Please consider joining the [[Arch_CVE_Monitoring_Team | Arch CVE Monitoring Team]]. <br />
<br />
Also, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch security mailing list]. There is an IRC on irc.freenode.net#arch-security. <br />
<br />
==Procedure==<br />
<br />
When adding a CVE to the table, add it to the TOP of the table. In the "CVE-id", "package/version", and "Update/bug" columns, create the entry as a hyperlink to the appropriate URL, respectively. <br />
<br />
==Documented Resolved CVE's ==<br />
<br><br />
{{Note|Refer to the [[#Procedure]] section when adding new entries.}}<br />
<br />
<br />
{| class="wikitable sortable" style="margin: 1em auto 1em auto; text-align: center;" width="50%"<br />
|height="50px" colspan="6" style="font-size: 125%;"| '''RESOLVED CVE's'''<br />
|-<br />
! scope="col" width="125px" data-sort-type="text" | CVE-id <br />
! package/version <br />
! data-sort-type="date"| Date public <br />
! Update/bug <br />
! Fixed version<br />
! Time vulnerable<br />
! Status<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2281 CVE-2014-2281 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2283 CVE-2014-2283 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2299 CVE-2014-2299 ] || {{Pkg|wireshark}} || 10/03/2014 || 1.10.6 || 1.10.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0050 CVE-2014-0050 ] || {{Pkg|tomcat7}} || 06/02/2014 || 7.0.51 || 7.0.51 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0033 CVE-2014-0033 ] || {{Pkg|tomcat6}} || 10/01/2014 || 6.0.37 || 6.0.37 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0032 CVE-2014-0032 ] || {{Pkg|subversion}} || 10/01/2014 || 1.8.6 || 1.8.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0060 CVE-2014-0060 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0061 CVE-2014-0061 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0062 CVE-2014-0062 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0063 CVE-2014-0063 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0064 CVE-2014-0064] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0065 CVE-2014-0065] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0066 CVE-2014-0066] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0067 CVE-2014-0067] || {{Pkg|postgresql}} || 20/02/2014 || 9.3.3 || 9.33 || 0d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1912 CVE-2014-1912 ] || {{Pkg|python}} {{Pkg|python2}} || 07/02/2014 || || || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4496 CVE-2013-4496 ] || {{Pkg|samba}}|| 14/03/2014 || {{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6442 CVE-2013-6442 ] || {{Pkg|samba}} || 14/03/2014 ||{{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0504 CVE-2014-0504 ] || {{Pkg|flashplugin}} || 12/03/2014 || {{Bug|39385}} || 11.2.202.346 || 1d || fixed<br />
|-<br />
| CVE-2014-0106 || {{Pkg|sudo}}/1.8.9.p5 || || 1.8.10 || || - || pending<br />
|-<br />
| CVE-2014-2285 CVE-2014-2284 || {{Pkg|net-snmp}} || 05/03/2014 || {{Bug|39190}} || || 8d<br />
|-<br />
| CVE-2014-0092 || {{Pkg|gnutls}} || 04/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2242 CVE-2014-2243 <br> CVE-2014-2242 || {{Pkg|mediawiki}} || 14/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2096 CVE-2014-2093 || {{Pkg|catfish}} || 25/02/2014 || || || ??<br />
|-<br />
| CVE-2014-0497|| {{Pkg|flashplugin}} || 04/02/2014 || || || 1d<br />
|-<br />
| CVE-2014-0015 || {{Pkg|curl}} || 29/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-1610 || {{Pkg|mediawiki}} || 29/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-0021 || {{Pkg|chrony}} || 17/01/2014 || || || 14d<br />
|-<br />
| CVE-2014-1875 || {{Pkg|perl-capture-tiny}} || 06/02/2014 || {{Bug|38862}} || || 4d<br />
|-<br />
| CVE-2013-6493 || {{Pkg|icedtea-web-jav}} || 05/02/2014 || || || 0d<br />
|- <br />
| CVE-2014-1858 CVE-2014-1859 || {{Pkg|python-numpy}} || 06/02/2014 || {{Bug|38863}} || || 4d<br />
|-<br />
| CVE-2014-1932 CVE-2014-1933 || {{Pkg|python-pillow}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1934 || {{Pkg|python-eyed3}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1935 || {{Pkg|9base}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1949 || {{Pkg|cinnamon-screensaver}} || 12/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1959 || {{Pkg|gnutls}} || 13/02/2014 || || || 2d<br />
|- <br />
| CVE-2014-2015 || {{Pkg|freeradius}} || 16/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1943 || {{Pkg|file}} || 10/02/2014 || || || 2d<br />
|-<br />
| CVE-2014-0001 CVE-2014-0412<br> CVE-2014-0437 CVE-2014-0420 <br> CVE-2014-0393 CVE-2014-0386 <br> CVE-2014-0401 CVE-2014-0402 || {{Pkg|mariadb}} || 13/02/2013 || || || -13d<br />
|-<br />
| CVE-2014-1447 || {{Pkg|libvirt}} || 16/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-0979 || lightdm-gtk* || 07/01/2014 || {{Bug|38715}} || || 25d<br />
|-<br />
| CVE-2014-1475 CVE-2014-1476 || {{Pkg|drupal}} || 15/01/2014 || || || 12d<br />
|-<br />
| CVE-2014-0019 || {{Pkg|socat}} || 29/01/2014 || || || 0d<br />
|- <br />
| CVE-2014-1845 CVE-2014-1846 || {{Pkg|enlightment}} || 03/02/2014 || || || -3d<br />
|-<br />
| CVE-2014-1838 CVE-2014-1839 || {{Pkg|python-logilab}} || 31/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-0368 CVE-2014-0373 <br> CVE-2014-0376 CVE-2014-0411 <br> CVE-2014-0416 CVE-2014-0422 <br> CVE-2014-0423 CVE-2014-0428 || *-openjdk-* || 15/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-1402 || {{Pkg|python-jinja}} || 10/01/2014 || || || 1d<br />
|-<br />
| CVE-2013-6462 || {{Pkg|libxfont}} || 07/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-1235 || {{Pkg|graphviz}} || 07/01/2014 || {{Bug|38441}} || || 3d<br />
|-<br />
| CVE-2014-0978 || {{Pkg|freerdp}} || 02/01/2014 || {{Bug|38802}} || || ??<br />
|-<br />
|}</div>
RbN
https://wiki.archlinux.org/index.php?title=CVE&diff=305371
CVE
2014-03-17T19:38:53Z
<p>RbN: /* Documented Resolved CVE's */</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Stub|Draft of a table conaining already corrected CVE<br />
TODO: -improve sexyness of the table <br />
- links to Mitre for CVE-id<br />
}}<br />
<br />
{{Related articles start}}<br />
{{Related | Arch_CVE_Monitoring_Team}}<br />
{{Related articles end}}<br />
This article documents [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's) that are found and fixed in Arch Linux. <br />
<br />
==Introduction==<br />
CVE's represent critical security vulnerabilities which must be addressed as quickly as possible. <br />
<br />
Once a CVE has been located and fixed, it is added to the CVE documentation table below.<br />
<br />
==Helping==<br />
This is a community driven project. Please consider joining the [[Arch_CVE_Monitoring_Team | Arch CVE Monitoring Team]]. <br />
<br />
Also, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch security mailing list]. There is an IRC on irc.freenode.net#arch-security. <br />
<br />
==Procedure==<br />
<br />
When adding a CVE to the table, add it to the TOP of the table. In the "CVE-id", "package/version", and "Update/bug" columns, create the entry as a hyperlink to the appropriate URL, respectively. <br />
<br />
==Documented Resolved CVE's ==<br />
<br><br />
{{Note|Refer to the [[#Procedure]] section when adding new entries.}}<br />
<br />
<br />
{| class="wikitable sortable" style="margin: 1em auto 1em auto; text-align: center;" width="50%"<br />
|height="50px" colspan="6" style="font-size: 125%;"| '''RESOLVED CVE's'''<br />
|-<br />
! scope="col" width="125px" data-sort-type="text" | CVE-id <br />
! package/version <br />
! data-sort-type="date"| Date public <br />
! Update/bug <br />
! Fixed version<br />
! Time vulnerable<br />
! Status<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0050 CVE-2014-0050 ] || {{Pkg|tomcat7}} || 06/02/2014 || 7.0.51 || 7.0.51 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0033 CVE-2014-0033 ] || {{Pkg|tomcat6}} || 10/01/2014 || 6.0.37 || 6.0.37 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0032 CVE-2014-0032 ] || {{Pkg|subversion}} || 10/01/2014 || 1.8.6 || 1.8.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0060 CVE-2014-0060 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0061 CVE-2014-0061 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0062 CVE-2014-0062 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0063 CVE-2014-0063 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0064 CVE-2014-0064] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0065 CVE-2014-0065] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0066 CVE-2014-0066] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0067 CVE-2014-0067] || {{Pkg|postgresql}} || 20/02/2014 || 9.3.3 || 9.33 || 0d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1912 CVE-2014-1912 ] || {{Pkg|python}} {{Pkg|python2}} || 07/02/2014 || || || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4496 CVE-2013-4496 ] || {{Pkg|samba}}|| 14/03/2014 || {{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6442 CVE-2013-6442 ] || {{Pkg|samba}} || 14/03/2014 ||{{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0504 CVE-2014-0504 ] || {{Pkg|flashplugin}} || 12/03/2014 || {{Bug|39385}} || 11.2.202.346 || 1d || fixed<br />
|-<br />
| CVE-2014-0106 || {{Pkg|sudo}}/1.8.9.p5 || || 1.8.10 || || - || pending<br />
|-<br />
| CVE-2014-2285 CVE-2014-2284 || {{Pkg|net-snmp}} || 05/03/2014 || {{Bug|39190}} || || 8d<br />
|-<br />
| CVE-2014-0092 || {{Pkg|gnutls}} || 04/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2242 CVE-2014-2243 <br> CVE-2014-2242 || {{Pkg|mediawiki}} || 14/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2096 CVE-2014-2093 || {{Pkg|catfish}} || 25/02/2014 || || || ??<br />
|-<br />
| CVE-2014-0497|| {{Pkg|flashplugin}} || 04/02/2014 || || || 1d<br />
|-<br />
| CVE-2014-0015 || {{Pkg|curl}} || 29/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-1610 || {{Pkg|mediawiki}} || 29/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-0021 || {{Pkg|chrony}} || 17/01/2014 || || || 14d<br />
|-<br />
| CVE-2014-1875 || {{Pkg|perl-capture-tiny}} || 06/02/2014 || {{Bug|38862}} || || 4d<br />
|-<br />
| CVE-2013-6493 || {{Pkg|icedtea-web-jav}} || 05/02/2014 || || || 0d<br />
|- <br />
| CVE-2014-1858 CVE-2014-1859 || {{Pkg|python-numpy}} || 06/02/2014 || {{Bug|38863}} || || 4d<br />
|-<br />
| CVE-2014-1932 CVE-2014-1933 || {{Pkg|python-pillow}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1934 || {{Pkg|python-eyed3}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1935 || {{Pkg|9base}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1949 || {{Pkg|cinnamon-screensaver}} || 12/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1959 || {{Pkg|gnutls}} || 13/02/2014 || || || 2d<br />
|- <br />
| CVE-2014-2015 || {{Pkg|freeradius}} || 16/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1943 || {{Pkg|file}} || 10/02/2014 || || || 2d<br />
|-<br />
| CVE-2014-0001 CVE-2014-0412<br> CVE-2014-0437 CVE-2014-0420 <br> CVE-2014-0393 CVE-2014-0386 <br> CVE-2014-0401 CVE-2014-0402 || {{Pkg|mariadb}} || 13/02/2013 || || || -13d<br />
|-<br />
| CVE-2014-1447 || {{Pkg|libvirt}} || 16/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-0979 || lightdm-gtk* || 07/01/2014 || {{Bug|38715}} || || 25d<br />
|-<br />
| CVE-2014-1475 CVE-2014-1476 || {{Pkg|drupal}} || 15/01/2014 || || || 12d<br />
|-<br />
| CVE-2014-0019 || {{Pkg|socat}} || 29/01/2014 || || || 0d<br />
|- <br />
| CVE-2014-1845 CVE-2014-1846 || {{Pkg|enlightment}} || 03/02/2014 || || || -3d<br />
|-<br />
| CVE-2014-1838 CVE-2014-1839 || {{Pkg|python-logilab}} || 31/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-0368 CVE-2014-0373 <br> CVE-2014-0376 CVE-2014-0411 <br> CVE-2014-0416 CVE-2014-0422 <br> CVE-2014-0423 CVE-2014-0428 || *-openjdk-* || 15/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-1402 || {{Pkg|python-jinja}} || 10/01/2014 || || || 1d<br />
|-<br />
| CVE-2013-6462 || {{Pkg|libxfont}} || 07/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-1235 || {{Pkg|graphviz}} || 07/01/2014 || {{Bug|38441}} || || 3d<br />
|-<br />
| CVE-2014-0978 || {{Pkg|freerdp}} || 02/01/2014 || {{Bug|38802}} || || ??<br />
|-<br />
|}</div>
RbN
https://wiki.archlinux.org/index.php?title=CVE&diff=305370
CVE
2014-03-17T19:31:28Z
<p>RbN: /* Documented Resolved CVE's */</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Stub|Draft of a table conaining already corrected CVE<br />
TODO: -improve sexyness of the table <br />
- links to Mitre for CVE-id<br />
}}<br />
<br />
{{Related articles start}}<br />
{{Related | Arch_CVE_Monitoring_Team}}<br />
{{Related articles end}}<br />
This article documents [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's) that are found and fixed in Arch Linux. <br />
<br />
==Introduction==<br />
CVE's represent critical security vulnerabilities which must be addressed as quickly as possible. <br />
<br />
Once a CVE has been located and fixed, it is added to the CVE documentation table below.<br />
<br />
==Helping==<br />
This is a community driven project. Please consider joining the [[Arch_CVE_Monitoring_Team | Arch CVE Monitoring Team]]. <br />
<br />
Also, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch security mailing list]. There is an IRC on irc.freenode.net#arch-security. <br />
<br />
==Procedure==<br />
<br />
When adding a CVE to the table, add it to the TOP of the table. In the "CVE-id", "package/version", and "Update/bug" columns, create the entry as a hyperlink to the appropriate URL, respectively. <br />
<br />
==Documented Resolved CVE's ==<br />
<br><br />
{{Note|Refer to the [[#Procedure]] section when adding new entries.}}<br />
<br />
<br />
{| class="wikitable sortable" style="margin: 1em auto 1em auto; text-align: center;" width="50%"<br />
|height="50px" colspan="6" style="font-size: 125%;"| '''RESOLVED CVE's'''<br />
|-<br />
! scope="col" width="125px" data-sort-type="text" | CVE-id <br />
! package/version <br />
! data-sort-type="date"| Date public <br />
! Update/bug <br />
! Fixed version<br />
! Time vulnerable<br />
! Status<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0032 CVE-2014-0032 ] || {{Pkg|subversion}} || 10/01/2014 || 1.8.6 || 1.8.6 || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0060 CVE-2014-0060 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0061 CVE-2014-0061 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0062 CVE-2014-0062 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0063 CVE-2014-0063 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0064 CVE-2014-0064] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0065 CVE-2014-0065] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0066 CVE-2014-0066] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0067 CVE-2014-0067] || {{Pkg|postgresql}} || 20/02/2014 || 9.3.3 || 9.33 || 0d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1912 CVE-2014-1912 ] || {{Pkg|python}} {{Pkg|python2}} || 07/02/2014 || || || ?? || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4496 CVE-2013-4496 ] || {{Pkg|samba}}|| 14/03/2014 || {{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6442 CVE-2013-6442 ] || {{Pkg|samba}} || 14/03/2014 ||{{Bug|39424}} || 4.1.6 || 2d || fixed<br />
|-<br />
| [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0504 CVE-2014-0504 ] || {{Pkg|flashplugin}} || 12/03/2014 || {{Bug|39385}} || 11.2.202.346 || 1d || fixed<br />
|-<br />
| CVE-2014-0106 || {{Pkg|sudo}}/1.8.9.p5 || || 1.8.10 || || - || pending<br />
|-<br />
| CVE-2014-2285 CVE-2014-2284 || {{Pkg|net-snmp}} || 05/03/2014 || {{Bug|39190}} || || 8d<br />
|-<br />
| CVE-2014-0092 || {{Pkg|gnutls}} || 04/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2242 CVE-2014-2243 <br> CVE-2014-2242 || {{Pkg|mediawiki}} || 14/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2096 CVE-2014-2093 || {{Pkg|catfish}} || 25/02/2014 || || || ??<br />
|-<br />
| CVE-2014-0497|| {{Pkg|flashplugin}} || 04/02/2014 || || || 1d<br />
|-<br />
| CVE-2014-0015 || {{Pkg|curl}} || 29/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-1610 || {{Pkg|mediawiki}} || 29/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-0021 || {{Pkg|chrony}} || 17/01/2014 || || || 14d<br />
|-<br />
| CVE-2014-1875 || {{Pkg|perl-capture-tiny}} || 06/02/2014 || {{Bug|38862}} || || 4d<br />
|-<br />
| CVE-2013-6493 || {{Pkg|icedtea-web-jav}} || 05/02/2014 || || || 0d<br />
|- <br />
| CVE-2014-1858 CVE-2014-1859 || {{Pkg|python-numpy}} || 06/02/2014 || {{Bug|38863}} || || 4d<br />
|-<br />
| CVE-2014-1932 CVE-2014-1933 || {{Pkg|python-pillow}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1934 || {{Pkg|python-eyed3}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1935 || {{Pkg|9base}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1949 || {{Pkg|cinnamon-screensaver}} || 12/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1959 || {{Pkg|gnutls}} || 13/02/2014 || || || 2d<br />
|- <br />
| CVE-2014-2015 || {{Pkg|freeradius}} || 16/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1943 || {{Pkg|file}} || 10/02/2014 || || || 2d<br />
|-<br />
| CVE-2014-0001 CVE-2014-0412<br> CVE-2014-0437 CVE-2014-0420 <br> CVE-2014-0393 CVE-2014-0386 <br> CVE-2014-0401 CVE-2014-0402 || {{Pkg|mariadb}} || 13/02/2013 || || || -13d<br />
|-<br />
| CVE-2014-1447 || {{Pkg|libvirt}} || 16/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-0979 || lightdm-gtk* || 07/01/2014 || {{Bug|38715}} || || 25d<br />
|-<br />
| CVE-2014-1475 CVE-2014-1476 || {{Pkg|drupal}} || 15/01/2014 || || || 12d<br />
|-<br />
| CVE-2014-0019 || {{Pkg|socat}} || 29/01/2014 || || || 0d<br />
|- <br />
| CVE-2014-1845 CVE-2014-1846 || {{Pkg|enlightment}} || 03/02/2014 || || || -3d<br />
|-<br />
| CVE-2014-1838 CVE-2014-1839 || {{Pkg|python-logilab}} || 31/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-0368 CVE-2014-0373 <br> CVE-2014-0376 CVE-2014-0411 <br> CVE-2014-0416 CVE-2014-0422 <br> CVE-2014-0423 CVE-2014-0428 || *-openjdk-* || 15/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-1402 || {{Pkg|python-jinja}} || 10/01/2014 || || || 1d<br />
|-<br />
| CVE-2013-6462 || {{Pkg|libxfont}} || 07/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-1235 || {{Pkg|graphviz}} || 07/01/2014 || {{Bug|38441}} || || 3d<br />
|-<br />
| CVE-2014-0978 || {{Pkg|freerdp}} || 02/01/2014 || {{Bug|38802}} || || ??<br />
|-<br />
|}</div>
RbN
https://wiki.archlinux.org/index.php?title=CVE&diff=305367
CVE
2014-03-17T19:23:07Z
<p>RbN: /* Documented Resolved CVE's */</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Stub|Draft of a table conaining already corrected CVE<br />
TODO: -improve sexyness of the table <br />
- links to Mitre for CVE-id<br />
}}<br />
<br />
{{Related articles start}}<br />
{{Related | Arch_CVE_Monitoring_Team}}<br />
{{Related articles end}}<br />
This article documents [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's) that are found and fixed in Arch Linux. <br />
<br />
==Introduction==<br />
CVE's represent critical security vulnerabilities which must be addressed as quickly as possible. <br />
<br />
Once a CVE has been located and fixed, it is added to the CVE documentation table below.<br />
<br />
==Helping==<br />
This is a community driven project. Please consider joining the [[Arch_CVE_Monitoring_Team | Arch CVE Monitoring Team]]. <br />
<br />
Also, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch security mailing list]. There is an IRC on irc.freenode.net#arch-security. <br />
<br />
==Procedure==<br />
<br />
When adding a CVE to the table, add it to the TOP of the table. In the "CVE-id", "package/version", and "Update/bug" columns, create the entry as a hyperlink to the appropriate URL, respectively. <br />
<br />
==Documented Resolved CVE's ==<br />
<br><br />
{{Note|Refer to the [[#Procedure]] section when adding new entries.}}<br />
<br />
<br />
{| class="wikitable sortable" style="margin: 1em auto 1em auto; text-align: center;" width="50%"<br />
|height="50px" colspan="6" style="font-size: 125%;"| '''RESOLVED CVE's'''<br />
|-<br />
! scope="col" width="125px" data-sort-type="text" | CVE-id <br />
! package/version <br />
! data-sort-type="date"| Date public <br />
! Update/bug <br />
! Fixed version<br />
! Time vulnerable<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0060 CVE-2014-0060 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0061 CVE-2014-0061 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0062 CVE-2014-0062 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0063 CVE-2014-0063 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0064 CVE-2014-0064] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0065 CVE-2014-0065] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0066 CVE-2014-0066] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0067 CVE-2014-0067] || {{Pkg|postgresql}} || 20/02/2014 || 9.3.3 || 9.33 || 0d<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1912 CVE-2014-1912 ] || {{Pkg|python}} {{Pkg|python2}} || 07/02/2014 || || || ??<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4496 CVE-2013-4496 ] || {{Pkg|samba}}|| 14/03/2014 || {{Bug|39424}} || 4.1.6 || 2d<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6442 CVE-2013-6442 ] || {{Pkg|samba}} || 14/03/2014 ||{{Bug|39424}} || 4.1.6 || 2d<br />
|-<br />
| [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0504 CVE-2014-0504 ] || {{Pkg|flashplugin}} || 12/03/2014 || {{Bug|39385}} || 11.2.202.346 || 1d<br />
|-<br />
| CVE-2014-0106 || {{Pkg|sudo}}/1.8.9.p5 || || 1.8.10 || || -<br />
|-<br />
| CVE-2014-2285 CVE-2014-2284 || {{Pkg|net-snmp}} || 05/03/2014 || {{Bug|39190}} || || 8d<br />
|-<br />
| CVE-2014-0092 || {{Pkg|gnutls}} || 04/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2242 CVE-2014-2243 <br> CVE-2014-2242 || {{Pkg|mediawiki}} || 14/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2096 CVE-2014-2093 || {{Pkg|catfish}} || 25/02/2014 || || || ??<br />
|-<br />
| CVE-2014-0497|| {{Pkg|flashplugin}} || 04/02/2014 || || || 1d<br />
|-<br />
| CVE-2014-0015 || {{Pkg|curl}} || 29/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-1610 || {{Pkg|mediawiki}} || 29/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-0021 || {{Pkg|chrony}} || 17/01/2014 || || || 14d<br />
|-<br />
| CVE-2014-1875 || {{Pkg|perl-capture-tiny}} || 06/02/2014 || {{Bug|38862}} || || 4d<br />
|-<br />
| CVE-2013-6493 || {{Pkg|icedtea-web-jav}} || 05/02/2014 || || || 0d<br />
|- <br />
| CVE-2014-1858 CVE-2014-1859 || {{Pkg|python-numpy}} || 06/02/2014 || {{Bug|38863}} || || 4d<br />
|-<br />
| CVE-2014-1932 CVE-2014-1933 || {{Pkg|python-pillow}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1934 || {{Pkg|python-eyed3}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1935 || {{Pkg|9base}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1949 || {{Pkg|cinnamon-screensaver}} || 12/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1959 || {{Pkg|gnutls}} || 13/02/2014 || || || 2d<br />
|- <br />
| CVE-2014-2015 || {{Pkg|freeradius}} || 16/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1943 || {{Pkg|file}} || 10/02/2014 || || || 2d<br />
|-<br />
| CVE-2014-0001 CVE-2014-0412<br> CVE-2014-0437 CVE-2014-0420 <br> CVE-2014-0393 CVE-2014-0386 <br> CVE-2014-0401 CVE-2014-0402 || {{Pkg|mariadb}} || 13/02/2013 || || || -13d<br />
|-<br />
| CVE-2014-1447 || {{Pkg|libvirt}} || 16/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-0979 || lightdm-gtk* || 07/01/2014 || {{Bug|38715}} || || 25d<br />
|-<br />
| CVE-2014-1475 CVE-2014-1476 || {{Pkg|drupal}} || 15/01/2014 || || || 12d<br />
|-<br />
| CVE-2014-0019 || {{Pkg|socat}} || 29/01/2014 || || || 0d<br />
|- <br />
| CVE-2014-1845 CVE-2014-1846 || {{Pkg|enlightment}} || 03/02/2014 || || || -3d<br />
|-<br />
| CVE-2014-1838 CVE-2014-1839 || {{Pkg|python-logilab}} || 31/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-0368 CVE-2014-0373 <br> CVE-2014-0376 CVE-2014-0411 <br> CVE-2014-0416 CVE-2014-0422 <br> CVE-2014-0423 CVE-2014-0428 || *-openjdk-* || 15/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-1402 || {{Pkg|python-jinja}} || 10/01/2014 || || || 1d<br />
|-<br />
| CVE-2013-6462 || {{Pkg|libxfont}} || 07/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-1235 || {{Pkg|graphviz}} || 07/01/2014 || {{Bug|38441}} || || 3d<br />
|-<br />
| CVE-2014-0978 || {{Pkg|freerdp}} || 02/01/2014 || {{Bug|38802}} || || ??<br />
|-<br />
|}</div>
RbN
https://wiki.archlinux.org/index.php?title=CVE&diff=305366
CVE
2014-03-17T19:21:29Z
<p>RbN: /* Documented Resolved CVE's */ postgresql's CVE</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Stub|Draft of a table conaining already corrected CVE<br />
TODO: -improve sexyness of the table <br />
- links to Mitre for CVE-id<br />
}}<br />
<br />
{{Related articles start}}<br />
{{Related | Arch_CVE_Monitoring_Team}}<br />
{{Related articles end}}<br />
This article documents [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's) that are found and fixed in Arch Linux. <br />
<br />
==Introduction==<br />
CVE's represent critical security vulnerabilities which must be addressed as quickly as possible. <br />
<br />
Once a CVE has been located and fixed, it is added to the CVE documentation table below.<br />
<br />
==Helping==<br />
This is a community driven project. Please consider joining the [[Arch_CVE_Monitoring_Team | Arch CVE Monitoring Team]]. <br />
<br />
Also, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch security mailing list]. There is an IRC on irc.freenode.net#arch-security. <br />
<br />
==Procedure==<br />
<br />
When adding a CVE to the table, add it to the TOP of the table. In the "CVE-id", "package/version", and "Update/bug" columns, create the entry as a hyperlink to the appropriate URL, respectively. <br />
<br />
==Documented Resolved CVE's ==<br />
<br><br />
{{Note|Refer to the [[#Procedure]] section when adding new entries.}}<br />
<br />
<br />
{| class="wikitable sortable" style="margin: 1em auto 1em auto; text-align: center;" width="50%"<br />
|height="50px" colspan="6" style="font-size: 125%;"| '''RESOLVED CVE's'''<br />
|-<br />
! scope="col" width="150px" data-sort-type="text" | CVE-id <br />
! package/version <br />
! data-sort-type="date"| Date public <br />
! Update/bug <br />
! Fixed version<br />
! Time vulnerable<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0060 CVE-2014-0060 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0061 CVE-2014-0061 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0062 CVE-2014-0062 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0063CVE-2014-0063 ] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0065 CVE-2014-0065] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0066 CVE-2014-0066] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0067 CVE-2014-0067] | {{Pkg|postgresql}} || 20/02/2014 || 9.3.3 || 9.33 || 0d<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1912 CVE-2014-1912 ] || {{Pkg|python}} {{Pkg|python2}} || 07/02/2014 || || || ??<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4496 CVE-2013-4496 ] || {{Pkg|samba}}|| 14/03/2014 || {{Bug|39424}} || 4.1.6 || 2d<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6442 CVE-2013-6442 ] || {{Pkg|samba}} || 14/03/2014 ||{{Bug|39424}} || 4.1.6 || 2d<br />
|-<br />
| [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0504 CVE-2014-0504 ] || {{Pkg|flashplugin}} || 12/03/2014 || {{Bug|39385}} || 11.2.202.346 || 1d<br />
|-<br />
| CVE-2014-0106 || {{Pkg|sudo}}/1.8.9.p5 || || 1.8.10 || || -<br />
|-<br />
| CVE-2014-2285 CVE-2014-2284 || {{Pkg|net-snmp}} || 05/03/2014 || {{Bug|39190}} || || 8d<br />
|-<br />
| CVE-2014-0092 || {{Pkg|gnutls}} || 04/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2242 CVE-2014-2243 <br> CVE-2014-2242 || {{Pkg|mediawiki}} || 14/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2096 CVE-2014-2093 || {{Pkg|catfish}} || 25/02/2014 || || || ??<br />
|-<br />
| CVE-2014-0497|| {{Pkg|flashplugin}} || 04/02/2014 || || || 1d<br />
|-<br />
| CVE-2014-0015 || {{Pkg|curl}} || 29/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-1610 || {{Pkg|mediawiki}} || 29/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-0021 || {{Pkg|chrony}} || 17/01/2014 || || || 14d<br />
|-<br />
| CVE-2014-1875 || {{Pkg|perl-capture-tiny}} || 06/02/2014 || {{Bug|38862}} || || 4d<br />
|-<br />
| CVE-2013-6493 || {{Pkg|icedtea-web-jav}} || 05/02/2014 || || || 0d<br />
|- <br />
| CVE-2014-1858 CVE-2014-1859 || {{Pkg|python-numpy}} || 06/02/2014 || {{Bug|38863}} || || 4d<br />
|-<br />
| CVE-2014-1932 CVE-2014-1933 || {{Pkg|python-pillow}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1934 || {{Pkg|python-eyed3}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1935 || {{Pkg|9base}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1949 || {{Pkg|cinnamon-screensaver}} || 12/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1959 || {{Pkg|gnutls}} || 13/02/2014 || || || 2d<br />
|- <br />
| CVE-2014-2015 || {{Pkg|freeradius}} || 16/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1943 || {{Pkg|file}} || 10/02/2014 || || || 2d<br />
|-<br />
| CVE-2014-0001 CVE-2014-0412<br> CVE-2014-0437 CVE-2014-0420 <br> CVE-2014-0393 CVE-2014-0386 <br> CVE-2014-0401 CVE-2014-0402 || {{Pkg|mariadb}} || 13/02/2013 || || || -13d<br />
|-<br />
| CVE-2014-1447 || {{Pkg|libvirt}} || 16/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-0979 || lightdm-gtk* || 07/01/2014 || {{Bug|38715}} || || 25d<br />
|-<br />
| CVE-2014-1475 CVE-2014-1476 || {{Pkg|drupal}} || 15/01/2014 || || || 12d<br />
|-<br />
| CVE-2014-0019 || {{Pkg|socat}} || 29/01/2014 || || || 0d<br />
|- <br />
| CVE-2014-1845 CVE-2014-1846 || {{Pkg|enlightment}} || 03/02/2014 || || || -3d<br />
|-<br />
| CVE-2014-1838 CVE-2014-1839 || {{Pkg|python-logilab}} || 31/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-0368 CVE-2014-0373 <br> CVE-2014-0376 CVE-2014-0411 <br> CVE-2014-0416 CVE-2014-0422 <br> CVE-2014-0423 CVE-2014-0428 || *-openjdk-* || 15/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-1402 || {{Pkg|python-jinja}} || 10/01/2014 || || || 1d<br />
|-<br />
| CVE-2013-6462 || {{Pkg|libxfont}} || 07/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-1235 || {{Pkg|graphviz}} || 07/01/2014 || {{Bug|38441}} || || 3d<br />
|-<br />
| CVE-2014-0978 || {{Pkg|freerdp}} || 02/01/2014 || {{Bug|38802}} || || ??<br />
|-<br />
|}</div>
RbN
https://wiki.archlinux.org/index.php?title=CVE&diff=305364
CVE
2014-03-17T19:13:19Z
<p>RbN: /* Documented Resolved CVE's */</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Stub|Draft of a table conaining already corrected CVE<br />
TODO: -improve sexyness of the table <br />
- links to Mitre for CVE-id<br />
}}<br />
<br />
{{Related articles start}}<br />
{{Related | Arch_CVE_Monitoring_Team}}<br />
{{Related articles end}}<br />
This article documents [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's) that are found and fixed in Arch Linux. <br />
<br />
==Introduction==<br />
CVE's represent critical security vulnerabilities which must be addressed as quickly as possible. <br />
<br />
Once a CVE has been located and fixed, it is added to the CVE documentation table below.<br />
<br />
==Helping==<br />
This is a community driven project. Please consider joining the [[Arch_CVE_Monitoring_Team | Arch CVE Monitoring Team]]. <br />
<br />
Also, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch security mailing list]. There is an IRC on irc.freenode.net#arch-security. <br />
<br />
==Procedure==<br />
<br />
When adding a CVE to the table, add it to the TOP of the table. In the "CVE-id", "package/version", and "Update/bug" columns, create the entry as a hyperlink to the appropriate URL, respectively. <br />
<br />
==Documented Resolved CVE's ==<br />
<br><br />
{{Note|Refer to the [[#Procedure]] section when adding new entries.}}<br />
<br />
<br />
{| class="wikitable sortable" style="margin: 1em auto 1em auto; text-align: center;" width="50%"<br />
|height="50px" colspan="6" style="font-size: 125%;"| '''RESOLVED CVE's'''<br />
|-<br />
! scope="col" width="150px" data-sort-type="text" | CVE-id <br />
! package/version <br />
! data-sort-type="date"| Date public <br />
! Update/bug <br />
! Fixed version<br />
! Time vulnerable<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1912 CVE-2014-1912 ] || {{Pkg|python}} {{Pkg|python2}} || 07/02/2014 || || || ??<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4496 CVE-2013-4496 ] || {{Pkg|samba}}|| 14/03/2014 || {{Bug|39424}} || 4.1.6 || 2d<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6442 CVE-2013-6442 ] || {{Pkg|samba}} || 14/03/2014 ||{{Bug|39424}} || 4.1.6 || 2d<br />
|-<br />
| [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0504 CVE-2014-0504 ] || {{Pkg|flashplugin}} || 12/03/2014 || {{Bug|39385}} || 11.2.202.346 || 1d<br />
|-<br />
| CVE-2014-0106 || {{Pkg|sudo}}/1.8.9.p5 || || 1.8.10 || || -<br />
|-<br />
| CVE-2014-2285 CVE-2014-2284 || {{Pkg|net-snmp}} || 05/03/2014 || {{Bug|39190}} || || 8d<br />
|-<br />
| CVE-2014-0092 || {{Pkg|gnutls}} || 04/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2242 CVE-2014-2243 <br> CVE-2014-2242 || {{Pkg|mediawiki}} || 14/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2096 CVE-2014-2093 || {{Pkg|catfish}} || 25/02/2014 || || || ??<br />
|-<br />
| CVE-2014-0497|| {{Pkg|flashplugin}} || 04/02/2014 || || || 1d<br />
|-<br />
| CVE-2014-0015 || {{Pkg|curl}} || 29/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-1610 || {{Pkg|mediawiki}} || 29/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-0021 || {{Pkg|chrony}} || 17/01/2014 || || || 14d<br />
|-<br />
| CVE-2014-1875 || {{Pkg|perl-capture-tiny}} || 06/02/2014 || {{Bug|38862}} || || 4d<br />
|-<br />
| CVE-2013-6493 || {{Pkg|icedtea-web-jav}} || 05/02/2014 || || || 0d<br />
|- <br />
| CVE-2014-1858 CVE-2014-1859 || {{Pkg|python-numpy}} || 06/02/2014 || {{Bug|38863}} || || 4d<br />
|-<br />
| CVE-2014-1932 CVE-2014-1933 || {{Pkg|python-pillow}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1934 || {{Pkg|python-eyed3}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1935 || {{Pkg|9base}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1949 || {{Pkg|cinnamon-screensaver}} || 12/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1959 || {{Pkg|gnutls}} || 13/02/2014 || || || 2d<br />
|- <br />
| CVE-2014-2015 || {{Pkg|freeradius}} || 16/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1943 || {{Pkg|file}} || 10/02/2014 || || || 2d<br />
|-<br />
