147421 2006-09-13 00:27 0000 net-www/netscape-flash security bump (CVE-2006-{3014|3311|3587|3588|4640}) 2006-10-11 04:15:31 0000 1 1 1 Unclassified Gentoo Security Vulnerabilities unspecified All Other RESOLVED FIXED http://www.adobe.com/support/security/bulletins/apsb06-11.html A2? [glsa] jaervosz P2 major --- 1 frilled@gentoo.org security@gentoo.org basic@mozdev.org betelgeuse@gentoo.org caster@gentoo.org chriswhite@gentoo.org coran.fisher@gmail.com telefrancisco@gmail.com timbrain@post.cz webmaster@thw-theorie.de frilled@gentoo.org 2006-09-13 00:27:30 0000 All platforms affected, bump seems to be needed to 7.0.66 or 7.0.68; need to verify, I'm in a horrible hurry. No herd, Chris White seems to have made the last bump, though. jaervosz@gentoo.org 2006-09-13 00:43:03 0000 Chris/Taviso you made the last bumps, can you verify and bump as necessary? Upstream is suggesting 7.0.68 as the fixed version. jaervosz@gentoo.org 2006-09-13 01:06:41 0000 *** Bug 147420 has been marked as a duplicate of this bug. *** jakub@gentoo.org 2006-09-18 15:32:24 0000 *** Bug 148125 has been marked as a duplicate of this bug. *** caster@gentoo.org 2006-09-21 04:09:38 0000 Created an attachment (id=97625) replace RESTRICT=stricter with QA_TEXTRELS I've tested this on x86 with Firefox 2.0b2 and Google Videos and Youtube. I don't feel confident enough to commit it myself atm, being just a new dev in Java team, but maybe it will help to get things moving :) jakub@gentoo.org 2006-09-26 00:18:47 0000 *** Bug 149137 has been marked as a duplicate of this bug. *** jaervosz@gentoo.org 2006-09-26 13:04:21 0000 Chris/Taviso you made the last bumps, can you verify and bump as necessary? caster@gentoo.org 2006-09-26 14:03:26 0000 I think it was betelgeuse doing last bump. chriswhite@gentoo.org 2006-09-26 14:15:17 0000 iz mine, I'll bump this motha when I get home today (as in, before we attempt to re-assign all gentoo devs to this :p [roflcopter goes here]). chriswhite@gentoo.org 2006-09-26 18:45:37 0000 netscape-flash-7.0.68 in portage with love to arch teams XOXOXO chris jaervosz@gentoo.org 2006-09-27 00:49:16 0000 Thx Crhis! Arches please test and mark stable. Target keywords are: netscape-flash-7.0.68.ebuild:KEYWORDS="amd64 -ppc -sparc x86" vorlon@gentoo.org 2006-09-27 05:36:20 0000 CC'ing amd64 and x86, pls test and mark stable if possible angelos@gentoo.org 2006-09-27 05:46:39 0000 - emerges fine on amd64 - passes collision-test - passes multilib-strict - works Portage 2.1.2_pre1-r3 (default-linux/amd64/2006.1/desktop, gcc-4.1.1, glibc-2.4-r3, 2.6.18-ck1 x86_64) ================================================================= System uname: 2.6.18-ck1 x86_64 AMD Athlon(tm) 64 Processor 3000+ Gentoo Base System version 1.12.5 Last Sync: Wed, 27 Sep 2006 03:20:01 +0000 ccache version 2.3 [enabled] app-admin/eselect-compiler: [Not Present] dev-java/java-config: 1.3.7, 2.0.30 dev-lang/python: 2.4.3-r4 dev-python/pycrypto: 2.0.1-r5 dev-util/ccache: 2.3 dev-util/confcache: [Not Present] sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.59-r7 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2 sys-devel/binutils: 2.16.1-r3 sys-devel/gcc-config: 1.3.13-r3 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.11-r2 ACCEPT_KEYWORDS="amd64" AUTOCLEAN="yes" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=k8 -O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/X11/xkb" CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/java-config/vms/ /etc/revdep-rebuild /etc/terminfo" CXXFLAGS="-march=k8 -O2 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig ccache collision-protect distlocks metadata-transfer multilib-strict parallel-fetch sandbox sfperms strict test" GENTOO_MIRRORS="ftp://linux.rz.ruhr-uni-bochum.de/gentoo-mirror/ ftp://ftp.uni-erlangen.de/pub/mirrors/gentoo ftp://ftp.join.uni-muenster.de/pub/linux/distributions/gentoo ftp://ftp.wh2.tu-dresden.de/pub/mirrors/gentoo ftp://ftp.join.uni-muenster.de/pub/linux/distributions/gentoo ftp://ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/ ftp://ftp.gentoo.mesh-solutions.com/gentoo/ ftp://pandemonium.tiscali.de/pub/gentoo/ " LANG="en_US.ISO8859-1" LC_ALL="en_US.ISO8859-1" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_EXTRA_OPTS="--exclude-from=/etc/portage/rsync_excludes" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage/overlay" SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage" USE="amd64 X a52 aac acpi alsa amr avi berkdb bitmap-fonts branding bzip2 cairo cdinstall cdparanoia cdr cli crypt cups dbus divx dlloader dri dvd dvdr dvdread elibc_glibc emboss encode expat fam firefox foomaticdb fortran gdbm gif glut gnutls gpm gstreamer gtk gtk2 hal imagemagick input_devices_evdev input_devices_keyboard isdnlog jpeg kernel_linux lcms ldap libg++ lirc lirc_devices_inputlirc logrotate mad mikmod mng mp3 mpeg musicbrainz ncurses nls nptl nptlonly offensive ogg opengl pam pcre pdflib php png ppds pppd quicktime readline reflection reiserfs rtc sdl session socks5 spl ssl svg symlink tcpd tiff truetype truetype-fonts type1-fonts udev unicode userland_GNU userlocales v4l v4l2 video_cards_fglrx video_cards_radeon vim-with-x vorbis wmp x264 xfs xine xinerama xml xorg xv xvid zlib" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LDFLAGS, LINGUAS fauli@gentoo.org 2006-09-27 06:02:37 0000 1) emerges fine 2) passes collision test 3) works Portage 2.1.1 (default-linux/x86/2006.1/desktop, gcc-4.1.1, glibc-2.4-r3, 2.6.17-gentoo-r8 i686) ================================================================= System uname: 2.6.17-gentoo-r8 i686 AMD Athlon(tm) XP 2500+ Gentoo Base System version 1.12.5 Last Sync: Wed, 27 Sep 2006 05:20:01 +0000 app-admin/eselect-compiler: [Not Present] dev-java/java-config: 1.2.11-r1 dev-lang/python: 2.4.3-r4 dev-python/pycrypto: 2.0.1-r5 dev-util/ccache: [Not Present] dev-util/confcache: [Not Present] sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.59-r7 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2 sys-devel/binutils: 2.16.1-r3 sys-devel/gcc-config: 1.3.13-r3 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.17-r1 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/" CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/revdep-rebuild /etc/splash /etc/terminfo" CXXFLAGS="-O2" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig ccache collision-protect distlocks metadata-transfer parallel-fetch sandbox sfperms strict test" GENTOO_MIRRORS="ftp://sunsite.informatik.rwth-aachen.de/pub/Linux/gentoo/" LANG="de_DE@euro" LC_ALL="de_DE@euro" LINGUAS="de" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.informatik.rwth-aachen.de/gentoo-portage" USE="x86 3dnow 3dnowext X Xaw3d a52 alsa artworkextra asf audiofile bash-completion beagle berkdb bidi bitmap-fonts bootsplash branding bzip2 cairo cdda cddb cdparanoia cdr cli cracklib crypt css cups curl custom-cflags dbus dga directfb divx4linux dlloader dri dts dvd dvdr dvdread dvi eds elibc_glibc emacs emboss encode esd evo exif expat fam fat fbcon ffmpeg firefox fortran ftp gb gcj gdbm gif gnome gpm gstreamer gtk gtk2 gtkhtml hal icq idn imagemagick imap input_devices_keyboard input_devices_mouse ipv6 isdnlog java javascript jikes jpeg jpeg2k kde kernel_linux ldap leim libg++ linguas_de lm_sensors mad maildir matroska mbox mhash mikmod mime mmx mmxext mng mono mp3 mpeg mpeg2 mule nautilus ncurses nforce2 nls nocardbus nptl nptlonly nsplugin nvidia objc ogg opengl pam pcre pdf perl plotutils pmu png ppds pppd preview-latex print python qt3 qt4 quicktime readline reflection reiserfs samba sdk session slang spell spl sse ssl svg svga t1lib tcltk tcpd tetex theora thunderbird tiff truetype truetype-fonts type1-fonts udev usb userland_GNU vcd video_cards_fbdev video_cards_radeon video_cards_vesa videos vorbis win32codecs wmf wxwindows xine xml xorg xosd xv xvid zlib" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LDFLAGS, PORTAGE_RSYNC_EXTRA_OPTS tsunam@gentoo.org 2006-09-27 11:31:03 0000 works here fine in x86 land with various sites that use flash 7 still..flash 8 well go visit the blog about that. tsunam@gentoo.org 2006-09-27 11:31:28 0000 crap, didn't remove x86 bad me...bad bad me dang@gentoo.org 2006-09-30 12:55:54 0000 amd64 done vorlon@gentoo.org 2006-09-30 13:50:09 0000 ready for GLSA vorlon@gentoo.org 2006-10-04 14:36:51 0000 this is GLSA 200610-02 leaving this bug open for now, because there was no reaction on the mail to -announce yet vorlon@gentoo.org 2006-10-11 04:15:31 0000 sorry... forgot to close after I resent the -announce mail 97625 2006-09-21 04:09 0000 replace RESTRICT=stricter with QA_TEXTRELS netscape-flash-7.0.68.ebuild.patch text/plain LS0tIG5ldHNjYXBlLWZsYXNoLTcuMC42My5lYnVpbGQJMjAwNi0wMy0yMCAwOTozNDoyNS4wMDAw MDAwMDAgKzAxMDAKKysrIG5ldHNjYXBlLWZsYXNoLTcuMC42OC5lYnVpbGQJMjAwNi0wOS0yMSAx MzowNzozNy4wMDAwMDAwMDAgKzAyMDAKQEAgLTExLDE0ICsxMSwxNiBAQAogCiBJVVNFPSIiCiBT TE9UPSIwIgotS0VZV09SRFM9ImFtZDY0IC1wcGMgLXNwYXJjIHg4NiIKK0tFWVdPUkRTPSJ+YW1k NjQgLXBwYyAtc3BhcmMgfng4NiIKIExJQ0VOU0U9Ik1hY3JvbWVkaWEiCiAKIERFUEVORD0iIW5l dC13d3cvZ3BsZmxhc2gKIAlhbWQ2ND8gKCBhcHAtZW11bGF0aW9uL2VtdWwtbGludXgteDg2LWJh c2VsaWJzCiAJCQkgYXBwLWVtdWxhdGlvbi9lbXVsLWxpbnV4LXg4Ni14bGlicyApIgogCi1SRVNU UklDVD0ibm9zdHJpcCBzdHJpY3RlciIKK1JFU1RSSUNUPSJub3N0cmlwIgorCitRQV9URVhUUkVM Uz0ib3B0L25ldHNjYXBlL3BsdWdpbnMvbGliZmxhc2hwbGF5ZXIuc28iCiAKIHBrZ19zZXR1cCgp IHsKIAkjIFRoaXMgaXMgYSBiaW5hcnkgeDg2IHBhY2thZ2UgPT4gQUJJPXg4Ngo=