Difference between revisions of "CVE"
(→Documented Resolved CVE's: added [linux] CVE-2013-7339) |
(→Documented Resolved CVE's) |
||
| Line 45: | Line 45: | ||
| [http://seclists.org/oss-sec/2014/q1/628 CVE-2013-7339] || {{Pkg|linux}} <3.5.7.29|| 20/03/2014 || - || 3.5.7.29 || 0d || fixed | | [http://seclists.org/oss-sec/2014/q1/628 CVE-2013-7339] || {{Pkg|linux}} <3.5.7.29|| 20/03/2014 || - || 3.5.7.29 || 0d || fixed | ||
|- | |- | ||
| − | | [https://access.redhat.com/security/cve/CVE-2014-2568 CVE-2014-2568] || {{Pkg|linux}} || 18/03/2014 || {{Bug| | + | | [https://access.redhat.com/security/cve/CVE-2014-2568 CVE-2014-2568] || {{Pkg|linux}} || 18/03/2014 || {{Bug|39566}} || - || - || invalid |
|- | |- | ||
| [https://access.redhat.com/security/cve/CVE-2014-2524 CVE-2014-2524] || {{Pkg|tigervnc}} || 19/03/2014 || - || 1.3.1 || 1d || FIXED | | [https://access.redhat.com/security/cve/CVE-2014-2524 CVE-2014-2524] || {{Pkg|tigervnc}} || 19/03/2014 || - || 1.3.1 || 1d || FIXED | ||
Revision as of 11:52, 22 March 2014
This article documents Common Vulnerabilities and Exposures (CVE's) that are found and fixed in Arch Linux.
Introduction
CVE's represent critical security vulnerabilities which must be addressed as quickly as possible.
Once a CVE has been located and fixed, it is added to the CVE documentation table below.
Helping
This is a community driven project. Please consider joining the Arch CVE Monitoring Team.
Also, join the Arch security mailing list. There is an IRC on irc://irc.freenode.net/archlinux-security.
Procedure
When adding a CVE to the table, add it to the TOP of the table. In the "CVE-id", "package/version", and "Update/bug" columns, create the entry as a hyperlink to the appropriate URL, respectively.
The following template may be used to faciliate CVE entries into the table. The first line, "|-" represents the creation of a new row in the table, while the second line should be modified per CVE.
CVE Table Addition Template
|-
| [http://link.to.cve CVE-2014-????] || {{Pkg|pkgname}} || date_public || update/bug || fixed_version || time_vulnerable || status (fixed|pending)
The above template should be added after the line
! scope="col" width="125px" data-sort-type="text" | CVE-id !! package/version !! Date public !! Update/bug !! Fixed version !! Time vulnerable !! Status
Documented Resolved CVE's
Note: Refer to the #Procedure section when adding new entries.
| RESOLVED CVE's | ||||||
| CVE-id | package/version | Date public | Update/bug | Fixed version | Time vulnerable | Status |
|---|---|---|---|---|---|---|
| CVE-2013-7339 | linux <3.5.7.29 | 20/03/2014 | - | 3.5.7.29 | 0d | fixed |
| CVE-2014-2568 | linux | 18/03/2014 | FS#39566 | - | - | invalid |
| CVE-2014-2524 | tigervnc | 19/03/2014 | - | 1.3.1 | 1d | FIXED |
| CVE-2013-7338 | python | 19/03/2014 | FS#39540 | 3.4 beta3 | 2013-12-27:? | pending 3.4 -> [extra] |
| CVE-2014-0133 | nginx | 18/03/2014 | - | 1.4.7 | 0d | fixed |
| CVE-2013-7336 | libvirt | 19/09/2013 | - | libvirt-1.1.1-7.el7 | 0d | fixed |
| CVE-2014-2523 | linux | 17/03/2014 | - | 3.13-rc5 | ? | fixed |
| CVE-2014-0004 | udisks2 udisks | 10/03/2014 | 2.1.3 1.0.5 | 2.1.3 1.0.5 | 3d | fixed |
| CVE-2014-2281 CVE-2014-2283 CVE-2014-2299 | wireshark | 10/03/2014 | 1.10.6 | 1.10.6 | ?? | fixed |
| CVE-2014-0050 | tomcat7 | 06/02/2014 | 7.0.51 | 7.0.51 | ?? | fixed |
| CVE-2014-0033 | tomcat6 | 10/01/2014 | 6.0.37 | 6.0.37 | ?? | fixed |
| CVE-2014-0032 | subversion | 10/01/2014 | 1.8.6 | 1.8.6 | ?? | fixed |
| CVE-2014-0060 CVE-2014-0061 CVE-2014-0062 CVE-2014-0063 CVE-2014-0064 CVE-2014-0065 CVE-2014-0066 CVE-2014-0067 | postgresql | 20/02/2014 | 9.3.3 | 9.33 | 0d | fixed |
| CVE-2014-1912 | python python2 | 07/02/2014 | ?? | fixed | ||
| CVE-2013-4496 | samba | 14/03/2014 | FS#39424 | 4.1.6 | 2d | fixed |
| CVE-2013-6442 | samba | 14/03/2014 | FS#39424 | 4.1.6 | 2d | fixed |
| CVE-2014-0504 | flashplugin | 12/03/2014 | FS#39385 | 11.2.202.346 | 1d | fixed |
| CVE-2014-0106 | sudo/1.8.9.p5 | 1.8.10 | - | pending | ||
| CVE-2014-2285 CVE-2014-2284 | net-snmp | 05/03/2014 | FS#39190 | 8d | ||
| CVE-2014-0092 | gnutls | 04/03/2014 | 1d | |||
| CVE-2014-2242 CVE-2014-2243 CVE-2014-2242 |
mediawiki | 14/03/2014 | 1d | |||
| CVE-2014-2096 CVE-2014-2093 | catfish | 25/02/2014 | ?? | |||
| CVE-2014-0497 | flashplugin | 04/02/2014 | 1d | |||
| CVE-2014-0015 | curl | 29/01/2014 | 3d | |||
| CVE-2014-1610 | mediawiki | 29/01/2014 | 0d | |||
| CVE-2014-0021 | chrony | 17/01/2014 | 14d | |||
| CVE-2014-1875 | perl-capture-tiny | 06/02/2014 | FS#38862 | 4d | ||
| CVE-2013-6493 | icedtea-web-jav | 05/02/2014 | 0d | |||
| CVE-2014-1858 CVE-2014-1859 | python-numpy | 06/02/2014 | FS#38863 | 4d | ||
| CVE-2014-1932 CVE-2014-1933 | python-pillow | 10/02/2014 | ?? | |||
| CVE-2014-1934 | python-eyed3 | 10/02/2014 | ?? | |||
| CVE-2014-1935 | 9base | 10/02/2014 | ?? | |||
| CVE-2014-1949 | cinnamon-screensaver | 12/02/2014 | ?? | |||
| CVE-2014-1959 | gnutls | 13/02/2014 | 2d | |||
| CVE-2014-2015 | freeradius | 16/02/2014 | ?? | |||
| CVE-2014-1943 | file | 10/02/2014 | 2d | |||
| CVE-2014-0001 CVE-2014-0412 CVE-2014-0437 CVE-2014-0420 CVE-2014-0393 CVE-2014-0386 CVE-2014-0401 CVE-2014-0402 |
mariadb | 13/02/2013 | -13d | |||
| CVE-2014-1447 | libvirt | 16/01/2014 | 2d | |||
| CVE-2014-0979 | lightdm-gtk* | 07/01/2014 | FS#38715 | 25d | ||
| CVE-2014-1475 CVE-2014-1476 | drupal | 15/01/2014 | 12d | |||
| CVE-2014-0019 | socat | 29/01/2014 | 0d | |||
| CVE-2014-1845 CVE-2014-1846 | enlightment | 03/02/2014 | -3d | |||
| CVE-2014-1838 CVE-2014-1839 | python-logilab | 31/01/2014 | 3d | |||
| CVE-2014-0368 CVE-2014-0373 CVE-2014-0376 CVE-2014-0411 CVE-2014-0416 CVE-2014-0422 CVE-2014-0423 CVE-2014-0428 |
*-openjdk-* | 15/01/2014 | 2d | |||
| CVE-2014-1402 | python-jinja | 10/01/2014 | 1d | |||
| CVE-2013-6462 | libxfont | 07/01/2014 | 0d | |||
| CVE-2014-1235 | graphviz | 07/01/2014 | FS#38441 | 3d | ||
| CVE-2014-0978 | freerdp | 02/01/2014 | FS#38802 | ?? | ||