Macromedia has released their 8th reversion of the Flash product line, and consequently a new Linux player. Would love to see it in Gentoo soon :-). Reproducible: Always Steps to Reproduce:
There is no GNU/Linux version yet. Flash Player 8 is Windows-only.
http://www.macromedia.com/devnet/security/security_zone/mpsb05-07.html The above security vulnerability notice says only 7.0.19 and earlier are affected. The newest Linux version is 7.0.25 (still no version 8), so we should be OK, according to the notice. Still, 7.0.25 has been out for quite a while (more than a year if you believe Macromedia's download page), so I suspect the advisory is wrong on the version number; they have a 7.0.61 available for Windows. Also see: http://www.eeye.com/html/research/advisories/AD20051104.html
Re-assign.
Version 7.0.63.0 is available.
Version 8 doesn't exist for Linux, changing the summary. 7.0.61 is the latest in portage.
a GLSA may be needed...that's a security problem with older versions.
Right, here is a security announcement from Macromedia: http://www.macromedia.com/devnet/security/security_zone/apsb06-03.html The security bulletin doesn't clearly state whether this also affects Linux versions of the Flash player, but if you look into the section "Details", there's the sentence: "Updated versions of Flash Player 7 for Linux and Solaris, which contain fixes for these vulnerabilities, are also available from the Adobe Player Download Center." I therefore suspect that Linux versions <7.0.63.0 are also affected, so this should be pushed stable (maybe with a GLSA). Simply renaming the ebuild (and manually downloading the file, since it is not yet on the mirrors) works for me to bump the version.
The package is missing metadata.xml.
I version bumped this because there doesn't seem to be a maintainer. Arch teams should probably take a look at this point. Please note that I am not part of the security team.
Hm. Looks like we missed this one because it was set as "enhancement". ARchs please stable.
amd64 stable
Stable for x86. Also added missing metadata.xml...
ready for glsa
Thx everyone. GLSA 200603-20