Difference between revisions of "Security Advisories"

From ArchWiki
Jump to navigation Jump to search
(wordpress advisory)
(archived (see Talk:CVE))
 
(59 intermediate revisions by 9 users not shown)
Line 1: Line 1:
[[Category:Arch development]]
 
[[Category:Security]]
 
{{Related articles start}}
 
{{Related|Arch CVE Monitoring Team}}
 
{{Related|CVE}}
 
{{Related|Security Advisories/Examples}}
 
{{Related articles end}}
 
  
Security Advisories are published by the community driven [[Arch CVE Monitoring Team]] to the public [https://mailman.archlinux.org/mailman/listinfo/arch-security arch-security] list.
+
#redirect [[ArchWiki:Archive]]
All published advisories can be found below, however if you want to be up-to-date its recommended to subscribe to the [https://mailman.archlinux.org/mailman/listinfo/arch-security list]. All assigned CVE's are tracked at the relevant CVE page [[CVE]], by the [[Arch_CVE_Monitoring_Team|ACMT]].
+
[[Category:Archive]]
 
 
==Scheduled Advisories==
 
 
 
==Recent Advisories==
 
Here is an archive of security advisories posted to the [https://mailman.archlinux.org/mailman/listinfo/arch-security arch-security] list.
 
 
 
=== September 2016 ===
 
* [30 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000728.html ASA-201609-32] {{pkg|wordpress}} multiple issues
 
* [30 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000727.html ASA-201609-31] {{pkg|c-ares}} arbitrary code execution
 
* [28 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000726.html ASA-201609-30] {{pkg|openssl}} denial of service
 
* [28 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000725.html ASA-201609-29] {{pkg|bind}} denial of service
 
* [27 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000724.html ASA-201609-28] {{pkg|lib32-openssl}} denial of service
 
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000723.html ASA-201609-27] {{pkg|wireshark-cli}} denial of service
 
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000722.html ASA-201609-26] {{pkg|lib32-gnutls}} certificate verification bypass
 
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000721.html ASA-201609-25] {{pkg|gnutls}} certificate verification bypass
 
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000720.html ASA-201609-24] {{pkg|lib32-openssl}} multiple issues
 
* [26 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000719.html ASA-201609-23] {{pkg|openssl}} multiple issues
 
* [22 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000718.html ASA-201609-22] {{pkg|firefox}} multiple issues
 
* [22 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000717.html ASA-201609-21] {{pkg|tomcat7}} proxy injection
 
* [22 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000716.html ASA-201609-20] {{pkg|irssi}} arbitrary code execution
 
* [20 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000715.html ASA-201609-19] {{pkg|curl}} denial of service
 
* [20 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000714.html ASA-201609-18] {{pkg|lib32-curl}} denial of service
 
* [20 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000713.html ASA-201609-17] {{pkg|lib32-jansson}} denial of service
 
* [18 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000712.html ASA-201609-16] {{pkg|php}} multiple issues
 
* [17 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000711.html ASA-201609-15] {{pkg|jansson}} denial of service
 
* [17 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000710.html ASA-201609-14] {{pkg|lib32-libgcrypt}} information disclosure
 
* [17 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000709.html ASA-201609-13] {{pkg|chromium}} multiple issues
 
* [15 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000708.html ASA-201609-12] {{pkg|lib32-flashplugin}} multiple issues
 
* [15 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000707.html ASA-201609-11] {{pkg|flashplugin}} multiple issues
 
* [14 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000706.html ASA-201609-10] {{pkg|mariadb}} multiple issues
 
* [13 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000705.html ASA-201609-9] {{pkg|powerdns}} denial of service
 
* [13 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000704.html ASA-201609-8] {{pkg|libtorrent-rasterbar}} denial of service
 
* [10 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000703.html ASA-201609-7] {{pkg|tomcat8}} proxy injection
 
* [09 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000702.html ASA-201609-6] {{pkg|graphicsmagick}} multiple issues
 
* [09 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000701.html ASA-201609-5] {{pkg|file-roller}} directory traversal
 
* [09 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000700.html ASA-201609-4] {{pkg|wordpress}} multiple issues
 
* [04 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000699.html ASA-201609-3] {{pkg|thunderbird}} arbitrary code execution
 
* [01 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000698.html ASA-201609-2] {{pkg|webkit2gtk}} multiple issues
 
* [01 September 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-September/000697.html ASA-201609-1] {{pkg|chromium}} multiple issues
 
 
 
=== August 2016 ===
 
* [30 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000696.html ASA-201608-22] {{pkg|mupdf}} arbitrary code execution
 
* [30 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000695.html ASA-201608-21] {{pkg|mupdf}} arbitrary code execution
 
* [27 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000694.html ASA-201608-20] {{pkg|wireshark-cli}} denial of service
 
* [26 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000693.html ASA-201608-19] {{pkg|mediawiki}} multiple issues
 
* [22 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000692.html ASA-201608-18] {{pkg|libgcrypt}} information disclosure
 
* [21 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000691.html ASA-201608-17] {{pkg|linux-lts}} information disclosure
 
* [17 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000690.html ASA-201608-16] {{pkg|chromium}} multiple issues
 
* [17 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000689.html ASA-201608-15] {{pkg|linux-zen}} information disclosure
 
* [14 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000688.html ASA-201608-14] {{pkg|postgresql}} multiple issues
 
* [14 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000687.html ASA-201608-13] {{pkg|linux-grsec}} information disclosure
 
* [14 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000686.html ASA-201608-12] {{pkg|linux}} information disclosure
 
* [11 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000685.html ASA-201608-11] {{pkg|websvn}} cross-site scripting
 
* [10 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000684.html ASA-201608-10] {{pkg|jq}} arbitrary code execution
 
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000683.html ASA-201608-9] {{pkg|curl}} multiple issues
 
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000682.html ASA-201608-8] {{pkg|libupnp}} arbitrary filesystem access
 
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000681.html ASA-201608-7] {{pkg|lib32-glibc}} denial of service
 
* [08 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000680.html ASA-201608-6] {{pkg|glibc}} denial of service
 
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000679.html ASA-201608-5] {{pkg|jre7-openjdk-headless}} multiple issues
 
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000678.html ASA-201608-4] {{pkg|jre7-openjdk}} multiple issues
 
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000677.html ASA-201608-3] {{pkg|jdk7-openjdk}} multiple issues
 
* [05 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000676.html ASA-201608-2] {{pkg|firefox}} multiple issues
 
* [02 August 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-August/000675.html ASA-201608-1] {{pkg|openssh}} information leakage
 
 
 
=== July 2016 ===
 
* [30 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000674.html ASA-201607-14] {{pkg|libidn}} denial of service
 
* [29 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000673.html ASA-201607-13] {{pkg|imagemagick}} information leakage
 
* [24 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000672.html ASA-201607-12] {{pkg|chromium}} multiple issues
 
* [22 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000671.html ASA-201607-11] {{pkg|python2-django}} cross site scripting
 
* [22 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000670.html ASA-201607-10] {{pkg|python-django}} cross site scripting
 
* [21 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000669.html ASA-201607-9] {{pkg|drupal}} proxy injection
 
* [20 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000668.html ASA-201607-8] {{pkg|bind}} denial of service
 
* [18 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000667.html ASA-201607-7] {{pkg|lib32-flashplugin}} multiple issues
 
* [18 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000666.html ASA-201607-6] {{pkg|flashplugin}} multiple issues
 
* [17 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000665.html ASA-201607-5] {{pkg|gimp}} arbitrary code execution
 
* [10 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000664.html ASA-201607-4] {{pkg|thunderbird}} arbitrary code execution
 
* [05 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000663.html ASA-201607-3] {{pkg|libreoffice-fresh}} arbitrary code execution
 
* [05 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000662.html ASA-201607-2] {{pkg|xerces-c}} denial of service
 
* [05 July 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-July/000661.html ASA-201607-1] {{pkg|libarchive}} arbitrary code execution
 
 
 
=== June 2016 ===
 
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000660.html ASA-201606-25] {{pkg|phpmyadmin}} multiple issues
 
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000659.html ASA-201606-24] {{pkg|libpurple}} arbitrary code execution
 
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000658.html ASA-201606-23] {{pkg|libdwarf}} arbitrary code execution
 
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000657.html ASA-201606-22] {{pkg|xerces-c}} arbitrary code execution
 
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000656.html ASA-201606-21] {{pkg|vlc}} arbitrary code execution
 
* [25 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000655.html ASA-201606-20] {{pkg|chromium}} arbitrary code execution
 
* [20 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000654.html ASA-201606-19] {{pkg|wget}} arbitrary file upload
 
* [20 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000653.html ASA-201606-18] {{pkg|lib32-flashplugin}} multiple issues
 
* [19 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000652.html ASA-201606-17] {{pkg|lib32-glibc}} denial of service
 
* [19 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000651.html ASA-201606-16] {{pkg|glibc}} denial of service
 
* [19 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000650.html ASA-201606-15] {{pkg|flashplugin}} multiple issues
 
* [13 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000649.html ASA-201606-14] {{pkg|lib32-expat}} multiple issues
 
* [13 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000648.html ASA-201606-13] {{pkg|expat}} multiple issues
 
* [10 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000647.html ASA-201606-12] {{pkg|lib32-gnutls}} arbitrary file overwrite
 
* [10 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000646.html ASA-201606-11] {{pkg|haproxy}} denial of service
 
* [10 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000645.html ASA-201606-10] {{pkg|gnutls}} arbitrary file overwrite
 
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000644.html ASA-201606-9] {{pkg|qemu-arch-extra}} multiple issues
 
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000643.html ASA-201606-8] {{pkg|qemu}} multiple issues
 
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000642.html ASA-201606-7] {{pkg|firefox}} multiple issues
 
* [8 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000641.html ASA-201606-6] {{pkg|subversion}} multiple issues
 
* [5 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000640.html ASA-201606-5] {{pkg|chromium}} multiple issues
 
* [4 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000639.html ASA-201606-4] {{pkg|ntp}} distributed denial of service amplification
 
* [4 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000638.html ASA-201606-3] {{pkg|webkit2gtk}} arbitrary code execution
 
* [1 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000637.html ASA-201606-2] {{pkg|nginx-mainline}} denial of service
 
* [1 June 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-June/000636.html ASA-201606-1] {{pkg|nginx}} denial of service
 
 
 
=== May 2016 ===
 
 
 
* [28 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000635.html ASA-201605-28] {{pkg|chromium}} multiple issues
 
* [26 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000634.html ASA-201605-27] {{pkg|libxml2}} multiple issues
 
* [24 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000633.html ASA-201605-26] {{pkg|libndp}} man-in-the-middle
 
* [19 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000632.html ASA-201605-25] {{pkg|bugzilla}} cross-site scripting
 
* [18 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000631.html ASA-201605-24] {{pkg|p7zip}} arbitrary code execution
 
* [18 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000630.html ASA-201605-23] {{pkg|lib32-expat}} arbitrary code execution
 
* [18 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000629.html ASA-201605-22] {{pkg|expat}} arbitrary code execution
 
* [15 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000628.html ASA-201605-21] {{pkg|thunderbird}} arbitrary code execution
 
* [13 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000627.html ASA-201605-20] {{pkg|lib32-glibc}} multiple issues
 
* [13 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000626.html ASA-201605-19] {{pkg|glibc}} multiple issues
 
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000625.html ASA-201605-18] {{pkg|lib32-flashplugin}} arbitrary code execution
 
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000624.html ASA-201605-17] {{pkg|libksba}} denial of service
 
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000623.html ASA-201605-16] {{pkg|flashplugin}} arbitrary code execution
 
* [12 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000622.html ASA-201605-15] {{pkg|chromium}} multiple issues
 
* [10 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000621.html ASA-201605-14] {{pkg|cacti}} sql injection
 
* [10 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000620.html ASA-201605-13] {{pkg|squid}} multiple issues
 
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000619.html ASA-201605-12] {{pkg|mencoder}} denial of service
 
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000618.html ASA-201605-11] {{pkg|mplayer}} denial of service
 
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000617.html ASA-201605-10] {{pkg|mercurial}} arbitrary code execution
 
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000616.html ASA-201605-9] {{pkg|latex2rtf}} arbitrary code execution
 
* [06 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000615.html ASA-201605-8] {{pkg|gd}} arbitrary code execution
 
* [05 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000614.html ASA-201605-7] {{pkg|chromium}} multiple issues
 
* [05 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000613.html ASA-201605-6] {{pkg|imagemagick}} arbitrary code execution
 
* [05 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000612.html ASA-201605-5] {{pkg|quassel-core}} denial of service
 
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000611.html ASA-201605-4] {{pkg|lib32-openssl}} multiple issues
 
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000610.html ASA-201605-3] {{pkg|openssl}} multiple issues
 
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000609.html ASA-201605-2] {{pkg|jasper}} multiple issues
 
* [04 May 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-May/000608.html ASA-201605-1] {{pkg|imlib2}} multiple issues
 
 
 
=== April 2016 ===
 
 
 
* [30 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000607.html ASA-201604-15] {{pkg|firefox}} multiple issues
 
* [23 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000606.html ASA-201604-14] {{pkg|squid}} multiple issues
 
* [23 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000605.html ASA-201604-13] {{pkg|samba}} multiple issues
 
* [23 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000604.html ASA-201604-12] {{pkg|thunderbird}} multiple issues
 
* [22 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000603.html ASA-201604-11] {{pkg|pgpdump}} denial of service
 
* [17 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000602.html ASA-201604-10] {{pkg|chromium}} multiple issues
 
* [17 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000601.html ASA-201604-9] {{pkg|libtasn1}} denial of service
 
* [14 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000600.html ASA-201604-8] {{pkg|lhasa}} arbitrary code execution
 
* [10 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000599.html ASA-201604-7] {{pkg|flashplugin}} arbitrary code execution
 
* [06 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000598.html ASA-201604-6] {{pkg|mercurial}} arbitrary code execution
 
* [04 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000597.html ASA-201604-5] {{pkg|optipng}} arbitrary code execution
 
* [02 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000596.html ASA-201604-4] {{pkg|squid}} denial of service
 
* [01 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000595.html ASA-201604-3] {{pkg|jre7-openjdk-headless}} sandbox escape
 
* [01 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000594.html ASA-201604-2] {{pkg|jre7-openjdk}} sandbox escape
 
* [01 April 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-April/000593.html ASA-201604-1] {{pkg|jdk7-openjdk}} sandbox escape
 
