Gentoo Bug 16851 - flash 6.0.69 has a security hole. that's why 6.0.79 has been released.

First Last Prev Next No search results available Search page Enter new bug

Bug#:	16851
Alias:
Product:
Component:
Status:	RESOLVED
Resolution:	FIXED
Assigned To:	Gentoo Security <security@gentoo.org>

Hardware:
OS:
Version:
Priority:
Severity:

Reporter:	Andreas Kotowicz <andreas.kotowicz@gmail.com>
Add CC:
CC:	Remove selected CCs

URL:
Summary:
Status Whiteboard:
Keywords:

Filename	Description	Type	Creator	Created	Size	Actions
netscape-flash-6.0.79.ebuild	The ebuild	text/plain	Patrick Kursawe	2003-03-06 05:35 0000	1.54 KB	Details
netscape-flash-6.0.79.ebuild	Second try	text/plain	Patrick Kursawe	2003-03-06 06:13 0000	1.44 KB	Details
Create a New Attachment (proposed patch, testcase, etc.)						View All

Bug 16851 depends on:			Show dependency tree
Bug 16851 blocks:			Show dependency tree

Votes:	0 Show votes for this bug Vote for this bug

Additional Comments: (this is where you put emerge --info)

Add to CC list

Not eligible to see or edit group visibility for this bug.

Leave as RESOLVED FIXED
Reopen bug
Mark bug as VERIFIED
Mark bug as CLOSED

View Bug Activity | Format For Printing | XML | Clone This Bug

Description:

Opened: 2003-03-04 15:13 0000

I found this on some german internet page (see link above).  the new player is
already available for download at
http://download.macromedia.com/pub/shockwave/flash/english/linux/6.0r79/install_flash_player_6_linux.tar.gz

Reproducible: Always
Steps to Reproduce:
1.
2.
3.

------- Comment #1 From Oliver Schoett 2003-03-04 15:56:00 0000 -------

This bug should be flagged SECURITY and have Severity critical (I am not
allowed to do this).

The bug can be exploited by any website to get the full rights of the visiting
user on the visiting computer.

Macromedia Security Bulletin in English:
http://www.macromedia.com/v1/handlers/index.cfm?ID=23821

------- Comment #2 From Patrick Kursawe 2003-03-06 05:35:37 0000 -------

Created an attachment (id=9015) [details]
The ebuild

Yes, I know this is sick...

------- Comment #3 From Patrick Kursawe 2003-03-06 05:36:14 0000 -------

That is bad news, especially since the filename is the same as for the buggy
version. How to get this into portage?

My following suggestion:
Don't set SRC_URI to avoid portage complaining about file digests. Do the
MD5 check and downloading manually.

Ebuild attached, works fine for me.

------- Comment #4 From Patrick Kursawe 2003-03-06 06:13:17 0000 -------

Created an attachment (id=9017) [details]
Second try

Some cosmetics.

------- Comment #5 From Daniel Ahlberg (RETIRED) 2003-03-08 21:00:30 0000 -------

glsa sent

First Last Prev Next No search results available Search page Enter new bug

Bugzilla Bug 16851

flash 6.0.69 has a security hole. that's why 6.0.79 has been released.

Last modified: 2003-03-08 21:00:30 0000