| CVE-2014-0001 CVE-2014-0412<br> CVE-2014-0437 CVE-2014-0420 <br> CVE-2014-0393 CVE-2014-0386 <br> CVE-2014-0401 CVE-2014-0402 || {{Pkg|mariadb}} || 13/02/2013 || || || -13d<br />
|-<br />
| CVE-2014-1447 || {{Pkg|libvirt}} || 16/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-0979 || lightdm-gtk* || 07/01/2014 || {{Bug|38715}} || || 25d<br />
|-<br />
| CVE-2014-1475 CVE-2014-1476 || {{Pkg|drupal}} || 15/01/2014 || || || 12d<br />
|-<br />
| CVE-2014-0019 || {{Pkg|socat}} || 29/01/2014 || || || 0d<br />
|- <br />
| CVE-2014-1845 CVE-2014-1846 || {{Pkg|enlightment}} || 03/02/2014 || || || -3d<br />
|-<br />
| CVE-2014-1838 CVE-2014-1839 || {{Pkg|python-logilab}} || 31/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-0368 CVE-2014-0373 <br> CVE-2014-0376 CVE-2014-0411 <br> CVE-2014-0416 CVE-2014-0422 <br> CVE-2014-0423 CVE-2014-0428 || *-openjdk-* || 15/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-1402 || {{Pkg|python-jinja}} || 10/01/2014 || || || 1d<br />
|-<br />
| CVE-2013-6462 || {{Pkg|libxfont}} || 07/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-1235 || {{Pkg|graphviz}} || 07/01/2014 || {{Bug|38441}} || || 3d<br />
|-<br />
| CVE-2014-0978 || {{Pkg|freerdp}} || 02/01/2014 || {{Bug|38802}} || || ??<br />
|-<br />
|}</div>
RbN
https://wiki.archlinux.org/index.php?title=CVE&diff=305363
CVE
2014-03-17T19:13:01Z
<p>RbN: /* Documented Resolved CVE's */ CVE-2014-1912</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
{{Stub|Draft of a table conaining already corrected CVE<br />
TODO: -improve sexyness of the table <br />
- links to Mitre for CVE-id<br />
}}<br />
<br />
{{Related articles start}}<br />
{{Related | Arch_CVE_Monitoring_Team}}<br />
{{Related articles end}}<br />
This article documents [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's) that are found and fixed in Arch Linux. <br />
<br />
==Introduction==<br />
CVE's represent critical security vulnerabilities which must be addressed as quickly as possible. <br />
<br />
Once a CVE has been located and fixed, it is added to the CVE documentation table below.<br />
<br />
==Helping==<br />
This is a community driven project. Please consider joining the [[Arch_CVE_Monitoring_Team | Arch CVE Monitoring Team]]. <br />
<br />
Also, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch security mailing list]. There is an IRC on irc.freenode.net#arch-security. <br />
<br />
==Procedure==<br />
<br />
When adding a CVE to the table, add it to the TOP of the table. In the "CVE-id", "package/version", and "Update/bug" columns, create the entry as a hyperlink to the appropriate URL, respectively. <br />
<br />
==Documented Resolved CVE's ==<br />
<br><br />
{{Note|Refer to the [[#Procedure]] section when adding new entries.}}<br />
<br />
<br />
{| class="wikitable sortable" style="margin: 1em auto 1em auto; text-align: center;" width="50%"<br />
|height="50px" colspan="6" style="font-size: 125%;"| '''RESOLVED CVE's'''<br />
|-<br />
! scope="col" width="150px" data-sort-type="text" | CVE-id <br />
! package/version <br />
! data-sort-type="date"| Date public <br />
! Update/bug <br />
! Fixed version<br />
! Time vulnerable<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1912 ] || {{Pkg|python}} {{Pkg|python2}} || 07/02/2014 || || || ??<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4496 CVE-2013-4496 ] || {{Pkg|samba}}|| 14/03/2014 || {{Bug|39424}} || 4.1.6 || 2d<br />
|-<br />
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6442 CVE-2013-6442 ] || {{Pkg|samba}} || 14/03/2014 ||{{Bug|39424}} || 4.1.6 || 2d<br />
|-<br />
| [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0504 CVE-2014-0504 ] || {{Pkg|flashplugin}} || 12/03/2014 || {{Bug|39385}} || 11.2.202.346 || 1d<br />
|-<br />
| CVE-2014-0106 || {{Pkg|sudo}}/1.8.9.p5 || || 1.8.10 || || -<br />
|-<br />
| CVE-2014-2285 CVE-2014-2284 || {{Pkg|net-snmp}} || 05/03/2014 || {{Bug|39190}} || || 8d<br />
|-<br />
| CVE-2014-0092 || {{Pkg|gnutls}} || 04/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2242 CVE-2014-2243 <br> CVE-2014-2242 || {{Pkg|mediawiki}} || 14/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2096 CVE-2014-2093 || {{Pkg|catfish}} || 25/02/2014 || || || ??<br />
|-<br />
| CVE-2014-0497|| {{Pkg|flashplugin}} || 04/02/2014 || || || 1d<br />
|-<br />
| CVE-2014-0015 || {{Pkg|curl}} || 29/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-1610 || {{Pkg|mediawiki}} || 29/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-0021 || {{Pkg|chrony}} || 17/01/2014 || || || 14d<br />
|-<br />
| CVE-2014-1875 || {{Pkg|perl-capture-tiny}} || 06/02/2014 || {{Bug|38862}} || || 4d<br />
|-<br />
| CVE-2013-6493 || {{Pkg|icedtea-web-jav}} || 05/02/2014 || || || 0d<br />
|- <br />
| CVE-2014-1858 CVE-2014-1859 || {{Pkg|python-numpy}} || 06/02/2014 || {{Bug|38863}} || || 4d<br />
|-<br />
| CVE-2014-1932 CVE-2014-1933 || {{Pkg|python-pillow}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1934 || {{Pkg|python-eyed3}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1935 || {{Pkg|9base}} || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1949 || {{Pkg|cinnamon-screensaver}} || 12/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1959 || {{Pkg|gnutls}} || 13/02/2014 || || || 2d<br />
|- <br />
| CVE-2014-2015 || {{Pkg|freeradius}} || 16/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1943 || {{Pkg|file}} || 10/02/2014 || || || 2d<br />
|-<br />
| CVE-2014-0001 CVE-2014-0412<br> CVE-2014-0437 CVE-2014-0420 <br> CVE-2014-0393 CVE-2014-0386 <br> CVE-2014-0401 CVE-2014-0402 || {{Pkg|mariadb}} || 13/02/2013 || || || -13d<br />
|-<br />
| CVE-2014-1447 || {{Pkg|libvirt}} || 16/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-0979 || lightdm-gtk* || 07/01/2014 || {{Bug|38715}} || || 25d<br />
|-<br />
| CVE-2014-1475 CVE-2014-1476 || {{Pkg|drupal}} || 15/01/2014 || || || 12d<br />
|-<br />
| CVE-2014-0019 || {{Pkg|socat}} || 29/01/2014 || || || 0d<br />
|- <br />
| CVE-2014-1845 CVE-2014-1846 || {{Pkg|enlightment}} || 03/02/2014 || || || -3d<br />
|-<br />
| CVE-2014-1838 CVE-2014-1839 || {{Pkg|python-logilab}} || 31/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-0368 CVE-2014-0373 <br> CVE-2014-0376 CVE-2014-0411 <br> CVE-2014-0416 CVE-2014-0422 <br> CVE-2014-0423 CVE-2014-0428 || *-openjdk-* || 15/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-1402 || {{Pkg|python-jinja}} || 10/01/2014 || || || 1d<br />
|-<br />
| CVE-2013-6462 || {{Pkg|libxfont}} || 07/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-1235 || {{Pkg|graphviz}} || 07/01/2014 || {{Bug|38441}} || || 3d<br />
|-<br />
| CVE-2014-0978 || {{Pkg|freerdp}} || 02/01/2014 || {{Bug|38802}} || || ??<br />
|-<br />
|}</div>
RbN
https://wiki.archlinux.org/index.php?title=Arch_Security_Team&diff=304382
Arch Security Team
2014-03-13T22:48:52Z
<p>RbN: /* Joining the ACMT */ adding IRC for contact</p>
<hr />
<div>[[Category:Security]]<br />
{{Stub|For now, this page is a draft to construct something according to https://mailman.archlinux.org/pipermail/arch-dev-public/2014-March/025952.html}}<br />
<br />
{{Related articles start}}<br />
{{Related|Security Task Force}}<br />
{{Related|CVE-2014}}<br />
{{Related articles end}}<br />
<br />
<br />
This article introduces the Arch CVE Monitoring Team (ACMT) and describes best practices for contributing. <br />
<br />
<br />
==Introduction==<br />
Arch Linux is a community-driven distribution. It relies upon the efforts of volunteers to maintain and improve the distribution itself and to support fellow community members. <br />
<br />
The importance of software security cannot be overstated. Today's society relies upon computer technology for everything from amusement to indispensable national and local infrastructure. Many rely upon Arch Linux to provide these. <br />
<br />
On March 9, 2014, Allan McRae [https://mailman.archlinux.org/pipermail/arch-dev-public/2014-March/025952.html called] upon our community to assist in securing Arch Linux by monitoring any and all relevant resources for announced [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's). In contrast to security issues which can be fixed by updating, CVE's require patches to be backported. As such, Arch developers must be notified that this is the case. This is where the ACMT comes in.<br />
<br />
The ACMT should embody the efforts of the "security-conscious" part of the Arch users population. Server owners, maintainers of workstations in production environments as well as concerned personal users would gain the benefit of relatively prompt security updates. The ACMT should help alleviate two important problems: finding bugs, communicating with developers. <br />
<br />
The Team is a volunteer maintained service. Volunteers are welcome to help identify and notify packages with security vulnerabilities.<br />
<br />
==Joining the ACMT==<br />
Joining is as simple as helping. Firstly, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch Security mailing list] and/or IRC chan #archlinux-security. Secondly, consider the area where you'd like to help. It would be ideal to have team members' labor divided across the software ecosystem as equally as possible. This helps the Team to quickly and efficiently find and report CVE's. Software categories are listed [[Arch_CVE_Monitoring_Team#Package_Categories_and_Team_Members|below]]. However, it is not required that those who wish to volunteer restrict their monitoring in any way. "Global" and multiple-category volunteers are needed and encouraged. <br />
<br />
It is recommended that interested parties please consider monitoring those categories for which there are fewer volunteers. However, it is fully recognized that volunteers contribute best in areas in which they're most interested. Please consider both of these factors when selecting where your primary efforts will be placed. However, please note that it is not required that you restrict your monitoring to any one particular category. ''The goal of the ACMT is to simply keep Arch Linux secure. Any and all efforts are more than welcome and unreservedly appreciated.''<br />
<br />
If you would like to join the Team, please edit this page to include your name in the [[Arch_CVE_Monitoring_Team#Package_Categories_and_Team_Members|Package Categories and Team Members]] section below. Please place your name beneath the package category for which you will be monitoring. If you do not care to monitor specific categories and you would like to contribute any and all, please place your name in the "Global" category. ''These options are not mutually exclusive.''<br />
<br />
==Participation Guidelines==<br />
<br />
ACMT monitors all packages within the following repositories:<br />
* ''core''<br />
* ''extra''<br />
* ''community''<br />
<br />
Follow mailing lists (both development and user), security advisories (if any) and bug trackers on a regular basis. A few resources are listed below. You will quickly learn the different kind of vulnerabilities if you are unfamiliar. For those who will monitor languages, it is ideal to be able to operate at both the interpreter level (often written in C) and the language level. <br />
<br />
Everyone should file bug reports. If you are unsure how to file a bug report, please refer to the [[Reporting_Bug_Guidelines| Bug Reporting Guidelines]]. <br />
<br />
People with the technical ability are encouraged to not only file bug reports about CVE's, but write/comment patches, test, communicate with upstream developers, among other things.<br />
<br />
