Summary: | <www-plugins/adobe-flash-10.2.153.1: Critical vulnerability in Adobe Flash Player (CVE-2011-0609) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Tim Sammut (RETIRED) <underling> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | asl, desktop-misc, lack |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.adobe.com/support/security/advisories/apsa11-01.html | ||
Whiteboard: | A2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Tim Sammut (RETIRED)
2011-03-15 13:55:08 UTC
Adobe has release Flash 10.2.153.1. Please bump; thanks! Bumped: www-plugins/adobe-flash-10.2.153.1 is in the tree and as usual can probably be marked stable any time since it's closed source and not really going to change. www-plugins/adobe-flash-10.2.153.1_p201011173.ebuild is also in the tree with this same fix, but should *not* go stable. (In reply to comment #2) > Bumped: > Awesome, thanks! Arches, please test and mark stable: =www-plugins/adobe-flash-10.2.153.1 Target keywords : "amd64 x86" works for me only with +nspluginwrapper Looks ok on x86. Oh yeah the good old it's not a regression train. Great. It's still bad, you know... x86 stable. x86 stable. Thanks Andreas. (In reply to comment #6) > Oh yeah the good old it's not a regression train. Great. It's still bad, you > know... x86 stable. That one is for another bug, sorry. (In reply to comment #4) > works for me only with +nspluginwrapper You make a good point (here and on IRC). I've adjusted the ebuilds so that IUSE="+nspluginwrapper" since I believe most amd64 users with the 32-bit plugin will want it. (In reply to comment #8) > (In reply to comment #6) > > It's still bad, you > > know... x86 stable. I believe that may still be a valid complaint in this case ;) amd64 done, thanks Agostino Thanks, folks. Added to existing GLSA request. See you next time! ;) FYI, I have just p.masked <www-plugins/adobe-flash-10.2.153.1 because of this bug and also #360529 and #354207. As long as #355191 isn't resolved, I don't think this is a good idea (from usability point of view, at least -- from a security one, no word from me) This issue was resolved and addressed in GLSA 201110-11 at http://security.gentoo.org/glsa/glsa-201110-11.xml by GLSA coordinator Tim Sammut (underling). |