Gentoo Bug 204344 - net-www/netscape-flash <9.0.124.0 Multiple vulnerabilities (CVE-2007-{0071,5275,6019,6243,6637}, CVE-2008-{1654,1655})

Bug List: (This bug is not in your last search results) Show last search results Search page Enter new bug

Bug#:	204344
Alias:
Product:
Component:
Status:	RESOLVED
Resolution:	FIXED
Assigned To:	Gentoo Security <security@gentoo.org>

Hardware:
OS:
Version:
Priority:
Severity:

Reporter:	Robert Buchholz <rbu@gentoo.org>
Add CC:
CC:	Remove selected CCs

URL:
Summary:
Status Whiteboard:
Keywords:

Flags:			Requestee:
	Pending
	Approved
	Assigned_To		()

Filename	Description	Type	Creator	Created	Size	Actions
Create a New Attachment (proposed patch, testcase, etc.)						View All

Bug 204344 depends on:			Show dependency tree
Bug 204344 blocks:			Show dependency tree

Additional Comments: (this is where you put emerge --info)

Add to CC list

Not eligible to see or edit group visibility for this bug.

Leave as RESOLVED FIXED
Reopen bug
Mark bug as VERIFIED
Mark bug as CLOSED

View Bug Activity | Format For Printing | XML | Clone This Bug

Description:

Opened: 2008-01-04 22:52 0000

CVE-2007-6637 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6637):
  Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player
  allow remote attackers to inject arbitrary web script or HTML via a crafted
  SWF file, related to "pre-generated SWF files" and Adobe Dreamweaver CS3 or
  Adobe Acrobat Connect.  NOTE: the asfunction: vector is already covered by
  CVE-2007-6244.1.

------- Comment #1 From Robert Buchholz 2008-01-04 22:53:19 0000 -------

Jim, please keep an eye on a new release.

------- Comment #2 From Sune Kloppenborg Jeppesen 2008-02-26 20:50:02 0000 -------

Any news on this one?

------- Comment #3 From Christian Faulhammer 2008-04-09 10:00:05 0000 -------

9.0.124 is out, http://www.adobe.com/support/security/bulletins/apsb08-11.html
describes all fixed vulnerabilities.

------- Comment #4 From Jim Ramsay 2008-04-09 15:52:37 0000 -------

Thanks for the heads-up.  Just put 9.0.124.0 in the tree.  I think we should
push for stabilization soon, maybe a day or two just in case something is
seriously wrong with the RPM.

------- Comment #5 From Raúl Porcel 2008-04-09 15:54:29 0000 -------

*** Bug 217029 has been marked as a duplicate of this bug. ***

------- Comment #6 From Jim Ramsay 2008-04-15 17:32:18 0000 -------

Okay, I haven't had any bug reports yet (and with closed-source SW like this,
it's not like I would be able to do much if there *were* bugs anyway) so I
decree it's time to stabilize it.

Adding x86 arch team.  As per current policy, I have stabilized on amd64
myself.

------- Comment #7 From Markus Meier 2008-04-17 01:08:34 0000 -------

x86 stable, last arch.

------- Comment #8 From Matthias Geerdsen 2008-04-17 10:39:43 0000 -------

GLSA request filed

------- Comment #9 From Robert Buchholz 2008-04-18 14:15:48 0000 -------

GLSA 200804-21

Bug List: (This bug is not in your last search results) Show last search results Search page Enter new bug

Bugzilla Bug 204344

net-www/netscape-flash <9.0.124.0 Multiple vulnerabilities (CVE-2007-{0071,5275,6019,6243,6637}, CVE-2008-{1654,1655})

Last modified: 2008-04-18 14:15:48 0000