==Procedure==<br />
A critical security exploit has been found in a software package within the Arch Linux official repositories. An ACMT member picks up this information from some mailing list he/she is following. If upstream released a new version that corrects the issue, the ACMT member should flag the package out-of-date and post pertinent information to the arch-security mailing list, which will likely get the attention of the developers. If, on the other hand, upstream releases only a patch, the ACMT member should file a bug report.<br />
<br />
===Bug Report Template===<br />
<br />
{{bc|<br />
Title : [<pkg-name>] security patch for <CVE-id><br />
Description:<br />
Quick description of the issue (or copy/paste from oss-sec, upstream bug reports, etc.)<br />
upstream bug report [0]<br />
<br />
Resolution:<br />
patch [1] <br />
<br />
Resources:<br />
[0] links to upstream bug report<br />
[1] link to patch<br />
}}<br />
<br />
The criticality of the bug report should be set to either Critical or High, depending on the severity of the issue.<br />
Some updates will be much more critical than others. However, updates are always recommended in the case of any vulnerability.<br />
<br />
==Resources==<br />
===RSS===<br />
;National Vulnerability Database (NVD)<br />
: All CVE vulnerabilites: http://nvd.nist.gov/download/nvd-rss.xml<br />
: All fully analyzed CVE vulnerabilities: http://nvd.nist.gov/download/nvd-rss-analyzed.xml<br />
<br />
===Mailing Lists===<br />
;oss-sec: main list dealing with security of free software, a lot of CVE attributions happen here, required if you wish to follow security news.<br><br />
:info: http://oss-security.openwall.org/wiki/mailing-lists/oss-security<br />
:subscribe: oss-security-subscribe(at)lists.openwall.com<br />
:archive: http://www.openwall.com/lists/oss-security/<br />
<br />
;bugtraq:a full disclosure moderated mailing list (noisy)<br />
:info: http://www.securityfocus.com/archive/1/description<br />
:subscribe: bugtraq-subscribe(at)securityfocus.com<br />
<br />
;full-disclosure: another full-disclosure mailing-list (noisy)<br />
:info: http://lists.grok.org.uk/full-disclosure-charter.html<br />
:subscribe: full-disclosure-request(at)lists.grok.org.uk<br />
<br />
Also consider following the mailing lists for specific packages, such as LibreOffice, X.org, Puppetlabs, ISC, etc.<br />
<br />
===Other Distributions===<br />
Resources of other distributions (to look for CVE, patch, comments etc.):<br />
;RedHat and Fedora:<br />
:rss advisories: https://admin.fedoraproject.org/updates/rss/rss2.0?type=security<br />
:CVE tracker: https://access.redhat.com/security/cve/<CVE-id><br />
:bug tracker: https://bugzilla.redhat.com/show_bug.cgi?id=<CVE-id><br />
<br />
;Ubuntu:<br />
:advisories: http://www.ubuntu.com/usn/atom.xml<br />
:CVE tracker: http://people.canonical.com/~ubuntu-security/cve/?cve=<CVE-id><br />
:database: https://code.launchpad.net/~ubuntu-security/ubuntu-cve-tracker/master<br />
<br />
;Debian:<br />
:CVE tracker: http://security-tracker.debian.org/tracker/<CVE-id><br />
:patch-tracker: http://patch-tracker.debian.org/<br />
:database: http://anonscm.debian.org/viewvc/secure-testing/data/<br />
<br />
;OpenSUSE:<br />
:CVE tracker: http://support.novell.com/security/cve/<CVE-id>.html<br />
<br />
===Other===<br />
;Mitre and NVD links for CVE's:<br />
:http://cve.mitre.org/cgi-bin/cvename.cgi?name=<CVE-id><br />
:http://web.nvd.nist.gov/view/vuln/detail?vulnId=<CVE-id><br />
<br />
NVD and Mitre do not necessarily fill their CVE entry immediately after attribution, so it's not always relevant for Arch. The CVE-id and the "Date Entry Created" fields do not have particular meaning. CVE are attributed by CVE Numbering Authorities (CNA), and each CNA obtain CVE blocks from Mitre when needed/asked, so the CVE ID is not linked to the attribution date. The "Date Entry Created" field often only indicates when the CVE block was given to the CNA, nothing more.<br />
<br />
;Linux Weekly News: LWN provides a daily notice of security updates for various distributions<br />
:http://lwn.net/headlines/newrss<br />
<br />
===More===<br />
For more resources, please see the OpenWall's [http://oss-security.openwall.org/wiki/ Open Source Software Security Wiki]. <br />
<br />
<br />
==Package Categories and Team Members==<br />
Below is a list of general package categories. Should you like, you are welcome to add a new category. Please remember the KISS philosophy when editing the list. <br />
<br />
*Global<br />
:Billy Wayne McCann<br />
:[Your Name Here]<br />
* Kernel<br />
:[Your Name Here]<br />
* Filesystems<br />
:[Your Name Here]<br />
* GNU userland<br />
:[[User:RbN|RbN]]<br />
* Xorg<br />
:[[User:RbN|RbN]]<br />
* Systemd<br />
:[[User:RbN|RbN]]<br />
* Perl and associated software<br />
:[Your Name Here]<br />
* Python and associated software<br />
:[Your Name Here]<br />
* Java and associated software<br />
:[Your Name Here]<br />
* Ruby and associated software<br />
:[Your Name Here]<br />
* Gtk/Gnome and associated software<br />
:[Your Name Here]<br />
* QT/KDE and associated software<br />
:Billy Wayne McCann (KDE)<br />
:[Your Name Here]<br />
* Various Windows Managers (please include which WM along with your name)<br />
:[Your Name Here]</div>
RbN
https://wiki.archlinux.org/index.php?title=CVE&diff=304380
CVE
2014-03-13T22:41:55Z
<p>RbN: use Stab template + related article</p>
<hr />
<div>{{Stub|Draft of a table conaining already corrected CVE<br />
TODO: -improve sexyness of the table <br />
- links to Mitre for CVE-id<br />
- links to package database for package name<br />
- links to bug report for FS#<br />
}}<br />
<br />
{{Related articles start}}<br />
{{Related|Arch_CVE_Monitoring_Team}}<br />
{{Related articles end}}<br />
<br />
<br />
Please, when adding a CVE to the table, add it to the TOP of the table.<br />
<br />
{| class="wikitable" border="1" cellpadding="5" cellspacing="0"<br />
! CVE-id !! package/version !! Date public !! Update/bug !! Fixed version !! Time vulnerable<br />
|-<br />
| CVE-2014-0106 || sudo/1.8.9.p5 || || 1.8.10 || || -<br />
|-<br />
| CVE-2014-2285 CVE-2014-2284 || net-snmp || 05/03/2014 || FS#39190 || || 8d<br />
|-<br />
| CVE-2014-0092 || gnutls || 04/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2242 CVE-2014-2243 CVE-2014-2242 || mediawiki || 14/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2096 CVE-2014-2093 || catfish || 25/02/2014 || || || ??<br />
|-<br />
| CVE-2014-0497|| flashplugin || 04/02/2014 || || || 1d<br />
|-<br />
| CVE-2014-0015 || curl || 29/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-1610 || mediawiki || 29/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-0021 || chrony || 17/01/2014 || || || 14d<br />
|-<br />
| CVE-2014-1875 || perl-capture-tiny || 06/02/2014 || FS#38862 || || 4d<br />
|-<br />
| CVE-2013-6493 || icedtea-web-jav || 05/02/2014 || || || 0d<br />
|- <br />
| CVE-2014-1858 CVE-2014-1859 || python-numpy || 06/02/2014 || FS#38863 || || 4d<br />
|-<br />
| CVE-2014-1932 CVE-2014-1933 || python-pillow || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1934 || python-eyed3 || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1935 || 9base || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1949 || cinnamon-screensaver || 12/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1959 || gnutls || 13/02/2014 || || || 2d<br />
|- <br />
| CVE-2014-2015 || freeradius || 16/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1943 || file || 10/02/2014 || || || 2d<br />
|-<br />
| CVE-2014-0001 CVE-2014-0412 CVE-2014-0437 CVE-2014-0420 CVE-2014-0393 CVE-2014-0386 CVE-2014-0401 CVE-2014-0402 || mariadb || 13/02/2013 || || || -13d<br />
|-<br />
| CVE-2014-1447 || libvirt || 16/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-0979 || lightdm-gtk* || 07/01/2014 || FS#38715 || || 25d<br />
|-<br />
| CVE-2014-1475 CVE-2014-1476 || drupal || 15/01/2014 || || || 12d<br />
|-<br />
| CVE-2014-0019 || socat || 29/01/2014 || || || 0d<br />
|- <br />
| CVE-2014-1845 CVE-2014-1846 || enlightment || 03/02/2014 || || || -3d<br />
|-<br />
| CVE-2014-1838 CVE-2014-1839 || python-logilab || 31/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-0368 CVE-2014-0373 CVE-2014-0376 CVE-2014-0411 CVE-2014-0416 CVE-2014-0422 CVE-2014-0423 CVE-2014-0428 || *-openjdk-* || 15/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-1402 || python-jinja || 10/01/2014 || || || 1d<br />
|-<br />
| CVE-2013-6462 || libxfont || 07/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-1235 || graphviz || 07/01/2014 || FS#38441 || || 3d<br />
|-<br />
| CVE-2014-0978 || freerdp || 02/01/2014 || FS#38802 || || ??<br />
|-<br />
|}</div>
RbN
https://wiki.archlinux.org/index.php?title=Arch_Security_Team&diff=304366
Arch Security Team
2014-03-13T22:13:58Z
<p>RbN: use proper stub templete + related articles</p>
<hr />
<div>[[Category:Security]]<br />
{{Stub|For now, this page is a draft to construct something according to https://mailman.archlinux.org/pipermail/arch-dev-public/2014-March/025952.html}}<br />
<br />
{{Related articles start}}<br />
{{Related|Security Task Force}}<br />
{{Related|CVE-2014}}<br />
{{Related articles end}}<br />
<br />
<br />
This article introduces the Arch CVE Monitoring Team (ACMT) and describes best practices for contributing. <br />
<br />
<br />
==Introduction==<br />
Arch Linux is a community-driven distribution. It relies upon the efforts of volunteers to maintain and improve the distribution itself and to support fellow community members. <br />
<br />
The importance of software security cannot be overstated. Today's society relies upon computer technology for everything from amusement to indispensable national and local infrastructure. Many rely upon Arch Linux to provide these. <br />
<br />
On March 9, 2014, Allan McRae [https://mailman.archlinux.org/pipermail/arch-dev-public/2014-March/025952.html called] upon our community to assist in securing Arch Linux by monitoring any and all relevant resources for announced [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's). In contrast to security issues which can be fixed by updating, CVE's require patches to be backported. As such, Arch developers must be notified that this is the case. This is where the ACMT comes in.<br />
<br />
==Joining the ACMT==<br />
Joining is as simple as helping. Firstly, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch Security mailing list]. Secondly, consider the area where you'd like to help. It would be ideal to have team members' labor divided across the software ecosystem as equally as possible. This helps the Team to quickly and efficiently find and report CVE's. Software categories are listed [[Arch_CVE_Monitoring_Team#Package_Categories_and_Team_Members|below]]. However, it is not required that those who wish to volunteer restrict their monitoring in any way. "Global" and multiple-category volunteers are needed and encouraged. <br />
<br />
It is recommended that interested parties please consider monitoring those categories for which there are fewer volunteers. However, it is fully recognized that volunteers contribute best in areas in which they're most interested. Please consider both of these factors when selecting where your primary efforts will be placed. However, please note that it is not required that you restrict your monitoring to any one particular category. ''The goal of the ACMT is to simply keep Arch Linux secure. Any and all efforts are more than welcome and unreservedly appreciated.''<br />
