Re: flashplugin-nonfree 9.0.48.0.1etch1 for Stable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 07/26/07 17:30, Neil McGovern wrote:
> On Thu, Jul 26, 2007 at 08:28:41AM +0200, Bart Martens wrote:
>> Hi Stable Debian-Release,
>> Hi Security Team,
>>
>
> Not speaking in any official capacity here, but:
>
> Lets have a look at the vulnerabilities which still affect etch:
> CVE-2007-2022 - "Unspecified vulnerability ... unspecified impact and
> remote attack vectors." but looks like a keylogger if
> someone visits a malicious webpage.
> CVE-2007-3456 - "Unspecified vulnerability .. related to an input
> validation error." - arbitrary code execution.
>
> So fairly serious.
>
> It seems that 9.0.45.0 was only for Mac/Windows, and 9.0.47.0/9.0.48.0
> is only for linux.
> AFAICT, 9.0.48.0 is 9.0.31.0 + security fixes (as described in
> APSB07-12[0]), except for sparc, which implements the 9.0.31.0 features
> for that arch (probably a good thing).
It apparently also has some feature upgrade(s)/bug fixes, because
.48 plays New York Times videos, whereas .31 would not.
>> 1. We could flashplugin-nonfree 9.0.48.0.1etch1 to Stable soon. The
>> only change is the update of the MD5 checksums. Obviously the upstream
>> Flash plugin itself may have been modified heavily, no idea.
>> 2. I can create a special flashplugin-nonfree package for Stable to
>> remove the insecure plugin from the Stable systems, notifying the users
>> of this removal, and suggesting them to use Backports.
>
> I'd suggest heavy testing (if this hasn't been done already) on the
> 9.0.48.0 package with the aim of working out if new features have been
> added.
>
> If not, then it may be possible that this really is a bugfix only
> release, and IMO would be suitable for an update.
>
> Neil
> [0] http://www.adobe.com/go/apsb07-12
- --
Ron Johnson, Jr.
Jefferson LA USA
Give a man a fish, and he eats for a day.
Hit him with a fish, and he goes away for good!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGqfGzS9HxQb37XmcRAuonAJ9Qfa21ZzjG6N3jDD3JfApiMTmEWQCfUv5V
YHJfmcYzfGdRZHAmi5Q21gk=
=Fjm9
-----END PGP SIGNATURE-----
Reply to: