Difference between revisions of "CVE"

From ArchWiki
Jump to: navigation, search
(Documented Resolved CVE's: added [linux] CVE-2013-7339)
(Documented Resolved CVE's)
Line 45: Line 45:
 
| [http://seclists.org/oss-sec/2014/q1/628 CVE-2013-7339] || {{Pkg|linux}} <3.5.7.29|| 20/03/2014 || - || 3.5.7.29 || 0d || fixed   
 
| [http://seclists.org/oss-sec/2014/q1/628 CVE-2013-7339] || {{Pkg|linux}} <3.5.7.29|| 20/03/2014 || - || 3.5.7.29 || 0d || fixed   
 
|-
 
|-
| [https://access.redhat.com/security/cve/CVE-2014-2568 CVE-2014-2568] || {{Pkg|linux}} || 18/03/2014 || {{Bug|2568}} || - || 18/03/2014 -- ?? || pending
+
| [https://access.redhat.com/security/cve/CVE-2014-2568 CVE-2014-2568] || {{Pkg|linux}} || 18/03/2014 || {{Bug|39566}} || - || - || invalid
 
|-
 
|-
 
| [https://access.redhat.com/security/cve/CVE-2014-2524 CVE-2014-2524] || {{Pkg|tigervnc}} || 19/03/2014 || - || 1.3.1 || 1d || FIXED
 
| [https://access.redhat.com/security/cve/CVE-2014-2524 CVE-2014-2524] || {{Pkg|tigervnc}} || 19/03/2014 || - || 1.3.1 || 1d || FIXED

Revision as of 11:52, 22 March 2014

Tango-document-new.pngThis article is a stub.Tango-document-new.png

Notes: Draft of a table conaining already corrected CVE

TODO: -improve sexyness of the table - links to Mitre for CVE-id

(Discuss in Talk:CVE#)

Related articles

This article documents Common Vulnerabilities and Exposures (CVE's) that are found and fixed in Arch Linux.

Introduction

CVE's represent critical security vulnerabilities which must be addressed as quickly as possible.

Once a CVE has been located and fixed, it is added to the CVE documentation table below.

Helping

This is a community driven project. Please consider joining the Arch CVE Monitoring Team.

Also, join the Arch security mailing list. There is an IRC on irc://irc.freenode.net/archlinux-security.

Procedure

When adding a CVE to the table, add it to the TOP of the table. In the "CVE-id", "package/version", and "Update/bug" columns, create the entry as a hyperlink to the appropriate URL, respectively.


The following template may be used to faciliate CVE entries into the table. The first line, "|-" represents the creation of a new row in the table, while the second line should be modified per CVE.

CVE Table Addition Template
|-
| [http://link.to.cve CVE-2014-????] || {{Pkg|pkgname}} || date_public || update/bug || fixed_version || time_vulnerable || status (fixed|pending)  

The above template should be added after the line

! scope="col" width="125px" data-sort-type="text" | CVE-id !! package/version !! Date public !! Update/bug !! Fixed version !! Time vulnerable !! Status

Documented Resolved CVE's


Note: Refer to the #Procedure section when adding new entries.


RESOLVED CVE's
CVE-id package/version Date public Update/bug Fixed version Time vulnerable Status
CVE-2013-7339 linux <3.5.7.29 20/03/2014 - 3.5.7.29 0d fixed
CVE-2014-2568 linux 18/03/2014 FS#39566 - - invalid
CVE-2014-2524 tigervnc 19/03/2014 - 1.3.1 1d FIXED
CVE-2013-7338 python 19/03/2014 FS#39540 3.4 beta3 2013-12-27:? pending 3.4 -> [extra]
CVE-2014-0133 nginx 18/03/2014 - 1.4.7 0d fixed
CVE-2013-7336 libvirt 19/09/2013 - libvirt-1.1.1-7.el7 0d fixed
CVE-2014-2523 linux 17/03/2014 - 3.13-rc5  ? fixed
CVE-2014-0004 udisks2 udisks 10/03/2014 2.1.3 1.0.5 2.1.3 1.0.5 3d fixed
CVE-2014-2281 CVE-2014-2283 CVE-2014-2299 wireshark 10/03/2014 1.10.6 1.10.6  ?? fixed
CVE-2014-0050 tomcat7 06/02/2014 7.0.51 7.0.51  ?? fixed
CVE-2014-0033 tomcat6 10/01/2014 6.0.37 6.0.37  ?? fixed
CVE-2014-0032 subversion 10/01/2014 1.8.6 1.8.6  ?? fixed
CVE-2014-0060 CVE-2014-0061 CVE-2014-0062 CVE-2014-0063 CVE-2014-0064 CVE-2014-0065 CVE-2014-0066 CVE-2014-0067 postgresql 20/02/2014 9.3.3 9.33 0d fixed
CVE-2014-1912 python python2 07/02/2014  ?? fixed
CVE-2013-4496 samba 14/03/2014 FS#39424 4.1.6 2d fixed
CVE-2013-6442 samba 14/03/2014 FS#39424 4.1.6 2d fixed
CVE-2014-0504 flashplugin 12/03/2014 FS#39385 11.2.202.346 1d fixed
CVE-2014-0106 sudo/1.8.9.p5 1.8.10 - pending
CVE-2014-2285 CVE-2014-2284 net-snmp 05/03/2014 FS#39190 8d
CVE-2014-0092 gnutls 04/03/2014 1d
CVE-2014-2242 CVE-2014-2243
CVE-2014-2242
mediawiki 14/03/2014 1d
CVE-2014-2096 CVE-2014-2093 catfish 25/02/2014  ??
CVE-2014-0497 flashplugin 04/02/2014 1d
CVE-2014-0015 curl 29/01/2014 3d
CVE-2014-1610 mediawiki 29/01/2014 0d
CVE-2014-0021 chrony 17/01/2014 14d
CVE-2014-1875 perl-capture-tiny 06/02/2014 FS#38862 4d
CVE-2013-6493 icedtea-web-jav 05/02/2014 0d
CVE-2014-1858 CVE-2014-1859 python-numpy 06/02/2014 FS#38863 4d
CVE-2014-1932 CVE-2014-1933 python-pillow 10/02/2014  ??
CVE-2014-1934 python-eyed3 10/02/2014  ??
CVE-2014-1935 9base 10/02/2014  ??
CVE-2014-1949 cinnamon-screensaver 12/02/2014  ??
CVE-2014-1959 gnutls 13/02/2014 2d
CVE-2014-2015 freeradius 16/02/2014  ??
CVE-2014-1943 file 10/02/2014 2d
CVE-2014-0001 CVE-2014-0412
CVE-2014-0437 CVE-2014-0420
CVE-2014-0393 CVE-2014-0386
CVE-2014-0401 CVE-2014-0402
mariadb 13/02/2013 -13d
CVE-2014-1447 libvirt 16/01/2014 2d
CVE-2014-0979 lightdm-gtk* 07/01/2014 FS#38715 25d
CVE-2014-1475 CVE-2014-1476 drupal 15/01/2014 12d
CVE-2014-0019 socat 29/01/2014 0d
CVE-2014-1845 CVE-2014-1846 enlightment 03/02/2014 -3d
CVE-2014-1838 CVE-2014-1839 python-logilab 31/01/2014 3d
CVE-2014-0368 CVE-2014-0373
CVE-2014-0376 CVE-2014-0411
CVE-2014-0416 CVE-2014-0422
CVE-2014-0423 CVE-2014-0428
*-openjdk-* 15/01/2014 2d
CVE-2014-1402 python-jinja 10/01/2014 1d
CVE-2013-6462 libxfont 07/01/2014 0d
CVE-2014-1235 graphviz 07/01/2014 FS#38441 3d
CVE-2014-0978 freerdp 02/01/2014 FS#38802  ??