102777 – net-www/netscape-flash 7.0.63.0 (version bump)

Bug 102777 - net-www/netscape-flash 7.0.63.0 (version bump)

Summary: net-www/netscape-flash 7.0.63.0 (version bump)

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High major (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	A2 [glsa]
Keywords:

Depends on:
Blocks:

Reported:	2005-08-16 17:53 UTC by Kevin Bowling
Modified:	2006-03-21 13:19 UTC (History)
CC List:	9 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Kevin Bowling 2005-08-16 17:53:48 UTC

Macromedia has released their 8th reversion of the Flash product line, and
consequently a new Linux player.  Would love to see it in Gentoo soon :-).

Reproducible: Always
Steps to Reproduce:

Comment 1 Sridhar Dhanapalan 2005-10-02 20:19:37 UTC

There is no GNU/Linux version yet. Flash Player 8 is Windows-only.

Comment 2 Andy Dustman 2005-11-09 10:53:35 UTC

http://www.macromedia.com/devnet/security/security_zone/mpsb05-07.html

The above security vulnerability notice says only 7.0.19 and earlier are
affected. The newest Linux version is 7.0.25 (still no version 8), so we should
be OK, according to the notice. Still, 7.0.25 has been out for quite a while
(more than a year if you believe Macromedia's download page), so I suspect the
advisory is wrong on the version number; they have a 7.0.61 available for Windows.

Also see: http://www.eeye.com/html/research/advisories/AD20051104.html

Comment 3 Jakub Moc (RETIRED) gentoo-dev

2005-11-11 10:24:59 UTC

Re-assign.

Comment 4 Marko Steinberger 2006-03-15 05:03:48 UTC

Version 7.0.63.0 is available.

Comment 5 Jakub Moc (RETIRED) gentoo-dev

2006-03-15 05:34:26 UTC

Version 8 doesn't exist for Linux, changing the summary. 7.0.61 is the latest in portage.

Comment 6 Patrizio Bassi 2006-03-15 10:28:47 UTC

a GLSA may be needed...that's a security problem with older versions.

Comment 7 Thomas B. 2006-03-15 17:00:24 UTC

Right, here is a security announcement from Macromedia:
http://www.macromedia.com/devnet/security/security_zone/apsb06-03.html

The security bulletin doesn't clearly state whether this also affects Linux versions of the Flash player, but if you look into the section "Details", there's the sentence: "Updated versions of Flash Player 7 for Linux and Solaris, which contain fixes for these vulnerabilities, are also available from the Adobe Player Download Center." I therefore suspect that Linux versions <7.0.63.0 are also affected, so this should be pushed stable (maybe with a GLSA).

Simply renaming the ebuild (and manually downloading the file, since it is not yet on the mirrors) works for me to bump the version.

Comment 8 Carsten Lohrke (RETIRED) gentoo-dev

2006-03-16 08:21:28 UTC

The package is missing metadata.xml.

Comment 9 Petteri Räty (RETIRED) gentoo-dev

2006-03-19 12:40:38 UTC

I version bumped this because there doesn't seem to be a maintainer. Arch teams should probably take a look at this point. Please note that I am not part of the security team.

Comment 10 Thierry Carrez (RETIRED) gentoo-dev

2006-03-19 13:41:40 UTC

Hm. Looks like we missed this one because it was set as "enhancement". ARchs please stable.

Comment 11 Olivier Crete (RETIRED) gentoo-dev

2006-03-19 16:30:41 UTC

amd64 stable

Comment 12 Michele Noberasco (RETIRED) gentoo-dev

2006-03-20 00:35:33 UTC

Stable for x86. Also added missing metadata.xml...

Comment 13 Stefan Cornelius (RETIRED) gentoo-dev

2006-03-20 06:34:59 UTC

ready for glsa

Comment 14 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2006-03-21 13:19:49 UTC

Thx everyone.

GLSA 200603-20