 
 
=== March 2016 ===
 
 
 
* [29 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000592.html ASA-201603-27] {{pkg|jre8-openjdk-headless}} sandbox escape
 
* [29 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000591.html ASA-201603-26] {{pkg|jre8-openjdk}} sandbox escape
 
* [29 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000590.html ASA-201603-25] {{pkg|jdk8-openjdk}} sandbox escape
 
* [26 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000589.html ASA-201603-24] {{pkg|chromium}} multiple issues
 
* [24 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000588.html ASA-201603-23] {{pkg|expat}} arbitrary code execution
 
* [24 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000587.html ASA-201603-22] {{pkg|botan}} multiple issues
 
* [20 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000586.html ASA-201603-21] {{pkg|thunderbird}} multiple issues
 
* [20 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000585.html ASA-201603-20] {{pkg|git}} remote command execution
 
* [14 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000584.html ASA-201603-19] {{pkg|dropbear}} command injection
 
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000583.html ASA-201603-18] {{pkg|pcre}} arbitrary code execution
 
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000582.html ASA-201603-17] {{pkg|wireshark-gtk}} denial of service
 
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000581.html ASA-201603-16] {{pkg|wireshark-qt}} denial of service
 
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000580.html ASA-201603-15] {{pkg|wireshark-cli}} denial of service
 
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000579.html ASA-201603-14] {{pkg|pidgin-otr}} arbitrary code execution
 
* [12 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000578.html ASA-201603-13] {{pkg|bind}} denial of service
 
* [11 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000577.html ASA-201603-12] {{pkg|openssh}} command injection
 
* [11 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000576.html ASA-201603-11] {{pkg|lib32-flashplugin}} arbitrary code execution
 
* [11 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000575.html ASA-201603-10] {{pkg|flashplugin}} arbitrary code execution
 
* [10 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000574.html ASA-201603-9] {{pkg|perl}} improper input validation
 
* [10 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000573.html ASA-201603-8] {{pkg|exim}} privilege escalation
 
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000572.html ASA-201603-7] {{pkg|bind}} denial of service
 
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000571.html ASA-201603-6] {{pkg|libotr}} arbitrary code execution
 
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000570.html ASA-201603-5] {{pkg|chromium}} multiple issues
 
* [9 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000569.html ASA-201603-4] {{pkg|firefox}} multiple issues
 
* [7 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000568.html ASA-201603-3] {{pkg|lib32-openssl}} multiple issues
 
* [7 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000567.html ASA-201603-2] {{pkg|openssl}} multiple issues
 
* [3 March 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-March/000566.html ASA-201603-1] {{pkg|chromium}} multiple issues
 
 
 
=== February 2016 ===
 
 
 
* [28 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000565.html ASA-201602-24] {{pkg|cacti}} SQL injection
 
* [28 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000564.html ASA-201602-23] {{pkg|lib32-glibc}} unbound stack usage
 
* [28 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000563.html ASA-201602-22] {{pkg|glibc}} unbound stack usage
 
* [25 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000562.html ASA-201602-21] {{pkg|lib32-libssh2}} man-in-the-middle
 
* [25 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000561.html ASA-201602-20] {{pkg|libssh2}} man-in-the-middle
 
* [24 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000560.html ASA-201602-19] {{pkg|libgcrypt}} secret key extraction
 
* [23 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000559.html ASA-201602-18] {{pkg|libssh}} man-in-the-middle
 
* [21 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000558.html ASA-201602-17] {{pkg|chromium}} multiple issues
 
* [21 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000557.html ASA-201602-16] {{pkg|thunderbird}} multiple issues
 
* [17 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000555.html ASA-201602-15] {{pkg|lib32-glibc}} multiple issues
 
* [17 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000554.html ASA-201602-14] {{pkg|glibc}} multiple issues
 
* [13 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000553.html ASA-201602-13] {{pkg|nghttp2}} denial of service
 
* [13 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000552.html ASA-201602-12] {{pkg|firefox}} same-origin policy bypass
 
* [10 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000551.html ASA-201602-11] {{pkg|botan}} multiple issues
 
* [10 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000550.html ASA-201602-10] {{pkg|kscreenlocker}} access restriction bypass
 
* [6 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000549.html ASA-201602-9] {{pkg|lib32-libsndfile}} multiple issues
 
* [6 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000548.html ASA-201602-8] {{pkg|libsndfile}} multiple issues
 
* [4 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000547.html ASA-201602-7] {{pkg|libbsd}} denial of service
 
* [3 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000546.html ASA-201602-6] {{pkg|lib32-nettle}} improper cryptographic calculations
 
* [3 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000545.html ASA-201602-5] {{pkg|nettle}} improper cryptographic calculations
 
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000544.html ASA-201602-4] {{pkg|lib32-curl}} man-in-the-middle
 
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000543.html ASA-201602-3] {{pkg|curl}} man-in-the-middle
 
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000542.html ASA-201602-2] {{pkg|python2-django}} permission bypass
 
* [2 February 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-February/000540.html ASA-201602-1] {{pkg|python-django}} permission bypass
 
 
 
=== January 2016 ===
 
* [29 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000539.html ASA-201601-33] {{pkg|lib32-openssl}} man-in-the-middle
 
* [29 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000538.html ASA-201601-32] {{pkg|openssl}} man-in-the-middle
 
* [27 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000536.html ASA-201601-31] {{pkg|nginx}} denial of service
 
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000535.html ASA-201601-30] {{pkg|blueman}} privilege escalation
 
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000534.html ASA-201601-29] {{pkg|mbedtls}} man-in-the-middle
 
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000533.html ASA-201601-28] {{pkg|chromium}} multiple issues
 
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000532.html ASA-201601-27] {{pkg|privoxy}} denial of service
 
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000531.html ASA-201601-26] {{pkg|linux-lts}} privilege escalation
 
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000530.html ASA-201601-25] {{pkg|ecryptfs-utils}} privilege escalation
 
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000529.html ASA-201601-24] {{pkg|python2-rsa}} signature forgery
 
* [25 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000528.html ASA-201601-23] {{pkg|python-rsa}} signature forgery
 
* [21 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000527.html ASA-201601-22] {{pkg|libdwarf}} denial of service
 
* [21 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000526.html ASA-201601-21] {{pkg|bind}} denial of service
 
* [20 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000525.html ASA-201601-20] {{pkg|linux}} privilege escalation
 
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000524.html ASA-201601-19] {{pkg|ntp}} time alteration
 
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000523.html ASA-201601-18] {{pkg|roundcubemail}} remote code execution
 
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000522.html ASA-201601-17] {{pkg|ffmpeg}} information leakage
 
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000521.html ASA-201601-16] {{pkg|syncthing}} information leakage
 
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000520.html ASA-201601-15] {{pkg|keybase}} information leakage
 
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000519.html ASA-201601-14] {{pkg|hub}} information leakage
 
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000518.html ASA-201601-13] {{pkg|go-ipfs}} information leakage
 
* [17 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000517.html ASA-201601-12] {{pkg|docker}} information leakage
 
* [16 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000516.html ASA-201601-11] {{pkg|go}} information leakage
 
* [14 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000515.html ASA-201601-10] {{pkg|php}} multiple issues
 
* [14 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000512.html ASA-201601-9] {{pkg|openssh}} multiple issues
 
