Bug#761667: wheezy-pu: package flashplugin-nonfree/1:3.2+wheezy1

To: submit@bugs.debian.org
Subject: Bug#761667: wheezy-pu: package flashplugin-nonfree/1:3.2+wheezy1
From: Bart Martens <bartm@debian.org>
Date: Mon, 15 Sep 2014 15:19:24 +0000
Message-id: <[🔎] 20140915151924.GA26057@master.debian.org>
Reply-to: Bart Martens <bartm@debian.org>, 761667@bugs.debian.org

Package: release.debian.org
Severity: normal
Tags: wheezy
User: release.debian.org@packages.debian.org
Usertags: pu

Is the attached patch OK for an update in stable ? It's a security fix, but the
security team doesn't do security updates for section contrib.  See #752277 for
all details.

Regards,

Bart Martens

diff -ruN orig/flashplugin-nonfree-3.2/debian/changelog flashplugin-nonfree-3.2+wheezy1/debian/changelog
--- orig/flashplugin-nonfree-3.2/debian/changelog	2012-12-13 22:07:41.000000000 +0100
+++ flashplugin-nonfree-3.2+wheezy1/debian/changelog	2014-06-22 19:53:42.000000000 +0200
@@ -1,3 +1,12 @@
+flashplugin-nonfree (1:3.2+wheezy1) stable; urgency=high
+
+  * Fixes the security bug reported by Jakub Wilk on 22 Jun 2014 09:16:18 +0200
+    on #752277 :
+    + pubkey.asc: Replaced with the public key of a new keypair.
+    + update-flashplugin-nonfree: Download files signed with new key.
+
+ -- Bart Martens <bartm@debian.org>  Sun, 22 Jun 2014 19:35:06 +0200
+
 flashplugin-nonfree (1:3.2) unstable; urgency=low
 
   * update-flashplugin-nonfree: Added use of "gpg --verify" to notice files
diff -ruN orig/flashplugin-nonfree-3.2/pubkey.asc flashplugin-nonfree-3.2+wheezy1/pubkey.asc
--- orig/flashplugin-nonfree-3.2/pubkey.asc	2009-09-09 19:21:28.000000000 +0200
+++ flashplugin-nonfree-3.2+wheezy1/pubkey.asc	2014-06-22 19:52:35.000000000 +0200
@@ -1,64 +1,30 @@
 -----BEGIN PGP PUBLIC KEY BLOCK-----
-Version: GnuPG v1.4.9 (GNU/Linux)
+Version: GnuPG v1.4.12 (GNU/Linux)
 
-mQINBEo15F8BEADBmwCZvYr2DQf8/azmolFw0jW0l2LjXcmIbHIWd9AFDhPmcy5c
-Kk5zKQtXDtQVJVtqAo52vklqidp4jr75ss/Ns1UTqbtY4mjaKATHShedvijDBoj3
-9QYry6L/rMMZvXi8L86GpBepXNmRiTyE/Jl6K0hQpj7MBEAjLLhgpSOaNWrLm9Tb
-5dNifX0MlCqnfe1YdbYA3GkY+OfAJpUPZhs76kHXb3ufqhVpNw9E6vaoxkyyChza
-Nfwfu1plnNuobcImEBWf3xSErfFV6Nr5cxYE/+HvZ4er/v2zMjFpPXGWECx3ZD1W
-Zd2pIJwu7Rl2EVVmR13qrEgBwfmly2LgGfTWFNTd8dmeVIfk1kJJYnCnYf8UIwYp
-fVrMco91DxUflUs+N8uSjkWN4de6TI8OxCmZdyqyghgxBxziVuqTU/m2g0Y751n5
-hnJMrGAown0AimTkIYR2S8vBfteQHCHuxktKKfw1ax/cs6nSWfsLvxVSYS8D4z44
-R1dSt00XZRPt5DYCw0jr64iFcpIY2R4qqFOwCYxqBRxnDlRj6PfIQJEgm2zCg0D2
-lYYdXzeh1ho7Zx9k7eY2XJlZlO4OW+16ua2rF6IaFfeHQcLwWnTOeTc6uWLH2Z8u
-WQyQjtnB0Nfhn43HsOHxPFry++iR2UVa/d5iGchd7u/3/2D62RhPATSC7wARAQAB
-tB1CYXJ0IE1hcnRlbnMgPGJhcnRtQGtuYXJzLmJlPokCOgQTAQgAJAIbAwULCQgH
-AwUVCgkICwUWAgMBAAIeAQIXgAUCSjXlsQIZAQAKCRAzVfTWO1ghzFe4EACHrCve
-I2dOPEnuNpUufH6n294TWItc7yBdInh5uKLuV9OnLZMh5S4DhZhTH/MEmhYFaJ2p
-mBDUUYj9Qn2K5meC0TVlgr3ikQPQNgkVOSrGdC5DYVr/LgRd1h20peniwr/8Cmmw
-+oVA4oQ7UdviiJZaUbtZe1ntFbZqWJz9pVuVIAAusMkCUCg4YY+9BrftCS+k8Zb8
-k+loMWSiWF7ALkNn6dlPk36JSwSboHijkmS3080/zyV6PS9VYxlyMR5Sw1z8czxm
-75Qs52CQErCIlQB+4pgVPWOE6IufbOCDfv2CQ8IqYeHK30cah1ws1TuDm7QxERwv
-NoDgaJEXbMpSVQzU8qCucnLz2IAJEz6KCeMW+Cv2NSe7c6ayoh8XX1wvWGaT7gnQ
-nA3ALotdyg64rWUUmrp81TyYWvGNTxlNuN9Am46MO0n2f4KdtaLw6cpdSwbcA4AP
-wT/k2Ob37MSZcaI2Cz5caSnsvqoiSYLTWYXf+fmCwgi60cS6WRDxCzgpBLh1Q0Ay
-zfA+Lt7MioAY2JkzTalSvFG7FzckqQ/I+4PCdE3tkljMsh98q8C2Lwa7SFkk9s9L
-nAjrIGqdKoqE006JJ65/WcLOtaPKFqoqWrwCQREpUGuOT/wAtntq7U0yu9DFKWYm
-n0WXmlI8oSBgPxu7KMOM+5lRjEB0UgKrzm3KCLQfQmFydCBNYXJ0ZW5zIDxiYXJ0
-bUBkZWJpYW4ub3JnPokCNwQTAQgAIQIbAwULCQgHAwUVCgkICwUWAgMBAAIeAQIX
-gAUCSjXlrQAKCRAzVfTWO1ghzCGqD/9ReABDWD/GU9wr1t66cAHzNPGErdm0Ml9j
-NK1x0jDJduNAOVYnW9dSf5tfQMLCNB8CtveYMgTJAoi3lQR8VMf9rd9vBxQwe2/N
-vo+1lg35CD3kneZvnlI3ZFFh5XAYikk3p9fQNdDAOZsDiLkCHdG9643ELqst5BVh
-O8mUaPuPJoHwKcM540saeAsSiQXvicw9O96JUUlbDB9SEP7HGGWKpuWlIYxWE4qY
-2RimVUkTcH73Gn+yN+9HSPuHn2SG1racsuqOgyPPac9KOcGA6pYUYqr7ZV/Qurd8
-DZ29tWTWp6rAYm9gqDwqa3UxIm4lqtbmnbLdKksyAbXd6jZNYI0kiZTWbYazotFu
-FmK8Jj2dY36qeTJYdTnxLqS9/OFzY8Co8xdKnw9xwG7F9G8atvEn3FlElREZceiG
-zyZ77Oh932mvLuETBTibABTTZZMP1mxYqIx2TcIj2Lple9RnCPVerY4wgIWWPyl5
-5LZWYJ93+Q7L7L0AcV6yrOftONPCePYCHPRj+ebSEX7Se0p3yWamuanPuNkTEGnt
-VSk1FoyNqw2BJjpMDMpvHTmKupioG5i6rUM9+R/gFyn68wJcxzNM2YPXmQIulnJM
-hx0oydAuiQk6/ONvFhfMfXsjZixuryhXg69Pm/VjdBSQwz6kSmh56le8NrtelStM
-tUOEPA10BrkCDQRKNeZBARAA25Vs4gdy6qwnzjywxQaYjUZMAGXrV0TU69CpB3m1
-rgXy+REUd8wTWPZ6wX/OGVN4I0+pAxeEeocCXdqE9vfLQUwI5d1OrseA72tDme56
-SHigsfSQfYkQ8pDFmkHOjbtzaEAp7HsyqRnPb6iX3BZC23AecNxOFguCHld32Nfi
-4UImma4ZAqzn7pq3hjzrsc5A2s3F2YZj+eJ1Gbcb+phs4jm0RTnS5nJpf+UW/60S
-jt0nx9ZjzrYCiJyDjZCjW8Mb7Tyc4Qhbz2acH9URk/6KnUE7cdFXaDTIEXdhCGkT
-sFV2XoOyIKkqIOdiaVhBF8YJ5kvJsYN1abW1IZaAiGOH0HFhI1OGpbhvWPmqq9+b
-yOJNHpDtfdgoG2x+CFwxoys0JvgtdrZAgdS+Zdmaqrx3sJbY7iHfNSMbkjKV5a3M
-1ZY/83dyH/J2d0q5Fc/bpuBFmJO1P++gXryY3Q+dGCoc4Y0A3/8jeuTeECscoNpK
-o55+LQSH/qXrBUrQhKInOyxt8zYr43tLthNcESLgjkyUtD3mYHgiK39isvj3a1Lj
-o6QHUq1kA5esE3XI9v/8PyVcbaUGNoqSAN8NjtvktNOnj4ZY9efJxlVjcr0sPRqy
-WyEXP1P/gKUsJ9e8XgMOZhx1x+z7f09CPCWOgGpjaQoHrHUcb6kJpLDFdeFKdKPO
-SNUAEQEAAYkCHwQYAQgACQUCSjXmQQIbDAAKCRAzVfTWO1ghzEZOEACgQo6Ao4N5
-wmchQplYItp6vKl0+4YvDohtsLvaFvnoFuQGAe06f62ZPi2VN2Xg9EaDWv2nyjN7
-F4+yVeowW0c2+mpjvkZdZOTtaImUIHKScTu/JzzeNLTm64LhcgSdOCVnqxuB8bq8
-m5GONyFX1YV5tl9BJ8x2kPnx5lA32Dx/An2ct630R2+/TEHcwncDtx2LtpHHvcQk
-i9ChF69cHeRRQz0se/5yGLnrcNZaH5z0cBBP91jCwlwFjxZoTqp6Ps8nUkpYH2zL
-fNRguq2UomtCCOPG0Ab1mw5hV1IxJlazxg0H7UYf58x0mbaO51tv01H/M6ePDQMw
-PxIg5O6f61eDSIC4aTMv2Po0OLKMiBC+uQD5VYgsavkqZKDTYyxbCh7uup+SBosI
-sm8PsdlDxRk1Tu6bO3puMgZVZ2eTdd8Vc7PbHw9vWtybw3if9DiKgx+rpw+nL65G
-CxHn9k/H76i/BSG1FjoOKkJ7l2YJfuCLDHn6xWQKuchSfyGec7vi102JOi6B2adf
-bkBjLnETYpWZ7JcvIdLyysLFl/KGet9i0uXFOuGf+V3EKuS2SHJW6RLiZOEmBHLT
-pDDvc82Ng1K7jJlhERKZbyYAINtKrW5akfLLG1FVDIbX/RcdJeqL84lg46iMSf93
-xcdVBUH5WUthgPDrirtuody3rq+68KrbTQ==
-=RbDj
+mQINBFOm/wEBEACvlKrhJeBfNUjp61kYCeHykRBPYzZNnMnoW8752B5bXtvSGXSX
++PiugDbRCMSr52pKmJhTXmV+gKdT7g6WkWOgDQvqvqo0g6vPmKm8zqAtmVdLWhm4
+A9556sxqHfWje1RN5rIq2+30tX1rXCaOkNY3bd+UKgEAoLrHca8l6qWz5N1Mnu7q
+Hgx683KXD160yfpbyXHAZPu51EDrGvHpNGDbYUr88ojf7bmQi288kPWlrSaFtAun
+9t752Bpcj9Y4KW2qkaISLfBMo/gF/k205HFkfReurngpEVSbDFqIeX375gS6mvuy
+3soMF52YTW0xEeq78MFVXQxkjvr4btuWrhp/7ZFqplFLuLPhSUDAbHhrbjBE+2V5
+gReg9trUXrl7aTy3eR6uWWsfT+fpwP8xiXXk8SkBJFmGb2YbRHaKajMCKe5ZA9Z/
+ZdjuHZO0L9K/MBreQg7afi/L9Jp8/I8kxd3g8HIL1eKVPke2DYI7alrZNOqt1oVj
+okHtYLIrk7Lck3Obif9wjgT/hyv+11mftoZtXctsuYNzH/0DMKP6df4BblLMjr0s
+jtD85qAy5kQX2M5tWVV6wqDUX4utPCE8hSaoyWVddiZr1w8bMd9hB+1ytep1SuR1
+023hpjETIvVflJoy1S+Tya8sIvt6v9krY8/q3faZOMhK+CD94IR5k65L/wARAQAB
+tEBCYXJ0IE1hcnRlbnMgKGZvciB1c2UgaW4gZmxhc2hwbHVnaW4tbm9uZnJlZSkg
+PGJhcnRtQGRlYmlhbi5vcmc+iQI3BBMBCAAhBQJTpv8BAhsDBQsJCAcDBRUKCQgL
+BRYCAwEAAh4BAheAAAoJEMhdpnzVwPwUMnEP/357edG2w2s4N7mDvB4sPrRJF6JB
+UND2nHgwxolsyj9MXMDMDvTkZmfNPiYnpy12n+w3h5Fr/DP22rYjUE/sk5P1Z+/c
+bIb+W+H7JjqJb+AKWtlMUOyFIonGCfWcrXCFYLdVIYrEF+aUvvqQzJdV/R/DnoBb
+6vpYy85gvEqyshUdfyP3b0lDJDcz4tqmarChZO/uaGDaZ9BS7axYiNitjqseHsDk
+2G5iWheNhjzh2S4O/WOc/lcq0bTwapu1s3LCypgbP0qFuLfM3F91oHJF5QVzD0QK
+6KzSGDnvJfR+hTgSHG85WTliR8ILuwQNBgl6YiMMsIkID9eVisJE0i8/QF3Ag8k7
+xpYT0ZeYteMVK4QWpQjHdNUBwBD8+YqmcF5K+sLJxlrBPHatxZtB5SaNmXLY41Qk
+6+E9cNkhd3KdqzXLrS4esUhvS10kztTEjrKAfWcPb6SJlGRpTLl5WbAeEjbEMgwr
+BBdofsZGPTbHwwGXFlQT49nDDGW99kYze4hfNZNV0DF4fzEzbAr9XmzsMeZk8aOY
+U/zQjz0ofnnPI1XEOvYbTN8KA2Ev0zt6xAJLJR/D8LsDuAXPocSI0ssvL4Cii+Z8
+ybDp8l8HGkLxHRp8p+fMJlXng6FN2PvnRO/nsOawT8DTF3kl6tdChnKCGhTibfFR
+u7Xpdqa/Cm3d4GFE
+=JKMY
 -----END PGP PUBLIC KEY BLOCK-----
diff -ruN orig/flashplugin-nonfree-3.2/update-flashplugin-nonfree flashplugin-nonfree-3.2+wheezy1/update-flashplugin-nonfree
--- orig/flashplugin-nonfree-3.2/update-flashplugin-nonfree	2012-12-13 18:25:48.000000000 +0100
+++ flashplugin-nonfree-3.2+wheezy1/update-flashplugin-nonfree	2014-06-22 19:53:12.000000000 +0200
@@ -188,7 +188,7 @@
 	if [ "$upstream" = "" ]
 	then
 		wgetoptions="$wgetquiet $wgetalways"
-		downloadurl=http://people.debian.org/~bartm/flashplugin-nonfree/get-upstream-version.pl.gz.pgp
+		downloadurl=http://people.debian.org/~bartm/flashplugin-nonfree/D5C0FC14/get-upstream-version.pl.gz.pgp
 
 		HOME=/root \
 		wget $wgetoptions $downloadurl \
@@ -229,7 +229,7 @@
 
 			downloadfile=fp10.sha512.i386.pgp.asc
 			[ `dpkg --print-architecture` != "amd64" ] || downloadfile=fp10.sha512.amd64.pgp.asc
-			downloadurl=http://people.debian.org/~bartm/flashplugin-nonfree/$downloadfile
+			downloadurl=http://people.debian.org/~bartm/flashplugin-nonfree/D5C0FC14/$downloadfile
 
 			wgetoptions="$wgetquiet $wgetalways"
 			[ "$verbose" != "yes" ] || wgetoptions="$wgetalways $wgetprogress"

Reply to:

Follow-Ups:
- Bug#761667: wheezy-pu: package flashplugin-nonfree/1:3.2+wheezy1
  - From: Jonathan Wiltshire <jmw@debian.org>
- Processed: Re: Bug#761667: wheezy-pu: package flashplugin-nonfree/1:3.2+wheezy1
  - From: owner@bugs.debian.org (Debian Bug Tracking System)
- Processed: Re: Bug#761667: wheezy-pu: package flashplugin-nonfree/1:3.2+wheezy1
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Bug#761662: wheezy-pu: package dictionaries-common/1.12.11+deb7u1
Next by Date: Processed: Depend on libmagickcore-6.q16-2-extra instead of libmagickcore-extra
Previous by thread: Bug#761662: wheezy-pu: package dictionaries-common/1.12.11+deb7u1
Next by thread: Bug#761667: wheezy-pu: package flashplugin-nonfree/1:3.2+wheezy1
Index(es):
- Date
- Thread