<br />
If you would like to join the Team, please edit this page to include your name in the [[Arch_CVE_Monitoring_Team#Package_Categories_and_Team_Members|Package Categories and Team Members]] section below. Please place your name beneath the package category for which you will be monitoring. If you do not care to monitor specific categories and you would like to contribute any and all, please place your name in the "Global" category. ''These options are not mutually exclusive.''<br />
<br />
==Participation Guidelines==<br />
Follow mailing lists (both development and user), security advisories (if any) and bug trackers on a regular basis. A few resources are listed below. You will quickly learn the different kind of vulnerabilities if you are unfamiliar. For those who will monitor languages, it is ideal to be able to operate at both the interpreter level (often written in C) and the language level. <br />
<br />
Everyone should file bug reports. If you are unsure how to file a bug report, please refer to the [[Reporting_Bug_Guidelines| Bug Reporting Guidelines]]. <br />
<br />
People with the technical ability are encouraged to not only file bug reports about CVE's, but write/comment patches, test, communicate with upstream developers, among other things.<br />
<br />
<br />
==Resources==<br />
===RSS===<br />
;National Vulnerability Database (NVD)<br />
: All CVE vulnerabilites: http://nvd.nist.gov/download/nvd-rss.xml<br />
: All fully analyzed CVE vulnerabilities: http://nvd.nist.gov/download/nvd-rss-analyzed.xml<br />
<br />
===Mailing Lists===<br />
;oss-sec: main list dealing with security of free software, a lot of CVE attributions happen here, required if you wish to follow security news.<br><br />
:info: http://oss-security.openwall.org/wiki/mailing-lists/oss-security<br />
:subscribe: oss-security-subscribe(at)lists.openwall.com<br />
:archive: http://www.openwall.com/lists/oss-security/<br />
<br />
;bugtraq:a full disclosure moderated mailing list (noisy)<br />
:info: http://www.securityfocus.com/archive/1/description<br />
:subscribe: bugtraq-subscribe(at)securityfocus.com<br />
<br />
;full-disclosure: another full-disclosure mailing-list (noisy)<br />
:info: http://lists.grok.org.uk/full-disclosure-charter.html<br />
:subscribe: full-disclosure-request(at)lists.grok.org.uk<br />
<br />
Also consider following the mailing lists for specific packages, such as LibreOffice, X.org, Puppetlabs, ISC, etc.<br />
<br />
===Other Distributions===<br />
Resources of other distributions (to look for CVE, patch, comments etc.):<br />
;RedHat and Fedora:<br />
:rss advisories: https://admin.fedoraproject.org/updates/rss/rss2.0?type=security<br />
:CVE tracker: https://access.redhat.com/security/cve/<CVE-id><br />
:bug tracker: https://bugzilla.redhat.com/show_bug.cgi?id=<CVE-id><br />
<br />
;Ubuntu:<br />
:advisories: http://www.ubuntu.com/usn/atom.xml<br />
:CVE tracker: http://people.canonical.com/~ubuntu-security/cve/?cve=<CVE-id><br />
:database: https://code.launchpad.net/~ubuntu-security/ubuntu-cve-tracker/master<br />
<br />
;Debian:<br />
:CVE tracker: http://security-tracker.debian.org/tracker/<CVE-id><br />
:patch-tracker: http://patch-tracker.debian.org/<br />
:database: http://anonscm.debian.org/viewvc/secure-testing/data/<br />
<br />
;OpenSUSE:<br />
:CVE tracker: http://support.novell.com/security/cve/<CVE-id>.html<br />
<br />
===Other===<br />
;Mitre and NVD links for CVE's:<br />
:http://cve.mitre.org/cgi-bin/cvename.cgi?name=<CVE-id><br />
:http://web.nvd.nist.gov/view/vuln/detail?vulnId=<CVE-id><br />
<br />
NVD and Mitre do not necessarily fill their CVE entry immediately after attribution, so it's not always relevant for Arch. The CVE-id and the "Date Entry Created" fields do not have particular meaning. CVE are attributed by CVE Numbering Authorities (CNA), and each CNA obtain CVE blocks from Mitre when needed/asked, so the CVE ID is not linked to the attribution date. The "Date Entry Created" field often only indicates when the CVE block was given to the CNA, nothing more.<br />
<br />
;Linux Weekly News: LWN provides a daily notice of security updates for various distributions<br />
:http://lwn.net/headlines/newrss<br />
<br />
===More===<br />
For more resources, please see the OpenWall's [http://oss-security.openwall.org/wiki/ Open Source Software Security Wiki]. <br />
<br />
<br />
==Package Categories and Team Members==<br />
Below is a list of general package categories. Should you like, you are welcome to add a new category. Please remember the KISS philosophy when editing the list. <br />
<br />
*Global<br />
:Billy Wayne McCann<br />
:[Your Name Here]<br />
* Kernel<br />
:[Your Name Here]<br />
* Filesystems<br />
:[Your Name Here]<br />
* GNU userland<br />
:[[User:RbN|RbN]]<br />
* Xorg<br />
:[[User:RbN|RbN]]<br />
* Systemd<br />
:[[User:RbN|RbN]]<br />
* Perl and associated software<br />
:[Your Name Here]<br />
* Python and associated software<br />
:[Your Name Here]<br />
* Java and associated software<br />
:[Your Name Here]<br />
* Ruby and associated software<br />
:[Your Name Here]<br />
* Gtk/Gnome and associated software<br />
:[Your Name Here]<br />
* QT/KDE and associated software<br />
:Billy Wayne McCann (KDE)<br />
:[Your Name Here]<br />
* Various Windows Managers (please include which WM along with your name)<br />
:[Your Name Here]</div>
RbN
https://wiki.archlinux.org/index.php?title=Arch_Security_Team&diff=304363
Arch Security Team
2014-03-13T21:54:30Z
<p>RbN: /* Package Categories and Team Members */ + RbN</p>
<hr />
<div>[[Category:Security]]<br />
This article introduces the Arch CVE Monitoring Team (ACMT) and describes best practices for contributing. <br />
<br />
<br />
==Introduction==<br />
Arch Linux is a community-driven distribution. It relies upon the efforts of volunteers to maintain and improve the distribution itself and to support fellow community members. <br />
<br />
The importance of software security cannot be overstated. Today's society relies upon computer technology for everything from amusement to indispensable national and local infrastructure. Many rely upon Arch Linux to provide these. <br />
<br />
On March 9, 2014, Allan McRae [https://mailman.archlinux.org/pipermail/arch-dev-public/2014-March/025952.html called] upon our community to assist in securing Arch Linux by monitoring any and all relevant resources for announced [[Wikipedia:Common_Vulnerabilities_and_Exposures|Common Vulnerabilities and Exposures]] (CVE's). In contrast to security issues which can be fixed by updating, CVE's require patches to be backported. As such, Arch developers must be notified that this is the case. This is where the ACMT comes in.<br />
<br />
==Joining the ACMT==<br />
Joining is as simple as helping. Firstly, join the [https://mailman.archlinux.org/mailman/listinfo/arch-security Arch Security mailing list]. Secondly, consider the area where you'd like to help. It would be ideal to have team members' labor divided across the software ecosystem as equally as possible. This helps the Team to quickly and efficiently find and report CVE's. Software categories are listed [[Arch_CVE_Monitoring_Team#Package_Categories_and_Team_Members|below]]. However, it is not required that those who wish to volunteer restrict their monitoring in any way. "Global" and multiple-category volunteers are needed and encouraged. <br />
<br />
It is recommended that interested parties please consider monitoring those categories for which there are fewer volunteers. However, it is fully recognized that volunteers contribute best in areas in which they're most interested. Please consider both of these factors when selecting where your primary efforts will be placed. However, please note that it is not required that you restrict your monitoring to any one particular category. ''The goal of the ACMT is to simply keep Arch Linux secure. Any and all efforts are more than welcome and unreservedly appreciated.''<br />
<br />
If you would like to join the Team, please edit this page to include your name in the [[Arch_CVE_Monitoring_Team#Package_Categories_and_Team_Members|Package Categories and Team Members]] section below. Please place your name beneath the package category for which you will be monitoring. If you do not care to monitor specific categories and you would like to contribute any and all, please place your name in the "Global" category. ''These options are not mutually exclusive.''<br />
<br />
==Participation Guidelines==<br />
Follow mailing lists (both development and user), security advisories (if any) and bug trackers on a regular basis. A few resources are listed below. You will quickly learn the different kind of vulnerabilities if you are unfamiliar. For those who will monitor languages, it is ideal to be able to operate at both the interpreter level (often written in C) and the language level. <br />
<br />
Everyone should file bug reports. If you are unsure how to file a bug report, please refer to the [[Reporting_Bug_Guidelines| Bug Reporting Guidelines]]. <br />
<br />
People with the technical ability are encouraged to not only file bug reports about CVE's, but write/comment patches, test, communicate with upstream developers, among other things.<br />
<br />
<br />
==Resources==<br />
===RSS===<br />
;National Vulnerability Database (NVD)<br />
: All CVE vulnerabilites: http://nvd.nist.gov/download/nvd-rss.xml<br />
: All fully analyzed CVE vulnerabilities: http://nvd.nist.gov/download/nvd-rss-analyzed.xml<br />
<br />
===Mailing Lists===<br />
;oss-sec: main list dealing with security of free software, a lot of CVE attributions happen here, required if you wish to follow security news.<br><br />
:info: http://oss-security.openwall.org/wiki/mailing-lists/oss-security<br />
:subscribe: oss-security-subscribe(at)lists.openwall.com<br />
:archive: http://www.openwall.com/lists/oss-security/<br />
<br />
;bugtraq:a full disclosure moderated mailing list (noisy)<br />
:info: http://www.securityfocus.com/archive/1/description<br />
:subscribe: bugtraq-subscribe(at)securityfocus.com<br />
<br />
;full-disclosure: another full-disclosure mailing-list (noisy)<br />
:info: http://lists.grok.org.uk/full-disclosure-charter.html<br />
:subscribe: full-disclosure-request(at)lists.grok.org.uk<br />
<br />
Also consider following the mailing lists for specific packages, such as LibreOffice, X.org, Puppetlabs, ISC, etc.<br />
<br />
===Other Distributions===<br />
Resources of other distributions (to look for CVE, patch, comments etc.):<br />
;RedHat and Fedora:<br />
:rss advisories: https://admin.fedoraproject.org/updates/rss/rss2.0?type=security<br />
:CVE tracker: https://access.redhat.com/security/cve/<CVE-id><br />
:bug tracker: https://bugzilla.redhat.com/show_bug.cgi?id=<CVE-id><br />
<br />
;Ubuntu:<br />
:advisories: http://www.ubuntu.com/usn/atom.xml<br />
:CVE tracker: http://people.canonical.com/~ubuntu-security/cve/?cve=<CVE-id><br />
:database: https://code.launchpad.net/~ubuntu-security/ubuntu-cve-tracker/master<br />
<br />
;Debian:<br />
:CVE tracker: http://security-tracker.debian.org/tracker/<CVE-id><br />
:patch-tracker: http://patch-tracker.debian.org/<br />
:database: http://anonscm.debian.org/viewvc/secure-testing/data/<br />
<br />
;OpenSUSE:<br />
:CVE tracker: http://support.novell.com/security/cve/<CVE-id>.html<br />
<br />
===Other===<br />
