Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 204344

Summary: net-www/netscape-flash <9.0.124.0 Multiple vulnerabilities (CVE-2007-{0071,5275,6019,6243,6637}, CVE-2008-{1654,1655})
Product: Gentoo Security Reporter: Robert Buchholz (RETIRED) <rbu>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: fauli, lack, zeev.tarantov
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.adobe.com/support/security/advisories/apsa07-06.html
Whiteboard: A2 [glsa]
Package list:
Runtime testing required: ---

Description Robert Buchholz (RETIRED) gentoo-dev 2008-01-04 22:52:16 UTC 
CVE-2007-6637 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6637):
  Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player
  allow remote attackers to inject arbitrary web script or HTML via a crafted
  SWF file, related to "pre-generated SWF files" and Adobe Dreamweaver CS3 or
  Adobe Acrobat Connect.  NOTE: the asfunction: vector is already covered by
  CVE-2007-6244.1.
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2008-01-04 22:53:19 UTC 
Jim, please keep an eye on a new release.
Comment 2 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2008-02-26 20:50:02 UTC 
Any news on this one?
Comment 3 Christian Faulhammer (RETIRED) gentoo-dev 2008-04-09 10:00:05 UTC 
9.0.124 is out, http://www.adobe.com/support/security/bulletins/apsb08-11.html describes all fixed vulnerabilities.
Comment 4 Jim Ramsay (lack) (RETIRED) gentoo-dev 2008-04-09 15:52:37 UTC 
Thanks for the heads-up.  Just put 9.0.124.0 in the tree.  I think we should push for stabilization soon, maybe a day or two just in case something is seriously wrong with the RPM.
Comment 5 Raúl Porcel (RETIRED) gentoo-dev 2008-04-09 15:54:29 UTC 
*** Bug 217029 has been marked as a duplicate of this bug. ***
Comment 6 Jim Ramsay (lack) (RETIRED) gentoo-dev 2008-04-15 17:32:18 UTC 
Okay, I haven't had any bug reports yet (and with closed-source SW like this, it's not like I would be able to do much if there *were* bugs anyway) so I decree it's time to stabilize it.

Adding x86 arch team.  As per current policy, I have stabilized on amd64 myself.
Comment 7 Markus Meier gentoo-dev 2008-04-17 01:08:34 UTC 
x86 stable, last arch.
Comment 8 Matthias Geerdsen (RETIRED) gentoo-dev 2008-04-17 10:39:43 UTC 
GLSA request filed
Comment 9 Robert Buchholz (RETIRED) gentoo-dev 2008-04-18 14:15:48 UTC 
GLSA 200804-21