Difference between revisions of "CVE"

From ArchWiki
Jump to: navigation, search
(Documented Resolved CVE's)
(Documented Resolved CVE's)
Line 42: Line 42:
 
|-
 
|-
 
! scope="col" width="110px" data-sort-type="text" | CVE-id !! package/version !! Date public !! Update/bug !! Fixed version !! Time vulnerable !! Status
 
! scope="col" width="110px" data-sort-type="text" | CVE-id !! package/version !! Date public !! Update/bug !! Fixed version !! Time vulnerable !! Status
 +
 
|-
 
|-
 
| CVE-2014-1700 CVE-2014-1701 CVE-2014-1702 CVE-2014-1703 CVE-2014-1704 CVE-2014-1705 CVE-2014-1713 CVE-2014-1715 || {{Pkg|chromium}} || 11/03/2014 || 32 || 33 || 4d || fixed  
 
| CVE-2014-1700 CVE-2014-1701 CVE-2014-1702 CVE-2014-1703 CVE-2014-1704 CVE-2014-1705 CVE-2014-1713 CVE-2014-1715 || {{Pkg|chromium}} || 11/03/2014 || 32 || 33 || 4d || fixed  
 
|-
 
|-
 
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0098 CVE-2014-0098] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6438 CVE-2013-6438]|| {{Pkg|apache}} || 17/03/2014 || 2.4.8 || 2.4.9 || -1d || fixed  
 
| [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0098 CVE-2014-0098] [http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6438 CVE-2013-6438]|| {{Pkg|apache}} || 17/03/2014 || 2.4.8 || 2.4.9 || -1d || fixed  
 +
|-
 +
| CVE-2014-1492 || {{Pkg|nss}} || 18/03/2014 || 2.15.5 || 3.16 || - || pending
 
|-
 
|-
 
  | CVE-2014-1493 CVE-2014-1494 CVE-2014-1497 CVE-2014-1498 CVE-2014-1499 CVE-2014-1500 CVE-2014-1502 CVE-2014-1504 CVE-2014-1505 CVE-2014-1508 CVE-2014-1509  CVE-2014-1510 CVE-2014-1511 CVE-2014-1512 CVE-2014-1513 CVE-2014-1514 || {{Pkg|firefox}} {{Pkg|thunderbird}}  || 18/03/2014 || 27 || 28 || 1d || fixed  
 
  | CVE-2014-1493 CVE-2014-1494 CVE-2014-1497 CVE-2014-1498 CVE-2014-1499 CVE-2014-1500 CVE-2014-1502 CVE-2014-1504 CVE-2014-1505 CVE-2014-1508 CVE-2014-1509  CVE-2014-1510 CVE-2014-1511 CVE-2014-1512 CVE-2014-1513 CVE-2014-1514 || {{Pkg|firefox}} {{Pkg|thunderbird}}  || 18/03/2014 || 27 || 28 || 1d || fixed  

Revision as of 22:25, 24 March 2014

Tango-document-new.pngThis article is a stub.Tango-document-new.png

Notes: Draft of a table conaining already corrected CVE

TODO: -improve sexyness of the table - links to Mitre for CVE-id

(Discuss in Talk:CVE#)

Related articles

This article documents Common Vulnerabilities and Exposures (CVE's) that are found and fixed in Arch Linux.

Introduction

CVE's represent critical security vulnerabilities which must be addressed as quickly as possible.

Once a CVE has been located and fixed, it is added to the CVE documentation table below.

Helping

This is a community driven project. Please consider joining the Arch CVE Monitoring Team.

Also, join the Arch security mailing list. There is an IRC on irc://irc.freenode.net/archlinux-security.

Procedure

When adding a CVE to the table, add it to the TOP of the table. In the "CVE-id", "package/version", and "Update/bug" columns, create the entry as a hyperlink to the appropriate URL, respectively.


The following template may be used to faciliate CVE entries into the table. The first line, "|-" represents the creation of a new row in the table, while the second line should be modified per CVE.

CVE Table Addition Template
|-
| [http://link.to.cve CVE-2014-????] || {{Pkg|pkgname}} || date_public || update/bug || fixed_version || time_vulnerable || status (fixed|pending)  

The above template should be added after the line

! scope="col" width="125px" data-sort-type="text" | CVE-id !! package/version !! Date public !! Update/bug !! Fixed version !! Time vulnerable !! Status

Documented Resolved CVE's


Note: Refer to the #Procedure section when adding new entries.


RESOLVED CVE's
CVE-id package/version Date public Update/bug Fixed version Time vulnerable Status
CVE-2014-1700 CVE-2014-1701 CVE-2014-1702 CVE-2014-1703 CVE-2014-1704 CVE-2014-1705 CVE-2014-1713 CVE-2014-1715 chromium 11/03/2014 32 33 4d fixed
CVE-2014-0098 CVE-2013-6438 apache 17/03/2014 2.4.8 2.4.9 -1d fixed
CVE-2014-1492 nss 18/03/2014 2.15.5 3.16 - pending
CVE-2014-1493 CVE-2014-1494 CVE-2014-1497 CVE-2014-1498 CVE-2014-1499 CVE-2014-1500 CVE-2014-1502 CVE-2014-1504 CVE-2014-1505 CVE-2014-1508 CVE-2014-1509 CVE-2014-1510 CVE-2014-1511 CVE-2014-1512 CVE-2014-1513 CVE-2014-1514 firefox thunderbird 18/03/2014 27 28 1d fixed
CVE-2014-2240 CVE-2014-2241 freetype2 2.5.2 2.5.3  ? fixed
CVE-2014-2029 xtrabackup 16/02/2014 2.1.7 2.1.8 28d fixed
CVE-2014-1958 CVE-2014-2030 imagemagick 6.8.8.9-1  ? fixed
CVE-2014-1943 CVE-2014-2270 php 06/03/2014 5.5.9 5.5.110 -1d fixed
CVE-2014-0404 CVE-2014-0406 CVE-2014-0407 virtualbox 28/02/2014 4.3.4 4.3.6  ? fixed
CVE-2014-2323 CVE-2014-2324 lighttpd 12/03/2014 1.4.34 1.4.35 0d fixed
CVE-2014-0333 libpng 28/02/2014 1.6.9 1.6.10 9d fixed
CVE-2014-0017 libssh 04/03/2014 - 3.5.7.29 5d fixed
CVE-2013-7339 linux <3.5.7.29 20/03/2014 - 3.5.7.29 0d fixed
CVE-2014-2568 linux 18/03/2014 FS#39566 - - invalid
CVE-2014-2524 tigervnc 19/03/2014 - 1.3.1 1d FIXED
CVE-2013-7338 python 19/03/2014 FS#39540 3.4 beta3 2013-12-27:? pending 3.4 -> [extra]
CVE-2014-0133 nginx 18/03/2014 - 1.4.7 0d fixed
CVE-2013-7336 libvirt 19/09/2013 - libvirt-1.1.1-7.el7 0d fixed
CVE-2014-2523 linux 17/03/2014 - 3.13-rc5  ? fixed
CVE-2014-0004 udisks2 udisks 10/03/2014 2.1.3 1.0.5 2.1.3 1.0.5 3d fixed
CVE-2014-2281 CVE-2014-2282 CVE-2014-2283 CVE-2014-2299 wireshark 10/03/2014 1.10.6 1.10.6  ?? fixed
CVE-2014-0050 tomcat7 06/02/2014 7.0.51 7.0.51  ?? fixed
CVE-2014-0033 tomcat6 10/01/2014 6.0.37 6.0.37  ?? fixed
CVE-2014-0032 subversion 10/01/2014 1.8.6 1.8.6  ?? fixed
CVE-2014-0060 CVE-2014-0061 CVE-2014-0062 CVE-2014-0063 CVE-2014-0064 CVE-2014-0065 CVE-2014-0066 CVE-2014-0067 postgresql 20/02/2014 9.3.3 9.33 0d fixed
CVE-2014-1912 python python2 07/02/2014  ?? fixed
CVE-2013-4496 CVE-2013-6442 samba 14/03/2014 FS#39424 4.1.6 2d fixed
CVE-2014-0504 flashplugin 12/03/2014 FS#39385 11.2.202.346 1d fixed
CVE-2014-0106 sudo/1.8.9.p5 1.8.10 - fixed
CVE-2014-2285 CVE-2014-2284 net-snmp 05/03/2014 FS#39190 8d
CVE-2014-0092 gnutls 04/03/2014 1d
CVE-2014-2242 CVE-2014-2243 CVE-2014-2244 mediawiki 14/03/2014 1d
CVE-2014-2093 CVE-2014-2094 CVE-2014-2095 CVE-2014-2096 catfish 25/02/2014  ??
CVE-2014-0497 flashplugin 04/02/2014 1d
CVE-2014-0015 curl 29/01/2014 3d
CVE-2014-1610 mediawiki 29/01/2014 0d
CVE-2014-0021 chrony 17/01/2014 14d
CVE-2014-1875 perl-capture-tiny 06/02/2014 FS#38862 4d
CVE-2013-6493 icedtea-web-jav 05/02/2014 0d
CVE-2014-1858 CVE-2014-1859 python-numpy 06/02/2014 FS#38863 4d
CVE-2014-1932 CVE-2014-1933 python-pillow 10/02/2014  ??
CVE-2014-1934 python-eyed3 10/02/2014  ??
CVE-2014-1935 9base 10/02/2014  ??
CVE-2014-1949 cinnamon-screensaver 12/02/2014  ??
CVE-2014-1959 gnutls 13/02/2014 2d
CVE-2014-2015 freeradius 16/02/2014  ??
CVE-2014-1943 CVE-2014-2270 file 10/02/2014 2d
CVE-2014-0001 CVE-2014-0412
CVE-2014-0437 CVE-2014-0420
CVE-2014-0393 CVE-2014-0386
CVE-2014-0401 CVE-2014-0402
mariadb 13/02/2013 -13d
CVE-2014-1447 libvirt 16/01/2014 2d
CVE-2014-0979 lightdm-gtk* 07/01/2014 FS#38715 25d
CVE-2014-1475 CVE-2014-1476 drupal 15/01/2014 12d
CVE-2014-0019 socat 29/01/2014 0d
CVE-2014-1845 CVE-2014-1846 enlightment 03/02/2014 -3d
CVE-2014-1838 CVE-2014-1839 python-logilab 31/01/2014 3d
CVE-2014-0368 CVE-2014-0373
CVE-2014-0376 CVE-2014-0411
CVE-2014-0416 CVE-2014-0422
CVE-2014-0423 CVE-2014-0428
*-openjdk-* 15/01/2014 2d
CVE-2014-1402 python-jinja 10/01/2014 1d
CVE-2013-6462 libxfont 07/01/2014 0d
CVE-2014-1235 graphviz 07/01/2014 FS#38441 3d
CVE-2014-0978 freerdp 02/01/2014 FS#38802  ??