* [13 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000487.html ASA-201601-8] {{pkg|libxslt}} denial of service
 
* [11 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000486.html ASA-201601-7] {{pkg|dhcpcd}} denial of service
 
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000485.html ASA-201601-6] {{pkg|wireshark-qt}} denial of service
 
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000484.html ASA-201601-5] {{pkg|wireshark-gtk}} denial of service
 
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000483.html ASA-201601-4] {{pkg|wireshark-cli}} denial of service
 
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000482.html ASA-201601-3] {{pkg|gajim}} man-in-the-middle
 
* [09 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000481.html ASA-201601-2] {{pkg|wordpress}} cross-side scripting
 
* [02 January 2016] [https://lists.archlinux.org/pipermail/arch-security/2016-January/000480.html ASA-201601-1] {{pkg|rtmpdump}} multiple issues
 
 
 
=== December 2015 ===
 
 
 
* [28 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000479.html ASA-201512-19] {{pkg|openvpn}} out-of-bound read
 
* [28 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000478.html ASA-201512-18] {{pkg|libpng}} buffer overflow
 
* [28 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000477.html ASA-201512-17] {{pkg|flashplugin}}, {{pkg|lib32-flashplugin}} multiple issues
 
* [25 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000476.html ASA-201512-16] {{pkg|nghttp2}} use-after-free
 
* [25 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000475.html ASA-201512-15] {{pkg|mediawiki}} multiple issues
 
* [25 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000474.html ASA-201512-14] {{pkg|thunderbird}} multiple issues
 
* [22 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000473.html ASA-201512-13] {{pkg|claws-mail}} buffer overflow
 
* [17 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000472.html ASA-201512-12] {{pkg|python2-pyamf}} XML external entity injection
 
* [17 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000471.html ASA-201512-11] {{pkg|ruby}} unsafe tainted string usage
 
* [16 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000468.html ASA-201512-10] {{pkg|bind}} denial of service
 
* [15 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000467.html ASA-201512-9] {{pkg|firefox}} multiple issues
 
* [10 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000466.html ASA-201512-8] {{pkg|keepassx}} information disclosure
 
* [09 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000465.html ASA-201512-7] {{pkg|flashplugin}} multiple issues
 
* [09 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000464.html ASA-201512-6] {{pkg|libxml2}} multiple issues
 
* [09 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000463.html ASA-201512-5] {{pkg|chromium}} multiple issues
 
* [05 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000462.html ASA-201512-4] {{pkg|nodejs}} denial of service
 
* [05 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000460.html ASA-201512-3] {{pkg|python-django}} {{pkg|python2-django}} information leakage
 
* [05 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000459.html ASA-201512-2] {{pkg|openssl}} {{pkg|lib32-openssl}} multiple issues
 
* [02 December 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-December/000440.html ASA-201512-1] {{pkg|chromium}} multiple issues
 
 
 
=== November 2015 ===
 
 
 
* [18 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000439.html ASA-201511-11] {{pkg|jenkins}} multiple issues
 
* [17 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000438.html ASA-201511-10] {{pkg|lib32-libpng}} multiple issues
 
* [17 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000437.html ASA-201511-9] {{pkg|libpng}} multiple issues
 
* [13 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000436.html ASA-201511-8] {{pkg|chromium}} information leakage
 
* [12 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000435.html ASA-201511-7] {{pkg|putty}} arbitrary code execution
 
* [12 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000434.html ASA-201511-6] {{pkg|powerdns}} denial of service
 
* [11 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000433.html ASA-201511-5] {{pkg|flashplugin}} multiple issues
 
* [06 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000432.html ASA-201511-4] {{pkg|nspr}} arbitrary code execution
 
* [06 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000431.html ASA-201511-3] {{pkg|nss}} arbitrary code execution
 
* [04 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000430.html ASA-201511-2] {{pkg|firefox}} multiple issues
 
* [03 November 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-November/000429.html ASA-201511-1] {{pkg|unzip}} multiple issues
 
 
 
=== October 2015 ===
 
 
 
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000428.html ASA-201510-26] {{pkg|mariadb}} denial of service
 
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000427.html ASA-201510-25] {{pkg|lldpd}} denial of service
 
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000426.html ASA-201510-24] {{pkg|wordpress}} multiple issues
 
* [30 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000425.html ASA-201510-23] {{pkg|phpmyadmin}} content spoofing
 
* [27 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000424.html ASA-201510-22] {{pkg|vorbis-tools}} denial of service
 
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000423.html ASA-201510-21] {{pkg|drupal}} open redirect
 
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000422.html ASA-201510-20] {{pkg|jre8-openjdk-headless}} multiple issues
 
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000421.html ASA-201510-19] {{pkg|jre8-openjdk}} multiple issues
 
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000420.html ASA-201510-18] {{pkg|jdk8-openjdk}} multiple issues
 
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000419.html ASA-201510-17] {{pkg|jre7-openjdk-headless}} multiple issues
 
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000418.html ASA-201510-16] {{pkg|jre7-openjdk}} multiple issues
 
* [23 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000417.html ASA-201510-15] {{pkg|jdk7-openjdk}} multiple issues
 
* [22 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000416.html ASA-201510-14] {{pkg|ntp}} multiple issues
 
* [19 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000415.html ASA-201510-13] {{pkg|spice}} multiple issues
 
* [18 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000414.html ASA-201510-12] {{pkg|flashplugin}} arbitrary code execution
 
* [18 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000413.html ASA-201510-11] {{pkg|miniupnpc}} arbitrary code execution
 
* [16 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000412.html ASA-201510-10] {{pkg|firefox}} cross-origin restriction bypass
 
* [15 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000411.html ASA-201510-9] {{pkg|mbedtls}} arbitrary code execution
 
* [14 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000410.html ASA-201510-8] {{pkg|chromium}} multiple issues
 
* [14 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000409.html ASA-201510-7] {{pkg|flashplugin}} multiple issues
 
* [10 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000408.html ASA-201510-6] {{pkg|gdk-pixbuf2}} multiple issues
 
* [08 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000407.html ASA-201510-5] {{pkg|opensmtpd}} multiple issues
 
* [08 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000406.html ASA-201510-4] {{pkg|bugzilla}} unauthorized account creation
 
* [05 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000405.html ASA-201510-3] {{pkg|nodejs}} denial of service
 
* [05 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000404.html ASA-201510-2] {{pkg|hostapd}} denial of service
 
* [05 October 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-October/000403.html ASA-201510-1] {{pkg|libunwind}} denial of service
 
 
 
=== September 2015 ===
 
* [28 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000401.html ASA-201509-11] {{pkg|chromium}} cross-origin bypass
 
* [25 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000400.html ASA-201509-10] {{pkg|rpcbind}} denial of service
 
* [23 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000399.html ASA-201509-9] {{pkg|firefox}} multiple issues
 
* [22 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000398.html ASA-201509-8] {{pkg|flashplugin}} multiple issues
 
* [21 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000397.html ASA-201509-7] {{pkg|wordpress}} multiple issues
 
* [13 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000395.html ASA-201509-6] {{pkg|icedtea-web}} multiple issues
 
* [13 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000394.html ASA-201509-5] {{pkg|libvdpau}} {{pkg|lib32-libvdpau}} multiple issues
 
* [13 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000393.html ASA-201509-4] {{pkg|openldap}} denial of service
 
