Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 102777 - net-www/netscape-flash (version bump)
Summary: net-www/netscape-flash (version bump)
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Security
Whiteboard: A2 [glsa]
Depends on:
Reported: 2005-08-16 17:53 UTC by Kevin Bowling
Modified: 2006-03-21 13:19 UTC (History)
9 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Kevin Bowling 2005-08-16 17:53:48 UTC
Macromedia has released their 8th reversion of the Flash product line, and
consequently a new Linux player.  Would love to see it in Gentoo soon :-).

Reproducible: Always
Steps to Reproduce:
Comment 1 Sridhar Dhanapalan 2005-10-02 20:19:37 UTC
There is no GNU/Linux version yet. Flash Player 8 is Windows-only.
Comment 2 Andy Dustman 2005-11-09 10:53:35 UTC

The above security vulnerability notice says only 7.0.19 and earlier are
affected. The newest Linux version is 7.0.25 (still no version 8), so we should
be OK, according to the notice. Still, 7.0.25 has been out for quite a while
(more than a year if you believe Macromedia's download page), so I suspect the
advisory is wrong on the version number; they have a 7.0.61 available for Windows.

Also see:

Comment 3 Jakub Moc (RETIRED) gentoo-dev 2005-11-11 10:24:59 UTC
Comment 4 Marko Steinberger 2006-03-15 05:03:48 UTC
Version is available. 
Comment 5 Jakub Moc (RETIRED) gentoo-dev 2006-03-15 05:34:26 UTC
Version 8 doesn't exist for Linux, changing the summary. 7.0.61 is the latest in portage.
Comment 6 Patrizio Bassi 2006-03-15 10:28:47 UTC
a GLSA may be needed...that's a security problem with older versions.
Comment 7 Thomas B. 2006-03-15 17:00:24 UTC
Right, here is a security announcement from Macromedia:

The security bulletin doesn't clearly state whether this also affects Linux versions of the Flash player, but if you look into the section "Details", there's the sentence: "Updated versions of Flash Player 7 for Linux and Solaris, which contain fixes for these vulnerabilities, are also available from the Adobe Player Download Center." I therefore suspect that Linux versions < are also affected, so this should be pushed stable (maybe with a GLSA).

Simply renaming the ebuild (and manually downloading the file, since it is not yet on the mirrors) works for me to bump the version.
Comment 8 Carsten Lohrke (RETIRED) gentoo-dev 2006-03-16 08:21:28 UTC
The package is missing metadata.xml.
Comment 9 Petteri Räty (RETIRED) gentoo-dev 2006-03-19 12:40:38 UTC
I version bumped this because there doesn't seem to be a maintainer. Arch teams should probably take a look at this point. Please note that I am not part of the security team.
Comment 10 Thierry Carrez (RETIRED) gentoo-dev 2006-03-19 13:41:40 UTC
Hm. Looks like we missed this one because it was set as "enhancement". ARchs please stable.
Comment 11 Olivier Crete (RETIRED) gentoo-dev 2006-03-19 16:30:41 UTC
amd64 stable
Comment 12 Michele Noberasco (RETIRED) gentoo-dev 2006-03-20 00:35:33 UTC
Stable for x86. Also added missing metadata.xml...
Comment 13 Stefan Cornelius (RETIRED) gentoo-dev 2006-03-20 06:34:59 UTC
ready for glsa
Comment 14 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-03-21 13:19:49 UTC
Thx everyone.

GLSA 200603-20