;Mitre and NVD links for CVE's:<br />
:http://cve.mitre.org/cgi-bin/cvename.cgi?name=<CVE-id><br />
:http://web.nvd.nist.gov/view/vuln/detail?vulnId=<CVE-id><br />
<br />
NVD and Mitre do not necessarily fill their CVE entry immediately after attribution, so it's not always relevant for Arch. The CVE-id and the "Date Entry Created" fields do not have particular meaning. CVE are attributed by CVE Numbering Authorities (CNA), and each CNA obtain CVE blocks from Mitre when needed/asked, so the CVE ID is not linked to the attribution date. The "Date Entry Created" field often only indicates when the CVE block was given to the CNA, nothing more.<br />
<br />
;Linux Weekly News: LWN provides a daily notice of security updates for various distributions<br />
:http://lwn.net/headlines/newrss<br />
<br />
===More===<br />
For more resources, please see the OpenWall's [http://oss-security.openwall.org/wiki/ Open Source Software Security Wiki]. <br />
<br />
<br />
==Package Categories and Team Members==<br />
Below is a list of general package categories. Should you like, you are welcome to add a new category. Please remember the KISS philosophy when editing the list. <br />
<br />
*Global<br />
:Billy Wayne McCann<br />
:[Your Name Here]<br />
* Kernel<br />
:[Your Name Here]<br />
* Filesystems<br />
:[Your Name Here]<br />
* GNU userland<br />
:[[User:RbN|RbN]]<br />
* Xorg<br />
:[[User:RbN|RbN]]<br />
* Systemd<br />
:[[User:RbN|RbN]]<br />
* Perl and associated software<br />
:[Your Name Here]<br />
* Python and associated software<br />
:[Your Name Here]<br />
* Java and associated software<br />
:[Your Name Here]<br />
* Ruby and associated software<br />
:[Your Name Here]<br />
* Gtk/Gnome and associated software<br />
:[Your Name Here]<br />
* QT/KDE and associated software<br />
:Billy Wayne McCann (KDE)<br />
:[Your Name Here]<br />
* Various Windows Managers (please include which WM along with your name)<br />
:[Your Name Here]</div>
RbN
https://wiki.archlinux.org/index.php?title=CVE&diff=304358
CVE
2014-03-13T21:39:39Z
<p>RbN: CVE-2014-0106</p>
<hr />
<div>Please, when adding a CVE to the table, add it to the TOP of the table.<br />
<br />
{| class="wikitable" border="1" cellpadding="5" cellspacing="0"<br />
! CVE-id !! package/version !! Date public !! Update/bug !! Fixed version !! Time vulnerable<br />
|-<br />
| CVE-2014-0106 || sudo/1.8.9.p5 || || 1.8.10 || || -<br />
|-<br />
| CVE-2014-2285 CVE-2014-2284 || net-snmp || 05/03/2014 || FS#39190 || || 8d<br />
|-<br />
| CVE-2014-0092 || gnutls || 04/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2242 CVE-2014-2243 CVE-2014-2242 || mediawiki || 14/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2096 CVE-2014-2093 || catfish || 25/02/2014 || || || ??<br />
|-<br />
| CVE-2014-0497|| flashplugin || 04/02/2014 || || || 1d<br />
|-<br />
| CVE-2014-0015 || curl || 29/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-1610 || mediawiki || 29/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-0021 || chrony || 17/01/2014 || || || 14d<br />
|-<br />
| CVE-2014-1875 || perl-capture-tiny || 06/02/2014 || FS#38862 || || 4d<br />
|-<br />
| CVE-2013-6493 || icedtea-web-jav || 05/02/2014 || || || 0d<br />
|- <br />
| CVE-2014-1858 CVE-2014-1859 || python-numpy || 06/02/2014 || FS#38863 || || 4d<br />
|-<br />
| CVE-2014-1932 CVE-2014-1933 || python-pillow || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1934 || python-eyed3 || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1935 || 9base || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1949 || cinnamon-screensaver || 12/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1959 || gnutls || 13/02/2014 || || || 2d<br />
|- <br />
| CVE-2014-2015 || freeradius || 16/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1943 || file || 10/02/2014 || || || 2d<br />
|-<br />
| CVE-2014-0001 CVE-2014-0412 CVE-2014-0437 CVE-2014-0420 CVE-2014-0393 CVE-2014-0386 CVE-2014-0401 CVE-2014-0402 || mariadb || 13/02/2013 || || || -13d<br />
|-<br />
| CVE-2014-1447 || libvirt || 16/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-0979 || lightdm-gtk* || 07/01/2014 || FS#38715 || || 25d<br />
|-<br />
| CVE-2014-1475 CVE-2014-1476 || drupal || 15/01/2014 || || || 12d<br />
|-<br />
| CVE-2014-0019 || socat || 29/01/2014 || || || 0d<br />
|- <br />
| CVE-2014-1845 CVE-2014-1846 || enlightment || 03/02/2014 || || || -3d<br />
|-<br />
| CVE-2014-1838 CVE-2014-1839 || python-logilab || 31/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-0368 CVE-2014-0373 CVE-2014-0376 CVE-2014-0411 CVE-2014-0416 CVE-2014-0422 CVE-2014-0423 CVE-2014-0428 || *-openjdk-* || 15/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-1402 || python-jinja || 10/01/2014 || || || 1d<br />
|-<br />
| CVE-2013-6462 || libxfont || 07/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-1235 || graphviz || 07/01/2014 || FS#38441 || || 3d<br />
|-<br />
| CVE-2014-0978 || freerdp || 02/01/2014 || FS#38802 || || ??<br />
|-<br />
|}</div>
RbN
https://wiki.archlinux.org/index.php?title=User:RbN&diff=304357
User:RbN
2014-03-13T21:27:44Z
<p>RbN: creation</p>
<hr />
<div><br />
Member of the arch security team<br />
<br />
Mail: r.b.n (hat) riseup (dot) net<br />
<br />
PGP key : [http://keyserver.stack.nl/pks/lookup?op=get&search=0xEADE2863F65C7A01 0xEADE2863F65C7A01] (fingerprint: 4633 352D 1E43 5C1F 2517 99B3 EADE 2863 F65C 7A01)</div>
RbN
https://wiki.archlinux.org/index.php?title=CVE&diff=304356
CVE
2014-03-13T21:18:35Z
<p>RbN: </p>
<hr />
<div>Please, when adding a CVE to the table, add it to the TOP of the table.<br />
<br />
{| class="wikitable" border="1" cellpadding="5" cellspacing="0"<br />
! CVE-id !! package/version !! Date public !! Update/bug !! Fixed version !! Time vulnerable<br />
|-<br />
| CVE-2014-2285 CVE-2014-2284 || net-snmp || 05/03/2014 || FS#39190 || || 8d<br />
|-<br />
| CVE-2014-0092 || gnutls || 04/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2242 CVE-2014-2243 CVE-2014-2242 || mediawiki || 14/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2096 CVE-2014-2093 || catfish || 25/02/2014 || || || ??<br />
|-<br />
| CVE-2014-0497|| flashplugin || 04/02/2014 || || || 1d<br />
|-<br />
| CVE-2014-0015 || curl || 29/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-1610 || mediawiki || 29/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-0021 || chrony || 17/01/2014 || || || 14d<br />
|-<br />
| CVE-2014-1875 || perl-capture-tiny || 06/02/2014 || FS#38862 || || 4d<br />
|-<br />
| CVE-2013-6493 || icedtea-web-jav || 05/02/2014 || || || 0d<br />
|- <br />
| CVE-2014-1858 CVE-2014-1859 || python-numpy || 06/02/2014 || FS#38863 || || 4d<br />
|-<br />
| CVE-2014-1932 CVE-2014-1933 || python-pillow || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1934 || python-eyed3 || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1935 || 9base || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1949 || cinnamon-screensaver || 12/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1959 || gnutls || 13/02/2014 || || || 2d<br />
|- <br />
| CVE-2014-2015 || freeradius || 16/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1943 || file || 10/02/2014 || || || 2d<br />
|-<br />
| CVE-2014-0001 CVE-2014-0412 CVE-2014-0437 CVE-2014-0420 CVE-2014-0393 CVE-2014-0386 CVE-2014-0401 CVE-2014-0402 || mariadb || 13/02/2013 || || || -13d<br />
|-<br />
| CVE-2014-1447 || libvirt || 16/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-0979 || lightdm-gtk* || 07/01/2014 || FS#38715 || || 25d<br />
|-<br />
| CVE-2014-1475 CVE-2014-1476 || drupal || 15/01/2014 || || || 12d<br />
|-<br />
| CVE-2014-0019 || socat || 29/01/2014 || || || 0d<br />
|- <br />
| CVE-2014-1845 CVE-2014-1846 || enlightment || 03/02/2014 || || || -3d<br />
|-<br />
| CVE-2014-1838 CVE-2014-1839 || python-logilab || 31/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-0368 CVE-2014-0373 CVE-2014-0376 CVE-2014-0411 CVE-2014-0416 CVE-2014-0422 CVE-2014-0423 CVE-2014-0428 || *-openjdk-* || 15/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-1402 || python-jinja || 10/01/2014 || || || 1d<br />
|-<br />
| CVE-2013-6462 || libxfont || 07/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-1235 || graphviz || 07/01/2014 || FS#38441 || || 3d<br />
|-<br />
| CVE-2014-0978 || freerdp || 02/01/2014 || FS#38802 || || ??<br />
|-<br />
|}</div>
RbN
https://wiki.archlinux.org/index.php?title=CVE&diff=304355
CVE
2014-03-13T21:18:09Z
<p>RbN: </p>
<hr />
<div>Please, when adding a CVE to the table, add it to the TOP of the table.<br />
<br />
{| class="wikitable" border="1" cellpadding="5" cellspacing="0"<br />
! CVE-id !! package/version !! Date public !! Update/bug !! Fixed version !! Time vulnerable<br />
|-<br />
| CVE-2014-2285 CVE-2014-2284 || net-snmp || 05/03/2014 || FS#39190 || || 8d<br />
|-<br />
| CVE-2014-0092 || gnutls || 04/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2242 CVE-2014-2243 CVE-2014-2242 || mediawiki || 14/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2096 CVE-2014-2093 || catfish || 25/02/2014 || || || ??<br />
|-<br />
| CVE-2014-0497|| flashplugin || 04/02/2014 || || || 1d<br />
|-<br />
| CVE-2014-0015 || curl || 29/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-1610 || mediawiki || 29/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-0021 || chrony || 17/01/2014 || || || 14d<br />
|-<br />
| CVE-2014-1875 || perl-capture-tiny || 06/02/2014 || FS#38862 || || 4d<br />
|-<br />
| CVE-2013-6493 || icedtea-web-jav || 05/02/2014 || || || 0d<br />
|- <br />
| CVE-2014-1858 CVE-2014-1859 || python-numpy || 06/02/2014 || FS#38863 || || 4d<br />
|-<br />
| CVE-2014-1932 CVE-2014-1933 || python-pillow || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1934 || python-eyed3 || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1935 || 9base || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1949 || cinnamon-screensaver || 12/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1959 || gnutls || 13/02/2014 || || || 2d<br />
|- <br />
| CVE-2014-2015 || freeradius || 16/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1943 || file || 10/02/2014 || || || 2d<br />
|-<br />
| CVE-2014-0001 CVE-2014-0412 CVE-2014-0437 CVE-2014-0420 CVE-2014-0393 CVE-2014-0386 CVE-2014-0401 CVE-2014-0402 || mariadb || 13/02/2013 || || || -13d<br />
|-<br />
| CVE-2014-1447 || libvirt || 16/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-0979 || lightdm-gtk* || 07/01/2014 || FS#38715 || || 25d<br />
|-<br />
| CVE-2014-1475 CVE-2014-1476 || drupal || 15/01/2014 || || || 12d<br />
|-<br />
| CVE-2014-0019 || socat || 29/01/2014 || || || 0d<br />
|- <br />
| CVE-2014-1845 CVE-2014-1846 || enlightment || 03/02/2014 || || || -3d<br />
|-<br />
| CVE-2014-1838 CVE-2014-1839 || python-logilab || 31/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-0368 CVE-2014-0373 CVE-2014-0376 CVE-2014-0411 CVE-2014-0416 CVE-2014-0422 CVE-2014-0423 CVE-2014-0428 || *-openjdk-* || 15/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-1402 || python-jinja || 10/01/2014 || || || 1d<br />
|-<br />
| CVE-2013-6462 || libxfont || 07/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-1235 || graphviz || 07/01/2014 || FS#38441 || || 3d<br />
|-<br />
| CVE-2014-0978 || freerdp || 02/01/2013 || FS#38802 || || ??<br />
|-<br />
|}</div>
RbN
https://wiki.archlinux.org/index.php?title=CVE&diff=304350
CVE
2014-03-13T21:02:55Z
<p>RbN: MOAAR</p>
<hr />
<div>{| class="wikitable" border="1" cellpadding="5" cellspacing="0"<br />
! CVE-id !! package/version !! Date public !! Update/bug !! Fixed version !! Time vulnerable<br />
|-<br />
| CVE-2014-2285 CVE-2014-2284 || net-snmp || 05/03/2014 || FS#39190 || || 8d<br />
|-<br />
| CVE-2014-0092 || gnutls || 04/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2242 CVE-2014-2243 CVE-2014-2242 || mediawiki || 14/03/2014 || || || 1d<br />
|-<br />
| CVE-2014-2096 CVE-2014-2093 || catfish || 25/02/2014 || || || ??<br />
|-<br />
| CVE-2014-0497|| flashplugin || 04/02/2014 || || || 1d<br />
|-<br />
| CVE-2014-0015 || curl || 29/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-1610 || mediawiki || 29/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-0021 || chrony || 17/01/2014 || || || 14d<br />
|-<br />
| CVE-2014-1875 || perl-capture-tiny || 06/02/2014 || FS#38862 || || 4d<br />
|-<br />
| CVE-2013-6493 || icedtea-web-jav || 05/02/2014 || || || 0d<br />
|- <br />
| CVE-2014-1858 CVE-2014-1859 || python-numpy || 06/02/2014 || FS#38863 || || 4d<br />
|-<br />
| CVE-2014-1932 CVE-2014-1933 || python-pillow || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1934 || python-eyed3 || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1935 || 9base || 10/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1949 || cinnamon-screensaver || 12/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1959 || gnutls || 13/02/2014 || || || 2d<br />
|- <br />
| CVE-2014-2015 || freeradius || 16/02/2014 || || || ??<br />
|-<br />
| CVE-2014-1943 || file || 10/02/2014 || || || 2d<br />
|-<br />
| CVE-2014-0001 CVE-2014-0412 CVE-2014-0437 CVE-2014-0420 CVE-2014-0393 CVE-2014-0386 CVE-2014-0401 CVE-2014-0402 || mariadb || 13/02/2013 || || || -13d<br />
|-<br />
| CVE-2014-1447 || libvirt || 16/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-0979 || lightdm-gtk* || 07/01/2014 || FS#38715 || || 25d<br />
|-<br />
| CVE-2014-1475 CVE-2014-1476 || drupal || 15/01/2014 || || || 12d<br />
|-<br />
| CVE-2014-0019 || socat || 29/01/2014 || || || 0d<br />
|- <br />
| CVE-2014-1845 CVE-2014-1846 || enlightment || 03/02/2014 || || || -3d<br />
|-<br />
| CVE-2014-1838 CVE-2014-1839 || python-logilab || 31/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-0368 CVE-2014-0373 CVE-2014-0376 CVE-2014-0411 CVE-2014-0416 CVE-2014-0422 CVE-2014-0423 CVE-2014-0428 || *-openjdk-* || 15/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-1402 || python-jinja || 10/01/2014 || || || 1d<br />
|-<br />
| CVE-2013-6462 || libxfont || 07/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-1235 || graphviz || 07/01/2014 || FS#38441 || || 3d<br />
|-<br />
| CVE-2014-0978 || freerdp || 02/01/2013 || FS#38802 || || ??<br />
|-<br />
|}</div>
RbN
https://wiki.archlinux.org/index.php?title=CVE&diff=304347
CVE
2014-03-13T20:36:42Z
<p>RbN: MOAR!</p>
<hr />
<div>{| class="wikitable" border="1" cellpadding="5" cellspacing="0"<br />
! CVE-id !! package/version !! Date public !! Update/bug !! Fixed version !! Time vulnerable<br />
|-<br />
| CVE-2014-1447 || libvirt || 16/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-0979 || lightdm-gtk* || 07/01/2014 || FS#38715 || || 25d<br />
|-<br />
| CVE-2014-1475 CVE-2014-1476 || drupal || 15/01/2014 || || || 12d<br />
|-<br />
| CVE-2014-0019 || socat || 29/01/2014 || || || 0d<br />
|- <br />
| CVE-2014-1845 CVE-2014-1846 || enlightment || 03/02/2014 || || || -3d<br />
|-<br />
| CVE-2014-1838 CVE-2014-1839 || python-logilab || 31/01/2014 || || || 3d<br />
|-<br />
| CVE-2014-0368 CVE-2014-0373 CVE-2014-0376 CVE-2014-0411 CVE-2014-0416 CVE-2014-0422 CVE-2014-0423 CVE-2014-0428 || *-openjdk-* || 15/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-1402 || python-jinja || 10/01/2014 || || || 1d<br />
|-<br />
| CVE-2013-6462 || libxfont || 07/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-1235 || graphviz || 07/01/2014 || FS#38441 || || 3d<br />
|-<br />
| CVE-2014-0978 || freerdp || 02/01/2013 || FS#38802 || || <br />
|-<br />
|}</div>
RbN
https://wiki.archlinux.org/index.php?title=CVE&diff=304346
CVE
2014-03-13T20:28:05Z
<p>RbN: Creation of the table</p>
<hr />
<div>{| class="wikitable" border="1" cellpadding="5" cellspacing="0"<br />
! CVE-id !! package/version !! Date public !! Update/bug !! Fixed version !! Time vulnerable<br />
|-<br />
| CVE-2014-0368 CVE-2014-0373 CVE-2014-0376 CVE-2014-0411 CVE-2014-0416 CVE-2014-0422 CVE-2014-0423 CVE-2014-0428 || *-openjdk-* || 15/01/2014 || || || 2d<br />
|-<br />
| CVE-2014-1402 || python-jinja || 10/01/2014 || || || 1d<br />
|-<br />
| CVE-2013-6462 || libxfont || 07/01/2014 || || || 0d<br />
|-<br />
| CVE-2014-1235 || graphviz || 07/01/2014 || FS#38441 || || 3d<br />
|-<br />
| CVE-2014-0978 || freerdp || 02/01/2013 || FS#38802 || || <br />
|-<br />
|}</div>
RbN
https://wiki.archlinux.org/index.php?title=Security_Response_Team&diff=304071
Security Response Team
2014-03-11T20:55:10Z
<p>RbN: Cration, forking https://wiki.archlinux.org/index.php/Security_Task_Force</p>
<hr />
<div>[[Category:Arch development]]<br />
[[Category:Security]]<br />
<br />
For now, this page is an ashamed copy of https://wiki.archlinux.org/index.php/Security_Task_Force. trying to construct something according to https://mailman.archlinux.org/pipermail/arch-dev-public/2014-March/025952.html<br />
<br />
This is a draft of the proposal to create a Arch Linux Security Team (ALST) centered around Arch Linux.<br />
<br />
==Philosophy==<br />
<br />
The security team should help the developers, not add more work to them. Participation in ALST should be voluntary and, with the exception of one or more TUs, left to the non-developers. Security Response Team should conform to the Arch Philosophy - following the STF '''recommendations''' should be optional for all users of Arch Linux.<br />
<br />
==Purpose==<br />
<br />
ALST should embody the efforts of the "security-conscious" part of the Arch users population. Server owners, maintainers of workstations in production environments as well as concerned personal users would gain the benefit of relatively prompt security updates. ALST should help alleviate two important problems.<br />
<br />
ALST Will Strive to Monitor all Packages within the following repositories:<br />
* [core]<br />
* [extra]<br />
* [community]<br />
<br />
===Maintainer's reaction===<br />
<br />
Arch Linux developers are volunteers with their own personal lives. They might not have time to promptly address updates of their packages. They might have not heard about a recent security update. ALST members would suggest the maintainers to update their packages once an important security flaw has been found.<br />
<br />
Likewise the ALST is a volunteer maintained service. Volunteers are welcome to help out the ALST identify and notify packages with security vulnerabilities.<br />
<br />
==Procedure==<br />
A big security exploit has been found for in a software packaged within Archlinux official repositories. An ALST member picks up this information from some mailing list he/she is following. If upstream released a new version to correct the issue, the ASRT member just flag tha paqke out-of-date, if upstream only released a patch, the ASRT memeber should fill a bug report<br />
<br />
A good template of bug report might be:<br />
<br />
<pre><br />
Title : [<pkg-name>] security patch for <CVE-id><br />
Description:<br />
Quick description of the issue or cope/paste from oss-sec, upstream bug reports.<br />
upstream bug report [0]<br />
<br />
Resolution:<br />
patch [1] <br />
<br />
Ressources:<br />
[0] links to upstream bug report<br />
[1] link to patch<br />
</pre><br />
<br />
The criticity of the bug report should be set to either Critical or High, depending on the severuty of the issue.<br />
Some updates will be much more critical than others, however updates are always recommended in the case of any vulnerability.</div>
RbN
https://wiki.archlinux.org/index.php?title=Security_features&diff=292102
Security features
2014-01-09T00:03:51Z
<p>RbN: /* Features */</p>
<hr />
<div>[[Category:Security]]<br />
{{Merge|Security|Duplication of the linked article; see the discussion page for details.|Talk:Security_features#Merge_into_.22Security.22_article}}<br />
<br />
<br />
== Description ==<br />
<br />
<br />
This page is intented for describe security features that Archlinux has nowadays. Inspired by this [https://wiki.ubuntu.com/Security/Features ubuntu page], there is a list of features which are a) {{ic|Enabled by default}}, b) {{ic|Available}} and c) {{ic|Non-available}}. If a package which provide some security feature is in the AUR, for example, it fits in the second category for example.<br />
<br />
<br />
Please, if you update the following table, put the items in alphabetically order.<br />
<br />
== Features ==<br />
<br />
<br />
{| class="wikitable sortable"<br />
! align="left"| Feature<br />
! Type<br />
! State<br />
! References<br />
! Notes<br />
|-<br />
| Access Control Lists<br />
| Access Control<br />
| Available<br />
| [[Access Control Lists]]<br />
| -<br />
|-<br />
| Apparmor<br />
| Access Control<br />
| Available<br />
| [[AppArmor]]<br />
| AppArmor is putting by default as module in kernel but not enabled. See [https://en.wikipedia.org/wiki/Mandatory_access_control Mandatory Access Control alternatives]<br />
|-<br />
| Audit framework<br />
| Extended logging capabilities<br />
| Available<br />
| [[Audit framework]]<br />
|<br />
|-<br />
| Configurable firewall<br />
| Network Security<br />
| Available<br />
| [[Firewalls]]<br />
| -<br />
|-<br />
| Disk Encryption<br />
| Physical Security<br />
| Available<br />
| [[Disk Encryption]]<br />
| -<br />
|-<br />
| GCC's stack-smashing protection (Aka SSP ProPolice)<br />
| Buffer overflow protection<br />
| Enabled by default<br />
| [https://bugs.archlinux.org/task/18864 bug 18864]<br />
| -<br />
|-<br />
| GrSecurity<br />
| Access Control<br />
| Available<br />
| [[Grsecurity]]<br />
| Patched kernel available in AUR. It could be include PaX.<br />
|-<br />
| Hashing passwords<br />
| System configuration<br />
| Enabled by default<br />
| [[SHA password hashes]]<br />
| Hashing algorithm by default: SHA-512 <br />
|-<br />
| Package signing<br />
| Software management<br />
| Enabled by default<br />
| [[Pacman package signing]], [[Pacman]], [[pacman-key]]<br />
| Signed packages with OpenPGP<br />
|-<br />
| PaX<br />
| Buffer overflow protection<br />
| Available<br />
| [[Pax]]<br />
| [https://aur.archlinux.org/packages/linux-grsec/ linux-grsec], [https://aur.archlinux.org/packages/linux-pax/ linux-pax], [https://www.archlinux.org/packages/community/i686/pax-utils/ pax-utils]<br />
|-<br />
| Root access<br />
| Users and groups privileges<br />
| Enabled by default<br />
| [[Disable root password and gain su sudo with no password#Disable_root_login]]<br />
| You can remove it by sudo use.<br />
|-<br />
| SELinux<br />
| Access Control<br />
| Available<br />
| [[SELinux]]<br />
| It's kernel enabled but not User space enabled by default.<br />
|-<br />
| Su<br />
| Users and groups privileges<br />
| Available<br />
| [[su]]<br />
| It's part of {{ic|base}} group.<br />
|-<br />
| Sudo<br />
| Users and groups privileges<br />
| Available<br />
| [[Sudo]]<br />
| -<br />
|-<br />
| TOMOYO Linux<br />
| Access Control<br />
| Available<br />
| [[TOMOYO Linux]]<br />
| AKARI is part of TOMOYO Linux<br />
|}<br />
<br />
== Other resources ==<br />
<br />
* [[BlackArch]] is a penetration distribution based on Archlinux.</div>
RbN