CVE-2007-6637 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6637): Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player allow remote attackers to inject arbitrary web script or HTML via a crafted SWF file, related to "pre-generated SWF files" and Adobe Dreamweaver CS3 or Adobe Acrobat Connect. NOTE: the asfunction: vector is already covered by CVE-2007-6244.1.
Jim, please keep an eye on a new release.
Any news on this one?
9.0.124 is out, http://www.adobe.com/support/security/bulletins/apsb08-11.html describes all fixed vulnerabilities.
Thanks for the heads-up. Just put 9.0.124.0 in the tree. I think we should push for stabilization soon, maybe a day or two just in case something is seriously wrong with the RPM.
*** Bug 217029 has been marked as a duplicate of this bug. ***
Okay, I haven't had any bug reports yet (and with closed-source SW like this, it's not like I would be able to do much if there *were* bugs anyway) so I decree it's time to stabilize it. Adding x86 arch team. As per current policy, I have stabilized on amd64 myself.
x86 stable, last arch.
GLSA request filed
GLSA 200804-21