First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 102777
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Kevin Bowling <kevin.bowling@kev009.com>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 102777 depends on: Show dependency tree
Bug 102777 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2005-08-16 17:53 0000 
Macromedia has released their 8th reversion of the Flash product line, and
consequently a new Linux player.  Would love to see it in Gentoo soon :-).

Reproducible: Always
Steps to Reproduce:

------- Comment #1 From Sridhar Dhanapalan 2005-10-02 20:19:37 0000 ------- 
There is no GNU/Linux version yet. Flash Player 8 is Windows-only.

------- Comment #2 From Andy Dustman 2005-11-09 10:53:35 0000 ------- 
http://www.macromedia.com/devnet/security/security_zone/mpsb05-07.html

The above security vulnerability notice says only 7.0.19 and earlier are
affected. The newest Linux version is 7.0.25 (still no version 8), so we should
be OK, according to the notice. Still, 7.0.25 has been out for quite a while
(more than a year if you believe Macromedia's download page), so I suspect the
advisory is wrong on the version number; they have a 7.0.61 available for Windows.

Also see: http://www.eeye.com/html/research/advisories/AD20051104.html

------- Comment #3 From Jakub Moc (RETIRED) 2005-11-11 10:24:59 0000 ------- 
Re-assign.

------- Comment #4 From Marko Steinberger 2006-03-15 05:03:48 0000 ------- 
Version 7.0.63.0 is available.

------- Comment #5 From Jakub Moc (RETIRED) 2006-03-15 05:34:26 0000 ------- 
Version 8 doesn't exist for Linux, changing the summary. 7.0.61 is the latest
in portage.

------- Comment #6 From Patrizio Bassi 2006-03-15 10:28:47 0000 ------- 
a GLSA may be needed...that's a security problem with older versions.

------- Comment #7 From Thomas B. 2006-03-15 17:00:24 0000 ------- 
Right, here is a security announcement from Macromedia:
http://www.macromedia.com/devnet/security/security_zone/apsb06-03.html

The security bulletin doesn't clearly state whether this also affects Linux
versions of the Flash player, but if you look into the section "Details",
there's the sentence: "Updated versions of Flash Player 7 for Linux and
Solaris, which contain fixes for these vulnerabilities, are also available from
the Adobe Player Download Center." I therefore suspect that Linux versions
<7.0.63.0 are also affected, so this should be pushed stable (maybe with a
GLSA).

Simply renaming the ebuild (and manually downloading the file, since it is not
yet on the mirrors) works for me to bump the version.

------- Comment #8 From Carsten Lohrke 2006-03-16 08:21:28 0000 ------- 
The package is missing metadata.xml.

------- Comment #9 From Petteri Räty 2006-03-19 12:40:38 0000 ------- 
I version bumped this because there doesn't seem to be a maintainer. Arch teams
should probably take a look at this point. Please note that I am not part of
the security team.

------- Comment #10 From Thierry Carrez (RETIRED) 2006-03-19 13:41:40 0000 ------- 
Hm. Looks like we missed this one because it was set as "enhancement". ARchs
please stable.

------- Comment #11 From Olivier Crete 2006-03-19 16:30:41 0000 ------- 
amd64 stable

------- Comment #12 From Michele Noberasco 2006-03-20 00:35:33 0000 ------- 
Stable for x86. Also added missing metadata.xml...

------- Comment #13 From Stefan Cornelius (RETIRED) 2006-03-20 06:34:59 0000 ------- 
ready for glsa

------- Comment #14 From Sune Kloppenborg Jeppesen 2006-03-21 13:19:49 0000 ------- 
Thx everyone.

GLSA 200603-20
First Last Prev Next    No search results available      Search page      Enter new bug