Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 22 Sep 2010 11:33:42 +0900 (JST)
From:      Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp>
To:        FreeBSD-gnats-submit@FreeBSD.org
Subject:   ports/150832: vulnerability in www/linux-f10-flashplugin10
Message-ID:  <201009220233.o8M2Xg57008650@h120.65.226.10.32118.vlan.kuins.net>
Resent-Message-ID: <201009220300.o8M309Rk028858@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         150832
>Category:       ports
>Synopsis:       vulnerability in www/linux-f10-flashplugin10
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Wed Sep 22 03:00:09 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator:     Tsurutani Naoki
>Release:        FreeBSD 8.1-STABLE i386
>Organization:
>Environment:
System: FreeBSD h120.65.226.10.32118.vlan.kuins.net 8.1-STABLE FreeBSD 8.1-STABLE #24: Wed Jul 28 12:32:20 JST 2010 turutani@h120.65.226.10.32118.vlan.kuins.net:/usr/local/work/usr/obj/usr/src/sys/POLYMER i386


	
>Description:
	www/linux-f10-flashplugin10 is vulnerable.
	ref. http://www.adobe.com/support/security/advisories/apsa10-03.html
	
>How-To-Repeat:
	
>Fix:
	here is a patch to www/linux-f10-flashplugin10:
	--- linux-f10-flashplugin10/Makefile.orig	2010-08-20 06:27:00.000000000 +0900
	+++ linux-f10-flashplugin10/Makefile	2010-09-22 11:00:54.000000000 +0900
	@@ -7,7 +7,7 @@
	 #

	 PORTNAME=	flashplugin
	-PORTVERSION=	10.1r82
	+PORTVERSION=	10.1r85
	 CATEGORIES=	www multimedia linux
	 MASTER_SITES=	http://fpdownload.macromedia.com/get/flashplayer/current/:plugin \
	 		ftp://ftp.ipt.ru/pub/download/:suplib
	diff -urN linux-f10-flashplugin10.orig/distinfo linux-f10-flashplugin10/distinfo
	--- linux-f10-flashplugin10/distinfo.orig	2010-08-20 06:27:00.000000000 +0900
	+++ linux-f10-flashplugin10/distinfo	2010-09-22 11:04:37.000000000 +0900
	@@ -1,6 +1,6 @@
	-MD5 (flashplugin/10.1r82/install_flash_player_10_linux.tar.gz) = 7f122a6bf62403c2916f37df48c18768
	-SHA256 (flashplugin/10.1r82/install_flash_player_10_linux.tar.gz) = c6f8831ce648e7fa8e037f1fa8362d2d998cae0e06490e792bcd5871f3eb936a
	-SIZE (flashplugin/10.1r82/install_flash_player_10_linux.tar.gz) = 4907270
	-MD5 (flashplugin/10.1r82/linux-f10-flashsupport-9.0.1.i386.tar.gz) = 6e416c81497f65065d78dae1e0acad0d
	-SHA256 (flashplugin/10.1r82/linux-f10-flashsupport-9.0.1.i386.tar.gz) = 4a309b1a326bd2212cc72480628659e5a7fd61d9e0572cb7350c206f030955bf
	-SIZE (flashplugin/10.1r82/linux-f10-flashsupport-9.0.1.i386.tar.gz) = 3455
	+MD5 (flashplugin/10.1r85/install_flash_player_10_linux.tar.gz) = d3d8f82384325c2adfb4cfd5ef173d7f
	+SHA256 (flashplugin/10.1r85/install_flash_player_10_linux.tar.gz) = 7f0e57febd1ca96af626ca1b7f4f95b42eee4ef687ead6853fd49c5517089087
	+SIZE (flashplugin/10.1r85/install_flash_player_10_linux.tar.gz) = 4907056
	+MD5 (flashplugin/10.1r85/linux-f10-flashsupport-9.0.1.i386.tar.gz) = 6e416c81497f65065d78dae1e0acad0d
	+SHA256 (flashplugin/10.1r85/linux-f10-flashsupport-9.0.1.i386.tar.gz) = 4a309b1a326bd2212cc72480628659e5a7fd61d9e0572cb7350c206f030955bf
	+SIZE (flashplugin/10.1r85/linux-f10-flashsupport-9.0.1.i386.tar.gz) = 3455

	www/linux-f8-flashplugin10 and www/linux-flashplugin9 are also vulnerable.
	9.0r283 is available.
	


>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201009220233.o8M2Xg57008650>