-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/26/07 17:30, Neil McGovern wrote: > On Thu, Jul 26, 2007 at 08:28:41AM +0200, Bart Martens wrote: >> Hi Stable Debian-Release, >> Hi Security Team, >> > > Not speaking in any official capacity here, but: > > Lets have a look at the vulnerabilities which still affect etch: > CVE-2007-2022 - "Unspecified vulnerability ... unspecified impact and > remote attack vectors." but looks like a keylogger if > someone visits a malicious webpage. > CVE-2007-3456 - "Unspecified vulnerability .. related to an input > validation error." - arbitrary code execution. > > So fairly serious. > > It seems that 9.0.45.0 was only for Mac/Windows, and 9.0.47.0/9.0.48.0 > is only for linux. > AFAICT, 9.0.48.0 is 9.0.31.0 + security fixes (as described in > APSB07-12[0]), except for sparc, which implements the 9.0.31.0 features > for that arch (probably a good thing).
It apparently also has some feature upgrade(s)/bug fixes, because .48 plays New York Times videos, whereas .31 would not. >> 1. We could flashplugin-nonfree 9.0.48.0.1etch1 to Stable soon. The >> only change is the update of the MD5 checksums. Obviously the upstream >> Flash plugin itself may have been modified heavily, no idea. >> 2. I can create a special flashplugin-nonfree package for Stable to >> remove the insecure plugin from the Stable systems, notifying the users >> of this removal, and suggesting them to use Backports. > > I'd suggest heavy testing (if this hasn't been done already) on the > 9.0.48.0 package with the aim of working out if new features have been > added. > > If not, then it may be possible that this really is a bugfix only > release, and IMO would be suitable for an update. > > Neil > [0] http://www.adobe.com/go/apsb07-12 - -- Ron Johnson, Jr. Jefferson LA USA Give a man a fish, and he eats for a day. Hit him with a fish, and he goes away for good! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGqfGzS9HxQb37XmcRAuonAJ9Qfa21ZzjG6N3jDD3JfApiMTmEWQCfUv5V YHJfmcYzfGdRZHAmi5Q21gk= =Fjm9 -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
