Difference between revisions of "CVE"

From ArchWiki
Jump to: navigation, search
(Procedure: modify instructions to prefer Template:CVE)
m (Procedure: add link to NVD)
Line 32: Line 32:
{{Note|If the CVE is not found in NVD, just include a link to different database in the first column: {{ic|<nowiki>[http://link.to.cve CVE-2014-????]</nowiki>}}}}
{{Note|If the CVE is not found in [http://nvd.nist.gov/home.cfm NVD], just include a link to different database in the first column: {{ic|<nowiki>[http://link.to.cve CVE-2014-????]</nowiki>}}}}
The above template should be added after the line
The above template should be added after the line

Revision as of 23:55, 24 March 2014

Tango-document-new.pngThis article is a stub.Tango-document-new.png

Notes: Draft of a table conaining already corrected CVE

TODO: -improve sexyness of the table - links to Mitre for CVE-id

(Discuss in Talk:CVE#)

This article documents Common Vulnerabilities and Exposures (CVE's) that are found and fixed in Arch Linux.


CVE's represent critical security vulnerabilities which must be addressed as quickly as possible.

Once a CVE has been located and fixed, it is added to the CVE documentation table below.


This is a community driven project. Please consider joining the Arch CVE Monitoring Team.

Also, join the Arch security mailing list. There is an IRC on irc://irc.freenode.net/archlinux-security.


When adding a CVE to the table, add it to the TOP of the table. In the "CVE-id", "package/version", and "Update/bug" columns, create the entry as a hyperlink to the appropriate URL, respectively.

The following template may be used to faciliate CVE entries into the table. The first line, "|-" represents the creation of a new row in the table, while the second line should be modified per CVE.

CVE Table Addition Template
| {{CVE|CVE-2014-????}} || {{Pkg|pkgname}} || date_public || update/bug || fixed_version || time_vulnerable || status (fixed|pending)
Note: If the CVE is not found in NVD, just include a link to different database in the first column: [http://link.to.cve CVE-2014-????]

The above template should be added after the line

! scope="col" width="125px" data-sort-type="text" | CVE-id !! package/version !! Date public !! Update/bug !! Fixed version !! Time vulnerable !! Status

Documented Resolved CVE's

Note: Refer to the #Procedure section when adding new entries.

CVE-id package/version Date public Update/bug Fixed version Time vulnerable Status
CVE-2014-1700 CVE-2014-1701 CVE-2014-1702 CVE-2014-1703 CVE-2014-1704 CVE-2014-1705 CVE-2014-1713 CVE-2014-1715 chromium v8 11/03/2014 32 33 4d fixed
CVE-2014-0098 CVE-2013-6438 apache 17/03/2014 2.4.8 2.4.9 -1d fixed
CVE-2014-1492 nss 18/03/2014 2.15.5 3.16 - pending
CVE-2014-1493 CVE-2014-1494 CVE-2014-1497 CVE-2014-1498 CVE-2014-1499 CVE-2014-1500 CVE-2014-1502 CVE-2014-1504 CVE-2014-1505 CVE-2014-1508 CVE-2014-1509 CVE-2014-1510 CVE-2014-1511 CVE-2014-1512 CVE-2014-1513 CVE-2014-1514 firefox thunderbird 18/03/2014 27 28 1d fixed
CVE-2014-2240 CVE-2014-2241 freetype2 2.5.2 2.5.3  ? fixed
CVE-2014-2029 xtrabackup 16/02/2014 2.1.7 2.1.8 28d fixed
CVE-2014-1958 CVE-2014-2030 imagemagick  ? fixed
CVE-2014-1943 CVE-2014-2270 php 06/03/2014 5.5.9 5.5.110 -1d fixed
CVE-2014-0404 CVE-2014-0406 CVE-2014-0407 virtualbox 28/02/2014 4.3.4 4.3.6  ? fixed
CVE-2014-2323 CVE-2014-2324 lighttpd 12/03/2014 1.4.34 1.4.35 0d fixed
CVE-2014-0333 libpng 28/02/2014 1.6.9 1.6.10 9d fixed
CVE-2014-0017 libssh 04/03/2014 - 5d fixed
CVE-2013-7339 linux < 20/03/2014 - 0d fixed
CVE-2014-2568 linux 18/03/2014 FS#39566 - - invalid
CVE-2014-2524 tigervnc 19/03/2014 - 1.3.1 1d FIXED
CVE-2013-7338 python 19/03/2014 FS#39540 3.4 beta3 2013-12-27:? pending 3.4 -> [extra]
CVE-2014-0133 nginx 18/03/2014 - 1.4.7 0d fixed
CVE-2013-7336 libvirt 19/09/2013 - libvirt-1.1.1-7.el7 0d fixed
CVE-2014-2523 linux 17/03/2014 - 3.13-rc5  ? fixed
CVE-2014-0004 udisks2 udisks 10/03/2014 2.1.3 1.0.5 2.1.3 1.0.5 3d fixed
CVE-2014-2281 CVE-2014-2282 CVE-2014-2283 CVE-2014-2299 wireshark 10/03/2014 1.10.6 1.10.6  ?? fixed
CVE-2014-0050 tomcat7 06/02/2014 7.0.51 7.0.51  ?? fixed
CVE-2014-0033 tomcat6 10/01/2014 6.0.37 6.0.37  ?? fixed
CVE-2014-0032 subversion 10/01/2014 1.8.6 1.8.6  ?? fixed
CVE-2014-0060 CVE-2014-0061 CVE-2014-0062 CVE-2014-0063 CVE-2014-0064 CVE-2014-0065 CVE-2014-0066 CVE-2014-0067 postgresql 20/02/2014 9.3.3 9.33 0d fixed
CVE-2014-1912 python python2 07/02/2014  ?? fixed
CVE-2013-4496 CVE-2013-6442 samba 14/03/2014 FS#39424 4.1.6 2d fixed
CVE-2014-0504 flashplugin 12/03/2014 FS#39385 1d fixed
CVE-2014-0106 sudo/1.8.9.p5 1.8.10 - fixed
CVE-2014-2285 CVE-2014-2284 net-snmp 05/03/2014 FS#39190 8d
CVE-2014-0092 gnutls 04/03/2014 1d
CVE-2014-2242 CVE-2014-2243 CVE-2014-2244 mediawiki 14/03/2014 1d
CVE-2014-2093 CVE-2014-2094 CVE-2014-2095 CVE-2014-2096 catfish 25/02/2014  ??
CVE-2014-0497 flashplugin 04/02/2014 1d
CVE-2014-0015 curl 29/01/2014 3d
CVE-2014-1610 mediawiki 29/01/2014 0d
CVE-2014-0021 chrony 17/01/2014 14d
CVE-2014-1875 perl-capture-tiny 06/02/2014 FS#38862 4d
CVE-2013-6493 icedtea-web-jav 05/02/2014 0d
CVE-2014-1858 CVE-2014-1859 python-numpy 06/02/2014 FS#38863 4d
CVE-2014-1932 CVE-2014-1933 python-pillow 10/02/2014  ??
CVE-2014-1934 python-eyed3 10/02/2014  ??
CVE-2014-1935 9base 10/02/2014  ??
CVE-2014-1949 cinnamon-screensaver 12/02/2014  ??
CVE-2014-1959 gnutls 13/02/2014 2d
CVE-2014-2015 freeradius 16/02/2014  ??
CVE-2014-1943 CVE-2014-2270 file 10/02/2014 2d
CVE-2014-0001 CVE-2014-0412
CVE-2014-0437 CVE-2014-0420
CVE-2014-0393 CVE-2014-0386
CVE-2014-0401 CVE-2014-0402
mariadb 13/02/2013 -13d
CVE-2014-1447 libvirt 16/01/2014 2d
CVE-2014-0979 lightdm-gtk* 07/01/2014 FS#38715 25d
CVE-2014-1475 CVE-2014-1476 drupal 15/01/2014 12d
CVE-2014-0019 socat 29/01/2014 0d
CVE-2014-1845 CVE-2014-1846 enlightment 03/02/2014 -3d
CVE-2014-1838 CVE-2014-1839 python-logilab 31/01/2014 3d
CVE-2014-0368 CVE-2014-0373
CVE-2014-0376 CVE-2014-0411
CVE-2014-0416 CVE-2014-0422
CVE-2014-0423 CVE-2014-0428
*-openjdk-* 15/01/2014 2d
CVE-2014-1402 python-jinja 10/01/2014 1d
CVE-2013-6462 libxfont 07/01/2014 0d
CVE-2014-1235 graphviz 07/01/2014 FS#38441 3d
CVE-2014-0978 freerdp 02/01/2014 FS#38802  ??