* [07 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000392.html ASA-201509-3] {{pkg|powerdns}} denial of service
 
* [03 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000391.html ASA-201509-2] {{pkg|bind}} denial of service
 
* [02 September 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-September/000390.html ASA-201509-1] {{pkg|chromium}} multiple issues
 
 
 
=== August 2015 ===
 
* [28 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000389.html ASA-201508-12] {{pkg|firefox}} multiple issues
 
* [26 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000388.html ASA-201508-11] {{pkg|pcre}} arbitrary code execution
 
* [26 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000387.html ASA-201508-10] {{pkg|jasper}} denial of service
 
* [25 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000386.html ASA-201508-9] {{pkg|django}} denial of service
 
* [25 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000385.html ASA-201508-8] {{pkg|gnutls}} denial of service
 
* [16 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000384.html ASA-201508-7] {{pkg|glibc}} denial of service
 
* [14 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000383.html ASA-201508-6] {{pkg|freeradius}} insufficient CRL validation
 
* [14 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000382.html ASA-201508-5] {{pkg|subversion}} authentication bypass
 
* [12 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000381.html ASA-201508-4] {{pkg|firefox}} multiple issues
 
* [11 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000380.html ASA-201508-3] {{pkg|ppp}} denial of service
 
* [07 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000379.html ASA-201508-2] {{pkg|wordpress}} multiple issues
 
* [07 August 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-August/000378.html ASA-201508-1] {{pkg|firefox}} information leakage
 
 
 
=== July 2015 ===
 
* [29 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000377.html ASA-201507-23] {{pkg|pacman}} silent downgrade
 
* [29 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000376.html ASA-201507-22] {{pkg|bind}} denial of service
 
* [29 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000375.html ASA-201507-21] {{pkg|qemu}} multiple issues
 
* [24 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000374.html ASA-201507-20] {{pkg|crypto++}} private key recovery
 
* [24 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000373.html ASA-201507-19] {{pkg|libuser}} privilege escalation
 
* [23 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000371.html ASA-201507-18] {{pkg|chromium}} multiple issues
 
* [23 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000372.html ASA-201507-17] {{pkg|openssh}} authentication limits bypass
 
* [22 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000370.html ASA-201507-16] {{pkg|jre7-openjdk}} multiple issues
 
* [17 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000369.html ASA-201507-15] {{pkg|apache}} multiple issues
 
* [16 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000368.html ASA-201507-14] {{pkg|lib32-flashplugin}} arbitrary code execution
 
* [16 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000367.html ASA-201507-13] {{pkg|flashplugin}} arbitrary code execution
 
* [13 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000366.html ASA-201507-12] {{pkg|lib32-openssl}} man-in-the-middle
 
* [12 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000365.html ASA-201507-11] {{pkg|lib32-krb5}} multiple issues
 
* [12 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000364.html ASA-201507-10] {{pkg|krb5}} multiple issues
 
* [11 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000363.html ASA-201507-9] {{pkg|thunderbird}} multiple issues
 
* [09 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000362.html ASA-201507-8] {{pkg|openssl}} man-in-the-middle
 
* [08 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000361.html ASA-201507-7] {{pkg|flashplugin}} remote code execution
 
* [07 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000360.html ASA-201507-6] {{pkg|bind}} denial of service
 
* [07 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000359.html ASA-201507-5] {{pkg|ntp}} denial of service
 
* [04 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000358.html ASA-201507-4] {{pkg|openssh}} XSECURITY restrictions bypass
 
* [04 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000357.html ASA-201507-3] {{pkg|haproxy}} information leakage
 
* [03 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000356.html ASA-201507-2] {{pkg|firefox}} remote code execution
 
* [03 July 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-July/000355.html ASA-201507-1] {{pkg|wesnoth}} information leakage
 
 
 
=== June 2015 ===
 
* [24 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000346.html ASA-201506-5] {{pkg|flashplugin}} remote code execution
 
* [22 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000345.html ASA-201506-4] {{pkg|curl}} information leakage
 
* [12 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000344.html ASA-201506-3] {{pkg|openssl}} multiple issues
 
* [10 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000343.html ASA-201506-2] {{pkg|cups}} multiple issues
 
* [01 June 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-June/000342.html ASA-201506-1] {{pkg|pcre}} buffer overflow
 
 
 
=== May 2015 ===
 
* [28 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000341.html ASA-201505-20] {{pkg|curl}} information leakage
 
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000340.html ASA-201505-19] {{pkg|webkitgtk2}} man-in-the-middle
 
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000339.html ASA-201505-18] {{pkg|webkitgtk}} man-in-the-middle
 
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000338.html ASA-201505-17] {{pkg|postgresql}} multiple issues
 
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000337.html ASA-201505-16] {{pkg|pgbouncer}} denial of service
 
* [26 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000336.html ASA-201505-15] {{pkg|nbd}} denial of service
 
* [21 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000335.html ASA-201505-14] {{pkg|chromium}} multiple issues
 
* [18 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000332.html ASA-201505-13] {{pkg|thunderbird}} multiple issues
 
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000331.html ASA-201505-12] {{pkg|wireshark-gtk}} multiple issues
 
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000330.html ASA-201505-11] {{pkg|wireshark-qt}} multiple issues
 
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000329.html ASA-201505-10] {{pkg|wireshark-cli}} multiple issues
 
* [14 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000328.html ASA-201505-9] {{pkg|qemu}} arbitrary code execution
 
* [13 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000321.html ASA-201505-8] {{pkg|tomcat6}} denial of service
 
* [13 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000320.html ASA-201505-7] {{pkg|firefox}} multiple issues
 
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000319.html ASA-201505-6] {{pkg|docker}} multiple issues
 
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000318.html ASA-201505-5] {{pkg|libtasn1}} arbitrary code execution
 
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000317.html ASA-201505-4] {{pkg|mariadb-clients}} multiple issues
 
* [08 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000316.html ASA-201505-3] {{pkg|mariadb}} multiple issues
 
* [03 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000315.html ASA-201505-2] {{pkg|clamav}} multiple issues
 
* [01 May 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-May/000314.html ASA-201505-1] {{pkg|squid}} weak certificate validation
 
 
 
=== Apr 2015 ===
 
* [30 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000313.html ASA-201504-32] {{pkg|perl-xml-libxml}} xml external entity injection
 
* [29 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000312.html ASA-201504-31] {{pkg|dovecot}} denial of service
 
* [29 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000311.html ASA-201504-30] {{pkg|chromium}} multiple issues
 
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000310.html ASA-201504-29] {{pkg|wpa_supplicant}} arbitrary code execution
 
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000309.html ASA-201504-28] {{pkg|curl}} multiple issues
 
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000308.html ASA-201504-27] {{pkg|powerdns-recursor}} denial of service
 
* [24 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000307.html ASA-201504-26] {{pkg|powerdns}} denial of service
 
* [23 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000305.html ASA-201504-25] {{pkg|glibc}} arbitrary code execution
 
* [22 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000304.html ASA-201504-24] {{pkg|firefox}} arbitrary code execution
 
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000302.html ASA-201504-23] {{pkg|jre8-openjdk-headless}} multiple issues
 
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000301.html ASA-201504-22] {{pkg|jre8-openjdk}} multiple issues
 
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000300.html ASA-201504-21] {{pkg|jdk8-openjdk}} multiple issues
 
* [20 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000299.html ASA-201504-20] {{pkg|tcpdump}} denial of service
 
* [18 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000298.html ASA-201504-19] {{pkg|chromium}} multiple issues
 
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000297.html ASA-201504-18] {{pkg|flashplugin}} multiple issues
 
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000296.html ASA-201504-17] {{pkg|jre7-openjdk-headless}} multiple issues
 
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000295.html ASA-201504-16] {{pkg|jre7-openjdk}} multiple issues
 
* [17 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000294.html ASA-201504-15] {{pkg|jdk7-openjdk}} multiple issues
 
* [15 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000291.html ASA-201504-14] {{pkg|php}} multiple issues
 
* [14 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000282.html ASA-201504-13] {{pkg|ruby}} permissive certificate matching
 
* [11 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000281.html ASA-201504-12] {{pkg|icecast}} denial of service
 
* [10 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000280.html ASA-201504-11] {{pkg|mediawiki}} multiple issues
 
* [09 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000279.html ASA-201504-10] {{pkg|libssh2}} out-of-bounds read
 
* [08 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000278.html ASA-201504-9] {{pkg|chrony}} denial of service
 
* [08 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000275.html ASA-201504-8] {{pkg|ntp}} multiple issues
 
* [07 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000274.html ASA-201504-7] {{pkg|tor}} multiple issues
 
* [04 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000272.html ASA-201504-6] {{pkg|thunderbird}} multiple issues
 
* [04 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000273.html ASA-201504-5] {{pkg|java-batik}} xml external entity injection
 
* [04 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000271.html ASA-201504-4] {{pkg|firefox}} certificate verification bypass
 
* [03 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000270.html ASA-201504-3] {{pkg|libtasn1}} stack overflow
 
* [02 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000269.html ASA-201504-2] {{pkg|chromium}} remote code execution
 
* [01 Apr 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-April/000268.html ASA-201504-1] {{pkg|firefox}} multiple issues
 
 
 
=== Mar 2015 ===
 
* [31 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000267.html ASA-201503-26] {{pkg|musl}} arbitrary code execution
 
* [28 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000266.html ASA-201503-25] {{pkg|php}} zip integer overflow
 
* [25 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000265.html ASA-201503-24] {{pkg|vorbis-tools}} denial of service
 
* [24 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000264.html ASA-201503-23] {{pkg|util-linux}} command injection
 
* [23 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000263.html ASA-201503-22] {{pkg|cpio}} directory traversal
 
* [21 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000262.html ASA-201503-21] {{pkg|firefox}} multiple issues
 
* [20 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000261.html ASA-201503-20] {{pkg|tcpdump}} multiple issues
 
* [20 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000260.html ASA-201503-19] {{pkg|xerces-c}} denial of service
 
* [20 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000259.html ASA-201503-18] {{pkg|drupal}} multiple issues
 
* [19 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000258.html ASA-201503-17] {{pkg|lib32-openssl}} multiple issues
 
* [19 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000257.html ASA-201503-16] {{pkg|openssl}} multiple issues
 
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000256.html ASA-201503-15] {{pkg|libxfont}} multiple issues
 
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000255.html ASA-201503-14] {{pkg|ecryptfs-utils}} hard-coded passphrase salt
 
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000254.html ASA-201503-13] {{pkg|ettercap-gtk}} multiple issues
 
* [17 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000253.html ASA-201503-12] {{pkg|ettercap}} multiple issues
 
* [16 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000252.html ASA-201503-11] {{pkg|flashplugin}} multiple issues
 
* [16 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000251.html ASA-201503-10] {{pkg|librsync}} checksum collision
 
* [15 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000250.html ASA-201503-9] {{pkg|unzip}} arbitrary code execution
 
* [12 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000249.html ASA-201503-8] {{pkg|e2fsprogs}} arbitrary code execution
 
* [11 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000248.html ASA-201503-7] {{pkg|python2-django}} {{pkg|python-django}} cross site scripting
 
* [09 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000247.html ASA-201503-6] {{pkg|mutt}} denial of service
 
* [05 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000245.html ASA-201503-5] {{pkg|chromium}} multiple issues
 
* [05 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000244.html ASA-201503-4] {{pkg|grep}} denial of service
 
* [02 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000243.html ASA-201503-3] {{pkg|lib32-elfutils}} directory traversal
 
* [02 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000242.html ASA-201503-2] {{pkg|elfutils}} directory traversal
 
* [02 Mar 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-March/000241.html ASA-201503-1] {{pkg|putty}} information disclosure
 
 
 
=== Feb 2015 ===
 
* [25 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000238.html ASA-201502-15] {{pkg|thunderbird}} multiple issues
 
* [25 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000237.html ASA-201502-14] {{pkg|firefox}} multiple issues
 
* [23 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000236.html ASA-201502-13] {{pkg|samba}} arbitrary code execution
 
* [17 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000235.html ASA-201502-12] {{pkg|krb5}} multiple issues
 
* [11 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000234.html ASA-201502-11] {{pkg|xorg-server}} information leak and denial of service
 
* [10 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000233.html ASA-201502-10] {{pkg|dbus}} denial of service
 
* [09 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000232.html ASA-201502-9] {{pkg|pigz}} remote write to arbitrary file
 
* [09 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000231.html ASA-201502-8] {{pkg|glibc}} multiple issues
 
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000230.html ASA-201502-7] {{pkg|ntp}} multiple issues
 
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000229.html ASA-201502-6] {{pkg|clamav}} arbitrary code execution
 
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000228.html ASA-201502-5] {{pkg|chromium}} multiple issues
 
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000227.html ASA-201502-4] {{pkg|postgresql}} multiple issues
 
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000226.html ASA-201502-3] {{pkg|mantisbt}} multiple issues
 
* [05 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000225.html ASA-201502-2] {{pkg|flashplugin}} remote code execution
 
* [03 Feb 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-February/000224.html ASA-201502-1] {{pkg|privoxy}} denial of service
 
 
 
=== Jan 2015 ===
 
* [28 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000223.html ASA-201501-24] {{pkg|patch}} multiple issues
 
* [27 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000222.html ASA-201501-23] {{pkg|jasper}} arbitrary code execution
 
* [26 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000220.html ASA-201501-22] {{pkg|flashplugin}} multiple issues
 
* [25 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000219.html ASA-201501-21] {{pkg|chromium}} multiple issues
 
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000218.html ASA-201501-20] {{pkg|jre7-openjdk-headless}} multiple issues
 
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000217.html ASA-201501-19] {{pkg|jre7-openjdk}} multiple issues
 
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000216.html ASA-201501-18] {{pkg|jdk7-openjdk}} multiple issues
 
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000215.html ASA-201501-17] {{pkg|php}} remote code execution
 
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000212.html ASA-201501-16] {{pkg|jre8-openjdk-headless}} multiple issues
 
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000211.html ASA-201501-15] {{pkg|jre8-openjdk}} multiple issues
 
* [23 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000210.html ASA-201501-14] {{pkg|jdk8-openjdk}} multiple issues
 
* [20 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000209.html ASA-201501-13] {{pkg|polarssl}} remote code execution
 
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000208.html ASA-201501-12] {{pkg|libssh}} denial of service
 
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000207.html ASA-201501-11] {{pkg|tinyproxy}} denial of service
 
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000206.html ASA-201501-10] {{pkg|samba}} privilege elevation
 
* [19 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000205.html ASA-201501-9] {{pkg|curl}} url request injection
 
* [15 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000204.html ASA-201501-8] {{pkg|flashplugin}} multiple issues
 
* [14 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000203.html ASA-201501-7] {{pkg|thunderbird}} multiple issues
 
* [14 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000202.html ASA-201501-6] {{pkg|firefox}} multiple issues
 
* [14 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000201.html ASA-201501-5] {{pkg|cpio}} heap buffer overflow
 
* [13 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000200.html ASA-201501-4] {{pkg|libevent}} heap overflow
 
* [10 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000199.html ASA-201501-3] {{pkg|unzip}} arbitrary code execution
 
* [09 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000198.html ASA-201501-2] {{pkg|openssl}} multiple issues
 
* [07 Jan 2015] [https://lists.archlinux.org/pipermail/arch-security/2015-January/000192.html ASA-201501-1] {{pkg|imagemagick}} multiple issues
 
 
 
=== Dec 2014 ===
 
* [22 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000189.html ASA-201412-24] {{pkg|ntp}} multiple issues
 
* [18 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000183.html ASA-201412-23] {{pkg|php}} use after free
 
* [18 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000182.html ASA-201412-22] {{pkg|jasper}} arbitrary code execution
 
* [18 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000181.html ASA-201412-21] {{pkg|glibc}} arbitrary code execution
 
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000178.html ASA-201412-20] {{pkg|unrtf}} arbitrary code execution
 
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000177.html ASA-201412-19] {{pkg|dokuwiki}} cross-site scripting
 
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000176.html ASA-201412-18] {{pkg|nss}} signature forgery
 
* [16 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000175.html ASA-201412-17] {{pkg|subversion}} denial of service
 
* [15 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000174.html ASA-201412-16] {{pkg|docker}} multiple issues
 
* [15 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000173.html ASA-201412-15] {{pkg|python2}} multiple issues
 
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000172.html ASA-201412-14] {{pkg|xorg-server}} multiple issues
 
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000171.html ASA-201412-13] {{pkg|flashplugin}} multiple issues
 
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000170.html ASA-201412-12] {{pkg|nvidia}} arbitrary code execution
 
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000169.html ASA-201412-11] {{pkg|nvidia-340xx}} arbitrary code execution
 
* [12 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000168.html ASA-201412-10] {{pkg|nvidia-304xx}} arbitrary code execution
 
* [09 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000167.html ASA-201412-9] {{pkg|powerdns-recursor}} denial of service
 
* [09 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000166.html ASA-201412-8] {{pkg|unbound}} denial of service
 
* [08 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000165.html ASA-201412-7] {{pkg|bind}} denial of service
 
* [08 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000164.html ASA-201412-6] {{pkg|mantisbt}} multiple issues
 
* [04 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000163.html ASA-201412-5] {{pkg|antiword}} buffer overflow
 
* [03 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000162.html ASA-201412-4] {{pkg|graphviz}} format string vulnerability
 
* [03 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000161.html ASA-201412-3] {{pkg|firefox}} multiple issues
 
* [02 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000160.html ASA-201412-2] {{pkg|openvpn}} denial of service
 
* [01 Dec 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-December/000159.html ASA-201412-1] {{pkg|gnupg}} denial of service
 
 
 
=== Nov 2014 ===
 
* [28 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000156.html ASA-201411-31] {{pkg|libksba}} denial of service
 
* [28 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000157.html ASA-201411-32] {{pkg|icecast}} information leak
 
* [28 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000158.html ASA-201411-33] {{pkg|libjpeg-turbo}} denial of service
 
* [26 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000155.html ASA-201411-30] {{pkg|flac}} arbitrary code execution
 
* [26 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000154.html ASA-201411-29] {{pkg|pcre}} heap buffer overflow
 
* [23 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000153.html ASA-201411-28] {{pkg|dbus}} denial of service
 
* [21 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000152.html ASA-201411-27] {{pkg|glibc}} command execution
 
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000151.html ASA-201411-26] {{pkg|chromium}} multiple issues
 
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000150.html ASA-201411-25] {{pkg|drupal}} session hijacking and denial of service
 
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000149.html ASA-201411-24] {{pkg|wireshark-qt}} denial of service
 
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000148.html ASA-201411-23] {{pkg|wireshark-gtk}} denial of service
 
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000147.html ASA-201411-22] {{pkg|wireshark-cli}} denial of service
 
* [20 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000146.html ASA-201411-21] {{pkg|clamav}} denial of service
 
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000145.html ASA-201411-20] {{pkg|avr-binutils}} multiple issues
 
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000144.html ASA-201411-19] {{pkg|mingw-w64-binutils}} multiple issues
 
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000143.html ASA-201411-18] {{pkg|arm-none-eabi-binutils}} multiple issues
 
* [19 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000142.html ASA-201411-17] {{pkg|binutils}} multiple issues
 
* [17 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000141.html ASA-201411-16] {{pkg|ruby}} denial of service
 
* [17 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000140.html ASA-201411-15] {{pkg|linux-lts}} local denial of service, privilege escalation
 
* [17 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000139.html ASA-201411-14] {{pkg|linux}} local denial of service, privilege escalation
 
* [13 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000138.html ASA-201411-13] {{pkg|php}} denial of service
 
* [13 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000137.html ASA-201411-12] {{pkg|imagemagick}} denial of service
 
* [13 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000136.html ASA-201411-11] {{pkg|flashplugin}} remote code execution
 
* [12 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000135.html ASA-201411-10] {{pkg|gnutls}} out-of-bounds memory write
 
* [12 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000134.html ASA-201411-9] {{pkg|file}} denial of service through out-of-bounds read
 
* [12 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000133.html ASA-201411-8] {{pkg|mantisbt}} arbitrary code execution and unrestricted access
 
* [11 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000132.html ASA-201411-7] {{pkg|curl}} out-of-bounds read
 
* [10 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000131.html ASA-201411-6] {{pkg|kdebase-workspace}} local privilege escalation
 
* [09 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000130.html ASA-201411-5] {{pkg|konversation}} denial of service
 
* [06 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000129.html ASA-201411-4] {{pkg|polarssl}} multiple issues
 
* [05 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000128.html ASA-201411-3] {{pkg|mantisbt}} sql injection
 
* [03 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000127.html ASA-201411-2] {{pkg|aircrack-ng}} multiple vulnerabilities
 
* [01 Nov 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-November/000126.html ASA-201411-1] {{pkg|tnftp}} arbitrary command execution
 
 
 
=== Oct 2014 ===
 
 
 
* [29 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000125.html ASA-201410-14] {{pkg|wget}} arbitrary filesystem access
 
* [27 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000124.html ASA-201410-13] {{pkg|ejabberd}} circumvention of encryption
 
* [24 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000123.html ASA-201410-12] {{pkg|libxml2}} Denial of service
 
* [24 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000122.html ASA-201410-11] {{pkg|ctags}} Denial of service
 
* [23 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000121.html ASA-201410-10] {{pkg|libvncserver}} Remote code execution and Remote DoS
 
* [22 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000120.html ASA-201410-9] {{pkg|libpurple}} Remote DoS and Information leakage
 
* [20 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000119.html ASA-201410-8] {{pkg|wpa_supplicant}}, {{pkg|hostapd}} Arbitrary command execution
 
* [16 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000118.html ASA-201410-7] {{pkg|drupal}} SQL Injection
 
* [16 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000117.html ASA-201410-6] {{pkg|openssl}} Memory leak and poodle mitigation
 
* [15 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000116.html ASA-201410-4] {{pkg|zeromq}} Man-in-the-middle downgrade and replay attack
 
* [8 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000115.html ASA-201410-5] {{pkg|rsyslog}} Denial of service
 
* [4 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000114.html ASA-201410-3] {{pkg|mediawiki}} Cross-site Scripting (XSS) and UI redressing
 
* [2 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000113.html ASA-201410-2] {{pkg|jenkins}} Multiple issues
 
* [1 Oct 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-October/000112.html ASA-201410-1] {{pkg|rsyslog}} Remote denial of service
 
 
 
=== Sep 2014 ===
 
 
 
* [29 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000111.html ASA-201409-5] {{pkg|libvirt}} Out-of-bounds read access
 
* [29 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000109.html ASA-201409-4] {{pkg|mediawiki}} Cross-site Scripting (XSS)
 
* [26 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000102.html ASA-201409-3] {{pkg|python2}} Information leakage through integer overflow
 
* [26 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000099.html ASA-201409-2] {{pkg|bash}} Remote code execution
 
* [25 Sep 2014] [https://lists.archlinux.org/pipermail/arch-security/2014-September/000097.html ASA-201409-1] {{pkg|nss}} Signature forgery attack
 
 
 
==Publishing a new advisory==
 
 
 
We try to always wait for the vulnerability to have been fixed in the corresponding package before issuing an advisory.
 
In case of an extremely critical vulnerability,
 
we may issue an advisory before the package has been fixed, but only if a work-around exists.
 
 
 
If you want to publish a new advisory, please check that:
 
* the corresponding Arch Linux package is really vulnerable ;
 
* the tracking [[Arch_CVE_Monitoring_Team#Procedure|Procedure]] has been completed;
 
* no Arch Linux Security Advisory for this vulnerability has been published yet ;
 
* no upcoming Security Advisory for this vulnerability has been claimed in the "[[#Scheduled Advisories|Scheduled Advisories]]" list of this page, as it would mean that someone is already working on an advisory ;
 
* the current maintainer has been notified, either by flagging the package ouf-of-date if an upstream release fixing the issue exists and/or by creating a new [https://bugs.archlinux.org/ bug-tracker] entry (see the exact procedure [[Arch_CVE_Monitoring_Team#Procedure|here]]).
 
 
 
You may then:
 
* add a line in the "[[#Scheduled Advisories|Scheduled Advisories]]" list of this page, indicating that you are going to publish an advisory soon ;
 
* use the following template as an example to write the advisory ;
 
* ensure that every line in the advisory is properly wrapped after 72 characters
 
* send the advisory to the [https://mailman.archlinux.org/mailman/listinfo/arch-security arch-security] mailing-list (note that it would be nice if you could send a PGP-signed e-mail, but it is not required).
 
* move the published advisory from "[[#Scheduled Advisories|Scheduled Advisories]]" to "[[#Recent Advisories|Recent Advisories]]"
 
* adapt the [[CVE#Documented_CVE.27s|CVE]] tracking page for the fixed package and add a link to the appropriate ASA.
 
 
 
===Templates===
 
 
 
{{bc|<nowiki>
 
Subject:
 
[ASA-<YYYYMM-N>] <Package>: <Vulnerability Type>
 
 
 
Body:
 
Arch Linux Security Advisory ASA-YYYYMM-N
 
=========================================
 
 
 
Severity: Low, Medium, High, Critical
 
Date    : YYYY-MM-DD
 
CVE-ID  : <CVE-ID>
 
Package : <package>
 
Type    : <Vulnerability Type>
 
Remote  : <Yes/No>
 
Link    : https://wiki.archlinux.org/index.php/CVE
 
 
 
Summary
 
=======
 
 
 
The package <package> before version <Arch Linux fixed version> is vulnerable to <Vulnerability type>.
 
 
 
Resolution
 
==========
 
 
 
Upgrade to <Arch Linux fixed version>.
 
 
 
# pacman -Syu "<package>>=<Arch Linux fixed version>"
 
 
 
The problem has been fixed upstream in version <upstream fixed version>.
 
 
 
Workaround
 
==========
 
 
 
<Is there a way to mitigate this vulnerability without upgrading?>
 
 
 
Description
 
===========
 
 
 
<Long description, for example from original advisory>.
 
 
 
Impact
 
======
 
 
 
<
 
What is it that an attacker can do? Does this need existing
 
pre-conditions to be exploited (valid credentials, physical access)?
 
Is this remotely exploitable?
 
>.
 
 
 
References
 
==========
 
 
 
<CVE-Link>
 
<Upstream report>
 
<Arch Linux Bug-Tracker>
 
</nowiki>}}
 
 
 
===Vim-Snippet===
 
 
 
Vim-Snippet for vim-ultisnips plugin for easy completing the archlinux template. Just install {{pkg|vim-ultisnips}} and copy the text below in your {{ic|~/.vim/UltiSnips/all.snippets}} you can jump through the tabstops with {{ic|CTRL+j}}.
 
 
 
{{bc|<nowiki>
 
snippet archsec "arch security form"                                                                                 
 
Arch Linux Security Advisory ASA-`date -I -u | egrep -o '[0-9]{4}'``date -I -u | egrep -o '[0-9]{2}' | sed '3q;d'`-${1}
 
========================================${1/./=/g}                                                                   
 
 
 
Severity: ${2}                                                                                                       
 
Date    : `date -I -u`                                                                                               
 
CVE-ID  : $3                                                                                                         
 
Package : $4                                                                                                         
 
Type    : $5
 
Remote  : ${6}                                                                                                       
 
Link    : https://wiki.archlinux.org/index.php/CVE                                                                   
 
                                                                                                                     
 
Summary
 
=======
 
                                                                                                                     
 
The package $4 before version $7 is vulnerable to $5 ${8}                                                             
 
                                                                                                                     
 
Resolution
 
==========
 
                                                                                                                     
 
Upgrade to $7.
 
                                                                                                                     
 
# pacman -Syu "$4>=$7"                                                                                               
 
                                                                                                                     
 
${9:The problems have been fixed upstream in version ${7/-\d+$/./}}                                                   
 
                                                                                                                     
 
Workaround
 
==========                                                                                                           
 
                                                                                                                     
 
${10:None.}                                                                                                           
 
 
 
Description                                                                                                           
 
===========                                                                                                           
 
 
 
${3/(CVE-....-....)(\s?)/- $1(?2: : )()\n\n/g}                                                                       
 
 
 
Impact
 
======                                                                                                               
 
 
 
A${6/(Yes)|(No)/(?1: remote )(?2: local )/}attacker is able to ${12}                                                 
 
 
 
References
 
==========                                                                                                           
 
                                                                                                                     
 
${3/(CVE-....-....)(\s?)/https:\/\/access.redhat.com\/security\/cve\/$1\n/g}
 
${13}
 
endsnippet
 
 
 
</nowiki>}}
 

Latest revision as of 20:03, 25 January 2017

Redirect to: