Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 204344 - net-www/netscape-flash <9.0.124.0 Multiple vulnerabilities (CVE-2007-{0071,5275,6019,6243,6637}, CVE-2008-{1654,1655})
Summary: net-www/netscape-flash <9.0.124.0 Multiple vulnerabilities (CVE-2007-{0071,52...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Security
URL: http://www.adobe.com/support/security...
Whiteboard: A2 [glsa]
Keywords:
: 217029 (view as bug list)
Depends on:
Blocks:
 
Reported: 2008-01-04 22:52 UTC by Robert Buchholz (RETIRED)
Modified: 2008-04-18 14:15 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Buchholz (RETIRED) gentoo-dev 2008-01-04 22:52:16 UTC
CVE-2007-6637 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6637):
  Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player
  allow remote attackers to inject arbitrary web script or HTML via a crafted
  SWF file, related to "pre-generated SWF files" and Adobe Dreamweaver CS3 or
  Adobe Acrobat Connect.  NOTE: the asfunction: vector is already covered by
  CVE-2007-6244.1.
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2008-01-04 22:53:19 UTC
Jim, please keep an eye on a new release.
Comment 2 Sune Kloppenborg Jeppesen gentoo-dev 2008-02-26 20:50:02 UTC
Any news on this one?
Comment 3 Christian Faulhammer (RETIRED) gentoo-dev 2008-04-09 10:00:05 UTC
9.0.124 is out, http://www.adobe.com/support/security/bulletins/apsb08-11.html describes all fixed vulnerabilities.
Comment 4 Jim Ramsay (lack) (RETIRED) gentoo-dev 2008-04-09 15:52:37 UTC
Thanks for the heads-up.  Just put 9.0.124.0 in the tree.  I think we should push for stabilization soon, maybe a day or two just in case something is seriously wrong with the RPM.
Comment 5 Raúl Porcel (RETIRED) gentoo-dev 2008-04-09 15:54:29 UTC
*** Bug 217029 has been marked as a duplicate of this bug. ***
Comment 6 Jim Ramsay (lack) (RETIRED) gentoo-dev 2008-04-15 17:32:18 UTC
Okay, I haven't had any bug reports yet (and with closed-source SW like this, it's not like I would be able to do much if there *were* bugs anyway) so I decree it's time to stabilize it.

Adding x86 arch team.  As per current policy, I have stabilized on amd64 myself.
Comment 7 Markus Meier gentoo-dev 2008-04-17 01:08:34 UTC
x86 stable, last arch.
Comment 8 Matthias Geerdsen (RETIRED) gentoo-dev 2008-04-17 10:39:43 UTC
GLSA request filed
Comment 9 Robert Buchholz (RETIRED) gentoo-dev 2008-04-18 14:15:48 UTC
GLSA 200804-21