Bart Martens wrote:
> Bug 402822 was tagged "security" on 14 Dec 2006. I'm not sure whether
> your team scans the BTS daily for bugs tagged "security". :)
>
> Any suggestions on how to handle this bug?
>
> New sarge users won't install the insecure plugin, because installing
> flashplugin-nonfree 7.0.25-5 cannot download the insecure plugin. So
> removing flashplugin-nonfree 7.0.25-5 from "stable" won't make anything
> more secure.
>
> Existing sarge users might still be using the insecure plugin. I could
> create flashplugin-nonfree 7.0.25-6 removing the insecure plugin without
> installing a new plugin, with a debconf dialog at level "critical"
> explaining the removal and suggesting backports.org.
non-free/contrib isn't supported by the Security Team. However, it appears
to me as if upgrading Sarge through a stable point update to the latest fixed
upstream (9.?) would be the best solution. It's a rocky upgrade path, but
that's what you have to bear when running proprietary software.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]