Hi Philippe, * Philippe Cloutier <chealer@gmail.com> [2007-12-20 14:34]: > should someone who already has Flash 9.0.31 installed from stable's > flashplugin-nonfree uninstall it due to security issues? I only see one > important security bug, CVE-2007-5275. This is the wrong mailing list, I think debian-security@lists.d.o would be appropriate. Anyway, CVE-2007-5275 is not the only issue which was fixed recently, have a look at: http://www.adobe.com/support/security/bulletins/apsb07-20.html The update fixes: CVE-2007-6242, CVE-2007-4768, CVE-2007-5275, CVE-2007-6243, CVE-2007-6244, CVE-2007-6245, CVE-2007-4324, CVE-2007-6246 and CVE-2007-5476. Since this fixes also vulnerabilities leading to code execution it is at least not secure to stay with this version. However I think reinstalling the package should solve this as the package just downloads the install_flash_player_9_linux.tar.gz tarball from the adobe site and the name did not change after the security update. Kind regards Nico -- Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
Attachment:
pgpIHHv11stoo.pgp
Description: PGP signature