[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RE: flashplugin-nonfree and latest Flash security updates

On Wed, 3 Aug 2016 20:47:45 +0200
Moritz Mühlenhoff <jmm@inutil.org> wrote:

> Nick Boyce <nick@glimmer.demon.co.uk> schrieb:

> > assuming Bart is MIA for some reason, is it possible
> > for the Security Team to either fix the update, or to make an
> > announcement that all Debian users should stop using the Adobe
> > player immediately ?  
> 
> No, non-free/contrib is not supported by the security team.

Okay - thanks Moritz.

> Just don't use that crap. With the amount of zero days in Flash
> you're subject to serious vulnerabilities even with an up-to-date
> plugin.

Well you're right of course, though as I said in reply to Paul Wise
there is still a use-case with no alternative at the BBC News website,
and if a throwaway VM is used then the risk is mostly mitigated.  Also I
believe there are quite a few corporate intranet use-cases that *depend*
on Flash for corporate web-apps (at least according to traffic on the
Enterprise Firefox list).

Cheers,
Nick
-- 
In a world where Henry Kissinger wins the Nobel Peace Prize,
there is no need for satire.
                        - Tom Lehrer
Reply to: